DFG should not reparse code that was just parsed

https://bugs.webkit.org/show_bug.cgi?id=71977 Reviewed by Geoff Garen. The instruction stream of a code block is now kept around until the next GC. When doing either an optimizing compilation of an executable, or inlining of an executable, we now try to find the already preexisting bytecode. If we find it, we don't have to parse. If we don't find it, we parse as before. Inlining takes the extra step of caching code blocks, so if the same executable gets inlined multiple times into the same caller, then we parse it at most once even if prior to inlining that executable did not have any code blocks with an instruction stream. Also fixed a silly bug where the strict mode for various operations was being determined by looking at the machine code block rather than the inlinee. To enable the delete-on-next-GC policy, I introduced the notion of an ultra weak finalizer, which anyone can register during tracing. This is thread-safe (for parallel GC) and stop-the-world-safe (so calls to free() are postponed until the world is resumed). This required reusing some facilities previously created for WeakReferenceHarvester, so I created a common utility class. I also retweaked the handling of WeakReferenceHarvesters, since they should be executed during stop-the-world since in the future we may want to allow them to call drain(). 2% win on SunSpider. 2% win on V8, when run in my harness. Neutral elsewhere. * JavaScriptCore.xcodeproj/project.pbxproj: * bytecode/CodeBlock.cpp: (JSC::CodeBlock::CodeBlock): (JSC::CodeBlock::visitAggregate): (JSC::CodeBlock::copyPostParseDataFrom): (JSC::CodeBlock::copyPostParseDataFromAlternative): (JSC::CodeBlock::finalizeUnconditionally): * bytecode/CodeBlock.h: (JSC::CodeBlock::canProduceCopyWithBytecode): (JSC::CodeBlock::discardBytecodeLater): (JSC::CodeBlock::handleBytecodeDiscardingOpportunity): (JSC::GlobalCodeBlock::GlobalCodeBlock): (JSC::ProgramCodeBlock::ProgramCodeBlock): (JSC::EvalCodeBlock::EvalCodeBlock): (JSC::FunctionCodeBlock::FunctionCodeBlock): (JSC::BytecodeDestructionBlocker::BytecodeDestructionBlocker): (JSC::BytecodeDestructionBlocker::~BytecodeDestructionBlocker): * dfg/DFGAssemblyHelpers.h: (JSC::DFG::AssemblyHelpers::strictModeFor): * dfg/DFGByteCodeCache.h: Added. (JSC::DFG::CodeBlockKey::CodeBlockKey): (JSC::DFG::CodeBlockKey::operator==): (JSC::DFG::CodeBlockKey::hash): (JSC::DFG::CodeBlockKey::executable): (JSC::DFG::CodeBlockKey::kind): (JSC::DFG::CodeBlockKey::isHashTableDeletedValue): (JSC::DFG::CodeBlockKeyHash::hash): (JSC::DFG::CodeBlockKeyHash::equal): (JSC::DFG::ByteCodeCache::ByteCodeCache): (JSC::DFG::ByteCodeCache::~ByteCodeCache): (JSC::DFG::ByteCodeCache::get): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleInlining): * dfg/DFGJITCodeGenerator32_64.cpp: (JSC::DFG::JITCodeGenerator::cachedPutById): * dfg/DFGJITCodeGenerator64.cpp: (JSC::DFG::JITCodeGenerator::cachedPutById): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/Heap.cpp: (JSC::Heap::finalizeUnconditionally): (JSC::Heap::markRoots): (JSC::Heap::collect): * heap/Heap.h: * heap/ListableHandler.h: Added. (JSC::ListableHandler::ListableHandler): (JSC::ListableHandler::~ListableHandler): (JSC::ListableHandler::List::List): (JSC::ListableHandler::List::addNotThreadSafe): (JSC::ListableHandler::List::addThreadSafe): (JSC::ListableHandler::List::hasNext): (JSC::ListableHandler::List::removeNext): * heap/MarkStack.cpp: (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): (JSC::SlotVisitor::harvestWeakReferences): (JSC::SlotVisitor::finalizeUnconditionally): * heap/MarkStack.h: (JSC::MarkStack::addWeakReferenceHarvester): (JSC::MarkStack::addUnconditionalFinalizer): * heap/SlotVisitor.h: * heap/UnconditionalFinalizer.h: Added. (JSC::UnconditionalFinalizer::~UnconditionalFinalizer): * heap/WeakReferenceHarvester.h: (JSC::WeakReferenceHarvester::WeakReferenceHarvester): (JSC::WeakReferenceHarvester::~WeakReferenceHarvester): * runtime/Executable.cpp: (JSC::EvalExecutable::compileInternal): (JSC::ProgramExecutable::compileInternal): (JSC::FunctionExecutable::baselineCodeBlockFor): (JSC::FunctionExecutable::codeBlockWithBytecodeFor): (JSC::FunctionExecutable::produceCodeBlockFor): (JSC::FunctionExecutable::compileForCallInternal): (JSC::FunctionExecutable::compileForConstructInternal): * runtime/Executable.h: (JSC::FunctionExecutable::profiledCodeBlockFor): Canonical link: https://commits.webkit.org/88460@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@99898 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Nov 10, 2011 · 0a2311087370a3439932dfdc2a0614f78274b983 · 0a23110
1 parent c406ab9
commit 0a2311087370a3439932dfdc2a0614f78274b983
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,113 @@
+2011-11-10  Filip Pizlo  <fpizlo@apple.com>
+
+        DFG should not reparse code that was just parsed
+        https://bugs.webkit.org/show_bug.cgi?id=71977
+
+        Reviewed by Geoff Garen.
+
+        The instruction stream of a code block is now kept around until
+        the next GC. When doing either an optimizing compilation of an
+        executable, or inlining of an executable, we now try to find the
+        already preexisting bytecode. If we find it, we don't have to parse.
+        If we don't find it, we parse as before. Inlining takes the extra
+        step of caching code blocks, so if the same executable gets inlined
+        multiple times into the same caller, then we parse it at most once
+        even if prior to inlining that executable did not have any code
+        blocks with an instruction stream.
+
+        Also fixed a silly bug where the strict mode for various operations
+        was being determined by looking at the machine code block rather
+        than the inlinee.
+
+        To enable the delete-on-next-GC policy, I introduced the notion
+        of an ultra weak finalizer, which anyone can register during
+        tracing. This is thread-safe (for parallel GC) and
+        stop-the-world-safe (so calls to free() are postponed until the
+        world is resumed). This required reusing some facilities previously
+        created for WeakReferenceHarvester, so I created a common utility
+        class. I also retweaked the handling of WeakReferenceHarvesters,
+        since they should be executed during stop-the-world since in the
+        future we may want to allow them to call drain().
+
+        2% win on SunSpider. 2% win on V8, when run in my harness. Neutral
+        elsewhere.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::CodeBlock):
+        (JSC::CodeBlock::visitAggregate):
+        (JSC::CodeBlock::copyPostParseDataFrom):
+        (JSC::CodeBlock::copyPostParseDataFromAlternative):
+        (JSC::CodeBlock::finalizeUnconditionally):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::canProduceCopyWithBytecode):
+        (JSC::CodeBlock::discardBytecodeLater):
+        (JSC::CodeBlock::handleBytecodeDiscardingOpportunity):
+        (JSC::GlobalCodeBlock::GlobalCodeBlock):
+        (JSC::ProgramCodeBlock::ProgramCodeBlock):
+        (JSC::EvalCodeBlock::EvalCodeBlock):
+        (JSC::FunctionCodeBlock::FunctionCodeBlock):
+        (JSC::BytecodeDestructionBlocker::BytecodeDestructionBlocker):
+        (JSC::BytecodeDestructionBlocker::~BytecodeDestructionBlocker):
+        * dfg/DFGAssemblyHelpers.h:
+        (JSC::DFG::AssemblyHelpers::strictModeFor):
+        * dfg/DFGByteCodeCache.h: Added.
+        (JSC::DFG::CodeBlockKey::CodeBlockKey):
+        (JSC::DFG::CodeBlockKey::operator==):
+        (JSC::DFG::CodeBlockKey::hash):
+        (JSC::DFG::CodeBlockKey::executable):
+        (JSC::DFG::CodeBlockKey::kind):
+        (JSC::DFG::CodeBlockKey::isHashTableDeletedValue):
+        (JSC::DFG::CodeBlockKeyHash::hash):
+        (JSC::DFG::CodeBlockKeyHash::equal):
+        (JSC::DFG::ByteCodeCache::ByteCodeCache):
+        (JSC::DFG::ByteCodeCache::~ByteCodeCache):
+        (JSC::DFG::ByteCodeCache::get):
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::handleInlining):
+        * dfg/DFGJITCodeGenerator32_64.cpp:
+        (JSC::DFG::JITCodeGenerator::cachedPutById):
+        * dfg/DFGJITCodeGenerator64.cpp:
+        (JSC::DFG::JITCodeGenerator::cachedPutById):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * heap/Heap.cpp:
+        (JSC::Heap::finalizeUnconditionally):
+        (JSC::Heap::markRoots):
+        (JSC::Heap::collect):
+        * heap/Heap.h:
+        * heap/ListableHandler.h: Added.
+        (JSC::ListableHandler::ListableHandler):
+        (JSC::ListableHandler::~ListableHandler):
+        (JSC::ListableHandler::List::List):
+        (JSC::ListableHandler::List::addNotThreadSafe):
+        (JSC::ListableHandler::List::addThreadSafe):
+        (JSC::ListableHandler::List::hasNext):
+        (JSC::ListableHandler::List::removeNext):
+        * heap/MarkStack.cpp:
+        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
+        (JSC::SlotVisitor::harvestWeakReferences):
+        (JSC::SlotVisitor::finalizeUnconditionally):
+        * heap/MarkStack.h:
+        (JSC::MarkStack::addWeakReferenceHarvester):
+        (JSC::MarkStack::addUnconditionalFinalizer):
+        * heap/SlotVisitor.h:
+        * heap/UnconditionalFinalizer.h: Added.
+        (JSC::UnconditionalFinalizer::~UnconditionalFinalizer):
+        * heap/WeakReferenceHarvester.h:
+        (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
+        (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
+        * runtime/Executable.cpp:
+        (JSC::EvalExecutable::compileInternal):
+        (JSC::ProgramExecutable::compileInternal):
+        (JSC::FunctionExecutable::baselineCodeBlockFor):
+        (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
+        (JSC::FunctionExecutable::produceCodeBlockFor):
+        (JSC::FunctionExecutable::compileForCallInternal):
+        (JSC::FunctionExecutable::compileForConstructInternal):
+        * runtime/Executable.h:
+        (JSC::FunctionExecutable::profiledCodeBlockFor):
+
 2011-11-10  Gavin Barraclough  <barraclough@apple.com>
 
         Add ARMv7 register info for the DFG JIT

diff --git a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
@@ -54,6 +54,8 @@
 		0F426A481460CBB300131F8F /* ValueRecovery.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F426A451460CBAB00131F8F /* ValueRecovery.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0F426A491460CBB700131F8F /* VirtualRegister.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F426A461460CBAB00131F8F /* VirtualRegister.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0F426A4B1460CD6E00131F8F /* DataFormat.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F426A4A1460CD6B00131F8F /* DataFormat.h */; settings = {ATTRIBUTES = (Private, ); }; };
+		0F431738146BAC69007E3890 /* ListableHandler.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F431736146BAC65007E3890 /* ListableHandler.h */; settings = {ATTRIBUTES = (Private, ); }; };
+		0F5F08CF146C7633000472A9 /* UnconditionalFinalizer.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5F08CE146C762F000472A9 /* UnconditionalFinalizer.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0F620174143FCD330068B77C /* DFGVariableAccessData.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F620172143FCD2F0068B77C /* DFGVariableAccessData.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0F620175143FCD370068B77C /* DFGOperands.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F620171143FCD2F0068B77C /* DFGOperands.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		0F620176143FCD3B0068B77C /* DFGBasicBlock.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F620170143FCD2F0068B77C /* DFGBasicBlock.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -829,6 +831,9 @@
 		0F426A451460CBAB00131F8F /* ValueRecovery.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ValueRecovery.h; sourceTree = "<group>"; };
 		0F426A461460CBAB00131F8F /* VirtualRegister.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VirtualRegister.h; sourceTree = "<group>"; };
 		0F426A4A1460CD6B00131F8F /* DataFormat.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DataFormat.h; sourceTree = "<group>"; };
+		0F431736146BAC65007E3890 /* ListableHandler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ListableHandler.h; sourceTree = "<group>"; };
+		0F5F08CC146BE602000472A9 /* DFGByteCodeCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGByteCodeCache.h; path = dfg/DFGByteCodeCache.h; sourceTree = "<group>"; };
+		0F5F08CE146C762F000472A9 /* UnconditionalFinalizer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UnconditionalFinalizer.h; sourceTree = "<group>"; };
 		0F62016D143FCD2F0068B77C /* DFGAbstractState.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGAbstractState.cpp; path = dfg/DFGAbstractState.cpp; sourceTree = "<group>"; };
 		0F62016E143FCD2F0068B77C /* DFGAbstractState.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGAbstractState.h; path = dfg/DFGAbstractState.h; sourceTree = "<group>"; };
 		0F62016F143FCD2F0068B77C /* DFGAbstractValue.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGAbstractValue.h; path = dfg/DFGAbstractValue.h; sourceTree = "<group>"; };
@@ -1701,6 +1706,8 @@
 		142E312A134FF0A600AFADB5 /* heap */ = {
 			isa = PBXGroup;
 			children = (
+				0F5F08CE146C762F000472A9 /* UnconditionalFinalizer.h */,
+				0F431736146BAC65007E3890 /* ListableHandler.h */,
 				0FD82F281426CA5A00179C94 /* JettisonedCodeBlocks.cpp */,
 				0FD82F291426CA5A00179C94 /* JettisonedCodeBlocks.h */,
 				A70456AE1427FB030037DA68 /* AllocationSpace.cpp */,
@@ -2317,6 +2324,7 @@
 		86EC9DB31328DF44002B2AD7 /* dfg */ = {
 			isa = PBXGroup;
 			children = (
+				0F5F08CC146BE602000472A9 /* DFGByteCodeCache.h */,
 				0FC0979F146B28C700CF2442 /* DFGThunks.cpp */,
 				0FC097A0146B28C700CF2442 /* DFGThunks.h */,
 				0FC0979D146B271E00CF2442 /* DFGCorrectableJumpPoint.cpp */,
@@ -2943,6 +2951,8 @@
 				0FC0977114693AF500CF2442 /* DFGOSRExitCompiler.h in Headers */,
 				0FC0979C146A772500CF2442 /* DFGCorrectableJumpPoint.h in Headers */,
 				0FC097A2146B28CC00CF2442 /* DFGThunks.h in Headers */,
+				0F431738146BAC69007E3890 /* ListableHandler.h in Headers */,
+				0F5F08CF146C7633000472A9 /* UnconditionalFinalizer.h in Headers */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};

diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
@@ -1407,13 +1407,66 @@ void CodeBlock::dumpStatistics()
 #endif
 }
 
+CodeBlock::CodeBlock(CopyParsedBlockTag, CodeBlock& other, SymbolTable* symTab)
+    : m_globalObject(other.m_globalObject)
+    , m_heap(other.m_heap)
+    , m_numCalleeRegisters(other.m_numCalleeRegisters)
+    , m_numVars(other.m_numVars)
+    , m_numCapturedVars(other.m_numCapturedVars)
+    , m_numParameters(other.m_numParameters)
+    , m_isConstructor(other.m_isConstructor)
+    , m_shouldDiscardBytecode(false)
+    , m_ownerExecutable(*other.m_globalData, other.m_ownerExecutable.get(), other.m_ownerExecutable.get())
+    , m_globalData(other.m_globalData)
+    , m_instructions(other.m_instructions)
+    , m_instructionCount(other.m_instructionCount)
+    , m_thisRegister(other.m_thisRegister)
+    , m_argumentsRegister(other.m_argumentsRegister)
+    , m_activationRegister(other.m_activationRegister)
+    , m_needsFullScopeChain(other.m_needsFullScopeChain)
+    , m_usesEval(other.m_usesEval)
+    , m_isNumericCompareFunction(other.m_isNumericCompareFunction)
+    , m_isStrictMode(other.m_isStrictMode)
+    , m_codeType(other.m_codeType)
+    , m_source(other.m_source)
+    , m_sourceOffset(other.m_sourceOffset)
+    , m_globalResolveInfos(other.m_globalResolveInfos)
+    , m_jumpTargets(other.m_jumpTargets)
+    , m_loopTargets(other.m_loopTargets)
+    , m_identifiers(other.m_identifiers)
+    , m_constantRegisters(other.m_constantRegisters)
+    , m_functionDecls(other.m_functionDecls)
+    , m_functionExprs(other.m_functionExprs)
+    , m_symbolTable(symTab)
+    , m_speculativeSuccessCounter(0)
+    , m_speculativeFailCounter(0)
+    , m_optimizationDelayCounter(0)
+    , m_reoptimizationRetryCounter(0)
+{
+    optimizeAfterWarmUp();
+
+    if (other.m_rareData) {
+        createRareDataIfNecessary();
+
+        m_rareData->m_exceptionHandlers = other.m_rareData->m_exceptionHandlers;
+        m_rareData->m_regexps = other.m_rareData->m_regexps;
+        m_rareData->m_constantBuffers = other.m_rareData->m_constantBuffers;
+        m_rareData->m_immediateSwitchJumpTables = other.m_rareData->m_immediateSwitchJumpTables;
+        m_rareData->m_characterSwitchJumpTables = other.m_rareData->m_characterSwitchJumpTables;
+        m_rareData->m_stringSwitchJumpTables = other.m_rareData->m_stringSwitchJumpTables;
+        m_rareData->m_expressionInfo = other.m_rareData->m_expressionInfo;
+        m_rareData->m_lineInfo = other.m_rareData->m_lineInfo;
+    }
+}
+
 CodeBlock::CodeBlock(ScriptExecutable* ownerExecutable, CodeType codeType, JSGlobalObject *globalObject, PassRefPtr<SourceProvider> sourceProvider, unsigned sourceOffset, SymbolTable* symTab, bool isConstructor, PassOwnPtr<CodeBlock> alternative)
     : m_globalObject(globalObject->globalData(), ownerExecutable, globalObject)
     , m_heap(&m_globalObject->globalData().heap)
     , m_numCalleeRegisters(0)
     , m_numVars(0)
     , m_numParameters(0)
     , m_isConstructor(isConstructor)
+    , m_shouldDiscardBytecode(false)
     , m_ownerExecutable(globalObject->globalData(), ownerExecutable, ownerExecutable)
     , m_globalData(0)
     , m_instructions(adoptRef(new Instructions))
@@ -1595,6 +1648,13 @@ void CodeBlock::visitAggregate(SlotVisitor& visitor)
     for (unsigned profileIndex = 0; profileIndex < numberOfValueProfiles(); ++profileIndex)
         valueProfile(profileIndex)->computeUpdatedPrediction();
 #endif
+
+#if ENABLE(JIT) && !ENABLE(OPCODE_SAMPLING)
+    // Kill off some bytecode. We can't do it here because we don't want to accidentally
+    // call into malloc while in stop-the-world GC mode.
+    if (hasInstructions() && m_shouldDiscardBytecode)
+        visitor.addUnconditionalFinalizer(this);
+#endif
 }
 
 HandlerInfo* CodeBlock::handlerForBytecodeOffset(unsigned bytecodeOffset)
@@ -1821,7 +1881,7 @@ inline void replaceExistingEntries(Vector<T>& target, Vector<T>& source)
         target[i] = source[i];
 }
 
-void CodeBlock::copyDataFrom(CodeBlock* alternative)
+void CodeBlock::copyPostParseDataFrom(CodeBlock* alternative)
 {
     if (!alternative)
         return;
@@ -1833,9 +1893,9 @@ void CodeBlock::copyDataFrom(CodeBlock* alternative)
         replaceExistingEntries(m_rareData->m_constantBuffers, alternative->m_rareData->m_constantBuffers);
 }
 
-void CodeBlock::copyDataFromAlternative()
+void CodeBlock::copyPostParseDataFromAlternative()
 {
-    copyDataFrom(m_alternative.get());
+    copyPostParseDataFrom(m_alternative.get());
 }
 
 #if ENABLE(JIT)
@@ -1917,6 +1977,15 @@ void FunctionCodeBlock::jettison(JSGlobalData& globalData)
 }
 #endif
 
+void CodeBlock::finalizeUnconditionally()
+{
+#if ENABLE(OPCODE_SAMPLING) || !ENABLE(JIT)
+    ASSERT_NOT_REACHED();
+#endif
+    ASSERT(m_shouldDiscardBytecode);
+    discardBytecode();
+}
+
 #if ENABLE(VALUE_PROFILER)
 bool CodeBlock::shouldOptimizeNow()
 {