[JSC] Do not upgrade CallLinkInfo when the target is also already dead

https://bugs.webkit.org/show_bug.cgi?id=270119 rdar://123651394 Reviewed by Justin Michaud. Probably does not matter much but let's make it defensive. When running unlinkOrUpgrade, if it is invoked through jettisoning due to GC end-phase check, we should check whether the new target CodeBlock is also dead, and if it is dead, not passing it. * Source/JavaScriptCore/bytecode/CodeBlock.cpp: (JSC::CodeBlock::jettison): * Source/JavaScriptCore/runtime/ScriptExecutable.cpp: (JSC::ScriptExecutable::installCode): (JSC::ScriptExecutable::prepareForExecutionImpl): * Source/JavaScriptCore/runtime/ScriptExecutable.h: Canonical link: https://commits.webkit.org/275356@main
WebKit · Feb 27, 2024 · 4d9c892 · 4d9c892
1 parent 22f3736
commit 4d9c892
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 5 deletions.
diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
@@ -2274,7 +2274,7 @@ void CodeBlock::jettison(Profiler::JettisonReason reason, ReoptimizationMode mod
         return;
 
     // This accomplishes (2).
-    ownerExecutable()->installCode(vm, alternative(), codeType(), specializationKind());
+    ownerExecutable()->installCode(vm, alternative(), codeType(), specializationKind(), reason);
 
 #if ENABLE(DFG_JIT)
     if (DFG::shouldDumpDisassembly())

diff --git a/Source/JavaScriptCore/runtime/ScriptExecutable.cpp b/Source/JavaScriptCore/runtime/ScriptExecutable.cpp
@@ -115,10 +115,10 @@ void ScriptExecutable::clearCode(IsoCellSet& clearableCodeSet)
 
 void ScriptExecutable::installCode(CodeBlock* codeBlock)
 {
-    installCode(codeBlock->vm(), codeBlock, codeBlock->codeType(), codeBlock->specializationKind());
+    installCode(codeBlock->vm(), codeBlock, codeBlock->codeType(), codeBlock->specializationKind(), Profiler::JettisonReason::NotJettisoned);
 }
 
-void ScriptExecutable::installCode(VM& vm, CodeBlock* genericCodeBlock, CodeType codeType, CodeSpecializationKind kind)
+void ScriptExecutable::installCode(VM& vm, CodeBlock* genericCodeBlock, CodeType codeType, CodeSpecializationKind kind, Profiler::JettisonReason reason)
 {
     if (genericCodeBlock)
         CODEBLOCK_LOG_EVENT(genericCodeBlock, "installCode", ());
@@ -198,6 +198,17 @@ void ScriptExecutable::installCode(VM& vm, CodeBlock* genericCodeBlock, CodeType
             debugger->registerCodeBlock(genericCodeBlock);
     }
 
+    switch (reason) {
+    case Profiler::JettisonReason::JettisonDueToWeakReference:
+    case Profiler::JettisonReason::JettisonDueToOldAge: {
+        if (genericCodeBlock && !vm.heap.isMarked(genericCodeBlock))
+            genericCodeBlock = nullptr;
+        break;
+    }
+    default:
+        break;
+    }
+
     if (oldCodeBlock)
         oldCodeBlock->unlinkOrUpgradeIncomingCalls(vm, genericCodeBlock);
 
@@ -409,7 +420,7 @@ void ScriptExecutable::prepareForExecutionImpl(VM& vm, JSFunction* function, JSS
             setupJIT(vm, codeBlock);
     }
 
-    installCode(vm, codeBlock, codeBlock->codeType(), codeBlock->specializationKind());
+    installCode(vm, codeBlock, codeBlock->codeType(), codeBlock->specializationKind(), Profiler::JettisonReason::NotJettisoned);
 }
 
 ScriptExecutable* ScriptExecutable::topLevelExecutable()

diff --git a/Source/JavaScriptCore/runtime/ScriptExecutable.h b/Source/JavaScriptCore/runtime/ScriptExecutable.h
@@ -27,6 +27,7 @@
 
 #include "ExecutableBase.h"
 #include "ParserModes.h"
+#include "ProfilerJettisonReason.h"
 
 namespace JSC {
 
@@ -90,7 +91,7 @@ class ScriptExecutable : public ExecutableBase {
 
     void recordParse(CodeFeatures, LexicalScopeFeatures, bool hasCapturedVariables, int lastLine, unsigned endColumn);
     void installCode(CodeBlock*);
-    void installCode(VM&, CodeBlock*, CodeType, CodeSpecializationKind);
+    void installCode(VM&, CodeBlock*, CodeType, CodeSpecializationKind, Profiler::JettisonReason);
     CodeBlock* newCodeBlockFor(CodeSpecializationKind, JSFunction*, JSScope*);
     CodeBlock* newReplacementCodeBlockFor(CodeSpecializationKind);