[JSC] Reland Handler IC #28106
Merged
[JSC] Reland Handler IC #28106
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Constellation
added
the
JavaScriptCore
Constellation
force-pushed
the
eng/JSC-Reland-Handler-IC
branch
from
30465a9
to
70615bc
Compare
|
EWS run on previous version of this PR (hash 70615bc)
|
webkit-ews-buildbot
added
the
merging-blocked
Constellation
removed
the
merging-blocked
Constellation
force-pushed
the
eng/JSC-Reland-Handler-IC
branch
from
70615bc
to
8e0d558
Compare
|
EWS run on previous version of this PR (hash 8e0d558)
|
webkit-ews-buildbot
added
the
merging-blocked
kmiller68
approved these changes
May 3, 2024
Comment on lines
+103
to
+104
| template<typename Functor> | ||
| bool removeAllIf(const Functor&); |
There was a problem hiding this comment.
Nit: could be const auto&
| @@ -84,6 +84,27 @@ IGNORE_GCC_WARNINGS_BEGIN("sequence-point") | |||
| IGNORE_GCC_WARNINGS_END | |||
| } | |||
|
|
|||
| bool GCAwareJITStubRoutine::removeDeadOwners(VM& vm) | |||
| { | |||
| if (m_owner) | |||
There was a problem hiding this comment.
Can we add: ASSERT(vm.heap.isInPhase(CollectorPhase::End)); here.
Constellation
removed
the
merging-blocked
Constellation
force-pushed
the
eng/JSC-Reland-Handler-IC
branch
from
8e0d558
to
b6b9842
Compare
|
EWS run on current version of this PR (hash b6b9842)
|
webkit-ews-buildbot
added
the
merging-blocked
|
I've searched |
Constellation
added
unsafe-merge-queue
|
Failed to access https://raw.githubusercontent.com/WebKit/WebKit/main/metadata/contributors.json, blocking PR #28106 |
webkit-commit-queue
added
merging-blocked
Constellation
added
unsafe-merge-queue
https://bugs.webkit.org/show_bug.cgi?id=273693 rdar://127496851 Reviewed by Keith Miller. This patch enables limited variant of Handler IC. The limitation means, 1. Only enabled for Baseline JIT. 2. Getter and Setter are not supported yet. 3. We are caching entire code as an one handler. This is not the final form we would like to have. Next step is splitting them into one per AccessCase and chain them. 4. After (3) gets done, we would like to put more data into InlineCacheHandler itself so that code can be more and more sharable. But even with this limited form, we are already observing good cache hit rate. So we take an approach starting with this, and further extending Handler IC based on the above milestones. We enable Handler IC, which is only enabled for Baseline JIT right now. The IC is hash-consed via SharedJITStubSet. And InlineCacheCompiler first search for an already compiled stub, if it finds it, we register watchpoint to this stub and use it without new compilation. If it is not found, we compile a new stub and register it to this table if possible. When nobody uses this stub, then refCount becomes zero, and it automatically unregister itself from the table. Each StructureStubInfo site's access cases is always subsumes stub's access cases. So GC will check validity via this StructureStubInfo's access cases, and drop stub when it is no longer valid (as the same to the current IC). The major difference from the last patch is adding multiple owners to the shared JIT IC. Stubs are unregistering themselves from SharedJITStubSet when it reaches to zero-ref-count. But this does not work well since CodeBlock can be destroyed lazily: if CodeBlock is dead, during that, no GC scanning happens to this stub while ref-count is still non-zero. For normal JIT stubs, we have owner concept for JIT stub. At GC end phase, we iterate stubs and check whether the owner is already dead. And if it is dead, we mark it m_ownerIsDead. But shared JIT stub does not have this concept. Instead, we have HashCountedSet for shared JIT stub, and register multiple owners for shared JIT stub. And at GC end phase, we scan owners to wipe dead owners, and when live owners become zero, we mark the stub as m_ownerIsDead too. * Source/JavaScriptCore/bytecode/AccessCase.cpp: (JSC::AccessCase::tryGetAlternateBaseImpl const): (JSC::AccessCase::canBeShared): (JSC::AccessCase::tryGetAlternateBase const): (JSC::AccessCase::hasAlternateBaseImpl const): Deleted. (JSC::AccessCase::alternateBaseImpl const): Deleted. (JSC::AccessCase::hasAlternateBase const): Deleted. (JSC::AccessCase::alternateBase const): Deleted. * Source/JavaScriptCore/bytecode/AccessCase.h: (JSC::AccessCase::identifier const): (JSC::AccessCase::dumpImpl const): (JSC::AccessCase::updateIdentifier): Deleted. * Source/JavaScriptCore/bytecode/GetByStatus.cpp: (JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback): * Source/JavaScriptCore/bytecode/GetterSetterAccessCase.cpp: (JSC::GetterSetterAccessCase::tryGetAlternateBaseImpl const): (JSC::GetterSetterAccessCase::hasAlternateBaseImpl const): Deleted. (JSC::GetterSetterAccessCase::alternateBaseImpl const): Deleted. * Source/JavaScriptCore/bytecode/GetterSetterAccessCase.h: * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::InlineCacheCompiler::generateImpl): (JSC::InlineCacheCompiler::regenerate): (JSC::isMegamorphicById): Deleted. * Source/JavaScriptCore/bytecode/PutByStatus.cpp: (JSC::PutByStatus::computeForStubInfo): * Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h: (JSC::PolymorphicAccessJITStubRoutine::isStillValid const): * Source/JavaScriptCore/runtime/StructureID.h: Canonical link: https://commits.webkit.org/278369@main
webkit-commit-queue
force-pushed
the
eng/JSC-Reland-Handler-IC
branch
from
b6b9842
to
13455c7
Compare
|
Committed 278369@main (13455c7): https://commits.webkit.org/278369@main Reviewed commits have been landed. Closing PR #28106 and removing active labels. |
webkit-commit-queue
removed
the
unsafe-merge-queue
This was referenced May 8, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
13455c7
b6b9842