Bug 213069

Summary:

[JSC] Return DisposableCallSiteIndex when destroying GCAwareJITStubRoutineWithExceptionHandler

Product:

WebKit

Reporter:

Yusuke Suzuki <ysuzuki>

Component:

New Bugs

Assignee:

Yusuke Suzuki <ysuzuki>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

annulen, ews-watchlist, gyuyoung.kim, keith_miller, mark.lam, msaboff, ryuan.choi, saam, sergio, tzagallo, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none

Description Yusuke Suzuki 2020-06-10 23:15:10 PDT

[JSC] Return DisposableCallSiteIndex when destroying GCAwareJITStubRoutineWithExceptionHandler

Comment 1 Yusuke Suzuki 2020-06-10 23:27:05 PDT

Created attachment 401622 [details]
Patch

Comment 2 Yusuke Suzuki 2020-06-10 23:27:07 PDT

<rdar://problem/64205186>

Comment 3 Yusuke Suzuki 2020-06-10 23:31:19 PDT

Comment on attachment 401622 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=401622&action=review

> Source/JavaScriptCore/dfg/DFGCodeOriginPool.h:51
> +    HashSet<unsigned, WTF::IntHash<unsigned>, WTF::UnsignedWithZeroKeyHashTraits<unsigned>> m_callSiteIndexFreeList;

I don't know why it is HashSet. Maybe, we can just make it Vector.

Comment 4 Yusuke Suzuki 2020-06-10 23:45:34 PDT

Created attachment 401624 [details]
Patch

Comment 5 Yusuke Suzuki 2020-06-11 01:34:54 PDT

mac-debug-wk1 is recently crashing. https://results.webkit.org/?suite=layout-tests&test=js%2Fdom%2Fpromise-stack-overflow.html And it seems that crash is unrelated to this.

https://build.webkit.org/results/Apple-Catalina-Release-WK1-Tests/r262781%20(6547)/js/dom/promise-stack-overflow-crash-log.txt

Comment 6 Saam Barati 2020-06-11 09:28:48 PDT

Comment on attachment 401624 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=401624&action=review

> Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp:132
> +    m_codeOriginPool = nullptr;

When is this function called?

Comment 7 Yusuke Suzuki 2020-06-11 12:33:39 PDT

Comment on attachment 401624 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=401624&action=review

>> Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp:132
>> +    m_codeOriginPool = nullptr;
> 
> When is this function called?

This function is called when CodeBlock is destroying whole JIT related data.

1. CodeBlock itself is getting destroyed.
2. Destroying entire JITData via resetJITData

So, we can just make it nullptr, since everything will be destroyed.

Comment 8 Saam Barati 2020-06-11 12:38:14 PDT

Comment on attachment 401624 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=401624&action=review

r=me

>>> Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp:132
>>> +    m_codeOriginPool = nullptr;
>> 
>> When is this function called?
> 
> This function is called when CodeBlock is destroying whole JIT related data.
> 
> 1. CodeBlock itself is getting destroyed.
> 2. Destroying entire JITData via resetJITData
> 
> So, we can just make it nullptr, since everything will be destroyed.

Right. That's what I remembered, just wanted to make sure.

Comment 9 EWS 2020-06-11 13:11:38 PDT

Committed r262920: <https://trac.webkit.org/changeset/262920>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 401624 [details].