Bug 199888

Summary:

Add support for FinalizationRegistries

Product:

WebKit

Reporter:

Keith Miller <keith_miller>

Component:

New Bugs

Assignee:

Keith Miller <keith_miller>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

annulen, benjamin, calvaris, ews-watchlist, gyuyoung.kim, mark.lam, mkwst, msaboff, ryuan.choi, saam, sergio, tzagallo, webkit-bug-importer, youennf, ysuzuki

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
WIP	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch for landing	none
Patch for landing	none
Patch for landing	none
Patch for landing	none
Patch for landing	none
Patch for landing	none

Keith Miller

Reported 2019-07-17 16:08:31 PDT

Add support for FinalizationGroups

Attachments
WIP (80.99 KB, patch) 2019-07-17 16:09 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Patch (223.70 KB, patch) 2020-07-17 13:37 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Patch (223.40 KB, patch) 2020-07-17 13:44 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Patch (223.94 KB, patch) 2020-07-17 13:55 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Patch (224.65 KB, patch) 2020-07-17 14:42 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Patch (225.47 KB, patch) 2020-07-17 15:11 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Patch (225.83 KB, patch) 2020-07-17 15:33 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Patch (225.87 KB, patch) 2020-07-17 16:00 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Patch (229.58 KB, patch) 2020-07-17 17:05 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Patch for landing (188.77 KB, patch) 2020-07-20 11:46 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Patch for landing (188.77 KB, patch) 2020-07-20 11:47 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Patch for landing (188.29 KB, patch) 2020-07-20 11:49 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Patch for landing (188.48 KB, patch) 2020-07-20 12:01 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Patch for landing (188.50 KB, patch) 2020-07-20 13:01 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Patch for landing (187.89 KB, patch) 2020-07-20 13:10 PDT, Keith Miller	no flags	Details Formatted Diff Diff
Show Obsolete (14) View All Add attachment proposed patch, testcase, etc.

Keith Miller

Comment 1 2019-07-17 16:09:38 PDT

Created attachment 374345 [details] WIP

Keith Miller

Comment 2 2020-07-17 13:37:48 PDT

Created attachment 404585 [details] Patch

Keith Miller

Comment 3 2020-07-17 13:44:50 PDT

Created attachment 404587 [details] Patch

Keith Miller

Comment 4 2020-07-17 13:55:25 PDT

Created attachment 404589 [details] Patch

Keith Miller

Comment 5 2020-07-17 14:42:17 PDT

Created attachment 404595 [details] Patch

Keith Miller

Comment 6 2020-07-17 15:11:09 PDT

Created attachment 404602 [details] Patch

Keith Miller

Comment 7 2020-07-17 15:33:56 PDT

Created attachment 404609 [details] Patch

Keith Miller

Comment 8 2020-07-17 16:00:49 PDT

Created attachment 404615 [details] Patch

Keith Miller

Comment 9 2020-07-17 17:05:44 PDT

Created attachment 404620 [details] Patch

Yusuke Suzuki

Comment 10 2020-07-17 17:45:53 PDT

Comment on attachment 404620 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=404620&action=review r=me > Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:936 > + 531EE7BA22DE6BBB0030DA81 /* FinalizationRegistryPrototype.h in Headers */ = {isa = PBXBuildFile; fileRef = 531EE7B922DE6BBB0030DA81 /* FinalizationRegistryPrototype.h */; }; > + 5333BBDB2110F7D2007618EC /* DFGSpeculativeJIT32_64.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86880F1B14328BB900B08D42 /* DFGSpeculativeJIT32_64.cpp */; }; Some indentation is broken? > Source/JavaScriptCore/runtime/CommonIdentifiers.h:60 > + macro(FinalizationRegistry) \ This list is alphabetical sorted, so please move it to "F"'s section. > Source/JavaScriptCore/runtime/DeferredWorkTimer.cpp:2 > + * Copyright (C) 2017-2019 Apple Inc. All rights reserved. 2020. > Source/JavaScriptCore/runtime/DeferredWorkTimer.h:2 > + * Copyright (C) 2017 Apple Inc. All rights reserved. Ditto. > Source/JavaScriptCore/runtime/FinalizationRegistryConstructor.cpp:2 > + * Copyright (C) 2019 Apple, Inc. All rights reserved. Ditto. > Source/JavaScriptCore/runtime/FinalizationRegistryConstructor.h:2 > + * Copyright (C) 2019 Apple Inc. All rights reserved. Ditto. > Source/JavaScriptCore/runtime/FinalizationRegistryConstructor.h:57 > +static_assert(sizeof(FinalizationRegistryConstructor) == sizeof(InternalFunction)); Use STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(FinalizationRegistryConstructor, InternalFunction); > Source/JavaScriptCore/runtime/FinalizationRegistryPrototype.cpp:2 > + * Copyright (C) 2019 Apple, Inc. All rights reserved. 2020. > Source/JavaScriptCore/runtime/FinalizationRegistryPrototype.cpp:49 > + putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(vm, "FinalizationRegistry"), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly); Use JSC_TO_STRING_TAG_WITHOUT_TRANSITION > Source/JavaScriptCore/runtime/FinalizationRegistryPrototype.h:2 > + * Copyright (C) 2019 Apple, Inc. All rights reserved. Ditto. > Source/JavaScriptCore/runtime/IdentifierInlines.h:52 > + ASSERT_WITH_MESSAGE(!string.length() || string.impl()->isSymbol() || AtomStringImpl::isInAtomStringTable(string.impl()), "The at&omic string comes from an other thread!"); Let's remove it. > Source/JavaScriptCore/runtime/IntlRelativeTimeFormat.h:31 > -#include "JSObject.h" > +#include "IntlObject.h" > #include <unicode/ureldatefmt.h> > > namespace JSC { Put `enum class RelevantExtensionKey : uint8_t;` forwarding instead. > Source/JavaScriptCore/runtime/JSFinalizationRegistry.cpp:2 > + * Copyright (C) 2019 Apple, Inc. All rights reserved. Ditto. > Source/JavaScriptCore/runtime/JSFinalizationRegistry.cpp:200 > + bool result = m_liveRegistrations.remove(token); > + result |= m_deadRegistrations.remove(token); Is it possible that the same token exists on live and dead at the same time? If it is not possible, can we skip `m_deadRegistrations.remove` when we already found and removed it in m_liveRegistrations? > Source/JavaScriptCore/runtime/JSFinalizationRegistry.h:74 > + static void destroy(JSCell*); Because of IsoSubspace, we do not need to inherit JSDestructibleObject to make it destructible. Just define needsDestruction and use JSInternalFieldObjectImpl. > Source/JavaScriptCore/runtime/JSInternalFieldObjectImpl.h:80 > +template<unsigned passedNumberOfInternalFields = 1> > +using JSDestructibleInternalFieldObjectImpl = JSInternalFieldObjectImpl<passedNumberOfInternalFields, JSDestructibleObject>; Let's remove these changes since we do not need to use JSDestructibleObject because of IsoSubspace. > Source/JavaScriptCore/runtime/JSInternalFieldObjectImplInlines.h:37 > +template<unsigned passedNumberOfInternalFields, typename Base> > +void JSInternalFieldObjectImpl<passedNumberOfInternalFields, Base>::visitChildren(JSCell* cell, SlotVisitor& visitor) > { > auto* thisObject = jsCast<JSInternalFieldObjectImpl*>(cell); > - ASSERT_GC_OBJECT_INHERITS(thisObject, info()); > + ASSERT_GC_OBJECT_INHERITS(thisObject, Base::info()); > Base::visitChildren(thisObject, visitor); Ditto. > Source/JavaScriptCore/runtime/StructureIDTable.cpp:36 > +bool verbose = false; Let's make it static constexpr bool verbose = false; > Source/JavaScriptCore/runtime/VM.cpp:1491 > +DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(finalizationRegistrySpace, destructibleObjectHeapCellType.get(), JSFinalizationRegistry) Let's define finalizationRegistryHeapCellType by using IsoHeapCellType::create and use it. JSDestructibleObject is now discouraged. > Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h:52 > + static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; I think we should use constexpr. > Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h:87 > + static const bool needsDestruction = true; Ditto.

Yusuke Suzuki

Comment 11 2020-07-17 17:48:32 PDT

Comment on attachment 404620 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=404620&action=review > Source/JavaScriptCore/runtime/JSFinalizationRegistry.cpp:131 > + if (!vm.deferredWorkTimer->hasPendingWork(this) && (readiedCell || deadCount(NoLockingNecessary))) { Why not passing locker to deadCount?

Keith Miller

Comment 12 2020-07-20 11:46:32 PDT

Comment on attachment 404620 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=404620&action=review >> Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:936 >> + 5333BBDB2110F7D2007618EC /* DFGSpeculativeJIT32_64.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86880F1B14328BB900B08D42 /* DFGSpeculativeJIT32_64.cpp */; }; > > Some indentation is broken? I think it's that my editor doesn't use tabs... Not sure it matters one way or the other though. >> Source/JavaScriptCore/runtime/CommonIdentifiers.h:60 >> + macro(FinalizationRegistry) \ > > This list is alphabetical sorted, so please move it to "F"'s section. Done. >> Source/JavaScriptCore/runtime/DeferredWorkTimer.cpp:2 >> + * Copyright (C) 2017-2019 Apple Inc. All rights reserved. > > 2020. Whoop, fixed. I should really make a script to do this automatically... >> Source/JavaScriptCore/runtime/FinalizationRegistryPrototype.cpp:49 >> + putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(vm, "FinalizationRegistry"), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly); > > Use JSC_TO_STRING_TAG_WITHOUT_TRANSITION Done. >> Source/JavaScriptCore/runtime/IdentifierInlines.h:52 >> + ASSERT_WITH_MESSAGE(!string.length() || string.impl()->isSymbol() || AtomStringImpl::isInAtomStringTable(string.impl()), "The at&omic string comes from an other thread!"); > > Let's remove it. Whoops, done! >> Source/JavaScriptCore/runtime/IntlRelativeTimeFormat.h:31 >> namespace JSC { > > Put `enum class RelevantExtensionKey : uint8_t;` forwarding instead. Good call, done. >> Source/JavaScriptCore/runtime/JSFinalizationRegistry.cpp:131 >> + if (!vm.deferredWorkTimer->hasPendingWork(this) && (readiedCell || deadCount(NoLockingNecessary))) { > > Why not passing locker to deadCount? Whoops hold over from when I thought I didn't need the lock. >> Source/JavaScriptCore/runtime/JSFinalizationRegistry.cpp:200 >> + result |= m_deadRegistrations.remove(token); > > Is it possible that the same token exists on live and dead at the same time? If it is not possible, can we skip `m_deadRegistrations.remove` when we already found and removed it in m_liveRegistrations? Yeah, it's possible, the unregister token can be any JS value and can be used for more than one object at the same time. >> Source/JavaScriptCore/runtime/JSInternalFieldObjectImpl.h:80 >> +using JSDestructibleInternalFieldObjectImpl = JSInternalFieldObjectImpl<passedNumberOfInternalFields, JSDestructibleObject>; > > Let's remove these changes since we do not need to use JSDestructibleObject because of IsoSubspace. Done. >> Source/JavaScriptCore/runtime/JSInternalFieldObjectImplInlines.h:37 >> Base::visitChildren(thisObject, visitor); > > Ditto. Done. >> Source/JavaScriptCore/runtime/StructureIDTable.cpp:36 >> +bool verbose = false; > > Let's make it static constexpr bool verbose = false; Good catch, fixed. >> Source/JavaScriptCore/runtime/VM.cpp:1491 >> +DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(finalizationRegistrySpace, destructibleObjectHeapCellType.get(), JSFinalizationRegistry) > > Let's define finalizationRegistryHeapCellType by using IsoHeapCellType::create and use it. > JSDestructibleObject is now discouraged. Gotcha. Didn't know this was the new preferred mechanism, will change. >> Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h:52 >> + static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > > I think we should use constexpr. Yeah, I think this was a bad merge. Is there actually a difference though?

Keith Miller

Comment 13 2020-07-20 11:46:37 PDT

Created attachment 404733 [details] Patch for landing

EWS

Comment 14 2020-07-20 11:46:57 PDT

Tools/Scripts/svn-apply failed to apply attachment 404733 [details] to trunk. Please resolve the conflicts and upload a new patch.

Keith Miller

Comment 15 2020-07-20 11:47:20 PDT

Created attachment 404735 [details] Patch for landing

EWS

Comment 16 2020-07-20 11:48:02 PDT

Tools/Scripts/svn-apply failed to apply attachment 404735 [details] to trunk. Please resolve the conflicts and upload a new patch.

Keith Miller

Comment 17 2020-07-20 11:49:18 PDT

Created attachment 404736 [details] Patch for landing

Keith Miller

Comment 18 2020-07-20 12:01:42 PDT

Created attachment 404738 [details] Patch for landing

Keith Miller

Comment 19 2020-07-20 13:01:18 PDT

Created attachment 404747 [details] Patch for landing

Keith Miller

Comment 20 2020-07-20 13:10:46 PDT

Created attachment 404748 [details] Patch for landing

EWS

Comment 21 2020-07-20 14:03:21 PDT

Committed r264617: <https://trac.webkit.org/changeset/264617> All reviewed patches have been landed. Closing bug and clearing flags on attachment 404748 [details].

Radar WebKit Bug Importer

Comment 22 2020-07-20 14:04:18 PDT

<rdar://problem/65846843>

Note You need to log in before you can comment on or make changes to this bug.