Bug 231209

Summary:

CodeBlock should not add/remove LoopHintExecutionCounters.

Product:

WebKit

Reporter:

Mark Lam <mark.lam>

Component:

JavaScriptCore

Assignee:

Mark Lam <mark.lam>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ews-watchlist, keith_miller, msaboff, saam, tzagallo, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
proposed patch.	none
proposed patch.	saam: review+
patch for landing.	none

Description Mark Lam 2021-10-04 22:08:58 PDT

This is because cached unlinked baseline JIT code would retain a pointer to those counters.  Hence, the UnlinkedCodeBlock should do the add /remove of the counters instead.

rdar://83571235

Comment 1 Mark Lam 2021-10-04 22:21:34 PDT

Created attachment 440157 [details]
proposed patch.

Comment 2 Mark Lam 2021-10-04 22:23:55 PDT

Created attachment 440158 [details]
proposed patch.

Comment 3 Saam Barati 2021-10-04 22:45:07 PDT

Comment on attachment 440158 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=440158&action=review

r=me

> Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h:144
> +    void finalize();

Suggestion: “finalize” has some common meaning in cells, typically meaning doing some finalization work at the end of GC. Because of that, I’m not a fan of this name. And right now, it’s only doing one very specific thing. I suggest giving it a specific name to match the specific thing it’s doing.

Comment 4 Saam Barati 2021-10-04 22:45:13 PDT

Comment on attachment 440158 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=440158&action=review

r=me

> Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h:144
> +    void finalize();

Suggestion: “finalize” has some common meaning in cells, typically meaning doing some finalization work at the end of GC. Because of that, I’m not a fan of this name. And right now, it’s only doing one very specific thing. I suggest giving it a specific name to match the specific thing it’s doing.

Comment 5 Mark Lam 2021-10-04 22:55:36 PDT

Thanks for the review.

(In reply to Saam Barati from comment #4)
> > Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h:144
> > +    void finalize();
> 
> Suggestion: “finalize” has some common meaning in cells, typically meaning
> doing some finalization work at the end of GC. Because of that, I’m not a
> fan of this name. And right now, it’s only doing one very specific thing. I
> suggest giving it a specific name to match the specific thing it’s doing.

I've renamed it to initializeLoopHintExecutionCounter(), and changed it to be called only when Options::returnEarlyFromInfiniteLoopsForFuzzing() is true.

Comment 6 Mark Lam 2021-10-04 23:06:27 PDT

Created attachment 440160 [details]
patch for landing.

Comment 7 EWS 2021-10-05 12:20:36 PDT

Committed r283567 (242532@main): <https://commits.webkit.org/242532@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 440160 [details].