RESOLVED FIXED 202392
[JSC] Thread JSGlobalObject* instead of ExecState* 
https://bugs.webkit.org/show_bug.cgi?id=202392
Summary [JSC] Thread JSGlobalObject* instead of ExecState*
Yusuke Suzuki
Reported 2019-09-30 22:52:23 PDT
But, it is super costly if we ends up calling lexicalGlobalObject(). So, we need to put JSGlobalObject* in JSFunction/InternalFunction. And trampoline for them will get objects and pass them to the host-function. Then, the host-function signature is changed to `hostFunction(CallFrame*, JSGlobalObject*)`. CallFrame* is necessary since we still need to access thisValue, arguments etc. residing on the stack.
Attachments
Patch (4.82 MB, patch)
2019-10-10 17:54 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (4.82 MB, patch)
2019-10-10 21:06 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.32 MB, patch)
2019-10-16 21:40 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.32 MB, patch)
2019-10-16 21:56 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.32 MB, patch)
2019-10-16 22:02 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.32 MB, patch)
2019-10-16 22:18 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (3.65 MB, patch)
2019-10-16 22:35 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.34 MB, patch)
2019-10-16 23:47 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.34 MB, patch)
2019-10-16 23:52 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.34 MB, patch)
2019-10-17 01:22 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.34 MB, patch)
2019-10-17 14:20 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.34 MB, patch)
2019-10-17 16:25 PDT, Yusuke Suzuki 		ews-watchlist: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews213 for win-future (14.30 MB, application/zip)
2019-10-17 19:24 PDT, EWS Watchlist 		no flags
Details
Patch (7.34 MB, patch)
2019-10-17 22:51 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.34 MB, patch)
2019-10-18 00:22 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.34 MB, patch)
2019-10-18 02:31 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.35 MB, patch)
2019-10-18 20:56 PDT, Yusuke Suzuki 		ews-watchlist: commit-queue-
DetailsFormatted DiffDiff
Patch (7.35 MB, patch)
2019-10-21 12:58 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.36 MB, patch)
2019-10-21 16:45 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.36 MB, patch)
2019-10-21 17:51 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.36 MB, patch)
2019-10-21 18:06 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.36 MB, patch)
2019-10-21 18:16 PDT, Yusuke Suzuki 		ggaren: review+
DetailsFormatted DiffDiff
Patch (7.36 MB, patch)
2019-10-21 21:21 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.38 MB, patch)
2019-10-22 00:29 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.38 MB, patch)
2019-10-22 01:11 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Show Obsolete (21) View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2019-09-30 22:53:03 PDT
I think this is the simplest way given the followings 1. InternalFunction is not so many 2. sizeof(JSFunction) is 40. Increasing to 48 is OK.
Radar WebKit Bug Importer
Comment 2 2019-10-01 10:39:50 PDT
<rdar://problem/55881584>
Yusuke Suzuki
Comment 3 2019-10-04 00:45:48 PDT
The patch becomes too large, I'll spawn part of it.
Yusuke Suzuki
Comment 4 2019-10-10 17:54:51 PDT
Created attachment 380709 [details] Patch
Yusuke Suzuki
Comment 5 2019-10-10 21:06:22 PDT
Created attachment 380719 [details] Patch
Yusuke Suzuki
Comment 6 2019-10-16 21:40:30 PDT
Created attachment 381157 [details] Patch
EWS Watchlist
Comment 7 2019-10-16 21:41:34 PDT
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
Yusuke Suzuki
Comment 8 2019-10-16 21:56:49 PDT
Created attachment 381160 [details] Patch
Yusuke Suzuki
Comment 9 2019-10-16 22:02:31 PDT
Created attachment 381162 [details] Patch
Yusuke Suzuki
Comment 10 2019-10-16 22:10:11 PDT
(In reply to Build Bot from comment #7) > Thanks for the patch. If this patch contains new public API please make sure > it follows the guidelines for new WebKit2 GTK+ API. See > http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API This is unrelated.
Yusuke Suzuki
Comment 11 2019-10-16 22:18:11 PDT
Created attachment 381163 [details] Patch
Yusuke Suzuki
Comment 12 2019-10-16 22:35:19 PDT
Created attachment 381166 [details] Patch
Yusuke Suzuki
Comment 13 2019-10-16 23:47:20 PDT
Created attachment 381172 [details] Patch
Yusuke Suzuki
Comment 14 2019-10-16 23:52:40 PDT
Created attachment 381173 [details] Patch
Yusuke Suzuki
Comment 15 2019-10-17 01:22:59 PDT
Created attachment 381179 [details] Patch
Yusuke Suzuki
Comment 16 2019-10-17 14:20:54 PDT
Created attachment 381229 [details] Patch
Yusuke Suzuki
Comment 17 2019-10-17 16:25:47 PDT
Created attachment 381246 [details] Patch
EWS Watchlist
Comment 18 2019-10-17 19:24:36 PDT
Comment on attachment 381246 [details] Patch Attachment 381246 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/13145189 New failing tests: fast/events/attribute-listener-cloned-from-frameless-doc-context-2.html fast/events/attribute-listener-extracted-from-frameless-doc-context-2.html fast/dom/HTMLObjectElement/object-as-frame.html
EWS Watchlist
Comment 19 2019-10-17 19:24:39 PDT
Created attachment 381259 [details] Archive of layout-test-results from ews213 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews213 Port: win-future Platform: CYGWIN_NT-10.0-17763-3.0.5-338.x86_64-x86_64-64bit
Yusuke Suzuki
Comment 20 2019-10-17 22:51:12 PDT
Created attachment 381275 [details] Patch
Yusuke Suzuki
Comment 21 2019-10-18 00:22:16 PDT
Created attachment 381282 [details] Patch
Yusuke Suzuki
Comment 22 2019-10-18 02:31:43 PDT
Created attachment 381287 [details] Patch
Yusuke Suzuki
Comment 23 2019-10-18 20:56:10 PDT
Created attachment 381365 [details] Patch
EWS Watchlist
Comment 24 2019-10-18 23:37:49 PDT
Comment on attachment 381365 [details] Patch Attachment 381365 [details] did not pass jsc-ews (mac): Output: https://webkit-queues.webkit.org/results/13150254 New failing tests: apiTests
Yusuke Suzuki
Comment 25 2019-10-21 12:58:18 PDT
Created attachment 381431 [details] Patch
Yusuke Suzuki
Comment 26 2019-10-21 16:45:36 PDT
Created attachment 381484 [details] Patch
Yusuke Suzuki
Comment 27 2019-10-21 17:51:13 PDT
Created attachment 381488 [details] Patch
Yusuke Suzuki
Comment 28 2019-10-21 18:06:02 PDT
Created attachment 381490 [details] Patch
Yusuke Suzuki
Comment 29 2019-10-21 18:16:44 PDT
Created attachment 381492 [details] Patch
Geoffrey Garen
Comment 30 2019-10-21 20:46:45 PDT
Comment on attachment 381492 [details] Patch r=me This patch makes me happy. Good luck landing it :P.
Yusuke Suzuki
Comment 31 2019-10-21 20:59:50 PDT
(In reply to Geoffrey Garen from comment #30) > Comment on attachment 381492 [details] > Patch > > r=me > > This patch makes me happy. Good luck landing it :P. This removes many of ExecState::vm() calls (we now call JSGlobalObject::vm() instead). And it allows us to use LargeAllocation for any JSCells, and then, it allows us to introduce lower tier of IsoSubspace allocation (similar to the thing done in IsoHeap). And... We start applying IsoSubspaces to all the JSObjects!
Yusuke Suzuki
Comment 32 2019-10-21 21:16:30 PDT
The JSC failure is due to my bug I added in the last patch (using COMPILER(GCC_OR_CLANG)). We should use `COMPILER(GCC_COMPATIBLE)`.
Yusuke Suzuki
Comment 33 2019-10-21 21:21:04 PDT
Created attachment 381507 [details] Patch
Geoffrey Garen
Comment 34 2019-10-21 21:32:59 PDT
Another really nice feature of this patch is that it creates a clearer API to WebCore and WebKit programmers.
Keith Miller
Comment 35 2019-10-21 21:33:28 PDT
rs=me. I have a few comments from the parts that looked interesting: Can you explain the m_functionConstructor/m_regExpConstructor changes in JSGlobalObject in the ChangeLog? I'm guessing it was for a bug somewhere that was using the wrong value or something. Can you add some comment to WebCore's ChangeLog explaining why we are making this change? I also didn't know about `__builtin_frame_address`, which is pretty cool!
Yusuke Suzuki
Comment 36 2019-10-21 23:43:31 PDT
(In reply to Geoffrey Garen from comment #34) > Another really nice feature of this patch is that it creates a clearer API > to WebCore and WebKit programmers. Yeah, we decouple lexical JSGlobalObject from CallFrame, making CallFrame actually just a CallFrame :)
Yusuke Suzuki
Comment 37 2019-10-21 23:44:16 PDT
(In reply to Keith Miller from comment #35) > rs=me. I have a few comments from the parts that looked interesting: > > Can you explain the m_functionConstructor/m_regExpConstructor changes in > JSGlobalObject in the ChangeLog? I'm guessing it was for a bug somewhere > that was using the wrong value or something. It is just used in some places to remove CallFrame* dependencies :) I'll note it. > > Can you add some comment to WebCore's ChangeLog explaining why we are making > this change? Yeah :) > > I also didn't know about `__builtin_frame_address`, which is pretty cool!
Yusuke Suzuki
Comment 38 2019-10-22 00:29:32 PDT
Created attachment 381517 [details] Patch
Yusuke Suzuki
Comment 39 2019-10-22 01:11:52 PDT
Created attachment 381523 [details] Patch
Yusuke Suzuki
Comment 40 2019-10-22 01:55:55 PDT
Hmm, I'm attempting to make 32bit JIT built, but seems that EWS for these builds is too slow, and I cannot get the result. I'll land this first and check the buildbot status after that, otherwise, this patch needs to be rebaselined forever...
Yusuke Suzuki
Comment 41 2019-10-22 02:25:01 PDT
Committed r251425: <https://trac.webkit.org/changeset/251425>
Yusuke Suzuki
Comment 42 2019-10-22 03:23:27 PDT
(In reply to Yusuke Suzuki from comment #40) > Hmm, I'm attempting to make 32bit JIT built, but seems that EWS for these > builds is too slow, and I cannot get the result. I'll land this first and > check the buildbot status after that, otherwise, this patch needs to be > rebaselined forever... https://bugs.webkit.org/show_bug.cgi?id=203242
Saam Barati
Comment 43 2019-10-22 11:55:51 PDT
LGTM too
Yusuke Suzuki
Comment 44 2019-10-22 14:06:11 PDT
I'll do follow-up patch to improve things more. 1. Add more API tests using vm.topCallFrame related things from C++ world 2. Add assertions which makes DECLARE_CALL_FRAME safer
Yusuke Suzuki
Comment 45 2019-10-22 14:28:50 PDT
Committed r251459: <https://trac.webkit.org/changeset/251459>
Yusuke Suzuki
Comment 46 2019-10-22 14:35:40 PDT
(In reply to Yusuke Suzuki from comment #44) > I'll do follow-up patch to improve things more. > > 1. Add more API tests using vm.topCallFrame related things from C++ world > 2. Add assertions which makes DECLARE_CALL_FRAME safer Do this in https://bugs.webkit.org/show_bug.cgi?id=203274
Yusuke Suzuki
Comment 47 2019-10-22 22:19:22 PDT
Another stabilizing patch https://bugs.webkit.org/show_bug.cgi?id=203285
Pablo Saavedra
Comment 48 2019-10-23 07:30:20 PDT
(In reply to Yusuke Suzuki from comment #40) > Hmm, I'm attempting to make 32bit JIT built, but seems that EWS for these > builds is too slow, and I cannot get the result. I'll land this first and > check the buildbot status after that, otherwise, this patch needs to be > rebaselined forever... (bug Reopened) It seems that the EWS for are experimenting troubles. Unfortunately, it looks like the https://trac.webkit.org/r251425 is breaking the JSC test suite in https://build.webkit.org/waterfall?category=misc right now. Hopefully you could take a look into this.
Zan Dobersek
Comment 49 2019-10-23 08:17:14 PDT
(In reply to Pablo Saavedra from comment #48) > (In reply to Yusuke Suzuki from comment #40) > > Hmm, I'm attempting to make 32bit JIT built, but seems that EWS for these > > builds is too slow, and I cannot get the result. I'll land this first and > > check the buildbot status after that, otherwise, this patch needs to be > > rebaselined forever... > > (bug Reopened) > > It seems that the EWS for are experimenting troubles. Unfortunately, it > looks like the https://trac.webkit.org/r251425 is breaking the JSC test > suite in https://build.webkit.org/waterfall?category=misc right now. > > Hopefully you could take a look into this. The main issue from this patch is that there's a missing call to JIT::prepareCallOperation(VM&) in DFG::OSRExit::emitRestoreArguments() which would properly adjust the vm.topCallFrame value. This trips up OSR exits, resulting in crashes. Besides that, there are other places in DFG where a call operation doesn't invoke prepareCallOperation(), but without any consequences. I'd post a patch for it already, but r251468 broke things in a different way, so this is just a heads-up about the solution.
Yusuke Suzuki
Comment 50 2019-10-23 10:57:04 PDT
(In reply to Zan Dobersek from comment #49) > (In reply to Pablo Saavedra from comment #48) > > (In reply to Yusuke Suzuki from comment #40) > > > Hmm, I'm attempting to make 32bit JIT built, but seems that EWS for these > > > builds is too slow, and I cannot get the result. I'll land this first and > > > check the buildbot status after that, otherwise, this patch needs to be > > > rebaselined forever... > > > > (bug Reopened) > > > > It seems that the EWS for are experimenting troubles. Unfortunately, it > > looks like the https://trac.webkit.org/r251425 is breaking the JSC test > > suite in https://build.webkit.org/waterfall?category=misc right now. > > > > Hopefully you could take a look into this. > > The main issue from this patch is that there's a missing call to > JIT::prepareCallOperation(VM&) in DFG::OSRExit::emitRestoreArguments() which > would properly adjust the vm.topCallFrame value. This trips up OSR exits, > resulting in crashes. > > Besides that, there are other places in DFG where a call operation doesn't > invoke prepareCallOperation(), but without any consequences. > > I'd post a patch for it already, but r251468 broke things in a different > way, so this is just a heads-up about the solution. Thanks. I'm doing a bit mechanical way to find missing prepareCallOperation(VM&) in https://bugs.webkit.org/show_bug.cgi?id=203285 Can you try the part of this patch in your local 32bit JIT machine and test it?
Yusuke Suzuki
Comment 51 2019-10-23 16:37:09 PDT
32bit issues will be fixed in bug 203285
Yusuke Suzuki
Comment 52 2019-11-20 01:13:54 PST
*** Bug 134932 has been marked as a duplicate of this bug. ***
Yusuke Suzuki
Comment 53 2019-11-20 01:14:18 PST
*** Bug 202340 has been marked as a duplicate of this bug. ***
EWS
Comment 54 2023-03-27 11:44:14 PDT
Committed 262166@main (7a682381645f): <https://commits.webkit.org/262166@main> Reviewed commits have been landed. Closing PR #11084 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.