213069 – [JSC] Return DisposableCallSiteIndex when destroying GCAwareJITStubRoutineWithExceptionHandler

Bug 213069 - [JSC] Return DisposableCallSiteIndex when destroying GCAwareJITStubRoutineWithExceptionHandler

Summary: [JSC] Return DisposableCallSiteIndex when destroying GCAwareJITStubRoutineWit...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Yusuke Suzuki

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-06-10 23:15 PDT by Yusuke Suzuki
Modified:	2020-06-11 13:11 PDT (History)
CC List:	11 users (show)

See Also:

Attachments
Patch (39.27 KB, patch) 2020-06-10 23:27 PDT, Yusuke Suzuki	no flags	Details \| Formatted Diff \| Diff
Patch (39.78 KB, patch) 2020-06-10 23:45 PDT, Yusuke Suzuki	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yusuke Suzuki 2020-06-10 23:15:10 PDT

[JSC] Return DisposableCallSiteIndex when destroying GCAwareJITStubRoutineWithExceptionHandler

Comment 1 Yusuke Suzuki 2020-06-10 23:27:05 PDT

Created attachment 401622 [details]
Patch

Comment 2 Yusuke Suzuki 2020-06-10 23:27:07 PDT

<rdar://problem/64205186>

Comment 3 Yusuke Suzuki 2020-06-10 23:31:19 PDT

Comment on attachment 401622 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=401622&action=review

> Source/JavaScriptCore/dfg/DFGCodeOriginPool.h:51
> +    HashSet<unsigned, WTF::IntHash<unsigned>, WTF::UnsignedWithZeroKeyHashTraits<unsigned>> m_callSiteIndexFreeList;

I don't know why it is HashSet. Maybe, we can just make it Vector.

Comment 4 Yusuke Suzuki 2020-06-10 23:45:34 PDT

Created attachment 401624 [details]
Patch

Comment 5 Yusuke Suzuki 2020-06-11 01:34:54 PDT

mac-debug-wk1 is recently crashing. https://results.webkit.org/?suite=layout-tests&test=js%2Fdom%2Fpromise-stack-overflow.html And it seems that crash is unrelated to this.

https://build.webkit.org/results/Apple-Catalina-Release-WK1-Tests/r262781%20(6547)/js/dom/promise-stack-overflow-crash-log.txt

Comment 6 Saam Barati 2020-06-11 09:28:48 PDT

Comment on attachment 401624 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=401624&action=review

> Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp:132
> +    m_codeOriginPool = nullptr;

When is this function called?

Comment 7 Yusuke Suzuki 2020-06-11 12:33:39 PDT

Comment on attachment 401624 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=401624&action=review

>> Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp:132
>> +    m_codeOriginPool = nullptr;
> 
> When is this function called?

This function is called when CodeBlock is destroying whole JIT related data.

1. CodeBlock itself is getting destroyed.
2. Destroying entire JITData via resetJITData

So, we can just make it nullptr, since everything will be destroyed.

Comment 8 Saam Barati 2020-06-11 12:38:14 PDT

Comment on attachment 401624 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=401624&action=review

r=me

>>> Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp:132
>>> +    m_codeOriginPool = nullptr;
>> 
>> When is this function called?
> 
> This function is called when CodeBlock is destroying whole JIT related data.
> 
> 1. CodeBlock itself is getting destroyed.
> 2. Destroying entire JITData via resetJITData
> 
> So, we can just make it nullptr, since everything will be destroyed.

Right. That's what I remembered, just wanted to make sure.

Comment 9 EWS 2020-06-11 13:11:38 PDT

Committed r262920: <https://trac.webkit.org/changeset/262920>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 401624 [details].