RESOLVED FIXED 70468
DFG call optimization handling will fail if the call had been unlinked due to the callee being optimized 
https://bugs.webkit.org/show_bug.cgi?id=70468
Summary DFG call optimization handling will fail if the call had been unlinked due to...
Filip Pizlo
Reported 2011-10-19 19:51:57 PDT
Since the optimization trigger is likely to fire at roughly the same time for multiple code blocks, this leads to an unfortunate outcome where the optimization of one code block leads the others to forget about its existence.
Attachments
the patch (4.70 KB, patch)
2011-10-19 20:43 PDT, Filip Pizlo 		oliver: review-
DetailsFormatted DiffDiff
the patch (5.61 KB, patch)
2011-10-20 21:33 PDT, Filip Pizlo 		ggaren: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2011-10-19 20:43:47 PDT
Created attachment 111720 [details] the patch
Oliver Hunt
Comment 2 2011-10-19 20:51:12 PDT
Comment on attachment 111720 [details] the patch lastSeenCallee isn't marked so this isn't safe, but also this may result in dead functions being kept alive longer than is strictly necessary. I would almost consider going with a Weak<> ref rather than WriteBarrier<JSFunction> if we can get do it without a perf impact
Filip Pizlo
Comment 3 2011-10-19 20:53:01 PDT
(In reply to comment #2) > (From update of attachment 111720 [details]) > lastSeenCallee isn't marked so this isn't safe, but also this may result in dead functions being kept alive longer than is strictly necessary. I would almost consider going with a Weak<> ref rather than WriteBarrier<JSFunction> if we can get do it without a perf impact I'll change it to use the WeakReferenceHarvester approach.
Oliver Hunt
Comment 4 2011-10-19 21:20:04 PDT
(In reply to comment #3) > (In reply to comment #2) > > (From update of attachment 111720 [details] [details]) > > lastSeenCallee isn't marked so this isn't safe, but also this may result in dead functions being kept alive longer than is strictly necessary. I would almost consider going with a Weak<> ref rather than WriteBarrier<JSFunction> if we can get do it without a perf impact > > I'll change it to use the WeakReferenceHarvester approach. Righto
Filip Pizlo
Comment 5 2011-10-20 21:29:14 PDT
(In reply to comment #3) > (In reply to comment #2) > > (From update of attachment 111720 [details] [details]) > > lastSeenCallee isn't marked so this isn't safe, but also this may result in dead functions being kept alive longer than is strictly necessary. I would almost consider going with a Weak<> ref rather than WriteBarrier<JSFunction> if we can get do it without a perf impact > > I'll change it to use the WeakReferenceHarvester approach. Changed my mind. As per earlier discussions, using a strong reference would not be a regression. We currently unlink calls when we blow away all code. If we blow away all code, then this reference (lastSeenCallee) would disappear from the GC trace since its owned by CodeBlock. It's definitely worthwhile to make all stubs into weak references, and when they go stale, blow away the stubs. Or in the case of DFG optimized code, trigger recompilation.
Filip Pizlo
Comment 6 2011-10-20 21:33:34 PDT
Created attachment 111899 [details] the patch
Geoffrey Garen
Comment 7 2011-10-20 21:48:56 PDT
Comment on attachment 111899 [details] the patch r=me Can we remove the callee field entirely now? It seems like it's a strict subset of lastSeenCallee.
Filip Pizlo
Comment 8 2011-10-20 22:13:32 PDT
Landed in http://trac.webkit.org/changeset/98065
Filip Pizlo
Comment 9 2011-10-20 22:14:20 PDT
(In reply to comment #7) > (From update of attachment 111899 [details]) > r=me > > Can we remove the callee field entirely now? It seems like it's a strict subset of lastSeenCallee. callee is a magic field - it's really just a pointer to the machine code containing the callee immediate. We don't want to remove that since then we wouldn't be able to do linking/unlinking.
Note You need to log in before you can comment on or make changes to this bug.