Constant buffers may contain heap pointers. This works because all pointers in constant buffers are also placed into the constants array. Tiered compilation always copies the constants array from the old code block to the new optimized one. But it does not do the same thing for constant buffers. Hence the optimized code's constant buffers may contain pointers not pinned by the constants array.
Created attachment 112407 [details] the patch
Attachment 112407 [details] did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/JavaScriptCore/ChangeLog', u'Source..." exit_code: 1 Source/JavaScriptCore/bytecode/CodeBlock.h:394: The parameter name "opcodeID" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 1 in 4 files If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 112407 [details] the patch Fix t he style error
This is performance neutral. Benchmark report for SunSpider, V8, and Kraken. VMs tested: "TipOfTree" at /Volumes/Data/pizlo/tertiary/OpenSource/WebKitBuild/Release/jsc "FixConstBuf" at /Volumes/Data/pizlo/secondary/OpenSource/WebKitBuild/Release/jsc Collected 12 samples per benchmark/VM, with 4 VM invocations per benchmark. Used 1 benchmark iteration per VM invocation for warm-up. Used the jsc-specific preciseTime() function to get microsecond-level timing. Reporting benchmark execution times with 95% confidence intervals in milliseconds. TipOfTree FixConstBuf SunSpider: 3d-cube 8.0505+-0.0685 7.9359+-0.0667 might be 1.0144x faster 3d-morph 8.6633+-0.1600 8.5361+-0.1439 might be 1.0149x faster 3d-raytrace 8.2059+-0.0931 ? 8.2331+-0.1166 ? access-binary-trees 1.6886+-0.0054 ? 1.6909+-0.0066 ? access-fannkuch 7.7687+-0.0229 7.7430+-0.0173 access-nbody 4.5287+-0.0058 4.5236+-0.0081 access-nsieve 3.1825+-0.0146 ? 3.1851+-0.0263 ? bitops-3bit-bits-in-byte 1.3168+-0.0088 1.3083+-0.0029 bitops-bits-in-byte 5.2742+-0.0120 ? 5.2809+-0.0378 ? bitops-bitwise-and 3.4759+-0.0796 ? 3.4883+-0.0287 ? bitops-nsieve-bits 5.6505+-0.0393 5.6337+-0.0351 controlflow-recursive 2.3464+-0.0207 2.3335+-0.0041 crypto-aes 7.6420+-0.0582 7.6371+-0.0855 crypto-md5 2.8606+-0.0154 ? 2.8754+-0.0269 ? crypto-sha1 2.6375+-0.0088 2.6337+-0.0110 date-format-tofte 10.6854+-0.0953 ? 10.7042+-0.2139 ? date-format-xparb 10.6916+-0.3089 ^ 9.9594+-0.0866 ^ definitely 1.0735x faster math-cordic 7.6859+-0.2778 7.6530+-0.2304 math-partial-sums 10.5895+-0.0441 ? 10.6246+-0.0526 ? math-spectral-norm 2.8830+-0.0048 2.8799+-0.0074 regexp-dna 13.4970+-0.2367 13.4127+-0.2123 string-base64 4.4485+-0.0206 4.4311+-0.0340 string-fasta 7.1101+-0.0349 ? 7.1318+-0.0478 ? string-tagcloud 13.1894+-0.1249 13.1489+-0.1403 string-unpack-code 22.7091+-0.1914 ? 22.9071+-0.2137 ? string-validate-input 5.5622+-0.0575 ? 5.5778+-0.0409 ? <arithmetic> * 7.0132+-0.0274 6.9796+-0.0320 <geometric> 5.6627+-0.0183 5.6401+-0.0180 <harmonic> 4.4705+-0.0137 4.4587+-0.0100 TipOfTree FixConstBuf V8: crypto 81.3316+-0.2960 81.2628+-0.2383 deltablue 199.5470+-0.5958 ^ 198.4363+-0.1800 ^ definitely 1.0056x faster earley-boyer 112.2752+-0.5393 112.1956+-0.7270 raytrace 69.8685+-0.2929 ^ 69.0072+-0.5303 ^ definitely 1.0125x faster regexp 124.6409+-0.4324 ^ 123.7003+-0.3378 ^ definitely 1.0076x faster richards 145.2131+-0.8211 ! 146.2276+-0.1030 ! definitely 1.0070x slower splay 126.0377+-0.3933 ? 126.9318+-0.9943 ? <arithmetic> 122.7020+-0.1650 122.5374+-0.1746 <geometric> * 116.4504+-0.1692 116.2318+-0.2034 <harmonic> 110.4595+-0.1673 110.1428+-0.2489 TipOfTree FixConstBuf Kraken: ai-astar 825.2143+-10.5640 ? 825.3995+-10.4404 ? audio-beat-detection 214.5992+-1.0426 213.8940+-1.8930 audio-dft 262.4195+-2.9936 261.3936+-2.7625 audio-fft 133.1768+-0.8196 ? 133.2133+-0.6252 ? audio-oscillator 291.2722+-1.0563 291.2201+-1.0960 imaging-darkroom 452.7566+-6.8243 ? 469.5159+-10.2028 ? might be 1.0370x slower imaging-desaturate 245.1950+-0.0779 ? 245.2536+-0.0819 ? imaging-gaussian-blur 621.4870+-0.3604 ? 621.5398+-0.7945 ? json-parse-financial 71.2894+-0.2024 ^ 70.4558+-0.1478 ^ definitely 1.0118x faster json-stringify-tinderbox 80.1929+-0.7263 79.4164+-0.3215 stanford-crypto-aes 153.9564+-1.7819 ? 154.6274+-1.2732 ? stanford-crypto-ccm 118.4293+-1.5540 ^ 115.9632+-0.5710 ^ definitely 1.0213x faster stanford-crypto-pbkdf2 243.6601+-3.8261 ^ 237.1275+-2.2955 ^ definitely 1.0275x faster stanford-crypto-sha256-iterative 85.7246+-0.2278 85.2612+-0.2401 <arithmetic> * 271.3838+-1.3983 ? 271.7344+-0.8194 ? <geometric> 207.2901+-0.7034 206.6849+-0.4216 <harmonic> 163.2860+-0.3995 ^ 162.2276+-0.2552 ^ definitely 1.0065x faster TipOfTree FixConstBuf All benchmarks: <arithmetic> 102.9921+-0.4253 ? 103.0534+-0.2680 ? <geometric> 25.9617+-0.0675 25.8746+-0.0564 <harmonic> 7.8792+-0.0238 7.8581+-0.0173 TipOfTree FixConstBuf Geomean of preferred means: <scaled-result> 60.5170+-0.1693 60.4084+-0.1491
Created attachment 112409 [details] the patch Fixed the style.
Landed in http://trac.webkit.org/changeset/98398