Created attachment 127520 [details] proposed patch

Comment on attachment 127520 [details] proposed patch I think there is a problem with this in that the string concatenation may trigger a malloc, and the main thread may be suspended holding the malloc heap lock, resulting in deadlock. I do think we'll want to get more detailed information out of the profiler, but I'm not sure this is the right approach – rather, I think we may want a way to retain all code blocks while profiling, and to lazily manage mapping sampled PCs back to the byte code offset (line number, etc), from the main thread once sampling is complete.

Created attachment 127585 [details] updated patch Gavin, thanks for pointing out the problem. Yes, as you mentioned, I think we should do the JIT symbol mapping stuffs after sampling. And I think when the profiling is ended and the profile is reported the CodeBlocks _should_ be alive. As the CodeProfiling stuff will be cleaned-up when we get out of evaluate(), while the CodeBlocks are allocated in the heap which are supposed to be reclaimed later. So this new patch is based on this assumption. Example profiling output: <CodeProfiling /mnt/supplement/kraken/tests/kraken-1.1/ai-astar.js:1> Total samples: 8354 8259: [[DFGJIT]] : search (Lines: 48-118) (8259 stack top) 82: [[EngineCode]] (0 stack top) 82: <unknown> (82 stack top) 10: [[DFGJIT]] : neighbors (Lines: 125-143) (10 stack top) 1: [[DFGJIT]] : findGraphNode (Lines: 7-12) (1 stack top) 1: [[DFGJIT]] : init (Lines: 38-47) (1 stack top) 1: [[BaselineOSR]] : init (Lines: 38-47) (1 stack top) </CodeProfiling /mnt/supplement/kraken/tests/kraken-1.1/ai-astar.js:1>

Sorry but please just ignore my last comment. The Code blocks may be deleted during the script evaluation because of GC - which is reasonable in a normal run. Should we disallow code GC when profiling is enabled?

(In reply to comment #4) > Sorry but please just ignore my last comment. The Code blocks may be deleted during the script evaluation because of GC - which is reasonable in a normal run. Should we disallow code GC when profiling is enabled? I think we may want to disable recovery of the JIT code buffers, yes. I guessing we don't need to keep any JS heap GC objects alive, but we'll want to retain the code blocks of executables that are destroyed. I believe we already have a mechanism to keep code blocks alive, where they have been jettisoned from an executable, but may still be on the stack. We may be able to reuse the same mechanism, but I haven't looked into this.

Created attachment 128681 [details] patch updated Patch updated. we retain the code blocks and the executable memory in order to map the address to the JS function and line numbers correctly. Also, the children map of a ProfileTreeNode needs to be reference counted to avoid dangling pointers due to map expansion.

Hi Gavin, how do you think about the updated patch? Thanks.

Created attachment 145922 [details] Rebase

Comment on attachment 145922 [details] Rebase Attachment 145922 [details] did not pass win-ews (win): Output: http://queues.webkit.org/results/12895786

Comment on attachment 145922 [details] Rebase Attachment 145922 [details] did not pass mac-ews (mac): Output: http://queues.webkit.org/results/12906493

Comment on attachment 145922 [details] Rebase Attachment 145922 [details] did not pass efl-ews (efl): Output: http://queues.webkit.org/results/12900696

Created attachment 145938 [details] o... the previous one is wrongly rebased.. this one please

Comment on attachment 145938 [details] o... the previous one is wrongly rebased.. this one please Clearing review flag on patches from before 2014. If this patch is still relevant, please reset the r? flag.