Closed Bug 648050 Opened 14 years ago Closed 12 years ago

JM+TI: separate VM and IC operations when updating ICs

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: bhackett1024, Unassigned)

References

Details

Currently recompilation interacts poorly with IC generation code. The generation code interleaves calls into the VM with accesses of the ICs, and these VM calls can trigger recompilation which invalidates the ICs. As a result, we check all over the place to see if recompilations have been triggered, and get memory corruption bugs if we miss a spot. It would be better to factor the IC code so that while we still have the same basic design, VM and IC operations are not interleaved and the resulting code is less error prone. The basic model would be: 1. Locally store all information we need from the IC to do the op (involved atoms, etc.) 2. Call into a separate function to do the op, all involved VM operations and record information relevant to IC generation (before/after shape for ADDPROP, etc.). This function would not have the IC available, thus could not access it. 3. If we recompiled, return to JIT code without touching the IC. 4. Otherwise, update the IC's state and generate a stub if necessary. This process should not call back into the VM, which we could enforce with code review and with limited assertions (i.e. nothing was recompiled while processing the IC).
JM was removed, Ion IC's are more robust because invalidation does not immediately destroy the IonScript.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.