Closed Bug 773655 Opened 9 years ago Closed 9 years ago

IonMonkey: Don't destroy JM code before Ion compilation

Categories

(Core :: JavaScript Engine, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: jandem, Assigned: jandem)

References

Details

Attachments

(1 file, 1 obsolete file)

Currently when a script is hot, we destroy the JM JITChunk, rejoin to the interpreter and enter Ion. Bug 771130 needs to access JM ICs from IonMonkey so we shouldn't destroy the JITChunk.
Attached patch Patch (obsolete) — Splinter Review
The main challenge is that if we don't destroy the chunk, JM callers may still call the function.

So when we want to enter Ion, the patch sets a flag to destroy the chunk later and NULLs out the JITScript entry pointers. This seemed to be the simplest and most effective way to prevent ICs from calling the function.
Attachment #642202 - Flags: review?(bhackett1024)
Attached patch PatchSplinter Review
Forgot to qref.
Attachment #642202 - Attachment is obsolete: true
Attachment #642202 - Flags: review?(bhackett1024)
Attachment #642203 - Flags: review?(bhackett1024)
Comment on attachment 642203 [details] [diff] [review]
Patch

Review of attachment 642203 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/methodjit/MethodJIT.h
@@ +783,5 @@
> +     * If set, we decided to keep the JITChunk so that Ion can access its caches.
> +     * The chunk has to be destroyed the next time the script runs in JM.
> +     * Note that this flag implies nchunks == 1.
> +     */
> +    bool mustDestroyChunk;

This name seems weird.  Maybe jit->mustDestroyEntryChunk or jit->mustDestroy?
Attachment #642203 - Flags: review?(bhackett1024) → review+
Pushed with s/mustDestroyChunk/mustDestroyEntryChunk:

https://hg.mozilla.org/projects/ionmonkey/rev/2a4e60c030c5
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.