• mvstanton's avatar
    [TypeFeedbackVector] Root feedback vectors at function literal site. · aea3ce3d
    mvstanton authored
    TypeFeedbackVectors are strongly rooted by a closure. However, in modern
    JavaScript closures are created and abandoned more freely. An important
    closure may not be present in the root-set at time of garbage collection,
    even though we've cached optimized code and use it regularly. For
    example, consider leaf functions in an event dispatching system. They may
    well be "hot," but tragically non-present when we collect the heap.
    
    Until now, we've relied on a weak root to cache the feedback vector in
    this case. Since there is no way to signal intent or relative importance,
    this weak root is as susceptible to clearing as any other weak root at
    garbage collection time.
    
    Meanwhile, the feedback vector has become more important. All of our
    ICs store their data there. Literal and regex boilerplates are stored there.
    If we lose the vector, then we not only lose optimized code built from
    it, we also lose the very feedback which allowed us to create that optimized
    code. Therefore it's vital to express that dependency through the root
    set.
    
    This CL does this by creating a strong link to a feedback
    vector at the instantiation site of the function closure.
    This instantiation site is in the code and feedback vector
    of the outer closure.
    
    BUG=v8:5456
    
    Review-Url: https://codereview.chromium.org/2674593003
    Cr-Commit-Position: refs/heads/master@{#42953}
    aea3ce3d
heap-snapshot-generator.cc 109 KB