Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (221147 => 221148)
--- trunk/Source/_javascript_Core/ChangeLog 2017-08-24 17:53:33 UTC (rev 221147)
+++ trunk/Source/_javascript_Core/ChangeLog 2017-08-24 18:00:09 UTC (rev 221148)
@@ -1,3 +1,23 @@
+2017-08-23 Filip Pizlo <fpi...@apple.com>
+
+ Reduce Gigacage sizes
+ https://bugs.webkit.org/show_bug.cgi?id=175920
+
+ Reviewed by Mark Lam.
+
+ Teach all of the code generators to use the right gigacage masks.
+
+ Also teach Wasm that it has much less memory for signaling memories. With 32GB, we have room for 7 signaling memories. But if
+ we actually did that, then we'd have no memory left for anything else. So, this caps us at 4 signaling memories.
+
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::caged):
+ * jit/AssemblyHelpers.h:
+ (JSC::AssemblyHelpers::cage):
+ (JSC::AssemblyHelpers::cageConditionally):
+ * llint/LowLevelInterpreter64.asm:
+ * runtime/Options.h:
+
2017-08-24 Saam Barati <sbar...@apple.com>
DFG::JITCode::osrEntry should get sorted since we perform a binary search on it
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (221147 => 221148)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2017-08-24 17:53:33 UTC (rev 221147)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2017-08-24 18:00:09 UTC (rev 221148)
@@ -11704,7 +11704,7 @@
}
LValue basePtr = m_out.constIntPtr(Gigacage::basePtr(kind));
- LValue mask = m_out.constIntPtr(GIGACAGE_MASK);
+ LValue mask = m_out.constIntPtr(Gigacage::mask(kind));
LValue masked = m_out.bitAnd(ptr, mask);
LValue result = m_out.add(masked, basePtr);
Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.h (221147 => 221148)
--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2017-08-24 17:53:33 UTC (rev 221147)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2017-08-24 18:00:09 UTC (rev 221148)
@@ -1317,7 +1317,7 @@
if (!Gigacage::shouldBeEnabled())
return;
- andPtr(TrustedImmPtr(static_cast<size_t>(GIGACAGE_MASK)), storage);
+ andPtr(TrustedImmPtr(Gigacage::mask(kind)), storage);
addPtr(TrustedImmPtr(Gigacage::basePtr(kind)), storage);
#else
UNUSED_PARAM(kind);
@@ -1336,7 +1336,7 @@
loadPtr(&Gigacage::basePtr(kind), scratch);
Jump done = branchTestPtr(Zero, scratch);
- andPtr(TrustedImmPtr(static_cast<size_t>(GIGACAGE_MASK)), storage);
+ andPtr(TrustedImmPtr(Gigacage::mask(kind)), storage);
addPtr(scratch, storage);
done.link(this);
#else
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (221147 => 221148)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2017-08-24 17:53:33 UTC (rev 221147)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2017-08-24 18:00:09 UTC (rev 221148)
@@ -376,12 +376,12 @@
end)
end
-macro loadCaged(basePtr, source, dest, scratch)
+macro loadCaged(basePtr, mask, source, dest, scratch)
loadp source, dest
if GIGACAGE_ENABLED and not C_LOOP
loadp basePtr, scratch
btpz scratch, .done
- andp constexpr GIGACAGE_MASK, dest
+ andp mask, dest
addp scratch, dest
.done:
end
@@ -1209,7 +1209,7 @@
macro loadPropertyAtVariableOffset(propertyOffsetAsInt, objectAndStorage, value)
bilt propertyOffsetAsInt, firstOutOfLineOffset, .isInline
- loadCaged(_g_jsValueGigacageBasePtr, JSObject::m_butterfly[objectAndStorage], objectAndStorage, value)
+ loadCaged(_g_jsValueGigacageBasePtr, constexpr JSVALUE_GIGACAGE_MASK, JSObject::m_butterfly[objectAndStorage], objectAndStorage, value)
negi propertyOffsetAsInt
sxi2q propertyOffsetAsInt, propertyOffsetAsInt
jmp .ready
@@ -1222,7 +1222,7 @@
macro storePropertyAtVariableOffset(propertyOffsetAsInt, objectAndStorage, value, scratch)
bilt propertyOffsetAsInt, firstOutOfLineOffset, .isInline
- loadCaged(_g_jsValueGigacageBasePtr, JSObject::m_butterfly[objectAndStorage], objectAndStorage, scratch)
+ loadCaged(_g_jsValueGigacageBasePtr, constexpr JSVALUE_GIGACAGE_MASK, JSObject::m_butterfly[objectAndStorage], objectAndStorage, scratch)
negi propertyOffsetAsInt
sxi2q propertyOffsetAsInt, propertyOffsetAsInt
jmp .ready
@@ -1298,7 +1298,7 @@
btiz t2, IsArray, .opGetArrayLengthSlow
btiz t2, IndexingShapeMask, .opGetArrayLengthSlow
loadisFromInstruction(1, t1)
- loadCaged(_g_jsValueGigacageBasePtr, JSObject::m_butterfly[t3], t0, t2)
+ loadCaged(_g_jsValueGigacageBasePtr, constexpr JSVALUE_GIGACAGE_MASK, JSObject::m_butterfly[t3], t0, t2)
loadi -sizeof IndexingHeader + IndexingHeader::u.lengths.publicLength[t0], t0
bilt t0, 0, .opGetArrayLengthSlow
orq tagTypeNumber, t0
@@ -1481,7 +1481,7 @@
loadisFromInstruction(3, t3)
loadConstantOrVariableInt32(t3, t1, .opGetByValSlow)
sxi2q t1, t1
- loadCaged(_g_jsValueGigacageBasePtr, JSObject::m_butterfly[t0], t3, t5)
+ loadCaged(_g_jsValueGigacageBasePtr, constexpr JSVALUE_GIGACAGE_MASK, JSObject::m_butterfly[t0], t3, t5)
andi IndexingShapeMask, t2
bieq t2, Int32Shape, .opGetByValIsContiguous
bineq t2, ContiguousShape, .opGetByValNotContiguous
@@ -1528,7 +1528,7 @@
bia t2, LastArrayType - FirstArrayType, .opGetByValSlow
# Sweet, now we know that we have a typed array. Do some basic things now.
- loadCaged(_g_primitiveGigacageBasePtr, JSArrayBufferView::m_vector[t0], t3, t5)
+ loadCaged(_g_primitiveGigacageBasePtr, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t5)
biaeq t1, JSArrayBufferView::m_length[t0], .opGetByValSlow
# Now bisect through the various types. Note that we can treat Uint8ArrayType and
@@ -1619,7 +1619,7 @@
loadisFromInstruction(2, t0)
loadConstantOrVariableInt32(t0, t3, .opPutByValSlow)
sxi2q t3, t3
- loadCaged(_g_jsValueGigacageBasePtr, JSObject::m_butterfly[t1], t0, t5)
+ loadCaged(_g_jsValueGigacageBasePtr, constexpr JSVALUE_GIGACAGE_MASK, JSObject::m_butterfly[t1], t0, t5)
andi IndexingShapeMask, t2
bineq t2, Int32Shape, .opPutByValNotInt32
contiguousPutByVal(
Modified: trunk/Source/_javascript_Core/runtime/Options.h (221147 => 221148)
--- trunk/Source/_javascript_Core/runtime/Options.h 2017-08-24 17:53:33 UTC (rev 221147)
+++ trunk/Source/_javascript_Core/runtime/Options.h 2017-08-24 18:00:09 UTC (rev 221148)
@@ -465,7 +465,7 @@
v(bool, logWebAssemblyMemory, false, Normal, nullptr) \
v(unsigned, webAssemblyFastMemoryRedzonePages, 128, Normal, "WebAssembly fast memories use 4GiB virtual allocations, plus a redzone (counted as multiple of 64KiB WebAssembly pages) at the end to catch reg+imm accesses which exceed 32-bit, anything beyond the redzone is explicitly bounds-checked") \
v(bool, crashIfWebAssemblyCantFastMemory, false, Normal, "If true, we will crash if we can't obtain fast memory for wasm.") \
- v(unsigned, maxNumWebAssemblyFastMemories, 10, Normal, nullptr) \
+ v(unsigned, maxNumWebAssemblyFastMemories, 4, Normal, nullptr) \
v(bool, useWebAssemblyFastTLS, true, Normal, "If true, we will try to use fast thread-local storage if available on the current platform.") \
v(bool, useFastTLSForWasmContext, true, Normal, "If true (and fast TLS is enabled), we will store context in fast TLS. If false, we will pin it to a register.") \
v(bool, useCallICsForWebAssemblyToJSCalls, true, Normal, "If true, we will use CallLinkInfo to inline cache Wasm to JS calls.") \
Modified: trunk/Source/WTF/ChangeLog (221147 => 221148)
--- trunk/Source/WTF/ChangeLog 2017-08-24 17:53:33 UTC (rev 221147)
+++ trunk/Source/WTF/ChangeLog 2017-08-24 18:00:09 UTC (rev 221148)
@@ -1,3 +1,15 @@
+2017-08-23 Filip Pizlo <fpi...@apple.com>
+
+ Reduce Gigacage sizes
+ https://bugs.webkit.org/show_bug.cgi?id=175920
+
+ Reviewed by Mark Lam.
+
+ Provide filler API for the no-bmalloc/no-Gigacage case.
+
+ * wtf/Gigacage.h:
+ (Gigacage::mask):
+
2017-08-23 Yusuke Suzuki <utatane....@gmail.com>
Unreviewed, build fix in GTK port
Modified: trunk/Source/WTF/wtf/Gigacage.h (221147 => 221148)
--- trunk/Source/WTF/wtf/Gigacage.h 2017-08-24 17:53:33 UTC (rev 221147)
+++ trunk/Source/WTF/wtf/Gigacage.h 2017-08-24 18:00:09 UTC (rev 221148)
@@ -28,7 +28,6 @@
#include <wtf/FastMalloc.h>
#if defined(USE_SYSTEM_MALLOC) && USE_SYSTEM_MALLOC
-#define GIGACAGE_MASK 0
#define GIGACAGE_ENABLED 0
extern "C" {
@@ -72,6 +71,8 @@
return g_gigacageBasePtr;
}
+ALWAYS_INLINE size_t mask(Kind) { return 0; }
+
template<typename T>
inline T* caged(Kind, T* ptr) { return ptr; }
Modified: trunk/Source/bmalloc/ChangeLog (221147 => 221148)
--- trunk/Source/bmalloc/ChangeLog 2017-08-24 17:53:33 UTC (rev 221147)
+++ trunk/Source/bmalloc/ChangeLog 2017-08-24 18:00:09 UTC (rev 221148)
@@ -1,3 +1,29 @@
+2017-08-23 Filip Pizlo <fpi...@apple.com>
+
+ Reduce Gigacage sizes
+ https://bugs.webkit.org/show_bug.cgi?id=175920
+
+ Reviewed by Mark Lam.
+
+ This introduces the ability to have different gigacage sizes for different gigacages, and uses it to reduce the size of both
+ gigacages, but to different extents: Primitive gets 32GB with a 16GB runway and JSValue gets 16GB.
+
+ This is a ~10% membuster progression on my Mac Pro.
+
+ * bmalloc/Gigacage.cpp:
+ (Gigacage::ensureGigacage):
+ * bmalloc/Gigacage.h:
+ (Gigacage::size):
+ (Gigacage::alignment):
+ (Gigacage::mask):
+ (Gigacage::runway):
+ (Gigacage::totalSize):
+ (Gigacage::caged):
+ * bmalloc/Heap.cpp:
+ (bmalloc::Heap::Heap):
+ (bmalloc::Heap::gigacageSize):
+ * bmalloc/Heap.h:
+
2017-08-08 Filip Pizlo <fpi...@apple.com>
Baseline JIT should do caging
Modified: trunk/Source/bmalloc/bmalloc/Gigacage.cpp (221147 => 221148)
--- trunk/Source/bmalloc/bmalloc/Gigacage.cpp 2017-08-24 17:53:33 UTC (rev 221147)
+++ trunk/Source/bmalloc/bmalloc/Gigacage.cpp 2017-08-24 18:00:09 UTC (rev 221148)
@@ -76,13 +76,13 @@
[&] (Kind kind) {
// FIXME: Randomize where this goes.
// https://bugs.webkit.org/show_bug.cgi?id=175245
- basePtr(kind) = tryVMAllocate(GIGACAGE_SIZE, GIGACAGE_SIZE + GIGACAGE_RUNWAY);
+ basePtr(kind) = tryVMAllocate(alignment(kind), totalSize(kind));
if (!basePtr(kind)) {
fprintf(stderr, "FATAL: Could not allocate %s gigacage.\n", name(kind));
BCRASH();
}
- vmDeallocatePhysicalPages(basePtr(kind), GIGACAGE_SIZE + GIGACAGE_RUNWAY);
+ vmDeallocatePhysicalPages(basePtr(kind), totalSize(kind));
});
});
#endif // GIGACAGE_ENABLED
Modified: trunk/Source/bmalloc/bmalloc/Gigacage.h (221147 => 221148)
--- trunk/Source/bmalloc/bmalloc/Gigacage.h 2017-08-24 17:53:33 UTC (rev 221147)
+++ trunk/Source/bmalloc/bmalloc/Gigacage.h 2017-08-24 18:00:09 UTC (rev 221148)
@@ -29,16 +29,25 @@
#include "BExport.h"
#include "BInline.h"
#include "BPlatform.h"
+#include <cstddef>
#include <inttypes.h>
-// The Gigacage is 64GB.
-#define GIGACAGE_MASK 0xfffffffffllu
-#define GIGACAGE_SIZE (GIGACAGE_MASK + 1)
+#define PRIMITIVE_GIGACAGE_SIZE 0x800000000llu
+#define JSVALUE_GIGACAGE_SIZE 0x400000000llu
+#define GIGACAGE_SIZE_TO_MASK(size) ((size) - 1)
+
+#define PRIMITIVE_GIGACAGE_MASK GIGACAGE_SIZE_TO_MASK(PRIMITIVE_GIGACAGE_SIZE)
+#define JSVALUE_GIGACAGE_MASK GIGACAGE_SIZE_TO_MASK(JSVALUE_GIGACAGE_SIZE)
+
// FIXME: Consider making this 32GB, in case unsigned 32-bit indices find their way into indexed accesses.
// https://bugs.webkit.org/show_bug.cgi?id=175062
-#define GIGACAGE_RUNWAY (16llu * 1024 * 1024 * 1024)
+#define PRIMITIVE_GIGACAGE_RUNWAY (16llu * 1024 * 1024 * 1024)
+// FIXME: Reconsider this.
+// https://bugs.webkit.org/show_bug.cgi?id=175921
+#define JSVALUE_GIGACAGE_RUNWAY 0
+
#if BOS(DARWIN) && BCPU(X86_64)
#define GIGACAGE_ENABLED 1
#else
@@ -93,6 +102,45 @@
return g_primitiveGigacageBasePtr;
}
+BINLINE size_t size(Kind kind)
+{
+ switch (kind) {
+ case Primitive:
+ return static_cast<size_t>(PRIMITIVE_GIGACAGE_SIZE);
+ case JSValue:
+ return static_cast<size_t>(JSVALUE_GIGACAGE_SIZE);
+ }
+ BCRASH();
+ return 0;
+}
+
+BINLINE size_t alignment(Kind kind)
+{
+ return size(kind);
+}
+
+BINLINE size_t mask(Kind kind)
+{
+ return GIGACAGE_SIZE_TO_MASK(size(kind));
+}
+
+BINLINE size_t runway(Kind kind)
+{
+ switch (kind) {
+ case Primitive:
+ return static_cast<size_t>(PRIMITIVE_GIGACAGE_RUNWAY);
+ case JSValue:
+ return static_cast<size_t>(JSVALUE_GIGACAGE_RUNWAY);
+ }
+ BCRASH();
+ return 0;
+}
+
+BINLINE size_t totalSize(Kind kind)
+{
+ return size(kind) + runway(kind);
+}
+
template<typename Func>
void forEachKind(const Func& func)
{
@@ -109,7 +157,7 @@
return ptr;
return reinterpret_cast<T*>(
reinterpret_cast<uintptr_t>(gigacageBasePtr) + (
- reinterpret_cast<uintptr_t>(ptr) & static_cast<uintptr_t>(GIGACAGE_MASK)));
+ reinterpret_cast<uintptr_t>(ptr) & mask(kind)));
}
BINLINE bool isCaged(Kind kind, const void* ptr)
Modified: trunk/Source/bmalloc/bmalloc/Heap.cpp (221147 => 221148)
--- trunk/Source/bmalloc/bmalloc/Heap.cpp 2017-08-24 17:53:33 UTC (rev 221147)
+++ trunk/Source/bmalloc/bmalloc/Heap.cpp 2017-08-24 18:00:09 UTC (rev 221148)
@@ -60,7 +60,7 @@
#if GIGACAGE_ENABLED
if (usingGigacage()) {
RELEASE_BASSERT(gigacageBasePtr());
- m_largeFree.add(LargeRange(gigacageBasePtr(), GIGACAGE_SIZE, 0));
+ m_largeFree.add(LargeRange(gigacageBasePtr(), gigacageSize(), 0));
}
#endif
}
@@ -78,6 +78,11 @@
return Gigacage::basePtr(gigacageKind(m_kind));
}
+size_t Heap::gigacageSize()
+{
+ return Gigacage::size(gigacageKind(m_kind));
+}
+
void Heap::initializeLineMetadata()
{
size_t sizeClassCount = bmalloc::sizeClass(smallLineSize);
Modified: trunk/Source/bmalloc/bmalloc/Heap.h (221147 => 221148)
--- trunk/Source/bmalloc/bmalloc/Heap.h 2017-08-24 17:53:33 UTC (rev 221147)
+++ trunk/Source/bmalloc/bmalloc/Heap.h 2017-08-24 18:00:09 UTC (rev 221148)
@@ -90,6 +90,7 @@
bool usingGigacage();
void* gigacageBasePtr(); // May crash if !usingGigacage().
+ size_t gigacageSize();
void initializeLineMetadata();
void initializePageMetadata();
