Skip to site navigation (Press enter)

[webkit-changes] [225701] trunk/Source/bmalloc

sbarati Fri, 08 Dec 2017 14:29:12 -0800

Title: [225701] trunk/Source/bmalloc

Revision: 225701
Author: sbar...@apple.com
Date: 2017-12-08 14:28:31 -0800 (Fri, 08 Dec 2017)

Log Message

Enable gigacage on iOS with a 32GB runway and ensure it doesn't break WasmBench
https://bugs.webkit.org/show_bug.cgi?id=178557


Reviewed by Mark Lam.

* bmalloc/Algorithm.h:
(bmalloc::isPowerOfTwo):
* bmalloc/Gigacage.cpp:
* bmalloc/Gigacage.h:

Modified Paths

trunk/Source/bmalloc/ChangeLog
trunk/Source/bmalloc/bmalloc/Algorithm.h
trunk/Source/bmalloc/bmalloc/Gigacage.cpp
trunk/Source/bmalloc/bmalloc/Gigacage.h

Diff

Modified: trunk/Source/bmalloc/ChangeLog (225700 => 225701)


--- trunk/Source/bmalloc/ChangeLog	2017-12-08 22:23:22 UTC (rev 225700)
+++ trunk/Source/bmalloc/ChangeLog	2017-12-08 22:28:31 UTC (rev 225701)
@@ -1,3 +1,15 @@
+2017-12-08  Saam Barati  <sbar...@apple.com>
+
+        Enable gigacage on iOS with a 32GB runway and ensure it doesn't break WasmBench
+        https://bugs.webkit.org/show_bug.cgi?id=178557
+
+        Reviewed by Mark Lam.
+
+        * bmalloc/Algorithm.h:
+        (bmalloc::isPowerOfTwo):
+        * bmalloc/Gigacage.cpp:
+        * bmalloc/Gigacage.h:
+
 2017-12-05  Andy Estes  <aes...@apple.com>
 
         [Darwin] Simplify use of TargetConditionals

Modified: trunk/Source/bmalloc/bmalloc/Algorithm.h (225700 => 225701)


--- trunk/Source/bmalloc/bmalloc/Algorithm.h	2017-12-08 22:23:22 UTC (rev 225700)
+++ trunk/Source/bmalloc/bmalloc/Algorithm.h	2017-12-08 22:28:31 UTC (rev 225701)
@@ -63,8 +63,10 @@
     return !!(reinterpret_cast<uintptr_t>(value) & mask);
 }
 
-inline constexpr bool isPowerOfTwo(size_t size)
+template <typename T>
+inline constexpr bool isPowerOfTwo(T size)
 {
+    static_assert(std::is_integral<T>::value, "");
     return size && !(size & (size - 1));
 }

Modified: trunk/Source/bmalloc/bmalloc/Gigacage.cpp (225700 => 225701)


--- trunk/Source/bmalloc/bmalloc/Gigacage.cpp	2017-12-08 22:23:22 UTC (rev 225700)
+++ trunk/Source/bmalloc/bmalloc/Gigacage.cpp	2017-12-08 22:28:31 UTC (rev 225701)
@@ -34,13 +34,12 @@
 #include <cstdio>
 #include <mutex>
 
-#if BCPU(ARM64)
-// FIXME: There is no good reason for ARM64 to be special.
-// https://bugs.webkit.org/show_bug.cgi?id=177605
-#define GIGACAGE_RUNWAY 0
-#else
+// This is exactly 32GB because inside JSC, indexed accesses for arrays, typed arrays, etc,
+// use unsigned 32-bit ints as indices. The items those indices access are 8 bytes or less
+// in size. 2^32 * 8 = 32GB. This means if an access on a caged type happens to go out of
+// bounds, the access is guaranteed to land somewhere else in the cage or inside the runway.
+// If this were less than 32GB, those OOB accesses could reach outside of the cage.
 #define GIGACAGE_RUNWAY (32llu * 1024 * 1024 * 1024)
-#endif
 
 char g_gigacageBasePtrs[GIGACAGE_BASE_PTRS_SIZE] __attribute__((aligned(GIGACAGE_BASE_PTRS_SIZE)));

Modified: trunk/Source/bmalloc/bmalloc/Gigacage.h (225700 => 225701)


--- trunk/Source/bmalloc/bmalloc/Gigacage.h	2017-12-08 22:23:22 UTC (rev 225700)
+++ trunk/Source/bmalloc/bmalloc/Gigacage.h	2017-12-08 22:28:31 UTC (rev 225701)
@@ -25,6 +25,7 @@
 
 #pragma once
 
+#include "Algorithm.h"
 #include "BAssert.h"
 #include "BExport.h"
 #include "BInline.h"
@@ -33,9 +34,7 @@
 #include <inttypes.h>
 
 #if BCPU(ARM64)
-// FIXME: This can probably be a lot bigger on iOS. I just haven't tried to make it bigger yet.
-// https://bugs.webkit.org/show_bug.cgi?id=177605
-#define PRIMITIVE_GIGACAGE_SIZE 0x40000000llu
+#define PRIMITIVE_GIGACAGE_SIZE 0x80000000llu
 #define JSVALUE_GIGACAGE_SIZE 0x40000000llu
 #define STRING_GIGACAGE_SIZE 0x40000000llu
 #define GIGACAGE_ALLOCATION_CAN_FAIL 1
@@ -46,6 +45,10 @@
 #define GIGACAGE_ALLOCATION_CAN_FAIL 0
 #endif
 
+static_assert(bmalloc::isPowerOfTwo(PRIMITIVE_GIGACAGE_SIZE), "");
+static_assert(bmalloc::isPowerOfTwo(JSVALUE_GIGACAGE_SIZE), "");
+static_assert(bmalloc::isPowerOfTwo(STRING_GIGACAGE_SIZE), "");
+
 #define GIGACAGE_SIZE_TO_MASK(size) ((size) - 1)
 
 #define PRIMITIVE_GIGACAGE_MASK GIGACAGE_SIZE_TO_MASK(PRIMITIVE_GIGACAGE_SIZE)
@@ -52,9 +55,8 @@
 #define JSVALUE_GIGACAGE_MASK GIGACAGE_SIZE_TO_MASK(JSVALUE_GIGACAGE_SIZE)
 #define STRING_GIGACAGE_MASK GIGACAGE_SIZE_TO_MASK(STRING_GIGACAGE_SIZE)
 
-// FIXME: Make WasmBench run with gigacage on iOS and re-enable on ARM64:
-// https://bugs.webkit.org/show_bug.cgi?id=178557
-#if (BOS(DARWIN) || BOS(LINUX)) && (/* (BCPU(ARM64) && !defined(__ILP32__))  || */ BCPU(X86_64))
+#if ((BOS(DARWIN) || BOS(LINUX)) && \
+    (BCPU(X86_64) || (BCPU(ARM64) && !defined(__ILP32__) && (!BPLATFORM(IOS) || __IPHONE_OS_VERSION_MIN_REQUIRED >= 110300))))
 #define GIGACAGE_ENABLED 1
 #else
 #define GIGACAGE_ENABLED 0

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes