Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (293684 => 293685)
--- trunk/Source/_javascript_Core/ChangeLog 2022-05-02 21:52:11 UTC (rev 293684)
+++ trunk/Source/_javascript_Core/ChangeLog 2022-05-02 21:56:21 UTC (rev 293685)
@@ -1,3 +1,16 @@
+2022-05-02 Commit Queue <commit-qu...@webkit.org>
+
+ Unreviewed, reverting r293680.
+ https://bugs.webkit.org/show_bug.cgi?id=239983
+
+ crash on iOS
+
+ Reverted changeset:
+
+ "[JSC] Introduce shifting Structure encoding"
+ https://bugs.webkit.org/show_bug.cgi?id=239957
+ https://commits.webkit.org/r293680
+
2022-05-02 Yusuke Suzuki <ysuz...@apple.com>
[JSC] Introduce shifting Structure encoding
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (293684 => 293685)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2022-05-02 21:52:11 UTC (rev 293684)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2022-05-02 21:56:21 UTC (rev 293685)
@@ -21014,12 +21014,8 @@
LValue decodeNonNullStructure(LValue structureID)
{
-#if ENABLE(STRUCTURE_ID_WITH_SHIFT)
- return m_out.shl(m_out.zeroExtPtr(structureID), m_out.constIntPtr(StructureID::encodeShiftAmount));
-#else
- LValue maskedStructureID = m_out.bitAnd(structureID, m_out.constInt32(StructureID::structureIDMask));
+ LValue maskedStructureID = m_out.bitAnd(structureID, m_out.constInt32(structureIDMask));
return m_out.add(m_out.constIntPtr(g_jscConfig.startOfStructureHeap), m_out.zeroExtPtr(maskedStructureID));
-#endif
}
LValue loadStructure(LValue value)
Modified: trunk/Source/_javascript_Core/heap/Heap.cpp (293684 => 293685)
--- trunk/Source/_javascript_Core/heap/Heap.cpp 2022-05-02 21:52:11 UTC (rev 293684)
+++ trunk/Source/_javascript_Core/heap/Heap.cpp 2022-05-02 21:56:21 UTC (rev 293685)
@@ -269,7 +269,7 @@
, name ISO_SUBSPACE_INIT(*this, heapCellType, type)
#define INIT_SERVER_STRUCTURE_ISO_SUBSPACE(name, heapCellType, type) \
- , name("Isolated" #name "Space", *this, heapCellType, WTF::roundUpToMultipleOf<type::atomSize>(sizeof(type)), type::numberOfLowerTierCells, makeUnique<StructureAlignedMemoryAllocator>("Structure"))
+ , name("Isolated" #name "Space", *this, heapCellType, sizeof(type), type::numberOfLowerTierCells, makeUnique<StructureAlignedMemoryAllocator>("Structure"))
Heap::Heap(VM& vm, HeapType heapType)
: m_heapType(heapType)
Modified: trunk/Source/_javascript_Core/heap/StructureAlignedMemoryAllocator.cpp (293684 => 293685)
--- trunk/Source/_javascript_Core/heap/StructureAlignedMemoryAllocator.cpp 2022-05-02 21:52:11 UTC (rev 293684)
+++ trunk/Source/_javascript_Core/heap/StructureAlignedMemoryAllocator.cpp 2022-05-02 21:56:21 UTC (rev 293685)
@@ -66,7 +66,7 @@
RELEASE_ASSERT_NOT_REACHED();
}
-#if CPU(ADDRESS64) && !ENABLE(STRUCTURE_ID_WITH_SHIFT)
+#if CPU(ADDRESS64)
class StructureMemoryManager {
public:
@@ -83,7 +83,7 @@
mappedHeapSize /= 2;
}
g_jscConfig.sizeOfStructureHeap = mappedHeapSize;
- RELEASE_ASSERT(g_jscConfig.startOfStructureHeap && ((g_jscConfig.startOfStructureHeap & ~StructureID::structureIDMask) == g_jscConfig.startOfStructureHeap));
+ RELEASE_ASSERT(g_jscConfig.startOfStructureHeap && ((g_jscConfig.startOfStructureHeap & ~structureIDMask) == g_jscConfig.startOfStructureHeap));
}
void* tryMallocStructureBlock()
Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp (293684 => 293685)
--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp 2022-05-02 21:52:11 UTC (rev 293684)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp 2022-05-02 21:56:21 UTC (rev 293685)
@@ -405,15 +405,12 @@
void AssemblyHelpers::emitNonNullDecodeStructureID(RegisterID source, RegisterID dest)
{
-#if ENABLE(STRUCTURE_ID_WITH_SHIFT)
- lshift64(source, TrustedImm32(StructureID::encodeShiftAmount), dest);
-#elif CPU(ADDRESS64)
+ move(source, dest);
+#if CPU(ADDRESS64)
// This could use BFI on arm64 but that only helps if the start of structure heap is encodable as a mov and not as an immediate in the add so it's probably not super important.
- and32(TrustedImm32(StructureID::structureIDMask), source, dest);
+ and32(TrustedImm32(structureIDMask), dest);
add64(TrustedImm64(g_jscConfig.startOfStructureHeap), dest);
-#else // not CPU(ADDRESS64)
- move(source, dest);
-#endif
+#endif // not CPU(ADDRESS64)
}
void AssemblyHelpers::emitLoadStructure(VM&, RegisterID source, RegisterID dest)
Modified: trunk/Source/_javascript_Core/llint/LLIntOfflineAsmConfig.h (293684 => 293685)
--- trunk/Source/_javascript_Core/llint/LLIntOfflineAsmConfig.h 2022-05-02 21:52:11 UTC (rev 293684)
+++ trunk/Source/_javascript_Core/llint/LLIntOfflineAsmConfig.h 2022-05-02 21:56:21 UTC (rev 293685)
@@ -26,7 +26,6 @@
#pragma once
#include "LLIntCommon.h"
-#include "StructureID.h"
#include <wtf/Assertions.h>
#include <wtf/Gigacage.h>
@@ -162,12 +161,6 @@
#define OFFLINE_ASM_ADDRESS64 0
#endif
-#if ENABLE(STRUCTURE_ID_WITH_SHIFT)
-#define OFFLINE_ASM_STRUCTURE_ID_WITH_SHIFT 1
-#else
-#define OFFLINE_ASM_STRUCTURE_ID_WITH_SHIFT 0
-#endif
-
#if ASSERT_ENABLED
#define OFFLINE_ASM_ASSERT_ENABLED 1
#else
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (293684 => 293685)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2022-05-02 21:52:11 UTC (rev 293684)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2022-05-02 21:56:21 UTC (rev 293685)
@@ -741,10 +741,8 @@
end
macro structureIDToStructureWithScratch(structureIDThenStructure, scratch)
- if STRUCTURE_ID_WITH_SHIFT
- lshiftp (constexpr StructureID::encodeShiftAmount), structureIDThenStructure
- elsif ADDRESS64
- andq (constexpr StructureID::structureIDMask), structureIDThenStructure
+ if ADDRESS64
+ andq constexpr structureIDMask, structureIDThenStructure
leap JSCConfig + constexpr JSC::offsetOfJSCConfigStartOfStructureHeap, scratch
loadp [scratch], scratch
addp scratch, structureIDThenStructure
Modified: trunk/Source/_javascript_Core/runtime/JSCell.h (293684 => 293685)
--- trunk/Source/_javascript_Core/runtime/JSCell.h 2022-05-02 21:52:11 UTC (rev 293684)
+++ trunk/Source/_javascript_Core/runtime/JSCell.h 2022-05-02 21:56:21 UTC (rev 293685)
@@ -89,8 +89,6 @@
static constexpr uint8_t numberOfLowerTierCells = 8;
- static constexpr size_t atomSize = 16; // This needs to be larger or equal to 16.
-
static JSCell* seenMultipleCalleeObjects() { return bitwise_cast<JSCell*>(static_cast<uintptr_t>(1)); }
enum CreatingEarlyCellTag { CreatingEarlyCell };
Modified: trunk/Source/_javascript_Core/runtime/JSCellInlines.h (293684 => 293685)
--- trunk/Source/_javascript_Core/runtime/JSCellInlines.h 2022-05-02 21:52:11 UTC (rev 293684)
+++ trunk/Source/_javascript_Core/runtime/JSCellInlines.h 2022-05-02 21:56:21 UTC (rev 293685)
@@ -75,7 +75,6 @@
// cell is even constructed. To avoid this possibility, we need to ensure that the
// structure pointer is still alive at this point.
ensureStillAliveHere(structure);
- static_assert(JSCell::atomSize >= MarkedBlock::atomSize);
}
inline void JSCell::finishCreation(VM& vm)
Modified: trunk/Source/_javascript_Core/runtime/Structure.cpp (293684 => 293685)
--- trunk/Source/_javascript_Core/runtime/Structure.cpp 2022-05-02 21:52:11 UTC (rev 293684)
+++ trunk/Source/_javascript_Core/runtime/Structure.cpp 2022-05-02 21:56:21 UTC (rev 293685)
@@ -232,10 +232,6 @@
ASSERT(hasGetterSetterProperties() == m_classInfo->hasStaticSetterOrReadonlyProperties());
validateFlags();
-
-#if ENABLE(STRUCTURE_ID_WITH_SHIFT)
- ASSERT(WTF::roundUpToMultipleOf<Structure::atomSize()>(this) == this);
-#endif
}
const ClassInfo Structure::s_info = { "Structure"_s, nullptr, nullptr, nullptr, CREATE_METHOD_TABLE(Structure) };
@@ -274,10 +270,6 @@
ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
ASSERT(!this->typeInfo().overridesGetCallData() || m_classInfo->methodTable.getCallData != &JSCell::getCallData);
-
-#if ENABLE(STRUCTURE_ID_WITH_SHIFT)
- ASSERT(WTF::roundUpToMultipleOf<Structure::atomSize()>(this) == this);
-#endif
}
Structure::Structure(VM& vm, Structure* previous)
@@ -327,10 +319,6 @@
ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
ASSERT(!this->typeInfo().overridesGetCallData() || m_classInfo->methodTable.getCallData != &JSCell::getCallData);
-
-#if ENABLE(STRUCTURE_ID_WITH_SHIFT)
- ASSERT(WTF::roundUpToMultipleOf<Structure::atomSize()>(this) == this);
-#endif
}
Structure::~Structure()
Modified: trunk/Source/_javascript_Core/runtime/Structure.h (293684 => 293685)
--- trunk/Source/_javascript_Core/runtime/Structure.h 2022-05-02 21:52:11 UTC (rev 293684)
+++ trunk/Source/_javascript_Core/runtime/Structure.h 2022-05-02 21:56:21 UTC (rev 293685)
@@ -174,12 +174,7 @@
typedef JSCell Base;
static constexpr unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal;
static constexpr uint8_t numberOfLowerTierCells = 0;
-
-#if ENABLE(STRUCTURE_ID_WITH_SHIFT)
- static constexpr size_t atomSize = 32;
-#endif
- static_assert(JSCell::atomSize >= MarkedBlock::atomSize);
-
+
enum PolyProtoTag { PolyProto };
static Structure* create(VM&, JSGlobalObject*, JSValue prototype, const TypeInfo&, const ClassInfo*, IndexingType = NonArray, unsigned inlineCapacity = 0);
static Structure* create(PolyProtoTag, VM&, JSGlobalObject*, JSObject* prototype, const TypeInfo&, const ClassInfo*, IndexingType = NonArray, unsigned inlineCapacity = 0);
Modified: trunk/Source/_javascript_Core/runtime/StructureID.h (293684 => 293685)
--- trunk/Source/_javascript_Core/runtime/StructureID.h 2022-05-02 21:52:11 UTC (rev 293684)
+++ trunk/Source/_javascript_Core/runtime/StructureID.h 2022-05-02 21:56:21 UTC (rev 293685)
@@ -34,28 +34,12 @@
class Structure;
-// We would like to define this value in PlatformEnable.h, but it is not possible since the following is relying on MACH_VM_MAX_ADDRESS.
-#if CPU(ADDRESS64) && CPU(ARM64) && OS(DARWIN)
-#if MACH_VM_MAX_ADDRESS_RAW < (1ULL << 36)
-#define ENABLE_STRUCTURE_ID_WITH_SHIFT 1
-static_assert(MACH_VM_MAX_ADDRESS_RAW == MACH_VM_MAX_ADDRESS);
-#endif
-#endif
+constexpr CPURegister structureIDMask = structureHeapAddressSize - 1;
class StructureID {
public:
static constexpr uint32_t nukedStructureIDBit = 1;
-#if ENABLE(STRUCTURE_ID_WITH_SHIFT)
- // ENABLE(STRUCTURE_ID_WITH_SHIFT) is used when our virtual memory space is limited (specifically, less than or equal to 36 bit) while pointer is 64 bit.
- // In that case, we round up Structures size with 32 bytes instead of 16 bytes. This ensures that lower 5 bit become zero for Structure.
- // By shifting this address with 4, we can encode 36 bit address into 32 bit StructureID. And we can ensure that StructureID's lowest bit is still zero
- // because we round Structure size with 32 bytes. This lowest bit is used for nuke bit.
- static constexpr unsigned encodeShiftAmount = 4;
-#elif CPU(ADDRESS64)
- static constexpr CPURegister structureIDMask = structureHeapAddressSize - 1;
-#endif
-
StructureID() = default;
StructureID(StructureID const&) = default;
StructureID& operator=(StructureID const&) = default;
@@ -83,36 +67,11 @@
};
static_assert(sizeof(StructureID) == sizeof(uint32_t));
-#if ENABLE(STRUCTURE_ID_WITH_SHIFT)
+#if CPU(ADDRESS64)
ALWAYS_INLINE Structure* StructureID::decode() const
{
- ASSERT(decontaminate());
- return reinterpret_cast<Structure*>(static_cast<uintptr_t>(m_bits) << encodeShiftAmount);
-}
-
-ALWAYS_INLINE Structure* StructureID::tryDecode() const
-{
// Take care to only use the bits from m_bits in the structure's address reservation.
- uintptr_t address = static_cast<uintptr_t>(decontaminate().m_bits) << encodeShiftAmount;
- if (address < MarkedBlock::blockSize)
- return nullptr;
- return reinterpret_cast<Structure*>(address);
-}
-
-ALWAYS_INLINE StructureID StructureID::encode(const Structure* structure)
-{
- ASSERT(structure);
- auto result = StructureID(reinterpret_cast<uintptr_t>(structure) >> encodeShiftAmount);
- ASSERT(result.decode() == structure);
- return result;
-}
-
-#elif CPU(ADDRESS64)
-
-ALWAYS_INLINE Structure* StructureID::decode() const
-{
- // Take care to only use the bits from m_bits in the structure's address reservation.
ASSERT(decontaminate());
return reinterpret_cast<Structure*>((static_cast<uintptr_t>(decontaminate().m_bits) & structureIDMask) + g_jscConfig.startOfStructureHeap);
}
Modified: trunk/Source/_javascript_Core/tools/IntegrityInlines.h (293684 => 293685)
--- trunk/Source/_javascript_Core/tools/IntegrityInlines.h 2022-05-02 21:52:11 UTC (rev 293684)
+++ trunk/Source/_javascript_Core/tools/IntegrityInlines.h 2022-05-02 21:56:21 UTC (rev 293685)
@@ -77,7 +77,7 @@
ALWAYS_INLINE void auditStructureID(StructureID structureID)
{
UNUSED_PARAM(structureID);
-#if CPU(ADDRESS64) && !ENABLE(STRUCTURE_ID_WITH_SHIFT)
+#if CPU(ADDRESS64)
ASSERT(structureID.bits() <= structureHeapAddressSize + StructureID::nukedStructureIDBit);
#endif
}