[webkit-changes] [WebKit/WebKit] 70614e: [Wasm] GC Structs should have their backing store ...

Tue, 04 Mar 2025 11:29:38 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 70614e20d83803524eb0aad97a9d11cc99a7b4ab
      
https://github.com/WebKit/WebKit/commit/70614e20d83803524eb0aad97a9d11cc99a7b4ab
  Author: Keith Miller <[email protected]>
  Date:   2025-03-04 (Tue, 04 Mar 2025)

  Changed paths:
    A JSTests/wasm/gc/struct-write-barrier.js
    M Source/JavaScriptCore/heap/Heap.cpp
    M Source/JavaScriptCore/heap/Heap.h
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT.h
    M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp
    M Source/JavaScriptCore/wasm/WasmFormat.cpp
    M Source/JavaScriptCore/wasm/WasmFormat.h
    M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp
    M Source/JavaScriptCore/wasm/WasmOperations.cpp
    M Source/JavaScriptCore/wasm/WasmOperations.h
    M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp
    M Source/JavaScriptCore/wasm/WasmTypeDefinition.h
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h

  Log Message:
  -----------
  [Wasm] GC Structs should have their backing store allocated by a TrailingArray
https://bugs.webkit.org/show_bug.cgi?id=289031
rdar://146071849

Reviewed by Yusuke Suzuki.

Right now we allocate an out of line backing store for each wasm GC struct. Not 
only is this an extra
indirection on access but the malloc/free of this buffer is a significant 
overhead in the benchmark.

This change is about a 40% improvement on that subtest.

To make a trailing array work, wasm GC structs are now allocated out of a 
CompleteSubspace rather than
an IsoSubspace. This means we currently lose a bit of our Iso-heaping 
guarantees from the IsoSubspace
but in the future we can improve IsoAlignedMemoryAllocator to work for complete 
subspaces as well.

I also added a new validateWasmValue to help with future wasm GC debugging. 
Although, in my case it was
actually a missing write barrier.

* Source/JavaScriptCore/heap/Heap.cpp:
(JSC::Heap::webAssemblyInstanceSpaceSlow): Deleted.
* Source/JavaScriptCore/heap/Heap.h:
(JSC::Heap::webAssemblyInstanceSpace): Deleted.
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::emitStructSet): Deleted.
* Source/JavaScriptCore/wasm/WasmBBQJIT.h:
* Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::emitStructSet):
(JSC::Wasm::BBQJITImpl::BBQJIT::addStructNewDefault):
(JSC::Wasm::BBQJITImpl::BBQJIT::addStructNew):
(JSC::Wasm::BBQJITImpl::BBQJIT::addStructGet):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitStructPayloadSet): Deleted.
* Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::emitStructSet):
(JSC::Wasm::BBQJITImpl::BBQJIT::addStructNewDefault):
(JSC::Wasm::BBQJITImpl::BBQJIT::addStructNew):
(JSC::Wasm::BBQJITImpl::BBQJIT::addStructGet):
(JSC::Wasm::BBQJITImpl::BBQJIT::addStructSet):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitStructPayloadSet): Deleted.
* Source/JavaScriptCore/wasm/WasmFormat.cpp:
(JSC::Wasm::validateWasmValue):
* Source/JavaScriptCore/wasm/WasmFormat.h:
(JSC::Wasm::validateWasmValue):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::OMGIRGenerator::emitStructSet):
(JSC::Wasm::OMGIRGenerator::addStructNew):
(JSC::Wasm::OMGIRGenerator::addStructNewDefault):
(JSC::Wasm::OMGIRGenerator::addStructGet):
(JSC::Wasm::OMGIRGenerator::addStructSet):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp:
(JSC::Wasm::OMGIRGenerator::emitStructSet):
(JSC::Wasm::OMGIRGenerator::addStructNew):
(JSC::Wasm::OMGIRGenerator::addStructNewDefault):
(JSC::Wasm::OMGIRGenerator::addStructGet):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_NOEXCEPT_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmOperations.h:
* Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp:
(JSC::Wasm::StructType::dump const):
(JSC::Wasm::StructType::StructType):
(JSC::Wasm::ArrayType::dump const):
* Source/JavaScriptCore/wasm/WasmTypeDefinition.h:
(JSC::Wasm::StructType::offsetOfFieldInPayload const):
(JSC::Wasm::StructType::fieldOffsetFromInstancePayload):
(JSC::Wasm::StructType::offsetOfField const): Deleted.
(JSC::Wasm::StructType::offsetOfField): Deleted.
(JSC::Wasm::StructType::offsetOfFieldInternal const): Deleted.
* Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp:
(JSC::JSWebAssemblyStruct::JSWebAssemblyStruct):
(JSC::JSWebAssemblyStruct::create):
(JSC::JSWebAssemblyStruct::visitChildrenImpl):
(JSC::JSWebAssemblyStruct::fieldPointer const): Deleted.
(JSC::JSWebAssemblyStruct::fieldPointer): Deleted.
* Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h:

Canonical link: https://commits.webkit.org/291579@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to