[webkit-changes] [WebKit/WebKit] e40eb8: [JSC] Reduce size of Wasm GC objects by dropping m...

Fri, 27 Mar 2026 17:40:58 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e40eb8adbcd7183b6a5032e325dd57f28d72c490
      
https://github.com/WebKit/WebKit/commit/e40eb8adbcd7183b6a5032e325dd57f28d72c490
  Author: Yusuke Suzuki <[email protected]>
  Date:   2026-03-27 (Fri, 27 Mar 2026)

  Changed paths:
    A JSTests/stress/wasm-gc-structureid-cast-optimization.js
    M Source/JavaScriptCore/b3/B3AbstractHeapRepository.h
    M Source/JavaScriptCore/b3/B3LowerMacros.cpp
    M Source/JavaScriptCore/b3/B3ReduceStrength.cpp
    M Source/JavaScriptCore/b3/B3Validate.cpp
    M Source/JavaScriptCore/b3/B3Value.cpp
    M Source/JavaScriptCore/b3/B3Value.h
    M Source/JavaScriptCore/b3/B3ValueKey.cpp
    M Source/JavaScriptCore/b3/B3ValueKey.h
    M Source/JavaScriptCore/b3/B3ValueKeyInlines.h
    M Source/JavaScriptCore/b3/B3WasmRefTypeCheckValue.h
    M Source/JavaScriptCore/runtime/Structure.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp
    M Source/JavaScriptCore/wasm/WasmFormat.cpp
    M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h
    M Source/JavaScriptCore/wasm/js/WebAssemblyGCObjectBase.cpp
    M Source/JavaScriptCore/wasm/js/WebAssemblyGCObjectBase.h
    M Source/JavaScriptCore/wasm/js/WebAssemblyGCStructure.cpp
    M Source/JavaScriptCore/wasm/js/WebAssemblyGCStructure.h

  Log Message:
  -----------
  [JSC] Reduce size of Wasm GC objects by dropping m_rtt
https://bugs.webkit.org/show_bug.cgi?id=310881
rdar://173493466

Reviewed by Keith Miller.

This patch reduces Wasm GC object size by removing m_rtt. The key is
that now these objects are realm-less: so Structure is unique to m_rtt.
We use StructureID for type checking instead of embedded m_rtt.

To keep the original m_rtt's faster checking,

1. We re-introduce cached type display in WebAssemblyGCStructure. But
   this time, we cache StructureID (4 bytes) instead of RTT* (8 bytes).
   And using StructureID comparison for most of type checks.
2. If the type depth is deeper than cached display size (6), then
   retrieving RTT* from Structure and uses the previous code.

* JSTests/stress/wasm-gc-structureid-cast-optimization.js: Added.
(uleb128):
(sleb128):
(encodeSection):
(encodeString):
(buildModule.encodeBody):
(buildModule):
(main):
* Source/JavaScriptCore/b3/B3AbstractHeapRepository.h:
* Source/JavaScriptCore/b3/B3LowerMacros.cpp:
* Source/JavaScriptCore/b3/B3ReduceStrength.cpp:
* Source/JavaScriptCore/b3/B3Validate.cpp:
* Source/JavaScriptCore/b3/B3Value.cpp:
(JSC::B3::Value::key const):
* Source/JavaScriptCore/b3/B3Value.h:
* Source/JavaScriptCore/b3/B3ValueKey.cpp:
(JSC::B3::ValueKey::materialize const):
* Source/JavaScriptCore/b3/B3ValueKey.h:
* Source/JavaScriptCore/b3/B3ValueKeyInlines.h:
(JSC::B3::ValueKey::ValueKey):
* Source/JavaScriptCore/b3/B3WasmRefTypeCheckValue.h:
* Source/JavaScriptCore/runtime/Structure.cpp:
(JSC::Structure::visitChildrenImpl):
* Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::emitAllocateGCArrayUninitialized):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitAllocateGCStructUninitialized):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitRefTestOrCast):
* Source/JavaScriptCore/wasm/WasmFormat.cpp:
(JSC::Wasm::validateWasmValue):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::OMGIRGenerator::emitRefTestOrCast):
(JSC::Wasm::OMGIRGenerator::allocateWasmGCObject):
(JSC::Wasm::OMGIRGenerator::allocateWasmGCArrayUninitialized):
* Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp:
(JSC::Wasm::TypeInformation::isReferenceValueAssignable):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h:
* Source/JavaScriptCore/wasm/js/WebAssemblyGCObjectBase.cpp:
(JSC::WebAssemblyGCObjectBase::WebAssemblyGCObjectBase):
* Source/JavaScriptCore/wasm/js/WebAssemblyGCObjectBase.h:
(JSC::WebAssemblyGCObjectBase::rtt const):
(JSC::WebAssemblyGCObjectBase::offsetOfRTT): Deleted.
* Source/JavaScriptCore/wasm/js/WebAssemblyGCStructure.cpp:
(JSC::WebAssemblyGCStructure::finishCreation):
(JSC::WebAssemblyGCStructure::visitAdditionalChildren):
* Source/JavaScriptCore/wasm/js/WebAssemblyGCStructure.h:

Canonical link: https://commits.webkit.org/310119@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to