Ignore:
Timestamp:
Nov 30, 2021, 6:32:45 PM (3 years ago)
Author:
[email protected]
Message:

Structures should be allocated out of an aligned pool of memory so StructureID->Structure* is fast.
https://bugs.webkit.org/show_bug.cgi?id=233379

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

This patch changes the 64-bit pointer variant of StructureID to
just be the bottom bits of a reserved address space for
structures. With this system the decoding of a StructureID is just
adding the bits to the start of the structure address space (saved
in JSCConfig). We also take care to ignore any high bits of a
StructureID outside the reserved address range. This prevents a
data corruption from causing us to read past the structure space,
much like the gigacage.

Now that StructureIDs can be directly determined from the
Structure* (and visa versa) we no longer need StructureIDTable,
which has been removed. Also, as Structures are still IsoHeaped
but not allocated by fastMalloc, there's a new
AlignedMemoryAllocator subclass that gets MarkedBlocks out of a
simple static allocator.

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • Sources.txt:
  • bytecode/AccessCase.cpp:

(JSC::AccessCase::forEachDependentCell const):
(JSC::AccessCase::propagateTransitions const):
(JSC::AccessCase::generateWithGuard):

  • bytecode/ArrayProfile.cpp:

(JSC::ArrayProfile::computeUpdatedPrediction):

  • bytecode/ArrayProfile.h:
  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::determineLiveness):
(JSC::CodeBlock::finalizeLLIntInlineCaches):
(JSC::CodeBlock::stronglyVisitWeakReferences):

  • bytecode/GetByIdMetadata.h:

(JSC::GetByIdModeMetadata::GetByIdModeMetadata):
(JSC::GetByIdModeMetadata::clearToDefaultModeWithoutCache):

  • bytecode/GetByStatus.cpp:

(JSC::GetByStatus::computeFromLLInt):

  • bytecode/InlineAccess.cpp:

(JSC::InlineAccess::rewireStubAsJumpInAccess):
(JSC::InlineAccess::resetStubAsJumpInAccess):

  • bytecode/PolyProtoAccessChain.cpp:

(JSC::PolyProtoAccessChain::needImpurePropertyWatchpoint const):

  • bytecode/PolyProtoAccessChain.h:
  • bytecode/PolymorphicAccess.cpp:

(JSC::PolymorphicAccess::visitWeak const):

  • bytecode/PutByIdFlags.h:
  • bytecode/PutByStatus.cpp:

(JSC::PutByStatus::computeFromLLInt):

  • bytecode/SpeculatedType.cpp:

(JSC::speculationFromCell):

  • bytecode/StructureStubInfo.cpp:

(JSC::StructureStubInfo::addAccessCase):
(JSC::StructureStubInfo::reset):

  • bytecode/StructureStubInfo.h:

(JSC::StructureStubInfo::inlineAccessBaseStructure):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dump):

  • dfg/DFGJITCompiler.h:

(JSC::DFG::JITCompiler::branchWeakStructure):

  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::finalize):

  • dfg/DFGSpeculativeJIT.cpp:
  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
(JSC::DFG::SpeculativeJIT::compileToBooleanObjectOrOther):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::emitUntypedBranch):
(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):

  • heap/Heap.cpp:

(JSC::Heap::runEndPhase):

  • heap/Heap.h:

(JSC::Heap::structureIDTable): Deleted.

  • heap/IsoAlignedMemoryAllocator.cpp:

(JSC::IsoAlignedMemoryAllocator::IsoAlignedMemoryAllocator):
(JSC::IsoAlignedMemoryAllocator::~IsoAlignedMemoryAllocator):
(JSC::IsoAlignedMemoryAllocator::tryMallocBlock):
(JSC::IsoAlignedMemoryAllocator::freeBlock):
(JSC::IsoAlignedMemoryAllocator::commitBlock):
(JSC::IsoAlignedMemoryAllocator::decommitBlock):
(JSC::IsoAlignedMemoryAllocator::tryAllocateAlignedMemory): Deleted.
(JSC::IsoAlignedMemoryAllocator::freeAlignedMemory): Deleted.

  • heap/IsoAlignedMemoryAllocator.h:
  • heap/IsoMemoryAllocatorBase.cpp: Copied from Source/JavaScriptCore/heap/IsoAlignedMemoryAllocator.cpp.

(JSC::IsoMemoryAllocatorBase::IsoMemoryAllocatorBase):
(JSC::IsoMemoryAllocatorBase::~IsoMemoryAllocatorBase):
(JSC::IsoMemoryAllocatorBase::releaseMemoryFromSubclassDestructor):
(JSC::IsoMemoryAllocatorBase::tryAllocateAlignedMemory):
(JSC::IsoMemoryAllocatorBase::freeAlignedMemory):

  • heap/IsoMemoryAllocatorBase.h: Copied from Source/JavaScriptCore/heap/IsoAlignedMemoryAllocator.h.
  • heap/IsoSubspace.cpp:

(JSC::IsoSubspace::IsoSubspace):
(JSC::IsoSubspace::tryAllocateFromLowerTier):

  • heap/IsoSubspace.h:
  • heap/PreciseAllocation.cpp:

(JSC::PreciseAllocation::tryCreateForLowerTier):
(JSC::PreciseAllocation::createForLowerTier): Deleted.

  • heap/PreciseAllocation.h:
  • heap/SlotVisitor.cpp:

(JSC::SlotVisitor::appendJSCellOrAuxiliary):

  • heap/StructureAlignedMemoryAllocator.cpp: Added.

(JSC::StructureAlignedMemoryAllocator::StructureAlignedMemoryAllocator):
(JSC::StructureAlignedMemoryAllocator::~StructureAlignedMemoryAllocator):
(JSC::StructureAlignedMemoryAllocator::dump const):
(JSC::StructureAlignedMemoryAllocator::tryAllocateMemory):
(JSC::StructureAlignedMemoryAllocator::freeMemory):
(JSC::StructureAlignedMemoryAllocator::tryReallocateMemory):
(JSC::StructureMemoryManager::StructureMemoryManager):
(JSC::StructureMemoryManager::tryMallocStructureBlock):
(JSC::StructureMemoryManager::freeStructureBlock):
(JSC::StructureAlignedMemoryAllocator::initializeStructureAddressSpace):
(JSC::StructureAlignedMemoryAllocator::tryMallocBlock):
(JSC::StructureAlignedMemoryAllocator::freeBlock):
(JSC::StructureAlignedMemoryAllocator::commitBlock):
(JSC::StructureAlignedMemoryAllocator::decommitBlock):

  • heap/StructureAlignedMemoryAllocator.h: Copied from Source/JavaScriptCore/heap/IsoAlignedMemoryAllocator.h.
  • jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):
(JSC::AssemblyHelpers::emitLoadStructure):
(JSC::AssemblyHelpers::emitLoadPrototype):
(JSC::AssemblyHelpers::emitRandomThunk):
(JSC::AssemblyHelpers::emitConvertValueToBoolean):
(JSC::AssemblyHelpers::branchIfValue):

  • jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::branchStructure):
(JSC::AssemblyHelpers::nukeStructureAndStoreButterfly):

  • jit/GCAwareJITStubRoutine.cpp:

(JSC::PolymorphicAccessJITStubRoutine::computeHash):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_typeof_is_undefined):
(JSC::JIT::emit_op_jeq_null):
(JSC::JIT::emit_op_jneq_null):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
(JSC::JIT::emit_op_get_prototype_of):

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_get_property_enumerator):

  • jit/JITStubRoutine.h:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::performLLIntGetByID):

  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter64.asm:
  • offlineasm/x86.rb:
  • runtime/ArrayPrototype.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

  • runtime/BigIntPrototype.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

  • runtime/BooleanPrototype.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

  • runtime/CommonSlowPaths.cpp:

(JSC::JSC_DEFINE_COMMON_SLOW_PATH):

  • runtime/DatePrototype.cpp:

(JSC::formateDateInstance):
(JSC::JSC_DEFINE_HOST_FUNCTION):

  • runtime/ErrorInstance.cpp:

(JSC::ErrorInstance::sanitizedMessageString):
(JSC::ErrorInstance::sanitizedNameString):
(JSC::ErrorInstance::sanitizedToString):

  • runtime/ErrorPrototype.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

  • runtime/FunctionPrototype.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

  • runtime/HasOwnPropertyCache.h:
  • runtime/InitializeThreading.cpp:

(JSC::initialize):

  • runtime/JSCConfig.h:
  • runtime/JSCJSValue.cpp:

(JSC::JSValue::dumpInContextAssumingStructure const):
(JSC::JSValue::dumpForBacktrace const):

  • runtime/JSCell.cpp:

(JSC::JSCell::toObjectSlow const):

  • runtime/JSCell.h:

(JSC::JSCell::clearStructure):

  • runtime/JSCellInlines.h:

(JSC::JSCell::structure const):
(JSC::JSCell::setStructure):

  • runtime/JSObject.cpp:

(JSC::JSObject::visitButterflyImpl):
(JSC::JSObject::createInitialUndecided):
(JSC::JSObject::createInitialInt32):
(JSC::JSObject::createInitialDouble):
(JSC::JSObject::createInitialContiguous):
(JSC::JSObject::createArrayStorage):
(JSC::JSObject::convertUndecidedToArrayStorage):
(JSC::JSObject::convertInt32ToArrayStorage):
(JSC::JSObject::convertDoubleToArrayStorage):
(JSC::JSObject::convertContiguousToArrayStorage):
(JSC::JSObject::putDirectCustomGetterSetterWithoutTransition):
(JSC::JSObject::putDirectNonIndexAccessorWithoutTransition):

  • runtime/JSObject.h:

(JSC::JSObject::nukeStructureAndSetButterfly):
(JSC::JSObject::getPropertySlot):

  • runtime/JSObjectInlines.h:

(JSC::JSObject::getPropertySlot):
(JSC::JSObject::getNonIndexPropertySlot):
(JSC::JSObject::putDirectWithoutTransition):
(JSC::JSObject::putDirectInternal):

  • runtime/JSPropertyNameEnumerator.cpp:

(JSC::JSPropertyNameEnumerator::JSPropertyNameEnumerator):
(JSC::JSPropertyNameEnumerator::visitChildrenImpl):

  • runtime/JSPropertyNameEnumerator.h:
  • runtime/NumberPrototype.cpp:

(JSC::toThisNumber):

  • runtime/ObjectPrototype.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::objectPrototypeToString):

  • runtime/RegExpPrototype.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

  • runtime/StringPrototype.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

  • runtime/Structure.cpp:

(JSC::Structure::Structure):
(JSC::Structure::~Structure):
(JSC::Structure::flattenDictionaryStructure):
(JSC::Structure::dump const):
(JSC::Structure::canCachePropertyNameEnumerator const):

  • runtime/Structure.h:

(JSC::Structure::id const):

  • runtime/StructureChain.cpp:

(JSC::StructureChain::visitChildrenImpl):

  • runtime/StructureID.h: Added.

(JSC::StructureID::nuke const):
(JSC::StructureID::isNuked const):
(JSC::StructureID::decontaminate const):
(JSC::StructureID::operator bool const):
(JSC::StructureID::operator== const):
(JSC::StructureID::operator!= const):
(JSC::StructureID::bits const):
(JSC::StructureID::StructureID):
(JSC::StructureID::isHashTableDeletedValue const):
(JSC::StructureID::decode const):
(JSC::StructureID::encode):
(JSC::StructureIDHash::hash):
(JSC::StructureIDHash::equal):

  • runtime/StructureIDBlob.h:
  • runtime/StructureIDTable.cpp: Removed.
  • runtime/StructureIDTable.h: Removed.
  • runtime/StructureRareDataInlines.h:

(JSC::StructureRareData::tryCachePropertyNameEnumeratorViaWatchpoint):

  • runtime/SymbolPrototype.cpp:

(JSC::JSC_DEFINE_CUSTOM_GETTER):
(JSC::JSC_DEFINE_HOST_FUNCTION):

  • runtime/TypeProfilerLog.cpp:

(JSC::TypeProfilerLog::processLogEntries):
(JSC::TypeProfilerLog::visit):

  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:

(JSC::VM::getStructure): Deleted.
(JSC::VM::tryGetStructure): Deleted.

  • tools/HeapVerifier.cpp:

(JSC::HeapVerifier::validateJSCell):

  • tools/Integrity.cpp:
  • tools/Integrity.h:
  • tools/IntegrityInlines.h:

(JSC::Integrity::auditStructureID):

  • tools/JSDollarVM.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

  • wasm/js/WebAssemblyFunction.cpp:

(JSC::WebAssemblyFunction::jsCallEntrypointSlow):

  • wasm/js/WebAssemblyGlobalPrototype.cpp:

(JSC::getGlobal):

Source/WTF:

Add an aligned flavor of reserveUncommited, reserveUncommittedAligned.

  • wtf/OSAllocator.h:
  • wtf/posix/OSAllocatorPOSIX.cpp:

(WTF::OSAllocator::reserveUncommittedAligned):

  • wtf/win/OSAllocatorWin.cpp:

(WTF::OSAllocator::reserveUncommittedAligned):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/offlineasm/x86.rb

    r270265 r286345  
    448448            $asm.puts "lea #{dst.x86Operand(:ptr)}, #{asmLabel}"
    449449        end
    450         "#{offset}(#{dst.x86Operand(:ptr)})"
     450        print("#{offsetRegister(offset, dst.x86Operand(:ptr))}\n")
     451        offsetRegister(offset, dst.x86Operand(:ptr))
    451452    end
    452453end
Note: See TracChangeset for help on using the changeset viewer.