Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (293745 => 293746)
--- trunk/Source/_javascript_Core/ChangeLog 2022-05-03 23:02:37 UTC (rev 293745)
+++ trunk/Source/_javascript_Core/ChangeLog 2022-05-03 23:27:42 UTC (rev 293746)
@@ -1,3 +1,21 @@
+2022-05-03 Yusuke Suzuki <ysuz...@apple.com>
+
+ [JSC] Extend Structure heap size from 1GB to 4GB
+ https://bugs.webkit.org/show_bug.cgi?id=240028
+
+ Reviewed by Saam Barati.
+
+ 1GB was much smaller compared to StructureIDTable (which allowed 7GB).
+ This patch extends 1GB to 4GB, that's maximum limit of the current encoding scheme (we can
+ extend it further to 64GB if we introduce shift based on alignment, but currently not used).
+ We use this 4GB on platforms which has enough virtual address space.
+
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
+ * jit/AssemblyHelpers.cpp:
+ (JSC::AssemblyHelpers::emitNonNullDecodeStructureID):
+ * runtime/JSCConfig.h:
+
2022-05-03 Philippe Normand <pnorm...@igalia.com> and Pavel Feldman <pavel.feld...@gmail.com> and Yury Semikhatsky <yu...@chromium.org>
[WK2] Add API to allow embedder to set a timezone override
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (293745 => 293746)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2022-05-03 23:02:37 UTC (rev 293745)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2022-05-03 23:27:42 UTC (rev 293746)
@@ -14860,7 +14860,7 @@
slowCases.append(m_jit.branchTestPtr(MacroAssembler::Zero, rareDataGPR, CCallHelpers::TrustedImm32(JSFunction::rareDataTag)));
m_jit.load32(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfInternalFunctionAllocationProfile() + InternalFunctionAllocationProfile::offsetOfStructureID() - JSFunction::rareDataTag), structureGPR);
slowCases.append(m_jit.branchTest32(CCallHelpers::Zero, structureGPR));
- m_jit.emitNonNullDecodeStructureID(structureGPR, structureGPR);
+ m_jit.emitNonNullDecodeZeroExtendedStructureID(structureGPR, structureGPR);
m_jit.move(TrustedImmPtr(node->isInternalPromise() ? JSInternalPromise::info() : JSPromise::info()), scratch1GPR);
slowCases.append(m_jit.branchPtr(CCallHelpers::NotEqual, scratch1GPR, CCallHelpers::Address(structureGPR, Structure::classInfoOffset())));
m_jit.loadLinkableConstant(JITCompiler::LinkableConstant(m_graph, globalObject), scratch1GPR);
@@ -14909,7 +14909,7 @@
slowCases.append(m_jit.branchTestPtr(MacroAssembler::Zero, rareDataGPR, CCallHelpers::TrustedImm32(JSFunction::rareDataTag)));
m_jit.load32(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfInternalFunctionAllocationProfile() + InternalFunctionAllocationProfile::offsetOfStructureID() - JSFunction::rareDataTag), structureGPR);
slowCases.append(m_jit.branchTest32(CCallHelpers::Zero, structureGPR));
- m_jit.emitNonNullDecodeStructureID(structureGPR, structureGPR);
+ m_jit.emitNonNullDecodeZeroExtendedStructureID(structureGPR, structureGPR);
m_jit.move(TrustedImmPtr(JSClass::info()), scratch1GPR);
slowCases.append(m_jit.branchPtr(CCallHelpers::NotEqual, scratch1GPR, CCallHelpers::Address(structureGPR, Structure::classInfoOffset())));
m_jit.loadLinkableConstant(JITCompiler::LinkableConstant(m_graph, globalObject), scratch1GPR);
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (293745 => 293746)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2022-05-03 23:02:37 UTC (rev 293745)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2022-05-03 23:27:42 UTC (rev 293746)
@@ -21017,7 +21017,9 @@
#if ENABLE(STRUCTURE_ID_WITH_SHIFT)
return m_out.shl(m_out.zeroExtPtr(structureID), m_out.constIntPtr(StructureID::encodeShiftAmount));
#else
- LValue maskedStructureID = m_out.bitAnd(structureID, m_out.constInt32(StructureID::structureIDMask));
+ LValue maskedStructureID = structureID;
+ if constexpr (structureHeapAddressSize < 4 * GB)
+ maskedStructureID = m_out.bitAnd(structureID, m_out.constInt32(StructureID::structureIDMask));
return m_out.add(m_out.constIntPtr(g_jscConfig.startOfStructureHeap), m_out.zeroExtPtr(maskedStructureID));
#endif
}
Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp (293745 => 293746)
--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp 2022-05-03 23:02:37 UTC (rev 293745)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp 2022-05-03 23:27:42 UTC (rev 293746)
@@ -403,14 +403,20 @@
BaseIndex(scratch, offset, TimesEight, (firstOutOfLineOffset - 2) * sizeof(EncodedJSValue)));
}
-void AssemblyHelpers::emitNonNullDecodeStructureID(RegisterID source, RegisterID dest)
+void AssemblyHelpers::emitNonNullDecodeZeroExtendedStructureID(RegisterID source, RegisterID dest)
{
#if ENABLE(STRUCTURE_ID_WITH_SHIFT)
lshift64(source, TrustedImm32(StructureID::encodeShiftAmount), dest);
#elif CPU(ADDRESS64)
// This could use BFI on arm64 but that only helps if the start of structure heap is encodable as a mov and not as an immediate in the add so it's probably not super important.
- and32(TrustedImm32(StructureID::structureIDMask), source, dest);
- add64(TrustedImm64(g_jscConfig.startOfStructureHeap), dest);
+ if constexpr (structureHeapAddressSize >= 4 * GB) {
+ ASSERT(structureHeapAddressSize == 4 * GB);
+ move(source, dest);
+ add64(TrustedImm64(g_jscConfig.startOfStructureHeap), dest);
+ } else {
+ and32(TrustedImm32(StructureID::structureIDMask), source, dest);
+ add64(TrustedImm64(g_jscConfig.startOfStructureHeap), dest);
+ }
#else // not CPU(ADDRESS64)
move(source, dest);
#endif
@@ -419,7 +425,7 @@
void AssemblyHelpers::emitLoadStructure(VM&, RegisterID source, RegisterID dest)
{
load32(MacroAssembler::Address(source, JSCell::structureIDOffset()), dest);
- emitNonNullDecodeStructureID(dest, dest);
+ emitNonNullDecodeZeroExtendedStructureID(dest, dest);
}
void AssemblyHelpers::emitLoadPrototype(VM& vm, GPRReg objectGPR, JSValueRegs resultRegs, JumpList& slowPath)
Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.h (293745 => 293746)
--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2022-05-03 23:02:37 UTC (rev 293745)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2022-05-03 23:27:42 UTC (rev 293746)
@@ -1610,7 +1610,7 @@
return argumentCount(codeOrigin.inlineCallFrame());
}
- void emitNonNullDecodeStructureID(RegisterID source, RegisterID dest);
+ void emitNonNullDecodeZeroExtendedStructureID(RegisterID source, RegisterID dest);
void emitLoadStructure(VM&, RegisterID source, RegisterID dest);
void emitLoadPrototype(VM&, GPRReg objectGPR, JSValueRegs resultRegs, JumpList& slowPath);
Modified: trunk/Source/_javascript_Core/runtime/JSCConfig.h (293745 => 293746)
--- trunk/Source/_javascript_Core/runtime/JSCConfig.h 2022-05-03 23:02:37 UTC (rev 293745)
+++ trunk/Source/_javascript_Core/runtime/JSCConfig.h 2022-05-03 23:27:42 UTC (rev 293746)
@@ -46,7 +46,7 @@
#elif PLATFORM(IOS_FAMILY) && CPU(ARM64) && !CPU(ARM64E)
constexpr uintptr_t structureHeapAddressSize = 512 * MB;
#else
-constexpr uintptr_t structureHeapAddressSize = 1 * GB;
+constexpr uintptr_t structureHeapAddressSize = 4 * GB;
#endif
struct Config {
Modified: trunk/Source/_javascript_Core/tools/IntegrityInlines.h (293745 => 293746)
--- trunk/Source/_javascript_Core/tools/IntegrityInlines.h 2022-05-03 23:02:37 UTC (rev 293745)
+++ trunk/Source/_javascript_Core/tools/IntegrityInlines.h 2022-05-03 23:27:42 UTC (rev 293746)
@@ -78,7 +78,7 @@
{
UNUSED_PARAM(structureID);
#if CPU(ADDRESS64) && !ENABLE(STRUCTURE_ID_WITH_SHIFT)
- ASSERT(structureID.bits() <= structureHeapAddressSize + StructureID::nukedStructureIDBit);
+ ASSERT(static_cast<uintptr_t>(structureID.bits()) <= structureHeapAddressSize + StructureID::nukedStructureIDBit);
#endif
}
