[webkit-changes] [WebKit/WebKit] 842bf5: Adjust PreciseAllocation alignment offset to also ...

Mon, 18 Dec 2023 23:55:42 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 842bf586330dbf74f9e2d09d50c818ca3f792988
      
https://github.com/WebKit/WebKit/commit/842bf586330dbf74f9e2d09d50c818ca3f792988
  Author: Mark Lam <[email protected]>
  Date:   2023-12-18 (Mon, 18 Dec 2023)

  Changed paths:
    M Source/JavaScriptCore/heap/PreciseAllocation.cpp
    M Source/JavaScriptCore/heap/PreciseAllocation.h

  Log Message:
  -----------
  Adjust PreciseAllocation alignment offset to also factor in cache line 
alignment requirements.
https://bugs.webkit.org/show_bug.cgi?id=262011
rdar://115959633

Reviewed by Keith Miller.

We should ensure that the JSObject header word and its butterfly are always in 
the same cache line.
See radar for details.

All JSObjects are either allocated out of a MarkedBlock or as a 
PreciseAllocation.  All MarkedBlock
allocations are aligned on 16 byte boundaries (the MarkedBlock::atomSize).  
This means that it’s
impossible to get this condition with a MarkedBlock allocated object.

For PreciseAllocations, each allocation is preceded by a PreciseAllocation 
header (which is currently
96 bytes in size), and a 8 to 16 byte padding depending on what is need to get 
the resultant object
start address to start on an odd 8 byte boundary (i.e. but 3 is set).  With 
PreciseAllocations,
depending on the size of the allocation and what memory slot the allocation 
comes from, there is a
way to get the JSObject header and butterfly to span across a cache line 
boundary.

This patch prevents this by dynamically adjusting the alignment padding at the 
start of the
PreciseAllocation to ensure that the start address of the JSObject always lands 
at a spot where the
header and butterfly does not span a cache line boundary.

* Source/JavaScriptCore/heap/PreciseAllocation.cpp:
(JSC::dataCacheLineSize):
(JSC::isAlignedForPreciseAllocation):
(JSC::isCacheAlignedForPreciseAllocation):
(JSC::PreciseAllocation::tryCreate):
(JSC::PreciseAllocation::tryReallocate):
(JSC::PreciseAllocation::tryCreateForLowerTier):
(JSC::PreciseAllocation::reuseForLowerTier):
(JSC::PreciseAllocation::PreciseAllocation):
* Source/JavaScriptCore/heap/PreciseAllocation.h:
(JSC::PreciseAllocation::headerSize):
(JSC::PreciseAllocation::basePointer const):

Originally-landed-as: 267815.112@safari-7617-branch (6ea412c32f09). 
rdar://119594413
Canonical link: https://commits.webkit.org/272254@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to