[webkit-changes] [WebKit/WebKit] 0f3424: [BBQ] Inline (most) Wasm GC object allocations

Fri, 28 Mar 2025 02:35:10 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 0f34249dbaea992d1a2dd5aee7770350d81daddb
      
https://github.com/WebKit/WebKit/commit/0f34249dbaea992d1a2dd5aee7770350d81daddb
  Author: Keith Miller <keith_mil...@apple.com>
  Date:   2025-03-28 (Fri, 28 Mar 2025)

  Changed paths:
    M Source/JavaScriptCore/assembler/AbstractMacroAssembler.h
    M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h
    M Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h
    M Source/JavaScriptCore/heap/CompleteSubspace.cpp
    M Source/JavaScriptCore/heap/CompleteSubspace.h
    M Source/JavaScriptCore/heap/Heap.h
    M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
    M Source/JavaScriptCore/jit/AssemblyHelpers.h
    M Source/JavaScriptCore/jit/JITAllocator.h
    M Source/JavaScriptCore/runtime/JSObject.cpp
    M Source/JavaScriptCore/runtime/OptionsList.h
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT.h
    M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.h
    M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT64.h
    M Source/JavaScriptCore/wasm/WasmFormat.cpp
    M Source/JavaScriptCore/wasm/WasmFormat.h
    M Source/JavaScriptCore/wasm/WasmFunctionParser.h
    M Source/JavaScriptCore/wasm/WasmOperations.cpp
    M Source/JavaScriptCore/wasm/WasmOperationsInlines.h
    M Source/JavaScriptCore/wasm/WasmSectionParser.cpp
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.cpp
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h
    M Tools/Scripts/run-jsc-stress-tests

  Log Message:
  -----------
  [BBQ] Inline (most) Wasm GC object allocations
https://bugs.webkit.org/show_bug.cgi?id=290400
rdar://147855601

Reviewed by Yusuke Suzuki.

This patch adds support for inlining Wasm GC allocations in BBQ. To make this 
work/effecient a number of changes were made:

1) BBQ supports a mutator fence rather than doing a write barrier on any new 
allocations.
2) BBQ now supports slow paths which automatically spill and fill register 
state rather than force a flush in the basic block. This is distinct from late 
paths which are just out of line snippets of code but are assumed to preserve 
register state.
3) BBQ has better support for just getting some value to some other location 
via emitStore/emitMove taking an Address/BaseIndex destination.
4) BBQ also has a way to force a value into a register.
5) Added more MacroAssembler transfer sizes for 8 and 16 byte values.
6) CompleteSubspaces can prepare all the local allocators needed for every size 
class
7) AssemblyHelpers/JITAllocator can now handle a variable but non-null 
allocator (hence 6)
8) ModuleInformation knows if any types in the types section are GC types so we 
only allocate extra space for structures/completeSubspace allocators when there 
are GC types.

Also, added a disableBBQConsts option that prevents BBQ from passing around 
const Values for values on the wasm stack. This greatly increases our test 
coverage for BBQ for e.g. spec tests where most values are passed as consts.

* Source/JavaScriptCore/assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::Label::Label):
(JSC::AbstractMacroAssembler::Jump::link const):
(JSC::AbstractMacroAssembler::Jump::linkTo const):
(JSC::AbstractMacroAssembler::JumpList::link const):
* Source/JavaScriptCore/assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::transfer8):
(JSC::MacroAssemblerARM64::transfer16):
(JSC::MacroAssemblerARM64::transfer32):
(JSC::MacroAssemblerARM64::transfer64):
(JSC::MacroAssemblerARM64::transferPtr):
(JSC::MacroAssemblerARM64::transferFloat):
(JSC::MacroAssemblerARM64::transferDouble):
(JSC::MacroAssemblerARM64::transferVector):
* Source/JavaScriptCore/heap/CompleteSubspace.cpp:
(JSC::CompleteSubspace::prepareAllAllocators):
* Source/JavaScriptCore/heap/CompleteSubspace.h:
* Source/JavaScriptCore/heap/Heap.h:
* Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):
(JSC::AssemblyHelpers::emitAllocate):
(JSC::AssemblyHelpers::emitAllocateVariableSized):
* Source/JavaScriptCore/jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::store64FromReg):
(JSC::AssemblyHelpers::store32FromReg):
* Source/JavaScriptCore/jit/JITAllocator.h:
(JSC::JITAllocator::constant):
(JSC::JITAllocator::variable):
(JSC::JITAllocator::variableNonNull):
(JSC::JITAllocator::isVariable const):
(JSC::JITAllocator::JITAllocator):
* Source/JavaScriptCore/runtime/JSObject.cpp:
(JSC::JSObject::visitButterflyImpl):
* Source/JavaScriptCore/runtime/OptionsList.h:
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::BBQJIT):
(JSC::Wasm::BBQJITImpl::BBQJIT::addConstant):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitMutatorFence):
(JSC::Wasm::BBQJITImpl::BBQJIT::addLatePath):
(JSC::Wasm::BBQJITImpl::BBQJIT::endTopLevel):
(JSC::Wasm::BBQJITImpl::BBQJIT::flushRegistersForException):
(JSC::Wasm::BBQJITImpl::BBQJIT::flushRegisters):
(JSC::Wasm::BBQJITImpl::BBQJIT::slowPathSpillBindings):
(JSC::Wasm::BBQJITImpl::BBQJIT::slowPathRestoreBindings):
(JSC::Wasm::BBQJITImpl::BBQJIT::saveValuesAcrossCallAndPassArguments):
(JSC::Wasm::BBQJITImpl::BBQJIT::returnValuesFromCall):
(JSC::Wasm::BBQJITImpl::BBQJIT::addRTTSlowPathJump):
(JSC::Wasm::BBQJITImpl::BBQJIT::materializeToRegister):
(JSC::Wasm::BBQJITImpl::BBQJIT::bind):
(JSC::Wasm::BBQJITImpl::BBQJIT::unbind):
(JSC::Wasm::BBQJITImpl::BBQJIT::unbindAllRegisters):
(JSC::Wasm::BBQJITImpl::BBQJIT::nextGPR):
(JSC::Wasm::BBQJITImpl::BBQJIT::nextFPR):
(JSC::Wasm::BBQJITImpl::BBQJIT::evictGPR):
(JSC::Wasm::BBQJITImpl::BBQJIT::evictFPR):
(JSC::Wasm::BBQJITImpl::BBQJIT::clobber):
* Source/JavaScriptCore/wasm/WasmBBQJIT.h:
(JSC::Wasm::BBQJITImpl::BBQJIT::Location::asReg const):
(JSC::Wasm::BBQJITImpl::BBQJIT::gprBindings):
(JSC::Wasm::BBQJITImpl::BBQJIT::fprBindings):
(JSC::Wasm::BBQJITImpl::BBQJIT::ScratchScope::bindGPRToScratch):
(JSC::Wasm::BBQJITImpl::BBQJIT::ScratchScope::bindFPRToScratch):
(JSC::Wasm::BBQJITImpl::BBQJIT::ScratchScope::unbindGPRFromScratch):
(JSC::Wasm::BBQJITImpl::BBQJIT::ScratchScope::unbindFPRFromScratch):
* Source/JavaScriptCore/wasm/WasmBBQJIT32_64.h:
(JSC::Wasm::BBQJITImpl::BBQJIT::emitCCall):
* Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::emitAllocateGCArrayUninitialized):
(JSC::Wasm::BBQJITImpl::BBQJIT::addArrayNew):
(JSC::Wasm::BBQJITImpl::BBQJIT::addArrayNewFixed):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitArrayStoreElementUnchecked):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitArraySetUnchecked):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitStructSet):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitAllocateGCStructUninitialized):
(JSC::Wasm::BBQJITImpl::BBQJIT::addStructNewDefault):
(JSC::Wasm::BBQJITImpl::BBQJIT::addStructNew):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitStoreConst):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitStore):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitMoveMemory):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitMove):
* Source/JavaScriptCore/wasm/WasmBBQJIT64.h:
(JSC::Wasm::BBQJITImpl::BBQJIT::emitCCall):
* Source/JavaScriptCore/wasm/WasmFormat.cpp:
(JSC::Wasm::validateWasmValue):
* Source/JavaScriptCore/wasm/WasmFormat.h:
(JSC::Wasm::sizeOfType):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_NOEXCEPT_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmOperations.h:
* Source/JavaScriptCore/wasm/WasmOperationsInlines.h:
(JSC::Wasm::fillArray):
(JSC::Wasm::arrayNew):
(JSC::Wasm::copyElementsInReverse):
(JSC::Wasm::createArrayFromDataSegment):
(JSC::Wasm::arrayNewElem):
* Source/JavaScriptCore/wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseStructType):
(JSC::Wasm::SectionParser::parseArrayType):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.cpp:
(JSC::JSWebAssemblyArray::JSWebAssemblyArray):
(JSC::JSWebAssemblyArray::tryCreateUninitializedRestricted):
(JSC::JSWebAssemblyArray::tryCreate):
(JSC::JSWebAssemblyArray::visitChildrenImpl):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyArray.h:
* Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
(JSC::JSWebAssemblyInstance::visitChildrenImpl):
(JSC::JSWebAssemblyInstance::allocationSize):
(JSC::JSWebAssemblyInstance::tryCreate):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h:
* Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.cpp:
(JSC::JSWebAssemblyStruct::JSWebAssemblyStruct):
(JSC::JSWebAssemblyStruct::tryCreateUninitializedRestricted):
(JSC::JSWebAssemblyStruct::create):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyStruct.h:
* Tools/Scripts/run-jsc-stress-tests:

Canonical link: https://commits.webkit.org/292808@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to