[webkit-changes] [WebKit/WebKit] 37ab7c: [JSC] Storing StructureID instead of Structure* in...

Tue, 19 Aug 2025 21:38:46 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 37ab7c3bce671378845b495f5b84898f2567b0ad
      
https://github.com/WebKit/WebKit/commit/37ab7c3bce671378845b495f5b84898f2567b0ad
  Author: Yusuke Suzuki <ysuz...@apple.com>
  Date:   2025-08-19 (Tue, 19 Aug 2025)

  Changed paths:
    M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp
    M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmOperations.cpp
    M Source/JavaScriptCore/wasm/WasmOperationsInlines.h
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h

  Log Message:
  -----------
  [JSC] Storing StructureID instead of Structure* in JSWebAssemblyInstance
https://bugs.webkit.org/show_bug.cgi?id=297633
rdar://158729094

Reviewed by Keith Miller.

This patch replaces JSWebAssemblyInstance's GC structures from
Structure* to StructureID by using WriteBarrierStructureID.

1. This simplifies the code in BBQ / OMG since they can just load
   StructureID and store it to allocated objects. No need to have a bit
   ops to extract StructureID from a pointer.
2. Its size is smaller than Structure*, 4 bytes v.s. 8 bytes.
3. This paves a way to quick comparison for type checking with
   StructureID in BBQ / OMG in RefCast / RefTest with StructureID.

We also improve BBQ's GC object allocation path, avoiding load from
Structure since we are 100% about the content of these bits. And we also
improve OMG allocator by setting variableNonNull since Wasm GC object
allocator is always non-null.

* Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::emitAllocateGCArrayUninitialized):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitAllocateGCStructUninitialized):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::OMGIRGenerator::allocateWasmGCHeapCell):
(JSC::Wasm::OMGIRGenerator::allocateWasmGCObject):
(JSC::Wasm::OMGIRGenerator::allocateWasmGCArrayUninitialized):
(JSC::Wasm::OMGIRGenerator::allocateWasmGCStructUninitialized):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_NOEXCEPT_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmOperationsInlines.h:
(JSC::Wasm::arrayNew):
(JSC::Wasm::arrayNewFixed):
(JSC::Wasm::arrayNewData):
(JSC::Wasm::arrayNewElem):
(JSC::Wasm::structNew):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
(JSC::JSWebAssemblyInstance::finishCreation):
(JSC::JSWebAssemblyInstance::visitChildrenImpl):
(JSC::JSWebAssemblyInstance::allocationSize):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h:

Canonical link: https://commits.webkit.org/298938@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to