Changeset 225701 in webkit

Timestamp:

Dec 8, 2017 2:28:31 PM (6 years ago)

Author:

sbarati@apple.com

Message:

Enable gigacage on iOS with a 32GB runway and ensure it doesn't break WasmBench
​https://bugs.webkit.org/show_bug.cgi?id=178557

Reviewed by Mark Lam.

• bmalloc/Algorithm.h:

(bmalloc::isPowerOfTwo):

• bmalloc/Gigacage.cpp:
• bmalloc/Gigacage.h:

Location:

trunk/Source/bmalloc

Files:

• ChangeLog (modified) (1 diff)
• bmalloc/Algorithm.h (modified) (1 diff)
• bmalloc/Gigacage.cpp (modified) (1 diff)
• bmalloc/Gigacage.h (modified) (4 diffs)

trunk/Source/bmalloc/ChangeLog

@@ +1 @@
+2017-12-08  Saam Barati  <sbarati@apple.com>
+
+        Enable gigacage on iOS with a 32GB runway and ensure it doesn't break WasmBench
+        https://bugs.webkit.org/show_bug.cgi?id=178557
+
+        Reviewed by Mark Lam.
+
+        * bmalloc/Algorithm.h:
+        (bmalloc::isPowerOfTwo):
+        * bmalloc/Gigacage.cpp:
+        * bmalloc/Gigacage.h:
+
 2017-12-05  Andy Estes  <aestes@apple.com>
 

trunk/Source/bmalloc/bmalloc/Algorithm.h

@@ -64 +64 @@
 }
 
-inline constexpr bool isPowerOfTwo(size_t size)
+template <typename T>
+inline constexpr bool isPowerOfTwo(T size)
 {
+    static_assert(std::is_integral<T>::value, "");
     return size && !(size & (size - 1));
 }

trunk/Source/bmalloc/bmalloc/Gigacage.cpp

@@ -35 +35 @@
 #include <mutex>
 
-#if BCPU(ARM64)
-// FIXME: There is no good reason for ARM64 to be special.
-// https://bugs.webkit.org/show_bug.cgi?id=177605
-#define GIGACAGE_RUNWAY 0
-#else
+// This is exactly 32GB because inside JSC, indexed accesses for arrays, typed arrays, etc,
+// use unsigned 32-bit ints as indices. The items those indices access are 8 bytes or less
+// in size. 2^32 * 8 = 32GB. This means if an access on a caged type happens to go out of
+// bounds, the access is guaranteed to land somewhere else in the cage or inside the runway.
+// If this were less than 32GB, those OOB accesses could reach outside of the cage.
 #define GIGACAGE_RUNWAY (32llu * 1024 * 1024 * 1024)
-#endif
 
 char g_gigacageBasePtrs[GIGACAGE_BASE_PTRS_SIZE] __attribute__((aligned(GIGACAGE_BASE_PTRS_SIZE)));

trunk/Source/bmalloc/bmalloc/Gigacage.h

@@ -26 +26 @@
 #pragma once
 
+#include "Algorithm.h"
 #include "BAssert.h"
 #include "BExport.h"
@@ -34 +35 @@
 
 #if BCPU(ARM64)
-// FIXME: This can probably be a lot bigger on iOS. I just haven't tried to make it bigger yet.
-// https://bugs.webkit.org/show_bug.cgi?id=177605
-#define PRIMITIVE_GIGACAGE_SIZE 0x40000000llu
+#define PRIMITIVE_GIGACAGE_SIZE 0x80000000llu
 #define JSVALUE_GIGACAGE_SIZE 0x40000000llu
 #define STRING_GIGACAGE_SIZE 0x40000000llu
@@ -47 +46 @@
 #endif
 
+static_assert(bmalloc::isPowerOfTwo(PRIMITIVE_GIGACAGE_SIZE), "");
+static_assert(bmalloc::isPowerOfTwo(JSVALUE_GIGACAGE_SIZE), "");
+static_assert(bmalloc::isPowerOfTwo(STRING_GIGACAGE_SIZE), "");
+
 #define GIGACAGE_SIZE_TO_MASK(size) ((size) - 1)
 
@@ -53 +56 @@
 #define STRING_GIGACAGE_MASK GIGACAGE_SIZE_TO_MASK(STRING_GIGACAGE_SIZE)
 
-// FIXME: Make WasmBench run with gigacage on iOS and re-enable on ARM64:
-// https://bugs.webkit.org/show_bug.cgi?id=178557
-#if (BOS(DARWIN) || BOS(LINUX)) && (/* (BCPU(ARM64) && !defined(__ILP32__))  || */ BCPU(X86_64))
+#if ((BOS(DARWIN) || BOS(LINUX)) && \
+    (BCPU(X86_64) || (BCPU(ARM64) && !defined(__ILP32__) && (!BPLATFORM(IOS) || __IPHONE_OS_VERSION_MIN_REQUIRED >= 110300))))
 #define GIGACAGE_ENABLED 1
 #else