Changeset 240175 in webkit

Timestamp:

Jan 18, 2019 2:48:22 PM (5 years ago)

Author:

keith_miller@apple.com

Message:

Gigacages should start allocations from a slide
​https://bugs.webkit.org/show_bug.cgi?id=193523

Reviewed by Mark Lam.

Source/bmalloc:

This patch makes it so that Gigacage Heaps slide the start of the
cage by some random amount. We still ensure that there is always
at least 4/2GB, on MacOS/iOS respectively, of VA space available
for allocation.

Also, this patch changes some macros into constants since macros
are the devil.

• bmalloc/Gigacage.cpp:

(Gigacage::bmalloc::protectGigacageBasePtrs):
(Gigacage::bmalloc::unprotectGigacageBasePtrs):
(Gigacage::bmalloc::runwaySize):
(Gigacage::ensureGigacage):
(Gigacage::shouldBeEnabled):

• bmalloc/Gigacage.h:

(Gigacage::name):
(Gigacage::gigacageSizeToMask):
(Gigacage::size):
(Gigacage::mask):
(Gigacage::basePtr):
(Gigacage::ensureGigacage):
(Gigacage::wasEnabled):
(Gigacage::isCaged):
(Gigacage::isEnabled):
(Gigacage::caged):
(Gigacage::disableDisablingPrimitiveGigacageIfShouldBeEnabled):
(Gigacage::canPrimitiveGigacageBeDisabled):
(Gigacage::disablePrimitiveGigacage):
(Gigacage::addPrimitiveDisableCallback):
(Gigacage::removePrimitiveDisableCallback):

• bmalloc/Heap.cpp:

(bmalloc::Heap::Heap):

• bmalloc/Sizes.h:

(bmalloc::Sizes::maskSizeClass):
(bmalloc::Sizes::maskObjectSize):
(bmalloc::Sizes::logSizeClass):
(bmalloc::Sizes::logObjectSize):
(bmalloc::Sizes::sizeClass):
(bmalloc::Sizes::objectSize):
(bmalloc::Sizes::pageSize):

Source/JavaScriptCore:

This patch changes some macros into constants since macros are the
devil.

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::caged):

• llint/LowLevelInterpreter64.asm:

Source/WTF:

This patch changes some macros into constants since macros are the
devil.

• wtf/Gigacage.cpp:
• wtf/Gigacage.h:

Location:

trunk/Source

Files:

• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (modified) (2 diffs)
• JavaScriptCore/llint/LowLevelInterpreter64.asm (modified) (11 diffs)
• WTF/ChangeLog (modified) (1 diff)
• WTF/wtf/Gigacage.cpp (modified) (2 diffs)
• WTF/wtf/Gigacage.h (modified) (1 diff)
• bmalloc/ChangeLog (modified) (1 diff)
• bmalloc/bmalloc/Gigacage.cpp (modified) (10 diffs)
• bmalloc/bmalloc/Gigacage.h (modified) (7 diffs)
• bmalloc/bmalloc/Heap.cpp (modified) (2 diffs)
• bmalloc/bmalloc/Sizes.h (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2019-01-18  Keith Miller  <keith_miller@apple.com>
+
+        Gigacages should start allocations from a slide
+        https://bugs.webkit.org/show_bug.cgi?id=193523
+
+        Reviewed by Mark Lam.
+
+        This patch changes some macros into constants since macros are the
+        devil.
+
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::caged):
+        * llint/LowLevelInterpreter64.asm:
+
 2019-01-18  Matt Lewis  <jlewis3@apple.com>
 

trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

@@ -13853 +13853 @@
     LValue caged(Gigacage::Kind kind, LValue ptr)
     {
+#if GIGACAGE_ENABLED
         if (!Gigacage::isEnabled(kind))
             return ptr;
@@ -13881 +13882 @@
         // https://bugs.webkit.org/show_bug.cgi?id=175493
         return m_out.opaque(result);
+#else
+        return ptr;
+#endif
     }
     

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -1316 +1316 @@
     btiz t0, IsArray, .opGetByIdSlow
     btiz t0, IndexingShapeMask, .opGetByIdSlow
-    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::jsValue, constexpr JSVALUE_GIGACAGE_MASK, JSObject::m_butterfly[t3], t0, t1)
+    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::jsValue, constexpr Gigacage::jsValueGigacageMask, JSObject::m_butterfly[t3], t0, t1)
     loadi -sizeof IndexingHeader + IndexingHeader::u.lengths.publicLength[t0], t0
     bilt t0, 0, .opGetByIdSlow
@@ -1439 +1439 @@
     sxi2q t1, t1
 
-    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::jsValue, constexpr JSVALUE_GIGACAGE_MASK, JSObject::m_butterfly[t0], t3, tagTypeNumber)
+    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::jsValue, constexpr Gigacage::jsValueGigacageMask, JSObject::m_butterfly[t0], t3, tagTypeNumber)
     move TagTypeNumber, tagTypeNumber
 
@@ -1505 +1505 @@
 
     # We have Int8ArrayType.
-    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2)
+    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2)
     loadbs [t3, t1], t0
     finishIntGetByVal(t0, t1)
@@ -1513 +1513 @@
 
     # We have Uint8ArrayType.
-    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2)
+    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2)
     loadb [t3, t1], t0
     finishIntGetByVal(t0, t1)
@@ -1519 +1519 @@
 .opGetByValUint8ClampedArray:
     # We have Uint8ClampedArrayType.
-    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2)
+    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2)
     loadb [t3, t1], t0
     finishIntGetByVal(t0, t1)
@@ -1528 +1528 @@
 
     # We have Int16ArrayType.
-    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2)
+    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2)
     loadhs [t3, t1, 2], t0
     finishIntGetByVal(t0, t1)
@@ -1534 +1534 @@
 .opGetByValUint16Array:
     # We have Uint16ArrayType.
-    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2)
+    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2)
     loadh [t3, t1, 2], t0
     finishIntGetByVal(t0, t1)
@@ -1546 +1546 @@
 
     # We have Int32ArrayType.
-    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2)
+    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2)
     loadi [t3, t1, 4], t0
     finishIntGetByVal(t0, t1)
@@ -1552 +1552 @@
 .opGetByValUint32Array:
     # We have Uint32ArrayType.
-    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2)
+    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2)
     # This is the hardest part because of large unsigned values.
     loadi [t3, t1, 4], t0
@@ -1564 +1564 @@
 
     # We have Float64ArrayType.
-    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2)
+    loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2)
     loadd [t3, t1, 8], ft0
     bdnequn ft0, ft0, .opGetByValSlow
@@ -1600 +1600 @@
         loadConstantOrVariableInt32(size, t0, t3, .opPutByValSlow)
         sxi2q t3, t3
-        loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::jsValue, constexpr JSVALUE_GIGACAGE_MASK, JSObject::m_butterfly[t1], t0, tagTypeNumber)
+        loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::jsValue, constexpr Gigacage::jsValueGigacageMask, JSObject::m_butterfly[t1], t0, tagTypeNumber)
         move TagTypeNumber, tagTypeNumber
         btinz t2, CopyOnWrite, .opPutByValSlow

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2019-01-18  Keith Miller  <keith_miller@apple.com>
+
+        Gigacages should start allocations from a slide
+        https://bugs.webkit.org/show_bug.cgi?id=193523
+
+        Reviewed by Mark Lam.
+
+        This patch changes some macros into constants since macros are the
+        devil.
+
+        * wtf/Gigacage.cpp:
+        * wtf/Gigacage.h:
+
 2019-01-18  Matt Lewis  <jlewis3@apple.com>
 

trunk/Source/WTF/wtf/Gigacage.cpp

@@ -33 +33 @@
 #if defined(USE_SYSTEM_MALLOC) && USE_SYSTEM_MALLOC
 
-alignas(void*) char g_gigacageBasePtrs[GIGACAGE_BASE_PTRS_SIZE];
+namespace Gigacage {
 
-namespace Gigacage {
+alignas(void*) char g_gigacageBasePtrs[gigacageBasePtrsSize];
 
 void* tryMalloc(Kind, size_t size)
@@ -62 +62 @@
 
 } // namespace Gigacage
-#else
+#else // defined(USE_SYSTEM_MALLOC) && USE_SYSTEM_MALLOC
 #include <bmalloc/bmalloc.h>
 

trunk/Source/WTF/wtf/Gigacage.h

@@ -27 +27 @@
 
 #include <wtf/FastMalloc.h>
+#include <wtf/StdLibExtras.h>
 
 #if defined(USE_SYSTEM_MALLOC) && USE_SYSTEM_MALLOC
 #define GIGACAGE_ENABLED 0
-#define PRIMITIVE_GIGACAGE_MASK 0
-#define JSVALUE_GIGACAGE_MASK 0
-#define GIGACAGE_BASE_PTRS_SIZE 8192
-
-extern "C" {
-alignas(void*) extern WTF_EXPORT_PRIVATE char g_gigacageBasePtrs[GIGACAGE_BASE_PTRS_SIZE];
-}
 
 namespace Gigacage {
+
+const size_t primitiveGigacageMask = 0;
+const size_t jsValueGigacageMask = 0;
+const size_t gigacageBasePtrsSize = 8 * KB;
+
+extern "C" alignas(void*) WTF_EXPORT_PRIVATE char g_gigacageBasePtrs[gigacageBasePtrsSize];
 
 struct BasePtrs {

trunk/Source/bmalloc/ChangeLog

@@ +1 @@
+2019-01-18  Keith Miller  <keith_miller@apple.com>
+
+        Gigacages should start allocations from a slide
+        https://bugs.webkit.org/show_bug.cgi?id=193523
+
+        Reviewed by Mark Lam.
+
+        This patch makes it so that Gigacage Heaps slide the start of the
+        cage by some random amount. We still ensure that there is always
+        at least 4/2GB, on MacOS/iOS respectively, of VA space available
+        for allocation.
+
+        Also, this patch changes some macros into constants since macros
+        are the devil.
+
+        * bmalloc/Gigacage.cpp:
+        (Gigacage::bmalloc::protectGigacageBasePtrs):
+        (Gigacage::bmalloc::unprotectGigacageBasePtrs):
+        (Gigacage::bmalloc::runwaySize):
+        (Gigacage::ensureGigacage):
+        (Gigacage::shouldBeEnabled):
+        * bmalloc/Gigacage.h:
+        (Gigacage::name):
+        (Gigacage::gigacageSizeToMask):
+        (Gigacage::size):
+        (Gigacage::mask):
+        (Gigacage::basePtr):
+        (Gigacage::ensureGigacage):
+        (Gigacage::wasEnabled):
+        (Gigacage::isCaged):
+        (Gigacage::isEnabled):
+        (Gigacage::caged):
+        (Gigacage::disableDisablingPrimitiveGigacageIfShouldBeEnabled):
+        (Gigacage::canPrimitiveGigacageBeDisabled):
+        (Gigacage::disablePrimitiveGigacage):
+        (Gigacage::addPrimitiveDisableCallback):
+        (Gigacage::removePrimitiveDisableCallback):
+        * bmalloc/Heap.cpp:
+        (bmalloc::Heap::Heap):
+        * bmalloc/Sizes.h:
+        (bmalloc::Sizes::maskSizeClass):
+        (bmalloc::Sizes::maskObjectSize):
+        (bmalloc::Sizes::logSizeClass):
+        (bmalloc::Sizes::logObjectSize):
+        (bmalloc::Sizes::sizeClass):
+        (bmalloc::Sizes::objectSize):
+        (bmalloc::Sizes::pageSize):
+
 2019-01-18  Matt Lewis  <jlewis3@apple.com>
 

trunk/Source/bmalloc/bmalloc/Gigacage.cpp

@@ -36 +36 @@
 #include <mutex>
 
+#if GIGACAGE_ENABLED
+
+namespace Gigacage {
+
 // This is exactly 32GB because inside JSC, indexed accesses for arrays, typed arrays, etc,
 // use unsigned 32-bit ints as indices. The items those indices access are 8 bytes or less
@@ -41 +45 @@
 // bounds, the access is guaranteed to land somewhere else in the cage or inside the runway.
 // If this were less than 32GB, those OOB accesses could reach outside of the cage.
-#define GIGACAGE_RUNWAY (32llu * 1024 * 1024 * 1024)
+constexpr size_t gigacageRunway = 32llu * 1024 * 1024 * 1024;
 
 // Note: g_gigacageBasePtrs[0] is reserved for storing the wasEnabled flag.
@@ -47 +51 @@
 // This is done so that the wasEnabled flag will also be protected along with the
 // gigacageBasePtrs.
-alignas(GIGACAGE_BASE_PTRS_SIZE) char g_gigacageBasePtrs[GIGACAGE_BASE_PTRS_SIZE];
+alignas(gigacageBasePtrsSize) char g_gigacageBasePtrs[gigacageBasePtrsSize];
 
 using namespace bmalloc;
-
-namespace Gigacage {
 
 namespace {
@@ -62 +64 @@
     // We might only get page size alignment, but that's also the minimum we need.
     RELEASE_BASSERT(!(basePtrs & (vmPageSize() - 1)));
-    mprotect(g_gigacageBasePtrs, GIGACAGE_BASE_PTRS_SIZE, PROT_READ);
+    mprotect(g_gigacageBasePtrs, gigacageBasePtrsSize, PROT_READ);
 }
 
 void unprotectGigacageBasePtrs()
 {
-    mprotect(g_gigacageBasePtrs, GIGACAGE_BASE_PTRS_SIZE, PROT_READ | PROT_WRITE);
+    mprotect(g_gigacageBasePtrs, gigacageBasePtrsSize, PROT_READ | PROT_WRITE);
 }
 
@@ -102 +104 @@
 };
 
-#if GIGACAGE_ENABLED
 size_t runwaySize(Kind kind)
 {
@@ -109 +110 @@
         RELEASE_BASSERT_NOT_REACHED();
     case Kind::Primitive:
-        return static_cast<size_t>(GIGACAGE_RUNWAY);
+        return gigacageRunway;
     case Kind::JSValue:
-        return static_cast<size_t>(0);
-    }
-    return static_cast<size_t>(0);
-}
-#endif
+        return 0;
+    }
+    return 0;
+}
 
 } // anonymous namespace
@@ -121 +121 @@
 void ensureGigacage()
 {
-#if GIGACAGE_ENABLED
     static std::once_flag onceFlag;
     std::call_once(
@@ -190 +189 @@
             protectGigacageBasePtrs();
         });
-#endif // GIGACAGE_ENABLED
 }
 
@@ -266 +264 @@
 {
     static bool cached = false;
-
-#if GIGACAGE_ENABLED
     static std::once_flag onceFlag;
     std::call_once(
@@ -289 +285 @@
             cached = true;
         });
+    return cached;
+}
+
+} // namespace Gigacage
+
 #endif // GIGACAGE_ENABLED
-    
-    return cached;
-}
-
-} // namespace Gigacage
-
-
-
+
+

trunk/Source/bmalloc/bmalloc/Gigacage.h

@@ -31 +31 @@
 #include "BInline.h"
 #include "BPlatform.h"
+#include "Sizes.h"
 #include <cstddef>
 #include <inttypes.h>
 
-#if BCPU(ARM64)
-#define PRIMITIVE_GIGACAGE_SIZE 0x80000000llu
-#define JSVALUE_GIGACAGE_SIZE 0x40000000llu
-#define GIGACAGE_ALLOCATION_CAN_FAIL 1
-#else
-#define PRIMITIVE_GIGACAGE_SIZE 0x800000000llu
-#define JSVALUE_GIGACAGE_SIZE 0x400000000llu
-#define GIGACAGE_ALLOCATION_CAN_FAIL 0
-#endif
-
-// In Linux, if `vm.overcommit_memory = 2` is specified, mmap with large size can fail if it exceeds the size of RAM.
-// So we specify GIGACAGE_ALLOCATION_CAN_FAIL = 1.
-#if BOS(LINUX)
-#undef GIGACAGE_ALLOCATION_CAN_FAIL
-#define GIGACAGE_ALLOCATION_CAN_FAIL 1
-#endif
-
-static_assert(bmalloc::isPowerOfTwo(PRIMITIVE_GIGACAGE_SIZE), "");
-static_assert(bmalloc::isPowerOfTwo(JSVALUE_GIGACAGE_SIZE), "");
-
-#define GIGACAGE_SIZE_TO_MASK(size) ((size) - 1)
-
-#define PRIMITIVE_GIGACAGE_MASK GIGACAGE_SIZE_TO_MASK(PRIMITIVE_GIGACAGE_SIZE)
-#define JSVALUE_GIGACAGE_MASK GIGACAGE_SIZE_TO_MASK(JSVALUE_GIGACAGE_SIZE)
-
 #if ((BOS(DARWIN) || BOS(LINUX)) && \
-    (BCPU(X86_64) || (BCPU(ARM64) && !defined(__ILP32__) && (!BPLATFORM(IOS_FAMILY) || BPLATFORM(IOS)))))
+(BCPU(X86_64) || (BCPU(ARM64) && !defined(__ILP32__) && (!BPLATFORM(IOS_FAMILY) || BPLATFORM(IOS)))))
 #define GIGACAGE_ENABLED 1
 #else
@@ -66 +42 @@
 #endif
 
-#if BCPU(ARM64)
-#define GIGACAGE_BASE_PTRS_SIZE 16384
-#else
-#define GIGACAGE_BASE_PTRS_SIZE 4096
-#endif
-
-extern "C" alignas(GIGACAGE_BASE_PTRS_SIZE) BEXPORT char g_gigacageBasePtrs[GIGACAGE_BASE_PTRS_SIZE];
 
 namespace Gigacage {
-
-BINLINE bool wasEnabled() { return g_gigacageBasePtrs[0]; }
-BINLINE void setWasEnabled() { g_gigacageBasePtrs[0] = true; }
-
-struct BasePtrs {
-    uintptr_t reservedForFlags;
-    void* primitive;
-    void* jsValue;
-};
 
 enum Kind {
@@ -90 +50 @@
     JSValue,
 };
-
-static_assert(offsetof(BasePtrs, primitive) == Kind::Primitive * sizeof(void*), "");
-static_assert(offsetof(BasePtrs, jsValue) == Kind::JSValue * sizeof(void*), "");
-
-static constexpr unsigned numKinds = 2;
-
-BEXPORT void ensureGigacage();
-
-BEXPORT void disablePrimitiveGigacage();
-
-// This will call the disable callback immediately if the Primitive Gigacage is currently disabled.
-BEXPORT void addPrimitiveDisableCallback(void (*)(void*), void*);
-BEXPORT void removePrimitiveDisableCallback(void (*)(void*), void*);
-
-BEXPORT void disableDisablingPrimitiveGigacageIfShouldBeEnabled();
-
-BEXPORT bool isDisablingPrimitiveGigacageDisabled();
-inline bool isPrimitiveGigacagePermanentlyEnabled() { return isDisablingPrimitiveGigacageDisabled(); }
-inline bool canPrimitiveGigacageBeDisabled() { return !isDisablingPrimitiveGigacageDisabled(); }
 
 BINLINE const char* name(Kind kind)
@@ -124 +65 @@
 }
 
+#if GIGACAGE_ENABLED
+
+#if BCPU(ARM64)
+constexpr size_t primitiveGigacageSize = 2 * bmalloc::Sizes::GB;
+constexpr size_t jsValueGigacageSize = 1 * bmalloc::Sizes::GB;
+constexpr size_t gigacageBasePtrsSize = 16 * bmalloc::Sizes::kB;
+constexpr size_t minimumCageSizeAfterSlide = bmalloc::Sizes::GB / 2;
+#define GIGACAGE_ALLOCATION_CAN_FAIL 1
+#else
+constexpr size_t primitiveGigacageSize = 32 * bmalloc::Sizes::GB;
+constexpr size_t jsValueGigacageSize = 16 * bmalloc::Sizes::GB;
+constexpr size_t gigacageBasePtrsSize = 4 * bmalloc::Sizes::kB;
+constexpr size_t minimumCageSizeAfterSlide = 4 * bmalloc::Sizes::GB;
+#define GIGACAGE_ALLOCATION_CAN_FAIL 0
+#endif
+
+// In Linux, if `vm.overcommit_memory = 2` is specified, mmap with large size can fail if it exceeds the size of RAM.
+// So we specify GIGACAGE_ALLOCATION_CAN_FAIL = 1.
+#if BOS(LINUX)
+#undef GIGACAGE_ALLOCATION_CAN_FAIL
+#define GIGACAGE_ALLOCATION_CAN_FAIL 1
+#endif
+
+
+static_assert(bmalloc::isPowerOfTwo(primitiveGigacageSize), "");
+static_assert(bmalloc::isPowerOfTwo(jsValueGigacageSize), "");
+static_assert(primitiveGigacageSize > minimumCageSizeAfterSlide, "");
+static_assert(jsValueGigacageSize > minimumCageSizeAfterSlide, "");
+
+constexpr size_t gigacageSizeToMask(size_t size) { return size - 1; }
+
+constexpr size_t primitiveGigacageMask = gigacageSizeToMask(primitiveGigacageSize);
+constexpr size_t jsValueGigacageMask = gigacageSizeToMask(jsValueGigacageSize);
+
+extern "C" alignas(gigacageBasePtrsSize) BEXPORT char g_gigacageBasePtrs[gigacageBasePtrsSize];
+
+BINLINE bool wasEnabled() { return g_gigacageBasePtrs[0]; }
+BINLINE void setWasEnabled() { g_gigacageBasePtrs[0] = true; }
+
+struct BasePtrs {
+    uintptr_t reservedForFlags;
+    void* primitive;
+    void* jsValue;
+};
+
+static_assert(offsetof(BasePtrs, primitive) == Kind::Primitive * sizeof(void*), "");
+static_assert(offsetof(BasePtrs, jsValue) == Kind::JSValue * sizeof(void*), "");
+
+constexpr unsigned numKinds = 2;
+
+BEXPORT void ensureGigacage();
+
+BEXPORT void disablePrimitiveGigacage();
+
+// This will call the disable callback immediately if the Primitive Gigacage is currently disabled.
+BEXPORT void addPrimitiveDisableCallback(void (*)(void*), void*);
+BEXPORT void removePrimitiveDisableCallback(void (*)(void*), void*);
+
+BEXPORT void disableDisablingPrimitiveGigacageIfShouldBeEnabled();
+
+BEXPORT bool isDisablingPrimitiveGigacageDisabled();
+inline bool isPrimitiveGigacagePermanentlyEnabled() { return isDisablingPrimitiveGigacageDisabled(); }
+inline bool canPrimitiveGigacageBeDisabled() { return !isDisablingPrimitiveGigacageDisabled(); }
+
 BINLINE void*& basePtr(BasePtrs& basePtrs, Kind kind)
 {
@@ -159 +164 @@
         RELEASE_BASSERT_NOT_REACHED();
     case Primitive:
-        return static_cast<size_t>(PRIMITIVE_GIGACAGE_SIZE);
+        return static_cast<size_t>(primitiveGigacageSize);
     case JSValue:
-        return static_cast<size_t>(JSVALUE_GIGACAGE_SIZE);
+        return static_cast<size_t>(jsValueGigacageSize);
     }
     BCRASH();
@@ -174 +179 @@
 BINLINE size_t mask(Kind kind)
 {
-    return GIGACAGE_SIZE_TO_MASK(size(kind));
+    return gigacageSizeToMask(size(kind));
 }
 
@@ -203 +208 @@
 BEXPORT bool shouldBeEnabled();
 
+#else // GIGACAGE_ENABLED
+
+BINLINE void*& basePtr(Kind)
+{
+    BCRASH();
+    static void* unreachable;
+    return unreachable;
+}
+BINLINE size_t size(Kind) { BCRASH(); return 0; }
+BINLINE void ensureGigacage() { }
+BINLINE bool wasEnabled() { return false; }
+BINLINE bool isCaged(Kind, const void*) { return true; }
+BINLINE bool isEnabled() { return false; }
+template<typename T> BINLINE T* caged(Kind, T* ptr) { return ptr; }
+BINLINE void disableDisablingPrimitiveGigacageIfShouldBeEnabled() { }
+BINLINE bool canPrimitiveGigacageBeDisabled() { return false; }
+BINLINE void disablePrimitiveGigacage() { }
+BINLINE void addPrimitiveDisableCallback(void (*)(void*), void*) { }
+BINLINE void removePrimitiveDisableCallback(void (*)(void*), void*) { }
+
+#endif // GIGACAGE_ENABLED
+
 } // namespace Gigacage
 
 
+

trunk/Source/bmalloc/bmalloc/Heap.cpp

@@ -30 +30 @@
 #include "BumpAllocator.h"
 #include "Chunk.h"
+#include "CryptoRandom.h"
 #include "Environment.h"
 #include "Gigacage.h"
@@ -62 +63 @@
         if (usingGigacage()) {
             RELEASE_BASSERT(gigacageBasePtr());
-            m_largeFree.add(LargeRange(gigacageBasePtr(), gigacageSize(), 0, 0));
+            uint64_t random;
+            cryptoRandom(reinterpret_cast<unsigned char*>(&random), sizeof(random));
+            ptrdiff_t offset = random % (gigacageSize() - Gigacage::minimumCageSizeAfterSlide);
+            offset = reinterpret_cast<ptrdiff_t>(roundDownToMultipleOf(vmPageSize(), reinterpret_cast<void*>(offset)));
+            void* base = reinterpret_cast<unsigned char*>(gigacageBasePtr()) + offset;
+            m_largeFree.add(LargeRange(base, gigacageSize() - offset, 0, 0));
         }
 #endif

trunk/Source/bmalloc/bmalloc/Sizes.h

@@ -41 +41 @@
 
 namespace Sizes {
-    static const size_t kB = 1024;
-    static const size_t MB = kB * kB;
+static constexpr size_t kB = 1024;
+static constexpr size_t MB = kB * kB;
+static constexpr size_t GB = kB * kB * kB;
 
-    static const size_t alignment = 8;
-    static const size_t alignmentMask = alignment - 1ul;
+static constexpr size_t alignment = 8;
+static constexpr size_t alignmentMask = alignment - 1ul;
 
-    static const size_t chunkSize = 1 * MB;
-    static const size_t chunkMask = ~(chunkSize - 1ul);
+static constexpr size_t chunkSize = 1 * MB;
+static constexpr size_t chunkMask = ~(chunkSize - 1ul);
 
-    static const size_t smallLineSize = 256;
-    static const size_t smallPageSize = 4 * kB;
-    static const size_t smallPageLineCount = smallPageSize / smallLineSize;
+static constexpr size_t smallLineSize = 256;
+static constexpr size_t smallPageSize = 4 * kB;
+static constexpr size_t smallPageLineCount = smallPageSize / smallLineSize;
 
-    static const size_t maskSizeClassMax = 512;
-    static const size_t smallMax = 32 * kB;
+static constexpr size_t maskSizeClassMax = 512;
+static constexpr size_t smallMax = 32 * kB;
 
-    static const size_t pageSizeMax = smallMax * 2;
-    static const size_t pageClassCount = pageSizeMax / smallPageSize;
+static constexpr size_t pageSizeMax = smallMax * 2;
+static constexpr size_t pageClassCount = pageSizeMax / smallPageSize;
 
-    static const size_t pageSizeWasteFactor = 8;
-    static const size_t logWasteFactor = 8;
+static constexpr size_t pageSizeWasteFactor = 8;
+static constexpr size_t logWasteFactor = 8;
 
-    static const size_t largeAlignment = smallMax / pageSizeWasteFactor;
-    static const size_t largeAlignmentMask = largeAlignment - 1;
+static constexpr size_t largeAlignment = smallMax / pageSizeWasteFactor;
+static constexpr size_t largeAlignmentMask = largeAlignment - 1;
 
-    static const size_t deallocatorLogCapacity = 512;
-    static const size_t bumpRangeCacheCapacity = 3;
-    
-    static const size_t scavengerBytesPerMemoryPressureCheck = 16 * MB;
-    static const double memoryPressureThreshold = 0.75;
-    
-    static const size_t maskSizeClassCount = maskSizeClassMax / alignment;
+static constexpr size_t deallocatorLogCapacity = 512;
+static constexpr size_t bumpRangeCacheCapacity = 3;
 
-    constexpr size_t maskSizeClass(size_t size)
-    {
-        // We mask to accommodate zero.
-        return mask((size - 1) / alignment, maskSizeClassCount - 1);
-    }
+static constexpr size_t scavengerBytesPerMemoryPressureCheck = 16 * MB;
+static constexpr double memoryPressureThreshold = 0.75;
 
-    inline size_t maskObjectSize(size_t maskSizeClass)
-    {
-        return (maskSizeClass + 1) * alignment;
-    }
+static constexpr size_t maskSizeClassCount = maskSizeClassMax / alignment;
 
-    static const size_t logAlignmentMin = maskSizeClassMax / logWasteFactor;
+constexpr size_t maskSizeClass(size_t size)
+{
+    // We mask to accommodate zero.
+    return mask((size - 1) / alignment, maskSizeClassCount - 1);
+}
 
-    static const size_t logSizeClassCount = (log2(smallMax) - log2(maskSizeClassMax)) * logWasteFactor;
+inline size_t maskObjectSize(size_t maskSizeClass)
+{
+    return (maskSizeClass + 1) * alignment;
+}
 
-    inline size_t logSizeClass(size_t size)
-    {
-        size_t base = log2(size - 1) - log2(maskSizeClassMax);
-        size_t offset = (size - 1 - (maskSizeClassMax << base));
-        return base * logWasteFactor + offset / (logAlignmentMin << base);
-    }
+static constexpr size_t logAlignmentMin = maskSizeClassMax / logWasteFactor;
 
-    inline size_t logObjectSize(size_t logSizeClass)
-    {
-        size_t base = logSizeClass / logWasteFactor;
-        size_t offset = logSizeClass % logWasteFactor;
-        return (maskSizeClassMax << base) + (offset + 1) * (logAlignmentMin << base);
-    }
+static constexpr size_t logSizeClassCount = (log2(smallMax) - log2(maskSizeClassMax)) * logWasteFactor;
 
-    static const size_t sizeClassCount = maskSizeClassCount + logSizeClassCount;
+inline size_t logSizeClass(size_t size)
+{
+    size_t base = log2(size - 1) - log2(maskSizeClassMax);
+    size_t offset = (size - 1 - (maskSizeClassMax << base));
+    return base * logWasteFactor + offset / (logAlignmentMin << base);
+}
 
-    inline size_t sizeClass(size_t size)
-    {
-        if (size <= maskSizeClassMax)
-            return maskSizeClass(size);
-        return maskSizeClassCount + logSizeClass(size);
-    }
+inline size_t logObjectSize(size_t logSizeClass)
+{
+    size_t base = logSizeClass / logWasteFactor;
+    size_t offset = logSizeClass % logWasteFactor;
+    return (maskSizeClassMax << base) + (offset + 1) * (logAlignmentMin << base);
+}
 
-    inline size_t objectSize(size_t sizeClass)
-    {
-        if (sizeClass < maskSizeClassCount)
-            return maskObjectSize(sizeClass);
-        return logObjectSize(sizeClass - maskSizeClassCount);
-    }
-    
-    inline size_t pageSize(size_t pageClass)
-    {
-        return (pageClass + 1) * smallPageSize;
-    }
+static constexpr size_t sizeClassCount = maskSizeClassCount + logSizeClassCount;
+
+inline size_t sizeClass(size_t size)
+{
+    if (size <= maskSizeClassMax)
+        return maskSizeClass(size);
+    return maskSizeClassCount + logSizeClass(size);
 }
+
+inline size_t objectSize(size_t sizeClass)
+{
+    if (sizeClass < maskSizeClassCount)
+        return maskObjectSize(sizeClass);
+    return logObjectSize(sizeClass - maskSizeClassCount);
+}
+
+inline size_t pageSize(size_t pageClass)
+{
+    return (pageClass + 1) * smallPageSize;
+}
+} // namespace Sizes
 
 using namespace Sizes;