WebKit Bugzilla
Attachment 359409 Details for
Bug 193523
: Gigacages should start allocations from a slide
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-193523-20190117131431.patch (text/plain), 28.08 KB, created by
Keith Miller
on 2019-01-17 13:14:33 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Keith Miller
Created:
2019-01-17 13:14:33 PST
Size:
28.08 KB
patch
obsolete
>Subversion Revision: 240100 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 347fa49aa02a81b56932835e99c3d950d849432b..7dec5bf68190e8e0b9145c6ef75d04d9f5cd7667 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,15 @@ >+2019-01-17 Keith Miller <keith_miller@apple.com> >+ >+ Gigacages should start allocations from a slide >+ https://bugs.webkit.org/show_bug.cgi?id=193523 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This patch changes some macros into constants since macros are the >+ devil. >+ >+ * llint/LowLevelInterpreter64.asm: >+ > 2019-01-16 Mark Lam <mark.lam@apple.com> > > Refactor new bytecode structs so that the fields are prefixed with "m_". >diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog >index 121e6bfeea9fb9d01bb1fd785ebb2cbcdec10c72..9f23bedca1fb5bdece14cb51a9a281d57ecf37aa 100644 >--- a/Source/WTF/ChangeLog >+++ b/Source/WTF/ChangeLog >@@ -1,3 +1,16 @@ >+2019-01-17 Keith Miller <keith_miller@apple.com> >+ >+ Gigacages should start allocations from a slide >+ https://bugs.webkit.org/show_bug.cgi?id=193523 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This patch changes some macros into constants since macros are the >+ devil. >+ >+ * wtf/Gigacage.cpp: >+ * wtf/Gigacage.h: >+ > 2019-01-16 Keith Miller <keith_miller@apple.com> > > bmalloc should use JSC VM tag for gigacage >diff --git a/Source/bmalloc/ChangeLog b/Source/bmalloc/ChangeLog >index b30d125432c9ff0e36cc383dd78aadb167420dbe..edbd7b76b0b91117aa476fb478856b6e5ba6be22 100644 >--- a/Source/bmalloc/ChangeLog >+++ b/Source/bmalloc/ChangeLog >@@ -1,3 +1,49 @@ >+2019-01-17 Keith Miller <keith_miller@apple.com> >+ >+ Gigacages should start allocations from a slide >+ https://bugs.webkit.org/show_bug.cgi?id=193523 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This patch makes is so that Gigacage Heaps slide the start of the >+ cage by some random amount. We still ensure that there is always >+ at least 4/2GB, on MacOS/iOS respectively, of VA space available >+ for allocation. >+ >+ Also, this patch changes some macros into constants since macros >+ are the devil. >+ >+ * bmalloc/Gigacage.cpp: >+ (Gigacage::bmalloc::protectGigacageBasePtrs): >+ (Gigacage::bmalloc::unprotectGigacageBasePtrs): >+ (Gigacage::bmalloc::runwaySize): >+ (Gigacage::ensureGigacage): >+ (Gigacage::shouldBeEnabled): >+ * bmalloc/Gigacage.h: >+ (Gigacage::name): >+ (Gigacage::gigacageSizeToMask): >+ (Gigacage::size): >+ (Gigacage::mask): >+ (Gigacage::basePtr): >+ (Gigacage::ensureGigacage): >+ (Gigacage::wasEnabled): >+ (Gigacage::isCaged): >+ (Gigacage::caged): >+ (Gigacage::disableDisablingPrimitiveGigacageIfShouldBeEnabled): >+ (Gigacage::disablePrimitiveGigacage): >+ (Gigacage::addPrimitiveDisableCallback): >+ (Gigacage::removePrimitiveDisableCallback): >+ * bmalloc/Heap.cpp: >+ (bmalloc::Heap::Heap): >+ * bmalloc/Sizes.h: >+ (bmalloc::Sizes::maskSizeClass): >+ (bmalloc::Sizes::maskObjectSize): >+ (bmalloc::Sizes::logSizeClass): >+ (bmalloc::Sizes::logObjectSize): >+ (bmalloc::Sizes::sizeClass): >+ (bmalloc::Sizes::objectSize): >+ (bmalloc::Sizes::pageSize): >+ > 2019-01-16 Keith Miller <keith_miller@apple.com> > > bmalloc should use JSC VM tag for gigacage >diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm >index 810592c5feed673b92f5390bf9f8a8808be0487a..d1491f96666afc577a93730431fcaa1ae87acdd8 100644 >--- a/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm >+++ b/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm >@@ -1315,7 +1315,7 @@ llintOpWithMetadata(op_get_by_id, OpGetById, macro (size, get, dispatch, metadat > arrayProfile(OpGetById::Metadata::m_modeMetadata.arrayLengthMode.arrayProfile, t0, t2, t5) > btiz t0, IsArray, .opGetByIdSlow > btiz t0, IndexingShapeMask, .opGetByIdSlow >- loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::jsValue, constexpr JSVALUE_GIGACAGE_MASK, JSObject::m_butterfly[t3], t0, t1) >+ loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::jsValue, constexpr Gigacage::jsValueGigacageMask, JSObject::m_butterfly[t3], t0, t1) > loadi -sizeof IndexingHeader + IndexingHeader::u.lengths.publicLength[t0], t0 > bilt t0, 0, .opGetByIdSlow > orq tagTypeNumber, t0 >@@ -1438,7 +1438,7 @@ llintOpWithMetadata(op_get_by_val, OpGetByVal, macro (size, get, dispatch, metad > loadConstantOrVariableInt32(size, t3, t1, .opGetByValSlow) > sxi2q t1, t1 > >- loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::jsValue, constexpr JSVALUE_GIGACAGE_MASK, JSObject::m_butterfly[t0], t3, tagTypeNumber) >+ loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::jsValue, constexpr Gigacage::jsValueGigacageMask, JSObject::m_butterfly[t0], t3, tagTypeNumber) > move TagTypeNumber, tagTypeNumber > > andi IndexingShapeMask, t2 >@@ -1504,7 +1504,7 @@ llintOpWithMetadata(op_get_by_val, OpGetByVal, macro (size, get, dispatch, metad > bia t2, Int8ArrayType - FirstTypedArrayType, .opGetByValUint8ArrayOrUint8ClampedArray > > # We have Int8ArrayType. >- loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2) >+ loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2) > loadbs [t3, t1], t0 > finishIntGetByVal(t0, t1) > >@@ -1512,13 +1512,13 @@ llintOpWithMetadata(op_get_by_val, OpGetByVal, macro (size, get, dispatch, metad > bia t2, Uint8ArrayType - FirstTypedArrayType, .opGetByValUint8ClampedArray > > # We have Uint8ArrayType. >- loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2) >+ loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2) > loadb [t3, t1], t0 > finishIntGetByVal(t0, t1) > > .opGetByValUint8ClampedArray: > # We have Uint8ClampedArrayType. >- loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2) >+ loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2) > loadb [t3, t1], t0 > finishIntGetByVal(t0, t1) > >@@ -1527,13 +1527,13 @@ llintOpWithMetadata(op_get_by_val, OpGetByVal, macro (size, get, dispatch, metad > bia t2, Int16ArrayType - FirstTypedArrayType, .opGetByValUint16Array > > # We have Int16ArrayType. >- loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2) >+ loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2) > loadhs [t3, t1, 2], t0 > finishIntGetByVal(t0, t1) > > .opGetByValUint16Array: > # We have Uint16ArrayType. >- loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2) >+ loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2) > loadh [t3, t1, 2], t0 > finishIntGetByVal(t0, t1) > >@@ -1545,13 +1545,13 @@ llintOpWithMetadata(op_get_by_val, OpGetByVal, macro (size, get, dispatch, metad > bia t2, Int32ArrayType - FirstTypedArrayType, .opGetByValUint32Array > > # We have Int32ArrayType. >- loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2) >+ loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2) > loadi [t3, t1, 4], t0 > finishIntGetByVal(t0, t1) > > .opGetByValUint32Array: > # We have Uint32ArrayType. >- loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2) >+ loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2) > # This is the hardest part because of large unsigned values. > loadi [t3, t1, 4], t0 > bilt t0, 0, .opGetByValSlow # This case is still awkward to implement in LLInt. >@@ -1563,7 +1563,7 @@ llintOpWithMetadata(op_get_by_val, OpGetByVal, macro (size, get, dispatch, metad > bieq t2, Float32ArrayType - FirstTypedArrayType, .opGetByValSlow > > # We have Float64ArrayType. >- loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t2) >+ loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, JSArrayBufferView::m_vector[t0], t3, t2) > loadd [t3, t1, 8], ft0 > bdnequn ft0, ft0, .opGetByValSlow > finishDoubleGetByVal(ft0, t0, t1) >@@ -1599,7 +1599,7 @@ macro putByValOp(name, op) > get(m_property, t0) > loadConstantOrVariableInt32(size, t0, t3, .opPutByValSlow) > sxi2q t3, t3 >- loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::jsValue, constexpr JSVALUE_GIGACAGE_MASK, JSObject::m_butterfly[t1], t0, tagTypeNumber) >+ loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::jsValue, constexpr Gigacage::jsValueGigacageMask, JSObject::m_butterfly[t1], t0, tagTypeNumber) > move TagTypeNumber, tagTypeNumber > btinz t2, CopyOnWrite, .opPutByValSlow > andi IndexingShapeMask, t2 >diff --git a/Source/WTF/wtf/Gigacage.cpp b/Source/WTF/wtf/Gigacage.cpp >index ad93fa42859d6a1379c46871a75b4646af183d71..f7c2a5df7cdbcce41d402b70ba86d4d7bbe98904 100644 >--- a/Source/WTF/wtf/Gigacage.cpp >+++ b/Source/WTF/wtf/Gigacage.cpp >@@ -32,10 +32,10 @@ > > #if defined(USE_SYSTEM_MALLOC) && USE_SYSTEM_MALLOC > >-alignas(void*) char g_gigacageBasePtrs[GIGACAGE_BASE_PTRS_SIZE]; >- > namespace Gigacage { > >+alignas(void*) char g_gigacageBasePtrs[gigacageBasePtrsSize]; >+ > void* tryMalloc(Kind, size_t size) > { > return FastMalloc::tryMalloc(size); >@@ -61,7 +61,7 @@ void freeVirtualPages(Kind, void* basePtr, size_t size) > } > > } // namespace Gigacage >-#else >+#else // defined(USE_SYSTEM_MALLOC) && USE_SYSTEM_MALLOC > #include <bmalloc/bmalloc.h> > > namespace Gigacage { >diff --git a/Source/WTF/wtf/Gigacage.h b/Source/WTF/wtf/Gigacage.h >index 1b048313a362821b1f887fa5b7e3d3e002938b69..748a51a18f4f580790da5de17a47d602717c3ad1 100644 >--- a/Source/WTF/wtf/Gigacage.h >+++ b/Source/WTF/wtf/Gigacage.h >@@ -29,16 +29,15 @@ > > #if defined(USE_SYSTEM_MALLOC) && USE_SYSTEM_MALLOC > #define GIGACAGE_ENABLED 0 >-#define PRIMITIVE_GIGACAGE_MASK 0 >-#define JSVALUE_GIGACAGE_MASK 0 >-#define GIGACAGE_BASE_PTRS_SIZE 8192 >- >-extern "C" { >-alignas(void*) extern WTF_EXPORT_PRIVATE char g_gigacageBasePtrs[GIGACAGE_BASE_PTRS_SIZE]; >-} > > namespace Gigacage { > >+constexpr size_t primitiveGigacageMask = gigacageSizeToMask(primitiveGigacageSize); >+constexpr size_t jsValueGigacageMask = gigacageSizeToMask(jsValueGigacageSize); >+constexpr size_t gigacageBasePtrsSize = 8 * 1024; >+ >+extern "C" alignas(void*) extern WTF_EXPORT_PRIVATE char g_gigacageBasePtrs[gigacageBasePtrsSize]; >+ > struct BasePtrs { > uintptr_t reservedForFlags; > void* primitive; >@@ -126,7 +125,7 @@ WTF_EXPORT_PRIVATE void* tryAllocateZeroedVirtualPages(Kind, size_t size); > WTF_EXPORT_PRIVATE void freeVirtualPages(Kind, void* basePtr, size_t size); > > } // namespace Gigacage >-#else >+#else // defined(USE_SYSTEM_MALLOC) && USE_SYSTEM_MALLOC > #include <bmalloc/Gigacage.h> > > namespace Gigacage { >diff --git a/Source/bmalloc/bmalloc/Gigacage.cpp b/Source/bmalloc/bmalloc/Gigacage.cpp >index a88623d69ee370ee9ddee3457159128f03f0cb3a..b6ae18679a5096158b03a7b7b2f0f36ae7dd86df 100644 >--- a/Source/bmalloc/bmalloc/Gigacage.cpp >+++ b/Source/bmalloc/bmalloc/Gigacage.cpp >@@ -35,23 +35,25 @@ > #include <cstdio> > #include <mutex> > >+#if GIGACAGE_ENABLED >+ >+namespace Gigacage { >+ > // This is exactly 32GB because inside JSC, indexed accesses for arrays, typed arrays, etc, > // use unsigned 32-bit ints as indices. The items those indices access are 8 bytes or less > // in size. 2^32 * 8 = 32GB. This means if an access on a caged type happens to go out of > // bounds, the access is guaranteed to land somewhere else in the cage or inside the runway. > // If this were less than 32GB, those OOB accesses could reach outside of the cage. >-#define GIGACAGE_RUNWAY (32llu * 1024 * 1024 * 1024) >+constexpr uint64_t gigacageRunway = 32llu * 1024 * 1024 * 1024; > > // Note: g_gigacageBasePtrs[0] is reserved for storing the wasEnabled flag. > // The first gigacageBasePtr will start at g_gigacageBasePtrs[sizeof(void*)]. > // This is done so that the wasEnabled flag will also be protected along with the > // gigacageBasePtrs. >-alignas(GIGACAGE_BASE_PTRS_SIZE) char g_gigacageBasePtrs[GIGACAGE_BASE_PTRS_SIZE]; >+alignas(gigacageBasePtrsSize) char g_gigacageBasePtrs[gigacageBasePtrsSize]; > > using namespace bmalloc; > >-namespace Gigacage { >- > namespace { > > bool s_isDisablingPrimitiveGigacageDisabled; >@@ -61,12 +63,12 @@ void protectGigacageBasePtrs() > uintptr_t basePtrs = reinterpret_cast<uintptr_t>(g_gigacageBasePtrs); > // We might only get page size alignment, but that's also the minimum we need. > RELEASE_BASSERT(!(basePtrs & (vmPageSize() - 1))); >- mprotect(g_gigacageBasePtrs, GIGACAGE_BASE_PTRS_SIZE, PROT_READ); >+ mprotect(g_gigacageBasePtrs, gigacageBasePtrsSize, PROT_READ); > } > > void unprotectGigacageBasePtrs() > { >- mprotect(g_gigacageBasePtrs, GIGACAGE_BASE_PTRS_SIZE, PROT_READ | PROT_WRITE); >+ mprotect(g_gigacageBasePtrs, gigacageBasePtrsSize, PROT_READ | PROT_WRITE); > } > > class UnprotectGigacageBasePtrsScope { >@@ -101,26 +103,23 @@ struct PrimitiveDisableCallbacks { > Vector<Callback> callbacks; > }; > >-#if GIGACAGE_ENABLED > size_t runwaySize(Kind kind) > { > switch (kind) { > case Kind::ReservedForFlagsAndNotABasePtr: > RELEASE_BASSERT_NOT_REACHED(); > case Kind::Primitive: >- return static_cast<size_t>(GIGACAGE_RUNWAY); >+ return static_cast<size_t>(gigacageRunway); > case Kind::JSValue: > return static_cast<size_t>(0); > } > return static_cast<size_t>(0); > } >-#endif > > } // anonymous namespace > > void ensureGigacage() > { >-#if GIGACAGE_ENABLED > static std::once_flag onceFlag; > std::call_once( > onceFlag, >@@ -189,7 +188,6 @@ void ensureGigacage() > setWasEnabled(); > protectGigacageBasePtrs(); > }); >-#endif // GIGACAGE_ENABLED > } > > void disablePrimitiveGigacage() >@@ -265,8 +263,6 @@ bool isDisablingPrimitiveGigacageDisabled() > bool shouldBeEnabled() > { > static bool cached = false; >- >-#if GIGACAGE_ENABLED > static std::once_flag onceFlag; > std::call_once( > onceFlag, >@@ -288,12 +284,11 @@ bool shouldBeEnabled() > > cached = true; > }); >-#endif // GIGACAGE_ENABLED >- > return cached; > } > > } // namespace Gigacage > >+#endif // GIGACAGE_ENABLED > > >diff --git a/Source/bmalloc/bmalloc/Gigacage.h b/Source/bmalloc/bmalloc/Gigacage.h >index eab80fd2d3e24228cb9ffcdd83479d1ebdcb1d38..d0f626075df6dd28c70b650940e4b43c2195e5e5 100644 >--- a/Source/bmalloc/bmalloc/Gigacage.h >+++ b/Source/bmalloc/bmalloc/Gigacage.h >@@ -30,16 +30,53 @@ > #include "BExport.h" > #include "BInline.h" > #include "BPlatform.h" >+#include "Sizes.h" > #include <cstddef> > #include <inttypes.h> > >+#if ((BOS(DARWIN) || BOS(LINUX)) && \ >+(BCPU(X86_64) || (BCPU(ARM64) && !defined(__ILP32__) && (!BPLATFORM(IOS_FAMILY) || BPLATFORM(IOS))))) >+#define GIGACAGE_ENABLED 1 >+#else >+#define GIGACAGE_ENABLED 0 >+#endif >+ >+ >+namespace Gigacage { >+ >+enum Kind { >+ ReservedForFlagsAndNotABasePtr = 0, >+ Primitive, >+ JSValue, >+}; >+ >+BINLINE const char* name(Kind kind) >+{ >+ switch (kind) { >+ case ReservedForFlagsAndNotABasePtr: >+ RELEASE_BASSERT_NOT_REACHED(); >+ case Primitive: >+ return "Primitive"; >+ case JSValue: >+ return "JSValue"; >+ } >+ BCRASH(); >+ return nullptr; >+} >+ >+#if GIGACAGE_ENABLED >+ > #if BCPU(ARM64) >-#define PRIMITIVE_GIGACAGE_SIZE 0x80000000llu >-#define JSVALUE_GIGACAGE_SIZE 0x40000000llu >+constexpr size_t primitiveGigacageSize = 2 * bmalloc::Sizes::GB; >+constexpr size_t jsValueGigacageSize = 1 * bmalloc::Sizes::GB; >+constexpr size_t gigacageBasePtrsSize = 16 * Sizes::kB; >+constexpr size_t minimumCageSizeAfterSlide = Sizes::GB / 2; > #define GIGACAGE_ALLOCATION_CAN_FAIL 1 > #else >-#define PRIMITIVE_GIGACAGE_SIZE 0x800000000llu >-#define JSVALUE_GIGACAGE_SIZE 0x400000000llu >+constexpr size_t primitiveGigacageSize = 32 * bmalloc::Sizes::GB; >+constexpr size_t jsValueGigacageSize = 16 * bmalloc::Sizes::GB; >+constexpr size_t gigacageBasePtrsSize = 4 * bmalloc::Sizes::kB; >+constexpr size_t minimumCageSizeAfterSlide = 4 * bmalloc::Sizes::GB; > #define GIGACAGE_ALLOCATION_CAN_FAIL 0 > #endif > >@@ -50,30 +87,15 @@ > #define GIGACAGE_ALLOCATION_CAN_FAIL 1 > #endif > >-static_assert(bmalloc::isPowerOfTwo(PRIMITIVE_GIGACAGE_SIZE), ""); >-static_assert(bmalloc::isPowerOfTwo(JSVALUE_GIGACAGE_SIZE), ""); >- >-#define GIGACAGE_SIZE_TO_MASK(size) ((size) - 1) >- >-#define PRIMITIVE_GIGACAGE_MASK GIGACAGE_SIZE_TO_MASK(PRIMITIVE_GIGACAGE_SIZE) >-#define JSVALUE_GIGACAGE_MASK GIGACAGE_SIZE_TO_MASK(JSVALUE_GIGACAGE_SIZE) >- >-#if ((BOS(DARWIN) || BOS(LINUX)) && \ >- (BCPU(X86_64) || (BCPU(ARM64) && !defined(__ILP32__) && (!BPLATFORM(IOS_FAMILY) || BPLATFORM(IOS))))) >-#define GIGACAGE_ENABLED 1 >-#else >-#define GIGACAGE_ENABLED 0 >-#endif >+static_assert(bmalloc::isPowerOfTwo(primitiveGigacageSize), ""); >+static_assert(bmalloc::isPowerOfTwo(jsValueGigacageSize), ""); > >-#if BCPU(ARM64) >-#define GIGACAGE_BASE_PTRS_SIZE 16384 >-#else >-#define GIGACAGE_BASE_PTRS_SIZE 4096 >-#endif >+constexpr size_t gigacageSizeToMask(size_t size) { return size - 1; } > >-extern "C" alignas(GIGACAGE_BASE_PTRS_SIZE) BEXPORT char g_gigacageBasePtrs[GIGACAGE_BASE_PTRS_SIZE]; >+constexpr size_t primitiveGigacageMask = gigacageSizeToMask(primitiveGigacageSize); >+constexpr size_t jsValueGigacageMask = gigacageSizeToMask(jsValueGigacageSize); > >-namespace Gigacage { >+extern "C" alignas(gigacageBasePtrsSize) BEXPORT char g_gigacageBasePtrs[gigacageBasePtrsSize]; > > BINLINE bool wasEnabled() { return g_gigacageBasePtrs[0]; } > BINLINE void setWasEnabled() { g_gigacageBasePtrs[0] = true; } >@@ -84,16 +106,10 @@ struct BasePtrs { > void* jsValue; > }; > >-enum Kind { >- ReservedForFlagsAndNotABasePtr = 0, >- Primitive, >- JSValue, >-}; >- > static_assert(offsetof(BasePtrs, primitive) == Kind::Primitive * sizeof(void*), ""); > static_assert(offsetof(BasePtrs, jsValue) == Kind::JSValue * sizeof(void*), ""); > >-static constexpr unsigned numKinds = 2; >+constexpr unsigned numKinds = 2; > > BEXPORT void ensureGigacage(); > >@@ -109,20 +125,6 @@ BEXPORT bool isDisablingPrimitiveGigacageDisabled(); > inline bool isPrimitiveGigacagePermanentlyEnabled() { return isDisablingPrimitiveGigacageDisabled(); } > inline bool canPrimitiveGigacageBeDisabled() { return !isDisablingPrimitiveGigacageDisabled(); } > >-BINLINE const char* name(Kind kind) >-{ >- switch (kind) { >- case ReservedForFlagsAndNotABasePtr: >- RELEASE_BASSERT_NOT_REACHED(); >- case Primitive: >- return "Primitive"; >- case JSValue: >- return "JSValue"; >- } >- BCRASH(); >- return nullptr; >-} >- > BINLINE void*& basePtr(BasePtrs& basePtrs, Kind kind) > { > switch (kind) { >@@ -158,9 +160,9 @@ BINLINE size_t size(Kind kind) > case ReservedForFlagsAndNotABasePtr: > RELEASE_BASSERT_NOT_REACHED(); > case Primitive: >- return static_cast<size_t>(PRIMITIVE_GIGACAGE_SIZE); >+ return static_cast<size_t>(primitiveGigacageSize); > case JSValue: >- return static_cast<size_t>(JSVALUE_GIGACAGE_SIZE); >+ return static_cast<size_t>(jsValueGigacageSize); > } > BCRASH(); > return 0; >@@ -173,7 +175,7 @@ BINLINE size_t alignment(Kind kind) > > BINLINE size_t mask(Kind kind) > { >- return GIGACAGE_SIZE_TO_MASK(size(kind)); >+ return gigacageSizeToMask(size(kind)); > } > > template<typename Func> >@@ -202,6 +204,27 @@ BINLINE bool isCaged(Kind kind, const void* ptr) > > BEXPORT bool shouldBeEnabled(); > >+#else // GIGACAGE_ENABLED >+ >+BINLINE void*& basePtr(Kind) >+{ >+ BCRASH(); >+ static void* unreachable; >+ return unreachable; >+} >+BINLINE size_t size(Kind) { BCRASH(); return 0; } >+BINLINE void ensureGigacage() { } >+BINLINE bool wasEnabled() { return false; } >+BINLINE bool isCaged(Kind, const void*) { return false; } >+template<typename T> BINLINE T* caged(Kind, T* ptr) { BCRASH(); return ptr; } >+BINLINE void disableDisablingPrimitiveGigacageIfShouldBeEnabled() { } >+BINLINE void disablePrimitiveGigacage() { } >+BINLINE void addPrimitiveDisableCallback(void (*)(void*), void*) { } >+BINLINE void removePrimitiveDisableCallback(void (*)(void*), void*) { } >+ >+#endif // GIGACAGE_ENABLED >+ > } // namespace Gigacage > > >+ >diff --git a/Source/bmalloc/bmalloc/Heap.cpp b/Source/bmalloc/bmalloc/Heap.cpp >index 53b3e369193f1f5499a3acea47bc571792b30a0e..288db41ec5e4da547e6c89ccd0b56e7488e7f089 100644 >--- a/Source/bmalloc/bmalloc/Heap.cpp >+++ b/Source/bmalloc/bmalloc/Heap.cpp >@@ -29,6 +29,7 @@ > #include "BulkDecommit.h" > #include "BumpAllocator.h" > #include "Chunk.h" >+#include "CryptoRandom.h" > #include "Environment.h" > #include "Gigacage.h" > #include "DebugHeap.h" >@@ -61,7 +62,13 @@ Heap::Heap(HeapKind kind, std::lock_guard<Mutex>&) > #if GIGACAGE_ENABLED > if (usingGigacage()) { > RELEASE_BASSERT(gigacageBasePtr()); >- m_largeFree.add(LargeRange(gigacageBasePtr(), gigacageSize(), 0, 0)); >+ uint64_t random; >+ cryptoRandom(reinterpret_cast<unsigned char*>(&random), sizeof(random)); >+ RELEASE_BASSERT(gigacageSize() > Gigacage::minimumCageSizeAfterSlide); >+ ptrdiff_t offset = random % (gigacageSize() - Gigacage::minimumCageSizeAfterSlide); >+ offset = reinterpret_cast<ptrdiff_t>(roundDownToMultipleOf(vmPageSize(), reinterpret_cast<void*>(offset))); >+ void* base = reinterpret_cast<unsigned char*>(gigacageBasePtr()) + offset; >+ m_largeFree.add(LargeRange(base, gigacageSize() - offset, 0, 0)); > } > #endif > } >diff --git a/Source/bmalloc/bmalloc/Sizes.h b/Source/bmalloc/bmalloc/Sizes.h >index f75f7e8fcc7f67dbd503c789c8fc8540b50c14c9..335f00f4ef6165b5b17a452c6e7147a1a3a28d51 100644 >--- a/Source/bmalloc/bmalloc/Sizes.h >+++ b/Source/bmalloc/bmalloc/Sizes.h >@@ -40,88 +40,89 @@ namespace bmalloc { > // Repository for malloc sizing constants and calculations. > > namespace Sizes { >- static const size_t kB = 1024; >- static const size_t MB = kB * kB; >- >- static const size_t alignment = 8; >- static const size_t alignmentMask = alignment - 1ul; >- >- static const size_t chunkSize = 1 * MB; >- static const size_t chunkMask = ~(chunkSize - 1ul); >- >- static const size_t smallLineSize = 256; >- static const size_t smallPageSize = 4 * kB; >- static const size_t smallPageLineCount = smallPageSize / smallLineSize; >- >- static const size_t maskSizeClassMax = 512; >- static const size_t smallMax = 32 * kB; >- >- static const size_t pageSizeMax = smallMax * 2; >- static const size_t pageClassCount = pageSizeMax / smallPageSize; >- >- static const size_t pageSizeWasteFactor = 8; >- static const size_t logWasteFactor = 8; >- >- static const size_t largeAlignment = smallMax / pageSizeWasteFactor; >- static const size_t largeAlignmentMask = largeAlignment - 1; >- >- static const size_t deallocatorLogCapacity = 512; >- static const size_t bumpRangeCacheCapacity = 3; >- >- static const size_t scavengerBytesPerMemoryPressureCheck = 16 * MB; >- static const double memoryPressureThreshold = 0.75; >- >- static const size_t maskSizeClassCount = maskSizeClassMax / alignment; >- >- constexpr size_t maskSizeClass(size_t size) >- { >- // We mask to accommodate zero. >- return mask((size - 1) / alignment, maskSizeClassCount - 1); >- } >- >- inline size_t maskObjectSize(size_t maskSizeClass) >- { >- return (maskSizeClass + 1) * alignment; >- } >- >- static const size_t logAlignmentMin = maskSizeClassMax / logWasteFactor; >- >- static const size_t logSizeClassCount = (log2(smallMax) - log2(maskSizeClassMax)) * logWasteFactor; >- >- inline size_t logSizeClass(size_t size) >- { >- size_t base = log2(size - 1) - log2(maskSizeClassMax); >- size_t offset = (size - 1 - (maskSizeClassMax << base)); >- return base * logWasteFactor + offset / (logAlignmentMin << base); >- } >- >- inline size_t logObjectSize(size_t logSizeClass) >- { >- size_t base = logSizeClass / logWasteFactor; >- size_t offset = logSizeClass % logWasteFactor; >- return (maskSizeClassMax << base) + (offset + 1) * (logAlignmentMin << base); >- } >- >- static const size_t sizeClassCount = maskSizeClassCount + logSizeClassCount; >- >- inline size_t sizeClass(size_t size) >- { >- if (size <= maskSizeClassMax) >- return maskSizeClass(size); >- return maskSizeClassCount + logSizeClass(size); >- } >- >- inline size_t objectSize(size_t sizeClass) >- { >- if (sizeClass < maskSizeClassCount) >- return maskObjectSize(sizeClass); >- return logObjectSize(sizeClass - maskSizeClassCount); >- } >- >- inline size_t pageSize(size_t pageClass) >- { >- return (pageClass + 1) * smallPageSize; >- } >+static constexpr size_t kB = 1024; >+static constexpr size_t MB = kB * kB; >+static constexpr size_t GB = kB * kB * kB; >+ >+static constexpr size_t alignment = 8; >+static constexpr size_t alignmentMask = alignment - 1ul; >+ >+static constexpr size_t chunkSize = 1 * MB; >+static constexpr size_t chunkMask = ~(chunkSize - 1ul); >+ >+static constexpr size_t smallLineSize = 256; >+static constexpr size_t smallPageSize = 4 * kB; >+static constexpr size_t smallPageLineCount = smallPageSize / smallLineSize; >+ >+static constexpr size_t maskSizeClassMax = 512; >+static constexpr size_t smallMax = 32 * kB; >+ >+static constexpr size_t pageSizeMax = smallMax * 2; >+static constexpr size_t pageClassCount = pageSizeMax / smallPageSize; >+ >+static constexpr size_t pageSizeWasteFactor = 8; >+static constexpr size_t logWasteFactor = 8; >+ >+static constexpr size_t largeAlignment = smallMax / pageSizeWasteFactor; >+static constexpr size_t largeAlignmentMask = largeAlignment - 1; >+ >+static constexpr size_t deallocatorLogCapacity = 512; >+static constexpr size_t bumpRangeCacheCapacity = 3; >+ >+static constexpr size_t scavengerBytesPerMemoryPressureCheck = 16 * MB; >+static constexpr double memoryPressureThreshold = 0.75; >+ >+static constexpr size_t maskSizeClassCount = maskSizeClassMax / alignment; >+ >+constexpr size_t maskSizeClass(size_t size) >+{ >+ // We mask to accommodate zero. >+ return mask((size - 1) / alignment, maskSizeClassCount - 1); >+} >+ >+inline size_t maskObjectSize(size_t maskSizeClass) >+{ >+ return (maskSizeClass + 1) * alignment; >+} >+ >+static constexpr size_t logAlignmentMin = maskSizeClassMax / logWasteFactor; >+ >+static constexpr size_t logSizeClassCount = (log2(smallMax) - log2(maskSizeClassMax)) * logWasteFactor; >+ >+inline size_t logSizeClass(size_t size) >+{ >+ size_t base = log2(size - 1) - log2(maskSizeClassMax); >+ size_t offset = (size - 1 - (maskSizeClassMax << base)); >+ return base * logWasteFactor + offset / (logAlignmentMin << base); >+} >+ >+inline size_t logObjectSize(size_t logSizeClass) >+{ >+ size_t base = logSizeClass / logWasteFactor; >+ size_t offset = logSizeClass % logWasteFactor; >+ return (maskSizeClassMax << base) + (offset + 1) * (logAlignmentMin << base); >+} >+ >+static constexpr size_t sizeClassCount = maskSizeClassCount + logSizeClassCount; >+ >+inline size_t sizeClass(size_t size) >+{ >+ if (size <= maskSizeClassMax) >+ return maskSizeClass(size); >+ return maskSizeClassCount + logSizeClass(size); >+} >+ >+inline size_t objectSize(size_t sizeClass) >+{ >+ if (sizeClass < maskSizeClassCount) >+ return maskObjectSize(sizeClass); >+ return logObjectSize(sizeClass - maskSizeClassCount); >+} >+ >+inline size_t pageSize(size_t pageClass) >+{ >+ return (pageClass + 1) * smallPageSize; >+} > } > > using namespace Sizes;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=359409">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 193523
:
359341
|
359396
|
359409
|
359410
|
359425
|
359430
|
359501
|
359532