[webkit-changes] [WebKit/WebKit] 842bf5: Adjust PreciseAllocation alignment offset to also ...

Commit Queue noreply at github.com
Mon Dec 18 23:55:25 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 842bf586330dbf74f9e2d09d50c818ca3f792988
      https://github.com/WebKit/WebKit/commit/842bf586330dbf74f9e2d09d50c818ca3f792988
  Author: Mark Lam <mark.lam at apple.com>
  Date:   2023-12-18 (Mon, 18 Dec 2023)

  Changed paths:
    M Source/JavaScriptCore/heap/PreciseAllocation.cpp
    M Source/JavaScriptCore/heap/PreciseAllocation.h

  Log Message:
  -----------
  Adjust PreciseAllocation alignment offset to also factor in cache line alignment requirements.
https://bugs.webkit.org/show_bug.cgi?id=262011
rdar://115959633

Reviewed by Keith Miller.

We should ensure that the JSObject header word and its butterfly are always in the same cache line.
See radar for details.

All JSObjects are either allocated out of a MarkedBlock or as a PreciseAllocation.  All MarkedBlock
allocations are aligned on 16 byte boundaries (the MarkedBlock::atomSize).  This means that it’s
impossible to get this condition with a MarkedBlock allocated object.

For PreciseAllocations, each allocation is preceded by a PreciseAllocation header (which is currently
96 bytes in size), and a 8 to 16 byte padding depending on what is need to get the resultant object
start address to start on an odd 8 byte boundary (i.e. but 3 is set).  With PreciseAllocations,
depending on the size of the allocation and what memory slot the allocation comes from, there is a
way to get the JSObject header and butterfly to span across a cache line boundary.

This patch prevents this by dynamically adjusting the alignment padding at the start of the
PreciseAllocation to ensure that the start address of the JSObject always lands at a spot where the
header and butterfly does not span a cache line boundary.

* Source/JavaScriptCore/heap/PreciseAllocation.cpp:
(JSC::dataCacheLineSize):
(JSC::isAlignedForPreciseAllocation):
(JSC::isCacheAlignedForPreciseAllocation):
(JSC::PreciseAllocation::tryCreate):
(JSC::PreciseAllocation::tryReallocate):
(JSC::PreciseAllocation::tryCreateForLowerTier):
(JSC::PreciseAllocation::reuseForLowerTier):
(JSC::PreciseAllocation::PreciseAllocation):
* Source/JavaScriptCore/heap/PreciseAllocation.h:
(JSC::PreciseAllocation::headerSize):
(JSC::PreciseAllocation::basePointer const):

Originally-landed-as: 267815.112 at safari-7617-branch (6ea412c32f09). rdar://119594413
Canonical link: https://commits.webkit.org/272254@main

More information about the webkit-changes mailing list