[webkit-changes] [WebKit/WebKit] 9dd52f: [JSC] Implement core of sequestered arena allocator

Marcus Plutowski noreply at github.com
Wed Feb 26 11:54:53 PST 2025 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 9dd52f49f7c30106f48751f6776a01e948ee97e0
      https://github.com/WebKit/WebKit/commit/9dd52f49f7c30106f48751f6776a01e948ee97e0
  Author: Marcus Plutowski <marcus_plutowski at apple.com>
  Date:   2025-02-26 (Wed, 26 Feb 2025)

  Changed paths:
    M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
    M Source/JavaScriptCore/jit/JIT.cpp
    M Source/JavaScriptCore/jit/JIT.h
    M Source/JavaScriptCore/jit/JITWorklistThread.cpp
    M Source/JavaScriptCore/wasm/WasmWorklist.cpp
    M Source/WTF/WTF.xcodeproj/project.pbxproj
    M Source/WTF/wtf/CMakeLists.txt
    M Source/WTF/wtf/EmbeddedFixedVector.h
    M Source/WTF/wtf/Forward.h
    M Source/WTF/wtf/MallocSpan.h
    M Source/WTF/wtf/PlatformUse.h
    M Source/WTF/wtf/SegmentedVector.h
    A Source/WTF/wtf/SequesteredAllocator.cpp
    A Source/WTF/wtf/SequesteredAllocator.h
    A Source/WTF/wtf/SequesteredImmortalHeap.cpp
    A Source/WTF/wtf/SequesteredImmortalHeap.h
    A Source/WTF/wtf/SequesteredMalloc.cpp
    A Source/WTF/wtf/SequesteredMalloc.h

  Log Message:
  -----------
  [JSC] Implement core of sequestered arena allocator
https://bugs.webkit.org/show_bug.cgi?id=287524
rdar://114840482

Reviewed by Yusuke Suzuki.

This implements the core functionality of a new arena allocator built
around a sequestered pool of memory. The intention is for this allocator
to be used by the JIT compiler for allocating datastructures; as of
right now, only a small number of datatypes are set up to use the new
allocator. As this is an arena allocator, users need to specify the
lifetime of their allocations indirectly via the ArenaLifetime object.
Currently, the allocator is disabled, and has been stripped of several
unstable components which are still under development. In particular,
the `free` flow is intended to hook into the libpas scavenger, but right
now eagerly frees to tide us over; moreover, each thread's allocator
will eventually have at least a small number (2-3) of different
size-classed arenas, but for now we only use one.

This allocator is by design separate from libpas. This is because we
want to isolate not only the backing memory but also all allocator
metadata and internal memory. To do this within libpas would require we
duplicate essentially the entire libpas heap hierarchy, from
pas_large_heap up to the various bootstrap heaps, and color them
according to which pool of pages they're supposed to pull from.

Performance-wise, turning this on has no effect at the moment, but the
hope is that in time it will prove to be a progression. The arena
semantics allow us to batch all frees from a given compiler pass into
one, reducing the actual cost of `free` to a no-op as well as reducing
the load on the scavenger. It also allows us to significantly simplify
the allocation path, removing some overhead even in the shortest-path
malloc case and making it possible to stick to the bump-allocation
regime without ever having to fall back on free lists or &c.

In time, we will need to add a persistent allocator which allocates from
the same pool as well -- something like SEQUESTERED_PERSISTENT_MALLOC.

With regards to the naming, I considered a couple of alternatives:
  - Protected JIT Arena Malloc
  - JIT Arena Malloc
  - Secure Arena Malloc
For the first two, I want to avoid using the term "JIT" as it's very
overloaded -- I've seen it refer to things relevant to
  A) The JIT compiler
  B) Allocating RWX memory
  C) Threads executing in previously JITted code
and so would like to avoid using it here. It also has the problem that
the short-form (JaMalloc) sounds a lot like jemalloc, which could cause
further confusion.
"Secure" would imply that libpas/FastMalloc are "insecure", which I also
want to avoid.
"Sequestered" is nice because it describes exactly what characterizes
this allocator: it uses memory sequestered from the rest of the system,
and it allocates it using an arena.
Thus SequesteredArenaMalloc.

* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/Sources.txt:
* Source/JavaScriptCore/jit/JIT.cpp:
(JSC::JIT::~JIT):
* Source/JavaScriptCore/jit/JIT.h:
* Source/JavaScriptCore/jit/JITAllocator.h:
* Source/JavaScriptCore/jit/JITWorklistThread.cpp:
* Source/JavaScriptCore/jit/SecureAllocator.cpp: Copied from Source/JavaScriptCore/jit/JITAllocator.h.
* Source/JavaScriptCore/jit/SecureAllocator.h: Copied from Source/JavaScriptCore/jit/JITAllocator.h.
* Source/JavaScriptCore/jit/SecureAllocatorInlines.h: Copied from Source/JavaScriptCore/jit/JITAllocator.h.
* Source/JavaScriptCore/runtime/InitializeThreading.cpp:
(JSC::initialize):
* Source/WTF/WTF.xcodeproj/project.pbxproj:
* Source/WTF/wtf/Bag.h:
* Source/WTF/wtf/CMakeLists.txt:
* Source/WTF/wtf/CheckedRef.h:
(WTF::CanMakeCheckedPtr::~CanMakeCheckedPtr):
(WTF::CanMakeThreadSafeCheckedPtr::~CanMakeThreadSafeCheckedPtr):
* Source/WTF/wtf/EmbeddedFixedVector.h:
* Source/WTF/wtf/FastMalloc.cpp:
(WTF::tryFastMalloc):
(WTF::fastMalloc):
(WTF::tryFastCalloc):
(WTF::fastCalloc):
(WTF::fastRealloc):
(WTF::tryFastRealloc):
(WTF::fastZeroedMalloc):
(WTF::tryFastZeroedMalloc):
(WTF::fastAlignedMalloc):
(WTF::tryFastAlignedMalloc):
(WTF::fastCompactMalloc):
(WTF::fastCompactZeroedMalloc):
(WTF::tryFastCompactZeroedMalloc):
(WTF::fastCompactRealloc):
(WTF::fastCompactAlignedMalloc):
(WTF::tryFastCompactAlignedMalloc):
(WTF::tryFastCompactMalloc):
(WTF::tryFastCompactRealloc):
(WTF::ForbidMallocUseForCurrentThreadScope::ForbidMallocUseForCurrentThreadScope): Deleted.
(WTF::ForbidMallocUseForCurrentThreadScope::~ForbidMallocUseForCurrentThreadScope): Deleted.
(WTF::DisableMallocRestrictionsForCurrentThreadScope::DisableMallocRestrictionsForCurrentThreadScope): Deleted.
(WTF::DisableMallocRestrictionsForCurrentThreadScope::~DisableMallocRestrictionsForCurrentThreadScope): Deleted.
* Source/WTF/wtf/FastMalloc.h:
(WTF::FastMalloc::fastFree):
(WTF::FastCompactMalloc::fastFree):
(WTF::ForbidMallocUseForCurrentThreadScope::~ForbidMallocUseForCurrentThreadScope): Deleted.
(WTF::DisableMallocRestrictionsForCurrentThreadScope::~DisableMallocRestrictionsForCurrentThreadScope): Deleted.
(WTF::TryMallocReturnValue::TryMallocReturnValue): Deleted.
(WTF::TryMallocReturnValue::~TryMallocReturnValue): Deleted.
(WTF::TryMallocReturnValue::getValue): Deleted.
* Source/WTF/wtf/FixedVector.h:
* Source/WTF/wtf/Forward.h:
* Source/WTF/wtf/MallocCommon.cpp: Copied from Source/JavaScriptCore/jit/JITAllocator.h.
(WTF::ForbidMallocUseForCurrentThreadScope::ForbidMallocUseForCurrentThreadScope):
(WTF::ForbidMallocUseForCurrentThreadScope::~ForbidMallocUseForCurrentThreadScope):
(WTF::DisableMallocRestrictionsForCurrentThreadScope::DisableMallocRestrictionsForCurrentThreadScope):
(WTF::DisableMallocRestrictionsForCurrentThreadScope::~DisableMallocRestrictionsForCurrentThreadScope):
(WTF::assertMallocRestrictionForCurrentThreadScope):
* Source/WTF/wtf/MallocCommon.h: Added.
(WTF::TryMallocReturnValue::TryMallocReturnValue):
(WTF::TryMallocReturnValue::~TryMallocReturnValue):
(WTF::TryMallocReturnValue::getValue):
(WTF::ForbidMallocUseForCurrentThreadScope::~ForbidMallocUseForCurrentThreadScope):
(WTF::DisableMallocRestrictionsForCurrentThreadScope::~DisableMallocRestrictionsForCurrentThreadScope):
(WTF::assertMallocRestrictionForCurrentThreadScope):
* Source/WTF/wtf/MallocSpan.h:
* Source/WTF/wtf/PlatformUse.h:
* Source/WTF/wtf/ProtectedJITMalloc.cpp: Added.
(WTF::sequesteredArenaSetMaxSingleAllocationSize):
(WTF::isSequesteredArenaMallocEnabled):
(WTF::sequesteredArenaMalloc):
(WTF::sequesteredArenaZeroedMalloc):
(WTF::sequesteredArenaCalloc):
(WTF::sequesteredArenaRealloc):
(WTF::sequesteredArenaFree):
(WTF::trySequesteredArenaMalloc):
(WTF::trySequesteredArenaZeroedMalloc):
(WTF::trySequesteredArenaCalloc):
(WTF::trySequesteredArenaRealloc):
(WTF::sequesteredArenaAlignedMalloc):
(WTF::trySequesteredArenaAlignedMalloc):
(WTF::sequesteredArenaAlignedFree):
(WTF::sequesteredArenaMallocStatistics):
(WTF::sequesteredArenaMallocDumpMallocStats):
* Source/WTF/wtf/ProtectedJITMalloc.h: Added.
(WTF::SequesteredArenaAllocator::SequesteredArenaAllocator):
(WTF::SequesteredArenaAllocator::allocate):
(WTF::SequesteredArenaAllocator::deallocate):
(WTF::operator==):
(WTF::SequesteredArenaMalloc::malloc):
(WTF::SequesteredArenaMalloc::tryMalloc):
(WTF::SequesteredArenaMalloc::zeroedMalloc):
(WTF::SequesteredArenaMalloc::tryZeroedMalloc):
(WTF::SequesteredArenaMalloc::realloc):
(WTF::SequesteredArenaMalloc::tryRealloc):
(WTF::SequesteredArenaMalloc::free):
(WTF::SequesteredArenaMalloc::nextCapacity):
(WTF::SequesteredArenaFree::operator() const):
* Source/WTF/wtf/ProtectedJITSpareFile.cpp: Added.
* Source/WTF/wtf/ProtectedJITSpareFile.h: Added.
* Source/WTF/wtf/SegmentedVector.h:
* Source/WTF/wtf/SequesteredAllocator.cpp: Added.
(WTF::SequesteredArenaAllocator::logLiveAllocationDebugInfos):
* Source/WTF/wtf/SequesteredAllocator.h: Added.
(WTF::ArenaLifetime::ArenaLifetime):
(WTF::ArenaLifetime::~ArenaLifetime):
(WTF::ArenaLifetime::isAlive):
* Source/WTF/wtf/SequesteredImmortalHeap.cpp: Added.
* Source/WTF/wtf/SequesteredImmortalHeap.h: Added.
(WTF::SequesteredImmortalHeap::instance):
(WTF::SequesteredImmortalHeap::allocateAndInstall):
(WTF::SequesteredImmortalHeap::getSlot):
(WTF::SequesteredImmortalHeap::computeSlotIndex):
(WTF::SequesteredImmortalHeap::scavenge):
(WTF::SequesteredImmortalHeap::mapPages):
(WTF::SequesteredImmortalHeap::SequesteredImmortalHeap):
(WTF::SequesteredImmortalHeap::getUnchecked):
(WTF::SequesteredImmortalHeap::threadIdForLogging):
* Source/WTF/wtf/StdLibExtras.h:
(WTF::makeUnique):
(WTF::makeUniqueWithoutRefCountedCheck):
* Source/WTF/wtf/ThreadSpecific.h:
(WTF::ThreadSpecific::Data::Data):
(WTF::mustBeCompilerThread>::ThreadSpecific):
(WTF::mustBeCompilerThread>::get):
(WTF::mustBeCompilerThread>::setInTLS):
(WTF::mustBeCompilerThread>::destroy):
(WTF::mustBeCompilerThread>::set):
(WTF::mustBeCompilerThread>::isSet):
(WTF::T):
(WTF::mustBeCompilerThread>::operator):
(WTF::canBeGCThread>::ThreadSpecific): Deleted.
(WTF::canBeGCThread>::get): Deleted.
(WTF::canBeGCThread>::setInTLS): Deleted.
(WTF::canBeGCThread>::destroy): Deleted.
(WTF::canBeGCThread>::set): Deleted.
(WTF::canBeGCThread>::isSet): Deleted.
(WTF::canBeGCThread>::operator): Deleted.
* Source/WTF/wtf/Threading.cpp:
* Source/WTF/wtf/UniqueRef.h:
(WTF::makeUniqueRefWithoutRefCountedCheck):
(WTF::makeUniqueRef):
* Source/WTF/wtf/Vector.h:
* Source/bmalloc/bmalloc/IsoHeap.h:
* Source/bmalloc/bmalloc/IsoHeapInlines.h:
* Source/bmalloc/bmalloc/TZoneHeap.h:
* Source/bmalloc/bmalloc/TZoneHeapInlines.h:

Canonical link: https://commits.webkit.org/291155@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list