Bug 198453

Summary: Reenable Gigacage on ARM64.
Product: WebKit Reporter: Keith Miller <keith_miller>
Component: JavaScriptCoreAssignee: Keith Miller <keith_miller>
Status: REOPENED    
Severity: Normal CC: benjamin, cdumez, cmarcelo, commit-queue, dbates, dean_johnson, ews-watchlist, fpizlo, mark.lam, msaboff, pvollan, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 198486, 198698    
Bug Blocks:    
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch for landing none

Keith Miller
Reported 2019-06-01 10:43:38 PDT
Reenable Gigacage on ARM64.
Attachments
Patch (11.04 KB, patch)
2019-06-01 10:47 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch (31.72 KB, patch)
2019-06-06 05:19 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch (31.46 KB, patch)
2019-06-06 05:27 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch for landing (31.42 KB, patch)
2019-06-06 05:39 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Keith Miller
Comment 1 2019-06-01 10:47:57 PDT
Created attachment 371113 [details] Patch
Keith Miller
Comment 2 2019-06-01 10:49:58 PDT
Comment on attachment 371113 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=371113&action=review > Source/JavaScriptCore/ChangeLog:11 > + Gigacaging would otherwise strip a PAC failed authenticate bit we > + force a load of the pointer into some garbage register. I was thinking this would be free because we would load the length from the base of the pointer anyway. Unfortunately, that is only true for butterflies and not for TypedArray storage. I'm not sure what the right fix is... perhaps this is still fine but it's probably better to not pollute the caching hierarchy...
WebKit Commit Bot
Comment 3 2019-06-02 13:02:06 PDT
Comment on attachment 371113 [details] Patch Clearing flags on attachment: 371113 Committed r246022: <https://trac.webkit.org/changeset/246022>
WebKit Commit Bot
Comment 4 2019-06-02 13:02:08 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 5 2019-06-02 13:03:40 PDT
<rdar://problem/51340879>
WebKit Commit Bot
Comment 6 2019-06-03 09:45:03 PDT
Re-opened since this is blocked by bug 198486
Dean Johnson
Comment 7 2019-06-03 14:44:35 PDT
Note: Internal tests also show a 3-5x magnitude performance regression on arm64e, compared to arm64. Probably a bug there.
Saam Barati
Comment 8 2019-06-05 13:24:55 PDT
Gonna take this over since Keith is busy at the moment with standards meetings.
Keith Miller
Comment 9 2019-06-06 05:19:54 PDT
Created attachment 371487 [details] Patch
Keith Miller
Comment 10 2019-06-06 05:22:32 PDT
(In reply to Saam Barati from comment #8) > Gonna take this over since Keith is busy at the moment with standards > meetings. But I have a patch!
Keith Miller
Comment 11 2019-06-06 05:27:00 PDT
Created attachment 371488 [details] Patch
Michael Saboff
Comment 12 2019-06-06 05:38:11 PDT
Comment on attachment 371488 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=371488&action=review r=me with one comment. > Source/JavaScriptCore/offlineasm/instructions.rb:276 > + "bfiq", # Bit field insert <source reg> <width immediate> <last bit written> <dest reg> The order of width and last bit written seem to be backwards.
Keith Miller
Comment 13 2019-06-06 05:39:16 PDT
Created attachment 371490 [details] Patch for landing
WebKit Commit Bot
Comment 14 2019-06-06 06:21:03 PDT
Comment on attachment 371490 [details] Patch for landing Clearing flags on attachment: 371490 Committed r246150: <https://trac.webkit.org/changeset/246150>
WebKit Commit Bot
Comment 15 2019-06-06 06:21:05 PDT
All reviewed patches have been landed. Closing bug.
Saam Barati
Comment 16 2019-06-06 08:41:54 PDT
Comment on attachment 371490 [details] Patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=371490&action=review > Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:6846 > + m_jit.cageWithoutUntaging(Gigacage::JSValue, dataGPR); “Untaging” => “Untagging”
Saam Barati
Comment 17 2019-06-06 08:42:15 PDT
(In reply to Keith Miller from comment #10) > (In reply to Saam Barati from comment #8) > > Gonna take this over since Keith is busy at the moment with standards > > meetings. > > But I have a patch! 👍🏼
Saam Barati
Comment 18 2019-06-06 08:42:41 PDT
What was the perf regression from the prior patch?
Keith Miller
Comment 19 2019-06-06 11:48:43 PDT
(In reply to Saam Barati from comment #18) > What was the perf regression from the prior patch? I was forcing a load of the untagged PC before passing it off to the gigacage stripping code.
Keith Miller
Comment 20 2019-06-06 11:51:04 PDT
Comment on attachment 371490 [details] Patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=371490&action=review >> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:6846 >> + m_jit.cageWithoutUntaging(Gigacage::JSValue, dataGPR); > > “Untaging” => “Untagging” I uploaded a patch to fix the typo: https://bugs.webkit.org/show_bug.cgi?id=198617
WebKit Commit Bot
Comment 21 2019-06-09 13:24:40 PDT
Re-opened since this is blocked by bug 198698
Note You need to log in before you can comment on or make changes to this bug.