Bug 208490 - Implement 1GB of executable memory on arm64
Summary: Implement 1GB of executable memory on arm64
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Saam Barati
URL:
Keywords: InRadar
Depends on: 208537
Blocks:
  Show dependency treegraph
 
Reported: 2020-03-02 17:26 PST by Saam Barati
Modified: 2020-04-06 11:19 PDT (History)
16 users (show)

See Also:

Attachments
WIP (25.30 KB, patch)
2020-03-03 13:08 PST, Saam Barati 		no flags Details | Formatted Diff | Diff
WIP (31.02 KB, patch)
2020-03-03 18:30 PST, Saam Barati 		no flags Details | Formatted Diff | Diff
WIP (34.82 KB, patch)
2020-03-03 21:25 PST, Saam Barati 		no flags Details | Formatted Diff | Diff
WIP (15.18 KB, patch)
2020-03-04 19:31 PST, Saam Barati 		no flags Details | Formatted Diff | Diff
WIP (15.86 KB, patch)
2020-03-05 12:44 PST, Saam Barati 		no flags Details | Formatted Diff | Diff
WIP (21.37 KB, patch)
2020-03-05 20:03 PST, Saam Barati 		no flags Details | Formatted Diff | Diff
WIP (22.24 KB, patch)
2020-03-06 17:53 PST, Saam Barati 		no flags Details | Formatted Diff | Diff
WIP (22.98 KB, patch)
2020-03-06 19:00 PST, Saam Barati 		no flags Details | Formatted Diff | Diff
WIP (61.82 KB, patch)
2020-03-08 14:08 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
WIP (61.83 KB, patch)
2020-03-08 14:12 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
WIP (62.68 KB, patch)
2020-03-08 14:22 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
WIP (66.27 KB, patch)
2020-03-09 18:34 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
WIP (66.14 KB, patch)
2020-03-09 20:16 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
WIP (83.06 KB, patch)
2020-03-10 16:04 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (115.96 KB, patch)
2020-03-12 13:07 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (115.96 KB, patch)
2020-03-12 13:14 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (116.72 KB, patch)
2020-03-12 14:23 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (116.84 KB, patch)
2020-03-12 14:28 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (120.59 KB, patch)
2020-03-12 14:37 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (122.24 KB, patch)
2020-03-12 19:06 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (122.57 KB, patch)
2020-03-12 19:34 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (123.26 KB, patch)
2020-03-12 20:50 PDT, Saam Barati 		keith_miller: review+
Details | Formatted Diff | Diff
patch for landing (132.38 KB, patch)
2020-03-25 13:18 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch for landing (132.38 KB, patch)
2020-03-26 12:29 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
Show Obsolete (23) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Saam Barati 2020-03-02 17:26:50 PST 
...
Comment 1 Saam Barati 2020-03-03 13:08:55 PST 
Created attachment 392317 [details]
WIP

It begins
Comment 2 Saam Barati 2020-03-03 18:30:25 PST 
Created attachment 392359 [details]
WIP
Comment 3 Saam Barati 2020-03-03 21:25:25 PST 
Created attachment 392370 [details]
WIP
Comment 4 Saam Barati 2020-03-04 19:31:58 PST 
Created attachment 392529 [details]
WIP
Comment 5 Saam Barati 2020-03-05 12:44:54 PST 
Created attachment 392608 [details]
WIP
Comment 6 Saam Barati 2020-03-05 20:03:45 PST 
Created attachment 392663 [details]
WIP
Comment 7 Saam Barati 2020-03-06 17:53:34 PST 
Created attachment 392822 [details]
WIP

Seems to work. Now, I need to implement freeing islands and pick the correct region sizes.
Comment 8 Saam Barati 2020-03-06 19:00:15 PST 
Created attachment 392836 [details]
WIP
Comment 9 Saam Barati 2020-03-08 14:08:22 PDT 
Created attachment 392983 [details]
WIP
Comment 10 Saam Barati 2020-03-08 14:12:01 PDT 
Created attachment 392984 [details]
WIP
Comment 11 Saam Barati 2020-03-08 14:22:55 PDT 
Created attachment 392985 [details]
WIP
Comment 12 Saam Barati 2020-03-09 18:34:12 PDT 
Created attachment 393107 [details]
WIP

I think it might be complete. Time to clean up the code
Comment 13 Saam Barati 2020-03-09 20:16:06 PDT 
Created attachment 393118 [details]
WIP

I need to make jump islands work with live repatching wasm code. Currently, we might load the wrong thing from the icache :-(
Comment 14 Saam Barati 2020-03-10 16:04:51 PDT 
Created attachment 393184 [details]
WIP
Comment 15 Saam Barati 2020-03-10 16:06:42 PDT 
(In reply to Saam Barati from comment #14)
> Created attachment 393184 [details]
> WIP

I solved my wasm bug. Turns out, when hot patching code concurrently, you need to do a few things to not SIGILL (surprise surprise...). I need to clean up the code again after my wasm debugging session, and then it should be ready for reviews.

Running JS2, and using the random allocation algorithm, our max jump island utilization rate is about 1%. So if we use 16MB, we should have a lot of leeway.
Comment 16 Saam Barati 2020-03-12 13:07:53 PDT 
Created attachment 393403 [details]
patch
Comment 17 Saam Barati 2020-03-12 13:14:46 PDT 
Created attachment 393406 [details]
patch
Comment 18 Saam Barati 2020-03-12 14:23:14 PDT 
Created attachment 393412 [details]
patch

try to fix testwtf build error
Comment 19 Saam Barati 2020-03-12 14:28:08 PDT 
Created attachment 393413 [details]
patch

testwtf build fix take 2
Comment 20 Saam Barati 2020-03-12 14:37:34 PDT 
Created attachment 393415 [details]
patch

testwtf build fix take 3
Comment 21 Saam Barati 2020-03-12 19:06:22 PDT 
Created attachment 393440 [details]
patch
Comment 22 Saam Barati 2020-03-12 19:34:00 PDT 
Created attachment 393444 [details]
patch
Comment 23 Saam Barati 2020-03-12 20:50:13 PDT 
Created attachment 393449 [details]
patch
Comment 24 Keith Miller 2020-03-13 11:31:51 PDT 
Comment on attachment 393449 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=393449&action=review

r=me if you make the requested changes and fix Win build.

> Source/JavaScriptCore/jit/ExecutableAllocator.cpp:113
> +#if USE(JUMP_ISLANDS)
> +static constexpr size_t fixedExecutableMemoryPoolSize = 1 * 1024 * 1024 * 1024;
> +// These sizes guarantee that any jump within an island can jump forwards or backwards
> +// to the adjacent island in a single instruction.
> +static constexpr size_t regionSize = 112 * 1024 * 1024;
> +static constexpr size_t islandRegionSize = 16 * 1024 * 1024;
> +static constexpr size_t numberOfRegions = fixedExecutableMemoryPoolSize / regionSize;
> +static constexpr size_t islandSizeInBytes = 4;
> +static constexpr size_t maxIslandsPerRegion = islandRegionSize / islandSizeInBytes;
> +#else
>  static constexpr size_t fixedExecutableMemoryPoolSize = 128 * 1024 * 1024;
> +#endif
>  #elif CPU(X86_64)
> -static constexpr size_t fixedExecutableMemoryPoolSize = 1024 * 1024 * 1024;
> +static constexpr size_t fixedExecutableMemoryPoolSize = 1 * 1024 * 1024 * 1024;

Can we switch to using the MB/GB constants here?

> Source/JavaScriptCore/jit/ExecutableAllocator.cpp:815
> +        CodeLocationLabel<ExecutableMemoryPtrTag> rootJumpLocation;

Can we call this jumpSourceLocation? rootJumpLocation doesn't really make it clear what this is to me. I thought it was the destination for a while, which clearly would have been borked.

> Source/JavaScriptCore/jit/ExecutableAllocator.cpp:824
> +    RedBlackTree<Islands, void*> islandsForJumpLocation;

ditto on changing this to m_islandsForJumpSourceLocation. You also don't have an m_ prefix which is weird.

> Source/JavaScriptCore/wasm/WasmBBQPlan.cpp:173
> +        for (unsigned i = 0; i < m_codeBlock->m_wasmToWasmCallsites.size(); ++i) {
> +            stageRepatch(m_codeBlock->m_wasmToWasmCallsites[i]);
> +            if (m_codeBlock->m_llintCallees) {
> +                LLIntCallee& llintCallee = m_codeBlock->m_llintCallees->at(i).get();
> +                if (JITCallee* replacementCallee = llintCallee.replacement())
> +                    stageRepatch(replacementCallee->wasmToWasmCallsites());
> +                if (OMGForOSREntryCallee* osrEntryCallee = llintCallee.osrEntryCallee())
> +                    stageRepatch(osrEntryCallee->wasmToWasmCallsites());
> +            }
> +            if (BBQCallee* bbqCallee = m_codeBlock->m_bbqCallees[i].get()) {
> +                if (OMGCallee* replacementCallee = bbqCallee->replacement())
> +                    stageRepatch(replacementCallee->wasmToWasmCallsites());
> +                if (OMGForOSREntryCallee* osrEntryCallee = bbqCallee->osrEntryCallee())
> +                    stageRepatch(osrEntryCallee->wasmToWasmCallsites());
> +            }
> +        }

Seems like we could have some code deduplication between the different plans... Can you do that?

> Tools/ChangeLog:8
> +        * Scripts/run-jsc-stress-tests:

I think you need to update this for the TestWTF changes? Can you also add a TestWTF for RedBlackTree::iterate?
Comment 25 Radar WebKit Bug Importer 2020-03-23 16:05:19 PDT 
<rdar://problem/60797127>
Comment 26 Saam Barati 2020-03-25 12:26:41 PDT 
I'm addressing Keith's comments.
Comment 27 Saam Barati 2020-03-25 13:18:17 PDT 
Created attachment 394534 [details]
patch for landing
Comment 28 Saam Barati 2020-03-26 12:29:44 PDT 
Created attachment 394639 [details]
patch for landing
Comment 29 EWS 2020-04-06 11:19:57 PDT 
Committed r259582: <https://trac.webkit.org/changeset/259582>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 394639 [details].