RESOLVED FIXED 218646
Use address diversified PAC to ensure the integrity of opcode maps. 
https://bugs.webkit.org/show_bug.cgi?id=218646
Summary Use address diversified PAC to ensure the integrity of opcode maps.
Mark Lam
Reported 2020-11-05 21:05:56 PST
One reason for doing this is because space in the JSCConfig is premium, and may hurt RAMification scores whenever we add new opcodes. My putting the opcode maps in dirty global memory, we still use less memory because dirty global memory does not incur internal fragmentation like the JSConfig does.
Attachments
proposed patch. (28.68 KB, patch)
2020-11-05 21:46 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2020-11-05 21:46:34 PST
Created attachment 413403 [details] proposed patch.
Mark Lam
Comment 2 2020-11-05 22:30:54 PST
The following LLInt asm: macro nextInstruction() loadb [PB, PC, 1], t0 // line 331 or 332 leap _g_opcodeMap, t1 jmp [t1, t0, PtrSize], BytecodePtrTag, AddressDiversified // line 333 or 334 end ... used to compile to: // JavaScriptCore/llint/LowLevelInterpreter.asm:331 "\tadd x16, x26, x4, lsl #0\n" "\tldrb w0, [x16, #0]\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:331 #if OS(DARWIN) "\tL_offlineasm_loh_adrp_7:\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:1 "\tadrp x16, " LOCAL_REFERENCE(g_config) "@GOTPAGE\n" "\tL_offlineasm_loh_ldr_7:\n" "\tldr x16, [x16, " LOCAL_REFERENCE(g_config) "@GOTPAGEOFF]\n" #elif OS(LINUX) "\tadrp x16, :got:" LOCAL_REFERENCE(g_config) "\n" "\tldr x16, [x16, :got_lo12:" LOCAL_REFERENCE(g_config) "]\n" #else #error Missing globaladdr implementation #endif "\tadd x1, x16, #2848\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:1 "\tmovz x16, #6578, lsl #0\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:333 "\tadd x13, x1, x0, lsl #3\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:333 "\tldr x17, [x13, #0]\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:333 "\tmov x13, x16\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:333 "\tbrab x17, x13\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:333 ... now compiles to: "\tadd x13, x26, x4, lsl #0\n" "\tldrb w0, [x13, #0]\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:332 #if OS(DARWIN) "\tL_offlineasm_loh_adrp_8:\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:1 "\tadrp x1, " LOCAL_REFERENCE(g_opcodeMap) "@GOTPAGE\n" "\tL_offlineasm_loh_ldr_8:\n" "\tldr x1, [x1, " LOCAL_REFERENCE(g_opcodeMap) "@GOTPAGEOFF]\n" #elif OS(LINUX) "\tadrp x1, :got:" LOCAL_REFERENCE(g_opcodeMap) "\n" "\tldr x1, [x1, :got_lo12:" LOCAL_REFERENCE(g_opcodeMap) "]\n" #else #error Missing globaladdr implementation #endif "\tadd x13, x1, x0, lsl #3\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:334 "\tldr x17, [x13, #0]\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:334 "\tmovz x16, #6578, lsl #48\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:334 "\teor x16, x16, x13\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:334 "\tbrab x17, x16\n" // JavaScriptCore/llint/LowLevelInterpreter.asm:334
Yusuke Suzuki
Comment 3 2020-11-05 22:59:54 PST
Comment on attachment 413403 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=413403&action=review r=me > Source/JavaScriptCore/ChangeLog:13 > + Yes. For example, we need to add bunch of wasm opcodes more. And this soon exceeds the size of JSC::Config even in macOS. And increasing this size immediately becomes 1% regression in RAMiciation.
EWS
Comment 4 2020-11-06 07:50:53 PST
Committed r269511: <https://trac.webkit.org/changeset/269511> All reviewed patches have been landed. Closing bug and clearing flags on attachment 413403 [details].
Radar WebKit Bug Importer
Comment 5 2020-11-06 07:51:22 PST
<rdar://problem/71119131>
Note You need to log in before you can comment on or make changes to this bug.