commit 238d3985b1f0f80d010bb6f6d6166b9ae141574c
parent 68cbdbcf72b8fd0f2ca0267f55b472ff8c956d71
Author: Jon Coppeard <jcoppeard@mozilla.com>
Date: Wed, 8 Oct 2025 14:38:58 +0000
Bug 1993004 - Fix memory size reporting for Wasm GC things now they use the buffer allocator instead of malloc r=jseward
This commons up the code to get the size and removes the now-unused
TrailerBlockOverhead constant.
Differential Revision: https://phabricator.services.mozilla.com/D267960
Diffstat:
4 files changed, 59 insertions(+), 46 deletions(-)
diff --git a/js/src/jit-test/tests/wasm/gc/bug-1993004.js b/js/src/jit-test/tests/wasm/gc/bug-1993004.js
@@ -0,0 +1,41 @@
+newGlobal({ newCompartment: true }).Debugger(this).memory.trackingAllocationSites = true;
+function b(binary) {
+ try {
+ let c = new WebAssembly.Module(binary);
+ new WebAssembly.Instance(c);
+ } catch {}
+}
+function d(e ) {
+ b(wasmTextToBinary(e));
+}
+f = `
+(module
+ (type $g ( struct))
+ (type $h (sub (struct
+ (field i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64(mut eqref)))))
+ (func $i
+ (struct.set $h 18
+ (struct.new $h
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ i64.const 0
+ ref.null eq)
+ struct.new $g))
+ (start $i))
+`;
+d(f);
diff --git a/js/src/vm/JSObject.cpp b/js/src/vm/JSObject.cpp
@@ -3258,11 +3258,11 @@ void JSObject::addSizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf,
info->objectsMallocHeapMisc +=
as<WeakCollectionObject>().sizeOfExcludingThis(mallocSizeOf);
} else if (is<WasmStructObject>()) {
- WasmStructObject::addSizeOfExcludingThis(this, mallocSizeOf, info,
- runtimeSizes);
+ const WasmStructObject& s = as<WasmStructObject>();
+ info->objectsMallocHeapSlots += s.sizeOfExcludingThis();
} else if (is<WasmArrayObject>()) {
- WasmArrayObject::addSizeOfExcludingThis(this, mallocSizeOf, info,
- runtimeSizes);
+ const WasmArrayObject& a = as<WasmArrayObject>();
+ info->objectsMallocHeapElementsNormal += a.sizeOfExcludingThis();
}
#ifdef JS_HAS_CTYPES
else {
@@ -3296,14 +3296,10 @@ size_t JSObject::sizeOfIncludingThisInNursery(
}
} else if (is<WasmStructObject>()) {
const WasmStructObject& s = as<WasmStructObject>();
- if (s.outlineData_) {
- size += mallocSizeOf(s.outlineData_);
- }
+ size += s.sizeOfExcludingThis();
} else if (is<WasmArrayObject>()) {
const WasmArrayObject& a = as<WasmArrayObject>();
- if (!a.isDataInline()) {
- size += mallocSizeOf(a.dataHeader());
- }
+ size += a.sizeOfExcludingThis();
}
return size;
diff --git a/js/src/wasm/WasmGcObject.cpp b/js/src/wasm/WasmGcObject.cpp
@@ -252,13 +252,12 @@ static void WriteValTo(const Val& val, StorageType ty, void* dest) {
// WasmArrayObject
/* static */
-void js::WasmArrayObject::addSizeOfExcludingThis(
- JSObject* obj, mozilla::MallocSizeOf mallocSizeOf, JS::ClassInfo* info,
- JS::RuntimeSizes* runtimeSizes) {
- const WasmArrayObject& a = obj->as<WasmArrayObject>();
- if (!a.isDataInline()) {
- info->objectsMallocHeapElementsNormal += mallocSizeOf(a.dataHeader());
+size_t js::WasmArrayObject::sizeOfExcludingThis() const {
+ if (!isDataInline() || !gc::IsBufferAlloc(dataHeader())) {
+ return 0;
}
+
+ return gc::GetAllocSize(zone(), dataHeader());
}
/* static */
@@ -404,13 +403,12 @@ js::gc::AllocKind js::WasmStructObject::allocKindForTypeDef(
}
/* static */
-void js::WasmStructObject::addSizeOfExcludingThis(
- JSObject* obj, mozilla::MallocSizeOf mallocSizeOf, JS::ClassInfo* info,
- JS::RuntimeSizes* runtimeSizes) {
- const WasmStructObject& s = obj->as<WasmStructObject>();
- if (s.outlineData_) {
- info->objectsMallocHeapSlots += mallocSizeOf(s.outlineData_);
+size_t js::WasmStructObject::sizeOfExcludingThis() const {
+ if (!outlineData_ || !gc::IsBufferAlloc(outlineData_)) {
+ return 0;
}
+
+ return gc::GetAllocSize(zone(), outlineData_);
}
bool WasmStructObject::getField(JSContext* cx, uint32_t index,
diff --git a/js/src/wasm/WasmGcObject.h b/js/src/wasm/WasmGcObject.h
@@ -22,22 +22,6 @@
#include "wasm/WasmTypeDef.h"
#include "wasm/WasmValType.h"
-namespace js::wasm {
-
-// For trailer blocks whose owning Wasm{Struct,Array}Objects make it into the
-// tenured heap, we have to tell the tenured heap how big those trailers are
-// in order to get major GCs to happen sufficiently frequently. In an attempt
-// to make the numbers more accurate, for each block we overstate the size by
-// the following amount, on the assumption that:
-//
-// * mozjemalloc has an overhead of at least one word per block
-//
-// * the malloc-cache mechanism rounds up small block sizes to the nearest 16;
-// hence the average increase is 16 / 2.
-static const size_t TrailerBlockOverhead = (16 / 2) + (1 * sizeof(void*));
-
-} // namespace js::wasm
-
namespace js {
//=========================================================================
@@ -214,10 +198,7 @@ class WasmArrayObject : public WasmGcObject,
static inline constexpr uint32_t maxInlineElementsForElemSize(
uint32_t elemSize);
- static void addSizeOfExcludingThis(JSObject* obj,
- mozilla::MallocSizeOf mallocSizeOf,
- JS::ClassInfo* info,
- JS::RuntimeSizes* runtimeSizes);
+ size_t sizeOfExcludingThis() const;
using DataHeader = uintptr_t;
static const DataHeader DataIsIL = 0;
@@ -357,10 +338,7 @@ class WasmStructObject : public WasmGcObject,
return n;
}
- static void addSizeOfExcludingThis(JSObject* obj,
- mozilla::MallocSizeOf mallocSizeOf,
- JS::ClassInfo* info,
- JS::RuntimeSizes* runtimeSizes);
+ size_t sizeOfExcludingThis() const;
static const JSClass* classForTypeDef(const wasm::TypeDef* typeDef);
static js::gc::AllocKind allocKindForTypeDef(const wasm::TypeDef* typeDef);
