Skip to content

[BISECT] Revert 7ad346c14cd4 (Gigacage→FastMalloc fold) on main#195

Open
sosukesuzuki wants to merge 1 commit intomainfrom
ipint-revert-gigacage-7ad346c1
Open

[BISECT] Revert 7ad346c14cd4 (Gigacage→FastMalloc fold) on main#195
sosukesuzuki wants to merge 1 commit intomainfrom
ipint-revert-gigacage-7ad346c1

Conversation

@sosukesuzuki
Copy link
Copy Markdown

@sosukesuzuki sosukesuzuki commented Apr 23, 2026

Reverts 7ad346c14cd4 ([Build Speed] 2s speedup in clean WTF+bmalloc build) — the only remaining commit in d924138..d550dd3 that touches Wasm memory backing (BufferMemoryHandle.cpp, WasmMemory.cpp, CagedPtr.h, Gigacage→FastMalloc fold, bmalloc heap changes) and was not part of #190's IPInt-asm reverts.

Windows-x64 pglite OutOfBoundsMemoryAccess (oven-sh/bun#29393) reproduces with JSC_useJIT=0 (IPInt-only, no tier-up) and does not reproduce with JSC_useWasmIPInt=0 (BBQ-only). #190's 8-revert build is byte-identical to pre-upgrade for InPlaceInterpreter*.asm, WasmIPIntSlowPaths.*, WasmIPIntGenerator.* and WasmFunctionIPIntMetadataGenerator.* yet still fails on CI — so the regression is in something IPInt reads, not IPInt code.

This commit changes how Wasm linear-memory backing storage is allocated/caged. If folding Gigacage into FastMalloc shifted the Windows path's boundsCheckingSize or memory-handle sizing, IPInt's pinned-register bounds check would mis-throw.

Not for merge — preview build only. Points the matching Bun PR's WEBKIT_VERSION here once the Windows preview lands.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 23, 2026

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2b4c3b79-3284-425a-8ba0-c4c4dcd6dcd7

📥 Commits

Reviewing files that changed from the base of the PR and between 7ab1748 and 1d58eec.

📒 Files selected for processing (26)
  • Source/JavaScriptCore/heap/GigacageAlignedMemoryAllocator.h
  • Source/JavaScriptCore/heap/StructureAlignedMemoryAllocator.h
  • Source/JavaScriptCore/jit/ExecutableAllocator.h
  • Source/JavaScriptCore/llint/LLIntOfflineAsmConfig.h
  • Source/JavaScriptCore/runtime/ArrayBuffer.cpp
  • Source/JavaScriptCore/runtime/BufferMemoryHandle.cpp
  • Source/JavaScriptCore/runtime/Butterfly.h
  • Source/JavaScriptCore/runtime/JSArrayBufferView.cpp
  • Source/JavaScriptCore/runtime/Options.cpp
  • Source/JavaScriptCore/runtime/VM.h
  • Source/JavaScriptCore/tools/IntegrityInlines.h
  • Source/JavaScriptCore/wasm/WasmMemory.cpp
  • Source/JavaScriptCore/wasm/js/JSToWasm.cpp
  • Source/WTF/WTF.xcodeproj/project.pbxproj
  • Source/WTF/wtf/CMakeLists.txt
  • Source/WTF/wtf/CagedPtr.h
  • Source/WTF/wtf/FastMalloc.cpp
  • Source/WTF/wtf/FastMalloc.h
  • Source/WTF/wtf/Gigacage.cpp
  • Source/WTF/wtf/Gigacage.h
  • Source/WTF/wtf/Threading.cpp
  • Source/WebCore/bindings/js/SerializedScriptValue.h
  • Source/bmalloc/bmalloc/SystemHeap.cpp
  • Source/bmalloc/libpas/src/libpas/bmalloc_heap.c
  • Source/bmalloc/libpas/src/libpas/bmalloc_heap_flex.c
  • Source/bmalloc/libpas/src/libpas/bmalloc_heap_iso.c
💤 Files with no reviewable changes (3)
  • Source/bmalloc/libpas/src/libpas/bmalloc_heap_flex.c
  • Source/WTF/wtf/FastMalloc.cpp
  • Source/WTF/wtf/FastMalloc.h

Walkthrough

This pull request refactors WebKit's memory allocation architecture by extracting Gigacage functionality from FastMalloc into dedicated Gigacage header and implementation files. Approximately 17 files update their includes to reference the new Gigacage module, while FastMalloc removes Gigacage-related declarations. Additional changes update build configurations and adjust symbol visibility in bmalloc's libpas layer.

Changes

Cohort / File(s) Summary
JavaScriptCore Include Migration
Source/JavaScriptCore/heap/GigacageAlignedMemoryAllocator.h, StructureAlignedMemoryAllocator.h, jit/ExecutableAllocator.h, llint/LLIntOfflineAsmConfig.h, runtime/ArrayBuffer.cpp, BufferMemoryHandle.cpp, Butterfly.h, JSArrayBufferView.cpp, Options.cpp, VM.h, tools/IntegrityInlines.h, wasm/WasmMemory.cpp, wasm/js/JSToWasm.cpp		 Replaced wtf/FastMalloc.h includes with wtf/Gigacage.h to align with relocated Gigacage allocation APIs.
WTF Include Migration
Source/WTF/wtf/CagedPtr.h, Source/WebCore/bindings/js/SerializedScriptValue.h		 Swapped wtf/FastMalloc.h for wtf/Gigacage.h to access Gigacage-related declarations.
Gigacage Module Creation
Source/WTF/wtf/Gigacage.h, Gigacage.cpp		 New files implement Gigacage namespace with allocation, deallocation, and virtual page management functions routing through bmalloc::api with profiling instrumentation and compiler fences.
FastMalloc Refactoring
Source/WTF/wtf/FastMalloc.h, FastMalloc.cpp		 Removed Gigacage namespace declarations and implementations, QoS class setters, and dependencies on Atomics.h and PageBlock.h (~127 lines deleted).
Build Configuration Updates
Source/WTF/WTF.xcodeproj/project.pbxproj, CMakeLists.txt		 Added Gigacage files to build phases and public headers; updated Xcode file references for CagedUniquePtr.h.
Threading QoS Configuration
Source/WTF/wtf/Threading.cpp		 Updated setGlobalMaxQOSClass to use bmalloc::api::setScavengerThreadQOSClass instead of removed FastMalloc function; added conditional bmalloc/bmalloc.h include.
Documentation Update
Source/bmalloc/bmalloc/SystemHeap.cpp		 Updated FIXME comment reference from wtf/FastMalloc.cpp to wtf/Gigacage.cpp.
libpas Symbol Visibility
Source/bmalloc/libpas/src/libpas/bmalloc_heap.c, bmalloc_heap_flex.c, bmalloc_heap_iso.c		 Removed PAS_BMALLOC_HIDDEN preprocessor guards from auxiliary and ISO allocation function definitions, making these symbols unconditionally exported.
🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Description check ❓ Inconclusive The PR description provides comprehensive context for a bisect/preview revert, explaining the regression investigation, hypothesis, and explicit 'Not for merge' status. However, it lacks the template structure (bug filing, Bugzilla link, formal commit message format) specified in the repository's pull request template. While the content is informative for a preview/bisect PR, consider adding the standard WebKit PR template elements (Bugzilla bug number/link and 'Reviewed by' placeholder) or explicitly document why the template is not applicable for this preview-only investigation PR.
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title '[BISECT] Revert 7ad346c (Gigacage→FastMalloc fold) on main' accurately describes the primary change: reverting a specific commit that folds Gigacage into FastMalloc, clearly indicating the main purpose and scope.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 23, 2026

Preview Builds

Commit Release Date
1d58eec1 autobuild-preview-pr-195-1d58eec1 2026-04-23 07:47:15 UTC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sosukesuzuki