src · 1d3a1c6f6672d15a276559224aef8bfbb7bc4ea0 · Linshizhi / V8

cppgc: Avoid fragmentation in NormalPageMemoryRegion · 1d3a1c6f

Anton Bikineev authored Aug 18, 2022

NormalPageMemoryRegion is a span of 10 pages, all of which must belong
to the same space. This requirement imposes a fragmentation issue for virtual space, which is not ideal for the current 2GB cage
configuration.

The CL fixes this by mixing pages of different spaces inside the same
NormalPageMemoryRegion. With cage it's actually not necessary anymore
to have NormalPageMemoryRegion, but we keep it to allow the code to be
uniform for cage/non-cage configurations.

There is no type confusion across spaces, since pages (even empty) are
never shared between spaces. In addition, the shared cage puts an
additional memory constraint on the GC. So, there is no security benefit
in having NormalPageMemoryRegion assigned to a single space.

Savings in reserved address space:
cnn:2021: 14%
facebook_infinite_scroll:2018: 23%

Bug: chromium:1325007, chromium:1352649
Change-Id: I7b49032d581dd56feb8633734a1f37803e9526c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840749Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82584}

1d3a1c6f

Name	Last commit	Last update
..
api		Loading commit data...
asmjs		Loading commit data...
ast		Loading commit data...
base		Loading commit data...
baseline		Loading commit data...
bigint		Loading commit data...
builtins		Loading commit data...
codegen		Loading commit data...
common		Loading commit data...
compiler		Loading commit data...
compiler-dispatcher		Loading commit data...
d8		Loading commit data...
date		Loading commit data...
debug		Loading commit data...
deoptimizer		Loading commit data...
diagnostics		Loading commit data...
execution		Loading commit data...
extensions		Loading commit data...
flags		Loading commit data...
handles		Loading commit data...
heap		Loading commit data...
ic		Loading commit data...
init		Loading commit data...
inspector		Loading commit data...
interpreter		Loading commit data...
json		Loading commit data...
libplatform		Loading commit data...
libsampler		Loading commit data...
logging		Loading commit data...
maglev		Loading commit data...
numbers		Loading commit data...
objects		Loading commit data...
parsing		Loading commit data...
profiler		Loading commit data...
protobuf		Loading commit data...
regexp		Loading commit data...
roots		Loading commit data...
runtime		Loading commit data...
sandbox		Loading commit data...
sanitizer		Loading commit data...
snapshot		Loading commit data...
strings		Loading commit data...
tasks		Loading commit data...
temporal		Loading commit data...
third_party		Loading commit data...
torque		Loading commit data...
tracing		Loading commit data...
trap-handler		Loading commit data...
utils		Loading commit data...
wasm		Loading commit data...
web-snapshot		Loading commit data...
zone		Loading commit data...
DEPS		Loading commit data...
DIR_METADATA		Loading commit data...
OWNERS		Loading commit data...