LibJS: Use NaN boxing to decrease the memory size of Values

Using the fact that there are 2^52-2 NaN representations we can "NaN-box" all the Values possible. This means that Value no longer has an explicit "Type" but that information is now stored in the bits of a double. This is done by "tagging" the top two bytes of the double. For a full explanation see the large comment with asserts at the top of Value. We can also use the exact representation of the tags to make checking properties like nullish, or is_cell quicker. But the largest gains are in the fact that the size of a Value is now halved. The SunSpider and other benchmarks have been ran to confirm that there are no regressions in performance compared to the previous implementation. The tests never performed worse and in some cases performed better. But the biggest differences can be seen in memory usage when large arrays are allocated. A simple test which allocates a 1000 arrays of size 100000 has roughly half the memory usage. There is also space in the representations for future expansions such as tuples and records. To ensure that Values on the stack and registers are not lost during garbage collection we also have to add a check to the Heap to check for any of the cell tags and extracting the canonical form of the pointer if it matches.
2025-07-26 05:47:34 +00:00 · 2022-02-25 01:26:52 +01:00 · 2022-02-25 01:26:52 +01:00 · e746360b9a
commit e746360b9a
parent 6c504e2bff
7 changed files with 391 additions and 259 deletions
--- a/Userland/Libraries/LibJS/Heap/Heap.cpp
+++ b/Userland/Libraries/LibJS/Heap/Heap.cpp
@ -136,15 +136,32 @@ __attribute__((no_sanitize("address"))) void Heap::gather_conservative_roots(Has

    auto* raw_jmp_buf = reinterpret_cast<FlatPtr const*>(buf);

+    auto add_possible_value = [&](FlatPtr data) {
+        if constexpr (sizeof(FlatPtr*) == sizeof(Value)) {
+            // Because Value stores pointers in non-canonical form we have to check if the top bytes
+            // match any pointer-backed tag, in that case we have to extract the pointer to its
+            // canonical form and add that as a possible pointer.
+            if ((data & SHIFTED_IS_CELL_PATTERN) == SHIFTED_IS_CELL_PATTERN)
+                possible_pointers.set((u64)(((i64)data << 16) >> 16));
+            else
+                possible_pointers.set(data);
+        } else {
+            static_assert((sizeof(Value) % sizeof(FlatPtr*)) == 0);
+            // In the 32-bit case we will look at the top and bottom part of Value separately we just
+            // add both the upper and lower bytes as possible pointers.
+            possible_pointers.set(data);
+        }
+    };
+
    for (size_t i = 0; i < ((size_t)sizeof(buf)) / sizeof(FlatPtr); i += sizeof(FlatPtr))
-        possible_pointers.set(raw_jmp_buf[i]);
+        add_possible_value(raw_jmp_buf[i]);

    auto stack_reference = bit_cast<FlatPtr>(&dummy);
    auto& stack_info = m_vm.stack_info();

    for (FlatPtr stack_address = stack_reference; stack_address < stack_info.top(); stack_address += sizeof(FlatPtr)) {
        auto data = *reinterpret_cast<FlatPtr*>(stack_address);
-        possible_pointers.set(data);
+        add_possible_value(data);
    }

    HashTable<HeapBlock*> all_live_heap_blocks;