• Wenyu Zhao's avatar
    Allowing map word to be used for other state in GC header. · 5e0b94c4
    Wenyu Zhao authored
    This CL adds features to pack/unpack map words.
    
    Currently V8 cannot store extra metadata in object headers -- because V8
    objects do not have a proper header, but only a map pointer at the start
    of the object. To store per-object metadata like marking data, a side
    table is required as the per-object metadata storage.
    
    This CL enables V8 to use higher unused bits in a 64-bit map word as
    per-object metadata storage. Map pointer stores come with an extra step
    to encode the metadata into the pointer (we call it "map packing").
    Map pointer loads will also remove the metadata bits as well (we call it
    "map packing").
    
    Since the map word is no longer a valid pointer after packing, we also
    change the tag of the packed map word to make it looks like a Smi. This
    helps various GC and barrier code to correctly skip them instead of
    blindly dereferencing this invalid pointer.
    
    A ninja flag `v8_enable_map_packing` is provided to turn this
    map-packing feature on and off. It is disabled by default.
    
    * Only works on x64 platform, with `v8_enable_pointer_compression`
      set to `false`
    
    Bug: v8:11624
    Change-Id: Ia2bdf79553945e5fc0b0874c87803d2cc733e073
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247561Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
    Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
    Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
    Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
    Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#73915}
    5e0b94c4
js-create-lowering.cc 81.5 KB