• Jakob Gruber's avatar
    Revert "[compiler] Don't serialize JSTypedArray fields" · 5e568739
    Jakob Gruber authored
    This reverts commit da785659.
    
    Reason for revert: Investigating regressions https://chromeperf.appspot.com/group_report?rev=72572
    
    Original change's description:
    > [compiler] Don't serialize JSTypedArray fields
    >
    > This CL removes serialization of JSTypedArray fields when direct heap
    > reads are enabled. Invariants we rely on:
    >
    > - Of the underlying interesting fields,
    >   - base_pointer and external_pointer are set either during
    >     initialization, or in a one-time on-to-off-heap transition in
    >     GetBuffer.
    >   - length and buffer are immutable after initialization.
    > - is_on_heap and DataPtr derive from base_pointer and
    >   external_pointer s.t. is_on_heap == (base_pointer != 0) and
    >   DataPtr == external_pointer in the off-heap case.
    >
    > In this CL we add one new invariant:
    >
    > - For all base_pointer and external_pointer mutations after
    >   initialization, base_pointer is guaranteed to be release-stored
    >   after external_pointer has been written.
    >
    > With these invariants, concurrent access to off-heap typed arrays is
    > trivial as long as is_on_heap (= base_pointer) is read before other
    > relevant fields.
    >
    > Note that JSTypedArray remains a kSerializedHeapObject due to the
    > serialized superclass JSObject.
    >
    > Drive-by: Remove unused Torque operators and empty TODOs.
    >
    > Bug: v8:7790
    > Change-Id: I3c4327318f94e4e6083d4e87476069aad2649386
    > Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
    > Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
    > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679689
    > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    > Reviewed-by: Georg Neis <neis@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#72572}
    
    TBR=neis@chromium.org,jgruber@chromium.org
    
    Change-Id: I5a7e6bacb7b7a3e3510c778837679e6822f26339
    No-Presubmit: true
    No-Tree-Checks: true
    No-Try: true
    Bug: v8:7790
    Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
    Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2681948Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
    Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#72583}
    5e568739
js-heap-broker.cc 200 KB