• Jakob Gruber's avatar
    Reland "[compiler] Direct heap reads for JSArrayRef" · 2e844377
    Jakob Gruber authored
    This is a reland of 76a2ab06
    
    Changes since the original CL:
    - Handle unserialized elements (optional result in getter).
    - Merge should_access_heap and --turbo-direct-heap-access paths.
    - Slightly update the serialized path in GetOwnCowElement.
    - Fix the cctest, add a regression test.
    
    Atomic JSObject::elements/JSArray::length setters are addressed
    in this CL: crrev.com/c/2704076.
    
    Original change's description:
    > [compiler] Direct heap reads for JSArrayRef
    >
    > There are two aspects to the non-JSObject parts of JSArrayRef:
    >
    > - JSArrayRef::length. Relevant only in two spots, 1. when reading
    > (immutable) array boilerplates and 2. for GetOwnCowElement.
    >
    > - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing
    > store. Relies on the invariant that cow backing stores are immutable.
    >
    > This CL renames the length accessor to length_unsafe to make the
    > danger explicit at callsites.
    >
    > For GetOwnCowElement the refactor is slightly larger, since we now
    > need to read into the backing store while keeping full control of
    > object reads (e.g. JSArray::length and JSArray::elements_kind). We
    > make all reads explicit at the call site by requiring that elements,
    > elements kind, and length are passed in as arguments to
    > GetOwnCowElement. Inside GetOwnCowElement, consistency between these
    > is *not* guaranteed due to concurrency. At runtime, consistency *is*
    > guaranteed through the reference-equality check on the elements seen
    > during compilation. The actual elements read is implemented in
    > ConcurrentLookupIterator::GetOwnCowElement.
    >
    > Bug: v8:7790
    > Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995
    > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403
    > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    > Reviewed-by: Georg Neis <neis@chromium.org>
    > Reviewed-by: Igor Sheludko <ishell@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#72834}
    
    Bug: v8:7790
    Change-Id: I7577ad554992cafff81099a28c34f27db9bd8042
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710431
    Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
    Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#72904}
    2e844377
js-array-inl.h 2.87 KB