• Jakob Gruber's avatar
    [compiler] Don't serialize JSTypedArray fields · da785659
    Jakob Gruber authored
    This CL removes serialization of JSTypedArray fields when direct heap
    reads are enabled. Invariants we rely on:
    
    - Of the underlying interesting fields,
      - base_pointer and external_pointer are set either during
        initialization, or in a one-time on-to-off-heap transition in
        GetBuffer.
      - length and buffer are immutable after initialization.
    - is_on_heap and DataPtr derive from base_pointer and
      external_pointer s.t. is_on_heap == (base_pointer != 0) and
      DataPtr == external_pointer in the off-heap case.
    
    In this CL we add one new invariant:
    
    - For all base_pointer and external_pointer mutations after
      initialization, base_pointer is guaranteed to be release-stored
      after external_pointer has been written.
    
    With these invariants, concurrent access to off-heap typed arrays is
    trivial as long as is_on_heap (= base_pointer) is read before other
    relevant fields.
    
    Note that JSTypedArray remains a kSerializedHeapObject due to the
    serialized superclass JSObject.
    
    Drive-by: Remove unused Torque operators and empty TODOs.
    
    Bug: v8:7790
    Change-Id: I3c4327318f94e4e6083d4e87476069aad2649386
    Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
    Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679689
    Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#72572}
    da785659
js-heap-broker.cc 202 KB