• Georg Neis's avatar
    [turbofan] Preprocess feedback for global accesses (partially) · 04bb707e
    Georg Neis authored
    Main changes:
    - Rename ProcessedFeedback to ElementAccessFeedback and introduce a base class
      with the old name ProcessedFeedback.
    - Introduce another kind of ProcessedFeedback, namely GlobalAccessFeedback for
      the LoadGlobal/StoreGlobal IC. It's either a PropertyCell or a script context
      slot.
    - Produce such processed feedback in the serializer, when visiting LdaGlobal and
      similar bytecodes.
    - Consume it, and disallow heap access, in JSNativeContextSpecialization's
      ReduceJSLoadGlobal and ReduceJSStoreGlobal (for --concurrent-inlining).
    
    Minor changes:
    - Introduce a FeedbackSource class (pair of FeedbackVector and FeedbackSlot)
      that is used as the key of the processed feedback hash table. We already have
      two similar classes, FeedbackNexus and VectorSlotPair, but both are unsuitable
      for technical reasons (e.g. FeedbackNexus construction accesses the heap).
      Eventually we should remove VectorSlotPair.
    - Processed feedback is now returned as a pointer, which is nullptr if the
      original feedback wasn't interesting (e.g. megamorphic).
    
    The title says "partially" because the CL doesn't yet take into account named
    accesses where the receiver happens to be the global proxy.
    
    Bug: v8:7790
    Change-Id: I4404d98636b91a8f2d5667115944bae4773a4770
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518184
    Commit-Queue: Georg Neis <neis@chromium.org>
    Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#60240}
    04bb707e
js-heap-broker.cc 109 KB