• Jakob Gruber's avatar
    Reland "[compiler] Don't serialize JSTypedArray fields" · 28105df3
    Jakob Gruber authored
    This is a reland of da785659
    
    The reland overrides ShouldHaveBeenSerialized for typed array
    refs to avoid disabling related optimizations when direct heap
    access is enabled.
    
    Original change's description:
    > [compiler] Don't serialize JSTypedArray fields
    >
    > This CL removes serialization of JSTypedArray fields when direct heap
    > reads are enabled. Invariants we rely on:
    >
    > - Of the underlying interesting fields,
    >   - base_pointer and external_pointer are set either during
    >     initialization, or in a one-time on-to-off-heap transition in
    >     GetBuffer.
    >   - length and buffer are immutable after initialization.
    > - is_on_heap and DataPtr derive from base_pointer and
    >   external_pointer s.t. is_on_heap == (base_pointer != 0) and
    >   DataPtr == external_pointer in the off-heap case.
    >
    > In this CL we add one new invariant:
    >
    > - For all base_pointer and external_pointer mutations after
    >   initialization, base_pointer is guaranteed to be release-stored
    >   after external_pointer has been written.
    >
    > With these invariants, concurrent access to off-heap typed arrays is
    > trivial as long as is_on_heap (= base_pointer) is read before other
    > relevant fields.
    >
    > Note that JSTypedArray remains a kSerializedHeapObject due to the
    > serialized superclass JSObject.
    >
    > Drive-by: Remove unused Torque operators and empty TODOs.
    >
    > Bug: v8:7790
    > Change-Id: I3c4327318f94e4e6083d4e87476069aad2649386
    > Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
    > Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
    > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679689
    > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    > Reviewed-by: Georg Neis <neis@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#72572}
    
    Bug: v8:7790
    Change-Id: I87b37de983e8cf89ca53b5efae7ab195781f3df5
    Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
    Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689182Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
    Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#72652}
    28105df3
js-heap-broker.cc 202 KB