Commit 09faa661 authored by Wenyu Zhao's avatar Wenyu Zhao Committed by V8 LUCI CQ

Reland "[csa] Remove InnerAllocate and replace with non-folded allocations"

The initial CL is suspected to break the --predictable CI.
But looks like the CI is still crashing and also flaky after the
revert. So reland it again.

This is a reland of 59d58d72

Original change's description:
> [csa] Remove InnerAllocate and replace with non-folded allocations
>
> This CL removes all uses of InnerAllocate (except memento allocations)
> and replace with non-folded allocations. The change is based on the
> fact that 1. Those InnerAllocates are not guarded by --allocation-folding
> flag. 2. Hopefully the MemoryOptimizer can handle the folding and no
> performance regression will happen.
>
> Two special versions of InnerAllocate is still kept:
> * One for memento allocations (renamed to InnerAllocateMemento).
> * One for AllocateUninitializedJSArrayWithElements (renamed to InnerAllocateElements).
>
> Change-Id: Ie77da6b2fba31b048241f7b7d927065305a01c27
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2873767
> Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74899}

Change-Id: I540c3a6b6e3f7c70c048f8ad1e5f702287fb086b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2946667
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75015}
parent fd9d6fef
...@@ -103,19 +103,14 @@ TF_BUILTIN(AsyncFunctionEnter, AsyncFunctionBuiltinsAssembler) { ...@@ -103,19 +103,14 @@ TF_BUILTIN(AsyncFunctionEnter, AsyncFunctionBuiltinsAssembler) {
IntPtrConstant(0), parameters_and_register_length, IntPtrConstant(0), parameters_and_register_length,
RootIndex::kUndefinedValue); RootIndex::kUndefinedValue);
// Allocate space for the promise, the async function object. // Allocate and initialize the promise.
TNode<IntPtrT> size = IntPtrConstant(JSPromise::kSizeWithEmbedderFields +
JSAsyncFunctionObject::kHeaderSize);
TNode<HeapObject> base = AllocateInNewSpace(size);
// Initialize the promise.
TNode<NativeContext> native_context = LoadNativeContext(context); TNode<NativeContext> native_context = LoadNativeContext(context);
TNode<JSFunction> promise_function = TNode<JSFunction> promise_function =
CAST(LoadContextElement(native_context, Context::PROMISE_FUNCTION_INDEX)); CAST(LoadContextElement(native_context, Context::PROMISE_FUNCTION_INDEX));
TNode<Map> promise_map = LoadObjectField<Map>( TNode<Map> promise_map = LoadObjectField<Map>(
promise_function, JSFunction::kPrototypeOrInitialMapOffset); promise_function, JSFunction::kPrototypeOrInitialMapOffset);
TNode<JSPromise> promise = UncheckedCast<JSPromise>( TNode<JSPromise> promise = UncheckedCast<JSPromise>(
InnerAllocate(base, JSAsyncFunctionObject::kHeaderSize)); AllocateInNewSpace(JSPromise::kSizeWithEmbedderFields));
StoreMapNoWriteBarrier(promise, promise_map); StoreMapNoWriteBarrier(promise, promise_map);
StoreObjectFieldRoot(promise, JSPromise::kPropertiesOrHashOffset, StoreObjectFieldRoot(promise, JSPromise::kPropertiesOrHashOffset,
RootIndex::kEmptyFixedArray); RootIndex::kEmptyFixedArray);
...@@ -123,11 +118,12 @@ TF_BUILTIN(AsyncFunctionEnter, AsyncFunctionBuiltinsAssembler) { ...@@ -123,11 +118,12 @@ TF_BUILTIN(AsyncFunctionEnter, AsyncFunctionBuiltinsAssembler) {
RootIndex::kEmptyFixedArray); RootIndex::kEmptyFixedArray);
PromiseInit(promise); PromiseInit(promise);
// Initialize the async function object. // Allocate and initialize the async function object.
TNode<Map> async_function_object_map = CAST(LoadContextElement( TNode<Map> async_function_object_map = CAST(LoadContextElement(
native_context, Context::ASYNC_FUNCTION_OBJECT_MAP_INDEX)); native_context, Context::ASYNC_FUNCTION_OBJECT_MAP_INDEX));
TNode<JSAsyncFunctionObject> async_function_object = TNode<JSAsyncFunctionObject> async_function_object =
UncheckedCast<JSAsyncFunctionObject>(base); UncheckedCast<JSAsyncFunctionObject>(
AllocateInNewSpace(JSAsyncFunctionObject::kHeaderSize));
StoreMapNoWriteBarrier(async_function_object, async_function_object_map); StoreMapNoWriteBarrier(async_function_object, async_function_object_map);
StoreObjectFieldRoot(async_function_object, StoreObjectFieldRoot(async_function_object,
JSAsyncFunctionObject::kPropertiesOrHashOffset, JSAsyncFunctionObject::kPropertiesOrHashOffset,
......
...@@ -30,17 +30,10 @@ TNode<Object> AsyncBuiltinsAssembler::AwaitOld( ...@@ -30,17 +30,10 @@ TNode<Object> AsyncBuiltinsAssembler::AwaitOld(
TNode<Oddball> is_predicted_as_caught) { TNode<Oddball> is_predicted_as_caught) {
const TNode<NativeContext> native_context = LoadNativeContext(context); const TNode<NativeContext> native_context = LoadNativeContext(context);
static const int kWrappedPromiseOffset = static const int kClosureContextSize =
FixedArray::SizeFor(Context::MIN_CONTEXT_EXTENDED_SLOTS); FixedArray::SizeFor(Context::MIN_CONTEXT_EXTENDED_SLOTS);
static const int kResolveClosureOffset = TNode<Context> closure_context =
kWrappedPromiseOffset + JSPromise::kSizeWithEmbedderFields; UncheckedCast<Context>(AllocateInNewSpace(kClosureContextSize));
static const int kRejectClosureOffset =
kResolveClosureOffset + JSFunction::kSizeWithoutPrototype;
static const int kTotalSize =
kRejectClosureOffset + JSFunction::kSizeWithoutPrototype;
TNode<HeapObject> base = AllocateInNewSpace(kTotalSize);
TNode<Context> closure_context = UncheckedCast<Context>(base);
{ {
// Initialize the await context, storing the {generator} as extension. // Initialize the await context, storing the {generator} as extension.
TNode<Map> map = CAST( TNode<Map> map = CAST(
...@@ -73,9 +66,9 @@ TNode<Object> AsyncBuiltinsAssembler::AwaitOld( ...@@ -73,9 +66,9 @@ TNode<Object> AsyncBuiltinsAssembler::AwaitOld(
kTaggedSize))); kTaggedSize)));
TNode<JSPromise> promise; TNode<JSPromise> promise;
{ {
// Initialize Promise // Allocate and initialize Promise
TNode<HeapObject> wrapped_value = TNode<HeapObject> wrapped_value =
InnerAllocate(base, kWrappedPromiseOffset); AllocateInNewSpace(JSPromise::kSizeWithEmbedderFields);
StoreMapNoWriteBarrier(wrapped_value, promise_map); StoreMapNoWriteBarrier(wrapped_value, promise_map);
StoreObjectFieldRoot(wrapped_value, JSPromise::kPropertiesOrHashOffset, StoreObjectFieldRoot(wrapped_value, JSPromise::kPropertiesOrHashOffset,
RootIndex::kEmptyFixedArray); RootIndex::kEmptyFixedArray);
...@@ -85,13 +78,15 @@ TNode<Object> AsyncBuiltinsAssembler::AwaitOld( ...@@ -85,13 +78,15 @@ TNode<Object> AsyncBuiltinsAssembler::AwaitOld(
PromiseInit(promise); PromiseInit(promise);
} }
// Initialize resolve handler // Allocate and initialize resolve handler
TNode<HeapObject> on_resolve = InnerAllocate(base, kResolveClosureOffset); TNode<HeapObject> on_resolve =
AllocateInNewSpace(JSFunction::kSizeWithoutPrototype);
InitializeNativeClosure(closure_context, native_context, on_resolve, InitializeNativeClosure(closure_context, native_context, on_resolve,
on_resolve_sfi); on_resolve_sfi);
// Initialize reject handler // Allocate and initialize reject handler
TNode<HeapObject> on_reject = InnerAllocate(base, kRejectClosureOffset); TNode<HeapObject> on_reject =
AllocateInNewSpace(JSFunction::kSizeWithoutPrototype);
InitializeNativeClosure(closure_context, native_context, on_reject, InitializeNativeClosure(closure_context, native_context, on_reject,
on_reject_sfi); on_reject_sfi);
...@@ -118,19 +113,14 @@ TNode<Object> AsyncBuiltinsAssembler::AwaitOptimized( ...@@ -118,19 +113,14 @@ TNode<Object> AsyncBuiltinsAssembler::AwaitOptimized(
TNode<Oddball> is_predicted_as_caught) { TNode<Oddball> is_predicted_as_caught) {
const TNode<NativeContext> native_context = LoadNativeContext(context); const TNode<NativeContext> native_context = LoadNativeContext(context);
static const int kResolveClosureOffset =
FixedArray::SizeFor(Context::MIN_CONTEXT_EXTENDED_SLOTS);
static const int kRejectClosureOffset =
kResolveClosureOffset + JSFunction::kSizeWithoutPrototype;
static const int kTotalSize =
kRejectClosureOffset + JSFunction::kSizeWithoutPrototype;
// 2. Let promise be ? PromiseResolve(« promise »). // 2. Let promise be ? PromiseResolve(« promise »).
// We skip this step, because promise is already guaranteed to be a // We skip this step, because promise is already guaranteed to be a
// JSPRomise at this point. // JSPRomise at this point.
TNode<HeapObject> base = AllocateInNewSpace(kTotalSize); static const int kClosureContextSize =
TNode<Context> closure_context = UncheckedCast<Context>(base); FixedArray::SizeFor(Context::MIN_CONTEXT_EXTENDED_SLOTS);
TNode<Context> closure_context =
UncheckedCast<Context>(AllocateInNewSpace(kClosureContextSize));
{ {
// Initialize the await context, storing the {generator} as extension. // Initialize the await context, storing the {generator} as extension.
TNode<Map> map = CAST( TNode<Map> map = CAST(
...@@ -149,13 +139,15 @@ TNode<Object> AsyncBuiltinsAssembler::AwaitOptimized( ...@@ -149,13 +139,15 @@ TNode<Object> AsyncBuiltinsAssembler::AwaitOptimized(
generator); generator);
} }
// Initialize resolve handler // Allocate and initialize resolve handler
TNode<HeapObject> on_resolve = InnerAllocate(base, kResolveClosureOffset); TNode<HeapObject> on_resolve =
AllocateInNewSpace(JSFunction::kSizeWithoutPrototype);
InitializeNativeClosure(closure_context, native_context, on_resolve, InitializeNativeClosure(closure_context, native_context, on_resolve,
on_resolve_sfi); on_resolve_sfi);
// Initialize reject handler // Allocate and initialize reject handler
TNode<HeapObject> on_reject = InnerAllocate(base, kRejectClosureOffset); TNode<HeapObject> on_reject =
AllocateInNewSpace(JSFunction::kSizeWithoutPrototype);
InitializeNativeClosure(closure_context, native_context, on_reject, InitializeNativeClosure(closure_context, native_context, on_reject,
on_reject_sfi); on_reject_sfi);
......
...@@ -1444,17 +1444,6 @@ TNode<HeapObject> CodeStubAssembler::Allocate(int size_in_bytes, ...@@ -1444,17 +1444,6 @@ TNode<HeapObject> CodeStubAssembler::Allocate(int size_in_bytes,
return CodeStubAssembler::Allocate(IntPtrConstant(size_in_bytes), flags); return CodeStubAssembler::Allocate(IntPtrConstant(size_in_bytes), flags);
} }
TNode<HeapObject> CodeStubAssembler::InnerAllocate(TNode<HeapObject> previous,
TNode<IntPtrT> offset) {
return UncheckedCast<HeapObject>(
BitcastWordToTagged(IntPtrAdd(BitcastTaggedToWord(previous), offset)));
}
TNode<HeapObject> CodeStubAssembler::InnerAllocate(TNode<HeapObject> previous,
int offset) {
return InnerAllocate(previous, IntPtrConstant(offset));
}
TNode<BoolT> CodeStubAssembler::IsRegularHeapObjectSize(TNode<IntPtrT> size) { TNode<BoolT> CodeStubAssembler::IsRegularHeapObjectSize(TNode<IntPtrT> size) {
return UintPtrLessThanOrEqual(size, return UintPtrLessThanOrEqual(size,
IntPtrConstant(kMaxRegularHeapObjectSize)); IntPtrConstant(kMaxRegularHeapObjectSize));
...@@ -3928,6 +3917,20 @@ TNode<JSArray> CodeStubAssembler::AllocateJSArray( ...@@ -3928,6 +3917,20 @@ TNode<JSArray> CodeStubAssembler::AllocateJSArray(
return result; return result;
} }
namespace {
// To prevent GC between the array and elements allocation, the elements
// object allocation is folded together with the js-array allocation.
TNode<FixedArrayBase> InnerAllocateElements(CodeStubAssembler* csa,
TNode<JSArray> js_array,
int offset) {
return csa->UncheckedCast<FixedArrayBase>(
csa->BitcastWordToTagged(csa->IntPtrAdd(
csa->BitcastTaggedToWord(js_array), csa->IntPtrConstant(offset))));
}
} // namespace
std::pair<TNode<JSArray>, TNode<FixedArrayBase>> std::pair<TNode<JSArray>, TNode<FixedArrayBase>>
CodeStubAssembler::AllocateUninitializedJSArrayWithElements( CodeStubAssembler::AllocateUninitializedJSArrayWithElements(
ElementsKind kind, TNode<Map> array_map, TNode<Smi> length, ElementsKind kind, TNode<Map> array_map, TNode<Smi> length,
...@@ -3985,9 +3988,14 @@ CodeStubAssembler::AllocateUninitializedJSArrayWithElements( ...@@ -3985,9 +3988,14 @@ CodeStubAssembler::AllocateUninitializedJSArrayWithElements(
// folding trick. Instead, we first allocate the elements in large object // folding trick. Instead, we first allocate the elements in large object
// space, and then allocate the JSArray (and possibly the allocation // space, and then allocate the JSArray (and possibly the allocation
// memento) in new space. // memento) in new space.
if (allocation_flags & kAllowLargeObjectAllocation) { const bool inline_allocation =
!V8_DISABLE_WRITE_BARRIERS_BOOL || V8_ALLOCATION_FOLDING_BOOL;
if ((allocation_flags & kAllowLargeObjectAllocation) ||
!inline_allocation) {
Label next(this); Label next(this);
if (inline_allocation) {
GotoIf(IsRegularHeapObjectSize(size), &next); GotoIf(IsRegularHeapObjectSize(size), &next);
}
CSA_CHECK(this, IsValidFastJSArrayCapacity(capacity)); CSA_CHECK(this, IsValidFastJSArrayCapacity(capacity));
...@@ -4009,14 +4017,17 @@ CodeStubAssembler::AllocateUninitializedJSArrayWithElements( ...@@ -4009,14 +4017,17 @@ CodeStubAssembler::AllocateUninitializedJSArrayWithElements(
Goto(&out); Goto(&out);
if (inline_allocation) {
BIND(&next); BIND(&next);
} }
}
if (!inline_allocation) Unreachable();
// Fold all objects into a single new space allocation. // Fold all objects into a single new space allocation.
array = array =
AllocateUninitializedJSArray(array_map, length, allocation_site, size); AllocateUninitializedJSArray(array_map, length, allocation_site, size);
elements = UncheckedCast<FixedArrayBase>( elements = InnerAllocateElements(this, array.value(), elements_offset);
InnerAllocate(array.value(), elements_offset));
StoreObjectFieldNoWriteBarrier(array.value(), JSObject::kElementsOffset, StoreObjectFieldNoWriteBarrier(array.value(), JSObject::kElementsOffset,
elements.value()); elements.value());
...@@ -5347,12 +5358,28 @@ template TNode<FixedArrayBase> CodeStubAssembler::GrowElementsCapacity<IntPtrT>( ...@@ -5347,12 +5358,28 @@ template TNode<FixedArrayBase> CodeStubAssembler::GrowElementsCapacity<IntPtrT>(
TNode<HeapObject>, TNode<FixedArrayBase>, ElementsKind, ElementsKind, TNode<HeapObject>, TNode<FixedArrayBase>, ElementsKind, ElementsKind,
TNode<IntPtrT>, TNode<IntPtrT>, compiler::CodeAssemblerLabel*); TNode<IntPtrT>, TNode<IntPtrT>, compiler::CodeAssemblerLabel*);
namespace {
// Helper function for folded memento allocation.
// Memento objects are designed to be put right after the objects they are
// tracking on. So memento allocations have to be folded together with previous
// object allocations.
TNode<HeapObject> InnerAllocateMemento(CodeStubAssembler* csa,
TNode<HeapObject> previous,
TNode<IntPtrT> offset) {
return csa->UncheckedCast<HeapObject>(csa->BitcastWordToTagged(
csa->IntPtrAdd(csa->BitcastTaggedToWord(previous), offset)));
}
} // namespace
void CodeStubAssembler::InitializeAllocationMemento( void CodeStubAssembler::InitializeAllocationMemento(
TNode<HeapObject> base, TNode<IntPtrT> base_allocation_size, TNode<HeapObject> base, TNode<IntPtrT> base_allocation_size,
TNode<AllocationSite> allocation_site) { TNode<AllocationSite> allocation_site) {
DCHECK(V8_ALLOCATION_SITE_TRACKING_BOOL); DCHECK(V8_ALLOCATION_SITE_TRACKING_BOOL);
Comment("[Initialize AllocationMemento"); Comment("[Initialize AllocationMemento");
TNode<HeapObject> memento = InnerAllocate(base, base_allocation_size); TNode<HeapObject> memento =
InnerAllocateMemento(this, base, base_allocation_size);
StoreMapNoWriteBarrier(memento, RootIndex::kAllocationMementoMap); StoreMapNoWriteBarrier(memento, RootIndex::kAllocationMementoMap);
StoreObjectFieldNoWriteBarrier( StoreObjectFieldNoWriteBarrier(
memento, AllocationMemento::kAllocationSiteOffset, allocation_site); memento, AllocationMemento::kAllocationSiteOffset, allocation_site);
...@@ -13645,8 +13672,8 @@ TNode<JSObject> CodeStubAssembler::AllocateJSIteratorResultForEntry( ...@@ -13645,8 +13672,8 @@ TNode<JSObject> CodeStubAssembler::AllocateJSIteratorResultForEntry(
TNode<NativeContext> native_context = LoadNativeContext(context); TNode<NativeContext> native_context = LoadNativeContext(context);
TNode<Smi> length = SmiConstant(2); TNode<Smi> length = SmiConstant(2);
int const elements_size = FixedArray::SizeFor(2); int const elements_size = FixedArray::SizeFor(2);
TNode<FixedArray> elements = UncheckedCast<FixedArray>( TNode<FixedArray> elements =
Allocate(elements_size + JSArray::kHeaderSize + JSIteratorResult::kSize)); UncheckedCast<FixedArray>(Allocate(elements_size));
StoreObjectFieldRoot(elements, FixedArray::kMapOffset, StoreObjectFieldRoot(elements, FixedArray::kMapOffset,
RootIndex::kFixedArrayMap); RootIndex::kFixedArrayMap);
StoreObjectFieldNoWriteBarrier(elements, FixedArray::kLengthOffset, length); StoreObjectFieldNoWriteBarrier(elements, FixedArray::kLengthOffset, length);
...@@ -13654,7 +13681,7 @@ TNode<JSObject> CodeStubAssembler::AllocateJSIteratorResultForEntry( ...@@ -13654,7 +13681,7 @@ TNode<JSObject> CodeStubAssembler::AllocateJSIteratorResultForEntry(
StoreFixedArrayElement(elements, 1, value); StoreFixedArrayElement(elements, 1, value);
TNode<Map> array_map = CAST(LoadContextElement( TNode<Map> array_map = CAST(LoadContextElement(
native_context, Context::JS_ARRAY_PACKED_ELEMENTS_MAP_INDEX)); native_context, Context::JS_ARRAY_PACKED_ELEMENTS_MAP_INDEX));
TNode<HeapObject> array = InnerAllocate(elements, elements_size); TNode<HeapObject> array = Allocate(JSArray::kHeaderSize);
StoreMapNoWriteBarrier(array, array_map); StoreMapNoWriteBarrier(array, array_map);
StoreObjectFieldRoot(array, JSArray::kPropertiesOrHashOffset, StoreObjectFieldRoot(array, JSArray::kPropertiesOrHashOffset,
RootIndex::kEmptyFixedArray); RootIndex::kEmptyFixedArray);
...@@ -13662,7 +13689,7 @@ TNode<JSObject> CodeStubAssembler::AllocateJSIteratorResultForEntry( ...@@ -13662,7 +13689,7 @@ TNode<JSObject> CodeStubAssembler::AllocateJSIteratorResultForEntry(
StoreObjectFieldNoWriteBarrier(array, JSArray::kLengthOffset, length); StoreObjectFieldNoWriteBarrier(array, JSArray::kLengthOffset, length);
TNode<Map> iterator_map = CAST( TNode<Map> iterator_map = CAST(
LoadContextElement(native_context, Context::ITERATOR_RESULT_MAP_INDEX)); LoadContextElement(native_context, Context::ITERATOR_RESULT_MAP_INDEX));
TNode<HeapObject> result = InnerAllocate(array, JSArray::kHeaderSize); TNode<HeapObject> result = Allocate(JSIteratorResult::kSize);
StoreMapNoWriteBarrier(result, iterator_map); StoreMapNoWriteBarrier(result, iterator_map);
StoreObjectFieldRoot(result, JSIteratorResult::kPropertiesOrHashOffset, StoreObjectFieldRoot(result, JSIteratorResult::kPropertiesOrHashOffset,
RootIndex::kEmptyFixedArray); RootIndex::kEmptyFixedArray);
......
...@@ -748,9 +748,6 @@ class V8_EXPORT_PRIVATE CodeStubAssembler ...@@ -748,9 +748,6 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
AllocationFlags flags = kNone); AllocationFlags flags = kNone);
TNode<HeapObject> Allocate(int size, AllocationFlags flags = kNone); TNode<HeapObject> Allocate(int size, AllocationFlags flags = kNone);
TNode<HeapObject> InnerAllocate(TNode<HeapObject> previous, int offset);
TNode<HeapObject> InnerAllocate(TNode<HeapObject> previous,
TNode<IntPtrT> offset);
TNode<BoolT> IsRegularHeapObjectSize(TNode<IntPtrT> size); TNode<BoolT> IsRegularHeapObjectSize(TNode<IntPtrT> size);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment