[turbofan] Introduce DisallowHeapAccess helper.

R=jarin@chromium.org Bug: v8:7790 Change-Id: I79c6904a9969afc6aac7530c5d876da15018b3bc Reviewed-on: https://chromium-review.googlesource.com/1129142 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#54344}

[turbofan] Introduce DisallowHeapAccess helper.
R=jarin@chromium.org Bug: v8:7790 Change-Id: I79c6904a9969afc6aac7530c5d876da15018b3bc Reviewed-on: https://chromium-review.googlesource.com/1129142 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#54344}
251e3f51 · Georg Neis · Commit Bot · 614c8077 · 251e3f51 · 251e3f51
Commit 251e3f51 authored Jul 10, 2018 by Georg Neis Committed by Commit Bot Jul 10, 2018
12 changed files
--- a/src/compiler/checkpoint-elimination.cc
+++ b/src/compiler/checkpoint-elimination.cc
@@ -39,11 +39,7 @@ Reduction CheckpointElimination::ReduceCheckpoint(Node* node) {
 }

 Reduction CheckpointElimination::Reduce(Node* node) {
-  DisallowHeapAllocation no_heap_allocation;
-  DisallowHandleAllocation no_handle_allocation;
-  DisallowHandleDereference no_handle_dereference;
-  DisallowCodeDependencyChange no_dependency_change;
-
+  DisallowHeapAccess no_heap_access;
  switch (node->opcode()) {
    case IrOpcode::kCheckpoint:
      return ReduceCheckpoint(node);

--- a/src/compiler/common-operator-reducer.cc
+++ b/src/compiler/common-operator-reducer.cc
@@ -53,11 +53,7 @@ CommonOperatorReducer::CommonOperatorReducer(Editor* editor, Graph* graph,
 }

 Reduction CommonOperatorReducer::Reduce(Node* node) {
-  DisallowHeapAllocation no_heap_allocation;
-  DisallowHandleAllocation no_handle_allocation;
-  DisallowHandleDereference no_handle_dereference;
-  DisallowCodeDependencyChange no_dependency_change;
-
+  DisallowHeapAccess no_heap_access;
  switch (node->opcode()) {
    case IrOpcode::kBranch:
      return ReduceBranch(node);

--- a/src/compiler/constant-folding-reducer.cc
+++ b/src/compiler/constant-folding-reducer.cc
@@ -20,10 +20,7 @@ ConstantFoldingReducer::ConstantFoldingReducer(
 ConstantFoldingReducer::~ConstantFoldingReducer() {}

 Reduction ConstantFoldingReducer::Reduce(Node* node) {
-  DisallowHeapAllocation no_heap_allocation;
-  DisallowHandleAllocation no_handle_allocation;
-  DisallowHandleDereference no_handle_dereference;
-  DisallowCodeDependencyChange no_dependency_change;
+  DisallowHeapAccess no_heap_access;
  // Check if the output type is a singleton.  In that case we already know the
  // result value and can simply replace the node if it's eliminable.
  if (!NodeProperties::IsConstant(node) && NodeProperties::IsTyped(node) &&

--- a/src/compiler/dead-code-elimination.cc
+++ b/src/compiler/dead-code-elimination.cc
@@ -46,10 +46,7 @@ Node* FindDeadInput(Node* node) {
 }  // namespace

 Reduction DeadCodeElimination::Reduce(Node* node) {
-  DisallowHeapAllocation no_heap_allocation;
-  DisallowHandleAllocation no_handle_allocation;
-  DisallowHandleDereference no_handle_dereference;
-  DisallowCodeDependencyChange no_dependency_change;
+  DisallowHeapAccess no_heap_access;
  switch (node->opcode()) {
    case IrOpcode::kEnd:
      return ReduceEnd(node);

--- a/src/compiler/js-context-specialization.cc
+++ b/src/compiler/js-context-specialization.cc
@@ -17,11 +17,7 @@ namespace internal {
 namespace compiler {

 Reduction JSContextSpecialization::Reduce(Node* node) {
-  DisallowHeapAllocation no_heap_allocation;
-  DisallowHandleAllocation no_handle_allocation;
-  DisallowHandleDereference no_handle_dereference;
-  DisallowCodeDependencyChange no_dependency_change;
-
+  DisallowHeapAccess no_heap_access;
  switch (node->opcode()) {
    case IrOpcode::kParameter:
      return ReduceParameter(node);

--- a/src/compiler/js-create-lowering.cc
+++ b/src/compiler/js-create-lowering.cc
@@ -113,7 +113,7 @@ Reduction JSCreateLowering::Reduce(Node* node) {
 }

 Reduction JSCreateLowering::ReduceJSCreate(Node* node) {
-  DisallowHandleDereference disallow_handle_dereference;
+  DisallowHeapAccess no_heap_access;
  DCHECK_EQ(IrOpcode::kJSCreate, node->opcode());
  Node* const target = NodeProperties::GetValueInput(node, 0);
  Type const target_type = NodeProperties::GetType(target);
@@ -171,7 +171,7 @@ Reduction JSCreateLowering::ReduceJSCreate(Node* node) {
 }

 Reduction JSCreateLowering::ReduceJSCreateArguments(Node* node) {
-  DisallowHandleDereference disallow_handle_dereference;
+  DisallowHeapAccess no_heap_access;
  DCHECK_EQ(IrOpcode::kJSCreateArguments, node->opcode());
  CreateArgumentsType type = CreateArgumentsTypeOf(node->op());
  Node* const frame_state = NodeProperties::GetFrameStateInput(node);
@@ -847,7 +847,7 @@ Reduction JSCreateLowering::ReduceJSCreateArray(Node* node) {
 }

 Reduction JSCreateLowering::ReduceJSCreateArrayIterator(Node* node) {
-  DisallowHandleDereference disallow_dereference;
+  DisallowHeapAccess no_heap_access;
  DCHECK_EQ(IrOpcode::kJSCreateArrayIterator, node->opcode());
  CreateArrayIteratorParameters const& p =
      CreateArrayIteratorParametersOf(node->op());
@@ -908,7 +908,7 @@ MapRef MapForCollectionIterationKind(const NativeContextRef& native_context,
 }  // namespace

 Reduction JSCreateLowering::ReduceJSCreateCollectionIterator(Node* node) {
-  DisallowHandleDereference disallow_dereference;
+  DisallowHeapAccess no_heap_access;
  DCHECK_EQ(IrOpcode::kJSCreateCollectionIterator, node->opcode());
  CreateCollectionIteratorParameters const& p =
      CreateCollectionIteratorParametersOf(node->op());
@@ -941,7 +941,7 @@ Reduction JSCreateLowering::ReduceJSCreateCollectionIterator(Node* node) {
 }

 Reduction JSCreateLowering::ReduceJSCreateBoundFunction(Node* node) {
-  DisallowHandleDereference disallow_dereference;
+  DisallowHeapAccess no_heap_access;
  DCHECK_EQ(IrOpcode::kJSCreateBoundFunction, node->opcode());
  CreateBoundFunctionParameters const& p =
      CreateBoundFunctionParametersOf(node->op());
@@ -982,7 +982,7 @@ Reduction JSCreateLowering::ReduceJSCreateBoundFunction(Node* node) {
 }

 Reduction JSCreateLowering::ReduceJSCreateClosure(Node* node) {
-  DisallowHandleDereference disallow_dereference;
+  DisallowHeapAccess no_heap_access;
  DCHECK_EQ(IrOpcode::kJSCreateClosure, node->opcode());
  CreateClosureParameters const& p = CreateClosureParametersOf(node->op());
  SharedFunctionInfoRef shared(p.shared_info());
@@ -1229,7 +1229,7 @@ Reduction JSCreateLowering::ReduceJSCreateEmptyLiteralObject(Node* node) {
 }

 Reduction JSCreateLowering::ReduceJSCreateLiteralRegExp(Node* node) {
-  DisallowHandleDereference disallow_dereference;
+  DisallowHeapAccess no_heap_access;
  DCHECK_EQ(IrOpcode::kJSCreateLiteralRegExp, node->opcode());
  CreateLiteralParameters const& p = CreateLiteralParametersOf(node->op());
  Node* effect = NodeProperties::GetEffectInput(node);
@@ -1248,7 +1248,7 @@ Reduction JSCreateLowering::ReduceJSCreateLiteralRegExp(Node* node) {
 }

 Reduction JSCreateLowering::ReduceJSCreateFunctionContext(Node* node) {
-  DisallowHandleDereference disallow_dereference;
+  DisallowHeapAccess no_heap_access;
  DCHECK_EQ(IrOpcode::kJSCreateFunctionContext, node->opcode());
  const CreateFunctionContextParameters& parameters =
      CreateFunctionContextParametersOf(node->op());
@@ -1296,7 +1296,7 @@ Reduction JSCreateLowering::ReduceJSCreateFunctionContext(Node* node) {
 }

 Reduction JSCreateLowering::ReduceJSCreateWithContext(Node* node) {
-  DisallowHandleDereference disallow_dereference;
+  DisallowHeapAccess no_heap_access;
  DCHECK_EQ(IrOpcode::kJSCreateWithContext, node->opcode());
  ScopeInfoRef scope_info(ScopeInfoOf(node->op()));
  Node* extension = NodeProperties::GetValueInput(node, 0);
@@ -1318,7 +1318,7 @@ Reduction JSCreateLowering::ReduceJSCreateWithContext(Node* node) {
 }

 Reduction JSCreateLowering::ReduceJSCreateCatchContext(Node* node) {
-  DisallowHandleDereference disallow_dereference;
+  DisallowHeapAccess no_heap_access;
  DCHECK_EQ(IrOpcode::kJSCreateCatchContext, node->opcode());
  ScopeInfoRef scope_info(ScopeInfoOf(node->op()));
  Node* exception = NodeProperties::GetValueInput(node, 0);
@@ -1344,7 +1344,7 @@ Reduction JSCreateLowering::ReduceJSCreateCatchContext(Node* node) {
 }

 Reduction JSCreateLowering::ReduceJSCreateBlockContext(Node* node) {
-  DisallowHandleDereference disallow_dereference;
+  DisallowHeapAccess no_heap_access;
  DCHECK_EQ(IrOpcode::kJSCreateBlockContext, node->opcode());
  ScopeInfoRef scope_info(ScopeInfoOf(node->op()));
  int const context_length = scope_info.ContextLength();
@@ -1378,7 +1378,7 @@ Reduction JSCreateLowering::ReduceJSCreateBlockContext(Node* node) {
 }

 Reduction JSCreateLowering::ReduceJSCreateObject(Node* node) {
-  DisallowHandleDereference disallow_dereference;
+  DisallowHeapAccess no_heap_access;
  DCHECK_EQ(IrOpcode::kJSCreateObject, node->opcode());
  Node* effect = NodeProperties::GetEffectInput(node);
  Node* control = NodeProperties::GetControlInput(node);
@@ -1396,8 +1396,8 @@ Reduction JSCreateLowering::ReduceJSCreateObject(Node* node) {
  if (instance_map.is_dictionary_map()) {
    DCHECK_EQ(prototype_const.type(js_heap_broker()).oddball_type(),
              OddballType::kNull);
-    // Allocated an empty NameDictionary as backing store for the properties.
-    Handle<Map> map(ReadOnlyRoots(isolate()).name_dictionary_map(), isolate());
+    // Allocate an empty NameDictionary as backing store for the properties.
+    Handle<Map> map = isolate()->factory()->name_dictionary_map();
    int capacity =
        NameDictionary::ComputeCapacity(NameDictionary::kInitialCapacity);
    DCHECK(base::bits::IsPowerOfTwo(capacity));

--- a/src/compiler/js-heap-broker.cc
+++ b/src/compiler/js-heap-broker.cc
@@ -118,6 +118,7 @@ HeapObjectType HeapObjectRef::type(const JSHeapBroker* broker) const {

 base::Optional<MapRef> HeapObjectRef::TryGetObjectCreateMap(
    const JSHeapBroker* broker) const {
+  AllowHandleAllocation handle_allocation;
  AllowHandleDereference allow_handle_dereference;
  Handle<Map> instance_map;
  if (Map::TryGetObjectCreateMap(broker->isolate(), object<HeapObject>())
@@ -145,6 +146,7 @@ bool JSFunctionRef::IsConstructor() const {

 MapRef JSFunctionRef::DependOnInitialMap(
    const JSHeapBroker* broker, CompilationDependencies* dependencies) const {
+  AllowHandleAllocation handle_allocation;
  AllowHandleDereference allow_handle_dereference;
  Handle<Map> initial_map =
      dependencies->DependOnInitialMap(object<JSFunction>());
@@ -153,11 +155,13 @@ MapRef JSFunctionRef::DependOnInitialMap(

 void MapRef::DependOnStableMap(const JSHeapBroker* broker,
                               CompilationDependencies* dependencies) const {
+  AllowHandleAllocation handle_allocation;
  AllowHandleDereference allow_handle_dereference;
  dependencies->DependOnStableMap(object<Map>());
 }

 int JSFunctionRef::GetInstanceSizeWithFinishedSlackTracking() const {
+  AllowHandleAllocation handle_allocation;
  AllowHandleDereference allow_handle_dereference;
  object<JSFunction>()->CompleteInobjectSlackTrackingIfActive();
  return object<JSFunction>()->initial_map()->instance_size();
@@ -169,12 +173,14 @@ bool JSFunctionRef::has_initial_map() const {
 }

 MapRef JSFunctionRef::initial_map(const JSHeapBroker* broker) const {
+  AllowHandleAllocation handle_allocation;
  AllowHandleDereference allow_handle_dereference;
  return MapRef(handle(object<JSFunction>()->initial_map(), broker->isolate()));
 }

 base::Optional<ScriptContextTableRef::LookupResult>
 ScriptContextTableRef::lookup(const NameRef& name) const {
+  AllowHandleAllocation handle_allocation;
  AllowHandleDereference handle_dereference;
  if (!name.IsString()) return {};
  ScriptContextTable::LookupResult lookup_result;
@@ -206,6 +212,7 @@ OddballType ObjectRef::oddball_type(const JSHeapBroker* broker) const {

 ObjectRef FeedbackVectorRef::get(const JSHeapBroker* broker,
                                 FeedbackSlot slot) const {
+  AllowHandleAllocation handle_allocation;
  AllowHandleDereference handle_dereference;
  Handle<Object> value(object<FeedbackVector>()->Get(slot)->ToObject(),
                       broker->isolate());
@@ -213,6 +220,7 @@ ObjectRef FeedbackVectorRef::get(const JSHeapBroker* broker,
 }

 JSObjectRef AllocationSiteRef::boilerplate(const JSHeapBroker* broker) const {
+  AllowHandleAllocation handle_allocation;
  AllowHandleDereference handle_dereference;
  Handle<JSObject> value(object<AllocationSite>()->boilerplate(),
                         broker->isolate());
@@ -384,6 +392,7 @@ bool MapRef::is_dictionary_map() const {
 }

 ObjectRef MapRef::constructor_or_backpointer(const JSHeapBroker* broker) const {
+  AllowHandleAllocation handle_allocation;
  AllowHandleDereference allow_handle_dereference;
  return ObjectRef(
      handle(object<Map>()->constructor_or_backpointer(), broker->isolate()));

--- a/src/compiler/js-heap-broker.h
+++ b/src/compiler/js-heap-broker.h
@@ -14,6 +14,13 @@ namespace v8 {
 namespace internal {
 namespace compiler {

+class DisallowHeapAccess {
+  DisallowHeapAllocation no_heap_allocation_;
+  DisallowHandleAllocation no_handle_allocation_;
+  DisallowHandleDereference no_handle_dereference_;
+  DisallowCodeDependencyChange no_dependency_change_;
+};
+
 enum class OddballType : uint8_t {
  kNone,     // Not an Oddball.
  kBoolean,  // True or False.

--- a/src/compiler/simplified-operator-reducer.cc
+++ b/src/compiler/simplified-operator-reducer.cc
@@ -42,11 +42,7 @@ SimplifiedOperatorReducer::~SimplifiedOperatorReducer() {}


 Reduction SimplifiedOperatorReducer::Reduce(Node* node) {
-  DisallowHeapAllocation no_heap_allocation;
-  DisallowHandleAllocation no_handle_allocation;
-  DisallowHandleDereference no_handle_dereference;
-  DisallowCodeDependencyChange no_dependency_change;
-
+  DisallowHeapAccess no_heap_access;
  switch (node->opcode()) {
    case IrOpcode::kBooleanNot: {
      // TODO(neis): Provide HeapObjectRefMatcher?

--- a/src/compiler/type-narrowing-reducer.cc
+++ b/src/compiler/type-narrowing-reducer.cc
@@ -20,10 +20,7 @@ TypeNarrowingReducer::TypeNarrowingReducer(Editor* editor, JSGraph* jsgraph,
 TypeNarrowingReducer::~TypeNarrowingReducer() {}

 Reduction TypeNarrowingReducer::Reduce(Node* node) {
-  DisallowHeapAllocation no_heap_allocation;
-  DisallowHandleAllocation no_handle_allocation;
-  DisallowHandleDereference no_handle_dereference;
-  DisallowCodeDependencyChange no_dependency_change;
+  DisallowHeapAccess no_heap_access;

  Type new_type = Type::Any();


--- a/src/compiler/typed-optimization.cc
+++ b/src/compiler/typed-optimization.cc
@@ -35,11 +35,7 @@ TypedOptimization::TypedOptimization(Editor* editor,
 TypedOptimization::~TypedOptimization() {}

 Reduction TypedOptimization::Reduce(Node* node) {
-  DisallowHeapAllocation no_heap_allocation;
-  DisallowHandleAllocation no_handle_allocation;
-  DisallowHandleDereference no_handle_dereference;
-  DisallowCodeDependencyChange no_dependency_change;
-
+  DisallowHeapAccess no_heap_access;
  switch (node->opcode()) {
    case IrOpcode::kConvertReceiver:
      return ReduceConvertReceiver(node);

--- a/src/compiler/typer.cc
+++ b/src/compiler/typer.cc
@@ -64,7 +64,7 @@ class Typer::Visitor : public Reducer {
  const char* reducer_name() const override { return "Typer"; }

  Reduction Reduce(Node* node) override {
-    DisallowHandleDereference disallow_handle_dereference;
+    DisallowHeapAccess no_heap_access;
    if (node->op()->ValueOutputCount() == 0) return NoChange();
    switch (node->opcode()) {
 #define DECLARE_CASE(x) \