[regexp] Handlify RegExpCompileData::code

RegExpMacroAssembler::GetCode returns a Handle<Object>. However, that Handle is almost immediately dereferenced, and is stored as a bare Object in both RegExpCompiler::CompilationResult and RegExpCompileData. This makes SpiderMonkey's rooting hazard analysis somewhat antsy. While RegExpCompileData is alive on the stack, the hazard analysis will not allow any calls that might GC, because it isn't smart enough to prove that the code field can't be clobbered by a GC. As far as I can tell, there is no real hazard here, but storing a Handle in RegExpCompileData instead of a bare Object will simplify SM and prevent a future patch from accidentally breaking something. Bug: v8:10406 Change-Id: I9642dd05c591bfd23b340a89df2f2bf5c9fcac2c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161578Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#67441}

[regexp] Handlify RegExpCompileData::code
RegExpMacroAssembler::GetCode returns a Handle<Object>. However, that Handle is almost immediately dereferenced, and is stored as a bare Object in both RegExpCompiler::CompilationResult and RegExpCompileData. This makes SpiderMonkey's rooting hazard analysis somewhat antsy. While RegExpCompileData is alive on the stack, the hazard analysis will not allow any calls that might GC, because it isn't smart enough to prove that the code field can't be clobbered by a GC. As far as I can tell, there is no real hazard here, but storing a Handle in RegExpCompileData instead of a bare Object will simplify SM and prevent a future patch from accidentally breaking something. Bug: v8:10406 Change-Id: I9642dd05c591bfd23b340a89df2f2bf5c9fcac2c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161578Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#67441}
6bb3f0c0 · Iain Ireland · Commit Bot · 93cfa458 · 6bb3f0c0 · 6bb3f0c0
Commit 6bb3f0c0 authored Apr 22, 2020 by Iain Ireland Committed by Commit Bot Apr 28, 2020
Showing with 8 additions and 8 deletions

regexp-compiler.cc src/regexp/regexp-compiler.cc +1 -1

regexp-compiler.h src/regexp/regexp-compiler.h +2 -2

regexp.cc src/regexp/regexp.cc +4 -4

regexp.h src/regexp/regexp.h +1 -1

No files found.
--- a/src/regexp/regexp-compiler.cc
+++ b/src/regexp/regexp-compiler.cc
@@ -269,7 +269,7 @@ RegExpCompiler::CompilationResult RegExpCompiler::Assemble(
  isolate->IncreaseTotalRegexpCodeGenerated(code);
  work_list_ = nullptr;

-  return {*code, next_register_};
+  return {code, next_register_};
 }

 bool Trace::DeferredAction::Mentions(int that) {

--- a/src/regexp/regexp-compiler.h
+++ b/src/regexp/regexp-compiler.h
@@ -501,7 +501,7 @@ class RegExpCompiler {

  struct CompilationResult final {
    explicit CompilationResult(RegExpError err) : error(err) {}
-    CompilationResult(Object code, int registers)
+    CompilationResult(Handle<Object> code, int registers)
        : code(code), num_registers(registers) {}

    static CompilationResult RegExpTooBig() {
@@ -511,7 +511,7 @@ class RegExpCompiler {
    bool Succeeded() const { return error == RegExpError::kNone; }

    const RegExpError error = RegExpError::kNone;
-    Object code;
+    Handle<Object> code;
    int num_registers = 0;
  };


--- a/src/regexp/regexp.cc
+++ b/src/regexp/regexp.cc
@@ -420,7 +420,7 @@ bool RegExpImpl::CompileIrregexp(Isolate* isolate, Handle<JSRegExp> re,
  Handle<FixedArray> data =
      Handle<FixedArray>(FixedArray::cast(re->data()), isolate);
  if (compile_data.compilation_target == RegExpCompilationTarget::kNative) {
-    data->set(JSRegExp::code_index(is_one_byte), compile_data.code);
+    data->set(JSRegExp::code_index(is_one_byte), *compile_data.code);
    // Reset bytecode to uninitialized. In case we use tier-up we know that
    // tier-up has happened this way.
    data->set(JSRegExp::bytecode_index(is_one_byte),
@@ -430,7 +430,7 @@ bool RegExpImpl::CompileIrregexp(Isolate* isolate, Handle<JSRegExp> re,
              RegExpCompilationTarget::kBytecode);
    // Store code generated by compiler in bytecode and trampoline to
    // interpreter in code.
-    data->set(JSRegExp::bytecode_index(is_one_byte), compile_data.code);
+    data->set(JSRegExp::bytecode_index(is_one_byte), *compile_data.code);
    Handle<Code> trampoline =
        BUILTIN_CODE(isolate, RegExpInterpreterTrampoline);
    data->set(JSRegExp::code_index(is_one_byte), *trampoline);
@@ -834,14 +834,14 @@ bool RegExpImpl::Compile(Isolate* isolate, Zone* zone, RegExpCompileData* data,
        data->compilation_target == RegExpCompilationTarget::kNative) {
      CodeTracer::Scope trace_scope(isolate->GetCodeTracer());
      OFStream os(trace_scope.file());
-      Handle<Code> c(Code::cast(result.code), isolate);
+      Handle<Code> c = Handle<Code>::cast(result.code);
      auto pattern_cstring = pattern->ToCString();
      c->Disassemble(pattern_cstring.get(), os, isolate);
    }
 #endif
    if (FLAG_print_regexp_bytecode &&
        data->compilation_target == RegExpCompilationTarget::kBytecode) {
-      Handle<ByteArray> bytecode(ByteArray::cast(result.code), isolate);
+      Handle<ByteArray> bytecode = Handle<ByteArray>::cast(result.code);
      auto pattern_cstring = pattern->ToCString();
      RegExpBytecodeDisassemble(bytecode->GetDataStartAddress(),
                                bytecode->length(), pattern_cstring.get());

--- a/src/regexp/regexp.h
+++ b/src/regexp/regexp.h
@@ -27,7 +27,7 @@ struct RegExpCompileData {

  // Either the generated code as produced by the compiler or a trampoline
  // to the interpreter.
-  Object code;
+  Handle<Object> code;

  // True, iff the pattern is a 'simple' atom with zero captures. In other
  // words, the pattern consists of a string with no metacharacters and special