[wasm-gc] Pretenure WasmTypeInfo

The primary reason for this change is that this fixes a race condition when one scavenger thread moves a WasmTypeInfo object that another scavenger thread needs to read for visiting a Wasm struct. Aside from that, since these objects are long-lived, it also generally makes sense to pretenure them. Fixed: v8:11618 Change-Id: I61e81752306dd6f29e0d26a0c40120a6301b0c12 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814561Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#73879}

[wasm-gc] Pretenure WasmTypeInfo
The primary reason for this change is that this fixes a race condition when one scavenger thread moves a WasmTypeInfo object that another scavenger thread needs to read for visiting a Wasm struct. Aside from that, since these objects are long-lived, it also generally makes sense to pretenure them. Fixed: v8:11618 Change-Id: I61e81752306dd6f29e0d26a0c40120a6301b0c12 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814561Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#73879}
84f68af4 · Jakob Kummerow · Commit Bot · cad99884 · 84f68af4
Commit 84f68af4 authored Apr 08, 2021 by Jakob Kummerow Committed by Commit Bot Apr 09, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 4 deletions

factory.cc src/heap/factory.cc +10 -4

No files found.
--- a/src/heap/factory.cc
+++ b/src/heap/factory.cc
@@ -1378,23 +1378,29 @@ Handle<Foreign> Factory::NewForeign(Address addr) {
 #if V8_ENABLE_WEBASSEMBLY
 Handle<WasmTypeInfo> Factory::NewWasmTypeInfo(Address type_address,
                                              Handle<Map> opt_parent) {
+  // We pretenure WasmTypeInfo objects because they are refererenced by Maps,
+  // which are assumed to be long-lived. The supertypes list is constant
+  // after initialization, so we pretenure that too.
+  // The subtypes list, however, is expected to grow (and hence be replaced),
+  // so we don't pretenure it.
  Handle<ArrayList> subtypes = ArrayList::New(isolate(), 0);
  Handle<FixedArray> supertypes;
  if (opt_parent.is_null()) {
    supertypes = NewUninitializedFixedArray(0);
  } else {
-    supertypes = CopyFixedArrayAndGrow(
-        handle(opt_parent->wasm_type_info().supertypes(), isolate()), 1);
+    supertypes = CopyArrayAndGrow(
+        handle(opt_parent->wasm_type_info().supertypes(), isolate()), 1,
+        AllocationType::kOld);
    supertypes->set(supertypes->length() - 1, *opt_parent);
  }
  Map map = *wasm_type_info_map();
  WasmTypeInfo result = WasmTypeInfo::cast(AllocateRawWithImmortalMap(
-      map.instance_size(), AllocationType::kYoung, map));
+      map.instance_size(), AllocationType::kOld, map));
  DisallowGarbageCollection no_gc;
  result.AllocateExternalPointerEntries(isolate());
  result.set_foreign_address(isolate(), type_address);
  result.set_supertypes(*supertypes, SKIP_WRITE_BARRIER);
-  result.set_subtypes(*subtypes, SKIP_WRITE_BARRIER);
+  result.set_subtypes(*subtypes);
  return handle(result, isolate());
 }