[Turbofan] Never serialize CallHandlerInfo objects

CallHandleInfos are observed for optimizing API calls in TurboFan. The place to be careful is on allocation and installation of these objects in a FunctionTemplate. As long as store order is preserved there, we can safely directly access the class members. Bug: v8:7790 Change-Id: I6acb318d01c19d97725c7218e913765c33e0d8b8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435096 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#70236}

[Turbofan] Never serialize CallHandlerInfo objects
CallHandleInfos are observed for optimizing API calls in TurboFan. The place to be careful is on allocation and installation of these objects in a FunctionTemplate. As long as store order is preserved there, we can safely directly access the class members. Bug: v8:7790 Change-Id: I6acb318d01c19d97725c7218e913765c33e0d8b8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435096 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#70236}
abab49d9 · Mike Stanton · Commit Bot · 43f0f49d · abab49d9 · abab49d9
Commit abab49d9 authored Sep 30, 2020 by Mike Stanton Committed by Commit Bot Sep 30, 2020
5 changed files
--- a/src/api/api.cc
+++ b/src/api/api.cc
@@ -1560,7 +1560,7 @@ void FunctionTemplate::SetCallHandler(FunctionCallback callback,
        isolate, info,
        i::handle(*FromCData(isolate, c_function->GetTypeInfo()), isolate));
  }
-  info->set_call_code(*obj);
+  info->set_synchronized_call_code(*obj);
 }
 namespace {

--- a/src/compiler/heap-refs.h
+++ b/src/compiler/heap-refs.h
@@ -63,6 +63,7 @@ enum class OddballType : uint8_t {
  /* Subtypes of HeapObject */                      \
  V(AccessorInfo)                                   \
  V(ArrayBoilerplateDescription)                    \
+  V(CallHandlerInfo)                                \
  V(Cell)                                           \
  V(TemplateObjectDescription)
@@ -96,7 +97,6 @@ enum class OddballType : uint8_t {
  /* Subtypes of HeapObject */                \
  V(AllocationSite)                           \
  V(BigInt)                                   \
-  V(CallHandlerInfo)                          \
  V(Code)                                     \
  V(DescriptorArray)                          \
  V(FeedbackCell)                             \

--- a/src/compiler/js-heap-broker.cc
+++ b/src/compiler/js-heap-broker.cc
@@ -297,7 +297,9 @@ CallHandlerInfoData::CallHandlerInfoData(JSHeapBroker* broker,
                                         ObjectData** storage,
                                         Handle<CallHandlerInfo> object)
    : HeapObjectData(broker, storage, object),
-      callback_(v8::ToCData<Address>(object->callback())) {}
+      callback_(v8::ToCData<Address>(object->callback())) {
+  DCHECK(!FLAG_turbo_direct_heap_access);
+}
 // These definitions are here in order to please the linker, which in debug mode
 // sometimes requires static constants to be defined in .cc files.
@@ -328,7 +330,12 @@ void FunctionTemplateInfoData::SerializeCallCode(JSHeapBroker* broker) {
                    "FunctionTemplateInfoData::SerializeCallCode");
  auto function_template_info = Handle<FunctionTemplateInfo>::cast(object());
  call_code_ = broker->GetOrCreateData(function_template_info->call_code());
-  if (!call_code_->should_access_heap()) {
+  if (call_code_->should_access_heap()) {
+    // TODO(mvstanton): When ObjectRef is in the never serialized list, this
+    // code can be removed.
+    broker->GetOrCreateData(
+        Handle<CallHandlerInfo>::cast(call_code_->object())->data());
+  } else {
    call_code_->AsCallHandlerInfo()->Serialize(broker);
  }
 }
@@ -3413,8 +3420,9 @@ BIMODAL_ACCESSOR_C(PropertyCell, PropertyDetails, property_details)
 base::Optional<CallHandlerInfoRef> FunctionTemplateInfoRef::call_code() const {
  if (data_->should_access_heap()) {
-    return CallHandlerInfoRef(
+    return CallHandlerInfoRef(broker(),
-        broker(), broker()->CanonicalPersistentHandle(object()->call_code()));
+                              broker()->CanonicalPersistentHandle(
+                                  object()->synchronized_call_code()));
  }
  ObjectData* call_code = data()->AsFunctionTemplateInfo()->call_code();
  if (!call_code) return base::nullopt;

--- a/src/objects/templates-inl.h
+++ b/src/objects/templates-inl.h
@@ -36,6 +36,9 @@ BOOL_ACCESSORS(FunctionTemplateInfo, flag, do_not_cache, DoNotCacheBit::kShift)
 BOOL_ACCESSORS(FunctionTemplateInfo, flag, accept_any_receiver,
               AcceptAnyReceiverBit::kShift)
+SYNCHRONIZED_ACCESSORS(FunctionTemplateInfo, synchronized_call_code, HeapObject,
+                       kCallCodeOffset)
 // static
 FunctionTemplateRareData FunctionTemplateInfo::EnsureFunctionTemplateRareData(
    Isolate* isolate, Handle<FunctionTemplateInfo> function_template_info) {

--- a/src/objects/templates.h
+++ b/src/objects/templates.h
@@ -85,6 +85,8 @@ class FunctionTemplateInfo
  DECL_RARE_ACCESSORS(c_signature, CSignature, Object)
 #undef DECL_RARE_ACCESSORS
+  DECL_SYNCHRONIZED_ACCESSORS(call_code, HeapObject)
  // Begin flag bits ---------------------
  DECL_BOOLEAN_ACCESSORS(undetectable)