Commit ae9aeb5a authored by Ulan Degenbaev's avatar Ulan Degenbaev Committed by Commit Bot

[heap] Remove snapshot-based visitation of JSObjects in the marker

Now that double unboxing is removed, the concurrent marker can directly
visit all JSObjects without snapshotting them first.

Bug: v8:11422
Change-Id: Ib5cb4d0b39fd2654f4e417a09c9497d134fea1ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732009
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73211}
parent 80780765
...@@ -215,12 +215,16 @@ class ConcurrentMarkingVisitor final ...@@ -215,12 +215,16 @@ class ConcurrentMarkingVisitor final
template <typename T, typename TBodyDescriptor = typename T::BodyDescriptor> template <typename T, typename TBodyDescriptor = typename T::BodyDescriptor>
int VisitJSObjectSubclass(Map map, T object) { int VisitJSObjectSubclass(Map map, T object) {
if (!ShouldVisit(object)) return 0;
int size = TBodyDescriptor::SizeOf(map, object); int size = TBodyDescriptor::SizeOf(map, object);
int used_size = map.UsedInstanceSize(); int used_size = map.UsedInstanceSize();
DCHECK_LE(used_size, size); DCHECK_LE(used_size, size);
DCHECK_GE(used_size, JSObject::GetHeaderSize(map)); DCHECK_GE(used_size, JSObject::GetHeaderSize(map));
return VisitPartiallyWithSnapshot<T, TBodyDescriptor>(map, object, this->VisitMapPointer(object);
used_size, size); // It is important to visit only the used field and ignore the slack fields
// because the slack fields may be trimmed concurrently.
TBodyDescriptor::IterateBody(map, object, used_size, this);
return size;
} }
template <typename T> template <typename T>
...@@ -252,17 +256,11 @@ class ConcurrentMarkingVisitor final ...@@ -252,17 +256,11 @@ class ConcurrentMarkingVisitor final
template <typename T> template <typename T>
int VisitFullyWithSnapshot(Map map, T object) { int VisitFullyWithSnapshot(Map map, T object) {
if (!ShouldVisit(object)) return 0;
using TBodyDescriptor = typename T::BodyDescriptor; using TBodyDescriptor = typename T::BodyDescriptor;
int size = TBodyDescriptor::SizeOf(map, object); int size = TBodyDescriptor::SizeOf(map, object);
return VisitPartiallyWithSnapshot<T, TBodyDescriptor>(map, object, size,
size);
}
template <typename T, typename TBodyDescriptor = typename T::BodyDescriptor>
int VisitPartiallyWithSnapshot(Map map, T object, int used_size, int size) {
const SlotSnapshot& snapshot = const SlotSnapshot& snapshot =
MakeSlotSnapshot<T, TBodyDescriptor>(map, object, used_size); MakeSlotSnapshot<T, TBodyDescriptor>(map, object, size);
if (!ShouldVisit(object)) return 0;
VisitPointersInSnapshot(object, snapshot); VisitPointersInSnapshot(object, snapshot);
return size; return size;
} }
......
...@@ -3575,28 +3575,30 @@ void Heap::VerifyObjectLayoutChange(HeapObject object, Map new_map) { ...@@ -3575,28 +3575,30 @@ void Heap::VerifyObjectLayoutChange(HeapObject object, Map new_map) {
// use object->set_map_after_allocation() to initialize its map. // use object->set_map_after_allocation() to initialize its map.
if (pending_layout_change_object_.is_null()) { if (pending_layout_change_object_.is_null()) {
if (object.IsJSObject()) { if (object.IsJSObject()) {
DCHECK(!object.map().TransitionRequiresSynchronizationWithGC(new_map)); // Without double unboxing all in-object fields of a JSObject are tagged.
} else if (object.IsString() && return;
(new_map == ReadOnlyRoots(this).thin_string_map() || }
new_map == ReadOnlyRoots(this).thin_one_byte_string_map())) { if (object.IsString() &&
(new_map == ReadOnlyRoots(this).thin_string_map() ||
new_map == ReadOnlyRoots(this).thin_one_byte_string_map())) {
// When transitioning a string to ThinString, // When transitioning a string to ThinString,
// Heap::NotifyObjectLayoutChange doesn't need to be invoked because only // Heap::NotifyObjectLayoutChange doesn't need to be invoked because only
// tagged fields are introduced. // tagged fields are introduced.
} else { return;
// Check that the set of slots before and after the transition match. }
SlotCollectingVisitor old_visitor; // Check that the set of slots before and after the transition match.
object.IterateFast(&old_visitor); SlotCollectingVisitor old_visitor;
MapWord old_map_word = object.map_word(); object.IterateFast(&old_visitor);
// Temporarily set the new map to iterate new slots. MapWord old_map_word = object.map_word();
object.set_map_word(MapWord::FromMap(new_map)); // Temporarily set the new map to iterate new slots.
SlotCollectingVisitor new_visitor; object.set_map_word(MapWord::FromMap(new_map));
object.IterateFast(&new_visitor); SlotCollectingVisitor new_visitor;
// Restore the old map. object.IterateFast(&new_visitor);
object.set_map_word(old_map_word); // Restore the old map.
DCHECK_EQ(new_visitor.number_of_slots(), old_visitor.number_of_slots()); object.set_map_word(old_map_word);
for (int i = 0; i < new_visitor.number_of_slots(); i++) { DCHECK_EQ(new_visitor.number_of_slots(), old_visitor.number_of_slots());
DCHECK(new_visitor.slot(i) == old_visitor.slot(i)); for (int i = 0; i < new_visitor.number_of_slots(); i++) {
} DCHECK_EQ(new_visitor.slot(i), old_visitor.slot(i));
} }
} else { } else {
DCHECK_EQ(pending_layout_change_object_, object); DCHECK_EQ(pending_layout_change_object_, object);
......
...@@ -2918,10 +2918,6 @@ void MigrateFastToFast(Isolate* isolate, Handle<JSObject> object, ...@@ -2918,10 +2918,6 @@ void MigrateFastToFast(Isolate* isolate, Handle<JSObject> object,
Heap* heap = isolate->heap(); Heap* heap = isolate->heap();
// Invalidate slots manually later in case of tagged to untagged translation.
// In all other cases the recorded slot remains dereferenceable.
heap->NotifyObjectLayoutChange(*object, no_gc, InvalidateRecordedSlots::kNo);
// Copy (real) inobject properties. If necessary, stop at number_of_fields to // Copy (real) inobject properties. If necessary, stop at number_of_fields to
// avoid overwriting |one_pointer_filler_map|. // avoid overwriting |one_pointer_filler_map|.
int limit = std::min(inobject, number_of_fields); int limit = std::min(inobject, number_of_fields);
...@@ -3035,11 +3031,6 @@ void MigrateFastToSlow(Isolate* isolate, Handle<JSObject> object, ...@@ -3035,11 +3031,6 @@ void MigrateFastToSlow(Isolate* isolate, Handle<JSObject> object,
Heap* heap = isolate->heap(); Heap* heap = isolate->heap();
// Invalidate slots manually later in case the new map has in-object
// properties. If not, it is not possible to store an untagged value
// in a recorded slot.
heap->NotifyObjectLayoutChange(*object, no_gc, InvalidateRecordedSlots::kNo);
// Resize the object in the heap if necessary. // Resize the object in the heap if necessary.
int old_instance_size = map->instance_size(); int old_instance_size = map->instance_size();
int new_instance_size = new_map->instance_size(); int new_instance_size = new_map->instance_size();
......
...@@ -500,12 +500,6 @@ MaybeHandle<Map> Map::CopyWithConstant(Isolate* isolate, Handle<Map> map, ...@@ -500,12 +500,6 @@ MaybeHandle<Map> Map::CopyWithConstant(Isolate* isolate, Handle<Map> map,
PropertyConstness::kConst, representation, flag); PropertyConstness::kConst, representation, flag);
} }
bool Map::TransitionRequiresSynchronizationWithGC(Map target) const {
int inobject = NumberOfFields();
int target_inobject = target.NumberOfFields();
return target_inobject < inobject;
}
bool Map::InstancesNeedRewriting(Map target) const { bool Map::InstancesNeedRewriting(Map target) const {
int target_number_of_fields = target.NumberOfFields(); int target_number_of_fields = target.NumberOfFields();
int target_inobject = target.GetInObjectProperties(); int target_inobject = target.GetInObjectProperties();
......
...@@ -481,10 +481,6 @@ class Map : public HeapObject { ...@@ -481,10 +481,6 @@ class Map : public HeapObject {
bool HasOutOfObjectProperties() const; bool HasOutOfObjectProperties() const;
// Returns true if transition to the given map requires special
// synchronization with the concurrent marker.
bool TransitionRequiresSynchronizationWithGC(Map target) const;
// TODO(ishell): candidate with JSObject::MigrateToMap(). // TODO(ishell): candidate with JSObject::MigrateToMap().
bool InstancesNeedRewriting(Map target) const; bool InstancesNeedRewriting(Map target) const;
bool InstancesNeedRewriting(Map target, int target_number_of_fields, bool InstancesNeedRewriting(Map target, int target_number_of_fields,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment