Commit b5f37051 authored by Santiago Aboy Solanes's avatar Santiago Aboy Solanes Committed by Commit Bot

[compiler] Replace JSDataView with direct reads

Bug: v8:7790
Change-Id: Id01c2e4359aa4294816ffe14c08a586a9b9b10c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404768
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69904}
parent c5a8758c
......@@ -55,6 +55,8 @@ enum class OddballType : uint8_t {
// Classes on this list will skip serialization when
// FLAG_turbo_direct_heap_access is on. Otherwise, they might get serialized.
#define HEAP_BROKER_NEVER_SERIALIZED_OBJECT_LIST(V) \
/* Subtypes of JSObject */ \
V(JSDataView) \
/* Subtypes of FixedArray */ \
V(ObjectBoilerplateDescription) \
/* Subtypes of FixedArrayBase */ \
......@@ -73,7 +75,6 @@ enum class OddballType : uint8_t {
/* Subtypes of JSObject */ \
V(JSArray) \
V(JSBoundFunction) \
V(JSDataView) \
V(JSFunction) \
V(JSGlobalObject) \
V(JSGlobalProxy) \
......@@ -309,7 +310,6 @@ class JSDataViewRef : public JSObjectRef {
Handle<JSDataView> object() const;
size_t byte_length() const;
size_t byte_offset() const;
};
class JSBoundFunctionRef : public JSObjectRef {
......
......@@ -7332,11 +7332,11 @@ Reduction JSCallReducer::ReduceDataViewAccess(Node* node, DataViewAccess access,
// We only deal with DataViews here whose [[ByteLength]] is at least
// {element_size}, as for all other DataViews it'll be out-of-bounds.
JSDataViewRef dataview = m.Ref(broker()).AsJSDataView();
if (dataview.byte_length() < element_size) return NoChange();
size_t length = dataview.byte_length();
if (length < element_size) return NoChange();
// Check that the {offset} is within range of the {byte_length}.
Node* byte_length =
jsgraph()->Constant(dataview.byte_length() - (element_size - 1));
// Check that the {offset} is within range of the {length}.
Node* byte_length = jsgraph()->Constant(length - (element_size - 1));
offset = effect = graph()->NewNode(simplified()->CheckBounds(p.feedback()),
offset, byte_length, effect, control);
} else {
......
......@@ -601,11 +601,9 @@ class JSDataViewData : public JSObjectData {
Handle<JSDataView> object);
size_t byte_length() const { return byte_length_; }
size_t byte_offset() const { return byte_offset_; }
private:
size_t const byte_length_;
size_t const byte_offset_;
};
class JSBoundFunctionData : public JSObjectData {
......@@ -1484,8 +1482,9 @@ class FixedArrayData : public FixedArrayBaseData {
JSDataViewData::JSDataViewData(JSHeapBroker* broker, ObjectData** storage,
Handle<JSDataView> object)
: JSObjectData(broker, storage, object),
byte_length_(object->byte_length()),
byte_offset_(object->byte_offset()) {}
byte_length_(object->byte_length()) {
DCHECK(!FLAG_turbo_direct_heap_access);
}
JSBoundFunctionData::JSBoundFunctionData(JSHeapBroker* broker,
ObjectData** storage,
......@@ -3359,7 +3358,6 @@ BIMODAL_ACCESSOR(JSBoundFunction, Object, bound_this)
BIMODAL_ACCESSOR(JSBoundFunction, FixedArray, bound_arguments)
BIMODAL_ACCESSOR_C(JSDataView, size_t, byte_length)
BIMODAL_ACCESSOR_C(JSDataView, size_t, byte_offset)
BIMODAL_ACCESSOR_C(JSFunction, bool, has_feedback_vector)
BIMODAL_ACCESSOR_C(JSFunction, bool, has_initial_map)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment