Commit d2f198f8 authored by Mike Stanton's avatar Mike Stanton Committed by Commit Bot

[TurboFan] Move FeedbackVectorRef to the never serialized list

Actual FeedbackVector IC slots don't participate in the Ref class, since
they are read during serialization as we process bytecode. So
FeedbackVectorRef really only deals with the FeedbackCell array and
the SharedFunctionInfo. These two types are already in the no serialized
list, so it's pretty easy to move this class over there too.

Bug: v8:7790
Change-Id: I51b7bf4c3404ae5bcfb16d29b5e719787ddd6b17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2656317
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72432}
parent 0444497c
......@@ -73,6 +73,7 @@ enum class OddballType : uint8_t {
V(CallHandlerInfo) \
V(Cell) \
V(FeedbackCell) \
V(FeedbackVector) \
V(SharedFunctionInfo) \
V(TemplateObjectDescription)
......@@ -117,7 +118,6 @@ enum class OddballType : uint8_t {
V(AllocationSite) \
V(Code) \
V(DescriptorArray) \
V(FeedbackVector) \
V(FixedArrayBase) \
V(FunctionTemplateInfo) \
V(JSReceiver) \
......@@ -383,6 +383,10 @@ class V8_EXPORT_PRIVATE JSFunctionRef : public JSObjectRef {
bool serialized_code_and_feedback() const;
// The following are available only after calling SerializeCodeAndFeedback().
// TODO(mvstanton): Once we allow inlining of functions we didn't see
// during serialization, we do need to ensure that any feedback vector
// we read here has been fully initialized (ie, store-ordered into the
// cell).
FeedbackVectorRef feedback_vector() const;
FeedbackCellRef raw_feedback_cell() const;
CodeRef code() const;
......@@ -546,6 +550,11 @@ class FeedbackCellRef : public HeapObjectRef {
Handle<FeedbackCell> object() const;
base::Optional<SharedFunctionInfoRef> shared_function_info() const;
// TODO(mvstanton): Once we allow inlining of functions we didn't see
// during serialization, we do need to ensure that any feedback vector
// we read here has been fully initialized (ie, store-ordered into the
// cell).
base::Optional<FeedbackVectorRef> value() const;
};
......
......@@ -1486,7 +1486,9 @@ FeedbackVectorData::FeedbackVectorData(JSHeapBroker* broker,
Handle<FeedbackVector> object)
: HeapObjectData(broker, storage, object),
invocation_count_(object->invocation_count()),
closure_feedback_cell_array_(broker->zone()) {}
closure_feedback_cell_array_(broker->zone()) {
DCHECK(!FLAG_turbo_direct_heap_access);
}
ObjectData* FeedbackVectorData::GetClosureFeedbackCell(JSHeapBroker* broker,
int index) const {
......@@ -3053,7 +3055,13 @@ OddballType MapRef::oddball_type() const {
FeedbackCellRef FeedbackVectorRef::GetClosureFeedbackCell(int index) const {
if (data_->should_access_heap()) {
return FeedbackCellRef(broker(), object()->GetClosureFeedbackCell(index));
FeedbackCell cell = object()->closure_feedback_cell(index);
Handle<FeedbackCell> cell_handle =
broker()->CanonicalPersistentHandle(cell);
// These should all be available because we request the cell for each
// CreateClosure bytecode.
ObjectData* cell_data = broker()->GetOrCreateData(cell_handle);
return FeedbackCellRef(broker(), cell_data);
}
return FeedbackCellRef(
......@@ -4963,6 +4971,12 @@ ProcessedFeedback const& JSHeapBroker::ReadFeedbackForCall(
base::Optional<HeapObjectRef> target_ref;
{
// TODO(mvstanton): this read has a special danger when done on the
// background thread, because the CallIC has a site in generated code
// where a JSFunction is installed in this slot without store ordering.
// Therefore, we will need to check {maybe_target} to ensure that it
// has been store ordered by the heap's mechanism for store-ordering
// batches of new objects.
MaybeObject maybe_target = nexus.GetFeedback();
HeapObject target_object;
if (maybe_target->GetHeapObject(&target_object)) {
......
......@@ -100,6 +100,10 @@ Handle<FeedbackCell> ClosureFeedbackCellArray::GetFeedbackCell(int index) {
return handle(FeedbackCell::cast(get(index)), GetIsolate());
}
FeedbackCell ClosureFeedbackCellArray::cell(int index) {
return FeedbackCell::cast(get(index));
}
bool FeedbackVector::is_empty() const { return length() == 0; }
FeedbackMetadata FeedbackVector::metadata() const {
......@@ -188,9 +192,12 @@ MaybeObject FeedbackVector::Get(IsolateRoot isolate, FeedbackSlot slot) const {
Handle<FeedbackCell> FeedbackVector::GetClosureFeedbackCell(int index) const {
DCHECK_GE(index, 0);
ClosureFeedbackCellArray cell_array =
ClosureFeedbackCellArray::cast(closure_feedback_cell_array());
return cell_array.GetFeedbackCell(index);
return closure_feedback_cell_array().GetFeedbackCell(index);
}
FeedbackCell FeedbackVector::closure_feedback_cell(int index) const {
DCHECK_GE(index, 0);
return closure_feedback_cell_array().cell(index);
}
MaybeObject FeedbackVector::SynchronizedGet(FeedbackSlot slot) const {
......
......@@ -166,7 +166,9 @@ class ClosureFeedbackCellArray : public FixedArray {
V8_EXPORT_PRIVATE static Handle<ClosureFeedbackCellArray> New(
Isolate* isolate, Handle<SharedFunctionInfo> shared);
inline Handle<FeedbackCell> GetFeedbackCell(int index);
inline FeedbackCell cell(int index);
DECL_VERIFIER(ClosureFeedbackCellArray)
DECL_PRINTER(ClosureFeedbackCellArray)
......@@ -249,6 +251,7 @@ class FeedbackVector
// Returns the feedback cell at |index| that is used to create the
// closure.
inline Handle<FeedbackCell> GetClosureFeedbackCell(int index) const;
inline FeedbackCell closure_feedback_cell(int index) const;
// Gives access to raw memory which stores the array's data.
inline MaybeObjectSlot slots_start();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment