Commit d69ac35e authored by Anton Bikineev's avatar Anton Bikineev Committed by V8 LUCI CQ

cppgc: young-gen: Simplify generational barrier

If the following conditions hold:
1) value is kSentinel,
2) slot is on stack,
3) stack is allocated below 4GB,
then the generational barrier would be erroneously triggered for the
stack object object. This CL fixes it. At the same time, it aims to
simplify the code and potentially optimizes it (by having 'and' instead
of 'sub').

Bug: chromium:1029379
Change-Id: Iafd91d50b0a1c3d97647f7bf3643dfcc7e9fb48f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3608629Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80202}
parent 66c8de2c
......@@ -135,7 +135,8 @@ class V8_EXPORT WriteBarrier final {
template <WriteBarrier::Type type>
V8_INLINE WriteBarrier::Type SetAndReturnType(WriteBarrier::Params& params) {
if (type == WriteBarrier::Type::kNone) return WriteBarrier::Type::kNone;
if constexpr (type == WriteBarrier::Type::kNone)
return WriteBarrier::Type::kNone;
#if V8_ENABLE_CHECKS
params.type = type;
#endif // !V8_ENABLE_CHECKS
......@@ -180,18 +181,24 @@ class V8_EXPORT WriteBarrierTypeForCagedHeapPolicy final {
static V8_INLINE bool TryGetCagedHeap(const void* slot, const void* value,
WriteBarrier::Params& params) {
// TODO(chromium:1056170): Check if the null check can be folded in with
// the rest of the write barrier.
if (!value) return false;
params.start = reinterpret_cast<uintptr_t>(value) &
~(api_constants::kCagedHeapReservationAlignment - 1);
const uintptr_t slot_offset =
reinterpret_cast<uintptr_t>(slot) - params.start;
if (slot_offset > api_constants::kCagedHeapReservationSize) {
// Check if slot is on stack or value is sentinel or nullptr. This relies
// on the fact that kSentinelPointer is encoded as 0x1.
return false;
}
// The compiler must fold these checks into a single one.
if (!value || value == kSentinelPointer) return false;
// Now we are certain that |value| points within the cage.
const uintptr_t real_cage_base =
reinterpret_cast<uintptr_t>(value) &
~(api_constants::kCagedHeapReservationAlignment - 1);
const uintptr_t cage_base_from_slot =
reinterpret_cast<uintptr_t>(slot) &
~(api_constants::kCagedHeapReservationAlignment - 1);
// If |cage_base_from_slot| is different from |real_cage_base|, the slot
// must be on stack, bail out.
if (V8_UNLIKELY(real_cage_base != cage_base_from_slot)) return false;
// Otherwise, set params.start and return.
params.start = real_cage_base;
return true;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment