[mips]Reland^2 "[runtime] Move Context::native_context to the map"

Port 3cad6bf5 Original Commit Message: This is a reland of c7c47c68. This makes TSAN happy in addition to: Previously I presumed that the context read from a frame in the profiler was a valid context. Turns out that on non-intel we're not guaranteed that the frame is properly set up. In the case we looked at, the profiler took a sample right before writing the frame marker indicating a builtin frame, causing the "context" pointer from that frame to be a bytecode array. Since we'll read random garbage on the stack as a possible context pointer, I made the code reading the native context from it a little more defensive. Bug: v8:9860 Tbr: ulan@chromium.org, neis@chromium.org, ishell@chromium.org Original change's description: > [runtime] Move Context::native_context to the map > > Remove the native context slot from contexts by making context maps > native-context-specific. Now we require 2 loads to go from a context to the > native context, but we have 1 field fewer to store when creating contexts. > > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629 > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64296} R=xwafish@gmail.com Change-Id: I6496a8c5be8cbabf48cddc2d59111410f31eb75f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868774 Auto-Submit: Mu Tao <pamilty@gmail.com> Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#64486}

[mips]Reland^2 "[runtime] Move Context::native_context to the map"
Port 3cad6bf5 Original Commit Message: This is a reland of c7c47c68. This makes TSAN happy in addition to: Previously I presumed that the context read from a frame in the profiler was a valid context. Turns out that on non-intel we're not guaranteed that the frame is properly set up. In the case we looked at, the profiler took a sample right before writing the frame marker indicating a builtin frame, causing the "context" pointer from that frame to be a bytecode array. Since we'll read random garbage on the stack as a possible context pointer, I made the code reading the native context from it a little more defensive. Bug: v8:9860 Tbr: ulan@chromium.org, neis@chromium.org, ishell@chromium.org Original change's description: > [runtime] Move Context::native_context to the map > > Remove the native context slot from contexts by making context maps > native-context-specific. Now we require 2 loads to go from a context to the > native context, but we have 1 field fewer to store when creating contexts. > > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629 > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64296} R=xwafish@gmail.com Change-Id: I6496a8c5be8cbabf48cddc2d59111410f31eb75f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868774 Auto-Submit: Mu Tao <pamilty@gmail.com> Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#64486}
d8ba2856 · Mu Tao · Commit Bot · 31756013 · d8ba2856 · d8ba2856
Commit d8ba2856 authored Oct 18, 2019 by Mu Tao Committed by Commit Bot Oct 22, 2019
4 changed files
--- a/src/codegen/mips/macro-assembler-mips.cc
+++ b/src/codegen/mips/macro-assembler-mips.cc
@@ -4521,7 +4521,7 @@ void MacroAssembler::InvokeFunction(Register function,
 void MacroAssembler::GetObjectType(Register object, Register map,
                                   Register type_reg) {
-  lw(map, FieldMemOperand(object, HeapObject::kMapOffset));
+  LoadMap(map, object);
  lhu(type_reg, FieldMemOperand(map, Map::kInstanceTypeOffset));
 }
@@ -4770,9 +4770,15 @@ void TurboAssembler::Abort(AbortReason reason) {
  }
 }
+void MacroAssembler::LoadMap(Register destination, Register object) {
+  Lw(destination, FieldMemOperand(object, HeapObject::kMapOffset));
+}
 void MacroAssembler::LoadNativeContextSlot(int index, Register dst) {
-  lw(dst, NativeContextMemOperand());
+  LoadMap(dst, cp);
-  lw(dst, ContextMemOperand(dst, index));
+  Lw(dst,
+     FieldMemOperand(dst, Map::kConstructorOrBackPointerOrNativeContextOffset));
+  Lw(dst, MemOperand(dst, Context::SlotOffset(index)));
 }
 void TurboAssembler::StubPrologue(StackFrame::Type type) {
@@ -5014,7 +5020,7 @@ void MacroAssembler::AssertConstructor(Register object) {
    Check(ne, AbortReason::kOperandIsASmiAndNotAConstructor, t8,
          Operand(zero_reg));
-    lw(t8, FieldMemOperand(object, HeapObject::kMapOffset));
+    LoadMap(t8, object);
    lbu(t8, FieldMemOperand(t8, Map::kBitFieldOffset));
    And(t8, t8, Operand(Map::IsConstructorBit::kMask));
    Check(ne, AbortReason::kOperandIsNotAConstructor, t8, Operand(zero_reg));

--- a/src/codegen/mips/macro-assembler-mips.h
+++ b/src/codegen/mips/macro-assembler-mips.h
@@ -57,15 +57,6 @@ Register GetRegisterThatIsNotOneOf(Register reg1, Register reg2 = no_reg,
 // -----------------------------------------------------------------------------
 // Static helper functions.
-inline MemOperand ContextMemOperand(Register context, int index) {
-  return MemOperand(context, Context::SlotOffset(index));
-}
-inline MemOperand NativeContextMemOperand() {
-  return ContextMemOperand(cp, Context::NATIVE_CONTEXT_INDEX);
-}
 // Generate a MemOperand for loading a field from an object.
 inline MemOperand FieldMemOperand(Register object, int offset) {
  return MemOperand(object, offset - kHeapObjectTag);
@@ -980,6 +971,8 @@ class V8_EXPORT_PRIVATE MacroAssembler : public TurboAssembler {
                      bool do_return = NO_EMIT_RETURN,
                      bool argument_count_is_length = false);
+  void LoadMap(Register destination, Register object);
  // Make sure the stack is aligned. Only emits code in debug mode.
  void AssertStackIsAligned();

--- a/src/codegen/mips64/macro-assembler-mips64.cc
+++ b/src/codegen/mips64/macro-assembler-mips64.cc
@@ -4834,7 +4834,7 @@ void MacroAssembler::InvokeFunction(Register function,
 void MacroAssembler::GetObjectType(Register object, Register map,
                                   Register type_reg) {
-  Ld(map, FieldMemOperand(object, HeapObject::kMapOffset));
+  LoadMap(map, object);
  Lhu(type_reg, FieldMemOperand(map, Map::kInstanceTypeOffset));
 }
@@ -5090,9 +5090,15 @@ void TurboAssembler::Abort(AbortReason reason) {
  }
 }
+void MacroAssembler::LoadMap(Register destination, Register object) {
+  Ld(destination, FieldMemOperand(object, HeapObject::kMapOffset));
+}
 void MacroAssembler::LoadNativeContextSlot(int index, Register dst) {
-  Ld(dst, NativeContextMemOperand());
+  LoadMap(dst, cp);
-  Ld(dst, ContextMemOperand(dst, index));
+  Ld(dst,
+     FieldMemOperand(dst, Map::kConstructorOrBackPointerOrNativeContextOffset));
+  Ld(dst, MemOperand(dst, Context::SlotOffset(index)));
 }
 void TurboAssembler::StubPrologue(StackFrame::Type type) {
@@ -5347,7 +5353,7 @@ void MacroAssembler::AssertConstructor(Register object) {
    Check(ne, AbortReason::kOperandIsASmiAndNotAConstructor, t8,
          Operand(zero_reg));
-    ld(t8, FieldMemOperand(object, HeapObject::kMapOffset));
+    LoadMap(t8, object);
    Lbu(t8, FieldMemOperand(t8, Map::kBitFieldOffset));
    And(t8, t8, Operand(Map::IsConstructorBit::kMask));
    Check(ne, AbortReason::kOperandIsNotAConstructor, t8, Operand(zero_reg));

--- a/src/codegen/mips64/macro-assembler-mips64.h
+++ b/src/codegen/mips64/macro-assembler-mips64.h
@@ -74,14 +74,6 @@ Register GetRegisterThatIsNotOneOf(Register reg1, Register reg2 = no_reg,
 #define SmiWordOffset(offset) offset
 #endif
-inline MemOperand ContextMemOperand(Register context, int index) {
-  return MemOperand(context, Context::SlotOffset(index));
-}
-inline MemOperand NativeContextMemOperand() {
-  return ContextMemOperand(cp, Context::NATIVE_CONTEXT_INDEX);
-}
 // Generate a MemOperand for loading a field from an object.
 inline MemOperand FieldMemOperand(Register object, int offset) {
  return MemOperand(object, offset - kHeapObjectTag);
@@ -1015,6 +1007,8 @@ class V8_EXPORT_PRIVATE MacroAssembler : public TurboAssembler {
                      bool do_return = NO_EMIT_RETURN,
                      bool argument_count_is_length = false);
+  void LoadMap(Register destination, Register object);
  // Make sure the stack is aligned. Only emits code in debug mode.
  void AssertStackIsAligned();