[csa] Revert `inline_allocation` check in AllocateUninitializedJSArrayWithElements

This CL makes `AllocateUninitializedJSArrayWithElements` always perform inline allocation, regardless of the `v8_allocation_folding` flag. Since there are other hand crafted folded-allocations in v8 (e.g. json parser), it is hard to catch and fix them all, including this one. Also this function will trigger an IR compilation error at the moment with `V8_ALLOCATION_FOLDING_BOOL = true`. So it's better to revert it instead of fixing the compilation error and make the code more complex. PS: The `inline_allocation` check was introduced by https://chromium-review.googlesource.com/c/v8/v8/+/2946667. Change-Id: Ia88dcc23bec47a7aefb3315dd73f6d80452053b4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3017695Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au> Cr-Commit-Position: refs/heads/master@{#75672}

[csa] Revert `inline_allocation` check in AllocateUninitializedJSArrayWithElements
This CL makes `AllocateUninitializedJSArrayWithElements` always perform inline allocation, regardless of the `v8_allocation_folding` flag. Since there are other hand crafted folded-allocations in v8 (e.g. json parser), it is hard to catch and fix them all, including this one. Also this function will trigger an IR compilation error at the moment with `V8_ALLOCATION_FOLDING_BOOL = true`. So it's better to revert it instead of fixing the compilation error and make the code more complex. PS: The `inline_allocation` check was introduced by https://chromium-review.googlesource.com/c/v8/v8/+/2946667. Change-Id: Ia88dcc23bec47a7aefb3315dd73f6d80452053b4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3017695Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au> Cr-Commit-Position: refs/heads/master@{#75672}
e5d90561 · Wenyu Zhao · V8 LUCI CQ · 1134f956 · e5d90561
Commit e5d90561 authored Jul 09, 2021 by Wenyu Zhao Committed by V8 LUCI CQ Jul 12, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 13 deletions

code-stub-assembler.cc src/codegen/code-stub-assembler.cc +3 -13

No files found.
--- a/src/codegen/code-stub-assembler.cc
+++ b/src/codegen/code-stub-assembler.cc
@@ -4019,14 +4019,9 @@ CodeStubAssembler::AllocateUninitializedJSArrayWithElements(
    // folding trick. Instead, we first allocate the elements in large object
    // space, and then allocate the JSArray (and possibly the allocation
    // memento) in new space.
-    const bool inline_allocation =
-        !V8_DISABLE_WRITE_BARRIERS_BOOL || V8_ALLOCATION_FOLDING_BOOL;
-    if ((allocation_flags & kAllowLargeObjectAllocation) ||
-        !inline_allocation) {
+    if (allocation_flags & kAllowLargeObjectAllocation) {
      Label next(this);
-      if (inline_allocation) {
-        GotoIf(IsRegularHeapObjectSize(size), &next);
-      }
+      GotoIf(IsRegularHeapObjectSize(size), &next);

      CSA_CHECK(this, IsValidFastJSArrayCapacity(capacity));

@@ -4048,13 +4043,8 @@ CodeStubAssembler::AllocateUninitializedJSArrayWithElements(

      Goto(&out);

-      if (inline_allocation) {
-        BIND(&next);
-      }
+      BIND(&next);
    }
-
-    if (!inline_allocation) Unreachable();
-
    // Fold all objects into a single new space allocation.
    array =
        AllocateUninitializedJSArray(array_map, length, allocation_site, size);