- 06 Jul, 2021 1 commit
-
-
Mike Stanton authored
TurboFan reads the value in HeapNumber, and TSAN detects a data race between this read and sets on the main thread elsewhere. We mark this as relaxed atomic (meaning, correct value of the read is not guaranteed). The compiler uses the dependency mechanism to re-read the value safely on the main thread later, and aborts compilation if a change is detected. Bug: chromium:1224277, v8:7790 Change-Id: I8931d8989812550c0c57b6bd27aa796f6f5e779d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996201Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#75586}
-
- 22 Feb, 2021 1 commit
-
-
Jakob Gruber authored
This is a reland of 76a2ab06 Changes since the original CL: - Handle unserialized elements (optional result in getter). - Merge should_access_heap and --turbo-direct-heap-access paths. - Slightly update the serialized path in GetOwnCowElement. - Fix the cctest, add a regression test. Atomic JSObject::elements/JSArray::length setters are addressed in this CL: crrev.com/c/2704076. Original change's description: > [compiler] Direct heap reads for JSArrayRef > > There are two aspects to the non-JSObject parts of JSArrayRef: > > - JSArrayRef::length. Relevant only in two spots, 1. when reading > (immutable) array boilerplates and 2. for GetOwnCowElement. > > - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing > store. Relies on the invariant that cow backing stores are immutable. > > This CL renames the length accessor to length_unsafe to make the > danger explicit at callsites. > > For GetOwnCowElement the refactor is slightly larger, since we now > need to read into the backing store while keeping full control of > object reads (e.g. JSArray::length and JSArray::elements_kind). We > make all reads explicit at the call site by requiring that elements, > elements kind, and length are passed in as arguments to > GetOwnCowElement. Inside GetOwnCowElement, consistency between these > is *not* guaranteed due to concurrency. At runtime, consistency *is* > guaranteed through the reference-equality check on the elements seen > during compilation. The actual elements read is implemented in > ConcurrentLookupIterator::GetOwnCowElement. > > Bug: v8:7790 > Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72834} Bug: v8:7790 Change-Id: I7577ad554992cafff81099a28c34f27db9bd8042 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710431 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72904}
-