src/builtins · be913785df1ee84c0958cda87dfc378f2dfcf015 · Linshizhi / V8

[csa] verify skipped write-barriers in MemoryOptimizer · da7322c0

Tobias Tebbi authored Apr 25, 2019

With very few exceptions, this verifies all skipped write-barriers in
CSA and Torque, showing that the MemoryOptimizer together with some
type information on the stored value are enough to avoid unsafe skipped
write-barriers.

Changes to CSA:
SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
MemoryOptimizer by default.
Type information about the stored values (TNode<Smi>) is exploited to
safely skip write barriers for stored Smi values.
In some cases, the code is re-structured to make it easier to consume
for the MemoryOptimizer (manual branch and load elimination).

Changes to the MemoryOptimizer:
Improve the MemoryOptimizer to remove write barriers:
- When the store happens to a CSA-generated InnerAllocate, by ignoring
  Bitcasts and additions.
- When the stored value is the HeapConstant of an immortal immovable root.
- When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
- Fast C-calls are treated as non-allocating.
- Runtime calls can be white-listed as non-allocating.

Remaining missing cases:
- C++-style iterator loops with inner pointers.
- Inner allocates that are reloaded from a field where they were just stored
  (for example an elements backing store). Load elimination would fix that.
- Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
  We could handle that in Torque.
- Double-aligned allocations, which are not lowered in the MemoryOptimizer
  but in CSA.

Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
can be handled by overload resolution (in Torque and C++).

R=jarin@chromium.org
TBR=mvstanton@chromium.org

Change-Id: I0af9b710673f350e0fe81c2e59f37da93c024b7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571414
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61016}

da7322c0

Name	Last commit	Last update
..
arm		Loading commit data...
arm64		Loading commit data...
ia32		Loading commit data...
mips		Loading commit data...
mips64		Loading commit data...
ppc		Loading commit data...
s390		Loading commit data...
x64		Loading commit data...
arguments.tq		Loading commit data...
array-copywithin.tq		Loading commit data...
array-every.tq		Loading commit data...
array-filter.tq		Loading commit data...
array-find.tq		Loading commit data...
array-findindex.tq		Loading commit data...
array-foreach.tq		Loading commit data...
array-join.tq		Loading commit data...
array-lastindexof.tq		Loading commit data...
array-map.tq		Loading commit data...
array-of.tq		Loading commit data...
array-reduce-right.tq		Loading commit data...
array-reduce.tq		Loading commit data...
array-reverse.tq		Loading commit data...
array-shift.tq		Loading commit data...
array-slice.tq		Loading commit data...
array-some.tq		Loading commit data...
array-splice.tq		Loading commit data...
array-unshift.tq		Loading commit data...
array.tq		Loading commit data...
base.tq		Loading commit data...
builtins-api.cc		Loading commit data...
builtins-arguments-gen.cc		Loading commit data...
builtins-arguments-gen.h		Loading commit data...
builtins-array-gen.cc		Loading commit data...
builtins-array-gen.h		Loading commit data...
builtins-array.cc		Loading commit data...
builtins-arraybuffer.cc		Loading commit data...
builtins-async-function-gen.cc		Loading commit data...
builtins-async-gen.cc		Loading commit data...
builtins-async-gen.h		Loading commit data...
builtins-async-generator-gen.cc		Loading commit data...
builtins-async-iterator-gen.cc		Loading commit data...
builtins-bigint-gen.cc		Loading commit data...
builtins-bigint.cc		Loading commit data...
builtins-boolean-gen.cc		Loading commit data...
builtins-boolean.cc		Loading commit data...
builtins-call-gen.cc		Loading commit data...
builtins-call-gen.h		Loading commit data...
builtins-call.cc		Loading commit data...
builtins-callsite.cc		Loading commit data...
builtins-collections-gen.cc		Loading commit data...
builtins-collections-gen.h		Loading commit data...
builtins-collections.cc		Loading commit data...
builtins-console-gen.cc		Loading commit data...
builtins-console.cc		Loading commit data...
builtins-constructor-gen.cc		Loading commit data...
builtins-constructor-gen.h		Loading commit data...
builtins-constructor.h		Loading commit data...
builtins-conversion-gen.cc		Loading commit data...
builtins-data-view-gen.h		Loading commit data...
builtins-dataview.cc		Loading commit data...
builtins-date-gen.cc		Loading commit data...
builtins-date.cc		Loading commit data...
builtins-debug-gen.cc		Loading commit data...
builtins-definitions.h		Loading commit data...
builtins-descriptors.h		Loading commit data...
builtins-error.cc		Loading commit data...
builtins-extras-utils.cc		Loading commit data...
builtins-function-gen.cc		Loading commit data...
builtins-function.cc		Loading commit data...
builtins-generator-gen.cc		Loading commit data...
builtins-global-gen.cc		Loading commit data...
builtins-global.cc		Loading commit data...
builtins-handler-gen.cc		Loading commit data...
builtins-ic-gen.cc		Loading commit data...
builtins-internal-gen.cc		Loading commit data...
builtins-internal.cc		Loading commit data...
builtins-interpreter-gen.cc		Loading commit data...
builtins-intl-gen.cc		Loading commit data...
builtins-intl.cc		Loading commit data...
builtins-iterator-gen.cc		Loading commit data...
builtins-iterator-gen.h		Loading commit data...
builtins-json.cc		Loading commit data...
builtins-lazy-gen.cc		Loading commit data...
builtins-lazy-gen.h		Loading commit data...
builtins-math-gen.cc		Loading commit data...
builtins-math-gen.h		Loading commit data...
builtins-math.cc		Loading commit data...
builtins-microtask-queue-gen.cc		Loading commit data...
builtins-number-gen.cc		Loading commit data...
builtins-number.cc		Loading commit data...
builtins-object-gen.cc		Loading commit data...
builtins-object-gen.h		Loading commit data...
builtins-object.cc		Loading commit data...
builtins-promise-gen.cc		Loading commit data...
builtins-promise-gen.h		Loading commit data...
builtins-promise.cc		Loading commit data...
builtins-promise.h		Loading commit data...
builtins-proxy-gen.cc		Loading commit data...
builtins-proxy-gen.h		Loading commit data...
builtins-reflect-gen.cc		Loading commit data...
builtins-reflect.cc		Loading commit data...
builtins-regexp-gen.cc		Loading commit data...
builtins-regexp-gen.h		Loading commit data...
builtins-regexp.cc		Loading commit data...
builtins-sharedarraybuffer-gen.cc		Loading commit data...
builtins-sharedarraybuffer.cc		Loading commit data...
builtins-string-gen.cc		Loading commit data...
builtins-string-gen.h		Loading commit data...
builtins-string.cc		Loading commit data...
builtins-symbol-gen.cc		Loading commit data...
builtins-symbol.cc		Loading commit data...
builtins-trace.cc		Loading commit data...
builtins-typed-array-gen.cc		Loading commit data...
builtins-typed-array-gen.h		Loading commit data...
builtins-typed-array.cc		Loading commit data...
builtins-utils-gen.h		Loading commit data...
builtins-utils-inl.h		Loading commit data...
builtins-utils.h		Loading commit data...
builtins-wasm-gen.cc		Loading commit data...
builtins-weak-refs.cc		Loading commit data...
builtins.cc		Loading commit data...
builtins.h		Loading commit data...
collections.tq		Loading commit data...
constants-table-builder.cc		Loading commit data...
constants-table-builder.h		Loading commit data...
data-view.tq		Loading commit data...
extras-utils.tq		Loading commit data...
frames.tq		Loading commit data...
generate-bytecodes-builtins-list.cc		Loading commit data...
growable-fixed-array-gen.cc		Loading commit data...
growable-fixed-array-gen.h		Loading commit data...
growable-fixed-array.tq		Loading commit data...
internal-coverage.tq		Loading commit data...
iterator.tq		Loading commit data...
object-fromentries.tq		Loading commit data...
proxy-constructor.tq		Loading commit data...
proxy-get-property.tq		Loading commit data...
proxy-revocable.tq		Loading commit data...
proxy-revoke.tq		Loading commit data...
proxy.tq		Loading commit data...
regexp-replace.tq		Loading commit data...
regexp.tq		Loading commit data...
setup-builtins-internal.cc		Loading commit data...
string-endswith.tq		Loading commit data...
string-html.tq		Loading commit data...
string-repeat.tq		Loading commit data...
string-startswith.tq		Loading commit data...
typed-array-createtypedarray.tq		Loading commit data...
typed-array-every.tq		Loading commit data...
typed-array-filter.tq		Loading commit data...
typed-array-find.tq		Loading commit data...
typed-array-findindex.tq		Loading commit data...
typed-array-foreach.tq		Loading commit data...
typed-array-reduce.tq		Loading commit data...
typed-array-reduceright.tq		Loading commit data...
typed-array-slice.tq		Loading commit data...
typed-array-some.tq		Loading commit data...
typed-array-subarray.tq		Loading commit data...
typed-array.tq		Loading commit data...