v8/test/unittests/objects/concurrent-js-array-unittest.cc

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

139 lines
4.5 KiB
C++
Raw Normal View History

// Copyright 2022 the V8 project authors. All rights reserved.
Reland "[compiler] Direct heap reads for JSArrayRef" This is a reland of 76a2ab06a10e8e4b91328f0d87515a235d26b644 Changes since the original CL: - Handle unserialized elements (optional result in getter). - Merge should_access_heap and --turbo-direct-heap-access paths. - Slightly update the serialized path in GetOwnCowElement. - Fix the cctest, add a regression test. Atomic JSObject::elements/JSArray::length setters are addressed in this CL: crrev.com/c/2704076. Original change's description: > [compiler] Direct heap reads for JSArrayRef > > There are two aspects to the non-JSObject parts of JSArrayRef: > > - JSArrayRef::length. Relevant only in two spots, 1. when reading > (immutable) array boilerplates and 2. for GetOwnCowElement. > > - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing > store. Relies on the invariant that cow backing stores are immutable. > > This CL renames the length accessor to length_unsafe to make the > danger explicit at callsites. > > For GetOwnCowElement the refactor is slightly larger, since we now > need to read into the backing store while keeping full control of > object reads (e.g. JSArray::length and JSArray::elements_kind). We > make all reads explicit at the call site by requiring that elements, > elements kind, and length are passed in as arguments to > GetOwnCowElement. Inside GetOwnCowElement, consistency between these > is *not* guaranteed due to concurrency. At runtime, consistency *is* > guaranteed through the reference-equality check on the elements seen > during compilation. The actual elements read is implemented in > ConcurrentLookupIterator::GetOwnCowElement. > > Bug: v8:7790 > Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72834} Bug: v8:7790 Change-Id: I7577ad554992cafff81099a28c34f27db9bd8042 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710431 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72904}
2021-02-22 11:24:34 +00:00
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "src/api/api.h"
#include "src/base/platform/semaphore.h"
#include "src/handles/handles-inl.h"
#include "src/handles/local-handles-inl.h"
#include "src/handles/persistent-handles.h"
#include "src/heap/heap.h"
#include "src/heap/local-heap-inl.h"
#include "src/heap/local-heap.h"
#include "src/heap/parked-scope.h"
#include "src/objects/js-array-inl.h"
#include "test/unittests/test-utils.h"
#include "testing/gtest/include/gtest/gtest.h"
Reland "[compiler] Direct heap reads for JSArrayRef" This is a reland of 76a2ab06a10e8e4b91328f0d87515a235d26b644 Changes since the original CL: - Handle unserialized elements (optional result in getter). - Merge should_access_heap and --turbo-direct-heap-access paths. - Slightly update the serialized path in GetOwnCowElement. - Fix the cctest, add a regression test. Atomic JSObject::elements/JSArray::length setters are addressed in this CL: crrev.com/c/2704076. Original change's description: > [compiler] Direct heap reads for JSArrayRef > > There are two aspects to the non-JSObject parts of JSArrayRef: > > - JSArrayRef::length. Relevant only in two spots, 1. when reading > (immutable) array boilerplates and 2. for GetOwnCowElement. > > - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing > store. Relies on the invariant that cow backing stores are immutable. > > This CL renames the length accessor to length_unsafe to make the > danger explicit at callsites. > > For GetOwnCowElement the refactor is slightly larger, since we now > need to read into the backing store while keeping full control of > object reads (e.g. JSArray::length and JSArray::elements_kind). We > make all reads explicit at the call site by requiring that elements, > elements kind, and length are passed in as arguments to > GetOwnCowElement. Inside GetOwnCowElement, consistency between these > is *not* guaranteed due to concurrency. At runtime, consistency *is* > guaranteed through the reference-equality check on the elements seen > during compilation. The actual elements read is implemented in > ConcurrentLookupIterator::GetOwnCowElement. > > Bug: v8:7790 > Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72834} Bug: v8:7790 Change-Id: I7577ad554992cafff81099a28c34f27db9bd8042 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710431 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72904}
2021-02-22 11:24:34 +00:00
namespace v8 {
using ConcurrentJsArrayTest = TestWithContext;
Reland "[compiler] Direct heap reads for JSArrayRef" This is a reland of 76a2ab06a10e8e4b91328f0d87515a235d26b644 Changes since the original CL: - Handle unserialized elements (optional result in getter). - Merge should_access_heap and --turbo-direct-heap-access paths. - Slightly update the serialized path in GetOwnCowElement. - Fix the cctest, add a regression test. Atomic JSObject::elements/JSArray::length setters are addressed in this CL: crrev.com/c/2704076. Original change's description: > [compiler] Direct heap reads for JSArrayRef > > There are two aspects to the non-JSObject parts of JSArrayRef: > > - JSArrayRef::length. Relevant only in two spots, 1. when reading > (immutable) array boilerplates and 2. for GetOwnCowElement. > > - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing > store. Relies on the invariant that cow backing stores are immutable. > > This CL renames the length accessor to length_unsafe to make the > danger explicit at callsites. > > For GetOwnCowElement the refactor is slightly larger, since we now > need to read into the backing store while keeping full control of > object reads (e.g. JSArray::length and JSArray::elements_kind). We > make all reads explicit at the call site by requiring that elements, > elements kind, and length are passed in as arguments to > GetOwnCowElement. Inside GetOwnCowElement, consistency between these > is *not* guaranteed due to concurrency. At runtime, consistency *is* > guaranteed through the reference-equality check on the elements seen > during compilation. The actual elements read is implemented in > ConcurrentLookupIterator::GetOwnCowElement. > > Bug: v8:7790 > Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72834} Bug: v8:7790 Change-Id: I7577ad554992cafff81099a28c34f27db9bd8042 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710431 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72904}
2021-02-22 11:24:34 +00:00
namespace internal {
static constexpr int kNumArrays = 1024;
namespace {
class BackgroundThread final : public v8::base::Thread {
public:
BackgroundThread(Heap* heap, std::vector<Handle<JSArray>> handles,
std::unique_ptr<PersistentHandles> ph,
base::Semaphore* sema_started)
: v8::base::Thread(base::Thread::Options("ThreadWithLocalHeap")),
heap_(heap),
handles_(std::move(handles)),
ph_(std::move(ph)),
sema_started_(sema_started) {}
void Run() override {
LocalHeap local_heap(heap_, ThreadKind::kBackground, std::move(ph_));
UnparkedScope unparked_scope(&local_heap);
LocalHandleScope scope(&local_heap);
Isolate* isolate = heap_->isolate();
for (int i = 0; i < kNumArrays; i++) {
handles_[i] = local_heap.NewPersistentHandle(handles_[i]);
}
sema_started_->Signal();
// Iterate in the opposite directions as the main thread to make a race at
// some point more likely.
static constexpr int kIndex = 1;
for (int i = 0; i < kNumArrays; i++) {
Handle<JSArray> x = handles_[i];
Handle<FixedArrayBase> elements =
local_heap.NewPersistentHandle(x->elements(isolate, kRelaxedLoad));
ElementsKind elements_kind = x->map(isolate).elements_kind();
// Mirroring the conditions in JSArrayRef::GetOwnCowElement.
if (!IsSmiOrObjectElementsKind(elements_kind)) continue;
if (elements->map() != ReadOnlyRoots(isolate).fixed_cow_array_map()) {
continue;
}
base::Optional<Object> result =
ConcurrentLookupIterator::TryGetOwnCowElement(
isolate, FixedArray::cast(*elements), elements_kind,
Smi::ToInt(x->length(isolate, kRelaxedLoad)), kIndex);
if (result.has_value()) {
// On any success, the elements at index 1 must be the original value
// Smi(1).
EXPECT_TRUE(result.value().IsSmi());
Reland "[compiler] Direct heap reads for JSArrayRef" This is a reland of 76a2ab06a10e8e4b91328f0d87515a235d26b644 Changes since the original CL: - Handle unserialized elements (optional result in getter). - Merge should_access_heap and --turbo-direct-heap-access paths. - Slightly update the serialized path in GetOwnCowElement. - Fix the cctest, add a regression test. Atomic JSObject::elements/JSArray::length setters are addressed in this CL: crrev.com/c/2704076. Original change's description: > [compiler] Direct heap reads for JSArrayRef > > There are two aspects to the non-JSObject parts of JSArrayRef: > > - JSArrayRef::length. Relevant only in two spots, 1. when reading > (immutable) array boilerplates and 2. for GetOwnCowElement. > > - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing > store. Relies on the invariant that cow backing stores are immutable. > > This CL renames the length accessor to length_unsafe to make the > danger explicit at callsites. > > For GetOwnCowElement the refactor is slightly larger, since we now > need to read into the backing store while keeping full control of > object reads (e.g. JSArray::length and JSArray::elements_kind). We > make all reads explicit at the call site by requiring that elements, > elements kind, and length are passed in as arguments to > GetOwnCowElement. Inside GetOwnCowElement, consistency between these > is *not* guaranteed due to concurrency. At runtime, consistency *is* > guaranteed through the reference-equality check on the elements seen > during compilation. The actual elements read is implemented in > ConcurrentLookupIterator::GetOwnCowElement. > > Bug: v8:7790 > Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72834} Bug: v8:7790 Change-Id: I7577ad554992cafff81099a28c34f27db9bd8042 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710431 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72904}
2021-02-22 11:24:34 +00:00
CHECK_EQ(Smi::ToInt(result.value()), 1);
}
}
}
private:
Heap* heap_;
std::vector<Handle<JSArray>> handles_;
std::unique_ptr<PersistentHandles> ph_;
base::Semaphore* sema_started_;
};
TEST_F(ConcurrentJsArrayTest, ArrayWithCowElements) {
std::unique_ptr<PersistentHandles> ph = i_isolate()->NewPersistentHandles();
Reland "[compiler] Direct heap reads for JSArrayRef" This is a reland of 76a2ab06a10e8e4b91328f0d87515a235d26b644 Changes since the original CL: - Handle unserialized elements (optional result in getter). - Merge should_access_heap and --turbo-direct-heap-access paths. - Slightly update the serialized path in GetOwnCowElement. - Fix the cctest, add a regression test. Atomic JSObject::elements/JSArray::length setters are addressed in this CL: crrev.com/c/2704076. Original change's description: > [compiler] Direct heap reads for JSArrayRef > > There are two aspects to the non-JSObject parts of JSArrayRef: > > - JSArrayRef::length. Relevant only in two spots, 1. when reading > (immutable) array boilerplates and 2. for GetOwnCowElement. > > - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing > store. Relies on the invariant that cow backing stores are immutable. > > This CL renames the length accessor to length_unsafe to make the > danger explicit at callsites. > > For GetOwnCowElement the refactor is slightly larger, since we now > need to read into the backing store while keeping full control of > object reads (e.g. JSArray::length and JSArray::elements_kind). We > make all reads explicit at the call site by requiring that elements, > elements kind, and length are passed in as arguments to > GetOwnCowElement. Inside GetOwnCowElement, consistency between these > is *not* guaranteed due to concurrency. At runtime, consistency *is* > guaranteed through the reference-equality check on the elements seen > during compilation. The actual elements read is implemented in > ConcurrentLookupIterator::GetOwnCowElement. > > Bug: v8:7790 > Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72834} Bug: v8:7790 Change-Id: I7577ad554992cafff81099a28c34f27db9bd8042 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710431 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72904}
2021-02-22 11:24:34 +00:00
std::vector<Handle<JSArray>> handles;
std::vector<Handle<JSArray>> persistent_handles;
HandleScope handle_scope(i_isolate());
Reland "[compiler] Direct heap reads for JSArrayRef" This is a reland of 76a2ab06a10e8e4b91328f0d87515a235d26b644 Changes since the original CL: - Handle unserialized elements (optional result in getter). - Merge should_access_heap and --turbo-direct-heap-access paths. - Slightly update the serialized path in GetOwnCowElement. - Fix the cctest, add a regression test. Atomic JSObject::elements/JSArray::length setters are addressed in this CL: crrev.com/c/2704076. Original change's description: > [compiler] Direct heap reads for JSArrayRef > > There are two aspects to the non-JSObject parts of JSArrayRef: > > - JSArrayRef::length. Relevant only in two spots, 1. when reading > (immutable) array boilerplates and 2. for GetOwnCowElement. > > - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing > store. Relies on the invariant that cow backing stores are immutable. > > This CL renames the length accessor to length_unsafe to make the > danger explicit at callsites. > > For GetOwnCowElement the refactor is slightly larger, since we now > need to read into the backing store while keeping full control of > object reads (e.g. JSArray::length and JSArray::elements_kind). We > make all reads explicit at the call site by requiring that elements, > elements kind, and length are passed in as arguments to > GetOwnCowElement. Inside GetOwnCowElement, consistency between these > is *not* guaranteed due to concurrency. At runtime, consistency *is* > guaranteed through the reference-equality check on the elements seen > during compilation. The actual elements read is implemented in > ConcurrentLookupIterator::GetOwnCowElement. > > Bug: v8:7790 > Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72834} Bug: v8:7790 Change-Id: I7577ad554992cafff81099a28c34f27db9bd8042 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710431 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72904}
2021-02-22 11:24:34 +00:00
// Create kNumArrays arrays with COW backing stores.
RunJS(
Reland "[compiler] Direct heap reads for JSArrayRef" This is a reland of 76a2ab06a10e8e4b91328f0d87515a235d26b644 Changes since the original CL: - Handle unserialized elements (optional result in getter). - Merge should_access_heap and --turbo-direct-heap-access paths. - Slightly update the serialized path in GetOwnCowElement. - Fix the cctest, add a regression test. Atomic JSObject::elements/JSArray::length setters are addressed in this CL: crrev.com/c/2704076. Original change's description: > [compiler] Direct heap reads for JSArrayRef > > There are two aspects to the non-JSObject parts of JSArrayRef: > > - JSArrayRef::length. Relevant only in two spots, 1. when reading > (immutable) array boilerplates and 2. for GetOwnCowElement. > > - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing > store. Relies on the invariant that cow backing stores are immutable. > > This CL renames the length accessor to length_unsafe to make the > danger explicit at callsites. > > For GetOwnCowElement the refactor is slightly larger, since we now > need to read into the backing store while keeping full control of > object reads (e.g. JSArray::length and JSArray::elements_kind). We > make all reads explicit at the call site by requiring that elements, > elements kind, and length are passed in as arguments to > GetOwnCowElement. Inside GetOwnCowElement, consistency between these > is *not* guaranteed due to concurrency. At runtime, consistency *is* > guaranteed through the reference-equality check on the elements seen > during compilation. The actual elements read is implemented in > ConcurrentLookupIterator::GetOwnCowElement. > > Bug: v8:7790 > Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72834} Bug: v8:7790 Change-Id: I7577ad554992cafff81099a28c34f27db9bd8042 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710431 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72904}
2021-02-22 11:24:34 +00:00
"function f() { return [0,1,2,3,4]; }\n"
"const xs = [];\n"
"let i = 0;\n");
for (int i = 0; i < kNumArrays; i++) {
Handle<JSArray> x =
Handle<JSArray>::cast(Utils::OpenHandle(*RunJS("xs[i++] = f();")));
EXPECT_EQ(x->elements().map(),
ReadOnlyRoots(i_isolate()).fixed_cow_array_map());
Reland "[compiler] Direct heap reads for JSArrayRef" This is a reland of 76a2ab06a10e8e4b91328f0d87515a235d26b644 Changes since the original CL: - Handle unserialized elements (optional result in getter). - Merge should_access_heap and --turbo-direct-heap-access paths. - Slightly update the serialized path in GetOwnCowElement. - Fix the cctest, add a regression test. Atomic JSObject::elements/JSArray::length setters are addressed in this CL: crrev.com/c/2704076. Original change's description: > [compiler] Direct heap reads for JSArrayRef > > There are two aspects to the non-JSObject parts of JSArrayRef: > > - JSArrayRef::length. Relevant only in two spots, 1. when reading > (immutable) array boilerplates and 2. for GetOwnCowElement. > > - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing > store. Relies on the invariant that cow backing stores are immutable. > > This CL renames the length accessor to length_unsafe to make the > danger explicit at callsites. > > For GetOwnCowElement the refactor is slightly larger, since we now > need to read into the backing store while keeping full control of > object reads (e.g. JSArray::length and JSArray::elements_kind). We > make all reads explicit at the call site by requiring that elements, > elements kind, and length are passed in as arguments to > GetOwnCowElement. Inside GetOwnCowElement, consistency between these > is *not* guaranteed due to concurrency. At runtime, consistency *is* > guaranteed through the reference-equality check on the elements seen > during compilation. The actual elements read is implemented in > ConcurrentLookupIterator::GetOwnCowElement. > > Bug: v8:7790 > Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72834} Bug: v8:7790 Change-Id: I7577ad554992cafff81099a28c34f27db9bd8042 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710431 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72904}
2021-02-22 11:24:34 +00:00
handles.push_back(x);
persistent_handles.push_back(ph->NewHandle(x));
}
base::Semaphore sema_started(0);
// Pass persistent handles to background thread.
std::unique_ptr<BackgroundThread> thread(new BackgroundThread(
i_isolate()->heap(), persistent_handles, std::move(ph), &sema_started));
EXPECT_TRUE(thread->Start());
Reland "[compiler] Direct heap reads for JSArrayRef" This is a reland of 76a2ab06a10e8e4b91328f0d87515a235d26b644 Changes since the original CL: - Handle unserialized elements (optional result in getter). - Merge should_access_heap and --turbo-direct-heap-access paths. - Slightly update the serialized path in GetOwnCowElement. - Fix the cctest, add a regression test. Atomic JSObject::elements/JSArray::length setters are addressed in this CL: crrev.com/c/2704076. Original change's description: > [compiler] Direct heap reads for JSArrayRef > > There are two aspects to the non-JSObject parts of JSArrayRef: > > - JSArrayRef::length. Relevant only in two spots, 1. when reading > (immutable) array boilerplates and 2. for GetOwnCowElement. > > - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing > store. Relies on the invariant that cow backing stores are immutable. > > This CL renames the length accessor to length_unsafe to make the > danger explicit at callsites. > > For GetOwnCowElement the refactor is slightly larger, since we now > need to read into the backing store while keeping full control of > object reads (e.g. JSArray::length and JSArray::elements_kind). We > make all reads explicit at the call site by requiring that elements, > elements kind, and length are passed in as arguments to > GetOwnCowElement. Inside GetOwnCowElement, consistency between these > is *not* guaranteed due to concurrency. At runtime, consistency *is* > guaranteed through the reference-equality check on the elements seen > during compilation. The actual elements read is implemented in > ConcurrentLookupIterator::GetOwnCowElement. > > Bug: v8:7790 > Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72834} Bug: v8:7790 Change-Id: I7577ad554992cafff81099a28c34f27db9bd8042 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710431 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72904}
2021-02-22 11:24:34 +00:00
sema_started.Wait();
// On the main thread, mutate the arrays, converting to a non-COW backing
// store.
static const char* const kMutators[] = {
"xs[--i].length--;", "xs[--i].length++;", "xs[--i].length = 0;",
"xs[--i][1] = 42;", "delete xs[--i][1];", "xs[--i].push(42);",
"xs[--i].pop();", "xs[--i][1] = 1.5;", "xs[--i][1] = {};",
};
static const int kNumMutators = arraysize(kMutators);
for (int i = kNumArrays - 1; i >= 0; i--) {
RunJS(kMutators[i % kNumMutators]);
EXPECT_NE(handles[i]->elements().map(),
ReadOnlyRoots(i_isolate()).fixed_cow_array_map());
Reland "[compiler] Direct heap reads for JSArrayRef" This is a reland of 76a2ab06a10e8e4b91328f0d87515a235d26b644 Changes since the original CL: - Handle unserialized elements (optional result in getter). - Merge should_access_heap and --turbo-direct-heap-access paths. - Slightly update the serialized path in GetOwnCowElement. - Fix the cctest, add a regression test. Atomic JSObject::elements/JSArray::length setters are addressed in this CL: crrev.com/c/2704076. Original change's description: > [compiler] Direct heap reads for JSArrayRef > > There are two aspects to the non-JSObject parts of JSArrayRef: > > - JSArrayRef::length. Relevant only in two spots, 1. when reading > (immutable) array boilerplates and 2. for GetOwnCowElement. > > - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing > store. Relies on the invariant that cow backing stores are immutable. > > This CL renames the length accessor to length_unsafe to make the > danger explicit at callsites. > > For GetOwnCowElement the refactor is slightly larger, since we now > need to read into the backing store while keeping full control of > object reads (e.g. JSArray::length and JSArray::elements_kind). We > make all reads explicit at the call site by requiring that elements, > elements kind, and length are passed in as arguments to > GetOwnCowElement. Inside GetOwnCowElement, consistency between these > is *not* guaranteed due to concurrency. At runtime, consistency *is* > guaranteed through the reference-equality check on the elements seen > during compilation. The actual elements read is implemented in > ConcurrentLookupIterator::GetOwnCowElement. > > Bug: v8:7790 > Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72834} Bug: v8:7790 Change-Id: I7577ad554992cafff81099a28c34f27db9bd8042 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710431 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72904}
2021-02-22 11:24:34 +00:00
}
thread->Join();
}
} // anonymous namespace
} // namespace internal
} // namespace v8