Although every Primitive is a Data, the Cast operations for the
subclasses of Primitive do not allow casting directly from Data to the
subclasses without first going through Value. Because of this,
Primitives extracted from a V8::FixedArray require two casts to get to
the "real" type.
Thus, as a convenience to embedders, this change makes it possible to
cast directly from Data to all the subtypes of Primitive.
Also, this change makes the parameter names in the declarations match
those in the definitions, though there does not seem to be a universally
followed convention regarding these.
Bug: v8:10958
Change-Id: I18dc3fbb9a9bccb2cb3b75efd829af64d46d8eb9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2573816
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#71649}
Some wasm interpreter tests are failing since instructions generated
by gcc such as *multiply and and* (fmadds) create intermediate
results bigger than 8 bytes which doesn't match other architectures,
hence the resulting output differs.
Change-Id: I9c745c6be1b2b7a22085a230cc3f66ff756e0b62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2577460
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71647}
This commit updates the gen-postmortem-metadata.py script to
incorporate changes in V8 8.4. This removes the need to float a
patch to the script in Node.js.
Change-Id: I69da40e792f22748b0eee2952b9009b2f03d13f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565275
Reviewed-by: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#71646}
Import wrappers were only logged if logging was enabled during
compilation. If the profiler is enabled later, and regular wasm code is
logged via {NativeModule::LogWasmCodes}, the import wrappers were
missing.
This CL fixes the long-standing TODO, and adds tests which triggered
that code path. Those tests were hanging before because the expected
functions did never appear in the profile.
Drive-by: If {WasmEngine::LogOutstandingCodesForIsolate} detects that
code logging is disabled by now, it should still clear the {code_to_log}
vector.
R=thibaudm@chromium.org
Bug: chromium:1125986, chromium:1141787
Change-Id: I2566ef369bb61a09488f2d932b6c10d92e4cb12f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2574696
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71645}
- Adds an AlignedSlotAllocator class and tests, to unify slot
allocation. This attempts to use alignment holes for smaller
values.
- Reworks Frame to use the new allocator for stack slots.
- Reworks LinkageAllocator to use the new allocator for stack
slots and for ARMv7 FP register aliasing.
- Fixes the RegisterAllocator to align spill slots.
- Fixes InstructionSelector to align spill slots.
Bug: v8:9198
Change-Id: Ida148db428be89ef95de748ec5fc0e7b0358f523
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2512840
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71644}
For logging existing functions, currently walk the heap four times:
1) For getting the number of JS Code objects,
2) for getting the actual JS Code objects,
3) for getting the number of wasm code objects,
4) for getting the actual wasm code objects.
This CL refactors this to do only two heap walks (one for JS, one for
wasm). It also avoids the use of the brittle {ScopedVector} and uses a
{std::vector} instead.
R=thibaudm@chromium.org
Bug: chromium:1125986
Change-Id: I47e3c41ed65f4011ad8826f5e115db6459680807
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2571121
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71642}
Previously V8 would wrap the WebAssembly.Memory backing stores into
Uint8Arrays and report that as memories, but that's confusing to the
developer, since that's not what's really being used. The way that
DevTools presents the backing stores of memories, it's still perfectly
possible to get hold of an Uint8Array if that's what the developer is
looking for.
To make it possible to easily identify the WebAssembly.Memory objects
in the DevTools front-end (in particular for the memory inspector) we
add a 'webassemblymemory' subtype to the Chrome DevTools Protocol. We
also improve the description for the memories to include the number
of active pages.
Fixed: chromium:1155566
Screenshot: https://imgur.com/8enx57u.png
Change-Id: I63dbabe0e372e9ad6dcc8e6642cdb743147a620c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2574699
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71641}
Dependent code deopts were only printed with --trace-deopt-verbose
earlier. These just print one line and are helpful with --trace-deopt.
If we don't print these with --trace-deopt, it appears as if
we are optimizing without any deopts in between which is a bit
confusing.
Change-Id: I29b0f2ebbaac2a1ffc498e93c8433c986e429ef3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2573485
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71639}
This cl extends profview to
1. Show Turboprop ticks in a different color in timeline panel
2. In summary panel, show Turboprop optimizations and TurboFan
optimizations as two different entries
3. Fix deopts in summary panel after the rename to deopts
4. Also show information about bailouts (happen only with Turboprop)
Bug: v8:9684
Change-Id: I028b12a55741c789ecc1d212d1517a57496379dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2573477
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71638}
Stick more closely to the decoding guide laid out in the manual, and
also take the chance to remove some duplicate code.
Drive-by fix a clang-tidy warning for bool literal.
Bug: v8:11074
Change-Id: I91aa8db7cd3db30b250e8bfc9bb146c8bb56dcd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567530
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71630}
Prototype v128.{load,store}{8,16,32,64}_lane on arm.
Bug: v8:10975
Change-Id: I649f567f39f8a5ba6992a86b761f93f62619c139
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565079
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71628}
This is a reland of 716dae3ae0
Original change's description:
> [wasm-simd][ia32] Prototype sign select
>
> The implementation is the same as on x64.
>
> Bug: v8:10983
> Change-Id: I2654ce4a627ca5cc6c759051ab9034c528d9f25a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567194
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71606}
Bug: v8:10983
Change-Id: I05af92ec2d3531dd2e0d27353cc665967fb5c387
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2574001
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71627}
Pair Ops are for 31-bit support.
We had drop 31-bit support long time ago so don't need them anymore.
Change-Id: Iff1f8df19433fd1431316888d0c5276b9710b1fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2576003
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71625}
VerifyNewSpaceTop() assumes that original_top_ and
allocation_info_.start() always match. PublishPendingAllocations()
violates this invariant by only updating original_top_ in the NewSpace.
Fix this by using MarkLabStartInitialized() for NewSpace.
Alternatively we could loosen the DCHECK in VerifyNewSpaceTop(). The fix
doesn't matter too much since Ulan's LAB refactoring will get rid of
that code anyways.
Bug: v8:11224
Change-Id: I26267ac9dd78cc5d2a2a6fefca3b69f4582c094f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569769
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71618}
Improve the performance of gcmole by
* Precompiling the regexes in GCSuspectsCollector.Resolve
* Merging those regexes into a single regex, using '|'
* Changing multiprocess clang plugin invocation to threaded (running
the plugin releases the GIL so this can efficiently thread). This
uses a simple worker pool with a single work queue.
* Change clang plugin invocation loop to yield after each invocation.
This pipelines the dump-callees plugin and GCSuspectsCollector
Parse/Resolve, so that the parse can happen while waiting for other
callee dumps to finish.
Change-Id: Ib9fca70dbcfd2f9d1aebc8bd11aa1d1f7d34e24a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2562242
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71617}
We currently do not report a script ID for wasm code, i.e. the script id
is 0. We cannot just print the script ID itself, as it is considered
unstable. Thus this CL only makes us print whether it is set or not.
In a follow-up CL where we fix setting script IDs for wasm code events
the output will change.
R=thibaudm@chromium.org
Bug: chromium:1125986
Change-Id: Ibc52829ea8a5a5c9506e36390eb4c608bcab4624
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2571120
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71616}
The implementation is follows the implementation of table.copy, aside
from the table-index being passed as an intptr instead of a Smi. The
builtins of table.get/set and table.copy are different in that regard.
R=thibaudm@chromium.org
Bug: v8:7581
Change-Id: Ifde788b230083dc6633ce6b41e6acfb8b503b781
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2414211
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71615}
f64x2min/max need to canonicalize the output only if both
inputs are also canonicalized, otherwise any arithmetic NaN
(from either lane) can be placed into the result register.
We also need to make sure the output value is a QNAN.
Change-Id: I363f88528674014cd92828d429a61442406025b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2573484
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71614}
This makes sure that the code tested by fuzzers is the same as running
on native hardware.
R=ahaas@chromium.org
Bug: v8:11041
Change-Id: I1005b2de3a22d88a6bdf164338633bbb7991bc1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2573481
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71613}
Port String::Flatten to Torque (using a fast C call for the
non-allocating part) and provide fast and easy access to sequential
string data in Torque: GetStringData() flattens if necessary and
computes slices that allow direct access.
Applications: String.prototype.replaceAll, String.prototype.endsWith,
and String.prototype.beginsWith now use GetStringData() and direct
slice access instead of the slow StringCharCodeAt and they no
longer bail out to the runtime for flattening.
Drive-by changes:
- Expose String instance type bits as bitfields and enums in Torque.
- Fix method lookup in Torque to include superclass methods.
- Use char8 and char16 types in more places.
- Allow fast C calls with void return type.
- Add Torque macros to create subslices.
- Add no-GC scopes to runtime functions loading external string data.
Bug: v8:7793
Change-Id: I763b9b24212770307c9b2fe9f070f21f65d68d58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565515
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71611}
This reverts commit b614cd78c3.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64/40448/overview
Original change's description:
> Reland "Reland "[heap] Add epoch to GC tracing events""
>
> This is a reland of 3238162da7
>
> No changes since the last reland.
>
> Original change's description:
> > Reland "[heap] Add epoch to GC tracing events"
> >
> > This is a reland of be52501d52
> >
> > Fix data race by not emitting the epoch for sweeper background jobs
> > at them moment.
> >
> > Original change's description:
> > > [heap] Add epoch to GC tracing events
> > >
> > > This CL adds the TRACE_GC_EPOCH macro, which adds the epoch as attribute
> > > to the trace event. Use TRACE_GC_EPOCH for top-level events, nested
> > > events can get the information from its parent.
> > >
> > > V8's GC needs an epoch for young and full collections, since scavenges
> > > also occur during incremental marking. The epoch is also process-wide,
> > > so different isolates do not reuse the same id.
> > >
> > > Change-Id: I8889bccce51e008374b4796445a50062bd87a45d
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565247
> > > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#71521}
> >
> > Change-Id: Ib8f4bfdc01c459955eb6db63bb6e24a8aa068f09
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567702
> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#71567}
>
> TBR=ulan@chromium.org,dinfuehr@chromium.org
>
> Change-Id: I09dcfabbad4ef1ad50e02a227282982cd7d87997
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2571122
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71609}
TBR=ulan@chromium.org,dinfuehr@chromium.org
Change-Id: I9dfd37f969ec0c5e5f278e6a82732995fd82e5d9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2574002
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71610}
This is a reland of 3238162da7
No changes since the last reland.
Original change's description:
> Reland "[heap] Add epoch to GC tracing events"
>
> This is a reland of be52501d52
>
> Fix data race by not emitting the epoch for sweeper background jobs
> at them moment.
>
> Original change's description:
> > [heap] Add epoch to GC tracing events
> >
> > This CL adds the TRACE_GC_EPOCH macro, which adds the epoch as attribute
> > to the trace event. Use TRACE_GC_EPOCH for top-level events, nested
> > events can get the information from its parent.
> >
> > V8's GC needs an epoch for young and full collections, since scavenges
> > also occur during incremental marking. The epoch is also process-wide,
> > so different isolates do not reuse the same id.
> >
> > Change-Id: I8889bccce51e008374b4796445a50062bd87a45d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565247
> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#71521}
>
> Change-Id: Ib8f4bfdc01c459955eb6db63bb6e24a8aa068f09
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567702
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71567}
TBR=ulan@chromium.org,dinfuehr@chromium.org
Change-Id: I09dcfabbad4ef1ad50e02a227282982cd7d87997
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2571122
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71609}
Rolling v8/build: cb1a537..acf4f5e
Rolling v8/third_party/aemu-linux-x64: h_lfZjWg21ZL3JBJXSabJsKCnyhbzTyNAISwoJCfLCAC..Ld6Ho8txe7fnUwYDIgKsMmU0e2gBZ9Zx1n43O83aofUC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5537c03..d1cf5db
Rolling v8/third_party/depot_tools: 4640dfb..b2c18f2
Rolling v8/third_party/fuchsia-sdk: f8df9ff..efa4658
Rolling v8/tools/clang: 8636efe..9ec0bb3TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I4244d6d44df9c205b5c33c570100f46826bc4560
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2573012
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#71608}
This reverts commit 716dae3ae0.
Reason for revert: broke noavx build https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/33124/overview
Original change's description:
> [wasm-simd][ia32] Prototype sign select
>
> The implementation is the same as on x64.
>
> Bug: v8:10983
> Change-Id: I2654ce4a627ca5cc6c759051ab9034c528d9f25a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567194
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71606}
TBR=bbudge@chromium.org,zhin@chromium.org
Change-Id: I6408268945e41ef7acf5938ac989bab9824df185
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10983
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2573996
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71607}
The implementation is the same as on x64.
Bug: v8:10983
Change-Id: I2654ce4a627ca5cc6c759051ab9034c528d9f25a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567194
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71606}
Some extract lane and replace lane opcodes overlap with the ones used
for load lane, with a different addressing mode. Merge those cases
together and delete unused opcodes.
Drive by clean-up to rename kF32x4ReplaceLane to kIA32Insertps to follow
the naming convetion (kIA32 prefix) and also make it more general if in
the future we use insertps for other purposes.
Bug: v8:10975
Change-Id: Id143670f63e69cb45cf7c1ce358297a928383035
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2568924
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71605}
brc or brcl may be emitted depending on the offset length.
The emitted instr size may be 4 or 6 bytes.
Change-Id: I542ae6a60378ee33e48e08d4f1cdeda4c4c70bb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2572497
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71603}
First step towards the new exception handling proposal:
https://github.com/WebAssembly/exception-handling/issues/125
This is essentially a revert of:
"[wasm] Switch to new 'catch' and 'br_on_exn' proposal."
The changes are:
- "catch" instruction takes a tag immediate,
- "rethrow" instruction takes a label immediate,
- Add "catch_all" instruction,
- Remove "br_on_exn" instruction,
- Do not push exceptions on the stack, only the encoded values
R=clemensb@chromium.org
CC=aheejin@chromium.org
Bug: v8:8091
Change-Id: Iea4d8d5a5d3ad50693f645e93c13e8de117aa884
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484514
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71602}
TurboFan creates DisallowHeapAccess scopes, to prevent heap access in
the concurrent parts of the compiler. Then, for parts of the compiler
that do want to access the heap, it either creates Allow* scopes (which
should be avoided since they "punch a hole" in the Disallow* scopes), or
relies on a weakening of Handle::IsDereferenceAllowed which allows
handles owned by a LocalHeap to be dereferenced even if there is a
DisallowHeapDereference scope.
This patch:
a) Strengthens the implicit requirements around handle dereferencing
to require a running heap on this thread (either main-thread heap
or an un-parked, un-safepointed LocalHeap).
b) Removes the overly strict Disallow scopes in TurboFan, relying
instead on implicit requirements for allocation/handle
dereferencing in off-thread code.
c) Cleans up the "should_disallow_heap_access" predicate to be more
explicit about what should be disallowed (e.g. property accesses
can't be computed concurrently)
Change-Id: Icb56b7764913ac17e2db197a70bb189af88a6978
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554617
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71600}
