Google Git
Sign in
chromium / v8 / v8 / da785659bee5b5cefc2087e817331a781dcbe574
commitda785659bee5b5cefc2087e817331a781dcbe574[log] [tgz]
authorJakob Gruber <jgruber@chromium.org>Tue Feb 09 06:52:56 2021
committerCommit Bot <commit-bot@chromium.org>Tue Feb 09 07:44:09 2021
tree1b8b88f973546eb3fb77388743b46fae8a276b33
parent72464122bda24e8712b7600e7d250e600dde97c1 [diff]
[compiler] Don't serialize JSTypedArray fields

This CL removes serialization of JSTypedArray fields when direct heap
reads are enabled. Invariants we rely on:

- Of the underlying interesting fields,
  - base_pointer and external_pointer are set either during
    initialization, or in a one-time on-to-off-heap transition in
    GetBuffer.
  - length and buffer are immutable after initialization.
- is_on_heap and DataPtr derive from base_pointer and
  external_pointer s.t. is_on_heap == (base_pointer != 0) and
  DataPtr == external_pointer in the off-heap case.

In this CL we add one new invariant:

- For all base_pointer and external_pointer mutations after
  initialization, base_pointer is guaranteed to be release-stored
  after external_pointer has been written.

With these invariants, concurrent access to off-heap typed arrays is
trivial as long as is_on_heap (= base_pointer) is read before other
relevant fields.

Note that JSTypedArray remains a kSerializedHeapObject due to the
serialized superclass JSObject.

Drive-by: Remove unused Torque operators and empty TODOs.

Bug: v8:7790
Change-Id: I3c4327318f94e4e6083d4e87476069aad2649386
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679689
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72572}
5 files changed
tree: 1b8b88f973546eb3fb77388743b46fae8a276b33
  1. .github/
  2. build_overrides/
  3. custom_deps/
  4. docs/
  5. gni/
  6. include/
  7. infra/
  8. samples/
  9. src/
  10. test/
  11. testing/
  12. third_party/
  13. tools/
  14. .clang-format
  15. .clang-tidy
  16. .editorconfig
  17. .flake8
  18. .git-blame-ignore-revs
  19. .gitattributes
  20. .gitignore
  21. .gn
  22. .vpython
  23. .ycm_extra_conf.py
  24. AUTHORS
  25. BUILD.gn
  26. CODE_OF_CONDUCT.md
  27. codereview.settings
  28. COMMON_OWNERS
  29. DEPS
  30. DIR_METADATA
  31. ENG_REVIEW_OWNERS
  32. INFRA_OWNERS
  33. INTL_OWNERS
  34. LICENSE
  35. LICENSE.fdlibm
  36. LICENSE.strongtalk
  37. LICENSE.v8
  38. MIPS_OWNERS
  39. OWNERS
  40. PPC_OWNERS
  41. PRESUBMIT.py
  42. README.md
  43. S390_OWNERS
  44. WATCHLISTS
README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://v8.dev/docs

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned at v8.dev/docs/contribute.