[compiler] Reduce wb verification performance overhead

Dominik Inführ · V8 LUCI CQ · commit 8112cb415c00 · 2025-09-16T03:31:23.000-07:00
This CL adds a fast-path check to skipped write barrier verification written in inline-assembly to avoid the cost of saving/restoring registers and the C++ call. The new method PreCheckSkippedWriteBarrier jumps directly back to the regular code path once it determines that skipping the write barrier was safe. This method doesn't need to be exhaustive and is optional because we still use the C++ method as a fallback and for error reporting. This CL reduces the overhead from -12% to -3.3% on Speedometer3 and -26.7% to -4% on Jetstream2 (both on M1). Bug: 437096305 Change-Id: I7c280f6025a8204b85cb7f7a474162902b074df8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6929591 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Darius Mercadier <dmercadier@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#102512}
diff --git a/src/codegen/arm/macro-assembler-arm.cc b/src/codegen/arm/macro-assembler-arm.cc
@@ -2984,6 +2984,52 @@ Register GetRegisterThatIsNotOneOf(Register reg1, Register reg2, Register reg3,
   UNREACHABLE();
 }
 
+void MacroAssembler::PreCheckSkippedWriteBarrier(Register object,
+                                                 Register value,
+                                                 Register scratch, Label* ok) {
+  ASM_CODE_COMMENT(this);
+  DCHECK(!AreAliased(object, scratch));
+  DCHECK(!AreAliased(value, scratch));
+
+  // The most common case: Static write barrier elimination is allowed on the
+  // last young allocation.
+  {
+    UseScratchRegisterScope temps(this);
+    Register scratch1 = temps.Acquire();
+    sub(scratch, object, Operand(kHeapObjectTag));
+    ldr(scratch1,
+        MemOperand(kRootRegister, IsolateData::last_young_allocation_offset()));
+    cmp(scratch, scratch1);
+    b(Condition::kEqual, ok);
+  }
+
+  // Write barier can also be removed if value is in read-only space.
+  CheckPageFlag(value, scratch, MemoryChunk::kIsInReadOnlyHeapMask, ne, ok);
+
+  Label not_ok;
+
+  // Handle allocation folding: Allow write barrier removal if LAB start <=
+  // object < LAB top.
+  {
+    UseScratchRegisterScope temps(this);
+    Register scratch1 = temps.Acquire();
+    // Recompute object address here because scratch was clobbered by
+    // CheckPageFlag.
+    sub(scratch, object, Operand(kHeapObjectTag));
+    ldr(scratch1, MemOperand(kRootRegister,
+                             IsolateData::new_allocation_info_start_offset()));
+    cmp(scratch, scratch1);
+    b(Condition::kUnsignedLessThan, &not_ok);
+    ldr(scratch1, MemOperand(kRootRegister,
+                             IsolateData::new_allocation_info_top_offset()));
+    cmp(scratch, scratch1);
+    b(Condition::kUnsignedLessThan, ok);
+  }
+
+  // Slow path: Potentially check more cases in C++.
+  bind(&not_ok);
+}
+
 void MacroAssembler::ComputeCodeStartAddress(Register dst) {
   ASM_CODE_COMMENT(this);
   // We can use the register pc - 8 for the address of the current instruction.
diff --git a/src/codegen/arm/macro-assembler-arm.h b/src/codegen/arm/macro-assembler-arm.h
@@ -418,6 +418,9 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
     CheckPageFlag(object, mask, cc, condition_met);
   }
 
+  void PreCheckSkippedWriteBarrier(Register object, Register value,
+                                   Register scratch, Label* ok);
+
   // Check whether d16-d31 are available on the CPU. The result is given by the
   // Z condition flag: Z==0 if d16-d31 available, Z==1 otherwise.
   void CheckFor32DRegs(Register scratch);
diff --git a/src/codegen/arm64/macro-assembler-arm64.cc b/src/codegen/arm64/macro-assembler-arm64.cc
@@ -3895,6 +3895,52 @@ void MacroAssembler::JumpIfNotMarking(Label* not_marking,
   Cbz(scratch, not_marking);
 }
 
+void MacroAssembler::PreCheckSkippedWriteBarrier(Register object,
+                                                 Register value,
+                                                 Register scratch, Label* ok) {
+  ASM_CODE_COMMENT(this);
+  DCHECK(!AreAliased(object, scratch));
+  DCHECK(!AreAliased(value, scratch));
+
+  // The most common case: Static write barrier elimination is allowed on the
+  // last young allocation.
+  {
+    UseScratchRegisterScope temps(this);
+    Register scratch1 = temps.AcquireX();
+    sub(scratch, object, kHeapObjectTag);
+    Ldr(scratch1,
+        MemOperand(kRootRegister, IsolateData::last_young_allocation_offset()));
+    cmp(scratch, scratch1);
+    B(Condition::kEqual, ok);
+  }
+
+  // Write barier can also be removed if value is in read-only space.
+  CheckPageFlag(value, scratch, MemoryChunk::kIsInReadOnlyHeapMask, ne, ok);
+
+  Label not_ok;
+
+  // Handle allocation folding: Allow write barrier removal if LAB start <=
+  // object < LAB top.
+  {
+    UseScratchRegisterScope temps(this);
+    Register scratch1 = temps.AcquireX();
+    // Recompute object address here because scratch was clobbered by
+    // CheckPageFlag.
+    sub(scratch, object, kHeapObjectTag);
+    Ldr(scratch1, MemOperand(kRootRegister,
+                             IsolateData::new_allocation_info_start_offset()));
+    cmp(scratch, scratch1);
+    B(Condition::kUnsignedLessThan, &not_ok);
+    Ldr(scratch1, MemOperand(kRootRegister,
+                             IsolateData::new_allocation_info_top_offset()));
+    cmp(scratch, scratch1);
+    B(Condition::kUnsignedLessThan, ok);
+  }
+
+  // Slow path: Potentially check more cases in C++.
+  bind(&not_ok);
+}
+
 void MacroAssembler::RecordWriteField(
     Register object, int offset, Register value, LinkRegisterStatus lr_status,
     SaveFPRegsMode save_fp, SmiCheck smi_check, ReadOnlyCheck ro_check,
diff --git a/src/codegen/arm64/macro-assembler-arm64.h b/src/codegen/arm64/macro-assembler-arm64.h
@@ -1084,6 +1084,9 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
   void LoadRootRelative(Register destination, int32_t offset) final;
   void StoreRootRelative(int32_t offset, Register value) final;
 
+  void PreCheckSkippedWriteBarrier(Register object, Register value,
+                                   Register scratch, Label* ok);
+
   // Operand pointing to an external reference.
   // May emit code to set up the scratch register. The operand is
   // only guaranteed to be correct as long as the scratch register
diff --git a/src/codegen/ia32/macro-assembler-ia32.cc b/src/codegen/ia32/macro-assembler-ia32.cc
@@ -2312,6 +2312,42 @@ void MacroAssembler::CheckPageFlag(Register object, Register scratch, int mask,
   j(cc, condition_met, condition_met_distance);
 }
 
+void MacroAssembler::PreCheckSkippedWriteBarrier(Register object,
+                                                 Register value,
+                                                 Register scratch, Label* ok) {
+  ASM_CODE_COMMENT(this);
+  DCHECK(!AreAliased(object, scratch));
+  DCHECK(!AreAliased(value, scratch));
+
+  // The most common case: Static write barrier elimination is allowed on the
+  // last young allocation.
+  lea(scratch, Operand(object, -kHeapObjectTag));
+  cmp(scratch,
+      Operand(kRootRegister, IsolateData::last_young_allocation_offset()));
+  j(Condition::equal, ok);
+
+  // Write barier can also be removed if value is in read-only space.
+  CheckPageFlag(value, scratch, MemoryChunk::kIsInReadOnlyHeapMask, not_zero,
+                ok);
+
+  Label not_ok;
+
+  // Handle allocation folding: Allow write barrier removal if LAB start <=
+  // object < LAB top.
+  // Recompute object address here because scratch was clobbered by
+  // CheckPageFlag.
+  lea(scratch, Operand(object, -kHeapObjectTag));
+  cmp(scratch,
+      Operand(kRootRegister, IsolateData::new_allocation_info_start_offset()));
+  j(Condition::kUnsignedLessThan, &not_ok);
+  cmp(scratch,
+      Operand(kRootRegister, IsolateData::new_allocation_info_top_offset()));
+  j(Condition::kUnsignedLessThan, ok);
+
+  // Slow path: Potentially check more cases in C++.
+  bind(&not_ok);
+}
+
 void MacroAssembler::ComputeCodeStartAddress(Register dst) {
   ASM_CODE_COMMENT(this);
   // In order to get the address of the current instruction, we first need
diff --git a/src/codegen/ia32/macro-assembler-ia32.h b/src/codegen/ia32/macro-assembler-ia32.h
@@ -79,6 +79,9 @@ class V8_EXPORT_PRIVATE MacroAssembler
                      Label* condition_met,
                      Label::Distance condition_met_distance = Label::kFar);
 
+  void PreCheckSkippedWriteBarrier(Register object, Register value,
+                                   Register scratch, Label* ok);
+
   // Activation support.
   void EnterFrame(StackFrame::Type type);
   void EnterFrame(StackFrame::Type type, bool load_constant_pool_pointer_reg) {
diff --git a/src/codegen/x64/macro-assembler-x64.cc b/src/codegen/x64/macro-assembler-x64.cc
@@ -5052,6 +5052,42 @@ void MacroAssembler::JumpIfNotMarking(Label* not_marking,
   j(zero, not_marking, condition_met_distance);
 }
 
+void MacroAssembler::PreCheckSkippedWriteBarrier(Register object,
+                                                 Register value,
+                                                 Register scratch, Label* ok) {
+  ASM_CODE_COMMENT(this);
+  DCHECK(!AreAliased(object, scratch));
+  DCHECK(!AreAliased(value, scratch));
+
+  // The most common case: Static write barrier elimination is allowed on the
+  // last young allocation.
+  leaq(scratch, Operand(object, -kHeapObjectTag));
+  cmpq(scratch,
+       Operand(kRootRegister, IsolateData::last_young_allocation_offset()));
+  j(Condition::equal, ok);
+
+  // Write barier can also be removed if value is in read-only space.
+  CheckPageFlag(value, scratch, MemoryChunk::kIsInReadOnlyHeapMask, not_zero,
+                ok);
+
+  Label not_ok;
+
+  // Handle allocation folding: Allow write barrier removal if LAB start <=
+  // object < LAB top.
+  // Recompute object address here because scratch was clobbered by
+  // CheckPageFlag.
+  leaq(scratch, Operand(object, -kHeapObjectTag));
+  cmpq(scratch,
+       Operand(kRootRegister, IsolateData::new_allocation_info_start_offset()));
+  j(Condition::kUnsignedLessThan, &not_ok);
+  cmpq(scratch,
+       Operand(kRootRegister, IsolateData::new_allocation_info_top_offset()));
+  j(Condition::kUnsignedLessThan, ok);
+
+  // Slow path: Potentially check more cases in C++.
+  bind(&not_ok);
+}
+
 void MacroAssembler::CheckMarkBit(Register object, Register scratch0,
                                   Register scratch1, Condition cc,
                                   Label* condition_met,
diff --git a/src/codegen/x64/macro-assembler-x64.h b/src/codegen/x64/macro-assembler-x64.h
@@ -142,6 +142,9 @@ class V8_EXPORT_PRIVATE MacroAssembler
   void JumpIfNotMarking(Label* not_marking,
                         Label::Distance condition_met_distance = Label::kFar);
 
+  void PreCheckSkippedWriteBarrier(Register object, Register value,
+                                   Register scratch, Label* ok);
+
   // Define movq here instead of using AVX_OP. movq is defined using templates
   // and there is a function template `void movq(P1)`, while technically
   // impossible, will be selected when deducing the arguments for AvxHelper.
diff --git a/src/compiler/backend/arm/code-generator-arm.cc b/src/compiler/backend/arm/code-generator-arm.cc
@@ -233,16 +233,19 @@ class OutOfLineRecordWrite final : public OutOfLineCode {
 class OutOfLineVerifySkippedWriteBarrier final : public OutOfLineCode {
  public:
   OutOfLineVerifySkippedWriteBarrier(CodeGenerator* gen, Register object,
-                                     Register value,
+                                     Register value, Register scratch,
                                      UnwindingInfoWriter* unwinding_info_writer)
       : OutOfLineCode(gen),
         object_(object),
         value_(value),
+        scratch_(scratch),
         must_save_lr_(!gen->frame_access_state()->has_frame()),
         unwinding_info_writer_(unwinding_info_writer),
         zone_(gen->zone()) {}
 
   void Generate() final {
+    __ PreCheckSkippedWriteBarrier(object_, value_, scratch_, exit());
+
     SaveFPRegsMode const save_fp_mode = frame()->DidAllocateDoubleRegisters()
                                             ? SaveFPRegsMode::kSave
                                             : SaveFPRegsMode::kIgnore;
@@ -263,7 +266,8 @@ class OutOfLineVerifySkippedWriteBarrier final : public OutOfLineCode {
  private:
   Register const object_;
   Register const value_;
-  const bool must_save_lr_;
+  Register const scratch_;
+  bool const must_save_lr_;
   UnwindingInfoWriter* const unwinding_info_writer_;
   Zone* zone_;
 };
@@ -1071,8 +1075,9 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       }
 
       DCHECK(v8_flags.verify_write_barriers);
+      Register scratch = i.TempRegister(0);
       auto ool = zone()->New<OutOfLineVerifySkippedWriteBarrier>(
-          this, object, value, &unwinding_info_writer_);
+          this, object, value, scratch, &unwinding_info_writer_);
       __ JumpIfNotSmi(value, ool->entry());
       __ bind(ool->exit());
 
diff --git a/src/compiler/backend/arm/instruction-selector-arm.cc b/src/compiler/backend/arm/instruction-selector-arm.cc
@@ -815,8 +815,14 @@ void VisitStoreCommon(InstructionSelector* selector, OpIndex node,
       }
     }
 
+    InstructionOperand temps[1];
+    size_t temp_count = 0;
+    if (write_barrier_kind == kSkippedWriteBarrier) {
+      temps[temp_count++] = g.TempRegister();
+    }
+
     code |= AddressingModeField::encode(addressing_mode);
-    selector->Emit(code, 0, nullptr, input_count, inputs);
+    selector->Emit(code, 0, nullptr, input_count, inputs, temp_count, temps);
   } else {
     InstructionCode opcode = kArchNop;
     if (!atomic_order) {
diff --git a/src/compiler/backend/arm64/code-generator-arm64.cc b/src/compiler/backend/arm64/code-generator-arm64.cc
@@ -386,26 +386,29 @@ class OutOfLineRecordWrite final : public OutOfLineCode {
 class OutOfLineVerifySkippedWriteBarrier final : public OutOfLineCode {
  public:
   OutOfLineVerifySkippedWriteBarrier(CodeGenerator* gen, Register object,
-                                     Register value,
+                                     Register value, Register scratch,
                                      UnwindingInfoWriter* unwinding_info_writer)
       : OutOfLineCode(gen),
         object_(object),
         value_(value),
+        scratch_(scratch),
         must_save_lr_(!gen->frame_access_state()->has_frame()),
         unwinding_info_writer_(unwinding_info_writer),
         zone_(gen->zone()) {}
 
   void Generate() final {
+    if (COMPRESS_POINTERS_BOOL) {
+      __ DecompressTagged(value_, value_);
+    }
+
+    __ PreCheckSkippedWriteBarrier(object_, value_, scratch_, exit());
+
     if (must_save_lr_) {
       // We need to save and restore lr if the frame was elided.
       __ Push<MacroAssembler::kSignLR>(lr, padreg);
       unwinding_info_writer_->MarkLinkRegisterOnTopOfStack(__ pc_offset(), sp);
     }
 
-    if (COMPRESS_POINTERS_BOOL) {
-      __ DecompressTagged(value_, value_);
-    }
-
     SaveFPRegsMode const save_fp_mode = frame()->DidAllocateDoubleRegisters()
                                             ? SaveFPRegsMode::kSave
                                             : SaveFPRegsMode::kIgnore;
@@ -422,6 +425,7 @@ class OutOfLineVerifySkippedWriteBarrier final : public OutOfLineCode {
  private:
   Register const object_;
   Register const value_;
+  Register const scratch_;
   const bool must_save_lr_;
   UnwindingInfoWriter* const unwinding_info_writer_;
   Zone* zone_;
@@ -1362,8 +1366,9 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       }
 
       DCHECK(v8_flags.verify_write_barriers);
+      Register scratch = i.TempRegister(0);
       auto ool = zone()->New<OutOfLineVerifySkippedWriteBarrier>(
-          this, object, value, &unwinding_info_writer_);
+          this, object, value, scratch, &unwinding_info_writer_);
       __ JumpIfNotSmi(value, ool->entry());
       __ bind(ool->exit());
 
@@ -1411,8 +1416,9 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       __ Add(temp, object, offset);
 
       DCHECK(v8_flags.verify_write_barriers);
+      Register scratch = i.TempRegister(1);
       auto ool = zone()->New<OutOfLineVerifySkippedWriteBarrier>(
-          this, object, value, &unwinding_info_writer_);
+          this, object, value, scratch, &unwinding_info_writer_);
       __ JumpIfNotSmi(value, ool->entry());
       __ bind(ool->exit());
 
diff --git a/src/compiler/backend/arm64/instruction-selector-arm64.cc b/src/compiler/backend/arm64/instruction-selector-arm64.cc
diff --git a/src/compiler/backend/ia32/code-generator-ia32.cc b/src/compiler/backend/ia32/code-generator-ia32.cc
diff --git a/src/compiler/backend/x64/code-generator-x64.cc b/src/compiler/backend/x64/code-generator-x64.cc
diff --git a/src/execution/isolate-data.h b/src/execution/isolate-data.h
diff --git a/src/maglev/maglev-assembler-inl.h b/src/maglev/maglev-assembler-inl.h

Original file line number	Diff line number	Diff line change
`@@ -418,6 +418,9 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {`
`418`	`418`	`CheckPageFlag(object, mask, cc, condition_met);`
`419`	`419`	`}`
`420`	`420`
	`421`	`+ void PreCheckSkippedWriteBarrier(Register object, Register value,`
	`422`	`+ Register scratch, Label* ok);`
	`423`	`+`
`421`	`424`	`// Check whether d16-d31 are available on the CPU. The result is given by the`
`422`	`425`	`// Z condition flag: Z==0 if d16-d31 available, Z==1 otherwise.`
`423`	`426`	`void CheckFor32DRegs(Register scratch);`