IsRunning() and IsMarking() are now equivalent. So IsRunning() can be
removed in favor of IsMarking().
IsComplete() is also renamed to IsMarkingComplete().
Bug: v8:12775
Change-Id: Ife88be4d674af055590ba5178ec1e410f8fa89d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849833
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82665}
- Swap() was not necessary as all uses merely required Merge()
- Remove unused empty Local ctor
- Use refrence for backref as it's always supposed to be non-null
Bug: v8:13193
Change-Id: Ide0a0de15185a67d028890371ae30528fd55a058
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3846863
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82648}
This is a reland of commit 9b0d5cb14b
The newly added check does not allow comparisons with stale or
invalid pointers because attempt to access the page header might
crash.
Original change's description:
> [ext-code-space] Fix Code vs non-Code comparisons
>
> When external code space is enabled comparing Code and non-Code objects
> by looking at compressed values is not always correct. Such an approach
> works only for comparing Code vs Code objects or non-Code vs non-Code
> objects.
>
> This CL instroduces SLOW_DCHECK into Object comparison operators to
> ensure that such a comparison is allowed. Also, this CL instroduces
> an Object::SafeEquals() method which compares uncompressed values
> and thus is safe to be used for comparing Code with non-Code objects.
>
> Bug: v8:11880
> Change-Id: I7ccf1f90f927beb2bb9f45efb303e902b1838d02
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838172
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82611}
Bug: v8:11880
Change-Id: Iab3c8fe49cb954b2dc9171b3fc4b189e84763e73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842932
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82624}
This reverts commit 9b0d5cb14b.
Reason for revert: Seems to fail on gc-stress bots (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/43472/overview)
Original change's description:
> [ext-code-space] Fix Code vs non-Code comparisons
>
> When external code space is enabled comparing Code and non-Code objects
> by looking at compressed values is not always correct. Such an approach
> works only for comparing Code vs Code objects or non-Code vs non-Code
> objects.
>
> This CL instroduces SLOW_DCHECK into Object comparison operators to
> ensure that such a comparison is allowed. Also, this CL instroduces
> an Object::SafeEquals() method which compares uncompressed values
> and thus is safe to be used for comparing Code with non-Code objects.
>
> Bug: v8:11880
> Change-Id: I7ccf1f90f927beb2bb9f45efb303e902b1838d02
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838172
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82611}
Bug: v8:11880
Change-Id: Ie34af0135625eff2975f78f4d2901a76b8517eb7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842930
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82616}
When external code space is enabled comparing Code and non-Code objects
by looking at compressed values is not always correct. Such an approach
works only for comparing Code vs Code objects or non-Code vs non-Code
objects.
This CL instroduces SLOW_DCHECK into Object comparison operators to
ensure that such a comparison is allowed. Also, this CL instroduces
an Object::SafeEquals() method which compares uncompressed values
and thus is safe to be used for comparing Code with non-Code objects.
Bug: v8:11880
Change-Id: I7ccf1f90f927beb2bb9f45efb303e902b1838d02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838172
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82611}
This CL removes the COMPLETE state from incremental marking. Since
then the only states left were STOPPED and MARKING, we can replace
the state with an is_running_ boolean field.
The state could change back-and-forth between MARKING and COMPLETE.
IsMarking() was already also checking for COMPLETE. So most code
already treated both states the same. IsComplete() now checks whether
marking is running and a transitive closure was reached already.
IncrementalMarking::Step() didn't process the marking queue when in
COMPLETE. This should be relatively rare though since it only
transitioned into COMPLETE when the stack guard was armed and the
allocation observer ran again before reaching a stack guard check.
Bug: v8:12775
Change-Id: Ied48d8c512ad3d1b3d2e29393d43b434b5fda8fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835689
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82581}
Introducing IncrementalMarking::AdvanceForTesting as last bottleneck
for driving incremental marking in addition to AdvanceFromTask
and AdvanceOnAllocation.
Now that we have those 3 bottlenecks, Step() and AdvanceWithDeadline()
can become private methods in IncrementalMarking. We also don't need
the StepResult return value in Step() anymore, which allows us to
remove CombineStepResult.
Bug: v8:12775
Change-Id: I702714439ef7ea4b9abf2156387503d4d00a7a48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823131
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82552}
This is a reland of commit a19316d9d7
- Revert malloc_usable_size() changes temporarily to land them in
isolation.
- Add cosmetics from https://crrev.com/c/3827876
Original change's description:
> [heap] Rework Worklist base type
>
> Worklist uses a singly-linked list of segments to hold entries.
> Segment size was based on a compile-time constant but already stored
> in the segment itself.
>
> Rework the segments to query `malloc_usable_size()` on allocation and
> adjust the capacity properly. For PartitionAlloc, it turns out that
> there's ~20% more capacity available for the 64-element segments.
>
> This slows down actual allocation of the segments with the upside of
> improving utilization and requiring 20% less segments.
>
> Change-Id: Ib8595c3fb9fb75b02e4022f6c525bb59a2df7ab7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826047
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82432}
Change-Id: Ic8c5257cfe3c347b11eea5c513ca7f62e09f637f
Bug: v8:13193
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829475
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82493}
This reverts commit a19316d9d7.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/22670/overview
Original change's description:
> [heap] Rework Worklist base type
>
> Worklist uses a singly-linked list of segments to hold entries.
> Segment size was based on a compile-time constant but already stored
> in the segment itself.
>
> Rework the segments to query `malloc_usable_size()` on allocation and
> adjust the capacity properly. For PartitionAlloc, it turns out that
> there's ~20% more capacity available for the 64-element segments.
>
> This slows down actual allocation of the segments with the upside of
> improving utilization and requiring 20% less segments.
>
> Change-Id: Ib8595c3fb9fb75b02e4022f6c525bb59a2df7ab7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826047
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82432}
Change-Id: I14994e11ff5ffaba70b93d977d40dd2f6e9e5d35
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829474
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82438}
The existing version for paged spaces simply reset the freelist, which
doesn't work for tests that require actual objects in the space.
The version for new space also doesn't work because it assumes
everything after top is free space.
Fill the space with FixedArray by iterating over the freelist and
creating an object in place of each freelist entry.
This method actually fills the space, so that we can also use it to
force page promotion.
Bug: v8:12612
Change-Id: Ie0d73e846bbf688ea52030be29e0587b2f37ed4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823135
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82437}
Worklist uses a singly-linked list of segments to hold entries.
Segment size was based on a compile-time constant but already stored
in the segment itself.
Rework the segments to query `malloc_usable_size()` on allocation and
adjust the capacity properly. For PartitionAlloc, it turns out that
there's ~20% more capacity available for the 64-element segments.
This slows down actual allocation of the segments with the upside of
improving utilization and requiring 20% less segments.
Change-Id: Ib8595c3fb9fb75b02e4022f6c525bb59a2df7ab7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826047
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82432}
This CL includes:
1) Using 1 full GC instead of 2 young GCs to force object promotion.
2) A couple of needed bailouts.
3) Using manual evacuation candidates in old space to ensure an object
is evacuted (moved to a different address) instead of relying on
Scavenger.
And some other minor tweaks
Bug: v8:12612
Change-Id: Idfd925ccdf30215998ab6e7cc632ce750fa2077a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816661
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82327}
This CL tries to improve readability of TryMarkingComplete() by
splitting it up into multiple smaller methods.
It also removes StepResult::kWaitingForFinalization since this was
only used in one test which could easily be rewritten to not need this
value. This makes CombineStepResult() and Step()s return value simpler
to understand.
Bug: v8:12775
Change-Id: I981bc7b736246ab53058d1e61e3c67db0d1130b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816668
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82319}
StepOrigin is enough to infer the right completion action: Either
finalization by task (for StepOrigin::kTask) or stack guard
(for StepOrigin::kV8).
Only tests with StepOrigin::kV8 were violating this but they also just
pass when enabling the stack guard.
Bug: v8:12775
Change-Id: I5df50198d8e3612ee97142f84bd497820a5cec78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816664
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82294}
... - a code range size agnostic version of InterpreterEntryTrampoline
builtin. The new builtin is fully compatible with the default version
and used as a template for creating interpreter entry trampoline
Code objects when --interpreted-frames-native-stack is enabled.
This CL introduces a new assembler option "position_independent_code"
which affects the way builtin calls are generated.
This mode is enabled only for InterpreterEntryTrampolineForProfiling.
Motivation:
* InterpreterEntryTrampoline uses RelocInfo::CODE_TARGET for calling
other builtins which requires the code range to be small enough to
allow PC-relative jumps/calls between Code objects. This is the
reason why --interpreted-frames-native-stack was not supported on
arm and might not work on arm64 because the code range is bigger
than the max PC-relative distance for call/jump instructions.
The new builtin calls other builtins via builtins entry table which
makes the code fully relocatable and usable for any code range size.
* RelocInfo::CODE_TARGET requires a target code to be materialized
as a Code object which contradicts the Code-less builtins goal.
* The --interpreted-frames-native-stack is rarely used in the wild but
we have to pay the price of deserializing InterpreterEntryTrampoline
builtin as a Code object which consumes address space in the code
range and thus limits the number of V8 isolates that can be created
because of code range exhaustion. Now the pointer compression cage
becomes the limiting factor instead of the code range.
* We can remove complicated logic of Factory::CopyCode() and respective
support on GC side.
Bug: v8:11880, v8:8713, v8:12592
Change-Id: Ib72e28c03496c43db42f6fe46622def12e102f31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811287
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82263}
So far there was no support for allocating large objects in the
shared heap.
Bug: v8:11708
Change-Id: Ie4ec8244fee2e75fc0e2265847fe5976da2645ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811579
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82261}
This is a reland of commit a1392fa113
The original change was reverted due to v8:13135, which was fixed
separately.
Original change's description:
> Enable background merging when --stress-background-compile
>
> This change adds new functions to BackgroundCompileTask which closely
> match those in BackgroundDeserializeTask. These functions allow a caller
> to manage background merging of newly compiled content into an existing
> Script from the Isolate compilation cache. These functions are not yet
> exposed via the API; instead, StressBackgroundCompileThread uses them to
> increase test coverage of the merging logic.
>
> Bug: v8:12808
> Change-Id: I4d2f429164223785169fe447ce2bdd8beaee00d4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793959
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82121}
Bug: v8:12808
Change-Id: I530c6e87bbad11e178ef4abfdc25fa98530f0224
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3806590
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#82165}
This reverts commit a1392fa113.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/43149/overview
Original change's description:
> Enable background merging when --stress-background-compile
>
> This change adds new functions to BackgroundCompileTask which closely
> match those in BackgroundDeserializeTask. These functions allow a caller
> to manage background merging of newly compiled content into an existing
> Script from the Isolate compilation cache. These functions are not yet
> exposed via the API; instead, StressBackgroundCompileThread uses them to
> increase test coverage of the merging logic.
>
> Bug: v8:12808
> Change-Id: I4d2f429164223785169fe447ce2bdd8beaee00d4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793959
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82121}
Bug: v8:12808
Change-Id: Ibb0bc2adb79e4655b39a8a6ac33d8c8ffc5ebdb9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804602
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82137}
This change adds new functions to BackgroundCompileTask which closely
match those in BackgroundDeserializeTask. These functions allow a caller
to manage background merging of newly compiled content into an existing
Script from the Isolate compilation cache. These functions are not yet
exposed via the API; instead, StressBackgroundCompileThread uses them to
increase test coverage of the merging logic.
Bug: v8:12808
Change-Id: I4d2f429164223785169fe447ce2bdd8beaee00d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793959
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82121}
Whenever PagedNewSpace allocates a page, the page is added to the free
list. Preallocating pages on space initialization means the pages are
added to the free list before the map for free space is initialized.
Then, when allocating from the free list, a DCHECK fails
(free-list.cc:508).
This CL delays page preallocation until `EnsureCurrentCapacity` is
called. When using PagedNewSpace, we will call this method from
`Heap::CreateHeapObjects` after the maps are allocated and before any
allocations in new space are attempted.
Bug: v8:12612
Change-Id: I33f825ddd831640b12e4c0f7b849262a335df51e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3780541
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81919}
This is a partial reland of https://crrev.com/c/3597106
With this change, an existing Script from the compilation cache can be
reused after its top-level SharedFunctionInfo was discarded, but only if
the new script is parsed on the main thread (not deserialized from code
cache data, and not parsed on a background thread).
Bug: v8:12808
Change-Id: I1edaee2095306a89e2c3b91f2fd01ac053f3c770
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689348
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81472}
MinorMC maintained a separate marking state to support interleaved GCs.
Since MinorMC now assumes that interleaving is not possible, MinorMC can
use the same marking state as the full GC.
Bug: v8:12612
Change-Id: Ibeb7df2eb24e448f811b497c9d16b3b132f87ec2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735163
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81468}
Unaglined allocations are not fully supported in V8.
- Set USE_ALLOCATION_ALIGNMENT_BOOL to false for documentation
- Verify HeapObject address alignment requirements with --verify-heap
- Move address alignment to right after allocation in the deserializer
- Use object_size in the CheckAlignment helper to get a chance to
figure out which allocation path we took
Bug: chromium:1330861, v8:8875
Change-Id: Iffd02d869923ccec133618250dfefb0480b02741
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717995
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81358}
This CL introduces a compile flag v8_enable_inner_pointer_resolution_osb
behind which lies the experimental implementation of the object start
bitmap. It disassociates the object start bitmap from the compile flag
v8_enable_conservative_stack_scanning. At the moment the former flag is
a prerequisite for the latter, as conservative stack scanning requires
some mechanism for inner pointer resolution and the object start bitmap
provides one such mechanism.
Bug: v8:12851
Change-Id: I24c6b389453fbaefc79ae50c34c5ec7a1bf23347
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717322
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81295}
Remove finalization step of incremental marking. The step was
historically used to process embedder/weak work on the main thread
before invoking the atomic pause. Remove the infrastructure as the
step is not needed anymore and actually required a safepoint.
Change-Id: I208767bbac3d9a06a0b3c67aa9779f8a5fa07328
Bug: v8:12775
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702801
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81234}
This is a partial reland of https://crrev.com/c/3597106 , except for the
changes in compiler.cc, which are just the minimal possible changes to
make the code compile.
With this change, it is possible that a call to
CompilationCache::LookupScript returns any of:
1. A Script and a toplevel SharedFunctionInfo (cache hit)
2. A Script but no toplevel SharedFunctionInfo (partial cache hit)
3. Nothing (cache miss)
Bug: v8:12808
Change-Id: Id33a4cd0cb28562d6b862fbb113ea9d03f255b2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687425
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81193}
... which might fail because usual operator== for tagged values compares
only lower 32 bits of the pointer.
Bug: v8:11880, v8:12958
Change-Id: I0978d6c510424aecfee2f044c40ea424b6cb3ab9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695593
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81096}
CodePageCollectionMemoryModificationScope now increases a per-thread
counter and inserts unprotected code chunks into a thread-local set
of chunks. This information is moved from Heap into LocalHeap.
We can't use kMaxWriteUnprotectCounter on the unprotect counter on the
MemoryChunk anymore, since e.g. for concurrent Sparkplug N threads might
now allocate a code object on the same page and since
CodePageCollectionMemoryModificationScope doesn't know about the
other threads anymore, each thread has to increase that counter by 1.
We DCHECK that nesting depth now in the scope's constructor instead.
We still need to remove chunks from `unprotected_memory_chunks_` when
freeing an executable MemoryChunk during GC. Fortunately we can still do
this, since all threads are in a safepoint during GC and we can remove
the chunk from each thread-local set without any synchronization.
Bug: chromium:1330887
Change-Id: Icefc61b8d8de113d8dcfb1cf64122d12dd9798c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688516
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81047}
This is a reland of commit abcb6bb8b4.
The data race is fixed by using atomic operations.
Original change's description:
> [heap] Avoid dynamic updates of FLAG_gc_interval
>
> Flags will be protected from updates after V8 initialization (in the
> future). This CL avoids any updates of the --gc-interval flag during
> runtime, and instead updates a static field on the HeapAllocator
> directly.
>
> R=mlippautz@chromium.org
>
> Bug: v8:12887
> Change-Id: I17a495cae50a46d59a8159c6ece1558d4d61b949
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687691
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80998}
Bug: v8:12887
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: Ib5b537500413a627d9b2509354d20906e0474d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695380
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81008}
This reverts commit abcb6bb8b4.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/20029/overview
Original change's description:
> [heap] Avoid dynamic updates of FLAG_gc_interval
>
> Flags will be protected from updates after V8 initialization (in the
> future). This CL avoids any updates of the --gc-interval flag during
> runtime, and instead updates a static field on the HeapAllocator
> directly.
>
> R=mlippautz@chromium.org
>
> Bug: v8:12887
> Change-Id: I17a495cae50a46d59a8159c6ece1558d4d61b949
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687691
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80998}
Bug: v8:12887
Change-Id: I18310a3f515506d617f42be7a208013957625eaf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695559
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Owners-Override: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81002}
Flags will be protected from updates after V8 initialization (in the
future). This CL avoids any updates of the --gc-interval flag during
runtime, and instead updates a static field on the HeapAllocator
directly.
R=mlippautz@chromium.org
Bug: v8:12887
Change-Id: I17a495cae50a46d59a8159c6ece1558d4d61b949
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687691
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80998}
... as a pair of Code and CodeDataContainer.
In order to stop creating and using trampoline Code objects for
builtins we need a different way to represent an "embedded builtin"
code lookup result of builtin trampoline Code objects.
We can't switch to CodeT for this purpose because GC still needs to
be able to locate not yet evacuated Code objects in order to update
old code pointers on the stack once Code objects are moved.
Bug: v8:11880
Change-Id: I296636a6728a11c8e3220b3fee43fd12ff633c1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3684813
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80937}
This CL introduces the following changes to the experimental
implementation of the object start bitmap, that is evaluated as
a mechanism for resolving inner pointers (behind the flag
v8_enable_conservative_stack_scanning):
- Manually iterate through page objects, instead of using the
PagedSpaceObjectIterator, for performance (avoid calling
MakeHeapIterable all the time) and to simplify the handling
of filler objects.
- Clear bits when reusing evacuated pages of the new space.
- Use the cage base to iterate correctly through code objects.
- Introduce a method for verifying the validity of the object
start bitmap.
- Minor fixes, additional checks and cleanup.
Bug: v8:12851
Change-Id: I245937ffe6f4b53c4c2dcf5126e8836aec4dc79e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3675099
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80869}
The abstractions in this CL include:
1) Using EvacuatePrologue to handle age mark updating in
SemiSpaceNewSpace.
2) Using IsPromotionCandidate to check if a page contains
the current age mark.
3) EnsureCurrentCapacity instead of Rebalance.
4) Delegate page promotions in mark-compact.cc to the
NewSpace implementation.
Bug: v8:12612
Change-Id: Ied83261d661a8e61a11bf33b1d7a2103ac99a853
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644966
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80846}
This reverts commit 5f0e7dd44f.
Reason for revert: Turns out this isn't true: https://source.chromium.org/chromium/chromium/src/+/main:v8/src/ic/ic.cc;l=946
Original change's description:
> [ic] Shadow smi_handler on LoadHandler to always be Smi
>
> StoreHandlers can store either a Code object or a Smi, so the
> smi_handler field on DataHandler is a Code|Smi. But, LoadHandlers can
> only store Smis here so add a shadowing smi_handler definition which
> only allows / returns Smis.
>
> Change-Id: Icc1c508db268950990b9c84b9e682b9a9b1f43e5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663745
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80775}
Change-Id: Ia2c14141ab5929be3ded883f0cecb40645a72dfd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3672419
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80776}
StoreHandlers can store either a Code object or a Smi, so the
smi_handler field on DataHandler is a Code|Smi. But, LoadHandlers can
only store Smis here so add a shadowing smi_handler definition which
only allows / returns Smis.
Change-Id: Icc1c508db268950990b9c84b9e682b9a9b1f43e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663745
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80775}
This is a reland of commit a76072217a
The bug exposed by landing this change the first time has been fixed
separately in https://crrev.com/c/3654413 .
Original change's description:
> Disable recompilation of existing Scripts from Isolate compilation cache
>
> My previous change https://crrev.com/c/3597106 led to some performance
> regressions in time spent on parsing and compilation. This change
> disables the ability to recompile an existing uncompiled Script, as an
> attempt to both fix the regressions and isolate which part of the
> previous change was the cause of those problems.
>
> Bug: v8:12808, chromium:1325566, chromium:1325567, chromium:1325601
> Change-Id: Ifa086bf27070da8f4b3c0e4415af5ca7b6706b0a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652252
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#80616}
Bug: v8:12808, chromium:1325566, chromium:1325567, chromium:1325601
Change-Id: Ib31864bef90ff3340d1dfd4e25e21bef121f2d49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3655011
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80645}
This reverts commit a76072217a.
Reason for revert: fails on GC Stress bot:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/38512/overview
Original change's description:
> Disable recompilation of existing Scripts from Isolate compilation cache
>
> My previous change https://crrev.com/c/3597106 led to some performance
> regressions in time spent on parsing and compilation. This change
> disables the ability to recompile an existing uncompiled Script, as an
> attempt to both fix the regressions and isolate which part of the
> previous change was the cause of those problems.
>
> Bug: v8:12808, chromium:1325566, chromium:1325567, chromium:1325601
> Change-Id: Ifa086bf27070da8f4b3c0e4415af5ca7b6706b0a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652252
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#80616}
Bug: v8:12808, chromium:1325566, chromium:1325567, chromium:1325601
Change-Id: I0f56163856d04ff49da96b0fb344fb59b5501a40
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3653273
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80617}
My previous change https://crrev.com/c/3597106 led to some performance
regressions in time spent on parsing and compilation. This change
disables the ability to recompile an existing uncompiled Script, as an
attempt to both fix the regressions and isolate which part of the
previous change was the cause of those problems.
Bug: v8:12808, chromium:1325566, chromium:1325567, chromium:1325601
Change-Id: Ifa086bf27070da8f4b3c0e4415af5ca7b6706b0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652252
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80616}
This is a follow-up CL to https://crrev.com/c/3623542.
When updating pointers during a full GC, a page might not be swept
already. In such cases there might be invalid objects in free memory.
Since these objects might be dead, their maps might have been reclaimed
already as well.
The previous CL cached the size of invalid objects in order to avoid
accessing an invalid object's map. However, as soon as a slot is within
an invalid object, we also need to check whether this slot is still a
tagged pointer which would require map access. This CL checks marking
bits on invalid objects to skip that check on such invalid objects.
Bug: v8:12578, chromium:1316289
Change-Id: Ie1d736f897a2994dbed7bfb95ed37732cd3b0882
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596123
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80609}
This adds a new struct "OOMDetails" which is passed to the
OOMErrorCallback. It currently holds the "is_heap_oom" bool that was
also passed before, plus an optional "detail" string.
The struct can later be extended without having to change the signature
of the OOMErrorCallback. Removing fields will have to follow the
standard deprecation rules, but this is also easily possible without the
hassle for this initial change.
We modify the deprecated OOMErrorCallback definition and un-deprecate it,
which can be seen as removing a deprecated API and adding a new one in
one CL.
R=mlippautz@chromium.org, jkummerow@chromium.org
Bug: chromium:1323177
Change-Id: Ic4c2cb5856906ebd664626fe463d8e96cb99b0a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647827
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80565}
