• vogelheim's avatar
    Revert of Reland [heap] Avoid the use of cells to point from code to new-space... · 25d59e9d
    vogelheim authored
    Revert of Reland [heap] Avoid the use of cells to point from code to new-space objects. (patchset #3 id:40001 of https://codereview.chromium.org/2091733002/ )
    
    Reason for revert:
    This breaks gc-stress bot: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot
    
    #
    # Fatal error in ../../src/heap/mark-compact.cc, line 3715
    # Check failed: Page::FromAddress(reinterpret_cast<HeapObject*>(*slot)->address()) ->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION).
    #
    
    I can reproduce locally, and local revert also fixes it -> revert.
    
    Reproduce with:
     out/Debug/d8 --test --random-seed=2140216864 --nohard-abort --nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code --verify-heap --allow-natives-syntax --harmony-tailcalls test/mjsunit/mjsunit.js  test/mjsunit/es6/tail-call-megatest-shard2.js --gc-interval=500 --stress-compaction --concurrent-recompilation-queue-length=64 --concurrent-recompilation-delay=500 --concurrent-recompilation
    
    (Maybe run in loop; it's flaky when broken; but passes reliably w/ revert.)
    
    Original issue's description:
    > Reland [heap] Avoid the use of cells to point from code to new-space objects.
    >
    > The reason for reverting was: [Sheriff] Breaks arm debug:
    > https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.
    >
    > The problem was the dereferencing of handles for smi checks. It turned out
    > that these smi checks can be removed anyways, both on arm and on mips.
    >
    > Additionally some rebasing was necessary.
    >
    > Original issue's description:
    >
    > Cells were needed originally because there was no typed remembered set to
    > record direct pointers from code space to new space. A previous
    > CL (https://codereview.chromium.org/2003553002/) already introduced
    > the remembered set, this CL uses it.
    >
    > This CL
    > * stores direct pointers in code objects, even if the target is in new space,
    > * records the slot of the pointer in typed-old-to-new remembered set,
    > * adds a list which stores weak code-to-new-space references,
    > * adds a test to test-heap.cc for weak code-to-new-space references,
    > * removes prints in tail-call-megatest.js
    >
    > R=mlippautz@chromium.org
    >
    > Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1
    > Cr-Commit-Position: refs/heads/master@{#37217}
    
    TBR=mlippautz@chromium.org,ahaas@chromium.org
    # Skipping CQ checks because original CL landed less than 1 days ago.
    NOPRESUBMIT=true
    NOTREECHECKS=true
    NOTRY=true
    
    Review-Url: https://codereview.chromium.org/2090983002
    Cr-Commit-Position: refs/heads/master@{#37221}
    25d59e9d
heap-inl.h 25.2 KB