• Michael Lippautz's avatar
    heap: Fix incremental-concurrent processing of large FixedArray · c4eae87a
    Michael Lippautz authored
    FixedArray object in LO space are processed incrementally in ranges of slots
    size kProgressBarScanningChunk to reduce latency when returning to the
    processing loop is critical. A progress bar stores how much slots have been
    processed already.
    
    In the case of regular concurrent marking there was a guarantee that the
    object was only processed by one thread (main *or* concurrent marking
    thread) at the same time.
    
    However, some optimizations that avoid write barriers for each
    individual write operation emit a batched write barrier that requires
    re-visiting the FixedArray for the marking barrier. In such cases, the
    progress bar would be reset using relaxed stores which is problematic as
    the concurrent marking thread could race on setting its own progress on the
    progress bar. As a result, the array would only be re-scanned partially.
    
    The fix involves using CAS to set the progress bar and bail out in the
    case an inconsistent state was observed.
    
    In the following:
    MT... main thread
    CM... concurrent marking thread
    
    The interesting cases are:
    1. MT *or* CM processes the array without interfering: Progress bar is
       updated monotonically without failing.
    3. MT interferes with itself: The progress bar is just reset and the main
       thread will restart scanning from index 0. The object is added twice to
       the marking worklist and processed each time one of the entries is
       retrieved from the worklist.
    4. MT interferes with CM:
       4.a.: CM processes a range of slots and re-adds the left overs by
       setting the progress bar and re-adding the array to the worklist.  In
       this case CM *and* MT process the array from index 0. The first time
       the CAS for setting the progress bar fails on either of the threads,
       the looser will bail out and leave processing for the winner.
       4.b.: CM is interrupted while processing a range of the array and
       fails in setting the progress bar for the left overs. In this case
       the CM bails out right away and the main thread starts processing
       from index 0.
    
    In addition, there is a transition from index 0 to the index of the
    first actual slot. This transition makes it possible to observe a reset
    while processing the first actual chunk of slots.
    
    Bug: chromium:942699
    Change-Id: I0b06f47ee075030dadfc959528cd77b6b69bbec2
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532325Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
    Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
    Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#60385}
    c4eae87a
test-heap.cc 230 KB