• Samuel Groß's avatar
    [sandbox] Implement GC for the external pointer table · 4a3e41c5
    Samuel Groß authored
    The external pointer table is now managed by the GC, which marks entries
    that are alive during major GC, then sweeps the table afterwards to free
    all dead entries and build a free list from them. For now, only major GCs
    are supported, Scavenger GCs do not interact with the external pointer table.
    
    In more detail, garbage collection of the external pointer table works
    as follows:
    
    1. The external pointer table now reserves a large region of virtual
       address space for its backing buffer and is then never reallocated,
       only grown in place until the maximum size is reached.
    2. When the GC's marking visitor marks a HeapObject with an external
       pointer as alive, it also marks the corresponding external pointer
       table entry as alive. This can happen on a background thread.
    3. For that, it uses the MSB of each entry in the table to indicate
       whether the entry has been marked or not. This works because the MSB
       is always cleared during the AND-based type check performed when
       accessing an external pointer.
    4. After marking, the external pointer table is swept while the mutator
       is stopped. This builds an inline, singly-linked freelist of all
       newly-dead and previously-free entries.
    5. When allocating an entry from the table, the first entry on the
       freelist is used. If the freelist is empty, the table grows,
       populating the freelist with the new entries.
    6. Every newly-allocated entry is marked as alive, and every store to an
       existing entry also automatically marks that entry as alive (by also
       setting the MSB). This simplifies the design of the table GC with
       regards to concurrency (See ExternalPointerTable::Mark).
    
    Bug: v8:10391
    Change-Id: I8877fdf5576af3761bde65298951bb09e601bd14
    Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359625Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
    Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
    Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
    Commit-Queue: Samuel Groß <saelo@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#78708}
    4a3e41c5
objects-inl.h 40.6 KB