heap: Fix incremental-concurrent processing of large FixedArray
FixedArray object in LO space are processed incrementally in ranges of slots size kProgressBarScanningChunk to reduce latency when returning to the processing loop is critical. A progress bar stores how much slots have been processed already. In the case of regular concurrent marking there was a guarantee that the object was only processed by one thread (main *or* concurrent marking thread) at the same time. However, some optimizations that avoid write barriers for each individual write operation emit a batched write barrier that requires re-visiting the FixedArray for the marking barrier. In such cases, the progress bar would be reset using relaxed stores which is problematic as the concurrent marking thread could race on setting its own progress on the progress bar. As a result, the array would only be re-scanned partially. The fix involves using CAS to set the progress bar and bail out in the case an inconsistent state was observed. In the following: MT... main thread CM... concurrent marking thread The interesting cases are: 1. MT *or* CM processes the array without interfering: Progress bar is updated monotonically without failing. 3. MT interferes with itself: The progress bar is just reset and the main thread will restart scanning from index 0. The object is added twice to the marking worklist and processed each time one of the entries is retrieved from the worklist. 4. MT interferes with CM: 4.a.: CM processes a range of slots and re-adds the left overs by setting the progress bar and re-adding the array to the worklist. In this case CM *and* MT process the array from index 0. The first time the CAS for setting the progress bar fails on either of the threads, the looser will bail out and leave processing for the winner. 4.b.: CM is interrupted while processing a range of the array and fails in setting the progress bar for the left overs. In this case the CM bails out right away and the main thread starts processing from index 0. In addition, there is a transition from index 0 to the index of the first actual slot. This transition makes it possible to observe a reset while processing the first actual chunk of slots. Bug: chromium:942699 Change-Id: I0b06f47ee075030dadfc959528cd77b6b69bbec2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532325Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#60385}
Showing
Please
register
or
sign in
to comment