- 24 Feb, 2021 4 commits
-
-
Zhi An Ng authored
This reverts commit ea818f07. Reason for revert: Test failure in Linux64 UBSan https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/15251/overview Original change's description: > cppgc: Fix testing APIs that enable garbage collection > > The APIs require that the CppHeap is moved into a permanently detached > state that moves the heap out of a no-gc scope. > > Bug: chromium:1056170 > Change-Id: I1fc08451b3fdfaa4cfe58e6a1ddbe5dbed7efe5c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718146 > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73025} Bug: chromium:1056170 Change-Id: Id00cb18274cbe7d255e7e95bd9e8e4dbc4b0c6e7 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718658 Auto-Submit: Zhi An Ng <zhin@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Francis McCabe <fgm@chromium.org> Cr-Commit-Position: refs/heads/master@{#73029}
-
Michael Lippautz authored
The APIs require that the CppHeap is moved into a permanently detached state that moves the heap out of a no-gc scope. Bug: chromium:1056170 Change-Id: I1fc08451b3fdfaa4cfe58e6a1ddbe5dbed7efe5c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718146 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#73025}
-
Michael Lippautz authored
Bug: chromium:1056170 Change-Id: Ib2b2788c7d59f873583e26a0716bacbf16766c93 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2716291Reviewed-by:
Omer Katz <omerkatz@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#73010}
-
Omer Katz authored
Assert that the lock is help whenever AssignUnsafe is called. LazyMutex::AssertHeld resolves to a DCHECK so this should not regress production performance (other than the call itself that might not be inlined). Bug: chromium:1056170 Change-Id: Ic2005d180e6960c24dff7743aa3e0d5e57a63d80 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2716286Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#73000}
-
- 23 Feb, 2021 2 commits
-
-
Omer Katz authored
Conservative tracing of an in construction objects might enter an infinite recursion if the object holds a reference to itself. The second time we try to trace the object it will be already marked and we can bail out of tracing it again. Bug: chromium:1056170 Change-Id: I74e99ca70c83f00d47299562d291adf7ba4a5808 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2715065 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72979}
-
Dan Elphick authored
Since gtest_prod.h is in a test-only build target, that target cannot be a dependency of non-test build targets. To prevent gn check errors warning about, this add "// nogncheck" to any includes. Bug: v8:7330 Change-Id: I40de6983e30234de2a778780a9ca839aee0bc8ee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712747 Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72943}
-
- 22 Feb, 2021 2 commits
-
-
Omer Katz authored
Bug: chromium:1056170 Change-Id: Ifb5a2cfa5f3fd2fbfecb84b1bf8f3dc464a823ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2711264Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72901}
-
Omer Katz authored
Whenever we destroy an object that contains a (Weak)(CrossThread)Persistent, we call the Persistent's dtor which frees the relevant PersistentNode. To get the PersistentRegion for the node, we get the value, then get the the relevant page which holds a reference to the heap which holds the regions. During a termination GC there is no marking and no weak callback processing. That means that, when destroying a Persistent, the page on which the object referenced by the Persistent resides may have already been swept and destroyed. Then when we try to get the page we cleared or unallocated memory and crash. This issue presented as a sweeper crash in the web tests and content_browsertests. This issue affects only Weak(CrossThread)Persistent since the region for their strong counterparts are already cleared at the start of a termination GC. This is not an issue in the Blink impl because (1) Blink finds the elevant regions through ThreadState without going through pages, and (2) Blink runs a full GC on termination that includes executing weak callbacks. Alternatively we could trace the Weak(CrossThread)Persistent region which will run the weakness callbacks and clear all WeakPersistents. The cost and outcome is equivalent. Bug: chromium:1056170 Change-Id: I3db5b01424500eb695f9876247ef0c787d0d9ef2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2708645 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72897}
-
- 19 Feb, 2021 4 commits
-
-
Michael Lippautz authored
Forced GCs are used in testing configurations and under memory pressure. Use atomic sweeping for C++ in those scenarios as testing GCs require that destructors are immediately invoked after the GC call. Bug: chromium:1056170 Change-Id: I03c13fa7a30cf74076807834c5e6d0c1fe52bb87 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704543 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#72873}
-
Mike Stanton authored
Code objects are exposed through JSFunction and SharedFunctionInfo. If they are builtins, we don't have to worry about background threads seeing partially initialized code objects. If they are optimized code objects, we may. Background threads read the code fields with AcquireLoad semantics. The fields are set on the main thread with ReleaseStore semantics when appropriate. Special care is taken when setting an optimized code object in a closure in the interpreter entry stub. Since the MacroAssembler doesn't support ReleaseStore semantics, this CL ensures that the optimized code object is stored with those semantics in the feedback vector, where the interpreter entry stub finds it. Bug: v8:7790 Change-Id: I41ecedfe0e9d1ad5091cbe9a97f66c66ca9e07dd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2676633 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72869}
-
Frank Emrich authored
This is a reland of https://chromium-review.googlesource.com/c/v8/v8/+/2688058 This CL is part of a series that adds the C++ implementation of SwissNameDictionary, a deterministic property backing store based on Swiss Tables. This CL adds the initialization code, factory functions and a canonical SwissNameDictionary plus all helpers required for that. Bug: v8:11388 Change-Id: I9cf66a3fa755288f7730f55abfb6e6cea82f6b03 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2703653 Commit-Queue: Frank Emrich <emrich@google.com> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#72857}
-
Seth Brenith authored
This reverts commit f731e13f. Reason for revert: perf regressions, chromium:1179757 Original change's description: > Remove 'length' field from ScopeInfo > > ScopeInfo has a vestigial 'length' field from when it used to be a > FixedArray. This change removes that field, which saves some memory. > > More specifically: > > - Make ScopeInfo inherit from HeapObject, not FixedArrayBase which > supplied the 'length' field. > - Privatize the FixedArray-style functions that provide access to > ScopeInfo fields by index, and move them from scope-info-inl.h to > scope-info.cc. Those functions are still used pretty heavily during > initialization (ScopeInfo::Create, etc.), but at least we can avoid > presenting them to the rest of the world. > - Change FactoryBase::NewScopeInfo to allocate the updated object shape. > It maintains the existing behavior of filling the newly-allocated > object with undefined, even though that's not a valid ScopeInfo and > further initialization is required. > - Move part of AccessorAssembler::ScriptContextTableLookup into a new > Torque macro, because it used to rely on casting ScopeInfo to > FixedArrayBase. > - In V8HeapExplorer::AddEntry, don't claim that ScopeInfo objects are > arrays. I think it makes more sense to list them under "(system)" in > the dev tools, like most other V8 internal types. > > Bug: v8:8952 > Change-Id: I8278e3a90027d4409f0d268da0fe7080754c6b8c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2601880 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Mythri Alle <mythria@chromium.org> > Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#72830} Bug: v8:8952 Change-Id: I00a69da79e5ac6aaae4436a41ce773ae014cc775 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2706086 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Seth Brenith <seth.brenith@microsoft.com> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#72855}
-
- 18 Feb, 2021 2 commits
-
-
Michael Lippautz authored
The atomic pause would not report any marked bytes which in turn would mean that the used bytes counter would stay at 0 for testing GCs that always use atomic marking. Bug: chromium:1056170 Change-Id: Ie35d9b3bc88766c4ef56271f05d944f4835ba431 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704662 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72850}
-
Omer Katz authored
Bug: chromium:1056170 Change-Id: I9151d31a27ed5fc8e8c98b77b2132aaa7ee562e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2702334Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72836}
-
- 17 Feb, 2021 5 commits
-
-
Omer Katz authored
Process global accessors for total physical size and used size are needed for blink. These are implemented via an allocation observer that atomically updates static counters. The public api only provides getters for the counters. An internal class is in charge of updating the counters as needed. A similar split is also applied to IsAnyIncrementalOrConcurrentMarking(). Drive-by: ProcessHeap is merged into cppgc::internal::WriteBarrier. Bug: chromium:1056170 Change-Id: Iaedebd1ac9d49238ce6bdd52ffa5d1ef4d28203d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695394 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72832}
-
Omer Katz authored
IsMarking returns true as long as a marker exists. That means IsMarking is true during weak processing as well. ActiveScriptWrappableManager in blink uses a weak callback that updates a HeapVector and thus can trigger a write barrier during the atomic pause (which violates a DCHECK in the barrier). Bug: chromium:1056170 Change-Id: I6304b38da9751320836a5e2407e8c7d529367bad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2700676Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72831}
-
Seth Brenith authored
ScopeInfo has a vestigial 'length' field from when it used to be a FixedArray. This change removes that field, which saves some memory. More specifically: - Make ScopeInfo inherit from HeapObject, not FixedArrayBase which supplied the 'length' field. - Privatize the FixedArray-style functions that provide access to ScopeInfo fields by index, and move them from scope-info-inl.h to scope-info.cc. Those functions are still used pretty heavily during initialization (ScopeInfo::Create, etc.), but at least we can avoid presenting them to the rest of the world. - Change FactoryBase::NewScopeInfo to allocate the updated object shape. It maintains the existing behavior of filling the newly-allocated object with undefined, even though that's not a valid ScopeInfo and further initialization is required. - Move part of AccessorAssembler::ScriptContextTableLookup into a new Torque macro, because it used to rely on casting ScopeInfo to FixedArrayBase. - In V8HeapExplorer::AddEntry, don't claim that ScopeInfo objects are arrays. I think it makes more sense to list them under "(system)" in the dev tools, like most other V8 internal types. Bug: v8:8952 Change-Id: I8278e3a90027d4409f0d268da0fe7080754c6b8c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2601880Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#72830}
-
Bill Budge authored
This reverts commit 2f8a7561. Reason for revert: Speculative revert, lots of segfaults on Arm: https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/17781 Original change's description: > [dict-proto] C++ implementation of SwissNameDictionary, pt. 3 > > This CL is part of a series that adds the C++ implementation of > SwissNameDictionary, a deterministic property backing store based on > Swiss Tables. > > This CL adds the initialization code, factory functions and a > canonical SwissNameDictionary plus all helpers required for that. > > Bug: v8:11388 > Change-Id: I6bb92740afefc7d05433cfa62023e6da5e8213c7 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2688058 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Marja Hölttä <marja@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Frank Emrich <emrich@google.com> > Cr-Commit-Position: refs/heads/master@{#72824} Bug: v8:11388 Change-Id: Ia5dae584b0fb452b12c5d64ee63ffa418c83f91b No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2698758 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by:
Bill Budge <bbudge@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#72829}
-
Frank Emrich authored
This CL is part of a series that adds the C++ implementation of SwissNameDictionary, a deterministic property backing store based on Swiss Tables. This CL adds the initialization code, factory functions and a canonical SwissNameDictionary plus all helpers required for that. Bug: v8:11388 Change-Id: I6bb92740afefc7d05433cfa62023e6da5e8213c7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2688058Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Frank Emrich <emrich@google.com> Cr-Commit-Position: refs/heads/master@{#72824}
-
- 16 Feb, 2021 3 commits
-
-
Michael Lippautz authored
Lazy sweeping may have found a memory block not positioned at the head of the corresponding bucket. Such a block is not found during a subsequent free list allocation, as such allocations do not linearly walk the free list. Bug: chromium:1056170 Change-Id: I288b6ad768987705d86fc78d0aa6fe46e99417b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692822 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72770}
-
Sathya Gunasekaran authored
The current API returns a Handle<NativeContext> which can be optionally null and all the users of this API never actually checked for this null value. Previously, this wasn't a problem as all the possible JSObjects that were user visible would return a valid NativeContext but now there are wasm objects that don't have a valid constructor so don't have a NativeContext. Bug: v8:11451, chromium:1166077 Change-Id: I4fd5edf8f1a750e6f0abb931fd41358e5ae4dfcf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692695 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#72769}
-
Omer Katz authored
On-heap hash maps in blink are limited to Member types and non-traceable types. The only exception to that is TraceWrapperV8Reference. Thus ephemerons can have non-gced traceable values. This values should not be pushed to the marking worklist since we expect everything in the worklist to be marked and not in construction (but these values don't have an object header). Instead, when getting a non-gced value we should immediately trace it. This is only relevant to ephemerons. Any other case would go through Trace(const T&) that dispatches to the TraceTrait. Blink has 1 use case of HeahHashMap from WeakMember<ScriptWrappable> to TraceWrapperV8Reference. Bug: chromium:1056170 Change-Id: Ia8f341d6bb1fc8fd3655b2be66b7814896549d1e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2696648Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72763}
-
- 15 Feb, 2021 3 commits
-
-
Omer Katz authored
Bug: chromium:1056170 Change-Id: I561166a7f1be658c5c35aa1caf8dbbbd2d720ab3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692815 Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Omer Katz <omerkatz@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72754}
-
Benedikt Meurer authored
Previously we had cached the source position information on JSStackFrame (C++) objects and reused that between calls to GetLineNumber() and GetColumnNumber(). The refactoring in https://crrev.com/eed0d27c2f774b3adbc85d0a5fb30a8cf0f018a8 effectively removed that cache, while still making things faster though. This CL puts back the caching on the StackFrameInfo objects by reusing the `offset` slot to store the computed source position (as indicated by a bit in the `flags`). For promise combinator async frames, the bit is always set and the `offset_or_source_position` slot thus always contains the source position (aka the `promise index` in this case). We also added a `StackFrameInfo::ComputeLocation()` method to remove the last remaining place where we'd peek into the StackFrameInfo from outside stack-frame-info.{cc,h}. Also-By: kimanh@chromium.org Bug: chromium:1077657, v8:8742, chromium:1069425 Change-Id: I59e26a91965617163776e6cc2610b88e6925452c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695386 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#72752}
-
Leszek Swirski authored
Add a new StackFrame class for unoptimized frames (which are either interpreted or baseline). BaselineFrame becomes a subclass of this rather than InterpretedFrame, and the various frame constants helpers are similarly amended. Bug: v8:11420, v8:11429 Change-Id: I87e9368aef48ef06a39476bf826f379ce1441528 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692208 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#72743}
-
- 12 Feb, 2021 7 commits
-
-
Omer Katz authored
HeapObjectHeader::GetSize returns object size including HeapObjectHeader. This is find for our internal usages since we want to know the actual size consumed by the object. ObjectSizeTrait should report object size for external users for which the HeapObjectHeader should be invisible. The sizes returned by the trait should exclude the header. Bug: chromium:1056170 Change-Id: I75111b9a3d0d27d0a39df4abdacaa84f1cee3a5a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692689 Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Omer Katz <omerkatz@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72723}
-
Victor Gomes authored
Change-Id: Ia115a8dfd35c935fa4356dd32dcd2e035574f7d1 Bug: v8:11429 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692566Reviewed-by:
Victor Gomes <victorgomes@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#72711}
-
Georg Neis authored
This reverts commit 87df0b7e (thus relands 42cd9eb7), with fixes for the discovered issues. Original change's description: > Revert "[compiler] Directly read PropertyCells" > > This reverts commit 42cd9eb7. > > Reason for revert: Clusterfuzz issues, e.g. > https://bugs.chromium.org/p/chromium/issues/detail?id=1176318 > > Original change's description: > > [compiler] Directly read PropertyCells > > > > Main changes: > > > > - Introduce a new broker data kind kBackgroundSerialized for objects > > that can be serialized in the background (when direct reads are on). > > (I'm planning to remove kPossiblyBackgroundSerialized in a followup, > > in favor of a dynamic choice of kSerialized or kBackgroundSerialized). > > - Make PropertyCell use that new kind. > > - Introduce a bottleneck in runtime code for changes to PropertyCells > > and make sure that a certain protocol is followed that allows > > concurrent reads from the background thread. > > - Improve interface of PropertyCell in various ways. > > > > Bug: v8:7790 > > Change-Id: If3d7926c3b894808811348b4b2bed153f5c06897 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2661462 > > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > > Commit-Queue: Georg Neis <neis@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#72586} > > TBR=ulan@chromium.org,neis@chromium.org,verwaest@chromium.org,nicohartmann@chromium.org > > Change-Id: Id04145760c49fa379bc5a3fc16eba664025a9180 > Bug: v8:7790 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685125 > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72619} Bug: v8:7790, chromium:1176509, chromium:1176318, chromium:1176504 Change-Id: Icaf285912bb948432a4a2d599cd174f6a5aa296e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685166Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72697}
-
Leszek Swirski authored
Currently we sometimes refer to baseline code or the baseline compiler by its codename (Sparkplug). The codename is fun, but we should be consistent and call things by one name or the other. Following the pattern of Ignition stuff being called "interpreter", we call Sparkplug "baseline", and leave the codename only in flags and variants. Bug: v8:11420 Change-Id: I432e5629518be7c7ad38b6acff024c91d4cfd6d3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692186 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#72696}
-
Benedikt Meurer authored
Following up on https://crrev.com/c/2689185, this CL significantly simplifies the whole implementation of the stack trace capturing. Before this CL, capturing any stack trace (for the purpose of the API or Error.stack) would roughly work like this: 1. The CaptureStackTrace() function uses the StackFrameIterator to walk the system stack. For each native frame it uses the FrameSummary abstraction to get all (including potentially inlined) frames. For each of those it appends a record consisting of six elements to a FrameArray (this holds pointers to the actual closures and receivers). 2. Afterwards the FrameArray is shrinked to the required size, and a new FixedArray is allocated, and initialized with new StackTraceFrame objects where each holds a reference to the FrameArray, the index of the frame, and an initially uninitialized StackFrameInfo reference. This new FixedArray is then returned from CaptureStackTrace() and either stored on a message object or provided to the API as v8::StackTrace. The new approach removes a lot of the machinery in between and directly creates a FixedArray of StackFrameInfo objects in CaptureStackTrace(). These StackFrameInfo objects are directly exposed as v8::StackFrame on the public API, and they hold the six fields that were previously stored flat in the FrameArray. This not only avoids a lot of copying around of data and creation of temporary objects and handles, but most importantly unifies and simplifies the stack frame function inside StackFrameInfo, so you no longer need to wonder which function / object might be responsible for a certain API. There's still a lot of room for improvement. In particular we currently don't cache the source position for a given StackFrameInfo (or globally), but rather recompute it every time. This is still very fast, significantly faster than the previous approach. There are some notable (potentially user visible) changes: - The CallSite#GetPosition() method now consistently returns the Wasm module relative bytecode offset for all Wasm frames (previously it'd return the function relative bytecode offset for non-asm.js Wasm frames). - The column and line numbers returned from StackFrameInfo methods are consistently 1-based now, instead of sometimes being 0-based (Wasm) and sometimes being 1-based (JS and asm.js Wasm). The only potentially noticable difference is that for CallSite#GetLineNumber() no longer returns 0 for Wasm frames, but that was wrong and useless anyways. - CallSite#GetThis() would sometimes return the_hole, another bug flushed out by this CL. The CL also contains some other not noteworthy drive-by-cleanups. Fixed: chromium:1057211 Bug: chromium:1077657, chromium:1069425, v8:8742 Bug: chromium:1127391, chromium:1098530, chromium:981541 Change-Id: Iff12f6838a4d99080db8dd96bccc14440affc5a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689183 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Simon Zünd <szuend@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#72694}
-
Santiago Aboy Solanes authored
Bug: v8:11422 Change-Id: I106b2226d531d7a868ac9344cce8c965250316e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690589Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#72692}
-
Leszek Swirski authored
Sparkplug is a new baseline, non-optimising second-tier compiler, designed to fit in the compiler trade-off space between Ignition and TurboProp/TurboFan. Design doc: https://docs.google.com/document/d/13c-xXmFOMcpUQNqo66XWQt3u46TsBjXrHrh4c045l-A/edit?usp=sharing Bug: v8:11420 Change-Id: Ideb7270db3d6548eedd8337a3f596eb6f8fea6b1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2667514 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#72686}
-
- 11 Feb, 2021 7 commits
-
-
Toon Verwaest authored
This speeds up sparkplug by >20%. This reland fixes the OffHeapBytecodeArray to also register a GC callback. Turns out off-heap here doesn't mean that the underlying bytecode array is off-heap and it can in fact move. Change-Id: I7c6e82abd2a7be08ead537ab84855e76edc3b290 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2688400 Auto-Submit: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72677}
-
Omer Katz authored
Bug: chromium:1056170 Change-Id: I6fb5278dd1ef14faac13602cd28286d0e0d29054 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689198 Commit-Queue: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Omer Katz <omerkatz@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72672}
-
Santiago Aboy Solanes authored
Reasons: * We disabled it more than a year ago for all configs * Not easy to re-enable * Not compatible with pointer compression as-is * Not compatible with concurrent TP/TF as-is * No concrete plans to re-enable it Also remove Map's layout_descriptor since it was only used for double field unboxing. Bug: v8:11422 Change-Id: I9260906eac199213b3210712e9903f1ecf1d7979 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2676637Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#72671}
-
Michael Lippautz authored
cppgc/testing.h is already part of a testonly gn target which only can be included from other test targets. This prevents any production target to depend on cppgc/testing.h. Bug: chromium:1056170 Change-Id: I51f6c47ffac2a05c8c63d7b4663c456a64fe75b4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689196Reviewed-by:
Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72670}
-
Omer Katz authored
HeapBase::CollectStatistics returns a HeapStatistics struct that can be used by blink to populate a memory dump. Bug: chromium:1056170 Change-Id: Ic147a02ba6b4aa77bf92cfca067da70b7e1af55b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689181 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72660}
-
Michael Lippautz authored
WrapperDescriptor is used to describe how JS wrapper objects can be inspected to find C++ wrappable objects. In addition, to specifying which embedder fields are used to find type and instance, the descriptor also provides and embedder id that identifies garbage-collected objects. It is expected that the first field of the type is a uint16_t with that id. Bug: chromium:1056170 Change-Id: I9cf8d79db972f2dea023114fd5a567e89a3bf373 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2688399Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#72657}
-
Benedikt Meurer authored
For a long time, V8 had two distinct ways to capture and store a stack trace, one where we'd just collect and symbolize the information for the v8::StackTrace API (script id, name, line and colum information mostly), and one where V8 would also memorize the closures, receivers, and optionally the parameters of the stack frame, which we use for Error.stack and the non-standard CallSite APIs. Those two were often out of sync and suffered from various different issues. Eventually they were refactored into a single captureStackTrace() bottleneck that would produce a FrameArray. This CL is a logical continuation of the refactorings. It repairs a regression where we'd compute the method name (as part of the cached StackFrameInfo) even if we don't need them (as is the case for the inspector and any other use of the v8::StackTrace API). Everytime a method was invoked on StackTraceFrame, it'd call into StackTraceFrame::GetInfo(), which would lazily setup the StackFrameInfo like this: 1. Create a FrameArrayIterator and point it to the FrameArray at the index stored in the StackTraceFrame. 2. Invoke FrameArrayIterator::Frame(), which copies the information from the FrameArray into a temporary JSStackFrame, AsmJsStackFrame or WasmStackFrame C++ object, and use the StackFrameBase virtual methods to transfer all information to a newly created StackFrameInfo object. 3. Kill the link to the FrameArray and put a link to the StackFrameInfo object into the StackTraceFrame. This caching turned out to be extremely costly, since beyond other things, it'd always invoke JSStackFrame::GetMethodName(), which is extremely costly (the execution time is linear in the number of properties on the receiver and it's prototype chain). The cost was so high that several work-arounds had been added, which would avoid triggering the eager construction of the StackFrameInfo object (i.e. https://crrev.com/c/2080663, https://crrev.com/c/2550504 or https://crrev.com/c/2261736, but also https://crrev.com/c/1688927). This CL removes the StackFrameInfo caching completely, since neither the inspector nor Error.stack benefit from the caching at all. It's only the first part in a series of refactorings that will significantly reduce the complexity and overhead of the stack trace collection. Doc: https://bit.ly/2wkbuIy Bug: chromium:1057211, chromium:1077657, chromium:1069425, v8:8742 Bug: chromium:1127391, chromium:1098530, chromium:981541 Change-Id: I8edb8ff48b620eb3043ae51ab4ea27146ef0a5a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689185 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Simon Zünd <szuend@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#72647}
-
- 10 Feb, 2021 1 commit
-
-
Andrew Comminos authored
Since the finalizer-based CodeEntry deallocation tracking can't intercept flushed bytecode, implement monitoring for this via code events. Bug: v8:11054 Change-Id: I9557b4777fe0d0963309bd8134c57928e0aa3e08 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2686907 Commit-Queue: Andrew Comminos <acomminos@fb.com> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#72639}
-