- 03 Mar, 2022 1 commit
-
-
Benoît Lizé authored
This renaming was missed in https://chromium-review.googlesource.com/c/v8/v8/+/3468577, because the code adding these #ifdef blocks landed in-between the renaming change being uploaded and landed. Bug: chromium:1298417 Change-Id: I8c2e951099dafcce7e19a59e40e36f308e2ed867 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3498349Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Benoit Lize <lizeb@chromium.org> Cr-Commit-Position: refs/heads/main@{#79345}
-
- 28 Feb, 2022 1 commit
-
-
Nikolaos Papaspyrou authored
The following histograms have been deprecated, as they are superseded by V8.GC.Cycle.*.Young or not needed anymore (next to each, the corresponding isolate counter): - V8.GCScavenger (gc_scavenger) - V8.GCScavengerBackground (gc_scavenger_background) - V8.GCScavengeReason (scavenge_reason) - V8.GCScavengerForeground (gc_scavenger_foreground) - V8.GCBackgroundScavenger (background_scavenger) - V8.GCMarkCompactor (gc_mark_compactor) This CL removes the corresponding instrumentation in the code and the isolate counters. Bug: chromium:1154636 Bug: chromium:1299555 Change-Id: I62d28ff60ef47a058fe148c7855af8e2c1cc0aed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487548Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org> Cr-Commit-Position: refs/heads/main@{#79308}
-
- 24 Feb, 2022 1 commit
-
-
Nikolaos Papaspyrou authored
This CL refactors Heap::GCTypeTimer and Heap::GCTypePriorityTimer and moves them to a GCTracer::RecordGCPhasesInfo class. This is a necessary change for deprecating counters that are used for old style GC metrics, like gc_scavenger. When all such counters are deprecated, GCTracer::RecordGCPhasesInfo will no longer be necessary and will be removed. Bug: chromium:1154636 Change-Id: I04504a0f6c7a0955f4300a1c94c969aaeb23b77f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3486556Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org> Cr-Commit-Position: refs/heads/main@{#79257}
-
- 23 Feb, 2022 1 commit
-
-
Anton Bikineev authored
Custom callbacks assume that untraced pointers always point to valid, not freed objects. They must make sure that upon callback completion no UntracedMembers point to an unreachable object. This may not hold true if a custom callback for an old object operates with a reference to a young object that was freed on a minor collection cycle. To maintain the mentioned invariant, the CL calls custom callbacks for old objects on every minor collection cycle. The alternative options could be: 1) Replacing all UntracedMembers with WeakMembers, since WeakMember supports tracing and the barrier. 2) Emitting the generational barrier for UntracedMember + tracing UntracedMember on minor collection cycles. The first option requires changing multiple use sites and can bring some performance regression. The second option requires changing the GC logic and the semantics of UntracedMember. Bug: chromium:1029379 Change-Id: I9bb89e4787daf05990feed374dceca940be7be63 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472499Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#79221}
-
- 22 Feb, 2022 2 commits
-
-
Anton Bikineev authored
This CL refactors all remembered set logic from heap-base and explicit-management to a new class OldToNewRememberedSet. Bug: chromium:1029379 Change-Id: Id032b9dcc01af6f9bb9e546ed9bc6324da6d9b66 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472498Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#79212}
-
Anton Bikineev authored
The test case was fixed in c7fbac6a This reverts commit 34c0f0fc. Bug: chromium:1278780 Change-Id: If04e41a7fc1f0c744fe785a834880e598f482ef8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401592Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#79201}
-
- 20 Feb, 2022 1 commit
-
-
Michael Lippautz authored
Weak containers are retraced if they are found through the stack using the conservative scanner, possibly resulting in a race with the concurrent marker. Bug: v8:12648 Change-Id: I0936a2953e3e2151cea4191f335a091b0e334e6b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474678 Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79184}
-
- 18 Feb, 2022 1 commit
-
-
Samuel Groß authored
Previously, V8_OS_MACOSX was, somewhat confusingly, also used for iOS. With this CL, V8_OS_DARWIN will be set on both macOS and iOS, V8_OS_MACOS only on macOS, and V8_OS_IOS only on iOS. This CL also renames V8_TARGET_OS_MACOSX to V8_TARGET_OS_MACOS and renames platform-xnu.cc to platform-darwin.cc. Change-Id: I4bcafc7c337586662114144f6c7ccf47d978da1f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468577Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#79167}
-
- 17 Feb, 2022 2 commits
-
-
Milad Fa authored
https://crrev.com/c/3471558 is causing the following compilation error on gcc: ``` error: suggest explicit braces to avoid ambiguous 'else' ``` Bug: chromium:1298417 Change-Id: I84a34603664c5ee148cc9ea282c0f8c53319b6d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472403Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#79154}
-
Benoît Lizé authored
Guard pages are 4k areas at the beginning and end of each oilpan page (128kiB) which are meant to be inaccessible. However on ARM64 macOS, the OS page size is 16kiB, meaning that these are not inaccessible. But we do pay for these, as they are part of the first and last OS page. Meaning that we effectively waste 2 * 4kiB = 6.25% of each Oilpan page. Since these are not serving their purpose, disable them on this platform. Another fix could be to make the guard page 16kiB, but given that the entire oilpan page is 128kiB, this may have adverse effects on e.g. fragmentation. Note that this doesn't regress security, as the regions were never protected to begin with on this platform. Bug: chromium:1298417 Change-Id: Iad5d05670962780e6d1eeab2bb8a331deb7aa1f3 Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3471558Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Benoit Lize <lizeb@chromium.org> Cr-Commit-Position: refs/heads/main@{#79151}
-
- 14 Feb, 2022 2 commits
-
-
Nikolaos Papaspyrou authored
This CL simplifies the reporting of full GC cycles and the connection between the GC of the managed C++ heap and the managed Javascript heap. It moves the call to GCTracer::RecordFullCycleToRecorder to be part of GCTracer::StopCycle. Bug: v8:12503 Bug: chromium:1154636 Change-Id: I332dbcd81d2e5bdda83f3353c6526fc18e23ebd5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3456563Reviewed-by:
Omer Katz <omerkatz@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org> Cr-Commit-Position: refs/heads/main@{#79075}
-
Anton Bikineev authored
The generational barrier for source objects records the entire source object to be processed later during remembered set visitation. It's planned to be used for Blink backing stores when an inlined object (or a range thereof) is added (HeapAllocator::NotifyNewObject(s)). An alternative approach would be to eagerly process the inlined objects using a custom callback. However, this requires changing Visitors to bring slots into the context. This approach should better work for scenarios where small ranges or single elements are added, to avoid processing potentially large backing stores. The followup CL implements this idea. Bug: chromium:1029379 Change-Id: Iacb59e4b10a66354526ed293d7f43f14d8761a8f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460402Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#79073}
-
- 11 Feb, 2022 1 commit
-
-
Nikolaos Papaspyrou authored
This CL fixes a bug in the tracing of full GC cycles that was introduced by https://crrev.com/3432211. In doing so, it refactors the tracing of cycles by introducing an explicit state in GC tracing events, which follows the phase within the GC cycle as perceived by the tracer. Two new methods, (Start|Stop)AtomicPause are introduced; together with (Start|Stop)Cycle they mark the state transitions. The existing methods (Start|Stop)ObservablePause are now disentangled from cycles and state transitions. Bug: v8:12503 Bug: chromium:1154636 Change-Id: Ie4b863bc27f81dd6858103a8988874d89e6e8517 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440663Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org> Cr-Commit-Position: refs/heads/main@{#79043}
-
- 03 Feb, 2022 2 commits
-
-
Omer Katz authored
The methods in explicit_management.h should be called via the public variants in the subtle namespace. Calling the variants in the internal namespace directly skips asserts and required size coversions. Doing so may cause misuse of the api that may break GC inernals Change-Id: I58a0f324ca1ee0839bb85eb9b53ce57785dc7b91 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435187Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78920}
-
Anton Bikineev authored
This CL adds invalidations for slots that reside in promptly freed or shrunk storage. Bug: chromium:1029379 Change-Id: I05e0ede55c202c952b26f452053b8777d1a2ffae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3431488Reviewed-by:
Omer Katz <omerkatz@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#78912}
-
- 02 Feb, 2022 4 commits
-
-
Nikolaos Papaspyrou authored
Conceptually, a full GC cycle completes when the sweeping phase is finished. As sweeping is performed concurrently, this happens after Heap::CollectGarbage has returned and, at the latest, before the next full GC cycle begins. However, an arbitrary number of young GC cycles may happen in the meantime. Tracing information for the sweeping phase must be added to the corresponding full GC cycle event. Until now, this was not done correctly: this information was added to the GCTracer's current event and could thus be attributed to a subsequent young or full GC cycle. This CL introduces methods GCTracer::(Start|Stop)Cycle to delimit a cycle (still allowing for full GC cycles to be interrupted by young GC cycles). These methods are different from (Start|Stop)ObservablePause, which delimit the observable pause of each GC. The events of "pending" full GC cycles are kept until they are properly amended and reported, when the sweeping phase is finished. This is a reland of 4ad20bff which was reviewed here: https://crrev.com/3404733 Bug: v8:12503 Bug: chromium:1154636 Change-Id: Icc315b53cff1f3b19b8efe49db34340a5608bcd2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432211Reviewed-by:
Omer Katz <omerkatz@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org> Cr-Commit-Position: refs/heads/main@{#78911}
-
Leszek Swirski authored
This reverts commit 4ad20bff. Reason for revert: New test seems to be failing on TSAN/incremental marking stress (https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/6346/overview) Original change's description: > heap: Fix the tracing of GC cycles > > Conceptually, a full GC cycle completes when the sweeping phase is > finished. As sweeping is performed concurrently, this happens after > Heap::CollectGarbage has returned and, at the latest, before the next > full GC cycle begins. However, an arbitrary number of young GC cycles > may happen in the meantime. Tracing information for the sweeping phase > must be added to the corresponding full GC cycle event. Until now, this > was not done correctly: this information was added to the GCTracer's > current event and could thus be attributed to a subsequent young or full > GC cycle. > > This CL introduces methods GCTracer::(Start|Stop)Cycle to delimit a > cycle (still allowing for full GC cycles to be interrupted by young GC > cycles). These methods are different from (Start|Stop)ObservablePause, > which delimit the observable pause of each GC. The events of "pending" > full GC cycles are kept until they are properly amended and reported, > when the sweeping phase is finished. > > Bug: chromium:1154636 > Change-Id: I2fbc65d4807c78656d4abc8c451043f6f86211b1 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404733 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78905} Bug: chromium:1154636 Change-Id: Id6688cfe982f9d8159c66d715b7079782a371bed No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3431489 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#78908}
-
Nikolaos Papaspyrou authored
Conceptually, a full GC cycle completes when the sweeping phase is finished. As sweeping is performed concurrently, this happens after Heap::CollectGarbage has returned and, at the latest, before the next full GC cycle begins. However, an arbitrary number of young GC cycles may happen in the meantime. Tracing information for the sweeping phase must be added to the corresponding full GC cycle event. Until now, this was not done correctly: this information was added to the GCTracer's current event and could thus be attributed to a subsequent young or full GC cycle. This CL introduces methods GCTracer::(Start|Stop)Cycle to delimit a cycle (still allowing for full GC cycles to be interrupted by young GC cycles). These methods are different from (Start|Stop)ObservablePause, which delimit the observable pause of each GC. The events of "pending" full GC cycles are kept until they are properly amended and reported, when the sweeping phase is finished. Bug: chromium:1154636 Change-Id: I2fbc65d4807c78656d4abc8c451043f6f86211b1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404733Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org> Cr-Commit-Position: refs/heads/main@{#78905}
-
Anton Bikineev authored
The CL does following: 1) Makes sure young generation works and tests pass; 2) Provides CollectGarbageInYoungGenerationForTesting() that is needed to support remaining tests in Blink; 3) Moved cppgc_enable_young_generation GN flag to v8.gni to refer to it from Blink; 4) Bails out from marking TracedReferences in UnifiedHeapMarkingState; 5) Disables (temporarily) prompt freeing for young generation; 6) Fixes remembered set visitation for nullptr|kSentinel slots. Bug: chromium:1029379 Change-Id: I5165fa22c8a0eaa708ef7a35a9978cb12e1cb13e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429202Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Anton Bikineev <bikineev@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#78901}
-
- 21 Jan, 2022 1 commit
-
-
Michael Lippautz authored
Bug: v8:12356 Change-Id: Ib9e99c8b05e24a8983c5ff3d36ca534a262738a0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404774 Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78717}
-
- 20 Jan, 2022 1 commit
-
-
Dominik Inführ authored
Split method into ShouldRecordRelocSlot and ProcessRelocInfo. ProcessRelocInfo can then be reused in the write barrier and in the future for the OLD_TO_SHARED remembered set. SlotTypeForRelocInfoMode got moved into ProcessRelocInfo. In addition rename and document SlotTypes. This CL does not change behavior. Bug: v8:11708 Change-Id: Iff712e7e6f5d3a4da64510b67b604b9e04998361 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3400968Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#78701}
-
- 14 Jan, 2022 1 commit
-
-
Michael Lippautz authored
This is a reland of 142dd775 Original change's description: > cppgc-js,heap: Implement snapshots for embedder fields > > https://crrev.com/c/3293410 added concurrent processing of C++ objects > found through V8 embedder fields. The CL missed that those embedder > fields are not read atomically from JS objects. The problem is that > embedder fields are only aligned to kTaggedSize on builds with pointer > compression and are as such mis-aligned for atomic ops. This is not a > problem for on-heap values as the upper 32bits are anyways computed > from the cage. Is is a problem for generic C++ values though, as they > are used with Oilpan. > > This CL adds the standard marker snapshot protocol for embedder fields. > > Marker: > 1. Snapshot embedder fields > 2. Try to mark host object > 3. On success: process snapshot > > Main thread: > 1. On setting embedder fields mark the object black first > 2. Emit a write barrier for the embedder fields > > This will get simpler with the heap sandbox that uses a separate table > for embedder fields. Once the sandbox is the default configuration, we > can use it as dependency for the concurrent fast path. > > Bug: chromium:1285706 > Change-Id: I6b975ea561be08cda840ef0dd27a11627de93900 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380983 > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78604} Bug: chromium:1285706 Change-Id: I024e50fc0757fbcd13cb9ffde027dff55f99d25c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386600Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78631}
-
- 13 Jan, 2022 2 commits
-
-
Leszek Swirski authored
This reverts commit 142dd775. Reason for revert: TSAN breaks: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/6113/overview Original change's description: > cppgc-js,heap: Implement snapshots for embedder fields > > https://crrev.com/c/3293410 added concurrent processing of C++ objects > found through V8 embedder fields. The CL missed that those embedder > fields are not read atomically from JS objects. The problem is that > embedder fields are only aligned to kTaggedSize on builds with pointer > compression and are as such mis-aligned for atomic ops. This is not a > problem for on-heap values as the upper 32bits are anyways computed > from the cage. Is is a problem for generic C++ values though, as they > are used with Oilpan. > > This CL adds the standard marker snapshot protocol for embedder fields. > > Marker: > 1. Snapshot embedder fields > 2. Try to mark host object > 3. On success: process snapshot > > Main thread: > 1. On setting embedder fields mark the object black first > 2. Emit a write barrier for the embedder fields > > This will get simpler with the heap sandbox that uses a separate table > for embedder fields. Once the sandbox is the default configuration, we > can use it as dependency for the concurrent fast path. > > Bug: chromium:1285706 > Change-Id: I6b975ea561be08cda840ef0dd27a11627de93900 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380983 > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78604} Bug: chromium:1285706 Change-Id: If1976c0356f450fc068aa4dcc39fb9a0d5417a40 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386598 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Owners-Override: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#78605}
-
Michael Lippautz authored
https://crrev.com/c/3293410 added concurrent processing of C++ objects found through V8 embedder fields. The CL missed that those embedder fields are not read atomically from JS objects. The problem is that embedder fields are only aligned to kTaggedSize on builds with pointer compression and are as such mis-aligned for atomic ops. This is not a problem for on-heap values as the upper 32bits are anyways computed from the cage. Is is a problem for generic C++ values though, as they are used with Oilpan. This CL adds the standard marker snapshot protocol for embedder fields. Marker: 1. Snapshot embedder fields 2. Try to mark host object 3. On success: process snapshot Main thread: 1. On setting embedder fields mark the object black first 2. Emit a write barrier for the embedder fields This will get simpler with the heap sandbox that uses a separate table for embedder fields. Once the sandbox is the default configuration, we can use it as dependency for the concurrent fast path. Bug: chromium:1285706 Change-Id: I6b975ea561be08cda840ef0dd27a11627de93900 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380983Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78604}
-
- 12 Jan, 2022 2 commits
-
-
Dominik Inführ authored
This is a reland of 86038ecf Compared to the previous CL this one is adding a TSAN suppression for GlobalSafepoint::EnterSafepointScope. local_heaps_mutex_ of client isolates may be locked in any order. This would be detected by TSAN as a potential race. Add some additional DCHECKs to compensate for that missing test coverage. As a cleanup this CL also removes the unused methods ContainsLocalHeap() and ContainsAnyLocalHeap() from LocalHeap. Original change's description: > [heap] Optimize time to reach global safepoint > > Initial support for global safepoints kept it simple by entering a > safepoint for each of them one after another. This means > time-to-global-safepoint is the sum of all time-to-safepoint operations. > We can improve this slightly by splitting up the safepoint iteration > into two operations: > > 1) Initiate safepoint lock (locks local_heaps_mutex_, arms the barrier > and sets SafepointRequested flag for all client threads) > 2) Block until all runnning client threads reach a safepoint > > We now perform operation 1) for all clients first and only then start > with operation 2). > > Bug: v8:11708 > Change-Id: Iaafd3c6d70bcf7026f722633e9250b04148b3da6 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310910 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78308} Bug: v8:11708, v8:12492 Change-Id: I7087ba23c08f2d4edb9b632eef3c218fc76342e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3328786Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#78583}
-
Dominik Inführ authored
This CL doesn't change behavior, only refactors MemoryAllocator: * De-templatify class, MemoryAllocator is used on slow path and doesn't really need templates for performance. * Rename FreeMode names * Move methods into private section of class Change-Id: I7894fba956dcd7aa78ad0284d0924662fef4acae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3379812Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#78580}
-
- 27 Dec, 2021 1 commit
-
-
Omer Katz authored
Included in this CL: (*) Introduce CppMarkingState that V8 should use to push references to Oilpan. CppMarkingState allocates its own Worklist::Locals to support concurrent updates from V8. (*) Split Oilpan MarkingWorklist object to form a base class used by CppMarkingState. (*) Remove MarkerFactory and split marking initialization. Marking worklists should already be initialized when V8 initializes visitors. For incremental marking, this requires splitting marking initialization and marking start. (*) Drive-by: Mark JSObject::IsApiWrapper and JSObject::IsDroppableApiWrapper as const. Bug: v8:12407 Change-Id: I35cc816343da86f69a68306204675720e9b3913f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3293410Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78446}
-
- 15 Dec, 2021 1 commit
-
-
Samuel Groß authored
This CL renames a number of things related to the V8 sandbox. Mainly, what used to be under V8_HEAP_SANDBOX is now under V8_SANDBOXED_EXTERNAL_POINTERS, while the previous V8 VirtualMemoryCage is now simply the V8 Sandbox: V8_VIRTUAL_MEMORY_CAGE => V8_SANDBOX V8_HEAP_SANDBOX => V8_SANDBOXED_EXTERNAL_POINTERS V8_CAGED_POINTERS => V8_SANDBOXED_POINTERS V8VirtualMemoryCage => Sandbox CagedPointer => SandboxedPointer fake cage => partially reserved sandbox src/security => src/sandbox This naming scheme should simplify things: the sandbox is now the large region of virtual address space inside which V8 mainly operates and which should be considered untrusted. Mechanisms like sandboxed pointers are then used to attempt to prevent escapes from the sandbox (i.e. corruption of memory outside of it). Furthermore, the new naming scheme avoids the confusion with the various other "cages" in V8, in particular, the VirtualMemoryCage class, by dropping that name entirely. Future sandbox features are developed under their own V8_SANDBOX_X flag, and will, once final, be merged into V8_SANDBOX. Current future features are sandboxed external pointers (using the external pointer table), and sandboxed pointers (pointers guaranteed to point into the sandbox, e.g. because they are encoded as offsets). This CL then also introduces a new build flag, v8_enable_sandbox_future, which enables all future features. Bug: v8:10391 Change-Id: I5174ea8f5ab40fb96a04af10853da735ad775c96 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322981Reviewed-by:
Hannes Payer <hpayer@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#78384}
-
- 09 Dec, 2021 1 commit
-
-
Michael Lippautz authored
Advance deprecations and remove fully deprecated code. Bug: v8:12165 Change-Id: I2cf1715d6878ff65e5b9beaddb8df7aec780b21e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3328781 Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Anton Bikineev <bikineev@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#78329}
-
- 08 Dec, 2021 1 commit
-
-
Leszek Swirski authored
Introduce a ReusableUnoptimizedCompileState class, passed to ParseInfo, which stores a couple of pointers and most importantly the Zone and AstValueFactory of the parse. This allows the Zone and AstValueFactory to be reused across multiple parses, rather than re-initialising per-Parse. With this, we can amend the LazyCompileDispatcher to initialise one LocalIsolate, Zone and AstValueFactory per background thread loop, rather than one per compile task, which allows us to reduce per-task costs and re-use the AstValueFactory's string table and previous String internalizations. Change-Id: Ia0e29c4e31fbe29af57674ebb10916865d38b2ce Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313106Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#78289}
-
- 07 Dec, 2021 1 commit
-
-
Michael Lippautz authored
Checks whether a Persistent is used from the creation thread on slow path allocations. In practice, these currently happen every 256 Persistent allocations. This is a best effort check that may help to flush out issues that are missed with DCHECK builds. Bug: chromium:1276570 Change-Id: Ia868ca436341b1b5ef427d5b3ec04926c1394e41 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318658 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#78276}
-
- 04 Dec, 2021 1 commit
-
-
Samuel Groß authored
This interface is meant to eventually replace the existing v8::PageAllocator interface. Beyond general refactoring of the PageAllocator APIs, the new interface now supports the concept of (contiguous) address space reservations, which previously had to be implemented through page allocations. These reservations now make better use of provided OS primitives on Fuchsia (VMARs) and Windows (placeholder mappings) and can be used to back many of the cages and virtual memory regions that V8 creates. The new interface is not yet stable and may change at any time without deprecating the old version first. Bug: chromium:1218005 Change-Id: I295253c42e04cf311393c5dab9f8c06bd7451ce3 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301475 Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78235}
-
- 02 Dec, 2021 1 commit
-
-
Michael Lippautz authored
- Removes the unused Worklist implementation. All uses now refer to ::heap::base::Worklist. - Renames CppgcWorklistTest -> WorklistTest - Add test for Swap() Bug: v8:12426 Change-Id: I62c3472c030b853a846cf13ab48597ea1af8f700 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306507Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78208}
-
- 29 Nov, 2021 4 commits
-
-
Michael Lippautz authored
This is a reland of 76f6c276 Original change's description: > cppgc: Fix data race ObjectSizeTrait > > Fix benign race in > https://clusterfuzz.com/testcase-detail/5203237072076800 > > Change-Id: I558b230e4905a48342d8e7cf70d39be5a1b7fdb8 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306375 > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Omer Katz <omerkatz@chromium.org> > Auto-Submit: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78121} Change-Id: Ifa50f35591b2ae40f11a384f0fb2ff50115b2511 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306379 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78124}
-
Maya Lekova authored
This reverts commit 76f6c276. Reason for revert: Mac64 ASAN is unhappy, please see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20ASAN%20-%20builder/194/overview Original change's description: > cppgc: Fix data race ObjectSizeTrait > > Fix benign race in > https://clusterfuzz.com/testcase-detail/5203237072076800 > > Change-Id: I558b230e4905a48342d8e7cf70d39be5a1b7fdb8 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306375 > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Omer Katz <omerkatz@chromium.org> > Auto-Submit: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78121} Change-Id: I96c40a1e3421f59cf97efd4a844a041280989171 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306377 Auto-Submit: Maya Lekova <mslekova@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/main@{#78122}
-
Michael Lippautz authored
Fix benign race in https://clusterfuzz.com/testcase-detail/5203237072076800 Change-Id: I558b230e4905a48342d8e7cf70d39be5a1b7fdb8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306375 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78121}
-
Ma Aiguo authored
Loong64 supports 4K-64K OS pages Fix loong64 unittests PlatformUsesGuardPages failure Change-Id: I1451685828ef1d857b7d2af3f1810286f84bdc50 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3299672Reviewed-by:
Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/main@{#78120}
-
- 26 Nov, 2021 2 commits
-
-
Michael Lippautz authored
This allows the embedder to determine whether some function has been called from a destructor. See discussion in https://crrev.com/c/3302810 Bug: chromium:1273928 Change-Id: Icb5d98eff777574488a7d6de5e693c502c2fb53e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303793Reviewed-by:
Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78113}
-
Igor Sheludko authored
... and thus avoid the need for special handling of objects located in external code space. This will also allow making HeapObject::IsBlah() checks faster when external code space is enabled. Bug: v8:11880 Change-Id: I12d07c05451ff198f0a6182d9b5849f76015e7fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300140Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#78104}
-
- 25 Nov, 2021 1 commit
-
-
Omer Katz authored
This is a reland of 6747144c Original change's description: > cppgc: Parallel marking in atomic pause > > Bug: v8:12424 > Change-Id: I0633e1bd8c890c14ce2c5519253a5e6eb7592f04 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295580 > Commit-Queue: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78081} Bug: v8:12424 Change-Id: I66a030b4e66647a76bbe3d114785d3052358b403 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301477Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78092}
-