- 08 Dec, 2018 1 commit
-
-
Jakob Kummerow authored
Bug: v8:3770 Change-Id: I1d74ffe9e5478b4b8bc0acbf088d20919d458d50 Reviewed-on: https://chromium-review.googlesource.com/c/1363822 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#58112}
-
- 26 Nov, 2018 1 commit
-
-
Michael Lippautz authored
Add a path into embedder tracing on allocation. This is safe as as Blink is not allowed to call into V8 during object construction. This is a reland of caed2cc0. Also relands the cleanups of ce02d86b. Bug: chromium:843903 Change-Id: Ic89792fe68337c540a1a93629aee2e92b8774ab2 Reviewed-on: https://chromium-review.googlesource.com/c/1350992Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#57847}
-
- 24 Nov, 2018 1 commit
-
-
Sigurd Schneider authored
This reverts commit 81b5f713. Revert "[heap] Cleanup embedder tracing APIs" This reverts commit ce02d86b. Tbr: mlippautz@chromium.org Change-Id: I5900ac3c070c93b869c9173316a466d39287713a Reviewed-on: https://chromium-review.googlesource.com/c/1350111Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#57806}
-
- 23 Nov, 2018 3 commits
-
-
Michael Lippautz authored
Provide processing scope that makes it impossible to maintain locally cached wrappers that could get invalidated in Blink and yield in crashers. Bug: chromium:843903, v8:8238 Change-Id: I7ba1905f6c77a97bcc61ac42f921dcac4772471f Reviewed-on: https://chromium-review.googlesource.com/c/1349276 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#57795}
-
Michael Lippautz authored
Add a path into embedder tracing on allocation. This is safe as as Blink is not allowed to call into V8 during object construction. This is a reland of caed2cc0. Bug: chromium:843903 Change-Id: I7faa8413966f6b4d37f19b235d46bb09e4d47235 Bug: chromium:843903 Reviewed-on: https://chromium-review.googlesource.com/c/1349330 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#57770}
-
Yang Guo authored
This reverts commit caed2cc0. Reason for revert: Breaks layout tests, e.g. https://test-results.appspot.com/data/layout_results/V8-Blink_Linux_64__dbg_/14924/webkit_layout_tests%20%28with%20patch%29/layout-test-results/results.html crash log for renderer (pid <unknown>): STDOUT: <empty> STDERR: STDERR: STDERR: # STDERR: # Fatal error in ../../v8/src/base/platform/elapsed-timer.h, line 24 STDERR: # Debug check failed: !IsStarted(). STDERR: # STDERR: # STDERR: # STDERR: #FailureMessage Object: 0x7ffc46707640#0 0x565409263b6f base::debug::StackTrace::StackTrace() STDERR: #1 0x56540a8a32fb gin::(anonymous namespace)::PrintStackTrace() STDERR: #2 0x56540a8980d8 V8_Fatal() STDERR: #3 0x56540a897e35 v8::base::(anonymous namespace)::DefaultDcheckHandler() STDERR: #4 0x565407971f02 v8::base::ElapsedTimer::Start() STDERR: #5 0x565407d08edf v8::internal::TimedHistogram::Start() STDERR: #6 0x565407e500d5 v8::internal::IncrementalMarking::AdvanceIncrementalMarkingOnAllocation() STDERR: #7 0x565407e4f977 v8::internal::IncrementalMarking::Observer::Step() STDERR: #8 0x565407e48092 v8::internal::AllocationObserver::AllocationStep() STDERR: #9 0x565407eb0751 v8::internal::SpaceWithLinearArea::InlineAllocationStep() STDERR: #10 0x565407eb3e44 v8::internal::NewSpace::EnsureAllocation() STDERR: #11 0x565407e258ff v8::internal::NewSpace::AllocateRaw() STDERR: #12 0x565407e06b2d v8::internal::Heap::AllocateRaw() STDERR: #13 0x565407e432ef v8::internal::Heap::AllocateRawWithLightRetry() STDERR: #14 0x565407e433cf v8::internal::Heap::AllocateRawWithRetryOrFail() STDERR: #15 0x565407e04d48 v8::internal::Factory::NewFixedArrayWithFiller() STDERR: #16 0x565407fd6339 v8::internal::HashTable<>::New() STDERR: #17 0x565407fd7be8 v8::internal::HashTable<>::EnsureCapacity() STDERR: #18 0x565407fc7e95 v8::internal::Dictionary<>::Add() STDERR: #19 0x565407fcf453 v8::internal::BaseNameDictionary<>::Add() STDERR: #20 0x565407f89ee4 v8::internal::LookupIterator::ApplyTransitionToDataProperty() STDERR: #21 0x5654080036e2 v8::internal::Object::AddDataProperty() STDERR: #22 0x56540793061f v8::internal::(anonymous namespace)::DefineDataProperty() STDERR: #23 0x56540792da59 v8::internal::(anonymous namespace)::InstantiateObject() STDERR: #24 0x56540792b75a v8::internal::(anonymous namespace)::InstantiateFunction() STDERR: #25 0x56540792b4db v8::internal::ApiNatives::InstantiateFunction() STDERR: #26 0x5654079594bf v8::FunctionTemplate::GetFunction() STDERR: #27 0x56540a7af74e blink::V8ObjectConstructor::CreateInterfaceObject() STDERR: #28 0x56540a7afe01 blink::V8PerContextData::ConstructorForTypeSlowCase() STDERR: #29 0x56540a7afdd6 blink::V8PerContextData::ConstructorForTypeSlowCase() STDERR: #30 0x56540a7afdd6 blink::V8PerContextData::ConstructorForTypeSlowCase() STDERR: #31 0x56540a7afcb4 blink::V8PerContextData::CreateWrapperFromCacheSlowCase() STDERR: #32 0x56540a7aef73 blink::V8DOMWrapper::CreateWrapper() STDERR: #33 0x56540a7abf6b blink::ScriptWrappable::Wrap() STDERR: #34 0x56540a677199 blink::V8Document::documentElementAttributeGetterCallback() STDERR: #35 0x565407a0aec3 v8::internal::FunctionCallbackArguments::Call() STDERR: #36 0x565407a097be v8::internal::(anonymous namespace)::HandleApiCallHelper<>() STDERR: #37 0x565407a0877b v8::internal::Builtins::InvokeApiFunction() STDERR: #38 0x565407fe785a v8::internal::Object::GetPropertyWithAccessor() STDERR: #39 0x565407fe697e v8::internal::Object::GetProperty() STDERR: #40 0x565407ec8c71 v8::internal::LoadIC::Load() STDERR: #41 0x565407ed6401 v8::internal::__RT_impl_Runtime_LoadIC_Miss() STDERR: #42 0x5654087593f2 <unknown> STDERR: [16162:16185:1122/143518.356897:WARNING:crash_handler_host_linux.cc(341)] Could not translate tid, attempt = 1 retry ... Original change's description: > [heap] Improve embedder tracing during incremental marking > > Add a path into embedder tracing on allocation. This is safe as as Blink > is not allowed to call into V8 during object construction. > > Bug: chromium:843903 > Change-Id: I5af053c3169f5a33778ebce5d7c5c43e4efb1aa4 > Reviewed-on: https://chromium-review.googlesource.com/c/1348749 > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#57757} TBR=ulan@chromium.org,mlippautz@chromium.org Change-Id: Ide2c0b284b52bee17573adcc89f14be4e40dab91 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:843903 Reviewed-on: https://chromium-review.googlesource.com/c/1349189Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#57759}
-
- 22 Nov, 2018 1 commit
-
-
Michael Lippautz authored
Add a path into embedder tracing on allocation. This is safe as as Blink is not allowed to call into V8 during object construction. Bug: chromium:843903 Change-Id: I5af053c3169f5a33778ebce5d7c5c43e4efb1aa4 Reviewed-on: https://chromium-review.googlesource.com/c/1348749 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#57757}
-
- 19 Sep, 2018 1 commit
-
-
Michael Lippautz authored
V8 does not abort incremental marking anymore. Bug: chromium:843903 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Id39e9cf8ef2afc388bab2bbad1d458ee2649f8e8 Reviewed-on: https://chromium-review.googlesource.com/1226889Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#56009}
-
- 21 Aug, 2018 1 commit
-
-
Michael Lippautz authored
This call can be used by embedder to request a GC for testing reasons. The GC also takes the current embedder stack state as an argument that is forwarded to the embedder when entering the atomic pause. This way embedders can request garbage collections for testing and set how the embedder should treat the stack. Bug: chromium:843903 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Id10604565b4457dd0fca402afeb5f8e592fa0bae Reviewed-on: https://chromium-review.googlesource.com/1183431 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#55285}
-
- 09 Jul, 2018 1 commit
-
-
Michael Lippautz authored
Deprecates EmbedderHeapTracer::NumberOfWrappersToTrace and replaces it with EmbedderHeapTracer::IsTracingDone. V8 only really cares about the final state (emptiness) here and embedders may choose implementations that have a hard time determinining exact size for their work queues. Bug: chromium:843903 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I1e141c47771ef08aab7dbe204e8175cfee99cf92 Reviewed-on: https://chromium-review.googlesource.com/1127599 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#54311}
-
- 23 Jun, 2017 1 commit
-
-
Ulan Degenbaev authored
This prepares ground for switching mark-compactor to use Worklist data-structure instead of the existing marking deque. BUG=chromium:694255 Change-Id: I0ac4c563018a9619962fb4bf388b5f3cceffb86d Reviewed-on: https://chromium-review.googlesource.com/544933Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#46178}
-
- 02 Jan, 2017 1 commit
-
-
mlippautz authored
We need to report cached wrappers within v8 to the embedder after each atomic phase of v8 marking because the embedder can invalidate the wrappers in-between v8 marking steps. E.g., in Chrome, a conservative GC might need to wipe dead wrappables from the wrapper tracing marking deque. BUG=chromium:676700, chromium:468240 Review-Url: https://codereview.chromium.org/2610563002 Cr-Commit-Position: refs/heads/master@{#42011}
-
- 24 Dec, 2016 1 commit
-
-
machenbach authored
Revert of [heap] Report wrappers after processing the marking deque incrementally (patchset #5 id:80001 of https://codereview.chromium.org/2604583002/ ) Reason for revert: Speculative revert. Might block the roll: https://codereview.chromium.org/2606503002/ The gpu bots crash with this stack top:v88internal18IncrementalMarking25AdvanceIncrementalMarkingEdNS1_16CompletionActionENS1_21ForceCompletionActionENS0_10StepOrigin Original issue's description: > [heap] Report wrappers after processing the marking deque incrementally > > BUG=chromium:676700, chromium:468240 > > Review-Url: https://codereview.chromium.org/2604583002 > Cr-Commit-Position: refs/heads/master@{#41946} > Committed: https://chromium.googlesource.com/v8/v8/+/1344e3a9caba4206758623630e3c3dd6872879e7 TBR=hpayer@chromium.org,mlippautz@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:676700, chromium:468240 Review-Url: https://codereview.chromium.org/2604673002 Cr-Commit-Position: refs/heads/master@{#41951}
-
- 23 Dec, 2016 3 commits
-
-
mlippautz authored
BUG=chromium:676700, chromium:468240 Review-Url: https://codereview.chromium.org/2604583002 Cr-Commit-Position: refs/heads/master@{#41946}
-
mlippautz authored
1) Alternate between processing v8 and wrappers 2) Once v8 is empty, try 3 rounds of finding the fixpoint between v8 and wrappers 3) After that, finalize once v8 marking deque is empty again Reland fixed: Toggle needs to be IncrementalMarking global as we need to properly alternate tracing v8 and wrappers. BUG=chromium:468240, chromium:668164 Review-Url: https://codereview.chromium.org/2599283002 Cr-Commit-Position: refs/heads/master@{#41940}
-
mlippautz authored
Revert of Reland "[heap] Ensure progress when incrementally marking wrappers" (patchset #8 id:140001 of https://codereview.chromium.org/2591383004/ ) Reason for revert: Breaks webkit-unit-tests. Investigating.. Original issue's description: > Reland "[heap] Ensure progress when incrementally marking wrappers" > > 1) Alternate between processing v8 and wrappers > 2) Once v8 is empty, try 3 rounds of finding the fixpoint between v8 and wrappers > 3) After that, finalize once v8 marking deque is empty again > > BUG= > > Review-Url: https://codereview.chromium.org/2591383004 > Cr-Commit-Position: refs/heads/master@{#41932} > Committed: https://chromium.googlesource.com/v8/v8/+/61a55548c50e01d84ed4aefa396324cbb4039b51 TBR=hpayer@chromium.org,ulan@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review-Url: https://codereview.chromium.org/2592393003 Cr-Commit-Position: refs/heads/master@{#41936}
-
- 22 Dec, 2016 3 commits
-
-
mlippautz authored
1) Alternate between processing v8 and wrappers 2) Once v8 is empty, try 3 rounds of finding the fixpoint between v8 and wrappers 3) After that, finalize once v8 marking deque is empty again BUG= Review-Url: https://codereview.chromium.org/2591383004 Cr-Commit-Position: refs/heads/master@{#41932}
-
mlippautz authored
Revert of [heap] Ensure progress when incrementally marking wrappers (patchset #3 id:60001 of https://codereview.chromium.org/2592403002/ ) Reason for revert: This won't work because the finalization still checks whether both marking deques are empty, also calling into blink. So we never proceed there. Original issue's description: > [heap] Ensure progress when incrementally marking wrappers > > The problem here is estimating the marking step size for wrapper tracing. If the > steps are too small, we cannot keep up with the mutator creating new wrappers. > The result is an endless stream of incremental marking steps, alternating v8 and > wrappers tracing, without ever finalizing in a GC. > > The mitigation here is to abort finding the fix point after 10 incremental > iterations. > > A proper solution would track newly created wrappers on the blink side during > wrapper tracing. Will give this more thought after the holidays. > > BUG=chromium:668164, chromium:468240 > > Review-Url: https://codereview.chromium.org/2592403002 > Cr-Commit-Position: refs/heads/master@{#41923} > Committed: https://chromium.googlesource.com/v8/v8/+/a47417b89373c615f9256800cfc803d84ba58378 TBR=ulan@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:668164, chromium:468240 Review-Url: https://codereview.chromium.org/2602433002 Cr-Commit-Position: refs/heads/master@{#41924}
-
mlippautz authored
The problem here is estimating the marking step size for wrapper tracing. If the steps are too small, we cannot keep up with the mutator creating new wrappers. The result is an endless stream of incremental marking steps, alternating v8 and wrappers tracing, without ever finalizing in a GC. The mitigation here is to abort finding the fix point after 10 incremental iterations. A proper solution would track newly created wrappers on the blink side during wrapper tracing. Will give this more thought after the holidays. BUG=chromium:668164, chromium:468240 Review-Url: https://codereview.chromium.org/2592403002 Cr-Commit-Position: refs/heads/master@{#41923}
-
- 20 Dec, 2016 1 commit
-
-
mlippautz authored
BUG=chromium:468240 Review-Url: https://codereview.chromium.org/2576453002 Cr-Commit-Position: refs/heads/master@{#41837}
-