1. 26 Jul, 2022 1 commit
    • Clemens Backes's avatar
      [wasm] Introduce separate limits for memory64 · b10bff90
      Clemens Backes authored
      This breaks up the existing {max_mem_pages()} method and the
      {kSpecMaxMemoryPages} and {kV8MaxWasmMemoryPages} constants into two
      versions for memory32 and memory64, respectively.
      
      For now, the limits are still the same.
      
      Some checks and clamping is moved to earlier places where we still have
      the information whether a memory is 32 or 64 bit.
      We also store that information in the WasmMemoryObject and use this for
      knowing the maximum for growing.
      
      This CL is not supposed to change any observable behaviour.
      
      R=jkummerow@chromium.org
      
      Bug: v8:10949
      Change-Id: Ieaca0596d1a24ef2746842954a75188494103eb2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3782677Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#81960}
      b10bff90
  2. 18 Feb, 2022 1 commit
  3. 16 Dec, 2021 1 commit
  4. 08 Nov, 2021 1 commit
  5. 06 Jul, 2021 1 commit
  6. 21 Jun, 2021 1 commit
  7. 18 Jun, 2021 1 commit
  8. 14 Jun, 2021 1 commit
  9. 07 Jun, 2021 1 commit
  10. 25 May, 2021 1 commit
    • Clemens Backes's avatar
      [wasm] Clean up spec'ed max memory vs dynamic max · 2d04a627
      Clemens Backes authored
      There are two different limits for the maximum memory size in
      WebAssembly:
      1) A 4GB limit which is the same on all platforms, and is observable for
      JS programs. It is used to limit the allowed declared maximum size of a
      wasm memory.
      2) A potentially lower limit (2GB on 32-bit systems, 4GB otherwise)
      which can be further limited using a command-line flag. This limit is
      used whenever actually allocating or growing a wasm memory. This limit
      is not directly observable, but we make sure that no wasm memory will
      ever be bigger than this limit.
      
      The second limit is the one we should check against when allocating or
      growing memory, while the first limit should be used when validating
      a module (or the parameters for WebAssembly.Memory). The compiler can
      rely on no memory being bigger than the second limit, which again is
      never bigger than the first limit.
      
      This CL adds some more documentation to the two limits, and cleans up
      all usages.
      This also makes {kPlatformMaxPages} and {kMaxMemoryPagesAtRuntime}
      obsolete.
      
      R=jkummerow@chromium.org
      
      Bug: chromium:1207263
      Change-Id: I43541aafd3f497d1c368bd9400e9bc667bdfd3d9
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2910787
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#74742}
      2d04a627
  11. 29 Mar, 2021 1 commit
  12. 11 Nov, 2020 1 commit
  13. 24 Sep, 2020 1 commit
    • Clemens Backes's avatar
      [wasm] Remove --wasm-max-mem-pages-growth flag · 5f265c33
      Clemens Backes authored
      This unifies {max_initial_mem_pages} and {max_maximum_mem_pages} into
      {max_mem_pages}.
      The {CompilationEnv} constructor was incorrectly using the former
      instead of the latter anyway. This did not really matter though, since
      they typically have the same value.
      Also, there is not a single test that sets --wasm-max-mem-pages-growth.
      
      R=manoskouk@chromium.org
      CC=jkummerow@chromium.org
      
      Bug: v8:10949
      Change-Id: Ib7ab9b4c239d50b72013087eda5a214829c90369
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2426619Reviewed-by: 's avatarManos Koukoutos <manoskouk@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70114}
      5f265c33
  14. 14 Aug, 2020 1 commit
    • Leszek Swirski's avatar
      [offthread] Change OffThreadIsolate to LocalIsolate · f1589bbe
      Leszek Swirski authored
      This patch introduces a new LocalIsolate and LocalFactory, which use
      LocalHeap and replace OffThreadIsolate and OffThreadFactory. This allows
      us to remove those classes, as well as the related OffThreadSpace,
      OffThreadLargeObjectSpace, OffThreadHeap, and OffThreadTransferHandle.
      OffThreadLogger becomes LocalLogger.
      
      LocalHeap behaves more like Heap than OffThreadHeap did, so this allows
      us to additionally remove the concept of "Finish" and "Publish" that the
      OffThreadIsolate had, and allows us to internalize strings directly with
      the newly-concurrent string table (where the implementation can now move
      to FactoryBase).
      
      This patch also removes the off-thread support from the deserializer
      entirely, as well as removing the LocalIsolateWrapper which allowed
      run-time distinction between Isolate and OffThreadIsolate. LocalHeap
      doesn't support the reservation model used by the deserializer, and we
      will likely move the deserializer to use LocalIsolate unconditionally
      once we figure out the details of how to do this.
      
      Bug: chromium:1011762
      
      Change-Id: I1a1a0a72952b19a8a4c167c11a863c153a1252fc
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2315990
      Commit-Queue: Andreas Haas <ahaas@chromium.org>
      Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69397}
      f1589bbe
  15. 24 Jul, 2020 1 commit
    • Leszek Swirski's avatar
      [compiler] Off-thread finalize each function immediately · 198deea2
      Leszek Swirski authored
      Allow "iterative" finalization when off-thread finalization is enabled,
      meaning that each compiled function is finalized immediately after
      compilation, rather than all functions being first compiled and then
      finalized.
      
      This is what we do on the main thread, and it reduces peak Zone memory
      usage by being able to discard empty compilation Zones earlier.
      
      One necessary functionality for this was being able to defer the
      finalization of asm.js functions until the main thread pause, since
      they can't be finalized off-thread -- previously we would just bail
      out of doing the off-thread finalization if any inner function was
      asm.js.
      
      Bug: chromium:1011762
      Change-Id: I21ff69d62eaa93b5ff908624b7115601e36f70f1
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282536Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69032}
      198deea2
  16. 10 Jul, 2020 1 commit
  17. 06 May, 2020 1 commit
    • Leszek Swirski's avatar
      [offthread] Unify compiler.cc finalization logic · 58b12f63
      Leszek Swirski authored
      This patch unfies the finalization logic between the various unoptimized
      compilation paths in compiler.cc, taking the various post-processings and
      fixups needed for off-thread finalization and performing them in the same
      order for the other finalizations.
      
      It also unifies the general compilation path between streaming script
      compilation, main-thread script compilation, and main-thread lazy
      compilation, making the main-thread paths both use an iterative execution
      and finalization, and making all three use the same job helper methods
      and overall finalization helper.
      
      Bug: chromium:1011762
      Change-Id: Ibe56f6d2f75a2deffbe9e0b600ded8a02293b722
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172790
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67609}
      58b12f63
  18. 24 Apr, 2020 1 commit
  19. 01 Apr, 2020 1 commit
  20. 17 Mar, 2020 1 commit
  21. 03 Mar, 2020 2 commits
    • Leszek Swirski's avatar
      [offthread] Allow off-thread bytecode finalization · 455cb6c0
      Leszek Swirski authored
      Add the remaining missing templatizations to allow an initial wiring in
      of the off-thread factory into streaming compilation finalization.
      
      The off-thread finalization is behind a flag, disabled by default:
          --finalize-streaming-on-background
      
      When the flag is enabled, background tasks will perform perform the
      finalization during their background execution, and will release the
      parser and compilation jobs once they are no longer needed.
      
      The implementation is complete enough for performance testing, but not
      enough for launch. Notably, there is no support for:
      
        * Class boilerplates (the code is marked unreachable),
        * Exceptions during finalization, i.e. parse/compile warnings/errors,
        * Allocation sampling,
        * Logging,
        * Asm.js,
        * Parallel complication tasks
        * Forced source positions (for "NeedsDetailedOptimizedCodeLineInfo()")
      
      This patch also adds some tracing events for the various stages of the
      off-thread finalization (including the main-thread merge) for further
      performance improvements.
      
      Bug: chromium:1011762
      Change-Id: Ia44fa56975dd689f0d92c1543b294cdb063eb199
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2066965
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#66566}
      455cb6c0
    • Clemens Backes's avatar
      [wasm] Remove samples for obsolete histograms · 547e857b
      Clemens Backes authored
      The histograms were removed from chrome. This CL cleans up the V8 code
      to stop reporting samples.
      
      R=ahaas@chromium.org
      
      Bug: chromium:1053285
      Change-Id: I7c6ff36ac9bb5d86e81e5f36849903a95a8ed618
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2083478Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#66553}
      547e857b
  22. 24 Feb, 2020 1 commit
  23. 24 Jan, 2020 1 commit
  24. 21 Jan, 2020 1 commit
    • Clemens Backes's avatar
      Move decoded asm.js offset table off-heap · 87f09404
      Clemens Backes authored
      The asm.js offset table exists in two forms: Delta-encoded in a byte
      array, as generated during asm translation, and decoded, for faster
      lookup.
      This CL moves the encoded version from the {AsmWasmData} and
      {WasmModuleObject} to the {WasmModule}, and stores it off-heap in a C++
      array instead of a {ByteArray}.
      Also, it moves the decoded version off-heap by storing it in a C++ data
      structure that makes lookup easy, instead of encoding it again in
      another {ByteArray}.
      
      This change is a nice refactoring in itself, but it also prepares adding
      more information to the offset table. For reconstructing the source code
      of an asm.js function, we will need to store the start and end offsets
      of the whole function as well (see linked bug).
      
      R=jkummerow@chromium.org
      
      Bug: chromium:667678
      Change-Id: I79b789c3122dd8ba803cedc6bfdcc3d4b1fa0fd4
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011108
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#65900}
      87f09404
  25. 08 Jan, 2020 1 commit
  26. 13 Dec, 2019 1 commit
  27. 15 Oct, 2019 1 commit
  28. 10 Sep, 2019 1 commit
  29. 09 Sep, 2019 1 commit
    • Ulan Degenbaev's avatar
      Reland x6 [arraybuffer] Rearchitect backing store ownership · b6b7de0d
      Ulan Degenbaev authored
      This reverts commit 9da34831
      
      Original change's description:
      > "Reland x4 [arraybuffer] Rearchitect backing store ownership"
      >
      > This is a reland of bc33f5ae
      >
      > Contributed by titzer@chromium.org
      >
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > >
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > >
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > >
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      >
      > TBR=yangguo@chromium.org
      >
      > BUG=v8:9380,v8:9221,chromium:986318
      >
      > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      
      > Cr-Commit-Position: refs/heads/master@{#63041}
      
      TBR=yangguo@chromium.org
      
      Change-Id: I3cc4bb80081c662b1751234bc16a821c20e744be
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792166
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63617}
      b6b7de0d
  30. 30 Aug, 2019 1 commit
    • Ulan Degenbaev's avatar
      Revert "Reland x5 [arraybuffer] Rearchitect backing store ownership" · 9da34831
      Ulan Degenbaev authored
      This reverts commit 62e16830.
      
      Reason for revert: it will be relanded after branch
      
      Original change's description:
      > Reland x5 [arraybuffer] Rearchitect backing store ownership
      > 
      > This reverts commit 8fdb2387.
      > 
      > Original change's description:
      > > "Reland x4 [arraybuffer] Rearchitect backing store ownership"
      > >
      > > This is a reland of bc33f5ae
      > >
      > > Contributed by titzer@chromium.org
      > >
      > > Original change's description:
      > > > [arraybuffer] Rearchitect backing store ownership
      > > >
      > > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > > >
      > > > Overall, lifetime management is simpler and more explicit. The numerous
      > > > ways that array buffers were initialized have been streamlined to one
      > > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > > and the construction and destruction of the BackingStore object itself
      > > > handles the underlying page or embedder-allocated memory.
      > > >
      > > > The embedder API remains unchanged for now. We use the
      > > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > > keep the backing store alive properly, even in the case of aliases
      > > > from live heap objects. Thus the embedder has a lower chance of making
      > > > a mistake. Long-term, we should move the embedder to a model where they
      > > > manage backing stores using shared_ptr to an opaque backing store object.
      > >
      > > TBR=yangguo@chromium.org
      > >
      > > BUG=v8:9380,v8:9221,chromium:986318
      > >
      > > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      > > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#63041}
      > 
      > TBR=yangguo@chromium.org,clemensh@chromium.org,mstarzinger@chromium.org
      > 
      > Change-Id: Iba55c7ab71e5642b5cb6aeb699d6fc9cf9061486
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771795
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63461}
      
      TBR=ulan@chromium.org,mlippautz@chromium.org
      
      Change-Id: Id8f67a68ab398032eb2975b1b24ee125394d9c4b
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776095Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63471}
      9da34831
  31. 29 Aug, 2019 1 commit
    • Ulan Degenbaev's avatar
      Reland x5 [arraybuffer] Rearchitect backing store ownership · 62e16830
      Ulan Degenbaev authored
      This reverts commit 8fdb2387.
      
      Original change's description:
      > "Reland x4 [arraybuffer] Rearchitect backing store ownership"
      >
      > This is a reland of bc33f5ae
      >
      > Contributed by titzer@chromium.org
      >
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > >
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > >
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > >
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      >
      > TBR=yangguo@chromium.org
      >
      > BUG=v8:9380,v8:9221,chromium:986318
      >
      > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63041}
      
      TBR=yangguo@chromium.org,clemensh@chromium.org,mstarzinger@chromium.org
      
      Change-Id: Iba55c7ab71e5642b5cb6aeb699d6fc9cf9061486
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771795Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63461}
      62e16830
  32. 05 Aug, 2019 1 commit
    • Ulan Degenbaev's avatar
      Revert ""Reland x4 [arraybuffer] Rearchitect backing store ownership"" · 8fdb2387
      Ulan Degenbaev authored
      This reverts commit 5611f70b.
      
      Reason for revert: flaky tests: v8:9588, v8:9587
      
      Original change's description:
      > "Reland x4 [arraybuffer] Rearchitect backing store ownership"
      > 
      > This is a reland of bc33f5ae
      > 
      > Contributed by titzer@chromium.org
      > 
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > >
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > >
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > >
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      > 
      > TBR=yangguo@chromium.org
      > 
      > BUG=v8:9380,v8:9221,chromium:986318
      > 
      > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63041}
      
      TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,clemensh@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:9380, v8:9221, chromium:986318
      Change-Id: Ic7381239f4e90d0c437b7e47a5ac6e8bce60f882
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1736747Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63081}
      8fdb2387
  33. 02 Aug, 2019 1 commit
    • Ulan Degenbaev's avatar
      "Reland x4 [arraybuffer] Rearchitect backing store ownership" · 5611f70b
      Ulan Degenbaev authored
      This is a reland of bc33f5ae
      
      Contributed by titzer@chromium.org
      
      Original change's description:
      > [arraybuffer] Rearchitect backing store ownership
      >
      > This CL completely rearchitects the ownership of array buffer backing stores,
      > consolidating ownership into a {BackingStore} C++ object that is tracked
      > throughout V8 using unique_ptr and shared_ptr where appropriate.
      >
      > Overall, lifetime management is simpler and more explicit. The numerous
      > ways that array buffers were initialized have been streamlined to one
      > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > and the construction and destruction of the BackingStore object itself
      > handles the underlying page or embedder-allocated memory.
      >
      > The embedder API remains unchanged for now. We use the
      > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > keep the backing store alive properly, even in the case of aliases
      > from live heap objects. Thus the embedder has a lower chance of making
      > a mistake. Long-term, we should move the embedder to a model where they
      > manage backing stores using shared_ptr to an opaque backing store object.
      
      TBR=yangguo@chromium.org
      
      BUG=v8:9380,v8:9221,chromium:986318
      
      Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63041}
      5611f70b
  34. 31 Jul, 2019 2 commits
    • Francis McCabe's avatar
      Revert ""Reland x3 [arraybuffer] Rearchitect backing store ownership"" · 195679de
      Francis McCabe authored
      This reverts commit df8e6177.
      
      Reason for revert: Multiple flakes in apparently related areas:
      
      https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8906409837768155568/+/steps/Check__flakes_/0/logs/BackingStoreTest.RacyGrowWasmMem.../0
      
      Original change's description:
      > "Reland x3 [arraybuffer] Rearchitect backing store ownership"
      > 
      > This is a reland of bc33f5ae
      > 
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > >
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > >
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > >
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      > 
      > R=​mlippautz@chromium.org
      > BUG=v8:9380,v8:9221,chromium:986318
      > TBR=ulan@chromium.org
      > 
      > Change-Id: I6c49e2425029b5664ef1c68dab8b5146f4ed0ff2
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1719191
      > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63007}
      
      TBR=mstarzinger@chromium.org,titzer@chromium.org,mlippautz@chromium.org
      
      Change-Id: If0266e5893b1325a332d5986337fa7ece2cb6943
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:9380, v8:9221, chromium:986318
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1729549Reviewed-by: 's avatarFrancis McCabe <fgm@chromium.org>
      Commit-Queue: Francis McCabe <fgm@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63011}
      195679de
    • Ben L. Titzer's avatar
      "Reland x3 [arraybuffer] Rearchitect backing store ownership" · df8e6177
      Ben L. Titzer authored
      This is a reland of bc33f5ae
      
      Original change's description:
      > [arraybuffer] Rearchitect backing store ownership
      >
      > This CL completely rearchitects the ownership of array buffer backing stores,
      > consolidating ownership into a {BackingStore} C++ object that is tracked
      > throughout V8 using unique_ptr and shared_ptr where appropriate.
      >
      > Overall, lifetime management is simpler and more explicit. The numerous
      > ways that array buffers were initialized have been streamlined to one
      > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > and the construction and destruction of the BackingStore object itself
      > handles the underlying page or embedder-allocated memory.
      >
      > The embedder API remains unchanged for now. We use the
      > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > keep the backing store alive properly, even in the case of aliases
      > from live heap objects. Thus the embedder has a lower chance of making
      > a mistake. Long-term, we should move the embedder to a model where they
      > manage backing stores using shared_ptr to an opaque backing store object.
      
      R=mlippautz@chromium.org
      BUG=v8:9380,v8:9221,chromium:986318
      TBR=ulan@chromium.org
      
      Change-Id: I6c49e2425029b5664ef1c68dab8b5146f4ed0ff2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1719191Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63007}
      df8e6177
  35. 23 Jul, 2019 1 commit
  36. 22 Jul, 2019 1 commit
    • Ben L. Titzer's avatar
      Reland "Reland "[arraybuffer] Rearchitect backing store ownership"" · 306cf403
      Ben L. Titzer authored
      This is a reland of bc33f5ae
      
      Original change's description:
      > Reland "[arraybuffer] Rearchitect backing store ownership"
      > 
      > This is a reland of 31cd5d83
      > 
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > > 
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > > 
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > > 
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      > > 
      > > R=mlippautz@chromium.org
      > > BUG=v8:9380,v8:9221
      > > 
      > > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
      > > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#62572}
      > 
      > Bug: v8:9380, v8:9221
      > Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906
      > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#62809}
      
      Bug: v8:9380, v8:9221
      Change-Id: I9a2525753ae2424108d074fa81df5f25d945c824
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709409
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62847}
      306cf403
  37. 19 Jul, 2019 1 commit
  38. 18 Jul, 2019 1 commit
    • Clemens Hammacher's avatar
      Revert "Reland "[arraybuffer] Rearchitect backing store ownership"" · 6e0473f3
      Clemens Hammacher authored
      This reverts commit bc33f5ae.
      
      Reason for revert: Still failing (OOM on win32): https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/22210
      
      Original change's description:
      > Reland "[arraybuffer] Rearchitect backing store ownership"
      > 
      > This is a reland of 31cd5d83
      > 
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > > 
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > > 
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > > 
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      > > 
      > > R=mlippautz@chromium.org
      > > BUG=v8:9380,v8:9221
      > > 
      > > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
      > > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#62572}
      > 
      > Bug: v8:9380, v8:9221
      > Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906
      > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#62809}
      
      TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,gdeepti@chromium.org,mlippautz@chromium.org
      
      Change-Id: Iea755df9aaa1e95d284135bd0a6681b1340b6832
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:9380, v8:9221
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708487Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62811}
      6e0473f3