Skip to content

V
V8
Switch branch/tag
  1. 19 Aug, 2019 2 commits
    • Dominik Inführ's avatar
      Revert "Use list of invalidated objects for old-to-new refs" · 9a9ba762
      Dominik Inführ authored 
      This reverts commit 60843b42.

Reason for revert: TSAN detected issue between Scavenge workers.
One task could invoke RefillFreeList(), while the other task iterates the remembered set of a swept page.

Original change's description:
> Use list of invalidated objects for old-to-new refs
> 
> Instead of inserting "deletion" entries into the store buffer, keep a
> list of invalidated objects to filter out invalid old-to-new slots.
> 
> The first CL https://crrev.com/c/1704109 got reverted because both the
> sweeper and the main task were modifying the invalidated slots data
> structure concurrently. This CL changes this, such that the sweeper
> only modifies the invalidated slots during the final atomic pause when
> the main thread is not running. The sweeper does not need to clean this
> data structure after the pause, since the "update pointers" phase
> already removed all invalidated slots.
> 
> The second CL https://crrev.com/c/1733081 got reverted because the
> sweeper might find more free space than the full GC before it. If an
> object shrinks after the pause but before the sweep, the invalidated
> object might span free memory and potentially new allocated objects.
> Therefore shrink invalidated objects when processing swept pages on
> the main thread. Also clean recorded slots in the gap.
> 
> TBR=petermarshall@chromium.org
> 
> Bug: v8:9454
> Change-Id: I80d1fa3bbc24e97f7c97a373aaad66f105456f12
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751795
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63239}

TBR=ulan@chromium.org,hpayer@chromium.org,dinfuehr@chromium.org

Change-Id: I9c6a371ebe36a1873acbe0d6c6a75dd2f5a55f4e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9454
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760817Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63253}
      9a9ba762
    • Dominik Inführ's avatar
      Use list of invalidated objects for old-to-new refs · 60843b42
      Dominik Inführ authored 
      Instead of inserting "deletion" entries into the store buffer, keep a
list of invalidated objects to filter out invalid old-to-new slots.

The first CL https://crrev.com/c/1704109 got reverted because both the
sweeper and the main task were modifying the invalidated slots data
structure concurrently. This CL changes this, such that the sweeper
only modifies the invalidated slots during the final atomic pause when
the main thread is not running. The sweeper does not need to clean this
data structure after the pause, since the "update pointers" phase
already removed all invalidated slots.

The second CL https://crrev.com/c/1733081 got reverted because the
sweeper might find more free space than the full GC before it. If an
object shrinks after the pause but before the sweep, the invalidated
object might span free memory and potentially new allocated objects.
Therefore shrink invalidated objects when processing swept pages on
the main thread. Also clean recorded slots in the gap.

TBR=petermarshall@chromium.org

Bug: v8:9454
Change-Id: I80d1fa3bbc24e97f7c97a373aaad66f105456f12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751795
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63239}
      60843b42
  3. 08 Aug, 2019 1 commit
    • Dominik Inführ's avatar
      Revert "Use list of invalidated objects for old-to-new refs" · c9f9d1b0
      Dominik Inführ authored 
      This reverts commit e2f98ec2.

Reason for revert: Caused performance regression in ArrayLiteralInitialSpreadSmallHoley.

Original change's description:
> Use list of invalidated objects for old-to-new refs
>
> Instead of inserting "deletion" entries into the store buffer, keep
> a list of invalidated objects to filter out invalid old-to-new slots.
>
> The first CL https://crrev.com/c/1704109 got reverted because both the sweeper and the main task were modifying the invalidated slots data structure concurrently. This CL changes this, such that the sweeper only modifies the invalidated slots during the final atomic pause when the main thread is not running. The sweeper does not need to clean this data structure after the pause, since the "update pointers" phase already removed all invalidated slots.
>
> Bug: v8:9454
> Change-Id: Iffb5bf96de2c89eee1ee1231a3414a0f2a155cbc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733081
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63087}

TBR=ulan@chromium.org,petermarshall@chromium.org,dinfuehr@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:9454
Change-Id: I328b9f72df45fc9570d4a4d1b5389eac010638c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743970
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63131}
      c9f9d1b0
  5. 06 Aug, 2019 1 commit
  7. 16 Jul, 2019 2 commits
  9. 21 Jun, 2019 1 commit
  11. 24 May, 2019 1 commit
  13. 23 May, 2019 1 commit
  15. 21 May, 2019 1 commit
  17. 30 Apr, 2019 1 commit
    • Mike Stanton's avatar
      Reland "[ptr-compr] New RelocInfo for compressed pointers." · ed319e84
      Mike Stanton authored 
      Failure addressed by not exposing the new test to the jitless environment.
(jgruber@ on TBR).

New enum RelocInfo::COMPRESSED_EMBEDDED_OBJECT created to support
compressed pointers in generated code. Enum name EMBEDDED_OBJECT
changed to FULL_EMBEDDED_OBJECT.

RelocInfo::[set_]target_object() abstract away the difference between
FULL_EMBEDDED_OBJECT and COMPRESSED_EMBEDDED_OBJECT.

Compressed embedded objects can only be created at this time on
x64 with pointer compression turned on. Arm64 constant pools don't
support compressed objects at this time.

NOPRESUBMIT=true

Bug: v8:7703
TBR: jgruber@chromium.org
Change-Id: Ifff53b041bab09b4b8c3e16085e5df4aa2b99f4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588461Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61104}
      ed319e84
  19. 29 Apr, 2019 3 commits
  21. 27 Feb, 2019 1 commit
  23. 20 Dec, 2018 1 commit
  25. 10 Dec, 2018 2 commits
  27. 06 Dec, 2018 1 commit
  29. 22 Nov, 2018 1 commit
  31. 21 Nov, 2018 1 commit
    • Ulan Degenbaev's avatar
      [heap] Clean up TypedSlotSet. · 841c40b7
      Ulan Degenbaev authored 
      This extracts the parts of the TypedSlotSet that are used only
sequentially into a separate class called TypedSlots.

The new class will be used in the concurrent marker to keep track of
typed slots locally and then to merge them to the main remembered set
during finalization of marking.

The patch also cleans up atomics in the Iterate and ClearInvalidSlots
methods that can run concurrently to each other.

Bug:v8:8459

Change-Id: Id7a63041f7b99218381e5e9e1999210cab9c4369
Reviewed-on: https://chromium-review.googlesource.com/c/1340247
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57673}
      841c40b7
  33. 12 Nov, 2018 1 commit
  35. 24 Oct, 2018 1 commit
  37. 23 Aug, 2018 1 commit
  39. 17 Aug, 2018 1 commit
  41. 09 Jul, 2018 1 commit
    • Sigurd Schneider's avatar
      [turbofan] Use relative calls/jumps on arm for builtins · 23dbb81d
      Sigurd Schneider authored 
      This CL uses pc-relative jumps and calls (B/BL) for calls from embedded
builtins to embedded builtins. To make this work, the code range size is
limited to 32MB on arm during mksnapshot, which ensures that all builtin
to builtin offsets for jumps/calls fit into the B/BL immediate. At code
generation time, we put a placeholder into the instruction offset which
we resolve to the right code object when the code is copied to the heap.
We use a new relocation mode RELATIVE_CODE_TARGET for these relative jumps.
The relocation mode RELATIVE_CODE_TARGET should never appear after
generating the snapshot.

We modify the target_address/set_target_address methods of RelocInfo
such that they return the absolute target addresses for pc-relative B/BL
instructions. This ensures that the GC can treat RELATIVE_CODE_TARGET in
the same way as code targets. This, however, only matters during
snapshot creation time, and production code never contains
RELATIVE_CODE_TARGET relocations.

Bug: v8:6666
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: If7eab83ad588859ca87c654a5ddc3e37caea884c
Reviewed-on: https://chromium-review.googlesource.com/1117181Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54320}
      23dbb81d
  43. 01 Jun, 2018 1 commit
  45. 08 May, 2018 1 commit
  47. 14 Apr, 2018 1 commit
    • Jakob Kummerow's avatar
      [ubsan] Change Address typedef to uintptr_t · 2459046c
      Jakob Kummerow authored 
      The "Address" type is V8's general-purpose type for manipulating memory
addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
are undefined behavior except within the same array; since we generally
don't operate within a C++ array, our general-purpose type shouldn't be
a pointer type.

Bug: v8:3770
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
Reviewed-on: https://chromium-review.googlesource.com/988657
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52601}
      2459046c
  49. 05 Apr, 2018 1 commit
    • jgruber's avatar
      Rename Code::instruction_{start,end,size} functions · 7b29fe43
      jgruber authored 
      In order to clarify the difference between, e.g., InstructionStart and
instruction_start, rename as follows:

Code::instruction_start -> raw_instruction_start
Code::instruction_end   -> raw_instruction_end
Code::instruction_size  -> raw_instruction_size

The difference between the camel-case and raw_* function families is
in how they handle off-heap-trampoline Code objects. For example, when
called on an off-heap-trampoline: raw_instruction_start returns the
trampoline's entry point, while InstructionStart returns the off-heap
code's entry point (located in the .text section of the binary).

Some callsites were updated to call the camel-case function family as
appropriate.

Bug: v8:6666
Change-Id: I4a572f47c2d161a853599d7c17879e263b0d1a87
Reviewed-on: https://chromium-review.googlesource.com/997532
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52387}
      7b29fe43
  51. 21 Mar, 2018 1 commit
  53. 05 Mar, 2018 3 commits
  55. 13 Feb, 2018 1 commit
  57. 02 Feb, 2018 1 commit
  59. 13 Oct, 2017 1 commit
  61. 15 Sep, 2017 1 commit
    • Ulan Degenbaev's avatar
      [heap] Fix memory leak in the remembered set. · 163d3604
      Ulan Degenbaev authored 
      Empty slot set buckets can leak in the following scenarios.

Scenario 1 (large object space):
1) A large array is allocated in the large object space.
2) The array is filled with old->new references, which allocates new
   slot set buckets.
3) The references are overwritten with smis or old space pointers, which
   make the slots set buckets empty.
4) Garbage collection (scavenge or mark-compact) iterates the slots set
   of the array and pre-frees the empty buckets.
5) Steps 2-4 repeated many times and leak arbitary many empty buckets.
The fix to free empty buckets for large object space in mark-compact. 

Scenario 2 (no mark-compact):
1) A small array is allocated in the old space.
2) The array is filled with old->new references, which allocates new
   slot set buckets.
3) The references are overwritten with smis or old space pointers, which
   make the slots set buckets empty.
4) Scavenge iterates the slots set of the array and pre-frees the empty
   buckets.
5) Steps 2-4 repeated many times and leak arbitary many empty buckets.
The fix to free empty buckets for swept pages in scavenger.

Bug: v8:6800
TBR: mlippautz@chromium.org
Change-Id: I48d94870f5acf4f6208858271886911c895a9126
Reviewed-on: https://chromium-review.googlesource.com/668442Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48041}
      163d3604
  63. 16 Aug, 2017 1 commit
  65. 04 Aug, 2017 1 commit