1. 11 Aug, 2018 1 commit
    • Ulan Degenbaev's avatar
      Reland "Fix invalidation of old-to-old slots after object trimming." · 51e6ecb9
      Ulan Degenbaev authored
      This reverts commit 5b434929.
      
      Changes after the original CL:
      - Right-trimming registers the array as an object with invalidated
        slots.
      - Left-trimming moves the array start in the invalidated slots map.
      
      Original change's description:
      > Fix invalidation of old-to-old slots after object trimming.
      >
      > A recorded old-to-old slot may be overwritten with a pointer to a new
      > space object. If the object containing the slot is trimmed later on,
      > then the mark-compactor may crash on a stale pointer to new space.
      >
      > This patch ensures that:
      > 1) On trimming of an object we add it to the invalidated_slots sets.
      > 2) The InvalidatedSlotsFilter::IsValid returns false for slots outside
      >    the invalidated object unless the page was already swept.
      >
      > Array left-trimming is handled as a special case because object start
      > moves and cannot be added to the invalidated set. Instead, we clear
      > the freed memory so that the recorded slots contain Smi values.
      >
      > Bug: chromium:870226,chromium:816426
      > Change-Id: Iffc05a58fcf52ece45fdb085b5d1fd4b3acb5d53
      > Reviewed-on: https://chromium-review.googlesource.com/1163784
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#54953}
      
      Change-Id: I1f1080f680196c581f62aef8d3a00a595f9bb9b0
      Reviewed-on: https://chromium-review.googlesource.com/1165555
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#55066}
      51e6ecb9
  2. 07 Aug, 2018 2 commits
    • Ulan Degenbaev's avatar
      Revert "Fix invalidation of old-to-old slots after object trimming." · 5b434929
      Ulan Degenbaev authored
      This reverts commit 719d23c0.
      
      Reason for revert: TSAN failures
      
      Original change's description:
      > Fix invalidation of old-to-old slots after object trimming.
      > 
      > A recorded old-to-old slot may be overwritten with a pointer to a new
      > space object. If the object containing the slot is trimmed later on,
      > then the mark-compactor may crash on a stale pointer to new space.
      > 
      > This patch ensures that:
      > 1) On trimming of an object we add it to the invalidated_slots sets.
      > 2) The InvalidatedSlotsFilter::IsValid returns false for slots outside
      >    the invalidated object unless the page was already swept.
      > 
      > Array left-trimming is handled as a special case because object start
      > moves and cannot be added to the invalidated set. Instead, we clear
      > the freed memory so that the recorded slots contain Smi values.
      > 
      > Bug: chromium:870226,chromium:816426
      > Change-Id: Iffc05a58fcf52ece45fdb085b5d1fd4b3acb5d53
      > Reviewed-on: https://chromium-review.googlesource.com/1163784
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#54953}
      
      TBR=ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org
      
      Change-Id: I2e1ff83c2db7902488951a8f597d38133aeb3b04
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: chromium:870226, chromium:816426
      Reviewed-on: https://chromium-review.googlesource.com/1165862Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54954}
      5b434929
    • Ulan Degenbaev's avatar
      Fix invalidation of old-to-old slots after object trimming. · 719d23c0
      Ulan Degenbaev authored
      A recorded old-to-old slot may be overwritten with a pointer to a new
      space object. If the object containing the slot is trimmed later on,
      then the mark-compactor may crash on a stale pointer to new space.
      
      This patch ensures that:
      1) On trimming of an object we add it to the invalidated_slots sets.
      2) The InvalidatedSlotsFilter::IsValid returns false for slots outside
         the invalidated object unless the page was already swept.
      
      Array left-trimming is handled as a special case because object start
      moves and cannot be added to the invalidated set. Instead, we clear
      the freed memory so that the recorded slots contain Smi values.
      
      Bug: chromium:870226,chromium:816426
      Change-Id: Iffc05a58fcf52ece45fdb085b5d1fd4b3acb5d53
      Reviewed-on: https://chromium-review.googlesource.com/1163784
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54953}
      719d23c0
  3. 26 Mar, 2018 1 commit
  4. 02 Feb, 2018 1 commit
  5. 03 Aug, 2017 2 commits
  6. 02 Aug, 2017 4 commits
  7. 01 Aug, 2017 2 commits
    • Ulan Degenbaev's avatar
      Revert "[heap] Add mechanism for tracking invalidated slots per memory chunk." · c59b81d7
      Ulan Degenbaev authored
      This reverts commit 7a5a777c.
      
      Reason for revert: crashing in test-api
      
      Original change's description:
      > [heap] Add mechanism for tracking invalidated slots per memory chunk.
      > 
      > For correct slots recording in concurrent marker, we need to resolve
      > the race that happens when
      > 1) the mutator is invalidating slots for double unboxing or string
      > conversions
      > 2) and the concurrent marker is recording these slots.
      > 
      > This patch adds a data-structure for tracking the invalidated objects.
      > Thus we can allow the concurrent marker to record slots without
      > worrying about clearing them. During old-to-old pointer updating phase
      > we re-check all slots that belong to the invalidated objects.
      > 
      > BUG=chromium:694255
      > 
      > Change-Id: Ifc3d82918cd3b96e5a5fb7125691626a56f4ab83
      > Reviewed-on: https://chromium-review.googlesource.com/591810
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#47049}
      
      TBR=ulan@chromium.org,mlippautz@chromium.org
      
      Change-Id: I7f4f8e8cb027b921a82e9c0a0623536af02581fb
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: chromium:694255
      Reviewed-on: https://chromium-review.googlesource.com/595994Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#47052}
      c59b81d7
    • Ulan Degenbaev's avatar
      [heap] Add mechanism for tracking invalidated slots per memory chunk. · 7a5a777c
      Ulan Degenbaev authored
      For correct slots recording in concurrent marker, we need to resolve
      the race that happens when
      1) the mutator is invalidating slots for double unboxing or string
      conversions
      2) and the concurrent marker is recording these slots.
      
      This patch adds a data-structure for tracking the invalidated objects.
      Thus we can allow the concurrent marker to record slots without
      worrying about clearing them. During old-to-old pointer updating phase
      we re-check all slots that belong to the invalidated objects.
      
      BUG=chromium:694255
      
      Change-Id: Ifc3d82918cd3b96e5a5fb7125691626a56f4ab83
      Reviewed-on: https://chromium-review.googlesource.com/591810Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#47049}
      7a5a777c