- 11 Aug, 2018 1 commit
-
-
Ulan Degenbaev authored
This reverts commit 5b434929. Changes after the original CL: - Right-trimming registers the array as an object with invalidated slots. - Left-trimming moves the array start in the invalidated slots map. Original change's description: > Fix invalidation of old-to-old slots after object trimming. > > A recorded old-to-old slot may be overwritten with a pointer to a new > space object. If the object containing the slot is trimmed later on, > then the mark-compactor may crash on a stale pointer to new space. > > This patch ensures that: > 1) On trimming of an object we add it to the invalidated_slots sets. > 2) The InvalidatedSlotsFilter::IsValid returns false for slots outside > the invalidated object unless the page was already swept. > > Array left-trimming is handled as a special case because object start > moves and cannot be added to the invalidated set. Instead, we clear > the freed memory so that the recorded slots contain Smi values. > > Bug: chromium:870226,chromium:816426 > Change-Id: Iffc05a58fcf52ece45fdb085b5d1fd4b3acb5d53 > Reviewed-on: https://chromium-review.googlesource.com/1163784 > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#54953} Change-Id: I1f1080f680196c581f62aef8d3a00a595f9bb9b0 Reviewed-on: https://chromium-review.googlesource.com/1165555 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55066}
-
- 07 Aug, 2018 2 commits
-
-
Ulan Degenbaev authored
This reverts commit 719d23c0. Reason for revert: TSAN failures Original change's description: > Fix invalidation of old-to-old slots after object trimming. > > A recorded old-to-old slot may be overwritten with a pointer to a new > space object. If the object containing the slot is trimmed later on, > then the mark-compactor may crash on a stale pointer to new space. > > This patch ensures that: > 1) On trimming of an object we add it to the invalidated_slots sets. > 2) The InvalidatedSlotsFilter::IsValid returns false for slots outside > the invalidated object unless the page was already swept. > > Array left-trimming is handled as a special case because object start > moves and cannot be added to the invalidated set. Instead, we clear > the freed memory so that the recorded slots contain Smi values. > > Bug: chromium:870226,chromium:816426 > Change-Id: Iffc05a58fcf52ece45fdb085b5d1fd4b3acb5d53 > Reviewed-on: https://chromium-review.googlesource.com/1163784 > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#54953} TBR=ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org Change-Id: I2e1ff83c2db7902488951a8f597d38133aeb3b04 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:870226, chromium:816426 Reviewed-on: https://chromium-review.googlesource.com/1165862Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#54954}
-
Ulan Degenbaev authored
A recorded old-to-old slot may be overwritten with a pointer to a new space object. If the object containing the slot is trimmed later on, then the mark-compactor may crash on a stale pointer to new space. This patch ensures that: 1) On trimming of an object we add it to the invalidated_slots sets. 2) The InvalidatedSlotsFilter::IsValid returns false for slots outside the invalidated object unless the page was already swept. Array left-trimming is handled as a special case because object start moves and cannot be added to the invalidated set. Instead, we clear the freed memory so that the recorded slots contain Smi values. Bug: chromium:870226,chromium:816426 Change-Id: Iffc05a58fcf52ece45fdb085b5d1fd4b3acb5d53 Reviewed-on: https://chromium-review.googlesource.com/1163784 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#54953}
-
- 26 Mar, 2018 1 commit
-
-
Ulan Degenbaev authored
Almost all callers of BodyDescriptor already have the map of the object and should pass it to IterateBody and IsValidSlot functions. This removes redundant load and makes the function consistent with the SizeOf function. Change-Id: Ie47a9bb05af23fbf0576dff99f2ec69625e057fc Reviewed-on: https://chromium-review.googlesource.com/979436 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#52218}
-
- 02 Feb, 2018 1 commit
-
-
jgruber authored
This check verifies that all .h files in the src/ directory have an include guard of the form #ifndef V8_PATH_TO_FILE_H_ #define V8_PATH_TO_FILE_H_ // ... #endif // V8_PATH_TO_FILE_H_ The check can be skipped with a magic comment: // PRESUBMIT_INTENTIONALLY_MISSING_INCLUDE_GUARD Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng;master.tryserver.blink:linux_trusty_blink_rel Change-Id: I0a7b96abec289ad60f64ba8418f1892a6969596d Reviewed-on: https://chromium-review.googlesource.com/897487Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#51079}
-
- 03 Aug, 2017 2 commits
-
-
Ulan Degenbaev authored
On advancing the iterator we need to reset the current object, so that it can be lazily reloaded later on. TBR=mlippautz@chromium.org Bug: chromium:694255 Change-Id: If7ddd8670df9d11837f491503312919b55b451fe Reviewed-on: https://chromium-review.googlesource.com/600687 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47142}
-
Ulan Degenbaev authored
This reverts commit b9acf4ed. Bug: chromium:694255 Change-Id: I62766e8b32cfa16af39a28ad07fecd72441ad8cd Reviewed-on: https://chromium-review.googlesource.com/598468Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47132}
-
- 02 Aug, 2017 4 commits
-
-
Ulan Degenbaev authored
This reverts commit 0a9d5150. Reason for revert: another gc-stress failure Original change's description: > Reland^2 "[heap] Add mechanism for tracking invalidated slots per memory chunk." > > This reverts commit 6fde541d. > > Bug: chromium:694255 > Change-Id: I4670d0de3d2749afbb3bdb8dc5418822a885330c > Reviewed-on: https://chromium-review.googlesource.com/597850 > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47083} TBR=ulan@chromium.org,mlippautz@chromium.org Change-Id: Iaabf4586e0297dccb1ab4ef180b6f1eea173273b No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:694255 Reviewed-on: https://chromium-review.googlesource.com/598094Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47084}
-
Ulan Degenbaev authored
This reverts commit 6fde541d. Bug: chromium:694255 Change-Id: I4670d0de3d2749afbb3bdb8dc5418822a885330c Reviewed-on: https://chromium-review.googlesource.com/597850 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47083}
-
Ulan Degenbaev authored
This reverts commit d4a742fd. Reason for revert: gc-stress failures Original change's description: > Reland "[heap] Add mechanism for tracking invalidated slots per memory chunk." > > This reverts commit c59b81d7. > > Original change's description: > > [heap] Add mechanism for tracking invalidated slots per memory chunk. > > > For correct slots recording in concurrent marker, we need to resolve > > the race that happens when > > 1) the mutator is invalidating slots for double unboxing or string > > conversions > > 2) and the concurrent marker is recording these slots. > > > This patch adds a data-structure for tracking the invalidated objects. > > Thus we can allow the concurrent marker to record slots without > > worrying about clearing them. During old-to-old pointer updating phase > > we re-check all slots that belong to the invalidated objects. > > BUG=chromium:694255 > > Change-Id: Idf8927d162377a7bbdff34f81a87e52db27d6a9f > Reviewed-on: https://chromium-review.googlesource.com/596868 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47068} TBR=ulan@chromium.org,mlippautz@chromium.org Change-Id: I81c6059a092cc5834acd799c51fd30dc0ecf5b27 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:694255 Reviewed-on: https://chromium-review.googlesource.com/597787Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47078}
-
Ulan Degenbaev authored
This reverts commit c59b81d7. Original change's description: > [heap] Add mechanism for tracking invalidated slots per memory chunk. > For correct slots recording in concurrent marker, we need to resolve > the race that happens when > 1) the mutator is invalidating slots for double unboxing or string > conversions > 2) and the concurrent marker is recording these slots. > This patch adds a data-structure for tracking the invalidated objects. > Thus we can allow the concurrent marker to record slots without > worrying about clearing them. During old-to-old pointer updating phase > we re-check all slots that belong to the invalidated objects. BUG=chromium:694255 Change-Id: Idf8927d162377a7bbdff34f81a87e52db27d6a9f Reviewed-on: https://chromium-review.googlesource.com/596868Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47068}
-
- 01 Aug, 2017 2 commits
-
-
Ulan Degenbaev authored
This reverts commit 7a5a777c. Reason for revert: crashing in test-api Original change's description: > [heap] Add mechanism for tracking invalidated slots per memory chunk. > > For correct slots recording in concurrent marker, we need to resolve > the race that happens when > 1) the mutator is invalidating slots for double unboxing or string > conversions > 2) and the concurrent marker is recording these slots. > > This patch adds a data-structure for tracking the invalidated objects. > Thus we can allow the concurrent marker to record slots without > worrying about clearing them. During old-to-old pointer updating phase > we re-check all slots that belong to the invalidated objects. > > BUG=chromium:694255 > > Change-Id: Ifc3d82918cd3b96e5a5fb7125691626a56f4ab83 > Reviewed-on: https://chromium-review.googlesource.com/591810 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47049} TBR=ulan@chromium.org,mlippautz@chromium.org Change-Id: I7f4f8e8cb027b921a82e9c0a0623536af02581fb No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:694255 Reviewed-on: https://chromium-review.googlesource.com/595994Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47052}
-
Ulan Degenbaev authored
For correct slots recording in concurrent marker, we need to resolve the race that happens when 1) the mutator is invalidating slots for double unboxing or string conversions 2) and the concurrent marker is recording these slots. This patch adds a data-structure for tracking the invalidated objects. Thus we can allow the concurrent marker to record slots without worrying about clearing them. During old-to-old pointer updating phase we re-check all slots that belong to the invalidated objects. BUG=chromium:694255 Change-Id: Ifc3d82918cd3b96e5a5fb7125691626a56f4ab83 Reviewed-on: https://chromium-review.googlesource.com/591810Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47049}
-