1. 16 Sep, 2020 1 commit
  2. 09 Sep, 2020 3 commits
    • Leszek Swirski's avatar
      Reland "[serializer] Change deferring to use forward refs" · 76d684cc
      Leszek Swirski authored
      This is a reland of 81577a79
      
      The revert was due to an missing dependency in the incremental build,
      fixed in https://crrev.com/c/2400987.
      
      Original change's description:
      > [serializer] Change deferring to use forward refs
      >
      > Now that we have forward references, we can replace the body deferring
      > mechanism with forward references to the entire pointer.
      >
      > This ensures that objects are always deserialized with their contents
      > (aside from themselves maybe holding forward refs), and as a result we
      > can simplify the CanBeDeferred conditions which encode the constraint
      > that some objects either need immediately have contents, or cannot be
      > deferred because their fields are changed temporarily (e.g. backing
      > store refs).
      >
      > This also means that objects with length fields (e.g. arrays) will
      > always have those length fields deserialized when the object is
      > deserialized, which was not the case when the body could be deferred.
      > This helps us in the plan to make GC possible during deserialization.
      >
      > Bug: v8:10815
      > Change-Id: Ib0e5399b9de6027765691e8cb47410a2ccc15485
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2390643
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#69760}
      
      Tbr: jgruber@chromium.org
      Bug: v8:10815
      Change-Id: I235076a97c5dfa58513e880cc477ac72a28b29e9
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400992Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69779}
      76d684cc
    • Sathya Gunasekaran's avatar
      Revert "[serializer] Change deferring to use forward refs" · cb1a96e5
      Sathya Gunasekaran authored
      This reverts commit 81577a79.
      
      Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20shared/10544
      
      Original change's description:
      > [serializer] Change deferring to use forward refs
      > 
      > Now that we have forward references, we can replace the body deferring
      > mechanism with forward references to the entire pointer.
      > 
      > This ensures that objects are always deserialized with their contents
      > (aside from themselves maybe holding forward refs), and as a result we
      > can simplify the CanBeDeferred conditions which encode the constraint
      > that some objects either need immediately have contents, or cannot be
      > deferred because their fields are changed temporarily (e.g. backing
      > store refs).
      > 
      > This also means that objects with length fields (e.g. arrays) will
      > always have those length fields deserialized when the object is
      > deserialized, which was not the case when the body could be deferred.
      > This helps us in the plan to make GC possible during deserialization.
      > 
      > Bug: v8:10815
      > Change-Id: Ib0e5399b9de6027765691e8cb47410a2ccc15485
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2390643
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#69760}
      
      TBR=jgruber@chromium.org,leszeks@chromium.org
      
      Change-Id: I7a93a59217a2b38e2157c0f7ffc7ac648590a8d6
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:10815
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2398535Reviewed-by: 's avatarSathya Gunasekaran  <gsathya@chromium.org>
      Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69763}
      cb1a96e5
    • Leszek Swirski's avatar
      [serializer] Change deferring to use forward refs · 81577a79
      Leszek Swirski authored
      Now that we have forward references, we can replace the body deferring
      mechanism with forward references to the entire pointer.
      
      This ensures that objects are always deserialized with their contents
      (aside from themselves maybe holding forward refs), and as a result we
      can simplify the CanBeDeferred conditions which encode the constraint
      that some objects either need immediately have contents, or cannot be
      deferred because their fields are changed temporarily (e.g. backing
      store refs).
      
      This also means that objects with length fields (e.g. arrays) will
      always have those length fields deserialized when the object is
      deserialized, which was not the case when the body could be deferred.
      This helps us in the plan to make GC possible during deserialization.
      
      Bug: v8:10815
      Change-Id: Ib0e5399b9de6027765691e8cb47410a2ccc15485
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2390643Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69760}
      81577a79
  3. 01 Sep, 2020 1 commit
    • Leszek Swirski's avatar
      [serializer] Serialize map before object · 7c912ffa
      Leszek Swirski authored
      Change the serialization protocol to ensure that maps are serialized
      before objects using them. This ensures that as soon as we allocate
      space for an object, we can immediately write the object's map into that
      allocation. In the future, this will allow us to make deserialized
      object visible to the GC.
      
      Specifically, this forces map serialization to happen after emitting
      a kNewObject for an object, but before allocating the space for it. We
      have to serialize the map after kNewObject because otherwise the map
      itself would be written into the "current" slot, into which the object
      is supposed to be deserialized.
      
      Objects whose maps are currently being deserialized are considered
      "pending" -- started, but not yet allocated. The map might point to a
      pending object (e.g. if an object's constructor points to the object).
      This is solved by introducing a new concept of forward references, where
      the field referring to the pending object is serialized as a "pending
      forward reference" which is "resolved" once the object is allocated.
      
      It might also point to itself, in the case of the meta map -- this is
      simply solved by introducing a new bytecode for the meta map; this
      cannot be a pending forward reference because the meta map is not yet
      allocated, so its map slot cannot be registered as pending.
      
      Finally, we may need to go to a new chunk after serializing the map; so
      after the map serialization, we peek to see if there's a next chunk
      bytecode before the object allocation.
      
      Bug: v8:10815
      Change-Id: Ifa8f25bdaf3b15b5d990a1d2e7be677c2fa80013
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362953
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69636}
      7c912ffa
  4. 04 May, 2020 1 commit
  5. 30 Apr, 2020 1 commit
  6. 28 Apr, 2020 3 commits
    • Jakob Gruber's avatar
      Reland "[snapshot] Expose the serializer through %SerializeDeserializeNow" · bce121c7
      Jakob Gruber authored
      This is a reland of ad5b005e
      
      Original change's description:
      > [snapshot] Expose the serializer through %SerializeDeserializeNow
      >
      > ... in order to exercise the snapshot/ component from mjsunit tests
      > and fuzzers.
      >
      > * Since the serializer and deserializer can now be called at any time
      > instead of only in a tightly controlled environment, several
      > assumptions (such as an empty execution stack, no microtasks, no
      > handles) no longer hold and had to be made configurable through
      > SerializerFlags.
      >
      > * Root iteration now skips more root categories which were previously
      > guaranteed to be empty (e.g. the stack, microtask queue, handles).
      >
      > * The %SerializeDeserializeNow runtime function triggers
      > serialization, deserialization, and heap verification on the current
      > isolate and native context.
      >
      > Support is not yet complete and will be extended in future work. Once
      > all mjsunit tests successfully run, we can add a new test mode to
      > stress serialization.
      >
      > Bug: v8:10416
      > Change-Id: Ie7ff441a761257dd7f256d0a33e73227850074ac
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159495
      > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Dan Elphick <delphick@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#67423}
      
      Tbr: delphick@chromium.org,ulan@chromium.org
      Bug: v8:10416
      Change-Id: Ibed04c0f0b72fabcf811d8b18a1479391a11568b
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170090Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarDan Elphick <delphick@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67426}
      bce121c7
    • Nico Hartmann's avatar
      Revert "[snapshot] Expose the serializer through %SerializeDeserializeNow" · 451854fa
      Nico Hartmann authored
      This reverts commit ad5b005e.
      
      Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/36070?
      
      Original change's description:
      > [snapshot] Expose the serializer through %SerializeDeserializeNow
      > 
      > ... in order to exercise the snapshot/ component from mjsunit tests
      > and fuzzers.
      > 
      > * Since the serializer and deserializer can now be called at any time
      > instead of only in a tightly controlled environment, several
      > assumptions (such as an empty execution stack, no microtasks, no
      > handles) no longer hold and had to be made configurable through
      > SerializerFlags.
      > 
      > * Root iteration now skips more root categories which were previously
      > guaranteed to be empty (e.g. the stack, microtask queue, handles).
      > 
      > * The %SerializeDeserializeNow runtime function triggers
      > serialization, deserialization, and heap verification on the current
      > isolate and native context.
      > 
      > Support is not yet complete and will be extended in future work. Once
      > all mjsunit tests successfully run, we can add a new test mode to
      > stress serialization.
      > 
      > Bug: v8:10416
      > Change-Id: Ie7ff441a761257dd7f256d0a33e73227850074ac
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159495
      > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Dan Elphick <delphick@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#67423}
      
      TBR=ulan@chromium.org,jgruber@chromium.org,delphick@chromium.org
      
      Change-Id: Ie30b94c9ec6e4463bed6cc87dd6525f469fdf84a
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:10416
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170089Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67424}
      451854fa
    • Jakob Gruber's avatar
      [snapshot] Expose the serializer through %SerializeDeserializeNow · ad5b005e
      Jakob Gruber authored
      ... in order to exercise the snapshot/ component from mjsunit tests
      and fuzzers.
      
      * Since the serializer and deserializer can now be called at any time
      instead of only in a tightly controlled environment, several
      assumptions (such as an empty execution stack, no microtasks, no
      handles) no longer hold and had to be made configurable through
      SerializerFlags.
      
      * Root iteration now skips more root categories which were previously
      guaranteed to be empty (e.g. the stack, microtask queue, handles).
      
      * The %SerializeDeserializeNow runtime function triggers
      serialization, deserialization, and heap verification on the current
      isolate and native context.
      
      Support is not yet complete and will be extended in future work. Once
      all mjsunit tests successfully run, we can add a new test mode to
      stress serialization.
      
      Bug: v8:10416
      Change-Id: Ie7ff441a761257dd7f256d0a33e73227850074ac
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159495
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarDan Elphick <delphick@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67423}
      ad5b005e
  7. 23 Apr, 2020 1 commit
  8. 22 Apr, 2020 1 commit
    • Jakob Gruber's avatar
      Reland "[snapshot] Extract more files" · d587f67a
      Jakob Gruber authored
      This is a reland of 5c4b8056
      
      Original change's description:
      > [snapshot] Extract more files
      >
      > This moves:
      >
      > - ExternalReferenceEncoder to codegen/external-reference-encoder.h
      > - SerializerDeserializer to snapshot/serializer-deserializer.h
      > - Checksum() to snapshot/snapshot-utils.h
      >
      > serializer-common.h and .cc are removed.
      >
      > Tbr: clemensb@chromium.org,ulan@chromium.org
      > Bug: v8:10416
      > Change-Id: I36a242dcc1ad8833374aa567f73e0d4a75632c58
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144118
      > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Reviewed-by: Dan Elphick <delphick@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#67281}
      
      Tbr: delphick@chromium.org,clemensb@chromium.org,ulan@chromium.org
      Bug: v8:10416
      Change-Id: I6f6a1017435db185778ed931e1ddb13d8d5e920e
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157384Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarDan Elphick <delphick@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67298}
      d587f67a
  9. 21 Apr, 2020 2 commits
  10. 02 Apr, 2020 1 commit
  11. 07 Jan, 2020 1 commit
  12. 02 Jan, 2020 1 commit
  13. 19 Sep, 2019 2 commits
    • Igor Sheludko's avatar
      Reland "[ptr-compr] Make on-heap JSTypedArrays smi-corrupting friendly" · dc1a93b8
      Igor Sheludko authored
      This is a reland of 6f9b2bd4
      
      We must load JSTypedArray::base_pointer in TurboFan as tagged value otherwise
      this value may become stale pointer after GC.
      
      Original change's description:
      > [ptr-compr] Make on-heap JSTypedArrays smi-corrupting friendly
      >
      > On-heap typed arrays contain HeapObject value in |base_pointer| field
      > and an offset in |external_pointer| field. When pointer compression is
      > enabled we want to combine decompression with the offset addition.
      > In order to do that we add an isolate root to the external_pointer value
      > and therefore the data pointer computation can is a simple addition of
      > a (potentially sign-extended) |base_pointer| loaded as Tagged_t value
      > and an |external_pointer| value.
      >
      > Bug: v8:9706
      > Change-Id: Id5c546c353c81fb25e3598921bc78165d10a9c44
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807369
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Commit-Queue: Igor Sheludko <ishell@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63874}
      
      Bug: v8:9706, chromium:1005599
      Cq-Include-Trybots: luci.chromium.try:gpu-fyi-try-win10-nvidia-rel-64
      Change-Id: I7bbd2a439306cdd11f2bb0dab5863498624d9740
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813744Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Commit-Queue: Igor Sheludko <ishell@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63898}
      dc1a93b8
    • Clemens Hammacher's avatar
      Revert "[ptr-compr] Make on-heap JSTypedArrays smi-corrupting friendly" · 815df7d2
      Clemens Hammacher authored
      This reverts commit 6f9b2bd4.
      
      Reason for revert: Fails on nvidia bots, blocking LKGR: https://ci.chromium.org/p/v8/builders/ci/Win%20V8%20FYI%20Release%20(NVIDIA)/5005
      
      Original change's description:
      > [ptr-compr] Make on-heap JSTypedArrays smi-corrupting friendly
      > 
      > On-heap typed arrays contain HeapObject value in |base_pointer| field
      > and an offset in |external_pointer| field. When pointer compression is
      > enabled we want to combine decompression with the offset addition.
      > In order to do that we add an isolate root to the external_pointer value
      > and therefore the data pointer computation can is a simple addition of
      > a (potentially sign-extended) |base_pointer| loaded as Tagged_t value
      > and an |external_pointer| value.
      > 
      > Bug: v8:9706
      > Change-Id: Id5c546c353c81fb25e3598921bc78165d10a9c44
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807369
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Commit-Queue: Igor Sheludko <ishell@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63874}
      
      TBR=ulan@chromium.org,neis@chromium.org,jgruber@chromium.org,ishell@chromium.org,verwaest@chromium.org
      
      Change-Id: I901280dd191e78d02969600f775c4f0da796921f
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:9706
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813027Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63886}
      815df7d2
  14. 18 Sep, 2019 1 commit
  15. 08 Jul, 2019 1 commit
  16. 11 Jun, 2019 1 commit
  17. 27 May, 2019 1 commit
  18. 23 May, 2019 2 commits
  19. 22 May, 2019 1 commit
  20. 20 May, 2019 1 commit
  21. 17 May, 2019 2 commits
  22. 08 Feb, 2019 3 commits
  23. 07 Feb, 2019 1 commit
  24. 06 Feb, 2019 1 commit
  25. 26 Dec, 2018 1 commit
  26. 20 Dec, 2018 1 commit
  27. 17 Dec, 2018 1 commit
  28. 07 Dec, 2018 1 commit
  29. 28 Nov, 2018 1 commit
  30. 25 Nov, 2018 1 commit