1. 11 Oct, 2019 1 commit
  2. 09 Sep, 2019 1 commit
  3. 03 Sep, 2019 1 commit
    • Dominik Inführ's avatar
      Revert "[heap] Remove size from invalidated slots" · d4e168a3
      Dominik Inführ authored
      This reverts commit 93063ade.
      
      Reason for revert: Clusterfuzz found issue.
      
      Original change's description:
      > [heap] Remove size from invalidated slots
      > 
      > Slots are always valid inside an invalidated area when outside the
      > respective object's current size. This allows us to remove the size
      > from the InvalidatedSlots data structure.
      > 
      > This change was enabled by https://crrev.com/c/1771793.
      > 
      > Bug: v8:9454
      > Change-Id: I2b5a7234d47227cb6ad8d67de20e9b5a2028ae83
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1773242
      > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63510}
      
      TBR=ulan@chromium.org,sigurds@chromium.org,tebbi@chromium.org,dinfuehr@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:9454
      Change-Id: I7daf96cf50aaedd4dbdab48fd550182df94e54bf
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783106Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63535}
      d4e168a3
  4. 02 Sep, 2019 1 commit
  5. 27 Aug, 2019 1 commit
  6. 26 Aug, 2019 1 commit
  7. 25 Aug, 2019 1 commit
    • Dominik Inführ's avatar
      Revert "[heap] Introduce old-to-new invalidation set" · f584f7cc
      Dominik Inführ authored
      This reverts commit 604b0e1e.
      
      Reason for revert: Clusterfuzz found an issue.
      
      Original change's description:
      > [heap] Introduce old-to-new invalidation set
      > 
      > Introduce list of invalidated objects for old-to-new slots. Objects
      > are registered as invalidated in NotifyObjectLayoutChange, however
      > no slots are filtered right now. Slots are still deleted, so all
      > recorded slots are valid.
      > 
      > Bug: v8:9454
      > Change-Id: Ic0ea15283c4075f4051fae6a5b148721265339f7
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1765528
      > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63367}
      
      TBR=ulan@chromium.org,dinfuehr@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:9454
      Change-Id: Ic898db38f297824aa54744123f85cd75df957159
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1770676Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63390}
      f584f7cc
  8. 23 Aug, 2019 1 commit
  9. 19 Aug, 2019 2 commits
    • Dominik Inführ's avatar
      Revert "Use list of invalidated objects for old-to-new refs" · 9a9ba762
      Dominik Inführ authored
      This reverts commit 60843b42.
      
      Reason for revert: TSAN detected issue between Scavenge workers.
      One task could invoke RefillFreeList(), while the other task iterates the remembered set of a swept page.
      
      Original change's description:
      > Use list of invalidated objects for old-to-new refs
      > 
      > Instead of inserting "deletion" entries into the store buffer, keep a
      > list of invalidated objects to filter out invalid old-to-new slots.
      > 
      > The first CL https://crrev.com/c/1704109 got reverted because both the
      > sweeper and the main task were modifying the invalidated slots data
      > structure concurrently. This CL changes this, such that the sweeper
      > only modifies the invalidated slots during the final atomic pause when
      > the main thread is not running. The sweeper does not need to clean this
      > data structure after the pause, since the "update pointers" phase
      > already removed all invalidated slots.
      > 
      > The second CL https://crrev.com/c/1733081 got reverted because the
      > sweeper might find more free space than the full GC before it. If an
      > object shrinks after the pause but before the sweep, the invalidated
      > object might span free memory and potentially new allocated objects.
      > Therefore shrink invalidated objects when processing swept pages on
      > the main thread. Also clean recorded slots in the gap.
      > 
      > TBR=petermarshall@chromium.org
      > 
      > Bug: v8:9454
      > Change-Id: I80d1fa3bbc24e97f7c97a373aaad66f105456f12
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751795
      > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63239}
      
      TBR=ulan@chromium.org,hpayer@chromium.org,dinfuehr@chromium.org
      
      Change-Id: I9c6a371ebe36a1873acbe0d6c6a75dd2f5a55f4e
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:9454
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760817Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63253}
      9a9ba762
    • Dominik Inführ's avatar
      Use list of invalidated objects for old-to-new refs · 60843b42
      Dominik Inführ authored
      Instead of inserting "deletion" entries into the store buffer, keep a
      list of invalidated objects to filter out invalid old-to-new slots.
      
      The first CL https://crrev.com/c/1704109 got reverted because both the
      sweeper and the main task were modifying the invalidated slots data
      structure concurrently. This CL changes this, such that the sweeper
      only modifies the invalidated slots during the final atomic pause when
      the main thread is not running. The sweeper does not need to clean this
      data structure after the pause, since the "update pointers" phase
      already removed all invalidated slots.
      
      The second CL https://crrev.com/c/1733081 got reverted because the
      sweeper might find more free space than the full GC before it. If an
      object shrinks after the pause but before the sweep, the invalidated
      object might span free memory and potentially new allocated objects.
      Therefore shrink invalidated objects when processing swept pages on
      the main thread. Also clean recorded slots in the gap.
      
      TBR=petermarshall@chromium.org
      
      Bug: v8:9454
      Change-Id: I80d1fa3bbc24e97f7c97a373aaad66f105456f12
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751795
      Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63239}
      60843b42
  10. 08 Aug, 2019 1 commit
    • Dominik Inführ's avatar
      Revert "Use list of invalidated objects for old-to-new refs" · c9f9d1b0
      Dominik Inführ authored
      This reverts commit e2f98ec2.
      
      Reason for revert: Caused performance regression in ArrayLiteralInitialSpreadSmallHoley.
      
      Original change's description:
      > Use list of invalidated objects for old-to-new refs
      >
      > Instead of inserting "deletion" entries into the store buffer, keep
      > a list of invalidated objects to filter out invalid old-to-new slots.
      >
      > The first CL https://crrev.com/c/1704109 got reverted because both the sweeper and the main task were modifying the invalidated slots data structure concurrently. This CL changes this, such that the sweeper only modifies the invalidated slots during the final atomic pause when the main thread is not running. The sweeper does not need to clean this data structure after the pause, since the "update pointers" phase already removed all invalidated slots.
      >
      > Bug: v8:9454
      > Change-Id: Iffb5bf96de2c89eee1ee1231a3414a0f2a155cbc
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733081
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
      > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63087}
      
      TBR=ulan@chromium.org,petermarshall@chromium.org,dinfuehr@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:9454
      Change-Id: I328b9f72df45fc9570d4a4d1b5389eac010638c7
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743970
      Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63131}
      c9f9d1b0
  11. 06 Aug, 2019 1 commit
  12. 16 Jul, 2019 2 commits
  13. 24 May, 2019 1 commit
  14. 23 May, 2019 3 commits
  15. 20 Dec, 2018 1 commit
  16. 11 Aug, 2018 1 commit
    • Ulan Degenbaev's avatar
      Reland "Fix invalidation of old-to-old slots after object trimming." · 51e6ecb9
      Ulan Degenbaev authored
      This reverts commit 5b434929.
      
      Changes after the original CL:
      - Right-trimming registers the array as an object with invalidated
        slots.
      - Left-trimming moves the array start in the invalidated slots map.
      
      Original change's description:
      > Fix invalidation of old-to-old slots after object trimming.
      >
      > A recorded old-to-old slot may be overwritten with a pointer to a new
      > space object. If the object containing the slot is trimmed later on,
      > then the mark-compactor may crash on a stale pointer to new space.
      >
      > This patch ensures that:
      > 1) On trimming of an object we add it to the invalidated_slots sets.
      > 2) The InvalidatedSlotsFilter::IsValid returns false for slots outside
      >    the invalidated object unless the page was already swept.
      >
      > Array left-trimming is handled as a special case because object start
      > moves and cannot be added to the invalidated set. Instead, we clear
      > the freed memory so that the recorded slots contain Smi values.
      >
      > Bug: chromium:870226,chromium:816426
      > Change-Id: Iffc05a58fcf52ece45fdb085b5d1fd4b3acb5d53
      > Reviewed-on: https://chromium-review.googlesource.com/1163784
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#54953}
      
      Change-Id: I1f1080f680196c581f62aef8d3a00a595f9bb9b0
      Reviewed-on: https://chromium-review.googlesource.com/1165555
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#55066}
      51e6ecb9
  17. 07 Aug, 2018 2 commits
    • Ulan Degenbaev's avatar
      Revert "Fix invalidation of old-to-old slots after object trimming." · 5b434929
      Ulan Degenbaev authored
      This reverts commit 719d23c0.
      
      Reason for revert: TSAN failures
      
      Original change's description:
      > Fix invalidation of old-to-old slots after object trimming.
      > 
      > A recorded old-to-old slot may be overwritten with a pointer to a new
      > space object. If the object containing the slot is trimmed later on,
      > then the mark-compactor may crash on a stale pointer to new space.
      > 
      > This patch ensures that:
      > 1) On trimming of an object we add it to the invalidated_slots sets.
      > 2) The InvalidatedSlotsFilter::IsValid returns false for slots outside
      >    the invalidated object unless the page was already swept.
      > 
      > Array left-trimming is handled as a special case because object start
      > moves and cannot be added to the invalidated set. Instead, we clear
      > the freed memory so that the recorded slots contain Smi values.
      > 
      > Bug: chromium:870226,chromium:816426
      > Change-Id: Iffc05a58fcf52ece45fdb085b5d1fd4b3acb5d53
      > Reviewed-on: https://chromium-review.googlesource.com/1163784
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#54953}
      
      TBR=ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org
      
      Change-Id: I2e1ff83c2db7902488951a8f597d38133aeb3b04
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: chromium:870226, chromium:816426
      Reviewed-on: https://chromium-review.googlesource.com/1165862Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54954}
      5b434929
    • Ulan Degenbaev's avatar
      Fix invalidation of old-to-old slots after object trimming. · 719d23c0
      Ulan Degenbaev authored
      A recorded old-to-old slot may be overwritten with a pointer to a new
      space object. If the object containing the slot is trimmed later on,
      then the mark-compactor may crash on a stale pointer to new space.
      
      This patch ensures that:
      1) On trimming of an object we add it to the invalidated_slots sets.
      2) The InvalidatedSlotsFilter::IsValid returns false for slots outside
         the invalidated object unless the page was already swept.
      
      Array left-trimming is handled as a special case because object start
      moves and cannot be added to the invalidated set. Instead, we clear
      the freed memory so that the recorded slots contain Smi values.
      
      Bug: chromium:870226,chromium:816426
      Change-Id: Iffc05a58fcf52ece45fdb085b5d1fd4b3acb5d53
      Reviewed-on: https://chromium-review.googlesource.com/1163784
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54953}
      719d23c0
  18. 26 Mar, 2018 1 commit
  19. 02 Feb, 2018 1 commit
  20. 03 Aug, 2017 2 commits
  21. 02 Aug, 2017 4 commits
  22. 01 Aug, 2017 2 commits
    • Ulan Degenbaev's avatar
      Revert "[heap] Add mechanism for tracking invalidated slots per memory chunk." · c59b81d7
      Ulan Degenbaev authored
      This reverts commit 7a5a777c.
      
      Reason for revert: crashing in test-api
      
      Original change's description:
      > [heap] Add mechanism for tracking invalidated slots per memory chunk.
      > 
      > For correct slots recording in concurrent marker, we need to resolve
      > the race that happens when
      > 1) the mutator is invalidating slots for double unboxing or string
      > conversions
      > 2) and the concurrent marker is recording these slots.
      > 
      > This patch adds a data-structure for tracking the invalidated objects.
      > Thus we can allow the concurrent marker to record slots without
      > worrying about clearing them. During old-to-old pointer updating phase
      > we re-check all slots that belong to the invalidated objects.
      > 
      > BUG=chromium:694255
      > 
      > Change-Id: Ifc3d82918cd3b96e5a5fb7125691626a56f4ab83
      > Reviewed-on: https://chromium-review.googlesource.com/591810
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#47049}
      
      TBR=ulan@chromium.org,mlippautz@chromium.org
      
      Change-Id: I7f4f8e8cb027b921a82e9c0a0623536af02581fb
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: chromium:694255
      Reviewed-on: https://chromium-review.googlesource.com/595994Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#47052}
      c59b81d7
    • Ulan Degenbaev's avatar
      [heap] Add mechanism for tracking invalidated slots per memory chunk. · 7a5a777c
      Ulan Degenbaev authored
      For correct slots recording in concurrent marker, we need to resolve
      the race that happens when
      1) the mutator is invalidating slots for double unboxing or string
      conversions
      2) and the concurrent marker is recording these slots.
      
      This patch adds a data-structure for tracking the invalidated objects.
      Thus we can allow the concurrent marker to record slots without
      worrying about clearing them. During old-to-old pointer updating phase
      we re-check all slots that belong to the invalidated objects.
      
      BUG=chromium:694255
      
      Change-Id: Ifc3d82918cd3b96e5a5fb7125691626a56f4ab83
      Reviewed-on: https://chromium-review.googlesource.com/591810Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#47049}
      7a5a777c