- 16 Jul, 2020 1 commit
-
-
Omer Katz authored
This CL ports MarkingVerifier from blink. The existing verifier checks only references on heap. This new verifier checks references both on heap and on stack. Bug: chromium:1056170 Change-Id: I083dcb0087125312cca34a2201015a9aecfe6ea4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300484 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#68891}
-
- 10 Jul, 2020 1 commit
-
-
Omer Katz authored
This CL removes the GetTraceDescriptor virtual call from garbage collected mixins and replaces it with querying the object start bitmap. The CL also removes the mixin macros which are now no longer needed. Bug: chromium:1056170 Change-Id: I27ed299f93025d09a3bb3f0d17b14bed3c200565 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287508Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68787}
-
- 03 Jul, 2020 2 commits
-
-
Michael Lippautz authored
- Cleanup includes, fix typo, fix qualifiers. - Fix getter names of MarkerBase when only exposed for testing. Bug: chromium:1056170 Change-Id: Ibcb0f62414c9c865fa98e6d2b2c9b150aa2a361f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2281004 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68678}
-
Michael Lippautz authored
Split off MarkingWorklists and from Marker and introduce MarkerBase. MarkerBase refers just to interfaces types for passing along visitors. The concrete Marker provides the impl for these interfaces. Unified heap marker uses different marking visitors internally but provides an implementation for the same interface. Change-Id: Ibc4b2c88e2e69bd303a95da7d167a701934f4a07 Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270539 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#68676}
-
- 02 Jul, 2020 1 commit
-
-
Michael Lippautz authored
Split off MarkingState from MarkingVisitor. With this CL the marking implementation is moved to "MarkingState" which is the new bottleneck for marking a single object. MarkingVisitor merely forwards to MarkingState, which knows how to set the markbit and add the object to the worklist accordingly. This allows to have a "UnifiedHeapMarkingVisitor" in future which can easily reuse Marking to provide C++ marking. Change-Id: I87ebbe37e8e8cd841e872cae9dc3490e2b55c4dd Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270172Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68660}
-
- 01 Jul, 2020 1 commit
-
-
Michael Lippautz authored
Move inlined methods to .h files accordingly, follwing style guide rule: https://google.github.io/styleguide/cppguide.html#Self_contained_Headers Bug: chromium:1056170 Change-Id: Ia6c4f82bd4352d507eece36e540ad0d318e56920 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273858Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68627}
-
- 29 Jun, 2020 1 commit
-
-
Michael Lippautz authored
Bug: chromium:1056170 Change-Id: I24442979954f63dc8a2f8fd0494cc5d537b733a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273131 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#68587}
-
- 22 Jun, 2020 1 commit
-
-
Anton Bikineev authored
This allows the implementation of different stack scanning mechanisms in V8 (e.g. conservative scanning) while re-using the stack walking API. Change-Id: I9b9c3b8ffe5d527ca3f7105776821776b509b187 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238194 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#68457}
-
- 19 Jun, 2020 1 commit
-
-
Michael Lippautz authored
This is a reland of e0c1a349 The issue was passing SentinelPointer (== +1) through T*. The fix is disabling cfi unrelated cast diagnostic for the bottlenecks (Get()). This means that nullptr is treated the same as kSentinelPointer. The alternative would be a DCHECK that Get() does not return kSentinelPointer and adjusting all Member and Persistent logic that uses Get() to work on void*. This is quite intrusive as it involves Swap(), heterogeneous assignments, comparisons, etc. Original change's description: > cppgc: Properly clear (Weak)Peristent and WeakMember pointers > > The CL addresses two issues with (Weak)Persistent and WeakMember: > 1. (Weak)Persistent pointers are cleared on heap teardown. Before this > CL the pointers would contain stale values which could lead to UAF. > 2. WeakPersistent and WeakMember are cleared using a combination of > internal clearing methods and mutable fields which avoids the use > of const_cast<>. > > Bug: chromium:1056170 > Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190 > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Anton Bikineev <bikineev@chromium.org> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68394} Bug: chromium:1056170 Change-Id: I3d74b43464c2973df1956f51b1419d755dd9f519 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250240Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68426}
-
- 17 Jun, 2020 3 commits
-
-
Zhi An Ng authored
This reverts commit e0c1a349. Reason for revert: Fails on Linux 64 cfi https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20cfi/25283? TBR=omerkatz@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,bikineev@chromium.org Change-Id: I2b208c4019979735925bff5e0551291fae6a14d6 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250320Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#68396}
-
Michael Lippautz authored
The CL addresses two issues with (Weak)Persistent and WeakMember: 1. (Weak)Persistent pointers are cleared on heap teardown. Before this CL the pointers would contain stale values which could lead to UAF. 2. WeakPersistent and WeakMember are cleared using a combination of internal clearing methods and mutable fields which avoids the use of const_cast<>. Bug: chromium:1056170 Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68394}
-
Anton Bikineev authored
This adds the following things: - age table for 4K regions; - generational barrier for mixed 4K regions; - unmarking for major collections; - young generation flags. Bug: chromium:1029379 Change-Id: Ief1229f0dac5f90c5f06d3168c8ffb4b7d1f1b53 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246566 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68379}
-
- 16 Jun, 2020 2 commits
-
-
Michael Lippautz authored
- Untangles MarkingVisitor from Marker. - Adds ConservativeTracingVisitor encapsulating conservative tracing. This enables the following architecture: - Marking visitors (unified + stand-alone) inherit from MarkingVisitor; - Markers (unified + stand-alone) inherit (or directly use) Marker Bug: chromium:1056170 Change-Id: I05304c231d2983dab5611d05cf4aa8bfa3ed5e20 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245600Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68366}
-
Anton Bikineev authored
Bug: chromium:1029379 Change-Id: I9b030cd8d130793ba5b79303b71e3d60be981218 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246567 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68359}
-
- 15 Jun, 2020 1 commit
-
-
Michael Lippautz authored
Introduce HeapBase as an internal base implementation for concrete heaps (unified, stand-alone). Change-Id: I0aa7185e23f83e01e4e2ca23d983b28e32bb610e Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238573 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68338}
-
- 11 Jun, 2020 1 commit
-
-
Michael Lippautz authored
Since the registration requires calling into the library, there's no reason to get the heap through a magic getter on API level. Bug: chromium:1056170 Change-Id: I8d2b1d0fcee8c855908bd26c71a22826c493ed29 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238568 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68315}
-
- 10 Jun, 2020 3 commits
-
-
Michael Lippautz authored
Unified heap support in V8 requires having another (at least internal) heap that implements a unfied garbage collection strategy. This will not re-use the already existing cppgc::Heap because there should be no way in creating such a heap externally or scheduling stand-alone garbage collections. In order to have a common token, this CL introduces AllocationHandle which can be passed to MakeGarbageCollected to allocate C++ objects. V8 (soon) and the stand-alone heap both have methods to retrieve such a handle. This works around a problem with creating diamond class hierarchies when a base class would be exposed on the public API level. Fast paths for Blink are still possible because allocation handles can be cached the same way (e.g. global, or TLS) as a heap can be cached. Tbr: yangguo@chromium.org Bug: chromium:1056170 Change-Id: I8e9472a2c24ef82d1178953e8429b1fd8a2344bc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238027 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#68310}
-
Victor Gomes authored
Change-Id: I3a624b9cb164dd4a49606f311f71ea0115afe30a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238572 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#68296}
-
Anton Bikineev authored
This fixes two issues: - labs resetting didn't account bytes as beeing freed; - large object were not accounted. The CL introduces a single bottleneck for labs resetting in ObjectAllocator, which is aware of StatsCollector. This way NormalSpace is treated as a value object and all invariants are maintained by ObjectAllocator (and Sweeper). Bug: chromium:1056170 Change-Id: I027cc01fe5028a3dfa81905d7ea53dd12d1c1f20 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237629 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68286}
-
- 08 Jun, 2020 2 commits
-
-
Michael Lippautz authored
Adds allocation-based heap growing strategy that triggers GC based on some limit. The limit is computed based on previous live memory and a constant growing factor. For invoking GC, we support two modes: with and without conservative stack scanning. Without conservative stack scanning, an invoker makes sure that we schedule a GC without stack using the existing platform. Bug: chromium:1056170 Change-Id: I1808aeb5806a6ddd5501b556d6b6b129a85b9cda Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228887Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68235}
-
Michael Lippautz authored
Document: - Visitor Bug: chromium:1056170 Change-Id: Icc0037befa73f043fcbf14ff4ff89be8b8940ee4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235696Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68233}
-
- 05 Jun, 2020 2 commits
-
-
Michael Lippautz authored
The observers can use ResetAllocatedObjectSize() to e.g. implement a growing strategy that resets its limit on this call. Bug: chromium:1056170 Change-Id: Ib9553e00cc530ff89f44e4258c13d47f0b70568e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228885Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68205}
-
Michael Lippautz authored
Bug: chromium:1056170 Change-Id: I1e168f967acf0e4d6094106c0693e1a10f409f49 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231357 Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68201}
-
- 03 Jun, 2020 2 commits
-
-
Michael Lippautz authored
This ports HeapStatsCollector (former ThreadHeapStatsCollector) from Blink. The CL only ports accounting of allocated object size which is needed for a simple growing strategy in a follow up. HeapStatsCollector is a global dependency for most sub components as it provides infrastructure for measuring time (through trace scopes) and space. The general idea of HeapStatsCollector is to act as sink where all sub components push time and space information. This information is then gathered and made available via an event that is implemented as POD. Time-dependent info is available through regular getters (pull) and observers (push). Change-Id: I40b4d76e1a40c56e5df1a7353622318cde730e26 Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225902 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68150}
-
Anton Bikineev authored
This fixes the gcov build. Bug: chromium:1056170 Change-Id: I40ac42b6fce77367c6a366544abf89fc21075cdc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228510 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68125}
-
- 02 Jun, 2020 1 commit
-
-
Anton Bikineev authored
This moves from Blink: 1) implementation of the marking write barrier; 2) WriteBarrierWorklist to Marker; 3) incremental/concurrent marking options. Bug: chromium:1056170 Change-Id: Ia3e31ffd920a99803420b1453695fe2fb8d843b8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218064 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68108}
-
- 28 May, 2020 1 commit
-
-
Michael Lippautz authored
Split platform into a process-global initialization part and per-heap platform objects. These platform objects still contain allocators and executors. With per-heap platforms GetForegroundTaskRunner() returns by definition the correct runner. In future, when initialized throuhg V8, an adapter can be used to translate between the different platforms, avoiding the needed for V8 embedders to provide additional information. Bug: chromium:1056170 Change-Id: I11bdd15e945687cfbdf38cae4137facb02559e0a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218030 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68059}
-
- 26 May, 2020 3 commits
-
-
Anton Bikineev authored
This reverts commit a35d0e8c. The original CL is likely not a culprit for the infra failures. Bug: chromium:1056170 Change-Id: I8fa85db8a737fb01328021782f0c43626fa52b0d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215826Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#67977}
-
Maya Lekova authored
This reverts commit 9a0e6bd5. Reason for revert: Speculative revert for https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20builder/47777 Original change's description: > cppgc: Port concurrent sweeper > > This moves concurrent and incremental sweeping from Blink. This also > adds TestPlatform that makes it easier to test concurrent and > incremental sweeping. > > Drive-by: fix unmarking of large pages. > > Bug: chromium:1056170 > Change-Id: Ifd50ff67b9df17ff117a5f4d4eb5a2937d3023be > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207132 > Commit-Queue: Anton Bikineev <bikineev@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67969} TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org Change-Id: I5530f11f7b8560116324bb156ba98e426c0feb35 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215057Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#67970}
-
Anton Bikineev authored
This moves concurrent and incremental sweeping from Blink. This also adds TestPlatform that makes it easier to test concurrent and incremental sweeping. Drive-by: fix unmarking of large pages. Bug: chromium:1056170 Change-Id: Ifd50ff67b9df17ff117a5f4d4eb5a2937d3023be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207132 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#67969}
-
- 18 May, 2020 1 commit
-
-
Omer Katz authored
Bug: chromium:1056170 Change-Id: I8f1fbf1f9995fbd3f89564542209b828bf7118ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190428Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#67862}
-
- 15 May, 2020 1 commit
-
-
Michael Lippautz authored
This allows embedding objects in each other and recursively trace through them. Bug: chromium:1056170 Change-Id: I4e4ae4c1669109c01003cb6b69797cf271a74033 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2198977Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#67841}
-
- 14 May, 2020 4 commits
-
-
Omer Katz authored
This reverts commit 580917d2. Reason for revert: fix in patchset 2 Original change's description: > Revert "cppgc: Stack scanning using ObjectStartBitmap" > > This reverts commit d3a72e3c. > > Reason for revert: MSAN failures (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/32360) > > Original change's description: > > cppgc: Stack scanning using ObjectStartBitmap > > > > This CL implements stack scanning for cppgc. > > Given a value on the stack, the MarkingVisitor uses > > PageBackend::Lookup to checks whether that address is on > > the heap. If it is, BasePage::TryObjectHeaderFromInnerAddress > > (introduced in this CL) is used to get the relevant object > > header. Note that random addresses on the heap might point to > > free memory, object-start-bitmap, etc. > > > > If a valid object header is found: > > * If the object is not in construction, the GCInfoIndex is used > > the get the relevant Trace method and the object is traced. > > * Otherwise, the object is conservatively scanned - i.e. the > > payload of the object is iterated word by word and each word is > > treated as a possible pointer. > > > > Only addresses pointing to the payload on non-free objects are > > traced. > > > > BasePage::TryObjectHeaderFromInnerAddress assumes on LAB on the > > relevant space, thus all LABs are reset before scanning the stack. > > > > Bug: chromium:1056170 > > Change-Id: I172850f6f1bbb6f0efca8e44ad8fdfe222977b9f > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190426 > > Commit-Queue: Omer Katz <omerkatz@chromium.org> > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Reviewed-by: Anton Bikineev <bikineev@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#67795} > > TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org > > Change-Id: I3caef6f9f55911fd1a86e895c3495d1b98b1eac2 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: chromium:1056170 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2201136 > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67796} TBR=ulan@chromium.org,mlippautz@chromium.org,leszeks@chromium.org,bikineev@chromium.org,omerkatz@chromium.org # Not skipping CQ checks because this is a reland. Bug: chromium:1056170 Change-Id: If7ea4fe5cb794c07544d5545f5d6548e3375d3ae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2201137Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#67803}
-
Omer Katz authored
The existing non-builtin implementation is returning wrong results. For example, given the value 63 as a uint8_t it returns 38 (should be 6). The new implementation follows the naive algorithm presented in figure 5-1 in Hacker's Delight section 5-1. Note that the algorithm in the book is designed for 32 bit numbers, so we extended it to support 64 bit as well. Bug: chromium:1056170 Change-Id: I8fed9c449f80b01b8cc93d339529c0e1e0863fc0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2199345Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#67801}
-
Leszek Swirski authored
This reverts commit d3a72e3c. Reason for revert: MSAN failures (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/32360) Original change's description: > cppgc: Stack scanning using ObjectStartBitmap > > This CL implements stack scanning for cppgc. > Given a value on the stack, the MarkingVisitor uses > PageBackend::Lookup to checks whether that address is on > the heap. If it is, BasePage::TryObjectHeaderFromInnerAddress > (introduced in this CL) is used to get the relevant object > header. Note that random addresses on the heap might point to > free memory, object-start-bitmap, etc. > > If a valid object header is found: > * If the object is not in construction, the GCInfoIndex is used > the get the relevant Trace method and the object is traced. > * Otherwise, the object is conservatively scanned - i.e. the > payload of the object is iterated word by word and each word is > treated as a possible pointer. > > Only addresses pointing to the payload on non-free objects are > traced. > > BasePage::TryObjectHeaderFromInnerAddress assumes on LAB on the > relevant space, thus all LABs are reset before scanning the stack. > > Bug: chromium:1056170 > Change-Id: I172850f6f1bbb6f0efca8e44ad8fdfe222977b9f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190426 > Commit-Queue: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Anton Bikineev <bikineev@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67795} TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org Change-Id: I3caef6f9f55911fd1a86e895c3495d1b98b1eac2 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2201136Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#67796}
-
Omer Katz authored
This CL implements stack scanning for cppgc. Given a value on the stack, the MarkingVisitor uses PageBackend::Lookup to checks whether that address is on the heap. If it is, BasePage::TryObjectHeaderFromInnerAddress (introduced in this CL) is used to get the relevant object header. Note that random addresses on the heap might point to free memory, object-start-bitmap, etc. If a valid object header is found: * If the object is not in construction, the GCInfoIndex is used the get the relevant Trace method and the object is traced. * Otherwise, the object is conservatively scanned - i.e. the payload of the object is iterated word by word and each word is treated as a possible pointer. Only addresses pointing to the payload on non-free objects are traced. BasePage::TryObjectHeaderFromInnerAddress assumes on LAB on the relevant space, thus all LABs are reset before scanning the stack. Bug: chromium:1056170 Change-Id: I172850f6f1bbb6f0efca8e44ad8fdfe222977b9f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190426 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#67795}
-
- 13 May, 2020 2 commits
-
-
Omer Katz authored
This is needed to trace objects found durinbg stack scanning. Bug: chromium:1056170 Change-Id: I1280d98f2fe69281c514b3a7d4a57f909a2eed96 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190425 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#67788}
-
Michael Lippautz authored
This is a reland of 3df36990 Original change's description: > cppgc: Port ObjectStartBitmap > > This ports ObjectStartBitmap from Blink. > > Bug: chromium:1056170 > Change-Id: Ib959d9ac1c5e1e34ffa6418f77956e993c570ffc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2181331 > Commit-Queue: Anton Bikineev <bikineev@chromium.org> > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67735} Bug: chromium:1056170 Change-Id: I6e2fd99e96bebe3060f4feb8503ab04c0d452d51 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2198986Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#67772}
-
- 12 May, 2020 2 commits
-
-
Omer Katz authored
This CL adds 2 new values to the EmbedderStackState enum with more explicit names. The old values are updated as aliases to the new values and marked as soon to be deprecated. This CL also moves the enum to v8-platform.h so that it can be reused by cppgc. Depracating individual values in an enum is supported by GCC only since version 6. Thus new macros were needed for the deprecation (which delegate to the existing macros when supported). GCC versions older than 6 are still used by the CQ bots. Bug: chromium:1056170 Change-Id: Id1ea73edfbbae282b0d8a3bb103dbbbf8ebd417e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2188971 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#67744}
-
Leszek Swirski authored
This reverts commit 3df36990. Reason for revert: Breaks MSVC bot (https://cr-buildbucket.appspot.com/build/8880517266974148704) Original change's description: > cppgc: Port ObjectStartBitmap > > This ports ObjectStartBitmap from Blink. > > Bug: chromium:1056170 > Change-Id: Ib959d9ac1c5e1e34ffa6418f77956e993c570ffc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2181331 > Commit-Queue: Anton Bikineev <bikineev@chromium.org> > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67735} TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org Change-Id: Iaea15b11c0ee7b599fe1f275aded7414bce428ac No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196321Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#67742}
-