1. 31 Aug, 2020 9 commits
    • Alex Kodat's avatar
      [cpu-profiler] Ensure sampled thread has Isolate lock under Windows · dfb3f7da
      Alex Kodat authored
      While the sampler checked if the sampled thread had the Isolate locked
      (if locks are being used) under Linux, the check was not done under
      Windows (or Fuchsia) which meant that in a multi-threading application
      under Windows, thread locking was not checked making it prone to seg
      faults and the like as the profiler would be extracting info from a
      heap in motion. The fix was to move the lock check into CpuSampler
      and Ticker (--prof) so all OSes would do the correct check.
      
      The basic concept is that on all operating systems a CpuProfiler, and
      so its corresponding CpuCampler, the profiler is tied to a thread.
      This is not based on first principles or anything, it's simply the
      way it works in V8, though it is a useful conceit as it makes
      visualization and interpretation of profile data much easier.
      
      To collect a sample on a thread associated with a profiler the thread
      must be stopped for obvious reasons -- walking the stack of a running
      thread is a formula for disaster. The mechanism for stopping a thread
      is OS-specific and is done in sample.cc. There are currently three
      basic approaches, one for Linux/Unix variants, one for Windows and one
      for Fuchsia. The approaches vary as to which thread actually collects
      the sample -- under Linux the sample is actually collected on the
      (interrupted) sampled thread whereas under Fuchsia/Windows it's on
      a separate thread.
      
      However, in a multi-threaded environment (where Locker is used), it's
      not sufficient for the sampled thread to be stopped. Because the stack
      walk involves looking in the Isolate heap, no other thread can be
      messing with the heap while the sample is collected. The only ways to
      ensure this would be to either stop all threads whenever collecting a
      sample, or to ensure that the thread being sampled holds the Isolate
      lock so prevents other threads from messing with the heap. While there
      might be something to be said for the "stop all threads" approach, the
      current approach in V8 is to only stop the sampled thread so, if in a
      multi-threaded environment, the profiler must check if the thread being
      sampled holds the Isolate lock.
      
      Since this check must be done, independent of which thread the sample
      is being collected on (since it varies from OS to OS), the approach is
      to save the thread id of the thread to be profiled/sampled when the
      CpuSampler is instantiated (on all OSes it is instantiated on the
      sampled thread) and then check that thread id against the Isolate lock
      holder thread id before collecting a sample. If it matches, we know
      sample.cc has stop the sampled thread, one way or another, and we know
      that no other thread can mess with the heap (since the stopped thread
      holds the Isolate lock) so it's safe to walk the stack and collect data
      from the heap so the sample can be taken. It it doesn't match, we can't
      safely collect the sample so we don't.
      
      Bug: v8:10850
      Change-Id: Iab2493130b9328430d7e5f5d3cf90ad6d10b1892
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377108Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
      Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69623}
      dfb3f7da
    • Gus Caplan's avatar
      fix PerformCastCheck on v8::Data · 61216077
      Gus Caplan authored
      PerformCheckCast<Data>() itself should not invoke Data::Cast(), since
      there is no such method and every publicly available value can be
      casted to it anyway. This is an issue in e.g.
      GetDataFromSnapshotOnce<Data>().
      
      Change-Id: I5d9ee89657c31bc0ca1fb16e704df58911c85f6c
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2383030
      Commit-Queue: Gus Caplan <snek@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69622}
      61216077
    • Martin Bidlingmaier's avatar
      [regexp] Support some non-trivial EXPERIMENTAL patterns · 13667065
      Martin Bidlingmaier authored
      This CL adds support for disjunctions and some quantification in
      EXPERIMENTAL regexp patterns. It is implemented using a new bytecode
      format and an NFA-based breadth-first interpreter.
      
      R=jgruber@chromium.org
      
      Bug: v8:10765
      Change-Id: Idd49a3bbc9a9fcc2be80d822c9d84a638e53e777
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2370634
      Commit-Queue: Martin Bidlingmaier <mbid@google.com>
      Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69621}
      13667065
    • Nico Hartmann's avatar
      [turbofan] Fix incorrect typing of constant with reverse stack · 97e79b25
      Nico Hartmann authored
      Bug: chromium:1120729
      Change-Id: I27533a2426a63ec6b67d34d94f3cae554fc95d91
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379852
      Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarVictor Gomes <victorgomes@chromium.org>
      Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69620}
      97e79b25
    • Jakob Gruber's avatar
      [compiler] Revisit graph end after a gasm reduction in call reducer · f8061c6c
      Jakob Gruber authored
      The graph assembler calls MergeControlToEnd as part of Unreachable
      node creation; this causes issues when used inside the GraphReducer
      framework, since the reducer is not notified by gasm that the end node
      should be revisited.
      
      The (hacky) fix in this CL is to always mark the end node for
      revisitation after a gasm reduction has taken place.
      
      Bug: v8:8888,chromium:1123379
      Change-Id: I350bb7144add04a0c3fd7f3d88c07fcfe1cd42e3
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2384772
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Auto-Submit: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69619}
      f8061c6c
    • Marja Hölttä's avatar
      [super property speed] Invert benchmark graphs · 925effd0
      Marja Hölttä authored
      The goal is to have one graph per test case, and inside the graph,
      4 different lines:
      - baseline
      - baseline noopt
      - super-ic
      - super-ic noopt
      
      Bug: v8:9237
      Change-Id: I511b5555487a3d96698a3fb648abf76a13f76858
      No-Try: True
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2384770Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
      Commit-Queue: Marja Hölttä <marja@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69618}
      925effd0
    • Jakob Kummerow's avatar
      [test] Make a few tests robust to GC stress · b5a33eba
      Jakob Kummerow authored
      A recent unrelated change caused these tests to get unlucky in
      GC stress mode. Their "assertOptimized" expectations rely on
      certain type feedback data not getting flushed at the wrong time.
      
      Bug: v8:10846
      Change-Id: I86d0b0c049539e4a69aa764cc6ec92465ca12beb
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2381458Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Commit-Queue: Maya Lekova <mslekova@chromium.org>
      Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69617}
      b5a33eba
    • v8-ci-autoroll-builder's avatar
      Update V8 DEPS. · 9d6c42ce
      v8-ci-autoroll-builder authored
      Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/0efd610..2dbf41f
      
      Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/6c48487..c73782c
      
      TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
      
      Change-Id: I6ca1f3428fd4c73446ecc2927a5493b42c39a73d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2384549Reviewed-by: 's avatarv8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
      Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
      Cr-Commit-Position: refs/heads/master@{#69616}
      9d6c42ce
    • Jake Hughes's avatar
      [heap] Add object start bitmap for conservative stack scanning · 5f6aa2e5
      Jake Hughes authored
      With conservative stack scanning enabled, a snapshot of the call stack
      upon entry to GC will be used to determine part of the root-set. When
      the collector walks the stack, it looks at each value and determines
      whether it could be a potential on-heap object pointer. However, unlike
      with Handles, these on-stack pointers aren't guaranteed to point to the
      start of the object: the compiler may decide hide these pointers, and
      create interior pointers in C++ frames which the GC doesn't know about.
      
      The solution to this is to include an object start bitmap in the header
      of each page. Each bit in the bitmap represents a word in the page
      payload which is set when an object is allocated. This means that when
      the collector finds an arbitrary potential pointer into the page, it can
      walk backwards through the bitmap until it finds the relevant object's
      base pointer. To prevent the bitmap becoming stale after compaction, it
      is rebuilt during object sweeping.
      
      This is experimental, and currently only works with inline allocation
      disabled, and single generational collection.
      
      Bug: v8:10614
      Change-Id: I28ebd9562f58f335f8b3c2d1189cdf39feaa1f52
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375195
      Commit-Queue: Anton Bikineev <bikineev@chromium.org>
      Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Reviewed-by: 's avatarAnton Bikineev <bikineev@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69615}
      5f6aa2e5
  2. 29 Aug, 2020 1 commit
  3. 28 Aug, 2020 18 commits
  4. 27 Aug, 2020 12 commits