• Leszek Swirski's avatar
    Reland^3 "[serializer] Allocate during deserialization" · 3f4e9bbe
    Leszek Swirski authored
    This is a reland of c4a062a9
    which was a reland of 28a30c57
    which was a reland of 5d7a29c9
    
    Fixes TSAN errors from non-atomic writes in the deserializer. Now all
    writes are (relaxed) atomic.
    
    Original change's description:
    > Reland^2 "[serializer] Allocate during deserialization"
    >
    > This is a reland of 28a30c57
    > which was a reland of 5d7a29c9
    >
    > The crashes were from calling RegisterDeserializerFinished on a null
    > Isolate pointer, for a deserializer that was never initialised
    > (specifically, ReadOnlyDeserializer when ROHeap is shared).
    >
    > Original change's description:
    > > Reland "[serializer] Allocate during deserialization"
    > >
    > > This is a reland of 5d7a29c9
    > >
    > > This reland shuffles around the order of checks in Heap::AllocateRawWith
    > > to not check the new space addresses until it's known that this is a new
    > > space allocation. This fixes an UBSan failure during read-only space
    > > deserialization, which happens before the new space is initialized.
    > >
    > > It also fixes some issues discovered by --stress-snapshot, around
    > > serializing ThinStrings (which are now elided as part of serialization),
    > > handle counts (I bumped the maximum handle count in that check), and
    > > clearing map transitions (the map backpointer field needed a Smi
    > > uninitialized value check).
    > >
    > > Original change's description:
    > > > [serializer] Allocate during deserialization
    > > >
    > > > This patch removes the concept of reservations and a specialized
    > > > deserializer allocator, and instead makes the deserializer allocate
    > > > directly with the Heap's Allocate method.
    > > >
    > > > The major consequence of this is that the GC can now run during
    > > > deserialization, which means that:
    > > >
    > > >   a) Deserialized objects are visible to the GC, and
    > > >   b) Objects that the deserializer/deserialized objects point to can
    > > >      move.
    > > >
    > > > Point a) is mostly not a problem due to previous work in making
    > > > deserialized objects "GC valid", i.e. making sure that they have a valid
    > > > size before any subsequent allocation/safepoint. We now additionally
    > > > have to initialize the allocated space with a valid tagged value -- this
    > > > is a magic Smi value to keep "uninitialized" checks simple.
    > > >
    > > > Point b) is solved by Handlifying the deserializer. This involves
    > > > changing any vectors of objects into vectors of Handles, and any object
    > > > keyed map into an IdentityMap (we can't use Handles as keys because
    > > > the object's address is no longer a stable hash).
    > > >
    > > > Back-references can no longer be direct chunk offsets, so instead the
    > > > deserializer stores a Handle to each deserialized object, and the
    > > > backreference is an index into this handle array. This encoding could
    > > > be optimized in the future with e.g. a second pass over the serialized
    > > > array which emits a different bytecode for objects that are and aren't
    > > > back-referenced.
    > > >
    > > > Additionally, the slot-walk over objects to initialize them can no
    > > > longer use absolute slot offsets, as again an object may move and its
    > > > slot address would become invalid. Now, slots are walked as relative
    > > > offsets to a Handle to the object, or as absolute slots for the case of
    > > > root pointers. A concept of "slot accessor" is introduced to share the
    > > > code between these two modes, and writing the slot (including write
    > > > barriers) is abstracted into this accessor.
    > > >
    > > > Finally, the Code body walk is modified to deserialize all objects
    > > > referred to by RelocInfos before doing the RelocInfo walk itself. This
    > > > is because RelocInfoIterator uses raw pointers, so we cannot allocate
    > > > during a RelocInfo walk.
    > > >
    > > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged
    > > > size rather than byte size -- the size is expected to be tagged-aligned
    > > > anyway, so now we get an extra few bits in the size encoding.
    > > >
    > > > Bug: chromium:1075999
    > > > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e
    > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451
    > > > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
    > > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
    > > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
    > > > Cr-Commit-Position: refs/heads/master@{#70229}
    > >
    > > Bug: chromium:1075999
    > > Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54
    > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828
    > > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
    > > Auto-Submit: Leszek Swirski <leszeks@chromium.org>
    > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
    > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
    > > Cr-Commit-Position: refs/heads/master@{#70267}
    >
    > Tbr: jgruber@chromium.org,ulan@chromium.org
    > Bug: chromium:1075999
    > Change-Id: Iaa8dc54895866ada0e34a7c9e8fff9ae1cb13f2d
    > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444991
    > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
    > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#70279}
    
    Tbr: jgruber@chromium.org,ulan@chromium.org
    Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng,v8_linux64_tsan_no_cm_rel_ng,v8_linux64_tsan_isolates_rel_ng
    Bug: chromium:1075999
    Change-Id: I0b9b11644aebc4cc8b07c62a0f765b24e4d73d89
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445872
    Commit-Queue: Leszek Swirski <leszeks@chromium.org>
    Auto-Submit: Leszek Swirski <leszeks@chromium.org>
    Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#70288}
    3f4e9bbe
Name
Last commit
Last update
..
backend Loading commit data...
DEPS Loading commit data...
OWNERS Loading commit data...
access-builder.cc Loading commit data...
access-builder.h Loading commit data...
access-info.cc Loading commit data...
access-info.h Loading commit data...
add-type-assertions-reducer.cc Loading commit data...
add-type-assertions-reducer.h Loading commit data...
all-nodes.cc Loading commit data...
all-nodes.h Loading commit data...
allocation-builder-inl.h Loading commit data...
allocation-builder.h Loading commit data...
basic-block-instrumentor.cc Loading commit data...
basic-block-instrumentor.h Loading commit data...
branch-elimination.cc Loading commit data...
branch-elimination.h Loading commit data...
bytecode-analysis.cc Loading commit data...
bytecode-analysis.h Loading commit data...
bytecode-graph-builder.cc Loading commit data...
bytecode-graph-builder.h Loading commit data...
bytecode-liveness-map.cc Loading commit data...
bytecode-liveness-map.h Loading commit data...
c-linkage.cc Loading commit data...
checkpoint-elimination.cc Loading commit data...
checkpoint-elimination.h Loading commit data...
code-assembler.cc Loading commit data...
code-assembler.h Loading commit data...
common-node-cache.cc Loading commit data...
common-node-cache.h Loading commit data...
common-operator-reducer.cc Loading commit data...
common-operator-reducer.h Loading commit data...
common-operator.cc Loading commit data...
common-operator.h Loading commit data...
compilation-dependencies.cc Loading commit data...
compilation-dependencies.h Loading commit data...
compilation-dependency.h Loading commit data...
compiler-source-position-table.cc Loading commit data...
compiler-source-position-table.h Loading commit data...
constant-folding-reducer.cc Loading commit data...
constant-folding-reducer.h Loading commit data...
control-equivalence.cc Loading commit data...
control-equivalence.h Loading commit data...
control-flow-optimizer.cc Loading commit data...
control-flow-optimizer.h Loading commit data...
csa-load-elimination.cc Loading commit data...
csa-load-elimination.h Loading commit data...
dead-code-elimination.cc Loading commit data...
dead-code-elimination.h Loading commit data...
decompression-optimizer.cc Loading commit data...
decompression-optimizer.h Loading commit data...
diamond.h Loading commit data...
effect-control-linearizer.cc Loading commit data...
effect-control-linearizer.h Loading commit data...
escape-analysis-reducer.cc Loading commit data...
escape-analysis-reducer.h Loading commit data...
escape-analysis.cc Loading commit data...
escape-analysis.h Loading commit data...
feedback-source.cc Loading commit data...
feedback-source.h Loading commit data...
frame-states.cc Loading commit data...
frame-states.h Loading commit data...
frame.cc Loading commit data...
frame.h Loading commit data...
functional-list.h Loading commit data...
globals.h Loading commit data...
graph-assembler.cc Loading commit data...
graph-assembler.h Loading commit data...
graph-reducer.cc Loading commit data...
graph-reducer.h Loading commit data...
graph-trimmer.cc Loading commit data...
graph-trimmer.h Loading commit data...
graph-visualizer.cc Loading commit data...
graph-visualizer.h Loading commit data...
graph-zone-traits.h Loading commit data...
graph.cc Loading commit data...
graph.h Loading commit data...
heap-refs.h Loading commit data...
int64-lowering.cc Loading commit data...
int64-lowering.h Loading commit data...
js-call-reducer.cc Loading commit data...
js-call-reducer.h Loading commit data...
js-context-specialization.cc Loading commit data...
js-context-specialization.h Loading commit data...
js-create-lowering.cc Loading commit data...
js-create-lowering.h Loading commit data...
js-generic-lowering.cc Loading commit data...
js-generic-lowering.h Loading commit data...
js-graph.cc Loading commit data...
js-graph.h Loading commit data...
js-heap-broker.cc Loading commit data...
js-heap-broker.h Loading commit data...
js-heap-copy-reducer.cc Loading commit data...
js-heap-copy-reducer.h Loading commit data...
js-inlining-heuristic.cc Loading commit data...
js-inlining-heuristic.h Loading commit data...
js-inlining.cc Loading commit data...
js-inlining.h Loading commit data...
js-intrinsic-lowering.cc Loading commit data...
js-intrinsic-lowering.h Loading commit data...
js-native-context-specialization.cc Loading commit data...
js-native-context-specialization.h Loading commit data...
js-operator.cc Loading commit data...
js-operator.h Loading commit data...
js-type-hint-lowering.cc Loading commit data...
js-type-hint-lowering.h Loading commit data...
js-typed-lowering.cc Loading commit data...
js-typed-lowering.h Loading commit data...
linkage.cc Loading commit data...
linkage.h Loading commit data...
load-elimination.cc Loading commit data...
load-elimination.h Loading commit data...
loop-analysis.cc Loading commit data...
loop-analysis.h Loading commit data...
loop-peeling.cc Loading commit data...
loop-peeling.h Loading commit data...
loop-variable-optimizer.cc Loading commit data...
loop-variable-optimizer.h Loading commit data...
machine-graph-verifier.cc Loading commit data...
machine-graph-verifier.h Loading commit data...
machine-graph.cc Loading commit data...
machine-graph.h Loading commit data...
machine-operator-reducer.cc Loading commit data...
machine-operator-reducer.h Loading commit data...
machine-operator.cc Loading commit data...
machine-operator.h Loading commit data...
map-inference.cc Loading commit data...
map-inference.h Loading commit data...
memory-lowering.cc Loading commit data...
memory-lowering.h Loading commit data...
memory-optimizer.cc Loading commit data...
memory-optimizer.h Loading commit data...
node-aux-data.h Loading commit data...
node-cache.h Loading commit data...
node-marker.cc Loading commit data...
node-marker.h Loading commit data...
node-matchers.cc Loading commit data...
node-matchers.h Loading commit data...
node-origin-table.cc Loading commit data...
node-origin-table.h Loading commit data...
node-properties.cc Loading commit data...
node-properties.h Loading commit data...
node.cc Loading commit data...
node.h Loading commit data...
opcodes.cc Loading commit data...
opcodes.h Loading commit data...
operation-typer.cc Loading commit data...
operation-typer.h Loading commit data...
operator-properties.cc Loading commit data...
operator-properties.h Loading commit data...
operator.cc Loading commit data...
operator.h Loading commit data...
osr.cc Loading commit data...
osr.h Loading commit data...
per-isolate-compiler-cache.h Loading commit data...
persistent-map.h Loading commit data...
pipeline-statistics.cc Loading commit data...
pipeline-statistics.h Loading commit data...
pipeline.cc Loading commit data...
pipeline.h Loading commit data...
processed-feedback.h Loading commit data...
property-access-builder.cc Loading commit data...
property-access-builder.h Loading commit data...
raw-machine-assembler.cc Loading commit data...
raw-machine-assembler.h Loading commit data...
redundancy-elimination.cc Loading commit data...
redundancy-elimination.h Loading commit data...
refs-map.cc Loading commit data...
refs-map.h Loading commit data...
representation-change.cc Loading commit data...
representation-change.h Loading commit data...
schedule.cc Loading commit data...
schedule.h Loading commit data...
scheduled-machine-lowering.cc Loading commit data...
scheduled-machine-lowering.h Loading commit data...
scheduler.cc Loading commit data...
scheduler.h Loading commit data...
select-lowering.cc Loading commit data...
select-lowering.h Loading commit data...
serializer-for-background-compilation.cc Loading commit data...
serializer-for-background-compilation.h Loading commit data...
serializer-hints.h Loading commit data...
simd-scalar-lowering.cc Loading commit data...
simd-scalar-lowering.h Loading commit data...
simplified-lowering.cc Loading commit data...
simplified-lowering.h Loading commit data...
simplified-operator-reducer.cc Loading commit data...
simplified-operator-reducer.h Loading commit data...
simplified-operator.cc Loading commit data...
simplified-operator.h Loading commit data...
state-values-utils.cc Loading commit data...
state-values-utils.h Loading commit data...
store-store-elimination.cc Loading commit data...
store-store-elimination.h Loading commit data...
type-cache.cc Loading commit data...
type-cache.h Loading commit data...
type-narrowing-reducer.cc Loading commit data...
type-narrowing-reducer.h Loading commit data...
typed-optimization.cc Loading commit data...
typed-optimization.h Loading commit data...
typer.cc Loading commit data...
typer.h Loading commit data...
types.cc Loading commit data...
types.h Loading commit data...
value-numbering-reducer.cc Loading commit data...
value-numbering-reducer.h Loading commit data...
verifier.cc Loading commit data...
verifier.h Loading commit data...
wasm-compiler.cc Loading commit data...
wasm-compiler.h Loading commit data...
write-barrier-kind.h Loading commit data...
zone-stats.cc Loading commit data...
zone-stats.h Loading commit data...