-
Toon Verwaest authored
Fix: check whether the map of the back pointer is the metamap rather than reading the map of the constructor-or-backpointer slot. If the slot contains a constructor, it's possible that the object transitions while the concurrent marker is reading the map (from which it's reading the instance type); and it's possible that the transitioned map isn't set up yet fully when we read the instance type. An acquire load for the constructor-or-backpointer map would also fix it by serializing stores, but is more expensive. Checking the metamap is faster. In case of false negatives (it is a map but we read the field before it was properly initialized) we'll simply mark too many descriptors in the worst case. Original change's description: > Revert "Reland "[runtime] Amortize descriptor array growing for fast-mode prototypes"" > > This reverts commit 71f9c117. > > Reason for revert: Seems to cause several TSan flakes, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20concurrent%20marking/12926 > > Original change's description: > > Reland "[runtime] Amortize descriptor array growing for fast-mode prototypes" > > > > This is a reland of 2de2d3dc > > > > Original change's description: > > > [runtime] Amortize descriptor array growing for fast-mode prototypes > > > > > > This avoids an O(n^2) algorithm that creates an equal amount of garbage. > > > Even though the actual final descriptor array might be a little bigger, > > > it reduces peak memory usage by allocating less. > > > > > > Bug: b:148346655 > > > Change-Id: I984159d36e9e0b37c19bc81afc90c94c9a9d168a > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135728 > > > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#67031} > > > > Bug: b:148346655, v8:10339 > > Change-Id: I24436d8f49dc1fe527c4f6558db1abcba323b6f8 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2139215 > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > Auto-Submit: Toon Verwaest <verwaest@chromium.org> > > Commit-Queue: Igor Sheludko <ishell@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#67475} > > TBR=ulan@chromium.org,ishell@chromium.org,verwaest@chromium.org > > Change-Id: I6fa02d0c89557eae33b792c1fe62c9c15eb0f7c7 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: b:148346655, v8:10339 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172749 > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67478} TBR=ulan@chromium.org,clemensb@chromium.org,ishell@chromium.org,verwaest@chromium.org Change-Id: Ib86e039374e721919cd5b02495c252ee7af283bd No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: b:148346655, v8:10339 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2173359Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#67495}
d29b2f81