Issue 2091733002: Reland [heap] Avoid the use of cells to point from code to new-space objects.

Issue 2091733002: Reland [heap] Avoid the use of cells to point from code to new-space objects. (Closed)

Created:
4 years, 6 months ago by ahaas

Modified:
4 years, 6 months ago

Reviewers:
Michael Lippautz

CC:
Hannes Payer (out of office), ulan, v8-mips-ports_googlegroups.com, v8-ppc-ports_googlegroups.com, v8-reviews_googlegroups.com, v8-x87-ports_googlegroups.com

Base URL:
https://chromium.googlesource.com/v8/v8.git@master

Target Ref:
refs/pending/heads/master

Project:
v8

Visibility:
Public.

More Reviews

Description

Reland [heap] Avoid the use of cells to point from code to new-space objects. The reason for reverting was: [Sheriff] Breaks arm debug: https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038. The problem was the dereferencing of handles for smi checks. It turned out that these smi checks can be removed anyways, both on arm and on mips. Additionally some rebasing was necessary. Original issue's description: Cells were needed originally because there was no typed remembered set to record direct pointers from code space to new space. A previous CL (https://codereview.chromium.org/2003553002/) already introduced the remembered set, this CL uses it. This CL * stores direct pointers in code objects, even if the target is in new space, * records the slot of the pointer in typed-old-to-new remembered set, * adds a list which stores weak code-to-new-space references, * adds a test to test-heap.cc for weak code-to-new-space references, * removes prints in tail-call-megatest.js R=mlippautz@chromium.org Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1 Cr-Commit-Position: refs/heads/master@{#37217}

Patch Set 1 #

Patch Set 2 : Fixed issues that caused the revert. #

Total comments: 4

Patch Set 3 : Address comments. #

Created: 4 years, 6 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+251 lines, -167 lines)			Patch
M	src/arm/assembler-arm.cc	View		1 chunk	+0 lines, -1 line	0 comments	Download
M	src/arm/assembler-arm-inl.h	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	src/arm/macro-assembler-arm.cc	View	1	1 chunk	+1 line, -13 lines	0 comments	Download
M	src/arm64/assembler-arm64.cc	View		1 chunk	+0 lines, -1 line	0 comments	Download
M	src/arm64/assembler-arm64-inl.h	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	src/arm64/macro-assembler-arm64.cc	View		1 chunk	+1 line, -8 lines	0 comments	Download
M	src/compiler.cc	View		1 chunk	+8 lines, -3 lines	0 comments	Download
M	src/heap/heap.h	View		3 chunks	+10 lines, -0 lines	0 comments	Download
M	src/heap/heap.cc	View		7 chunks	+37 lines, -37 lines	0 comments	Download
M	src/heap/heap-inl.h	View		1 chunk	+6 lines, -0 lines	0 comments	Download
M	src/heap/mark-compact.cc	View		9 chunks	+50 lines, -20 lines	0 comments	Download
M	src/heap/remembered-set.h	View		1 chunk	+14 lines, -0 lines	0 comments	Download
M	src/heap/remembered-set.cc	View	1 2	2 chunks	+14 lines, -0 lines	0 comments	Download
M	src/ia32/assembler-ia32-inl.h	View		3 chunks	+1 line, -4 lines	0 comments	Download
M	src/ia32/macro-assembler-ia32.cc	View		1 chunk	+3 lines, -25 lines	0 comments	Download
M	src/mips/assembler-mips.cc	View		1 chunk	+0 lines, -1 line	0 comments	Download
M	src/mips/assembler-mips-inl.h	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	src/mips/macro-assembler-mips.cc	View	1	1 chunk	+1 line, -13 lines	0 comments	Download
M	src/mips64/assembler-mips64.cc	View		1 chunk	+0 lines, -1 line	0 comments	Download
M	src/mips64/assembler-mips64-inl.h	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	src/mips64/macro-assembler-mips64.cc	View	1	1 chunk	+1 line, -13 lines	0 comments	Download
M	src/objects.h	View		1 chunk	+2 lines, -1 line	0 comments	Download
M	src/objects-debug.cc	View		1 chunk	+19 lines, -5 lines	0 comments	Download
M	src/objects-inl.h	View		1 chunk	+2 lines, -3 lines	0 comments	Download
M	src/x64/assembler-x64-inl.h	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	src/x64/macro-assembler-x64.h	View		1 chunk	+0 lines, -1 line	0 comments	Download
M	src/x64/macro-assembler-x64.cc	View		1 chunk	+1 line, -8 lines	0 comments	Download
M	src/x87/assembler-x87-inl.h	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	test/cctest/heap/test-heap.cc	View		1 chunk	+61 lines, -0 lines	0 comments	Download
M	test/cctest/test-serialize.cc	View		1 chunk	+13 lines, -9 lines	0 comments	Download

Messages

Total messages: 11 (3 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Michael Lippautz

lgtm Canary seems like a sad place to be at the moment so think twice ...

4 years, 6 months ago (2016-06-23 11:51:12 UTC) #2

ahaas

https://codereview.chromium.org/2091733002/diff/20001/src/heap/remembered-set.cc File src/heap/remembered-set.cc (right): https://codereview.chromium.org/2091733002/diff/20001/src/heap/remembered-set.cc#newcode22 src/heap/remembered-set.cc:22: { On 2016/06/23 at 11:51:12, Michael Lippautz wrote: > ...

4 years, 6 months ago (2016-06-23 12:42:21 UTC) #3

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/2091733002/40001

4 years, 6 months ago (2016-06-23 12:43:23 UTC) #6

commit-bot: I haz the power

Description was changed from ========== Reland [heap] Avoid the use of cells to point from ...

4 years, 6 months ago (2016-06-23 13:14:28 UTC) #8

Message was sent while issue was closed.

Description was changed from

==========
Reland [heap] Avoid the use of cells to point from code to new-space objects.

The reason for reverting was: [Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20....

The problem was the dereferencing of handles for smi checks. It turned out
that these smi checks can be removed anyways, both on arm and on mips.

Additionally some rebasing was necessary.

Original issue's description:

Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.

This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js

R=mlippautz@chromium.org
==========

to

==========
Reland [heap] Avoid the use of cells to point from code to new-space objects.

The reason for reverting was: [Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20....

The problem was the dereferencing of handles for smi checks. It turned out
that these smi checks can be removed anyways, both on arm and on mips.

Additionally some rebasing was necessary.

Original issue's description:

Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.

This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js

R=mlippautz@chromium.org

Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1
Cr-Commit-Position: refs/heads/master@{#37217}
==========

commit-bot: I haz the power

Patchset 3 (id:??) landed as https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1 Cr-Commit-Position: refs/heads/master@{#37217}

4 years, 6 months ago (2016-06-23 13:14:30 UTC) #9

vogelheim

A revert of this CL (patchset #3 id:40001) has been created in https://codereview.chromium.org/2090983002/ by vogelheim@chromium.org. ...

4 years, 6 months ago (2016-06-23 16:02:09 UTC) #10

Michael Lippautz

4 years, 6 months ago (2016-06-23 16:08:19 UTC) #11

Message was sent while issue was closed.

On 2016/06/23 16:02:09, vogelheim wrote:
> A revert of this CL (patchset #3 id:40001) has been created in
> https://codereview.chromium.org/2090983002/ by mailto:vogelheim@chromium.org.
> 
> The reason for reverting is: This breaks gc-stress bot:
>
https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Str...
> 
> #
> # Fatal error in ../../src/heap/mark-compact.cc, line 3715
> # Check failed:
> Page::FromAddress(reinterpret_cast<HeapObject*>(*slot)->address())
> ->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION).
> #
> 
> 
> I can reproduce locally, and local revert also fixes it -> revert.
> 
> Reproduce with:
>  out/Debug/d8 --test --random-seed=2140216864 --nohard-abort
> --nodead-code-elimination --nofold-constants --enable-slow-asserts
--debug-code
> --verify-heap --allow-natives-syntax --harmony-tailcalls
test/mjsunit/mjsunit.js
>  test/mjsunit/es6/tail-call-megatest-shard2.js --gc-interval=500
> --stress-compaction --concurrent-recompilation-queue-length=64
> --concurrent-recompilation-delay=500 --concurrent-recompilation
> 
> (Maybe run in loop; it's flaky when broken; but passes reliably w/ revert.).

FYI Andreas: This looks like a missed WB as you basically have a slot pointing
to *to* space during slot iteration. This can only happen when pages move within
new space.  (The branch here is pretty new; previously you would've run into the
dcheck right below:  DCHECK(!heap->InNewSpace(*slot));)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages