Issue 13257 in v8: Conservative stack scanning

[nikol… via monorail]

Status: Started
Owner: niko...@chromium.org
CC: mlip...@chromium.org, omer...@chromium.org
Components: GarbageCollection
Priority: 3
Type: FeatureRequest

New issue 13257 by niko...@chromium.org: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257

Tracking bug for work on conservative stack scanning for the V8 heap.

--
You received this message because:
1. The project was configured to send all issue notifications to this address

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

[Git Watcher via monorail]

Comment #1 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c1

The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/2b5f239abe019c86fe5b7365655bd4c7e4d32f9f

commit 2b5f239abe019c86fe5b7365655bd4c7e4d32f9f
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Sep 01 17:40:05 2022

[heap][test] Refactor tests using heap internals

This CL refactors most of the cctests and unittests (22 out of 31) that
directly invoke heap GC, so that the corresponding internal heap methods
are called from a few specific places in boilerplate code. This will
facilitate impending changes to the interface of GC-related internal
heap methods.

Bug: v8:13257
Change-Id: Ia6773a7952501b0792b279b799171519620497d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869264
Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82927}

[modify] https://crrev.com/2b5f239abe019c86fe5b7365655bd4c7e4d32f9f/test/cctest/cctest.cc
[modify] https://crrev.com/2b5f239abe019c86fe5b7365655bd4c7e4d32f9f/test/cctest/test-serialize.cc
[modify] https://crrev.com/2b5f239abe019c86fe5b7365655bd4c7e4d32f9f/test/unittests/test-utils.h
[modify] https://crrev.com/2b5f239abe019c86fe5b7365655bd4c7e4d32f9f/test/cctest/test-api.cc
[modify] https://crrev.com/2b5f239abe019c86fe5b7365655bd4c7e4d32f9f/test/cctest/test-shared-strings.cc
[modify] https://crrev.com/2b5f239abe019c86fe5b7365655bd4c7e4d32f9f/test/unittests/heap/page-promotion-unittest.cc
[modify] https://crrev.com/2b5f239abe019c86fe5b7365655bd4c7e4d32f9f/test/unittests/parser/scanner-streams-unittest.cc
[modify] https://crrev.com/2b5f239abe019c86fe5b7365655bd4c7e4d32f9f/test/cctest/wasm/test-wasm-serialization.cc
[modify] https://crrev.com/2b5f239abe019c86fe5b7365655bd4c7e4d32f9f/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/2b5f239abe019c86fe5b7365655bd4c7e4d32f9f/test/unittests/objects/managed-unittest.cc
[modify] https://crrev.com/2b5f239abe019c86fe5b7365655bd4c7e4d32f9f/test/unittests/heap/embedder-tracing-unittest.cc
[modify] https://crrev.com/2b5f239abe019c86fe5b7365655bd4c7e4d32f9f/test/unittests/utils/identity-map-unittest.cc
[modify] https://crrev.com/2b5f239abe019c86fe5b7365655bd4c7e4d32f9f/test/cctest/cctest.h

[Git Watcher via monorail]

Comment #2 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c2

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/7c79ab6d43298672e3c3f45b67e2ccf0f5afc196

commit 7c79ab6d43298672e3c3f45b67e2ccf0f5afc196
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Mon Sep 05 08:21:21 2022

[heap] Fix setting start of stack

The stack of an isolate's main thread is kept in the isolate's heap.
This CL sets the stack's start address when the isolate's heap is set
up; it can also be set explicitly from the embedder. The CL also fixes
threaded cctests, where an isolate is shared by many "main" threads.

Bug: v8:13257
Change-Id: Ie30bbbe4130882d94f23de946cbada748f32e22d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870923

Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#82973}

[modify] https://crrev.com/7c79ab6d43298672e3c3f45b67e2ccf0f5afc196/test/cctest/test-api.cc
[modify] https://crrev.com/7c79ab6d43298672e3c3f45b67e2ccf0f5afc196/test/unittests/heap/cppgc-js/traced-reference-unittest.cc
[modify] https://crrev.com/7c79ab6d43298672e3c3f45b67e2ccf0f5afc196/src/heap/heap.cc
[modify] https://crrev.com/7c79ab6d43298672e3c3f45b67e2ccf0f5afc196/src/heap/cppgc-js/cpp-heap.cc
[modify] https://crrev.com/7c79ab6d43298672e3c3f45b67e2ccf0f5afc196/test/unittests/heap/embedder-tracing-unittest.cc

[Git Watcher via monorail]

Comment #3 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c3

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/ac7edc1fdbc43507036db841b634200cf8d7d809

commit ac7edc1fdbc43507036db841b634200cf8d7d809
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Sep 15 10:15:00 2022

[heap] Fix inner pointer resolution for unused young pages

Inner pointer resolution, to be used in conservative stack scanning,
assumes that all pages registered with the memory allocator are
iterable. Until this CL, this was not the case for pages that were
owned by the young generation semispaces but were unused. Such pages
are either in the "from" semispace, or in the "to" semispace but have
not yet been used.

This CL ensures that all pages owned by the young generation are iterable. It also adds tests to verify that inner pointer resolution
works correctly for unused young pages and for pointers above the
page area.

Bug: v8:13257
Change-Id: Ieff7cc216853403e01f83220b96bf8ff4cdea596
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885893

Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83226}

[modify] https://crrev.com/ac7edc1fdbc43507036db841b634200cf8d7d809/src/heap/new-spaces.cc
[modify] https://crrev.com/ac7edc1fdbc43507036db841b634200cf8d7d809/test/unittests/heap/marking-inner-pointer-resolution-unittest.cc
[modify] https://crrev.com/ac7edc1fdbc43507036db841b634200cf8d7d809/src/heap/heap.cc
[modify] https://crrev.com/ac7edc1fdbc43507036db841b634200cf8d7d809/src/heap/setup-heap-internal.cc
[modify] https://crrev.com/ac7edc1fdbc43507036db841b634200cf8d7d809/src/heap/mark-compact.cc
[modify] https://crrev.com/ac7edc1fdbc43507036db841b634200cf8d7d809/src/heap/memory-allocator.cc
[modify] https://crrev.com/ac7edc1fdbc43507036db841b634200cf8d7d809/src/heap/new-spaces-inl.h
[modify] https://crrev.com/ac7edc1fdbc43507036db841b634200cf8d7d809/src/heap/new-spaces.h

[Git Watcher via monorail]

Comment #4 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c4

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/415d5b1a58eef11569b7bee69a24481ddb134580

commit 415d5b1a58eef11569b7bee69a24481ddb134580
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Sep 30 13:33:50 2022

[heap] Fix inner pointer resolution for incremental marking

When incremental marking has started and the scavenger is triggered,
young generation pages that end up in the "from" space may contain
unclean markbits. In this case, inner pointer resolution may return
base pointers to the start of objects that are not on the page anymore.
This is problematic if the page contents have been zapped. This CL fixes
this and improves the corresponding unit test.

Bug: v8:13257
Change-Id: I9f4a05270a66e15e86519a2d6574b4afe100a48d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925935

Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#83496}

[modify] https://crrev.com/415d5b1a58eef11569b7bee69a24481ddb134580/src/heap/new-spaces.cc
[modify] https://crrev.com/415d5b1a58eef11569b7bee69a24481ddb134580/test/unittests/heap/marking-inner-pointer-resolution-unittest.cc
[modify] https://crrev.com/415d5b1a58eef11569b7bee69a24481ddb134580/src/heap/heap.cc
[modify] https://crrev.com/415d5b1a58eef11569b7bee69a24481ddb134580/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #5 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c5

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/0c3919d5e247ef22e5d8da9da40ab052af0fc9b9

commit 0c3919d5e247ef22e5d8da9da40ab052af0fc9b9
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Oct 06 13:47:37 2022

[heap] Fix inner pointer resolution unit test

This CL fixes two bugs in the unit test for inner pointer resolution,
implemented using the marking bitmap. First, the tests would not compile
after crrev.com/c/3925548, which moved the marking state from the
collector to the heap. Second, some tests would fail in builds without
pointer compression, because the size of words in heap is different.

Bug: v8:13257
Change-Id: I8e6c9c70daa9ed9a8f0ebd5a06f7c017445400e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3937964
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83563}

[modify] https://crrev.com/0c3919d5e247ef22e5d8da9da40ab052af0fc9b9/test/unittests/BUILD.gn
[modify] https://crrev.com/0c3919d5e247ef22e5d8da9da40ab052af0fc9b9/src/heap/memory-allocator.h
[modify] https://crrev.com/0c3919d5e247ef22e5d8da9da40ab052af0fc9b9/test/unittests/heap/marking-inner-pointer-resolution-unittest.cc
[modify] https://crrev.com/0c3919d5e247ef22e5d8da9da40ab052af0fc9b9/src/heap/mark-compact.h
[modify] https://crrev.com/0c3919d5e247ef22e5d8da9da40ab052af0fc9b9/src/heap/spaces.h

[Git Watcher via monorail]

Comment #6 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c6

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/98e46e7befec3f8fda29d845d6f8ef975afc581a

commit 98e46e7befec3f8fda29d845d6f8ef975afc581a
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Oct 07 15:24:40 2022

[heap] Revise conservative stack scanning visitor

This CL revises the conservative stack scanning visitor, to use the
implementation of inner pointer resolution based on the marking bits.

Bug: v8:13257
Change-Id: I97203e1f571d89912f91b3513cff24521c1df662
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3934342
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Igor Sheludko <ish...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83573}

[modify] https://crrev.com/98e46e7befec3f8fda29d845d6f8ef975afc581a/test/unittests/BUILD.gn
[modify] https://crrev.com/98e46e7befec3f8fda29d845d6f8ef975afc581a/src/common/ptr-compr.h
[modify] https://crrev.com/98e46e7befec3f8fda29d845d6f8ef975afc581a/src/heap/heap.h
[modify] https://crrev.com/98e46e7befec3f8fda29d845d6f8ef975afc581a/src/common/ptr-compr-inl.h
[modify] https://crrev.com/98e46e7befec3f8fda29d845d6f8ef975afc581a/src/heap/conservative-stack-visitor.h
[modify] https://crrev.com/98e46e7befec3f8fda29d845d6f8ef975afc581a/src/heap/conservative-stack-visitor.cc
[add] https://crrev.com/98e46e7befec3f8fda29d845d6f8ef975afc581a/test/unittests/heap/conservative-stack-visitor-unittest.cc

[Git Watcher via monorail]

Comment #7 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c7

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/8c7c087812e343ed8f2c37b21a29aa0de560268d

commit 8c7c087812e343ed8f2c37b21a29aa0de560268d
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Oct 21 12:07:52 2022

[heap] Make stack thread-local and introduce stack markers

This CL makes the object keeping stack information thread-local, moving
it from Heap to ThreadLocalTop. In this way, stack scanning will work
correctly when switching between threads, e.g., using v8::Locker.

It also introduces a mechanism for setting a stack marker, to be used
for scanning only the part of stack between its start and the marker
(instead of the current stack top).

Bug: v8:13257
Change-Id: I01091f5f49d9a8143d50aeef53789a98bdb29048
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3960991

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#83848}

[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/bazel/defs.bzl
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/src/heap/base/stack.h
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/test/cctest/test-api.cc
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/src/flags/flag-definitions.h
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/tools/testrunner/testdata/testroot6/out/build/v8_build_config.json
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/tools/testrunner/base_runner.py
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/src/execution/thread-local-top.h
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/tools/testrunner/testdata/testroot3/out/build/v8_build_config.json
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/tools/testrunner/testdata/testroot1/out/build/v8_build_config.json
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/BUILD.bazel
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/src/execution/thread-local-top.cc
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/tools/testrunner/build_config.py
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/src/execution/isolate.cc
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/src/heap/heap.h
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/src/heap/heap.cc
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/BUILD.gn
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/src/heap/base/stack.cc
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/tools/testrunner/testdata/testroot2/out/build/v8_build_config.json
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/tools/testrunner/testdata/testroot5/out.gn/build/v8_build_config.json
[modify] https://crrev.com/8c7c087812e343ed8f2c37b21a29aa0de560268d/test/mjsunit/mjsunit.status

[Git Watcher via monorail]

Comment #8 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c8

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/60dfddf03cd244d0c06915a230576f3e142f3f2a

commit 60dfddf03cd244d0c06915a230576f3e142f3f2a
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Oct 20 23:48:13 2022

[heap][test] Fix code coverage tests for conservative stack scanning

Code coverage tests invoke garbage collection, to test that coverage
data is not reclaimed by the garbage collector and that the native
%DebugTogglePreciseCoverage works as intended. One of them tests that
garbage collection indeed reclaims the coverage data, if the above
native is not used. When conservative stack scanning is used, this may
fail.

This CL fixes the tests, ensuring that a precise garbage collection
will be invoked, without scanning the stack. To achieve this, the
garbage collection is invoked not with %CollectGarbage but by using
--expose-gc and the asynchronous execution mode, which ensures that
it will be invoked from the event loop without a stack.

Bug: v8:13257
Change-Id: Id44ef0d442bfd0a8afda282c3345e5ebeb239356
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3968708
Reviewed-by: Omer Katz <omer...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83851}

[modify] https://crrev.com/60dfddf03cd244d0c06915a230576f3e142f3f2a/test/mjsunit/code-coverage-precise.js
[modify] https://crrev.com/60dfddf03cd244d0c06915a230576f3e142f3f2a/test/mjsunit/code-coverage-block-async.js
[modify] https://crrev.com/60dfddf03cd244d0c06915a230576f3e142f3f2a/test/mjsunit/code-coverage-block-noopt.js
[modify] https://crrev.com/60dfddf03cd244d0c06915a230576f3e142f3f2a/test/mjsunit/code-coverage-block.js
[modify] https://crrev.com/60dfddf03cd244d0c06915a230576f3e142f3f2a/test/mjsunit/code-coverage-class-fields.js
[modify] https://crrev.com/60dfddf03cd244d0c06915a230576f3e142f3f2a/test/mjsunit/code-coverage-block-opt.js
[modify] https://crrev.com/60dfddf03cd244d0c06915a230576f3e142f3f2a/test/mjsunit/code-coverage-utils.js

[Git Watcher via monorail]

Comment #9 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c9

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/dbda17a58eddc198d8a369f1e9f94cdacf02abad

commit dbda17a58eddc198d8a369f1e9f94cdacf02abad
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Oct 26 16:21:11 2022

[heap] Fix tests for OSB and CSS

Since crrev.com/c/3973310 which renamed the isolate scopes, the unit and
cctests for the object-start bitmap and the conservative stack visitor
have broken.

Bug: v8:13257
Change-Id: If8a498827f2085108cf0740a9c5c994145424fc3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3980255
Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83960}

[modify] https://crrev.com/dbda17a58eddc198d8a369f1e9f94cdacf02abad/test/cctest/heap/test-mark-compact.cc
[modify] https://crrev.com/dbda17a58eddc198d8a369f1e9f94cdacf02abad/test/unittests/heap/conservative-stack-visitor-unittest.cc

[Git Watcher via monorail]

Comment #10 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c10

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/514de317fba9392952f4dce4bcb0b3fa424ec50a

commit 514de317fba9392952f4dce4bcb0b3fa424ec50a
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Nov 03 11:09:55 2022

[heap] Introduce a conservative stack scanning pass

This CL introduces the mechanism for conservative stack scanning (CSS).
Behind a compile-time flag, it also introduces a CSS pass which scans
the stack during the GC marking phase and marking verification. This
pass is now redundant, i.e., it is not needed for the correctness of
garbage collection. It will be used for experimenting with CSS and for
benchmarking.

Bug: v8:13257
Change-Id: If35bc24fde3bc08c5735d9e2f1b67724f7e31ef7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3968710
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#84036}

[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/cctest/heap/test-concurrent-allocation.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/cctest/cctest.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/unittests/test-utils.h
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/cctest/test-api.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/wasm-api-tests/callbacks.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/cctest/heap/heap-utils.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/src/heap/scavenger.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/src/heap/evacuation-verifier.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/unittests/heap/heap-utils.h
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/wasm-api-tests/serialize.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/unittests/heap/local-heap-unittest.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/unittests/api/deserialize-unittest.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/src/heap/heap-verifier.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/cctest/test-heap-profiler.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/unittests/heap/cppgc-js/unified-heap-unittest.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/unittests/parser/decls-unittest.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/src/heap/heap.h
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/src/heap/heap.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/src/heap/mark-compact.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/unittests/test-utils.cc
[modify] https://crrev.com/514de317fba9392952f4dce4bcb0b3fa424ec50a/test/cctest/cctest.h

[Git Watcher via monorail]

Comment #11 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c11

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/dcaf26930f27bb14cb14b822f62d7925879239d6

commit dcaf26930f27bb14cb14b822f62d7925879239d6
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Nov 09 16:45:09 2022

[heap] Refactor saving the callee-saved registers on stack

This CL refactors the trampoline that pushes the values of callee-saved
registers on the stack, which used before stack scanning.

At the low level, it defines simpler architecture-specific functions
that save the values of these registers in a caller-supplied buffer of
the appropriate size.

The trampoline is now implemented using this mechanism. However, the
low-level functions will be used in subsequent CLs for storing the
registers without using a callback, when setting a stack marker for
conservative stack scanning.

Bug: v8:13257
Change-Id: I86dae66e8613b839c694dc004747e04d1dfad7c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3989143

Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Reviewed-by: Anton Bikineev <biki...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84160}

[modify] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/base/stack.h
[delete] https://crrev.com/606c5c4c3ad173e11b6820d555264cba8120d669/src/heap/base/asm/arm64/push_registers_masm.S
[delete] https://crrev.com/606c5c4c3ad173e11b6820d555264cba8120d669/src/heap/base/asm/ia32/push_registers_masm.asm
[modify] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/BUILD.bazel
[add] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/base/asm/arm/save_registers_asm.cc
[add] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/base/asm/mips64/save_registers_asm.cc
[add] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/base/asm/s390/save_registers_asm.cc
[delete] https://crrev.com/606c5c4c3ad173e11b6820d555264cba8120d669/src/heap/base/asm/s390/push_registers_asm.cc
[add] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/base/asm/ia32/save_registers_asm.cc
[add] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/base/asm/loong64/save_registers_asm.cc
[add] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/base/asm/arm64/save_registers_masm.S
[modify] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/BUILD.gn
[modify] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/base/stack.cc
[add] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/base/asm/riscv/save_registers_asm.cc
[delete] https://crrev.com/606c5c4c3ad173e11b6820d555264cba8120d669/src/heap/base/asm/mips64/push_registers_asm.cc
[add] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/base/asm/ppc/save_registers_asm.cc
[add] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/base/asm/ia32/save_registers_masm.asm
[delete] https://crrev.com/606c5c4c3ad173e11b6820d555264cba8120d669/src/heap/base/asm/ia32/push_registers_asm.cc
[delete] https://crrev.com/606c5c4c3ad173e11b6820d555264cba8120d669/src/heap/base/asm/arm64/push_registers_asm.cc
[delete] https://crrev.com/606c5c4c3ad173e11b6820d555264cba8120d669/src/heap/base/asm/x64/push_registers_asm.cc
[delete] https://crrev.com/606c5c4c3ad173e11b6820d555264cba8120d669/src/heap/base/asm/ppc/push_registers_asm.cc
[add] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/base/asm/x64/save_registers_masm.asm
[delete] https://crrev.com/606c5c4c3ad173e11b6820d555264cba8120d669/src/heap/base/asm/riscv/push_registers_asm.cc
[delete] https://crrev.com/606c5c4c3ad173e11b6820d555264cba8120d669/src/heap/base/asm/arm/push_registers_asm.cc
[delete] https://crrev.com/606c5c4c3ad173e11b6820d555264cba8120d669/src/heap/base/asm/x64/push_registers_masm.asm
[modify] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/heap.cc
[add] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/base/asm/arm64/save_registers_asm.cc
[add] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/base/asm/x64/save_registers_asm.cc
[delete] https://crrev.com/606c5c4c3ad173e11b6820d555264cba8120d669/src/heap/base/asm/loong64/push_registers_asm.cc
[modify] https://crrev.com/dcaf26930f27bb14cb14b822f62d7925879239d6/src/heap/cppgc/marking-verifier.cc

[Git Watcher via monorail]

Comment #12 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c12

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/9554743a0ba7ac9b758e10332f07dc640b7e1222

commit 9554743a0ba7ac9b758e10332f07dc640b7e1222
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Nov 16 13:51:57 2022

[heap] Refactor the stack object

The stack object is primarily used for conservative stack scanning, both
by the V8 and C++ garbage collectors. This CL introduces the notion of a
"stack context", which comprises of the current stack marker (the lowest
address on the stack that may contain interesting pointers) and the
values of the saved registers. It simplifies the way in which iteration
through the stack is invoked: the context must have previously been
saved and iteration always uses the stack marker.

Bug: v8:13257
Bug: v8:13493
Change-Id: Ia99ef702eb6ac67a3bcd006f0edf5e57d9975ab2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4017512
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#84303}

[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/cctest/cctest.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/base/stack.h
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/wasm-api-tests/callbacks.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/cctest/heap/heap-utils.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/cppgc/marking-verifier.h
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/unittests/heap/heap-utils.h
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/base/asm/arm/save_registers_asm.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/base/asm/mips64/save_registers_asm.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/base/asm/s390/save_registers_asm.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/wasm-api-tests/serialize.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/unittests/api/deserialize-unittest.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/unittests/heap/cppgc/write-barrier-unittest.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/execution/isolate.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/cctest/test-heap-profiler.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/unittests/heap/cppgc/marker-unittest.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/unittests/heap/cppgc-js/unified-heap-unittest.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/unittests/parser/decls-unittest.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/base/asm/ia32/save_registers_asm.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/base/asm/loong64/save_registers_asm.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/heap.h
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/unittests/heap/cppgc/marking-verifier-unittest.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/base/stack.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/base/asm/riscv/save_registers_asm.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/unittests/test-utils.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/unittests/heap/cppgc/weak-container-unittest.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/mjsunit/mjsunit.status
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/unittests/heap/cppgc/stack-unittest.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/cctest/heap/test-concurrent-allocation.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/unittests/test-utils.h
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/base/asm/ppc/save_registers_asm.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/cctest/test-api.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/scavenger.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/cppgc/heap-base.h
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/cppgc-js/cpp-heap.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/cppgc/heap.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/inspector/isolate-data.h
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/heap.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/base/asm/arm64/save_registers_asm.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/base/asm/x64/save_registers_asm.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/mark-compact.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/unittests/heap/conservative-stack-visitor-unittest.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/src/heap/cppgc/marking-verifier.cc
[modify] https://crrev.com/9554743a0ba7ac9b758e10332f07dc640b7e1222/test/cctest/cctest.h

[Git Watcher via monorail]

Comment #13 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c13

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/abdd0630f223957e10f9a8582fe8412e5e5d1cba

commit abdd0630f223957e10f9a8582fe8412e5e5d1cba
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Nov 17 17:03:17 2022

[heap] Introduce bottlenecks for pages and heap objects in HeapVerifier

This CL introduces a new interface SpaceVerificationVisitor which
is used for verifying of spaces in the heap. SpaceVerificationVisitor
has methods for verifying objects and pages in the space. All space
kinds invoke these methods for verification.

This new interface is then used in HeapVerifier to introduce single
bottlenecks for objects and pages in the heap.

Bug: v8:13257
Change-Id: I6b39d60a30793ec3f04a88ad73e8be0e96627815
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030258
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84338}

[modify] https://crrev.com/abdd0630f223957e10f9a8582fe8412e5e5d1cba/src/heap/heap-verifier.cc
[modify] https://crrev.com/abdd0630f223957e10f9a8582fe8412e5e5d1cba/src/heap/paged-spaces.cc
[modify] https://crrev.com/abdd0630f223957e10f9a8582fe8412e5e5d1cba/src/heap/new-spaces.cc
[modify] https://crrev.com/abdd0630f223957e10f9a8582fe8412e5e5d1cba/src/heap/paged-spaces.h
[modify] https://crrev.com/abdd0630f223957e10f9a8582fe8412e5e5d1cba/src/heap/heap.h
[modify] https://crrev.com/abdd0630f223957e10f9a8582fe8412e5e5d1cba/src/heap/heap.cc
[modify] https://crrev.com/abdd0630f223957e10f9a8582fe8412e5e5d1cba/src/heap/large-spaces.cc
[modify] https://crrev.com/abdd0630f223957e10f9a8582fe8412e5e5d1cba/src/heap/heap-verifier.h
[modify] https://crrev.com/abdd0630f223957e10f9a8582fe8412e5e5d1cba/src/heap/new-spaces.h
[modify] https://crrev.com/abdd0630f223957e10f9a8582fe8412e5e5d1cba/src/heap/large-spaces.h

[Git Watcher via monorail]

Comment #14 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c14

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/157e83a3a397ec8463ad0245b4b9d2fc5ab70574

commit 157e83a3a397ec8463ad0245b4b9d2fc5ab70574
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Nov 18 08:47:56 2022

[heap] Use SpaceVerificationVisitor for ReadOnlySpace as well

This CL switches the ReadOnlySpace verification to also use the
SpaceVerificationVisitor class.

This allows to move the VerifyPointersVisitor class out of heap.cc
into heap-verifier.cc.

The CL also introduces a virtual BaseSpace::Verify method which is
implement by each space kind.

Bug: v8:13257
Change-Id: I592344fee524f247d656085e898aad77663c33a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030523
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84350}

[modify] https://crrev.com/157e83a3a397ec8463ad0245b4b9d2fc5ab70574/src/heap/read-only-spaces.cc
[modify] https://crrev.com/157e83a3a397ec8463ad0245b4b9d2fc5ab70574/src/heap/new-spaces.cc
[modify] https://crrev.com/157e83a3a397ec8463ad0245b4b9d2fc5ab70574/src/heap/paged-spaces.h
[modify] https://crrev.com/157e83a3a397ec8463ad0245b4b9d2fc5ab70574/src/heap/heap-inl.h
[modify] https://crrev.com/157e83a3a397ec8463ad0245b4b9d2fc5ab70574/src/heap/heap-verifier.h
[modify] https://crrev.com/157e83a3a397ec8463ad0245b4b9d2fc5ab70574/src/heap/new-spaces.h
[modify] https://crrev.com/157e83a3a397ec8463ad0245b4b9d2fc5ab70574/src/heap/heap-verifier.cc
[modify] https://crrev.com/157e83a3a397ec8463ad0245b4b9d2fc5ab70574/src/heap/base-space.h
[modify] https://crrev.com/157e83a3a397ec8463ad0245b4b9d2fc5ab70574/src/heap/heap.h
[modify] https://crrev.com/157e83a3a397ec8463ad0245b4b9d2fc5ab70574/src/heap/heap.cc
[modify] https://crrev.com/157e83a3a397ec8463ad0245b4b9d2fc5ab70574/src/heap/large-spaces.cc
[modify] https://crrev.com/157e83a3a397ec8463ad0245b4b9d2fc5ab70574/src/heap/large-spaces.h
[modify] https://crrev.com/157e83a3a397ec8463ad0245b4b9d2fc5ab70574/src/heap/read-only-spaces.h

[Git Watcher via monorail]

Comment #15 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c15

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/88f80797b6147224f35a578567e63040837f950b

commit 88f80797b6147224f35a578567e63040837f950b
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Nov 18 13:07:36 2022

[heap] Avoid invoking write barrier when aging compilation cache

We can skip write barriers when storing read only objects. This should
fix the linked bug where no v8::Isolate::Scope is set up during GC.

Bug: v8:13257, chromium:1386096
Change-Id: I2be9a38895e34bc7f6582c26d3c236dd23cf1f2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4036570

Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#84358}

[modify] https://crrev.com/88f80797b6147224f35a578567e63040837f950b/src/codegen/compilation-cache.cc

[Git Watcher via monorail]

Comment #16 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c16

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/aa89f8873f9d8f59a917b8aadae01bd4d14c1b2d

commit aa89f8873f9d8f59a917b8aadae01bd4d14c1b2d
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Dec 07 14:47:39 2022

[heap] Fix inner pointer resolution for large objects

Inner pointer resolution should never return free space or filler
objects. In some tests, however, there is free space or filler objects
in large pages. This CL fixes this case.

Bug: v8:13257
Change-Id: Id5b4875052843184cbe1777e3324e5b09771af49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4069704
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84709}

[modify] https://crrev.com/aa89f8873f9d8f59a917b8aadae01bd4d14c1b2d/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #17 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c17

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/36bac1bcae1020fce5b9dfe54522d33df80b2dd6

commit 36bac1bcae1020fce5b9dfe54522d33df80b2dd6
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Dec 07 15:06:29 2022

[heap] Fix conservative stack scanning for client isolates

With this CL, the context of stacks corresponding to all client isolates
are saved, so that conservative stack scanning can be used correctly
during a shared garbage collection. This happens:

1) in Heap::PerformSharedGarbageCollection, for the stacks of the shared
isolate and the initiator;
2) when an isolate's main thread is waiting in a safepoint; and
3) when an isolate's main thread is parked.

Bug: v8:13257
Change-Id: I9ff060f2c0c1ec12977c70d67d65d9c543e2d165
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027210
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84712}

[modify] https://crrev.com/36bac1bcae1020fce5b9dfe54522d33df80b2dd6/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/36bac1bcae1020fce5b9dfe54522d33df80b2dd6/test/cctest/test-shared-strings.cc
[modify] https://crrev.com/36bac1bcae1020fce5b9dfe54522d33df80b2dd6/src/heap/heap.h
[modify] https://crrev.com/36bac1bcae1020fce5b9dfe54522d33df80b2dd6/src/heap/heap.cc
[modify] https://crrev.com/36bac1bcae1020fce5b9dfe54522d33df80b2dd6/src/heap/local-heap.h
[modify] https://crrev.com/36bac1bcae1020fce5b9dfe54522d33df80b2dd6/test/unittests/heap/conservative-stack-visitor-unittest.cc
[modify] https://crrev.com/36bac1bcae1020fce5b9dfe54522d33df80b2dd6/src/heap/local-heap.cc

[Git Watcher via monorail]

Comment #18 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c18

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/710f2a4da2cfdfd9b07fd28be3563ed2e011adb8

commit 710f2a4da2cfdfd9b07fd28be3563ed2e011adb8
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Dec 09 10:47:34 2022

Revert "[heap] Fix conservative stack scanning for client isolates"

This reverts commit 36bac1bcae1020fce5b9dfe54522d33df80b2dd6.

Reason for revert: This possibly caused clusterfuzz issues and test flakiness.

Original change's description:

> [heap] Fix conservative stack scanning for client isolates
>
> With this CL, the context of stacks corresponding to all client isolates
> are saved, so that conservative stack scanning can be used correctly
> during a shared garbage collection. This happens:
>
> 1) in Heap::PerformSharedGarbageCollection, for the stacks of the shared
> isolate and the initiator;
> 2) when an isolate's main thread is waiting in a safepoint; and
> 3) when an isolate's main thread is parked.
>
> Bug: v8:13257
> Change-Id: I9ff060f2c0c1ec12977c70d67d65d9c543e2d165
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027210
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Reviewed-by: Omer Katz <omer...@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
> Reviewed-by: Dominik Inführ <dinf...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84712}

No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:13257
Change-Id: I7eb50b24243084d45b3f1bcc37a559b9f92e0318
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4092363
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Reviewed-by: Nico Hartmann <nicoha...@chromium.org>
Owners-Override: Nico Hartmann <nicoha...@chromium.org>
Commit-Queue: Nico Hartmann <nicoha...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84749}

[modify] https://crrev.com/710f2a4da2cfdfd9b07fd28be3563ed2e011adb8/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/710f2a4da2cfdfd9b07fd28be3563ed2e011adb8/test/cctest/test-shared-strings.cc
[modify] https://crrev.com/710f2a4da2cfdfd9b07fd28be3563ed2e011adb8/src/heap/heap.h
[modify] https://crrev.com/710f2a4da2cfdfd9b07fd28be3563ed2e011adb8/src/heap/heap.cc
[modify] https://crrev.com/710f2a4da2cfdfd9b07fd28be3563ed2e011adb8/src/heap/local-heap.h
[modify] https://crrev.com/710f2a4da2cfdfd9b07fd28be3563ed2e011adb8/test/unittests/heap/conservative-stack-visitor-unittest.cc
[modify] https://crrev.com/710f2a4da2cfdfd9b07fd28be3563ed2e011adb8/src/heap/local-heap.cc

[Git Watcher via monorail]

Comment #19 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c19

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/f81430caa9159411505d2adcabd95b44329320a6

commit f81430caa9159411505d2adcabd95b44329320a6
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue Dec 13 18:25:02 2022

[heap] Enable conservative stack scanning on tests

Since its introduction (behind a compile-time flag), conservative stack
scanning was disabled by default on tests. This CL inverts this logic,
enabling CSS by default for all tests that do not define an explicit
scope to disable it.

Bug: v8:13257
Change-Id: I5ea4249d02f69b0b1e195415c2562daf5d8c0ea9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4100912

Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#84848}

[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/unittests/heap/global-handles-unittest.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/cctest/cctest.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/wasm-api-tests/callbacks.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/cctest/heap/heap-utils.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/unittests/heap/heap-utils.h
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/wasm-api-tests/serialize.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/unittests/api/deserialize-unittest.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/unittests/heap/cppgc-js/unified-heap-unittest.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/unittests/parser/decls-unittest.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/unittests/codegen/code-pages-unittest.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/unittests/heap/embedder-tracing-unittest.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/cctest/heap/test-array-buffer-tracker.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/unittests/test-utils.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/cctest/heap/test-concurrent-allocation.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/unittests/test-utils.h
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/cctest/test-api.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/cctest/test-shared-strings.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/cctest/test-debug.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/cctest/heap/test-weak-references.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/unittests/web-snapshot/web-snapshot-unittest.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/cctest/test-cpu-profiler.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/cctest/test-js-weak-refs.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/unittests/objects/weakmaps-unittest.cc
[modify] https://crrev.com/f81430caa9159411505d2adcabd95b44329320a6/test/cctest/cctest.h

[Git Watcher via monorail]

Comment #20 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c20

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/2a71e8637f0ee70d11873abef7cda8c772f7a8ad

commit 2a71e8637f0ee70d11873abef7cda8c772f7a8ad
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue Dec 20 14:53:22 2022

Reland "[heap] Fix conservative stack scanning for client isolates"

This is a reland of commit 36bac1bcae1020fce5b9dfe54522d33df80b2dd6

Original change's description:
> [heap] Fix conservative stack scanning for client isolates
>
> With this CL, the context of stacks corresponding to all client isolates
> are saved, so that conservative stack scanning can be used correctly
> during a shared garbage collection. This happens:
>
> 1) in Heap::PerformSharedGarbageCollection, for the stacks of the shared
> isolate and the initiator;
> 2) when an isolate's main thread is waiting in a safepoint; and
> 3) when an isolate's main thread is parked.
>
> Bug: v8:13257
> Change-Id: I9ff060f2c0c1ec12977c70d67d65d9c543e2d165
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027210
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Reviewed-by: Omer Katz <omer...@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
> Reviewed-by: Dominik Inführ <dinf...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84712}

Bug: v8:13257
Change-Id: I61df6eeca5a28e04eb3a858f7d601bc5f6312e49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4092737
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84963}

[modify] https://crrev.com/2a71e8637f0ee70d11873abef7cda8c772f7a8ad/test/cctest/heap/test-concurrent-allocation.cc
[modify] https://crrev.com/2a71e8637f0ee70d11873abef7cda8c772f7a8ad/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/2a71e8637f0ee70d11873abef7cda8c772f7a8ad/src/heap/heap.h
[modify] https://crrev.com/2a71e8637f0ee70d11873abef7cda8c772f7a8ad/src/heap/heap.cc
[modify] https://crrev.com/2a71e8637f0ee70d11873abef7cda8c772f7a8ad/src/heap/local-heap.h
[modify] https://crrev.com/2a71e8637f0ee70d11873abef7cda8c772f7a8ad/src/heap/local-heap.cc
[modify] https://crrev.com/2a71e8637f0ee70d11873abef7cda8c772f7a8ad/test/unittests/heap/conservative-stack-visitor-unittest.cc

[Git Watcher via monorail]

Comment #21 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c21

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/f51e0bb1db67cfa1b4ac11b13e5cbee0b8601149

commit f51e0bb1db67cfa1b4ac11b13e5cbee0b8601149
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue Dec 20 17:58:21 2022

[heap] Merge mechanisms for disabling CSS

EmbedderStackStateScope is used to disable conservative stack scanning
for cppgc when the stack is known to not contain heap pointers. Also,
DisableConservativeStackScanningScopeForTesting is used to disable CSS
for the V8 heap in tests that assume a precise GC. Until now, these two
have used two different mechanisms for disabling CSS. This CL merges
the two mechanisms and implements the latter scope via the former.

Bug: v8:13257
Change-Id: Ieca082657854fe2eff9eb5d95a30d48bb8eab44f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111954
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84964}

[modify] https://crrev.com/f51e0bb1db67cfa1b4ac11b13e5cbee0b8601149/test/unittests/heap/cppgc-js/unified-heap-unittest.cc
[modify] https://crrev.com/f51e0bb1db67cfa1b4ac11b13e5cbee0b8601149/src/heap/heap.h
[modify] https://crrev.com/f51e0bb1db67cfa1b4ac11b13e5cbee0b8601149/src/heap/heap.cc
[modify] https://crrev.com/f51e0bb1db67cfa1b4ac11b13e5cbee0b8601149/src/heap/mark-compact.cc
[modify] https://crrev.com/f51e0bb1db67cfa1b4ac11b13e5cbee0b8601149/test/unittests/heap/embedder-tracing-unittest.cc

[Git Watcher via monorail]

Comment #22 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c22

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/24da07944402e24817ef3d9951689de099eea390

commit 24da07944402e24817ef3d9951689de099eea390
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Dec 21 10:32:25 2022

Revert "[heap] Merge mechanisms for disabling CSS"

This reverts commit f51e0bb1db67cfa1b4ac11b13e5cbee0b8601149.

Reason for revert: Dependent on crrev.com/c/4092737 that is being reverted.

Original change's description:

> [heap] Merge mechanisms for disabling CSS
>
> EmbedderStackStateScope is used to disable conservative stack scanning
> for cppgc when the stack is known to not contain heap pointers. Also,
> DisableConservativeStackScanningScopeForTesting is used to disable CSS
> for the V8 heap in tests that assume a precise GC. Until now, these two
> have used two different mechanisms for disabling CSS. This CL merges
> the two mechanisms and implements the latter scope via the former.
>
> Bug: v8:13257
> Change-Id: Ieca082657854fe2eff9eb5d95a30d48bb8eab44f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111954
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84964}

Bug: v8:13257
Change-Id: Id769af6215a2ed319ec96b354734a5362b2384cf

No-Presubmit: true
No-Tree-Checks: true
No-Try: true

Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111179

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#84972}

[modify] https://crrev.com/24da07944402e24817ef3d9951689de099eea390/test/unittests/heap/cppgc-js/unified-heap-unittest.cc
[modify] https://crrev.com/24da07944402e24817ef3d9951689de099eea390/src/heap/heap.h
[modify] https://crrev.com/24da07944402e24817ef3d9951689de099eea390/src/heap/heap.cc
[modify] https://crrev.com/24da07944402e24817ef3d9951689de099eea390/src/heap/mark-compact.cc
[modify] https://crrev.com/24da07944402e24817ef3d9951689de099eea390/test/unittests/heap/embedder-tracing-unittest.cc

[Git Watcher via monorail]

Comment #23 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c23

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/53e7cf253a6ea7e7ae25008425898fd324cca671

commit 53e7cf253a6ea7e7ae25008425898fd324cca671
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Dec 21 10:05:23 2022

Revert "Reland "[heap] Fix conservative stack scanning for client isolates""

This reverts commit 2a71e8637f0ee70d11873abef7cda8c772f7a8ad.

Reason for revert: This probably blocked the V8 roll.
https://chromium-review.googlesource.com/c/chromium/src/+/4116621?tab=checks

Original change's description:

> Reland "[heap] Fix conservative stack scanning for client isolates"
>
> This is a reland of commit 36bac1bcae1020fce5b9dfe54522d33df80b2dd6
>

> Original change's description:

> > [heap] Fix conservative stack scanning for client isolates
> >
> > With this CL, the context of stacks corresponding to all client isolates
> > are saved, so that conservative stack scanning can be used correctly
> > during a shared garbage collection. This happens:
> >
> > 1) in Heap::PerformSharedGarbageCollection, for the stacks of the shared
> > isolate and the initiator;
> > 2) when an isolate's main thread is waiting in a safepoint; and
> > 3) when an isolate's main thread is parked.
> >
> > Bug: v8:13257
> > Change-Id: I9ff060f2c0c1ec12977c70d67d65d9c543e2d165
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027210
> > Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> > Reviewed-by: Omer Katz <omer...@chromium.org>

> > Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
> > Reviewed-by: Dominik Inführ <dinf...@chromium.org>

> > Cr-Commit-Position: refs/heads/main@{#84712}
>
> Bug: v8:13257
> Change-Id: I61df6eeca5a28e04eb3a858f7d601bc5f6312e49
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4092737
> Reviewed-by: Dominik Inführ <dinf...@chromium.org>
> Reviewed-by: Omer Katz <omer...@chromium.org>

> Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84963}

Bug: v8:13257
Change-Id: I3a235f11e5fe55c476591a5274946aeb6cc9bf6e

No-Presubmit: true
No-Tree-Checks: true
No-Try: true

Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111178
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84973}

[modify] https://crrev.com/53e7cf253a6ea7e7ae25008425898fd324cca671/test/cctest/heap/test-concurrent-allocation.cc
[modify] https://crrev.com/53e7cf253a6ea7e7ae25008425898fd324cca671/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/53e7cf253a6ea7e7ae25008425898fd324cca671/src/heap/heap.h
[modify] https://crrev.com/53e7cf253a6ea7e7ae25008425898fd324cca671/src/heap/heap.cc
[modify] https://crrev.com/53e7cf253a6ea7e7ae25008425898fd324cca671/src/heap/local-heap.h
[modify] https://crrev.com/53e7cf253a6ea7e7ae25008425898fd324cca671/src/heap/local-heap.cc
[modify] https://crrev.com/53e7cf253a6ea7e7ae25008425898fd324cca671/test/unittests/heap/conservative-stack-visitor-unittest.cc

[Git Watcher via monorail]

Comment #24 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c24

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/15c726bd630d94499ccc5b1ed39c0f24160cbf25

commit 15c726bd630d94499ccc5b1ed39c0f24160cbf25
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Mon Jan 02 15:58:27 2023

[heap] Merge mechanisms for disabling CSS

EmbedderStackStateScope is used to disable conservative stack scanning
for cppgc when the stack is known to not contain heap pointers. Also,
DisableConservativeStackScanningScopeForTesting is used to disable CSS
for the V8 heap in tests that assume a precise GC. Until now, these two
have used two different mechanisms for disabling CSS. This CL merges
the two mechanisms and implements the latter scope via the former.

This is a reland of commit f51e0bb1db67cfa1b4ac11b13e5cbee0b8601149
reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/4111954

Bug: v8:13257
Change-Id: Ia124a4201686e0ea79f9cd07bc3888b9781cafa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128141
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85066}

[modify] https://crrev.com/15c726bd630d94499ccc5b1ed39c0f24160cbf25/test/unittests/heap/cppgc-js/unified-heap-unittest.cc
[modify] https://crrev.com/15c726bd630d94499ccc5b1ed39c0f24160cbf25/src/heap/heap.h
[modify] https://crrev.com/15c726bd630d94499ccc5b1ed39c0f24160cbf25/src/heap/heap.cc
[modify] https://crrev.com/15c726bd630d94499ccc5b1ed39c0f24160cbf25/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #25 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c25

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/472429e623cf48e864a7a2f10d589817a88289a1

commit 472429e623cf48e864a7a2f10d589817a88289a1
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Jan 18 20:11:59 2023

[heap] Fix saving the callee-saved registers on stack

This CL reinstates the trampoline for pushing the values of
callee-saved registers on the stack, which is used for stack scanning.
It reintroduces the set of architecture-specific functions
PushAllRegistersAndIterateStack, removed in crrev.com/c/3989143.
The reason for this change is that the simpler architecture-specific
functions SaveCalleeSavedRegisters failed to correctly save the
values of the registers, in the presence of C++ compiler optimizations.

It also removes the stack context, introduced in crrev.com/c/4017512,
and uses again the trampoline for iterating through the stack.

Bug: v8:13257
Change-Id: I9e656a9b3ba6616168602300f2180b4f340593f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171639
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85394}

[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/base/stack.h
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/cppgc/marking-verifier.h
[add] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/base/asm/arm64/push_registers_masm.S
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/BUILD.bazel
[delete] https://crrev.com/562b65a86e6ce0cb417577a6296c5a7958d8162b/src/heap/base/asm/arm/save_registers_asm.cc
[add] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/base/asm/ia32/push_registers_masm.asm
[delete] https://crrev.com/562b65a86e6ce0cb417577a6296c5a7958d8162b/src/heap/base/asm/mips64/save_registers_asm.cc
[delete] https://crrev.com/562b65a86e6ce0cb417577a6296c5a7958d8162b/src/heap/base/asm/s390/save_registers_asm.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/profiler/heap-snapshot-generator.cc
[add] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/base/asm/s390/push_registers_asm.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/execution/isolate.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/test/unittests/heap/cppgc/write-barrier-unittest.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/test/unittests/heap/cppgc/marker-unittest.cc
[delete] https://crrev.com/562b65a86e6ce0cb417577a6296c5a7958d8162b/src/heap/base/asm/loong64/save_registers_asm.cc
[delete] https://crrev.com/562b65a86e6ce0cb417577a6296c5a7958d8162b/src/heap/base/asm/ia32/save_registers_asm.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/heap.h
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/test/unittests/heap/cppgc/marking-verifier-unittest.cc
[delete] https://crrev.com/562b65a86e6ce0cb417577a6296c5a7958d8162b/src/heap/base/asm/arm64/save_registers_masm.S
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/BUILD.gn
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/base/stack.cc
[delete] https://crrev.com/562b65a86e6ce0cb417577a6296c5a7958d8162b/src/heap/base/asm/riscv/save_registers_asm.cc
[add] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/base/asm/mips64/push_registers_asm.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/test/unittests/heap/cppgc/weak-container-unittest.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/test/unittests/heap/cppgc/stack-unittest.cc
[delete] https://crrev.com/562b65a86e6ce0cb417577a6296c5a7958d8162b/src/heap/base/asm/ppc/save_registers_asm.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/test/cctest/test-api.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/cppgc/heap-base.h
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/cppgc-js/cpp-heap.cc
[add] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/base/asm/ia32/push_registers_asm.cc
[add] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/base/asm/arm64/push_registers_asm.cc
[delete] https://crrev.com/562b65a86e6ce0cb417577a6296c5a7958d8162b/src/heap/base/asm/ia32/save_registers_masm.asm
[delete] https://crrev.com/562b65a86e6ce0cb417577a6296c5a7958d8162b/src/heap/base/asm/x64/save_registers_masm.asm
[add] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/base/asm/x64/push_registers_asm.cc
[add] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/base/asm/ppc/push_registers_asm.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/execution/thread-local-top.cc
[add] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/base/asm/riscv/push_registers_asm.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/cppgc/heap.cc
[add] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/base/asm/arm/push_registers_asm.cc
[add] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/base/asm/x64/push_registers_masm.asm
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/heap.cc
[delete] https://crrev.com/562b65a86e6ce0cb417577a6296c5a7958d8162b/src/heap/base/asm/arm64/save_registers_asm.cc
[delete] https://crrev.com/562b65a86e6ce0cb417577a6296c5a7958d8162b/src/heap/base/asm/x64/save_registers_asm.cc
[add] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/base/asm/loong64/push_registers_asm.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/test/cctest/heap/test-external-string-tracker.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/test/unittests/heap/conservative-stack-visitor-unittest.cc
[modify] https://crrev.com/472429e623cf48e864a7a2f10d589817a88289a1/src/heap/cppgc/marking-verifier.cc

[Git Watcher via monorail]

Comment #26 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c26

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/1e4b71d99fea5ea6bb4bf6420585a7819872bb0f

commit 1e4b71d99fea5ea6bb4bf6420585a7819872bb0f
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Jan 19 12:43:10 2023

[heap] Move the Stack object from ThreadLocalTop to Isolate

Stack information is thread-specific and, until now, it was stored in a
field in ThreadLocalTop. This CL moves stack information to the isolate
and makes sure to update the stack start whenever a main thread enters
the isolate. At the same time, the Stack object is refactored and
simplified.

As a side effect, after removing the Stack object, ThreadLocalTop
satisfies the std::standard_layout trait; this fixes some issues
observed with different C++ compilers.

Bug: v8:13630
Bug: v8:13257
Change-Id: I026a35af3bc6999a09b21f277756d4454c086343
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152476

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85445}

[modify] https://crrev.com/1e4b71d99fea5ea6bb4bf6420585a7819872bb0f/src/execution/isolate.cc
[modify] https://crrev.com/1e4b71d99fea5ea6bb4bf6420585a7819872bb0f/test/cctest/test-api.cc
[modify] https://crrev.com/1e4b71d99fea5ea6bb4bf6420585a7819872bb0f/src/execution/thread-local-top.h
[modify] https://crrev.com/1e4b71d99fea5ea6bb4bf6420585a7819872bb0f/src/heap/heap.cc
[modify] https://crrev.com/1e4b71d99fea5ea6bb4bf6420585a7819872bb0f/test/cctest/test-debug.cc
[modify] https://crrev.com/1e4b71d99fea5ea6bb4bf6420585a7819872bb0f/test/cctest/test-lockers.cc
[modify] https://crrev.com/1e4b71d99fea5ea6bb4bf6420585a7819872bb0f/src/execution/isolate.h
[modify] https://crrev.com/1e4b71d99fea5ea6bb4bf6420585a7819872bb0f/test/cctest/test-cpu-profiler.cc
[modify] https://crrev.com/1e4b71d99fea5ea6bb4bf6420585a7819872bb0f/src/execution/thread-local-top.cc

[Git Watcher via monorail]

Comment #27 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c27

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/de50db2101855c5ac0478c33fb9246c33967e78c

commit de50db2101855c5ac0478c33fb9246c33967e78c
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue Jan 24 12:42:57 2023

[heap] Re-introduce stack markers

This CL introduces a mechanism for setting a stack marker, to be used

for scanning only the part of stack between its start and the marker

(instead of the current stack top). Without this, the marking verifier
may encounter objects that have not been marked, because of false
positives during conservative stack scanning. The marker is introduced
in the Stack object, replacing and generalizing the one that existed
in the CppHeap.

Bug: v8:13257
Change-Id: I59cfb01e90912f9e54828bf05a3bdcfddb23e7bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4187221

Reviewed-by: Omer Katz <omer...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85454}

[modify] https://crrev.com/de50db2101855c5ac0478c33fb9246c33967e78c/src/heap/base/stack.h
[modify] https://crrev.com/de50db2101855c5ac0478c33fb9246c33967e78c/src/heap/scavenger.cc
[modify] https://crrev.com/de50db2101855c5ac0478c33fb9246c33967e78c/src/heap/cppgc/marking-verifier.h
[modify] https://crrev.com/de50db2101855c5ac0478c33fb9246c33967e78c/src/heap/cppgc/heap-base.h
[modify] https://crrev.com/de50db2101855c5ac0478c33fb9246c33967e78c/src/heap/cppgc-js/cpp-heap.cc
[modify] https://crrev.com/de50db2101855c5ac0478c33fb9246c33967e78c/src/heap/cppgc/heap.cc
[modify] https://crrev.com/de50db2101855c5ac0478c33fb9246c33967e78c/src/heap/heap.h
[modify] https://crrev.com/de50db2101855c5ac0478c33fb9246c33967e78c/src/heap/heap.cc
[modify] https://crrev.com/de50db2101855c5ac0478c33fb9246c33967e78c/test/unittests/heap/cppgc/marking-verifier-unittest.cc
[modify] https://crrev.com/de50db2101855c5ac0478c33fb9246c33967e78c/src/heap/mark-compact.cc
[modify] https://crrev.com/de50db2101855c5ac0478c33fb9246c33967e78c/src/heap/base/stack.cc
[modify] https://crrev.com/de50db2101855c5ac0478c33fb9246c33967e78c/src/heap/cppgc/marking-verifier.cc

[Git Watcher via monorail]

Comment #28 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c28

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/20a954f4bc8fec786baee06e2a1a1517cfc336ba

commit 20a954f4bc8fec786baee06e2a1a1517cfc336ba
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Jan 25 09:47:51 2023

[heap][test] Fix weakrefs tests for conservative stack scanning

31 out of the 36 JS tests in test/mjsunit/harmony/weakrefs/ rely on
precise GC with the following general pattern: they allocate some
objects, clear all references to them, invoke a GC, then perform
some test that assumes that the GC has reclaimed the objects.

When conservative stack scanning is used, this may fail.

This CL fixes the tests, ensuring that a precise GC will be invoked
when necessary, without scanning the stack. To achieve this, the GC
has to be invoked in asynchronous execution mode, which ensures that
it will be invoked from the event loop without a stack. In some
cases, this change requires a non-trivial change in the tests.

In 5 tests, part of the test's objective was to verify that a weak
reference is not cleared before the end of the turn. In those, it
was not possible to invoke GC asynchronously, as this would
immediately start a new turn. These tests still use synchronous GC
and they have been modified, if necessary, to allow for CSS (i.e.,
to not test that all possible garbage is reclaimed after a
sequential GC). Because of CSS, these tests may not always test
everything that they were intended to.

Tests with trivial fix:

- cleanup-from-different-realm
- cleanup
- cleanup-proxy-from-different-realm
- cleanupsome-2
- cleanupsome-after-unregister
- cleanupsome
- finalizationregistry-keeps-holdings-alive
- multiple-dirty-finalization-groups
- stress-finalizationregistry-dirty-enqueue
- undefined-holdings
- unregister-after-cleanup
- unregister-before-cleanup
- unregister-called-twice
- unregister-inside-cleanup2
- unregister-inside-cleanup3
- unregister-inside-cleanup
- unregister-many
- unregister-when-cleanup-already-scheduled
- weak-cell-basics

Tests with non-trivial fixes; same logic but very restructured:

- cleanup-is-not-a-microtask:
- cleanup-on-detached-realm
- finalizationregistry-scheduled-for-cleanup-multiple-times
- finalizationregistry-independent-lifetime
- finalizationregistry-independent-lifetime-multiple
- reentrant-gc-from-cleanup
- symbol-in-finalizationregistry
(was 2nd part of former symbol-as-weakref-target-gc)
- weak-unregistertoken

Tests with non-trivial fixes; same logic, restructured, using
synchronous GC:

- finalizationregistry-and-weakref
- symbol-as-weakref-target-gc
(was 1st part of former symbol-as-weakref-target-gc)
- two-weakrefs
- weakref-creation-keeps-alive
- weakref-deref-keeps-alive

Bug: v8:13257
Bug: v8:13662
Change-Id: I53586bd16cdb98fa976e1fa798ef498bdf286238
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4191774
Reviewed-by: Marja Hölttä <ma...@chromium.org>
Reviewed-by: Shu-yu Guo <s...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85477}

[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/unregister-before-cleanup.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/cleanup-on-detached-realm.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/unregister-inside-cleanup3.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/finalizationregistry-scheduled-for-cleanup-multiple-times.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/finalizationregistry-keeps-holdings-alive.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/cleanup-proxy-from-different-realm.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/reentrant-gc-from-cleanup.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/cleanup-is-not-a-microtask.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/cleanupsome-2.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/stress-finalizationregistry-dirty-enqueue.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/multiple-dirty-finalization-groups.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/cleanup.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/unregister-when-cleanup-already-scheduled.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/weak-unregistertoken.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/weakref-creation-keeps-alive.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/weakref-deref-keeps-alive.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/unregister-many.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/unregister-after-cleanup.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/finalizationregistry-independent-lifetime.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/cleanupsome.js
[add] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/symbol-in-finalizationregistry.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/unregister-called-twice.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/undefined-holdings.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/finalizationregistry-and-weakref.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/cleanup-from-different-realm.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/unregister-inside-cleanup2.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/cleanupsome-after-unregister.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/two-weakrefs.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/symbol-as-weakref-target-gc.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/weak-cell-basics.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/unregister-inside-cleanup.js
[modify] https://crrev.com/20a954f4bc8fec786baee06e2a1a1517cfc336ba/test/mjsunit/harmony/weakrefs/finalizationregistry-independent-lifetime-multiple.js

[Git Watcher via monorail]

Comment #29 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c29

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7

commit 95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7
Author: Shu-yu Guo <s...@chromium.org>
Date: Wed Jan 25 18:52:38 2023

Revert "[heap][test] Fix weakrefs tests for conservative stack scanning"

This reverts commit 20a954f4bc8fec786baee06e2a1a1517cfc336ba.

Reason for revert: Alas, GC stress failures:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/45646/overview

Original change's description:

Change-Id: Icc7a907928ccac058f8acdf320c21b2df04c1b78

No-Presubmit: true
No-Tree-Checks: true
No-Try: true

Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4192256
Auto-Submit: Shu-yu Guo <s...@chromium.org>
Commit-Queue: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85479}

[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/unregister-before-cleanup.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/cleanup-on-detached-realm.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/finalizationregistry-scheduled-for-cleanup-multiple-times.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/unregister-inside-cleanup3.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/finalizationregistry-keeps-holdings-alive.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/cleanup-proxy-from-different-realm.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/reentrant-gc-from-cleanup.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/cleanup-is-not-a-microtask.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/cleanupsome-2.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/stress-finalizationregistry-dirty-enqueue.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/multiple-dirty-finalization-groups.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/cleanup.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/unregister-when-cleanup-already-scheduled.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/weak-unregistertoken.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/weakref-creation-keeps-alive.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/weakref-deref-keeps-alive.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/unregister-many.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/unregister-after-cleanup.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/finalizationregistry-independent-lifetime.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/cleanupsome.js
[delete] https://crrev.com/930b17be777336510374ee873a40d043dcd9b172/test/mjsunit/harmony/weakrefs/symbol-in-finalizationregistry.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/unregister-called-twice.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/cleanup-from-different-realm.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/finalizationregistry-and-weakref.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/undefined-holdings.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/unregister-inside-cleanup2.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/cleanupsome-after-unregister.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/symbol-as-weakref-target-gc.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/two-weakrefs.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/weak-cell-basics.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/unregister-inside-cleanup.js
[modify] https://crrev.com/95b79bf04ba3f9de87f7bad77bc2d7552e5dc4d7/test/mjsunit/harmony/weakrefs/finalizationregistry-independent-lifetime-multiple.js

[Git Watcher via monorail]

Comment #30 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c30

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/02df9f3ef1a1b6f905568a33899f1addd1b034be

commit 02df9f3ef1a1b6f905568a33899f1addd1b034be
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Jan 26 18:38:32 2023

[heap][test] Reland: Fix weakrefs tests for conservative stack scanning

31 out of the 36 JS tests in test/mjsunit/harmony/weakrefs/ rely on
precise GC with the following general pattern: they allocate some
objects, clear all references to them, invoke a GC, then perform
some test that assumes that the GC has reclaimed the objects.
When conservative stack scanning is used, this may fail.

This CL fixes the tests, ensuring that a precise GC will be invoked
when necessary, without scanning the stack. To achieve this, the GC
has to be invoked in asynchronous execution mode, which ensures that
it will be invoked from the event loop without a stack. In some
cases, this change requires a non-trivial change in the tests.

In 5 tests, part of the test's objective was to verify that a weak
reference is not cleared before the end of the turn. In those, it
was not possible to invoke GC asynchronously, as this would
immediately start a new turn. These tests still use synchronous GC
and they have been modified, if necessary, to allow for CSS (i.e.,
to not test that all possible garbage is reclaimed after a
sequential GC). Because of CSS, these tests may not always test
everything that they were intended to.

Some tests are unsuitable for testing in "GC stress" mode, because
this interferes with the execution of FinalizationRegistry cleanup
tasks or with the clearing of WeakRefs, when asynchronous GC is used.

This is a reland of commit 20a954f4bc8fec786baee06e2a1a1517cfc336ba

> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4191774
> Reviewed-by: Marja Hölttä <ma...@chromium.org>
> Reviewed-by: Shu-yu Guo <s...@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85477}

Bug: v8:13257
Bug: v8:13662

Change-Id: I298ccbc932afc44d5c8c858620a180388a25f5d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4197675

Reviewed-by: Shu-yu Guo <s...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Reviewed-by: Marja Hölttä <ma...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85512}

[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/unregister-before-cleanup.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/cleanup-on-detached-realm.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/finalizationregistry-scheduled-for-cleanup-multiple-times.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/unregister-inside-cleanup3.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/finalizationregistry-keeps-holdings-alive.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/cleanup-proxy-from-different-realm.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/reentrant-gc-from-cleanup.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/cleanupsome-2.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/cleanup-is-not-a-microtask.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/stress-finalizationregistry-dirty-enqueue.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/multiple-dirty-finalization-groups.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/cleanup.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/unregister-when-cleanup-already-scheduled.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/weak-unregistertoken.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/mjsunit.status
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/weakref-creation-keeps-alive.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/weakref-deref-keeps-alive.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/unregister-many.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/unregister-after-cleanup.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/finalizationregistry-independent-lifetime.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/cleanupsome.js
[add] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/symbol-in-finalizationregistry.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/unregister-called-twice.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/undefined-holdings.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/cleanup-from-different-realm.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/finalizationregistry-and-weakref.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/unregister-inside-cleanup2.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/cleanupsome-after-unregister.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/symbol-as-weakref-target-gc.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/two-weakrefs.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/weak-cell-basics.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/unregister-inside-cleanup.js
[modify] https://crrev.com/02df9f3ef1a1b6f905568a33899f1addd1b034be/test/mjsunit/harmony/weakrefs/finalizationregistry-independent-lifetime-multiple.js

[Git Watcher via monorail]

Comment #31 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c31

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/98949e258a2a2db2000241803f1d2d8bd688f613

commit 98949e258a2a2db2000241803f1d2d8bd688f613
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Sat Jan 28 11:54:47 2023

[heap][test] Disable one more weakref test for GC stress

This test is unsuitable for "GC stress" mode, because it interferes with
the execution of FinalizationRegistry cleanup tasks when asynchronous GC
is used. By mistake it was ommitted from crrev.com/c/4197675.

Bug: v8:13257
Bug: v8:13699
Change-Id: I81549cee7fae988aaa23611041d722f2e6abd89f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4200635

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Marja Hölttä <ma...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#85540}

[modify] https://crrev.com/98949e258a2a2db2000241803f1d2d8bd688f613/test/mjsunit/mjsunit.status

[Git Watcher via monorail]

Comment #32 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c32

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/7649ef2220dbb3875708dd259692dba4a5855633

commit 7649ef2220dbb3875708dd259692dba4a5855633
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Feb 03 15:15:15 2023

[heap][test] Disable weakref tests for stress concurrent allocation

These tests are unsuitable for "stress concurrent allocation" mode,
because it triggers GCs that interfere with the execution of
FinalizationRegistry cleanup tasks or with the clearing of WeakRefs.

Bug: v8:13257
Bug: v8:13713
Change-Id: Id43d95b53d3f68f1f70ad6ee9ff8e08e70007d13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4221575
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Shu-yu Guo <s...@chromium.org>
Reviewed-by: Marja Hölttä <ma...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85668}

[modify] https://crrev.com/7649ef2220dbb3875708dd259692dba4a5855633/test/mjsunit/mjsunit.status

[Git Watcher via monorail]

Comment #33 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c33

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/aaf1bdc01c1ea9ebfa28a454d876708af478db83

commit aaf1bdc01c1ea9ebfa28a454d876708af478db83
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Feb 10 09:48:24 2023

[heap][test] Fix cctest for conservative stack scanning

The following tests rely on precise garbage collection, as they test
--- among other things --- that some objects have been collected after
a given number of GCs. They occasionally fail if conservative stack
scanning is used and this CL fixes them, mostly by disabling CSS.

- test-concurrent-allocation/*: they set a very low limit on the heap
size and test that GC works correctly when triggered from concurrent
allocation. With CSS, GC does not always collect enough and we get
OOM errors. Here we did not disable CSS but increased the limit.
- unittests/APIExceptionTest.ExceptionMessageDoesNotKeepContextAlive:
it tests that some weak reference has been cleared after a GC.
- test-heap/*Weak*: same.
- test-heap/TestSizeOfRegexpCode: it uses GC to compute the size of
code generated for a regexp.
- test-heap/Regress1465: counts map transitions and expects some to
be collected by a GC.
- test-heap/LeakNativeContext*: they test that some global objects
have been collected by a GC.
- test-api/WeakCallbackApi: same.
- test-api/Regress528: same.
- test-api/TriggerDelayedMainThreadMetricsEvent: it tests that a
delayed main thread metrics event for an invalid context is ignored.
If the GC does not collect the context, the event is not ignored and
the test fails.

Bug: v8:13257
Change-Id: Ied9366227f2d6fbfb003840f57acece4afb2a24e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4232297
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#85777}

[modify] https://crrev.com/aaf1bdc01c1ea9ebfa28a454d876708af478db83/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/aaf1bdc01c1ea9ebfa28a454d876708af478db83/test/cctest/heap/test-concurrent-allocation.cc
[modify] https://crrev.com/aaf1bdc01c1ea9ebfa28a454d876708af478db83/test/cctest/test-api.cc
[modify] https://crrev.com/aaf1bdc01c1ea9ebfa28a454d876708af478db83/test/unittests/api/exception-unittest.cc

[Git Watcher via monorail]

Comment #34 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c34

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/74afdc3ab3f2594887ba8d8efcdcd1e8430b14d2

commit 74afdc3ab3f2594887ba8d8efcdcd1e8430b14d2
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Mon Feb 13 09:53:44 2023

[heap][test] Fix test for conservative stack scanning

The test ReleaseStackTraceData relies on precise garbage collection,
as it tests --- among other things --- that some resource has been
collected after a GC. It occasionally fails if conservative stack
scanning is used and this CL fixes it by disabling CSS.

Bug: v8:13257
Change-Id: I6871a90560d8909a8ca75bb1dd843da86eb7cde2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4239521
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85790}

[modify] https://crrev.com/74afdc3ab3f2594887ba8d8efcdcd1e8430b14d2/test/cctest/heap/test-heap.cc

[Git Watcher via monorail]

Updates:
Labels: merge-merged-config

Comment #35 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c35

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/eb9acd7f0a7136c9b7758a4eef7b043539786147

commit eb9acd7f0a7136c9b7758a4eef7b043539786147
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Mon Feb 20 14:45:54 2023

Change owner and luci notify for css bot

Bug: v8:13540
Bug: v8:13257
Change-Id: I9e357dec1d6d62d6fd4e802867a4cd29fda08a03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4269684
Reviewed-by: Almothana Athamneh <almut...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

[modify] https://crrev.com/eb9acd7f0a7136c9b7758a4eef7b043539786147/generated/luci-notify.cfg
[modify] https://crrev.com/eb9acd7f0a7136c9b7758a4eef7b043539786147/builders/experiments.star

[Git Watcher via monorail]

Comment #36 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c36

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/2fa8a730bac605e9101b8d397963fa762f482701

commit 2fa8a730bac605e9101b8d397963fa762f482701
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue Feb 21 08:27:20 2023

[handles] Fix DirectHandle after removal of Isolate::is_shared

This CL contains a trivial change to fix the code behind the
conservative stack scanning flag, which does not compile after
crrev.com/c/4261672.

Bug: v8:13267
Bug: v8:13270
Bug: v8:13257
Change-Id: I73a5bad1af3b710f9a48cdab61cea5711e240174
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4272630
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85944}

[modify] https://crrev.com/2fa8a730bac605e9101b8d397963fa762f482701/src/handles/handles.cc

[Git Watcher via monorail]

Comment #37 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c37

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/91851ab9fd4995dbe5cbea32dfd5753520ce8c58

commit 91851ab9fd4995dbe5cbea32dfd5753520ce8c58
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue Feb 21 16:36:08 2023

[heap][test] Fix inner pointer resolution unit tests

The two unit tests for inner pointer resolution in young generation
pages (1) assume that some new object is allocated on a specific page,
and (2) rely on precise garbage collection because they assume that
some resources will have been collected after a GC. The first type of
assertion fails when minor-mc is used (instead of the scavenger) for
the young generation, while the second occasionally fails if
conservative stack scanning is used. This CL fixes both issues by
(1) relaxing the assumption about object placement, and (2) disabling
CSS for these tests.

Bug: v8:13257
Change-Id: I04d357173c5823c04c60395eaaea245e18ab9e74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4275262

Reviewed-by: Omer Katz <omer...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85971}

[modify] https://crrev.com/91851ab9fd4995dbe5cbea32dfd5753520ce8c58/test/unittests/heap/marking-inner-pointer-resolution-unittest.cc

[Git Watcher via monorail]

Comment #38 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c38

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/3b66510813425ff6cc7ec51b54378092dfbd81fa

commit 3b66510813425ff6cc7ec51b54378092dfbd81fa
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue Feb 21 16:21:03 2023

[heap][test] Fix two cctests for conservative stack scanning

The tests regress1516 and SharedObjectRetainedByClientRememberedSet
rely on precise garbage collection, as they test --- among other
things --- that some resources have been collected after a GC. They
occasionally fail if conservative stack scanning is used and this CL
fixes them by disabling CSS.

Bug: v8:13257
Change-Id: I0b558411010aeaabc8c483a21112faa2a8ff6676
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4274729

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85972}

[modify] https://crrev.com/3b66510813425ff6cc7ec51b54378092dfbd81fa/test/cctest/test-api.cc
[modify] https://crrev.com/3b66510813425ff6cc7ec51b54378092dfbd81fa/test/cctest/test-shared-strings.cc

[Git Watcher via monorail]

Updates:
Labels: fixed-by-d3e4727014f9f0ea9cbd1a7835a3fbcaee61b31f

Comment #39 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c39

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/d3e4727014f9f0ea9cbd1a7835a3fbcaee61b31f

commit d3e4727014f9f0ea9cbd1a7835a3fbcaee61b31f
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Feb 22 15:21:59 2023

[heap] Introduce inner pointer resolution just for young generation

Inner pointer resolution assumes that the heap pages in which we try to
resolve inner pointers are iterable. This CL weakens this precondition
by introducing a new mode for inner pointer resolution, which works only
for young generation objects but only requires that pages in the young
generation are iterable. It also revises the mechanism for conservative
stack scanning to use this new mode whenever CSS is triggered from the
minor mark compactor.

On the side, this CL moves MarkCompactCollector::FindBasePtrForMarking
to the ConservativeStackVisitor. After this change, the compile flag
v8_enable_inner_pointer_resolution_mb becomes redundant and will be
removed in a subsequent CL.

Bug: v8:13257
Change-Id: Ifeb7df716cf5bf669f4e136f5d04105301d9394c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4274361

Reviewed-by: Omer Katz <omer...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#86010}

[modify] https://crrev.com/d3e4727014f9f0ea9cbd1a7835a3fbcaee61b31f/test/unittests/BUILD.gn
[modify] https://crrev.com/d3e4727014f9f0ea9cbd1a7835a3fbcaee61b31f/src/heap/heap-verifier.cc
[modify] https://crrev.com/d3e4727014f9f0ea9cbd1a7835a3fbcaee61b31f/test/unittests/heap/marking-inner-pointer-resolution-unittest.cc
[modify] https://crrev.com/d3e4727014f9f0ea9cbd1a7835a3fbcaee61b31f/src/heap/mark-compact.h
[modify] https://crrev.com/d3e4727014f9f0ea9cbd1a7835a3fbcaee61b31f/src/heap/conservative-stack-visitor.h
[modify] https://crrev.com/d3e4727014f9f0ea9cbd1a7835a3fbcaee61b31f/src/heap/mark-compact.cc
[modify] https://crrev.com/d3e4727014f9f0ea9cbd1a7835a3fbcaee61b31f/src/objects/visitors.h
[modify] https://crrev.com/d3e4727014f9f0ea9cbd1a7835a3fbcaee61b31f/src/heap/conservative-stack-visitor.cc

[Git Watcher via monorail]

Comment #40 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c40

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/9278e82b1ec353890ae4412e0c1d42cbc6a714f8

commit 9278e82b1ec353890ae4412e0c1d42cbc6a714f8
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Feb 22 15:08:44 2023

[heap][test] Fix more unit tests for conservative stack scanning

Some tests in unittests/EmbedderRootsHandlerTest/* rely on precise

garbage collection, as they test --- among other things --- that
some resources have been collected after a GC. They occasionally
fail if conservative stack scanning is used and this CL fixes them
by disabling CSS.

Bug: v8:13257

Change-Id: I420629f8eb92c9c6ecc3cd6ee29e86c1dc493a3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4281617

Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#86027}

[modify] https://crrev.com/9278e82b1ec353890ae4412e0c1d42cbc6a714f8/test/unittests/heap/cppgc-js/embedder-roots-handler-unittest.cc

[Git Watcher via monorail]

Comment #41 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c41

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/9f10ebc65ace4d0a4c95f95d261e1b7b8106d6e7

commit 9f10ebc65ace4d0a4c95f95d261e1b7b8106d6e7
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Mon Feb 27 13:05:15 2023

[heap] Make CSS imply no-compact-with-stack

With conservative stack scanning, special care must be taken so that
objects reachable from maybe-pointers on the stack are never migrated.
Since crrev.com/c/4105022, we have started having raw pointers on the
stack, behind the compile-time flag for CSS. For this to work, this
CL makes the CSS flag imply --no-compact-with-stack, so that objects
are never migrated when a GC with stack is invoked.

Bug: v8:13257
Bug: v8:13270
Change-Id: I241036e1704ecb83d689d31a1c026fc6ab14c1fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4289752

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#86107}

[modify] https://crrev.com/9f10ebc65ace4d0a4c95f95d261e1b7b8106d6e7/src/flags/flag-definitions.h

[Git Watcher via monorail]

Comment #42 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c42

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/25c3b145a42a5b36569e625193d8aaafac572ab8

commit 25c3b145a42a5b36569e625193d8aaafac572ab8
Author: Omer Katz <omer...@chromium.org>
Date: Mon Feb 27 15:43:21 2023

[heap] Split CSS out of Heap::IterateStackRoots

Isolate::Iterate can be called at the start of the final pause so that
it is processed by parallel marking.
This shows up on Typescript (Octane) when running with MinorMC enabled.

Bug: v8:13257, v8:12612
Change-Id: Ife0eb596b286eaebc102dae6c7cf4fb7b6a2dbbe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4294913
Reviewed-by: Nikolaos Papaspyrou <niko...@chromium.org>
Commit-Queue: Omer Katz <omer...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#86115}

[modify] https://crrev.com/25c3b145a42a5b36569e625193d8aaafac572ab8/src/heap/heap.h
[modify] https://crrev.com/25c3b145a42a5b36569e625193d8aaafac572ab8/src/heap/scavenger.cc
[modify] https://crrev.com/25c3b145a42a5b36569e625193d8aaafac572ab8/src/heap/heap.cc
[modify] https://crrev.com/25c3b145a42a5b36569e625193d8aaafac572ab8/src/heap/mark-compact.h
[modify] https://crrev.com/25c3b145a42a5b36569e625193d8aaafac572ab8/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #43 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c43

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/dafd65cc5de1dc2445ac6bb77954cb599d7f0439

commit dafd65cc5de1dc2445ac6bb77954cb599d7f0439
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Mon Feb 27 19:32:01 2023

[heap] Fix CSS build

Two CLs independently broke the CSS version: crrev.com/c/4165080 and
crrev.com/c/4294913.

Bug: v8:13257
Change-Id: Ia73d52a8ec7ba26b68ab501ee0a6b623cf7c0e56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4295301

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#86127}

[modify] https://crrev.com/dafd65cc5de1dc2445ac6bb77954cb599d7f0439/src/heap/heap.cc
[modify] https://crrev.com/dafd65cc5de1dc2445ac6bb77954cb599d7f0439/test/unittests/heap/conservative-stack-visitor-unittest.cc

[Git Watcher via monorail]

Comment #44 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c44

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/a9c54dfd22080b10966f9335771e8682d148f449

commit a9c54dfd22080b10966f9335771e8682d148f449
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue Feb 28 11:21:05 2023

[heap][cleanup] Clean up inner pointer resolution implementations

This CL removes the implementation of the object start bitmap that
has been evaluated as a mechanism for resolving inner pointers, in
the context of conservative stack scanning. It has been superseded
by a mechanism using the marking bitmap. The CL also removes the
two compile-time flags `v8_enable_inner_pointer_resolution_osb` and
`v8_enable_inner_pointer_resolution_mb`. The latter is now subsumed
by `v8_enable_conservative_stack_scanning`.

Notice that this CL is unrelated to the object start bitmap that is
part of CppGC, which is of course kept as is.

Bug: v8:12851
Bug: v8:13257
Change-Id: Idf9fa5b1ea95567fa1deab6fa301bd6de125d746
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4294977

Reviewed-by: Omer Katz <omer...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#86142}

[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/src/heap/new-spaces.cc
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/src/flags/flag-definitions.h
[delete] https://crrev.com/540b575b78f33e742c8cdd33a3f72dd4d0ce8cae/test/unittests/heap/object-start-bitmap-unittest.cc
[delete] https://crrev.com/540b575b78f33e742c8cdd33a3f72dd4d0ce8cae/src/heap/object-start-bitmap.h
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/src/heap/memory-chunk-layout.h
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/src/heap/new-spaces.h
[delete] https://crrev.com/540b575b78f33e742c8cdd33a3f72dd4d0ce8cae/src/heap/object-start-bitmap-inl.h
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/src/heap/memory-chunk.h
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/test/cctest/heap/test-mark-compact.cc
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/test/unittests/BUILD.gn
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/src/heap/heap-verifier.cc
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/src/heap/heap.cc
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/src/heap/memory-chunk.cc
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/src/heap/heap-allocator-inl.h
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/BUILD.gn
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/gni/v8.gni
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/infra/mb/mb_config.pyl
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/src/heap/scavenger-inl.h
[modify] https://crrev.com/a9c54dfd22080b10966f9335771e8682d148f449/src/heap/sweeper.cc

[Git Watcher via monorail]

Comment #45 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c45

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/6b7301ff6dcda72ae31afa850f52fceca59e3848

commit 6b7301ff6dcda72ae31afa850f52fceca59e3848
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue Feb 28 15:27:49 2023

[heap] Fix CSS build, again

It was broken again by the revert of crrev.com/c/4165080 in
crrev.com/c/4295322.

Bug: v8:13257
Change-Id: Ie85c333ee4be1d99c8732312f0387a45ab7ab044
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4295939
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#86156}

[modify] https://crrev.com/6b7301ff6dcda72ae31afa850f52fceca59e3848/test/unittests/heap/conservative-stack-visitor-unittest.cc

[Git Watcher via monorail]

Comment #46 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c46

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/fb8d758b60c7d3faec4dbbfb074c231a9b1f990e

commit fb8d758b60c7d3faec4dbbfb074c231a9b1f990e
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Mar 16 08:45:36 2023

[handles][test] Fix global handle unittests for CSS

This CL fixes some global handle unittests so that they work correctly
when conservative stack scanning is enabled and direct handles are
used for Local<T>.

Bug: v8:13257
Bug: v8:13270

Change-Id: I86e45a6ea2dbae9a5dc6703a8c119ae0812fd12d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4342399

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#86485}

[modify] https://crrev.com/fb8d758b60c7d3faec4dbbfb074c231a9b1f990e/test/unittests/heap/global-handles-unittest.cc

[Git Watcher via monorail]

Comment #47 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c47

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/3b95056f5b5987ea8153f43169445f51e9a1c113

commit 3b95056f5b5987ea8153f43169445f51e9a1c113
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Mar 23 17:33:53 2023

[handles] Refactor classes for abstract handles

This CL defines two base classes for abstract handles:

- IndirectHandleBase, for abstract handles containing indirect pointers
- DirectHandleBase, for abstract handles containing direct pointers

The latter is used to implement Local<T> when conservative stack
scanning is enabled. The former is used to implement all other classes
of abstract handles (e.g., Eternal<T>, Persistent<T>, Global<T>,
TracedReference<T>).

Doc: https://docs.google.com/document/d/1hAm0xBxNper6JMR_uICq_6h8Q1kG8ymQkkZrVTKc2Mo

Bug: v8:13257
Bug: v8:13270

Change-Id: Ibf94369308831a83397d11a5f5f973d81b4f30e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4335544

Reviewed-by: Omer Katz <omer...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#86690}

[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/test/cctest/cctest.cc
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/include/v8-util.h
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/include/v8-internal.h
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/include/v8-traced-handle.h
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/src/d8/d8-test.cc
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/include/v8-persistent-handle.h
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/include/v8-context.h
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/BUILD.bazel
[add] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/include/v8-handle-base.h
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/src/api/api-inl.h
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/include/v8-local-handle.h
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/include/v8-object.h
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/include/v8-isolate.h
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/src/profiler/sampling-heap-profiler.cc
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/src/api/api.h
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/BUILD.gn
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/src/api/api.cc
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/include/v8-function-callback.h
[modify] https://crrev.com/3b95056f5b5987ea8153f43169445f51e9a1c113/test/cctest/cctest.h

[Git Watcher via monorail]

Comment #48 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c48

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/460628da7a79c2e25763e7d5b7458c845fb5b260

commit 460628da7a79c2e25763e7d5b7458c845fb5b260
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Mar 24 14:32:30 2023

[heap] Clean up mechanism for disabling CSS for testing

Disabling conservative stack scanning, for testing or otherwise, is
controlled by the heap's embedder_stack_state_ field. This CL ensures
that this field is only set and reset by the EmbedderStackStateScope.
In particular, it removes a reset to kMayContainHeapPointers at the
end of GC, before executing callbacks.

The CL also removes Heap::ForceSharedGCWithEmptyStackForTesting, which
was used for disabling CSS in one cctest because of issues related to
synchronization, and replaces it with the generic scope that exists
for this purpose.

Bug: v8:13257
Change-Id: Ie685a293ccca93c275fbe1693eea52b62937eb38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4370023
Reviewed-by: Omer Katz <omer...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#86693}

[modify] https://crrev.com/460628da7a79c2e25763e7d5b7458c845fb5b260/test/cctest/test-shared-strings.cc
[modify] https://crrev.com/460628da7a79c2e25763e7d5b7458c845fb5b260/src/heap/heap.h
[modify] https://crrev.com/460628da7a79c2e25763e7d5b7458c845fb5b260/src/heap/heap.cc

[Git Watcher via monorail]

Comment #49 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c49

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/1aadce005740e7100b4c9ba64d178c41a2ef4f91

commit 1aadce005740e7100b4c9ba64d178c41a2ef4f91
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Mar 29 18:29:33 2023

[heap][handles] Add flag for direct local handles

This CL introduces the compile-time flag v8_enable_direct_local. If
this flag is set, Local<T> abstract handles contain direct pointers
instead of indirect pointers. The new flag implies conservative stack
scanning (CSS). The CL also places behind the new flag the existing
code for direct local handles, which was until now behind the CSS
compile-time flag.

Bug: v8:13257
Bug: v8:13270

Change-Id: Ic3f5b404fc2e76a6d3437a471476b338bf097192
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4381732
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#86789}

[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/test/cctest/cctest.cc
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/include/v8-util.h
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/bazel/defs.bzl
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/src/flags/flag-definitions.h
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/tools/testrunner/base_runner.py
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/tools/testrunner/testdata/testroot6/out/build/v8_build_config.json
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/tools/testrunner/testdata/testroot3/out/build/v8_build_config.json
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/tools/testrunner/testdata/testroot1/out/build/v8_build_config.json
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/BUILD.bazel
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/include/v8-handle-base.h
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/src/api/api-inl.h
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/tools/testrunner/build_config.py
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/include/v8-local-handle.h
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/gni/v8.gni
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/BUILD.gn
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/tools/testrunner/testdata/testroot2/out/build/v8_build_config.json
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/src/api/api.cc
[modify] https://crrev.com/1aadce005740e7100b4c9ba64d178c41a2ef4f91/tools/testrunner/testdata/testroot5/out.gn/build/v8_build_config.json

[Git Watcher via monorail]

Comment #50 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c50

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/272b82b520f01c6c5fe95769cd268593ee9291f1

commit 272b82b520f01c6c5fe95769cd268593ee9291f1
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Mar 30 18:57:25 2023

[heap][test] Fix inner-poiner resolution unittest

After eliminating the second markbit, this test broke.
It now does not distinguish between GREY and BLACK objects.
Simply, WHITE means unmarked and BLACK means marked.

Bug: v8:13257
Change-Id: I51e88afa5c134c62df5169809d8ede47b31e769f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4381642

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#86813}

[modify] https://crrev.com/272b82b520f01c6c5fe95769cd268593ee9291f1/test/unittests/heap/marking-inner-pointer-resolution-unittest.cc

[Git Watcher via monorail]

Comment #51 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c51

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/fc48e3351c676168132c3ae796c916fd2c86a181

commit fc48e3351c676168132c3ae796c916fd2c86a181
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Mar 29 15:22:26 2023

[handles] Prepare deprecation of TracedReference::operator* and ->

This CL prepares for the deprecation of v8::TracedReference::operator*
and v8::TracedReference::operator->. Both return an indirect pointer
to the traced reference's handle slot. By using Utils::OpenHandle on
this value, it is possible to create a v8::Local whose handle slot is
not allocated in a handle scope. Using this local after the traced
reference is reclaimed by GC may lead to a crash.

Instead of using these operators, API users and the V8 implementation
should properly convert to a v8::Local, using v8::TracedReference::Get.

A static method v8::Object::GetIsolate is added to safely obtain the
isolate from an object pointed to by a traced reference.

Additionally, the CL removes the corresponding operators of
v8::PersistentBase, which were private.

Bug: v8:13257
Bug: v8:13270

Change-Id: I1eb9d59aff19b6060346cfae8136425510f03349
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4377228

Reviewed-by: Omer Katz <omer...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#86814}

[modify] https://crrev.com/fc48e3351c676168132c3ae796c916fd2c86a181/include/v8-local-handle.h
[modify] https://crrev.com/fc48e3351c676168132c3ae796c916fd2c86a181/include/v8-util.h
[modify] https://crrev.com/fc48e3351c676168132c3ae796c916fd2c86a181/include/v8-object.h
[modify] https://crrev.com/fc48e3351c676168132c3ae796c916fd2c86a181/test/unittests/heap/cppgc-js/unified-heap-unittest.cc
[modify] https://crrev.com/fc48e3351c676168132c3ae796c916fd2c86a181/include/v8-persistent-handle.h
[modify] https://crrev.com/fc48e3351c676168132c3ae796c916fd2c86a181/src/api/api.h
[modify] https://crrev.com/fc48e3351c676168132c3ae796c916fd2c86a181/include/v8-handle-base.h

[Git Watcher via monorail]

Comment #52 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c52

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/fe4a951b5274efc5402e50bd6caa6aa17808b99a

commit fe4a951b5274efc5402e50bd6caa6aa17808b99a
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Mar 31 09:45:06 2023

[heap][test] Fix more unit tests for conservative stack scanning

Some tests in unittests/ManagedTest/*, unittests/ScannerStreamsTest/*
and unittests/WeakSetsTest/* rely on precise garbage collection, as
they test --- among other things --- either that some resources have
been collected after a GC or that GC uses compaction. They may fail

if conservative stack scanning is used and this CL fixes them by
disabling CSS.

Bug: v8:13257

Change-Id: I0d1f19e9546e019b265d6127e284a0f23e279234
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4388573

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Reviewed-by: Omer Katz <omer...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#86825}

[modify] https://crrev.com/fe4a951b5274efc5402e50bd6caa6aa17808b99a/test/unittests/objects/weaksets-unittest.cc
[modify] https://crrev.com/fe4a951b5274efc5402e50bd6caa6aa17808b99a/test/unittests/objects/managed-unittest.cc
[modify] https://crrev.com/fe4a951b5274efc5402e50bd6caa6aa17808b99a/test/unittests/parser/scanner-streams-unittest.cc

[Git Watcher via monorail]

Comment #53 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c53

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/0d5082c13b82ad2072d4372a6a374afc107fe598

commit 0d5082c13b82ad2072d4372a6a374afc107fe598
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Mar 31 11:59:24 2023

[api][heap][handles] Deprecate v8::TracedReference::operator* and ->

v8::TracedReference::operator* and v8::TracedReference::operator->

will soon be deprecated in the V8 API, as they return an indirect
pointer to the traced reference's handle slot, which can be used to
access a heap object without using a v8::Local. This may lead to a
crash if the traced reference is reclaimed or moved by GC, during
the lifetime of this pointer.

Instead of using these operators, API users and the V8 implementation
should properly convert to a v8::Local, using v8::TracedReference::Get.

Bug: v8:13257
Bug: v8:13270

Change-Id: I748ba37df2fdfb1bbc4d414c6990523bfb9c70a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4388583

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#86845}

[modify] https://crrev.com/0d5082c13b82ad2072d4372a6a374afc107fe598/include/v8-traced-handle.h

[Git Watcher via monorail]

Comment #54 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c54

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/197da2b1297327c3fab7f198e0ba6647767da72c

commit 197da2b1297327c3fab7f198e0ba6647767da72c
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Mar 31 12:08:37 2023

[heap][test] Fix more cctests for conservative stack scanning

Some tests in cctest/test-api/*, cctest/test-array-buffer-tracker/*,
cctest/test-compaction/* and cctest/test-cpu-profiler/* rely on

precise garbage collection, as they test --- among other things ---
either that some resources have been collected after a GC or that GC
uses compaction. They may fail if conservative stack scanning is used
and this CL fixes them by disabling CSS.

Bug: v8:13257

Change-Id: I1d60fda809b5687554e03f90a1899aaebed6caf2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4388596

Reviewed-by: Omer Katz <omer...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#86846}

[modify] https://crrev.com/197da2b1297327c3fab7f198e0ba6647767da72c/test/cctest/test-api.cc
[modify] https://crrev.com/197da2b1297327c3fab7f198e0ba6647767da72c/test/cctest/heap/test-compaction.cc
[modify] https://crrev.com/197da2b1297327c3fab7f198e0ba6647767da72c/test/cctest/heap/test-array-buffer-tracker.cc
[modify] https://crrev.com/197da2b1297327c3fab7f198e0ba6647767da72c/test/cctest/test-cpu-profiler.cc

[Git Watcher via monorail]

Comment #55 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c55

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/92ab4e619d876d2a57d570ab0090efe9297b2160

commit 92ab4e619d876d2a57d570ab0090efe9297b2160
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue Apr 04 08:15:26 2023

[heap][test] Fix broken unit test

The inner-pointer resolution unit tests broke after the refactoring
of the marking bitmap (crrev.com/c/4392735). This CL fixes them.

Bug: v8:13257
Change-Id: I7a6cd459493cd24e0dab5dea18d189bd7964be8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4397683

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#86902}

[modify] https://crrev.com/92ab4e619d876d2a57d570ab0090efe9297b2160/test/unittests/heap/marking-inner-pointer-resolution-unittest.cc

[Git Watcher via monorail]

Comment #56 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c56

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/bf45fe5147c131ff65640881f55c543d53b7dd59

commit bf45fe5147c131ff65640881f55c543d53b7dd59
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Mar 31 17:34:55 2023

[heap][test] Fix yet more cctests for conservative stack scanning

Some tests in cctest/test-heap/*, cctest/test-shared-strings/*,
cctest/test-heap-profiler/* and cctest/test-wasm-serialization/*

rely on precise garbage collection, as they test --- among other
things --- either that some resources have been collected after
a GC or that GC uses compaction. They may fail if conservative
stack scanning is used and this CL fixes them by disabling CSS.

Bug: v8:13257

Change-Id: Ica0c884038b6978ff9698c259f9dc800e60de430
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4388889
Reviewed-by: Omer Katz <omer...@chromium.org>

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#86909}

[modify] https://crrev.com/bf45fe5147c131ff65640881f55c543d53b7dd59/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/bf45fe5147c131ff65640881f55c543d53b7dd59/test/cctest/test-heap-profiler.cc
[modify] https://crrev.com/bf45fe5147c131ff65640881f55c543d53b7dd59/test/cctest/test-shared-strings.cc
[modify] https://crrev.com/bf45fe5147c131ff65640881f55c543d53b7dd59/test/cctest/wasm/test-wasm-serialization.cc

[Git Watcher via monorail]

Comment #57 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c57

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/eed2d705135a073cedaa7c6fbbb35bc0cddd6461

commit eed2d705135a073cedaa7c6fbbb35bc0cddd6461
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Apr 05 15:32:48 2023

[heap] Fix CSS visitor after markbit cleanup

The conservative stack scanning visitor and inner-pointer resolution
unit tests broke after the cleaning up of the marking bitmap
(crrev.com/c/4401250). This CL fixes them. It also renames methods
in MarkingBitmap and fixes parameter types, to avoid the ambiguity
between a markbit index and a cell index.

Bug: v8:13257
Change-Id: I124320dfec484f51b97c161d484df009d988565c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4403223
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#86946}

[modify] https://crrev.com/eed2d705135a073cedaa7c6fbbb35bc0cddd6461/test/unittests/heap/marking-inner-pointer-resolution-unittest.cc
[modify] https://crrev.com/eed2d705135a073cedaa7c6fbbb35bc0cddd6461/src/heap/marking.h
[modify] https://crrev.com/eed2d705135a073cedaa7c6fbbb35bc0cddd6461/src/heap/conservative-stack-visitor.cc
[modify] https://crrev.com/eed2d705135a073cedaa7c6fbbb35bc0cddd6461/src/heap/marking-inl.h

[Git Watcher via monorail]

Comment #58 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c58

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/410c17c12b78683d35ed5e49d4257b7b7a7a4fcb

commit 410c17c12b78683d35ed5e49d4257b7b7a7a4fcb
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Apr 26 11:45:29 2023

[heap][test] Add tests for the shared heap

This CL adds a number of unit tests for the shared heap. These will be
primarily useful for testing that conservative stack scanning works as
expected with client isolates.

Bug: v8:13257
Change-Id: I00e6504bf96cb137b144639ce7de102f627612e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4474034
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#87282}

[modify] https://crrev.com/410c17c12b78683d35ed5e49d4257b7b7a7a4fcb/test/unittests/test-utils.h
[modify] https://crrev.com/410c17c12b78683d35ed5e49d4257b7b7a7a4fcb/test/unittests/heap/shared-heap-unittest.cc

[Git Watcher via monorail]

Comment #59 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c59

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/7c02ca0e7ab06064e22df382f5580e9e2a05689a

commit 7c02ca0e7ab06064e22df382f5580e9e2a05689a
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Apr 26 14:41:11 2023

[heap] Stack switching and conservative stack scanning

This CL removes the incompatibility implication between the flags for
conservative stack scanning and experimental wasm stack switching. It
also cleans up code that was used to temporarily resolve issues caused
by this incompatibility.

Bug: v8:13257
Bug: v8:13493
Change-Id: Iea6eb8a333fab8d24b80fa3f6164ea103d32b3f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4098531
Reviewed-by: Ilya Rezvov <ire...@chromium.org>

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#87310}

[modify] https://crrev.com/7c02ca0e7ab06064e22df382f5580e9e2a05689a/src/heap/base/stack.h
[modify] https://crrev.com/7c02ca0e7ab06064e22df382f5580e9e2a05689a/src/flags/flag-definitions.h
[modify] https://crrev.com/7c02ca0e7ab06064e22df382f5580e9e2a05689a/src/heap/heap.cc
[modify] https://crrev.com/7c02ca0e7ab06064e22df382f5580e9e2a05689a/src/heap/base/stack.cc
[modify] https://crrev.com/7c02ca0e7ab06064e22df382f5580e9e2a05689a/test/mjsunit/mjsunit.status

[Git Watcher via monorail]

Comment #60 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c60

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/ef9de37da2408e8a66e7c87d8b56809e275e13aa

commit ef9de37da2408e8a66e7c87d8b56809e275e13aa
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Apr 27 13:45:04 2023

Revert "[heap] Stack switching and conservative stack scanning"

This reverts commit 7c02ca0e7ab06064e22df382f5580e9e2a05689a.

Reason for revert: test fails for non-pointer compression

Original change's description:

> [heap] Stack switching and conservative stack scanning
>
> This CL removes the incompatibility implication between the flags for
> conservative stack scanning and experimental wasm stack switching. It
> also cleans up code that was used to temporarily resolve issues caused
> by this incompatibility.
>
> Bug: v8:13257
> Bug: v8:13493
> Change-Id: Iea6eb8a333fab8d24b80fa3f6164ea103d32b3f4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4098531
> Reviewed-by: Ilya Rezvov <ire...@chromium.org>
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#87310}

Bug: v8:13257
Bug: v8:13493

Change-Id: Id9031cb3456f1d4d10a4478a0c22d66bef4147fb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4483838
Auto-Submit: Nikolaos Papaspyrou <niko...@chromium.org>
Commit-Queue: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#87312}

[modify] https://crrev.com/ef9de37da2408e8a66e7c87d8b56809e275e13aa/src/heap/base/stack.h
[modify] https://crrev.com/ef9de37da2408e8a66e7c87d8b56809e275e13aa/src/flags/flag-definitions.h
[modify] https://crrev.com/ef9de37da2408e8a66e7c87d8b56809e275e13aa/src/heap/heap.cc
[modify] https://crrev.com/ef9de37da2408e8a66e7c87d8b56809e275e13aa/src/heap/base/stack.cc
[modify] https://crrev.com/ef9de37da2408e8a66e7c87d8b56809e275e13aa/test/mjsunit/mjsunit.status

[Git Watcher via monorail]

Comment #61 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c61

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/a5763114bf6c8df90749868b4841ae29c58b9190

commit a5763114bf6c8df90749868b4841ae29c58b9190
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Apr 27 13:59:50 2023

Reland "[heap] Stack switching and conservative stack scanning"

This reverts commit ef9de37da2408e8a66e7c87d8b56809e275e13aa.

Reason for revert: the wrong CL was reverted

Original commit message:

This CL removes the incompatibility implication between the flags for
conservative stack scanning and experimental wasm stack switching. It
also cleans up code that was used to temporarily resolve issues caused
by this incompatibility.

Bug: v8:13257
Bug: v8:13493

Change-Id: Ibb64fa67b7518715bd4afe7f1a94c7e027154d37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4483839
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#87315}

[modify] https://crrev.com/a5763114bf6c8df90749868b4841ae29c58b9190/src/heap/base/stack.h
[modify] https://crrev.com/a5763114bf6c8df90749868b4841ae29c58b9190/src/flags/flag-definitions.h
[modify] https://crrev.com/a5763114bf6c8df90749868b4841ae29c58b9190/src/heap/heap.cc
[modify] https://crrev.com/a5763114bf6c8df90749868b4841ae29c58b9190/src/heap/base/stack.cc
[modify] https://crrev.com/a5763114bf6c8df90749868b4841ae29c58b9190/test/mjsunit/mjsunit.status

[Git Watcher via monorail]

Comment #62 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c62

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/e22b5bc4a06b34e91b801f9fd495ed30b69e720f

commit e22b5bc4a06b34e91b801f9fd495ed30b69e720f
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue May 02 08:28:20 2023

[heap] Fix conservative stack scanning for client isolates

With this CL, the main threads of client isolates save a marker on
their stack when they park and when they wait in a safepoint. In this
way, during a shared garbage collection we can scan the stacks of the
client isolates conservatively.

This is almost correct; we may miss pointers that are in callee-saved
registers at the time that the stack marker is saved. A subsequent CL
will rework the mechanism for setting the stack marker.

Bug: v8:13257
Change-Id: I56c1b086cc6c44c4ae99b58a985d7e97b077790b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4480189

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#87362}

[modify] https://crrev.com/e22b5bc4a06b34e91b801f9fd495ed30b69e720f/test/unittests/heap/shared-heap-unittest.cc
[modify] https://crrev.com/e22b5bc4a06b34e91b801f9fd495ed30b69e720f/test/cctest/test-shared-strings.cc
[modify] https://crrev.com/e22b5bc4a06b34e91b801f9fd495ed30b69e720f/src/heap/heap.h
[modify] https://crrev.com/e22b5bc4a06b34e91b801f9fd495ed30b69e720f/src/heap/heap.cc
[modify] https://crrev.com/e22b5bc4a06b34e91b801f9fd495ed30b69e720f/src/heap/local-heap.h
[modify] https://crrev.com/e22b5bc4a06b34e91b801f9fd495ed30b69e720f/src/heap/local-heap.cc

[Git Watcher via monorail]

Comment #63 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c63

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/e6f8be5b211726988b5d2b298690e8114db199c3

commit e6f8be5b211726988b5d2b298690e8114db199c3
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed May 10 08:46:32 2023

[heap] Fix inner-pointer resolution for 64bit marking cell

Since https://crrev.com/c/4483841, the size of the marking bitmap cell
changed from 32 bits to 64 bits. This CL fixes a bug in inner-pointer resolution that was introduced with this change.

Bug: v8:13257
Change-Id: I591f007566dd309163821fe766661880be11a405
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4515107
Reviewed-by: Anton Bikineev <biki...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#87565}

[modify] https://crrev.com/e6f8be5b211726988b5d2b298690e8114db199c3/src/heap/conservative-stack-visitor.cc
[modify] https://crrev.com/e6f8be5b211726988b5d2b298690e8114db199c3/test/unittests/heap/inner-pointer-resolution-unittest.cc

[Git Watcher via monorail]

Comment #64 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c64

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/975670a73a633886e1400d2b4878efca6ad4f538

commit 975670a73a633886e1400d2b4878efca6ad4f538
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu May 11 14:38:53 2023

[heap][test] Fix two tests for conservative stack scanning

These two tests rely on precise garbage collection, as they test
--- among other things --- that some resources have been collected
after a GC. They may fail if conservative stack scanning is used.
This CL fixes the tests by invoking the GC in asynchronous execution
mode, when necessary, to ensure that it will be invoked from the
event loop without a stack.

Furthermore, test regress-4578 which included two independent
scenaria is now split in two, to prevent interaction between the
asynchronous tasks of these two scenaria.

Bug: v8:13257
Change-Id: Ic1463e0ba2a6c601a78000154037bb48662802b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4519135
Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#87644}

[modify] https://crrev.com/975670a73a633886e1400d2b4878efca6ad4f538/test/message/weakref-finalizationregistry-error.js
[add] https://crrev.com/975670a73a633886e1400d2b4878efca6ad4f538/test/mjsunit/regress/regress-4578-deopt.js
[modify] https://crrev.com/975670a73a633886e1400d2b4878efca6ad4f538/test/mjsunit/regress/regress-4578.js

[Git Watcher via monorail]

Comment #65 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c65

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/fc5546f242426a1c95eb8b4b33087165cd82923e

commit fc5546f242426a1c95eb8b4b33087165cd82923e
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu May 11 16:15:49 2023

[heap][test] Fix three threaded cctests for CSS

The tests fixed by this CL use weak references with callbacks that take
as parameter a pointer to a handle that is local to the test. If the
weak references are not cleared by a GC during the test's lifetime, the
pointer passed as a parameter to the callback will be dangling. This can
happen with conservative stack scanning and with threaded tests, that
all use the same isolate. This CL fixes this issue by disabling CSS for
the tests that exhibit this.

Bug: v8:13257
Change-Id: I76f17710a0baabccfd2572d5389a25ac10120f4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4518436

Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#87645}

[modify] https://crrev.com/fc5546f242426a1c95eb8b4b33087165cd82923e/test/cctest/test-api.cc

[Git Watcher via monorail]

Comment #66 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c66

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/8940aeb214cc02e690a7135040402391438bd8f2

commit 8940aeb214cc02e690a7135040402391438bd8f2
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu May 11 16:17:56 2023

[heap] Refactor helper function for inner-pointer resolution

This CL moves the helper function for finding the previous object
for conservative marking to become a method of MarkingBitmap, as
its implementation relies on the internals of the marking bitmap.

Bug: v8:13257
Change-Id: Ia11bdfc05a6a7815faec538099095510f4d0de45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4523174

Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#87667}

[modify] https://crrev.com/8940aeb214cc02e690a7135040402391438bd8f2/src/heap/marking.h
[modify] https://crrev.com/8940aeb214cc02e690a7135040402391438bd8f2/src/heap/conservative-stack-visitor.cc
[modify] https://crrev.com/8940aeb214cc02e690a7135040402391438bd8f2/src/heap/marking-inl.h

[Git Watcher via monorail]

Comment #67 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c67

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/6ba3ebe42d07c479f2ed1e320c166c4bd400ada9

commit 6ba3ebe42d07c479f2ed1e320c166c4bd400ada9
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Sat May 20 00:02:29 2023

[heap][test] Fix heap profiler test for CSS

Since https://crrev.com/c/4499405, the heap profiler by default installs
a scope with EmbedderStackState::kMayContainHeapPointers, which
overrides DisableConservativeStackScanningScopeForTesting. This results
in cctest/test-heap-profiler/HeapSnapshotDeleteDuringTakeSnapshot
occasionally failing with conservative stack scanning. This CL fixes the
issue by explicitly taking a snapshot without stack, in that test.

Bug: v8:13257
Change-Id: I972c086c99e82b1804614c76be3b2413e9c7edc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4547811
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#87766}

[modify] https://crrev.com/6ba3ebe42d07c479f2ed1e320c166c4bd400ada9/test/cctest/test-heap-profiler.cc

[Git Watcher via monorail]

Comment #68 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c68

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/89bad9c3e638abcf61f0e976ad3aeeac7db2d72c

commit 89bad9c3e638abcf61f0e976ad3aeeac7db2d72c
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Mon May 22 17:23:45 2023

[heap] Minor refactoring and cleanup for parking

The CL contains a minor refactoring and cleanup of the classes and
methods in parked-scope.h that are used for waiting on resources while
a thread is parked.

Bug: v8:13257
Change-Id: I7f1136c1f8f16d246c6d6998c426bd619a529051
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4547812
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#87860}

[modify] https://crrev.com/89bad9c3e638abcf61f0e976ad3aeeac7db2d72c/test/unittests/test-utils.h
[modify] https://crrev.com/89bad9c3e638abcf61f0e976ad3aeeac7db2d72c/test/unittests/heap/shared-heap-unittest.cc
[modify] https://crrev.com/89bad9c3e638abcf61f0e976ad3aeeac7db2d72c/test/cctest/test-shared-strings.cc
[modify] https://crrev.com/89bad9c3e638abcf61f0e976ad3aeeac7db2d72c/src/codegen/compiler.cc
[modify] https://crrev.com/89bad9c3e638abcf61f0e976ad3aeeac7db2d72c/src/heap/parked-scope.h
[modify] https://crrev.com/89bad9c3e638abcf61f0e976ad3aeeac7db2d72c/src/heap/local-heap.h
[modify] https://crrev.com/89bad9c3e638abcf61f0e976ad3aeeac7db2d72c/src/heap/local-heap.cc
[modify] https://crrev.com/89bad9c3e638abcf61f0e976ad3aeeac7db2d72c/test/unittests/heap/global-safepoint-unittest.cc
[modify] https://crrev.com/89bad9c3e638abcf61f0e976ad3aeeac7db2d72c/test/unittests/js-atomics/js-atomics-synchronization-primitive-unittest.cc

[Git Watcher via monorail]

Comment #69 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c69

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/082b1dffb04811b1814c21786b8414230bbfc87d

commit 082b1dffb04811b1814c21786b8414230bbfc87d
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed May 24 12:21:14 2023

[compiler] Do not park main thread while compiling

This CL avoids parking the main thread while compiling, in Turbofan,
Maglev and also in the interpreter. For this purpose, it introduces
two scopes: ParkedScopeIfOnBackground and UnparkedScopeIfOnBackground.

Bug: v8:13257
Change-Id: Ib8bfc188d562800ac520ac5ff5e866c1534431e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4553336
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Leszek Swirski <les...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#87862}

[modify] https://crrev.com/082b1dffb04811b1814c21786b8414230bbfc87d/src/maglev/maglev-compiler.cc
[modify] https://crrev.com/082b1dffb04811b1814c21786b8414230bbfc87d/src/codegen/compiler.cc
[modify] https://crrev.com/082b1dffb04811b1814c21786b8414230bbfc87d/src/heap/parked-scope.h
[modify] https://crrev.com/082b1dffb04811b1814c21786b8414230bbfc87d/src/interpreter/interpreter.cc
[modify] https://crrev.com/082b1dffb04811b1814c21786b8414230bbfc87d/src/execution/local-isolate.h

[Git Watcher via monorail]

Comment #70 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c70

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/8b1a8c2d809c0c713fb10b0df0cedd6e7e5e60e8

commit 8b1a8c2d809c0c713fb10b0df0cedd6e7e5e60e8
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Jun 01 08:45:27 2023

[heap] Clean up page sets kept by the memory allocator

The memory allocator keeps the set of normal pages and the set of
large pages that have been allocated, which are only used by the
implementation of inner pointer resolution in the context of
conservative stack scanning. This CL changes the type of pointers
that are stored in those sets, to avoid casts that are undefined
behaviour. It also puts those sets under the CSS compile-time flag
and cleans up some unecessary methods.

Bug: v8:13257
Change-Id: Iab265f3aea68638a72d3b0812f8c241047a9481f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4570896

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#87986}

[modify] https://crrev.com/8b1a8c2d809c0c713fb10b0df0cedd6e7e5e60e8/src/heap/memory-allocator.h
[modify] https://crrev.com/8b1a8c2d809c0c713fb10b0df0cedd6e7e5e60e8/src/heap/memory-allocator.cc
[modify] https://crrev.com/8b1a8c2d809c0c713fb10b0df0cedd6e7e5e60e8/src/heap/conservative-stack-visitor.cc

[Git Watcher via monorail]

Comment #71 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c71

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/d46e2f1dd1f45cd2edf4e15aa3e92768731cc027

commit d46e2f1dd1f45cd2edf4e15aa3e92768731cc027
Author: Leszek Swirski <les...@chromium.org>
Date: Thu Jun 01 11:46:03 2023

Revert "[heap] Clean up page sets kept by the memory allocator"

This reverts commit 8b1a8c2d809c0c713fb10b0df0cedd6e7e5e60e8.

Reason for revert: Crashes: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20debug/1831/overview

Original change's description:

> [heap] Clean up page sets kept by the memory allocator
>
> The memory allocator keeps the set of normal pages and the set of
> large pages that have been allocated, which are only used by the
> implementation of inner pointer resolution in the context of
> conservative stack scanning. This CL changes the type of pointers
> that are stored in those sets, to avoid casts that are undefined
> behaviour. It also puts those sets under the CSS compile-time flag
> and cleans up some unecessary methods.
>
> Bug: v8:13257
> Change-Id: Iab265f3aea68638a72d3b0812f8c241047a9481f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4570896
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Reviewed-by: Omer Katz <omer...@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#87986}

Bug: v8:13257
Change-Id: Idbf5eb03462bb4846f0ba51c124520dc22769989

No-Presubmit: true
No-Tree-Checks: true
No-Try: true

Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4577222
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <les...@chromium.org>
Commit-Queue: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <les...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#87992}

[modify] https://crrev.com/d46e2f1dd1f45cd2edf4e15aa3e92768731cc027/src/heap/memory-allocator.h
[modify] https://crrev.com/d46e2f1dd1f45cd2edf4e15aa3e92768731cc027/src/heap/memory-allocator.cc
[modify] https://crrev.com/d46e2f1dd1f45cd2edf4e15aa3e92768731cc027/src/heap/conservative-stack-visitor.cc

[Git Watcher via monorail]

Comment #72 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c72

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/c59777f33c57f483222e50a64cf2fbe4a5abaad1

commit c59777f33c57f483222e50a64cf2fbe4a5abaad1
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Jun 01 12:36:41 2023

[heap] Introduce LocalHeap::BlockWhileParked

This CL introduces method LocalHeap::BlockWhileParked, which will
replace the code pattern for parking a thread, using a ParkedScope,
for client isolates. For now, this is just a refactoring. In a
subsequent CL, this method will enter the trampoline for saving
the stack marker and the registers, so that if a GC happens while
the thread is parked, the stack can be scanned conservatively.

Bug: v8:13257
Change-Id: Iced4654ce5d72fd2923245f4e998383ec89b5567
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4562437
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#88000}

[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/compiler-dispatcher/optimizing-compile-dispatcher.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/test/cctest/test-serialize.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/codegen/compiler.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/compiler/js-create-lowering.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/BUILD.bazel
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/execution/local-isolate.h
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/objects/js-atomics-synchronization.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/execution/isolate.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/heap/collection-barrier.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/BUILD.gn
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/DEPS
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/heap/safepoint.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/execution/local-isolate-inl.h
[add] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/compiler/js-heap-broker-inl.h
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/objects/map-updater.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/test/cctest/test-shared-strings.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/heap/parked-scope.h
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/compiler/heap-refs.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/heap/local-heap-inl.h
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/compiler/access-info.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/compiler/js-heap-broker.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/maglev/maglev-graph-builder.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/test/unittests/heap/global-safepoint-unittest.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/test/unittests/js-atomics/js-atomics-synchronization-primitive-unittest.cc
[add] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/heap/parked-scope-inl.h
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/test/unittests/heap/shared-heap-unittest.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/compiler/js-heap-broker.h
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/d8/d8.cc
[modify] https://crrev.com/c59777f33c57f483222e50a64cf2fbe4a5abaad1/src/heap/local-heap.h

[Git Watcher via monorail]

Comment #73 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c73

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/d6a6003a98d55a4d165988e08a1f59c6d2edb20e

commit d6a6003a98d55a4d165988e08a1f59c6d2edb20e
Author: Nikolaos Papaspyrou <niko...@chromium.org>

Date: Thu Jun 01 08:45:27 2023

[heap] Reland "Clean up page sets kept by the memory allocator"

The memory allocator keeps the set of normal pages and the set of
large pages that have been allocated, which are only used by the
implementation of inner pointer resolution in the context of
conservative stack scanning. This CL changes the type of pointers
that are stored in those sets, to avoid casts that are undefined
behaviour. It also puts those sets under the CSS compile-time flag
and cleans up some unecessary methods.

This is a reland of commit 8b1a8c2d809c0c713fb10b0df0cedd6e7e5e60e8

> Change-Id: Iab265f3aea68638a72d3b0812f8c241047a9481f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4570896

> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Reviewed-by: Omer Katz <omer...@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

> Cr-Commit-Position: refs/heads/main@{#87986}

Bug: v8:13257

Change-Id: I1b6000cd89bfff177e47b9473e51e7caac822fcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4580052
Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#88009}

[modify] https://crrev.com/d6a6003a98d55a4d165988e08a1f59c6d2edb20e/src/heap/memory-allocator.h
[modify] https://crrev.com/d6a6003a98d55a4d165988e08a1f59c6d2edb20e/src/heap/memory-allocator.cc
[modify] https://crrev.com/d6a6003a98d55a4d165988e08a1f59c6d2edb20e/src/heap/conservative-stack-visitor.cc

[Git Watcher via monorail]

Comment #74 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c74

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/2bda55d0ca118ce56ede3a25c097a1929c3672fd

commit 2bda55d0ca118ce56ede3a25c097a1929c3672fd
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Jun 02 09:27:16 2023

[heap] Fix conservative stack scanning for client isolates

With this CL, the trampoline for pushing the callee-saved registers
on the stack and setting the stack marker is used whenever the main
thread is parked for waiting in a safepoint or for blocking on some
resource. In this way, conservative stack scanning can be used
correctly during a shared garbage collection, to scan the stacks of

client isolates.

Bug: v8:13257

Change-Id: Id75b8b0e3a44a048484109bc9393ade5ab649cf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4573594
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#88161}

[modify] https://crrev.com/2bda55d0ca118ce56ede3a25c097a1929c3672fd/src/heap/parked-scope-inl.h
[modify] https://crrev.com/2bda55d0ca118ce56ede3a25c097a1929c3672fd/src/heap/base/stack.h
[modify] https://crrev.com/2bda55d0ca118ce56ede3a25c097a1929c3672fd/test/unittests/heap/shared-heap-unittest.cc
[modify] https://crrev.com/2bda55d0ca118ce56ede3a25c097a1929c3672fd/src/heap/parked-scope.h
[modify] https://crrev.com/2bda55d0ca118ce56ede3a25c097a1929c3672fd/src/heap/local-heap-inl.h
[modify] https://crrev.com/2bda55d0ca118ce56ede3a25c097a1929c3672fd/src/heap/local-heap.h
[modify] https://crrev.com/2bda55d0ca118ce56ede3a25c097a1929c3672fd/src/heap/base/stack.cc
[modify] https://crrev.com/2bda55d0ca118ce56ede3a25c097a1929c3672fd/src/heap/local-heap.cc

[Git Watcher via monorail]

Comment #75 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c75

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/142fed51fc0a45d7a55e56f2aab5bcc748eeb256

commit 142fed51fc0a45d7a55e56f2aab5bcc748eeb256
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Mon Jun 12 13:36:30 2023

[heap] Fix stack marker for snapshot test deserialization

This CL ensures that the trampoline for setting the stack marker
is used, while parking the main thread during snapshot test
deserialization.

Bug: v8:13257
Bug: v8:14053
Change-Id: I7f7ede8df83a0b81de8147b0a1ebc2b786f1ae75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4604060

Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#88191}

[modify] https://crrev.com/142fed51fc0a45d7a55e56f2aab5bcc748eeb256/src/snapshot/snapshot.cc

[Git Watcher via monorail]

Comment #76 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c76

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/b597e9d4b86a02dcf1b5f41c09f94c1032867026

commit b597e9d4b86a02dcf1b5f41c09f94c1032867026
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Jun 15 20:03:40 2023

[heap] Fix saving stack marker for GC while parked

When the main thread blocks while parked, the trampoline for saving the
callee-saved registers on stack is used. When the main thread unparks,
we're still inside the trampoline (as we should be, because unparking
may join a safepoint). However, it is possible that unparking triggers
a GC from the main thread, and this also happens while we are still
inside the trampoline. During the GC we may again need to block, which
will try to enter the trampoline again, which will fail because the
trampoline is not reentrant.

This CL fixes the issue by ensuring that BlockMainThreadWhileParked
only tries to enter the trampoline if we are not already inside.

Bug: v8:13257
Bug: chromium:1454197
Change-Id: I83d8b2268590f851b04b74087c7accd15b5e701f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4608335
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#88294}

[modify] https://crrev.com/b597e9d4b86a02dcf1b5f41c09f94c1032867026/src/heap/local-heap-inl.h
[modify] https://crrev.com/b597e9d4b86a02dcf1b5f41c09f94c1032867026/src/heap/local-heap.h

[Git Watcher via monorail]

Comment #77 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c77

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/ff29245bc2aac8afd24b02b3a1b75aa4e54acfca

commit ff29245bc2aac8afd24b02b3a1b75aa4e54acfca
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Jun 16 10:04:21 2023

[test] Reduce total time for slow test

This regression test results in timeouts on the CSS bot with recent
changes. We reduce the number of cascading generators to reduce the
total execution time.

Bug: v8:13257
Bug: v8:14071
Change-Id: I3b0e91f2817d25a9e48101369b1e734a9e14a9e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4620388

Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#88308}

[modify] https://crrev.com/ff29245bc2aac8afd24b02b3a1b75aa4e54acfca/test/mjsunit/regress/regress-crbug-781583.js

[Git Watcher via monorail]

Comment #78 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c78

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/7f91613a9c1fc7d699395febf86b2d2b6d6d632d

commit 7f91613a9c1fc7d699395febf86b2d2b6d6d632d
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Jun 22 13:24:38 2023

[heap] Add check for DirectHandle usage

This CL adds a DCHECK which verifies DirectHandle usage:
1) They should be stack-allocated.
2) They can only be used from the main thread.

Bug: v8:13257
Bug: v8:13270
Change-Id: Ia0a0bc594e5a0bb93bccf7cab846659b1abc5db9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4632878
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#88459}

[modify] https://crrev.com/7f91613a9c1fc7d699395febf86b2d2b6d6d632d/src/handles/handles.cc
[modify] https://crrev.com/7f91613a9c1fc7d699395febf86b2d2b6d6d632d/test/unittests/heap/direct-handles-unittest.cc
[modify] https://crrev.com/7f91613a9c1fc7d699395febf86b2d2b6d6d632d/src/api/api.cc
[modify] https://crrev.com/7f91613a9c1fc7d699395febf86b2d2b6d6d632d/src/handles/handles.h
[modify] https://crrev.com/7f91613a9c1fc7d699395febf86b2d2b6d6d632d/src/handles/handles-inl.h
[modify] https://crrev.com/7f91613a9c1fc7d699395febf86b2d2b6d6d632d/include/v8-handle-base.h

[Git Watcher via monorail]

Comment #79 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c79

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/f816737b689441384a0e65268d31a7d1a9dd8a74

commit f816737b689441384a0e65268d31a7d1a9dd8a74
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Jun 29 08:49:21 2023

[heap] Avoid slow DCHECK for DirectHandle usage

The DCHECK for verifying DirectHandle usage that was introduced in
https://crrev.com/c/4632878 is too expensive for debug bots. It checks
that direct handles are stack-allocated and this ultimately invokes
Stack::GetStackStart. Although the stack start is cached in a thread-
local variable, in debug builds Stack::ObtainCurrentThreadStackStart
is invoked to verify that the stack start is correct. This method is
too expensive to be called for every DirectHandle allocation.

This CL introduces a private method Stack::GetStackStartUnchecked,
which returns the cached stack start without performing the slow
DCHECK for stack start sanity. This method will be used from
HandleHelper::VerifyOnStack, whenever we want to verify that some
object (e.g., a DirectHandle) is stack-allocated.

Bug: v8:13257
Bug: v8:13270

Change-Id: I06160d772aadbf92bfa877c01a9b834ce2b09c65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4651192

Reviewed-by: Omer Katz <omer...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#88553}

[modify] https://crrev.com/f816737b689441384a0e65268d31a7d1a9dd8a74/src/base/platform/platform.cc
[modify] https://crrev.com/f816737b689441384a0e65268d31a7d1a9dd8a74/src/base/platform/platform.h
[modify] https://crrev.com/f816737b689441384a0e65268d31a7d1a9dd8a74/src/api/api.cc

[Git Watcher via monorail]

Comment #80 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c80

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/ec0732ed03e2c3bf9495398a078c2d3b70a59b41

commit ec0732ed03e2c3bf9495398a078c2d3b70a59b41
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue Jul 04 09:28:05 2023

[handles] Fix direct handles for the release CSS build

This CL fixes a compiler error occuring in release builds with
conservative stack scanning, introduced in https://crrev.com/c/4643600.

Bug: v8:13257
Bug: v8:13270

Change-Id: I3fc79892ce818f20919ca8b8236cacc66ea26fc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4665344

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#88639}

[modify] https://crrev.com/ec0732ed03e2c3bf9495398a078c2d3b70a59b41/src/handles/handles-inl.h

[Git Watcher via monorail]

Comment #81 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c81

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/466e0818aa56569b761932c2dff4390d5553a780

commit 466e0818aa56569b761932c2dff4390d5553a780
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Jul 05 07:15:04 2023

[heap][handles] Add flag for internal direct handles

This CL introduces the compile-time flag v8_enable_direct_handle (DH).
If this flag is set, then DirectHandle<T> contains a direct pointer;
otherwise it is just an alias for Handle<T> which contains an indirect
pointer. Notice the connection between the new flag and the existing
compile-time flag for conservative stack scanning (CSS):

1. DH implies CSS, otherwise the correctness of the GC is broken.
2. The default value for DH is the value of CSS. Therefore, if CSS is
enabled, then direct handles are used by default unless the DH flag
is explicitly unset.

Bug: v8:13257
Bug: v8:13270

Change-Id: Ida9bf7a5b4b82c535c0040dbecc778d809d4e4bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4665342

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Reviewed-by: Omer Katz <omer...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#88660}

[modify] https://crrev.com/466e0818aa56569b761932c2dff4390d5553a780/bazel/defs.bzl
[modify] https://crrev.com/466e0818aa56569b761932c2dff4390d5553a780/src/flags/flag-definitions.h
[modify] https://crrev.com/466e0818aa56569b761932c2dff4390d5553a780/src/handles/maybe-handles-inl.h
[modify] https://crrev.com/466e0818aa56569b761932c2dff4390d5553a780/src/common/globals.h
[modify] https://crrev.com/466e0818aa56569b761932c2dff4390d5553a780/BUILD.bazel
[modify] https://crrev.com/466e0818aa56569b761932c2dff4390d5553a780/src/api/api-inl.h
[modify] https://crrev.com/466e0818aa56569b761932c2dff4390d5553a780/src/handles/handles.cc
[modify] https://crrev.com/466e0818aa56569b761932c2dff4390d5553a780/test/unittests/heap/direct-handles-unittest.cc
[modify] https://crrev.com/466e0818aa56569b761932c2dff4390d5553a780/gni/v8.gni
[modify] https://crrev.com/466e0818aa56569b761932c2dff4390d5553a780/BUILD.gn
[modify] https://crrev.com/466e0818aa56569b761932c2dff4390d5553a780/src/objects/tagged.h
[modify] https://crrev.com/466e0818aa56569b761932c2dff4390d5553a780/src/handles/handles.h
[modify] https://crrev.com/466e0818aa56569b761932c2dff4390d5553a780/src/handles/handles-inl.h
[modify] https://crrev.com/466e0818aa56569b761932c2dff4390d5553a780/src/handles/maybe-handles.h

[Git Watcher via monorail]

Comment #82 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c82

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/d8d7ffa7895728cdc33c50796f9ff19da8c5c738

commit d8d7ffa7895728cdc33c50796f9ff19da8c5c738
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue Jul 04 11:24:35 2023

[heap][test] Fix test for conservative stack scanning

This test relies on precise garbage collection, as it tests --- among

other things --- that some resources have been collected after a GC.

It may fail if conservative stack scanning is used. This CL fixes the
test by invoking the GC in asynchronous execution mode, to ensure that

it will be invoked from the event loop without a stack.

Bug: v8:13257
Change-Id: Ib97c099530e1f6aa5f705098e62cbf49f62734d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4660734

Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#88704}

[modify] https://crrev.com/d8d7ffa7895728cdc33c50796f9ff19da8c5c738/test/mjsunit/harmony/symbol-as-weakmap-key.js

[Git Watcher via monorail]

Comment #83 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c83

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/39e4b933aa7d573c75d49439a25346c8d628a83a

commit 39e4b933aa7d573c75d49439a25346c8d628a83a
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Jul 06 15:57:59 2023

[handles] Fix compiler error for CSS builds

Since https://crrev.com/c/4665342, building for CSS configurations
(specifically, configurations with v8_enable_direct_handle = true) and
with v8_enable_slow_dchecks = false resulted in a compiler error.
This CL fixes it.

Bug: v8:13257
Bug: v8:13270

Change-Id: I03ec27d130f4f18fcbc8875b847c8ec190cd0a88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4667278

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#88746}

[modify] https://crrev.com/39e4b933aa7d573c75d49439a25346c8d628a83a/src/handles/handles.h

[Git Watcher via monorail]

Comment #84 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c84

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/0d593b752c8721a43acb885a66dec65efb4a2238

commit 0d593b752c8721a43acb885a66dec65efb4a2238
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Jul 20 10:59:23 2023

[heap] Add scope for conservative stack scanning

This CL adds a GCTracer scope for conservative stack scanning. It is
only displayed with --trace-gc-nvp.

It also simplifies ConservativeStackVisitor::FindBasePtrForMarking and
introduces ConservativeStackVisitor::ForTesting, which returns a dummy
visitor useful only for testing inner-pointer resolution.

Bug: v8:13257
Bug: v8:13270

Change-Id: Ie30bbab8250a4090c6db8306b187b7415201d070
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4693547

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#89124}

[modify] https://crrev.com/0d593b752c8721a43acb885a66dec65efb4a2238/src/heap/gc-tracer.cc
[modify] https://crrev.com/0d593b752c8721a43acb885a66dec65efb4a2238/src/heap/heap.cc
[modify] https://crrev.com/0d593b752c8721a43acb885a66dec65efb4a2238/src/init/heap-symbols.h
[modify] https://crrev.com/0d593b752c8721a43acb885a66dec65efb4a2238/src/heap/conservative-stack-visitor.h
[modify] https://crrev.com/0d593b752c8721a43acb885a66dec65efb4a2238/src/heap/conservative-stack-visitor.cc
[modify] https://crrev.com/0d593b752c8721a43acb885a66dec65efb4a2238/test/unittests/heap/inner-pointer-resolution-unittest.cc

[Git Watcher via monorail]

Comment #85 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c85

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/48b33e0a07981a473ab40aed405fe655b8848d09

commit 48b33e0a07981a473ab40aed405fe655b8848d09
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Jul 26 13:00:52 2023

[heap] Add more bailouts for conservative stack scanning

This CL introduces two more checks for conservative stack scanning,
that immediately bail out for:

1. uncompressed pointers outside the cage, when pointer compression is
enabled; and
2. compressed pointers outside the space that has been allocated by the
memory allocator.

Bug: v8:13257
Change-Id: Ic77da97bebfe90f44d1a6d1d06760aff08b90f77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4719166
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#89213}

[modify] https://crrev.com/48b33e0a07981a473ab40aed405fe655b8848d09/src/heap/conservative-stack-visitor.h
[modify] https://crrev.com/48b33e0a07981a473ab40aed405fe655b8848d09/src/heap/conservative-stack-visitor.cc

[Git Watcher via monorail]

Comment #86 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c86

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/ea194f20991f16290622500f41d2e1025d0703f9

commit ea194f20991f16290622500f41d2e1025d0703f9
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Aug 23 11:15:09 2023

[heap] Revisit inner-pointer resolution

Inner-pointer resolution (IPR) using the marking bitmap is now tailored
for the marking visitor. That is, if a maybe-inner-pointer coincides
with the base address of an object that was already marked, IPR returns
a null address and the conservative stack scanning (CSS) visitor does
not pass it to its delegate visitor. This works fine if the delegate
visitor is the marking visitor or the marking verification visitor.
All other visitors, however, may miss visiting some marked objects.
When CSS is enabled, the CSS visitor is used for iterating stack roots.
This does not only happen during the marking phase of a GC but also,
e.g., during snapshot creation and in the heap profiler.

This CL fixes IPR to work correctly, independently of whether the
resolved objects are marked or not. In this way, the CSS visitor
correctly delegates all pointers. The marking visitors will bail out
anyway, if they visit an already marked object.

Bug: v8:13257
Bug: v8:14275
Bug: v8:14278
Change-Id: I4759861d3e2bbce0e13570c12f07aa08d6f3f2c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4806564
Reviewed-by: Dominik Inführ <dinf...@chromium.org>

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#89591}

[modify] https://crrev.com/ea194f20991f16290622500f41d2e1025d0703f9/test/cctest/test-heap-profiler.cc
[modify] https://crrev.com/ea194f20991f16290622500f41d2e1025d0703f9/src/heap/marking.h
[modify] https://crrev.com/ea194f20991f16290622500f41d2e1025d0703f9/src/heap/conservative-stack-visitor.h
[modify] https://crrev.com/ea194f20991f16290622500f41d2e1025d0703f9/src/heap/conservative-stack-visitor.cc
[modify] https://crrev.com/ea194f20991f16290622500f41d2e1025d0703f9/test/unittests/heap/inner-pointer-resolution-unittest.cc
[modify] https://crrev.com/ea194f20991f16290622500f41d2e1025d0703f9/src/heap/marking-inl.h

[Git Watcher via monorail]

Comment #87 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c87

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/a1156fc68c56a5b4512f76a8525a2dddb19a880e

commit a1156fc68c56a5b4512f76a8525a2dddb19a880e
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Thu Aug 24 10:31:56 2023

[heap] Use stack marker for conservative stack scanning

This CL refactors conservative stack scanning so that it always scans
from the stack marker to the stack start. It assumes that a stack marker
has already been set, when iterating through stack roots. The method
Stack::SetMarkerIfNeededAndCallback must be used to set the marker: it
only does so if the marker has not already been set. The callback is
required because the stack marker is set inside the trampoline for
saving callee-saved registers on the stack.

Using the stack marker instead of scanning the entire stack is useful
in cases where it is important to consistently scan the same part of
the stack successively. This CL addresses two such cases:

1. During GC, for marking and marking verification.
2. In the heap profiler, during snapshot generation, the GC and the
filling of references should scan the same part of the stack.
The same when querying for objects.

(A third case will be handled in a separate CL: during snapshot
serialization, GC and read-only promotion should scan the same part
of the stack or omit the stack entirely.)

The CL also cleans up the trampoline-related logic that was implemented
in the local heap, as well as the now redundant scan stack modes.

Bug: v8:13257
Bug: v8:14278
Change-Id: I36e68e4d5201def75ae9841dfcd9c0fd8fdf329e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4804204

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#89610}

[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/test/unittests/heap/cppgc/stack-unittest.cc
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/mark-sweep-utilities.cc
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/base/stack.h
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/cppgc-js/cpp-heap.cc
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/local-heap-inl.h
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/local-heap.cc
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/cppgc/heap.cc
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/cppgc/marker.cc
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/heap.h
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/heap.cc
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/test/unittests/heap/cppgc/marking-verifier-unittest.cc
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/local-heap.h
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/cppgc/heap.h
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/cppgc-js/cpp-snapshot.cc
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/base/stack.cc
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/mark-compact.cc
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/profiler/heap-profiler.cc
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/test/unittests/heap/conservative-stack-visitor-unittest.cc
[modify] https://crrev.com/a1156fc68c56a5b4512f76a8525a2dddb19a880e/src/heap/minor-mark-sweep.cc

[Git Watcher via monorail]

Comment #88 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c88

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/2cd30bb748f8fbbf377b712425e711ceda2f1141

commit 2cd30bb748f8fbbf377b712425e711ceda2f1141
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Aug 25 16:45:59 2023

[heap] Move stack marker when taking a heap snapshot

In https://crrev.com/c/4804204 a stack marker was introduced in
HeapSnapshotGenerator::GenerateSnapshot(), for ensuring that the GC
and the filling of references will scan the same part of the stack.
This CL moves the stack marker a bit higher in the call chain, to
HeapProfiler::TakeSnapshot, to guarantee that the part of the stack
above the marker will not be modified during snapshot generation.

Bug: v8:13257
Change-Id: I86d446ec709347032158fa929e2500ebfa083112
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4813324

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#89641}

[modify] https://crrev.com/2cd30bb748f8fbbf377b712425e711ceda2f1141/src/profiler/heap-profiler.cc
[modify] https://crrev.com/2cd30bb748f8fbbf377b712425e711ceda2f1141/src/profiler/heap-snapshot-generator.cc

[Git Watcher via monorail]

Comment #89 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c89

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/e1649301dfbfd34a448c3a0232c8a6206b716c73

commit e1649301dfbfd34a448c3a0232c8a6206b716c73
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue Oct 10 10:08:06 2023

[handles] Introduce v8::LocalVector

According to V8's public API documentation, local handles (i.e.,
objects of type v8::Local<T>) "should never be allocated on the heap".
This disallows heap-allocated data structures containing instances of
v8::Local, like std::vector<v8::Local<v8::String>>. It is unfortunate
that the V8 API itself requires the usage of such data structures.

This CL introduces a compile-time flag v8_enable_local_off_stack_check
which enforces a run-time DCHECK, that all v8::Local<T> objects are
indeed stack-allocated. The check is disabled by default. It will
fail for all heap data structures containing local handles.

The CL also introduces v8::LocalVector<T> as an intended replacement
for std::vector<v8::Local<T>>. This class implements correctly
heap-allocated vectors of local handles. The backing store of such
vectors does not trigger the off-stack check. Furthermore, if direct
locals are used, the backing store is also registered as a strong
roots region.

Additionally, the CL modifies root visitors so that, when direct
locals are used, they bypass slots containing kTaggedNullPointer.
In the direct local configuration, this value is used to represent
"empty handles" and is expected to be found in the backing stores
of v8::LocalVector<T>, for default-constructed elements.

Bug: v8:13257
Bug: v8:13270
Bug: chromium:1454114
Change-Id: I1fa6277eab95fa3609d840fca211e2531592e657
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4905902
Reviewed-by: Anton Bikineev <biki...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#90335}

[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/bazel/defs.bzl
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/include/v8-internal.h
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/src/heap/incremental-marking.cc
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/src/flags/flag-definitions.h
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/src/heap/read-only-promotion.cc
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/test/unittests/heap/strong-root-allocator-unittest.cc
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/BUILD.bazel
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/include/v8-local-handle.h
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/src/heap/heap-verifier.cc
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/src/heap/evacuation-verifier-inl.h
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/src/heap/heap.cc
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/BUILD.gn
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/gni/v8.gni
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/src/heap/mark-compact.cc
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/src/heap/young-generation-marking-visitor-inl.h
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/src/objects/visitors.h
[modify] https://crrev.com/e1649301dfbfd34a448c3a0232c8a6206b716c73/src/heap/minor-mark-sweep.cc

[Git Watcher via monorail]

Comment #90 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c90

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/5eb3653be03ab86b6483740a3930e6071833d8bc

commit 5eb3653be03ab86b6483740a3930e6071833d8bc
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Tue Oct 17 11:05:08 2023

[handles] Fix LocalVector iterator

The current implementation of LocalVector::iterator exhibits UB when
the iterator is not dereferenceable. This CL fixes it, by introducing
a class template internal::WrapperIterator, which allows the safe
conversion between a wrapper iterator type and the underlying iterator
type, upon dereferencing.

Bug: v8:13257
Bug: v8:13270
Bug: chromium:1454114

Change-Id: If253d9f4838f7286d65cd86b8ee83d6c1c6bf077
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4942235

Reviewed-by: Anton Bikineev <biki...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#90481}

[modify] https://crrev.com/5eb3653be03ab86b6483740a3930e6071833d8bc/include/v8-local-handle.h
[modify] https://crrev.com/5eb3653be03ab86b6483740a3930e6071833d8bc/include/v8-internal.h

[Git Watcher via monorail]

Comment #93 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c93

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/e6299cb1410f30f9ee7c1b5709ad8aa6ed9459af

commit e6299cb1410f30f9ee7c1b5709ad8aa6ed9459af
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Feb 14 11:02:48 2024

[flags] Set implication for --compact-code-space-with-stack

This CL sets an implication, so that whenever --compact-with-stack is
disabled, --compact-code-space-with-stack is also disabled.

The motivation for this is that with conservative stack scanning all
heap compaction should be disabled when the stack is non-trivial.
The existing implication was between --conservative-stack-scanning
and --compact-with-stack, but --compact-code-space-with-stack was
until now unrelated.

Bug: v8:13257
Change-Id: I8266dbe0a11f5923b7ad91cc4b310a16206fd60b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5293796
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#92310}

[modify] https://crrev.com/e6299cb1410f30f9ee7c1b5709ad8aa6ed9459af/src/flags/flag-definitions.h

[Git Watcher via monorail]

Comment #94 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c94

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/f178406b59d91240ffb9c149cb01e98a560da16d

commit f178406b59d91240ffb9c149cb01e98a560da16d
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Mar 01 09:52:34 2024

[heap][handles] Stack scanning for background threads

This CL adds support for conservatively scanning the stacks of
background threads. If such a thread has a non-trivial stack, it
should use Stack::SetMarkerForBackgroundThreadAndCallback to register
its stack for scanning and wait in the callback for a GC to occur.
This method is automatically invoked by the family of
LocalHeap::BlockWhileParked methods. Threading cctests use the
same mechanism for alternating between different threads.

Bug: v8:13257
Bug: v8:13270

Change-Id: I9bcced9e80d2e07f2a4a02f45cb6d129a79a16ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5331543

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#92629}

[modify] https://crrev.com/f178406b59d91240ffb9c149cb01e98a560da16d/src/heap/base/stack.h
[modify] https://crrev.com/f178406b59d91240ffb9c149cb01e98a560da16d/test/cctest/test-api.cc
[modify] https://crrev.com/f178406b59d91240ffb9c149cb01e98a560da16d/src/heap/heap.h
[modify] https://crrev.com/f178406b59d91240ffb9c149cb01e98a560da16d/src/heap/heap.cc
[modify] https://crrev.com/f178406b59d91240ffb9c149cb01e98a560da16d/src/heap/local-heap.h
[modify] https://crrev.com/f178406b59d91240ffb9c149cb01e98a560da16d/src/heap/cppgc-js/cpp-snapshot.cc
[modify] https://crrev.com/f178406b59d91240ffb9c149cb01e98a560da16d/src/heap/local-heap-inl.h
[modify] https://crrev.com/f178406b59d91240ffb9c149cb01e98a560da16d/src/heap/base/stack.cc
[modify] https://crrev.com/f178406b59d91240ffb9c149cb01e98a560da16d/src/heap/local-heap.cc

[Git Watcher via monorail]

Comment #95 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c95

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/ebf24454cf5b0615c4bec327c617120779341dc5

commit ebf24454cf5b0615c4bec327c617120779341dc5
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Mon Mar 04 15:12:59 2024

[handles] Enable direct locals for conservative stack scanning

With this CL, setting v8_enable_conservative_stack_scanning=true
sets also v8_enable_direct_local=true (unless explicitly overriden).
This means that the default configuration for CSS will now use both
direct (internal) handles and direct locals.

Bug: v8:13257
Bug: v8:13270

Change-Id: Iddd9b8da42e5e42fcb77a152dce2f0c488736260
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5339871
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#92650}

[modify] https://crrev.com/ebf24454cf5b0615c4bec327c617120779341dc5/BUILD.gn
[modify] https://crrev.com/ebf24454cf5b0615c4bec327c617120779341dc5/gni/v8.gni

[Git Watcher via monorail]

Comment #96 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c96

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/65798e42b23b2809f3346781c50423abdae8663c

commit 65798e42b23b2809f3346781c50423abdae8663c
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Wed Mar 06 14:37:23 2024

[heap][test] Fix test-heap/TransitionArrayShrinksDuringAllocToZero

This test fails occasionally on the CSS bot.

Bug: v8:13257
Change-Id: Id4f65869cfd7fe35af1fa79356eb7b34d332680f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5349001

Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#92709}

[modify] https://crrev.com/65798e42b23b2809f3346781c50423abdae8663c/test/cctest/heap/test-heap.cc

[Git Watcher via monorail]

Comment #97 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c97

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/ca5ad701eedaed99a7eada3acd637c885a5a6a30

commit ca5ad701eedaed99a7eada3acd637c885a5a6a30
Author: Omer Katz <omer...@chromium.org>
Date: Fri Mar 08 07:18:19 2024

[heap] Run more tests on css bot

Bug: v8:13257
Change-Id: Ic60735840ed95a884bd23c12348930d79a0156d1
Cq-Include-Trybots: luci.v8.try:v8_linux64_css_dbg
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5353506
Reviewed-by: Michael Achenbach <mache...@chromium.org>
Commit-Queue: Omer Katz <omer...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#92723}

[modify] https://crrev.com/ca5ad701eedaed99a7eada3acd637c885a5a6a30/infra/testing/builders.pyl

[Git Watcher via monorail]

Comment #98 on issue 13257 by Git Watcher: Conservative stack scanning
https://bugs.chromium.org/p/v8/issues/detail?id=13257#c98

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/b2244d1f2ff50364b048a77b28564265f733b632

commit b2244d1f2ff50364b048a77b28564265f733b632
Author: Nikolaos Papaspyrou <niko...@chromium.org>
Date: Fri Apr 05 17:05:45 2024

[heap] Minor fix in stack scanning

This CL removes a redundant call to `IterateBackgroundStacks` that
existed in `IteratePointersUntilMarker`. This had resulted in a nested
`SuspendTagCheckingScope`, which crashed on Android MTE builds. The CL
also adds a check in `SuspendTagCheckingScope` to prevent nested usage
earlier.

Bug: v8:13257
Change-Id: I2b7a041bed0155a814454845b8a43fc530199588
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5426676

Reviewed-by: Omer Katz <omer...@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <niko...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#93204}

[modify] https://crrev.com/b2244d1f2ff50364b048a77b28564265f733b632/src/heap/base/memory-tagging.cc
[modify] https://crrev.com/b2244d1f2ff50364b048a77b28564265f733b632/src/heap/base/stack.cc