Issue 11708 in v8: Implement shared heap for shared JS objects

[dinfu… via monorail]

Status: Assigned
Owner: dinf...@google.com
Components: GC
Priority: 1
Type: FeatureRequest

New issue 11708 by dinf...@google.com: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708

Implement a shared heap that can be shared between isolates.

Design doc: https://docs.google.com/document/d/18lYuaEsDSudzl2TDu-nc-0sVXW7WTGAs14k64GEhnFg/edit?usp=sharing

--
You received this message because:
1. The project was configured to send all issue notifications to this address

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

[Git Watcher via monorail]

Comment #1 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c1

The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/5a8afe011d9bebb021395a1365bc28ad891d983d

commit 5a8afe011d9bebb021395a1365bc28ad891d983d
Author: Dominik Inführ <dinf...@chromium.org>
Date: Tue Apr 27 18:21:57 2021

[heap] Allow allocation in shared heap

This CL adds the new AllocationTypes kSharedOld and kSharedMap for
the allocation of objects in the shared heap. An Isolate can be converted
into a shared isolate with Isolate::UseAsSharedIsolate(). Client
isolates can then be attached to the shared isolate.

Bug: v8:11708
Change-Id: Ie2ed30b83b404e01e6f6079c5a4bdaa9302e8004
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850709
Reviewed-by: Victor Gomes <victo...@chromium.org>
Reviewed-by: Ulan Degenbaev <ul...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74252}

[modify] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/src/common/globals.h
[modify] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/src/execution/isolate.cc
[modify] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/src/execution/isolate.h
[modify] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/src/heap/basic-memory-chunk.h
[modify] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/src/heap/combined-heap.h
[modify] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/src/heap/heap-inl.h
[modify] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/src/heap/heap.cc
[modify] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/src/heap/heap.h
[modify] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/src/heap/incremental-marking.cc
[modify] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/src/heap/mark-compact.cc
[modify] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/src/heap/mark-compact.h
[modify] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/src/heap/marking-visitor-inl.h
[modify] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/src/heap/memory-chunk.cc
[modify] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/test/cctest/BUILD.gn
[add] https://crrev.com/5a8afe011d9bebb021395a1365bc28ad891d983d/test/cctest/heap/test-shared-heap.cc

[Git Watcher via monorail]

Comment #2 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c2

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/2391742099419b121c5a0fbf5af01ed72cd6b72a

commit 2391742099419b121c5a0fbf5af01ed72cd6b72a
Author: Shu-yu Guo <s...@chromium.org>
Date: Sat May 01 15:05:38 2021

[heap] Require shared RO heap when using shared Isolate

The only exception is when pointer compression is on with a per-Isolate
cage.

Bug: v8:11708
Change-Id: Ice9b0114bc102c20b4151ec66a861ba673934605
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2864563
Reviewed-by: Victor Gomes <victo...@chromium.org>
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Commit-Queue: Shu-yu Guo <s...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74342}

[modify] https://crrev.com/2391742099419b121c5a0fbf5af01ed72cd6b72a/src/execution/isolate.h

[Git Watcher via monorail]

Comment #3 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c3

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/8a9129efbe90e037fd7ad84a9af75de69f8a06e6

commit 8a9129efbe90e037fd7ad84a9af75de69f8a06e6
Author: Dominik Inführ <dinf...@chromium.org>
Date: Tue May 11 06:44:47 2021

[execution] Replace UseAsSharedIsolate() with Isolate::NewShared()

Isolate::UseAsSharedIsolate() was invoked after the Isolate was already
created. I think it is cleaner to have the shared-flag right when
constructing an Isolate. This way we can use that property already
when setting up the isolate.

Bug: v8:11708
Change-Id: Ibbfee09122b7b0361a5af7a1b559796594834813
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2885041
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Igor Sheludko <ish...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74495}

[modify] https://crrev.com/8a9129efbe90e037fd7ad84a9af75de69f8a06e6/src/execution/isolate.cc
[modify] https://crrev.com/8a9129efbe90e037fd7ad84a9af75de69f8a06e6/src/execution/isolate.h
[modify] https://crrev.com/8a9129efbe90e037fd7ad84a9af75de69f8a06e6/test/cctest/heap/test-shared-heap.cc

[Git Watcher via monorail]

Comment #4 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c4

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/e404af787f2b0be1cd3eb0e28196e82d88fb890c

commit e404af787f2b0be1cd3eb0e28196e82d88fb890c
Author: Dominik Inführ <dinf...@chromium.org>
Date: Tue May 11 15:18:09 2021

[heap] Support simple shared GCs without any clients

Allow GC of the shared heap without any attached clients. This
CL also disables incremental marking for shared heaps for now.

Bug: v8:11708
Change-Id: I1eb47a42fe3ced0f23f679ecaae0c32e09eab461
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886878
Reviewed-by: Victor Gomes <victo...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74511}

[modify] https://crrev.com/e404af787f2b0be1cd3eb0e28196e82d88fb890c/src/execution/isolate.h
[modify] https://crrev.com/e404af787f2b0be1cd3eb0e28196e82d88fb890c/src/heap/heap.cc
[modify] https://crrev.com/e404af787f2b0be1cd3eb0e28196e82d88fb890c/src/heap/incremental-marking.cc
[modify] https://crrev.com/e404af787f2b0be1cd3eb0e28196e82d88fb890c/src/heap/mark-compact.cc
[modify] https://crrev.com/e404af787f2b0be1cd3eb0e28196e82d88fb890c/src/heap/mark-compact.h
[modify] https://crrev.com/e404af787f2b0be1cd3eb0e28196e82d88fb890c/src/heap/marking-visitor-inl.h
[modify] https://crrev.com/e404af787f2b0be1cd3eb0e28196e82d88fb890c/src/heap/marking-visitor.h
[modify] https://crrev.com/e404af787f2b0be1cd3eb0e28196e82d88fb890c/test/cctest/heap/test-shared-heap.cc

[Git Watcher via monorail]

Comment #5 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c5

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/5ef4e14fb86083221902eb109fafe30c6b6936b8

commit 5ef4e14fb86083221902eb109fafe30c6b6936b8
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed May 19 13:14:48 2021

[heap] Replace usages of CollectionRequested with SafepointRequested

CollectionRequested was used exclusively on the main thread when a
background thread requested a GC. The main thread never used
SafepointRequested at any time. Now with the shared GC we might need to
stop multiple isolates in a safepoint in the future. In such a situation
we would need to use SafepointRequested also on the main thread.

This CL prepares V8 for this situation by using SafepointRequested
instead of CollectionRequested and friends on the main thread. The slow
path of Safepoint(), Park() and Unpark() will check in the future
whether the main thread needs to halt for a shared GC or needs to
perform a local GC. At the moment, simply performing the local GC is
still enough.

Bug: v8:11708
Change-Id: I819b6f7db8251074a4adf8b554e0a1393c76f7da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891834
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74673}

[modify] https://crrev.com/5ef4e14fb86083221902eb109fafe30c6b6936b8/src/heap/collection-barrier.cc
[modify] https://crrev.com/5ef4e14fb86083221902eb109fafe30c6b6936b8/src/heap/collection-barrier.h
[modify] https://crrev.com/5ef4e14fb86083221902eb109fafe30c6b6936b8/src/heap/heap.cc
[modify] https://crrev.com/5ef4e14fb86083221902eb109fafe30c6b6936b8/src/heap/local-heap.cc
[modify] https://crrev.com/5ef4e14fb86083221902eb109fafe30c6b6936b8/src/heap/local-heap.h

[Git Watcher via monorail]

Comment #6 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c6

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/c7cd212fb83fb0db9015c526191a712716971954

commit c7cd212fb83fb0db9015c526191a712716971954
Author: Francis McCabe <f...@chromium.org>
Date: Wed May 19 18:28:00 2021

Revert "[heap] Replace usages of CollectionRequested with SafepointRequested"

This reverts commit 5ef4e14fb86083221902eb109fafe30c6b6936b8.

Reason for revert: Seems to be causing a lot of flakes
e.g., https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64/42913

Original change's description:

> [heap] Replace usages of CollectionRequested with SafepointRequested
>
> CollectionRequested was used exclusively on the main thread when a
> background thread requested a GC. The main thread never used
> SafepointRequested at any time. Now with the shared GC we might need to
> stop multiple isolates in a safepoint in the future. In such a situation
> we would need to use SafepointRequested also on the main thread.
>
> This CL prepares V8 for this situation by using SafepointRequested
> instead of CollectionRequested and friends on the main thread. The slow
> path of Safepoint(), Park() and Unpark() will check in the future
> whether the main thread needs to halt for a shared GC or needs to
> perform a local GC. At the moment, simply performing the local GC is
> still enough.
>
> Bug: v8:11708
> Change-Id: I819b6f7db8251074a4adf8b554e0a1393c76f7da
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891834
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74673}

Bug: v8:11708
Change-Id: I51c51e68110e83f729bd43ef62eef1396aa0cb96
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2906913
Auto-Submit: Francis McCabe <f...@chromium.org>
Commit-Queue: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74684}

[modify] https://crrev.com/c7cd212fb83fb0db9015c526191a712716971954/src/heap/collection-barrier.cc
[modify] https://crrev.com/c7cd212fb83fb0db9015c526191a712716971954/src/heap/collection-barrier.h
[modify] https://crrev.com/c7cd212fb83fb0db9015c526191a712716971954/src/heap/heap.cc
[modify] https://crrev.com/c7cd212fb83fb0db9015c526191a712716971954/src/heap/local-heap.cc
[modify] https://crrev.com/c7cd212fb83fb0db9015c526191a712716971954/src/heap/local-heap.h

[Git Watcher via monorail]

Comment #7 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c7

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/1186fc5008cc0dbf187c06e0d54bbbf724e5fd71

commit 1186fc5008cc0dbf187c06e0d54bbbf724e5fd71
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu May 20 12:40:47 2021

[heap] Disable the young generation in shared heaps

A shared heap will not have a young generation in the beginning.

Bug: v8:11708
Change-Id: I947ddb91a23a72a8cee3aa3e554723dda8146011
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891569

Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/master@{#74697}

[modify] https://crrev.com/1186fc5008cc0dbf187c06e0d54bbbf724e5fd71/src/heap/heap.cc
[modify] https://crrev.com/1186fc5008cc0dbf187c06e0d54bbbf724e5fd71/test/cctest/heap/test-shared-heap.cc

[Git Watcher via monorail]

Comment #8 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c8

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/bd32997620e09b0ccba7b714a2d1f45c51b6cf87

commit bd32997620e09b0ccba7b714a2d1f45c51b6cf87
Author: Sathya Gunasekaran <gsa...@chromium.org>
Date: Thu May 20 14:07:52 2021

Revert "[heap] Disable the young generation in shared heaps"

This reverts commit 1186fc5008cc0dbf187c06e0d54bbbf724e5fd71.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/16531/overview

Original change's description:

> [heap] Disable the young generation in shared heaps
>
> A shared heap will not have a young generation in the beginning.
>
> Bug: v8:11708
> Change-Id: I947ddb91a23a72a8cee3aa3e554723dda8146011
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891569
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74697}

Bug: v8:11708
Change-Id: I8de67f70b00b5bd3066659e07fb1fd3ecfb76211

No-Presubmit: true
No-Tree-Checks: true
No-Try: true

Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2909693
Auto-Submit: Sathya Gunasekaran <gsa...@chromium.org>

Commit-Queue: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>

Cr-Commit-Position: refs/heads/master@{#74699}

[modify] https://crrev.com/bd32997620e09b0ccba7b714a2d1f45c51b6cf87/src/heap/heap.cc
[modify] https://crrev.com/bd32997620e09b0ccba7b714a2d1f45c51b6cf87/test/cctest/heap/test-shared-heap.cc

[Git Watcher via monorail]

Comment #9 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c9

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/f6ac5064ba8d6bed61ab269198007a1e03228047

commit f6ac5064ba8d6bed61ab269198007a1e03228047
Author: Dominik Inführ <dinf...@chromium.org>
Date: Tue May 25 08:05:02 2021

Reland "[heap] Disable the young generation in shared heaps"

This is a reland of 1186fc5008cc0dbf187c06e0d54bbbf724e5fd71

This reland fixes NewSpaceAllocationTopAddress() and
NewSpaceAllocationLimitAddress() by returning nullptr if no new space
is available. This is okay since those are never used later on.

We can't make this a build-time flag because we may only want to disable
the new space for the shared heap.

Original change's description:
> [heap] Disable the young generation in shared heaps
>
> A shared heap will not have a young generation in the beginning.
>
> Bug: v8:11708
> Change-Id: I947ddb91a23a72a8cee3aa3e554723dda8146011
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891569
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74697}

Bug: v8:11708

Change-Id: I254b919f7076ce624d15c924e63cbde5eb4df749
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912731

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/master@{#74735}

[modify] https://crrev.com/f6ac5064ba8d6bed61ab269198007a1e03228047/src/heap/heap-inl.h
[modify] https://crrev.com/f6ac5064ba8d6bed61ab269198007a1e03228047/src/heap/heap.cc
[modify] https://crrev.com/f6ac5064ba8d6bed61ab269198007a1e03228047/test/cctest/heap/test-shared-heap.cc

[Git Watcher via monorail]

Comment #10 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c10

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/0bbddafd4188db67af619008bd26ca841a2792ea

commit 0bbddafd4188db67af619008bd26ca841a2792ea
Author: Dominik Inführ <dinf...@chromium.org>
Date: Tue May 25 09:04:14 2021

Reland "[heap] Replace usages of CollectionRequested with SafepointRequested"

This is a reland of 5ef4e14fb86083221902eb109fafe30c6b6936b8

The previous CL caused flaky test failures with some concurrent
allocation tests. The reason for this was that the main thread's state
and collection_requested_ can't be updated in an atomic operation
anymore.

Any thread will now invoke RequestGC() first. Then it will wait in
AwaitCollectionBackground() when the main thread was running. Both
methods can and will be invoked more than once.

The new flag block_for_collection_ is used to decide whether a thread
needs wait for the GC. collection_requested_ can't be used for that
purpose because that flag is also true when the main thread is parked.

Original change's description:

> [heap] Replace usages of CollectionRequested with SafepointRequested
>
> CollectionRequested was used exclusively on the main thread when a
> background thread requested a GC. The main thread never used
> SafepointRequested at any time. Now with the shared GC we might need to
> stop multiple isolates in a safepoint in the future. In such a situation
> we would need to use SafepointRequested also on the main thread.
>
> This CL prepares V8 for this situation by using SafepointRequested
> instead of CollectionRequested and friends on the main thread. The slow
> path of Safepoint(), Park() and Unpark() will check in the future
> whether the main thread needs to halt for a shared GC or needs to
> perform a local GC. At the moment, simply performing the local GC is
> still enough.
>
> Bug: v8:11708
> Change-Id: I819b6f7db8251074a4adf8b554e0a1393c76f7da
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891834

> Commit-Queue: Dominik Inführ <dinf...@chromium.org>
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>

> Cr-Commit-Position: refs/heads/master@{#74673}

Bug: v8:11708

Change-Id: Ibe245cd1822310123b3af2026872fd9927ee410e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912576

Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/master@{#74739}

[modify] https://crrev.com/0bbddafd4188db67af619008bd26ca841a2792ea/src/heap/collection-barrier.cc
[modify] https://crrev.com/0bbddafd4188db67af619008bd26ca841a2792ea/src/heap/collection-barrier.h
[modify] https://crrev.com/0bbddafd4188db67af619008bd26ca841a2792ea/src/heap/heap.cc
[modify] https://crrev.com/0bbddafd4188db67af619008bd26ca841a2792ea/src/heap/local-heap.cc
[modify] https://crrev.com/0bbddafd4188db67af619008bd26ca841a2792ea/src/heap/local-heap.h

[Git Watcher via monorail]

Comment #11 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c11

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/0e01a454525344a0d19ed086b531d06445c14009

commit 0e01a454525344a0d19ed086b531d06445c14009
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed May 26 11:10:00 2021

[codegen] Fix DCHECK in single generation mode

Build with single generation mode failed because
new_space_allocation_top() and new_space_allocation_limit() both return
nullptr now without a new space. Previously the DCHECK succeeded because
both methods would call the NewSpace methods with null as this pointer.

Bug: v8:11708
Change-Id: I74babded2c790642e74722ed53794aecebec4344
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917604
Reviewed-by: Jakob Gruber <jgr...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74794}

[modify] https://crrev.com/0e01a454525344a0d19ed086b531d06445c14009/src/codegen/code-stub-assembler.cc

[Git Watcher via monorail]

Comment #12 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c12

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/6b32e7d19332ea75ed43abd12578688d7fc7cec2

commit 6b32e7d19332ea75ed43abd12578688d7fc7cec2
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Jun 11 15:07:36 2021

[heap] Fix concurrent allocation in shared map space

Two DCHECKS had to updated to allow for concurrent MAP_SPACE
allocations.

Bug: v8:11708
Change-Id: I8a059d2e5942f511802a95ec27cf566414dd740e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2951724
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75105}

[modify] https://crrev.com/6b32e7d19332ea75ed43abd12578688d7fc7cec2/src/heap/factory.cc
[modify] https://crrev.com/6b32e7d19332ea75ed43abd12578688d7fc7cec2/src/heap/factory.h
[modify] https://crrev.com/6b32e7d19332ea75ed43abd12578688d7fc7cec2/src/heap/paged-spaces.cc
[modify] https://crrev.com/6b32e7d19332ea75ed43abd12578688d7fc7cec2/test/cctest/heap/test-shared-heap.cc

[Git Watcher via monorail]

Comment #13 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c13

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/9663bb31d89c2c15bb067a926129bde4b6609736

commit 9663bb31d89c2c15bb067a926129bde4b6609736
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed Jul 07 09:38:56 2021

[heap] Perform GC in a shared heap

This CL implements GC in a shared heap. A shared GC is started from
an attached client isolate that fails to allocate a shared object. In
order to perform a shared GC all other running client isolates need
to be stopped and their roots need to be scanned.

Bug: v8:11708
Change-Id: I45ac50e6b4a1e9270f9e39b69f9b8ee5e6e14134
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964816
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Mythri Alle <myt...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75606}

[modify] https://crrev.com/9663bb31d89c2c15bb067a926129bde4b6609736/src/common/globals.h
[modify] https://crrev.com/9663bb31d89c2c15bb067a926129bde4b6609736/src/execution/isolate.h
[modify] https://crrev.com/9663bb31d89c2c15bb067a926129bde4b6609736/src/heap/heap.cc
[modify] https://crrev.com/9663bb31d89c2c15bb067a926129bde4b6609736/src/heap/heap.h
[modify] https://crrev.com/9663bb31d89c2c15bb067a926129bde4b6609736/src/heap/mark-compact.cc
[modify] https://crrev.com/9663bb31d89c2c15bb067a926129bde4b6609736/src/heap/mark-compact.h
[modify] https://crrev.com/9663bb31d89c2c15bb067a926129bde4b6609736/src/heap/safepoint.cc
[modify] https://crrev.com/9663bb31d89c2c15bb067a926129bde4b6609736/src/heap/safepoint.h
[modify] https://crrev.com/9663bb31d89c2c15bb067a926129bde4b6609736/test/cctest/heap/test-shared-heap.cc

[Git Watcher via monorail]

Comment #14 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c14

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/d79e0c4f261a48a881c36ec11121fbc87c4ce35d

commit d79e0c4f261a48a881c36ec11121fbc87c4ce35d
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Sep 16 11:07:08 2021

[heap] Add and remove allocation observers without using safepoints

Safepoints were used in Heap::AddAllocationObserversToAllSpaces and
Heap::RemoveAllocationObserversFromAllSpaces as a poor man's approach
to synchronization. This CL removes the safepoint and protects the
potential race on the free list with a mutex in
PagedSpace::DecreaseLimit.

The motivation for this CL is that SafepointScope might possibly park
the main thread in the future. However parking is only allowed if GCs
are also allowed. GCs are not allowed when running allocation observers,
so an allocation observer would not be able to add or remove additional
observers as is currently done in StressConcurrentAllocationObserver.

Also adding additional checks to the safepoint to ensure that we are
on the main thread.

Bug: v8:11708
Change-Id: I4e65a83ac4015d30b15d8c4eeaed4ea759b7c982
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160523

Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#76867}

[modify] https://crrev.com/d79e0c4f261a48a881c36ec11121fbc87c4ce35d/src/heap/heap.cc
[modify] https://crrev.com/d79e0c4f261a48a881c36ec11121fbc87c4ce35d/src/heap/paged-spaces.cc
[modify] https://crrev.com/d79e0c4f261a48a881c36ec11121fbc87c4ce35d/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #15 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c15

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/38e67f1888e1cb5882613561af6a9e05d5889fd1

commit 38e67f1888e1cb5882613561af6a9e05d5889fd1
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed Sep 22 11:24:48 2021

[execution] Cancel concurrent tasks earlier

We should cancel tasks before we destroy objects like the string table
from the isolate. So far our concurrent tasks didn't interact with
the isolate much, but we now have tasks that can e.g. access the heap
concurrently. While this is not strictly necessary at the moment, I want
to see whether there might be problems with that approach. In the future
this order will be required e.g. for baseline batch compilation tasks.

Bug: v8:11708
Change-Id: I80d8a9447bb51e9ae84ed9b6c0da6183290dc70b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3164338
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Jakob Gruber <jgr...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76989}

[modify] https://crrev.com/38e67f1888e1cb5882613561af6a9e05d5889fd1/src/execution/isolate.cc

[Git Watcher via monorail]

Comment #16 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c16

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/8659c9c3ca1af419df27fc2d4c6e78ebc94c5003

commit 8659c9c3ca1af419df27fc2d4c6e78ebc94c5003
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed Oct 06 17:35:25 2021

[heap] Rename GlobalSafepoint to IsolateSafepoint

We are going to introduce safepoints across multiple isolates, with
this the name GlobalSafepoint might be misleading. Use IsolateSafepoint
as name to emphasise this class reaches a safepoint for a single
isolate only.

No functional changes.

Bug: v8:11708
Change-Id: I8254031dd0bc8e6dcf9f7353297803c37dba47ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3207901
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77268}

[modify] https://crrev.com/8659c9c3ca1af419df27fc2d4c6e78ebc94c5003/src/heap/safepoint.h
[modify] https://crrev.com/8659c9c3ca1af419df27fc2d4c6e78ebc94c5003/src/heap/heap.h
[modify] https://crrev.com/8659c9c3ca1af419df27fc2d4c6e78ebc94c5003/src/heap/heap.cc
[modify] https://crrev.com/8659c9c3ca1af419df27fc2d4c6e78ebc94c5003/src/heap/local-heap.h
[modify] https://crrev.com/8659c9c3ca1af419df27fc2d4c6e78ebc94c5003/src/heap/local-heap.cc
[modify] https://crrev.com/8659c9c3ca1af419df27fc2d4c6e78ebc94c5003/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #17 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c17

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/760e52fdef5f045c02b0ce21e471e445cb81ad03

commit 760e52fdef5f045c02b0ce21e471e445cb81ad03
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed Oct 06 17:43:40 2021

[heap] Replace IsActive() with AssertActive()

IsActive() is only supposed to be used in DCHECKs and supporting
this is going to get harder when introducing safepoints across multiple
isolates because there won't be this single counter anymore to check.
With AssertActive() we can just invoke AssertHold() on our mutex.

No functional changes.

Bug: v8:11708

Change-Id: Ic8d17738afdc90e92e6b54f615ec9757a826cc64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3207903

Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#77272}

[modify] https://crrev.com/760e52fdef5f045c02b0ce21e471e445cb81ad03/src/heap/safepoint.h
[modify] https://crrev.com/760e52fdef5f045c02b0ce21e471e445cb81ad03/src/heap/new-spaces.cc
[modify] https://crrev.com/760e52fdef5f045c02b0ce21e471e445cb81ad03/src/objects/string-table.h
[modify] https://crrev.com/760e52fdef5f045c02b0ce21e471e445cb81ad03/src/objects/string-table.cc
[modify] https://crrev.com/760e52fdef5f045c02b0ce21e471e445cb81ad03/src/handles/persistent-handles.cc
[modify] https://crrev.com/760e52fdef5f045c02b0ce21e471e445cb81ad03/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #18 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c18

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/99dbb750f33710f462e5cbb382eb50e6bdcce925

commit 99dbb750f33710f462e5cbb382eb50e6bdcce925
Author: Dominik Inführ <dinf...@chromium.org>
Date: Tue Oct 12 11:05:24 2021

[heap] Introduce new ThreadState with flags

Change ThreadState representation from a fixed set of values to
either Parked or Running with two additional flags (or bits) that
are used when either a collection or a safepoint requested. Setting
either of these flags forces Park(), Unpark() and Safepoint() into
their slow path.

Currently we use the CollectionRequested flag on the main thread,
while SafepointRequested is used on background threads.

In case the slow path sees the CollectionRequested flag, it will
perform a GC. When encountering the SafepointRequested flag, the
background thread will participate in the safepoint protocol and
park itself for the duration of the safepoint operation.

This CL is a prerequisite for supporting safepoints across multiple
isolates. When safepointing multiple isolates, the main thread will
use both the CollectionRequested and SafepointRequested flag. This
isn't possible with the current system.

Design Doc: https://docs.google.com/document/d/1y6C9zAACEr0sBYMIYk3YpXosnkF3Ak4CEuWJu1-3zXs/edit?usp=sharing

Bug: v8:11708
Change-Id: I16b88740182d9c13bce54be163b334761529a5f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3211894

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#77349}

[modify] https://crrev.com/99dbb750f33710f462e5cbb382eb50e6bdcce925/src/heap/heap.cc
[modify] https://crrev.com/99dbb750f33710f462e5cbb382eb50e6bdcce925/src/heap/local-heap-inl.h
[modify] https://crrev.com/99dbb750f33710f462e5cbb382eb50e6bdcce925/src/heap/local-heap.h
[modify] https://crrev.com/99dbb750f33710f462e5cbb382eb50e6bdcce925/src/heap/local-heap.cc
[modify] https://crrev.com/99dbb750f33710f462e5cbb382eb50e6bdcce925/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #19 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c19

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/5605d302b5e49ddee2ba7acc588aa68fa88f4a11

commit 5605d302b5e49ddee2ba7acc588aa68fa88f4a11
Author: Milad Fa <mfar...@redhat.com>
Date: Tue Oct 12 18:35:13 2021

[heap] Fix compilation error on gcc

After https://crrev.com/c/3211894 the following error
gets thrown on gcc:
```
error: call to non-'constexpr' function 'uint8_t
v8::internal::LocalHeap::ThreadState::raw() const'
: raw_state_(state.raw()) {}
```

Bug: v8:11708
Change-Id: I6377c95fa38d4b4670f6a513e061f13e349a3212
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3216043
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Milad Fa <mfar...@redhat.com>
Commit-Queue: Milad Fa <mfar...@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77369}

[modify] https://crrev.com/5605d302b5e49ddee2ba7acc588aa68fa88f4a11/src/heap/local-heap.h

[Git Watcher via monorail]

Comment #20 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c20

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/929b83fb7b54aebf9b0170e4c8719b357b0393a8

commit 929b83fb7b54aebf9b0170e4c8719b357b0393a8
Author: Dominik Inführ <dinf...@chromium.org>
Date: Mon Oct 18 06:56:49 2021

[heap] Attach to shared isolate after setting up main thread

Attach to the shared isolate after the main thread was set up. Otherwise
it could happen that a shared GC initiated from another isolate might
see no threads are running and performs the safepoint operation in the
middle of isolate deserialization.

We use DisallowSafepoints to check that the isolate doesn't join a
global safepoint before deserialization is complete. DisallowSafepoints
used to prevent only invocations of Safepoint() but was updated to
also prevent Park() and Unpark() invocations. Each state change could
cause the thread to reach a safepoint, which would allow a shared GC
to run.

We now also DCHECK that every isolate has at least one local heap and
that shared collections aren't started before deserialization is
complete.

Bug: v8:11708
Change-Id: Iba3fb59dd951d5ee4fc9934158062287302fc279
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3221157
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Shu-yu Guo <s...@chromium.org>
Reviewed-by: Jakob Gruber <jgr...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77424}

[modify] https://crrev.com/929b83fb7b54aebf9b0170e4c8719b357b0393a8/test/cctest/test-serialize.cc
[modify] https://crrev.com/929b83fb7b54aebf9b0170e4c8719b357b0393a8/src/execution/isolate.cc
[modify] https://crrev.com/929b83fb7b54aebf9b0170e4c8719b357b0393a8/src/heap/heap.h
[modify] https://crrev.com/929b83fb7b54aebf9b0170e4c8719b357b0393a8/src/heap/heap.cc
[modify] https://crrev.com/929b83fb7b54aebf9b0170e4c8719b357b0393a8/src/heap/local-heap.h
[modify] https://crrev.com/929b83fb7b54aebf9b0170e4c8719b357b0393a8/src/execution/isolate.h
[modify] https://crrev.com/929b83fb7b54aebf9b0170e4c8719b357b0393a8/src/api/api.cc
[modify] https://crrev.com/929b83fb7b54aebf9b0170e4c8719b357b0393a8/src/heap/local-heap.cc
[modify] https://crrev.com/929b83fb7b54aebf9b0170e4c8719b357b0393a8/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #21 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c21

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/e784bf6180d2f0d411f2fc4715beff9cebaabb83

commit e784bf6180d2f0d411f2fc4715beff9cebaabb83
Author: Nico Hartmann <nicoha...@chromium.org>
Date: Mon Oct 18 08:44:08 2021

Revert "[heap] Attach to shared isolate after setting up main thread"

This reverts commit 929b83fb7b54aebf9b0170e4c8719b357b0393a8.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/18725/overview

Original change's description:

> [heap] Attach to shared isolate after setting up main thread
>
> Attach to the shared isolate after the main thread was set up. Otherwise
> it could happen that a shared GC initiated from another isolate might
> see no threads are running and performs the safepoint operation in the
> middle of isolate deserialization.
>
> We use DisallowSafepoints to check that the isolate doesn't join a
> global safepoint before deserialization is complete. DisallowSafepoints
> used to prevent only invocations of Safepoint() but was updated to
> also prevent Park() and Unpark() invocations. Each state change could
> cause the thread to reach a safepoint, which would allow a shared GC
> to run.
>
> We now also DCHECK that every isolate has at least one local heap and
> that shared collections aren't started before deserialization is
> complete.
>
> Bug: v8:11708
> Change-Id: Iba3fb59dd951d5ee4fc9934158062287302fc279
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3221157
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Reviewed-by: Shu-yu Guo <s...@chromium.org>
> Reviewed-by: Jakob Gruber <jgr...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77424}

Bug: v8:11708
Change-Id: I0633150b6b40b297a335a39bf1a087ca93592e04

No-Presubmit: true
No-Tree-Checks: true
No-Try: true

Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3225937
Reviewed-by: Nico Hartmann <nicoha...@chromium.org>
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Owners-Override: Nico Hartmann <nicoha...@chromium.org>
Commit-Queue: Nico Hartmann <nicoha...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77425}

[modify] https://crrev.com/e784bf6180d2f0d411f2fc4715beff9cebaabb83/src/execution/isolate.cc
[modify] https://crrev.com/e784bf6180d2f0d411f2fc4715beff9cebaabb83/test/cctest/test-serialize.cc
[modify] https://crrev.com/e784bf6180d2f0d411f2fc4715beff9cebaabb83/src/heap/heap.h
[modify] https://crrev.com/e784bf6180d2f0d411f2fc4715beff9cebaabb83/src/heap/heap.cc
[modify] https://crrev.com/e784bf6180d2f0d411f2fc4715beff9cebaabb83/src/heap/local-heap.h
[modify] https://crrev.com/e784bf6180d2f0d411f2fc4715beff9cebaabb83/src/execution/isolate.h
[modify] https://crrev.com/e784bf6180d2f0d411f2fc4715beff9cebaabb83/src/api/api.cc
[modify] https://crrev.com/e784bf6180d2f0d411f2fc4715beff9cebaabb83/src/heap/local-heap.cc
[modify] https://crrev.com/e784bf6180d2f0d411f2fc4715beff9cebaabb83/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #22 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c22

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/535242ff6e7f562a24b0b220759d49316f995e78

commit 535242ff6e7f562a24b0b220759d49316f995e78
Author: Dominik Inführ <dinf...@chromium.org>
Date: Mon Oct 18 15:07:26 2021

Reland "[heap] Attach to shared isolate after setting up main thread"

This is a reland of 929b83fb7b54aebf9b0170e4c8719b357b0393a8

This version of the CL also fixes initialization of the
marking_barrier_ in the LocalHeap constructor.

This CL also got rebased on Victor's CL in https://crrev.com/c/3229361.
It added a code_space_allocator_ in LocalHeap which needs to be
initialized a bit later on the main thread as well.

Original change's description:
> [heap] Attach to shared isolate after setting up main thread
>
> Attach to the shared isolate after the main thread was set up. Otherwise
> it could happen that a shared GC initiated from another isolate might
> see no threads are running and performs the safepoint operation in the
> middle of isolate deserialization.
>
> We use DisallowSafepoints to check that the isolate doesn't join a
> global safepoint before deserialization is complete. DisallowSafepoints
> used to prevent only invocations of Safepoint() but was updated to
> also prevent Park() and Unpark() invocations. Each state change could
> cause the thread to reach a safepoint, which would allow a shared GC
> to run.
>
> We now also DCHECK that every isolate has at least one local heap and
> that shared collections aren't started before deserialization is
> complete.
>
> Bug: v8:11708
> Change-Id: Iba3fb59dd951d5ee4fc9934158062287302fc279
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3221157
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Reviewed-by: Shu-yu Guo <s...@chromium.org>
> Reviewed-by: Jakob Gruber <jgr...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77424}

Bug: v8:11708

Change-Id: I7d44e4a5f76cc09092c2444cede10e9331222c1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229361

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Shu-yu Guo <s...@chromium.org>
Reviewed-by: Jakob Gruber <jgr...@chromium.org>

Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77448}

[modify] https://crrev.com/535242ff6e7f562a24b0b220759d49316f995e78/test/unittests/heap/local-heap-unittest.cc
[modify] https://crrev.com/535242ff6e7f562a24b0b220759d49316f995e78/src/execution/isolate.cc
[modify] https://crrev.com/535242ff6e7f562a24b0b220759d49316f995e78/test/cctest/test-serialize.cc
[modify] https://crrev.com/535242ff6e7f562a24b0b220759d49316f995e78/src/heap/heap.h
[modify] https://crrev.com/535242ff6e7f562a24b0b220759d49316f995e78/src/heap/heap.cc
[modify] https://crrev.com/535242ff6e7f562a24b0b220759d49316f995e78/src/heap/local-heap.h
[modify] https://crrev.com/535242ff6e7f562a24b0b220759d49316f995e78/src/execution/isolate.h
[modify] https://crrev.com/535242ff6e7f562a24b0b220759d49316f995e78/src/api/api.cc
[modify] https://crrev.com/535242ff6e7f562a24b0b220759d49316f995e78/src/heap/local-heap.cc
[modify] https://crrev.com/535242ff6e7f562a24b0b220759d49316f995e78/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #23 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c23

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/c599a99a3d2ca988f65183146e5c23e2c709c0f7

commit c599a99a3d2ca988f65183146e5c23e2c709c0f7
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Nov 04 15:22:32 2021

[heap] Introduce GlobalSafepoint and GlobalSafepointScope

Move logic to perform a global safepoint into GlobalSafepointScope
respectively GlobalSafepoint for easier reuse of this functionality in
the future.

Note that full functionality for a global safepoint will be provided
in a subsequent CL.

Bug: v8:11708
Change-Id: I80dd22c36ab01df573623aa36ead9cc373663b9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259531
Reviewed-by: Igor Sheludko <ish...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77719}

[modify] https://crrev.com/c599a99a3d2ca988f65183146e5c23e2c709c0f7/src/heap/safepoint.h
[modify] https://crrev.com/c599a99a3d2ca988f65183146e5c23e2c709c0f7/src/logging/counters-definitions.h
[modify] https://crrev.com/c599a99a3d2ca988f65183146e5c23e2c709c0f7/src/execution/isolate.cc
[modify] https://crrev.com/c599a99a3d2ca988f65183146e5c23e2c709c0f7/src/heap/heap.cc
[modify] https://crrev.com/c599a99a3d2ca988f65183146e5c23e2c709c0f7/src/init/heap-symbols.h
[modify] https://crrev.com/c599a99a3d2ca988f65183146e5c23e2c709c0f7/src/execution/isolate.h
[modify] https://crrev.com/c599a99a3d2ca988f65183146e5c23e2c709c0f7/src/heap/mark-compact.cc
[modify] https://crrev.com/c599a99a3d2ca988f65183146e5c23e2c709c0f7/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #24 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c24

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a

commit 90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a
Author: Dominik Inführ <dinf...@chromium.org>
Date: Tue Nov 09 14:10:56 2021

[heap] Support multiple clients in shared GC

Add support for safepointing multiple isolates as described in the
design doc (link is below). A safepoint across multiple isolates is
considered a global safepoint to distinguish it from regular safepoints.

The basic idea behind the implementation is that we reach a
safepoint for each client. What's new is that now also main threads
need to participate in the safepointing protocol and need to give up
control in time. The slow paths of Park(), Unpark() and Safepoint() on
the main thread need to be adjusted for this reason as well.

This CL introduces GlobalSafepoint and GlobalSafepointScope to mirror
IsolateSafepoint and IsolateSafepointScope.

This CL adds the type IgnoreLocalGCRequests, it is used to prevent
Park() and Unpark() from honoring the request from background threads
to perform a local GC. This is used heap-internally to not have GCs
(or even nested GCs) in certain locations. E.g. when initiating a
safepoint to perform a GC we don't want a "recursive" GC to occur.

Design doc: https://docs.google.com/document/d/1y6C9zAACEr0sBYMIYk3YpXosnkF3Ak4CEuWJu1-3zXs/edit?usp=sharing

Bug: v8:11708
Change-Id: I5aca8f5f24873279271a53be3bb093fc92a1a1eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009224
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Jakob Gruber <jgr...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77812}

[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/heap/gc-tracer.cc
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/heap/safepoint.h
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/heap/heap-inl.h
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/heap/concurrent-allocator.cc
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/heap/parked-scope.h
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/init/heap-symbols.h
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/test/cctest/heap/test-shared-heap.cc
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/heap/local-heap.cc
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/execution/isolate.cc
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/heap/collection-barrier.cc
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/heap/heap.h
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/heap/heap.cc
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/heap/local-heap.h
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/heap/concurrent-allocator.h
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/heap/safepoint.cc
[modify] https://crrev.com/90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a/src/heap/collection-barrier.h

[Git Watcher via monorail]

Comment #25 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c25

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3

commit 2f98fb28d656ee15ec6cc3f51fe39cc044df30c3
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Nov 11 10:20:16 2021

Revert "[heap] Support multiple clients in shared GC"

This reverts commit 90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a.

Reason for revert: Seems to make some test to fail flakily. Revert for now until this is fixed.

Original change's description:

> [heap] Support multiple clients in shared GC
>
> Add support for safepointing multiple isolates as described in the
> design doc (link is below). A safepoint across multiple isolates is
> considered a global safepoint to distinguish it from regular safepoints.
>
> The basic idea behind the implementation is that we reach a
> safepoint for each client. What's new is that now also main threads
> need to participate in the safepointing protocol and need to give up
> control in time. The slow paths of Park(), Unpark() and Safepoint() on
> the main thread need to be adjusted for this reason as well.
>
> This CL introduces GlobalSafepoint and GlobalSafepointScope to mirror
> IsolateSafepoint and IsolateSafepointScope.
>
> This CL adds the type IgnoreLocalGCRequests, it is used to prevent
> Park() and Unpark() from honoring the request from background threads
> to perform a local GC. This is used heap-internally to not have GCs
> (or even nested GCs) in certain locations. E.g. when initiating a
> safepoint to perform a GC we don't want a "recursive" GC to occur.
>
> Design doc: https://docs.google.com/document/d/1y6C9zAACEr0sBYMIYk3YpXosnkF3Ak4CEuWJu1-3zXs/edit?usp=sharing
>
> Bug: v8:11708
> Change-Id: I5aca8f5f24873279271a53be3bb093fc92a1a1eb
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009224
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>
> Reviewed-by: Jakob Gruber <jgr...@chromium.org>
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77812}

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:11708
Change-Id: I85fbf896c59492fc571b3bfaa7f9e3ea8a883260
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275552
Auto-Submit: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Jakob Gruber <jgr...@chromium.org>
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Commit-Queue: Jakob Gruber <jgr...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77845}

[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/heap/gc-tracer.cc
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/heap/safepoint.h
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/heap/concurrent-allocator.cc
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/heap/heap-inl.h
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/heap/parked-scope.h
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/init/heap-symbols.h
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/test/cctest/heap/test-shared-heap.cc
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/heap/local-heap.cc
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/execution/isolate.cc
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/heap/collection-barrier.cc
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/heap/heap.h
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/heap/heap.cc
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/heap/local-heap.h
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/heap/concurrent-allocator.h
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/heap/collection-barrier.h
[modify] https://crrev.com/2f98fb28d656ee15ec6cc3f51fe39cc044df30c3/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #26 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c26

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/d3f1fcaab068cf34696f8e0858992412de5a1fcb

commit d3f1fcaab068cf34696f8e0858992412de5a1fcb
Author: Shu-yu Guo <s...@chromium.org>
Date: Fri Nov 12 17:53:41 2021

[heap] Skip values in marking barrier if heap sharedness mismatches

When incrementally marking a non-shared heap, shared values should not
be marked. Similarly, non-shared values should not be marked when
incrementally marking a shared heap.

Bug: v8:11708
Change-Id: Iecd799e7e3060e5fb3897b8be0c4e8158d9ff57f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3278673
Commit-Queue: Shu-yu Guo <s...@chromium.org>
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77881}

[modify] https://crrev.com/d3f1fcaab068cf34696f8e0858992412de5a1fcb/src/heap/marking-barrier.h
[modify] https://crrev.com/d3f1fcaab068cf34696f8e0858992412de5a1fcb/src/heap/marking-barrier-inl.h
[modify] https://crrev.com/d3f1fcaab068cf34696f8e0858992412de5a1fcb/src/heap/marking-barrier.cc

[Git Watcher via monorail]

Comment #27 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c27

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/fa8345df52f20410b30e65aafe9b8b397b0c6437

commit fa8345df52f20410b30e65aafe9b8b397b0c6437
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Nov 18 14:39:08 2021

[heap] SafepointScope needs GCs to be allowed

A SafepointScope might need to block for a shared GC initiated from
another client isolate. This means that anytime we create a
SafepointScope a shared GC may run. This CL adds a DCHECK to ensure
AllowGarbageCollected::IsAllowed() holds for each SafepointScope.

So far this DCHECK was only run in the less likely event that a
SafepointScope actually runs a shared GC. Which is technically good
enough but it is easy to miss use cases of SafepointScope where this
does not hold.

Bug: v8:11708, v8:12377
Change-Id: I30cc33c05ebe4835430e1d699a86079810523858
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289625

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Jakob Gruber <jgr...@chromium.org>

Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77976}

[modify] https://crrev.com/fa8345df52f20410b30e65aafe9b8b397b0c6437/src/snapshot/snapshot.cc
[modify] https://crrev.com/fa8345df52f20410b30e65aafe9b8b397b0c6437/src/execution/isolate.cc
[modify] https://crrev.com/fa8345df52f20410b30e65aafe9b8b397b0c6437/src/heap/safepoint.h
[modify] https://crrev.com/fa8345df52f20410b30e65aafe9b8b397b0c6437/src/heap/heap.h
[modify] https://crrev.com/fa8345df52f20410b30e65aafe9b8b397b0c6437/src/heap/heap.cc
[modify] https://crrev.com/fa8345df52f20410b30e65aafe9b8b397b0c6437/src/debug/debug-coverage.cc
[modify] https://crrev.com/fa8345df52f20410b30e65aafe9b8b397b0c6437/src/api/api.cc
[modify] https://crrev.com/fa8345df52f20410b30e65aafe9b8b397b0c6437/src/logging/log.cc
[modify] https://crrev.com/fa8345df52f20410b30e65aafe9b8b397b0c6437/src/heap/safepoint.cc
[modify] https://crrev.com/fa8345df52f20410b30e65aafe9b8b397b0c6437/src/debug/debug.cc

[Git Watcher via monorail]

Comment #28 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c28

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/7e62e2aa6075624e1520f78bcfdd682ea8368eab

commit 7e62e2aa6075624e1520f78bcfdd682ea8368eab
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Nov 19 13:23:13 2021

[heap] Fix DCHECK failure in Heap::StartIncrementalMarking

When starting incremental marking from an allocation observer, the
DCHECK for AllowGarbageCollection::IsAllowed() fails. We need to
explicitly allow this here in order to use SafepointScope.

Bug: chromium:1271659, v8:11708, v8:12413
Change-Id: I8607a82faed50f8dfffce1e495fb5e715a47bc1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3293086
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Auto-Submit: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#77996}

[modify] https://crrev.com/7e62e2aa6075624e1520f78bcfdd682ea8368eab/src/heap/heap.cc

[Git Watcher via monorail]

Comment #29 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c29

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/2c88cec4cf9b257caf3ab94e135e14899ed42510

commit 2c88cec4cf9b257caf3ab94e135e14899ed42510
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Nov 19 15:10:29 2021

Reland "[heap] Support multiple clients in shared GC"

This is a reland of 90a9d6cb137be9a72f67c5dcaa5ec38ee8ee780a

The original CL got reverted because of two different issues:

* The DCHECK failure on AllowGarbageCollection::IsAllowed() got fixed
in https://crrev.com/c/3289625.
* The crash with the incremental marking job were because of a nested
GC started from a SafepointScope. This CL adds IgnoreLocalGCRequests
scopes to SafepointScopes in src/heap.

In addition this CL prevents shared GCs during isolate deserialization
by locking the clients_mutex_ until the isolate is fully deserialized.
The original GC used a DisallowSafepoints scope to prevent shared GCs
from interrupting isolate deserialization.

Original change's description:
> [heap] Support multiple clients in shared GC
>
> Add support for safepointing multiple isolates as described in the
> design doc (link is below). A safepoint across multiple isolates is
> considered a global safepoint to distinguish it from regular safepoints.
>
> The basic idea behind the implementation is that we reach a
> safepoint for each client. What's new is that now also main threads
> need to participate in the safepointing protocol and need to give up
> control in time. The slow paths of Park(), Unpark() and Safepoint() on
> the main thread need to be adjusted for this reason as well.
>
> This CL introduces GlobalSafepoint and GlobalSafepointScope to mirror
> IsolateSafepoint and IsolateSafepointScope.
>
> This CL adds the type IgnoreLocalGCRequests, it is used to prevent
> Park() and Unpark() from honoring the request from background threads
> to perform a local GC. This is used heap-internally to not have GCs
> (or even nested GCs) in certain locations. E.g. when initiating a
> safepoint to perform a GC we don't want a "recursive" GC to occur.
>
> Design doc: https://docs.google.com/document/d/1y6C9zAACEr0sBYMIYk3YpXosnkF3Ak4CEuWJu1-3zXs/edit?usp=sharing
>
> Bug: v8:11708
> Change-Id: I5aca8f5f24873279271a53be3bb093fc92a1a1eb
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009224
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>
> Reviewed-by: Jakob Gruber <jgr...@chromium.org>

> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77812}

Bug: v8:11708, v8:12375, v8:12377
Change-Id: I9d1af6fbc06a3a8b6f216ec5e9027665ad071809
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3283067
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Jakob Gruber <jgr...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78013}

[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/heap/gc-tracer.cc
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/heap/safepoint.h
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/heap/concurrent-allocator.cc
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/heap/heap-inl.h
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/heap/parked-scope.h
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/init/heap-symbols.h
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/test/cctest/heap/test-shared-heap.cc
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/heap/local-heap.cc
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/execution/isolate.cc
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/heap/collection-barrier.cc
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/heap/heap.h
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/heap/heap.cc
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/heap/local-heap.h
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/heap/concurrent-allocator.h
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/heap/collection-barrier.h
[modify] https://crrev.com/2c88cec4cf9b257caf3ab94e135e14899ed42510/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #30 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c30

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/6a2cf92302e1acf9f41fe4386062722cc1bf2de8

commit 6a2cf92302e1acf9f41fe4386062722cc1bf2de8
Author: Dominik Inführ <dinf...@chromium.org>
Date: Mon Nov 22 09:51:03 2021

[snapshot] Pass GlobalSafepointScope to Snapshot::Create

Instead of just DCHECKing that we are in a safepoint in
Snapshot::Create, pass the GlobalSafepointScope as argument.

Bug: v8:11708, v8:12377

Change-Id: Ia856c27b92223bf3a96fe6946b86e4625f3a1e0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295342

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Jakob Gruber <jgr...@chromium.org>

Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78014}

[modify] https://crrev.com/6a2cf92302e1acf9f41fe4386062722cc1bf2de8/src/snapshot/snapshot.cc
[modify] https://crrev.com/6a2cf92302e1acf9f41fe4386062722cc1bf2de8/src/snapshot/snapshot.h
[modify] https://crrev.com/6a2cf92302e1acf9f41fe4386062722cc1bf2de8/src/api/api.cc

[Git Watcher via monorail]

Comment #31 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c31

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/ce9453bb463692dabbb6662143c525ab2b17b03a

commit ce9453bb463692dabbb6662143c525ab2b17b03a
Author: Dominik Inführ <dinf...@chromium.org>
Date: Mon Dec 06 08:30:41 2021

[heap] Find references in client heaps to shared objects in shared GC

When performing a shared GC, we need to find references from the client
heaps into the shared heaps. For now we achieve this by simply
iterating all objects in client heaps.

We need to do this both for marking and when updating pointers after
evacuation.

Bug: v8:11708
Change-Id: Ic1dd94cc352be0404095e548979c37b1ef25682a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300142
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Shu-yu Guo <s...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78240}

[modify] https://crrev.com/ce9453bb463692dabbb6662143c525ab2b17b03a/src/heap/heap.cc
[modify] https://crrev.com/ce9453bb463692dabbb6662143c525ab2b17b03a/src/heap/mark-compact.h
[modify] https://crrev.com/ce9453bb463692dabbb6662143c525ab2b17b03a/src/init/heap-symbols.h
[modify] https://crrev.com/ce9453bb463692dabbb6662143c525ab2b17b03a/test/cctest/heap/test-shared-heap.cc
[modify] https://crrev.com/ce9453bb463692dabbb6662143c525ab2b17b03a/src/heap/mark-compact.cc
[modify] https://crrev.com/ce9453bb463692dabbb6662143c525ab2b17b03a/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #32 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c32

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/fd23e91464183b767d3d8679d75992d911c23d87

commit fd23e91464183b767d3d8679d75992d911c23d87
Author: Dominik Inführ <dinf...@chromium.org>
Date: Mon Dec 06 13:05:26 2021

[heap] Make active_safepoint_scopes_ non-atomic

Field used to be atomic for AssertActive() but now that this method
uses another approach, we can make that field non-atomic again.

Bug: v8:11708
Change-Id: I5254aa5e655844739082144fc75ba9f0c13d1ba0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317424
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78273}

[modify] https://crrev.com/fd23e91464183b767d3d8679d75992d911c23d87/src/heap/safepoint.h
[modify] https://crrev.com/fd23e91464183b767d3d8679d75992d911c23d87/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #33 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c33

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/86038ecfdc8315e394880a9decfa1bbda7d11748

commit 86038ecfdc8315e394880a9decfa1bbda7d11748
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed Dec 08 15:46:57 2021

[heap] Optimize time to reach global safepoint

Initial support for global safepoints kept it simple by entering a
safepoint for each of them one after another. This means
time-to-global-safepoint is the sum of all time-to-safepoint operations.
We can improve this slightly by splitting up the safepoint iteration
into two operations:

1) Initiate safepoint lock (locks local_heaps_mutex_, arms the barrier
and sets SafepointRequested flag for all client threads)
2) Block until all runnning client threads reach a safepoint

We now perform operation 1) for all clients first and only then start
with operation 2).

Bug: v8:11708
Change-Id: Iaafd3c6d70bcf7026f722633e9250b04148b3da6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310910

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#78308}

[modify] https://crrev.com/86038ecfdc8315e394880a9decfa1bbda7d11748/src/heap/safepoint.h
[modify] https://crrev.com/86038ecfdc8315e394880a9decfa1bbda7d11748/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #34 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c34

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/b51a100dbd41643337dcda4fd98dd71a8a6846d9

commit b51a100dbd41643337dcda4fd98dd71a8a6846d9
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Dec 09 20:28:38 2021

Revert "[heap] Optimize time to reach global safepoint"

This reverts commit 86038ecfdc8315e394880a9decfa1bbda7d11748.

Reason for revert: Caused TSAN failures

Original change's description:

> [heap] Optimize time to reach global safepoint
>
> Initial support for global safepoints kept it simple by entering a
> safepoint for each of them one after another. This means
> time-to-global-safepoint is the sum of all time-to-safepoint operations.
> We can improve this slightly by splitting up the safepoint iteration
> into two operations:
>
> 1) Initiate safepoint lock (locks local_heaps_mutex_, arms the barrier
> and sets SafepointRequested flag for all client threads)
> 2) Block until all runnning client threads reach a safepoint
>
> We now perform operation 1) for all clients first and only then start
> with operation 2).
>
> Bug: v8:11708
> Change-Id: Iaafd3c6d70bcf7026f722633e9250b04148b3da6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310910
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78308}

Bug: v8:11708, v8:12492
Change-Id: I32ef7139d4392adfadeffeb70c06f3ed18109ca8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3328782
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78328}

[modify] https://crrev.com/b51a100dbd41643337dcda4fd98dd71a8a6846d9/src/heap/safepoint.h
[modify] https://crrev.com/b51a100dbd41643337dcda4fd98dd71a8a6846d9/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #35 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c35

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/a0ed6096f3092bb7ae090d01576ec29240aa06e4

commit a0ed6096f3092bb7ae090d01576ec29240aa06e4
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Dec 09 21:06:57 2021

[heap] Introduce CLIENT_TO_SHARED remembered set

During a shared GC we need to iterate the twice: for marking and later
when updating pointers after evacuation. This CL introduces a new
remembered set to avoid the second heap iteration, the remembered set
is created when iterating the client heaps for marking. When updating
pointers, the GC only needs to visit slots in the remembered set.
CLIENT_TO_SHARED is only used during GC atm.

Bug: v8:11708
Change-Id: Ie7482babb53b5f6ca2115daafe6f208acae98d6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315443

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#78332}

[modify] https://crrev.com/a0ed6096f3092bb7ae090d01576ec29240aa06e4/src/heap/spaces-inl.h
[modify] https://crrev.com/a0ed6096f3092bb7ae090d01576ec29240aa06e4/tools/v8heapconst.py
[modify] https://crrev.com/a0ed6096f3092bb7ae090d01576ec29240aa06e4/src/heap/paged-spaces.h
[modify] https://crrev.com/a0ed6096f3092bb7ae090d01576ec29240aa06e4/src/heap/mark-compact.h
[modify] https://crrev.com/a0ed6096f3092bb7ae090d01576ec29240aa06e4/src/heap/heap.cc
[modify] https://crrev.com/a0ed6096f3092bb7ae090d01576ec29240aa06e4/src/heap/spaces.h
[modify] https://crrev.com/a0ed6096f3092bb7ae090d01576ec29240aa06e4/src/heap/memory-chunk.cc
[modify] https://crrev.com/a0ed6096f3092bb7ae090d01576ec29240aa06e4/src/heap/mark-compact.cc
[modify] https://crrev.com/a0ed6096f3092bb7ae090d01576ec29240aa06e4/src/heap/memory-chunk-layout.h
[modify] https://crrev.com/a0ed6096f3092bb7ae090d01576ec29240aa06e4/src/heap/new-spaces.h
[modify] https://crrev.com/a0ed6096f3092bb7ae090d01576ec29240aa06e4/src/heap/large-spaces.h

[Git Watcher via monorail]

Comment #36 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c36

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/fb855334e5b06a868910140e35e305e53fcddea2

commit fb855334e5b06a868910140e35e305e53fcddea2
Author: Shu-yu Guo <s...@chromium.org>
Date: Fri Jan 07 17:03:37 2022

[heap] Fix --trace-gc-object-stats stats in debug builds

Bug: v8:11708
Change-Id: Ibf0f91b9e63646f226a2e70ec4a1733820e968ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3373135
Auto-Submit: Shu-yu Guo <s...@chromium.org>
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78538}

[modify] https://crrev.com/fb855334e5b06a868910140e35e305e53fcddea2/src/heap/object-stats.cc

[Git Watcher via monorail]

Comment #37 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c37

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/93f28d16c7c638726b6fa69f72ef5a505c3dcaed

commit 93f28d16c7c638726b6fa69f72ef5a505c3dcaed
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Dec 10 14:49:54 2021

Reland "[heap] Optimize time to reach global safepoint"

This is a reland of 86038ecfdc8315e394880a9decfa1bbda7d11748

Compared to the previous CL this one is adding a TSAN suppression
for GlobalSafepoint::EnterSafepointScope. local_heaps_mutex_ of client
isolates may be locked in any order. This would be detected by TSAN as a
potential race. Add some additional DCHECKs to compensate for that
missing test coverage.

As a cleanup this CL also removes the unused methods ContainsLocalHeap()
and ContainsAnyLocalHeap() from LocalHeap.

Original change's description:
> [heap] Optimize time to reach global safepoint
>
> Initial support for global safepoints kept it simple by entering a
> safepoint for each of them one after another. This means
> time-to-global-safepoint is the sum of all time-to-safepoint operations.
> We can improve this slightly by splitting up the safepoint iteration
> into two operations:
>
> 1) Initiate safepoint lock (locks local_heaps_mutex_, arms the barrier
> and sets SafepointRequested flag for all client threads)
> 2) Block until all runnning client threads reach a safepoint
>
> We now perform operation 1) for all clients first and only then start
> with operation 2).
>
> Bug: v8:11708
> Change-Id: Iaafd3c6d70bcf7026f722633e9250b04148b3da6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310910
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>

> Commit-Queue: Dominik Inführ <dinf...@chromium.org>

> Cr-Commit-Position: refs/heads/main@{#78308}

Bug: v8:11708, v8:12492

Change-Id: I7087ba23c08f2d4edb9b632eef3c218fc76342e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3328786
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78583}

[modify] https://crrev.com/93f28d16c7c638726b6fa69f72ef5a505c3dcaed/test/unittests/heap/local-heap-unittest.cc
[modify] https://crrev.com/93f28d16c7c638726b6fa69f72ef5a505c3dcaed/src/heap/safepoint.h
[modify] https://crrev.com/93f28d16c7c638726b6fa69f72ef5a505c3dcaed/tools/sanitizers/tsan_suppressions.txt
[modify] https://crrev.com/93f28d16c7c638726b6fa69f72ef5a505c3dcaed/src/heap/safepoint.cc

[Git Watcher via monorail]

Comment #38 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c38

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/28580740a70e689a75d5e8a2b0474125968e47ae

commit 28580740a70e689a75d5e8a2b0474125968e47ae
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed Jan 12 13:41:07 2022

[heap] Relax DCHECK in TRACE_GC

We might run TRACE_GC with ThreadKind::kMain not only on each isolate's
main thread but also on the shared isolate's thread during a shared GC.
The DCHECK is too restrictive for the latter case. This is safe because
the shared GC will stop all main threads before starting its work.

Bug: v8:11708
Change-Id: I1f40140d6502b1ec797dfa783fb693ed213efb3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380522

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#78588}

[modify] https://crrev.com/28580740a70e689a75d5e8a2b0474125968e47ae/src/heap/gc-tracer.cc
[modify] https://crrev.com/28580740a70e689a75d5e8a2b0474125968e47ae/src/heap/gc-tracer.h

[s… via monorail]

Issue 11708: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708

This issue is now blocking issue 12547.
See https://bugs.chromium.org/p/v8/issues/detail?id=12547

[Git Watcher via monorail]

Comment #40 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c40

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/0c4a512d068b06cf630b4d9e2330ef63105758ef

commit 0c4a512d068b06cf630b4d9e2330ef63105758ef
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed Jan 19 14:09:38 2022

[heap] host object is always non-null in PrepareRecordRelocSlot

Bug: v8:11708
Change-Id: I83c9559bb2aee062a53c1d67c293b8f6654c7d99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3400965
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Auto-Submit: Dominik Inführ <dinf...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78683}

[modify] https://crrev.com/0c4a512d068b06cf630b4d9e2330ef63105758ef/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #41 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c41

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/9ec7c67c0696b0c21a6d89d191a72e9b4ba53e55

commit 9ec7c67c0696b0c21a6d89d191a72e9b4ba53e55
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Jan 20 10:53:34 2022

[heap] Split MarkCompactCollector::PrepareRecordRelocSlot

Split method into ShouldRecordRelocSlot and ProcessRelocInfo.
ProcessRelocInfo can then be reused in the write barrier and in the
future for the OLD_TO_SHARED remembered set. SlotTypeForRelocInfoMode
got moved into ProcessRelocInfo.

In addition rename and document SlotTypes. This CL does not change
behavior.

Bug: v8:11708
Change-Id: Iff712e7e6f5d3a4da64510b67b604b9e04998361
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3400968
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78701}

[modify] https://crrev.com/9ec7c67c0696b0c21a6d89d191a72e9b4ba53e55/src/heap/slot-set.h
[modify] https://crrev.com/9ec7c67c0696b0c21a6d89d191a72e9b4ba53e55/src/heap/slot-set.cc
[modify] https://crrev.com/9ec7c67c0696b0c21a6d89d191a72e9b4ba53e55/src/heap/remembered-set-inl.h
[modify] https://crrev.com/9ec7c67c0696b0c21a6d89d191a72e9b4ba53e55/src/heap/heap.cc
[modify] https://crrev.com/9ec7c67c0696b0c21a6d89d191a72e9b4ba53e55/src/heap/mark-compact.h
[modify] https://crrev.com/9ec7c67c0696b0c21a6d89d191a72e9b4ba53e55/test/unittests/heap/slot-set-unittest.cc
[modify] https://crrev.com/9ec7c67c0696b0c21a6d89d191a72e9b4ba53e55/src/heap/remembered-set.h
[modify] https://crrev.com/9ec7c67c0696b0c21a6d89d191a72e9b4ba53e55/src/heap/mark-compact.cc
[modify] https://crrev.com/9ec7c67c0696b0c21a6d89d191a72e9b4ba53e55/src/heap/concurrent-marking.cc
[modify] https://crrev.com/9ec7c67c0696b0c21a6d89d191a72e9b4ba53e55/src/heap/marking-barrier.cc

[Git Watcher via monorail]

Comment #42 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c42

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/116ca00f206578800c05c6f864205386bf73ddf9

commit 116ca00f206578800c05c6f864205386bf73ddf9
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Jan 20 17:02:58 2022

[execution] Move v8::Locker::WasEverUsed() flag into Isolate

So far this flag was process-global, so if one isolate used v8::Locker
all isolates were forced to use v8::Locker. With the shared isolate
now being a thing that routinely gets migrated between different
threads, all users of the shared isolate would be forced to use
v8::Locker. So we now store that flag on the isolate such that using
v8::Locker for the shared isolate does not affect other isolates.

Deprecate v8::Locker::WasEverUsed() at the same time.

Bug: v8:11708
Change-Id: I60531f084cc1b1b113620c46f5bed20511f52c26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401595
Reviewed-by: Camillo Bruni <cbr...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Igor Sheludko <ish...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78712}

[modify] https://crrev.com/116ca00f206578800c05c6f864205386bf73ddf9/test/cctest/cctest.cc
[modify] https://crrev.com/116ca00f206578800c05c6f864205386bf73ddf9/src/execution/isolate.h
[modify] https://crrev.com/116ca00f206578800c05c6f864205386bf73ddf9/include/v8-locker.h
[modify] https://crrev.com/116ca00f206578800c05c6f864205386bf73ddf9/src/api/api.cc
[modify] https://crrev.com/116ca00f206578800c05c6f864205386bf73ddf9/src/logging/log.cc
[modify] https://crrev.com/116ca00f206578800c05c6f864205386bf73ddf9/src/execution/v8threads.cc
[modify] https://crrev.com/116ca00f206578800c05c6f864205386bf73ddf9/src/profiler/cpu-profiler.cc

[Git Watcher via monorail]

Comment #43 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c43

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/12e46091a00b7e6e4bcde27ed36b7426c82b91a5

commit 12e46091a00b7e6e4bcde27ed36b7426c82b91a5
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Jan 27 16:52:00 2022

[heap] Support client-to-shared refs in Code objects

Support references from code objects in the client heaps to shared heap objects. Such references are stored in a remembered set during marking, which is later used for updating pointers.

Bug: v8:11708
Change-Id: I8aeb508ddd14514ca65fa5acf3030dd8c2040168
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401588
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Camillo Bruni <cbr...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78819}

[add] https://crrev.com/12e46091a00b7e6e4bcde27ed36b7426c82b91a5/test/mjsunit/shared-string-in-code-object.js
[modify] https://crrev.com/12e46091a00b7e6e4bcde27ed36b7426c82b91a5/src/runtime/runtime-test.cc
[modify] https://crrev.com/12e46091a00b7e6e4bcde27ed36b7426c82b91a5/src/heap/heap.cc
[modify] https://crrev.com/12e46091a00b7e6e4bcde27ed36b7426c82b91a5/src/heap/memory-chunk.cc
[modify] https://crrev.com/12e46091a00b7e6e4bcde27ed36b7426c82b91a5/src/d8/d8.cc
[modify] https://crrev.com/12e46091a00b7e6e4bcde27ed36b7426c82b91a5/src/heap/mark-compact.cc
[modify] https://crrev.com/12e46091a00b7e6e4bcde27ed36b7426c82b91a5/src/runtime/runtime.h

[Git Watcher via monorail]

Comment #44 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c44

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/51c62b3cb2b6284f34e8e416272b95f044463b81

commit 51c62b3cb2b6284f34e8e416272b95f044463b81
Author: Adam Klein <ad...@chromium.org>
Date: Thu Jan 27 19:37:01 2022

Revert "[heap] Support client-to-shared refs in Code objects"

This reverts commit 12e46091a00b7e6e4bcde27ed36b7426c82b91a5.

Reason for revert: new test fails on GC stress bot:
https://cr-buildbucket.appspot.com/build/8823858142855002833

Original change's description:

> [heap] Support client-to-shared refs in Code objects
>
> Support references from code objects in the client heaps to shared heap objects. Such references are stored in a remembered set during marking, which is later used for updating pointers.
>
> Bug: v8:11708
> Change-Id: I8aeb508ddd14514ca65fa5acf3030dd8c2040168
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401588
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Reviewed-by: Camillo Bruni <cbr...@chromium.org>
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78819}

Bug: v8:11708
Change-Id: If8d15a22651f8b1cfca61be21a81f60b43f008a4

No-Presubmit: true
No-Tree-Checks: true
No-Try: true

Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3421725
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Commit-Queue: Adam Klein <ad...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78821}

[delete] https://crrev.com/84cf3230a9680aac3b73c410c2b758760b6d3066/test/mjsunit/shared-string-in-code-object.js
[modify] https://crrev.com/51c62b3cb2b6284f34e8e416272b95f044463b81/src/heap/heap.cc
[modify] https://crrev.com/51c62b3cb2b6284f34e8e416272b95f044463b81/src/runtime/runtime-test.cc
[modify] https://crrev.com/51c62b3cb2b6284f34e8e416272b95f044463b81/src/d8/d8.cc
[modify] https://crrev.com/51c62b3cb2b6284f34e8e416272b95f044463b81/src/heap/memory-chunk.cc
[modify] https://crrev.com/51c62b3cb2b6284f34e8e416272b95f044463b81/src/heap/mark-compact.cc
[modify] https://crrev.com/51c62b3cb2b6284f34e8e416272b95f044463b81/src/runtime/runtime.h

[Git Watcher via monorail]

Comment #45 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c45

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/4b8f1b1cff5b3ad70b1d0a8671a371079c380b6a

commit 4b8f1b1cff5b3ad70b1d0a8671a371079c380b6a
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Jan 28 10:17:45 2022

Reland "[heap] Support client-to-shared refs in Code objects"

This is a reland of 12e46091a00b7e6e4bcde27ed36b7426c82b91a5

Original change's description:
> [heap] Support client-to-shared refs in Code objects
>
> Support references from code objects in the client heaps to shared heap objects. Such references are stored in a remembered set during marking, which is later used for updating pointers.
>
> Bug: v8:11708
> Change-Id: I8aeb508ddd14514ca65fa5acf3030dd8c2040168
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401588
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Reviewed-by: Camillo Bruni <cbr...@chromium.org>
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78819}

Bug: v8:11708

Change-Id: I47bcf44b452fcffe8675fba03244b736ede14247
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422630

Reviewed-by: Camillo Bruni <cbr...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78838}

[add] https://crrev.com/4b8f1b1cff5b3ad70b1d0a8671a371079c380b6a/test/mjsunit/shared-string-in-code-object.js
[modify] https://crrev.com/4b8f1b1cff5b3ad70b1d0a8671a371079c380b6a/src/heap/heap.cc
[modify] https://crrev.com/4b8f1b1cff5b3ad70b1d0a8671a371079c380b6a/src/runtime/runtime-test.cc
[modify] https://crrev.com/4b8f1b1cff5b3ad70b1d0a8671a371079c380b6a/src/d8/d8.cc
[modify] https://crrev.com/4b8f1b1cff5b3ad70b1d0a8671a371079c380b6a/src/heap/memory-chunk.cc
[modify] https://crrev.com/4b8f1b1cff5b3ad70b1d0a8671a371079c380b6a/src/heap/mark-compact.cc
[modify] https://crrev.com/4b8f1b1cff5b3ad70b1d0a8671a371079c380b6a/src/runtime/runtime.h

[Git Watcher via monorail]

Comment #46 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c46

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/7fa014067cfd26916248e2ab4dd81e32eaa9a22b

commit 7fa014067cfd26916248e2ab4dd81e32eaa9a22b
Author: Nico Hartmann <nicoha...@chromium.org>
Date: Fri Jan 28 14:13:52 2022

Revert "Reland "[heap] Support client-to-shared refs in Code objects""

This reverts commit 4b8f1b1cff5b3ad70b1d0a8671a371079c380b6a.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/6292/overview

Original change's description:

> Reland "[heap] Support client-to-shared refs in Code objects"
>
> This is a reland of 12e46091a00b7e6e4bcde27ed36b7426c82b91a5
>
> Original change's description:
> > [heap] Support client-to-shared refs in Code objects
> >
> > Support references from code objects in the client heaps to shared heap objects. Such references are stored in a remembered set during marking, which is later used for updating pointers.
> >
> > Bug: v8:11708
> > Change-Id: I8aeb508ddd14514ca65fa5acf3030dd8c2040168
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401588
> > Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> > Reviewed-by: Camillo Bruni <cbr...@chromium.org>
> > Commit-Queue: Dominik Inführ <dinf...@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#78819}
>
> Bug: v8:11708
> Change-Id: I47bcf44b452fcffe8675fba03244b736ede14247
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422630
> Reviewed-by: Camillo Bruni <cbr...@chromium.org>
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78838}

Bug: v8:11708
Change-Id: I0ec57ad4d7dccf2271ff8c1048762cf2c1b97a42

No-Presubmit: true
No-Tree-Checks: true
No-Try: true

Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3424477
Auto-Submit: Nico Hartmann <nicoha...@chromium.org>
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicoha...@chromium.org>
Owners-Override: Nico Hartmann <nicoha...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78840}

[delete] https://crrev.com/d652a5db22a423d7a3c97a5685c5bae5de0662b6/test/mjsunit/shared-string-in-code-object.js
[modify] https://crrev.com/7fa014067cfd26916248e2ab4dd81e32eaa9a22b/src/heap/heap.cc
[modify] https://crrev.com/7fa014067cfd26916248e2ab4dd81e32eaa9a22b/src/runtime/runtime-test.cc
[modify] https://crrev.com/7fa014067cfd26916248e2ab4dd81e32eaa9a22b/src/d8/d8.cc
[modify] https://crrev.com/7fa014067cfd26916248e2ab4dd81e32eaa9a22b/src/heap/memory-chunk.cc
[modify] https://crrev.com/7fa014067cfd26916248e2ab4dd81e32eaa9a22b/src/heap/mark-compact.cc
[modify] https://crrev.com/7fa014067cfd26916248e2ab4dd81e32eaa9a22b/src/runtime/runtime.h

[Git Watcher via monorail]

Comment #47 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c47

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/1c3ac2d9f4de6688059baa42dcaafece3431ff54

commit 1c3ac2d9f4de6688059baa42dcaafece3431ff54
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Feb 03 09:02:23 2022

[heap] Fix data race when promoting objects into shared heap

Each GC thread needs their own instance of ConcurrentAllocator for
allocation. The LAB is always considered thread-local.

Bug: v8:12582, v8:11708
Change-Id: I39200202ec9fd07fa33b3ababa88e84a1a270778
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429294

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#78917}

[modify] https://crrev.com/1c3ac2d9f4de6688059baa42dcaafece3431ff54/src/heap/paged-spaces.cc
[modify] https://crrev.com/1c3ac2d9f4de6688059baa42dcaafece3431ff54/src/heap/scavenger.h
[modify] https://crrev.com/1c3ac2d9f4de6688059baa42dcaafece3431ff54/src/heap/scavenger.cc
[modify] https://crrev.com/1c3ac2d9f4de6688059baa42dcaafece3431ff54/src/heap/paged-spaces.h
[modify] https://crrev.com/1c3ac2d9f4de6688059baa42dcaafece3431ff54/src/heap/concurrent-allocator-inl.h
[modify] https://crrev.com/1c3ac2d9f4de6688059baa42dcaafece3431ff54/src/heap/concurrent-allocator.cc
[modify] https://crrev.com/1c3ac2d9f4de6688059baa42dcaafece3431ff54/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #48 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c48

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/d75f761334caae450aca30454dc22852fc6c7df1

commit d75f761334caae450aca30454dc22852fc6c7df1
Author: Dominik Inführ <dinf...@chromium.org>
Date: Mon Feb 07 13:43:19 2022

[heap] Use AlwaysAllocateScope for clients with shared allocations

When performing a shared allocation in a client we have checks for the
AlwaysAllocateScope in both client and shared isolate slow allocation
code paths. We need to enable both such that we don't fail with
spurious OOM failures with GC stress bots.

This change was already introduced with the reverted CL
https://crrev.com/c/3422630. Land this as its own CL until that CL
relands.

Bug: v8:11708, v8:12582
Change-Id: I81ca3f0aaec3ac3fbef9d0b7219e09fa056000f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3443503

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#78979}

[modify] https://crrev.com/d75f761334caae450aca30454dc22852fc6c7df1/src/heap/heap.cc

[Git Watcher via monorail]

Comment #49 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c49

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/01eb8ff9d04c9e0405b1fbf603bed2da767d4eb6

commit 01eb8ff9d04c9e0405b1fbf603bed2da767d4eb6
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed Feb 09 19:54:35 2022

[heap] Support --expose-gc with shared heap

--shared-string-table assumes that all old strings are in the shared
heap. However, when also using --expose-gc we create an external string
for the GC function name. So far external strings are always allocated
in the local old space though, which results in a heap verification
error. This CL creates external string in the shared old heap with
--shared-string-table enabled.

In order to pass all the tests this CL also has to:

* Stop marking into the shared heap for VisitEmbeddedPointer and
VisitCodePointer.
* Relax DCHECK in String::GetFlatContent: We cannot check the thread
id for any shared string. Even if that string isn't really shared atm.

Bug: v8:11708
Change-Id: I51fec5ba038d035be5fe5e1277ef9286efc8dc2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447371
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Shu-yu Guo <s...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79022}

[modify] https://crrev.com/01eb8ff9d04c9e0405b1fbf603bed2da767d4eb6/src/heap/marking-visitor-inl.h
[modify] https://crrev.com/01eb8ff9d04c9e0405b1fbf603bed2da767d4eb6/src/objects/string-inl.h
[add] https://crrev.com/01eb8ff9d04c9e0405b1fbf603bed2da767d4eb6/test/mjsunit/shared-memory/client-gc.js
[modify] https://crrev.com/01eb8ff9d04c9e0405b1fbf603bed2da767d4eb6/src/heap/factory-base.cc
[modify] https://crrev.com/01eb8ff9d04c9e0405b1fbf603bed2da767d4eb6/src/heap/factory.cc

[Git Watcher via monorail]

Comment #50 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c50

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/2694b75eb97b3d97d1f0b842702a423c0ea667dd

commit 2694b75eb97b3d97d1f0b842702a423c0ea667dd
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Feb 10 08:21:15 2022

Reland "Reland "[heap] Support client-to-shared refs in Code objects""

This is a reland of 4b8f1b1cff5b3ad70b1d0a8671a371079c380b6a

After landing https://crrev.com/c/3447371, we can reland this CL as-is
correctness-wise.

What's new in this CL is that we now treat references from client
objects into the shared heap as roots for the --track-retaining-path
feature.

Original change's description:
> Reland "[heap] Support client-to-shared refs in Code objects"
>
> This is a reland of 12e46091a00b7e6e4bcde27ed36b7426c82b91a5
>
> Original change's description:
> > [heap] Support client-to-shared refs in Code objects
> >
> > Support references from code objects in the client heaps to shared heap objects. Such references are stored in a remembered set during marking, which is later used for updating pointers.
> >
> > Bug: v8:11708
> > Change-Id: I8aeb508ddd14514ca65fa5acf3030dd8c2040168
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401588

> > Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> > Reviewed-by: Camillo Bruni <cbr...@chromium.org>
> > Commit-Queue: Dominik Inführ <dinf...@chromium.org>

> > Cr-Commit-Position: refs/heads/main@{#78819}
>
> Bug: v8:11708
> Change-Id: I47bcf44b452fcffe8675fba03244b736ede14247
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422630
> Reviewed-by: Camillo Bruni <cbr...@chromium.org>
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>

> Commit-Queue: Dominik Inführ <dinf...@chromium.org>

> Cr-Commit-Position: refs/heads/main@{#78838}

Bug: v8:11708

Change-Id: I5b48e942fa469eabb40e797e221d06c25af16443
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3425358
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Camillo Bruni <cbr...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79023}

[modify] https://crrev.com/2694b75eb97b3d97d1f0b842702a423c0ea667dd/src/heap/marking-visitor-inl.h
[modify] https://crrev.com/2694b75eb97b3d97d1f0b842702a423c0ea667dd/src/runtime/runtime-test.cc
[modify] https://crrev.com/2694b75eb97b3d97d1f0b842702a423c0ea667dd/src/heap/heap.cc
[modify] https://crrev.com/2694b75eb97b3d97d1f0b842702a423c0ea667dd/src/d8/d8.cc
[modify] https://crrev.com/2694b75eb97b3d97d1f0b842702a423c0ea667dd/src/heap/memory-chunk.cc
[modify] https://crrev.com/2694b75eb97b3d97d1f0b842702a423c0ea667dd/src/heap/mark-compact.cc
[add] https://crrev.com/2694b75eb97b3d97d1f0b842702a423c0ea667dd/test/mjsunit/shared-memory/shared-string-in-code-object.js
[modify] https://crrev.com/2694b75eb97b3d97d1f0b842702a423c0ea667dd/src/objects/visitors.h
[modify] https://crrev.com/2694b75eb97b3d97d1f0b842702a423c0ea667dd/src/runtime/runtime.h

[Git Watcher via monorail]

Comment #51 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c51

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/cf7234cc51bdda11cbe849ff3e70094dd5e9d105

commit cf7234cc51bdda11cbe849ff3e70094dd5e9d105
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Feb 10 10:59:38 2022

Revert "Reland "Reland "[heap] Support client-to-shared refs in Code objects"""

This reverts commit 2694b75eb97b3d97d1f0b842702a423c0ea667dd.

Reason for revert: Causes timeouts on waterfall (https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/38375/overview)

Bug: v8:11708
Change-Id: I3c5cb945261882122cd76a50aba5237106a25b65

No-Presubmit: true
No-Tree-Checks: true
No-Try: true

Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3451719
Auto-Submit: Dominik Inführ <dinf...@chromium.org>
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Toon Verwaest <verw...@chromium.org>
Commit-Queue: Toon Verwaest <verw...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79026}

[modify] https://crrev.com/cf7234cc51bdda11cbe849ff3e70094dd5e9d105/src/heap/marking-visitor-inl.h
[modify] https://crrev.com/cf7234cc51bdda11cbe849ff3e70094dd5e9d105/src/runtime/runtime-test.cc
[modify] https://crrev.com/cf7234cc51bdda11cbe849ff3e70094dd5e9d105/src/heap/heap.cc
[modify] https://crrev.com/cf7234cc51bdda11cbe849ff3e70094dd5e9d105/src/d8/d8.cc
[modify] https://crrev.com/cf7234cc51bdda11cbe849ff3e70094dd5e9d105/src/heap/memory-chunk.cc
[modify] https://crrev.com/cf7234cc51bdda11cbe849ff3e70094dd5e9d105/src/heap/mark-compact.cc
[delete] https://crrev.com/911f6f036599a827cad3c96e797346ccd01a9fe7/test/mjsunit/shared-memory/shared-string-in-code-object.js
[modify] https://crrev.com/cf7234cc51bdda11cbe849ff3e70094dd5e9d105/src/objects/visitors.h
[modify] https://crrev.com/cf7234cc51bdda11cbe849ff3e70094dd5e9d105/src/runtime/runtime.h

[Git Watcher via monorail]

Comment #52 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c52

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/5b9b539e4dc933c78e219bb958e6d28de3339b4b

commit 5b9b539e4dc933c78e219bb958e6d28de3339b4b
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Feb 10 18:42:14 2022

[heap] Do not allocate external strings in shared heap

ExternalStrings in the shared heap currently conflicts with the sandbox
project. We would need concurrent concurrent allocation in the external
pointer table but also require different accessors for them.

Since the shared string table doesn't really need ExternalStrings in
the shared heap for now, simply keep ExternalStrings in the client
heaps.

Bug: v8:11708, v8:12617
Change-Id: I272e40eaec4b7f368ce44f42f7f69bf27d53f9c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3451717
Reviewed-by: Shu-yu Guo <s...@chromium.org>

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#79039}

[modify] https://crrev.com/5b9b539e4dc933c78e219bb958e6d28de3339b4b/src/objects/string.h
[modify] https://crrev.com/5b9b539e4dc933c78e219bb958e6d28de3339b4b/src/objects/string.cc
[modify] https://crrev.com/5b9b539e4dc933c78e219bb958e6d28de3339b4b/src/objects/string-inl.h
[modify] https://crrev.com/5b9b539e4dc933c78e219bb958e6d28de3339b4b/src/heap/factory-base.cc
[modify] https://crrev.com/5b9b539e4dc933c78e219bb958e6d28de3339b4b/src/heap/heap.cc
[modify] https://crrev.com/5b9b539e4dc933c78e219bb958e6d28de3339b4b/src/heap/mark-compact.cc
[modify] https://crrev.com/5b9b539e4dc933c78e219bb958e6d28de3339b4b/src/heap/factory.cc
[modify] https://crrev.com/5b9b539e4dc933c78e219bb958e6d28de3339b4b/src/heap/scavenger-inl.h

[Git Watcher via monorail]

Comment #53 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c53

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/1bd4c2a81a7304dfcd016d5656335c75aad7a5a1

commit 1bd4c2a81a7304dfcd016d5656335c75aad7a5a1
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Feb 10 18:54:01 2022

[heap] Drop objects promoted into shared heap from marking worklist

Scavenger can promote objects into the shared heap. Since the scavenger
might also run while incremental marking is on, the promoted object
could already be stored in the marking worklist. When updating the
worklist after the scavenger, we need to remove entries with objects
promoted into the shared heap.

Bug: v8:11708, v8:12582

Change-Id: I4ccad74d23de7921e02adcdb04d2b4e46d9b3a4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3452115

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#79040}

[modify] https://crrev.com/1bd4c2a81a7304dfcd016d5656335c75aad7a5a1/src/heap/incremental-marking.cc

[Git Watcher via monorail]

Comment #54 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c54

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/60245d8397cd3764ec0f71339eae560b05e6c6cd

commit 60245d8397cd3764ec0f71339eae560b05e6c6cd
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Feb 11 14:44:32 2022

[d8] Prepare for shared GCs in d8

With shared GCs we need to stop all isolates in a safepoint. But in
some cases not every main thread of each isolate is able to reach a
safepoint. We need to park the main thread manually here in d8.

Bug: v8:11708
Change-Id: I45d495cecce92ebef7e25ff16ea852430f3645e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3456023
Auto-Submit: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Camillo Bruni <cbr...@chromium.org>
Commit-Queue: Camillo Bruni <cbr...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79067}

[modify] https://crrev.com/60245d8397cd3764ec0f71339eae560b05e6c6cd/src/d8/d8.cc

[Git Watcher via monorail]

Comment #55 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c55

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/e459c84b5f75464d30e28f0ed4dc8f7e43b71227

commit e459c84b5f75464d30e28f0ed4dc8f7e43b71227
Author: Dominik Inführ <dinf...@chromium.org>
Date: Mon Feb 14 11:37:14 2022

Reland^3 [heap] Support client-to-shared refs in Code objects

This is a reland of 2694b75eb97b3d97d1f0b842702a423c0ea667dd

The reason for the revert was fixed and landed in
https://crrrev.com/c/3456023, together with all changes in d8.cc. This
reland itself doesn't change the CL apart from rebasing.

Original change's description:
> Reland "Reland "[heap] Support client-to-shared refs in Code objects""
>
> This is a reland of 4b8f1b1cff5b3ad70b1d0a8671a371079c380b6a
>
> After landing https://crrev.com/c/3447371, we can reland this CL as-is
> correctness-wise.
>
> What's new in this CL is that we now treat references from client
> objects into the shared heap as roots for the --track-retaining-path
> feature.
>
> Original change's description:
> > Reland "[heap] Support client-to-shared refs in Code objects"
> >
> > This is a reland of 12e46091a00b7e6e4bcde27ed36b7426c82b91a5
> >
> > Original change's description:
> > > [heap] Support client-to-shared refs in Code objects
> > >
> > > Support references from code objects in the client heaps to shared heap objects. Such references are stored in a remembered set during marking, which is later used for updating pointers.
> > >
> > > Bug: v8:11708
> > > Change-Id: I8aeb508ddd14514ca65fa5acf3030dd8c2040168
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401588
> > > Reviewed-by: Michael Lippautz <mlip...@chromium.org>

> > > Reviewed-by: Camillo Bruni <cbr...@chromium.org>
> > > Commit-Queue: Dominik Inführ <dinf...@chromium.org>

> > > Cr-Commit-Position: refs/heads/main@{#78819}
> >
> > Bug: v8:11708
> > Change-Id: I47bcf44b452fcffe8675fba03244b736ede14247
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422630
> > Reviewed-by: Camillo Bruni <cbr...@chromium.org>

> > Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> > Commit-Queue: Dominik Inführ <dinf...@chromium.org>

> > Cr-Commit-Position: refs/heads/main@{#78838}
>
> Bug: v8:11708
> Change-Id: I5b48e942fa469eabb40e797e221d06c25af16443
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3425358
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>

> Reviewed-by: Camillo Bruni <cbr...@chromium.org>
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>

> Cr-Commit-Position: refs/heads/main@{#79023}

Bug: v8:11708

Change-Id: I83de1dc4dc4701cba4936a68923f6d9b97f7a6a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3455242

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#79070}

[modify] https://crrev.com/e459c84b5f75464d30e28f0ed4dc8f7e43b71227/src/heap/marking-visitor-inl.h
[modify] https://crrev.com/e459c84b5f75464d30e28f0ed4dc8f7e43b71227/src/heap/heap.cc
[modify] https://crrev.com/e459c84b5f75464d30e28f0ed4dc8f7e43b71227/src/runtime/runtime-test.cc
[modify] https://crrev.com/e459c84b5f75464d30e28f0ed4dc8f7e43b71227/src/heap/memory-chunk.cc
[modify] https://crrev.com/e459c84b5f75464d30e28f0ed4dc8f7e43b71227/src/heap/mark-compact.cc
[add] https://crrev.com/e459c84b5f75464d30e28f0ed4dc8f7e43b71227/test/mjsunit/shared-memory/shared-string-in-code-object.js
[modify] https://crrev.com/e459c84b5f75464d30e28f0ed4dc8f7e43b71227/src/objects/visitors.h
[modify] https://crrev.com/e459c84b5f75464d30e28f0ed4dc8f7e43b71227/src/runtime/runtime.h

[Git Watcher via monorail]

Comment #56 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c56

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/516341f30cff25cd1c82a7cf67330ab5580d515a

commit 516341f30cff25cd1c82a7cf67330ab5580d515a
Author: Dominik Inführ <dinf...@chromium.org>
Date: Tue Feb 15 09:02:24 2022

[heap] Avoid TransferColor in scavenger on shared objects

We must not use TransferColor on objects promoted into shared objects
when performing a scavenger during incremental marking.

Bug: v8:12628, v8:11708
Change-Id: I5833c0da8aa3dcd03287d3803a68189e85875bc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3463714

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#79089}

[modify] https://crrev.com/516341f30cff25cd1c82a7cf67330ab5580d515a/src/heap/scavenger.h
[modify] https://crrev.com/516341f30cff25cd1c82a7cf67330ab5580d515a/src/heap/scavenger-inl.h

[Git Watcher via monorail]

Comment #57 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c57

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/a183895687de28c08c3e023135148aab5dbf789d

commit a183895687de28c08c3e023135148aab5dbf789d
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Feb 17 10:40:07 2022

[heap] Allow shared references in WeakMap

Shared references can also be stored in WeakMaps and during marking we
need to be able to deal with such references. In a client GC shared
objects are treated as live, so we don't need to update or check mark
bits for such objects.

Bug: v8:11708
Change-Id: I0dbf797472c4779f462750dab63cc9b012aad091
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447365

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#79153}

[modify] https://crrev.com/a183895687de28c08c3e023135148aab5dbf789d/src/heap/marking-visitor-inl.h
[add] https://crrev.com/a183895687de28c08c3e023135148aab5dbf789d/test/mjsunit/shared-memory/shared-string-in-weak-map.js
[modify] https://crrev.com/a183895687de28c08c3e023135148aab5dbf789d/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #58 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c58

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/1b437aa87d59b6677dddff7727f1d62b75c53f78

commit 1b437aa87d59b6677dddff7727f1d62b75c53f78
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Feb 17 15:27:24 2022

[compiler] Always use full version of RecordWrite builtin

When we know that the value in a write barrier is a map, we know that
we are not going to have an old-to-new reference (maps are always in
old generation). Therefore we also don't really need the generational
barrier in RecordWrite. While this is technically correct, we don't
gain much from this optimization. The inline and out-of-line generated
code for the barrier is still the same as in all other cases. Which
means that outside marking we don't even reach the RecordWrite builtin.
Most write barrier executions happen outside incremental marking, hence
performance of the incremental marking barrier isn't critical. This CL
always uses the full RecordWrite builtin using a flag in order to
allow for an easy revert.

This CL is motivated by the shared heap work, which needs an additional
always-on barrier in the future (similar to OLD_TO_NEW) to keep a
OLD_TO_SHARED remembered set up-to-date. While maps are always in the
old generation, they maybe by located in the shared heap.

Bug: v8:11708
Change-Id: I71a6ded2547a0b2bbb9bbbd796dbcae0987b2232
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3471854
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Tobias Tebbi <te...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79160}

[modify] https://crrev.com/1b437aa87d59b6677dddff7727f1d62b75c53f78/src/flags/flag-definitions.h
[modify] https://crrev.com/1b437aa87d59b6677dddff7727f1d62b75c53f78/src/compiler/backend/ia32/code-generator-ia32.cc
[modify] https://crrev.com/1b437aa87d59b6677dddff7727f1d62b75c53f78/src/compiler/backend/x64/code-generator-x64.cc
[modify] https://crrev.com/1b437aa87d59b6677dddff7727f1d62b75c53f78/src/compiler/backend/arm/code-generator-arm.cc
[modify] https://crrev.com/1b437aa87d59b6677dddff7727f1d62b75c53f78/src/compiler/backend/arm64/code-generator-arm64.cc

[Git Watcher via monorail]

Comment #59 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c59

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/cf6cda0adbe3cd77a8fb0d60e4050ac65e2d84e2

commit cf6cda0adbe3cd77a8fb0d60e4050ac65e2d84e2
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Feb 17 16:12:48 2022

[heap] Rename CLIENT_TO_SHARED rememebered set to OLD_TO_SHARED

Start the implementation of the shared heap write barrier by renaming
CLIENT_TO_SHARED to OLD_TO_SHARED. I planned to do this with the CL
introducing the write barrier but in order to keep that CL smaller do
this here already.

Bug: v8:11708
Change-Id: I204c728e333a4e80c30c0992e43c3cb6752fc660
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468351
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79163}

[modify] https://crrev.com/cf6cda0adbe3cd77a8fb0d60e4050ac65e2d84e2/src/heap/memory-chunk.cc
[modify] https://crrev.com/cf6cda0adbe3cd77a8fb0d60e4050ac65e2d84e2/src/heap/mark-compact.cc
[modify] https://crrev.com/cf6cda0adbe3cd77a8fb0d60e4050ac65e2d84e2/src/heap/memory-chunk-layout.h

[Git Watcher via monorail]

Comment #60 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c60

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/89a21b685d71db73ca66f675f317e7d286fab7e3

commit 89a21b685d71db73ca66f675f317e7d286fab7e3
Author: Nico Hartmann <nicoha...@chromium.org>
Date: Fri Feb 18 11:06:24 2022

Revert "[heap] Allow shared references in WeakMap"

This reverts commit a183895687de28c08c3e023135148aab5dbf789d.

Reason for revert: https://bugs.chromium.org/p/v8/issues/detail?id=12642

Original change's description:

> [heap] Allow shared references in WeakMap
>
> Shared references can also be stored in WeakMaps and during marking we
> need to be able to deal with such references. In a client GC shared
> objects are treated as live, so we don't need to update or check mark
> bits for such objects.
>
> Bug: v8:11708
> Change-Id: I0dbf797472c4779f462750dab63cc9b012aad091
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447365

> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>

> Cr-Commit-Position: refs/heads/main@{#79153}

Bug: v8:11708
Change-Id: I113672aceba0ef5aa71f6fbedda7e0df854a437d

No-Presubmit: true
No-Tree-Checks: true
No-Try: true

Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474673

Auto-Submit: Nico Hartmann <nicoha...@chromium.org>
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicoha...@chromium.org>
Owners-Override: Nico Hartmann <nicoha...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#79168}

[modify] https://crrev.com/89a21b685d71db73ca66f675f317e7d286fab7e3/src/heap/marking-visitor-inl.h
[delete] https://crrev.com/a1faaf06a496cb85e4b26eefd20fd35265388923/test/mjsunit/shared-memory/shared-string-in-weak-map.js
[modify] https://crrev.com/89a21b685d71db73ca66f675f317e7d286fab7e3/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #61 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c61

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/c832c6b13bf0e73a0479991fa23bd0bcd79f24ec

commit c832c6b13bf0e73a0479991fa23bd0bcd79f24ec
Author: Liu Yu <li...@loongson.cn>
Date: Wed Feb 23 06:38:00 2022

[loong64][mips][compiler] Always use full version of RecordWrite builtin

Port commit 1b437aa87d59b6677dddff7727f1d62b75c53f78

Bug: v8:11708
Change-Id: I717ef7a7cb270580c14114d19f976f999f095185
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3482489
Auto-Submit: Yu Liu <li...@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojia...@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojia...@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#79219}

[modify] https://crrev.com/c832c6b13bf0e73a0479991fa23bd0bcd79f24ec/src/compiler/backend/mips/code-generator-mips.cc
[modify] https://crrev.com/c832c6b13bf0e73a0479991fa23bd0bcd79f24ec/src/compiler/backend/loong64/code-generator-loong64.cc
[modify] https://crrev.com/c832c6b13bf0e73a0479991fa23bd0bcd79f24ec/src/compiler/backend/mips64/code-generator-mips64.cc

[Git Watcher via monorail]

Comment #62 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c62

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/ca6d783e74789a4787502a0e7b6ae8b1c16c49b0

commit ca6d783e74789a4787502a0e7b6ae8b1c16c49b0
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed Feb 23 13:21:07 2022

[heap] Bailout in top frame visitor for references into client heaps

Unlike regular marking code we can encounter client references in a
shared GC, so we need a bail out here as well.

Bug: v8:11708, v8:12647
Change-Id: Ie5ccb66206a8dca7d7bb08c75c90ce4999ed5a78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3483663

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Auto-Submit: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79241}

[modify] https://crrev.com/ca6d783e74789a4787502a0e7b6ae8b1c16c49b0/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #63 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c63

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/17b3a623d7a484908edcb84519b955ee5510d946

commit 17b3a623d7a484908edcb84519b955ee5510d946
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed Feb 23 21:47:47 2022

[d8] Park thread before blocking in semaphore

We need to park the isolate's main thread before blocking in the
semaphore to allow a shared GC to happen in the meantime.

Bug: v8:11708, v8:12647

Change-Id: Ide215d2c811caee84663d8749b7d94a414c44bd8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3485678
Auto-Submit: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Camillo Bruni <cbr...@chromium.org>
Commit-Queue: Camillo Bruni <cbr...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79261}

[modify] https://crrev.com/17b3a623d7a484908edcb84519b955ee5510d946/src/d8/d8.cc

[Git Watcher via monorail]

Comment #64 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c64

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/7768e9347b23e064bcd1a53261ceed7403e0ffd9

commit 7768e9347b23e064bcd1a53261ceed7403e0ffd9
Author: Dominik Inführ <dinf...@chromium.org>

Date: Thu Feb 17 10:40:07 2022

Reland "[heap] Allow shared references in WeakMap"

This is a reland of a183895687de28c08c3e023135148aab5dbf789d

Now that https://crrev.com/c/3485678 landed and fixed the deadlock
in the linked bug, we can reland this CL without changes.

Original change's description:
> [heap] Allow shared references in WeakMap
>
> Shared references can also be stored in WeakMaps and during marking we
> need to be able to deal with such references. In a client GC shared
> objects are treated as live, so we don't need to update or check mark
> bits for such objects.
>
> Bug: v8:11708
> Change-Id: I0dbf797472c4779f462750dab63cc9b012aad091
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447365

> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>

> Cr-Commit-Position: refs/heads/main@{#79153}

Bug: v8:11708, v8:12642
Change-Id: I5945a16255647c897a1df834267137bf73b6207f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3485679
Auto-Submit: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79267}

[modify] https://crrev.com/7768e9347b23e064bcd1a53261ceed7403e0ffd9/src/heap/marking-visitor-inl.h
[add] https://crrev.com/7768e9347b23e064bcd1a53261ceed7403e0ffd9/test/mjsunit/shared-memory/shared-string-in-weak-map.js
[modify] https://crrev.com/7768e9347b23e064bcd1a53261ceed7403e0ffd9/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #65 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c65

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/3eb8671edb3375606ac9168a7760580077f17a69

commit 3eb8671edb3375606ac9168a7760580077f17a69
Author: Dominik Inführ <dinf...@chromium.org>
Date: Tue Mar 29 12:06:10 2022

[heap] Fix global safepoint when waiting in event loop

When starting a global safepoint, it could happen that one isolate is
waiting/blocking in the event loop, which prevents this isolate from
reaching a safepoint. As a consequence we therefore deadlock when
performing the safepoint. We can solve this by simply posting a task
for each isolate that when run performs a safepoint check.

This CL also renames IncludeMainThreadUnlessInitiator to
ShouldIncludeMainThread.

Bug: v8:11708, v8:12645
Change-Id: Ide956b3c39b350c2bb0279a7dd94ff79cb9d771b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3555771
Reviewed-by: Anton Bikineev <biki...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79675}

[modify] https://crrev.com/3eb8671edb3375606ac9168a7760580077f17a69/src/heap/safepoint.h
[modify] https://crrev.com/3eb8671edb3375606ac9168a7760580077f17a69/src/heap/safepoint.cc
[modify] https://crrev.com/3eb8671edb3375606ac9168a7760580077f17a69/test/mjsunit/mjsunit.status

[Git Watcher via monorail]

Comment #67 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c67

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/c3ee94d848410dee5a15b97f4e3e5eaf55b662e5

commit c3ee94d848410dee5a15b97f4e3e5eaf55b662e5
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Mar 31 16:37:40 2022

[heap] Initialize invalidated_slots_[OLD_TO_SHARED]

While this field isn't used, inititialize it to null.

Bug: v8:11708
Change-Id: I9698e73183f49ef54b8978383e1406e5cf765c75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3562982

Auto-Submit: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#79710}

[modify] https://crrev.com/c3ee94d848410dee5a15b97f4e3e5eaf55b662e5/src/heap/memory-chunk.cc

[Git Watcher via monorail]

Comment #68 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c68

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/5bc471f47ffc26ff7ebfa8e4c91c81af903c089a

commit 5bc471f47ffc26ff7ebfa8e4c91c81af903c089a
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Apr 01 09:51:11 2022

[heap] Support safepoint->AssertActive() for shared isolates

Lock mutex for shared isolate in global safepoints, such that e.g. the
StringTable can use isolate->heap()->safepoint()->AssertActive() even
for shared isolates.

Bug: v8:11708, v8:12749
Change-Id: I8d99203581dfa2d7225846e19fa981300f88589e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3563138
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Leszek Swirski <les...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79715}

[modify] https://crrev.com/5bc471f47ffc26ff7ebfa8e4c91c81af903c089a/src/snapshot/snapshot.cc
[modify] https://crrev.com/5bc471f47ffc26ff7ebfa8e4c91c81af903c089a/src/heap/safepoint.cc
[modify] https://crrev.com/5bc471f47ffc26ff7ebfa8e4c91c81af903c089a/test/mjsunit/mjsunit.status

[Git Watcher via monorail]

Comment #69 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c69

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/55f6a97366d61448aef02d679a2024d38d02e43d

commit 55f6a97366d61448aef02d679a2024d38d02e43d
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Apr 08 08:19:26 2022

[heap] Cleanup OLD_TO_SHARED slots in sweeper

Sweeper needs to clean up slots in the OLD_TO_SHARED remembered set
as well in the future. Unlike OLD_TO_NEW or OLD_TO_OLD this remembered
set will not be reset after a full GC. So we will have to remove from it
both during and after a full GC when sweeping.

However in the current implementation we still reset this remembered set
in a shared GC. This only works because we scan all client heaps
during a shared GC anyways to rebuild the remembered set. We will get
rid of that when all required write barriers are implemented.

Bug: v8:11708
Change-Id: Ib891a882fdf70671a483c8662408cf64e72134c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574546
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79874}

[modify] https://crrev.com/55f6a97366d61448aef02d679a2024d38d02e43d/src/heap/sweeper.cc

[Git Watcher via monorail]

Comment #70 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c70

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/4dd04c0ba17d4fe596b0419cd23bb068d823fd4a

commit 4dd04c0ba17d4fe596b0419cd23bb068d823fd4a
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed Apr 13 19:51:15 2022

[heap] Clean up invalidated OLD_TO_SHARED slots

With this CL OLD_TO_SHARED slots aren't removed at the end of full GC
anymore. In order to allow for this, invalidated slots need to be
filtered out when iterating the OLD_TO_SHARED remembered set.

* When invalidating slots in an object, that object also needs to be
recorded for OLD_TO_SHARED.
* The sweeper has to remove invalidated objects in free memory when
sweeping during a full GC.
* OLD_TO_SHARED slots need to be removed in the evacuated start of
a page when evacuation fails.
* While local GCs don't need OLD_TO_SHARED, slots need to be filtered
in order to be able to delete the set of invalidated objects during
a GC.

Bug: v8:11708
Change-Id: I594307289a797bc0d68edf6793b914805d1285df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3584113

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#80018}

[modify] https://crrev.com/4dd04c0ba17d4fe596b0419cd23bb068d823fd4a/src/heap/invalidated-slots.cc
[modify] https://crrev.com/4dd04c0ba17d4fe596b0419cd23bb068d823fd4a/src/heap/memory-chunk.cc
[modify] https://crrev.com/4dd04c0ba17d4fe596b0419cd23bb068d823fd4a/src/heap/mark-compact.cc
[modify] https://crrev.com/4dd04c0ba17d4fe596b0419cd23bb068d823fd4a/src/heap/invalidated-slots.h
[modify] https://crrev.com/4dd04c0ba17d4fe596b0419cd23bb068d823fd4a/src/heap/sweeper.h
[modify] https://crrev.com/4dd04c0ba17d4fe596b0419cd23bb068d823fd4a/src/heap/sweeper.cc

[Git Watcher via monorail]

Comment #71 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c71

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/d0c147ab100db1d040e6ce5d61bb221264278e5c

commit d0c147ab100db1d040e6ce5d61bb221264278e5c
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Apr 21 06:24:29 2022

[heap] NotifyObjectLayoutChange invalidates slots in OLD_TO_SHARED

When an object changes layout, OLD_TO_SHARED slots need to be
invalidated for it as well.

Bug: v8:11708
Change-Id: I28ea181012955fddef986e8f8806a7477307df28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596175

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#80071}

[modify] https://crrev.com/d0c147ab100db1d040e6ce5d61bb221264278e5c/src/heap/heap.cc

[Git Watcher via monorail]

Comment #72 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c72

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/c819aebf07f13985b40f0d82b34b0e33d70eef94

commit c819aebf07f13985b40f0d82b34b0e33d70eef94
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri May 13 11:21:02 2022

[heap] Implement C++ shared heap write barrier

Record old-to-shared references in the C++ write barrier. When
an old-to-shared reference is created, this particular slot will be
atomically inserted into the old-to-new remembered set.

We already stopped clearing the old-to-new-remembered set after a
shared GC, so we already need to be able to handle such slots when
invalidating objects and in the sweeper.

Bug: v8:11708
Change-Id: I1b5854d58f6496228f3a3d9eb7acfd9492f09e68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557232

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#80555}

[modify] https://crrev.com/c819aebf07f13985b40f0d82b34b0e33d70eef94/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/c819aebf07f13985b40f0d82b34b0e33d70eef94/src/heap/heap.h
[modify] https://crrev.com/c819aebf07f13985b40f0d82b34b0e33d70eef94/src/heap/heap.cc
[modify] https://crrev.com/c819aebf07f13985b40f0d82b34b0e33d70eef94/src/heap/heap-write-barrier.h
[modify] https://crrev.com/c819aebf07f13985b40f0d82b34b0e33d70eef94/src/objects/object-macros.h

[Git Watcher via monorail]

Comment #73 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c73

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/407218d60ac068807945de41dd096ada30827d86

commit 407218d60ac068807945de41dd096ada30827d86
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri May 20 06:54:08 2022

[heap] Combine write barrier flag checks

Adding the shared heap write barrier caused regressions on some
benchmarks. Presumably this is because the compiler can't merge the
fast paths of the generational and shared heap write barrier.

This CL therefore introduces a CombinedHeapBarrier that manually
unifies the fast path for the marking, generational and shared heap
write barrier. This should make the barrier easier to optimize for
the compiler. In particular it should help to ensure that page flags
don't need to be loaded multiple times in a single full write barrier.

Bug: chromium:1326446, v8:11708
Change-Id: Iacd487f1263491cf4c05f25e004233a52b7c45a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644964

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#80656}

[modify] https://crrev.com/407218d60ac068807945de41dd096ada30827d86/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/407218d60ac068807945de41dd096ada30827d86/src/heap/heap.cc
[modify] https://crrev.com/407218d60ac068807945de41dd096ada30827d86/src/heap/heap-write-barrier.h
[modify] https://crrev.com/407218d60ac068807945de41dd096ada30827d86/src/objects/object-macros.h

[Git Watcher via monorail]

Comment #74 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c74

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/3e3dd792b221e4bdb105788054e231693b6fc72c

commit 3e3dd792b221e4bdb105788054e231693b6fc72c
Author: Dominik Inführ <dinf...@chromium.org>
Date: Tue May 24 08:41:47 2022

[heap, deserializer] Use full write barrier in the deserializer

Instead of invoking both the generational and marking barrier
explicitly, we can just invoke the combined barrier which does both
for us.

Also we simply use the full write barrier for all writes in the deserializer. While we could avoid the generational barrier in a few
cases, this only costs us a single predictable untaken branch without
an additional load.

Bug: v8:11708
Change-Id: Iebd0af06efe42a3ac4e5725131362600ab16bc7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3662900
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Leszek Swirski <les...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#80712}

[modify] https://crrev.com/3e3dd792b221e4bdb105788054e231693b6fc72c/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/3e3dd792b221e4bdb105788054e231693b6fc72c/src/snapshot/deserializer.cc
[modify] https://crrev.com/3e3dd792b221e4bdb105788054e231693b6fc72c/src/heap/heap-write-barrier.h

[Git Watcher via monorail]

Comment #75 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c75

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/2864a4363e4504ff699522daf45393e53948fd64

commit 2864a4363e4504ff699522daf45393e53948fd64
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed May 25 11:53:49 2022

[heap] Combine fast path of generational and shared heap barrier

The fast path of all write barriers already got mostly unified in
https://crrev.com/c/3644964. However, the shared heap write barrier
still added a new branch in the fast path of the full write barrier.

This CL unifies the branch for the generational and the shared heap
write barrier in the fast path at the cost of an additional branch in
the slow path. This should hopefully the rest of the regressions caused
by introducing the shared heap write barrier.

Bug: chromium:1326446, v8:11708

Change-Id: Id5a8334c50a7455e53caf65891d4304d9d2e7702
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663091

Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#80749}

[modify] https://crrev.com/2864a4363e4504ff699522daf45393e53948fd64/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/2864a4363e4504ff699522daf45393e53948fd64/src/heap/heap.h
[modify] https://crrev.com/2864a4363e4504ff699522daf45393e53948fd64/src/heap/heap.cc

[Git Watcher via monorail]

Comment #76 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c76

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/66a9c1c5a2c853616d620699604207dd9e46c258

commit 66a9c1c5a2c853616d620699604207dd9e46c258
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed May 25 08:26:56 2022

[heap] Do not process native context list in minor GCs

NativeContexts are always allocated in old space and thus cannot die
or move during minor GCs.

Bug: v8:11708
Change-Id: I01ec7775aa1186d91ca620c464f570f24ac9f215
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3666617

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80818}

[modify] https://crrev.com/66a9c1c5a2c853616d620699604207dd9e46c258/src/heap/heap.h
[modify] https://crrev.com/66a9c1c5a2c853616d620699604207dd9e46c258/src/heap/scavenger.cc
[modify] https://crrev.com/66a9c1c5a2c853616d620699604207dd9e46c258/src/heap/heap.cc
[modify] https://crrev.com/66a9c1c5a2c853616d620699604207dd9e46c258/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #77 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c77

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/94ca8fa8c163902736df2401f1b53e551bd663d5

commit 94ca8fa8c163902736df2401f1b53e551bd663d5
Author: Dominik Inführ <dinf...@chromium.org>
Date: Tue May 31 08:02:41 2022

[heap] Drop UPDATE_WEAK_WRITE_BARRIER write barrier mode

Replace all usages of UPDATE_WEAK_WRITE_BARRIER with
UPDATE_WRITE_BARRIER. The barrier wasn't hot, so the additional branch
for the marking barrier shouldn't be a problem.

Performing the marking barrier could in theory cause more floating
garbage. However in this case the write barrier is only run once
directly after e.g. allocating a Code or NativeContext object. Since
UPDATE_WEAK_WRITE_BARRIER only skips the marking barrier, we should only
observe different behavior when marking is on. But since we already
have black allocation for objects in old space, we will not cause
additional floating garbage.

In case of performance regression, we should also be able to replace
those usages with SKIP_WRITE_BARRIER, since NativeContext and Code
objects are never allocated in the young generation, so running the
generational barrier shouldn't be necessary. It's just hard to DCHECK
that SKIP_WRITE_BARRIER is valid here.

Bug: v8:11708
Change-Id: I25d760a46d1d7ec973cc589f51ddf80ca3b5419d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663080
Reviewed-by: Leszek Swirski <les...@chromium.org>
Reviewed-by: Igor Sheludko <ish...@chromium.org>

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#80839}

[modify] https://crrev.com/94ca8fa8c163902736df2401f1b53e551bd663d5/test/cctest/test-serialize.cc
[modify] https://crrev.com/94ca8fa8c163902736df2401f1b53e551bd663d5/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/94ca8fa8c163902736df2401f1b53e551bd663d5/src/heap/objects-visiting.cc
[modify] https://crrev.com/94ca8fa8c163902736df2401f1b53e551bd663d5/src/objects/contexts.cc
[modify] https://crrev.com/94ca8fa8c163902736df2401f1b53e551bd663d5/src/snapshot/serializer.cc
[modify] https://crrev.com/94ca8fa8c163902736df2401f1b53e551bd663d5/src/objects/contexts-inl.h
[modify] https://crrev.com/94ca8fa8c163902736df2401f1b53e551bd663d5/src/init/bootstrapper.cc
[modify] https://crrev.com/94ca8fa8c163902736df2401f1b53e551bd663d5/src/objects/objects.h

[Git Watcher via monorail]

Comment #78 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c78

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7

commit e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Jun 03 07:28:58 2022

[heap] Remove write barrier builtin for incremental marking

https://crrev.com/c/3471854 already disabled the RecordWrite builtin
specifically for incremental marking. Since this didn't regress performance as expected, we can now remove those versions of the
builtin.

This will simplify the barrier implementation a bit, but is also
required for the shared heap write barrier. Unlike the generational barrier, the shared heap barrier can't be elided for map values.

Bug: v8:11708
Change-Id: I44bc6ee79006a5be8c1b593dee7fc30c3b9cfa85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3683341
Reviewed-by: Leszek Swirski <les...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Simon Zünd <szu...@chromium.org>
Reviewed-by: Tobias Tebbi <te...@chromium.org>
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Reviewed-by: Omer Katz <omer...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80966}

[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/include/v8-internal.h
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/codegen/arm/macro-assembler-arm.h
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/builtins/x64/builtins-x64.cc
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/common/globals.h
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/wasm/baseline/ia32/liftoff-assembler-ia32.h
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/snapshot/startup-serializer.cc
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/wasm/baseline/x64/liftoff-assembler-x64.h
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/compiler/backend/arm64/code-generator-arm64.cc
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/builtins/arm64/builtins-arm64.cc
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/wasm/baseline/arm64/liftoff-assembler-arm64.h
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/builtins/arm/builtins-arm.cc
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/debug/debug-evaluate.cc
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/builtins/builtins-definitions.h
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/codegen/ia32/macro-assembler-ia32.cc
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/wasm/wasm-code-manager.h
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/codegen/x64/macro-assembler-x64.h
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/flags/flag-definitions.h
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/codegen/arm64/macro-assembler-arm64.h
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/compiler/backend/ia32/code-generator-ia32.cc
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/codegen/ia32/macro-assembler-ia32.h
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/compiler/backend/x64/code-generator-x64.cc
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/builtins/builtins.h
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/compiler/backend/arm/code-generator-arm.cc
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/wasm/baseline/arm/liftoff-assembler-arm.h
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/builtins/ia32/builtins-ia32.cc
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/codegen/arm64/macro-assembler-arm64.cc
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/codegen/arm/macro-assembler-arm.cc
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/codegen/x64/macro-assembler-x64.cc
[modify] https://crrev.com/e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7/src/builtins/builtins-internal-gen.cc

[Git Watcher via monorail]

Comment #79 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c79

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/851854c46f1650874e6e5d15c8cc3fca72fbd5fe

commit 851854c46f1650874e6e5d15c8cc3fca72fbd5fe
Author: Liu Yu <li...@loongson.cn>
Date: Tue Jun 07 12:12:14 2022

[loong64][mips64][heap] Remove write barrier builtin for incremental marking

Port commit e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7

Bug: v8:11708
Change-Id: Ia9a8cb9d8cd9e768fc056bc5555959e0aaeb3694
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3692435
Reviewed-by: Zhao Jiazhong <zhaojia...@loongson.cn>
Auto-Submit: Liu Yu <li...@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojia...@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#80974}

[modify] https://crrev.com/851854c46f1650874e6e5d15c8cc3fca72fbd5fe/src/codegen/loong64/macro-assembler-loong64.h
[modify] https://crrev.com/851854c46f1650874e6e5d15c8cc3fca72fbd5fe/src/codegen/mips64/macro-assembler-mips64.cc
[modify] https://crrev.com/851854c46f1650874e6e5d15c8cc3fca72fbd5fe/src/wasm/baseline/mips64/liftoff-assembler-mips64.h
[modify] https://crrev.com/851854c46f1650874e6e5d15c8cc3fca72fbd5fe/src/codegen/mips64/macro-assembler-mips64.h
[modify] https://crrev.com/851854c46f1650874e6e5d15c8cc3fca72fbd5fe/src/builtins/loong64/builtins-loong64.cc
[modify] https://crrev.com/851854c46f1650874e6e5d15c8cc3fca72fbd5fe/src/builtins/mips64/builtins-mips64.cc
[modify] https://crrev.com/851854c46f1650874e6e5d15c8cc3fca72fbd5fe/src/compiler/backend/mips64/code-generator-mips64.cc
[modify] https://crrev.com/851854c46f1650874e6e5d15c8cc3fca72fbd5fe/src/compiler/backend/loong64/code-generator-loong64.cc
[modify] https://crrev.com/851854c46f1650874e6e5d15c8cc3fca72fbd5fe/src/codegen/loong64/macro-assembler-loong64.cc
[modify] https://crrev.com/851854c46f1650874e6e5d15c8cc3fca72fbd5fe/src/wasm/baseline/loong64/liftoff-assembler-loong64.h

[mslek… via monorail]

Updates:
Cc: msle...@chromium.org

Comment #80 on issue 11708 by msle...@chromium.org: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c80

Note that the CL from comment 78 might have regressed just one benchmark [1], but brings in quite some improvements [2].

[1] https://chromeperf.appspot.com/report?sid=aec37d48812f12e370a66f47a78b5c16a322d5bb86cf5e3a843b277b8ff41f77&rev=80966
[2] https://chromeperf.appspot.com/group_report?sid=4c528697805e21c124c19f1391d4863044048c7b8b68de9828ef59aa37e97c5b

[ish… via monorail]

Updates:
Owner: dinf...@chromium.org

Comment #81 on issue 11708 by ish...@chromium.org: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c81

The regression on M1 caused by #c78 is related to builtins alignment. Increasing code alignment value on arm64 should fix it: https://chromium-review.googlesource.com/c/v8/v8/+/3700392

[Git Watcher via monorail]

Comment #82 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c82

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/319e747a1d8039f9effbf1170138d945b3a86b7a

commit 319e747a1d8039f9effbf1170138d945b3a86b7a
Author: Igor Sheludko <ish...@chromium.org>
Date: Mon Jun 13 11:28:37 2022

[arm64] Increase code alignment to 64

This should fix unexpected regressions which occur after builtins
modifications.

This CL affects alignment of embedded builtins on all configurations
and Code header size only for non-pointer compression configuration.

Bug: v8:11708
Change-Id: I8058197c5b768a699e7f52446424013e86203b57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700392
Commit-Queue: Igor Sheludko <ish...@chromium.org>
Reviewed-by: Leszek Swirski <les...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81113}

[modify] https://crrev.com/319e747a1d8039f9effbf1170138d945b3a86b7a/src/snapshot/embedded/platform-embedded-file-writer-generic.cc
[modify] https://crrev.com/319e747a1d8039f9effbf1170138d945b3a86b7a/src/objects/code.h
[modify] https://crrev.com/319e747a1d8039f9effbf1170138d945b3a86b7a/src/snapshot/embedded/platform-embedded-file-writer-aix.cc
[modify] https://crrev.com/319e747a1d8039f9effbf1170138d945b3a86b7a/src/common/globals.h
[modify] https://crrev.com/319e747a1d8039f9effbf1170138d945b3a86b7a/src/snapshot/embedded/platform-embedded-file-writer-win.cc

[Git Watcher via monorail]

Comment #83 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c83

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/8b8e044fd2b91cc8cdf283337052f78e9e6a5435

commit 8b8e044fd2b91cc8cdf283337052f78e9e6a5435
Author: Shu-yu Guo <s...@chromium.org>
Date: Fri Jun 17 17:01:03 2022

[heap] Add Parking* variants of blocking primitives

Due to shared GCs it's easy to accidentally deadlock V8 by forgetting to
park a thread before blocking.

This CL does the following:

- Adds ParkingConditionVariable and ParkingSemaphore, which hide
the Wait[For] methods in favor of ParkedWait[For], which parks the
thread before blocking the thread.
- Migrate to the Parking* variants in JS shared memory tests.

Bug: v8:11708
Change-Id: I6d1b2b26a05e7df0a69a1614c03308f538a8782f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708017
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Shu-yu Guo <s...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81225}

[modify] https://crrev.com/8b8e044fd2b91cc8cdf283337052f78e9e6a5435/src/base/platform/semaphore.h
[modify] https://crrev.com/8b8e044fd2b91cc8cdf283337052f78e9e6a5435/test/cctest/test-shared-strings.cc
[modify] https://crrev.com/8b8e044fd2b91cc8cdf283337052f78e9e6a5435/src/heap/parked-scope.h
[modify] https://crrev.com/8b8e044fd2b91cc8cdf283337052f78e9e6a5435/test/unittests/js-atomics/js-atomics-mutex-unittest.cc
[modify] https://crrev.com/8b8e044fd2b91cc8cdf283337052f78e9e6a5435/src/base/platform/condition-variable.h

[Git Watcher via monorail]

Comment #84 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c84

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/b81af94a3aa8ce690ccad836db6eda83e6881e3d

commit b81af94a3aa8ce690ccad836db6eda83e6881e3d
Author: Igor Sheludko <ish...@chromium.org>
Date: Tue Jun 21 17:16:47 2022

Revert "[arm64] Increase code alignment to 64"

This reverts commit 319e747a1d8039f9effbf1170138d945b3a86b7a.

Reason for revert: it brought unexpected performance regressions.

Original change's description:

> [arm64] Increase code alignment to 64
>
> This should fix unexpected regressions which occur after builtins
> modifications.
>
> This CL affects alignment of embedded builtins on all configurations
> and Code header size only for non-pointer compression configuration.
>
> Bug: v8:11708
> Change-Id: I8058197c5b768a699e7f52446424013e86203b57
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700392
> Commit-Queue: Igor Sheludko <ish...@chromium.org>
> Reviewed-by: Leszek Swirski <les...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81113}

Bug: v8:11708
Change-Id: I238e799284d59e80dee244b240fe2a72c33e83b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716485
Auto-Submit: Igor Sheludko <ish...@chromium.org>
Reviewed-by: Toon Verwaest <verw...@chromium.org>
Commit-Queue: Toon Verwaest <verw...@chromium.org>
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81292}

[modify] https://crrev.com/b81af94a3aa8ce690ccad836db6eda83e6881e3d/src/snapshot/embedded/platform-embedded-file-writer-generic.cc
[modify] https://crrev.com/b81af94a3aa8ce690ccad836db6eda83e6881e3d/src/objects/code.h
[modify] https://crrev.com/b81af94a3aa8ce690ccad836db6eda83e6881e3d/src/common/globals.h
[modify] https://crrev.com/b81af94a3aa8ce690ccad836db6eda83e6881e3d/src/snapshot/embedded/platform-embedded-file-writer-aix.cc
[modify] https://crrev.com/b81af94a3aa8ce690ccad836db6eda83e6881e3d/src/snapshot/embedded/platform-embedded-file-writer-win.cc

[Git Watcher via monorail]

Updates:
Labels: merge-merged-10.4

Comment #85 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c85

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/cec3bbdbe8ae72eb656306980f44d3ba8c0e6fc5

commit cec3bbdbe8ae72eb656306980f44d3ba8c0e6fc5

Author: Liu Yu <li...@loongson.cn>
Date: Tue Jun 07 12:12:14 2022

Merged:[loong64][mips64][heap] Remove write barrier builtin for incremental marking

Port commit e50d19cb1190735eaf42351b69bb2c3bd5f8b1b7

Bug: v8:11708

(cherry picked from commit 851854c46f1650874e6e5d15c8cc3fca72fbd5fe)

Change-Id: I657e2f9e469f9998658c1b5a66a68cabbf31dad7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3713921
Commit-Queue: Liu Yu <li...@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojia...@loongson.cn>
Cr-Commit-Position: refs/branch-heads/10.4@{#23}
Cr-Branched-From: b1413ed7c71ababe05d590de4b5c4ed97b68693e-refs/heads/10.4.132@{#1}
Cr-Branched-From: 9d0a09368569234a1d1094975e2e92591922cd08-refs/heads/main@{#80972}

[modify] https://crrev.com/cec3bbdbe8ae72eb656306980f44d3ba8c0e6fc5/src/codegen/loong64/macro-assembler-loong64.h
[modify] https://crrev.com/cec3bbdbe8ae72eb656306980f44d3ba8c0e6fc5/src/codegen/mips64/macro-assembler-mips64.cc
[modify] https://crrev.com/cec3bbdbe8ae72eb656306980f44d3ba8c0e6fc5/src/wasm/baseline/mips64/liftoff-assembler-mips64.h
[modify] https://crrev.com/cec3bbdbe8ae72eb656306980f44d3ba8c0e6fc5/src/codegen/mips64/macro-assembler-mips64.h
[modify] https://crrev.com/cec3bbdbe8ae72eb656306980f44d3ba8c0e6fc5/src/builtins/loong64/builtins-loong64.cc
[modify] https://crrev.com/cec3bbdbe8ae72eb656306980f44d3ba8c0e6fc5/src/builtins/mips64/builtins-mips64.cc
[modify] https://crrev.com/cec3bbdbe8ae72eb656306980f44d3ba8c0e6fc5/src/codegen/loong64/macro-assembler-loong64.cc
[modify] https://crrev.com/cec3bbdbe8ae72eb656306980f44d3ba8c0e6fc5/src/compiler/backend/loong64/code-generator-loong64.cc
[modify] https://crrev.com/cec3bbdbe8ae72eb656306980f44d3ba8c0e6fc5/src/compiler/backend/mips64/code-generator-mips64.cc
[modify] https://crrev.com/cec3bbdbe8ae72eb656306980f44d3ba8c0e6fc5/src/wasm/baseline/loong64/liftoff-assembler-loong64.h

[Git Watcher via monorail]

Comment #86 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c86

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/2e4c95265307b20f02a60dd5e2d27546abf24769

commit 2e4c95265307b20f02a60dd5e2d27546abf24769
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Jul 29 07:07:13 2022

[heap] Remove return value from UpdateSlot methods

Remove the return value from various UpdateSlot methods. These methods
were always returning REMOVE_SLOT anyways.

Bug: v8:11708
Change-Id: I5398f0df14e93e3e74a13aea42d7c422ffc100a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793384
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82061}

[modify] https://crrev.com/2e4c95265307b20f02a60dd5e2d27546abf24769/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #87 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c87

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/9a36053b45c82f3265551523a0b3d680d32464c0

commit 9a36053b45c82f3265551523a0b3d680d32464c0
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Jul 29 07:56:40 2022

[heap] Use full write barrier when setting maps

In addition to the marking barrier we now also need the shared barrier
for properly tracking the old-to-shared remembered set. So invoke
the full write barrier for set_map and set_map_after_allocation.

Bug: v8:11708
Change-Id: Ic234e7fad3733ab1348298f5fcc2b76e44cf4b8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793388

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#82065}

[modify] https://crrev.com/9a36053b45c82f3265551523a0b3d680d32464c0/src/objects/objects-inl.h

[Git Watcher via monorail]

Comment #88 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c88

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/19bc589da76255d51dd2fb6ad1781280ba95d8cb

commit 19bc589da76255d51dd2fb6ad1781280ba95d8cb
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Jul 29 11:48:47 2022

[heap] Keep OLD_TO_SHARED slots across GCs

So far all OLD_TO_SHARED slots were deleted after a shared GC. The
remembered set was rebuilt in the next shared GC from scratch. This CL
changes this behavior to only remove slots that don't point into the
shared heap anymore.

We still need to remove the full OLD_TO_SHARED slot set for young
generation pages though. During a shared GC we use the OLD_TO_SHARED
remembered set to cache references into the shared heap even for
pages in the young generation to avoid the second new space object
iteration.

Bug: v8:11708
Change-Id: If92fca25e8fe7e7bf5fc5562c974b0d4c121cb02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3790967
Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82078}

[modify] https://crrev.com/19bc589da76255d51dd2fb6ad1781280ba95d8cb/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #89 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c89

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/6fbe1bf2987462ab31f6ed3ede5226ab21f75580

commit 6fbe1bf2987462ab31f6ed3ede5226ab21f75580
Author: Dominik Inführ <dinf...@chromium.org>
Date: Mon Aug 01 06:20:41 2022

[heap] Also record old-to-shared slots on promotion and evacuation

When an object either gets promoted or evacuated, old-to-shared slots
need to be recorded like we already do for old-to-old or old-to-new.

Bug: v8:11708
Change-Id: Ifb5b3d50a59aa45bf8289e1cd7610bb2f317fd6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3794648

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#82096}

[modify] https://crrev.com/6fbe1bf2987462ab31f6ed3ede5226ab21f75580/src/heap/scavenger.cc
[modify] https://crrev.com/6fbe1bf2987462ab31f6ed3ede5226ab21f75580/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #90 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c90

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/45059dc2b70202efa76828ad5b884c12302e6deb

commit 45059dc2b70202efa76828ad5b884c12302e6deb
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed Aug 03 14:25:44 2022

[heap] Fix broken DCHECK in FlushBytecodeFromSFI

The String might be in the shared heap which is not collected during
client GCs.

Bug: v8:11708
Change-Id: I0958c46996a2aeba3a046263350617e8d177deca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805883

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#82179}

[modify] https://crrev.com/45059dc2b70202efa76828ad5b884c12302e6deb/src/heap/mark-compact.cc

[Git Watcher via monorail]

Comment #91 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c91

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/dc2d69d815fe7a118c904c60ec9bc8da7fea4ffe

commit dc2d69d815fe7a118c904c60ec9bc8da7fea4ffe
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Aug 04 09:06:35 2022

[heap] Improve verification for code write barrier

Pass WriteBarrierMode to the code object write barrier and DCHECK WriteBarrier::IsRequired when using SKIP_WRITE_BARRIER.

Bug: v8:11708
Change-Id: I457d0fa07e830d6831fb95a4ae9311f6066215e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810171
Reviewed-by: Jakob Linke <jgr...@chromium.org>

Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#82201}

[modify] https://crrev.com/dc2d69d815fe7a118c904c60ec9bc8da7fea4ffe/src/codegen/ia32/assembler-ia32-inl.h
[modify] https://crrev.com/dc2d69d815fe7a118c904c60ec9bc8da7fea4ffe/src/snapshot/embedded/embedded-data.cc
[modify] https://crrev.com/dc2d69d815fe7a118c904c60ec9bc8da7fea4ffe/src/codegen/reloc-info.h
[modify] https://crrev.com/dc2d69d815fe7a118c904c60ec9bc8da7fea4ffe/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/dc2d69d815fe7a118c904c60ec9bc8da7fea4ffe/src/heap/heap.cc
[modify] https://crrev.com/dc2d69d815fe7a118c904c60ec9bc8da7fea4ffe/src/codegen/reloc-info.cc
[modify] https://crrev.com/dc2d69d815fe7a118c904c60ec9bc8da7fea4ffe/src/codegen/arm64/assembler-arm64-inl.h
[modify] https://crrev.com/dc2d69d815fe7a118c904c60ec9bc8da7fea4ffe/src/codegen/x64/assembler-x64-inl.h
[modify] https://crrev.com/dc2d69d815fe7a118c904c60ec9bc8da7fea4ffe/src/heap/heap-write-barrier.h
[modify] https://crrev.com/dc2d69d815fe7a118c904c60ec9bc8da7fea4ffe/src/codegen/arm/assembler-arm-inl.h

[Git Watcher via monorail]

Comment #92 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c92

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/f206986718e5ae02bae394f1688cc9283045318f

commit f206986718e5ae02bae394f1688cc9283045318f
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Aug 04 09:16:17 2022

[codegen] Invoke full code writer barrier in set_target_address

While it is not required to invoke the full barrier in this case, we
can invoke the full write barrier which improves verification but also
makes the code easier to understand by relying less on GC
implementation details.

Bug: v8:11708
Change-Id: I4d2f6640bc0efb5b763ccd5ca99e573421be3a06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3807592
Reviewed-by: Jakob Linke <jgr...@chromium.org>

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#82208}

[modify] https://crrev.com/f206986718e5ae02bae394f1688cc9283045318f/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/f206986718e5ae02bae394f1688cc9283045318f/src/codegen/reloc-info.cc

[Git Watcher via monorail]

Comment #93 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c93

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/9f9eacee6246b89d5b66a8258fa680f2054a4059

commit 9f9eacee6246b89d5b66a8258fa680f2054a4059
Author: Dominik Inführ <dinf...@chromium.org>
Date: Thu Aug 04 20:26:16 2022

[heap] Remove revisiting logic in the main thread marker

Factory::CopyCode was using ProcessBlackAllocatedObject and
WriteBarrierForCode(Code) to handle write barriers for that newly
created code object. But even when used in tandem with each other they
would miss OLD_TO_NEW references in the code object header.

This CL simplifies Factory::CopyCode by letting
WriteBarrierForCode(Code) handle all outgoing pointers of that code
object (not just a subset of RelocInfos) by implementing an
ObjectVisitor. This removes the need for ProcessBlackAllocatedObject.

Since Factory::CopyCode was the only user of
ProcessBlackAllocatedObject, we can also remove all the object
revisiting logic in the main thread marker.

Bug: v8:11708
Change-Id: I7d9b12eb0a76ba41a38efc147f44556ddc941a96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810186

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#82212}

[modify] https://crrev.com/9f9eacee6246b89d5b66a8258fa680f2054a4059/src/heap/incremental-marking.cc
[modify] https://crrev.com/9f9eacee6246b89d5b66a8258fa680f2054a4059/src/heap/heap.cc
[modify] https://crrev.com/9f9eacee6246b89d5b66a8258fa680f2054a4059/src/heap/mark-compact.h
[modify] https://crrev.com/9f9eacee6246b89d5b66a8258fa680f2054a4059/src/heap/mark-compact.cc
[modify] https://crrev.com/9f9eacee6246b89d5b66a8258fa680f2054a4059/src/heap/factory.cc
[modify] https://crrev.com/9f9eacee6246b89d5b66a8258fa680f2054a4059/src/heap/incremental-marking.h

[Git Watcher via monorail]

Comment #94 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c94

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/9f0d20b0feea980e4a7c64211addb2145316bd53

commit 9f0d20b0feea980e4a7c64211addb2145316bd53
Author: Dominik Inführ <dinf...@chromium.org>
Date: Fri Aug 05 12:19:59 2022

[heap] Support allocation of large shared objects

So far there was no support for allocating large objects in the
shared heap.

Bug: v8:11708
Change-Id: Ie4ec8244fee2e75fc0e2265847fe5976da2645ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811579

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#82261}

[modify] https://crrev.com/9f0d20b0feea980e4a7c64211addb2145316bd53/src/heap/heap.h
[modify] https://crrev.com/9f0d20b0feea980e4a7c64211addb2145316bd53/src/heap/heap.cc
[modify] https://crrev.com/9f0d20b0feea980e4a7c64211addb2145316bd53/src/heap/heap-allocator-inl.h
[modify] https://crrev.com/9f0d20b0feea980e4a7c64211addb2145316bd53/src/heap/local-heap-inl.h
[modify] https://crrev.com/9f0d20b0feea980e4a7c64211addb2145316bd53/test/cctest/heap/test-shared-heap.cc
[modify] https://crrev.com/9f0d20b0feea980e4a7c64211addb2145316bd53/src/heap/heap-allocator.h
[modify] https://crrev.com/9f0d20b0feea980e4a7c64211addb2145316bd53/src/heap/heap-allocator.cc

[Git Watcher via monorail]

Comment #95 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c95

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/3a25d74c7a156dc6adaa1b088d66e4555aa9fb54

commit 3a25d74c7a156dc6adaa1b088d66e4555aa9fb54
Author: Dominik Inführ <dinf...@chromium.org>
Date: Mon Aug 08 13:50:26 2022

[heap] Regroup page flags to improve page flag checks

Keep page flags which are used in the write barrier together in order
to help reduce code size and reduce register usage.

Bug: v8:11708
Change-Id: I42efa1eeb431dea338d65aef0318cba479f2f431
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811158

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#82270}

[modify] https://crrev.com/3a25d74c7a156dc6adaa1b088d66e4555aa9fb54/src/heap/basic-memory-chunk.cc
[modify] https://crrev.com/3a25d74c7a156dc6adaa1b088d66e4555aa9fb54/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/3a25d74c7a156dc6adaa1b088d66e4555aa9fb54/src/heap/basic-memory-chunk.h

[Git Watcher via monorail]

Comment #96 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c96

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/c1874ac33265a5e36103cf1a6e03c9afdb34aba9

commit c1874ac33265a5e36103cf1a6e03c9afdb34aba9
Author: Dominik Inführ <dinf...@chromium.org>
Date: Mon Aug 08 16:40:48 2022

[heap] Remove unnecessary IncrementalMarking::EnsureBlackAllocated

We now have different mechanisms for black allocation, for regular
sized objects we will set all mark bits for the LAB. For large
objects we will set the mark bit when initializing that large page.

So when we reach this method, the object is already marked black.

Bug: v8:11708
Change-Id: Ie0f82f78eefe06a25103264098cc59a3ee46d20c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3817742

Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#82275}

[modify] https://crrev.com/c1874ac33265a5e36103cf1a6e03c9afdb34aba9/src/heap/incremental-marking.cc
[modify] https://crrev.com/c1874ac33265a5e36103cf1a6e03c9afdb34aba9/src/heap/stress-marking-observer.cc
[modify] https://crrev.com/c1874ac33265a5e36103cf1a6e03c9afdb34aba9/src/heap/incremental-marking.h

[Git Watcher via monorail]

Comment #97 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c97

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/9cca4e60f1fd34dd01f9a74579194cad9860f31b

commit 9cca4e60f1fd34dd01f9a74579194cad9860f31b
Author: Dominik Inführ <dinf...@chromium.org>
Date: Tue Aug 09 09:22:57 2022

[heap] Handle old-to-new slot promotion to shared heap

The GC might promote an in-place internalizable string from new space
directly into the shared heap. This means that the GC might need to
create OLD_TO_SHARED slots when updating OLD_TO_NEW slots.

This CL implements this both for minor and full GCs.

Bug: v8:11708
Change-Id: I6102b9024d1dd5dd602d654b006ea5897ab5baa6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804604

Commit-Queue: Dominik Inführ <dinf...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#82298}

[modify] https://crrev.com/9cca4e60f1fd34dd01f9a74579194cad9860f31b/src/heap/scavenger.h
[modify] https://crrev.com/9cca4e60f1fd34dd01f9a74579194cad9860f31b/test/cctest/test-shared-strings.cc
[modify] https://crrev.com/9cca4e60f1fd34dd01f9a74579194cad9860f31b/src/heap/remembered-set-inl.h
[modify] https://crrev.com/9cca4e60f1fd34dd01f9a74579194cad9860f31b/src/heap/scavenger.cc
[modify] https://crrev.com/9cca4e60f1fd34dd01f9a74579194cad9860f31b/src/runtime/runtime-test.cc
[add] https://crrev.com/9cca4e60f1fd34dd01f9a74579194cad9860f31b/test/mjsunit/shared-memory/shared-string-promotion-minor.js
[modify] https://crrev.com/9cca4e60f1fd34dd01f9a74579194cad9860f31b/src/heap/remembered-set.h
[modify] https://crrev.com/9cca4e60f1fd34dd01f9a74579194cad9860f31b/src/heap/mark-compact.cc
[modify] https://crrev.com/9cca4e60f1fd34dd01f9a74579194cad9860f31b/src/runtime/runtime.h
[add] https://crrev.com/9cca4e60f1fd34dd01f9a74579194cad9860f31b/test/mjsunit/shared-memory/shared-string-promotion-major.js

[Git Watcher via monorail]

Comment #98 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c98

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/c902ce585f371f9aee1eaa2a7dcef749ae38df8f

commit c902ce585f371f9aee1eaa2a7dcef749ae38df8f
Author: Tobias Tebbi <te...@chromium.org>
Date: Tue Aug 09 13:56:38 2022

Revert "[heap] Handle old-to-new slot promotion to shared heap"

This reverts commit 9cca4e60f1fd34dd01f9a74579194cad9860f31b.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20debug%20-%20single%20generation/6185/overview

Original change's description:

> [heap] Handle old-to-new slot promotion to shared heap
>
> The GC might promote an in-place internalizable string from new space
> directly into the shared heap. This means that the GC might need to
> create OLD_TO_SHARED slots when updating OLD_TO_NEW slots.
>
> This CL implements this both for minor and full GCs.
>
> Bug: v8:11708
> Change-Id: I6102b9024d1dd5dd602d654b006ea5897ab5baa6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804604
> Commit-Queue: Dominik Inführ <dinf...@chromium.org>
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82298}

Bug: v8:11708
Change-Id: I4cfdcff22552ff92ec85497d58021e83a6e038b0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3819647
Commit-Queue: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-...@appspot.gserviceaccount.com>
Auto-Submit: Tobias Tebbi <te...@chromium.org>
Owners-Override: Tobias Tebbi <te...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82303}

[modify] https://crrev.com/c902ce585f371f9aee1eaa2a7dcef749ae38df8f/src/heap/scavenger.h
[modify] https://crrev.com/c902ce585f371f9aee1eaa2a7dcef749ae38df8f/test/cctest/test-shared-strings.cc
[modify] https://crrev.com/c902ce585f371f9aee1eaa2a7dcef749ae38df8f/src/heap/remembered-set-inl.h
[modify] https://crrev.com/c902ce585f371f9aee1eaa2a7dcef749ae38df8f/src/heap/scavenger.cc
[modify] https://crrev.com/c902ce585f371f9aee1eaa2a7dcef749ae38df8f/src/runtime/runtime-test.cc
[modify] https://crrev.com/c902ce585f371f9aee1eaa2a7dcef749ae38df8f/src/heap/remembered-set.h
[delete] https://crrev.com/b833afc63a73f8ce8ae22eeadec195863c35a1af/test/mjsunit/shared-memory/shared-string-promotion-minor.js
[modify] https://crrev.com/c902ce585f371f9aee1eaa2a7dcef749ae38df8f/src/heap/mark-compact.cc
[modify] https://crrev.com/c902ce585f371f9aee1eaa2a7dcef749ae38df8f/src/runtime/runtime.h
[delete] https://crrev.com/b833afc63a73f8ce8ae22eeadec195863c35a1af/test/mjsunit/shared-memory/shared-string-promotion-major.js

[Git Watcher via monorail]

Comment #99 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c99

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/01aed57e689a9e300d1f351cf61d0204ca37e93a

commit 01aed57e689a9e300d1f351cf61d0204ca37e93a
Author: Dominik Inführ <dinf...@chromium.org>
Date: Wed Aug 10 08:59:48 2022

[heap] Add IncrementalMarking::AdvanceOnTask as new bottleneck

Introduce common bottleneck for all incremental marking step
invocations from a task context. This will later be used to move
code out of IncrementalMarking::Step.

Bug: v8:11708
Change-Id: Iba2dc2402083f8b4152ded56eaf0e13d473442a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822682

Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Dominik Inführ <dinf...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#82343}

[modify] https://crrev.com/01aed57e689a9e300d1f351cf61d0204ca37e93a/src/heap/incremental-marking.cc
[modify] https://crrev.com/01aed57e689a9e300d1f351cf61d0204ca37e93a/src/heap/heap.cc
[modify] https://crrev.com/01aed57e689a9e300d1f351cf61d0204ca37e93a/src/heap/incremental-marking-job.cc
[modify] https://crrev.com/01aed57e689a9e300d1f351cf61d0204ca37e93a/src/heap/memory-reducer.cc
[modify] https://crrev.com/01aed57e689a9e300d1f351cf61d0204ca37e93a/src/heap/incremental-marking.h

[Git Watcher via monorail]

Comment #100 on issue 11708 by Git Watcher: Implement shared heap for shared JS objects
https://bugs.chromium.org/p/v8/issues/detail?id=11708#c100

The following revision refers to this bug:

https://chromium.googlesource.com/v8/v8/+/0dc6e0372728455daa0b921f86e29739afd56844

commit 0dc6e0372728455daa0b921f86e29739afd56844
Author: Shu-yu Guo <s...@chromium.org>
Date: Wed Aug 10 19:05:41 2022

[compiler] Park main thread while awaiting compile tasks

Currently a deadlock can result on heap teardown during the shared heap
verification which performs a global safepoint. The heap teardown awaits
compile tasks, while the compile helper thread is waiting on a
global safepoint.

Bug: v8:11708
Change-Id: I8328a4b142cb9045bfaf592ac4f4dd259ba0d397
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820354
Commit-Queue: Shu-yu Guo <s...@chromium.org>
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82364}

[modify] https://crrev.com/0dc6e0372728455daa0b921f86e29739afd56844/src/compiler-dispatcher/optimizing-compile-dispatcher.cc
[modify] https://crrev.com/0dc6e0372728455daa0b921f86e29739afd56844/src/heap/parked-scope.h
[modify] https://crrev.com/0dc6e0372728455daa0b921f86e29739afd56844/src/compiler-dispatcher/optimizing-compile-dispatcher.h