From 3378b3f4624bc6709e1068ae8b9fe498f8cf9906 Mon Sep 17 00:00:00 2001 From: Pedro Pontes Date: Fri, 18 Jun 2021 22:00:37 +0200 Subject: [PATCH 1/2] chore: cherry-pick 9da8fb7c4b80 from v8 --- patches/v8/.patches | 1 + patches/v8/cherry-pick-9da8fb7c4b80.patch | 135 ++++++++++++++++++++++ 2 files changed, 136 insertions(+) create mode 100644 patches/v8/cherry-pick-9da8fb7c4b80.patch diff --git a/patches/v8/.patches b/patches/v8/.patches index d7c600961e110..2d4d356045834 100644 --- a/patches/v8/.patches +++ b/patches/v8/.patches @@ -29,3 +29,4 @@ m86-lts_compiler_fix_off-by-one_error_in_kadditivesafeinteger.patch merged_wasm-simd_ia32_fix_f64x2_min_max_to_use_registers.patch merged_liftoff_fix_2gb_memory_accesses_on_32-bit.patch reland_compiler_fix_more_truncation_bugs_in_simplifiedlowering.patch +cherry-pick-9da8fb7c4b80.patch diff --git a/patches/v8/cherry-pick-9da8fb7c4b80.patch b/patches/v8/cherry-pick-9da8fb7c4b80.patch new file mode 100644 index 0000000000000..2e5d383bb0aa2 --- /dev/null +++ b/patches/v8/cherry-pick-9da8fb7c4b80.patch @@ -0,0 +1,135 @@ +From 9da8fb7c4b805b22fb12bc41ea92a4840d43d04e Mon Sep 17 00:00:00 2001 +From: Georg Neis +Date: Mon, 07 Jun 2021 10:41:38 +0200 +Subject: [PATCH] [M86-LTS]: Squashed multiple commits. + +Merged: Disable left-trimming when optimizing compile jobs exist +Revision: ac0605a1a486b8d074f116cc365de9d2b6d7c9e5 + +Merged: [heap] Don't assume that optimizing-compile-dispatcher exists +Revision: 022b312d55e75935cfa99cca7729ae2d3f795bd0 + +BUG=chromium:1211215,chromium:1215514 +NOTRY=true +NOPRESUBMIT=true +NOTREECHECKS=true + +(cherry picked from commit 8704c7c0b2f79cbe745f293b30d68f4505da7416) + +Change-Id: I3b3a37d64402ea464c8e653517928522a1c5e0da +Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940899 +Reviewed-by: Dominik Inführ +Commit-Queue: Georg Neis +Cr-Original-Commit-Position: refs/branch-heads/9.1@{#67} +Cr-Original-Branched-From: 0e4ac64a8cf298b14034a22f9fe7b085d2cb238d-refs/heads/9.1.269@{#1} +Cr-Original-Branched-From: f565e72d5ba88daae35a59d0f978643e2343e912-refs/heads/master@{#73847} +Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948657 +Reviewed-by: Artem Sumaneev +Commit-Queue: Victor-Gabriel Savu +Cr-Commit-Position: refs/branch-heads/8.6@{#107} +Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} +Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} +--- + +diff --git a/src/compiler-dispatcher/optimizing-compile-dispatcher.cc b/src/compiler-dispatcher/optimizing-compile-dispatcher.cc +index 6848ca2..1316b3d 100644 +--- a/src/compiler-dispatcher/optimizing-compile-dispatcher.cc ++++ b/src/compiler-dispatcher/optimizing-compile-dispatcher.cc +@@ -47,7 +47,6 @@ + worker_thread_runtime_call_stats_( + isolate->counters()->worker_thread_runtime_call_stats()), + dispatcher_(dispatcher) { +- base::MutexGuard lock_guard(&dispatcher_->ref_count_mutex_); + ++dispatcher_->ref_count_; + } + +@@ -95,12 +94,7 @@ + }; + + OptimizingCompileDispatcher::~OptimizingCompileDispatcher() { +-#ifdef DEBUG +- { +- base::MutexGuard lock_guard(&ref_count_mutex_); +- DCHECK_EQ(0, ref_count_); +- } +-#endif ++ DCHECK_EQ(0, ref_count_); + DCHECK_EQ(0, input_queue_length_); + DeleteArray(input_queue_); + } +@@ -227,6 +221,14 @@ + } + } + ++bool OptimizingCompileDispatcher::HasJobs() { ++ DCHECK_EQ(ThreadId::Current(), isolate_->thread_id()); ++ // Note: This relies on {output_queue_} being mutated by a background thread ++ // only when {ref_count_} is not zero. Also, {ref_count_} is never incremented ++ // by a background thread. ++ return !(ref_count_ == 0 && output_queue_.empty()); ++} ++ + void OptimizingCompileDispatcher::QueueForOptimization( + OptimizedCompilationJob* job) { + DCHECK(IsQueueAvailable()); +diff --git a/src/compiler-dispatcher/optimizing-compile-dispatcher.h b/src/compiler-dispatcher/optimizing-compile-dispatcher.h +index 5180382..390e90b 100644 +--- a/src/compiler-dispatcher/optimizing-compile-dispatcher.h ++++ b/src/compiler-dispatcher/optimizing-compile-dispatcher.h +@@ -52,6 +52,9 @@ + + static bool Enabled() { return FLAG_concurrent_recompilation; } + ++ // This method must be called on the main thread. ++ bool HasJobs(); ++ + private: + class CompileTask; + +@@ -87,7 +90,7 @@ + + int blocked_jobs_; + +- int ref_count_; ++ std::atomic ref_count_; + base::Mutex ref_count_mutex_; + base::ConditionVariable ref_count_zero_; + +diff --git a/src/heap/heap.cc b/src/heap/heap.cc +index 8c3d506..465ee7e 100644 +--- a/src/heap/heap.cc ++++ b/src/heap/heap.cc +@@ -21,6 +21,7 @@ + #include "src/codegen/assembler-inl.h" + #include "src/codegen/compilation-cache.h" + #include "src/common/globals.h" ++#include "src/compiler-dispatcher/optimizing-compile-dispatcher.h" + #include "src/debug/debug.h" + #include "src/deoptimizer/deoptimizer.h" + #include "src/execution/isolate-utils-inl.h" +@@ -3029,6 +3030,12 @@ + + if (IsLargeObject(object)) return false; + ++ // Compilation jobs may have references to the object. ++ if (isolate()->concurrent_recompilation_enabled() && ++ isolate()->optimizing_compile_dispatcher()->HasJobs()) { ++ return false; ++ } ++ + // We can move the object start if the page was already swept. + return Page::FromHeapObject(object)->SweepingDone(); + } +diff --git a/test/mjsunit/compiler/regress-1215514.js b/test/mjsunit/compiler/regress-1215514.js +new file mode 100644 +index 0000000..a597b31 +--- /dev/null ++++ b/test/mjsunit/compiler/regress-1215514.js +@@ -0,0 +1,7 @@ ++// Copyright 2021 the V8 project authors. All rights reserved. ++// Use of this source code is governed by a BSD-style license that can be ++// found in the LICENSE file. ++ ++// Flags: --no-concurrent-recompilation ++ ++new Array(4242).shift(); From 6b8a1d2a26789f254431f0b63074906b11867f45 Mon Sep 17 00:00:00 2001 From: PatchUp <73610968+patchup[bot]@users.noreply.github.com> Date: Fri, 18 Jun 2021 20:12:15 +0000 Subject: [PATCH 2/2] chore: update patches --- patches/v8/cherry-pick-9da8fb7c4b80.patch | 34 ++++++++++++----------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/patches/v8/cherry-pick-9da8fb7c4b80.patch b/patches/v8/cherry-pick-9da8fb7c4b80.patch index 2e5d383bb0aa2..ce5dcefcb43fc 100644 --- a/patches/v8/cherry-pick-9da8fb7c4b80.patch +++ b/patches/v8/cherry-pick-9da8fb7c4b80.patch @@ -1,7 +1,10 @@ -From 9da8fb7c4b805b22fb12bc41ea92a4840d43d04e Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Georg Neis -Date: Mon, 07 Jun 2021 10:41:38 +0200 -Subject: [PATCH] [M86-LTS]: Squashed multiple commits. +Date: Mon, 7 Jun 2021 10:41:38 +0200 +Subject: Squashed multiple commits. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit Merged: Disable left-trimming when optimizing compile jobs exist Revision: ac0605a1a486b8d074f116cc365de9d2b6d7c9e5 @@ -29,13 +32,12 @@ Commit-Queue: Victor-Gabriel Savu Cr-Commit-Position: refs/branch-heads/8.6@{#107} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} ---- diff --git a/src/compiler-dispatcher/optimizing-compile-dispatcher.cc b/src/compiler-dispatcher/optimizing-compile-dispatcher.cc -index 6848ca2..1316b3d 100644 +index 528a9babe33041ff85c82e0ba8afbdb975783af8..b47aa5431ca634f677cd4b2441f75d42b3f0a930 100644 --- a/src/compiler-dispatcher/optimizing-compile-dispatcher.cc +++ b/src/compiler-dispatcher/optimizing-compile-dispatcher.cc -@@ -47,7 +47,6 @@ +@@ -47,7 +47,6 @@ class OptimizingCompileDispatcher::CompileTask : public CancelableTask { worker_thread_runtime_call_stats_( isolate->counters()->worker_thread_runtime_call_stats()), dispatcher_(dispatcher) { @@ -43,7 +45,7 @@ index 6848ca2..1316b3d 100644 ++dispatcher_->ref_count_; } -@@ -95,12 +94,7 @@ +@@ -95,12 +94,7 @@ class OptimizingCompileDispatcher::CompileTask : public CancelableTask { }; OptimizingCompileDispatcher::~OptimizingCompileDispatcher() { @@ -57,7 +59,7 @@ index 6848ca2..1316b3d 100644 DCHECK_EQ(0, input_queue_length_); DeleteArray(input_queue_); } -@@ -227,6 +221,14 @@ +@@ -227,6 +221,14 @@ void OptimizingCompileDispatcher::InstallOptimizedFunctions() { } } @@ -73,10 +75,10 @@ index 6848ca2..1316b3d 100644 OptimizedCompilationJob* job) { DCHECK(IsQueueAvailable()); diff --git a/src/compiler-dispatcher/optimizing-compile-dispatcher.h b/src/compiler-dispatcher/optimizing-compile-dispatcher.h -index 5180382..390e90b 100644 +index 51803822d15353af31c446b960c3ee43cc7533fe..390e90b4ab8b7d1680545905ac8ef90c3a9099c9 100644 --- a/src/compiler-dispatcher/optimizing-compile-dispatcher.h +++ b/src/compiler-dispatcher/optimizing-compile-dispatcher.h -@@ -52,6 +52,9 @@ +@@ -52,6 +52,9 @@ class V8_EXPORT_PRIVATE OptimizingCompileDispatcher { static bool Enabled() { return FLAG_concurrent_recompilation; } @@ -86,7 +88,7 @@ index 5180382..390e90b 100644 private: class CompileTask; -@@ -87,7 +90,7 @@ +@@ -87,7 +90,7 @@ class V8_EXPORT_PRIVATE OptimizingCompileDispatcher { int blocked_jobs_; @@ -96,18 +98,18 @@ index 5180382..390e90b 100644 base::ConditionVariable ref_count_zero_; diff --git a/src/heap/heap.cc b/src/heap/heap.cc -index 8c3d506..465ee7e 100644 +index 6755a991df16a9c9d0e9efb2f378e4d68463532c..a017905bfcb0059aa12dbd1bd5a477bcca2dd616 100644 --- a/src/heap/heap.cc +++ b/src/heap/heap.cc -@@ -21,6 +21,7 @@ - #include "src/codegen/assembler-inl.h" +@@ -22,6 +22,7 @@ #include "src/codegen/compilation-cache.h" + #include "src/common/assert-scope.h" #include "src/common/globals.h" +#include "src/compiler-dispatcher/optimizing-compile-dispatcher.h" #include "src/debug/debug.h" #include "src/deoptimizer/deoptimizer.h" #include "src/execution/isolate-utils-inl.h" -@@ -3029,6 +3030,12 @@ +@@ -3036,6 +3037,12 @@ bool Heap::CanMoveObjectStart(HeapObject object) { if (IsLargeObject(object)) return false; @@ -122,7 +124,7 @@ index 8c3d506..465ee7e 100644 } diff --git a/test/mjsunit/compiler/regress-1215514.js b/test/mjsunit/compiler/regress-1215514.js new file mode 100644 -index 0000000..a597b31 +index 0000000000000000000000000000000000000000..a597b310498458fd7219c33ff188ca2a6e543f45 --- /dev/null +++ b/test/mjsunit/compiler/regress-1215514.js @@ -0,0 +1,7 @@