v8
V8 is Google’s open source high-performance JavaScript and WebAssembly engine, written in C++.
Loading...
Searching...
No Matches
mark-compact.cc
Go to the documentation of this file.
1// Copyright 2012 the V8 project authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "src/heap/mark-compact.h"
6
7#include <algorithm>
8#include <atomic>
9#include <iterator>
10#include <memory>
11#include <optional>
12
13#include "src/base/bits.h"
14#include "src/base/logging.h"
15#include "src/base/platform/mutex.h"
16#include "src/base/platform/platform.h"
17#include "src/base/utils/random-number-generator.h"
18#include "src/codegen/compilation-cache.h"
19#include "src/common/assert-scope.h"
20#include "src/common/globals.h"
21#include "src/deoptimizer/deoptimizer.h"
22#include "src/execution/execution.h"
23#include "src/execution/frames-inl.h"
24#include "src/execution/isolate-inl.h"
25#include "src/execution/isolate-utils-inl.h"
26#include "src/execution/vm-state-inl.h"
27#include "src/flags/flags.h"
28#include "src/handles/global-handles.h"
29#include "src/heap/array-buffer-sweeper.h"
30#include "src/heap/base/basic-slot-set.h"
31#include "src/heap/concurrent-marking.h"
32#include "src/heap/ephemeron-remembered-set.h"
33#include "src/heap/evacuation-allocator-inl.h"
34#include "src/heap/evacuation-verifier-inl.h"
35#include "src/heap/gc-tracer-inl.h"
36#include "src/heap/gc-tracer.h"
37#include "src/heap/heap-layout-inl.h"
38#include "src/heap/heap-utils-inl.h"
39#include "src/heap/heap-visitor-inl.h"
40#include "src/heap/heap.h"
41#include "src/heap/incremental-marking.h"
42#include "src/heap/index-generator.h"
43#include "src/heap/large-spaces.h"
44#include "src/heap/live-object-range-inl.h"
45#include "src/heap/mark-compact-inl.h"
46#include "src/heap/mark-sweep-utilities.h"
47#include "src/heap/marking-barrier.h"
48#include "src/heap/marking-inl.h"
49#include "src/heap/marking-state-inl.h"
50#include "src/heap/marking-visitor-inl.h"
51#include "src/heap/marking.h"
52#include "src/heap/memory-allocator.h"
53#include "src/heap/memory-chunk-layout.h"
54#include "src/heap/memory-chunk-metadata.h"
55#include "src/heap/memory-chunk.h"
56#include "src/heap/memory-measurement-inl.h"
57#include "src/heap/memory-measurement.h"
58#include "src/heap/mutable-page-metadata.h"
59#include "src/heap/new-spaces.h"
60#include "src/heap/object-stats.h"
61#include "src/heap/page-metadata-inl.h"
62#include "src/heap/page-metadata.h"
63#include "src/heap/parallel-work-item.h"
64#include "src/heap/pretenuring-handler-inl.h"
65#include "src/heap/pretenuring-handler.h"
66#include "src/heap/read-only-heap.h"
67#include "src/heap/read-only-spaces.h"
68#include "src/heap/remembered-set.h"
69#include "src/heap/safepoint.h"
70#include "src/heap/slot-set.h"
71#include "src/heap/spaces-inl.h"
72#include "src/heap/sweeper.h"
73#include "src/heap/traced-handles-marking-visitor.h"
74#include "src/heap/weak-object-worklists.h"
75#include "src/heap/zapping.h"
76#include "src/init/v8.h"
77#include "src/logging/tracing-flags.h"
78#include "src/objects/embedder-data-array-inl.h"
79#include "src/objects/foreign.h"
80#include "src/objects/hash-table-inl.h"
81#include "src/objects/heap-object-inl.h"
82#include "src/objects/heap-object.h"
83#include "src/objects/instance-type.h"
84#include "src/objects/js-array-buffer-inl.h"
85#include "src/objects/js-objects-inl.h"
86#include "src/objects/maybe-object.h"
87#include "src/objects/objects.h"
88#include "src/objects/slots-inl.h"
89#include "src/objects/smi.h"
90#include "src/objects/string-forwarding-table-inl.h"
91#include "src/objects/transitions-inl.h"
92#include "src/objects/visitors.h"
93#include "src/sandbox/indirect-pointer-tag.h"
94#include "src/snapshot/shared-heap-serializer.h"
95#include "src/tasks/cancelable-task.h"
96#include "src/tracing/tracing-category-observer.h"
97#include "src/utils/utils-inl.h"
98
99#ifdef V8_ENABLE_WEBASSEMBLY
100#include "src/wasm/wasm-code-pointer-table.h"
101#endif
102
103namespace v8 {
104namespace internal {
105
106// =============================================================================
107// Verifiers
108// =============================================================================
109
110#ifdef VERIFY_HEAP
111namespace {
112
113class FullMarkingVerifier : public MarkingVerifierBase {
114 public:
115 explicit FullMarkingVerifier(Heap* heap)
116 : MarkingVerifierBase(heap),
117 marking_state_(heap->non_atomic_marking_state()) {}
118
119 void Run() override {
120 VerifyRoots();
121 VerifyMarking(heap_->new_space());
122 VerifyMarking(heap_->new_lo_space());
123 VerifyMarking(heap_->old_space());
124 VerifyMarking(heap_->code_space());
125 if (heap_->shared_space()) VerifyMarking(heap_->shared_space());
126 VerifyMarking(heap_->lo_space());
127 VerifyMarking(heap_->code_lo_space());
128 if (heap_->shared_lo_space()) VerifyMarking(heap_->shared_lo_space());
129 VerifyMarking(heap_->trusted_space());
130 VerifyMarking(heap_->trusted_lo_space());
131 }
132
133 protected:
134 const MarkingBitmap* bitmap(const MutablePageMetadata* chunk) override {
135 return chunk->marking_bitmap();
136 }
137
138 bool IsMarked(Tagged<HeapObject> object) override {
139 return marking_state_->IsMarked(object);
140 }
141
142 void VerifyMap(Tagged<Map> map) override { VerifyHeapObjectImpl(map); }
143
144 void VerifyPointers(ObjectSlot start, ObjectSlot end) override {
145 VerifyPointersImpl(start, end);
146 }
147
148 void VerifyPointers(MaybeObjectSlot start, MaybeObjectSlot end) override {
149 VerifyPointersImpl(start, end);
150 }
151
152 void VerifyCodePointer(InstructionStreamSlot slot) override {
153 Tagged<Object> maybe_code = slot.load(code_cage_base());
154 Tagged<HeapObject> code;
155 // The slot might contain smi during Code creation, so skip it.
156 if (maybe_code.GetHeapObject(&code)) {
157 VerifyHeapObjectImpl(code);
158 }
159 }
160
161 void VerifyRootPointers(FullObjectSlot start, FullObjectSlot end) override {
162 VerifyPointersImpl(start, end);
163 }
164
165 void VisitCodeTarget(Tagged<InstructionStream> host,
166 RelocInfo* rinfo) override {
167 Tagged<InstructionStream> target =
168 InstructionStream::FromTargetAddress(rinfo->target_address());
169 VerifyHeapObjectImpl(target);
170 }
171
172 void VisitEmbeddedPointer(Tagged<InstructionStream> host,
173 RelocInfo* rinfo) override {
174 CHECK(RelocInfo::IsEmbeddedObjectMode(rinfo->rmode()));
175 Tagged<HeapObject> target_object = rinfo->target_object(cage_base());
176 Tagged<Code> code = UncheckedCast<Code>(host->raw_code(kAcquireLoad));
177 if (!code->IsWeakObject(target_object)) {
178 VerifyHeapObjectImpl(target_object);
179 }
180 }
181
182 private:
183 V8_INLINE void VerifyHeapObjectImpl(Tagged<HeapObject> heap_object) {
184 if (!ShouldVerifyObject(heap_object)) return;
185
186 if (heap_->MustBeInSharedOldSpace(heap_object)) {
187 CHECK(heap_->SharedHeapContains(heap_object));
188 }
189
190 CHECK(HeapLayout::InReadOnlySpace(heap_object) ||
191 (v8_flags.black_allocated_pages &&
192 HeapLayout::InBlackAllocatedPage(heap_object)) ||
193 marking_state_->IsMarked(heap_object));
194 }
195
196 V8_INLINE bool ShouldVerifyObject(Tagged<HeapObject> heap_object) {
197 const bool in_shared_heap = HeapLayout::InWritableSharedSpace(heap_object);
198 return heap_->isolate()->is_shared_space_isolate() ? true : !in_shared_heap;
199 }
200
201 template <typename TSlot>
202 V8_INLINE void VerifyPointersImpl(TSlot start, TSlot end) {
203 PtrComprCageBase cage_base =
204 GetPtrComprCageBaseFromOnHeapAddress(start.address());
205 for (TSlot slot = start; slot < end; ++slot) {
206 typename TSlot::TObject object = slot.load(cage_base);
207#ifdef V8_ENABLE_DIRECT_HANDLE
208 if (object.ptr() == kTaggedNullAddress) continue;
209#endif
210 Tagged<HeapObject> heap_object;
211 if (object.GetHeapObjectIfStrong(&heap_object)) {
212 VerifyHeapObjectImpl(heap_object);
213 }
214 }
215 }
216
217 NonAtomicMarkingState* const marking_state_;
218};
219
220} // namespace
221#endif // VERIFY_HEAP
222
223// ==================================================================
224// MarkCompactCollector
225// ==================================================================
226
227namespace {
228
229int NumberOfAvailableCores() {
230 static int num_cores = V8::GetCurrentPlatform()->NumberOfWorkerThreads() + 1;
231 // This number of cores should be greater than zero and never change.
232 DCHECK_GE(num_cores, 1);
233 DCHECK_EQ(num_cores, V8::GetCurrentPlatform()->NumberOfWorkerThreads() + 1);
234 return num_cores;
235}
236
237int NumberOfParallelCompactionTasks(Heap* heap) {
238 int tasks = v8_flags.parallel_compaction ? NumberOfAvailableCores() : 1;
239 if (!heap->CanPromoteYoungAndExpandOldGeneration(
240 static_cast<size_t>(tasks * PageMetadata::kPageSize))) {
241 // Optimize for memory usage near the heap limit.
242 tasks = 1;
243 }
244 return tasks;
245}
246
247} // namespace
248
249// This visitor is used for marking on the main thread. It is cheaper than
250// the concurrent marking visitor because it does not snapshot JSObjects.
251class MainMarkingVisitor final
252 : public FullMarkingVisitorBase<MainMarkingVisitor> {
253 public:
254 MainMarkingVisitor(MarkingWorklists::Local* local_marking_worklists,
255 WeakObjects::Local* local_weak_objects, Heap* heap,
256 unsigned mark_compact_epoch,
257 base::EnumSet<CodeFlushMode> code_flush_mode,
258 bool should_keep_ages_unchanged,
259 uint16_t code_flushing_increase)
260 : FullMarkingVisitorBase<MainMarkingVisitor>(
261 local_marking_worklists, local_weak_objects, heap,
262 mark_compact_epoch, code_flush_mode, should_keep_ages_unchanged,
263 code_flushing_increase) {}
264
265 private:
266 // Functions required by MarkingVisitorBase.
267
268 template <typename TSlot>
269 void RecordSlot(Tagged<HeapObject> object, TSlot slot,
270 Tagged<HeapObject> target) {
271 MarkCompactCollector::RecordSlot(object, slot, target);
272 }
273
274 void RecordRelocSlot(Tagged<InstructionStream> host, RelocInfo* rinfo,
275 Tagged<HeapObject> target) {
276 MarkCompactCollector::RecordRelocSlot(host, rinfo, target);
277 }
278
279 friend class MarkingVisitorBase<MainMarkingVisitor>;
280};
281
282MarkCompactCollector::MarkCompactCollector(Heap* heap)
283 : heap_(heap),
284#ifdef DEBUG
285 state_(IDLE),
286#endif
287 uses_shared_heap_(heap_->isolate()->has_shared_space()),
288 is_shared_space_isolate_(heap_->isolate()->is_shared_space_isolate()),
289 marking_state_(heap_->marking_state()),
290 non_atomic_marking_state_(heap_->non_atomic_marking_state()),
291 sweeper_(heap_->sweeper()) {
292}
293
294MarkCompactCollector::~MarkCompactCollector() = default;
295
296void MarkCompactCollector::TearDown() {
297 if (heap_->incremental_marking()->IsMajorMarking()) {
298 local_marking_worklists_->Publish();
299 heap_->main_thread_local_heap_->marking_barrier()->PublishIfNeeded();
300 // Marking barriers of LocalHeaps will be published in their destructors.
301 marking_worklists_.Clear();
302 local_weak_objects()->Publish();
303 weak_objects()->Clear();
304 }
305}
306
307void MarkCompactCollector::AddEvacuationCandidate(PageMetadata* p) {
308 DCHECK(!p->Chunk()->NeverEvacuate());
309 DCHECK(!p->Chunk()->IsFlagSet(MemoryChunk::BLACK_ALLOCATED));
310
311 if (v8_flags.trace_evacuation_candidates) {
312 PrintIsolate(
313 heap_->isolate(),
314 "Evacuation candidate: Free bytes: %6zu. Free Lists length: %4d.\n",
315 p->area_size() - p->allocated_bytes(), p->ComputeFreeListsLength());
316 }
317
318 p->MarkEvacuationCandidate();
319 evacuation_candidates_.push_back(p);
320}
321
322static void TraceFragmentation(PagedSpace* space) {
323 int number_of_pages = space->CountTotalPages();
324 intptr_t reserved = (number_of_pages * space->AreaSize());
325 intptr_t free = reserved - space->SizeOfObjects();
326 PrintF("[%s]: %d pages, %d (%.1f%%) free\n", ToString(space->identity()),
327 number_of_pages, static_cast<int>(free),
328 static_cast<double>(free) * 100 / reserved);
329}
330
331bool MarkCompactCollector::StartCompaction(StartCompactionMode mode) {
332 DCHECK(!compacting_);
333 DCHECK(evacuation_candidates_.empty());
334
335 // Bailouts for completely disabled compaction.
336 if (!v8_flags.compact ||
337 (mode == StartCompactionMode::kAtomic && heap_->IsGCWithStack() &&
338 !v8_flags.compact_with_stack) ||
339 (v8_flags.gc_experiment_less_compaction &&
340 !heap_->ShouldReduceMemory()) ||
341 heap_->isolate()->serializer_enabled()) {
342 return false;
343 }
344
345 CollectEvacuationCandidates(heap_->old_space());
346
347 // Don't compact shared space when CSS is enabled, since there may be
348 // DirectHandles on stacks of client isolates.
349 if (!v8_flags.conservative_stack_scanning && heap_->shared_space()) {
350 CollectEvacuationCandidates(heap_->shared_space());
351 }
352
353 CollectEvacuationCandidates(heap_->trusted_space());
354
355 if (heap_->isolate()->AllowsCodeCompaction() &&
356 (!heap_->IsGCWithStack() || v8_flags.compact_code_space_with_stack)) {
357 CollectEvacuationCandidates(heap_->code_space());
358 } else if (v8_flags.trace_fragmentation) {
359 TraceFragmentation(heap_->code_space());
360 }
361
362 compacting_ = !evacuation_candidates_.empty();
363 return compacting_;
364}
365
366namespace {
367
368// Helper function to get the bytecode flushing mode based on the flags. This
369// is required because it is not safe to access flags in concurrent marker.
370base::EnumSet<CodeFlushMode> GetCodeFlushMode(Isolate* isolate) {
371 if (isolate->disable_bytecode_flushing()) {
372 return base::EnumSet<CodeFlushMode>();
373 }
374
375 base::EnumSet<CodeFlushMode> code_flush_mode;
376 if (v8_flags.flush_bytecode) {
377 code_flush_mode.Add(CodeFlushMode::kFlushBytecode);
378 }
379
380 if (v8_flags.flush_baseline_code) {
381 code_flush_mode.Add(CodeFlushMode::kFlushBaselineCode);
382 }
383
384 if (v8_flags.stress_flush_code) {
385 // This is to check tests accidentally don't miss out on adding either flush
386 // bytecode or flush code along with stress flush code. stress_flush_code
387 // doesn't do anything if either one of them isn't enabled.
388 DCHECK(v8_flags.fuzzing || v8_flags.flush_baseline_code ||
389 v8_flags.flush_bytecode);
390 code_flush_mode.Add(CodeFlushMode::kForceFlush);
391 }
392
393 if (isolate->heap()->IsLastResortGC() &&
394 (v8_flags.flush_code_based_on_time ||
395 v8_flags.flush_code_based_on_tab_visibility)) {
396 code_flush_mode.Add(CodeFlushMode::kForceFlush);
397 }
398
399 return code_flush_mode;
400}
401
402} // namespace
403
404void MarkCompactCollector::StartMarking(
405 std::shared_ptr<::heap::base::IncrementalMarkingSchedule> schedule) {
406 // The state for background thread is saved here and maintained for the whole
407 // GC cycle. Both CppHeap and regular V8 heap will refer to this flag.
408 use_background_threads_in_cycle_ = heap_->ShouldUseBackgroundThreads();
409
410 if (v8_flags.sticky_mark_bits) {
411 heap()->Unmark();
412 }
413
414#ifdef V8_COMPRESS_POINTERS
415 heap_->young_external_pointer_space()->StartCompactingIfNeeded();
416 heap_->old_external_pointer_space()->StartCompactingIfNeeded();
417 heap_->cpp_heap_pointer_space()->StartCompactingIfNeeded();
418#endif // V8_COMPRESS_POINTERS
419
420 // CppHeap's marker must be initialized before the V8 marker to allow
421 // exchanging of worklists.
422 if (auto* cpp_heap = CppHeap::From(heap_->cpp_heap())) {
423 TRACE_GC(heap()->tracer(), GCTracer::Scope::MC_MARK_EMBEDDER_PROLOGUE);
424 cpp_heap->InitializeMarking(CppHeap::CollectionType::kMajor, schedule);
425 }
426
427 std::vector<Address> contexts =
428 heap_->memory_measurement()->StartProcessing();
429 if (v8_flags.stress_per_context_marking_worklist) {
430 contexts.clear();
431 HandleScope handle_scope(heap_->isolate());
432 for (auto context : heap_->FindAllNativeContexts()) {
433 contexts.push_back(context->ptr());
434 }
435 }
436 heap_->tracer()->NotifyMarkingStart();
437 code_flush_mode_ = GetCodeFlushMode(heap_->isolate());
438 marking_worklists_.CreateContextWorklists(contexts);
439 auto* cpp_heap = CppHeap::From(heap_->cpp_heap_);
440 local_marking_worklists_ = std::make_unique<MarkingWorklists::Local>(
441 &marking_worklists_,
442 cpp_heap ? cpp_heap->CreateCppMarkingStateForMutatorThread()
443 : MarkingWorklists::Local::kNoCppMarkingState);
444 local_weak_objects_ = std::make_unique<WeakObjects::Local>(weak_objects());
445 marking_visitor_ = std::make_unique<MainMarkingVisitor>(
446 local_marking_worklists_.get(), local_weak_objects_.get(), heap_, epoch(),
447 code_flush_mode(), heap_->ShouldCurrentGCKeepAgesUnchanged(),
448 heap_->tracer()->CodeFlushingIncrease());
449 // This method evicts SFIs with flushed bytecode from the cache before
450 // iterating the compilation cache as part of the root set. SFIs that get
451 // flushed in this GC cycle will get evicted out of the cache in the next GC
452 // cycle. The SFI will remain in the cache until then and may remain in the
453 // cache even longer in case the SFI is re-compiled.
454 heap_->isolate()->compilation_cache()->MarkCompactPrologue();
455 // Marking bits are cleared by the sweeper or unmarker (if sticky mark-bits
456 // are enabled).
457#ifdef VERIFY_HEAP
458 if (v8_flags.verify_heap) {
459 VerifyMarkbitsAreClean();
460 }
461#endif // VERIFY_HEAP
462}
463
464void MarkCompactCollector::MaybeEnableBackgroundThreadsInCycle(
465 CallOrigin origin) {
466 if (v8_flags.concurrent_marking && !use_background_threads_in_cycle_) {
467 // With --parallel_pause_for_gc_in_background we force background threads in
468 // the atomic pause.
469 const bool force_background_threads =
470 v8_flags.parallel_pause_for_gc_in_background &&
471 origin == CallOrigin::kAtomicGC;
472 use_background_threads_in_cycle_ =
473 force_background_threads || heap()->ShouldUseBackgroundThreads();
474
475 if (use_background_threads_in_cycle_) {
476 heap_->concurrent_marking()->RescheduleJobIfNeeded(
477 GarbageCollector::MARK_COMPACTOR);
478
479 if (auto* cpp_heap = CppHeap::From(heap_->cpp_heap_)) {
480 cpp_heap->ReEnableConcurrentMarking();
481 }
482 }
483 }
484}
485
486void MarkCompactCollector::CollectGarbage() {
487 // Make sure that Prepare() has been called. The individual steps below will
488 // update the state as they proceed.
489 DCHECK(state_ == PREPARE_GC);
490
491 MaybeEnableBackgroundThreadsInCycle(CallOrigin::kAtomicGC);
492
493 MarkLiveObjects();
494
495 if (auto* cpp_heap = CppHeap::From(heap_->cpp_heap_)) {
496 cpp_heap->ProcessCrossThreadWeakness();
497 }
498
499 // This will walk dead object graphs and so requires that all references are
500 // still intact.
501 RecordObjectStats();
502 ClearNonLiveReferences();
503 VerifyMarking();
504
505 if (auto* cpp_heap = CppHeap::From(heap_->cpp_heap_)) {
506 cpp_heap->FinishMarkingAndProcessWeakness();
507 }
508
509 heap_->memory_measurement()->FinishProcessing(native_context_stats_);
510
511 Sweep();
512 Evacuate();
513 Finish();
514}
515
516#ifdef VERIFY_HEAP
517
518void MarkCompactCollector::VerifyMarkbitsAreClean(PagedSpaceBase* space) {
519 for (PageMetadata* p : *space) {
520 CHECK(p->marking_bitmap()->IsClean());
521 CHECK_EQ(0, p->live_bytes());
522 }
523}
524
525void MarkCompactCollector::VerifyMarkbitsAreClean(NewSpace* space) {
526 if (!space) return;
527 if (v8_flags.minor_ms) {
528 VerifyMarkbitsAreClean(PagedNewSpace::From(space)->paged_space());
529 return;
530 }
531 for (PageMetadata* p : *space) {
532 CHECK(p->marking_bitmap()->IsClean());
533 CHECK_EQ(0, p->live_bytes());
534 }
535}
536
537void MarkCompactCollector::VerifyMarkbitsAreClean(LargeObjectSpace* space) {
538 if (!space) return;
539 LargeObjectSpaceObjectIterator it(space);
540 for (Tagged<HeapObject> obj = it.Next(); !obj.is_null(); obj = it.Next()) {
541 CHECK(non_atomic_marking_state_->IsUnmarked(obj));
542 CHECK_EQ(0, MutablePageMetadata::FromHeapObject(obj)->live_bytes());
543 }
544}
545
546void MarkCompactCollector::VerifyMarkbitsAreClean() {
547 VerifyMarkbitsAreClean(heap_->old_space());
548 VerifyMarkbitsAreClean(heap_->code_space());
549 VerifyMarkbitsAreClean(heap_->new_space());
550 VerifyMarkbitsAreClean(heap_->lo_space());
551 VerifyMarkbitsAreClean(heap_->code_lo_space());
552 VerifyMarkbitsAreClean(heap_->new_lo_space());
553 VerifyMarkbitsAreClean(heap_->trusted_space());
554 VerifyMarkbitsAreClean(heap_->trusted_lo_space());
555}
556
557#endif // VERIFY_HEAP
558
559void MarkCompactCollector::ComputeEvacuationHeuristics(
560 size_t area_size, int* target_fragmentation_percent,
561 size_t* max_evacuated_bytes) {
562 // For memory reducing and optimize for memory mode we directly define both
563 // constants.
564 const int kTargetFragmentationPercentForReduceMemory = 20;
565 const size_t kMaxEvacuatedBytesForReduceMemory = 12 * MB;
566 const int kTargetFragmentationPercentForOptimizeMemory = 20;
567 const size_t kMaxEvacuatedBytesForOptimizeMemory = 6 * MB;
568
569 // For regular mode (which is latency critical) we define less aggressive
570 // defaults to start and switch to a trace-based (using compaction speed)
571 // approach as soon as we have enough samples.
572 const int kTargetFragmentationPercent = 70;
573 const size_t kMaxEvacuatedBytes = 4 * MB;
574 // Time to take for a single area (=payload of page). Used as soon as there
575 // exist enough compaction speed samples.
576 const float kTargetMsPerArea = .5;
577
578 if (heap_->ShouldReduceMemory()) {
579 *target_fragmentation_percent = kTargetFragmentationPercentForReduceMemory;
580 *max_evacuated_bytes = kMaxEvacuatedBytesForReduceMemory;
581 } else if (heap_->ShouldOptimizeForMemoryUsage()) {
582 *target_fragmentation_percent =
583 kTargetFragmentationPercentForOptimizeMemory;
584 *max_evacuated_bytes = kMaxEvacuatedBytesForOptimizeMemory;
585 } else {
586 const std::optional<double> estimated_compaction_speed =
587 heap_->tracer()->CompactionSpeedInBytesPerMillisecond();
588 if (estimated_compaction_speed.has_value()) {
589 // Estimate the target fragmentation based on traced compaction speed
590 // and a goal for a single page.
591 const double estimated_ms_per_area =
592 1 + area_size / *estimated_compaction_speed;
593 *target_fragmentation_percent = static_cast<int>(
594 100 - 100 * kTargetMsPerArea / estimated_ms_per_area);
595 if (*target_fragmentation_percent <
596 kTargetFragmentationPercentForReduceMemory) {
597 *target_fragmentation_percent =
598 kTargetFragmentationPercentForReduceMemory;
599 }
600 } else {
601 *target_fragmentation_percent = kTargetFragmentationPercent;
602 }
603 *max_evacuated_bytes = kMaxEvacuatedBytes;
604 }
605}
606
607void MarkCompactCollector::CollectEvacuationCandidates(PagedSpace* space) {
608 DCHECK(space->identity() == OLD_SPACE || space->identity() == CODE_SPACE ||
609 space->identity() == SHARED_SPACE ||
610 space->identity() == TRUSTED_SPACE);
611
612 int number_of_pages = space->CountTotalPages();
613 size_t area_size = space->AreaSize();
614
615 const bool in_standard_path =
616 !(v8_flags.manual_evacuation_candidates_selection ||
617 v8_flags.stress_compaction_random || v8_flags.stress_compaction ||
618 v8_flags.compact_on_every_full_gc);
619 // Those variables will only be initialized if |in_standard_path|, and are not
620 // used otherwise.
621 size_t max_evacuated_bytes;
622 int target_fragmentation_percent;
623 size_t free_bytes_threshold;
624 if (in_standard_path) {
625 // We use two conditions to decide whether a page qualifies as an evacuation
626 // candidate, or not:
627 // * Target fragmentation: How fragmented is a page, i.e., how is the ratio
628 // between live bytes and capacity of this page (= area).
629 // * Evacuation quota: A global quota determining how much bytes should be
630 // compacted.
631 ComputeEvacuationHeuristics(area_size, &target_fragmentation_percent,
632 &max_evacuated_bytes);
633 free_bytes_threshold = target_fragmentation_percent * (area_size / 100);
634 }
635
636 // Pairs of (live_bytes_in_page, page).
637 using LiveBytesPagePair = std::pair<size_t, PageMetadata*>;
638 std::vector<LiveBytesPagePair> pages;
639 pages.reserve(number_of_pages);
640
641 DCHECK(!sweeper_->sweeping_in_progress());
642 for (PageMetadata* p : *space) {
643 MemoryChunk* chunk = p->Chunk();
644 if (chunk->NeverEvacuate() || !chunk->CanAllocate()) continue;
645
646 if (chunk->IsPinned()) {
647 DCHECK(!chunk->IsFlagSet(
648 MemoryChunk::FORCE_EVACUATION_CANDIDATE_FOR_TESTING));
649 continue;
650 }
651
652 // Invariant: Evacuation candidates are just created when marking is
653 // started. This means that sweeping has finished. Furthermore, at the end
654 // of a GC all evacuation candidates are cleared and their slot buffers are
655 // released.
656 CHECK(!chunk->IsEvacuationCandidate());
657 CHECK_NULL(p->slot_set<OLD_TO_OLD>());
658 CHECK_NULL(p->typed_slot_set<OLD_TO_OLD>());
659 CHECK(p->SweepingDone());
660 DCHECK(p->area_size() == area_size);
661 if (in_standard_path) {
662 // Only the pages with at more than |free_bytes_threshold| free bytes are
663 // considered for evacuation.
664 if (area_size - p->allocated_bytes() >= free_bytes_threshold) {
665 pages.push_back(std::make_pair(p->allocated_bytes(), p));
666 }
667 } else {
668 pages.push_back(std::make_pair(p->allocated_bytes(), p));
669 }
670 }
671
672 int candidate_count = 0;
673 size_t total_live_bytes = 0;
674
675 const bool reduce_memory = heap_->ShouldReduceMemory();
676 if (v8_flags.manual_evacuation_candidates_selection) {
677 for (size_t i = 0; i < pages.size(); i++) {
678 PageMetadata* p = pages[i].second;
679 MemoryChunk* chunk = p->Chunk();
680 if (chunk->IsFlagSet(
681 MemoryChunk::FORCE_EVACUATION_CANDIDATE_FOR_TESTING)) {
682 candidate_count++;
683 total_live_bytes += pages[i].first;
684 chunk->ClearFlagSlow(
685 MemoryChunk::FORCE_EVACUATION_CANDIDATE_FOR_TESTING);
686 AddEvacuationCandidate(p);
687 }
688 }
689 } else if (v8_flags.stress_compaction_random) {
690 double fraction = heap_->isolate()->fuzzer_rng()->NextDouble();
691 size_t pages_to_mark_count =
692 static_cast<size_t>(fraction * (pages.size() + 1));
693 for (uint64_t i : heap_->isolate()->fuzzer_rng()->NextSample(
694 pages.size(), pages_to_mark_count)) {
695 candidate_count++;
696 total_live_bytes += pages[i].first;
697 AddEvacuationCandidate(pages[i].second);
698 }
699 } else if (v8_flags.stress_compaction) {
700 for (size_t i = 0; i < pages.size(); i++) {
701 PageMetadata* p = pages[i].second;
702 if (i % 2 == 0) {
703 candidate_count++;
704 total_live_bytes += pages[i].first;
705 AddEvacuationCandidate(p);
706 }
707 }
708 } else {
709 // The following approach determines the pages that should be evacuated.
710 //
711 // Sort pages from the most free to the least free, then select
712 // the first n pages for evacuation such that:
713 // - the total size of evacuated objects does not exceed the specified
714 // limit.
715 // - fragmentation of (n+1)-th page does not exceed the specified limit.
716 std::sort(pages.begin(), pages.end(),
717 [](const LiveBytesPagePair& a, const LiveBytesPagePair& b) {
718 return a.first < b.first;
719 });
720 for (size_t i = 0; i < pages.size(); i++) {
721 size_t live_bytes = pages[i].first;
722 DCHECK_GE(area_size, live_bytes);
723 if (v8_flags.compact_on_every_full_gc ||
724 ((total_live_bytes + live_bytes) <= max_evacuated_bytes)) {
725 candidate_count++;
726 total_live_bytes += live_bytes;
727 }
728 if (v8_flags.trace_fragmentation_verbose) {
729 PrintIsolate(heap_->isolate(),
730 "compaction-selection-page: space=%s free_bytes_page=%zu "
731 "fragmentation_limit_kb=%zu "
732 "fragmentation_limit_percent=%d sum_compaction_kb=%zu "
733 "compaction_limit_kb=%zu\n",
734 ToString(space->identity()), (area_size - live_bytes) / KB,
735 free_bytes_threshold / KB, target_fragmentation_percent,
736 total_live_bytes / KB, max_evacuated_bytes / KB);
737 }
738 }
739 // How many pages we will allocated for the evacuated objects
740 // in the worst case: ceil(total_live_bytes / area_size)
741 int estimated_new_pages =
742 static_cast<int>((total_live_bytes + area_size - 1) / area_size);
743 DCHECK_LE(estimated_new_pages, candidate_count);
744 int estimated_released_pages = candidate_count - estimated_new_pages;
745 // Avoid (compact -> expand) cycles.
746 if ((estimated_released_pages == 0) && !v8_flags.compact_on_every_full_gc) {
747 candidate_count = 0;
748 }
749 for (int i = 0; i < candidate_count; i++) {
750 AddEvacuationCandidate(pages[i].second);
751 }
752 }
753
754 if (v8_flags.trace_fragmentation) {
755 PrintIsolate(heap_->isolate(),
756 "compaction-selection: space=%s reduce_memory=%d pages=%d "
757 "total_live_bytes=%zu\n",
758 ToString(space->identity()), reduce_memory, candidate_count,
759 total_live_bytes / KB);
760 }
761}
762
763void MarkCompactCollector::Prepare() {
764#ifdef DEBUG
765 DCHECK(state_ == IDLE);
766 state_ = PREPARE_GC;
767#endif
768
769 DCHECK(!sweeper_->sweeping_in_progress());
770
771 DCHECK_IMPLIES(heap_->incremental_marking()->IsMarking(),
772 heap_->incremental_marking()->IsMajorMarking());
773 if (!heap_->incremental_marking()->IsMarking()) {
774 StartCompaction(StartCompactionMode::kAtomic);
775 StartMarking();
776 if (heap_->cpp_heap_) {
777 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_MARK_EMBEDDER_PROLOGUE);
778 // `StartMarking()` immediately starts marking which requires V8 worklists
779 // to be set up.
780 CppHeap::From(heap_->cpp_heap_)->StartMarking();
781 }
782 }
783 if (auto* new_space = heap_->new_space()) {
784 new_space->GarbageCollectionPrologue();
785 }
786 if (heap_->use_new_space()) {
787 DCHECK_EQ(
788 heap_->allocator()->new_space_allocator()->top(),
789 heap_->allocator()->new_space_allocator()->original_top_acquire());
790 }
791}
792
793void MarkCompactCollector::FinishConcurrentMarking() {
794 // FinishConcurrentMarking is called for both, concurrent and parallel,
795 // marking. It is safe to call this function when tasks are already finished.
796 DCHECK_EQ(heap_->concurrent_marking()->garbage_collector(),
797 GarbageCollector::MARK_COMPACTOR);
798 if (v8_flags.parallel_marking || v8_flags.concurrent_marking) {
799 heap_->concurrent_marking()->Join();
800 heap_->concurrent_marking()->FlushMemoryChunkData();
801 heap_->concurrent_marking()->FlushNativeContexts(&native_context_stats_);
802 }
803 if (auto* cpp_heap = CppHeap::From(heap_->cpp_heap_)) {
804 cpp_heap->FinishConcurrentMarkingIfNeeded();
805 }
806}
807
808void MarkCompactCollector::VerifyMarking() {
809 CHECK(local_marking_worklists_->IsEmpty());
810 DCHECK(heap_->incremental_marking()->IsStopped());
811#ifdef VERIFY_HEAP
812 if (v8_flags.verify_heap) {
813 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_MARK_VERIFY);
814 FullMarkingVerifier verifier(heap_);
815 verifier.Run();
816 heap_->old_space()->VerifyLiveBytes();
817 heap_->code_space()->VerifyLiveBytes();
818 if (heap_->shared_space()) heap_->shared_space()->VerifyLiveBytes();
819 heap_->trusted_space()->VerifyLiveBytes();
820 if (v8_flags.minor_ms && heap_->paged_new_space())
821 heap_->paged_new_space()->paged_space()->VerifyLiveBytes();
822 }
823#endif // VERIFY_HEAP
824}
825
826namespace {
827
828void ShrinkPagesToObjectSizes(Heap* heap, OldLargeObjectSpace* space) {
829 size_t surviving_object_size = 0;
830 PtrComprCageBase cage_base(heap->isolate());
831 for (auto it = space->begin(); it != space->end();) {
832 LargePageMetadata* current = *(it++);
833 Tagged<HeapObject> object = current->GetObject();
834 const size_t object_size = static_cast<size_t>(object->Size(cage_base));
835 space->ShrinkPageToObjectSize(current, object, object_size);
836 surviving_object_size += object_size;
837 }
838 space->set_objects_size(surviving_object_size);
839}
840
841} // namespace
842
843void MarkCompactCollector::Finish() {
844 {
845 TRACE_GC_EPOCH_WITH_FLOW(
846 heap_->tracer(), GCTracer::Scope::MC_SWEEP, ThreadKind::kMain,
847 sweeper_->GetTraceIdForFlowEvent(GCTracer::Scope::MC_SWEEP),
848 TRACE_EVENT_FLAG_FLOW_IN | TRACE_EVENT_FLAG_FLOW_OUT);
849
850 // Delay releasing empty new space pages and dead new large object pages
851 // until after pointer updating is done because dead old space objects may
852 // have slots pointing to these pages and will need to be updated.
853 DCHECK_IMPLIES(!v8_flags.minor_ms,
854 empty_new_space_pages_to_be_swept_.empty());
855 if (!empty_new_space_pages_to_be_swept_.empty()) {
856 GCTracer::Scope sweep_scope(
857 heap_->tracer(), GCTracer::Scope::MC_SWEEP_NEW, ThreadKind::kMain);
858 for (PageMetadata* p : empty_new_space_pages_to_be_swept_) {
859 // Sweeping empty pages already relinks them to the freelist.
860 sweeper_->SweepEmptyNewSpacePage(p);
861 }
862 empty_new_space_pages_to_be_swept_.clear();
863 }
864
865 if (heap_->new_lo_space()) {
866 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_SWEEP_NEW_LO);
867 SweepLargeSpace(heap_->new_lo_space());
868 }
869
870#ifdef DEBUG
871 heap_->VerifyCountersBeforeConcurrentSweeping(
872 GarbageCollector::MARK_COMPACTOR);
873#endif // DEBUG
874 }
875
876 if (heap_->new_space()) {
877 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_EVACUATE);
878 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_EVACUATE_REBALANCE);
879 heap_->ResizeNewSpace();
880 }
881
882 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_FINISH);
883
884 if (heap_->new_space()) {
885 DCHECK(!heap_->allocator()->new_space_allocator()->IsLabValid());
886 heap_->new_space()->GarbageCollectionEpilogue();
887 }
888
889 auto* isolate = heap_->isolate();
890 isolate->global_handles()->ClearListOfYoungNodes();
891
892 SweepArrayBufferExtensions();
893
894 marking_visitor_.reset();
895 local_marking_worklists_.reset();
896 marking_worklists_.ReleaseContextWorklists();
897 native_context_stats_.Clear();
898 key_to_values_.clear();
899
900 CHECK(weak_objects_.current_ephemerons.IsEmpty());
901 local_weak_objects_->next_ephemerons_local.Publish();
902 local_weak_objects_.reset();
903 weak_objects_.next_ephemerons.Clear();
904
905 sweeper_->StartMajorSweeperTasks();
906
907 // Release empty pages now, when the pointer-update phase is done.
908 heap_->memory_allocator()->ReleaseQueuedPages();
909
910 // Shrink pages if possible after processing and filtering slots.
911 ShrinkPagesToObjectSizes(heap_, heap_->lo_space());
912
913#ifdef DEBUG
914 DCHECK(state_ == SWEEP_SPACES || state_ == RELOCATE_OBJECTS);
915 state_ = IDLE;
916#endif
917
918 if (have_code_to_deoptimize_) {
919 // Some code objects were marked for deoptimization during the GC.
920 Deoptimizer::DeoptimizeMarkedCode(isolate);
921 have_code_to_deoptimize_ = false;
922 }
923}
924
932
933// This visitor is used to visit the body of special objects held alive by
934// other roots.
935//
936// It is currently used for
937// - InstructionStream held alive by the top optimized frame. This code cannot
938// be deoptimized and thus have to be kept alive in an isolate way, i.e., it
939// should not keep alive other code objects reachable through the weak list but
940// they should keep alive its embedded pointers (which would otherwise be
941// dropped).
942// - Prefix of the string table.
943// - If V8_ENABLE_SANDBOX, client Isolates' waiter queue node
944// ExternalPointer_t in shared Isolates.
945class MarkCompactCollector::CustomRootBodyMarkingVisitor final
946 : public ObjectVisitorWithCageBases {
947 public:
948 explicit CustomRootBodyMarkingVisitor(MarkCompactCollector* collector)
949 : ObjectVisitorWithCageBases(collector->heap_->isolate()),
950 collector_(collector) {}
951
952 void VisitPointer(Tagged<HeapObject> host, ObjectSlot p) final {
953 MarkObject(host, p.load(cage_base()));
954 }
955
956 void VisitMapPointer(Tagged<HeapObject> host) final {
957 MarkObject(host, host->map(cage_base()));
958 }
959
960 void VisitPointers(Tagged<HeapObject> host, ObjectSlot start,
961 ObjectSlot end) final {
962 for (ObjectSlot p = start; p < end; ++p) {
963 // The map slot should be handled in VisitMapPointer.
964 DCHECK_NE(host->map_slot(), p);
965 DCHECK(!HasWeakHeapObjectTag(p.load(cage_base())));
966 MarkObject(host, p.load(cage_base()));
967 }
968 }
969
970 void VisitInstructionStreamPointer(Tagged<Code> host,
971 InstructionStreamSlot slot) override {
972 MarkObject(host, slot.load(code_cage_base()));
973 }
974
975 void VisitPointers(Tagged<HeapObject> host, MaybeObjectSlot start,
976 MaybeObjectSlot end) final {
977 // At the moment, custom roots cannot contain weak pointers.
978 UNREACHABLE();
979 }
980
981 void VisitCodeTarget(Tagged<InstructionStream> host,
982 RelocInfo* rinfo) override {
983 Tagged<InstructionStream> target =
984 InstructionStream::FromTargetAddress(rinfo->target_address());
985 MarkObject(host, target);
986 }
987
988 void VisitEmbeddedPointer(Tagged<InstructionStream> host,
989 RelocInfo* rinfo) override {
990 MarkObject(host, rinfo->target_object(cage_base()));
991 }
992
993 private:
994 V8_INLINE void MarkObject(Tagged<HeapObject> host, Tagged<Object> object) {
995 if (!IsHeapObject(object)) return;
996 Tagged<HeapObject> heap_object = Cast<HeapObject>(object);
997 const auto target_worklist =
998 MarkingHelper::ShouldMarkObject(collector_->heap(), heap_object);
999 if (!target_worklist) {
1000 return;
1001 }
1002 collector_->MarkObject(host, heap_object, target_worklist.value());
1003 }
1004
1005 MarkCompactCollector* const collector_;
1006};
1007
1008class MarkCompactCollector::SharedHeapObjectVisitor final
1009 : public HeapVisitor<MarkCompactCollector::SharedHeapObjectVisitor> {
1010 public:
1011 explicit SharedHeapObjectVisitor(MarkCompactCollector* collector)
1012 : HeapVisitor(collector->heap_->isolate()), collector_(collector) {}
1013
1014 void VisitPointer(Tagged<HeapObject> host, ObjectSlot p) final {
1015 CheckForSharedObject(host, p, p.load(cage_base()));
1016 }
1017
1018 void VisitPointer(Tagged<HeapObject> host, MaybeObjectSlot p) final {
1019 Tagged<MaybeObject> object = p.load(cage_base());
1020 Tagged<HeapObject> heap_object;
1021 if (object.GetHeapObject(&heap_object))
1022 CheckForSharedObject(host, ObjectSlot(p), heap_object);
1023 }
1024
1025 void VisitMapPointer(Tagged<HeapObject> host) final {
1026 CheckForSharedObject(host, host->map_slot(), host->map(cage_base()));
1027 }
1028
1029 void VisitPointers(Tagged<HeapObject> host, ObjectSlot start,
1030 ObjectSlot end) final {
1031 for (ObjectSlot p = start; p < end; ++p) {
1032 // The map slot should be handled in VisitMapPointer.
1033 DCHECK_NE(host->map_slot(), p);
1034 DCHECK(!HasWeakHeapObjectTag(p.load(cage_base())));
1035 CheckForSharedObject(host, p, p.load(cage_base()));
1036 }
1037 }
1038
1039 void VisitInstructionStreamPointer(Tagged<Code> host,
1040 InstructionStreamSlot slot) override {
1041 UNREACHABLE();
1042 }
1043
1044 void VisitPointers(Tagged<HeapObject> host, MaybeObjectSlot start,
1045 MaybeObjectSlot end) final {
1046 for (MaybeObjectSlot p = start; p < end; ++p) {
1047 // The map slot should be handled in VisitMapPointer.
1048 DCHECK_NE(host->map_slot(), ObjectSlot(p));
1049 VisitPointer(host, p);
1050 }
1051 }
1052
1053 void VisitCodeTarget(Tagged<InstructionStream> host,
1054 RelocInfo* rinfo) override {
1055 UNREACHABLE();
1056 }
1057
1058 void VisitEmbeddedPointer(Tagged<InstructionStream> host,
1059 RelocInfo* rinfo) override {
1060 UNREACHABLE();
1061 }
1062
1063 private:
1064 V8_INLINE void CheckForSharedObject(Tagged<HeapObject> host, ObjectSlot slot,
1065 Tagged<Object> object) {
1066 DCHECK(!HeapLayout::InAnySharedSpace(host));
1067 Tagged<HeapObject> heap_object;
1068 if (!object.GetHeapObject(&heap_object)) return;
1069 if (!HeapLayout::InWritableSharedSpace(heap_object)) return;
1070 DCHECK(HeapLayout::InWritableSharedSpace(heap_object));
1071 MemoryChunk* host_chunk = MemoryChunk::FromHeapObject(host);
1072 MutablePageMetadata* host_page_metadata =
1073 MutablePageMetadata::cast(host_chunk->Metadata());
1074 DCHECK(HeapLayout::InYoungGeneration(host));
1075 // Temporarily record new-to-shared slots in the old-to-shared remembered
1076 // set so we don't need to iterate the page again later for updating the
1077 // references.
1078 RememberedSet<OLD_TO_SHARED>::Insert<AccessMode::NON_ATOMIC>(
1079 host_page_metadata, host_chunk->Offset(slot.address()));
1080 if (MarkingHelper::ShouldMarkObject(collector_->heap(), heap_object)) {
1081 collector_->MarkRootObject(Root::kClientHeap, heap_object,
1082 MarkingHelper::WorklistTarget::kRegular);
1083 }
1084 }
1085
1086 MarkCompactCollector* const collector_;
1087};
1088
1089class InternalizedStringTableCleaner final : public RootVisitor {
1090 public:
1091 explicit InternalizedStringTableCleaner(Heap* heap) : heap_(heap) {}
1092
1093 void VisitRootPointers(Root root, const char* description,
1094 FullObjectSlot start, FullObjectSlot end) override {
1095 UNREACHABLE();
1096 }
1097
1098 void VisitRootPointers(Root root, const char* description,
1099 OffHeapObjectSlot start,
1100 OffHeapObjectSlot end) override {
1101 DCHECK_EQ(root, Root::kStringTable);
1102 // Visit all HeapObject pointers in [start, end).
1103 Isolate* const isolate = heap_->isolate();
1104 for (OffHeapObjectSlot p = start; p < end; ++p) {
1105 Tagged<Object> o = p.load(isolate);
1106 if (IsHeapObject(o)) {
1107 Tagged<HeapObject> heap_object = Cast<HeapObject>(o);
1108 DCHECK(!HeapLayout::InYoungGeneration(heap_object));
1109 if (MarkingHelper::IsUnmarkedAndNotAlwaysLive(
1110 heap_, heap_->marking_state(), heap_object)) {
1111 pointers_removed_++;
1112 p.store(StringTable::deleted_element());
1113 }
1114 }
1115 }
1116 }
1117
1118 int PointersRemoved() const { return pointers_removed_; }
1119
1120 private:
1121 Heap* heap_;
1122 int pointers_removed_ = 0;
1123};
1124
1125#ifdef V8_ENABLE_SANDBOX
1126class MarkExternalPointerFromExternalStringTable : public RootVisitor {
1127 public:
1128 explicit MarkExternalPointerFromExternalStringTable(
1129 ExternalPointerTable* shared_table, ExternalPointerTable::Space* space)
1130 : visitor(shared_table, space) {}
1131
1132 void VisitRootPointers(Root root, const char* description,
1133 FullObjectSlot start, FullObjectSlot end) override {
1134 // Visit all HeapObject pointers in [start, end).
1135 for (FullObjectSlot p = start; p < end; ++p) {
1136 Tagged<Object> o = *p;
1137 if (IsHeapObject(o)) {
1138 Tagged<HeapObject> heap_object = Cast<HeapObject>(o);
1139 if (IsExternalString(heap_object)) {
1140 Tagged<ExternalString> string = Cast<ExternalString>(heap_object);
1141 string->VisitExternalPointers(&visitor);
1142 } else {
1143 // The original external string may have been internalized.
1144 DCHECK(IsThinString(o));
1145 }
1146 }
1147 }
1148 }
1149
1150 private:
1151 class MarkExternalPointerTableVisitor : public ObjectVisitor {
1152 public:
1153 explicit MarkExternalPointerTableVisitor(ExternalPointerTable* table,
1154 ExternalPointerTable::Space* space)
1155 : table_(table), space_(space) {}
1156 void VisitExternalPointer(Tagged<HeapObject> host,
1157 ExternalPointerSlot slot) override {
1158 DCHECK(!slot.tag_range().IsEmpty());
1159 DCHECK(IsSharedExternalPointerType(slot.tag_range()));
1160 ExternalPointerHandle handle = slot.Relaxed_LoadHandle();
1161 table_->Mark(space_, handle, slot.address());
1162 }
1163 void VisitPointers(Tagged<HeapObject> host, ObjectSlot start,
1164 ObjectSlot end) override {
1165 UNREACHABLE();
1166 }
1167 void VisitPointers(Tagged<HeapObject> host, MaybeObjectSlot start,
1168 MaybeObjectSlot end) override {
1169 UNREACHABLE();
1170 }
1171 void VisitInstructionStreamPointer(Tagged<Code> host,
1172 InstructionStreamSlot slot) override {
1173 UNREACHABLE();
1174 }
1175 void VisitCodeTarget(Tagged<InstructionStream> host,
1176 RelocInfo* rinfo) override {
1177 UNREACHABLE();
1178 }
1179 void VisitEmbeddedPointer(Tagged<InstructionStream> host,
1180 RelocInfo* rinfo) override {
1181 UNREACHABLE();
1182 }
1183
1184 private:
1185 ExternalPointerTable* table_;
1186 ExternalPointerTable::Space* space_;
1187 };
1188
1189 MarkExternalPointerTableVisitor visitor;
1190};
1191#endif // V8_ENABLE_SANDBOX
1192
1193// Implementation of WeakObjectRetainer for mark compact GCs. All marked objects
1194// are retained.
1195class MarkCompactWeakObjectRetainer : public WeakObjectRetainer {
1196 public:
1197 MarkCompactWeakObjectRetainer(Heap* heap, MarkingState* marking_state)
1198 : heap_(heap), marking_state_(marking_state) {}
1199
1200 Tagged<Object> RetainAs(Tagged<Object> object) override {
1201 Tagged<HeapObject> heap_object = Cast<HeapObject>(object);
1202 if (MarkingHelper::IsMarkedOrAlwaysLive(heap_, marking_state_,
1203 heap_object)) {
1204 return object;
1205 } else if (IsAllocationSite(heap_object) &&
1206 !Cast<AllocationSite>(object)->IsZombie()) {
1207 // "dead" AllocationSites need to live long enough for a traversal of new
1208 // space. These sites get a one-time reprieve.
1209
1210 Tagged<Object> nested = object;
1211 while (IsAllocationSite(nested)) {
1212 Tagged<AllocationSite> current_site = Cast<AllocationSite>(nested);
1213 // MarkZombie will override the nested_site, read it first before
1214 // marking
1215 nested = current_site->nested_site();
1216 current_site->MarkZombie();
1217 marking_state_->TryMarkAndAccountLiveBytes(current_site);
1218 }
1219
1220 return object;
1221 } else {
1222 return Smi::zero();
1223 }
1224 }
1225
1226 private:
1227 Heap* const heap_;
1228 MarkingState* const marking_state_;
1229};
1230
1231class RecordMigratedSlotVisitor
1232 : public HeapVisitor<RecordMigratedSlotVisitor> {
1233 public:
1234 explicit RecordMigratedSlotVisitor(Heap* heap)
1235 : HeapVisitor(heap->isolate()), heap_(heap) {}
1236
1237 V8_INLINE static constexpr bool UsePrecomputedObjectSize() { return true; }
1238
1239 inline void VisitPointer(Tagged<HeapObject> host, ObjectSlot p) final {
1240 DCHECK(!HasWeakHeapObjectTag(p.load(cage_base())));
1241 RecordMigratedSlot(host, p.load(cage_base()), p.address());
1242 }
1243
1244 inline void VisitMapPointer(Tagged<HeapObject> host) final {
1245 VisitPointer(host, host->map_slot());
1246 }
1247
1248 inline void VisitPointer(Tagged<HeapObject> host, MaybeObjectSlot p) final {
1249 DCHECK(!MapWord::IsPacked(p.Relaxed_Load(cage_base()).ptr()));
1250 RecordMigratedSlot(host, p.load(cage_base()), p.address());
1251 }
1252
1253 inline void VisitPointers(Tagged<HeapObject> host, ObjectSlot start,
1254 ObjectSlot end) final {
1255 while (start < end) {
1256 VisitPointer(host, start);
1257 ++start;
1258 }
1259 }
1260
1261 inline void VisitPointers(Tagged<HeapObject> host, MaybeObjectSlot start,
1262 MaybeObjectSlot end) final {
1263 while (start < end) {
1264 VisitPointer(host, start);
1265 ++start;
1266 }
1267 }
1268
1269 inline void VisitInstructionStreamPointer(Tagged<Code> host,
1270 InstructionStreamSlot slot) final {
1271 // This code is similar to the implementation of VisitPointer() modulo
1272 // new kind of slot.
1273 DCHECK(!HasWeakHeapObjectTag(slot.load(code_cage_base())));
1274 Tagged<Object> code = slot.load(code_cage_base());
1275 RecordMigratedSlot(host, code, slot.address());
1276 }
1277
1278 inline void VisitEphemeron(Tagged<HeapObject> host, int index, ObjectSlot key,
1279 ObjectSlot value) override {
1280 DCHECK(IsEphemeronHashTable(host));
1281 DCHECK(!HeapLayout::InYoungGeneration(host));
1282
1283 // Simply record ephemeron keys in OLD_TO_NEW if it points into the young
1284 // generation instead of recording it in ephemeron_remembered_set here for
1285 // migrated objects. OLD_TO_NEW is per page and we can therefore easily
1286 // record in OLD_TO_NEW on different pages in parallel without merging. Both
1287 // sets are anyways guaranteed to be empty after a full GC.
1288 VisitPointer(host, key);
1289 VisitPointer(host, value);
1290 }
1291
1292 inline void VisitCodeTarget(Tagged<InstructionStream> host,
1293 RelocInfo* rinfo) override {
1294 DCHECK(RelocInfo::IsCodeTargetMode(rinfo->rmode()));
1295 Tagged<InstructionStream> target =
1296 InstructionStream::FromTargetAddress(rinfo->target_address());
1297 // The target is always in old space, we don't have to record the slot in
1298 // the old-to-new remembered set.
1299 DCHECK(!HeapLayout::InYoungGeneration(target));
1300 DCHECK(!HeapLayout::InWritableSharedSpace(target));
1301 heap_->mark_compact_collector()->RecordRelocSlot(host, rinfo, target);
1302 }
1303
1304 inline void VisitEmbeddedPointer(Tagged<InstructionStream> host,
1305 RelocInfo* rinfo) override {
1306 DCHECK(RelocInfo::IsEmbeddedObjectMode(rinfo->rmode()));
1307 Tagged<HeapObject> object = rinfo->target_object(cage_base());
1308 WriteBarrier::GenerationalForRelocInfo(host, rinfo, object);
1309 WriteBarrier::SharedForRelocInfo(host, rinfo, object);
1310 heap_->mark_compact_collector()->RecordRelocSlot(host, rinfo, object);
1311 }
1312
1313 // Entries that are skipped for recording.
1314 inline void VisitExternalReference(Tagged<InstructionStream> host,
1315 RelocInfo* rinfo) final {}
1316 inline void VisitInternalReference(Tagged<InstructionStream> host,
1317 RelocInfo* rinfo) final {}
1318 inline void VisitExternalPointer(Tagged<HeapObject> host,
1319 ExternalPointerSlot slot) final {}
1320
1321 inline void VisitIndirectPointer(Tagged<HeapObject> host,
1322 IndirectPointerSlot slot,
1323 IndirectPointerMode mode) final {}
1324
1327
1328 inline void VisitProtectedPointer(Tagged<TrustedObject> host,
1329 ProtectedPointerSlot slot) final {
1330 RecordMigratedSlot(host, slot.load(), slot.address());
1331 }
1332
1333 inline void VisitProtectedPointer(Tagged<TrustedObject> host,
1334 ProtectedMaybeObjectSlot slot) final {
1335 DCHECK(!MapWord::IsPacked(slot.Relaxed_Load().ptr()));
1336 RecordMigratedSlot(host, slot.load(), slot.address());
1337 }
1338
1339 protected:
1340 inline void RecordMigratedSlot(Tagged<HeapObject> host,
1341 Tagged<MaybeObject> value, Address slot) {
1342 if (value.IsStrongOrWeak()) {
1343 MemoryChunk* value_chunk = MemoryChunk::FromAddress(value.ptr());
1344 MemoryChunk* host_chunk = MemoryChunk::FromHeapObject(host);
1345 if (HeapLayout::InYoungGeneration(value)) {
1346 MutablePageMetadata* host_metadata =
1347 MutablePageMetadata::cast(host_chunk->Metadata());
1348 DCHECK_IMPLIES(value_chunk->IsToPage(),
1349 v8_flags.minor_ms || value_chunk->IsLargePage());
1350 DCHECK(host_metadata->SweepingDone());
1351 RememberedSet<OLD_TO_NEW>::Insert<AccessMode::NON_ATOMIC>(
1352 host_metadata, host_chunk->Offset(slot));
1353 } else if (value_chunk->IsEvacuationCandidate()) {
1354 MutablePageMetadata* host_metadata =
1355 MutablePageMetadata::cast(host_chunk->Metadata());
1356 if (value_chunk->IsFlagSet(MemoryChunk::IS_EXECUTABLE)) {
1357 // TODO(377724745): currently needed because flags are untrusted.
1358 SBXCHECK(!InsideSandbox(value_chunk->address()));
1359 RememberedSet<TRUSTED_TO_CODE>::Insert<AccessMode::NON_ATOMIC>(
1360 host_metadata, host_chunk->Offset(slot));
1361 } else if (value_chunk->IsFlagSet(MemoryChunk::IS_TRUSTED) &&
1362 host_chunk->IsFlagSet(MemoryChunk::IS_TRUSTED)) {
1363 // When the sandbox is disabled, we use plain tagged pointers to
1364 // reference trusted objects from untrusted ones. However, for these
1365 // references we want to use the OLD_TO_OLD remembered set, so here
1366 // we need to check that both the value chunk and the host chunk are
1367 // trusted space chunks.
1368 // TODO(377724745): currently needed because flags are untrusted.
1369 SBXCHECK(!InsideSandbox(value_chunk->address()));
1370 if (value_chunk->InWritableSharedSpace()) {
1371 RememberedSet<TRUSTED_TO_SHARED_TRUSTED>::Insert<
1372 AccessMode::NON_ATOMIC>(host_metadata,
1373 host_chunk->Offset(slot));
1374 } else {
1375 RememberedSet<TRUSTED_TO_TRUSTED>::Insert<AccessMode::NON_ATOMIC>(
1376 host_metadata, host_chunk->Offset(slot));
1377 }
1378 } else {
1379 RememberedSet<OLD_TO_OLD>::Insert<AccessMode::NON_ATOMIC>(
1380 host_metadata, host_chunk->Offset(slot));
1381 }
1382 } else if (value_chunk->InWritableSharedSpace() &&
1383 !HeapLayout::InWritableSharedSpace(host)) {
1384 MutablePageMetadata* host_metadata =
1385 MutablePageMetadata::cast(host_chunk->Metadata());
1386 if (value_chunk->IsFlagSet(MemoryChunk::IS_TRUSTED) &&
1387 host_chunk->IsFlagSet(MemoryChunk::IS_TRUSTED)) {
1388 RememberedSet<TRUSTED_TO_SHARED_TRUSTED>::Insert<
1389 AccessMode::NON_ATOMIC>(host_metadata, host_chunk->Offset(slot));
1390 } else {
1391 RememberedSet<OLD_TO_SHARED>::Insert<AccessMode::NON_ATOMIC>(
1392 host_metadata, host_chunk->Offset(slot));
1393 }
1394 }
1395 }
1396 }
1397
1398 Heap* const heap_;
1399};
1400
1401class MigrationObserver {
1402 public:
1403 explicit MigrationObserver(Heap* heap) : heap_(heap) {}
1404
1405 virtual ~MigrationObserver() = default;
1406 virtual void Move(AllocationSpace dest, Tagged<HeapObject> src,
1407 Tagged<HeapObject> dst, int size) = 0;
1408
1409 protected:
1410 Heap* heap_;
1411};
1412
1413class ProfilingMigrationObserver final : public MigrationObserver {
1414 public:
1415 explicit ProfilingMigrationObserver(Heap* heap) : MigrationObserver(heap) {}
1416
1417 inline void Move(AllocationSpace dest, Tagged<HeapObject> src,
1418 Tagged<HeapObject> dst, int size) final {
1419 // Note this method is called in a concurrent setting. The current object
1420 // (src and dst) is somewhat safe to access without precautions, but other
1421 // objects may be subject to concurrent modification.
1422 if (dest == CODE_SPACE) {
1423 PROFILE(heap_->isolate(), CodeMoveEvent(Cast<InstructionStream>(src),
1424 Cast<InstructionStream>(dst)));
1425 } else if ((dest == OLD_SPACE || dest == TRUSTED_SPACE) &&
1426 IsBytecodeArray(dst)) {
1427 // TODO(saelo): remove `dest == OLD_SPACE` once BytecodeArrays are
1428 // allocated in trusted space.
1429 PROFILE(heap_->isolate(), BytecodeMoveEvent(Cast<BytecodeArray>(src),
1430 Cast<BytecodeArray>(dst)));
1431 }
1432 heap_->OnMoveEvent(src, dst, size);
1433 }
1434};
1435
1436class HeapObjectVisitor {
1437 public:
1438 virtual ~HeapObjectVisitor() = default;
1439 virtual bool Visit(Tagged<HeapObject> object, int size) = 0;
1440};
1441
1442class EvacuateVisitorBase : public HeapObjectVisitor {
1443 public:
1448
1449#if DEBUG
1450 void DisableAbortEvacuationAtAddress(MutablePageMetadata* chunk) {
1451 abort_evacuation_at_address_ = chunk->area_end();
1452 }
1453
1454 void SetUpAbortEvacuationAtAddress(MutablePageMetadata* chunk) {
1455 if (v8_flags.stress_compaction || v8_flags.stress_compaction_random) {
1456 // Stress aborting of evacuation by aborting ~5% of evacuation candidates
1457 // when stress testing.
1458 const double kFraction = 0.05;
1459
1460 if (rng_->NextDouble() < kFraction) {
1461 const double abort_evacuation_percentage = rng_->NextDouble();
1462 abort_evacuation_at_address_ =
1463 chunk->area_start() +
1464 abort_evacuation_percentage * chunk->area_size();
1465 return;
1466 }
1467 }
1468
1469 abort_evacuation_at_address_ = chunk->area_end();
1470 }
1471#endif // DEBUG
1472
1473 protected:
1474 enum MigrationMode { kFast, kObserved };
1475
1476 PtrComprCageBase cage_base() {
1477#if V8_COMPRESS_POINTERS
1478 return PtrComprCageBase{heap_->isolate()};
1479#else
1480 return PtrComprCageBase{};
1481#endif // V8_COMPRESS_POINTERS
1482 }
1483
1484 using MigrateFunction = void (*)(EvacuateVisitorBase* base,
1485 Tagged<HeapObject> dst,
1486 Tagged<HeapObject> src, int size,
1487 AllocationSpace dest);
1488
1489 template <MigrationMode mode>
1490 static void RawMigrateObject(EvacuateVisitorBase* base,
1491 Tagged<HeapObject> dst, Tagged<HeapObject> src,
1492 int size, AllocationSpace dest) {
1493 Address dst_addr = dst.address();
1494 Address src_addr = src.address();
1495 PtrComprCageBase cage_base = base->cage_base();
1496 DCHECK(base->heap_->AllowedToBeMigrated(src->map(cage_base), src, dest));
1497 DCHECK_NE(dest, LO_SPACE);
1498 DCHECK_NE(dest, CODE_LO_SPACE);
1499 DCHECK_NE(dest, TRUSTED_LO_SPACE);
1500 if (dest == OLD_SPACE) {
1501 DCHECK_OBJECT_SIZE(size);
1502 DCHECK(IsAligned(size, kTaggedSize));
1503 base->heap_->CopyBlock(dst_addr, src_addr, size);
1504 if (mode != MigrationMode::kFast) {
1505 base->ExecuteMigrationObservers(dest, src, dst, size);
1506 }
1507 // In case the object's map gets relocated during GC we load the old map
1508 // here. This is fine since they store the same content.
1509 base->record_visitor_->Visit(dst->map(cage_base), dst, size);
1510 } else if (dest == SHARED_SPACE) {
1511 DCHECK_OBJECT_SIZE(size);
1512 DCHECK(IsAligned(size, kTaggedSize));
1513 base->heap_->CopyBlock(dst_addr, src_addr, size);
1514 if (mode != MigrationMode::kFast) {
1515 base->ExecuteMigrationObservers(dest, src, dst, size);
1516 }
1517 base->record_visitor_->Visit(dst->map(cage_base), dst, size);
1518 } else if (dest == TRUSTED_SPACE) {
1519 DCHECK_OBJECT_SIZE(size);
1520 DCHECK(IsAligned(size, kTaggedSize));
1521 base->heap_->CopyBlock(dst_addr, src_addr, size);
1522 if (mode != MigrationMode::kFast) {
1523 base->ExecuteMigrationObservers(dest, src, dst, size);
1524 }
1525 // In case the object's map gets relocated during GC we load the old map
1526 // here. This is fine since they store the same content.
1527 base->record_visitor_->Visit(dst->map(cage_base), dst, size);
1528 } else if (dest == CODE_SPACE) {
1529 DCHECK_CODEOBJECT_SIZE(size);
1530 {
1531 WritableJitAllocation writable_allocation =
1532 ThreadIsolation::RegisterInstructionStreamAllocation(dst_addr,
1533 size);
1534 DCHECK_GT(size, InstructionStream::kHeaderSize);
1535 writable_allocation.CopyData(0, reinterpret_cast<uint8_t*>(src_addr),
1536 InstructionStream::kHeaderSize);
1537 writable_allocation.CopyCode(
1538 InstructionStream::kHeaderSize,
1539 reinterpret_cast<uint8_t*>(src_addr +
1540 InstructionStream::kHeaderSize),
1541 size - InstructionStream::kHeaderSize);
1542 Tagged<InstructionStream> istream = Cast<InstructionStream>(dst);
1543 istream->Relocate(writable_allocation, dst_addr - src_addr);
1544 }
1545 if (mode != MigrationMode::kFast) {
1546 base->ExecuteMigrationObservers(dest, src, dst, size);
1547 }
1548 // In case the object's map gets relocated during GC we load the old map
1549 // here. This is fine since they store the same content.
1550 base->record_visitor_->Visit(dst->map(cage_base), dst, size);
1551 } else {
1552 DCHECK_OBJECT_SIZE(size);
1553 DCHECK(dest == NEW_SPACE);
1554 base->heap_->CopyBlock(dst_addr, src_addr, size);
1555 if (mode != MigrationMode::kFast) {
1556 base->ExecuteMigrationObservers(dest, src, dst, size);
1557 }
1558 }
1559
1560 if (dest == CODE_SPACE) {
1561 WritableJitAllocation jit_allocation =
1562 WritableJitAllocation::ForInstructionStream(
1563 Cast<InstructionStream>(src));
1564 jit_allocation.WriteHeaderSlot<MapWord, HeapObject::kMapOffset>(
1565 MapWord::FromForwardingAddress(src, dst));
1566 } else {
1567 src->set_map_word_forwarded(dst, kRelaxedStore);
1568 }
1569 }
1570
1571 EvacuateVisitorBase(Heap* heap, EvacuationAllocator* local_allocator,
1572 RecordMigratedSlotVisitor* record_visitor)
1573 : heap_(heap),
1574 local_allocator_(local_allocator),
1575 record_visitor_(record_visitor),
1576 shared_string_table_(v8_flags.shared_string_table &&
1577 heap->isolate()->has_shared_space()) {
1578 migration_function_ = RawMigrateObject<MigrationMode::kFast>;
1579#if DEBUG
1580 rng_.emplace(heap_->isolate()->fuzzer_rng()->NextInt64());
1581#endif // DEBUG
1582 }
1583
1584 inline bool TryEvacuateObject(AllocationSpace target_space,
1585 Tagged<HeapObject> object, int size,
1586 Tagged<HeapObject>* target_object) {
1587#if DEBUG
1588 DCHECK_LE(abort_evacuation_at_address_,
1589 MutablePageMetadata::FromHeapObject(object)->area_end());
1590 DCHECK_GE(abort_evacuation_at_address_,
1591 MutablePageMetadata::FromHeapObject(object)->area_start());
1592
1593 if (V8_UNLIKELY(object.address() >= abort_evacuation_at_address_)) {
1594 return false;
1595 }
1596#endif // DEBUG
1597
1598 Tagged<Map> map = object->map(cage_base());
1599 AllocationAlignment alignment = HeapObject::RequiredAlignment(map);
1600 AllocationResult allocation;
1601 if (target_space == OLD_SPACE && ShouldPromoteIntoSharedHeap(map)) {
1602 allocation = local_allocator_->Allocate(SHARED_SPACE, size, alignment);
1603 } else {
1604 allocation = local_allocator_->Allocate(target_space, size, alignment);
1605 }
1606 if (allocation.To(target_object)) {
1607 MigrateObject(*target_object, object, size, target_space);
1608 return true;
1609 }
1610 return false;
1611 }
1612
1613 inline bool ShouldPromoteIntoSharedHeap(Tagged<Map> map) {
1614 if (shared_string_table_) {
1615 return String::IsInPlaceInternalizableExcludingExternal(
1616 map->instance_type());
1617 }
1618 return false;
1619 }
1620
1621 inline void ExecuteMigrationObservers(AllocationSpace dest,
1622 Tagged<HeapObject> src,
1623 Tagged<HeapObject> dst, int size) {
1624 for (MigrationObserver* obs : observers_) {
1625 obs->Move(dest, src, dst, size);
1626 }
1627 }
1628
1629 inline void MigrateObject(Tagged<HeapObject> dst, Tagged<HeapObject> src,
1630 int size, AllocationSpace dest) {
1631 migration_function_(this, dst, src, size, dest);
1632 }
1633
1634 Heap* heap_;
1635 EvacuationAllocator* local_allocator_;
1636 RecordMigratedSlotVisitor* record_visitor_;
1637 std::vector<MigrationObserver*> observers_;
1638 MigrateFunction migration_function_;
1639 const bool shared_string_table_;
1640#if DEBUG
1641 Address abort_evacuation_at_address_{kNullAddress};
1642#endif // DEBUG
1643 std::optional<base::RandomNumberGenerator> rng_;
1644};
1645
1646class EvacuateNewSpaceVisitor final : public EvacuateVisitorBase {
1647 public:
1648 explicit EvacuateNewSpaceVisitor(
1649 Heap* heap, EvacuationAllocator* local_allocator,
1650 RecordMigratedSlotVisitor* record_visitor,
1651 PretenuringHandler::PretenuringFeedbackMap* local_pretenuring_feedback)
1652 : EvacuateVisitorBase(heap, local_allocator, record_visitor),
1653 promoted_size_(0),
1654 pretenuring_handler_(heap_->pretenuring_handler()),
1655 local_pretenuring_feedback_(local_pretenuring_feedback),
1656 is_incremental_marking_(heap->incremental_marking()->IsMarking()),
1657 shortcut_strings_(!heap_->IsGCWithStack() ||
1658 v8_flags.shortcut_strings_with_stack) {
1659 DCHECK_IMPLIES(is_incremental_marking_,
1660 heap->incremental_marking()->IsMajorMarking());
1661 }
1662
1663 inline bool Visit(Tagged<HeapObject> object, int size) override {
1664 if (TryEvacuateWithoutCopy(object)) return true;
1665 Tagged<HeapObject> target_object;
1666
1667 PretenuringHandler::UpdateAllocationSite(heap_, object->map(), object, size,
1668 local_pretenuring_feedback_);
1669
1670 if (!TryEvacuateObject(OLD_SPACE, object, size, &target_object)) {
1671 heap_->FatalProcessOutOfMemory(
1672 "MarkCompactCollector: young object promotion failed");
1673 }
1674
1675 promoted_size_ += size;
1676 return true;
1677 }
1678
1679 intptr_t promoted_size() { return promoted_size_; }
1680
1681 private:
1682 inline bool TryEvacuateWithoutCopy(Tagged<HeapObject> object) {
1683 DCHECK(!is_incremental_marking_);
1684
1685 if (!shortcut_strings_) return false;
1686
1687 Tagged<Map> map = object->map();
1688
1689 // Some objects can be evacuated without creating a copy.
1690 if (map->visitor_id() == kVisitThinString) {
1691 Tagged<HeapObject> actual = Cast<ThinString>(object)->unchecked_actual();
1692 if (MarkCompactCollector::IsOnEvacuationCandidate(actual)) return false;
1693 object->set_map_word_forwarded(actual, kRelaxedStore);
1694 return true;
1695 }
1696 // TODO(mlippautz): Handle ConsString.
1697
1698 return false;
1699 }
1700
1701 inline AllocationSpace AllocateTargetObject(
1702 Tagged<HeapObject> old_object, int size,
1703 Tagged<HeapObject>* target_object) {
1704 AllocationAlignment alignment =
1705 HeapObject::RequiredAlignment(old_object->map());
1706 AllocationSpace space_allocated_in = NEW_SPACE;
1707 AllocationResult allocation =
1708 local_allocator_->Allocate(NEW_SPACE, size, alignment);
1709 if (allocation.IsFailure()) {
1710 allocation = AllocateInOldSpace(size, alignment);
1711 space_allocated_in = OLD_SPACE;
1712 }
1713 bool ok = allocation.To(target_object);
1714 DCHECK(ok);
1715 USE(ok);
1716 return space_allocated_in;
1717 }
1718
1719 inline AllocationResult AllocateInOldSpace(int size_in_bytes,
1720 AllocationAlignment alignment) {
1721 AllocationResult allocation =
1722 local_allocator_->Allocate(OLD_SPACE, size_in_bytes, alignment);
1723 if (allocation.IsFailure()) {
1724 heap_->FatalProcessOutOfMemory(
1725 "MarkCompactCollector: semi-space copy, fallback in old gen");
1726 }
1727 return allocation;
1728 }
1729
1730 intptr_t promoted_size_;
1731 PretenuringHandler* const pretenuring_handler_;
1732 PretenuringHandler::PretenuringFeedbackMap* local_pretenuring_feedback_;
1733 bool is_incremental_marking_;
1734 const bool shortcut_strings_;
1735};
1736
1737class EvacuateNewToOldSpacePageVisitor final : public HeapObjectVisitor {
1738 public:
1739 explicit EvacuateNewToOldSpacePageVisitor(
1740 Heap* heap, RecordMigratedSlotVisitor* record_visitor,
1741 PretenuringHandler::PretenuringFeedbackMap* local_pretenuring_feedback)
1742 : heap_(heap),
1743 record_visitor_(record_visitor),
1744 moved_bytes_(0),
1745 pretenuring_handler_(heap_->pretenuring_handler()),
1746 local_pretenuring_feedback_(local_pretenuring_feedback) {}
1747
1748 static void Move(PageMetadata* page) {
1749 page->heap()->new_space()->PromotePageToOldSpace(
1750 page, v8_flags.minor_ms ? FreeMode::kDoNotLinkCategory
1751 : FreeMode::kLinkCategory);
1752 }
1753
1754 inline bool Visit(Tagged<HeapObject> object, int size) override {
1755 PretenuringHandler::UpdateAllocationSite(heap_, object->map(), object, size,
1756 local_pretenuring_feedback_);
1757 DCHECK(!HeapLayout::InCodeSpace(object));
1758 record_visitor_->Visit(object->map(), object, size);
1759 return true;
1760 }
1761
1762 intptr_t moved_bytes() { return moved_bytes_; }
1763 void account_moved_bytes(intptr_t bytes) { moved_bytes_ += bytes; }
1764
1765 private:
1766 Heap* heap_;
1767 RecordMigratedSlotVisitor* record_visitor_;
1768 intptr_t moved_bytes_;
1769 PretenuringHandler* const pretenuring_handler_;
1770 PretenuringHandler::PretenuringFeedbackMap* local_pretenuring_feedback_;
1771};
1772
1773class EvacuateOldSpaceVisitor final : public EvacuateVisitorBase {
1774 public:
1775 EvacuateOldSpaceVisitor(Heap* heap, EvacuationAllocator* local_allocator,
1776 RecordMigratedSlotVisitor* record_visitor)
1777 : EvacuateVisitorBase(heap, local_allocator, record_visitor) {}
1778
1779 inline bool Visit(Tagged<HeapObject> object, int size) override {
1780 Tagged<HeapObject> target_object;
1781 if (TryEvacuateObject(
1782 PageMetadata::FromHeapObject(object)->owner_identity(), object,
1783 size, &target_object)) {
1784 DCHECK(object->map_word(heap_->isolate(), kRelaxedLoad)
1785 .IsForwardingAddress());
1786 return true;
1787 }
1788 return false;
1789 }
1790};
1791
1792class EvacuateRecordOnlyVisitor final : public HeapObjectVisitor {
1793 public:
1794 explicit EvacuateRecordOnlyVisitor(Heap* heap)
1795 : heap_(heap), cage_base_(heap->isolate()) {}
1796
1797 bool Visit(Tagged<HeapObject> object, int size) override {
1798 RecordMigratedSlotVisitor visitor(heap_);
1799 Tagged<Map> map = object->map(cage_base_);
1800 // Instead of calling object.IterateFast(cage_base(), &visitor) here
1801 // we can shortcut and use the precomputed size value passed to the visitor.
1802 DCHECK_EQ(object->SizeFromMap(map), size);
1803 live_object_size_ += ALIGN_TO_ALLOCATION_ALIGNMENT(size);
1804 visitor.Visit(map, object, size);
1805 return true;
1806 }
1807
1808 size_t live_object_size() const { return live_object_size_; }
1809
1810 private:
1811 Heap* heap_;
1812 const PtrComprCageBase cage_base_;
1813 size_t live_object_size_ = 0;
1814};
1815
1816// static
1817bool MarkCompactCollector::IsUnmarkedHeapObject(Heap* heap, FullObjectSlot p) {
1818 Tagged<Object> o = *p;
1819 if (!IsHeapObject(o)) return false;
1820 Tagged<HeapObject> heap_object = Cast<HeapObject>(o);
1821 return MarkingHelper::IsUnmarkedAndNotAlwaysLive(
1822 heap, heap->non_atomic_marking_state(), heap_object);
1823}
1824
1825// static
1826bool MarkCompactCollector::IsUnmarkedSharedHeapObject(Heap* client_heap,
1827 FullObjectSlot p) {
1828 Tagged<Object> o = *p;
1829 if (!IsHeapObject(o)) return false;
1830 Tagged<HeapObject> heap_object = Cast<HeapObject>(o);
1831 Heap* shared_space_heap =
1832 client_heap->isolate()->shared_space_isolate()->heap();
1833 if (!HeapLayout::InWritableSharedSpace(heap_object)) return false;
1834 return MarkingHelper::IsUnmarkedAndNotAlwaysLive(
1835 shared_space_heap, shared_space_heap->non_atomic_marking_state(),
1836 heap_object);
1837}
1838
1839void MarkCompactCollector::MarkRoots(RootVisitor* root_visitor) {
1840 Isolate* const isolate = heap_->isolate();
1841
1842 // Mark the heap roots including global variables, stack variables,
1843 // etc., and all objects reachable from them.
1844 heap_->IterateRoots(
1845 root_visitor,
1846 base::EnumSet<SkipRoot>{SkipRoot::kWeak, SkipRoot::kTracedHandles,
1847 SkipRoot::kConservativeStack,
1848 SkipRoot::kReadOnlyBuiltins});
1849
1850 // Custom marking for top optimized frame.
1851 CustomRootBodyMarkingVisitor custom_root_body_visitor(this);
1852 ProcessTopOptimizedFrame(&custom_root_body_visitor, isolate);
1853
1854 if (isolate->is_shared_space_isolate()) {
1855 ClientRootVisitor<> client_root_visitor(root_visitor);
1856 ClientObjectVisitor<> client_custom_root_body_visitor(
1857 &custom_root_body_visitor);
1858
1859 isolate->global_safepoint()->IterateClientIsolates(
1860 [this, &client_root_visitor,
1861 &client_custom_root_body_visitor](Isolate* client) {
1862 client->heap()->IterateRoots(
1863 &client_root_visitor,
1864 base::EnumSet<SkipRoot>{SkipRoot::kWeak,
1865 SkipRoot::kConservativeStack,
1866 SkipRoot::kReadOnlyBuiltins});
1867 ProcessTopOptimizedFrame(&client_custom_root_body_visitor, client);
1868 });
1869 }
1870}
1871
1872void MarkCompactCollector::MarkRootsFromConservativeStack(
1873 RootVisitor* root_visitor) {
1874 TRACE_GC(heap_->tracer(), GCTracer::Scope::CONSERVATIVE_STACK_SCANNING);
1875 heap_->IterateConservativeStackRoots(root_visitor,
1876 Heap::IterateRootsMode::kMainIsolate);
1877
1878 Isolate* const isolate = heap_->isolate();
1879 if (isolate->is_shared_space_isolate()) {
1880 ClientRootVisitor<> client_root_visitor(root_visitor);
1881 // For client isolates, use the stack marker to conservatively scan the
1882 // stack.
1883 isolate->global_safepoint()->IterateClientIsolates(
1884 [v = &client_root_visitor](Isolate* client) {
1885 client->heap()->IterateConservativeStackRoots(
1886 v, Heap::IterateRootsMode::kClientIsolate);
1887 });
1888 }
1889}
1890
1891void MarkCompactCollector::MarkObjectsFromClientHeaps() {
1892 Isolate* const isolate = heap_->isolate();
1893 if (!isolate->is_shared_space_isolate()) return;
1894
1895 isolate->global_safepoint()->IterateClientIsolates(
1896 [collector = this](Isolate* client) {
1897 collector->MarkObjectsFromClientHeap(client);
1898 });
1899}
1900
1901void MarkCompactCollector::MarkObjectsFromClientHeap(Isolate* client) {
1902 // There is no OLD_TO_SHARED remembered set for the young generation. We
1903 // therefore need to iterate each object and check whether it points into the
1904 // shared heap. As an optimization and to avoid a second heap iteration in the
1905 // "update pointers" phase, all pointers into the shared heap are recorded in
1906 // the OLD_TO_SHARED remembered set as well.
1907 SharedHeapObjectVisitor visitor(this);
1908
1909 PtrComprCageBase cage_base(client);
1910 Heap* client_heap = client->heap();
1911
1912 // Finish sweeping quarantined pages for Scavenger's new space in order to
1913 // iterate objects in it.
1914 client_heap->EnsureQuarantinedPagesSweepingCompleted();
1915 // Finish sweeping for new space in order to iterate objects in it.
1916 client_heap->sweeper()->FinishMinorJobs();
1917 // Finish sweeping for old generation in order to iterate OLD_TO_SHARED.
1918 client_heap->sweeper()->FinishMajorJobs();
1919
1920 if (auto* new_space = client_heap->new_space()) {
1921 DCHECK(!client_heap->allocator()->new_space_allocator()->IsLabValid());
1922 for (PageMetadata* page : *new_space) {
1923 for (Tagged<HeapObject> obj : HeapObjectRange(page)) {
1924 visitor.Visit(obj);
1925 }
1926 }
1927 }
1928
1929 if (client_heap->new_lo_space()) {
1930 std::unique_ptr<ObjectIterator> iterator =
1931 client_heap->new_lo_space()->GetObjectIterator(client_heap);
1932 for (Tagged<HeapObject> obj = iterator->Next(); !obj.is_null();
1933 obj = iterator->Next()) {
1934 visitor.Visit(obj);
1935 }
1936 }
1937
1938 // In the old generation we can simply use the OLD_TO_SHARED remembered set to
1939 // find all incoming pointers into the shared heap.
1940 OldGenerationMemoryChunkIterator chunk_iterator(client_heap);
1941
1942 // Tracking OLD_TO_SHARED requires the write barrier.
1943 DCHECK(!v8_flags.disable_write_barriers);
1944
1945 for (MutablePageMetadata* chunk = chunk_iterator.next(); chunk;
1946 chunk = chunk_iterator.next()) {
1947 const auto slot_count = RememberedSet<OLD_TO_SHARED>::Iterate(
1948 chunk,
1949 [collector = this, cage_base](MaybeObjectSlot slot) {
1950 Tagged<MaybeObject> obj = slot.Relaxed_Load(cage_base);
1951 Tagged<HeapObject> heap_object;
1952
1953 if (obj.GetHeapObject(&heap_object) &&
1954 HeapLayout::InWritableSharedSpace(heap_object)) {
1955 // If the object points to the black allocated shared page, don't
1956 // mark the object, but still keep the slot.
1957 if (MarkingHelper::ShouldMarkObject(collector->heap(),
1958 heap_object)) {
1959 collector->MarkRootObject(
1960 Root::kClientHeap, heap_object,
1961 MarkingHelper::WorklistTarget::kRegular);
1962 }
1963 return KEEP_SLOT;
1964 } else {
1965 return REMOVE_SLOT;
1966 }
1967 },
1968 SlotSet::FREE_EMPTY_BUCKETS);
1969 if (slot_count == 0) {
1970 chunk->ReleaseSlotSet(OLD_TO_SHARED);
1971 }
1972
1973 const auto typed_slot_count = RememberedSet<OLD_TO_SHARED>::IterateTyped(
1974 chunk,
1975 [collector = this, client_heap](SlotType slot_type, Address slot) {
1976 Tagged<HeapObject> heap_object =
1977 UpdateTypedSlotHelper::GetTargetObject(client_heap, slot_type,
1978 slot);
1979 if (HeapLayout::InWritableSharedSpace(heap_object)) {
1980 // If the object points to the black allocated shared page, don't
1981 // mark the object, but still keep the slot.
1982 if (MarkingHelper::ShouldMarkObject(collector->heap(),
1983 heap_object)) {
1984 collector->MarkRootObject(
1985 Root::kClientHeap, heap_object,
1986 MarkingHelper::WorklistTarget::kRegular);
1987 }
1988 return KEEP_SLOT;
1989 } else {
1990 return REMOVE_SLOT;
1991 }
1992 });
1993 if (typed_slot_count == 0) {
1994 chunk->ReleaseTypedSlotSet(OLD_TO_SHARED);
1995 }
1996
1997 const auto protected_slot_count =
1998 RememberedSet<TRUSTED_TO_SHARED_TRUSTED>::Iterate(
1999 chunk,
2000 [collector = this](MaybeObjectSlot slot) {
2001 ProtectedPointerSlot protected_slot(slot.address());
2002 Tagged<MaybeObject> obj = protected_slot.Relaxed_Load();
2003 Tagged<HeapObject> heap_object;
2004
2005 if (obj.GetHeapObject(&heap_object) &&
2006 HeapLayout::InWritableSharedSpace(heap_object)) {
2007 // If the object points to the black allocated shared page,
2008 // don't mark the object, but still keep the slot.
2009 if (MarkingHelper::ShouldMarkObject(collector->heap(),
2010 heap_object)) {
2011 collector->MarkRootObject(
2012 Root::kClientHeap, heap_object,
2013 MarkingHelper::WorklistTarget::kRegular);
2014 }
2015 return KEEP_SLOT;
2016 } else {
2017 return REMOVE_SLOT;
2018 }
2019 },
2020 SlotSet::FREE_EMPTY_BUCKETS);
2021 if (protected_slot_count == 0) {
2022 chunk->ReleaseSlotSet(TRUSTED_TO_SHARED_TRUSTED);
2023 }
2024 }
2025
2026#ifdef V8_ENABLE_SANDBOX
2027 DCHECK(IsSharedExternalPointerType(kExternalStringResourceTag));
2028 DCHECK(IsSharedExternalPointerType(kExternalStringResourceDataTag));
2029 // All ExternalString resources are stored in the shared external pointer
2030 // table. Mark entries from client heaps.
2031 ExternalPointerTable& shared_table = client->shared_external_pointer_table();
2032 ExternalPointerTable::Space* shared_space =
2033 client->shared_external_pointer_space();
2034 MarkExternalPointerFromExternalStringTable external_string_visitor(
2035 &shared_table, shared_space);
2036 client_heap->external_string_table_.IterateAll(&external_string_visitor);
2037#endif // V8_ENABLE_SANDBOX
2038}
2039
2040bool MarkCompactCollector::MarkTransitiveClosureUntilFixpoint() {
2041 int iterations = 0;
2042 int max_iterations = v8_flags.ephemeron_fixpoint_iterations;
2043
2044 bool another_ephemeron_iteration_main_thread;
2045
2046 do {
2047 if (iterations >= max_iterations) {
2048 // Give up fixpoint iteration and switch to linear algorithm.
2049 return false;
2050 }
2051
2052 PerformWrapperTracing();
2053
2054 // Move ephemerons from next_ephemerons into current_ephemerons to
2055 // drain them in this iteration.
2056 DCHECK(
2057 local_weak_objects()->current_ephemerons_local.IsLocalAndGlobalEmpty());
2058 weak_objects_.current_ephemerons.Merge(weak_objects_.next_ephemerons);
2059 heap_->concurrent_marking()->set_another_ephemeron_iteration(false);
2060
2061 {
2062 TRACE_GC(heap_->tracer(),
2063 GCTracer::Scope::MC_MARK_WEAK_CLOSURE_EPHEMERON_MARKING);
2064 another_ephemeron_iteration_main_thread = ProcessEphemerons();
2065 }
2066
2067 // Can only check for local emptiness here as parallel marking tasks may
2068 // still be running. The caller performs the CHECKs for global emptiness.
2069 CHECK(local_weak_objects()->current_ephemerons_local.IsLocalEmpty());
2070 CHECK(local_weak_objects()->next_ephemerons_local.IsLocalEmpty());
2071
2072 ++iterations;
2073 } while (another_ephemeron_iteration_main_thread ||
2074 heap_->concurrent_marking()->another_ephemeron_iteration() ||
2075 !local_marking_worklists_->IsEmpty() ||
2076 !IsCppHeapMarkingFinished(heap_, local_marking_worklists_.get()));
2077
2078 return true;
2079}
2080
2081bool MarkCompactCollector::ProcessEphemerons() {
2082 Ephemeron ephemeron;
2083 bool another_ephemeron_iteration = false;
2084
2085 // Drain current_ephemerons and push ephemerons where key and value are still
2086 // unreachable into next_ephemerons.
2087 while (local_weak_objects()->current_ephemerons_local.Pop(&ephemeron)) {
2088 if (ProcessEphemeron(ephemeron.key, ephemeron.value)) {
2089 another_ephemeron_iteration = true;
2090 }
2091 }
2092
2093 // Drain marking worklist and push discovered ephemerons into
2094 // next_ephemerons.
2095 size_t objects_processed;
2096 std::tie(std::ignore, objects_processed) =
2097 ProcessMarkingWorklist(v8::base::TimeDelta::Max(), SIZE_MAX);
2098
2099 // As soon as a single object was processed and potentially marked another
2100 // object we need another iteration. Otherwise we might miss to apply
2101 // ephemeron semantics on it.
2102 if (objects_processed > 0) another_ephemeron_iteration = true;
2103
2104 // Flush local ephemerons for main task to global pool.
2105 local_weak_objects()->ephemeron_hash_tables_local.Publish();
2106 local_weak_objects()->next_ephemerons_local.Publish();
2107
2108 return another_ephemeron_iteration;
2109}
2110
2111void MarkCompactCollector::MarkTransitiveClosureLinear() {
2112 TRACE_GC(heap_->tracer(),
2113 GCTracer::Scope::MC_MARK_WEAK_CLOSURE_EPHEMERON_LINEAR);
2114 // This phase doesn't support parallel marking.
2115 DCHECK(heap_->concurrent_marking()->IsStopped());
2116 DCHECK(key_to_values_.empty());
2117 DCHECK(
2118 local_weak_objects()->current_ephemerons_local.IsLocalAndGlobalEmpty());
2119
2120 // Update visitor to directly add new ephemerons to key_to_values_.
2121 marking_visitor_->SetKeyToValues(&key_to_values_);
2122
2123 Ephemeron ephemeron;
2124 while (local_weak_objects()->next_ephemerons_local.Pop(&ephemeron)) {
2125 if (ApplyEphemeronSemantics(ephemeron.key, ephemeron.value) ==
2126 EphemeronResult::kUnresolved) {
2127 auto it = key_to_values_.try_emplace(ephemeron.key).first;
2128 it->second.push_back(ephemeron.value);
2129 }
2130 }
2131
2132 bool work_to_do;
2133
2134 do {
2135 PerformWrapperTracing();
2136
2137 {
2138 TRACE_GC(heap_->tracer(),
2139 GCTracer::Scope::MC_MARK_WEAK_CLOSURE_EPHEMERON_MARKING);
2140 // Drain marking worklist but:
2141 // (1) push all new ephemerons directly into key_to_values_.
2142 // (2) look up all traced objects in key_to_values_.
2143 ProcessMarkingWorklist<
2144 MarkingWorklistProcessingMode::kProcessRememberedEphemerons>(
2145 v8::base::TimeDelta::Max(), SIZE_MAX);
2146 }
2147
2148 // Do NOT drain marking worklist here, otherwise the current checks
2149 // for work_to_do are not sufficient for determining if another iteration
2150 // is necessary.
2151
2152 work_to_do =
2153 !local_marking_worklists_->IsEmpty() ||
2154 !IsCppHeapMarkingFinished(heap_, local_marking_worklists_.get());
2155 CHECK(local_weak_objects()->next_ephemerons_local.IsLocalAndGlobalEmpty());
2156 } while (work_to_do);
2157
2158 CHECK(local_marking_worklists_->IsEmpty());
2159
2160 CHECK(weak_objects_.current_ephemerons.IsEmpty());
2161 CHECK(weak_objects_.next_ephemerons.IsEmpty());
2162
2163 // Flush local ephemerons for main task to global pool.
2164 local_weak_objects()->ephemeron_hash_tables_local.Publish();
2165 local_weak_objects()->next_ephemerons_local.Publish();
2166}
2167
2168void MarkCompactCollector::PerformWrapperTracing() {
2169 auto* cpp_heap = CppHeap::From(heap_->cpp_heap_);
2170 if (!cpp_heap) return;
2171
2172 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_MARK_EMBEDDER_TRACING);
2173 cpp_heap->AdvanceMarking(v8::base::TimeDelta::Max(), SIZE_MAX);
2174}
2175
2176namespace {
2177
2178constexpr size_t kDeadlineCheckInterval = 128u;
2179
2180} // namespace
2181
2182template <MarkCompactCollector::MarkingWorklistProcessingMode mode>
2183std::pair<size_t, size_t> MarkCompactCollector::ProcessMarkingWorklist(
2184 v8::base::TimeDelta max_duration, size_t max_bytes_to_process) {
2185 Tagged<HeapObject> object;
2186 size_t bytes_processed = 0;
2187 size_t objects_processed = 0;
2188 bool is_per_context_mode = local_marking_worklists_->IsPerContextMode();
2189 Isolate* const isolate = heap_->isolate();
2190 const auto start = v8::base::TimeTicks::Now();
2191 PtrComprCageBase cage_base(isolate);
2192
2193 if (parallel_marking_ && UseBackgroundThreadsInCycle()) {
2194 heap_->concurrent_marking()->RescheduleJobIfNeeded(
2195 GarbageCollector::MARK_COMPACTOR, TaskPriority::kUserBlocking);
2196 }
2197
2198 while (local_marking_worklists_->Pop(&object) ||
2199 local_marking_worklists_->PopOnHold(&object)) {
2200 // The marking worklist should never contain filler objects.
2201 CHECK(!IsFreeSpaceOrFiller(object, cage_base));
2202 DCHECK(IsHeapObject(object));
2203 DCHECK(!HeapLayout::InReadOnlySpace(object));
2204 DCHECK_EQ(HeapUtils::GetOwnerHeap(object), heap_);
2205 DCHECK(heap_->Contains(object));
2206 DCHECK(!(marking_state_->IsUnmarked(object)));
2207
2208 if constexpr (mode ==
2209 MarkingWorklistProcessingMode::kProcessRememberedEphemerons) {
2210 auto it = key_to_values_.find(object);
2211 if (it != key_to_values_.end()) {
2212 for (Tagged<HeapObject> value : it->second) {
2213 const auto target_worklist =
2214 MarkingHelper::ShouldMarkObject(heap_, value);
2215 if (target_worklist) {
2216 MarkObject(object, value, target_worklist.value());
2217 }
2218 }
2219 key_to_values_.erase(it);
2220 }
2221 }
2222
2223 Tagged<Map> map = object->map(cage_base);
2224 if (is_per_context_mode) {
2225 Address context;
2226 if (native_context_inferrer_.Infer(cage_base, map, object, &context)) {
2227 local_marking_worklists_->SwitchToContext(context);
2228 }
2229 }
2230 const auto visited_size = marking_visitor_->Visit(map, object);
2231 if (visited_size) {
2232 MutablePageMetadata::FromHeapObject(object)->IncrementLiveBytesAtomically(
2233 ALIGN_TO_ALLOCATION_ALIGNMENT(visited_size));
2234 }
2235 if (is_per_context_mode) {
2236 native_context_stats_.IncrementSize(local_marking_worklists_->Context(),
2237 map, object, visited_size);
2238 }
2239 bytes_processed += visited_size;
2240 objects_processed++;
2241 static_assert(base::bits::IsPowerOfTwo(kDeadlineCheckInterval),
2242 "kDeadlineCheckInterval must be power of 2");
2243 // The below check is an optimized version of
2244 // `(objects_processed % kDeadlineCheckInterval) == 0`
2245 if ((objects_processed & (kDeadlineCheckInterval -1)) == 0 &&
2246 ((v8::base::TimeTicks::Now() - start) > max_duration)) {
2247 break;
2248 }
2249 if (bytes_processed >= max_bytes_to_process) {
2250 break;
2251 }
2252 }
2253 return std::make_pair(bytes_processed, objects_processed);
2254}
2255
2256bool MarkCompactCollector::ProcessEphemeron(Tagged<HeapObject> key,
2257 Tagged<HeapObject> value) {
2258 EphemeronResult result = ApplyEphemeronSemantics(key, value);
2259
2260 if (result == EphemeronResult::kUnresolved) {
2261 local_weak_objects()->next_ephemerons_local.Push(Ephemeron{key, value});
2262 return true;
2263 }
2264
2265 return result == EphemeronResult::kMarkedValue;
2266}
2267
2268MarkCompactCollector::EphemeronResult
2269MarkCompactCollector::ApplyEphemeronSemantics(Tagged<HeapObject> key,
2270 Tagged<HeapObject> value) {
2271 // Objects in the shared heap are prohibited from being used as keys in
2272 // WeakMaps and WeakSets and therefore cannot be ephemeron keys, because that
2273 // would enable thread local -> shared heap edges.
2274 DCHECK(!HeapLayout::InWritableSharedSpace(key));
2275 // Usually values that should not be marked are not added to the ephemeron
2276 // worklist. However, minor collection during incremental marking may promote
2277 // strings from the younger generation into the shared heap. This
2278 // ShouldMarkObject call catches those cases.
2279 const auto target_worklist = MarkingHelper::ShouldMarkObject(heap_, value);
2280 if (!target_worklist) {
2281 // The value doesn't need to be marked in this GC, so no need to track
2282 // ephemeron further.
2283 return EphemeronResult::kResolved;
2284 }
2285
2286 if (MarkingHelper::IsMarkedOrAlwaysLive(heap_, marking_state_, key)) {
2287 if (MarkingHelper::TryMarkAndPush(heap_, local_marking_worklists_.get(),
2288 marking_state_, target_worklist.value(),
2289 value)) {
2290 return EphemeronResult::kMarkedValue;
2291 } else {
2292 return EphemeronResult::kResolved;
2293 }
2294 } else {
2295 if (marking_state_->IsMarked(value)) {
2296 return EphemeronResult::kResolved;
2297 } else {
2298 return EphemeronResult::kUnresolved;
2299 }
2300 }
2301}
2302
2303void MarkCompactCollector::VerifyEphemeronMarking() {
2304#ifdef VERIFY_HEAP
2305 if (v8_flags.verify_heap) {
2306 Ephemeron ephemeron;
2307
2308 // In the fixpoint iteration all unresolved ephemerons are in
2309 // `next_ephemerons_`.
2310 CHECK(
2311 local_weak_objects()->current_ephemerons_local.IsLocalAndGlobalEmpty());
2312 weak_objects_.current_ephemerons.Merge(weak_objects_.next_ephemerons);
2313 while (local_weak_objects()->current_ephemerons_local.Pop(&ephemeron)) {
2314 CHECK_NE(ApplyEphemeronSemantics(ephemeron.key, ephemeron.value),
2315 EphemeronResult::kMarkedValue);
2316 }
2317
2318 // In the linear-time algorithm ephemerons are kept in `key_to_values_`.
2319 for (auto& [key, values] : key_to_values_) {
2320 for (auto value : values) {
2321 CHECK_NE(ApplyEphemeronSemantics(key, value),
2322 EphemeronResult::kMarkedValue);
2323 }
2324 }
2325 }
2326#endif // VERIFY_HEAP
2327}
2328
2329void MarkCompactCollector::MarkTransitiveClosure() {
2330 // Incremental marking might leave ephemerons in main task's local
2331 // buffer, flush it into global pool.
2332 local_weak_objects()->next_ephemerons_local.Publish();
2333
2334 if (!MarkTransitiveClosureUntilFixpoint()) {
2335 // Fixpoint iteration needed too many iterations and was cancelled. Use the
2336 // guaranteed linear algorithm. But only in the final single-thread marking
2337 // phase.
2338 if (!parallel_marking_) MarkTransitiveClosureLinear();
2339 }
2340}
2341
2342void MarkCompactCollector::ProcessTopOptimizedFrame(ObjectVisitor* visitor,
2343 Isolate* isolate) {
2344 for (StackFrameIterator it(isolate, isolate->thread_local_top()); !it.done();
2345 it.Advance()) {
2346 if (it.frame()->is_unoptimized_js()) return;
2347 if (it.frame()->is_optimized_js()) {
2348 Tagged<GcSafeCode> lookup_result = it.frame()->GcSafeLookupCode();
2349 if (!lookup_result->has_instruction_stream()) return;
2350 if (!lookup_result->CanDeoptAt(isolate,
2351 it.frame()->maybe_unauthenticated_pc())) {
2352 Tagged<InstructionStream> istream = UncheckedCast<InstructionStream>(
2353 lookup_result->raw_instruction_stream());
2354 PtrComprCageBase cage_base(isolate);
2355 InstructionStream::BodyDescriptor::IterateBody(istream->map(cage_base),
2356 istream, visitor);
2357 }
2358 return;
2359 }
2360 }
2361}
2362
2363void MarkCompactCollector::RecordObjectStats() {
2364 if (V8_LIKELY(!TracingFlags::is_gc_stats_enabled())) return;
2365 // Cannot run during bootstrapping due to incomplete objects.
2366 if (heap_->isolate()->bootstrapper()->IsActive()) return;
2367 TRACE_EVENT0(TRACE_GC_CATEGORIES, "V8.GC_OBJECT_DUMP_STATISTICS");
2368 heap_->CreateObjectStats();
2369 ObjectStatsCollector collector(heap_, heap_->live_object_stats_.get(),
2370 heap_->dead_object_stats_.get());
2371 collector.Collect();
2372 if (V8_UNLIKELY(TracingFlags::gc_stats.load(std::memory_order_relaxed) &
2373 v8::tracing::TracingCategoryObserver::ENABLED_BY_TRACING)) {
2374 std::stringstream live, dead;
2375 heap_->live_object_stats_->Dump(live);
2376 heap_->dead_object_stats_->Dump(dead);
2377 TRACE_EVENT_INSTANT2(TRACE_DISABLED_BY_DEFAULT("v8.gc_stats"),
2378 "V8.GC_Objects_Stats", TRACE_EVENT_SCOPE_THREAD,
2379 "live", TRACE_STR_COPY(live.str().c_str()), "dead",
2380 TRACE_STR_COPY(dead.str().c_str()));
2381 }
2382 if (v8_flags.trace_gc_object_stats) {
2383 heap_->live_object_stats_->PrintJSON("live");
2384 heap_->dead_object_stats_->PrintJSON("dead");
2385 }
2386 heap_->live_object_stats_->CheckpointObjectStats();
2387 heap_->dead_object_stats_->ClearObjectStats();
2388}
2389
2390namespace {
2391
2392bool ShouldRetainMap(Heap* heap, MarkingState* marking_state, Tagged<Map> map,
2393 int age) {
2394 if (age == 0) {
2395 // The map has aged. Do not retain this map.
2396 return false;
2397 }
2398 Tagged<Object> constructor = map->GetConstructor();
2399 if (!IsHeapObject(constructor) ||
2400 MarkingHelper::IsUnmarkedAndNotAlwaysLive(
2401 heap, marking_state, Cast<HeapObject>(constructor))) {
2402 // The constructor is dead, no new objects with this map can
2403 // be created. Do not retain this map.
2404 return false;
2405 }
2406 return true;
2407}
2408
2409} // namespace
2410
2411void MarkCompactCollector::RetainMaps() {
2412 // Retaining maps increases the chances of reusing map transitions at some
2413 // memory cost, hence disable it when trying to reduce memory footprint more
2414 // aggressively.
2415 const bool should_retain_maps =
2416 !heap_->ShouldReduceMemory() && v8_flags.retain_maps_for_n_gc != 0;
2417
2418 for (Tagged<WeakArrayList> retained_maps : heap_->FindAllRetainedMaps()) {
2419 DCHECK_EQ(0, retained_maps->length() % 2);
2420 for (int i = 0; i < retained_maps->length(); i += 2) {
2421 Tagged<MaybeObject> value = retained_maps->Get(i);
2422 Tagged<HeapObject> map_heap_object;
2423 if (!value.GetHeapObjectIfWeak(&map_heap_object)) {
2424 continue;
2425 }
2426 int age = retained_maps->Get(i + 1).ToSmi().value();
2427 int new_age;
2428 Tagged<Map> map = Cast<Map>(map_heap_object);
2429 if (should_retain_maps && MarkingHelper::IsUnmarkedAndNotAlwaysLive(
2430 heap_, marking_state_, map)) {
2431 if (ShouldRetainMap(heap_, marking_state_, map, age)) {
2432 if (MarkingHelper::ShouldMarkObject(heap_, map)) {
2433 MarkingHelper::TryMarkAndPush(
2434 heap_, local_marking_worklists_.get(), marking_state_,
2435 MarkingHelper::WorklistTarget::kRegular, map);
2436 }
2437 }
2438 Tagged<Object> prototype = map->prototype();
2439 if (age > 0 && IsHeapObject(prototype) &&
2440 MarkingHelper::IsUnmarkedAndNotAlwaysLive(
2441 heap_, marking_state_, Cast<HeapObject>(prototype))) {
2442 // The prototype is not marked, age the map.
2443 new_age = age - 1;
2444 } else {
2445 // The prototype and the constructor are marked, this map keeps only
2446 // transition tree alive, not JSObjects. Do not age the map.
2447 new_age = age;
2448 }
2449 } else {
2450 new_age = v8_flags.retain_maps_for_n_gc;
2451 }
2452 // Compact the array and update the age.
2453 if (new_age != age) {
2454 retained_maps->Set(i + 1, Smi::FromInt(new_age));
2455 }
2456 }
2457 }
2458}
2459
2460void MarkCompactCollector::MarkLiveObjects() {
2461 TRACE_GC_ARG1(heap_->tracer(), GCTracer::Scope::MC_MARK,
2462 "UseBackgroundThreads", UseBackgroundThreadsInCycle());
2463
2464 const bool was_marked_incrementally =
2465 !heap_->incremental_marking()->IsStopped();
2466 if (was_marked_incrementally) {
2467 auto* incremental_marking = heap_->incremental_marking();
2468 TRACE_GC_WITH_FLOW(
2469 heap_->tracer(), GCTracer::Scope::MC_MARK_FINISH_INCREMENTAL,
2470 incremental_marking->current_trace_id(), TRACE_EVENT_FLAG_FLOW_IN);
2471 DCHECK(incremental_marking->IsMajorMarking());
2472 incremental_marking->Stop();
2473 MarkingBarrier::PublishAll(heap_);
2474 }
2475
2476#ifdef DEBUG
2477 DCHECK(state_ == PREPARE_GC);
2478 state_ = MARK_LIVE_OBJECTS;
2479#endif
2480
2481 if (heap_->cpp_heap_) {
2482 CppHeap::From(heap_->cpp_heap_)
2483 ->EnterFinalPause(heap_->embedder_stack_state_);
2484 }
2485
2486 RootMarkingVisitor root_visitor(this);
2487
2488 {
2489 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_MARK_ROOTS);
2490 MarkRoots(&root_visitor);
2491 }
2492
2493 {
2494 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_MARK_CLIENT_HEAPS);
2495 MarkObjectsFromClientHeaps();
2496 }
2497
2498 {
2499 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_MARK_RETAIN_MAPS);
2500 RetainMaps();
2501 }
2502
2503 if (v8_flags.parallel_marking && UseBackgroundThreadsInCycle()) {
2504 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_MARK_FULL_CLOSURE_PARALLEL);
2505 parallel_marking_ = true;
2506 heap_->concurrent_marking()->RescheduleJobIfNeeded(
2507 GarbageCollector::MARK_COMPACTOR, TaskPriority::kUserBlocking);
2508 MarkTransitiveClosure();
2509 {
2510 TRACE_GC(heap_->tracer(),
2511 GCTracer::Scope::MC_MARK_FULL_CLOSURE_PARALLEL_JOIN);
2512 FinishConcurrentMarking();
2513 }
2514 parallel_marking_ = false;
2515 }
2516
2517 {
2518 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_MARK_ROOTS);
2519 MarkRootsFromConservativeStack(&root_visitor);
2520 }
2521
2522 {
2523 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_MARK_FULL_CLOSURE_SERIAL);
2524 // Complete the transitive closure single-threaded to avoid races with
2525 // multiple threads when processing weak maps and embedder heaps.
2526 CHECK(heap_->concurrent_marking()->IsStopped());
2527 if (auto* cpp_heap = CppHeap::From(heap_->cpp_heap())) {
2528 // Lock the process-global mutex here and mark cross-thread roots again.
2529 // This is done as late as possible to keep locking durations short.
2530 cpp_heap->EnterProcessGlobalAtomicPause();
2531 }
2532 MarkTransitiveClosure();
2533 CHECK(local_marking_worklists_->IsEmpty());
2534 CHECK(
2535 local_weak_objects()->current_ephemerons_local.IsLocalAndGlobalEmpty());
2536 CHECK(IsCppHeapMarkingFinished(heap_, local_marking_worklists_.get()));
2537 VerifyEphemeronMarking();
2538 }
2539
2540 if (was_marked_incrementally) {
2541 // Disable the marking barrier after concurrent/parallel marking has
2542 // finished as it will reset page flags that share the same bitmap as
2543 // the evacuation candidate bit.
2544 MarkingBarrier::DeactivateAll(heap_);
2545 heap_->isolate()->traced_handles()->SetIsMarking(false);
2546 }
2547
2548 epoch_++;
2549}
2550
2551namespace {
2552
2553class ParallelClearingJob final : public v8::JobTask {
2554 public:
2555 class ClearingItem {
2556 public:
2557 virtual ~ClearingItem() = default;
2558 virtual void Run(JobDelegate* delegate) = 0;
2559 };
2560
2561 explicit ParallelClearingJob(MarkCompactCollector* collector)
2562 : collector_(collector) {}
2563 ~ParallelClearingJob() override = default;
2564 ParallelClearingJob(const ParallelClearingJob&) = delete;
2565 ParallelClearingJob& operator=(const ParallelClearingJob&) = delete;
2566
2567 // v8::JobTask overrides.
2568 void Run(JobDelegate* delegate) override {
2569 std::unique_ptr<ClearingItem> item;
2570 {
2571 base::MutexGuard guard(&items_mutex_);
2572 item = std::move(items_.back());
2573 items_.pop_back();
2574 }
2575 item->Run(delegate);
2576 }
2577
2578 size_t GetMaxConcurrency(size_t worker_count) const override {
2579 base::MutexGuard guard(&items_mutex_);
2580 if (!v8_flags.parallel_weak_ref_clearing ||
2581 !collector_->UseBackgroundThreadsInCycle()) {
2582 return std::min<size_t>(items_.size(), 1);
2583 }
2584 return items_.size();
2585 }
2586
2587 void Add(std::unique_ptr<ClearingItem> item) {
2588 items_.push_back(std::move(item));
2589 }
2590
2591 private:
2592 MarkCompactCollector* collector_;
2593 mutable base::Mutex items_mutex_;
2594 std::vector<std::unique_ptr<ClearingItem>> items_;
2595};
2596
2597class ClearStringTableJobItem final : public ParallelClearingJob::ClearingItem {
2598 public:
2599 explicit ClearStringTableJobItem(Isolate* isolate)
2600 : isolate_(isolate),
2601 trace_id_(reinterpret_cast<uint64_t>(this) ^
2602 isolate->heap()->tracer()->CurrentEpoch(
2603 GCTracer::Scope::MC_CLEAR_STRING_TABLE)) {}
2604
2605 void Run(JobDelegate* delegate) final {
2606 // Set the current isolate such that trusted pointer tables etc are
2607 // available and the cage base is set correctly for multi-cage mode.
2608 SetCurrentIsolateScope isolate_scope(isolate_);
2609
2610 if (isolate_->OwnsStringTables()) {
2611 TRACE_GC1_WITH_FLOW(isolate_->heap()->tracer(),
2612 GCTracer::Scope::MC_CLEAR_STRING_TABLE,
2613 delegate->IsJoiningThread() ? ThreadKind::kMain
2614 : ThreadKind::kBackground,
2615 trace_id_, TRACE_EVENT_FLAG_FLOW_IN);
2616 // Prune the string table removing all strings only pointed to by the
2617 // string table. Cannot use string_table() here because the string
2618 // table is marked.
2619 StringTable* string_table = isolate_->string_table();
2620 InternalizedStringTableCleaner internalized_visitor(isolate_->heap());
2621 string_table->DropOldData();
2622 string_table->IterateElements(&internalized_visitor);
2623 string_table->NotifyElementsRemoved(
2624 internalized_visitor.PointersRemoved());
2625 }
2626 }
2627
2628 uint64_t trace_id() const { return trace_id_; }
2629
2630 private:
2631 Isolate* const isolate_;
2632 const uint64_t trace_id_;
2633};
2634
2635} // namespace
2636
2637class FullStringForwardingTableCleaner final
2638 : public StringForwardingTableCleanerBase {
2639 public:
2644
2645 // Transition all strings in the forwarding table to
2646 // ThinStrings/ExternalStrings and clear the table afterwards.
2647 void TransitionStrings() {
2648 DCHECK(!heap_->IsGCWithStack() ||
2649 v8_flags.transition_strings_during_gc_with_stack);
2650 StringForwardingTable* forwarding_table =
2651 isolate_->string_forwarding_table();
2652 forwarding_table->IterateElements(
2653 [&](StringForwardingTable::Record* record) {
2654 TransitionStrings(record);
2655 });
2656 forwarding_table->Reset();
2657 }
2658
2659 // When performing GC with a stack, we conservatively assume that
2660 // the GC could have been triggered by optimized code. Optimized code
2661 // assumes that flat strings don't transition during GCs, so we are not
2662 // allowed to transition strings to ThinString/ExternalString in that
2663 // case.
2664 // Instead we mark forward objects to keep them alive and update entries
2665 // of evacuated objects later.
2666 void ProcessFullWithStack() {
2667 DCHECK(heap_->IsGCWithStack() &&
2668 !v8_flags.transition_strings_during_gc_with_stack);
2669 StringForwardingTable* forwarding_table =
2670 isolate_->string_forwarding_table();
2671 forwarding_table->IterateElements(
2672 [&](StringForwardingTable::Record* record) {
2673 MarkForwardObject(record);
2674 });
2675 }
2676
2677 private:
2678 void MarkForwardObject(StringForwardingTable::Record* record) {
2679 Tagged<Object> original = record->OriginalStringObject(isolate_);
2680 if (!IsHeapObject(original)) {
2681 DCHECK_EQ(original, StringForwardingTable::deleted_element());
2682 return;
2683 }
2684 Tagged<String> original_string = Cast<String>(original);
2685 if (MarkingHelper::IsMarkedOrAlwaysLive(heap_, marking_state_,
2686 original_string)) {
2687 Tagged<Object> forward = record->ForwardStringObjectOrHash(isolate_);
2688 if (!IsHeapObject(forward) ||
2689 (MarkingHelper::GetLivenessMode(heap_, Cast<HeapObject>(forward)) ==
2690 MarkingHelper::LivenessMode::kAlwaysLive)) {
2691 return;
2692 }
2693 marking_state_->TryMarkAndAccountLiveBytes(Cast<HeapObject>(forward));
2694 } else {
2695 DisposeExternalResource(record);
2696 record->set_original_string(StringForwardingTable::deleted_element());
2697 }
2698 }
2699
2700 void TransitionStrings(StringForwardingTable::Record* record) {
2701 Tagged<Object> original = record->OriginalStringObject(isolate_);
2702 if (!IsHeapObject(original)) {
2703 DCHECK_EQ(original, StringForwardingTable::deleted_element());
2704 return;
2705 }
2706 if (MarkingHelper::IsMarkedOrAlwaysLive(heap_, marking_state_,
2707 Cast<HeapObject>(original))) {
2708 Tagged<String> original_string = Cast<String>(original);
2709 if (IsThinString(original_string)) {
2710 original_string = Cast<ThinString>(original_string)->actual();
2711 }
2712 TryExternalize(original_string, record);
2713 TryInternalize(original_string, record);
2714 original_string->set_raw_hash_field(record->raw_hash(isolate_));
2715 } else {
2716 DisposeExternalResource(record);
2717 }
2718 }
2719
2720 void TryExternalize(Tagged<String> original_string,
2721 StringForwardingTable::Record* record) {
2722 // If the string is already external, dispose the resource.
2723 if (IsExternalString(original_string)) {
2724 record->DisposeUnusedExternalResource(isolate_, original_string);
2725 return;
2726 }
2727
2728 bool is_one_byte;
2729 v8::String::ExternalStringResourceBase* external_resource =
2730 record->external_resource(&is_one_byte);
2731 if (external_resource == nullptr) return;
2732
2733 if (is_one_byte) {
2734 original_string->MakeExternalDuringGC(
2735 isolate_,
2736 reinterpret_cast<v8::String::ExternalOneByteStringResource*>(
2737 external_resource));
2738 } else {
2739 original_string->MakeExternalDuringGC(
2740 isolate_, reinterpret_cast<v8::String::ExternalStringResource*>(
2741 external_resource));
2742 }
2743 }
2744
2745 void TryInternalize(Tagged<String> original_string,
2746 StringForwardingTable::Record* record) {
2747 if (IsInternalizedString(original_string)) return;
2748 Tagged<Object> forward = record->ForwardStringObjectOrHash(isolate_);
2749 if (!IsHeapObject(forward)) {
2750 return;
2751 }
2752 Tagged<String> forward_string = Cast<String>(forward);
2753
2754 // Mark the forwarded string to keep it alive.
2755 if (MarkingHelper::GetLivenessMode(heap_, forward_string) !=
2756 MarkingHelper::LivenessMode::kAlwaysLive) {
2757 marking_state_->TryMarkAndAccountLiveBytes(forward_string);
2758 }
2759 // Transition the original string to a ThinString and override the
2760 // forwarding index with the correct hash.
2761 original_string->MakeThin(isolate_, forward_string);
2762 // Record the slot in the old-to-old remembered set. This is
2763 // required as the internalized string could be relocated during
2764 // compaction.
2765 ObjectSlot slot(&Cast<ThinString>(original_string)->actual_);
2766 MarkCompactCollector::RecordSlot(original_string, slot, forward_string);
2767 }
2768
2769 Heap* const heap_;
2770};
2771
2772namespace {
2773
2774class SharedStructTypeRegistryCleaner final : public RootVisitor {
2775 public:
2776 explicit SharedStructTypeRegistryCleaner(Heap* heap) : heap_(heap) {}
2777
2778 void VisitRootPointers(Root root, const char* description,
2779 FullObjectSlot start, FullObjectSlot end) override {
2780 UNREACHABLE();
2781 }
2782
2783 void VisitRootPointers(Root root, const char* description,
2784 OffHeapObjectSlot start,
2785 OffHeapObjectSlot end) override {
2786 DCHECK_EQ(root, Root::kSharedStructTypeRegistry);
2787 // The SharedStructTypeRegistry holds the canonical SharedStructType
2788 // instance maps weakly. Visit all Map pointers in [start, end), deleting
2789 // it if unmarked.
2790 auto* marking_state = heap_->marking_state();
2791 Isolate* const isolate = heap_->isolate();
2792 for (OffHeapObjectSlot p = start; p < end; p++) {
2793 Tagged<Object> o = p.load(isolate);
2794 DCHECK(!IsString(o));
2795 if (IsMap(o)) {
2796 Tagged<HeapObject> map = Cast<Map>(o);
2797 DCHECK(HeapLayout::InAnySharedSpace(map));
2798 if (MarkingHelper::IsMarkedOrAlwaysLive(heap_, marking_state, map))
2799 continue;
2800 elements_removed_++;
2801 p.store(SharedStructTypeRegistry::deleted_element());
2802 }
2803 }
2804 }
2805
2806 int ElementsRemoved() const { return elements_removed_; }
2807
2808 private:
2809 Heap* heap_;
2810 int elements_removed_ = 0;
2811};
2812
2813class ClearSharedStructTypeRegistryJobItem final
2814 : public ParallelClearingJob::ClearingItem {
2815 public:
2816 explicit ClearSharedStructTypeRegistryJobItem(Isolate* isolate)
2817 : isolate_(isolate) {
2818 DCHECK(isolate->is_shared_space_isolate());
2819 DCHECK_NOT_NULL(isolate->shared_struct_type_registry());
2820 }
2821
2822 void Run(JobDelegate* delegate) final {
2823 // Set the current isolate such that trusted pointer tables etc are
2824 // available and the cage base is set correctly for multi-cage mode.
2825 SetCurrentIsolateScope isolate_scope(isolate_);
2826
2827 auto* registry = isolate_->shared_struct_type_registry();
2828 SharedStructTypeRegistryCleaner cleaner(isolate_->heap());
2829 registry->IterateElements(isolate_, &cleaner);
2830 registry->NotifyElementsRemoved(cleaner.ElementsRemoved());
2831 }
2832
2833 private:
2834 Isolate* const isolate_;
2835};
2836
2837} // namespace
2838
2839class MarkCompactCollector::ClearTrivialWeakRefJobItem final
2840 : public ParallelClearingJob::ClearingItem {
2841 public:
2842 explicit ClearTrivialWeakRefJobItem(MarkCompactCollector* collector)
2843 : collector_(collector),
2844 trace_id_(reinterpret_cast<uint64_t>(this) ^
2845 collector->heap()->tracer()->CurrentEpoch(
2846 GCTracer::Scope::MC_CLEAR_WEAK_REFERENCES_TRIVIAL)) {}
2847
2848 void Run(JobDelegate* delegate) final {
2849 Heap* heap = collector_->heap();
2850
2851 // Set the current isolate such that trusted pointer tables etc are
2852 // available and the cage base is set correctly for multi-cage mode.
2853 SetCurrentIsolateScope isolate_scope(heap->isolate());
2854
2855 TRACE_GC1_WITH_FLOW(heap->tracer(),
2856 GCTracer::Scope::MC_CLEAR_WEAK_REFERENCES_TRIVIAL,
2857 delegate->IsJoiningThread() ? ThreadKind::kMain
2858 : ThreadKind::kBackground,
2859 trace_id_, TRACE_EVENT_FLAG_FLOW_IN);
2860 collector_->ClearTrivialWeakReferences();
2861 collector_->ClearTrustedWeakReferences();
2862 }
2863
2864 uint64_t trace_id() const { return trace_id_; }
2865
2866 private:
2867 MarkCompactCollector* collector_;
2868 const uint64_t trace_id_;
2869};
2870
2871class MarkCompactCollector::FilterNonTrivialWeakRefJobItem final
2872 : public ParallelClearingJob::ClearingItem {
2873 public:
2874 explicit FilterNonTrivialWeakRefJobItem(MarkCompactCollector* collector)
2875 : collector_(collector),
2876 trace_id_(
2877 reinterpret_cast<uint64_t>(this) ^
2878 collector->heap()->tracer()->CurrentEpoch(
2879 GCTracer::Scope::MC_CLEAR_WEAK_REFERENCES_FILTER_NON_TRIVIAL)) {
2880 }
2881
2882 void Run(JobDelegate* delegate) final {
2883 Heap* heap = collector_->heap();
2884
2885 // Set the current isolate such that trusted pointer tables etc are
2886 // available and the cage base is set correctly for multi-cage mode.
2887 SetCurrentIsolateScope isolate_scope(heap->isolate());
2888
2889 TRACE_GC1_WITH_FLOW(
2890 heap->tracer(),
2891 GCTracer::Scope::MC_CLEAR_WEAK_REFERENCES_FILTER_NON_TRIVIAL,
2892 delegate->IsJoiningThread() ? ThreadKind::kMain
2893 : ThreadKind::kBackground,
2894 trace_id_, TRACE_EVENT_FLAG_FLOW_IN);
2895 collector_->FilterNonTrivialWeakReferences();
2896 }
2897
2898 uint64_t trace_id() const { return trace_id_; }
2899
2900 private:
2901 MarkCompactCollector* collector_;
2902 const uint64_t trace_id_;
2903};
2904
2905void MarkCompactCollector::ClearNonLiveReferences() {
2906 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_CLEAR);
2907
2908 Isolate* const isolate = heap_->isolate();
2909 if (isolate->OwnsStringTables()) {
2910 TRACE_GC(heap_->tracer(),
2911 GCTracer::Scope::MC_CLEAR_STRING_FORWARDING_TABLE);
2912 // Clear string forwarding table. Live strings are transitioned to
2913 // ThinStrings/ExternalStrings in the cleanup process, if this is a GC
2914 // without stack.
2915 // Clearing the string forwarding table must happen before clearing the
2916 // string table, as entries in the forwarding table can keep internalized
2917 // strings alive.
2918 FullStringForwardingTableCleaner forwarding_table_cleaner(heap_);
2919 if (!heap_->IsGCWithStack() ||
2920 v8_flags.transition_strings_during_gc_with_stack) {
2921 forwarding_table_cleaner.TransitionStrings();
2922 } else {
2923 forwarding_table_cleaner.ProcessFullWithStack();
2924 }
2925 }
2926
2927 {
2928 // Clear Isolate::topmost_script_having_context slot if it's not alive.
2929 Tagged<Object> maybe_caller_context =
2930 isolate->topmost_script_having_context();
2931 if (maybe_caller_context.IsHeapObject() &&
2932 MarkingHelper::IsUnmarkedAndNotAlwaysLive(
2933 heap_, marking_state_, Cast<HeapObject>(maybe_caller_context))) {
2934 isolate->clear_topmost_script_having_context();
2935 }
2936 }
2937
2938 std::unique_ptr<JobHandle> clear_string_table_job_handle;
2939 {
2940 auto job = std::make_unique<ParallelClearingJob>(this);
2941 auto job_item = std::make_unique<ClearStringTableJobItem>(isolate);
2942 const uint64_t trace_id = job_item->trace_id();
2943 job->Add(std::move(job_item));
2944 TRACE_GC_NOTE_WITH_FLOW("ClearStringTableJob started", trace_id,
2945 TRACE_EVENT_FLAG_FLOW_OUT);
2946 if (isolate->is_shared_space_isolate() &&
2947 isolate->shared_struct_type_registry()) {
2948 auto registry_job_item =
2949 std::make_unique<ClearSharedStructTypeRegistryJobItem>(isolate);
2950 job->Add(std::move(registry_job_item));
2951 }
2952 clear_string_table_job_handle = V8::GetCurrentPlatform()->CreateJob(
2953 TaskPriority::kUserBlocking, std::move(job));
2954 }
2955 if (v8_flags.parallel_weak_ref_clearing && UseBackgroundThreadsInCycle()) {
2956 clear_string_table_job_handle->NotifyConcurrencyIncrease();
2957 }
2958
2959 {
2960 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_CLEAR_EXTERNAL_STRING_TABLE);
2961 ExternalStringTableCleanerVisitor<ExternalStringTableCleaningMode::kAll>
2962 external_visitor(heap_);
2963 heap_->external_string_table_.IterateAll(&external_visitor);
2964 heap_->external_string_table_.CleanUpAll();
2965 }
2966
2967 {
2968 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_CLEAR_WEAK_GLOBAL_HANDLES);
2969 // We depend on `IterateWeakRootsForPhantomHandles()` being called before
2970 // `ProcessOldCodeCandidates()` in order to identify flushed bytecode in the
2971 // CPU profiler.
2972 isolate->global_handles()->IterateWeakRootsForPhantomHandles(
2973 &IsUnmarkedHeapObject);
2974 isolate->traced_handles()->ResetDeadNodes(&IsUnmarkedHeapObject);
2975
2976 if (isolate->is_shared_space_isolate()) {
2977 isolate->global_safepoint()->IterateClientIsolates([](Isolate* client) {
2978 client->global_handles()->IterateWeakRootsForPhantomHandles(
2979 &IsUnmarkedSharedHeapObject);
2980 // No need to reset traced handles since they are always strong.
2981 });
2982 }
2983 }
2984
2985 {
2986 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_CLEAR_FLUSHABLE_BYTECODE);
2987 // `ProcessFlushedBaselineCandidates()` must be called after
2988 // `ProcessOldCodeCandidates()` so that we correctly set the code object on
2989 // the JSFunction after flushing.
2990 ProcessOldCodeCandidates();
2991#ifndef V8_ENABLE_LEAPTIERING
2992 // With leaptiering this is done during sweeping.
2993 ProcessFlushedBaselineCandidates();
2994#endif // !V8_ENABLE_LEAPTIERING
2995 }
2996
2997#ifdef V8_ENABLE_LEAPTIERING
2998 {
2999 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_SWEEP_JS_DISPATCH_TABLE);
3000 JSDispatchTable* jdt = IsolateGroup::current()->js_dispatch_table();
3001 Tagged<Code> compile_lazy =
3002 heap_->isolate()->builtins()->code(Builtin::kCompileLazy);
3003 jdt->Sweep(heap_->js_dispatch_table_space(), isolate->counters(),
3004 [&](JSDispatchEntry& entry) {
3005 Tagged<Code> code = entry.GetCode();
3006 if (MarkingHelper::IsUnmarkedAndNotAlwaysLive(
3007 heap_, marking_state_, code)) {
3008 // Baseline flushing: if the Code object is no longer alive,
3009 // it must have been flushed and so we replace it with the
3010 // CompileLazy builtin. Once we use leaptiering on all
3011 // platforms, we can probably simplify the other code related
3012 // to baseline flushing.
3013
3014 // Currently, we can also see optimized code here. This
3015 // happens when a FeedbackCell for which no JSFunctions
3016 // remain references optimized code. However, in that case we
3017 // probably do want to delete the optimized code, so that is
3018 // working as intended. It does mean, however, that we cannot
3019 // DCHECK here that we only see baseline code.
3020 DCHECK(code->kind() == CodeKind::FOR_TESTING ||
3021 code->kind() == CodeKind::BASELINE ||
3022 code->kind() == CodeKind::MAGLEV ||
3023 code->kind() == CodeKind::TURBOFAN_JS);
3024 entry.SetCodeAndEntrypointPointer(
3025 compile_lazy.ptr(), compile_lazy->instruction_start());
3026 }
3027 });
3028 }
3029#endif // V8_ENABLE_LEAPTIERING
3030
3031 // TODO(olivf, 42204201): If we make the bytecode accessible from the dispatch
3032 // table this could also be implemented during JSDispatchTable::Sweep.
3033 {
3034 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_CLEAR_FLUSHED_JS_FUNCTIONS);
3035 ClearFlushedJsFunctions();
3036 }
3037
3038 {
3039 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_CLEAR_WEAK_LISTS);
3040 // Process the weak references.
3041 MarkCompactWeakObjectRetainer mark_compact_object_retainer(heap_,
3042 marking_state_);
3043 heap_->ProcessAllWeakReferences(&mark_compact_object_retainer);
3044 }
3045
3046 {
3047 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_CLEAR_MAPS);
3048 // ClearFullMapTransitions must be called before weak references are
3049 // cleared.
3050 ClearFullMapTransitions();
3051 // Weaken recorded strong DescriptorArray objects. This phase can
3052 // potentially move everywhere after `ClearFullMapTransitions()`.
3053 WeakenStrongDescriptorArrays();
3054 }
3055
3056 // Start two parallel jobs: one for clearing trivial weak references and one
3057 // for filtering out non-trivial weak references that will not be cleared.
3058 // Both jobs read the values of weak references and the corresponding
3059 // mark bits. They cannot start before the following methods have finished,
3060 // because these may change the values of weak references and/or mark more
3061 // objects, thus creating data races:
3062 // - ProcessOldCodeCandidates
3063 // - ProcessAllWeakReferences
3064 // - ClearFullMapTransitions
3065 // - WeakenStrongDescriptorArrays
3066 // The two jobs could be merged but it's convenient to keep them separate,
3067 // as they are joined at different times. The filtering job must be joined
3068 // before proceeding to the actual clearing of non-trivial weak references,
3069 // whereas the job for clearing trivial weak references can be joined at the
3070 // end of this method.
3071 std::unique_ptr<JobHandle> clear_trivial_weakrefs_job_handle;
3072 {
3073 auto job = std::make_unique<ParallelClearingJob>(this);
3074 auto job_item = std::make_unique<ClearTrivialWeakRefJobItem>(this);
3075 const uint64_t trace_id = job_item->trace_id();
3076 job->Add(std::move(job_item));
3077 TRACE_GC_NOTE_WITH_FLOW("ClearTrivialWeakRefJob started", trace_id,
3078 TRACE_EVENT_FLAG_FLOW_OUT);
3079 clear_trivial_weakrefs_job_handle = V8::GetCurrentPlatform()->CreateJob(
3080 TaskPriority::kUserBlocking, std::move(job));
3081 }
3082 std::unique_ptr<JobHandle> filter_non_trivial_weakrefs_job_handle;
3083 {
3084 auto job = std::make_unique<ParallelClearingJob>(this);
3085 auto job_item = std::make_unique<FilterNonTrivialWeakRefJobItem>(this);
3086 const uint64_t trace_id = job_item->trace_id();
3087 job->Add(std::move(job_item));
3088 TRACE_GC_NOTE_WITH_FLOW("FilterNonTrivialWeakRefJob started", trace_id,
3089 TRACE_EVENT_FLAG_FLOW_OUT);
3090 filter_non_trivial_weakrefs_job_handle =
3091 V8::GetCurrentPlatform()->CreateJob(TaskPriority::kUserBlocking,
3092 std::move(job));
3093 }
3094 if (v8_flags.parallel_weak_ref_clearing && UseBackgroundThreadsInCycle()) {
3095 clear_trivial_weakrefs_job_handle->NotifyConcurrencyIncrease();
3096 filter_non_trivial_weakrefs_job_handle->NotifyConcurrencyIncrease();
3097 }
3098
3099#ifdef V8_COMPRESS_POINTERS
3100 {
3101 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_SWEEP_EXTERNAL_POINTER_TABLE);
3102 // External pointer table sweeping needs to happen before evacuating live
3103 // objects as it may perform table compaction, which requires objects to
3104 // still be at the same location as during marking.
3105 //
3106 // Note we explicitly do NOT run SweepAndCompact on
3107 // read_only_external_pointer_space since these entries are all immortal by
3108 // definition.
3109 isolate->external_pointer_table().EvacuateAndSweepAndCompact(
3110 isolate->heap()->old_external_pointer_space(),
3111 isolate->heap()->young_external_pointer_space(), isolate->counters());
3112 isolate->heap()->young_external_pointer_space()->AssertEmpty();
3113 if (isolate->owns_shareable_data()) {
3114 isolate->shared_external_pointer_table().SweepAndCompact(
3115 isolate->shared_external_pointer_space(), isolate->counters());
3116 }
3117 isolate->cpp_heap_pointer_table().SweepAndCompact(
3118 isolate->heap()->cpp_heap_pointer_space(), isolate->counters());
3119 }
3120#endif // V8_COMPRESS_POINTERS
3121
3122#ifdef V8_ENABLE_SANDBOX
3123 {
3124 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_SWEEP_TRUSTED_POINTER_TABLE);
3125 isolate->trusted_pointer_table().Sweep(heap_->trusted_pointer_space(),
3126 isolate->counters());
3127 if (isolate->owns_shareable_data()) {
3128 isolate->shared_trusted_pointer_table().Sweep(
3129 isolate->shared_trusted_pointer_space(), isolate->counters());
3130 }
3131 }
3132
3133 {
3134 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_SWEEP_CODE_POINTER_TABLE);
3135 IsolateGroup::current()->code_pointer_table()->Sweep(
3136 heap_->code_pointer_space(), isolate->counters());
3137 }
3138#endif // V8_ENABLE_SANDBOX
3139
3140#ifdef V8_ENABLE_WEBASSEMBLY
3141 {
3142 TRACE_GC(heap_->tracer(),
3143 GCTracer::Scope::MC_SWEEP_WASM_CODE_POINTER_TABLE);
3144 wasm::GetProcessWideWasmCodePointerTable()->SweepSegments();
3145 }
3146#endif // V8_ENABLE_WEBASSEMBLY
3147
3148 {
3149 TRACE_GC(heap_->tracer(),
3150 GCTracer::Scope::MC_CLEAR_WEAK_REFERENCES_JOIN_FILTER_JOB);
3151 filter_non_trivial_weakrefs_job_handle->Join();
3152 }
3153
3154 {
3155 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_WEAKNESS_HANDLING);
3156 ClearNonTrivialWeakReferences();
3157 ClearWeakCollections();
3158 ClearJSWeakRefs();
3159 }
3160
3161 PROFILE(heap_->isolate(), WeakCodeClearEvent());
3162
3163 {
3164 // This method may be called from within a DisallowDeoptimizations scope.
3165 // Temporarily allow deopts for marking code for deopt. This is not doing
3166 // the deopt yet and the actual deopts will be bailed out on later if the
3167 // current safepoint is not safe for deopts.
3168 // TODO(357636610): Reconsider whether the DisallowDeoptimization scopes are
3169 // truly needed.
3170 AllowDeoptimization allow_deoptimization(heap_->isolate());
3171 MarkDependentCodeForDeoptimization();
3172 }
3173
3174 {
3175 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_CLEAR_JOIN_JOB);
3176 clear_string_table_job_handle->Join();
3177 clear_trivial_weakrefs_job_handle->Join();
3178 }
3179
3180 if (v8_flags.sticky_mark_bits) {
3181 // TODO(333906585): Consider adjusting the dchecks that happen on clearing
3182 // and move this phase into MarkingBarrier::DeactivateAll.
3183 heap()->DeactivateMajorGCInProgressFlag();
3184 }
3185
3186 DCHECK(weak_objects_.transition_arrays.IsEmpty());
3187 DCHECK(weak_objects_.weak_references_trivial.IsEmpty());
3188 DCHECK(weak_objects_.weak_references_non_trivial.IsEmpty());
3189 DCHECK(weak_objects_.weak_references_non_trivial_unmarked.IsEmpty());
3190 DCHECK(weak_objects_.weak_objects_in_code.IsEmpty());
3191 DCHECK(weak_objects_.js_weak_refs.IsEmpty());
3192 DCHECK(weak_objects_.weak_cells.IsEmpty());
3193 DCHECK(weak_objects_.code_flushing_candidates.IsEmpty());
3194 DCHECK(weak_objects_.flushed_js_functions.IsEmpty());
3195#ifndef V8_ENABLE_LEAPTIERING
3196 DCHECK(weak_objects_.baseline_flushing_candidates.IsEmpty());
3197#endif // !V8_ENABLE_LEAPTIERING
3198}
3199
3200void MarkCompactCollector::MarkDependentCodeForDeoptimization() {
3201 HeapObjectAndCode weak_object_in_code;
3202 while (local_weak_objects()->weak_objects_in_code_local.Pop(
3203 &weak_object_in_code)) {
3204 Tagged<HeapObject> object = weak_object_in_code.heap_object;
3205 Tagged<Code> code = weak_object_in_code.code;
3206 if (MarkingHelper::IsUnmarkedAndNotAlwaysLive(
3207 heap_, non_atomic_marking_state_, object) &&
3208 !code->embedded_objects_cleared()) {
3209 if (!code->marked_for_deoptimization()) {
3210 code->SetMarkedForDeoptimization(heap_->isolate(),
3211 LazyDeoptimizeReason::kWeakObjects);
3212 have_code_to_deoptimize_ = true;
3213 }
3214 code->ClearEmbeddedObjectsAndJSDispatchHandles(heap_);
3215 DCHECK(code->embedded_objects_cleared());
3216 }
3217 }
3218}
3219
3220void MarkCompactCollector::ClearPotentialSimpleMapTransition(
3221 Tagged<Map> dead_target) {
3222 DCHECK(non_atomic_marking_state_->IsUnmarked(dead_target));
3223 Tagged<Object> potential_parent = dead_target->constructor_or_back_pointer();
3224 if (IsMap(potential_parent)) {
3225 Tagged<Map> parent = Cast<Map>(potential_parent);
3226 DisallowGarbageCollection no_gc_obviously;
3227 if (MarkingHelper::IsMarkedOrAlwaysLive(heap_, non_atomic_marking_state_,
3228 parent) &&
3229 TransitionsAccessor(heap_->isolate(), parent)
3230 .HasSimpleTransitionTo(dead_target)) {
3231 ClearPotentialSimpleMapTransition(parent, dead_target);
3232 }
3233 }
3234}
3235
3236void MarkCompactCollector::ClearPotentialSimpleMapTransition(
3237 Tagged<Map> map, Tagged<Map> dead_target) {
3238 DCHECK(!map->is_prototype_map());
3239 DCHECK(!dead_target->is_prototype_map());
3240 DCHECK_EQ(map->raw_transitions(), MakeWeak(dead_target));
3241 // Take ownership of the descriptor array.
3242 int number_of_own_descriptors = map->NumberOfOwnDescriptors();
3243 Tagged<DescriptorArray> descriptors =
3244 map->instance_descriptors(heap_->isolate());
3245 if (descriptors == dead_target->instance_descriptors(heap_->isolate()) &&
3246 number_of_own_descriptors > 0) {
3247 TrimDescriptorArray(map, descriptors);
3248 DCHECK(descriptors->number_of_descriptors() == number_of_own_descriptors);
3249 }
3250}
3251
3252bool MarkCompactCollector::SpecialClearMapSlot(Tagged<HeapObject> host,
3253 Tagged<Map> map,
3254 HeapObjectSlot slot) {
3255 ClearPotentialSimpleMapTransition(map);
3256
3257 // Special handling for clearing field type entries, identified by their host
3258 // being a descriptor array.
3259 // TODO(olivf): This whole special handling of field-type clearing
3260 // could be replaced by eagerly triggering field type dependencies and
3261 // generalizing field types, as soon as a field-type map becomes
3262 // unstable.
3263 if (IsDescriptorArray(host)) {
3264 // We want to distinguish two cases:
3265 // 1. There are no instances of the descriptor owner's map left.
3266 // 2. The field type is not up to date because the stored object
3267 // migrated away to a different map.
3268 // In case (1) it makes sense to clear the field type such that we
3269 // can learn a new one should we ever start creating instances
3270 // again.
3271 // In case (2) we must not re-learn a new field type. Doing so could
3272 // lead us to learning a field type that is not consistent with
3273 // still existing object's contents. To conservatively identify case
3274 // (1) we check the stability of the dead map.
3275 MaybeObjectSlot location(slot);
3276 if (map->is_stable() && FieldType::kFieldTypesCanBeClearedOnGC) {
3277 location.store(FieldType::None());
3278 } else {
3279 location.store(FieldType::Any());
3280 }
3281 return true;
3282 }
3283 return false;
3284}
3285
3286void MarkCompactCollector::FlushBytecodeFromSFI(
3287 Tagged<SharedFunctionInfo> shared_info) {
3288 DCHECK(shared_info->HasBytecodeArray());
3289
3290 // Retain objects required for uncompiled data.
3291 Tagged<String> inferred_name = shared_info->inferred_name();
3292 int start_position = shared_info->StartPosition();
3293 int end_position = shared_info->EndPosition();
3294
3295 shared_info->DiscardCompiledMetadata(
3296 heap_->isolate(),
3297 [](Tagged<HeapObject> object, ObjectSlot slot,
3298 Tagged<HeapObject> target) { RecordSlot(object, slot, target); });
3299
3300 // The size of the bytecode array should always be larger than an
3301 // UncompiledData object.
3302 static_assert(BytecodeArray::SizeFor(0) >=
3303 UncompiledDataWithoutPreparseData::kSize);
3304
3305 // Replace the bytecode with an uncompiled data object.
3306 Tagged<BytecodeArray> bytecode_array =
3307 shared_info->GetBytecodeArray(heap_->isolate());
3308
3309#ifdef V8_ENABLE_SANDBOX
3310 DCHECK(!HeapLayout::InWritableSharedSpace(shared_info));
3311 // Zap the old entry in the trusted pointer table.
3312 TrustedPointerTable& table = heap_->isolate()->trusted_pointer_table();
3313 IndirectPointerSlot self_indirect_pointer_slot =
3314 bytecode_array->RawIndirectPointerField(
3315 BytecodeArray::kSelfIndirectPointerOffset,
3316 kBytecodeArrayIndirectPointerTag);
3317 table.Zap(self_indirect_pointer_slot.Relaxed_LoadHandle());
3318#endif
3319
3320 Tagged<HeapObject> compiled_data = bytecode_array;
3321 Address compiled_data_start = compiled_data.address();
3322 int compiled_data_size = ALIGN_TO_ALLOCATION_ALIGNMENT(compiled_data->Size());
3323 MutablePageMetadata* chunk =
3324 MutablePageMetadata::FromAddress(compiled_data_start);
3325
3326 // Clear any recorded slots for the compiled data as being invalid.
3327 RememberedSet<OLD_TO_NEW>::RemoveRange(
3328 chunk, compiled_data_start, compiled_data_start + compiled_data_size,
3329 SlotSet::FREE_EMPTY_BUCKETS);
3330 RememberedSet<OLD_TO_NEW_BACKGROUND>::RemoveRange(
3331 chunk, compiled_data_start, compiled_data_start + compiled_data_size,
3332 SlotSet::FREE_EMPTY_BUCKETS);
3333 RememberedSet<OLD_TO_SHARED>::RemoveRange(
3334 chunk, compiled_data_start, compiled_data_start + compiled_data_size,
3335 SlotSet::FREE_EMPTY_BUCKETS);
3336 RememberedSet<OLD_TO_OLD>::RemoveRange(
3337 chunk, compiled_data_start, compiled_data_start + compiled_data_size,
3338 SlotSet::FREE_EMPTY_BUCKETS);
3339 RememberedSet<TRUSTED_TO_TRUSTED>::RemoveRange(
3340 chunk, compiled_data_start, compiled_data_start + compiled_data_size,
3341 SlotSet::FREE_EMPTY_BUCKETS);
3342
3343 // Swap the map, using set_map_after_allocation to avoid verify heap checks
3344 // which are not necessary since we are doing this during the GC atomic pause.
3345 compiled_data->set_map_after_allocation(
3346 heap_->isolate(),
3347 ReadOnlyRoots(heap_).uncompiled_data_without_preparse_data_map(),
3348 SKIP_WRITE_BARRIER);
3349
3350 // Create a filler object for any left over space in the bytecode array.
3351 if (!heap_->IsLargeObject(compiled_data)) {
3352 const int aligned_filler_offset =
3353 ALIGN_TO_ALLOCATION_ALIGNMENT(UncompiledDataWithoutPreparseData::kSize);
3354 heap_->CreateFillerObjectAt(compiled_data.address() + aligned_filler_offset,
3355 compiled_data_size - aligned_filler_offset);
3356 }
3357
3358 // Initialize the uncompiled data.
3359 Tagged<UncompiledData> uncompiled_data = Cast<UncompiledData>(compiled_data);
3360
3361 uncompiled_data->InitAfterBytecodeFlush(
3362 heap_->isolate(), inferred_name, start_position, end_position,
3363 [](Tagged<HeapObject> object, ObjectSlot slot,
3364 Tagged<HeapObject> target) { RecordSlot(object, slot, target); });
3365
3366 // Mark the uncompiled data as black, and ensure all fields have already been
3367 // marked.
3368 DCHECK(MarkingHelper::IsMarkedOrAlwaysLive(heap_, marking_state_,
3369 inferred_name));
3370 if (MarkingHelper::GetLivenessMode(heap_, uncompiled_data) ==
3371 MarkingHelper::LivenessMode::kMarkbit) {
3372 marking_state_->TryMarkAndAccountLiveBytes(uncompiled_data);
3373 }
3374
3375#ifdef V8_ENABLE_SANDBOX
3376 // Mark the new entry in the trusted pointer table as alive.
3377 TrustedPointerTable::Space* space = heap_->trusted_pointer_space();
3378 table.Mark(space, self_indirect_pointer_slot.Relaxed_LoadHandle());
3379#endif
3380
3381 shared_info->set_uncompiled_data(uncompiled_data);
3382 DCHECK(!shared_info->is_compiled());
3383}
3384
3385void MarkCompactCollector::ProcessOldCodeCandidates() {
3386 DCHECK(v8_flags.flush_bytecode || v8_flags.flush_baseline_code ||
3387 weak_objects_.code_flushing_candidates.IsEmpty());
3388 Tagged<SharedFunctionInfo> flushing_candidate;
3389 int number_of_flushed_sfis = 0;
3390 while (local_weak_objects()->code_flushing_candidates_local.Pop(
3391 &flushing_candidate)) {
3392 bool is_bytecode_live;
3393 if (v8_flags.flush_baseline_code && flushing_candidate->HasBaselineCode()) {
3394 is_bytecode_live = ProcessOldBaselineSFI(flushing_candidate);
3395 } else {
3396 is_bytecode_live = ProcessOldBytecodeSFI(flushing_candidate);
3397 }
3398
3399 if (!is_bytecode_live) number_of_flushed_sfis++;
3400
3401 // Now record the data slots, which have been updated to an uncompiled
3402 // data, Baseline code or BytecodeArray which is still alive.
3403#ifndef V8_ENABLE_SANDBOX
3404 // If the sandbox is enabled, the slot contains an indirect pointer which
3405 // does not need to be updated during mark-compact (because the pointer in
3406 // the pointer table will be updated), so no action is needed here.
3407 ObjectSlot slot = flushing_candidate->RawField(
3408 SharedFunctionInfo::kTrustedFunctionDataOffset);
3409 if (IsHeapObject(*slot)) {
3410 RecordSlot(flushing_candidate, slot, Cast<HeapObject>(*slot));
3411 }
3412#endif
3413 }
3414
3415 if (v8_flags.trace_flush_code) {
3416 PrintIsolate(heap_->isolate(), "%d flushed SharedFunctionInfo(s)\n",
3417 number_of_flushed_sfis);
3418 }
3419}
3420
3421bool MarkCompactCollector::ProcessOldBytecodeSFI(
3422 Tagged<SharedFunctionInfo> flushing_candidate) {
3423 // During flushing a BytecodeArray is transformed into an UncompiledData
3424 // in place. Seeing an UncompiledData here implies that another
3425 // SharedFunctionInfo had a reference to the same BytecodeArray and
3426 // flushed it before processing this candidate. This can happen when using
3427 // CloneSharedFunctionInfo().
3428 Isolate* const isolate = heap_->isolate();
3429
3430 const bool bytecode_already_decompiled =
3431 flushing_candidate->HasUncompiledData();
3432 if (!bytecode_already_decompiled) {
3433 // Check if the bytecode is still live.
3434 Tagged<BytecodeArray> bytecode =
3435 flushing_candidate->GetBytecodeArray(isolate);
3436 if (MarkingHelper::IsMarkedOrAlwaysLive(heap_, non_atomic_marking_state_,
3437 bytecode)) {
3438 return true;
3439 }
3440 }
3441 FlushSFI(flushing_candidate, bytecode_already_decompiled);
3442 return false;
3443}
3444
3445bool MarkCompactCollector::ProcessOldBaselineSFI(
3446 Tagged<SharedFunctionInfo> flushing_candidate) {
3447 Tagged<Code> baseline_code = flushing_candidate->baseline_code(kAcquireLoad);
3448 // Safe to do a relaxed load here since the Code was acquire-loaded.
3449 Tagged<InstructionStream> baseline_istream =
3450 baseline_code->instruction_stream(baseline_code->code_cage_base(),
3451 kRelaxedLoad);
3452 Tagged<HeapObject> baseline_bytecode_or_interpreter_data =
3453 baseline_code->bytecode_or_interpreter_data();
3454
3455 // During flushing a BytecodeArray is transformed into an UncompiledData
3456 // in place. Seeing an UncompiledData here implies that another
3457 // SharedFunctionInfo had a reference to the same BytecodeArray and
3458 // flushed it before processing this candidate. This can happen when using
3459 // CloneSharedFunctionInfo().
3460 const bool bytecode_already_decompiled =
3461 IsUncompiledData(baseline_bytecode_or_interpreter_data, heap_->isolate());
3462 bool is_bytecode_live = false;
3463 if (!bytecode_already_decompiled) {
3464 Tagged<BytecodeArray> bytecode =
3465 flushing_candidate->GetBytecodeArray(heap_->isolate());
3466 is_bytecode_live = MarkingHelper::IsMarkedOrAlwaysLive(
3467 heap_, non_atomic_marking_state_, bytecode);
3468 }
3469
3470 if (MarkingHelper::IsMarkedOrAlwaysLive(heap_, non_atomic_marking_state_,
3471 baseline_istream)) {
3472 // Currently baseline code holds bytecode array strongly and it is
3473 // always ensured that bytecode is live if baseline code is live. Hence
3474 // baseline code can safely load bytecode array without any additional
3475 // checks. In future if this changes we need to update these checks to
3476 // flush code if the bytecode is not live and also update baseline code
3477 // to bailout if there is no bytecode.
3478 DCHECK(is_bytecode_live);
3479
3480 // Regardless of whether the Code is a Code or
3481 // the InstructionStream itself, if the InstructionStream is live then
3482 // the Code has to be live and will have been marked via
3483 // the owning JSFunction.
3484 DCHECK(MarkingHelper::IsMarkedOrAlwaysLive(heap_, non_atomic_marking_state_,
3485 baseline_code));
3486 } else if (is_bytecode_live || bytecode_already_decompiled) {
3487 // Reset the function_data field to the BytecodeArray, InterpreterData,
3488 // or UncompiledData found on the baseline code. We can skip this step
3489 // if the BytecodeArray is not live and not already decompiled, because
3490 // FlushBytecodeFromSFI below will set the function_data field.
3491 flushing_candidate->FlushBaselineCode();
3492 }
3493
3494 if (!is_bytecode_live) {
3495 FlushSFI(flushing_candidate, bytecode_already_decompiled);
3496 }
3497 return is_bytecode_live;
3498}
3499
3500void MarkCompactCollector::FlushSFI(Tagged<SharedFunctionInfo> sfi,
3501 bool bytecode_already_decompiled) {
3502 // If baseline code flushing is disabled we should only flush bytecode
3503 // from functions that don't have baseline data.
3504 DCHECK(v8_flags.flush_baseline_code || !sfi->HasBaselineCode());
3505
3506 if (bytecode_already_decompiled) {
3507 sfi->DiscardCompiledMetadata(
3508 heap_->isolate(),
3509 [](Tagged<HeapObject> object, ObjectSlot slot,
3510 Tagged<HeapObject> target) { RecordSlot(object, slot, target); });
3511 } else {
3512 // If the BytecodeArray is dead, flush it, which will replace the field
3513 // with an uncompiled data object.
3514 FlushBytecodeFromSFI(sfi);
3515 }
3516}
3517
3518void MarkCompactCollector::ClearFlushedJsFunctions() {
3519 DCHECK(v8_flags.flush_bytecode ||
3520 weak_objects_.flushed_js_functions.IsEmpty());
3521 Tagged<JSFunction> flushed_js_function;
3522 while (local_weak_objects()->flushed_js_functions_local.Pop(
3523 &flushed_js_function)) {
3524 auto gc_notify_updated_slot = [](Tagged<HeapObject> object, ObjectSlot slot,
3525 Tagged<Object> target) {
3526 RecordSlot(object, slot, Cast<HeapObject>(target));
3527 };
3528 flushed_js_function->ResetIfCodeFlushed(heap_->isolate(),
3529 gc_notify_updated_slot);
3530 }
3531}
3532
3533#ifndef V8_ENABLE_LEAPTIERING
3534
3535void MarkCompactCollector::ProcessFlushedBaselineCandidates() {
3536 DCHECK(v8_flags.flush_baseline_code ||
3537 weak_objects_.baseline_flushing_candidates.IsEmpty());
3538 Tagged<JSFunction> flushed_js_function;
3539 while (local_weak_objects()->baseline_flushing_candidates_local.Pop(
3540 &flushed_js_function)) {
3541 auto gc_notify_updated_slot = [](Tagged<HeapObject> object, ObjectSlot slot,
3542 Tagged<Object> target) {
3543 RecordSlot(object, slot, Cast<HeapObject>(target));
3544 };
3545 flushed_js_function->ResetIfCodeFlushed(heap_->isolate(),
3546 gc_notify_updated_slot);
3547
3548#ifndef V8_ENABLE_SANDBOX
3549 // Record the code slot that has been updated either to CompileLazy,
3550 // InterpreterEntryTrampoline or baseline code.
3551 // This is only necessary when the sandbox is not enabled. If it is, the
3552 // Code objects are referenced through a pointer table indirection and so
3553 // remembered slots are not necessary as the Code object will update its
3554 // entry in the pointer table when it is relocated.
3555 ObjectSlot slot = flushed_js_function->RawField(JSFunction::kCodeOffset);
3556 RecordSlot(flushed_js_function, slot, Cast<HeapObject>(*slot));
3557#endif
3558 }
3559}
3560
3561#endif // !V8_ENABLE_LEAPTIERING
3562
3563void MarkCompactCollector::ClearFullMapTransitions() {
3564 Tagged<TransitionArray> array;
3565 Isolate* const isolate = heap_->isolate();
3566 ReadOnlyRoots roots(isolate);
3567 while (local_weak_objects()->transition_arrays_local.Pop(&array)) {
3568 int num_transitions = array->number_of_transitions();
3569 if (num_transitions > 0) {
3570 Tagged<Map> map;
3571 // The array might contain "undefined" elements because it's not yet
3572 // filled. Allow it.
3573 if (array->GetTargetIfExists(0, isolate, &map)) {
3574 DCHECK(!map.is_null()); // Weak pointers aren't cleared yet.
3575 Tagged<Object> constructor_or_back_pointer =
3576 map->constructor_or_back_pointer();
3577 if (IsSmi(constructor_or_back_pointer)) {
3578 DCHECK(isolate->has_active_deserializer());
3579 DCHECK_EQ(constructor_or_back_pointer,
3580 Smi::uninitialized_deserialization_value());
3581 continue;
3582 }
3583 Tagged<Map> parent = Cast<Map>(map->constructor_or_back_pointer());
3584 const bool parent_is_alive = MarkingHelper::IsMarkedOrAlwaysLive(
3585 heap_, non_atomic_marking_state_, parent);
3586 Tagged<DescriptorArray> descriptors =
3587 parent_is_alive ? parent->instance_descriptors(isolate)
3588 : Tagged<DescriptorArray>();
3589 bool descriptors_owner_died =
3590 CompactTransitionArray(parent, array, descriptors);
3591 if (descriptors_owner_died) {
3592 TrimDescriptorArray(parent, descriptors);
3593 }
3594 }
3595 }
3596 }
3597}
3598
3599// Returns false if no maps have died, or if the transition array is
3600// still being deserialized.
3601bool MarkCompactCollector::TransitionArrayNeedsCompaction(
3602 Tagged<TransitionArray> transitions, int num_transitions) {
3603 ReadOnlyRoots roots(heap_->isolate());
3604 for (int i = 0; i < num_transitions; ++i) {
3605 Tagged<MaybeObject> raw_target = transitions->GetRawTarget(i);
3606 if (raw_target.IsSmi()) {
3607 // This target is still being deserialized,
3608 DCHECK(heap_->isolate()->has_active_deserializer());
3609 DCHECK_EQ(raw_target.ToSmi(), Smi::uninitialized_deserialization_value());
3610#ifdef DEBUG
3611 // Targets can only be dead iff this array is fully deserialized.
3612 for (int j = 0; j < num_transitions; ++j) {
3613 DCHECK_IMPLIES(
3614 !transitions->GetRawTarget(j).IsSmi(),
3615 !non_atomic_marking_state_->IsUnmarked(transitions->GetTarget(j)));
3616 }
3617#endif
3618 return false;
3619 } else if (MarkingHelper::IsUnmarkedAndNotAlwaysLive(
3620 heap_, non_atomic_marking_state_,
3621 TransitionsAccessor::GetTargetFromRaw(raw_target))) {
3622#ifdef DEBUG
3623 // Targets can only be dead iff this array is fully deserialized.
3624 for (int j = 0; j < num_transitions; ++j) {
3625 DCHECK(!transitions->GetRawTarget(j).IsSmi());
3626 }
3627#endif
3628 return true;
3629 }
3630 }
3631 return false;
3632}
3633
3634bool MarkCompactCollector::CompactTransitionArray(
3635 Tagged<Map> map, Tagged<TransitionArray> transitions,
3636 Tagged<DescriptorArray> descriptors) {
3637 DCHECK(!map->is_prototype_map());
3638 int num_transitions = transitions->number_of_transitions();
3639 if (!TransitionArrayNeedsCompaction(transitions, num_transitions)) {
3640 return false;
3641 }
3642 ReadOnlyRoots roots(heap_->isolate());
3643 bool descriptors_owner_died = false;
3644 int transition_index = 0;
3645 // Compact all live transitions to the left.
3646 for (int i = 0; i < num_transitions; ++i) {
3647 Tagged<Map> target = transitions->GetTarget(i);
3648 DCHECK_EQ(target->constructor_or_back_pointer(), map);
3649
3650 if (MarkingHelper::IsUnmarkedAndNotAlwaysLive(
3651 heap_, non_atomic_marking_state_, target)) {
3652 if (!descriptors.is_null() &&
3653 target->instance_descriptors(heap_->isolate()) == descriptors) {
3654 DCHECK(!target->is_prototype_map());
3655 descriptors_owner_died = true;
3656 }
3657 continue;
3658 }
3659
3660 if (i != transition_index) {
3661 Tagged<Name> key = transitions->GetKey(i);
3662 transitions->SetKey(transition_index, key);
3663 HeapObjectSlot key_slot = transitions->GetKeySlot(transition_index);
3664 RecordSlot(transitions, key_slot, key);
3665 Tagged<MaybeObject> raw_target = transitions->GetRawTarget(i);
3666 transitions->SetRawTarget(transition_index, raw_target);
3667 HeapObjectSlot target_slot = transitions->GetTargetSlot(transition_index);
3668 RecordSlot(transitions, target_slot, raw_target.GetHeapObject());
3669 }
3670 transition_index++;
3671 }
3672 // If there are no transitions to be cleared, return.
3673 if (transition_index == num_transitions) {
3674 DCHECK(!descriptors_owner_died);
3675 return false;
3676 }
3677 // Note that we never eliminate a transition array, though we might right-trim
3678 // such that number_of_transitions() == 0. If this assumption changes,
3679 // TransitionArray::Insert() will need to deal with the case that a transition
3680 // array disappeared during GC.
3681 int old_capacity_in_entries = transitions->Capacity();
3682 if (transition_index < old_capacity_in_entries) {
3683 int old_capacity = transitions->length();
3684 static_assert(TransitionArray::kEntryKeyIndex == 0);
3685 DCHECK_EQ(TransitionArray::ToKeyIndex(old_capacity_in_entries),
3686 old_capacity);
3687 int new_capacity = TransitionArray::ToKeyIndex(transition_index);
3688 heap_->RightTrimArray(transitions, new_capacity, old_capacity);
3689 transitions->SetNumberOfTransitions(transition_index);
3690 }
3691 return descriptors_owner_died;
3692}
3693
3694void MarkCompactCollector::RightTrimDescriptorArray(
3695 Tagged<DescriptorArray> array, int descriptors_to_trim) {
3696 int old_nof_all_descriptors = array->number_of_all_descriptors();
3697 int new_nof_all_descriptors = old_nof_all_descriptors - descriptors_to_trim;
3698 DCHECK_LT(0, descriptors_to_trim);
3699 DCHECK_LE(0, new_nof_all_descriptors);
3700 Address start = array->GetDescriptorSlot(new_nof_all_descriptors).address();
3701 Address end = array->GetDescriptorSlot(old_nof_all_descriptors).address();
3702 MutablePageMetadata* chunk = MutablePageMetadata::FromHeapObject(array);
3703 RememberedSet<OLD_TO_NEW>::RemoveRange(chunk, start, end,
3704 SlotSet::FREE_EMPTY_BUCKETS);
3705 RememberedSet<OLD_TO_NEW_BACKGROUND>::RemoveRange(
3706 chunk, start, end, SlotSet::FREE_EMPTY_BUCKETS);
3707 RememberedSet<OLD_TO_SHARED>::RemoveRange(chunk, start, end,
3708 SlotSet::FREE_EMPTY_BUCKETS);
3709 RememberedSet<OLD_TO_OLD>::RemoveRange(chunk, start, end,
3710 SlotSet::FREE_EMPTY_BUCKETS);
3711 if (V8_COMPRESS_POINTERS_8GB_BOOL) {
3712 Address aligned_start = ALIGN_TO_ALLOCATION_ALIGNMENT(start);
3713 Address aligned_end = ALIGN_TO_ALLOCATION_ALIGNMENT(end);
3714 if (aligned_start < aligned_end) {
3715 heap_->CreateFillerObjectAt(
3716 aligned_start, static_cast<int>(aligned_end - aligned_start));
3717 }
3718 if (heap::ShouldZapGarbage()) {
3719 Address zap_end = std::min(aligned_start, end);
3720 MemsetTagged(ObjectSlot(start),
3721 Tagged<Object>(static_cast<Address>(kZapValue)),
3722 (zap_end - start) >> kTaggedSizeLog2);
3723 }
3724 } else {
3725 heap_->CreateFillerObjectAt(start, static_cast<int>(end - start));
3726 }
3727 array->set_number_of_all_descriptors(new_nof_all_descriptors);
3728}
3729
3730void MarkCompactCollector::RecordStrongDescriptorArraysForWeakening(
3731 GlobalHandleVector<DescriptorArray> strong_descriptor_arrays) {
3732 DCHECK(heap_->incremental_marking()->IsMajorMarking());
3733 base::MutexGuard guard(&strong_descriptor_arrays_mutex_);
3734 strong_descriptor_arrays_.push_back(std::move(strong_descriptor_arrays));
3735}
3736
3737void MarkCompactCollector::WeakenStrongDescriptorArrays() {
3738 Tagged<Map> descriptor_array_map =
3739 ReadOnlyRoots(heap_->isolate()).descriptor_array_map();
3740 for (auto& vec : strong_descriptor_arrays_) {
3741 for (auto it = vec.begin(); it != vec.end(); ++it) {
3742 Tagged<DescriptorArray> raw = it.raw();
3743 DCHECK(IsStrongDescriptorArray(raw));
3744 raw->set_map_safe_transition_no_write_barrier(heap_->isolate(),
3745 descriptor_array_map);
3746 DCHECK_EQ(raw->raw_gc_state(kRelaxedLoad), 0);
3747 }
3748 }
3749 strong_descriptor_arrays_.clear();
3750}
3751
3752void MarkCompactCollector::TrimDescriptorArray(
3753 Tagged<Map> map, Tagged<DescriptorArray> descriptors) {
3754 int number_of_own_descriptors = map->NumberOfOwnDescriptors();
3755 if (number_of_own_descriptors == 0) {
3756 DCHECK(descriptors == ReadOnlyRoots(heap_).empty_descriptor_array());
3757 return;
3758 }
3759 int to_trim =
3760 descriptors->number_of_all_descriptors() - number_of_own_descriptors;
3761 if (to_trim > 0) {
3762 descriptors->set_number_of_descriptors(number_of_own_descriptors);
3763 RightTrimDescriptorArray(descriptors, to_trim);
3764
3765 TrimEnumCache(map, descriptors);
3766 descriptors->Sort();
3767 }
3768 DCHECK(descriptors->number_of_descriptors() == number_of_own_descriptors);
3769 map->set_owns_descriptors(true);
3770}
3771
3772void MarkCompactCollector::TrimEnumCache(Tagged<Map> map,
3773 Tagged<DescriptorArray> descriptors) {
3774 int live_enum = map->EnumLength();
3775 if (live_enum == kInvalidEnumCacheSentinel) {
3776 live_enum = map->NumberOfEnumerableProperties();
3777 }
3778 if (live_enum == 0) return descriptors->ClearEnumCache();
3779 Tagged<EnumCache> enum_cache = descriptors->enum_cache();
3780
3781 Tagged<FixedArray> keys = enum_cache->keys();
3782 int keys_length = keys->length();
3783 if (live_enum >= keys_length) return;
3784 heap_->RightTrimArray(keys, live_enum, keys_length);
3785
3786 Tagged<FixedArray> indices = enum_cache->indices();
3787 int indices_length = indices->length();
3788 if (live_enum >= indices_length) return;
3789 heap_->RightTrimArray(indices, live_enum, indices_length);
3790}
3791
3792void MarkCompactCollector::ClearWeakCollections() {
3793 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_CLEAR_WEAK_COLLECTIONS);
3794 Tagged<EphemeronHashTable> table;
3795 while (local_weak_objects()->ephemeron_hash_tables_local.Pop(&table)) {
3796 for (InternalIndex i : table->IterateEntries()) {
3797 Tagged<HeapObject> key = Cast<HeapObject>(table->KeyAt(i));
3798#ifdef VERIFY_HEAP
3799 if (v8_flags.verify_heap) {
3800 Tagged<Object> value = table->ValueAt(i);
3801 if (IsHeapObject(value)) {
3802 Tagged<HeapObject> heap_object = Cast<HeapObject>(value);
3803
3804 CHECK_IMPLIES(MarkingHelper::IsMarkedOrAlwaysLive(
3805 heap_, non_atomic_marking_state_, key),
3806 MarkingHelper::IsMarkedOrAlwaysLive(
3807 heap_, non_atomic_marking_state_, heap_object));
3808 }
3809 }
3810#endif // VERIFY_HEAP
3811 if (MarkingHelper::IsUnmarkedAndNotAlwaysLive(
3812 heap_, non_atomic_marking_state_, key)) {
3813 table->RemoveEntry(i);
3814 }
3815 }
3816 }
3817 auto* table_map = heap_->ephemeron_remembered_set()->tables();
3818 for (auto it = table_map->begin(); it != table_map->end();) {
3819 if (MarkingHelper::IsUnmarkedAndNotAlwaysLive(
3820 heap_, non_atomic_marking_state_, it->first)) {
3821 it = table_map->erase(it);
3822 } else {
3823 ++it;
3824 }
3825 }
3826}
3827
3828template <typename TObjectAndSlot, typename TMaybeSlot>
3829void MarkCompactCollector::ClearWeakReferences(
3830 WeakObjects::WeakObjectWorklist<TObjectAndSlot>::Local& worklist,
3831 Tagged<HeapObjectReference> cleared_weak_ref) {
3832 TObjectAndSlot slot;
3833 while (worklist.Pop(&slot)) {
3834 Tagged<HeapObject> value;
3835 // The slot could have been overwritten, so we have to treat it
3836 // as [Protected]MaybeObjectSlot.
3837 TMaybeSlot location(slot.slot);
3838 if (location.load().GetHeapObjectIfWeak(&value)) {
3839 DCHECK(!IsWeakCell(value));
3840 // Values in RO space have already been filtered, but a non-RO value may
3841 // have been overwritten by a RO value since marking.
3842 if (MarkingHelper::IsMarkedOrAlwaysLive(heap_, non_atomic_marking_state_,
3843 value)) {
3844 // The value of the weak reference is alive.
3845 RecordSlot(slot.heap_object, slot.slot, value);
3846 } else {
3847 DCHECK(MainMarkingVisitor::IsTrivialWeakReferenceValue(slot.heap_object,
3848 value));
3849 // The value of the weak reference is non-live.
3850 // This is a non-atomic store, which is fine as long as we only have a
3851 // single clearing job.
3852 location.store(cleared_weak_ref);
3853 }
3854 }
3855 }
3856}
3857
3858void MarkCompactCollector::ClearTrivialWeakReferences() {
3859 Tagged<HeapObjectReference> cleared_weak_ref = ClearedValue(heap_->isolate());
3860 ClearWeakReferences<HeapObjectAndSlot, MaybeObjectSlot>(
3861 local_weak_objects()->weak_references_trivial_local, cleared_weak_ref);
3862}
3863
3864void MarkCompactCollector::ClearTrustedWeakReferences() {
3865 Tagged<HeapObjectReference> cleared_weak_ref = ClearedTrustedValue();
3866 ClearWeakReferences<TrustedObjectAndSlot, ProtectedMaybeObjectSlot>(
3867 local_weak_objects()->weak_references_trusted_local, cleared_weak_ref);
3868}
3869
3870void MarkCompactCollector::FilterNonTrivialWeakReferences() {
3871 HeapObjectAndSlot slot;
3872 while (local_weak_objects()->weak_references_non_trivial_local.Pop(&slot)) {
3873 Tagged<HeapObject> value;
3874 // The slot could have been overwritten, so we have to treat it
3875 // as MaybeObjectSlot.
3876 MaybeObjectSlot location(slot.slot);
3877 if ((*location).GetHeapObjectIfWeak(&value)) {
3878 DCHECK(!IsWeakCell(value));
3879 // Values in RO space have already been filtered, but a non-RO value may
3880 // have been overwritten by a RO value since marking.
3881 if (MarkingHelper::IsMarkedOrAlwaysLive(heap_, non_atomic_marking_state_,
3882 value)) {
3883 // The value of the weak reference is alive.
3884 RecordSlot(slot.heap_object, HeapObjectSlot(location), value);
3885 } else {
3886 DCHECK(!MainMarkingVisitor::IsTrivialWeakReferenceValue(
3887 slot.heap_object, value));
3888 // The value is non-live, defer the actual clearing.
3889 // This is non-atomic, which is fine as long as we only have a single
3890 // filtering job.
3891 local_weak_objects_->weak_references_non_trivial_unmarked_local.Push(
3892 slot);
3893 }
3894 }
3895 }
3896}
3897
3898void MarkCompactCollector::ClearNonTrivialWeakReferences() {
3899 TRACE_GC(heap_->tracer(),
3900 GCTracer::Scope::MC_CLEAR_WEAK_REFERENCES_NON_TRIVIAL);
3901 HeapObjectAndSlot slot;
3902 Tagged<HeapObjectReference> cleared_weak_ref = ClearedValue(heap_->isolate());
3903 while (local_weak_objects()->weak_references_non_trivial_unmarked_local.Pop(
3904 &slot)) {
3905 // The slot may not have been overwritten since it was filtered, so we can
3906 // directly read its value.
3907 Tagged<HeapObject> value = (*slot.slot).GetHeapObjectAssumeWeak();
3908 DCHECK(!IsWeakCell(value));
3909 DCHECK(!HeapLayout::InReadOnlySpace(value));
3910 DCHECK_IMPLIES(v8_flags.black_allocated_pages,
3911 !HeapLayout::InBlackAllocatedPage(value));
3912 DCHECK(!non_atomic_marking_state_->IsMarked(value));
3913 DCHECK(!MainMarkingVisitor::IsTrivialWeakReferenceValue(slot.heap_object,
3914 value));
3915 if (!SpecialClearMapSlot(slot.heap_object, Cast<Map>(value), slot.slot)) {
3916 slot.slot.store(cleared_weak_ref);
3917 }
3918 }
3919}
3920
3921void MarkCompactCollector::ClearJSWeakRefs() {
3922 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_CLEAR_JS_WEAK_REFERENCES);
3923 Tagged<JSWeakRef> weak_ref;
3924 Isolate* const isolate = heap_->isolate();
3925 while (local_weak_objects()->js_weak_refs_local.Pop(&weak_ref)) {
3926 Tagged<HeapObject> target = Cast<HeapObject>(weak_ref->target());
3927 if (MarkingHelper::IsUnmarkedAndNotAlwaysLive(
3928 heap_, non_atomic_marking_state_, target)) {
3929 weak_ref->set_target(ReadOnlyRoots(isolate).undefined_value());
3930 } else {
3931 // The value of the JSWeakRef is alive.
3932 ObjectSlot slot = weak_ref->RawField(JSWeakRef::kTargetOffset);
3933 RecordSlot(weak_ref, slot, target);
3934 }
3935 }
3936 Tagged<WeakCell> weak_cell;
3937 while (local_weak_objects()->weak_cells_local.Pop(&weak_cell)) {
3938 auto gc_notify_updated_slot = [](Tagged<HeapObject> object, ObjectSlot slot,
3939 Tagged<Object> target) {
3940 if (IsHeapObject(target)) {
3941 RecordSlot(object, slot, Cast<HeapObject>(target));
3942 }
3943 };
3944 Tagged<HeapObject> target = Cast<HeapObject>(weak_cell->target());
3945 if (MarkingHelper::IsUnmarkedAndNotAlwaysLive(
3946 heap_, non_atomic_marking_state_, target)) {
3947 DCHECK(Object::CanBeHeldWeakly(target));
3948 // The value of the WeakCell is dead.
3949 Tagged<JSFinalizationRegistry> finalization_registry =
3950 Cast<JSFinalizationRegistry>(weak_cell->finalization_registry());
3951 if (!finalization_registry->scheduled_for_cleanup()) {
3952 heap_->EnqueueDirtyJSFinalizationRegistry(finalization_registry,
3953 gc_notify_updated_slot);
3954 }
3955 // We're modifying the pointers in WeakCell and JSFinalizationRegistry
3956 // during GC; thus we need to record the slots it writes. The normal write
3957 // barrier is not enough, since it's disabled before GC.
3958 weak_cell->Nullify(isolate, gc_notify_updated_slot);
3959 DCHECK(finalization_registry->NeedsCleanup());
3960 DCHECK(finalization_registry->scheduled_for_cleanup());
3961 } else {
3962 // The value of the WeakCell is alive.
3963 ObjectSlot slot = weak_cell->RawField(WeakCell::kTargetOffset);
3964 RecordSlot(weak_cell, slot, Cast<HeapObject>(*slot));
3965 }
3966
3967 Tagged<HeapObject> unregister_token = weak_cell->unregister_token();
3968 if (MarkingHelper::IsUnmarkedAndNotAlwaysLive(
3969 heap_, non_atomic_marking_state_, unregister_token)) {
3970 DCHECK(Object::CanBeHeldWeakly(unregister_token));
3971 // The unregister token is dead. Remove any corresponding entries in the
3972 // key map. Multiple WeakCell with the same token will have all their
3973 // unregister_token field set to undefined when processing the first
3974 // WeakCell. Like above, we're modifying pointers during GC, so record the
3975 // slots.
3976 Tagged<JSFinalizationRegistry> finalization_registry =
3977 Cast<JSFinalizationRegistry>(weak_cell->finalization_registry());
3978 finalization_registry->RemoveUnregisterToken(
3979 unregister_token, isolate,
3980 JSFinalizationRegistry::kKeepMatchedCellsInRegistry,
3981 gc_notify_updated_slot);
3982 } else {
3983 // The unregister_token is alive.
3984 ObjectSlot slot = weak_cell->RawField(WeakCell::kUnregisterTokenOffset);
3985 RecordSlot(weak_cell, slot, Cast<HeapObject>(*slot));
3986 }
3987 }
3988 heap_->PostFinalizationRegistryCleanupTaskIfNeeded();
3989}
3990
3991// static
3992bool MarkCompactCollector::ShouldRecordRelocSlot(Tagged<InstructionStream> host,
3993 RelocInfo* rinfo,
3994 Tagged<HeapObject> target) {
3995 MemoryChunk* source_chunk = MemoryChunk::FromHeapObject(host);
3996 MemoryChunk* target_chunk = MemoryChunk::FromHeapObject(target);
3997 return target_chunk->IsEvacuationCandidate() &&
3998 !source_chunk->ShouldSkipEvacuationSlotRecording();
3999}
4000
4001// static
4002MarkCompactCollector::RecordRelocSlotInfo
4003MarkCompactCollector::ProcessRelocInfo(Tagged<InstructionStream> host,
4004 RelocInfo* rinfo,
4005 Tagged<HeapObject> target) {
4006 RecordRelocSlotInfo result;
4007 const RelocInfo::Mode rmode = rinfo->rmode();
4008 Address addr;
4009 SlotType slot_type;
4010
4011 if (rinfo->IsInConstantPool()) {
4012 addr = rinfo->constant_pool_entry_address();
4013
4014 if (RelocInfo::IsCodeTargetMode(rmode)) {
4015 slot_type = SlotType::kConstPoolCodeEntry;
4016 } else if (RelocInfo::IsCompressedEmbeddedObject(rmode)) {
4017 slot_type = SlotType::kConstPoolEmbeddedObjectCompressed;
4018 } else {
4019 DCHECK(RelocInfo::IsFullEmbeddedObject(rmode));
4020 slot_type = SlotType::kConstPoolEmbeddedObjectFull;
4021 }
4022 } else {
4023 addr = rinfo->pc();
4024
4025 if (RelocInfo::IsCodeTargetMode(rmode)) {
4026 slot_type = SlotType::kCodeEntry;
4027 } else if (RelocInfo::IsFullEmbeddedObject(rmode)) {
4028 slot_type = SlotType::kEmbeddedObjectFull;
4029 } else {
4030 DCHECK(RelocInfo::IsCompressedEmbeddedObject(rmode));
4031 slot_type = SlotType::kEmbeddedObjectCompressed;
4032 }
4033 }
4034
4035 MemoryChunk* const source_chunk = MemoryChunk::FromHeapObject(host);
4036 MutablePageMetadata* const source_page_metadata =
4037 MutablePageMetadata::cast(source_chunk->Metadata());
4038 const uintptr_t offset = source_chunk->Offset(addr);
4039 DCHECK_LT(offset, static_cast<uintptr_t>(TypedSlotSet::kMaxOffset));
4040 result.page_metadata = source_page_metadata;
4041 result.slot_type = slot_type;
4042 result.offset = static_cast<uint32_t>(offset);
4043
4044 return result;
4045}
4046
4047// static
4048void MarkCompactCollector::RecordRelocSlot(Tagged<InstructionStream> host,
4049 RelocInfo* rinfo,
4050 Tagged<HeapObject> target) {
4051 if (!ShouldRecordRelocSlot(host, rinfo, target)) return;
4052 RecordRelocSlotInfo info = ProcessRelocInfo(host, rinfo, target);
4053
4054 // Access to TypeSlots need to be protected, since LocalHeaps might
4055 // publish code in the background thread.
4056 std::optional<base::MutexGuard> opt_guard;
4057 if (v8_flags.concurrent_sparkplug) {
4058 opt_guard.emplace(info.page_metadata->mutex());
4059 }
4060 RememberedSet<OLD_TO_OLD>::InsertTyped(info.page_metadata, info.slot_type,
4061 info.offset);
4062}
4063
4064namespace {
4065
4066// Missing specialization MakeSlotValue<FullObjectSlot, WEAK>() will turn
4067// attempt to store a weak reference to strong-only slot to a compilation error.
4068template <typename TSlot, HeapObjectReferenceType reference_type>
4069typename TSlot::TObject MakeSlotValue(Tagged<HeapObject> heap_object);
4070
4071template <>
4072Tagged<Object> MakeSlotValue<ObjectSlot, HeapObjectReferenceType::STRONG>(
4073 Tagged<HeapObject> heap_object) {
4074 return heap_object;
4075}
4076
4077template <>
4078Tagged<MaybeObject>
4079MakeSlotValue<MaybeObjectSlot, HeapObjectReferenceType::STRONG>(
4080 Tagged<HeapObject> heap_object) {
4081 return heap_object;
4082}
4083
4084template <>
4085Tagged<MaybeObject>
4086MakeSlotValue<MaybeObjectSlot, HeapObjectReferenceType::WEAK>(
4087 Tagged<HeapObject> heap_object) {
4088 return MakeWeak(heap_object);
4089}
4090
4091template <>
4092Tagged<Object>
4093MakeSlotValue<WriteProtectedSlot<ObjectSlot>, HeapObjectReferenceType::STRONG>(
4094 Tagged<HeapObject> heap_object) {
4095 return heap_object;
4096}
4097
4098#ifdef V8_ENABLE_SANDBOX
4099template <>
4100Tagged<Object> MakeSlotValue<WriteProtectedSlot<ProtectedPointerSlot>,
4101 HeapObjectReferenceType::STRONG>(
4102 Tagged<HeapObject> heap_object) {
4103 return heap_object;
4104}
4105
4106template <>
4107Tagged<MaybeObject>
4108MakeSlotValue<ProtectedMaybeObjectSlot, HeapObjectReferenceType::STRONG>(
4109 Tagged<HeapObject> heap_object) {
4110 return heap_object;
4111}
4112
4113template <>
4114Tagged<MaybeObject>
4115MakeSlotValue<ProtectedMaybeObjectSlot, HeapObjectReferenceType::WEAK>(
4116 Tagged<HeapObject> heap_object) {
4117 return MakeWeak(heap_object);
4118}
4119#endif
4120
4121template <>
4122Tagged<Object>
4123MakeSlotValue<OffHeapObjectSlot, HeapObjectReferenceType::STRONG>(
4124 Tagged<HeapObject> heap_object) {
4125 return heap_object;
4126}
4127
4128#ifdef V8_COMPRESS_POINTERS
4129template <>
4130Tagged<Object> MakeSlotValue<FullObjectSlot, HeapObjectReferenceType::STRONG>(
4131 Tagged<HeapObject> heap_object) {
4132 return heap_object;
4133}
4134
4135template <>
4136Tagged<MaybeObject>
4137MakeSlotValue<FullMaybeObjectSlot, HeapObjectReferenceType::STRONG>(
4138 Tagged<HeapObject> heap_object) {
4139 return heap_object;
4140}
4141
4142template <>
4143Tagged<MaybeObject>
4144MakeSlotValue<FullMaybeObjectSlot, HeapObjectReferenceType::WEAK>(
4145 Tagged<HeapObject> heap_object) {
4146 return MakeWeak(heap_object);
4147}
4148
4149#ifdef V8_EXTERNAL_CODE_SPACE
4150template <>
4151Tagged<Object>
4152MakeSlotValue<InstructionStreamSlot, HeapObjectReferenceType::STRONG>(
4153 Tagged<HeapObject> heap_object) {
4154 return heap_object;
4155}
4156#endif // V8_EXTERNAL_CODE_SPACE
4157
4158#ifdef V8_ENABLE_SANDBOX
4159template <>
4160Tagged<Object>
4161MakeSlotValue<ProtectedPointerSlot, HeapObjectReferenceType::STRONG>(
4162 Tagged<HeapObject> heap_object) {
4163 return heap_object;
4164}
4165#endif // V8_ENABLE_SANDBOX
4166
4167// The following specialization
4168// MakeSlotValue<FullMaybeObjectSlot, HeapObjectReferenceType::WEAK>()
4169// is not used.
4170#endif // V8_COMPRESS_POINTERS
4171
4172template <HeapObjectReferenceType reference_type, typename TSlot>
4173static inline void UpdateSlot(PtrComprCageBase cage_base, TSlot slot,
4174 Tagged<HeapObject> heap_obj) {
4175 static_assert(
4176 std::is_same_v<TSlot, FullObjectSlot> ||
4177 std::is_same_v<TSlot, ObjectSlot> ||
4178 std::is_same_v<TSlot, FullMaybeObjectSlot> ||
4179 std::is_same_v<TSlot, MaybeObjectSlot> ||
4180 std::is_same_v<TSlot, OffHeapObjectSlot> ||
4181 std::is_same_v<TSlot, InstructionStreamSlot> ||
4182 std::is_same_v<TSlot, ProtectedPointerSlot> ||
4183 std::is_same_v<TSlot, ProtectedMaybeObjectSlot> ||
4184 std::is_same_v<TSlot, WriteProtectedSlot<ObjectSlot>> ||
4185 std::is_same_v<TSlot, WriteProtectedSlot<ProtectedPointerSlot>>,
4186 "Only [Full|OffHeap]ObjectSlot, [Full]MaybeObjectSlot, "
4187 "InstructionStreamSlot, Protected[Pointer|MaybeObject]Slot, "
4188 "or WriteProtectedSlot are expected here");
4189 MapWord map_word = heap_obj->map_word(cage_base, kRelaxedLoad);
4190 if (!map_word.IsForwardingAddress()) return;
4191 DCHECK_IMPLIES((!v8_flags.minor_ms && !Heap::InFromPage(heap_obj)),
4192 MarkCompactCollector::IsOnEvacuationCandidate(heap_obj) ||
4193 MemoryChunk::FromHeapObject(heap_obj)->IsFlagSet(
4194 MemoryChunk::COMPACTION_WAS_ABORTED));
4195 typename TSlot::TObject target = MakeSlotValue<TSlot, reference_type>(
4196 map_word.ToForwardingAddress(heap_obj));
4197 // Needs to be atomic for map space compaction: This slot could be a map
4198 // word which we update while loading the map word for updating the slot
4199 // on another page.
4200 slot.Relaxed_Store(target);
4201 DCHECK_IMPLIES(!v8_flags.sticky_mark_bits, !Heap::InFromPage(target));
4202 DCHECK(!MarkCompactCollector::IsOnEvacuationCandidate(target));
4203}
4204
4205template <typename TSlot>
4206static inline void UpdateSlot(PtrComprCageBase cage_base, TSlot slot) {
4207 typename TSlot::TObject obj = slot.Relaxed_Load(cage_base);
4208 Tagged<HeapObject> heap_obj;
4209 if constexpr (TSlot::kCanBeWeak) {
4210 if (obj.GetHeapObjectIfWeak(&heap_obj)) {
4211 return UpdateSlot<HeapObjectReferenceType::WEAK>(cage_base, slot,
4212 heap_obj);
4213 }
4214 }
4215 if (obj.GetHeapObjectIfStrong(&heap_obj)) {
4216 UpdateSlot<HeapObjectReferenceType::STRONG>(cage_base, slot, heap_obj);
4217 }
4218}
4219
4220template <typename TSlot>
4221static inline SlotCallbackResult UpdateOldToSharedSlot(
4222 PtrComprCageBase cage_base, TSlot slot) {
4223 typename TSlot::TObject obj = slot.Relaxed_Load(cage_base);
4224 Tagged<HeapObject> heap_obj;
4225
4226 if constexpr (TSlot::kCanBeWeak) {
4227 if (obj.GetHeapObjectIfWeak(&heap_obj)) {
4228 UpdateSlot<HeapObjectReferenceType::WEAK>(cage_base, slot, heap_obj);
4229 return HeapLayout::InWritableSharedSpace(heap_obj) ? KEEP_SLOT
4230 : REMOVE_SLOT;
4231 }
4232 }
4233
4234 if (obj.GetHeapObjectIfStrong(&heap_obj)) {
4235 UpdateSlot<HeapObjectReferenceType::STRONG>(cage_base, slot, heap_obj);
4236 return HeapLayout::InWritableSharedSpace(heap_obj) ? KEEP_SLOT
4237 : REMOVE_SLOT;
4238 }
4239
4240 return REMOVE_SLOT;
4241}
4242
4243template <typename TSlot>
4244static inline void UpdateStrongSlot(PtrComprCageBase cage_base, TSlot slot) {
4245 typename TSlot::TObject obj = slot.Relaxed_Load(cage_base);
4246#ifdef V8_ENABLE_DIRECT_HANDLE
4247 if (obj.ptr() == kTaggedNullAddress) return;
4248#endif
4249 DCHECK(!HAS_WEAK_HEAP_OBJECT_TAG(obj.ptr()));
4250 Tagged<HeapObject> heap_obj;
4251 if (obj.GetHeapObject(&heap_obj)) {
4252 UpdateSlot<HeapObjectReferenceType::STRONG>(cage_base, slot, heap_obj);
4253 }
4254}
4255
4256static inline SlotCallbackResult UpdateStrongOldToSharedSlot(
4257 PtrComprCageBase cage_base, FullMaybeObjectSlot slot) {
4258 Tagged<MaybeObject> obj = slot.Relaxed_Load(cage_base);
4259#ifdef V8_ENABLE_DIRECT_HANDLE
4260 if (obj.ptr() == kTaggedNullAddress) return REMOVE_SLOT;
4261#endif
4262 DCHECK(!HAS_WEAK_HEAP_OBJECT_TAG(obj.ptr()));
4263 Tagged<HeapObject> heap_obj;
4264 if (obj.GetHeapObject(&heap_obj)) {
4265 UpdateSlot<HeapObjectReferenceType::STRONG>(cage_base, slot, heap_obj);
4266 return HeapLayout::InWritableSharedSpace(heap_obj) ? KEEP_SLOT
4267 : REMOVE_SLOT;
4268 }
4269
4270 return REMOVE_SLOT;
4271}
4272
4273static inline void UpdateStrongCodeSlot(IsolateForSandbox isolate,
4274 PtrComprCageBase cage_base,
4275 PtrComprCageBase code_cage_base,
4276 InstructionStreamSlot slot) {
4277 Tagged<Object> obj = slot.Relaxed_Load(code_cage_base);
4278 DCHECK(!HAS_WEAK_HEAP_OBJECT_TAG(obj.ptr()));
4279 Tagged<HeapObject> heap_obj;
4280 if (obj.GetHeapObject(&heap_obj)) {
4281 UpdateSlot<HeapObjectReferenceType::STRONG>(cage_base, slot, heap_obj);
4282
4283 Tagged<Code> code = Cast<Code>(HeapObject::FromAddress(
4284 slot.address() - Code::kInstructionStreamOffset));
4285 Tagged<InstructionStream> instruction_stream =
4286 code->instruction_stream(code_cage_base);
4287 code->UpdateInstructionStart(isolate, instruction_stream);
4288 }
4289}
4290
4291} // namespace
4292
4293// Visitor for updating root pointers and to-space pointers.
4294// It does not expect to encounter pointers to dead objects.
4295class PointersUpdatingVisitor final : public ObjectVisitorWithCageBases,
4296 public RootVisitor {
4297 public:
4300
4301 void VisitPointer(Tagged<HeapObject> host, ObjectSlot p) override {
4302 UpdateStrongSlotInternal(cage_base(), p);
4303 }
4304
4305 void VisitPointer(Tagged<HeapObject> host, MaybeObjectSlot p) override {
4306 UpdateSlotInternal(cage_base(), p);
4307 }
4308
4309 void VisitPointers(Tagged<HeapObject> host, ObjectSlot start,
4310 ObjectSlot end) override {
4311 for (ObjectSlot p = start; p < end; ++p) {
4312 UpdateStrongSlotInternal(cage_base(), p);
4313 }
4314 }
4315
4316 void VisitPointers(Tagged<HeapObject> host, MaybeObjectSlot start,
4317 MaybeObjectSlot end) final {
4318 for (MaybeObjectSlot p = start; p < end; ++p) {
4319 UpdateSlotInternal(cage_base(), p);
4320 }
4321 }
4322
4323 void VisitInstructionStreamPointer(Tagged<Code> host,
4324 InstructionStreamSlot slot) override {
4325 UpdateStrongCodeSlot(isolate_, cage_base(), code_cage_base(), slot);
4326 }
4327
4328 void VisitRootPointer(Root root, const char* description,
4329 FullObjectSlot p) override {
4330 DCHECK(!MapWord::IsPacked(p.Relaxed_Load().ptr()));
4331 UpdateRootSlotInternal(cage_base(), p);
4332 }
4333
4334 void VisitRootPointers(Root root, const char* description,
4335 FullObjectSlot start, FullObjectSlot end) override {
4336 for (FullObjectSlot p = start; p < end; ++p) {
4337 UpdateRootSlotInternal(cage_base(), p);
4338 }
4339 }
4340
4341 void VisitRootPointers(Root root, const char* description,
4342 OffHeapObjectSlot start,
4343 OffHeapObjectSlot end) override {
4344 for (OffHeapObjectSlot p = start; p < end; ++p) {
4345 UpdateRootSlotInternal(cage_base(), p);
4346 }
4347 }
4348
4349 void VisitCodeTarget(Tagged<InstructionStream> host,
4350 RelocInfo* rinfo) override {
4351 // This visitor nevers visits code objects.
4352 UNREACHABLE();
4353 }
4354
4355 void VisitEmbeddedPointer(Tagged<InstructionStream> host,
4356 RelocInfo* rinfo) override {
4357 // This visitor nevers visits code objects.
4358 UNREACHABLE();
4359 }
4360
4361 private:
4362 static inline void UpdateRootSlotInternal(PtrComprCageBase cage_base,
4363 FullObjectSlot slot) {
4364 UpdateStrongSlot(cage_base, slot);
4365 }
4366
4367 static inline void UpdateRootSlotInternal(PtrComprCageBase cage_base,
4368 OffHeapObjectSlot slot) {
4369 UpdateStrongSlot(cage_base, slot);
4370 }
4371
4372 static inline void UpdateStrongMaybeObjectSlotInternal(
4373 PtrComprCageBase cage_base, MaybeObjectSlot slot) {
4374 UpdateStrongSlot(cage_base, slot);
4375 }
4376
4377 static inline void UpdateStrongSlotInternal(PtrComprCageBase cage_base,
4378 ObjectSlot slot) {
4379 UpdateStrongSlot(cage_base, slot);
4380 }
4381
4382 static inline void UpdateSlotInternal(PtrComprCageBase cage_base,
4383 MaybeObjectSlot slot) {
4384 UpdateSlot(cage_base, slot);
4385 }
4386
4387 IsolateForSandbox isolate_;
4388};
4389
4390static Tagged<String> UpdateReferenceInExternalStringTableEntry(
4391 Heap* heap, FullObjectSlot p) {
4392 Tagged<HeapObject> old_string = Cast<HeapObject>(*p);
4393 MapWord map_word = old_string->map_word(kRelaxedLoad);
4394
4395 if (map_word.IsForwardingAddress()) {
4396 Tagged<String> new_string =
4397 Cast<String>(map_word.ToForwardingAddress(old_string));
4398
4399 if (IsExternalString(new_string)) {
4400 MutablePageMetadata::MoveExternalBackingStoreBytes(
4401 ExternalBackingStoreType::kExternalString,
4402 PageMetadata::FromAddress((*p).ptr()),
4403 PageMetadata::FromHeapObject(new_string),
4404 Cast<ExternalString>(new_string)->ExternalPayloadSize());
4405 }
4406 return new_string;
4407 }
4408
4409 return Cast<String>(*p);
4410}
4411
4412void MarkCompactCollector::EvacuatePrologue() {
4413 // New space.
4414 if (NewSpace* new_space = heap_->new_space()) {
4415 DCHECK(new_space_evacuation_pages_.empty());
4416 std::copy_if(new_space->begin(), new_space->end(),
4417 std::back_inserter(new_space_evacuation_pages_),
4418 [](PageMetadata* p) { return p->live_bytes() > 0; });
4419 if (!v8_flags.minor_ms) {
4420 SemiSpaceNewSpace::From(new_space)->SwapSemiSpaces();
4421 }
4422 }
4423
4424 // Large new space.
4425 if (NewLargeObjectSpace* new_lo_space = heap_->new_lo_space()) {
4426 new_lo_space->Flip();
4427 new_lo_space->ResetPendingObject();
4428 }
4429
4430 // Old space.
4431 DCHECK(old_space_evacuation_pages_.empty());
4432 old_space_evacuation_pages_ = std::move(evacuation_candidates_);
4433 evacuation_candidates_.clear();
4434 DCHECK(evacuation_candidates_.empty());
4435}
4436
4437void MarkCompactCollector::EvacuateEpilogue() {
4438 aborted_evacuation_candidates_due_to_oom_.clear();
4439 aborted_evacuation_candidates_due_to_flags_.clear();
4440
4441 // New space.
4442 if (heap_->new_space()) {
4443 DCHECK_EQ(0, heap_->new_space()->Size());
4444 }
4445
4446 // Old generation. Deallocate evacuated candidate pages.
4447 ReleaseEvacuationCandidates();
4448
4449#ifdef DEBUG
4450 VerifyRememberedSetsAfterEvacuation(heap_, GarbageCollector::MARK_COMPACTOR);
4451#endif // DEBUG
4452}
4453
4454class Evacuator final : public Malloced {
4455 public:
4461
4462 static const char* EvacuationModeName(EvacuationMode mode) {
4463 switch (mode) {
4464 case kObjectsNewToOld:
4465 return "objects-new-to-old";
4466 case kPageNewToOld:
4467 return "page-new-to-old";
4468 case kObjectsOldToOld:
4469 return "objects-old-to-old";
4470 }
4471 }
4472
4473 static inline EvacuationMode ComputeEvacuationMode(MemoryChunk* chunk) {
4474 // Note: The order of checks is important in this function.
4475 if (chunk->IsFlagSet(MemoryChunk::PAGE_NEW_OLD_PROMOTION))
4476 return kPageNewToOld;
4477 if (chunk->InYoungGeneration()) return kObjectsNewToOld;
4478 return kObjectsOldToOld;
4479 }
4480
4481 explicit Evacuator(Heap* heap)
4482 : heap_(heap),
4483 local_pretenuring_feedback_(
4484 PretenuringHandler::kInitialFeedbackCapacity),
4485 local_allocator_(heap_,
4486 CompactionSpaceKind::kCompactionSpaceForMarkCompact),
4487 record_visitor_(heap_),
4488 new_space_visitor_(heap_, &local_allocator_, &record_visitor_,
4489 &local_pretenuring_feedback_),
4490 new_to_old_page_visitor_(heap_, &record_visitor_,
4491 &local_pretenuring_feedback_),
4492
4493 old_space_visitor_(heap_, &local_allocator_, &record_visitor_),
4494 duration_(0.0),
4495 bytes_compacted_(0) {}
4496
4497 void EvacuatePage(MutablePageMetadata* chunk);
4498
4499 void AddObserver(MigrationObserver* observer) {
4500 new_space_visitor_.AddObserver(observer);
4501 old_space_visitor_.AddObserver(observer);
4502 }
4503
4504 // Merge back locally cached info sequentially. Note that this method needs
4505 // to be called from the main thread.
4506 void Finalize();
4507
4508 private:
4509 // |saved_live_bytes| returns the live bytes of the page that was processed.
4510 bool RawEvacuatePage(MutablePageMetadata* chunk);
4511
4512 inline Heap* heap() { return heap_; }
4513
4514 void ReportCompactionProgress(double duration, intptr_t bytes_compacted) {
4515 duration_ += duration;
4516 bytes_compacted_ += bytes_compacted;
4517 }
4518
4519 Heap* heap_;
4520
4521 PretenuringHandler::PretenuringFeedbackMap local_pretenuring_feedback_;
4522
4523 // Locally cached collector data.
4524 EvacuationAllocator local_allocator_;
4525
4526 RecordMigratedSlotVisitor record_visitor_;
4527
4528 // Visitors for the corresponding spaces.
4529 EvacuateNewSpaceVisitor new_space_visitor_;
4530 EvacuateNewToOldSpacePageVisitor new_to_old_page_visitor_;
4531 EvacuateOldSpaceVisitor old_space_visitor_;
4532
4533 // Book keeping info.
4534 double duration_;
4535 intptr_t bytes_compacted_;
4536};
4537
4538void Evacuator::EvacuatePage(MutablePageMetadata* page) {
4539 TRACE_EVENT0(TRACE_DISABLED_BY_DEFAULT("v8.gc"), "Evacuator::EvacuatePage");
4540 DCHECK(page->SweepingDone());
4541 intptr_t saved_live_bytes = page->live_bytes();
4542 double evacuation_time = 0.0;
4543 bool success = false;
4544 {
4545 TimedScope timed_scope(&evacuation_time);
4546 success = RawEvacuatePage(page);
4547 }
4548 ReportCompactionProgress(evacuation_time, saved_live_bytes);
4549 if (v8_flags.trace_evacuation) {
4550 MemoryChunk* chunk = page->Chunk();
4551 PrintIsolate(heap_->isolate(),
4552 "evacuation[%p]: page=%p new_space=%d "
4553 "page_evacuation=%d executable=%d can_promote=%d "
4554 "live_bytes=%" V8PRIdPTR " time=%f success=%d\n",
4555 static_cast<void*>(this), static_cast<void*>(page),
4556 chunk->InNewSpace(),
4557 chunk->IsFlagSet(MemoryChunk::PAGE_NEW_OLD_PROMOTION),
4558 chunk->IsFlagSet(MemoryChunk::IS_EXECUTABLE),
4559 heap_->new_space()->IsPromotionCandidate(page),
4560 saved_live_bytes, evacuation_time, success);
4561 }
4562}
4563
4564void Evacuator::Finalize() {
4565 local_allocator_.Finalize();
4566 heap_->tracer()->AddCompactionEvent(duration_, bytes_compacted_);
4567 heap_->IncrementPromotedObjectsSize(new_space_visitor_.promoted_size() +
4568 new_to_old_page_visitor_.moved_bytes());
4569 heap_->IncrementYoungSurvivorsCounter(
4570 new_space_visitor_.promoted_size() +
4571 new_to_old_page_visitor_.moved_bytes());
4572 heap_->pretenuring_handler()->MergeAllocationSitePretenuringFeedback(
4573 local_pretenuring_feedback_);
4574}
4575
4576class LiveObjectVisitor final : AllStatic {
4577 public:
4578 // Visits marked objects using `bool Visitor::Visit(HeapObject object, size_t
4579 // size)` as long as the return value is true.
4580 //
4581 // Returns whether all objects were successfully visited. Upon returning
4582 // false, also sets `failed_object` to the object for which the visitor
4583 // returned false.
4584 template <class Visitor>
4585 static bool VisitMarkedObjects(PageMetadata* page, Visitor* visitor,
4586 Tagged<HeapObject>* failed_object);
4587
4588 // Visits marked objects using `bool Visitor::Visit(HeapObject object, size_t
4589 // size)` as long as the return value is true. Assumes that the return value
4590 // is always true (success).
4591 template <class Visitor>
4592 static void VisitMarkedObjectsNoFail(PageMetadata* page, Visitor* visitor);
4593};
4594
4595template <class Visitor>
4596bool LiveObjectVisitor::VisitMarkedObjects(PageMetadata* page, Visitor* visitor,
4597 Tagged<HeapObject>* failed_object) {
4598 TRACE_EVENT0(TRACE_DISABLED_BY_DEFAULT("v8.gc"),
4599 "LiveObjectVisitor::VisitMarkedObjects");
4600 for (auto [object, size] : LiveObjectRange(page)) {
4601 if (!visitor->Visit(object, size)) {
4602 *failed_object = object;
4603 return false;
4604 }
4605 }
4606 return true;
4607}
4608
4609template <class Visitor>
4610void LiveObjectVisitor::VisitMarkedObjectsNoFail(PageMetadata* page,
4611 Visitor* visitor) {
4612 TRACE_EVENT0(TRACE_DISABLED_BY_DEFAULT("v8.gc"),
4613 "LiveObjectVisitor::VisitMarkedObjectsNoFail");
4614 for (auto [object, size] : LiveObjectRange(page)) {
4615 const bool success = visitor->Visit(object, size);
4616 USE(success);
4617 DCHECK(success);
4618 }
4619}
4620
4621bool Evacuator::RawEvacuatePage(MutablePageMetadata* page) {
4622 MemoryChunk* chunk = page->Chunk();
4623 const EvacuationMode evacuation_mode = ComputeEvacuationMode(chunk);
4624 TRACE_EVENT2(TRACE_DISABLED_BY_DEFAULT("v8.gc"),
4625 "FullEvacuator::RawEvacuatePage", "evacuation_mode",
4626 EvacuationModeName(evacuation_mode), "live_bytes",
4627 page->live_bytes());
4628 switch (evacuation_mode) {
4629 case kObjectsNewToOld:
4630#if DEBUG
4631 new_space_visitor_.DisableAbortEvacuationAtAddress(page);
4632#endif // DEBUG
4633 LiveObjectVisitor::VisitMarkedObjectsNoFail(PageMetadata::cast(page),
4634 &new_space_visitor_);
4635 page->ClearLiveness();
4636 break;
4637 case kPageNewToOld:
4638 if (chunk->IsLargePage()) {
4639 auto object = LargePageMetadata::cast(page)->GetObject();
4640 bool success = new_to_old_page_visitor_.Visit(object, object->Size());
4641 USE(success);
4642 DCHECK(success);
4643 } else {
4644 LiveObjectVisitor::VisitMarkedObjectsNoFail(PageMetadata::cast(page),
4645 &new_to_old_page_visitor_);
4646 }
4647 new_to_old_page_visitor_.account_moved_bytes(page->live_bytes());
4648 break;
4649 case kObjectsOldToOld: {
4650#if DEBUG
4651 old_space_visitor_.SetUpAbortEvacuationAtAddress(page);
4652#endif // DEBUG
4653 Tagged<HeapObject> failed_object;
4654 if (LiveObjectVisitor::VisitMarkedObjects(
4655 PageMetadata::cast(page), &old_space_visitor_, &failed_object)) {
4656 page->ClearLiveness();
4657 } else {
4658 // Aborted compaction page. Actual processing happens on the main
4659 // thread for simplicity reasons.
4660 heap_->mark_compact_collector()
4661 ->ReportAbortedEvacuationCandidateDueToOOM(
4662 failed_object.address(), static_cast<PageMetadata*>(page));
4663 return false;
4664 }
4665 break;
4666 }
4667 }
4668
4669 return true;
4670}
4671
4672class PageEvacuationJob : public v8::JobTask {
4673 public:
4674 PageEvacuationJob(
4675 Isolate* isolate, MarkCompactCollector* collector,
4676 std::vector<std::unique_ptr<Evacuator>>* evacuators,
4677 std::vector<std::pair<ParallelWorkItem, MutablePageMetadata*>>
4678 evacuation_items)
4679 : collector_(collector),
4680 evacuators_(evacuators),
4681 evacuation_items_(std::move(evacuation_items)),
4682 remaining_evacuation_items_(evacuation_items_.size()),
4683 generator_(evacuation_items_.size()),
4684 tracer_(isolate->heap()->tracer()),
4685 trace_id_(reinterpret_cast<uint64_t>(this) ^
4686 tracer_->CurrentEpoch(GCTracer::Scope::MC_EVACUATE)) {}
4687
4688 void Run(JobDelegate* delegate) override {
4689 // Set the current isolate such that trusted pointer tables etc are
4690 // available and the cage base is set correctly for multi-cage mode.
4691 SetCurrentIsolateScope isolate_scope(collector_->heap()->isolate());
4692
4693 Evacuator* evacuator = (*evacuators_)[delegate->GetTaskId()].get();
4694 if (delegate->IsJoiningThread()) {
4695 TRACE_GC_WITH_FLOW(tracer_, GCTracer::Scope::MC_EVACUATE_COPY_PARALLEL,
4696 trace_id_, TRACE_EVENT_FLAG_FLOW_IN);
4697 ProcessItems(delegate, evacuator);
4698 } else {
4699 TRACE_GC_EPOCH_WITH_FLOW(
4700 tracer_, GCTracer::Scope::MC_BACKGROUND_EVACUATE_COPY,
4701 ThreadKind::kBackground, trace_id_, TRACE_EVENT_FLAG_FLOW_IN);
4702 ProcessItems(delegate, evacuator);
4703 }
4704 }
4705
4706 void ProcessItems(JobDelegate* delegate, Evacuator* evacuator) {
4707 while (remaining_evacuation_items_.load(std::memory_order_relaxed) > 0) {
4708 std::optional<size_t> index = generator_.GetNext();
4709 if (!index) return;
4710 for (size_t i = *index; i < evacuation_items_.size(); ++i) {
4711 auto& work_item = evacuation_items_[i];
4712 if (!work_item.first.TryAcquire()) break;
4713 evacuator->EvacuatePage(work_item.second);
4714 if (remaining_evacuation_items_.fetch_sub(
4715 1, std::memory_order_relaxed) <= 1) {
4716 return;
4717 }
4718 }
4719 }
4720 }
4721
4722 size_t GetMaxConcurrency(size_t worker_count) const override {
4723 const size_t kItemsPerWorker = std::max(1, MB / PageMetadata::kPageSize);
4724 // Ceiling division to ensure enough workers for all
4725 // |remaining_evacuation_items_|
4726 size_t wanted_num_workers =
4727 (remaining_evacuation_items_.load(std::memory_order_relaxed) +
4728 kItemsPerWorker - 1) /
4729 kItemsPerWorker;
4730 wanted_num_workers =
4731 std::min<size_t>(wanted_num_workers, evacuators_->size());
4732 if (!collector_->UseBackgroundThreadsInCycle()) {
4733 return std::min<size_t>(wanted_num_workers, 1);
4734 }
4735 return wanted_num_workers;
4736 }
4737
4738 uint64_t trace_id() const { return trace_id_; }
4739
4740 private:
4741 MarkCompactCollector* collector_;
4742 std::vector<std::unique_ptr<Evacuator>>* evacuators_;
4743 std::vector<std::pair<ParallelWorkItem, MutablePageMetadata*>>
4744 evacuation_items_;
4745 std::atomic<size_t> remaining_evacuation_items_{0};
4746 IndexGenerator generator_;
4747
4748 GCTracer* tracer_;
4749 const uint64_t trace_id_;
4750};
4751
4752namespace {
4753size_t CreateAndExecuteEvacuationTasks(
4754 Heap* heap, MarkCompactCollector* collector,
4755 std::vector<std::pair<ParallelWorkItem, MutablePageMetadata*>>
4756 evacuation_items) {
4757 std::optional<ProfilingMigrationObserver> profiling_observer;
4758 if (heap->isolate()->log_object_relocation()) {
4759 profiling_observer.emplace(heap);
4760 }
4761 std::vector<std::unique_ptr<v8::internal::Evacuator>> evacuators;
4762 const int wanted_num_tasks = NumberOfParallelCompactionTasks(heap);
4763 for (int i = 0; i < wanted_num_tasks; i++) {
4764 auto evacuator = std::make_unique<Evacuator>(heap);
4765 if (profiling_observer) {
4766 evacuator->AddObserver(&profiling_observer.value());
4767 }
4768 evacuators.push_back(std::move(evacuator));
4769 }
4770 auto page_evacuation_job = std::make_unique<PageEvacuationJob>(
4771 heap->isolate(), collector, &evacuators, std::move(evacuation_items));
4772 TRACE_GC_NOTE_WITH_FLOW("PageEvacuationJob started",
4773 page_evacuation_job->trace_id(),
4774 TRACE_EVENT_FLAG_FLOW_OUT);
4775 V8::GetCurrentPlatform()
4776 ->CreateJob(v8::TaskPriority::kUserBlocking,
4777 std::move(page_evacuation_job))
4778 ->Join();
4779 for (auto& evacuator : evacuators) {
4780 evacuator->Finalize();
4781 }
4782 return wanted_num_tasks;
4783}
4784
4785enum class MemoryReductionMode { kNone, kShouldReduceMemory };
4786
4787// NewSpacePages with more live bytes than this threshold qualify for fast
4788// evacuation.
4789intptr_t NewSpacePageEvacuationThreshold() {
4790 return v8_flags.page_promotion_threshold *
4791 MemoryChunkLayout::AllocatableMemoryInDataPage() / 100;
4792}
4793
4794bool ShouldMovePage(PageMetadata* p, intptr_t live_bytes,
4795 MemoryReductionMode memory_reduction_mode) {
4796 Heap* heap = p->heap();
4797 DCHECK(!p->Chunk()->NeverEvacuate());
4798 const bool should_move_page =
4799 v8_flags.page_promotion &&
4800 (memory_reduction_mode == MemoryReductionMode::kNone) &&
4801 (live_bytes > NewSpacePageEvacuationThreshold()) &&
4802 heap->CanExpandOldGeneration(live_bytes);
4803 if (v8_flags.trace_page_promotions) {
4804 PrintIsolate(heap->isolate(),
4805 "[Page Promotion] %p: collector=mc, should move: %d"
4806 ", live bytes = %zu, promotion threshold = %zu"
4807 ", allocated labs size = %zu\n",
4808 p, should_move_page, live_bytes,
4809 NewSpacePageEvacuationThreshold(), p->AllocatedLabSize());
4810 }
4811 return should_move_page;
4812}
4813
4814void TraceEvacuation(Isolate* isolate, size_t pages_count,
4815 size_t wanted_num_tasks, size_t live_bytes,
4816 size_t aborted_pages) {
4817 DCHECK(v8_flags.trace_evacuation);
4818 PrintIsolate(isolate,
4819 "%8.0f ms: evacuation-summary: parallel=%s pages=%zu "
4820 "wanted_tasks=%zu cores=%d live_bytes=%" V8PRIdPTR
4821 " compaction_speed=%.f aborted=%zu\n",
4822 isolate->time_millis_since_init(),
4823 v8_flags.parallel_compaction ? "yes" : "no", pages_count,
4824 wanted_num_tasks,
4825 V8::GetCurrentPlatform()->NumberOfWorkerThreads() + 1,
4826 live_bytes,
4827 isolate->heap()
4828 ->tracer()
4829 ->CompactionSpeedInBytesPerMillisecond()
4830 .value_or(0),
4831 aborted_pages);
4832}
4833
4834} // namespace
4835
4836class PrecisePagePinningVisitor final : public RootVisitor {
4837 public:
4838 explicit PrecisePagePinningVisitor(MarkCompactCollector* collector)
4839 : RootVisitor(),
4840 collector_(collector),
4841 should_pin_in_shared_space_(
4842 collector->heap()->isolate()->is_shared_space_isolate()) {}
4843
4844 void VisitRootPointer(Root root, const char* description,
4845 FullObjectSlot p) final {
4846 HandlePointer(p);
4847 }
4848
4849 void VisitRootPointers(Root root, const char* description,
4850 FullObjectSlot start, FullObjectSlot end) final {
4851 for (FullObjectSlot p = start; p < end; ++p) {
4852 HandlePointer(p);
4853 }
4854 }
4855
4856 private:
4857 void HandlePointer(FullObjectSlot p) {
4858 Tagged<Object> object = *p;
4859 if (!object.IsHeapObject()) {
4860 return;
4861 }
4862 MemoryChunk* chunk = MemoryChunk::FromHeapObject(Cast<HeapObject>(object));
4863 if (chunk->IsLargePage() || chunk->InReadOnlySpace()) {
4864 // Large objects and read only objects are not evacuated and thus don't
4865 // need to be pinned.
4866 return;
4867 }
4868 if (!should_pin_in_shared_space_ && chunk->InWritableSharedSpace()) {
4869 return;
4870 }
4871 if (chunk->InYoungGeneration()) {
4872 // Young gen pages are not considered evacuation candidates. Pinning is
4873 // done by marking them as quarantined and promoting the page as is.
4874 DCHECK(v8_flags.minor_ms ? chunk->IsToPage() : chunk->IsFromPage());
4875 if (chunk->IsQuarantined()) {
4876 return;
4877 }
4878 chunk->SetFlagNonExecutable(MemoryChunk::IS_QUARANTINED);
4879 return;
4880 }
4881 if (!chunk->IsFlagSet(MemoryChunk::EVACUATION_CANDIDATE)) {
4882 return;
4883 }
4884 collector_->ReportAbortedEvacuationCandidateDueToFlags(
4885 PageMetadata::cast(chunk->Metadata()), chunk);
4886 }
4887
4888 MarkCompactCollector* const collector_;
4889 const bool should_pin_in_shared_space_;
4890};
4891
4892void MarkCompactCollector::PinPreciseRootsIfNeeded() {
4893 if (!v8_flags.precise_object_pinning) {
4894 return;
4895 }
4896
4897 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_EVACUATE_PIN_PAGES);
4898
4899 Isolate* const isolate = heap_->isolate();
4900
4901 PrecisePagePinningVisitor root_visitor(this);
4902
4903 // Mark the heap roots including global variables, stack variables,
4904 // etc., and all objects reachable from them.
4905 heap_->IterateRootsForPrecisePinning(&root_visitor);
4906
4907 if (isolate->is_shared_space_isolate()) {
4908 ClientRootVisitor<> client_root_visitor(&root_visitor);
4909 isolate->global_safepoint()->IterateClientIsolates(
4910 [&client_root_visitor](Isolate* client) {
4911 client->heap()->IterateRootsForPrecisePinning(&client_root_visitor);
4912 });
4913 }
4914}
4915
4916void MarkCompactCollector::EvacuatePagesInParallel() {
4917 std::vector<std::pair<ParallelWorkItem, MutablePageMetadata*>>
4918 evacuation_items;
4919 intptr_t live_bytes = 0;
4920
4921 PinPreciseRootsIfNeeded();
4922
4923 // Evacuation of new space pages cannot be aborted, so it needs to run
4924 // before old space evacuation.
4925 bool force_page_promotion =
4926 heap_->IsGCWithStack() && !v8_flags.compact_with_stack;
4927 for (PageMetadata* page : new_space_evacuation_pages_) {
4928 intptr_t live_bytes_on_page = page->live_bytes();
4929 DCHECK_LT(0, live_bytes_on_page);
4930 live_bytes += live_bytes_on_page;
4931 MemoryReductionMode memory_reduction_mode =
4932 heap_->ShouldReduceMemory() ? MemoryReductionMode::kShouldReduceMemory
4933 : MemoryReductionMode::kNone;
4934 if (ShouldMovePage(page, live_bytes_on_page, memory_reduction_mode) ||
4935 force_page_promotion || page->Chunk()->IsQuarantined()) {
4936 EvacuateNewToOldSpacePageVisitor::Move(page);
4937 page->Chunk()->SetFlagNonExecutable(MemoryChunk::PAGE_NEW_OLD_PROMOTION);
4938 DCHECK_EQ(heap_->old_space(), page->owner());
4939 // The move added page->allocated_bytes to the old space, but we are
4940 // going to sweep the page and add page->live_byte_count.
4941 heap_->old_space()->DecreaseAllocatedBytes(page->allocated_bytes(), page);
4942 }
4943 evacuation_items.emplace_back(ParallelWorkItem{}, page);
4944 }
4945
4946 if (heap_->IsGCWithStack()) {
4947 if (!v8_flags.compact_with_stack) {
4948 for (PageMetadata* page : old_space_evacuation_pages_) {
4949 ReportAbortedEvacuationCandidateDueToFlags(page, page->Chunk());
4950 }
4951 } else if (!v8_flags.compact_code_space_with_stack ||
4952 heap_->isolate()->InFastCCall()) {
4953 // For fast C calls we cannot patch the return address in the native stack
4954 // frame if we would relocate InstructionStream objects.
4955 for (PageMetadata* page : old_space_evacuation_pages_) {
4956 if (page->owner_identity() != CODE_SPACE) continue;
4957 ReportAbortedEvacuationCandidateDueToFlags(page, page->Chunk());
4958 }
4959 }
4960 } else {
4961 // There should always be a stack when we are in a fast c call.
4962 DCHECK(!heap_->isolate()->InFastCCall());
4963 }
4964
4965 if (v8_flags.stress_compaction || v8_flags.stress_compaction_random) {
4966 // Stress aborting of evacuation by aborting ~10% of evacuation candidates
4967 // when stress testing.
4968 const double kFraction = 0.05;
4969
4970 for (PageMetadata* page : old_space_evacuation_pages_) {
4971 if (heap_->isolate()->fuzzer_rng()->NextDouble() < kFraction) {
4972 ReportAbortedEvacuationCandidateDueToFlags(page, page->Chunk());
4973 }
4974 }
4975 }
4976
4977 for (PageMetadata* page : old_space_evacuation_pages_) {
4978 MemoryChunk* chunk = page->Chunk();
4979 if (chunk->IsFlagSet(MemoryChunk::COMPACTION_WAS_ABORTED)) continue;
4980
4981 live_bytes += page->live_bytes();
4982 evacuation_items.emplace_back(ParallelWorkItem{}, page);
4983 }
4984
4985 // Promote young generation large objects.
4986 if (auto* new_lo_space = heap_->new_lo_space()) {
4987 for (auto it = new_lo_space->begin(); it != new_lo_space->end();) {
4988 LargePageMetadata* current = *(it++);
4989 Tagged<HeapObject> object = current->GetObject();
4990 // The black-allocated flag was already cleared in SweepLargeSpace().
4991 DCHECK_IMPLIES(v8_flags.black_allocated_pages,
4992 !HeapLayout::InBlackAllocatedPage(object));
4993 if (marking_state_->IsMarked(object)) {
4994 heap_->lo_space()->PromoteNewLargeObject(current);
4995 current->Chunk()->SetFlagNonExecutable(
4996 MemoryChunk::PAGE_NEW_OLD_PROMOTION);
4997 promoted_large_pages_.push_back(current);
4998 evacuation_items.emplace_back(ParallelWorkItem{}, current);
4999 }
5000 }
5001 new_lo_space->set_objects_size(0);
5002 }
5003
5004 const size_t pages_count = evacuation_items.size();
5005 size_t wanted_num_tasks = 0;
5006 if (!evacuation_items.empty()) {
5007 TRACE_EVENT1(TRACE_DISABLED_BY_DEFAULT("v8.gc"),
5008 "MarkCompactCollector::EvacuatePagesInParallel", "pages",
5009 evacuation_items.size());
5010
5011 wanted_num_tasks = CreateAndExecuteEvacuationTasks(
5012 heap_, this, std::move(evacuation_items));
5013 }
5014
5015 const size_t aborted_pages = PostProcessAbortedEvacuationCandidates();
5016
5017 if (v8_flags.trace_evacuation) {
5018 TraceEvacuation(heap_->isolate(), pages_count, wanted_num_tasks, live_bytes,
5019 aborted_pages);
5020 }
5021}
5022
5023class EvacuationWeakObjectRetainer : public WeakObjectRetainer {
5024 public:
5025 Tagged<Object> RetainAs(Tagged<Object> object) override {
5026 if (object.IsHeapObject()) {
5027 Tagged<HeapObject> heap_object = Cast<HeapObject>(object);
5028 MapWord map_word = heap_object->map_word(kRelaxedLoad);
5029 if (map_word.IsForwardingAddress()) {
5030 return map_word.ToForwardingAddress(heap_object);
5031 }
5032 }
5033 return object;
5034 }
5035};
5036
5037void MarkCompactCollector::Evacuate() {
5038 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_EVACUATE);
5039
5040 {
5041 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_EVACUATE_PROLOGUE);
5042 EvacuatePrologue();
5043 }
5044
5045 {
5046 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_EVACUATE_COPY);
5047 EvacuatePagesInParallel();
5048 }
5049
5050 UpdatePointersAfterEvacuation();
5051
5052 {
5053 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_EVACUATE_CLEAN_UP);
5054
5055 for (PageMetadata* p : new_space_evacuation_pages_) {
5056 MemoryChunk* chunk = p->Chunk();
5057 AllocationSpace owner_identity = p->owner_identity();
5058 USE(owner_identity);
5059 if (chunk->IsFlagSet(MemoryChunk::PAGE_NEW_OLD_PROMOTION)) {
5060 chunk->ClearFlagNonExecutable(MemoryChunk::PAGE_NEW_OLD_PROMOTION);
5061 // The in-sandbox page flags may be corrupted, so we currently need
5062 // this check here to make sure that this doesn't lead to further
5063 // confusion about the state of MemoryChunkMetadata objects.
5064 // TODO(377724745): if we move (some of) the flags into the trusted
5065 // MemoryChunkMetadata object, then this wouldn't be necessary.
5066 SBXCHECK_EQ(OLD_SPACE, owner_identity);
5067 sweeper_->AddPage(OLD_SPACE, p);
5068 } else if (v8_flags.minor_ms) {
5069 // Sweep non-promoted pages to add them back to the free list.
5070 DCHECK_EQ(NEW_SPACE, owner_identity);
5071 DCHECK_EQ(0, p->live_bytes());
5072 DCHECK(p->SweepingDone());
5073 PagedNewSpace* space = heap_->paged_new_space();
5074 if (space->ShouldReleaseEmptyPage()) {
5075 space->ReleasePage(p);
5076 } else {
5077 sweeper_->SweepEmptyNewSpacePage(p);
5078 }
5079 }
5080 }
5081 new_space_evacuation_pages_.clear();
5082
5083 for (LargePageMetadata* p : promoted_large_pages_) {
5084 MemoryChunk* chunk = p->Chunk();
5085 DCHECK(chunk->IsFlagSet(MemoryChunk::PAGE_NEW_OLD_PROMOTION));
5086 chunk->ClearFlagNonExecutable(MemoryChunk::PAGE_NEW_OLD_PROMOTION);
5087 Tagged<HeapObject> object = p->GetObject();
5088 if (!v8_flags.sticky_mark_bits) {
5089 MarkBit::From(object).Clear();
5090 p->SetLiveBytes(0);
5091 }
5092 p->marking_progress_tracker().ResetIfEnabled();
5093 }
5094 promoted_large_pages_.clear();
5095
5096 for (PageMetadata* p : old_space_evacuation_pages_) {
5097 MemoryChunk* chunk = p->Chunk();
5098 if (chunk->IsFlagSet(MemoryChunk::COMPACTION_WAS_ABORTED)) {
5099 sweeper_->AddPage(p->owner_identity(), p);
5100 chunk->ClearFlagSlow(MemoryChunk::COMPACTION_WAS_ABORTED);
5101 }
5102 }
5103 }
5104
5105 {
5106 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_EVACUATE_EPILOGUE);
5107 EvacuateEpilogue();
5108 }
5109
5110#ifdef VERIFY_HEAP
5111 if (v8_flags.verify_heap && !sweeper_->sweeping_in_progress()) {
5112 EvacuationVerifier verifier(heap_);
5113 verifier.Run();
5114 }
5115#endif // VERIFY_HEAP
5116}
5117
5118class UpdatingItem : public ParallelWorkItem {
5119 public:
5120 virtual ~UpdatingItem() = default;
5121 virtual void Process() = 0;
5122};
5123
5124class PointersUpdatingJob : public v8::JobTask {
5125 public:
5126 explicit PointersUpdatingJob(
5127 Isolate* isolate, MarkCompactCollector* collector,
5128 std::vector<std::unique_ptr<UpdatingItem>> updating_items)
5129 : collector_(collector),
5130 updating_items_(std::move(updating_items)),
5131 remaining_updating_items_(updating_items_.size()),
5132 generator_(updating_items_.size()),
5133 tracer_(isolate->heap()->tracer()),
5134 trace_id_(reinterpret_cast<uint64_t>(this) ^
5135 tracer_->CurrentEpoch(GCTracer::Scope::MC_EVACUATE)) {}
5136
5137 void Run(JobDelegate* delegate) override {
5138 // Set the current isolate such that trusted pointer tables etc are
5139 // available and the cage base is set correctly for multi-cage mode.
5140 SetCurrentIsolateScope isolate_scope(collector_->heap()->isolate());
5141
5142 if (delegate->IsJoiningThread()) {
5143 TRACE_GC_WITH_FLOW(tracer_,
5144 GCTracer::Scope::MC_EVACUATE_UPDATE_POINTERS_PARALLEL,
5145 trace_id_, TRACE_EVENT_FLAG_FLOW_IN);
5146 UpdatePointers(delegate);
5147 } else {
5148 TRACE_GC_EPOCH_WITH_FLOW(
5149 tracer_, GCTracer::Scope::MC_BACKGROUND_EVACUATE_UPDATE_POINTERS,
5150 ThreadKind::kBackground, trace_id_, TRACE_EVENT_FLAG_FLOW_IN);
5151 UpdatePointers(delegate);
5152 }
5153 }
5154
5155 void UpdatePointers(JobDelegate* delegate) {
5156 while (remaining_updating_items_.load(std::memory_order_relaxed) > 0) {
5157 std::optional<size_t> index = generator_.GetNext();
5158 if (!index) return;
5159 for (size_t i = *index; i < updating_items_.size(); ++i) {
5160 auto& work_item = updating_items_[i];
5161 if (!work_item->TryAcquire()) break;
5162 work_item->Process();
5163 if (remaining_updating_items_.fetch_sub(1, std::memory_order_relaxed) <=
5164 1) {
5165 return;
5166 }
5167 }
5168 }
5169 }
5170
5171 size_t GetMaxConcurrency(size_t worker_count) const override {
5172 size_t items = remaining_updating_items_.load(std::memory_order_relaxed);
5173 if (!v8_flags.parallel_pointer_update ||
5174 !collector_->UseBackgroundThreadsInCycle()) {
5175 return std::min<size_t>(items, 1);
5176 }
5177 const size_t kMaxPointerUpdateTasks = 8;
5178 size_t max_concurrency = std::min<size_t>(kMaxPointerUpdateTasks, items);
5179 DCHECK_IMPLIES(items > 0, max_concurrency > 0);
5180 return max_concurrency;
5181 }
5182
5183 uint64_t trace_id() const { return trace_id_; }
5184
5185 private:
5186 MarkCompactCollector* collector_;
5187 std::vector<std::unique_ptr<UpdatingItem>> updating_items_;
5188 std::atomic<size_t> remaining_updating_items_{0};
5189 IndexGenerator generator_;
5190
5191 GCTracer* tracer_;
5192 const uint64_t trace_id_;
5193};
5194
5195namespace {
5196
5197class RememberedSetUpdatingItem : public UpdatingItem {
5198 public:
5199 explicit RememberedSetUpdatingItem(Heap* heap, MutablePageMetadata* chunk)
5200 : heap_(heap),
5201 marking_state_(heap_->non_atomic_marking_state()),
5202 chunk_(chunk),
5203 record_old_to_shared_slots_(heap->isolate()->has_shared_space() &&
5204 !chunk->Chunk()->InWritableSharedSpace()) {}
5205 ~RememberedSetUpdatingItem() override = default;
5206
5207 void Process() override {
5208 TRACE_EVENT0(TRACE_DISABLED_BY_DEFAULT("v8.gc"),
5209 "RememberedSetUpdatingItem::Process");
5210 UpdateUntypedPointers();
5211 UpdateTypedPointers();
5212 }
5213
5214 private:
5215 template <typename TSlot>
5216 inline void CheckSlotForOldToSharedUntyped(PtrComprCageBase cage_base,
5217 MutablePageMetadata* page,
5218 TSlot slot) {
5219 Tagged<HeapObject> heap_object;
5220
5221 if (!slot.load(cage_base).GetHeapObject(&heap_object)) {
5222 return;
5223 }
5224
5225 if (HeapLayout::InWritableSharedSpace(heap_object)) {
5226 RememberedSet<OLD_TO_SHARED>::Insert<AccessMode::NON_ATOMIC>(
5227 page, page->Offset(slot.address()));
5228 }
5229 }
5230
5231 inline void CheckSlotForOldToSharedTyped(
5232 MutablePageMetadata* page, SlotType slot_type, Address addr,
5233 WritableJitAllocation& jit_allocation) {
5234 Tagged<HeapObject> heap_object =
5235 UpdateTypedSlotHelper::GetTargetObject(page->heap(), slot_type, addr);
5236
5237#if DEBUG
5238 UpdateTypedSlotHelper::UpdateTypedSlot(
5239 jit_allocation, page->heap(), slot_type, addr,
5240 [heap_object](FullMaybeObjectSlot slot) {
5241 DCHECK_EQ((*slot).GetHeapObjectAssumeStrong(), heap_object);
5242 return KEEP_SLOT;
5243 });
5244#endif // DEBUG
5245
5246 if (HeapLayout::InWritableSharedSpace(heap_object)) {
5247 const uintptr_t offset = page->Offset(addr);
5248 DCHECK_LT(offset, static_cast<uintptr_t>(TypedSlotSet::kMaxOffset));
5249 RememberedSet<OLD_TO_SHARED>::InsertTyped(page, slot_type,
5250 static_cast<uint32_t>(offset));
5251 }
5252 }
5253
5254 template <typename TSlot>
5255 inline void CheckAndUpdateOldToNewSlot(TSlot slot,
5256 const PtrComprCageBase cage_base) {
5257 static_assert(
5258 std::is_same_v<TSlot, FullMaybeObjectSlot> ||
5259 std::is_same_v<TSlot, MaybeObjectSlot>,
5260 "Only FullMaybeObjectSlot and MaybeObjectSlot are expected here");
5261 Tagged<HeapObject> heap_object;
5262 if (!(*slot).GetHeapObject(&heap_object)) return;
5263 if (!HeapLayout::InYoungGeneration(heap_object)) return;
5264
5265 if (!v8_flags.sticky_mark_bits) {
5266 DCHECK_IMPLIES(v8_flags.minor_ms && !Heap::IsLargeObject(heap_object),
5267 Heap::InToPage(heap_object));
5268 DCHECK_IMPLIES(!v8_flags.minor_ms || Heap::IsLargeObject(heap_object),
5269 Heap::InFromPage(heap_object));
5270 }
5271
5272 // OLD_TO_NEW slots are recorded in dead memory, so they might point to
5273 // dead objects.
5274 DCHECK_IMPLIES(!heap_object->map_word(kRelaxedLoad).IsForwardingAddress(),
5275 !marking_state_->IsMarked(heap_object));
5276 UpdateSlot(cage_base, slot);
5277 }
5278
5279 void UpdateUntypedPointers() {
5280 UpdateUntypedOldToNewPointers<OLD_TO_NEW>();
5281 UpdateUntypedOldToNewPointers<OLD_TO_NEW_BACKGROUND>();
5282 UpdateUntypedOldToOldPointers();
5283 UpdateUntypedTrustedToCodePointers();
5284 UpdateUntypedTrustedToTrustedPointers();
5285 }
5286
5287 template <RememberedSetType old_to_new_type>
5288 void UpdateUntypedOldToNewPointers() {
5289 if (!chunk_->slot_set<old_to_new_type, AccessMode::NON_ATOMIC>()) {
5290 return;
5291 }
5292
5293 const PtrComprCageBase cage_base = heap_->isolate();
5294 // Marking bits are cleared already when the page is already swept. This
5295 // is fine since in that case the sweeper has already removed dead invalid
5296 // objects as well.
5297 RememberedSet<old_to_new_type>::Iterate(
5298 chunk_,
5299 [this, cage_base](MaybeObjectSlot slot) {
5300 CheckAndUpdateOldToNewSlot(slot, cage_base);
5301 // A new space string might have been promoted into the shared heap
5302 // during GC.
5303 if (record_old_to_shared_slots_) {
5304 CheckSlotForOldToSharedUntyped(cage_base, chunk_, slot);
5305 }
5306 // Always keep slot since all slots are dropped at once after
5307 // iteration.
5308 return KEEP_SLOT;
5309 },
5310 SlotSet::KEEP_EMPTY_BUCKETS);
5311
5312 // Full GCs will empty new space, so [old_to_new_type] is empty.
5313 chunk_->ReleaseSlotSet(old_to_new_type);
5314 }
5315
5316 void UpdateUntypedOldToOldPointers() {
5317 if (!chunk_->slot_set<OLD_TO_OLD, AccessMode::NON_ATOMIC>()) {
5318 return;
5319 }
5320
5321 const PtrComprCageBase cage_base = heap_->isolate();
5322 if (chunk_->Chunk()->executable()) {
5323 // When updating pointer in an InstructionStream (in particular, the
5324 // pointer to relocation info), we need to use WriteProtectedSlots that
5325 // ensure that the code page is unlocked.
5326 WritableJitPage jit_page(chunk_->area_start(), chunk_->area_size());
5327 RememberedSet<OLD_TO_OLD>::Iterate(
5328 chunk_,
5329 [&](MaybeObjectSlot slot) {
5330 WritableJitAllocation jit_allocation =
5331 jit_page.LookupAllocationContaining(slot.address());
5332 UpdateSlot(cage_base, WriteProtectedSlot<ObjectSlot>(
5333 jit_allocation, slot.address()));
5334 // Always keep slot since all slots are dropped at once after
5335 // iteration.
5336 return KEEP_SLOT;
5337 },
5338 SlotSet::KEEP_EMPTY_BUCKETS);
5339 } else {
5340 RememberedSet<OLD_TO_OLD>::Iterate(
5341 chunk_,
5342 [&](MaybeObjectSlot slot) {
5343 UpdateSlot(cage_base, slot);
5344 // A string might have been promoted into the shared heap during
5345 // GC.
5346 if (record_old_to_shared_slots_) {
5347 CheckSlotForOldToSharedUntyped(cage_base, chunk_, slot);
5348 }
5349 // Always keep slot since all slots are dropped at once after
5350 // iteration.
5351 return KEEP_SLOT;
5352 },
5353 SlotSet::KEEP_EMPTY_BUCKETS);
5354 }
5355
5356 chunk_->ReleaseSlotSet(OLD_TO_OLD);
5357 }
5358
5359 void UpdateUntypedTrustedToCodePointers() {
5360 if (!chunk_->slot_set<TRUSTED_TO_CODE, AccessMode::NON_ATOMIC>()) {
5361 return;
5362 }
5363
5364#ifdef V8_ENABLE_SANDBOX
5365 // When the sandbox is enabled, we must not process the TRUSTED_TO_CODE
5366 // remembered set on any chunk that is located inside the sandbox (in which
5367 // case the set should be unused). This is because an attacker could either
5368 // directly modify the TRUSTED_TO_CODE set on such a chunk, or trick the GC
5369 // into populating it with invalid pointers, both of which may lead to
5370 // memory corruption inside the (trusted) code space here.
5371 SBXCHECK(!InsideSandbox(chunk_->ChunkAddress()));
5372#endif
5373
5374 const PtrComprCageBase cage_base = heap_->isolate();
5375#ifdef V8_EXTERNAL_CODE_SPACE
5376 const PtrComprCageBase code_cage_base(heap_->isolate()->code_cage_base());
5377#else
5378 const PtrComprCageBase code_cage_base = cage_base;
5379#endif
5380 RememberedSet<TRUSTED_TO_CODE>::Iterate(
5381 chunk_,
5382 [cage_base, code_cage_base,
5383 isolate = IsolateForSandbox{heap_->isolate()}](MaybeObjectSlot slot) {
5384 DCHECK(IsCode(HeapObject::FromAddress(slot.address() -
5385 Code::kInstructionStreamOffset),
5386 cage_base));
5387 UpdateStrongCodeSlot(isolate, cage_base, code_cage_base,
5388 InstructionStreamSlot(slot.address()));
5389 // Always keep slot since all slots are dropped at once after
5390 // iteration.
5391 return KEEP_SLOT;
5392 },
5393 SlotSet::FREE_EMPTY_BUCKETS);
5394
5395 chunk_->ReleaseSlotSet(TRUSTED_TO_CODE);
5396 }
5397
5398 void UpdateUntypedTrustedToTrustedPointers() {
5399 if (!chunk_->slot_set<TRUSTED_TO_TRUSTED, AccessMode::NON_ATOMIC>()) {
5400 return;
5401 }
5402
5403#ifdef V8_ENABLE_SANDBOX
5404 // When the sandbox is enabled, we must not process the TRUSTED_TO_TRUSTED
5405 // remembered set on any chunk that is located inside the sandbox (in which
5406 // case the set should be unused). This is because an attacker could either
5407 // directly modify the TRUSTED_TO_TRUSTED set on such a chunk, or trick the
5408 // GC into populating it with invalid pointers, both of which may lead to
5409 // memory corruption inside the trusted space here.
5410 SBXCHECK(!InsideSandbox(chunk_->ChunkAddress()));
5411#endif
5412
5413 // TODO(saelo) we can probably drop all the cage_bases here once we no
5414 // longer need to pass them into our slot implementations.
5415 const PtrComprCageBase unused_cage_base(kNullAddress);
5416
5417 if (chunk_->Chunk()->executable()) {
5418 // When updating the InstructionStream -> Code pointer, we need to use
5419 // WriteProtectedSlots that ensure that the code page is unlocked.
5420 WritableJitPage jit_page(chunk_->area_start(), chunk_->area_size());
5421
5422 RememberedSet<TRUSTED_TO_TRUSTED>::Iterate(
5423 chunk_,
5424 [&](MaybeObjectSlot slot) {
5425 WritableJitAllocation jit_allocation =
5426 jit_page.LookupAllocationContaining(slot.address());
5427 UpdateStrongSlot(unused_cage_base,
5428 WriteProtectedSlot<ProtectedPointerSlot>(
5429 jit_allocation, slot.address()));
5430 // Always keep slot since all slots are dropped at once after
5431 // iteration.
5432 return KEEP_SLOT;
5433 },
5434 SlotSet::FREE_EMPTY_BUCKETS);
5435 } else {
5436 RememberedSet<TRUSTED_TO_TRUSTED>::Iterate(
5437 chunk_,
5438 [&](MaybeObjectSlot slot) {
5439 UpdateSlot(unused_cage_base,
5440 ProtectedMaybeObjectSlot(slot.address()));
5441 // Always keep slot since all slots are dropped at once after
5442 // iteration.
5443 return KEEP_SLOT;
5444 },
5445 SlotSet::FREE_EMPTY_BUCKETS);
5446 }
5447
5448 chunk_->ReleaseSlotSet(TRUSTED_TO_TRUSTED);
5449 }
5450
5451 void UpdateTypedPointers() {
5452 if (!chunk_->Chunk()->executable()) {
5453 DCHECK_NULL((chunk_->typed_slot_set<OLD_TO_NEW>()));
5454 DCHECK_NULL((chunk_->typed_slot_set<OLD_TO_OLD>()));
5455 return;
5456 }
5457
5458 WritableJitPage jit_page = ThreadIsolation::LookupWritableJitPage(
5459 chunk_->area_start(), chunk_->area_size());
5460 UpdateTypedOldToNewPointers(jit_page);
5461 UpdateTypedOldToOldPointers(jit_page);
5462 }
5463
5464 void UpdateTypedOldToNewPointers(WritableJitPage& jit_page) {
5465 if (chunk_->typed_slot_set<OLD_TO_NEW, AccessMode::NON_ATOMIC>() == nullptr)
5466 return;
5467 const PtrComprCageBase cage_base = heap_->isolate();
5468 const auto check_and_update_old_to_new_slot_fn =
5469 [this, cage_base](FullMaybeObjectSlot slot) {
5470 CheckAndUpdateOldToNewSlot(slot, cage_base);
5471 return KEEP_SLOT;
5472 };
5473
5474 RememberedSet<OLD_TO_NEW>::IterateTyped(
5475 chunk_, [this, &check_and_update_old_to_new_slot_fn, &jit_page](
5476 SlotType slot_type, Address slot) {
5477 WritableJitAllocation jit_allocation =
5478 jit_page.LookupAllocationContaining(slot);
5479 UpdateTypedSlotHelper::UpdateTypedSlot(
5480 jit_allocation, heap_, slot_type, slot,
5481 check_and_update_old_to_new_slot_fn);
5482 // A new space string might have been promoted into the shared heap
5483 // during GC.
5484 if (record_old_to_shared_slots_) {
5485 CheckSlotForOldToSharedTyped(chunk_, slot_type, slot,
5486 jit_allocation);
5487 }
5488 // Always keep slot since all slots are dropped at once after
5489 // iteration.
5490 return KEEP_SLOT;
5491 });
5492 // Full GCs will empty new space, so OLD_TO_NEW is empty.
5493 chunk_->ReleaseTypedSlotSet(OLD_TO_NEW);
5494 // OLD_TO_NEW_BACKGROUND typed slots set should always be empty.
5495 DCHECK_NULL(chunk_->typed_slot_set<OLD_TO_NEW_BACKGROUND>());
5496 }
5497
5498 void UpdateTypedOldToOldPointers(WritableJitPage& jit_page) {
5499 if (chunk_->typed_slot_set<OLD_TO_OLD, AccessMode::NON_ATOMIC>() == nullptr)
5500 return;
5501 PtrComprCageBase cage_base = heap_->isolate();
5502 RememberedSet<OLD_TO_OLD>::IterateTyped(
5503 chunk_, [this, cage_base, &jit_page](SlotType slot_type, Address slot) {
5504 // Using UpdateStrongSlot is OK here, because there are no weak
5505 // typed slots.
5506 WritableJitAllocation jit_allocation =
5507 jit_page.LookupAllocationContaining(slot);
5508 SlotCallbackResult result = UpdateTypedSlotHelper::UpdateTypedSlot(
5509 jit_allocation, heap_, slot_type, slot,
5510 [cage_base](FullMaybeObjectSlot slot) {
5511 UpdateStrongSlot(cage_base, slot);
5512 // Always keep slot since all slots are dropped at once after
5513 // iteration.
5514 return KEEP_SLOT;
5515 });
5516 // A string might have been promoted into the shared heap during GC.
5517 if (record_old_to_shared_slots_) {
5518 CheckSlotForOldToSharedTyped(chunk_, slot_type, slot,
5519 jit_allocation);
5520 }
5521 return result;
5522 });
5523 chunk_->ReleaseTypedSlotSet(OLD_TO_OLD);
5524 }
5525
5526 Heap* heap_;
5527 NonAtomicMarkingState* marking_state_;
5528 MutablePageMetadata* chunk_;
5529 const bool record_old_to_shared_slots_;
5530};
5531
5532} // namespace
5533
5534namespace {
5535template <typename IterateableSpace>
5536void CollectRememberedSetUpdatingItems(
5537 std::vector<std::unique_ptr<UpdatingItem>>* items,
5538 IterateableSpace* space) {
5539 for (MutablePageMetadata* page : *space) {
5540 // No need to update pointers on evacuation candidates. Evacuated pages will
5541 // be released after this phase.
5542 if (page->Chunk()->IsEvacuationCandidate()) continue;
5543 if (page->ContainsAnySlots()) {
5544 items->emplace_back(
5545 std::make_unique<RememberedSetUpdatingItem>(space->heap(), page));
5546 }
5547 }
5548}
5549} // namespace
5550
5551class EphemeronTableUpdatingItem : public UpdatingItem {
5552 public:
5553 enum EvacuationState { kRegular, kAborted };
5554
5555 explicit EphemeronTableUpdatingItem(Heap* heap) : heap_(heap) {}
5556 ~EphemeronTableUpdatingItem() override = default;
5557
5558 void Process() override {
5559 TRACE_EVENT0(TRACE_DISABLED_BY_DEFAULT("v8.gc"),
5560 "EphemeronTableUpdatingItem::Process");
5561 PtrComprCageBase cage_base(heap_->isolate());
5562
5563 auto* table_map = heap_->ephemeron_remembered_set()->tables();
5564 for (auto it = table_map->begin(); it != table_map->end(); it++) {
5565 Tagged<EphemeronHashTable> table = it->first;
5566 auto& indices = it->second;
5567 if (Cast<HeapObject>(table)
5568 ->map_word(kRelaxedLoad)
5569 .IsForwardingAddress()) {
5570 // The object has moved, so ignore slots in dead memory here.
5571 continue;
5572 }
5573 DCHECK(IsMap(table->map(), cage_base));
5574 DCHECK(IsEphemeronHashTable(table, cage_base));
5575 for (auto iti = indices.begin(); iti != indices.end(); ++iti) {
5576 // EphemeronHashTable keys must be heap objects.
5577 ObjectSlot key_slot(table->RawFieldOfElementAt(
5578 EphemeronHashTable::EntryToIndex(InternalIndex(*iti))));
5579 Tagged<Object> key_object = key_slot.Relaxed_Load();
5580 Tagged<HeapObject> key;
5581 CHECK(key_object.GetHeapObject(&key));
5582 MapWord map_word = key->map_word(cage_base, kRelaxedLoad);
5583 if (map_word.IsForwardingAddress()) {
5584 key = map_word.ToForwardingAddress(key);
5585 key_slot.Relaxed_Store(key);
5586 }
5587 }
5588 }
5589 table_map->clear();
5590 }
5591
5592 private:
5593 Heap* const heap_;
5594};
5595
5596void MarkCompactCollector::UpdatePointersAfterEvacuation() {
5597 TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_EVACUATE_UPDATE_POINTERS);
5598
5599 {
5600 TRACE_GC(heap_->tracer(),
5601 GCTracer::Scope::MC_EVACUATE_UPDATE_POINTERS_TO_NEW_ROOTS);
5602 // The external string table is updated at the end.
5603 PointersUpdatingVisitor updating_visitor(heap_);
5604 heap_->IterateRootsIncludingClients(
5605 &updating_visitor,
5606 base::EnumSet<SkipRoot>{SkipRoot::kExternalStringTable,
5607 SkipRoot::kConservativeStack,
5608 SkipRoot::kReadOnlyBuiltins});
5609 }
5610
5611 {
5612 TRACE_GC(heap_->tracer(),
5613 GCTracer::Scope::MC_EVACUATE_UPDATE_POINTERS_CLIENT_HEAPS);
5614 UpdatePointersInClientHeaps();
5615 }
5616
5617 {
5618 TRACE_GC(heap_->tracer(),
5619 GCTracer::Scope::MC_EVACUATE_UPDATE_POINTERS_SLOTS_MAIN);
5620 std::vector<std::unique_ptr<UpdatingItem>> updating_items;
5621
5622 CollectRememberedSetUpdatingItems(&updating_items, heap_->old_space());
5623 CollectRememberedSetUpdatingItems(&updating_items, heap_->code_space());
5624 if (heap_->shared_space()) {
5625 CollectRememberedSetUpdatingItems(&updating_items, heap_->shared_space());
5626 }
5627 CollectRememberedSetUpdatingItems(&updating_items, heap_->lo_space());
5628 CollectRememberedSetUpdatingItems(&updating_items, heap_->code_lo_space());
5629 if (heap_->shared_lo_space()) {
5630 CollectRememberedSetUpdatingItems(&updating_items,
5631 heap_->shared_lo_space());
5632 }
5633 CollectRememberedSetUpdatingItems(&updating_items, heap_->trusted_space());
5634 CollectRememberedSetUpdatingItems(&updating_items,
5635 heap_->trusted_lo_space());
5636 if (heap_->shared_trusted_space()) {
5637 CollectRememberedSetUpdatingItems(&updating_items,
5638 heap_->shared_trusted_space());
5639 }
5640 if (heap_->shared_trusted_lo_space()) {
5641 CollectRememberedSetUpdatingItems(&updating_items,
5642 heap_->shared_trusted_lo_space());
5643 }
5644
5645 // Iterating to space may require a valid body descriptor for e.g.
5646 // WasmStruct which races with updating a slot in Map. Since to space is
5647 // empty after a full GC, such races can't happen.
5648 DCHECK_IMPLIES(heap_->new_space(), heap_->new_space()->Size() == 0);
5649
5650 updating_items.push_back(
5651 std::make_unique<EphemeronTableUpdatingItem>(heap_));
5652
5653 auto pointers_updating_job = std::make_unique<PointersUpdatingJob>(
5654 heap_->isolate(), this, std::move(updating_items));
5655 TRACE_GC_NOTE_WITH_FLOW("PointersUpdatingJob started",
5656 pointers_updating_job->trace_id(),
5657 TRACE_EVENT_FLAG_FLOW_OUT);
5658 V8::GetCurrentPlatform()
5659 ->CreateJob(v8::TaskPriority::kUserBlocking,
5660 std::move(pointers_updating_job))
5661 ->Join();
5662 }
5663
5664 {
5665 TRACE_GC(heap_->tracer(),
5666 GCTracer::Scope::MC_EVACUATE_UPDATE_POINTERS_WEAK);
5667 // Update pointers from external string table.
5668 heap_->UpdateReferencesInExternalStringTable(
5669 &UpdateReferenceInExternalStringTableEntry);
5670
5671 // Update pointers in string forwarding table.
5672 // When GC was performed without a stack, the table was cleared and this
5673 // does nothing. In the case this was a GC with stack, we need to update
5674 // the entries for evacuated objects.
5675 // All entries are objects in shared space (unless
5676 // --always-use-forwarding-table), so we only need to update pointers during
5677 // a shared GC.
5678 if (heap_->isolate()->OwnsStringTables() ||
5679 V8_UNLIKELY(v8_flags.always_use_string_forwarding_table)) {
5680 heap_->isolate()->string_forwarding_table()->UpdateAfterFullEvacuation();
5681 }
5682
5683 EvacuationWeakObjectRetainer evacuation_object_retainer;
5684 heap_->ProcessWeakListRoots(&evacuation_object_retainer);
5685 }
5686
5687 {
5688 TRACE_GC(heap_->tracer(),
5689 GCTracer::Scope::MC_EVACUATE_UPDATE_POINTERS_POINTER_TABLES);
5690 UpdatePointersInPointerTables();
5691 }
5692
5693 // Flush the inner_pointer_to_code_cache which may now have stale contents.
5694 heap_->isolate()->inner_pointer_to_code_cache()->Flush();
5695}
5696
5697void MarkCompactCollector::UpdatePointersInClientHeaps() {
5698 Isolate* const isolate = heap_->isolate();
5699 if (!isolate->is_shared_space_isolate()) return;
5700
5701 isolate->global_safepoint()->IterateClientIsolates(
5702 [this](Isolate* client) { UpdatePointersInClientHeap(client); });
5703}
5704
5705void MarkCompactCollector::UpdatePointersInClientHeap(Isolate* client) {
5706 PtrComprCageBase cage_base(client);
5707 MemoryChunkIterator chunk_iterator(client->heap());
5708
5709 while (chunk_iterator.HasNext()) {
5710 MutablePageMetadata* page = chunk_iterator.Next();
5711 MemoryChunk* chunk = page->Chunk();
5712
5713 const auto slot_count = RememberedSet<OLD_TO_SHARED>::Iterate(
5714 page,
5715 [cage_base](MaybeObjectSlot slot) {
5716 return UpdateOldToSharedSlot(cage_base, slot);
5717 },
5718 SlotSet::FREE_EMPTY_BUCKETS);
5719
5720 if (slot_count == 0 || chunk->InYoungGeneration()) {
5721 page->ReleaseSlotSet(OLD_TO_SHARED);
5722 }
5723
5724 const PtrComprCageBase unused_cage_base(kNullAddress);
5725
5726 const auto protected_slot_count =
5727 RememberedSet<TRUSTED_TO_SHARED_TRUSTED>::Iterate(
5728 page,
5729 [unused_cage_base](MaybeObjectSlot slot) {
5730 ProtectedPointerSlot protected_slot(slot.address());
5731 return UpdateOldToSharedSlot(unused_cage_base, protected_slot);
5732 },
5733 SlotSet::FREE_EMPTY_BUCKETS);
5734 if (protected_slot_count == 0) {
5735 page->ReleaseSlotSet(TRUSTED_TO_SHARED_TRUSTED);
5736 }
5737
5738 if (!chunk->executable()) {
5739 DCHECK_NULL(page->typed_slot_set<OLD_TO_SHARED>());
5740 continue;
5741 }
5742
5743 WritableJitPage jit_page = ThreadIsolation::LookupWritableJitPage(
5744 page->area_start(), page->area_size());
5745 const auto typed_slot_count = RememberedSet<OLD_TO_SHARED>::IterateTyped(
5746 page, [this, &jit_page](SlotType slot_type, Address slot) {
5747 // Using UpdateStrongSlot is OK here, because there are no weak
5748 // typed slots.
5749 PtrComprCageBase cage_base = heap_->isolate();
5750 WritableJitAllocation jit_allocation =
5751 jit_page.LookupAllocationContaining(slot);
5752 return UpdateTypedSlotHelper::UpdateTypedSlot(
5753 jit_allocation, heap_, slot_type, slot,
5754 [cage_base](FullMaybeObjectSlot slot) {
5755 return UpdateStrongOldToSharedSlot(cage_base, slot);
5756 });
5757 });
5758 if (typed_slot_count == 0 || chunk->InYoungGeneration())
5759 page->ReleaseTypedSlotSet(OLD_TO_SHARED);
5760 }
5761}
5762
5763void MarkCompactCollector::UpdatePointersInPointerTables() {
5764#if defined(V8_ENABLE_SANDBOX) || defined(V8_ENABLE_LEAPTIERING)
5765 // Process an entry of a pointer table, returning either the relocated object
5766 // or a null pointer if the object wasn't relocated.
5767 auto process_entry = [&](Address content) -> Tagged<ExposedTrustedObject> {
5768 Tagged<HeapObject> heap_obj = Cast<HeapObject>(Tagged<Object>(content));
5769 MapWord map_word = heap_obj->map_word(kRelaxedLoad);
5770 if (!map_word.IsForwardingAddress()) return {};
5771 Tagged<HeapObject> relocated_object =
5772 map_word.ToForwardingAddress(heap_obj);
5773 DCHECK(IsExposedTrustedObject(relocated_object));
5774 return Cast<ExposedTrustedObject>(relocated_object);
5775 };
5776#endif // defined(V8_ENABLE_SANDBOX) || defined(V8_ENABLE_LEAPTIERING)
5777
5778#ifdef V8_ENABLE_SANDBOX
5779 TrustedPointerTable* const tpt = &heap_->isolate()->trusted_pointer_table();
5780 tpt->IterateActiveEntriesIn(
5781 heap_->trusted_pointer_space(),
5782 [&](TrustedPointerHandle handle, Address content) {
5783 Tagged<ExposedTrustedObject> relocated_object = process_entry(content);
5784 if (!relocated_object.is_null()) {
5785 DCHECK_EQ(handle, relocated_object->self_indirect_pointer_handle());
5786 auto instance_type = relocated_object->map()->instance_type();
5787 auto tag = IndirectPointerTagFromInstanceType(instance_type);
5788 tpt->Set(handle, relocated_object.ptr(), tag);
5789 }
5790 });
5791
5792 TrustedPointerTable* const stpt =
5793 &heap_->isolate()->shared_trusted_pointer_table();
5794 stpt->IterateActiveEntriesIn(
5795 heap_->isolate()->shared_trusted_pointer_space(),
5796 [&](TrustedPointerHandle handle, Address content) {
5797 Tagged<ExposedTrustedObject> relocated_object = process_entry(content);
5798 if (!relocated_object.is_null()) {
5799 DCHECK_EQ(handle, relocated_object->self_indirect_pointer_handle());
5800 auto instance_type = relocated_object->map()->instance_type();
5801 auto tag = IndirectPointerTagFromInstanceType(instance_type);
5802 DCHECK(IsSharedTrustedPointerType(tag));
5803 stpt->Set(handle, relocated_object.ptr(), tag);
5804 }
5805 });
5806
5807 CodePointerTable* const cpt = IsolateGroup::current()->code_pointer_table();
5808 cpt->IterateActiveEntriesIn(
5809 heap_->code_pointer_space(),
5810 [&](CodePointerHandle handle, Address content) {
5811 Tagged<ExposedTrustedObject> relocated_object = process_entry(content);
5812 if (!relocated_object.is_null()) {
5813 DCHECK_EQ(handle, relocated_object->self_indirect_pointer_handle());
5814 cpt->SetCodeObject(handle, relocated_object.address());
5815 }
5816 });
5817#endif // V8_ENABLE_SANDBOX
5818
5819#ifdef V8_ENABLE_LEAPTIERING
5820 JSDispatchTable* const jdt = IsolateGroup::current()->js_dispatch_table();
5821 const EmbeddedData& embedded_data = EmbeddedData::FromBlob(heap_->isolate());
5822 jdt->IterateActiveEntriesIn(
5823 heap_->js_dispatch_table_space(), [&](JSDispatchHandle handle) {
5824 Address code_address = jdt->GetCodeAddress(handle);
5825 Address entrypoint_address = jdt->GetEntrypoint(handle);
5826 Tagged<TrustedObject> relocated_code = process_entry(code_address);
5827 bool code_object_was_relocated = !relocated_code.is_null();
5828 Tagged<Code> code = Cast<Code>(code_object_was_relocated
5829 ? relocated_code
5830 : Tagged<Object>(code_address));
5831 bool instruction_stream_was_relocated =
5832 code->instruction_start() != entrypoint_address;
5833 if (code_object_was_relocated || instruction_stream_was_relocated) {
5834 Address old_entrypoint = jdt->GetEntrypoint(handle);
5835 // Ensure tiering trampolines are not overwritten here.
5836 Address new_entrypoint = ([&]() {
5837#define CASE(name, ...) \
5838 if (old_entrypoint == embedded_data.InstructionStartOf(Builtin::k##name)) { \
5839 return old_entrypoint; \
5840 }
5841 BUILTIN_LIST_BASE_TIERING(CASE)
5842#undef CASE
5843 return code->instruction_start();
5844 })();
5845 jdt->SetCodeAndEntrypointNoWriteBarrier(handle, code, new_entrypoint);
5846 CHECK_IMPLIES(jdt->IsTieringRequested(handle),
5847 old_entrypoint == new_entrypoint);
5848 }
5849 });
5850#endif // V8_ENABLE_LEAPTIERING
5851}
5852
5853void MarkCompactCollector::ReportAbortedEvacuationCandidateDueToOOM(
5854 Address failed_start, PageMetadata* page) {
5855 base::MutexGuard guard(&mutex_);
5856 aborted_evacuation_candidates_due_to_oom_.push_back(
5857 std::make_pair(failed_start, page));
5858}
5859
5860void MarkCompactCollector::ReportAbortedEvacuationCandidateDueToFlags(
5861 PageMetadata* page, MemoryChunk* chunk) {
5862 DCHECK_EQ(page->Chunk(), chunk);
5863 if (chunk->IsFlagSet(MemoryChunk::COMPACTION_WAS_ABORTED)) {
5864 return;
5865 }
5866 chunk->SetFlagSlow(MemoryChunk::COMPACTION_WAS_ABORTED);
5867 aborted_evacuation_candidates_due_to_flags_.push_back(page);
5868}
5869
5870namespace {
5871
5872void ReRecordPage(Heap* heap, Address failed_start, PageMetadata* page) {
5873 DCHECK(page->Chunk()->IsFlagSet(MemoryChunk::COMPACTION_WAS_ABORTED));
5874
5875 // Aborted compaction page. We have to record slots here, since we
5876 // might not have recorded them in first place.
5877
5878 // Remove mark bits in evacuated area.
5879 page->marking_bitmap()->ClearRange<AccessMode::NON_ATOMIC>(
5880 MarkingBitmap::AddressToIndex(page->area_start()),
5881 MarkingBitmap::LimitAddressToIndex(failed_start));
5882
5883 // Remove outdated slots.
5884 RememberedSet<OLD_TO_NEW>::RemoveRange(page, page->area_start(), failed_start,
5885 SlotSet::FREE_EMPTY_BUCKETS);
5886 RememberedSet<OLD_TO_NEW>::RemoveRangeTyped(page, page->area_start(),
5887 failed_start);
5888
5889 RememberedSet<OLD_TO_NEW_BACKGROUND>::RemoveRange(
5890 page, page->area_start(), failed_start, SlotSet::FREE_EMPTY_BUCKETS);
5891 DCHECK_NULL(page->typed_slot_set<OLD_TO_NEW_BACKGROUND>());
5892
5893 RememberedSet<OLD_TO_SHARED>::RemoveRange(
5894 page, page->area_start(), failed_start, SlotSet::FREE_EMPTY_BUCKETS);
5895 RememberedSet<OLD_TO_SHARED>::RemoveRangeTyped(page, page->area_start(),
5896 failed_start);
5897
5898 // Re-record slots and recompute live bytes.
5899 EvacuateRecordOnlyVisitor visitor(heap);
5900 LiveObjectVisitor::VisitMarkedObjectsNoFail(page, &visitor);
5901 page->SetLiveBytes(visitor.live_object_size());
5902 // Array buffers will be processed during pointer updating.
5903}
5904
5905} // namespace
5906
5907size_t MarkCompactCollector::PostProcessAbortedEvacuationCandidates() {
5908 for (auto start_and_page : aborted_evacuation_candidates_due_to_oom_) {
5909 PageMetadata* page = start_and_page.second;
5910 MemoryChunk* chunk = page->Chunk();
5911 DCHECK(!chunk->IsFlagSet(MemoryChunk::COMPACTION_WAS_ABORTED));
5912 chunk->SetFlagSlow(MemoryChunk::COMPACTION_WAS_ABORTED);
5913 }
5914 for (auto start_and_page : aborted_evacuation_candidates_due_to_oom_) {
5915 ReRecordPage(heap_, start_and_page.first, start_and_page.second);
5916 }
5917 for (auto page : aborted_evacuation_candidates_due_to_flags_) {
5918 ReRecordPage(heap_, page->area_start(), page);
5919 }
5920 const size_t aborted_pages =
5921 aborted_evacuation_candidates_due_to_oom_.size() +
5922 aborted_evacuation_candidates_due_to_flags_.size();
5923 size_t aborted_pages_verified = 0;
5924 for (PageMetadata* p : old_space_evacuation_pages_) {
5925 MemoryChunk* chunk = p->Chunk();
5926 if (chunk->IsFlagSet(MemoryChunk::COMPACTION_WAS_ABORTED)) {
5927 // Only clear EVACUATION_CANDIDATE flag after all slots were re-recorded
5928 // on all aborted pages. Necessary since repopulating
5929 // OLD_TO_OLD still requires the EVACUATION_CANDIDATE flag. After clearing
5930 // the evacuation candidate flag the page is again in a regular state.
5931 p->ClearEvacuationCandidate();
5932 aborted_pages_verified++;
5933 } else {
5934 DCHECK(chunk->IsEvacuationCandidate());
5935 DCHECK(p->SweepingDone());
5936 }
5937 }
5938 DCHECK_EQ(aborted_pages_verified, aborted_pages);
5939 USE(aborted_pages_verified);
5940 return aborted_pages;
5941}
5942
5943void MarkCompactCollector::ReleaseEvacuationCandidates() {
5944 for (PageMetadata* p : old_space_evacuation_pages_) {
5945 if (!p->Chunk()->IsEvacuationCandidate()) continue;
5946 PagedSpace* space = static_cast<PagedSpace*>(p->owner());
5947 p->SetLiveBytes(0);
5948 CHECK(p->SweepingDone());
5949 space->ReleasePage(p);
5950 }
5951 old_space_evacuation_pages_.clear();
5952 compacting_ = false;
5953}
5954
5955void MarkCompactCollector::StartSweepNewSpace() {
5956 PagedSpaceForNewSpace* paged_space = heap_->paged_new_space()->paged_space();
5957 paged_space->ClearAllocatorState();
5958
5959 int will_be_swept = 0;
5960
5961 heap_->StartResizeNewSpace();
5962
5963 DCHECK(empty_new_space_pages_to_be_swept_.empty());
5964 for (auto it = paged_space->begin(); it != paged_space->end();) {
5965 PageMetadata* p = *(it++);
5966 DCHECK(p->SweepingDone());
5967 DCHECK(!p->Chunk()->IsFlagSet(MemoryChunk::BLACK_ALLOCATED));
5968
5969 if (p->live_bytes() > 0) {
5970 // Non-empty pages will be evacuated/promoted.
5971 continue;
5972 }
5973
5974 if (paged_space->ShouldReleaseEmptyPage()) {
5975 paged_space->ReleasePage(p);
5976 } else {
5977 empty_new_space_pages_to_be_swept_.push_back(p);
5978 }
5979 will_be_swept++;
5980 }
5981
5982 if (v8_flags.gc_verbose) {
5983 PrintIsolate(heap_->isolate(),
5984 "sweeping: space=%s initialized_for_sweeping=%d",
5985 ToString(paged_space->identity()), will_be_swept);
5986 }
5987}
5988
5989void MarkCompactCollector::ResetAndRelinkBlackAllocatedPage(
5990 PagedSpace* space, PageMetadata* page) {
5991 DCHECK(page->Chunk()->IsFlagSet(MemoryChunk::BLACK_ALLOCATED));
5992 DCHECK_EQ(page->live_bytes(), 0);
5993 DCHECK_GE(page->allocated_bytes(), 0);
5994 DCHECK(page->marking_bitmap()->IsClean());
5995 std::optional<RwxMemoryWriteScope> scope;
5996 if (page->Chunk()->InCodeSpace()) {
5997 scope.emplace("For writing flags.");
5998 }
5999 page->Chunk()->ClearFlagUnlocked(MemoryChunk::BLACK_ALLOCATED);
6000 space->IncreaseAllocatedBytes(page->allocated_bytes(), page);
6001 space->RelinkFreeListCategories(page);
6002}
6003
6004void MarkCompactCollector::StartSweepSpace(PagedSpace* space) {
6005 DCHECK_NE(NEW_SPACE, space->identity());
6006 space->ClearAllocatorState();
6007
6008 int will_be_swept = 0;
6009 bool unused_page_present = false;
6010
6011 Sweeper* sweeper = heap_->sweeper();
6012
6013 // Loop needs to support deletion if live bytes == 0 for a page.
6014 for (auto it = space->begin(); it != space->end();) {
6015 PageMetadata* p = *(it++);
6016 DCHECK(p->SweepingDone());
6017
6018 if (p->Chunk()->IsEvacuationCandidate()) {
6019 DCHECK(!p->Chunk()->IsFlagSet(MemoryChunk::BLACK_ALLOCATED));
6020 DCHECK_NE(NEW_SPACE, space->identity());
6021 // Will be processed in Evacuate.
6022 continue;
6023 }
6024
6025 // If the page is black, just reset the flag and don't add the page to the
6026 // sweeper.
6027 if (p->Chunk()->IsFlagSet(MemoryChunk::BLACK_ALLOCATED)) {
6028 ResetAndRelinkBlackAllocatedPage(space, p);
6029 continue;
6030 }
6031
6032 // One unused page is kept, all further are released before sweeping them.
6033 if (p->live_bytes() == 0) {
6034 if (unused_page_present) {
6035 if (v8_flags.gc_verbose) {
6036 PrintIsolate(heap_->isolate(), "sweeping: released page: %p",
6037 static_cast<void*>(p));
6038 }
6039 space->ReleasePage(p);
6040 continue;
6041 }
6042 unused_page_present = true;
6043 }
6044
6045 sweeper->AddPage(space->identity(), p);
6046 will_be_swept++;
6047 }
6048
6049 if (v8_flags.sticky_mark_bits && space->identity() == OLD_SPACE) {
6050 static_cast<StickySpace*>(space)->set_old_objects_size(space->Size());
6051 }
6052
6053 if (v8_flags.gc_verbose) {
6054 PrintIsolate(heap_->isolate(),
6055 "sweeping: space=%s initialized_for_sweeping=%d",
6056 ToString(space->identity()), will_be_swept);
6057 }
6058}
6059
6060namespace {
6061bool ShouldPostponeFreeingEmptyPages(LargeObjectSpace* space) {
6062 // Delay releasing dead old large object pages until after pointer updating is
6063 // done because dead old space objects may have old-to-new slots (which
6064 // were possibly later overriden with old-to-old references) that are
6065 // pointing to these pages and will need to be updated.
6066 if (space->identity() == LO_SPACE) return true;
6067 // Old-to-new slots may also point to shared spaces. Delay releasing so that
6068 // updating slots in dead old objects can access the dead shared objects.
6069 if (space->identity() == SHARED_LO_SPACE) return true;
6070 return false;
6071}
6072} // namespace
6073
6074void MarkCompactCollector::SweepLargeSpace(LargeObjectSpace* space) {
6075 PtrComprCageBase cage_base(heap_->isolate());
6076 size_t surviving_object_size = 0;
6077 const MemoryAllocator::FreeMode free_mode =
6078 ShouldPostponeFreeingEmptyPages(space)
6079 ? MemoryAllocator::FreeMode::kPostpone
6080 : MemoryAllocator::FreeMode::kImmediately;
6081 for (auto it = space->begin(); it != space->end();) {
6082 LargePageMetadata* current = *(it++);
6083 DCHECK(!current->Chunk()->IsFlagSet(MemoryChunk::BLACK_ALLOCATED));
6084 Tagged<HeapObject> object = current->GetObject();
6085 if (!marking_state_->IsMarked(object)) {
6086 // Object is dead and page can be released.
6087 space->RemovePage(current);
6088 heap_->memory_allocator()->Free(free_mode, current);
6089
6090 continue;
6091 }
6092 if (!v8_flags.sticky_mark_bits) {
6093 MarkBit::From(object).Clear();
6094 current->SetLiveBytes(0);
6095 }
6096 current->marking_progress_tracker().ResetIfEnabled();
6097 surviving_object_size += static_cast<size_t>(object->Size(cage_base));
6098 }
6099 space->set_objects_size(surviving_object_size);
6100}
6101
6102void MarkCompactCollector::Sweep() {
6103 DCHECK(!sweeper_->sweeping_in_progress());
6104 sweeper_->InitializeMajorSweeping();
6105
6106 TRACE_GC_EPOCH_WITH_FLOW(
6107 heap_->tracer(), GCTracer::Scope::MC_SWEEP, ThreadKind::kMain,
6108 sweeper_->GetTraceIdForFlowEvent(GCTracer::Scope::MC_SWEEP),
6109 TRACE_EVENT_FLAG_FLOW_OUT);
6110#ifdef DEBUG
6111 state_ = SWEEP_SPACES;
6112#endif
6113
6114 {
6115 GCTracer::Scope sweep_scope(heap_->tracer(), GCTracer::Scope::MC_SWEEP_LO,
6116 ThreadKind::kMain);
6117 SweepLargeSpace(heap_->lo_space());
6118 }
6119 {
6120 GCTracer::Scope sweep_scope(
6121 heap_->tracer(), GCTracer::Scope::MC_SWEEP_CODE_LO, ThreadKind::kMain);
6122 SweepLargeSpace(heap_->code_lo_space());
6123 }
6124 if (heap_->shared_space()) {
6125 GCTracer::Scope sweep_scope(heap_->tracer(),
6126 GCTracer::Scope::MC_SWEEP_SHARED_LO,
6127 ThreadKind::kMain);
6128 SweepLargeSpace(heap_->shared_lo_space());
6129 }
6130 {
6131 GCTracer::Scope sweep_scope(heap_->tracer(), GCTracer::Scope::MC_SWEEP_OLD,
6132 ThreadKind::kMain);
6133 StartSweepSpace(heap_->old_space());
6134 }
6135 {
6136 GCTracer::Scope sweep_scope(heap_->tracer(), GCTracer::Scope::MC_SWEEP_CODE,
6137 ThreadKind::kMain);
6138 StartSweepSpace(heap_->code_space());
6139 }
6140 if (heap_->shared_space()) {
6141 GCTracer::Scope sweep_scope(
6142 heap_->tracer(), GCTracer::Scope::MC_SWEEP_SHARED, ThreadKind::kMain);
6143 StartSweepSpace(heap_->shared_space());
6144 }
6145 {
6146 GCTracer::Scope sweep_scope(
6147 heap_->tracer(), GCTracer::Scope::MC_SWEEP_TRUSTED, ThreadKind::kMain);
6148 StartSweepSpace(heap_->trusted_space());
6149 }
6150 if (heap_->shared_trusted_space()) {
6151 GCTracer::Scope sweep_scope(
6152 heap_->tracer(), GCTracer::Scope::MC_SWEEP_SHARED, ThreadKind::kMain);
6153 StartSweepSpace(heap_->shared_trusted_space());
6154 }
6155 {
6156 GCTracer::Scope sweep_scope(heap_->tracer(),
6157 GCTracer::Scope::MC_SWEEP_TRUSTED_LO,
6158 ThreadKind::kMain);
6159 SweepLargeSpace(heap_->trusted_lo_space());
6160 }
6161 if (v8_flags.minor_ms && heap_->new_space()) {
6162 GCTracer::Scope sweep_scope(heap_->tracer(), GCTracer::Scope::MC_SWEEP_NEW,
6163 ThreadKind::kMain);
6164 StartSweepNewSpace();
6165 }
6166
6167 sweeper_->StartMajorSweeping();
6168}
6169
6170RootMarkingVisitor::RootMarkingVisitor(MarkCompactCollector* collector)
6171 : collector_(collector) {}
6172
6173RootMarkingVisitor::~RootMarkingVisitor() = default;
6174
6175void RootMarkingVisitor::VisitRunningCode(
6176 FullObjectSlot code_slot, FullObjectSlot istream_or_smi_zero_slot) {
6177 Tagged<Object> istream_or_smi_zero = *istream_or_smi_zero_slot;
6178 DCHECK(istream_or_smi_zero == Smi::zero() ||
6179 IsInstructionStream(istream_or_smi_zero));
6180 Tagged<Code> code = Cast<Code>(*code_slot);
6181 DCHECK_EQ(code->raw_instruction_stream(PtrComprCageBase{
6182 collector_->heap()->isolate()->code_cage_base()}),
6183 istream_or_smi_zero);
6184
6185 // We must not remove deoptimization literals which may be needed in
6186 // order to successfully deoptimize.
6187 code->IterateDeoptimizationLiterals(this);
6188
6189 if (istream_or_smi_zero != Smi::zero()) {
6190 VisitRootPointer(Root::kStackRoots, nullptr, istream_or_smi_zero_slot);
6191 }
6192
6193 VisitRootPointer(Root::kStackRoots, nullptr, code_slot);
6194}
6195
6196} // namespace internal
6197} // namespace v8
schedule
Schedule * schedule
Definition add-type-assertions-reducer.cc:17
isolate_
Isolate * isolate_
Definition api-natives.cc:37
SBXCHECK_EQ
#define SBXCHECK_EQ(lhs, rhs)
Definition check.h:62
SBXCHECK
#define SBXCHECK(condition)
Definition check.h:61
heap::base::Worklist::Local::Pop
V8_INLINE bool Pop(EntryType *entry)
Definition worklist.h:402
v8::JobDelegate::IsJoiningThread
virtual bool IsJoiningThread() const =0
v8::JobDelegate::GetTaskId
virtual uint8_t GetTaskId()=0
v8::Platform::NumberOfWorkerThreads
virtual int NumberOfWorkerThreads()=0
v8::Platform::CreateJob
std::unique_ptr< JobHandle > CreateJob(TaskPriority priority, std::unique_ptr< JobTask > job_task, const SourceLocation &location=SourceLocation::Current())
Definition v8-platform.h:1271
v8::base::EnumSet::Add
constexpr void Add(E element)
Definition enum-set.h:50
v8::base::RandomNumberGenerator::NextDouble
double NextDouble() V8_WARN_UNUSED_RESULT
Definition random-number-generator.cc:114
v8::base::RandomNumberGenerator::NextSample
std::vector< uint64_t > NextSample(uint64_t max, size_t n) V8_WARN_UNUSED_RESULT
Definition random-number-generator.cc:144
v8::base::RandomNumberGenerator::NextInt64
int64_t NextInt64() V8_WARN_UNUSED_RESULT
Definition random-number-generator.cc:120
v8::base::TimeDelta::Max
static constexpr TimeDelta Max()
Definition time.h:233
v8::base::TimeTicks::Now
static TimeTicks Now()
Definition time.cc:736
v8::internal::AllocationResult::To
bool To(Tagged< T > *obj) const
Definition allocation-result.h:41
v8::internal::ArrayBufferSweeper::RequestSweep
void RequestSweep(SweepingType sweeping_type, TreatAllYoungAsPromoted treat_all_young_as_promoted)
Definition array-buffer-sweeper.cc:282
v8::internal::Builtins::code
V8_EXPORT_PRIVATE Tagged< Code > code(Builtin builtin)
Definition builtins.cc:149
v8::internal::ConcurrentMarking::garbage_collector
GarbageCollector garbage_collector() const
Definition concurrent-marking.h:81
v8::internal::ConcurrentMarking::FlushNativeContexts
void FlushNativeContexts(NativeContextStats *main_stats)
Definition concurrent-marking.cc:844
v8::internal::ConcurrentMarking::RescheduleJobIfNeeded
void RescheduleJobIfNeeded(GarbageCollector garbage_collector, TaskPriority priority=TaskPriority::kUserVisible)
Definition concurrent-marking.cc:742
v8::internal::ConcurrentMarking::set_another_ephemeron_iteration
void set_another_ephemeron_iteration(bool another_ephemeron_iteration)
Definition concurrent-marking.h:74
v8::internal::CppHeap::From
static CppHeap * From(v8::CppHeap *heap)
Definition cpp-heap.h:102
v8::internal::CppHeap::EnterFinalPause
void EnterFinalPause(cppgc::EmbedderStackState stack_state)
Definition cpp-heap.cc:890
v8::internal::Deoptimizer::DeoptimizeMarkedCode
static void DeoptimizeMarkedCode(Isolate *isolate)
Definition deoptimizer.cc:396
v8::internal::EphemeronTableUpdatingItem::~EphemeronTableUpdatingItem
~EphemeronTableUpdatingItem() override=default
v8::internal::EvacuateNewSpaceVisitor::local_pretenuring_feedback_
PretenuringHandler::PretenuringFeedbackMap * local_pretenuring_feedback_
Definition mark-compact.cc:1732
v8::internal::EvacuateNewSpaceVisitor::AllocateTargetObject
AllocationSpace AllocateTargetObject(Tagged< HeapObject > old_object, int size, Tagged< HeapObject > *target_object)
Definition mark-compact.cc:1701
v8::internal::EvacuateNewSpaceVisitor::EvacuateNewSpaceVisitor
EvacuateNewSpaceVisitor(Heap *heap, EvacuationAllocator *local_allocator, RecordMigratedSlotVisitor *record_visitor, PretenuringHandler::PretenuringFeedbackMap *local_pretenuring_feedback)
Definition mark-compact.cc:1648
v8::internal::EvacuateNewSpaceVisitor::AllocateInOldSpace
AllocationResult AllocateInOldSpace(int size_in_bytes, AllocationAlignment alignment)
Definition mark-compact.cc:1719
v8::internal::EvacuateNewSpaceVisitor::pretenuring_handler_
PretenuringHandler *const pretenuring_handler_
Definition mark-compact.cc:1731
v8::internal::EvacuateNewSpaceVisitor::TryEvacuateWithoutCopy
bool TryEvacuateWithoutCopy(Tagged< HeapObject > object)
Definition mark-compact.cc:1682
v8::internal::EvacuateNewSpaceVisitor::Visit
bool Visit(Tagged< HeapObject > object, int size) override
Definition mark-compact.cc:1663
v8::internal::EvacuateNewToOldSpacePageVisitor::EvacuateNewToOldSpacePageVisitor
EvacuateNewToOldSpacePageVisitor(Heap *heap, RecordMigratedSlotVisitor *record_visitor, PretenuringHandler::PretenuringFeedbackMap *local_pretenuring_feedback)
Definition mark-compact.cc:1739
v8::internal::EvacuateNewToOldSpacePageVisitor::Visit
bool Visit(Tagged< HeapObject > object, int size) override
Definition mark-compact.cc:1754
v8::internal::EvacuateNewToOldSpacePageVisitor::local_pretenuring_feedback_
PretenuringHandler::PretenuringFeedbackMap * local_pretenuring_feedback_
Definition mark-compact.cc:1770
v8::internal::EvacuateOldSpaceVisitor::Visit
bool Visit(Tagged< HeapObject > object, int size) override
Definition mark-compact.cc:1779
v8::internal::EvacuateOldSpaceVisitor::EvacuateOldSpaceVisitor
EvacuateOldSpaceVisitor(Heap *heap, EvacuationAllocator *local_allocator, RecordMigratedSlotVisitor *record_visitor)
Definition mark-compact.cc:1775
v8::internal::EvacuateRecordOnlyVisitor::Visit
bool Visit(Tagged< HeapObject > object, int size) override
Definition mark-compact.cc:1797
v8::internal::EvacuateVisitorBase::ExecuteMigrationObservers
void ExecuteMigrationObservers(AllocationSpace dest, Tagged< HeapObject > src, Tagged< HeapObject > dst, int size)
Definition mark-compact.cc:1621
v8::internal::EvacuateVisitorBase::RawMigrateObject
static void RawMigrateObject(EvacuateVisitorBase *base, Tagged< HeapObject > dst, Tagged< HeapObject > src, int size, AllocationSpace dest)
Definition mark-compact.cc:1490
v8::internal::EvacuateVisitorBase::ShouldPromoteIntoSharedHeap
bool ShouldPromoteIntoSharedHeap(Tagged< Map > map)
Definition mark-compact.cc:1613
v8::internal::EvacuateVisitorBase::MigrateFunction
void(*)(EvacuateVisitorBase *base, Tagged< HeapObject > dst, Tagged< HeapObject > src, int size, AllocationSpace dest) MigrateFunction
Definition mark-compact.cc:1484
v8::internal::EvacuateVisitorBase::rng_
std::optional< base::RandomNumberGenerator > rng_
Definition mark-compact.cc:1643
v8::internal::EvacuateVisitorBase::TryEvacuateObject
bool TryEvacuateObject(AllocationSpace target_space, Tagged< HeapObject > object, int size, Tagged< HeapObject > *target_object)
Definition mark-compact.cc:1584
v8::internal::EvacuateVisitorBase::record_visitor_
RecordMigratedSlotVisitor * record_visitor_
Definition mark-compact.cc:1636
v8::internal::EvacuateVisitorBase::AddObserver
void AddObserver(MigrationObserver *observer)
Definition mark-compact.cc:1444
v8::internal::EvacuateVisitorBase::EvacuateVisitorBase
EvacuateVisitorBase(Heap *heap, EvacuationAllocator *local_allocator, RecordMigratedSlotVisitor *record_visitor)
Definition mark-compact.cc:1571
v8::internal::EvacuateVisitorBase::local_allocator_
EvacuationAllocator * local_allocator_
Definition mark-compact.cc:1635
v8::internal::EvacuateVisitorBase::MigrateObject
void MigrateObject(Tagged< HeapObject > dst, Tagged< HeapObject > src, int size, AllocationSpace dest)
Definition mark-compact.cc:1629
v8::internal::EvacuateVisitorBase::observers_
std::vector< MigrationObserver * > observers_
Definition mark-compact.cc:1637
v8::internal::EvacuationAllocator::Allocate
AllocationResult Allocate(AllocationSpace space, int object_size, AllocationAlignment alignment)
Definition evacuation-allocator-inl.h:17
v8::internal::EvacuationWeakObjectRetainer::RetainAs
Tagged< Object > RetainAs(Tagged< Object > object) override
Definition mark-compact.cc:5025
v8::internal::Evacuator::local_pretenuring_feedback_
PretenuringHandler::PretenuringFeedbackMap local_pretenuring_feedback_
Definition mark-compact.cc:4521
v8::internal::Evacuator::old_space_visitor_
EvacuateOldSpaceVisitor old_space_visitor_
Definition mark-compact.cc:4531
v8::internal::Evacuator::ComputeEvacuationMode
static EvacuationMode ComputeEvacuationMode(MemoryChunk *chunk)
Definition mark-compact.cc:4473
v8::internal::Evacuator::new_space_visitor_
EvacuateNewSpaceVisitor new_space_visitor_
Definition mark-compact.cc:4529
v8::internal::Evacuator::ReportCompactionProgress
void ReportCompactionProgress(double duration, intptr_t bytes_compacted)
Definition mark-compact.cc:4514
v8::internal::Evacuator::EvacuatePage
void EvacuatePage(MutablePageMetadata *chunk)
Definition mark-compact.cc:4538
v8::internal::Evacuator::EvacuationModeName
static const char * EvacuationModeName(EvacuationMode mode)
Definition mark-compact.cc:4462
v8::internal::Evacuator::record_visitor_
RecordMigratedSlotVisitor record_visitor_
Definition mark-compact.cc:4526
v8::internal::Evacuator::new_to_old_page_visitor_
EvacuateNewToOldSpacePageVisitor new_to_old_page_visitor_
Definition mark-compact.cc:4530
v8::internal::Evacuator::local_allocator_
EvacuationAllocator local_allocator_
Definition mark-compact.cc:4524
v8::internal::Evacuator::AddObserver
void AddObserver(MigrationObserver *observer)
Definition mark-compact.cc:4499
v8::internal::Factory::isolate
Isolate * isolate() const
Definition factory.h:1281
v8::internal::FullMaybeObjectSlot::Relaxed_Load
Tagged< MaybeObject > Relaxed_Load() const
Definition slots-inl.h:141
v8::internal::FullMaybeObjectSlot::store
void store(Tagged< MaybeObject > value) const
Definition slots-inl.h:137
v8::internal::FullObjectSlot::Relaxed_Store
void Relaxed_Store(Tagged< Object > value) const
Definition slots-inl.h:100
v8::internal::FullObjectSlot::load
Tagged< Object > load() const
Definition slots-inl.h:48
v8::internal::FullObjectSlot::Relaxed_Load
Tagged< Object > Relaxed_Load() const
Definition slots-inl.h:82
v8::internal::FullStringForwardingTableCleaner::TransitionStrings
void TransitionStrings(StringForwardingTable::Record *record)
Definition mark-compact.cc:2700
v8::internal::FullStringForwardingTableCleaner::MarkForwardObject
void MarkForwardObject(StringForwardingTable::Record *record)
Definition mark-compact.cc:2678
v8::internal::FullStringForwardingTableCleaner::TryExternalize
void TryExternalize(Tagged< String > original_string, StringForwardingTable::Record *record)
Definition mark-compact.cc:2720
v8::internal::FullStringForwardingTableCleaner::TryInternalize
void TryInternalize(Tagged< String > original_string, StringForwardingTable::Record *record)
Definition mark-compact.cc:2745
v8::internal::GCTracer::CodeFlushingIncrease
uint16_t CodeFlushingIncrease() const
Definition gc-tracer.cc:723
v8::internal::GCTracer::CompactionSpeedInBytesPerMillisecond
std::optional< double > CompactionSpeedInBytesPerMillisecond() const
Definition gc-tracer.cc:1349
v8::internal::GlobalHandles::IterateWeakRootsForPhantomHandles
void IterateWeakRootsForPhantomHandles(WeakSlotCallbackWithHeap should_reset_handle)
Definition global-handles.cc:712
v8::internal::GlobalSafepoint::IterateClientIsolates
void IterateClientIsolates(Callback callback)
Definition safepoint.h:190
v8::internal::HeapAllocator::new_space_allocator
MainAllocator * new_space_allocator()
Definition heap-allocator.h:119
v8::internal::HeapLayout::InYoungGeneration
static V8_INLINE bool InYoungGeneration(Tagged< Object > object)
Definition heap-layout-inl.h:43
v8::internal::HeapLayout::InWritableSharedSpace
static V8_INLINE bool InWritableSharedSpace(Tagged< HeapObject > object)
Definition heap-layout-inl.h:67
v8::internal::HeapLayout::InReadOnlySpace
static V8_INLINE bool InReadOnlySpace(Tagged< HeapObject > object)
Definition heap-layout-inl.h:20
v8::internal::HeapLayout::InAnySharedSpace
static V8_INLINE bool InAnySharedSpace(Tagged< HeapObject > object)
Definition heap-layout-inl.h:72
v8::internal::HeapLayout::InCodeSpace
static V8_INLINE bool InCodeSpace(Tagged< HeapObject > object)
Definition heap-layout-inl.h:80
v8::internal::HeapObjectVisitor::~HeapObjectVisitor
virtual ~HeapObjectVisitor()=default
v8::internal::HeapObjectVisitor::Visit
virtual bool Visit(Tagged< HeapObject > object, int size)=0
v8::internal::HeapObject::kHeaderSize
static constexpr int kHeaderSize
Definition heap-object.h:492
v8::internal::HeapObject::kMapOffset
static constexpr int kMapOffset
Definition heap-object.h:491
v8::internal::HeapObject::RequiredAlignment
static AllocationAlignment RequiredAlignment(Tagged< Map > map)
Definition objects-inl.h:1692
v8::internal::HeapUtils::GetOwnerHeap
static V8_INLINE Heap * GetOwnerHeap(Tagged< HeapObject > object)
Definition heap-utils-inl.h:16
v8::internal::HeapVisitor::Visit
V8_INLINE size_t Visit(Tagged< HeapObject > object)
Definition heap-visitor-inl.h:97
v8::internal::Heap::external_string_table_
ExternalStringTable external_string_table_
Definition heap.h:2364
v8::internal::Heap::live_object_stats_
std::unique_ptr< ObjectStats > live_object_stats_
Definition heap.h:2276
v8::internal::Heap::ProcessAllWeakReferences
void ProcessAllWeakReferences(WeakObjectRetainer *retainer)
Definition heap.cc:2885
v8::internal::Heap::new_space
NewSpace * new_space() const
Definition heap.h:727
v8::internal::Heap::shared_space
SharedSpace * shared_space() const
Definition heap.h:733
v8::internal::Heap::lo_space
OldLargeObjectSpace * lo_space() const
Definition heap.h:734
v8::internal::Heap::new_lo_space
NewLargeObjectSpace * new_lo_space() const
Definition heap.h:737
v8::internal::Heap::use_new_space
bool use_new_space() const
Definition heap.h:1643
v8::internal::Heap::mark_compact_collector
MarkCompactCollector * mark_compact_collector()
Definition heap.h:813
v8::internal::Heap::dead_object_stats_
std::unique_ptr< ObjectStats > dead_object_stats_
Definition heap.h:2277
v8::internal::Heap::Contains
V8_EXPORT_PRIVATE bool Contains(Tagged< HeapObject > value) const
Definition heap.cc:4341
v8::internal::Heap::ShouldCurrentGCKeepAgesUnchanged
bool ShouldCurrentGCKeepAgesUnchanged() const
Definition heap.h:1361
v8::internal::Heap::OnMoveEvent
void OnMoveEvent(Tagged< HeapObject > source, Tagged< HeapObject > target, int size_in_bytes)
Definition heap.cc:3337
v8::internal::Heap::ResizeNewSpace
void ResizeNewSpace()
Definition heap.cc:3841
v8::internal::Heap::incremental_marking
IncrementalMarking * incremental_marking() const
Definition heap.h:1062
v8::internal::Heap::memory_measurement
MemoryMeasurement * memory_measurement()
Definition heap.h:2055
v8::internal::Heap::old_space
OldSpace * old_space() const
Definition heap.h:730
v8::internal::Heap::array_buffer_sweeper
ArrayBufferSweeper * array_buffer_sweeper()
Definition heap.h:823
v8::internal::Heap::concurrent_marking
ConcurrentMarking * concurrent_marking() const
Definition heap.h:1070
v8::internal::Heap::trusted_space
TrustedSpace * trusted_space() const
Definition heap.h:739
v8::internal::Heap::IterateRoots
void IterateRoots(RootVisitor *v, base::EnumSet< SkipRoot > options, IterateRootsMode roots_mode=IterateRootsMode::kMainIsolate)
Definition heap.cc:4657
v8::internal::Heap::cpp_heap_
v8::CppHeap * cpp_heap_
Definition heap.h:2305
v8::internal::Heap::memory_allocator
MemoryAllocator * memory_allocator()
Definition heap.h:803
v8::internal::Heap::IterateConservativeStackRoots
void IterateConservativeStackRoots(RootVisitor *root_visitor, IterateRootsMode roots_mode=IterateRootsMode::kMainIsolate)
Definition heap.cc:4836
v8::internal::Heap::IterateRootsForPrecisePinning
void IterateRootsForPrecisePinning(RootVisitor *visitor)
Definition heap.cc:4861
v8::internal::Heap::sweeper
Sweeper * sweeper()
Definition heap.h:821
v8::internal::Heap::code_lo_space
CodeLargeObjectSpace * code_lo_space() const
Definition heap.h:735
v8::internal::Heap::trusted_lo_space
TrustedLargeObjectSpace * trusted_lo_space() const
Definition heap.h:743
v8::internal::Heap::embedder_stack_state_
StackState embedder_stack_state_
Definition heap.h:2309
v8::internal::Heap::code_space
CodeSpace * code_space() const
Definition heap.h:732
v8::internal::Heap::marking_state
MarkingState * marking_state()
Definition heap.h:1621
v8::internal::Heap::main_thread_local_heap_
LocalHeap * main_thread_local_heap_
Definition heap.h:2191
v8::internal::Heap::FatalProcessOutOfMemory
V8_EXPORT_PRIVATE void FatalProcessOutOfMemory(const char *location)
Definition heap.cc:6385
v8::internal::Heap::ShouldUseBackgroundThreads
bool ShouldUseBackgroundThreads() const
Definition heap.cc:456
v8::internal::Heap::Unmark
V8_EXPORT_PRIVATE void Unmark()
Definition heap.cc:3580
v8::internal::Heap::paged_new_space
PagedNewSpace * paged_new_space() const
Definition heap-inl.h:435
v8::internal::Heap::FindAllNativeContexts
std::vector< Handle< NativeContext > > FindAllNativeContexts()
Definition heap.cc:7004
v8::internal::Heap::ShouldOptimizeForMemoryUsage
V8_EXPORT_PRIVATE bool ShouldOptimizeForMemoryUsage()
Definition heap.cc:3752
v8::internal::Heap::FindAllRetainedMaps
std::vector< Tagged< WeakArrayList > > FindAllRetainedMaps()
Definition heap.cc:7015
v8::internal::Heap::non_atomic_marking_state
NonAtomicMarkingState * non_atomic_marking_state()
Definition heap.h:1623
v8::internal::Heap::cpp_heap
v8::CppHeap * cpp_heap() const
Definition heap.h:1112
v8::internal::Heap::tracer
GCTracer * tracer()
Definition heap.h:800
v8::internal::Heap::IsGCWithStack
bool IsGCWithStack() const
Definition heap.cc:526
v8::internal::Heap::isolate
Isolate * isolate() const
Definition heap-inl.h:61
v8::internal::Heap::EnsureQuarantinedPagesSweepingCompleted
void EnsureQuarantinedPagesSweepingCompleted()
Definition heap.cc:7349
v8::internal::Heap::allocator
HeapAllocator * allocator()
Definition heap.h:1640
v8::internal::Heap::ShouldReduceMemory
bool ShouldReduceMemory() const
Definition heap.h:1615
v8::internal::Heap::CreateObjectStats
void CreateObjectStats()
Definition heap.cc:7080
v8::internal::IndirectPointerSlot::Relaxed_LoadHandle
IndirectPointerHandle Relaxed_LoadHandle() const
Definition slots-inl.h:398
v8::internal::InstructionStream::BodyDescriptor::IterateBody
static void IterateBody(Tagged< Map > map, Tagged< HeapObject > obj, ObjectVisitor *v)
Definition objects-body-descriptors-inl.h:1277
v8::internal::InstructionStream::FromTargetAddress
static Tagged< InstructionStream > FromTargetAddress(Address address)
Definition instruction-stream-inl.h:234
v8::internal::InternalizedStringTableCleaner::VisitRootPointers
void VisitRootPointers(Root root, const char *description, FullObjectSlot start, FullObjectSlot end) override
Definition mark-compact.cc:1093
v8::internal::InternalizedStringTableCleaner::VisitRootPointers
void VisitRootPointers(Root root, const char *description, OffHeapObjectSlot start, OffHeapObjectSlot end) override
Definition mark-compact.cc:1098
v8::internal::IsolateGroup::current
static IsolateGroup * current()
Definition isolate-group.h:181
v8::internal::Isolate::global_handles
GlobalHandles * global_handles() const
Definition isolate.h:1416
v8::internal::Isolate::serializer_enabled
bool serializer_enabled() const
Definition isolate.h:1549
v8::internal::Isolate::compilation_cache
CompilationCache * compilation_cache()
Definition isolate.h:1191
v8::internal::Isolate::bootstrapper
Bootstrapper * bootstrapper()
Definition isolate.h:1178
v8::internal::Isolate::global_safepoint
GlobalSafepoint * global_safepoint() const
Definition isolate.h:2305
v8::internal::Isolate::traced_handles
TracedHandles * traced_handles()
Definition isolate.h:1418
v8::internal::Isolate::AllowsCodeCompaction
bool AllowsCodeCompaction() const
Definition isolate.cc:6151
v8::internal::Isolate::builtins
Builtins * builtins()
Definition isolate.h:1443
v8::internal::Isolate::shared_space_isolate
Isolate * shared_space_isolate() const
Definition isolate.h:2295
v8::internal::Isolate::string_forwarding_table
StringForwardingTable * string_forwarding_table() const
Definition isolate.h:785
v8::internal::Isolate::fuzzer_rng
base::RandomNumberGenerator * fuzzer_rng()
Definition isolate.cc:6330
v8::internal::LargeObjectSpace::GetObjectIterator
std::unique_ptr< ObjectIterator > GetObjectIterator(Heap *heap) override
Definition large-spaces.cc:276
v8::internal::LargeObjectSpace::Size
size_t Size() const override
Definition large-spaces.h:46
v8::internal::LocalHeap::marking_barrier
MarkingBarrier * marking_barrier()
Definition local-heap.h:130
v8::internal::MainAllocator::original_top_acquire
Address original_top_acquire() const
Definition main-allocator.h:182
v8::internal::MainAllocator::IsLabValid
V8_INLINE bool IsLabValid() const
Definition main-allocator.h:252
v8::internal::MainMarkingVisitor::RecordRelocSlot
void RecordRelocSlot(Tagged< InstructionStream > host, RelocInfo *rinfo, Tagged< HeapObject > target)
Definition mark-compact.cc:274
v8::internal::MainMarkingVisitor::RecordSlot
void RecordSlot(Tagged< HeapObject > object, TSlot slot, Tagged< HeapObject > target)
Definition mark-compact.cc:269
v8::internal::MainMarkingVisitor::MainMarkingVisitor
MainMarkingVisitor(MarkingWorklists::Local *local_marking_worklists, WeakObjects::Local *local_weak_objects, Heap *heap, unsigned mark_compact_epoch, base::EnumSet< CodeFlushMode > code_flush_mode, bool should_keep_ages_unchanged, uint16_t code_flushing_increase)
Definition mark-compact.cc:254
v8::internal::MapWord::IsPacked
static constexpr bool IsPacked(Address)
Definition objects.h:846
v8::internal::MapWord::IsForwardingAddress
bool IsForwardingAddress() const
Definition objects-inl.h:1271
v8::internal::MapWord::FromForwardingAddress
static MapWord FromForwardingAddress(Tagged< HeapObject > map_word_host, Tagged< HeapObject > object)
Definition objects-inl.h:1282
v8::internal::MapWord::ToForwardingAddress
Tagged< HeapObject > ToForwardingAddress(Tagged< HeapObject > map_word_host)
Definition objects-inl.h:1298
v8::internal::MarkCompactCollector::CustomRootBodyMarkingVisitor::MarkObject
V8_INLINE void MarkObject(Tagged< HeapObject > host, Tagged< Object > object)
Definition mark-compact.cc:994
v8::internal::MarkCompactCollector::CustomRootBodyMarkingVisitor::VisitInstructionStreamPointer
void VisitInstructionStreamPointer(Tagged< Code > host, InstructionStreamSlot slot) override
Definition mark-compact.cc:970
v8::internal::MarkCompactCollector::CustomRootBodyMarkingVisitor::VisitCodeTarget
void VisitCodeTarget(Tagged< InstructionStream > host, RelocInfo *rinfo) override
Definition mark-compact.cc:981
v8::internal::MarkCompactCollector::CustomRootBodyMarkingVisitor::VisitPointer
void VisitPointer(Tagged< HeapObject > host, ObjectSlot p) final
Definition mark-compact.cc:952
v8::internal::MarkCompactCollector::CustomRootBodyMarkingVisitor::VisitPointers
void VisitPointers(Tagged< HeapObject > host, MaybeObjectSlot start, MaybeObjectSlot end) final
Definition mark-compact.cc:975
v8::internal::MarkCompactCollector::CustomRootBodyMarkingVisitor::VisitEmbeddedPointer
void VisitEmbeddedPointer(Tagged< InstructionStream > host, RelocInfo *rinfo) override
Definition mark-compact.cc:988
v8::internal::MarkCompactCollector::CustomRootBodyMarkingVisitor::VisitPointers
void VisitPointers(Tagged< HeapObject > host, ObjectSlot start, ObjectSlot end) final
Definition mark-compact.cc:960
v8::internal::MarkCompactCollector::SharedHeapObjectVisitor::VisitPointer
void VisitPointer(Tagged< HeapObject > host, ObjectSlot p) final
Definition mark-compact.cc:1014
v8::internal::MarkCompactCollector::SharedHeapObjectVisitor::VisitPointers
void VisitPointers(Tagged< HeapObject > host, ObjectSlot start, ObjectSlot end) final
Definition mark-compact.cc:1029
v8::internal::MarkCompactCollector::SharedHeapObjectVisitor::CheckForSharedObject
V8_INLINE void CheckForSharedObject(Tagged< HeapObject > host, ObjectSlot slot, Tagged< Object > object)
Definition mark-compact.cc:1064
v8::internal::MarkCompactCollector::SharedHeapObjectVisitor::VisitEmbeddedPointer
void VisitEmbeddedPointer(Tagged< InstructionStream > host, RelocInfo *rinfo) override
Definition mark-compact.cc:1058
v8::internal::MarkCompactCollector::SharedHeapObjectVisitor::VisitMapPointer
void VisitMapPointer(Tagged< HeapObject > host) final
Definition mark-compact.cc:1025
v8::internal::MarkCompactCollector::SharedHeapObjectVisitor::VisitPointers
void VisitPointers(Tagged< HeapObject > host, MaybeObjectSlot start, MaybeObjectSlot end) final
Definition mark-compact.cc:1044
v8::internal::MarkCompactCollector::SharedHeapObjectVisitor::VisitCodeTarget
void VisitCodeTarget(Tagged< InstructionStream > host, RelocInfo *rinfo) override
Definition mark-compact.cc:1053
v8::internal::MarkCompactCollector::SharedHeapObjectVisitor::VisitInstructionStreamPointer
void VisitInstructionStreamPointer(Tagged< Code > host, InstructionStreamSlot slot) override
Definition mark-compact.cc:1039
v8::internal::MarkCompactCollector::SharedHeapObjectVisitor::VisitPointer
void VisitPointer(Tagged< HeapObject > host, MaybeObjectSlot p) final
Definition mark-compact.cc:1018
v8::internal::MarkCompactCollector::ProcessMarkingWorklist
std::pair< size_t, size_t > ProcessMarkingWorklist(v8::base::TimeDelta max_duration, size_t max_bytes_to_process)
Definition mark-compact.cc:2183
v8::internal::MarkCompactCollector::MarkObject
V8_INLINE void MarkObject(Tagged< HeapObject > host, Tagged< HeapObject > obj, MarkingHelper::WorklistTarget target_worklist)
Definition mark-compact-inl.h:26
v8::internal::MarkCompactCollector::SweepLargeSpace
void SweepLargeSpace(LargeObjectSpace *space)
Definition mark-compact.cc:6074
v8::internal::MarkCompactCollector::MarkRoots
void MarkRoots(RootVisitor *root_visitor)
Definition mark-compact.cc:1839
v8::internal::MarkCompactCollector::StartMarking
void StartMarking(std::shared_ptr<::heap::base::IncrementalMarkingSchedule > schedule={})
Definition mark-compact.cc:404
v8::internal::MarkCompactCollector::code_flush_mode_
base::EnumSet< CodeFlushMode > code_flush_mode_
Definition mark-compact.h:463
v8::internal::MarkCompactCollector::AddEvacuationCandidate
void AddEvacuationCandidate(PageMetadata *p)
Definition mark-compact.cc:307
v8::internal::MarkCompactCollector::native_context_inferrer_
NativeContextInferrer native_context_inferrer_
Definition mark-compact.h:429
v8::internal::MarkCompactCollector::CollectEvacuationCandidates
void CollectEvacuationCandidates(PagedSpace *space)
Definition mark-compact.cc:607
v8::internal::MarkCompactCollector::IsUnmarkedSharedHeapObject
static bool IsUnmarkedSharedHeapObject(Heap *heap, FullObjectSlot p)
Definition mark-compact.cc:1826
v8::internal::MarkCompactCollector::MarkRootObject
V8_INLINE void MarkRootObject(Root root, Tagged< HeapObject > obj, MarkingHelper::WorklistTarget target_worklist)
Definition mark-compact-inl.h:34
v8::internal::MarkCompactCollector::evacuation_candidates_
std::vector< PageMetadata * > evacuation_candidates_
Definition mark-compact.h:436
v8::internal::MarkCompactCollector::ComputeEvacuationHeuristics
void ComputeEvacuationHeuristics(size_t area_size, int *target_fragmentation_percent, size_t *max_evacuated_bytes)
Definition mark-compact.cc:559
v8::internal::MarkCompactCollector::IsOnEvacuationCandidate
static bool IsOnEvacuationCandidate(Tagged< MaybeObject > obj)
Definition mark-compact.h:119
v8::internal::MarkCompactCollector::ProcessEphemeron
bool ProcessEphemeron(Tagged< HeapObject > key, Tagged< HeapObject > value)
Definition mark-compact.cc:2256
v8::internal::MarkCompactCollector::local_marking_worklists_
std::unique_ptr< MarkingWorklists::Local > local_marking_worklists_
Definition mark-compact.h:423
v8::internal::MarkCompactCollector::MaybeEnableBackgroundThreadsInCycle
void MaybeEnableBackgroundThreadsInCycle(CallOrigin origin)
Definition mark-compact.cc:464
v8::internal::MarkCompactCollector::local_weak_objects
WeakObjects::Local * local_weak_objects()
Definition mark-compact.h:181
v8::internal::MarkCompactCollector::empty_new_space_pages_to_be_swept_
std::vector< PageMetadata * > empty_new_space_pages_to_be_swept_
Definition mark-compact.h:465
v8::internal::MarkCompactCollector::RecordSlot
static V8_INLINE void RecordSlot(Tagged< HeapObject > object, THeapObjectSlot slot, Tagged< HeapObject > target)
v8::internal::MarkCompactCollector::ProcessTopOptimizedFrame
void ProcessTopOptimizedFrame(ObjectVisitor *visitor, Isolate *isolate)
Definition mark-compact.cc:2342
v8::internal::MarkCompactCollector::ApplyEphemeronSemantics
EphemeronResult ApplyEphemeronSemantics(Tagged< HeapObject > key, Tagged< HeapObject > value)
Definition mark-compact.cc:2269
v8::internal::MarkCompactCollector::MarkObjectsFromClientHeap
void MarkObjectsFromClientHeap(Isolate *client)
Definition mark-compact.cc:1901
v8::internal::MarkCompactCollector::local_weak_objects_
std::unique_ptr< WeakObjects::Local > local_weak_objects_
Definition mark-compact.h:428
v8::internal::MarkCompactCollector::StartCompaction
bool StartCompaction(StartCompactionMode mode)
Definition mark-compact.cc:331
v8::internal::MarkCompactCollector::IsUnmarkedHeapObject
static bool IsUnmarkedHeapObject(Heap *heap, FullObjectSlot p)
Definition mark-compact.cc:1817
v8::internal::MarkCompactCollector::MarkRootsFromConservativeStack
void MarkRootsFromConservativeStack(RootVisitor *root_visitor)
Definition mark-compact.cc:1872
v8::internal::MarkCompactCollector::native_context_stats_
NativeContextStats native_context_stats_
Definition mark-compact.h:430
v8::internal::MarkCompactCollector::RecordRelocSlot
static void RecordRelocSlot(Tagged< InstructionStream > host, RelocInfo *rinfo, Tagged< HeapObject > target)
Definition mark-compact.cc:4048
v8::internal::MarkCompactCollector::marking_visitor_
std::unique_ptr< MainMarkingVisitor > marking_visitor_
Definition mark-compact.h:427
v8::internal::MarkCompactCollector::non_atomic_marking_state_
NonAtomicMarkingState *const non_atomic_marking_state_
Definition mark-compact.h:449
v8::internal::MarkCompactCollector::code_flush_mode
base::EnumSet< CodeFlushMode > code_flush_mode() const
Definition mark-compact.h:170
v8::internal::MarkCompactWeakObjectRetainer::MarkCompactWeakObjectRetainer
MarkCompactWeakObjectRetainer(Heap *heap, MarkingState *marking_state)
Definition mark-compact.cc:1197
v8::internal::MarkCompactWeakObjectRetainer::RetainAs
Tagged< Object > RetainAs(Tagged< Object > object) override
Definition mark-compact.cc:1200
v8::internal::MarkingBarrier::PublishAll
static V8_EXPORT_PRIVATE void PublishAll(Heap *heap)
Definition marking-barrier.cc:414
v8::internal::MarkingBarrier::DeactivateAll
static void DeactivateAll(Heap *heap)
Definition marking-barrier.cc:363
v8::internal::MarkingStateBase::IsMarked
V8_INLINE bool IsMarked(const Tagged< HeapObject > obj) const
Definition marking-state-inl.h:18
v8::internal::MarkingStateBase::TryMarkAndAccountLiveBytes
V8_INLINE bool TryMarkAndAccountLiveBytes(Tagged< HeapObject > obj)
Definition marking-state-inl.h:36
v8::internal::MarkingStateBase::IsUnmarked
V8_INLINE bool IsUnmarked(const Tagged< HeapObject > obj) const
Definition marking-state-inl.h:24
v8::internal::MarkingWorklists::Local::kNoCppMarkingState
static constexpr std::nullptr_t kNoCppMarkingState
Definition marking-worklist.h:136
v8::internal::MarkingWorklists::CreateContextWorklists
void CreateContextWorklists(const std::vector< Address > &contexts)
Definition marking-worklist.cc:39
v8::internal::MemoryChunkIterator::Next
V8_INLINE MutablePageMetadata * Next()
Definition spaces-inl.h:128
v8::internal::MemoryChunk::ClearFlagSlow
void ClearFlagSlow(Flag flag)
Definition memory-chunk.cc:189
v8::internal::MemoryChunk::InWritableSharedSpace
V8_INLINE bool InWritableSharedSpace() const
Definition memory-chunk.h:194
v8::internal::MemoryChunk::IsEvacuationCandidate
bool IsEvacuationCandidate() const
Definition memory-chunk.h:281
v8::internal::MemoryChunk::SetFlagNonExecutable
V8_INLINE void SetFlagNonExecutable(Flag flag)
Definition memory-chunk.h:230
v8::internal::MemoryChunk::executable
Executability executable() const
Definition memory-chunk.h:292
v8::internal::MemoryChunk::IsFlagSet
V8_INLINE bool IsFlagSet(Flag flag) const
Definition memory-chunk.h:188
v8::internal::MemoryChunk::address
V8_INLINE Address address() const
Definition memory-chunk.h:166
v8::internal::MemoryChunk::Metadata
V8_INLINE MemoryChunkMetadata * Metadata()
Definition memory-chunk-inl.h:17
v8::internal::MemoryChunk::FromAddress
static V8_INLINE MemoryChunk * FromAddress(Address addr)
Definition memory-chunk.h:175
v8::internal::MemoryChunk::Offset
size_t Offset(Address addr) const
Definition memory-chunk.h:353
v8::internal::MemoryChunk::SetFlagSlow
void SetFlagSlow(Flag flag)
Definition memory-chunk.cc:180
v8::internal::MemoryChunk::InYoungGeneration
V8_INLINE bool InYoungGeneration() const
Definition memory-chunk.h:198
v8::internal::MemoryChunk::ShouldSkipEvacuationSlotRecording
bool ShouldSkipEvacuationSlotRecording() const
Definition memory-chunk.h:286
v8::internal::MemoryChunk::ClearFlagNonExecutable
V8_INLINE void ClearFlagNonExecutable(Flag flag)
Definition memory-chunk.h:233
v8::internal::MemoryChunk::FromHeapObject
static V8_INLINE MemoryChunk * FromHeapObject(Tagged< HeapObject > object)
Definition memory-chunk.h:180
v8::internal::MemoryChunk::InReadOnlySpace
V8_INLINE bool InReadOnlySpace() const
Definition memory-chunk.h:260
v8::internal::MemoryMeasurement::StartProcessing
std::vector< Address > StartProcessing()
Definition memory-measurement.cc:217
v8::internal::MemoryMeasurement::FinishProcessing
void FinishProcessing(const NativeContextStats &stats)
Definition memory-measurement.cc:234
v8::internal::MigrationObserver::Move
virtual void Move(AllocationSpace dest, Tagged< HeapObject > src, Tagged< HeapObject > dst, int size)=0
v8::internal::MigrationObserver::~MigrationObserver
virtual ~MigrationObserver()=default
v8::internal::MutablePageMetadata::cast
static MutablePageMetadata * cast(MemoryChunkMetadata *metadata)
Definition mutable-page-metadata.h:79
v8::internal::MutablePageMetadata::FromHeapObject
static V8_INLINE MutablePageMetadata * FromHeapObject(Tagged< HeapObject > o)
Definition mutable-page-metadata-inl.h:23
v8::internal::NativeContextInferrer::Infer
V8_INLINE bool Infer(PtrComprCageBase cage_base, Tagged< Map > map, Tagged< HeapObject > object, Address *native_context)
Definition memory-measurement-inl.h:21
v8::internal::NativeContextStats::IncrementSize
V8_INLINE void IncrementSize(Address context, Tagged< Map > map, Tagged< HeapObject > object, size_t size)
Definition memory-measurement-inl.h:38
v8::internal::NewSpace::GarbageCollectionEpilogue
virtual void GarbageCollectionEpilogue()=0
v8::internal::ObjectVisitorWithCageBases::code_cage_base
PtrComprCageBase code_cage_base() const
Definition visitors.h:235
v8::internal::ObjectVisitorWithCageBases::cage_base
PtrComprCageBase cage_base() const
Definition visitors.h:225
v8::internal::PageEvacuationJob::PageEvacuationJob
PageEvacuationJob(Isolate *isolate, MarkCompactCollector *collector, std::vector< std::unique_ptr< Evacuator > > *evacuators, std::vector< std::pair< ParallelWorkItem, MutablePageMetadata * > > evacuation_items)
Definition mark-compact.cc:4674
v8::internal::PageEvacuationJob::GetMaxConcurrency
size_t GetMaxConcurrency(size_t worker_count) const override
Definition mark-compact.cc:4722
v8::internal::PageEvacuationJob::ProcessItems
void ProcessItems(JobDelegate *delegate, Evacuator *evacuator)
Definition mark-compact.cc:4706
v8::internal::PageEvacuationJob::evacuation_items_
std::vector< std::pair< ParallelWorkItem, MutablePageMetadata * > > evacuation_items_
Definition mark-compact.cc:4744
v8::internal::PageEvacuationJob::collector_
MarkCompactCollector * collector_
Definition mark-compact.cc:4741
v8::internal::PageEvacuationJob::Run
void Run(JobDelegate *delegate) override
Definition mark-compact.cc:4688
v8::internal::PageEvacuationJob::evacuators_
std::vector< std::unique_ptr< Evacuator > > * evacuators_
Definition mark-compact.cc:4742
v8::internal::PageMetadata::FromHeapObject
static V8_INLINE PageMetadata * FromHeapObject(Tagged< HeapObject > o)
Definition page-metadata-inl.h:25
v8::internal::PagedNewSpace::paged_space
PagedSpaceForNewSpace * paged_space()
Definition new-spaces.h:718
v8::internal::PagedNewSpace::From
static PagedNewSpace * From(NewSpace *space)
Definition new-spaces.h:598
v8::internal::PagedSpaceForNewSpace::ReleasePage
void ReleasePage(PageMetadata *page) final
Definition new-spaces.cc:915
v8::internal::PointersUpdatingJob::updating_items_
std::vector< std::unique_ptr< UpdatingItem > > updating_items_
Definition mark-compact.cc:5187
v8::internal::PointersUpdatingJob::GetMaxConcurrency
size_t GetMaxConcurrency(size_t worker_count) const override
Definition mark-compact.cc:5171
v8::internal::PointersUpdatingJob::collector_
MarkCompactCollector * collector_
Definition mark-compact.cc:5186
v8::internal::PointersUpdatingJob::Run
void Run(JobDelegate *delegate) override
Definition mark-compact.cc:5137
v8::internal::PointersUpdatingJob::UpdatePointers
void UpdatePointers(JobDelegate *delegate)
Definition mark-compact.cc:5155
v8::internal::PointersUpdatingJob::PointersUpdatingJob
PointersUpdatingJob(Isolate *isolate, MarkCompactCollector *collector, std::vector< std::unique_ptr< UpdatingItem > > updating_items)
Definition mark-compact.cc:5126
v8::internal::PointersUpdatingVisitor::VisitRootPointer
void VisitRootPointer(Root root, const char *description, FullObjectSlot p) override
Definition mark-compact.cc:4328
v8::internal::PointersUpdatingVisitor::UpdateStrongMaybeObjectSlotInternal
static void UpdateStrongMaybeObjectSlotInternal(PtrComprCageBase cage_base, MaybeObjectSlot slot)
Definition mark-compact.cc:4372
v8::internal::PointersUpdatingVisitor::VisitPointer
void VisitPointer(Tagged< HeapObject > host, ObjectSlot p) override
Definition mark-compact.cc:4301
v8::internal::PointersUpdatingVisitor::VisitEmbeddedPointer
void VisitEmbeddedPointer(Tagged< InstructionStream > host, RelocInfo *rinfo) override
Definition mark-compact.cc:4355
v8::internal::PointersUpdatingVisitor::UpdateStrongSlotInternal
static void UpdateStrongSlotInternal(PtrComprCageBase cage_base, ObjectSlot slot)
Definition mark-compact.cc:4377
v8::internal::PointersUpdatingVisitor::VisitCodeTarget
void VisitCodeTarget(Tagged< InstructionStream > host, RelocInfo *rinfo) override
Definition mark-compact.cc:4349
v8::internal::PointersUpdatingVisitor::VisitRootPointers
void VisitRootPointers(Root root, const char *description, FullObjectSlot start, FullObjectSlot end) override
Definition mark-compact.cc:4334
v8::internal::PointersUpdatingVisitor::UpdateRootSlotInternal
static void UpdateRootSlotInternal(PtrComprCageBase cage_base, OffHeapObjectSlot slot)
Definition mark-compact.cc:4367
v8::internal::PointersUpdatingVisitor::UpdateRootSlotInternal
static void UpdateRootSlotInternal(PtrComprCageBase cage_base, FullObjectSlot slot)
Definition mark-compact.cc:4362
v8::internal::PointersUpdatingVisitor::VisitPointers
void VisitPointers(Tagged< HeapObject > host, MaybeObjectSlot start, MaybeObjectSlot end) final
Definition mark-compact.cc:4316
v8::internal::PointersUpdatingVisitor::VisitRootPointers
void VisitRootPointers(Root root, const char *description, OffHeapObjectSlot start, OffHeapObjectSlot end) override
Definition mark-compact.cc:4341
v8::internal::PointersUpdatingVisitor::VisitInstructionStreamPointer
void VisitInstructionStreamPointer(Tagged< Code > host, InstructionStreamSlot slot) override
Definition mark-compact.cc:4323
v8::internal::PointersUpdatingVisitor::VisitPointers
void VisitPointers(Tagged< HeapObject > host, ObjectSlot start, ObjectSlot end) override
Definition mark-compact.cc:4309
v8::internal::PointersUpdatingVisitor::VisitPointer
void VisitPointer(Tagged< HeapObject > host, MaybeObjectSlot p) override
Definition mark-compact.cc:4305
v8::internal::PointersUpdatingVisitor::UpdateSlotInternal
static void UpdateSlotInternal(PtrComprCageBase cage_base, MaybeObjectSlot slot)
Definition mark-compact.cc:4382
v8::internal::PrecisePagePinningVisitor::collector_
MarkCompactCollector *const collector_
Definition mark-compact.cc:4888
v8::internal::PrecisePagePinningVisitor::VisitRootPointers
void VisitRootPointers(Root root, const char *description, FullObjectSlot start, FullObjectSlot end) final
Definition mark-compact.cc:4849
v8::internal::PrecisePagePinningVisitor::PrecisePagePinningVisitor
PrecisePagePinningVisitor(MarkCompactCollector *collector)
Definition mark-compact.cc:4838
v8::internal::PrecisePagePinningVisitor::VisitRootPointer
void VisitRootPointer(Root root, const char *description, FullObjectSlot p) final
Definition mark-compact.cc:4844
v8::internal::PretenuringHandler::PretenuringFeedbackMap
std::unordered_map< Tagged< AllocationSite >, size_t, Object::Hasher > PretenuringFeedbackMap
Definition pretenuring-handler.h:25
v8::internal::PretenuringHandler::UpdateAllocationSite
static void UpdateAllocationSite(Heap *heap, Tagged< Map > map, Tagged< HeapObject > object, int object_size, PretenuringFeedbackMap *pretenuring_feedback)
Definition pretenuring-handler-inl.h:22
v8::internal::ProfilingMigrationObserver::Move
void Move(AllocationSpace dest, Tagged< HeapObject > src, Tagged< HeapObject > dst, int size) final
Definition mark-compact.cc:1417
v8::internal::RecordMigratedSlotVisitor::VisitMapPointer
void VisitMapPointer(Tagged< HeapObject > host) final
Definition mark-compact.cc:1244
v8::internal::RecordMigratedSlotVisitor::VisitTrustedPointerTableEntry
void VisitTrustedPointerTableEntry(Tagged< HeapObject > host, IndirectPointerSlot slot) final
Definition mark-compact.cc:1325
v8::internal::RecordMigratedSlotVisitor::VisitCodeTarget
void VisitCodeTarget(Tagged< InstructionStream > host, RelocInfo *rinfo) override
Definition mark-compact.cc:1292
v8::internal::RecordMigratedSlotVisitor::VisitPointer
void VisitPointer(Tagged< HeapObject > host, ObjectSlot p) final
Definition mark-compact.cc:1239
v8::internal::RecordMigratedSlotVisitor::VisitPointer
void VisitPointer(Tagged< HeapObject > host, MaybeObjectSlot p) final
Definition mark-compact.cc:1248
v8::internal::RecordMigratedSlotVisitor::VisitEmbeddedPointer
void VisitEmbeddedPointer(Tagged< InstructionStream > host, RelocInfo *rinfo) override
Definition mark-compact.cc:1304
v8::internal::RecordMigratedSlotVisitor::VisitPointers
void VisitPointers(Tagged< HeapObject > host, MaybeObjectSlot start, MaybeObjectSlot end) final
Definition mark-compact.cc:1261
v8::internal::RecordMigratedSlotVisitor::UsePrecomputedObjectSize
static V8_INLINE constexpr bool UsePrecomputedObjectSize()
Definition mark-compact.cc:1237
v8::internal::RecordMigratedSlotVisitor::VisitIndirectPointer
void VisitIndirectPointer(Tagged< HeapObject > host, IndirectPointerSlot slot, IndirectPointerMode mode) final
Definition mark-compact.cc:1321
v8::internal::RecordMigratedSlotVisitor::RecordMigratedSlot
void RecordMigratedSlot(Tagged< HeapObject > host, Tagged< MaybeObject > value, Address slot)
Definition mark-compact.cc:1340
v8::internal::RecordMigratedSlotVisitor::VisitExternalPointer
void VisitExternalPointer(Tagged< HeapObject > host, ExternalPointerSlot slot) final
Definition mark-compact.cc:1318
v8::internal::RecordMigratedSlotVisitor::VisitInstructionStreamPointer
void VisitInstructionStreamPointer(Tagged< Code > host, InstructionStreamSlot slot) final
Definition mark-compact.cc:1269
v8::internal::RecordMigratedSlotVisitor::VisitProtectedPointer
void VisitProtectedPointer(Tagged< TrustedObject > host, ProtectedPointerSlot slot) final
Definition mark-compact.cc:1328
v8::internal::RecordMigratedSlotVisitor::VisitInternalReference
void VisitInternalReference(Tagged< InstructionStream > host, RelocInfo *rinfo) final
Definition mark-compact.cc:1316
v8::internal::RecordMigratedSlotVisitor::VisitEphemeron
void VisitEphemeron(Tagged< HeapObject > host, int index, ObjectSlot key, ObjectSlot value) override
Definition mark-compact.cc:1278
v8::internal::RecordMigratedSlotVisitor::VisitPointers
void VisitPointers(Tagged< HeapObject > host, ObjectSlot start, ObjectSlot end) final
Definition mark-compact.cc:1253
v8::internal::RecordMigratedSlotVisitor::VisitProtectedPointer
void VisitProtectedPointer(Tagged< TrustedObject > host, ProtectedMaybeObjectSlot slot) final
Definition mark-compact.cc:1333
v8::internal::RecordMigratedSlotVisitor::VisitExternalReference
void VisitExternalReference(Tagged< InstructionStream > host, RelocInfo *rinfo) final
Definition mark-compact.cc:1314
v8::internal::RelocInfo::IsCodeTargetMode
static constexpr bool IsCodeTargetMode(Mode mode)
Definition reloc-info.h:197
v8::internal::RelocInfo::target_address
V8_INLINE Address target_address()
Definition assembler-arm-inl.h:70
v8::internal::RelocInfo::IsEmbeddedObjectMode
static constexpr bool IsEmbeddedObjectMode(Mode mode)
Definition reloc-info.h:209
v8::internal::RelocInfo::target_object
V8_INLINE Tagged< HeapObject > target_object(PtrComprCageBase cage_base)
Definition assembler-arm-inl.h:96
v8::internal::RelocInfo::constant_pool_entry_address
V8_INLINE Address constant_pool_entry_address()
Definition assembler-arm-inl.h:89
v8::internal::RelocInfo::pc
Address pc() const
Definition reloc-info.h:275
v8::internal::RememberedSet::Insert
static void Insert(MutablePageMetadata *page, size_t slot_offset)
Definition remembered-set.h:97
v8::internal::RememberedSet::IterateTyped
static int IterateTyped(MutablePageMetadata *chunk, Callback callback)
Definition remembered-set.h:280
v8::internal::RememberedSet::Iterate
static int Iterate(MutablePageMetadata *chunk, Callback callback, SlotSet::EmptyBucketMode mode)
Definition remembered-set.h:198
v8::internal::RootMarkingVisitor::VisitRootPointer
V8_INLINE void VisitRootPointer(Root root, const char *description, FullObjectSlot p) final
Definition mark-compact-inl.h:92
v8::internal::RootMarkingVisitor::VisitRunningCode
void VisitRunningCode(FullObjectSlot code_slot, FullObjectSlot istream_or_smi_zero_slot) final
Definition mark-compact.cc:6175
v8::internal::SharedStructTypeRegistry::deleted_element
static constexpr Tagged< Smi > deleted_element()
Definition js-struct.h:81
v8::internal::SlotBase::address
Address address() const
Definition slots.h:78
v8::internal::Smi::FromInt
static constexpr Tagged< Smi > FromInt(int value)
Definition smi.h:38
v8::internal::Smi::zero
static constexpr Tagged< Smi > zero()
Definition smi.h:99
v8::internal::StringForwardingTableCleanerBase::DisposeExternalResource
void DisposeExternalResource(StringForwardingTable::Record *record)
Definition mark-sweep-utilities.cc:131
v8::internal::StringForwardingTable::IterateElements
V8_INLINE void IterateElements(Func &&callback)
v8::internal::StringForwardingTable::deleted_element
static constexpr Tagged< Smi > deleted_element()
Definition string-forwarding-table.h:36
v8::internal::StringTable::deleted_element
static constexpr Tagged< Smi > deleted_element()
Definition string-table.h:51
v8::internal::String::IsInPlaceInternalizableExcludingExternal
static bool IsInPlaceInternalizableExcludingExternal(InstanceType instance_type)
Definition string-inl.h:1707
v8::internal::Sweeper::sweeping_in_progress
bool sweeping_in_progress() const
Definition sweeper.h:114
v8::internal::Sweeper::StartMajorSweeperTasks
V8_EXPORT_PRIVATE void StartMajorSweeperTasks()
Definition sweeper.cc:738
v8::internal::Sweeper::GetTraceIdForFlowEvent
uint64_t GetTraceIdForFlowEvent(GCTracer::Scope::ScopeId scope_id) const
Definition sweeper.cc:1541
v8::internal::Sweeper::SweepEmptyNewSpacePage
void SweepEmptyNewSpacePage(PageMetadata *page)
Definition sweeper.cc:1476
v8::internal::Sweeper::AddPage
void AddPage(AllocationSpace space, PageMetadata *page)
Definition sweeper.cc:1311
v8::internal::TaggedImpl::ptr
V8_INLINE constexpr StorageType ptr() const
Definition tagged-impl.h:114
v8::internal::TaggedImpl::GetHeapObject
bool GetHeapObject(Tagged< HeapObject > *result) const
Definition tagged-impl-inl.h:48
v8::internal::TaggedImpl::ToSmi
bool ToSmi(Tagged< Smi > *value) const
Definition tagged-impl-inl.h:24
v8::internal::Tagged< HeapObject >::is_null
V8_INLINE constexpr bool is_null() const
Definition tagged.h:502
v8::internal::Tagged< HeapObject >::IsHeapObject
constexpr V8_INLINE bool IsHeapObject() const
Definition tagged.h:507
v8::internal::Tagged< HeapObject >::IsSmi
constexpr V8_INLINE bool IsSmi() const
Definition tagged.h:508
v8::internal::ThreadIsolation::RegisterInstructionStreamAllocation
static WritableJitAllocation RegisterInstructionStreamAllocation(Address addr, size_t size, bool enforce_write_api=false)
Definition code-memory-access.cc:482
v8::internal::TransitionsAccessor::HasSimpleTransitionTo
bool HasSimpleTransitionTo(Tagged< Map > map)
Definition transitions.cc:29
v8::internal::UpdateTypedSlotHelper::GetTargetObject
static Tagged< HeapObject > GetTargetObject(Heap *heap, SlotType slot_type, Address addr)
Definition remembered-set-inl.h:69
v8::internal::UpdatingItem::~UpdatingItem
virtual ~UpdatingItem()=default
v8::internal::UpdatingItem::Process
virtual void Process()=0
v8::internal::V8::GetCurrentPlatform
static V8_EXPORT_PRIVATE v8::Platform * GetCurrentPlatform()
Definition v8.cc:282
v8::internal::WritableJitAllocation::CopyCode
V8_INLINE void CopyCode(size_t dst_offset, const uint8_t *src, size_t num_bytes)
Definition code-memory-access-inl.h:245
v8::internal::WritableJitAllocation::ForInstructionStream
static WritableJitAllocation ForInstructionStream(Tagged< InstructionStream > istream)
Definition code-memory-access.cc:659
v8::internal::WritableJitAllocation::WriteHeaderSlot
V8_INLINE void WriteHeaderSlot(T value)
v8::internal::WritableJitAllocation::CopyData
V8_INLINE void CopyData(size_t dst_offset, const uint8_t *src, size_t num_bytes)
Definition code-memory-access-inl.h:252
v8::internal::WritableJitPage::LookupAllocationContaining
V8_INLINE WritableJitAllocation LookupAllocationContaining(Address addr)
Definition code-memory-access-inl.h:271
v8::internal::WriteBarrier::GenerationalForRelocInfo
static void GenerationalForRelocInfo(Tagged< InstructionStream > host, RelocInfo *rinfo, Tagged< HeapObject > object)
Definition heap-write-barrier-inl.h:231
v8::internal::WriteBarrier::SharedForRelocInfo
static void SharedForRelocInfo(Tagged< InstructionStream > host, RelocInfo *, Tagged< HeapObject > value)
Definition heap-write-barrier-inl.h:286
v8::internal::wasm::WasmCodePointerTable::SweepSegments
void SweepSegments(size_t threshold=2 *kEntriesPerSegment)
Definition wasm-code-pointer-table.cc:57
PROFILE
#define PROFILE(the_isolate, Call)
Definition code-events.h:59
mutex_
base::Mutex & mutex_
Definition code-memory-access.cc:623
code
Handle< Code > code
Definition code-reference.cc:22
V8_COMPRESS_POINTERS_8GB_BOOL
#define V8_COMPRESS_POINTERS_8GB_BOOL
Definition globals.h:608
ALIGN_TO_ALLOCATION_ALIGNMENT
#define ALIGN_TO_ALLOCATION_ALIGNMENT(value)
Definition globals.h:1796
HAS_WEAK_HEAP_OBJECT_TAG
#define HAS_WEAK_HEAP_OBJECT_TAG(value)
Definition globals.h:1778
space_
NormalPageSpace * space_
Definition compactor.cc:324
page
BasePage * page
Definition sweeper.cc:218
ToString
constexpr const char * ToString(DataViewOp op)
Definition data-view-ops.h:32
start
int start
Definition debug-coverage.cc:595
end
int end
Definition debug-coverage.cc:596
state_
enum v8::internal::@1270::DeoptimizableCodeIterator::@67 state_
current
LineAndColumn current
Definition earley-parser.cc:22
true
Disallow flags or implications overriding each other abort_on_contradictory_flags true
Definition flag-definitions.h:367
space
too high values may cause the compiler to set high thresholds for inlining to as much as possible avoid inlined allocation of objects that cannot escape trace load stores from virtual maglev objects use TurboFan fast string builder analyze liveness of environment slots and zap dead values trace TurboFan load elimination emit data about basic block usage in builtins to this enable builtin reordering when run mksnapshot flag for emit warnings when applying builtin profile data verify register allocation in TurboFan randomly schedule instructions to stress dependency tracking enable store store elimination in TurboFan rewrite far to near simulate GC compiler thread race related to allow float parameters to be passed in simulator mode JS Wasm Run additional turbo_optimize_inlined_js_wasm_wrappers enable experimental feedback collection in generic lowering enable Turboshaft s WasmLoadElimination enable Turboshaft s low level load elimination for JS enable Turboshaft s escape analysis for string concatenation use enable Turbolev features that we want to ship in the not too far future trace individual Turboshaft reduction steps trace intermediate Turboshaft reduction steps invocation count threshold for early optimization Enables optimizations which favor memory size over execution speed Enables sampling allocation profiler with X as a sample interval min size of a semi the new space consists of two semi spaces max size of the Collect garbage after Collect garbage after keeps maps alive for< n > old space garbage collections print one detailed trace line in allocation gc speed threshold for starting incremental marking via a task in percent of available space
Definition flag-definitions.h:2127
TRACE_GC_NOTE_WITH_FLOW
#define TRACE_GC_NOTE_WITH_FLOW(note, bind_id, flow_flags)
Definition gc-tracer.h:98
TRACE_GC_EPOCH_WITH_FLOW
#define TRACE_GC_EPOCH_WITH_FLOW(tracer, scope_id, thread_kind, bind_id, flow_flags)
Definition gc-tracer.h:84
TRACE_GC_WITH_FLOW
#define TRACE_GC_WITH_FLOW(tracer, scope_id, bind_id, flow_flags)
Definition gc-tracer.h:52
TRACE_GC
#define TRACE_GC(tracer, scope_id)
Definition gc-tracer.h:35
TRACE_GC_ARG1
#define TRACE_GC_ARG1(tracer, scope_id, arg0_name, arg0_value)
Definition gc-tracer.h:43
TRACE_GC_CATEGORIES
#define TRACE_GC_CATEGORIES
Definition gc-tracer.h:29
TRACE_GC1_WITH_FLOW
#define TRACE_GC1_WITH_FLOW(tracer, scope_id, thread_kind, bind_id, flow_flags)
Definition gc-tracer.h:68
offset
int32_t offset
Definition instruction-selector-ia32.cc:67
context
TNode< Context > context
Definition js-call-reducer.cc:1495
target
TNode< Object > target
Definition js-call-reducer.cc:1496
map
std::map< const std::string, const std::string > map
Definition js-date-time-format.cc:268
generator_
std::unique_ptr< icu::DateTimePatternGenerator > generator_
Definition js-display-names.cc:377
second
double second
Definition js-temporal-objects.cc:63
record
DurationRecord record
Definition js-temporal-objects.cc:107
result
ZoneVector< RpoNumber > & result
Definition jump-threading.cc:21
heap_
Heap * heap_
Definition mark-compact.cc:2809
collector_
MarkCompactCollector * collector_
Definition mark-compact.cc:2592
elements_removed_
int elements_removed_
Definition mark-compact.cc:2810
marking_state_
NonAtomicMarkingState * marking_state_
Definition mark-compact.cc:5527
chunk_
MutablePageMetadata * chunk_
Definition mark-compact.cc:5528
items_mutex_
base::Mutex items_mutex_
Definition mark-compact.cc:2593
items_
std::vector< std::unique_ptr< ClearingItem > > items_
Definition mark-compact.cc:2594
record_old_to_shared_slots_
const bool record_old_to_shared_slots_
Definition mark-compact.cc:5529
mutable-page-metadata.h
std
STL namespace.
v8::api_internal::MakeWeak
void MakeWeak(i::Address *location, void *parameter, WeakCallbackInfo< void >::Callback weak_callback, WeakCallbackType type)
Definition api.cc:644
v8::base::bits::IsPowerOfTwo
constexpr bool IsPowerOfTwo(T value)
Definition bits.h:187
v8::base::MutexGuard
LockGuard< Mutex > MutexGuard
Definition mutex.h:219
v8::bigint::Add
void Add(RWDigits Z, Digits X, Digits Y)
Definition vector-arithmetic.cc:41
v8::internal::wasm::GetProcessWideWasmCodePointerTable
V8_EXPORT_PRIVATE WasmCodePointerTable * GetProcessWideWasmCodePointerTable()
v8::internal::handle
V8_INLINE IndirectHandle< T > handle(Tagged< T > object, Isolate *isolate)
Definition handles-inl.h:72
v8::internal::HasWeakHeapObjectTag
static V8_INLINE bool HasWeakHeapObjectTag(const Tagged< Object > value)
Definition objects.h:653
v8::internal::TrustedPointerHandle
IndirectPointerHandle TrustedPointerHandle
Definition v8-internal.h:746
v8::internal::ToString
constexpr const char * ToString(DeoptimizeKind kind)
Definition globals.h:880
v8::internal::kTaggedSize
constexpr int kTaggedSize
Definition globals.h:542
v8::internal::GetPtrComprCageBaseFromOnHeapAddress
V8_INLINE constexpr PtrComprCageBase GetPtrComprCageBaseFromOnHeapAddress(Address address)
Definition ptr-compr-inl.h:352
v8::internal::SKIP_WRITE_BARRIER
@ SKIP_WRITE_BARRIER
Definition objects.h:52
v8::internal::ObjectSlot
SlotTraits::TObjectSlot ObjectSlot
Definition globals.h:1243
v8::internal::PrintF
void PrintF(const char *format,...)
Definition utils.cc:39
v8::internal::IsSharedExternalPointerType
static V8_INLINE constexpr bool IsSharedExternalPointerType(ExternalPointerTagRange tag_range)
Definition v8-internal.h:674
v8::internal::kDoNotLinkCategory
@ kDoNotLinkCategory
Definition free-list.h:42
v8::internal::IsSmi
V8_INLINE constexpr bool IsSmi(TaggedImpl< kRefType, StorageType > obj)
Definition objects.h:665
v8::internal::Tagged< HeapObject >
kInterpreterTrampolineOffset Tagged< HeapObject >
Definition shared-function-info-inl.h:118
v8::internal::MemsetTagged
void MemsetTagged(Tagged_t *start, Tagged< MaybeObject > value, size_t counter)
Definition slots-inl.h:486
v8::internal::UncheckedCast
Handle< To > UncheckedCast(Handle< From > value)
Definition handles-inl.h:55
v8::internal::kTaggedSizeLog2
constexpr int kTaggedSizeLog2
Definition globals.h:543
v8::internal::kZapValue
constexpr uint32_t kZapValue
Definition globals.h:1005
v8::internal::TraceFragmentation
static void TraceFragmentation(PagedSpace *space)
Definition mark-compact.cc:322
v8::internal::IsCppHeapMarkingFinished
bool IsCppHeapMarkingFinished(Heap *heap, MarkingWorklists::Local *local_marking_worklists)
Definition mark-sweep-utilities.cc:140
v8::internal::ClearedValue
Tagged< ClearedWeakValue > ClearedValue(PtrComprCageBase cage_base)
Definition maybe-object-inl.h:20
v8::internal::kExternalStringResourceTag
@ kExternalStringResourceTag
Definition v8-internal.h:560
v8::internal::kExternalStringResourceDataTag
@ kExternalStringResourceDataTag
Definition v8-internal.h:561
v8::internal::IsHeapObject
V8_INLINE constexpr bool IsHeapObject(TaggedImpl< kRefType, StorageType > obj)
Definition objects.h:669
v8::internal::v8_flags
V8_EXPORT_PRIVATE FlagValues v8_flags
v8::internal::ClearedTrustedValue
Tagged< ClearedWeakValue > ClearedTrustedValue()
Definition maybe-object-inl.h:36
v8::internal::ExternalPointerHandle
uint32_t ExternalPointerHandle
Definition v8-internal.h:357
v8::internal::UpdateReferenceInExternalStringTableEntry
static Tagged< String > UpdateReferenceInExternalStringTableEntry(Heap *heap, FullObjectSlot p)
Definition mark-compact.cc:4390
v8::internal::pages
too high values may cause the compiler to set high thresholds for inlining to as much as possible avoid inlined allocation of objects that cannot escape trace load stores from virtual maglev objects use TurboFan fast string builder analyze liveness of environment slots and zap dead values trace TurboFan load elimination emit data about basic block usage in builtins to this enable builtin reordering when run mksnapshot flag for emit warnings when applying builtin profile data verify register allocation in TurboFan randomly schedule instructions to stress dependency tracking enable store store elimination in TurboFan rewrite far to near simulate GC compiler thread race related to allow float parameters to be passed in simulator mode JS Wasm Run additional turbo_optimize_inlined_js_wasm_wrappers enable experimental feedback collection in generic lowering enable Turboshaft s WasmLoadElimination enable Turboshaft s low level load elimination for JS enable Turboshaft s escape analysis for string concatenation use enable Turbolev features that we want to ship in the not too far future trace individual Turboshaft reduction steps trace intermediate Turboshaft reduction steps invocation count threshold for early optimization Enables optimizations which favor memory size over execution speed Enables sampling allocation profiler with X as a sample interval min size of a semi the new space consists of two semi spaces max size of the Collect garbage after Collect garbage after keeps maps alive for< n > old space garbage collections print one detailed trace line in allocation gc speed threshold for starting incremental marking via a task in percent of available threshold for starting incremental marking immediately in percent of available Use a single schedule for determining a marking schedule between JS and C objects schedules the minor GC task with kUserVisible priority max worker number of concurrent for NumberOfWorkerThreads start background threads that allocate memory concurrent_array_buffer_sweeping use parallel threads to clear weak refs in the atomic pause trace progress of the incremental marking trace object counts and memory usage report a tick only when allocated zone memory changes by this amount TracingFlags::gc_stats TracingFlags::gc_stats track native contexts that are expected to be garbage collected verify heap pointers before and after GC memory reducer runs GC with ReduceMemoryFootprint flag Maximum number of memory reducer GCs scheduled Old gen GC speed is computed directly from gc tracer counters Perform compaction on full GCs based on V8 s default heuristics Perform compaction on every full GC Perform code space compaction when finalizing a full GC with stack Stress GC compaction to flush out bugs with moving objects flush of baseline code when it has not been executed recently Use time base code flushing instead of age Use a progress bar to scan large objects in increments when incremental marking is active force incremental marking for small heaps and run it more often force marking at random points between and force scavenge at random points between and reclaim otherwise unreachable unmodified wrapper objects when possible less compaction in non memory reducing mode use high priority threads for concurrent Marking Test mode only flag It allows an unit test to select evacuation candidates pages(requires --stress_compaction).") DEFINE_BOOL(cppheap_incremental_marking
v8::internal::kNullAddress
static constexpr Address kNullAddress
Definition v8-internal.h:53
v8::internal::PrintIsolate
void PrintIsolate(void *isolate, const char *format,...)
Definition utils.cc:61
v8::internal::InsideSandbox
V8_INLINE bool InsideSandbox(uintptr_t address)
Definition sandbox.h:334
v8::internal::constructor_or_back_pointer
constructor_or_back_pointer
Definition map-inl.h:870
v8::internal::MB
too high values may cause the compiler to set high thresholds for inlining to as much as possible avoid inlined allocation of objects that cannot escape trace load stores from virtual maglev objects use TurboFan fast string builder analyze liveness of environment slots and zap dead values trace TurboFan load elimination emit data about basic block usage in builtins to this enable builtin reordering when run mksnapshot flag for emit warnings when applying builtin profile data verify register allocation in TurboFan randomly schedule instructions to stress dependency tracking enable store store elimination in TurboFan rewrite far to near simulate GC compiler thread race related to allow float parameters to be passed in simulator mode JS Wasm Run additional turbo_optimize_inlined_js_wasm_wrappers enable experimental feedback collection in generic lowering enable Turboshaft s WasmLoadElimination enable Turboshaft s low level load elimination for JS enable Turboshaft s escape analysis for string concatenation use enable Turbolev features that we want to ship in the not too far future trace individual Turboshaft reduction steps trace intermediate Turboshaft reduction steps invocation count threshold for early optimization Enables optimizations which favor memory size over execution speed Enables sampling allocation profiler with X as a sample interval min size of a semi the new space consists of two semi spaces max size of the Collect garbage after Collect garbage after keeps maps alive for< n > old space garbage collections print one detailed trace line in allocation gc speed threshold for starting incremental marking via a task in percent of available threshold for starting incremental marking immediately in percent of available Use a single schedule for determining a marking schedule between JS and C objects schedules the minor GC task with kUserVisible priority max worker number of concurrent for NumberOfWorkerThreads start background threads that allocate memory concurrent_array_buffer_sweeping use parallel threads to clear weak refs in the atomic pause trace progress of the incremental marking trace object counts and memory usage * MB
Definition flags.cc:2197
v8::internal::Cast
Tagged< To > Cast(Tagged< From > value, const v8::SourceLocation &loc=INIT_SOURCE_LOCATION_IN_DEBUG)
Definition casting.h:150
v8::kRelaxedLoad
static constexpr RelaxedLoadTag kRelaxedLoad
Definition globals.h:2909
v8::kRelaxedStore
static constexpr RelaxedStoreTag kRelaxedStore
Definition globals.h:2911
v8::kAcquireLoad
static constexpr AcquireLoadTag kAcquireLoad
Definition globals.h:2908
v8::IDLE
@ IDLE
Definition v8-unwinder.h:45
table_
SourcePositionTable *const table_
Definition pipeline.cc:227
weak_objects_
WeakObjects weak_objects_
Definition reference-summarizer.cc:86
local_weak_objects_
WeakObjects::Local local_weak_objects_
Definition reference-summarizer.cc:87
DCHECK_CODEOBJECT_SIZE
#define DCHECK_CODEOBJECT_SIZE(size)
Definition spaces.h:54
DCHECK_OBJECT_SIZE
#define DCHECK_OBJECT_SIZE(size)
Definition spaces.h:51
UNREACHABLE
#define UNREACHABLE()
Definition logging.h:67
DCHECK_LE
#define DCHECK_LE(v1, v2)
Definition logging.h:490
DCHECK_NULL
#define DCHECK_NULL(val)
Definition logging.h:491
CHECK_IMPLIES
#define CHECK_IMPLIES(lhs, rhs)
CHECK
#define CHECK(condition)
Definition logging.h:124
DCHECK_NOT_NULL
#define DCHECK_NOT_NULL(val)
Definition logging.h:492
CHECK_NULL
#define CHECK_NULL(val)
DCHECK_IMPLIES
#define DCHECK_IMPLIES(v1, v2)
Definition logging.h:493
DCHECK_NE
#define DCHECK_NE(v1, v2)
Definition logging.h:486
CHECK_NE
#define CHECK_NE(lhs, rhs)
DCHECK_GE
#define DCHECK_GE(v1, v2)
Definition logging.h:488
CHECK_EQ
#define CHECK_EQ(lhs, rhs)
DCHECK
#define DCHECK(condition)
Definition logging.h:482
DCHECK_LT
#define DCHECK_LT(v1, v2)
Definition logging.h:489
DCHECK_EQ
#define DCHECK_EQ(v1, v2)
Definition logging.h:485
DCHECK_GT
#define DCHECK_GT(v1, v2)
Definition logging.h:487
USE
#define USE(...)
Definition macros.h:293
V8PRIdPTR
#define V8PRIdPTR
Definition macros.h:332
IsAligned
constexpr bool IsAligned(T value, U alignment)
Definition macros.h:403
v8::internal::FlagValues::heap
other heap size max size of the shared heap(in Mbytes)
v8::internal::MarkingHelper::TryMarkAndPush
static V8_INLINE bool TryMarkAndPush(Heap *heap, MarkingWorklists::Local *marking_worklist, MarkingState *marking_state, WorklistTarget target_worklis, Tagged< HeapObject > object)
v8::internal::MarkingHelper::IsMarkedOrAlwaysLive
static V8_INLINE bool IsMarkedOrAlwaysLive(Heap *heap, MarkingStateT *marking_state, Tagged< HeapObject > object)
v8::internal::MarkingHelper::IsUnmarkedAndNotAlwaysLive
static V8_INLINE bool IsUnmarkedAndNotAlwaysLive(Heap *heap, MarkingStateT *marking_state, Tagged< HeapObject > object)
v8::internal::MarkingHelper::ShouldMarkObject
static V8_INLINE std::optional< WorklistTarget > ShouldMarkObject(Heap *heap, Tagged< HeapObject > object)
Definition marking-inl.h:278
v8::internal::MarkingHelper::GetLivenessMode
static V8_INLINE LivenessMode GetLivenessMode(Heap *heap, Tagged< HeapObject > object)
Definition marking-inl.h:304
v8::internal::TracingFlags::gc_stats
static V8_EXPORT_PRIVATE std::atomic_uint gc_stats
Definition tracing-flags.h:22
v8::internal::TracingFlags::is_gc_stats_enabled
static bool is_gc_stats_enabled()
Definition tracing-flags.h:36
TRACE_EVENT0
#define TRACE_EVENT0(category_group, name)
Definition trace-event-no-perfetto.h:32
TRACE_EVENT2
#define TRACE_EVENT2(category_group, name, arg1_name, arg1_val, arg2_name, arg2_val)
Definition trace-event-no-perfetto.h:43
TRACE_EVENT_SCOPE_THREAD
#define TRACE_EVENT_SCOPE_THREAD
Definition trace-event-no-perfetto.h:864
TRACE_DISABLED_BY_DEFAULT
#define TRACE_DISABLED_BY_DEFAULT(name)
Definition trace-event-no-perfetto.h:25
TRACE_EVENT_INSTANT2
#define TRACE_EVENT_INSTANT2(category_group, name, scope, arg1_name, arg1_val, arg2_name, arg2_val)
Definition trace-event-no-perfetto.h:64
TRACE_EVENT1
#define TRACE_EVENT1(category_group, name, arg1_name, arg1_val)
Definition trace-event-no-perfetto.h:37
TRACE_EVENT_FLAG_FLOW_OUT
#define TRACE_EVENT_FLAG_FLOW_OUT
Definition trace-event-no-perfetto.h:837
TRACE_EVENT_FLAG_FLOW_IN
#define TRACE_EVENT_FLAG_FLOW_IN
Definition trace-event-no-perfetto.h:836
trace_id_
const uint64_t trace_id_
Definition traced-handles.cc:479
heap_
Heap * heap_
Definition traced-handles.cc:476
TRACE_STR_COPY
#define TRACE_STR_COPY(str)
Definition trace-event.h:50
V8_INLINE
#define V8_INLINE
Definition v8config.h:500
V8_LIKELY
#define V8_LIKELY(condition)
Definition v8config.h:661
V8_UNLIKELY
#define V8_UNLIKELY(condition)
Definition v8config.h:660
value
std::unique_ptr< ValueMirror > value
Definition value-mirror.cc:950
key
std::unique_ptr< ValueMirror > key
Definition value-mirror.cc:949