deps: cherry-pick b93c80a from v8 upstream #7689

matthewloring · 2016-07-12T20:16:28Z

Checklist

make -j4 test (UNIX), or vcbuild test nosign (Windows) passes
commit message follows commit guidelines

Affected core subsystem(s)

deps

Description of change

Original commit message:

If we can't rehash the backing store for weak sets & maps, do a last
resort GC

BUG=v8:4909
R=hpayer@chromium.org

Committed: https://crrev.com/b93c80a6039c757723e70420ae73375b5d277814
Cr-Commit-Position: refs/heads/master@{#37591}

Fixes: #6180

matthewloring · 2016-07-12T20:17:36Z

Resolution of #6398.
\cc @nodejs/v8

ofrobots · 2016-07-12T20:24:50Z

/cc @nodejs/v8.

Added lts-watch-4.x label. v4.x would also need the fixes in deps: backport e093a04, 09db540 from upstream V8 #6398, but are not needed on master.
@matthewloring: for V8 5.2 and 5.3 can you request a merge in the upstream repository.

MylesBorins · 2016-07-12T21:04:27Z

@ofrobots would you be willing to put together a PR against v4.x-staging that includes all of those changes?

ofrobots · 2016-07-12T21:22:58Z

@thealphanerd Sure. Once this has baked for a couple of weeks on master and v6.x?

MylesBorins · 2016-07-12T21:24:01Z

sounds reasonable to me

bnoordhuis · 2016-07-13T03:15:33Z

deps/v8/src/objects.cc

+  // If we're out of luck, we didn't get a GC recently, and so rehashing
+  // isn't enough to avoid a crash.
+  int nof = table->NumberOfElements() + 1;
+  if (!table->HasSufficientCapacity(nof)) {


The call to HasSufficientCapacity() with n == NumberOfElements() + 1 doesn't look obviously correct to me. Here is its implementation:

template <typename Derived, typename Shape, typename Key> bool HashTable<Derived, Shape, Key>::HasSufficientCapacity(int n) { int capacity = Capacity(); int nof = NumberOfElements() + n; int nod = NumberOfDeletedElements(); // Return true if: // 50% is still free after adding n elements and // at most 50% of the free elements are deleted elements. if (nod <= (capacity - nof) >> 1) { int needed_free = nof >> 1; if (nof + needed_free <= capacity) return true; } return false; }

capacity - nof can be < 0 if capacity < NumberOfElements() * 2 + 1 and right-shifting a negative number has implementation dependent behavior. I think compilers all implement it as an arithmetic shift but I'd say it's better to avoid it altogether.

As well, because it uses int, there is a potential for integer overflow when NumberOfElements() is large.

The maximum size of the backing store is 128MB so that this can never happen.

You mean integer overflow? What about the capacity < NumberOfElements() * 2 + 1 case?

JSWeakCollection uses an ObjectHashTable as backing store. ObjectHashTableShape::kEntrySize is 2, ObjectHashTable::kMaxCapacity (FixedArray::kMaxSize(128 MB * kPointerSize) - FixArray::kHeaderSize) / kPointerSize / kEntrySize which is a bit less than 64MB, and NumberOfElements() * 2 + 1 can be at most 134217729 which fits nicely into a signed 32bit integer.

Sorry, I understand that the integer overflow case is covered. I mean the right shift when capacity < nof.

Ah, sorry, I didn't read carefully enough what you actually wrote. https://codereview.chromium.org/2162333002 should address this.

I can bring in 2162333002 as part of this PR. Does the fix there look good to you @bnoordhuis?

Looks good at a quick glance.

matthewloring · 2016-07-13T05:38:30Z

/cc @jeisinger who did the original PR.

bnoordhuis · 2016-07-22T10:02:30Z

LGTM

matthewloring · 2016-07-22T21:23:47Z

CI: https://ci.nodejs.org/job/node-test-pull-request/3390/

bnoordhuis · 2016-07-23T08:35:06Z

Can you also run the V8 test suite? That's the https://ci.nodejs.org/job/node-test-commit-v8-linux/ job.

ofrobots · 2016-07-23T14:36:49Z

V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/231/

matthewloring · 2016-07-25T18:19:38Z

@mhdawson @joransiu Any thoughts on the s390x failures?

joransiu · 2016-07-25T18:34:17Z

@matthewloring The s390x failures in StackAlignment in test-platform.cc (https://ci.nodejs.org/job/node-test-commit-v8-linux/nodes=rhel72-s390x,v8test=v8test/231/console) should be fixed via #7771, which should have landed already.

matthewloring · 2016-07-25T18:39:10Z

Running after rebase.
CI: https://ci.nodejs.org/job/node-test-pull-request/3407/
V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/238/

Trott · 2016-07-25T20:17:22Z

Will probably want to re-run CI after #7873 lands (hopefully within the hour). That will fix the bad build on four of the Linux hosts.

Original commit message: If we can't rehash the backing store for weak sets & maps, do a last resort GC BUG=v8:4909 R=hpayer@chromium.org Committed: https://crrev.com/b93c80a6039c757723e70420ae73375b5d277814 Cr-Commit-Position: refs/heads/master@{#37591} Fixes: #6180

Original commit message: Fix incorrect parameter to HasSufficientCapacity It takes the number of additional elements, not the total target capacity. Also, avoid right-shifting a negative integer as this is undefined in general BUG=v8:4909 R=verwaest@chromium.org Review-Url: https://codereview.chromium.org/2162333002 Cr-Commit-Position: refs/heads/master@{#37901}

matthewloring · 2016-07-26T01:20:34Z

Only the windows CI is failing and it seems to be failing similarly in other builds. I'll land this tomorrow if nobody objects.

Trott · 2016-07-26T01:58:23Z

Looks like the Windows issue has been fixed. Fingers-crossed re-run of CI: https://ci.nodejs.org/job/node-test-pull-request/3415/

matthewloring · 2016-07-26T17:47:50Z

Landed in a3d62bd, e22ffef.

ofrobots · 2016-07-26T21:56:04Z

@matthewloring do you also want to take care of this:

@thealphanerd

would you be willing to put together a PR against v4.x-staging that includes all of those changes?

matthewloring · 2016-07-26T22:52:02Z

@ofrobots @thealphanerd Opened here: #7883.

Original commit message: If we can't rehash the backing store for weak sets & maps, do a last resort GC BUG=v8:4909 R=hpayer@chromium.org Committed: https://crrev.com/b93c80a6039c757723e70420ae73375b5d277814 Cr-Commit-Position: refs/heads/master@{#37591} Fixes: nodejs#6180 PR-URL: nodejs#7689 Reviewed-By: Matt Loring <mattloring@google.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Original commit message: Fix incorrect parameter to HasSufficientCapacity It takes the number of additional elements, not the total target capacity. Also, avoid right-shifting a negative integer as this is undefined in general BUG=v8:4909 R=verwaest@chromium.org Review-Url: https://codereview.chromium.org/2162333002 Cr-Commit-Position: refs/heads/master@{nodejs#37901} Fixes: nodejs#6180 PR-URL: nodejs#7689 Reviewed-By: Matt Loring <mattloring@google.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Original commit messages: v8/v8@e093a04 Rehash and clear deleted entries in weak collections during GC Otherwise, they'll just keep growing until we run out of memory or hit the FixedArray's maximum capacity. BUG=v8:4909 R=hpayer@chromium.org LOG=n Review URL: https://codereview.chromium.org/1877233005 Cr-Commit-Position: refs/heads/master@{#35514} v8/v8@09db540 Reland of Rehash and clear deleted entries in weak collections during GC BUG=v8:4909 R=hpayer@chromium.org,ulan@chromium.org LOG=n Review URL: https://codereview.chromium.org/1890123002 Cr-Commit-Position: refs/heads/master@{#35538} Ref: https://crbug.com/v8/4909 Ref: #7883 Fixes: #6180 PR-URL: #7689 Reviewed-By: Matt Loring <mattloring@google.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Original commit message: If we can't rehash the backing store for weak sets & maps, do a last resort GC BUG=v8:4909 R=hpayer@chromium.org Committed: https://crrev.com/b93c80a6039c757723e70420ae73375b5d277814 Cr-Commit-Position: refs/heads/master@{#37591} Fixes: #6180 Ref: #7883 PR-URL: #7689 Reviewed-By: Matt Loring <mattloring@google.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Original commit message: Fix incorrect parameter to HasSufficientCapacity It takes the number of additional elements, not the total target capacity. Also, avoid right-shifting a negative integer as this is undefined in general BUG=v8:4909 R=verwaest@chromium.org Review-Url: https://codereview.chromium.org/2162333002 Cr-Commit-Position: refs/heads/master@{#37901} Fixes: #6180 Ref: #7883 PR-URL: #7689 Reviewed-By: Matt Loring <mattloring@google.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>