cppgc: Implement --cppgc-random-gc-interval=<n>.

The flag is analogous to the V8 counterpart, which runs GCs at random
intervals (from 0 to n). The flag is useful for fuzzing bots.

Bug: v8:14590
Change-Id: Id9b115a0fecfe85176a512ef64b0f920c9129d8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5260141
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#92385}

src/flags/flag-definitions.h

@@ -1661,14 +1661,16 @@ DEFINE_BOOL(separate_gc_phases, false,
             "young and full garbage collection phases are not overlapping")
 DEFINE_BOOL(gc_global, false, "always perform global GCs")
 
-// TODO(12950): The next two flags only have an effect if
+// TODO(12950): The next three flags only have an effect if
 // V8_ENABLE_ALLOCATION_TIMEOUT is set, so we should only define them in that
 // config. That currently breaks Node's parallel/test-domain-error-types test
 // though.
 DEFINE_INT(random_gc_interval, 0,
-           "Collect garbage after random(0, X) allocations. It overrides "
+           "Collect garbage after random(0, X) V8 allocations. It overrides "
            "gc_interval.")
 DEFINE_INT(gc_interval, -1, "garbage collect after <n> allocations")
+DEFINE_INT(cppgc_random_gc_interval, 0,
+           "Collect garbage after random(0, X) cppgc allocations.")
 
 DEFINE_INT(retain_maps_for_n_gc, 2,
            "keeps maps alive for <n> old space garbage collections")

src/heap/cppgc-js/cpp-heap.cc

@@ -473,6 +473,9 @@ CppHeap::CppHeap(
   // garbage collections.
   no_gc_scope_++;
   stats_collector()->RegisterObserver(this);
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  object_allocator().UpdateAllocationTimeout();
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
 }
 
 CppHeap::~CppHeap() {
@@ -1202,6 +1205,19 @@ void CppHeap::StartIncrementalGarbageCollection(cppgc::internal::GCConfig) {
 
 size_t CppHeap::epoch() const { UNIMPLEMENTED(); }
 
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+v8::base::Optional<int> CppHeap::UpdateAllocationTimeout() {
+  if (!v8_flags.cppgc_random_gc_interval) {
+    return v8::base::nullopt;
+  }
+  if (!allocation_timeout_rng_) {
+    allocation_timeout_rng_.emplace(v8_flags.fuzzer_random_seed);
+  }
+  return allocation_timeout_rng_->NextInt(v8_flags.cppgc_random_gc_interval) +
+         1;
+}
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
+
 void CppHeap::ResetCrossHeapRememberedSet() {
   if (!generational_gc_supported()) {
     DCHECK(cross_heap_remembered_set_.IsEmpty());

src/heap/cppgc-js/cpp-heap.h

@@ -16,6 +16,7 @@ static_assert(
 #include "src/base/flags.h"
 #include "src/base/macros.h"
 #include "src/base/optional.h"
+#include "src/base/utils/random-number-generator.h"
 #include "src/heap/cppgc-js/cross-heap-remembered-set.h"
 #include "src/heap/cppgc/heap-base.h"
 #include "src/heap/cppgc/marker.h"
@@ -179,6 +180,9 @@ class V8_EXPORT_PRIVATE CppHeap final
   const cppgc::EmbedderStackState* override_stack_state() const override;
   void StartIncrementalGarbageCollection(cppgc::internal::GCConfig) override;
   size_t epoch() const override;
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  v8::base::Optional<int> UpdateAllocationTimeout() final;
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
 
   V8_INLINE void RememberCrossHeapReferenceIfNeeded(
       v8::internal::Tagged<v8::internal::JSObject> host_obj, void* value);
@@ -250,6 +254,11 @@ class V8_EXPORT_PRIVATE CppHeap final
   // on each increment.
   size_t allocated_size_limit_for_check_ = 0;
 
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  // Use standalone RNG to avoid initialization order dependency.
+  base::Optional<v8::base::RandomNumberGenerator> allocation_timeout_rng_;
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
+
   friend class MetricRecorderAdapter;
 };
 

src/heap/cppgc/garbage-collector.h

@@ -6,6 +6,7 @@
 #define V8_HEAP_CPPGC_GARBAGE_COLLECTOR_H_
 
 #include "include/cppgc/common.h"
+#include "src/base/optional.h"
 #include "src/heap/cppgc/heap-config.h"
 
 namespace cppgc {
@@ -25,6 +26,10 @@ class GarbageCollector {
 
   // Returns a non-null state if the stack state if overriden.
   virtual const EmbedderStackState* override_stack_state() const = 0;
+
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  virtual v8::base::Optional<int> UpdateAllocationTimeout() = 0;
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
 };
 
 }  // namespace internal

src/heap/cppgc/gc-invoker.cc

@@ -27,6 +27,11 @@ class GCInvoker::GCInvokerImpl final : public GarbageCollector {
   const EmbedderStackState* override_stack_state() const final {
     return collector_->override_stack_state();
   }
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  v8::base::Optional<int> UpdateAllocationTimeout() final {
+    return v8::base::nullopt;
+  }
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
 
  private:
   class GCTask final : public cppgc::Task {
@@ -144,5 +149,11 @@ const EmbedderStackState* GCInvoker::override_stack_state() const {
   return impl_->override_stack_state();
 }
 
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+v8::base::Optional<int> GCInvoker::UpdateAllocationTimeout() {
+  return impl_->UpdateAllocationTimeout();
+}
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
+
 }  // namespace internal
 }  // namespace cppgc

src/heap/cppgc/gc-invoker.h

@@ -38,6 +38,9 @@ class V8_EXPORT_PRIVATE GCInvoker final : public GarbageCollector {
   void StartIncrementalGarbageCollection(GCConfig) final;
   size_t epoch() const final;
   const EmbedderStackState* override_stack_state() const final;
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  v8::base::Optional<int> UpdateAllocationTimeout() final;
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
 
  private:
   class GCInvokerImpl;

src/heap/cppgc/heap.cc

@@ -84,6 +84,9 @@ Heap::Heap(std::shared_ptr<cppgc::Platform> platform,
                 platform_->GetForegroundTaskRunner());
   CHECK_IMPLIES(options.sweeping_support != HeapBase::SweepingType::kAtomic,
                 platform_->GetForegroundTaskRunner());
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  object_allocator().UpdateAllocationTimeout();
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
 }
 
 Heap::~Heap() {

src/heap/cppgc/heap.h

@@ -41,6 +41,12 @@ class V8_EXPORT_PRIVATE Heap final : public HeapBase,
     return HeapBase::override_stack_state();
   }
 
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  v8::base::Optional<int> UpdateAllocationTimeout() final {
+    return v8::base::nullopt;
+  }
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
+
   void EnableGenerationalGC();
 
   void DisableHeapGrowingForTesting();

src/heap/cppgc/object-allocator.cc

@@ -308,5 +308,22 @@ bool ObjectAllocator::in_disallow_gc_scope() const {
   return raw_heap_.heap()->IsGCForbidden();
 }
 
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+void ObjectAllocator::UpdateAllocationTimeout() {
+  allocation_timeout_ = garbage_collector_.UpdateAllocationTimeout();
+}
+
+void ObjectAllocator::TriggerGCOnAllocationTimeoutIfNeeded() {
+  if (!allocation_timeout_) return;
+  DCHECK_GT(*allocation_timeout_, 0);
+  if (--*allocation_timeout_ == 0) {
+    garbage_collector_.CollectGarbage(GCConfig::ConservativeAtomicConfig());
+    allocation_timeout_ = garbage_collector_.UpdateAllocationTimeout();
+    DCHECK(allocation_timeout_);
+    DCHECK_GT(*allocation_timeout_, 0);
+  }
+}
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
+
 }  // namespace internal
 }  // namespace cppgc

src/heap/cppgc/object-allocator.h

@@ -9,6 +9,7 @@
 #include "include/cppgc/internal/gc-info.h"
 #include "include/cppgc/macros.h"
 #include "src/base/logging.h"
+#include "src/base/optional.h"
 #include "src/heap/cppgc/globals.h"
 #include "src/heap/cppgc/heap-object-header.h"
 #include "src/heap/cppgc/heap-page.h"
@@ -54,6 +55,13 @@ class V8_EXPORT_PRIVATE ObjectAllocator final : public cppgc::AllocationHandle {
   void ResetLinearAllocationBuffers();
   void MarkAllPagesAsYoung();
 
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  void UpdateAllocationTimeout();
+  int get_allocation_timeout_for_testing() const {
+    return *allocation_timeout_;
+  }
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
+
  private:
   bool in_disallow_gc_scope() const;
 
@@ -83,16 +91,28 @@ class V8_EXPORT_PRIVATE ObjectAllocator final : public cppgc::AllocationHandle {
   bool TryRefillLinearAllocationBufferFromFreeList(NormalPageSpace&, size_t);
   bool TryExpandAndRefillLinearAllocationBuffer(NormalPageSpace&);
 
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  void TriggerGCOnAllocationTimeoutIfNeeded();
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
+
   RawHeap& raw_heap_;
   PageBackend& page_backend_;
   StatsCollector& stats_collector_;
   PreFinalizerHandler& prefinalizer_handler_;
   FatalOutOfMemoryHandler& oom_handler_;
   GarbageCollector& garbage_collector_;
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  // Specifies how many allocations should be performed until triggering a
+  // garbage collection.
+  v8::base::Optional<int> allocation_timeout_;
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
 };
 
 void* ObjectAllocator::AllocateObject(size_t size, GCInfoIndex gcinfo) {
   DCHECK(!in_disallow_gc_scope());
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  TriggerGCOnAllocationTimeoutIfNeeded();
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
   const size_t allocation_size =
       RoundUp<kAllocationGranularity>(size + sizeof(HeapObjectHeader));
   const RawHeap::RegularSpaceType type =
@@ -104,6 +124,9 @@ void* ObjectAllocator::AllocateObject(size_t size, GCInfoIndex gcinfo) {
 void* ObjectAllocator::AllocateObject(size_t size, AlignVal alignment,
                                       GCInfoIndex gcinfo) {
   DCHECK(!in_disallow_gc_scope());
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  TriggerGCOnAllocationTimeoutIfNeeded();
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
   const size_t allocation_size =
       RoundUp<kAllocationGranularity>(size + sizeof(HeapObjectHeader));
   const RawHeap::RegularSpaceType type =
@@ -115,6 +138,9 @@ void* ObjectAllocator::AllocateObject(size_t size, AlignVal alignment,
 void* ObjectAllocator::AllocateObject(size_t size, GCInfoIndex gcinfo,
                                       CustomSpaceIndex space_index) {
   DCHECK(!in_disallow_gc_scope());
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  TriggerGCOnAllocationTimeoutIfNeeded();
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
   const size_t allocation_size =
       RoundUp<kAllocationGranularity>(size + sizeof(HeapObjectHeader));
   return AllocateObjectOnSpace(
@@ -126,6 +152,9 @@ void* ObjectAllocator::AllocateObject(size_t size, AlignVal alignment,
                                       GCInfoIndex gcinfo,
                                       CustomSpaceIndex space_index) {
   DCHECK(!in_disallow_gc_scope());
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  TriggerGCOnAllocationTimeoutIfNeeded();
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
   const size_t allocation_size =
       RoundUp<kAllocationGranularity>(size + sizeof(HeapObjectHeader));
   return AllocateObjectOnSpace(

test/unittests/heap/cppgc-js/unified-heap-unittest.cc

@@ -23,6 +23,7 @@
 #include "src/heap/cppgc-js/cpp-heap.h"
 #include "src/heap/cppgc/heap-object-header.h"
 #include "src/heap/cppgc/sweeper.h"
+#include "src/heap/gc-tracer-inl.h"
 #include "src/objects/objects-inl.h"
 #include "test/unittests/heap/cppgc-js/unified-heap-utils.h"
 #include "test/unittests/heap/heap-utils.h"
@@ -793,4 +794,37 @@ TEST_F(UnifiedHeapTest, CppgcSweepingDuringMinorV8Sweeping) {
   v8_flags.single_threaded_gc = single_threaded_gc_flag;
 }
 
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+struct RandomGCIntervalTestSetter {
+  RandomGCIntervalTestSetter() {
+    static constexpr int kInterval = 87;
+    v8_flags.cppgc_random_gc_interval = kInterval;
+  }
+  ~RandomGCIntervalTestSetter() { v8_flags.cppgc_random_gc_interval = 0; }
+};
+
+struct UnifiedHeapTestWithRandomGCInterval : RandomGCIntervalTestSetter,
+                                             UnifiedHeapTest {};
+
+TEST_F(UnifiedHeapTestWithRandomGCInterval, AllocationTimeout) {
+  auto& cpp_heap = *CppHeap::From(isolate()->heap()->cpp_heap());
+  auto& allocator = cpp_heap.object_allocator();
+  const int initial_allocation_timeout =
+      allocator.get_allocation_timeout_for_testing();
+  ASSERT_GT(initial_allocation_timeout, 0);
+  const auto current_epoch = isolate()->heap()->tracer()->CurrentEpoch(
+      GCTracer::Scope::MARK_COMPACTOR);
+  for (int i = 0; i < initial_allocation_timeout - 1; ++i) {
+    MakeGarbageCollected<Wrappable>(allocation_handle());
+  }
+  // Expect no GC happened so far.
+  EXPECT_EQ(current_epoch, isolate()->heap()->tracer()->CurrentEpoch(
+                               GCTracer::Scope::MARK_COMPACTOR));
+  // This allocation must cause a GC.
+  MakeGarbageCollected<Wrappable>(allocation_handle());
+  EXPECT_EQ(current_epoch + 1, isolate()->heap()->tracer()->CurrentEpoch(
+                                   GCTracer::Scope::MARK_COMPACTOR));
+}
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
+
 }  // namespace v8::internal

test/unittests/heap/cppgc/gc-invoker-unittest.cc

@@ -23,6 +23,9 @@ class MockGarbageCollector : public GarbageCollector {
   MOCK_METHOD(size_t, epoch, (), (const, override));
   MOCK_METHOD(const EmbedderStackState*, override_stack_state, (),
               (const, override));
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  MOCK_METHOD(v8::base::Optional<int>, UpdateAllocationTimeout, (), (override));
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
 };
 
 class MockTaskRunner : public cppgc::TaskRunner {

test/unittests/heap/cppgc/heap-growing-unittest.cc

@@ -39,6 +39,11 @@ class FakeGarbageCollector : public GarbageCollector {
   const EmbedderStackState* override_stack_state() const override {
     return nullptr;
   }
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  v8::base::Optional<int> UpdateAllocationTimeout() override {
+    return v8::base::nullopt;
+  }
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
 
  private:
   StatsCollector* stats_collector_;
@@ -53,6 +58,9 @@ class MockGarbageCollector : public GarbageCollector {
   MOCK_METHOD(size_t, epoch, (), (const, override));
   MOCK_METHOD(const EmbedderStackState*, override_stack_state, (),
               (const, override));
+#ifdef V8_ENABLE_ALLOCATION_TIMEOUT
+  MOCK_METHOD(v8::base::Optional<int>, UpdateAllocationTimeout, (), (override));
+#endif  // V8_ENABLE_ALLOCATION_TIMEOUT
 };
 
 void FakeAllocate(StatsCollector* stats_collector, size_t bytes) {