The layout descriptor helper computes the object header size using
map->instance_size() and map->GetInObjectProperties().
It races with finalization of slack tracking, which changes both
the instance size and the in-object properties count.
This patch replaces the in-object properties count byte in the map
with the byte that stores the start offset of in-object properties.
The new byte can be used in the layout descriptor to compute the
object header size and it is immutable.
This patch also renames InstanceSize to InstanceSizeInWords where
the instance size is represented in words.
Bug: chromium:786069, chromium:694255
Change-Id: I4b48c6944d3fe8a950bd7b0ba43d75216b177a78
Reviewed-on: https://chromium-review.googlesource.com/776720
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49461}
This CL fixes all occurences that don't require special OWNER reviews,
or can be reviewed by Michi.
After this one, we should be able to reenable the readability/check
cpplint check.
R=mstarzinger@chromium.org
Bug: v8:6837, v8:6921
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ic81d68d5534eaa795b7197fed5c41ed158361d62
Reviewed-on: https://chromium-review.googlesource.com/721120
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48670}
LayoutDescriptor is currently the only case where the Scavenger needs to
potentially follow an updated slot to iterate an object. This scenario
requires at least Acq/Rel semantics.
In order to use relaxed store/load for the slots we need to allocate it
pretenured.
Bug: chromium:738865
Change-Id: I353fa6f252b436918b60fff54ece5ce5c7783072
Reviewed-on: https://chromium-review.googlesource.com/590429
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46965}
This adds a convenience method for the common Smi to int conversion
pattern.
Bug:
Change-Id: I7d7b171c36cfec5f6d10c60f1d9c3e06e3aed0fa
Reviewed-on: https://chromium-review.googlesource.com/563205
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46516}
The race happens when the layout descriptor is evacuated at the same
time as an object that has this layout descriptor is evacuated.
Change-Id: I0a5fc545cf359fdfe738d8b6359713f5ea170986
Reviewed-on: https://chromium-review.googlesource.com/544953
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46175}
This is a necessary cleanup before introducing PropertyConstness bit.
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2624903003
Cr-Commit-Position: refs/heads/master@{#42277}
This reverts commit 7db0ecdec3.
Manual revert since automatic revert is too large for the web interface.
BUG=
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,ahaas@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
Review-Url: https://codereview.chromium.org/2396353002
Cr-Commit-Position: refs/heads/master@{#40082}
This enables linter checking for "readability/namespace" violations
during presubmit and instead marks the few known exceptions that we
allow explicitly.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1371083003
Cr-Commit-Position: refs/heads/master@{#31019}
This CL us a pure refactoring that makes an empty compilation unit
including just "foo.h" but not "foo-inl.h" compile without warnings or
errors. This is needed to further reduce the header dependency tangle.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1290743005
Cr-Commit-Position: refs/heads/master@{#30158}
This way we can greatly simplify the different variants of ToObject in
our codebase and make them more uniform and robust. Adding a new
primitive doesn't require finding and changing all those places again,
but it is sufficient to setup the constructor function index when
allocating the map.
We use the inobject properties field of Map, which is invalid primitive
maps anyway.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1276533003
Cr-Commit-Position: refs/heads/master@{#30119}
Reason for revert:
Breaks gbemu
Original issue's description:
> Reland "LayoutDescriptor should inherit from JSTypedArray"
>
> Original issue's description:
> > LayoutDescriptor should inherit from JSTypedArray
> >
> > It can't just inherit from a FixedTypedArray-like type, as we soon
> > assume that a FixedTypedArray-like type is always held by an
> > ArrayBufferView-like type
> >
> > BUG=v8:3996
> > R=ishell@chromium.org,verwaest@chromium.org
> > LOG=n
>
> BUG=v8:3996
> R=ishell@chromium.org,verwaest@chromium.org
> LOG=n
TBR=ishell@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3996
Review URL: https://codereview.chromium.org/1080403004
Cr-Commit-Position: refs/heads/master@{#27975}
Original issue's description:
> LayoutDescriptor should inherit from JSTypedArray
>
> It can't just inherit from a FixedTypedArray-like type, as we soon
> assume that a FixedTypedArray-like type is always held by an
> ArrayBufferView-like type
>
> BUG=v8:3996
> R=ishell@chromium.org,verwaest@chromium.org
> LOG=n
BUG=v8:3996
R=ishell@chromium.org,verwaest@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1094333002
Cr-Commit-Position: refs/heads/master@{#27973}
Reason for revert:
breaks mjsunit on debug bots
Original issue's description:
> LayoutDescriptor should inherit from JSTypedArray
>
> It can't just inherit from a FixedTypedArray-like type, as we soon
> assume that a FixedTypedArray-like type is always held by an
> ArrayBufferView-like type
>
> BUG=v8:3996
> R=ishell@chromium.org,verwaest@chromium.org
> LOG=n
TBR=ishell@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3996
Review URL: https://codereview.chromium.org/1073053006
Cr-Commit-Position: refs/heads/master@{#27968}
It can't just inherit from a FixedTypedArray-like type, as we soon
assume that a FixedTypedArray-like type is always held by an
ArrayBufferView-like type
BUG=v8:3996
R=ishell@chromium.org,verwaest@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1084793004
Cr-Commit-Position: refs/heads/master@{#27964}
This functionality is now used by both object visitor and store buffer.
TEST=cctest/test-unboxed-doubles
Review URL: https://codereview.chromium.org/726713003
Cr-Commit-Position: refs/heads/master@{#25816}
