Commit Graph

691 Commits

Author SHA1 Message Date
Benedikt Meurer
1525374ff5 [es2015] Extend the array iterator protector.
Previously the array iterator protector only guarded the lookup of the
@@iterator symbol on the initial Array.prototype, and we had to use an
additional map check on the %ArrayIteratorPrototype% to ensure that no
one messed with the next() method.  This CL extends the array iterator
protector to also guard the lookup of %ArrayIteratorPrototype%.next.

This simplifies the code quite a bit and makes it more robust for cases
where someone has to install additional methods on the iterator
prototype, i.e. a custom async iterator.

Bug: v8:7510, v8:7514
Change-Id: Ie6080bb837a91a2b60b224597121470614210660
Reviewed-on: https://chromium-review.googlesource.com/945728
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51684}
2018-03-02 09:34:31 +00:00
Hannes Payer
af1bffd314 [heap] Move FreeListCategory memory out of the page header.
Bug: chromium:774108
Change-Id: I5345fed261862b0e20356ec4579b16cdf0ea58a6
Reviewed-on: https://chromium-review.googlesource.com/899148
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51606}
2018-02-27 15:39:04 +00:00
Michael Starzinger
fafd1cdd35 Move exception handler table into instruction stream.
This changes the encoding of the {HandlerTable} from an array of Smi
values to a byte array. It allows embedding of said array into the
instruction stream of {Code} objects (similar to how safepoint tables
work). For interpreted bytecode the table is attached as a {ByteArray}
to the bytecode.

The advantage of this approach is a more compact encoding and also the
ability to move such tables easily off the GC'ed heap if needed (as is
done for WebAssembly code for example).

R=jarin@chromium.org

Change-Id: I3320415dff69b3d1053825bda0d667a28232bf6d
Reviewed-on: https://chromium-review.googlesource.com/934642
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51589}
2018-02-27 10:20:35 +00:00
Ross McIlroy
aa9843d796 [Compiler] Don't save FeedbackVector in CompilationCache for Scripts.
The compilation logic never used the saved FeedbackVector for Script
compiles when looking up the CompilationCache, so remove it and
simplify the return value of LookupScript to be a
MaybeHandle<SharedFunctionInfo>

Change-Id: Ib1d833f997b299e2e79621bd8509bdfd911d4e10
Reviewed-on: https://chromium-review.googlesource.com/924002
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51443}
2018-02-21 17:07:13 +00:00
Gabriel Charette
ac17ba0e56 Reland "Introduce ConcurrentMarking::StopRequest API."
This is a reland of f4b4109936.

Not expected to be the culprit of the 4 CL revert.

Original change's description:
> Introduce ConcurrentMarking::StopRequest API.
>
> This was extracted from https://chromium-review.googlesource.com/c/v8/v8/+/924073/10
> after it became clear that using COMPLETE_TASKS/PREEMPT_TASKS where
> it should make sense to doesn't work in practice for now.
>
> Experimental CLs which led to the above conclusion:
>  - https://chromium-review.googlesource.com/c/v8/v8/+/924865
>    (COMPLETE or CANCEL -- still broken)
>  - https://chromium-review.googlesource.com/c/v8/v8/+/924866
>    (CANCEL only, as before, works)
>  - https://chromium-review.googlesource.com/c/v8/v8/+/924028
>    (CANCEL and PREEMPT -- broken as well)
>
> Introducing this unittested API allows to reduce the size
> of the CLs causing hard-to-diagnose bots-only failures
> and fix them individually follow-ups @
>
>  1) https://chromium-review.googlesource.com/c/v8/v8/+/924029
>  2) https://chromium-review.googlesource.com/c/v8/v8/+/924031
>  3) https://chromium-review.googlesource.com/c/v8/v8/+/924030
>
> Bug: chromium:812178
> Change-Id: Icdac456e9f7874b0c4b321ccdb8898297dad7d73
> Reviewed-on: https://chromium-review.googlesource.com/924867
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51353}

Bug: chromium:812178
Change-Id: Iaa32f9cc6b2fa7004c7fae1f79aa4b00f5f8f34c
Reviewed-on: https://chromium-review.googlesource.com/924006
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51371}
2018-02-19 14:46:44 +00:00
Clemens Hammacher
b8a727e14c Revert "Introduce ConcurrentMarking::StopRequest API."
This reverts commit f4b4109936.

Reason for revert: Several GC failures, e.g. https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/23236, https://build.chromium.org/p/client.v8/builders/V8%20Mac/builds/18390 

Original change's description:
> Introduce ConcurrentMarking::StopRequest API.
> 
> This was extracted from https://chromium-review.googlesource.com/c/v8/v8/+/924073/10
> after it became clear that using COMPLETE_TASKS/PREEMPT_TASKS where
> it should make sense to doesn't work in practice for now.
> 
> Experimental CLs which led to the above conclusion:
>  - https://chromium-review.googlesource.com/c/v8/v8/+/924865
>    (COMPLETE or CANCEL -- still broken)
>  - https://chromium-review.googlesource.com/c/v8/v8/+/924866
>    (CANCEL only, as before, works)
>  - https://chromium-review.googlesource.com/c/v8/v8/+/924028
>    (CANCEL and PREEMPT -- broken as well)
> 
> Introducing this unittested API allows to reduce the size
> of the CLs causing hard-to-diagnose bots-only failures
> and fix them individually follow-ups @
> 
>  1) https://chromium-review.googlesource.com/c/v8/v8/+/924029
>  2) https://chromium-review.googlesource.com/c/v8/v8/+/924031
>  3) https://chromium-review.googlesource.com/c/v8/v8/+/924030
> 
> Bug: chromium:812178
> Change-Id: Icdac456e9f7874b0c4b321ccdb8898297dad7d73
> Reviewed-on: https://chromium-review.googlesource.com/924867
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51353}

TBR=gab@chromium.org,ulan@chromium.org,mlippautz@chromium.org

Change-Id: Ia001cc81c6a7bc030b54d3aa9b9bcecc833300e6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:812178
Reviewed-on: https://chromium-review.googlesource.com/925302
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51365}
2018-02-19 13:59:18 +00:00
Gabriel Charette
f4b4109936 Introduce ConcurrentMarking::StopRequest API.
This was extracted from https://chromium-review.googlesource.com/c/v8/v8/+/924073/10
after it became clear that using COMPLETE_TASKS/PREEMPT_TASKS where
it should make sense to doesn't work in practice for now.

Experimental CLs which led to the above conclusion:
 - https://chromium-review.googlesource.com/c/v8/v8/+/924865
   (COMPLETE or CANCEL -- still broken)
 - https://chromium-review.googlesource.com/c/v8/v8/+/924866
   (CANCEL only, as before, works)
 - https://chromium-review.googlesource.com/c/v8/v8/+/924028
   (CANCEL and PREEMPT -- broken as well)

Introducing this unittested API allows to reduce the size
of the CLs causing hard-to-diagnose bots-only failures
and fix them individually follow-ups @

 1) https://chromium-review.googlesource.com/c/v8/v8/+/924029
 2) https://chromium-review.googlesource.com/c/v8/v8/+/924031
 3) https://chromium-review.googlesource.com/c/v8/v8/+/924030

Bug: chromium:812178
Change-Id: Icdac456e9f7874b0c4b321ccdb8898297dad7d73
Reviewed-on: https://chromium-review.googlesource.com/924867
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51353}
2018-02-19 10:39:08 +00:00
Ulan Degenbaev
bba08b3314 [heap] Add description parameter to RootVisitor methods.
The description will be used to annotate roots in the heap snapshot.

Bug: chromium:811842
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ic5c9a89d1921cabddb06783f08ba63740e72820d
Reviewed-on: https://chromium-review.googlesource.com/916564
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51286}
2018-02-14 10:17:34 +00:00
Adam Klein
3916401e4b Revert "[builtins] Mega-revert to address the Dev blocker in crbug.com/808911."
This reverts commit 14108f4c2e.

Reason for revert: Not the culprit for Canary microtask crashes

Original change's description:
> [builtins] Mega-revert to address the Dev blocker in crbug.com/808911.
> 
> - Revert "[builtins] Save one word in contexts for Promise.all."
>   This reverts commit 7632da067b.
> - Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
>   This reverts commit d4f072ced3.
> - Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
>   This reverts commit 6703dacdd6.
> - Revert "[debugger] Properly deal with settled promises in catch prediction."
>   This reverts commit 40dd065823.
> - Revert "[builtins] Widen the fast-path for Promise builtins."
>   This reverts commit db0556b7e8.
> - Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
>   This reverts commit a582199c5e.
> - Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
>   This reverts commit 6bf8885290.
> - Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
>   This reverts commit 313b490ddd.
> - Revert "[builtins] Inline InternalPromiseThen into it's only caller"
>   This reverts commit f7bd6a2fd6.
> - Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
>   This reverts commit b23b098fa0.
> - Revert "[promise] Remove incorrect fast path"
>   This reverts commit 0f6eafe855.
> - Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
>   This reverts commit 8a677a2831.
> - Revert "[builtins] Refactor promises to reduce GC overhead."
>   This reverts commit 8e7737cb58.
> 
> Tbr: hpayer@chromium.org
> Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
> Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/906991
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51158}

Change-Id: I09d958cbebd635a325809072a290f2f53df8c5d4
Tbr: adamk@chromium.org,yangguo@chromium.org,bmeurer@chromium.org
Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/908988
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51181}
2018-02-08 17:25:13 +00:00
Benedikt Meurer
14108f4c2e [builtins] Mega-revert to address the Dev blocker in crbug.com/808911.
- Revert "[builtins] Save one word in contexts for Promise.all."
  This reverts commit 7632da067b.
- Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
  This reverts commit d4f072ced3.
- Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
  This reverts commit 6703dacdd6.
- Revert "[debugger] Properly deal with settled promises in catch prediction."
  This reverts commit 40dd065823.
- Revert "[builtins] Widen the fast-path for Promise builtins."
  This reverts commit db0556b7e8.
- Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
  This reverts commit a582199c5e.
- Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
  This reverts commit 6bf8885290.
- Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
  This reverts commit 313b490ddd.
- Revert "[builtins] Inline InternalPromiseThen into it's only caller"
  This reverts commit f7bd6a2fd6.
- Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
  This reverts commit b23b098fa0.
- Revert "[promise] Remove incorrect fast path"
  This reverts commit 0f6eafe855.
- Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
  This reverts commit 8a677a2831.
- Revert "[builtins] Refactor promises to reduce GC overhead."
  This reverts commit 8e7737cb58.

Tbr: hpayer@chromium.org
Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/906991
Commit-Queue: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51158}
2018-02-07 19:46:59 +00:00
Benedikt Meurer
db0556b7e8 [builtins] Widen the fast-path for Promise builtins.
This adds a new isolate wide Promise#then protector, which guards the
"then" lookup for all JSPromise instances whose [[Prototype]] is the
initial %PromisePrototype%. Thus arbitrary mutations to the
Promise.prototype (i.e. monkey-patching other methods or installing
new functions) no longer sent you down the slow-path. Use this protector
in Promise.prototype.catch and in Promise.resolve.

Drive-by-fix: Restructure the resolve logic a bit and avoid the
expensive and large SameValue check, which can be turned into a simple
reference equal, as the promise in there is known to be a JSPromise
anyways.

Bug: v8:7253
Change-Id: If68b12c6bc6ca9c4d10552ae84854ebc3b5774f9
Reviewed-on: https://chromium-review.googlesource.com/899302
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51085}
2018-02-04 08:58:02 +00:00
Mike Stanton
291dc3cd1f [Feedback Vector] Coalesce Nexii to Feedback Nexus.
The FeedbackNexus classes initially were one-to-one with IC classes,
but over time this got out of date. We also found Nexus' useful, so
we made more classes even for cases that weren't ICs.

The inheritence and polymorphism became confusing and led to
duplication. Better, to just talk about a (single) FeedbackNexus.

Bug: v8:7344
Change-Id: I509dc9657895d56c3859de6e6589695cdff9e73e
Reviewed-on: https://chromium-review.googlesource.com/890452
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50997}
2018-01-31 14:34:33 +00:00
Hannes Payer
14eec66781 [heap] Remove page header tag from owner field.
This reverts commit 8d7522bc67 and fixes
the TSAN issue.

Bug: chromium:800251
Change-Id: Ie88e5281f7543bb3420703e798416d4a6dbbd91a
Reviewed-on: https://chromium-review.googlesource.com/864042
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50535}
2018-01-12 13:44:55 +00:00
Martyn Capewell
c6ea032850 Reland "[arm64] Switch jssp to csp"
This is a reland of 50baf93425

This fixes the number of expected instructions in MaybeCallEntryHookDelayed,
only exposed by nosnap tests.

Original change's description:
> [arm64] Switch jssp to csp
>
> Switch stack pointer to using csp directly, making jssp redundant.
>
> Bug: v8:6644
> Change-Id: I8e38eda50d56a25161b187c0a033608dd9f90239
> Reviewed-on: https://chromium-review.googlesource.com/860097
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#50487}

Bug: v8:6644
Change-Id: Ie9a969ccbf00fd7a7cff8f45b73cdb6bc4f17df9
Reviewed-on: https://chromium-review.googlesource.com/860639
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50513}
2018-01-11 18:42:13 +00:00
Adam Klein
8d7522bc67 Revert "[heap] Remove page header tag from owner field."
This reverts commit 6af43874b5.

Reason for revert: Linux TSAN failures:

https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/19028

Original change's description:
> [heap] Remove page header tag from owner field.
> 
> Bug: chromium:800251
> Change-Id: I101131b4651b0bb27a79e5107ee43caf1229ffc7
> Reviewed-on: https://chromium-review.googlesource.com/860010
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50507}

TBR=ulan@chromium.org,hpayer@chromium.org

Change-Id: I29001423959f6d9faadbdba5228b28cfb1f5b341
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:800251
Reviewed-on: https://chromium-review.googlesource.com/861923
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50512}
2018-01-11 17:56:55 +00:00
Hannes Payer
6af43874b5 [heap] Remove page header tag from owner field.
Bug: chromium:800251
Change-Id: I101131b4651b0bb27a79e5107ee43caf1229ffc7
Reviewed-on: https://chromium-review.googlesource.com/860010
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50507}
2018-01-11 14:49:34 +00:00
Adam Klein
89348016ff Revert "[arm64] Switch jssp to csp"
This reverts commit 50baf93425.

Reason for revert: breaks arm64 nosnap debug tests:

https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug/builds/8418

Original change's description:
> [arm64] Switch jssp to csp
> 
> Switch stack pointer to using csp directly, making jssp redundant.
> 
> Bug: v8:6644
> Change-Id: I8e38eda50d56a25161b187c0a033608dd9f90239
> Reviewed-on: https://chromium-review.googlesource.com/860097
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#50487}

TBR=martyn.capewell@arm.com,bmeurer@chromium.org

Change-Id: I20015885e6029271ee6558509cdb92ff1a106e5f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6644
Reviewed-on: https://chromium-review.googlesource.com/860319
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50488}
2018-01-10 18:38:44 +00:00
Martyn Capewell
50baf93425 [arm64] Switch jssp to csp
Switch stack pointer to using csp directly, making jssp redundant.

Bug: v8:6644
Change-Id: I8e38eda50d56a25161b187c0a033608dd9f90239
Reviewed-on: https://chromium-review.googlesource.com/860097
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50487}
2018-01-10 17:45:35 +00:00
Hannes Payer
4bf8043148 [heap] Refactor and clean-up runtime allocation.
Bug: chromium:796896
Change-Id: I7f46f82d079502b8ec04c5e3be5f803ec9e62ffa
Reviewed-on: https://chromium-review.googlesource.com/854797
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50424}
2018-01-09 09:51:21 +00:00
Bill Budge
a449f09fad [Memory] Create memory management API in v8::internal.
- Creates a memory management API in v8::internal, which corresponds
  to the existing one in base::OS.
- Implements the new API in terms of the old one.
- Changes all usage of the base::OS API to the one in v8::internal. This
  includes all tests, except platform and OS tests.
- Makes OS:: methods private.
- Moves all LSAN calls into the v8::internal functions.

Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iaa3f022e3e12fdebf937f3c76b6c6455014beb8a
Reviewed-on: https://chromium-review.googlesource.com/794856
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50139}
2017-12-15 18:49:47 +00:00
Ali Ijaz Sheikh
4623b8223b [heap] replace DisableInlineAllocationSteps with PauseAllocationObservers
* DisableInlineAllocationSteps was a blunt hammer added to work around
  tests that needed to avoid artificially lower limits imposed by
  observers. PauseAllocationObserversScope can properly disable step on
  a temporary basis.
* Modify tests. Remove DisableInlineAllocationSteps.

This exposed a bug in allocation observers: we were not doing a step
when a fresh page is added.

Fix this by moving the step into UpdateAllocationInfo. We should be
doing a step (and keeping top_on_previous_step_ consistent) whenever
we move move top(). UpdateAllocationInfo is the correct place for this
rather than the callers of UpdateAllocationInfo.

Bug: 
Change-Id: I2edc238dc2e73bf9a2e9738c2a9b50efcac5cbf0
Reviewed-on: https://chromium-review.googlesource.com/821052
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50052}
2017-12-12 19:12:03 +00:00
Ulan Degenbaev
5bc1d29105 [heap] Make assert in Page::ShrinkToHighWaterMark more robust.
Currently Page::ShrinkToHighWaterMark checks that there is only one
filler in the to-be-freed area at the end of the page. This does not
hold if an allocation observer is active.

We should instead check that the to-be-freed area does not contain
allocated objects and will not contain allocated objects:
1) Following chain of fillers we arrive at the end of the page.
2) The free list of the page is empty.

This patch also changes PagedSpace::ResetFreeList to evict free list
entries of each page, instead of just reseting the global free list.

It also removes invalidation of free list categories.
Now FreeList::EvictFreeListItems simply evicts free list entries without
invalidating free list categories.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6051578ec2c91c9614d14c7a6ce188d2db5ace3b
Reviewed-on: https://chromium-review.googlesource.com/822571
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50040}
2017-12-12 15:14:58 +00:00
Ulan Degenbaev
e91234c1a4 [heap] Correctly restore platform in IncrementalMarkingUsingTasks test.
Bug: 
Change-Id: I9003407826865f1befb0ea7de60aa9fce2766da7
Reviewed-on: https://chromium-review.googlesource.com/814675
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49955}
2017-12-08 10:39:12 +00:00
Michael Lippautz
2abbc50c6e [heap] Increase test coverage for embedder tracing
The tests illustrate the use of v8::EmbedderHeapTracer.

Bug: v8:7176
Change-Id: Ic383c968691fddb0ec96d66cb33ee42b9c304a75
Reviewed-on: https://chromium-review.googlesource.com/811924
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49934}
2017-12-07 14:11:51 +00:00
Ulan Degenbaev
ac5b4223ad [heap] Add regression test for 791582.
Bug: chromium:791582
Change-Id: Ic2b4289431a4bd7b4b5a37437d25ebccd493497a
Reviewed-on: https://chromium-review.googlesource.com/809130
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49903}
2017-12-06 16:19:26 +00:00
Mathias Bynens
822be9b238 Normalize casing of hexadecimal digits
This patch normalizes the casing of hexadecimal digits in escape
sequences of the form `\xNN` and integer literals of the form
`0xNNNN`.

Previously, the V8 code base used an inconsistent mixture of uppercase
and lowercase.

Google’s C++ style guide uses uppercase in its examples:
https://google.github.io/styleguide/cppguide.html#Non-ASCII_Characters

Moreover, uppercase letters more clearly stand out from the lowercase
`x` (or `u`) characters at the start, as well as lowercase letters
elsewhere in strings.

BUG=v8:7109
TBR=marja@chromium.org,titzer@chromium.org,mtrofin@chromium.org,mstarzinger@chromium.org,rossberg@chromium.org,yangguo@chromium.org,mlippautz@chromium.org
NOPRESUBMIT=true

Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I790e21c25d96ad5d95c8229724eb45d2aa9e22d6
Reviewed-on: https://chromium-review.googlesource.com/804294
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49810}
2017-12-02 01:24:40 +00:00
Andreas Haas
c7fb0e0947 [wasm] Remove fine-grained CodeSpaceMemoryModificationScopes
In a recent CL I introduced module-level CodeSpaceMemoryModificationScopes,
which means that the number of CodeSpaceMemoryModificationScopes which
are opened aside from TurboFan compilation is not linear in the number
of functions anymore. In that CL, however, I did not remove scopes which
became obsolete. This CL removes now these obsolete scopes, and
introduces some scopes where shared code was used from outside the
compilation logic.

R=mstarzinger@chromium.org, clemensh@chromium.org

Bug: chromium:787731
Change-Id: I37d514efa3a4b10adb7008986a9c91e4557ce618
Reviewed-on: https://chromium-review.googlesource.com/790490
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49662}
2017-11-28 10:34:39 +00:00
Michael Lippautz
4cb6ef8374 [heap] Move sweeper to separate file
Bug: 
Change-Id: Ie516167f047e48cda47a5dbfb156ea9ae164046c
Reviewed-on: https://chromium-review.googlesource.com/789878
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49656}
2017-11-28 09:22:09 +00:00
Bill Budge
0481b23e25 [Memory] Rewrite platform OS Commit / Uncommit in terms of permissions.
- Eliminates CommitRegion and UncommitRegion methods, replacing them with
  calls to SetPermissions.
- Makes a similar change to the API of VirtualMemory.
- This changes system calls from mmap to mprotect on most POSIX platforms.

Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ib10f8293c9398c6c1e729cd7d686b7c97e6a5d75
Reviewed-on: https://chromium-review.googlesource.com/769679
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49552}
2017-11-21 16:48:55 +00:00
Michael Lippautz
a9cab08e6c [heap] Re-enable parallel marking
Bug: chromium:750084
Change-Id: I3d449ab76101100866b18db776b9f282154a77d9
Reviewed-on: https://chromium-review.googlesource.com/768679
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49491}
2017-11-20 13:03:03 +00:00
Michael Starzinger
b8b622c94a [builtins] Set {builtin_index} during code allocation.
This ensures that the {Code::builtin_index} field is only set during
allocation of new {Code} objects, making this field truly immutable.

R=jgruber@chromium.org
BUG=v8:6792

Change-Id: Ic793346976183149e2d077e92cb9da3c925ea865
Reviewed-on: https://chromium-review.googlesource.com/774439
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49414}
2017-11-16 13:56:49 +00:00
Michael Starzinger
d80d85bfc1 [heap] Introduce {Movability} enum for type safety.
R=mlippautz@chromium.org

Change-Id: Ie5ff0347d7c849e1941f8c8237a0bd56fdb68a4e
Reviewed-on: https://chromium-review.googlesource.com/768672
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49372}
2017-11-15 10:11:26 +00:00
Michael Starzinger
d6f0db8b7b [heap] Remove dead {MemoryChunk::CommitArea} method.
R=hpayer@chromium.org
BUG=v8:6792

Change-Id: Iba360a83c8c1d929c29c0a4e0c5f32cef8755c85
Reviewed-on: https://chromium-review.googlesource.com/758650
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49287}
2017-11-10 09:53:23 +00:00
Mostyn Bramley-Moore
de65d40211 [jumbo] undef more instances of __ after use
Bug: chromium:746958
Change-Id: I38e19678e57e5769f4eb19b588ab1de1f4c3bb11
Reviewed-on: https://chromium-review.googlesource.com/758777
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#49252}
2017-11-09 08:51:35 +00:00
jgruber
7223024658 [factory] Simplify JSFunction creation
There's three common situations in which we need to create JSFunction
objects.  1) from the compiler, 2) from tests, and 3) everything else
(mostly during bootstrapping).

This is an attempt to simplify case 3), which previously relied on
several Factory::NewFunction overloads where it was not clear how the
semantics of each overload differed.

This CL removes all but one overload, and packs arguments into a new
NewFunctionArgs helper class.

It also removes the hacks around
SFI::set_lazy_deserialization_builtin_id by explicitly passing
builtin_id into Factory::NewSharedFunctionInfo.

Drive-by-fix: Properly set is_constructor hint in
SimpleCreateSharedFunctionInfo.

Bug: v8:6624
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ica94d95e72e443055db5e7ff9e8cdf4115201ef1
Reviewed-on: https://chromium-review.googlesource.com/757094
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49224}
2017-11-08 13:52:13 +00:00
Eric Holk
0c3910f815 Revert "[platform] check return values from memory operations"
This reverts commit 32f30f6338.

Reason for revert: broken Fuchsia build, https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Fuchsia%2F460%2F%2B%2Frecipes%2Fsteps%2Fcompile%2F0%2Fstdout

Original change's description:
> [platform] check return values from memory operations
> 
> This change adds DCHECKs for calls such as mprotect, as well as marking some of
> the memory allocation and deallocation routines as V8_MUST_USE_RESULT. This
> additional checking gives us more useful information for failure in the presence
> of, for example, address space exhaustion.
> 
> Bug: 
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I5bc76c1da6160262d3d556fea49d284ddd4e02c5
> Reviewed-on: https://chromium-review.googlesource.com/721267
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49164}

TBR=hpayer@chromium.org,mlippautz@google.com,eholk@chromium.org

Change-Id: Ie4b57b45c801dcce7884645f50ff74f833de6dc4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/756137
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49165}
2017-11-07 00:44:52 +00:00
Eric Holk
32f30f6338 [platform] check return values from memory operations
This change adds DCHECKs for calls such as mprotect, as well as marking some of
the memory allocation and deallocation routines as V8_MUST_USE_RESULT. This
additional checking gives us more useful information for failure in the presence
of, for example, address space exhaustion.

Bug: 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I5bc76c1da6160262d3d556fea49d284ddd4e02c5
Reviewed-on: https://chromium-review.googlesource.com/721267
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49164}
2017-11-07 00:35:35 +00:00
Michael Starzinger
0e15a7a477 Annotate all sites that still mutate {Code} objects.
This adds code-space modification scopes to all sites that still rely on
mutation of {Code} objects after allocation. Currently some scopes also
potentially are in performance-critical places that might regress if the
protection would be enabled in its current form.

R=clemensh@chromium.org
BUG=v8:6792

Change-Id: I8d511e0e452324dae027e50a9da8e6f77224b86f
Reviewed-on: https://chromium-review.googlesource.com/751521
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49147}
2017-11-06 16:35:46 +00:00
Michael Lippautz
0488cb19f7 [heap] Heap remove broken perferred page handling by the Scavenger
Sweeping a page while currently scavenging it is broken as the scavenger
might override the slot it is currently processing.

Bug: chromium:779503
Change-Id: I224a144b84e97a956bf10ba018132c2713e8f78d
Reviewed-on: https://chromium-review.googlesource.com/752081
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49092}
2017-11-02 20:51:33 +00:00
Ulan Degenbaev
a274fc6536 [heap] Properly clear the weak slot in CodeDataContainer.
During iteration of the optimized code list to process weak slots, we
need to clear the next_code_link in the CodeDataContainer of a dying
code object because the CodeDataContainer can still be alive.

BUG=v8:6792

Change-Id: Iec5f7430a4097cb622de2157bdec2a7d539dbba0
Reviewed-on: https://chromium-review.googlesource.com/751663
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49087}
2017-11-02 18:28:20 +00:00
Igor Sheludko
b4fdce5ae9 [cleanup] Prepare V8-internal AccessorInfo objects for sharing.
Rename |property_attributes| to |initial_property_attributes| and ensure
that it is used as a storage of values only for AccessorInfos installed in
API Templates (i.e. ObjectTemplate and FunctionTemplate).
When an AccessorInfo is installed directly into an existing JS object
(via JSObject::SetAccessor) or into a DescriptorArray (when certain V8
objects' shapes are configured) it is not necessary to thread attributes
being set through the AccessorInfo instance.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ibe61026f08c42549756f694129a286635ffe5769
Reviewed-on: https://chromium-review.googlesource.com/730425
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48978}
2017-10-26 15:21:46 +00:00
Ulan Degenbaev
d58b36b243 [jumbo] Fix collision between test-alloc.cc and test-spaces.cc.
This fixes jumbo build by renaming Pseudorandom function after
https://chromium-review.googlesource.com/738204

Bug: chromium:777177
Change-Id: I86aa403928ad85ddd7dd779a8a43af9e34161928
Reviewed-on: https://chromium-review.googlesource.com/737637
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48974}
2017-10-26 14:19:26 +00:00
Ulan Degenbaev
7f8f283366 [heap] Fix top_on_previous_step_ check in PagedSpace::AllocateRaw.
Both the top_ pointer and the top_on_previous_step_ pointer can be one
byte beyond the current page. Page::FromAddress call should take that
into account.

Bug: chromium:777177
Change-Id: I9cbb5bc6eab932afc6d0c915fd70a9a7b20ba62c
Reviewed-on: https://chromium-review.googlesource.com/738204
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48962}
2017-10-26 11:10:57 +00:00
Michael Starzinger
3b67d7a0f4 Reland "[objects] Introduce {CodeDataContainer} object type."
This is a reland of eeaffa9f33
Original change's description:
> [objects] Introduce {CodeDataContainer} object type.
> 
> This introduces the {CodeDataContainer} as a container for all mutable
> fields associated with a {Code} object. For now only the kind-specific
> flags are moved, but more fields can/will be moved gradually. The goal
> is to make all fields in the {Code} header be immutable eventually.
> 
> R=jarin@chromium.org
> BUG=v8:6792
> 
> Change-Id: I2eeba893afaba877fb6117e1f18371898c3a175e
> Reviewed-on: https://chromium-review.googlesource.com/732987
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48902}

Bug: v8:6792
Change-Id: I31a127df4bb8ee5fedb4d73755df4deae6e1d352
Reviewed-on: https://chromium-review.googlesource.com/738109
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48928}
2017-10-25 12:43:56 +00:00
Michael Achenbach
9249df1d73 Revert "[objects] Introduce {CodeDataContainer} object type."
This reverts commit eeaffa9f33.

Reason for revert: Breaks msan compile (uninitialized value in snapshot):
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/17824

Original change's description:
> [objects] Introduce {CodeDataContainer} object type.
> 
> This introduces the {CodeDataContainer} as a container for all mutable
> fields associated with a {Code} object. For now only the kind-specific
> flags are moved, but more fields can/will be moved gradually. The goal
> is to make all fields in the {Code} header be immutable eventually.
> 
> R=​jarin@chromium.org
> BUG=v8:6792
> 
> Change-Id: I2eeba893afaba877fb6117e1f18371898c3a175e
> Reviewed-on: https://chromium-review.googlesource.com/732987
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48902}

TBR=mstarzinger@chromium.org,jarin@chromium.org

Change-Id: I74fe833b074752d640cff4aa4680f250e1bd8780
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6792
Reviewed-on: https://chromium-review.googlesource.com/738029
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48904}
2017-10-25 09:24:59 +00:00
Michael Starzinger
eeaffa9f33 [objects] Introduce {CodeDataContainer} object type.
This introduces the {CodeDataContainer} as a container for all mutable
fields associated with a {Code} object. For now only the kind-specific
flags are moved, but more fields can/will be moved gradually. The goal
is to make all fields in the {Code} header be immutable eventually.

R=jarin@chromium.org
BUG=v8:6792

Change-Id: I2eeba893afaba877fb6117e1f18371898c3a175e
Reviewed-on: https://chromium-review.googlesource.com/732987
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48902}
2017-10-25 08:46:29 +00:00
Tobias Tebbi
5917d5c1a8 [csa] extend the static CSA type system to allow for union types
- Introduce the new union type UnionType<T1,T2>, used for Number and 
  Numeric. Similarly, PairType<T1,T2> is used for a Turbofan operation
  with two results. Further details in the design doc:
  https://docs.google.com/document/d/10foP3m7SDWyFfbda96iEJ_XYOLQdd32AeoP8SD1cTcs/edit#heading=h.bghdno28mr7u
- Allow to derive the MachineType from a static type. 
  This allows to select the right MachineType when performing a 
  load/store.
- Disallow casts (UncheckedCast() or CAST()) when the target and 
  origin type have no overlap.
  New cast ReinterpretCast() is an UncheckedCast without this check.
- Caveat of this CL: Checked casts (CAST()) are not possible for 
  UnionType<T1,T2> with the exception of Number (due to the existence
  of Number in OBJECT_TYPE_LIST and the existence of an IsNumber() 
  function in the runtime).

Bug: v8:6949
Change-Id: I21a683d1341f69cebd8a347f545b454b463c52ad
Reviewed-on: https://chromium-review.googlesource.com/723320
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48796}
2017-10-20 15:58:51 +00:00
Michael Starzinger
035b4ccfc9 [runtime] Allocate source position table before Code.
This allocates and populates potential source position table before the
underlying {Code} objects is allocated. It essentially makes the field
holding said table immutable after allocation.

R=verwaest@chromium.org
BUG=v8:6792

Change-Id: If35462688a1b502f28ae84f73b82b5df5005735f
Reviewed-on: https://chromium-review.googlesource.com/727895
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48781}
2017-10-20 10:58:52 +00:00
Michael Starzinger
52d54f7c2a [runtime] Allocate DeoptimizationData before Code objects.
This allocates and populates potential deoptimization data arrays before
the underlying {Code} objects is allocated. It aims at making the field
holding said data immutable after allocation. Note that we still mutate
this field during deoptimization.

R=verwaest@chromium.org
BUG=v8:6792

Change-Id: Id0c2cfb65e782d7292d2df6bff41c54b2b8c3351
Reviewed-on: https://chromium-review.googlesource.com/725704
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48738}
2017-10-19 11:39:01 +00:00
Michael Starzinger
03b543ab51 [runtime] Allocate HandlerTable before Code objects.
This allocates and populates potential exception handler tables before
the underlying {Code} objects is allocated. It essentially makes the
field holding said table immutable after allocation.

R=verwaest@chromium.org
BUG=v8:6792

Change-Id: I52ca374d40e3a72a4de022aca10faead6422db79
Reviewed-on: https://chromium-review.googlesource.com/723299
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48677}
2017-10-18 11:34:25 +00:00
Clemens Hammacher
5f6510825a [cleanup] Fix remaining (D)CHECK macro usages
This CL fixes all occurences that don't require special OWNER reviews,
or can be reviewed by Michi.

After this one, we should be able to reenable the readability/check
cpplint check.

R=mstarzinger@chromium.org

Bug: v8:6837, v8:6921
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ic81d68d5534eaa795b7197fed5c41ed158361d62
Reviewed-on: https://chromium-review.googlesource.com/721120
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48670}
2017-10-18 10:12:31 +00:00
Michael Lippautz
d433928987 Fix CompactionPartiallyAbortedPageWithStoreBufferEntries
The test was reading from undefined stack addresses instead of creating
a string filled with characters that look like a new space pointer.

Bug: v8:6953
Change-Id: I2c0a9034076012746bd70325a4f21c63f4c264fa
Reviewed-on: https://chromium-review.googlesource.com/725322
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48668}
2017-10-18 09:27:11 +00:00
Peter Marshall
e0e08d52aa [heap] Remove unused code for TypedArrays in RightTrim.
This code is never used, and we don't right trim TypedArrays.

Bug: 
Change-Id: Ic3e32b194fb10ecd067449c755b1982c87c98257
Reviewed-on: https://chromium-review.googlesource.com/721541
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48623}
2017-10-17 07:54:30 +00:00
Michael Lippautz
d88e3a7a9f [heap] Pause Sweeper tasks on Scavenge
Pause sweeper tasks when entering the Scavenger. In future CLs this
enables removing the page lock for the Scavenger.

CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel

Bug: v8:6923, chromium:774108
Change-Id: Idcb7e14b94704dead70c33a49e67047b88bb6c4c
Reviewed-on: https://chromium-review.googlesource.com/718200
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48603}
2017-10-16 15:27:09 +00:00
Leszek Swirski
e659f45610 [cleanup] Make LanguageMode an enum class
Bug: v8:6921
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I3294568a550b829b0ec90147a4cdaefe169bb7cb
Reviewed-on: https://chromium-review.googlesource.com/718206
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48587}
2017-10-16 11:44:01 +00:00
Mathias Bynens
62f929ff4c Use nullptr instead of NULL where possible
New code should use nullptr instead of NULL.

This patch updates existing use of NULL to nullptr where applicable,
making the code base more consistent.

BUG=v8:6928,v8:6921

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I4687f5b96fcfd88b41fa970a2b937b4f6538777c
Reviewed-on: https://chromium-review.googlesource.com/718338
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48557}
2017-10-13 17:21:49 +00:00
Ulan Degenbaev
bfd10baf7f [heap] Remove dead code related to idle finalization rounds.
Bug: 
Change-Id: I9e4b2e1157f36dacb24f7a0d0c43d31c84de8488
Reviewed-on: https://chromium-review.googlesource.com/712397
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48484}
2017-10-12 07:11:05 +00:00
Michael Lippautz
b7e6eb9208 [heap] Introduce on-hold concurrent marking work list
When hitting objects that are allocated in the most recent lienar
allocation area, the concurrent marker currently has to bail out to the
main thread.

However, we only have to delay processing those objects until we are at
a safepoint, e.g. IM::Step(). With this change we flush those
on-hold-objects back to the shared queue upon performing an incremental
marking step.

Bug: chromium:694255
Change-Id: I25647d0fc581a5c4de0346bc394dc51062f65f70
Reviewed-on: https://chromium-review.googlesource.com/707315
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48424}
2017-10-10 11:33:39 +00:00
Ulan Degenbaev
cd3209e830 [heap] Make concurrent marking tasks cancelable.
Bug: chromium:694255
Change-Id: I5c0c0b58cdcf3cf745670148724e3c6ecc34d485
Reviewed-on: https://chromium-review.googlesource.com/707149
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48395}
2017-10-09 15:58:53 +00:00
Ulan Degenbaev
b54c1a6ef6 [heap] Ensure that sweeping is completed in ConcurrentMarking cctests.
Bug: chromium:694255
Change-Id: I5dc6157126544f20bca0ddee967e1d08d69bb060
Reviewed-on: https://chromium-review.googlesource.com/707104
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48380}
2017-10-09 13:12:41 +00:00
Ulan Degenbaev
2e70adc7e2 [heap] Add thread-safe counter that tracks bytes marked concurrently.
Each concurrent marking task maintains task_state[i]->marked_bytes.
When a task finishes, its local counter is flushed into global
total_marked_bytes_ atomic counter.

Bug: chromium:694255
Change-Id: I629467385e80bf229e06a4231673ceb5ef8e4aea
Reviewed-on: https://chromium-review.googlesource.com/704823
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48374}
2017-10-09 12:01:18 +00:00
Michael Starzinger
f7da4d7110 [iwyu] Remove stale TODOs about objects-inl.h inclusion.
R=marja@chromium.org

Change-Id: I93a366caded175256abd7966c3c157191a2b7de2
Reviewed-on: https://chromium-review.googlesource.com/690455
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48370}
2017-10-09 11:14:59 +00:00
Ulan Degenbaev
50edfd171e [heap] Fix ConcurrentMarkingReschedule cctest.
This makes the test robust for stress GC flags.

Bug: 
Change-Id: Ica65987f0ee09fbdb4aab233dea4c51db5b19459
Reviewed-on: https://chromium-review.googlesource.com/702436
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48313}
2017-10-05 15:00:12 +00:00
Michael Achenbach
c7e84f5216 [test] Add stress_incremental_marking testing variant
Bug: 
Change-Id: Iddb8dde328af42b99c74195a13975346437c7259
Reviewed-on: https://chromium-review.googlesource.com/700635
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48310}
2017-10-05 13:10:42 +00:00
Michael Lippautz
56dc592516 Dispose isolate at end of UNINITIALIZED_TEST
No-try: true
Bug: v8:6886
Change-Id: I994b998e9e5006c6de183328603f3545158bd32c
Reviewed-on: https://chromium-review.googlesource.com/700536
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48292}
2017-10-04 16:21:09 +00:00
Toon Verwaest
1067026ff1 Remove ComputeFlags, simply pass in Code::Kind instead of Code::Flags
TBR: ofrobots@google.com, yangguo@chromium.org
Bug: 
Change-Id: I6cb0704acabf9a7f2334de539a6600db8607baef
Reviewed-on: https://chromium-review.googlesource.com/691720
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48237}
2017-09-29 15:37:27 +00:00
Toon Verwaest
6e68a28bfc Replace specific IC Code::Kind with Code::STUB
Bug: 
Change-Id: I41d3f3086f5e90a1a1579c18eca59b5d098f637f
Reviewed-on: https://chromium-review.googlesource.com/690374
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48207}
2017-09-28 15:40:41 +00:00
Michael Starzinger
4ba6f15ece [objects] Remove obsolete uses of {ReplaceCode} methods.
R=rmcilroy@chromium.org

Change-Id: Id568afef0d6ac68170faa33ad9ab4bba97d40ce9
Reviewed-on: https://chromium-review.googlesource.com/690294
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48202}
2017-09-28 12:37:46 +00:00
Ali Ijaz Sheikh
52e8d0ab40 Reland "Reland "[profiler] proper observation of old space inline allocations""
This is a reland of ec952aaa68.

Included is a fix that ensures that top_on_previous_step_ is cleared when we
release a page.

Original change's description:
> Reland "[profiler] proper observation of old space inline allocations"
>
> This is a reland of 672a41c3ca
> Original change's description:
> > [profiler] proper observation of old space inline allocations
> >
> > Bug: chromium:633920
> > Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
> > Reviewed-on: https://chromium-review.googlesource.com/631696
> > Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48043}
>
> Bug: chromium:633920
> Change-Id: I6fe743d31b8ff26f3858488d4c014c62d3c85add
> Reviewed-on: https://chromium-review.googlesource.com/671127
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Cr-Commit-Position: refs/heads/master@{#48085}

Bug: chromium:633920
Change-Id: I8a0dcc4eaffc1f1d3ac5b3f8d344001cdae36606
Reviewed-on: https://chromium-review.googlesource.com/677407
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#48141}
2017-09-25 15:13:01 +00:00
Clemens Hammacher
f137052e9e [cleanup] Fix (D)CHECK macros in src/heap
Use the (D)CHECK_{EQ,NE,GT,...} macros instead of (D)CHECK with an
embedded comparison. This gives better error messages and also does the
right comparison for signed/unsigned mismatches.

This will allow us to reenable the readability/check cpplint check.

R=ulan@chromium.org

Bug: v8:6837
Change-Id: I8d900f3c703dea6ee3bcc225a1d2754e91666b9d
Reviewed-on: https://chromium-review.googlesource.com/671047
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48136}
2017-09-25 10:25:13 +00:00
Mostyn Bramley-Moore
01946db5e0 [jumbo] add test namespaces for cctest
By adding a per test source file namespace, we can avoid a lot of
symbol collisions in jumbo builds.

While we're at it, let's remove some "using" statements that also
cause trouble.

Bug: chromium:746958
Change-Id: I6f8a723e1ba5905888638e0687b23193f3f012ca
Reviewed-on: https://chromium-review.googlesource.com/676803
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@opera.com>
Cr-Commit-Position: refs/heads/master@{#48102}
2017-09-21 08:46:16 +00:00
Ulan Degenbaev
f16b561bee Revert "Reland "[profiler] proper observation of old space inline allocations""
This reverts commit ec952aaa68.

Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=767144

Original change's description:
> Reland "[profiler] proper observation of old space inline allocations"
> 
> This is a reland of 672a41c3ca
> Original change's description:
> > [profiler] proper observation of old space inline allocations
> > 
> > Bug: chromium:633920
> > Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
> > Reviewed-on: https://chromium-review.googlesource.com/631696
> > Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48043}
> 
> Bug: chromium:633920
> Change-Id: I6fe743d31b8ff26f3858488d4c014c62d3c85add
> Reviewed-on: https://chromium-review.googlesource.com/671127
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Cr-Commit-Position: refs/heads/master@{#48085}

TBR=ulan@chromium.org,mlippautz@chromium.org,ofrobots@google.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:633920
Change-Id: I576cdab4a03f9fe057ebe1bf7da9dfe3c7bf62cd
Reviewed-on: https://chromium-review.googlesource.com/676683
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48098}
2017-09-21 04:19:29 +00:00
Ali Ijaz Sheikh
ec952aaa68 Reland "[profiler] proper observation of old space inline allocations"
This is a reland of 672a41c3ca
Original change's description:
> [profiler] proper observation of old space inline allocations
> 
> Bug: chromium:633920
> Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
> Reviewed-on: https://chromium-review.googlesource.com/631696
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48043}

Bug: chromium:633920
Change-Id: I6fe743d31b8ff26f3858488d4c014c62d3c85add
Reviewed-on: https://chromium-review.googlesource.com/671127
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#48085}
2017-09-20 01:28:55 +00:00
Michael Lippautz
4e5db9a6c8 [heap] Remove marking deque overflow handling
Removes
- SequentialMarkingDeque
- The ability to handle marking deque overflow
- BlackToGrey transitions

We switched to a different marking work list on M61 that fails
in OOM upon failing to allocate Segments used in the work list.

Bug: chromium:758570
Change-Id: I66e2ab912271bf84b085dccc9b4bdd96076b64fb
Reviewed-on: https://chromium-review.googlesource.com/632676
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48078}
2017-09-19 05:20:20 +00:00
Ali Ijaz Sheikh
258f270f15 Revert "[profiler] proper observation of old space inline allocations"
This reverts commit 672a41c3ca.

Reason for revert: Linux64 TSAN bot failures

Original change's description:
> [profiler] proper observation of old space inline allocations
> 
> Bug: chromium:633920
> Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
> Reviewed-on: https://chromium-review.googlesource.com/631696
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48043}

TBR=ulan@chromium.org,mlippautz@chromium.org,ofrobots@google.com

Change-Id: Ib71baf69b29b067fa0ba76027170054b8faa78d3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:633920
Reviewed-on: https://chromium-review.googlesource.com/669559
Reviewed-by: Ali Ijaz Sheikh <ofrobots@google.com>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#48052}
2017-09-15 20:38:18 +00:00
Ali Ijaz Sheikh
672a41c3ca [profiler] proper observation of old space inline allocations
Bug: chromium:633920
Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
Reviewed-on: https://chromium-review.googlesource.com/631696
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48043}
2017-09-15 14:11:46 +00:00
Ulan Degenbaev
163d3604a6 [heap] Fix memory leak in the remembered set.
Empty slot set buckets can leak in the following scenarios.

Scenario 1 (large object space):
1) A large array is allocated in the large object space.
2) The array is filled with old->new references, which allocates new
   slot set buckets.
3) The references are overwritten with smis or old space pointers, which
   make the slots set buckets empty.
4) Garbage collection (scavenge or mark-compact) iterates the slots set
   of the array and pre-frees the empty buckets.
5) Steps 2-4 repeated many times and leak arbitary many empty buckets.
The fix to free empty buckets for large object space in mark-compact. 

Scenario 2 (no mark-compact):
1) A small array is allocated in the old space.
2) The array is filled with old->new references, which allocates new
   slot set buckets.
3) The references are overwritten with smis or old space pointers, which
   make the slots set buckets empty.
4) Scavenge iterates the slots set of the array and pre-frees the empty
   buckets.
5) Steps 2-4 repeated many times and leak arbitary many empty buckets.
The fix to free empty buckets for swept pages in scavenger.

Bug: v8:6800
TBR: mlippautz@chromium.org
Change-Id: I48d94870f5acf4f6208858271886911c895a9126
Reviewed-on: https://chromium-review.googlesource.com/668442
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48041}
2017-09-15 13:24:16 +00:00
Ulan Degenbaev
97b2a814e4 [heap] Fix black allocation.
This patch ensures that an object returned by AllocateRaw is marked
black if black allocation starts during the object allocation.

This fixes the following issue:
1) Generated code requests allocation of size N for folded allocation.
2) Runtime gets a free list node at address A of size N+M and sets up
   a linear allocation area with top = A+N and limit = A+N+M.
3) Runtime invokes the allocation observer that starts incremental marking
   and start black allocation. The area [A+N, A+N+M) is marked black.
4) Runtime returns a white object at address A as the allocation result.
5) Generated code moves the top pointer to A and does bump pointer
   allocations of white objects from A to A+N+M.
6) Object allocated new A+N can have the impossible marbit pattern.

Bug: chromium:694255
Change-Id: I09ceebc97a510fa5fe4ff20706bc46a99f8b7cf4
Reviewed-on: https://chromium-review.googlesource.com/638338
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48005}
2017-09-14 08:33:49 +00:00
Juliana Franco
f0acede9bb Remove weak-list of optimized JS functions.
This CL removes the weak-list of JS functions from the context
and all the code that iterares over it. This list was being used
mainly during deoptimization (for code unlinking) and during
garbage collection. Removing it will improve performance of
programs that create many closures and trigger many scavenge GC
cycles.

No extra work is required during garbage collection. However,
given that we no longer unlink code from JS functions during
deoptimization, we leave it as it is, and on its next activation
we check whether the mark_for_deoptimization bit of that code is
set, and if it is, than we unlink it and jump to lazy compiled
code. This check happens in the prologue of every code object.
 
We needed to change/remove the cctests that used to check
something on this list.
 
Working in x64, ia32, arm64, arm, mips64 and mips. 
 

Bug: v8:6637
Change-Id: Ica99a12fd0351ae985e9a287918bf28caf6d2e24
TBR: mstarzinger@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/647596
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47808}
2017-09-05 04:30:19 +00:00
Michael Achenbach
36b5028354 Revert "Remove weak-list of optimized JS functions."
This reverts commit 84c2dfce43.

Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/14876

Original change's description:
> Remove weak-list of optimized JS functions.
> 
> This CL removes the weak-list of JS functions from the context
> and all the code that iterares over it. This list was being used
> mainly during deoptimization (for code unlinking) and during
> garbage collection. Removing it will improve performance of
> programs that create many closures and trigger many scavenge GC
> cycles.
> 
> No extra work is required during garbage collection. However,
> given that we no longer unlink code from JS functions during
> deoptimization, we leave it as it is, and on its next activation
> we check whether the mark_for_deoptimization bit of that code is
> set, and if it is, than we unlink it and jump to lazy compiled
> code. This check happens in the prologue of every code object.
> 
> We needed to change/remove the cctests that used to check
> something on this list.
> 
> Working in x64, ia32, arm64, arm, mips64 and mips. 
> 
> Bug: v8:6637
> Change-Id: I7f192652c8034b16a9ea71303fa8e78cda3c48f3
> Reviewed-on: https://chromium-review.googlesource.com/600427
> Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47790}

TBR=mstarzinger@chromium.org,jarin@chromium.org,leszeks@chromium.org,bmeurer@chromium.org,jupvfranco@google.com

Change-Id: Ia4f1a8acf6ca5cd5c74266437a03d854b3739af2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6637
Reviewed-on: https://chromium-review.googlesource.com/647540
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47792}
2017-09-04 11:22:14 +00:00
Juliana Franco
84c2dfce43 Remove weak-list of optimized JS functions.
This CL removes the weak-list of JS functions from the context
and all the code that iterares over it. This list was being used
mainly during deoptimization (for code unlinking) and during
garbage collection. Removing it will improve performance of
programs that create many closures and trigger many scavenge GC
cycles.

No extra work is required during garbage collection. However,
given that we no longer unlink code from JS functions during
deoptimization, we leave it as it is, and on its next activation
we check whether the mark_for_deoptimization bit of that code is
set, and if it is, than we unlink it and jump to lazy compiled
code. This check happens in the prologue of every code object.

We needed to change/remove the cctests that used to check
something on this list.

Working in x64, ia32, arm64, arm, mips64 and mips. 

Bug: v8:6637
Change-Id: I7f192652c8034b16a9ea71303fa8e78cda3c48f3
Reviewed-on: https://chromium-review.googlesource.com/600427
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47790}
2017-09-04 10:40:31 +00:00
Michael Lippautz
730928ebbe [heap] Remove CS expectation from test
TEST=cctest/test-heap/EnsureAllocationSiteDependentCodesProcessed

Bug: 
Change-Id: I803d6b33258175da32fa79ba9b839e67d5ba11bf
Reviewed-on: https://chromium-review.googlesource.com/643210
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47721}
2017-08-30 15:53:50 +00:00
Benedikt Meurer
562663d545 [cleanup] Unify enum cache handling.
Introduce a proper empty_descriptor_array, which has the proper layout
(length is 2 and the two fields are set properly). Also add a special
EnumCache class and a matching empty_enum_cache. The contract now is
that we only need to check the EnumLength on the map to know whether we
are allowed to use the enum cache. This greatly simplifies the handling
of the enum cache (and also the descriptor arrays), especially for the
future work on optimizing keyed access via the enum cache indices.

Bug: v8:6702
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I5ef517a3041163cd65ef003f691139ea52233e83
Reviewed-on: https://chromium-review.googlesource.com/641030
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47697}
2017-08-30 05:29:16 +00:00
Peter Marshall
abaece06d2 [cleanup] Replace List with std::vector in cctests and d8.
Bug: v8:6333
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iabaef0e63c81db503eb2f19bf63a1f77313f2a5a
Reviewed-on: https://chromium-review.googlesource.com/635591
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47681}
2017-08-29 13:29:26 +00:00
Michael Lippautz
7571de3acf [heap] Worklist cleanups
- Create bottleneck for filtering in crash dumps
- Smaller fixes

Bug: 
Change-Id: I19e8a1ed6013af487c87b7132418b4c9b292946b
Reviewed-on: https://chromium-review.googlesource.com/633943
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47595}
2017-08-25 09:02:29 +00:00
Michael Lippautz
94e1437f76 [heap] Disable TestOfInitialHeap in DEBUG builds
DEBUG builds pull in all sorts of instrumentation infrastructure that
leads to larger heaps. The check for intial size is only useful for
release builds.

Bug: v8:6746
Change-Id: I5ab220d21167e69d7fb32c9db68045368c4ef178
R: ulan@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/631876
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47565}
2017-08-24 09:12:00 +00:00
Ulan Degenbaev
70c4eda572 [heap] Fix more cctests that require ManualGCScope
Bug: chromium:694255
Change-Id: Ic21368f68e103ee1278b4e975255c6941f23a2d0
Reviewed-on: https://chromium-review.googlesource.com/629058
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47552}
2017-08-23 15:50:39 +00:00
Ulan Degenbaev
7d2c222e32 [heap] Fix cctest/test/heap tests that require ManualGCScope.
This fixed IncrementalMarkingStepMakesBigProgressWithLargeObjects
and MapRetaining.

Change-Id: I3a91684fa1f0635e94dc1883b105ce8d3381a7d2
Reviewed-on: https://chromium-review.googlesource.com/628416
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47548}
2017-08-23 11:45:29 +00:00
Ross McIlroy
8bf15bf1aa Reland "[Compiler] Remove code aging support."
> This reverts commit 42d3d36bc3.
> 
> Original change's description:
> > [Compiler] Remove code aging support.
> > 
> > Code aging is no longer supported by any remaining compilers now
> > that full codegen has been removed. This CL removes all vestiges of
> > code aging.
> > 
> > BUG=v8:6409
> > 
> > Change-Id: I945ebcc20c7c55120550c8ee36188bfa042ea65e
> > Reviewed-on: https://chromium-review.googlesource.com/619153
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Marja Hölttä <marja@chromium.org>
> > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#47501}
> 
> TBR=ulan@chromium.org,rmcilroy@chromium.org,marja@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,rodolph.perfetta@arm.com
> 
> Change-Id: I9d8b2985e2d472697908270d93a35eb7ef9c88a8
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:6409
> Reviewed-on: https://chromium-review.googlesource.com/625998
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47506}

TBR=ulan@chromium.org,rmcilroy@chromium.org,marja@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,rodolph.perfetta@arm.com

Change-Id: I68785c6be7686e874b3848103e3a34483eaeb519
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6409
Reviewed-on: https://chromium-review.googlesource.com/625919
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47535}
2017-08-23 08:24:08 +00:00
Michael Starzinger
10f73face8 [ic] Remove deprecated CompareIC stub support.
R=ishell@chromium.org
BUG=v8:6409

Change-Id: Ic01d4f1a8b251bb5480840d4943d9ebec713b9c1
Reviewed-on: https://chromium-review.googlesource.com/626016
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47534}
2017-08-23 08:05:28 +00:00
Ross McIlroy
42d3d36bc3 Revert "[Compiler] Remove code aging support."
This reverts commit a205117c6e.

Reason for revert: breaks Arm64

Original change's description:
> [Compiler] Remove code aging support.
> 
> Code aging is no longer supported by any remaining compilers now
> that full codegen has been removed. This CL removes all vestiges of
> code aging.
> 
> BUG=v8:6409
> 
> Change-Id: I945ebcc20c7c55120550c8ee36188bfa042ea65e
> Reviewed-on: https://chromium-review.googlesource.com/619153
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47501}

TBR=ulan@chromium.org,rmcilroy@chromium.org,marja@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,rodolph.perfetta@arm.com

Change-Id: I9d8b2985e2d472697908270d93a35eb7ef9c88a8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6409
Reviewed-on: https://chromium-review.googlesource.com/625998
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47506}
2017-08-22 12:27:03 +00:00
Ross McIlroy
a205117c6e [Compiler] Remove code aging support.
Code aging is no longer supported by any remaining compilers now
that full codegen has been removed. This CL removes all vestiges of
code aging.

BUG=v8:6409

Change-Id: I945ebcc20c7c55120550c8ee36188bfa042ea65e
Reviewed-on: https://chromium-review.googlesource.com/619153
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47501}
2017-08-22 11:33:19 +00:00
Ulan Degenbaev
880c4c7b25 Reland "[heap] Handle bytecode arrays in concurrent marker."
This reverts commit a241576fa1.

Bytecode array visitor has a side-effect of incrementing the age counter.

This patch makes the increment atomic and thus safe for the concurrent
marker.

Bug: chromium:694255
Change-Id: Ibe1d75714a5911385b06e52ed50b5f152ec6b73d
Reviewed-on: https://chromium-review.googlesource.com/622432
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47472}
2017-08-21 12:44:18 +00:00
Camillo Bruni
7daf8cf3ee [literals] Add CreateEmptyObjectLiteral bytecode
The quite common empty object literal doesn't need an AllocationSite
since it starts off with the general ElementsKind. By using a separate 
bytecode we can directly instantiate the empty object without jumping
to the runtime first.

Note: this experimentally disables pretenuring for empty object
      literals. Depending on the outcome of our benchmarks pretenuring
      will be enabled again or fully removed for empty object literals.

Bug: v8:6211
Change-Id: I2fee81cbefc70865fc436dbd3bc5fc8de04db91c
Reviewed-on: https://chromium-review.googlesource.com/577555
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47467}
2017-08-21 10:01:16 +00:00
Ulan Degenbaev
f8a08f385c [heap] Remove live byte adjustments from mutator.
The effect of array/string trimming on space size is postponed until sweeping
completes. This simplifies runtime code and fixes live byte update race with
the concurrent marker.

This patch restores monotonicity of PromotedSinceLastGC by notify the heap
when sweeper discovers more free space than estimated.

Bug: chromium:694255
Change-Id: I7a8c24f2c3398bc0c8a43ffd1d35ace68010cd65
Reviewed-on: https://chromium-review.googlesource.com/621326
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47464}
2017-08-21 09:03:03 +00:00
Ulan Degenbaev
dfc6b4ddaa [heap] New live byte tracking.
This patch changes how space size and capacity are updated in GC:
- space capacity changes only when a page added/removed from the space.
- space size is reset to zero before sweeping and incremented by
  page->live_bytes_count_ for each to-be-swept page.
- space size is refined after sweeping using the accurate
  page->allocated_bytes counter produces by the sweeper.

Invariants:
1. space.capacity = sum [page.size | for page in space].
2. After marking, before sweeping:
   a) space.size = sum [page.live_bytes_count | for page in space].
3. After sweeping, before marking ends:
   a) space.size = sum [page.allocated_bytes | for page in space].
   b) page.allocated_bytes >= (sum [object.size | for object in page] +
         page.linear_allocation_area).
   c) page.area_size = (page.allocated_bytes + page.wasted_memory +
         sum [free_list_entry.size | for free_list_entry in page].

3.b becomes equality if the mutator is not doing array trimming,
object slack tracking during sweeping.

Bug: chromium:694255
Change-Id: Ic8d16a8171187a113fee2df8bf3c2a4c5e77bc08
Reviewed-on: https://chromium-review.googlesource.com/618889
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47409}
2017-08-17 18:16:33 +00:00
Ross McIlroy
73ec55982c Reland "[Compiler] Remove CompileDebugCode and EnsureBytecode and replace with Compile"
This is a reland of 21da12a983
Original change's description:
> [Compiler] Remove CompileDebugCode and EnsureBytecode and replace with Compile
> 
> Removes the Compiler::CompileDebugCode and Compiler::EnsureBytecode functions
> and replaces them with a Compiler::Compile(Handle<SharedFunctionInfo> shared)
> function. The code in compiler.cc is refactored to use this function to compile
> the SharedFunctionInfo when compiling a JSFunction.
> 
> Also does some other cleanup:
>  - Removes CompileUnoptimizedFunction and inlines into new Compiler function
>  - Moves code to create top level SharedFunctionInfo into CompilerTopLevel and
>    out of FinalizeUnoptimizedCompile.
> 
> BUG=v8:6409
> 
> Change-Id: Ic54afcd8eb005c17f3ae6b2355060846e3091ca3
> Reviewed-on: https://chromium-review.googlesource.com/613760
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47394}

TBR=yangguo@chromium.org
TBR=jarin@chromium.org

Bug: v8:6409
Change-Id: If2eae66a85f129e746a5ca5c04935540f3f86b04
Reviewed-on: https://chromium-review.googlesource.com/618886
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47399}
2017-08-17 13:21:44 +00:00
Ross McIlroy
0f40415b6b Revert "[Compiler] Remove CompileDebugCode and EnsureBytecode and replace with Compile"
This reverts commit 21da12a983.

Reason for revert: Failing on arm64 simulator

Original change's description:
> [Compiler] Remove CompileDebugCode and EnsureBytecode and replace with Compile
> 
> Removes the Compiler::CompileDebugCode and Compiler::EnsureBytecode functions
> and replaces them with a Compiler::Compile(Handle<SharedFunctionInfo> shared)
> function. The code in compiler.cc is refactored to use this function to compile
> the SharedFunctionInfo when compiling a JSFunction.
> 
> Also does some other cleanup:
>  - Removes CompileUnoptimizedFunction and inlines into new Compiler function
>  - Moves code to create top level SharedFunctionInfo into CompilerTopLevel and
>    out of FinalizeUnoptimizedCompile.
> 
> BUG=v8:6409
> 
> Change-Id: Ic54afcd8eb005c17f3ae6b2355060846e3091ca3
> Reviewed-on: https://chromium-review.googlesource.com/613760
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47394}

TBR=rmcilroy@chromium.org,yangguo@chromium.org,jarin@chromium.org,leszeks@chromium.org

Change-Id: I4ba63e82417a185f1528ff2633eb6c8872fbbfe5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6409
Reviewed-on: https://chromium-review.googlesource.com/618687
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47397}
2017-08-17 11:00:15 +00:00
Ross McIlroy
21da12a983 [Compiler] Remove CompileDebugCode and EnsureBytecode and replace with Compile
Removes the Compiler::CompileDebugCode and Compiler::EnsureBytecode functions
and replaces them with a Compiler::Compile(Handle<SharedFunctionInfo> shared)
function. The code in compiler.cc is refactored to use this function to compile
the SharedFunctionInfo when compiling a JSFunction.

Also does some other cleanup:
 - Removes CompileUnoptimizedFunction and inlines into new Compiler function
 - Moves code to create top level SharedFunctionInfo into CompilerTopLevel and
   out of FinalizeUnoptimizedCompile.

BUG=v8:6409

Change-Id: Ic54afcd8eb005c17f3ae6b2355060846e3091ca3
Reviewed-on: https://chromium-review.googlesource.com/613760
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47394}
2017-08-17 09:47:57 +00:00
Yang Guo
845c27cd5a [interpreter] remove self-healing for LiveEdit.
R=rmcilroy@chromium.org

Bug: v8:6409
Change-Id: I8205ca3e9587f4cb1d35d7edc1aa320814020ac4
Reviewed-on: https://chromium-review.googlesource.com/616665
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47387}
2017-08-17 04:24:08 +00:00
Mostyn Bramley-Moore
cddbe282c6 Start preparing test/cctest for jumbo compilation
* Avoid "using namespace" statements, which trigger clang's -Wheader-hygiene
  warnings in jumbo builds.
* Undefine created macros at the end of source files.

BUG=chromium:746958

Change-Id: I5d25432c314437f607b0e1be22765a6764267ba6
Reviewed-on: https://chromium-review.googlesource.com/610962
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@opera.com>
Cr-Commit-Position: refs/heads/master@{#47347}
2017-08-14 20:58:10 +00:00
Ulan Degenbaev
19ae2fc1af [heap] Refactor object marking state (part 2).
This follows up 4af9cfcc by separating incremental marking state
from the full MC marking state. Runtime and tests now use only
the incremental marking state. The full MC marking state used
by MC during atomic pause.

This separation decouples atomicity of markbit accesses
during incremental marking and during full MC.

Bug: chromium:694255
TBR: mlippautz@chromium.org
Change-Id: Ia409ab06515cd0d1403a272a016633295c0d6692
Reviewed-on: https://chromium-review.googlesource.com/612350
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47336}
2017-08-14 12:18:37 +00:00
Ulan Degenbaev
a241576fa1 Revert "[heap] Handle bytecode arrays in concurrent marker."
This reverts commit a7c7e8f64e.

Reason for revert: TSAN failures.

Original change's description:
> [heap] Handle bytecode arrays in concurrent marker.
> 
> Bytecode array visitor has a side-effect of incrementing the age counter.
> 
> This patch makes the increment atomic and thus safe for the concurrent
> marker.
> 
> Bug: chromium:694255
> Change-Id: I36c65b02ace8d366206bd8295e72aaa19742ed56
> Reviewed-on: https://chromium-review.googlesource.com/610001
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47317}

TBR=ulan@chromium.org,rmcilroy@chromium.org

Change-Id: Iceff1e5925bb6ad7c03f858aa2f1fa62240f6909
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:694255
Reviewed-on: https://chromium-review.googlesource.com/612069
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47319}
2017-08-11 16:50:39 +00:00
Ulan Degenbaev
a7c7e8f64e [heap] Handle bytecode arrays in concurrent marker.
Bytecode array visitor has a side-effect of incrementing the age counter.

This patch makes the increment atomic and thus safe for the concurrent
marker.

Bug: chromium:694255
Change-Id: I36c65b02ace8d366206bd8295e72aaa19742ed56
Reviewed-on: https://chromium-review.googlesource.com/610001
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47317}
2017-08-11 15:32:35 +00:00
Ross McIlroy
1458e8b01a [fullcodegen] Delete FullCodegen.
Deletes the now unused Full-codegen compiler. Also removes some macro
assembler instructions which are no longer used.

Note: there is still additional cleanup work to do after this lands
(e.g., remove support for FCG frames support and FCG
debugger support, etc.), but this will be done in followup CLs to keep
this patch managable.

BUG=v8:6409

Change-Id: I8d828fe7a64d29f2c1252d5fda968a630a2e9ef2
Reviewed-on: https://chromium-review.googlesource.com/584773
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47307}
2017-08-11 11:50:05 +00:00
Michael Lippautz
1092155c16 [heap] Cleanup cctests
- Move into v8::internal::heap namespace
- Remove card marking ifdefs

Bug: 
Change-Id: Ifd5e5d96c6ab0fea85a3646e5b307583eb13e2c3
Reviewed-on: https://chromium-review.googlesource.com/612066
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47305}
2017-08-11 10:40:49 +00:00
Ulan Degenbaev
d9a036317c [heap] Track transition arrays using worklists.
This allows handling transitions arrays in concurrent marking

Bug: chromium:694255
Change-Id: I28196fccbf03bfba7d7dada1884813be372ddb54
Reviewed-on: https://chromium-review.googlesource.com/610961
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47303}
2017-08-11 09:11:20 +00:00
Ulan Degenbaev
4af9cfccf6 [heap] Refactor object marking state.
This patch merges ObjectMarking and MarkingState. The new marking state
encapsulates object marking, live byte tracking, and access atomicity.

The old ObjectMarking calls are now replaced with calls to marking
state. For example:
ObjectMarking::WhiteToGrey<kAtomicity>(obj, marking_state(obj)
becomes
marking_state()->WhiteToGrey(obj)

This simplifies custom handling of live bytes and allows to chose
atomicity of markbit accesses depending on collector's state.

This also decouples marking bitmap from the marking code, which will
allows in future to use different data-structure for mark-bits.

Bug: chromium:694255
Change-Id: Ifb4bc0144187bac1c08f6bc74a9d5c618fe77740
Reviewed-on: https://chromium-review.googlesource.com/602132
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47288}
2017-08-10 17:28:03 +00:00
Michael Starzinger
45b4522e40 [fullcodegen] Remove --stress-fullcodegen flag.
This is in preparation to the removal of the FullCodeGenerator, we no
longer need the ability to stress the underlying implementation.

R=rmcilroy@chromium.org
BUG=v8:6409

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Iad3177d6de4a68b57c12a770b6e85ed7a9710254
Reviewed-on: https://chromium-review.googlesource.com/584747
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47276}
2017-08-10 09:52:49 +00:00
jgruber
94196e4e0c Fix test-heap/Regress5831
This test started failing on arm64-debug-nosnap builds since we'd have
leftover NEVER_EVACUATE code-space pages from Isolate initialization.

Ensure that we exhaust all such pages and overflow into LO_SPACE before
continuing into the real test, and simply generate dummy code instead of
copying a fake CEntryStub.

Bug: v8:6690
Change-Id: I3889b5818e2467dcdce3485f1372f3b7383478f4
Reviewed-on: https://chromium-review.googlesource.com/608139
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47273}
2017-08-10 08:30:59 +00:00
Ulan Degenbaev
e625f4b66d [heap] Fix InvalidatedSlotsFilter.
On advancing the iterator we need to reset the current object,
so that it can be lazily reloaded later on.

TBR=mlippautz@chromium.org

Bug: chromium:694255
Change-Id: If7ddd8670df9d11837f491503312919b55b451fe
Reviewed-on: https://chromium-review.googlesource.com/600687
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47142}
2017-08-03 18:27:42 +00:00
Ulan Degenbaev
b77115a0af Reland^3 "[heap] Add mechanism for tracking invalidated slots per memory chunk."
This reverts commit b9acf4eded.

Bug: chromium:694255
Change-Id: I62766e8b32cfa16af39a28ad07fecd72441ad8cd
Reviewed-on: https://chromium-review.googlesource.com/598468
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47132}
2017-08-03 14:38:19 +00:00
Michael Lippautz
f9c4b7a293 [heap] Move UnmapFreeMemoryTask to CancelableTask
This mitigates the problem of blocking on the main thread when the
platform is unable to execute background tasks in a timely manner.

Bug: v8:6671
Change-Id: I741d4b7594e8d62721dad32cbfb19551ffacd0c3
Reviewed-on: https://chromium-review.googlesource.com/599528
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47126}
2017-08-03 12:28:59 +00:00
Ulan Degenbaev
b9acf4eded Revert "Reland^2 "[heap] Add mechanism for tracking invalidated slots per memory chunk.""
This reverts commit 0a9d515095.

Reason for revert: another gc-stress failure

Original change's description:
> Reland^2 "[heap] Add mechanism for tracking invalidated slots per memory chunk."
> 
> This reverts commit 6fde541d4c.
> 
> Bug: chromium:694255
> Change-Id: I4670d0de3d2749afbb3bdb8dc5418822a885330c
> Reviewed-on: https://chromium-review.googlesource.com/597850
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47083}

TBR=ulan@chromium.org,mlippautz@chromium.org

Change-Id: Iaabf4586e0297dccb1ab4ef180b6f1eea173273b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:694255
Reviewed-on: https://chromium-review.googlesource.com/598094
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47084}
2017-08-02 15:12:24 +00:00
Ulan Degenbaev
0a9d515095 Reland^2 "[heap] Add mechanism for tracking invalidated slots per memory chunk."
This reverts commit 6fde541d4c.

Bug: chromium:694255
Change-Id: I4670d0de3d2749afbb3bdb8dc5418822a885330c
Reviewed-on: https://chromium-review.googlesource.com/597850
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47083}
2017-08-02 14:29:31 +00:00
Ulan Degenbaev
6fde541d4c Revert "Reland "[heap] Add mechanism for tracking invalidated slots per memory chunk.""
This reverts commit d4a742fdf1.

Reason for revert: gc-stress failures

Original change's description:
> Reland "[heap] Add mechanism for tracking invalidated slots per memory chunk."
> 
> This reverts commit c59b81d7b8.
> 
> Original change's description:
> > [heap] Add mechanism for tracking invalidated slots per memory chunk.
> 
> > For correct slots recording in concurrent marker, we need to resolve
> > the race that happens when
> > 1) the mutator is invalidating slots for double unboxing or string
> > conversions
> > 2) and the concurrent marker is recording these slots.
> 
> > This patch adds a data-structure for tracking the invalidated objects.
> > Thus we can allow the concurrent marker to record slots without
> > worrying about clearing them. During old-to-old pointer updating phase
> > we re-check all slots that belong to the invalidated objects.
> 
> BUG=chromium:694255
> 
> Change-Id: Idf8927d162377a7bbdff34f81a87e52db27d6a9f
> Reviewed-on: https://chromium-review.googlesource.com/596868
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47068}

TBR=ulan@chromium.org,mlippautz@chromium.org

Change-Id: I81c6059a092cc5834acd799c51fd30dc0ecf5b27
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:694255
Reviewed-on: https://chromium-review.googlesource.com/597787
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47078}
2017-08-02 11:38:20 +00:00
Julien Brianceau
b41f857b9e Fix common misspellings
Bug: chromium:750830
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Icab7b5a1c469d5e77d04df8bfca8319784e92af4
Reviewed-on: https://chromium-review.googlesource.com/595655
Commit-Queue: Julien Brianceau <jbriance@cisco.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47072}
2017-08-02 09:35:28 +00:00
Ulan Degenbaev
3fe1421858 [heap] Add manual GC scope to test-array-buffer-tracker tests.
These tests perform GC manually which does not work well with concurrent
marking and stress incremental marking flags.

BUG=chromium:694255

Change-Id: I43e32957bf37053e0d3af07afa00b8bb40935ebd
Reviewed-on: https://chromium-review.googlesource.com/596887
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47070}
2017-08-02 08:51:56 +00:00
Yang Guo
3b1bfdecbb Fix test failure in interpreted regexp build.
R=mlippautz@chromium.org

Change-Id: Ic8628a2f9648a662447f4a6350f1466fe9ec69f2
Reviewed-on: https://chromium-review.googlesource.com/596969
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47069}
2017-08-02 08:48:02 +00:00
Ulan Degenbaev
d4a742fdf1 Reland "[heap] Add mechanism for tracking invalidated slots per memory chunk."
This reverts commit c59b81d7b8.

Original change's description:
> [heap] Add mechanism for tracking invalidated slots per memory chunk.

> For correct slots recording in concurrent marker, we need to resolve
> the race that happens when
> 1) the mutator is invalidating slots for double unboxing or string
> conversions
> 2) and the concurrent marker is recording these slots.

> This patch adds a data-structure for tracking the invalidated objects.
> Thus we can allow the concurrent marker to record slots without
> worrying about clearing them. During old-to-old pointer updating phase
> we re-check all slots that belong to the invalidated objects.

BUG=chromium:694255

Change-Id: Idf8927d162377a7bbdff34f81a87e52db27d6a9f
Reviewed-on: https://chromium-review.googlesource.com/596868
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47068}
2017-08-02 08:46:56 +00:00
Ulan Degenbaev
c59b81d7b8 Revert "[heap] Add mechanism for tracking invalidated slots per memory chunk."
This reverts commit 7a5a777c97.

Reason for revert: crashing in test-api

Original change's description:
> [heap] Add mechanism for tracking invalidated slots per memory chunk.
> 
> For correct slots recording in concurrent marker, we need to resolve
> the race that happens when
> 1) the mutator is invalidating slots for double unboxing or string
> conversions
> 2) and the concurrent marker is recording these slots.
> 
> This patch adds a data-structure for tracking the invalidated objects.
> Thus we can allow the concurrent marker to record slots without
> worrying about clearing them. During old-to-old pointer updating phase
> we re-check all slots that belong to the invalidated objects.
> 
> BUG=chromium:694255
> 
> Change-Id: Ifc3d82918cd3b96e5a5fb7125691626a56f4ab83
> Reviewed-on: https://chromium-review.googlesource.com/591810
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47049}

TBR=ulan@chromium.org,mlippautz@chromium.org

Change-Id: I7f4f8e8cb027b921a82e9c0a0623536af02581fb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:694255
Reviewed-on: https://chromium-review.googlesource.com/595994
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47052}
2017-08-01 18:13:41 +00:00
Bill Budge
0eb28cd5b9 [cctest] Simplify tests that mock v8::Platform.
Adds a base class TestPlatform which implements the most common defaults
for v8::Platform methods.

Reworks existing cctests and unittests to use TestPlatform.

Bug: 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ifeb28a5a190529697d5bcac227e80b10d454d9bd
Reviewed-on: https://chromium-review.googlesource.com/590194
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47050}
2017-08-01 17:06:13 +00:00
Ulan Degenbaev
7a5a777c97 [heap] Add mechanism for tracking invalidated slots per memory chunk.
For correct slots recording in concurrent marker, we need to resolve
the race that happens when
1) the mutator is invalidating slots for double unboxing or string
conversions
2) and the concurrent marker is recording these slots.

This patch adds a data-structure for tracking the invalidated objects.
Thus we can allow the concurrent marker to record slots without
worrying about clearing them. During old-to-old pointer updating phase
we re-check all slots that belong to the invalidated objects.

BUG=chromium:694255

Change-Id: Ifc3d82918cd3b96e5a5fb7125691626a56f4ab83
Reviewed-on: https://chromium-review.googlesource.com/591810
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47049}
2017-08-01 16:12:53 +00:00
Leszek Swirski
77cd84169b [heap] Remove IC age
Remove the concept of IC age from the heap and SFI, since it no
longer does anything useful.

Change-Id: I4ce466efc77c007c09c0889bae09ec6a0c907e33
Reviewed-on: https://chromium-review.googlesource.com/593623
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47041}
2017-08-01 13:25:30 +00:00
jgruber
fcaa2c2e57 Reland "[builtins] Remove Builtins::Name() accessors"
This is a reland of 2f79e03560
Original change's description:
> [builtins] Remove Builtins::Name() accessors
> 
> Instead of auto-generating the Name() convenience accessor, use a macro to
> avoid wasting code space.
> 
>   BUILTIN_CODE(isolate, Name)
> 
> expands to
> 
>   isolate->builtins()->builtin_handle(Builtins::kName);
> 
> This reduces the size of libv8.so by 134,752 bytes on a x64 release build.
> 
> Bug: v8:6624
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: Idff7ee5c45e344e73412c0f47e92553c7c7ff75f
> Reviewed-on: https://chromium-review.googlesource.com/593607
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47010}

TBR=bmeurer@chromium.org,ahaas@chromium.org

Bug: v8:6624
Change-Id: I4733731e56dc8873ee06c2b36cac1918c0a658b2
Reviewed-on: https://chromium-review.googlesource.com/594087
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47037}
2017-08-01 10:39:10 +00:00
Leszek Swirski
b34d2ec6a8 [objects] Move deopt_count to FeedbackVector
Since any deopt-count-based heuristics should be native context
dependent, it belongs in the feedback vector rather than the SFI.

Bug: v8:6402
Change-Id: I30804d58bc1dec9150558e6ee21ee5b4dbd36c8d
Reviewed-on: https://chromium-review.googlesource.com/593661
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47014}
2017-07-31 15:28:44 +00:00
Jakob Gruber
17a26c0bc7 Revert "[builtins] Remove Builtins::Name() accessors"
This reverts commit 2f79e03560.

Reason for revert: Conflicts with successor CL.

Original change's description:
> [builtins] Remove Builtins::Name() accessors
> 
> Instead of auto-generating the Name() convenience accessor, use a macro to
> avoid wasting code space.
> 
>   BUILTIN_CODE(isolate, Name)
> 
> expands to
> 
>   isolate->builtins()->builtin_handle(Builtins::kName);
> 
> This reduces the size of libv8.so by 134,752 bytes on a x64 release build.
> 
> Bug: v8:6624
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: Idff7ee5c45e344e73412c0f47e92553c7c7ff75f
> Reviewed-on: https://chromium-review.googlesource.com/593607
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47010}

TBR=yangguo@chromium.org,ahaas@chromium.org,jgruber@chromium.org,bmeurer@chromium.org

Change-Id: Ia9ef5c755b26c3f4e143d87a7c51033614ea435e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6624
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/594048
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47012}
2017-07-31 14:38:21 +00:00
jgruber
2f79e03560 [builtins] Remove Builtins::Name() accessors
Instead of auto-generating the Name() convenience accessor, use a macro to
avoid wasting code space.

  BUILTIN_CODE(isolate, Name)

expands to

  isolate->builtins()->builtin_handle(Builtins::kName);

This reduces the size of libv8.so by 134,752 bytes on a x64 release build.

Bug: v8:6624
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Idff7ee5c45e344e73412c0f47e92553c7c7ff75f
Reviewed-on: https://chromium-review.googlesource.com/593607
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47010}
2017-07-31 14:04:19 +00:00
Leszek Swirski
e47d175738 [sfi] Remove opt_count
Remove opt_count from SFI, which only had two real uses:

  1. Detecting OSR in tests -- replaced with a stack walk in
     %GetOptimizationStatus
  2. Naming optimization log files -- replaced with the
     optimization id

This allows us to remove a field from the SFI, moving the
bailout reason into the counters field.

As a drive-by, add optimization marker information (e.g.
marked for optimization) to the optimization status.

Change-Id: Id77deb5dd5439dfba058a7e1e1748de26b717d0d
Reviewed-on: https://chromium-review.googlesource.com/592028
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47009}
2017-07-31 13:18:49 +00:00
Jakob Kummerow
e567dd3ab4 Refactor TransitionArray access
in preparation for caching StoreIC-Transition handlers in there.
This CL should not change behavior or performance.

The TransitionArray class no longer serves a dual purpose; it is now
simply the data structure serving that role. Further, it now supports
storing transitioning handlers in its "target" slot, which in turn have
a WeakCell pointing to the transition target (but this functionality
is not being used yet).

The interface for accessing a map's transitions, previously implemented
as a set of static functions, is now handled by the TransitionsAccessor
class. It distinguishes the following internal states:
- kPrototypeInfo: map is a prototype map, will never cache any transitions.
- kUninitialized: map can cache transitions, but doesn't have any.
- kWeakCell: map caches a single transition, stored inline. Formerly known
             as "IsSimpleTransition".
- kFullTransitionArray: map uses a TransitionArray to store transitions.
- kTuple3Handler, kFixedArrayHandler: to be used in the future for caching
                                      transitioning handlers.

Change-Id: If2aa68390981f96f317b958445a6e0b935c2a14e
Reviewed-on: https://chromium-review.googlesource.com/550118
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46981}
2017-07-28 19:41:21 +00:00
Ulan Degenbaev
047e906da5 [heap] Process weak cells in concurrent marking visitor.
BUG=chromium:694255

Change-Id: I6684850ae9759f719e3ed665157eaea2581a65cf
Reviewed-on: https://chromium-review.googlesource.com/590008
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46964}
2017-07-28 11:32:40 +00:00
Camillo Bruni
0392eb20ac [literals] Introduce CreateEmptyArrayLiteral Bytecode
Empty Array literals are amongst the most commonly used literal types on our
top25 page list. Using a custom bytecode we can drop the boilerplate for empty
Array literals alltogether. However, we still need a proper AllocationSite to
track ElementsKind transitions.

Bug: v8:6211, chromium:746935
Change-Id: I891eaa778e4e81e138e483a65f04ae00ae30bd28
Reviewed-on: https://chromium-review.googlesource.com/580932
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46875}
2017-07-25 14:30:43 +00:00
Leszek Swirski
661726dd39 [runtime] Move profiler ticks from SFI to feedback vector (reland)
Reland of https://chromium-review.googlesource.com/c/544888/.

Instead of counting profiler ticks on the shared function info (which is
shared between native contexts), count them on the feedback vector
(which is not). This allows us to continue pushing optimization
decisions off the SFI, onto the feedback vector.

Note that a side-effect of this is that ICs don't have to walk the stack
to reset profiler ticks, as they can access the feedback vector directly
from their feedback nexus.

Change-Id: I7aa6baed03f726843d1b62629c72b74f05114b48
Reviewed-on: https://chromium-review.googlesource.com/579051
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46868}
2017-07-25 11:54:21 +00:00
Ulan Degenbaev
6e3d7ee6cb Revert "[heap] Remove clearing of caches and counter of shared function info in"
This reverts commit 8580529302.

Reason for revert: increased memory usage on benchmarks.

BUG=chromium:747806

Original change's description:
> [heap] Remove clearing of caches and counter of shared function info in
> marking visitors.
> 
> This makes incremental and concurrent visitors of share function infos
> side-effect free.
> 
> BUG=chromium:694255
> 
> Change-Id: I85ee7bac17f17bdbc101ef64ecfb46020b5b3458
> Reviewed-on: https://chromium-review.googlesource.com/574851
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46796}

TBR=ulan@chromium.org,mlippautz@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:694255
Change-Id: Id28551ce8378820b0272721b7efb388727c442d4
Reviewed-on: https://chromium-review.googlesource.com/584288
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46864}
2017-07-25 10:42:56 +00:00
Yang Guo
89ef9556d7 Reland: Introduce HASH_TABLE_TYPE instance type.
This is so that we can distinguish hash tables by instance type. We can
then introduce maps for each kind of hash tables to further distinguish.

R=mstarzinger@chromium.org

Bug: v8:6593
Change-Id: Ice9e6bb7b85d825207ac489b6930ac9020d60db8
Reviewed-on: https://chromium-review.googlesource.com/582814
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46861}
2017-07-25 09:19:46 +00:00
Yang Guo
f4867154c4 Revert "Introduce HASH_TABLE_TYPE instance type."
This reverts commit 990dd947bc.

Reason for revert: <INSERT REASONING HERE>

Original change's description:
> Introduce HASH_TABLE_TYPE instance type.
> 
> This is so that we can distinguish hash tables by instance type. We can
> then introduce maps for each kind of hash tables to further distinguish.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: v8:6593
> Change-Id: I1a532884758e571abdfe2e2743fc5ea611d12f7e
> Reviewed-on: https://chromium-review.googlesource.com/581009
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46828}

TBR=yangguo@chromium.org,mstarzinger@chromium.org

Change-Id: Ia47d408e5cf47983940227b4cc445a704d7f8d19
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6593
Reviewed-on: https://chromium-review.googlesource.com/581493
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46833}
2017-07-24 07:33:52 +00:00
Yang Guo
990dd947bc Introduce HASH_TABLE_TYPE instance type.
This is so that we can distinguish hash tables by instance type. We can
then introduce maps for each kind of hash tables to further distinguish.

R=mstarzinger@chromium.org

Bug: v8:6593
Change-Id: I1a532884758e571abdfe2e2743fc5ea611d12f7e
Reviewed-on: https://chromium-review.googlesource.com/581009
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46828}
2017-07-24 06:04:29 +00:00
Michael Lippautz
a45048e205 [heap] Parallel Scavenge
Bug: chromium:738865
Change-Id: Ie18574bb067438816238e2cf930e6d2a7bc5ecef
Reviewed-on: https://chromium-review.googlesource.com/570579
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46798}
2017-07-20 14:05:02 +00:00
Ulan Degenbaev
8580529302 [heap] Remove clearing of caches and counter of shared function info in
marking visitors.

This makes incremental and concurrent visitors of share function infos
side-effect free.

BUG=chromium:694255

Change-Id: I85ee7bac17f17bdbc101ef64ecfb46020b5b3458
Reviewed-on: https://chromium-review.googlesource.com/574851
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46796}
2017-07-20 13:47:22 +00:00
Ulan Degenbaev
bb29f9a4d6 [heap] Add API to set heap semi-space limits in KB.
This relands parts of "[heap] Allow a minimum semi-space size of 512K."
excluding the actual semi-space size change.

This partially reverts commit f341bb0f62

> Original commit message:
> Revert "[heap] Allow a minimum semi-space size of 512K."
> This reverts commit 0d2ed6c328.
> The CL introduced perf regressions: crbug.com/735649.
> We are going to reland the CL in an isolated V8 roll to ensure
> that perf regressions are attributed correctly.

> Original commit message:
> > [heap] Allow a minimum semi-space size of 512K.
> > This CL also reduces the minimum semi-space size to 512K.
> > BUG=chromium:716032
> BUG=chromium:735649

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I5ed66b72104aa877d67fcd20bdadc807ea1551c3
Reviewed-on: https://chromium-review.googlesource.com/575065
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46762}
2017-07-19 12:53:27 +00:00
Sathya Gunasekaran
21a66b11d3 [runtime] Rename properties to properties_or_hash
Add SetProperties as the generic interface to set properties. In the
future, this will switch based on the input properties type and
correctly store the hash code.

This patch also updates tests to check against empty_property_array
instead of empty_fixed_array.

Bug: v8:6404
Change-Id: I39d324ea3ab3cc2c2223b6f4be64139bb88edd94
Reviewed-on: https://chromium-review.googlesource.com/574761
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46744}
2017-07-18 17:38:50 +00:00
Michael Lippautz
beb4037aed [heap] Introduce separate pass for pre-freeing empty buckets in SlotSet
This will allow us to concurrently allocate buckets during iteration.

Bug: chromium:738865
Change-Id: I88bd1ac152d1ef8b40395f0ba3e55a7c3e82f75d
Reviewed-on: https://chromium-review.googlesource.com/575990
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46737}
2017-07-18 14:18:49 +00:00
Yang Guo
a2ab1353f6 [snapshot] Rehash strings after deserialization.
See https://goo.gl/6aN8xA

Bug: v8:6593
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ic8b0b57195d01d41591397d5d45de3f0f3ebc3d9
Reviewed-on: https://chromium-review.googlesource.com/574527
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46732}
2017-07-18 10:48:43 +00:00
Ulan Degenbaev
ce04f26abb [heap] Reschedule concurrent marking tasks.
If the incremental marker discovers more marking work and the concurrent
marking tasks have already exited, then new concurrent marking tasks
are scheduled to help the main thread marker.

BUG=chromium:694255

Change-Id: I559af62790e6034b23a412d3308ba8b6ae3d27c9
Reviewed-on: https://chromium-review.googlesource.com/574170
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46703}
2017-07-17 11:53:22 +00:00
Leszek Swirski
14c5c4fde7 Revert "[runtime] Move profiler ticks from SFI to feedback vector"
This reverts commit a2fcdc7cc8.

Reason for revert: Large regressions in RCS (https://chromeperf.appspot.com/group_report?bug_id=740126)

Original change's description:
> [runtime] Move profiler ticks from SFI to feedback vector
> 
> Instead of counting profiler ticks on the shared function info (which is
> shared between native contexts), count them on the feedback vector
> (which is not). This allows us to continue pushing optimization
> decisions off the SFI, onto the feedback vector.
> 
> Note that a side-effect of this is that ICs don't have to walk the stack
> to reset profiler ticks, as they can access the feedback vector directly
> from their feedback nexus.
> 
> Change-Id: I232ae9e759fca75cd89d393148a4ff42caa2646f
> Reviewed-on: https://chromium-review.googlesource.com/544888
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46411}

TBR=rmcilroy@chromium.org,leszeks@chromium.org,ishell@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: Id587e4172e300c420f93c49744a2a0e66696edf8
Reviewed-on: https://chromium-review.googlesource.com/574227
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46702}
2017-07-17 11:51:32 +00:00
Michael Lippautz
7a49c94c25 [heap] Make page promotion tests more robust against fragmentation
Bug: chromium:738865
Change-Id: If710b60d33eea94bff7b621910006c2d941a7670
Reviewed-on: https://chromium-review.googlesource.com/571900
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46697}
2017-07-17 08:52:13 +00:00
Ulan Degenbaev
065c47dedd Revert "[heap] Keep concurrent marking tasks running until marking is completed."
This reverts commit 20d5048a6f.

Revert "[heap] Ensure that concurrent marking tasks exit before heap tear down."

This reverts commit 387f65d41a.

Reason: concurrent marking tasks waiting for a signal from the main thread
is susceptible to deadlocks. We should instead re-schedule concurrent marking
threads once they exit.

BUG=chromium:694255

Change-Id: I20db2f26b42e960f4cc04506d9598c1187b8a003
Reviewed-on: https://chromium-review.googlesource.com/571800
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46671}
2017-07-14 10:39:20 +00:00
Ulan Degenbaev
20d5048a6f [heap] Keep concurrent marking tasks running until marking is completed.
BUG=chromium:694255

Change-Id: Id874d7427b52f5c2d1d7ae72d321cad8277f8082
Reviewed-on: https://chromium-review.googlesource.com/570035
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46639}
2017-07-13 13:33:54 +00:00
Ross McIlroy
05207b098a [Interpreter] Replace --ignition flag with a --stress-fullcodegen
Removes the --ignition flag which is now on by default. Adds a
--stress-fullcodegen flag which enables running all functions supported
by fullcodegen to be compiled by fullcodegen.

This will enable moving parser internalization later when we are not
stressing fullcodegen or compiling asm.js functions.

BUG=v8:5203, v8:6409, v8:6589

Change-Id: I7fa68016d4e734755434ec0b4e749ef65ffa7f4e
Reviewed-on: https://chromium-review.googlesource.com/565569
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46635}
2017-07-13 13:05:00 +00:00
jgruber
14e80e5c91 Add Smi::ToInt helper method
This adds a convenience method for the common Smi to int conversion
pattern.

Bug: 
Change-Id: I7d7b171c36cfec5f6d10c60f1d9c3e06e3aed0fa
Reviewed-on: https://chromium-review.googlesource.com/563205
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46516}
2017-07-10 13:33:03 +00:00
Ulan Degenbaev
5359d8680a [heap] Add support for multiple concurrent marking tasks.
BUG=chromium:694255

Change-Id: Ib0403a2d406428d2cd7896521abb6e95c3841c1c
Reviewed-on: https://chromium-review.googlesource.com/563364
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46505}
2017-07-10 10:16:52 +00:00
Michael Lippautz
94b1b48b38 [heap] Introduce PromtionWorklist
Replaces the old PromotionQueue that was kept at the end of to space.

This change allows a future implementation to use 
(a) a thread-local promotion list and 
(b) enables work stealing for concurrent scenarios.

Bug: chromium:738865
Change-Id: I4c983a36e69ad4a9462eb9a59f586a85e51acbde
Reviewed-on: https://chromium-review.googlesource.com/561141
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46446}
2017-07-06 13:39:38 +00:00
Georg Neis
9b3174b295 Don't dereference handles in (macro-)assembler functions used by TF.
Remove all IsHeapObject/IsSmi checks from assembler and also from
the macro-assembler functions that Turbofan code generation uses.

Note for porters: In case it's unclear which macro-assembler
functions need to be modified, it may be best to wait until I
split MacroAssembler in a followup-CL, which will make that clear.

Bug: v8:6048
Change-Id: Ife0735cc6f48713c9ec493faf2dac5e553d1c06b
Reviewed-on: https://chromium-review.googlesource.com/561015
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46436}
2017-07-06 10:33:18 +00:00
Leszek Swirski
a2fcdc7cc8 [runtime] Move profiler ticks from SFI to feedback vector
Instead of counting profiler ticks on the shared function info (which is
shared between native contexts), count them on the feedback vector
(which is not). This allows us to continue pushing optimization
decisions off the SFI, onto the feedback vector.

Note that a side-effect of this is that ICs don't have to walk the stack
to reset profiler ticks, as they can access the feedback vector directly
from their feedback nexus.

Change-Id: I232ae9e759fca75cd89d393148a4ff42caa2646f
Reviewed-on: https://chromium-review.googlesource.com/544888
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46411}
2017-07-05 12:04:50 +00:00
Michael Lippautz
8c8bb2b150 [heap] Templatize Worklist segment size
Bug: chromium:738865
Change-Id: I67b65f3006d6fe7e88854806f364d9863076b49b
Reviewed-on: https://chromium-review.googlesource.com/558969
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46397}
2017-07-04 09:24:26 +00:00
Jochen Eisinger
cc59f8b125 Reland "Switch tracing to use v8::TracingController"
Original change's description:
> Switch tracing to use v8::TracingController
>
> BUG=v8:6511
> R=fmeawad@chromium.org
>
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I4961e4b61a9ddc98385ed97c3ffcbcaef2d9cba7
> Reviewed-on: https://chromium-review.googlesource.com/543144
> Commit-Queue: Jochen Eisinger <jochen@chromium.org>
> Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46307}

BUG=v8:6511
TBR=fmeawad@chromium.org

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux64_tsan_rel
Change-Id: Ide32b409248dfd466e7c0bae1d8ae61d6a955d98
Reviewed-on: https://chromium-review.googlesource.com/558865
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46381}
2017-07-03 11:49:23 +00:00
Mathias Bynens
7915cf939e [elements] Rename Has*Elements and Is*ElementsKind methods
Commit 26c00f4a4c improved the names of
most FAST_* elements kinds in the enum. This patch updates the matching
Has*Elements and Is*ElementsKind method names accordingly.

- HasFastSmiElements => HasSmiElements
- IsFastSmiElementsKind => IsSmiElementsKind
- HasFastObjectElements => HasObjectElements
- IsFastObjectElementsKind => IsObjectElementsKind
- HasFastSmiOrObjectElements => HasSmiOrObjectElements
- IsFastSmiOrObjectElementsKind => IsSmiOrObjectElementsKind
- HasFastDoubleElements => HasDoubleElements
- IsFastDoubleElementsKind => IsDoubleElementsKind
- HasFastHoleyElements => HasHoleyElements
- IsFastHoleyElementsKind => IsHoleyElementsKind

Additionally, FastHoleyElementsUsage is renamed to HoleyElementsUsage.

BUG=v8:6548

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ie8f3d01eb43e909cbc6c372d88c5fbc4dfc2ac04
Reviewed-on: https://chromium-review.googlesource.com/558356
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46376}
2017-07-03 09:25:53 +00:00
Mathias Bynens
26c00f4a4c [elements] Rename FAST elements kinds
The `FAST_` prefix doesn’t make much sense — they’re all just different cases
with their own optimizations. Packedness being implicit (e.g. `FAST_ELEMENTS`
vs. `FAST_HOLEY_ELEMENTS`) is not ideal, either.

This patch renames the FAST elements kinds as follows:

- e.g. FAST_ELEMENTS => PACKED_ELEMENTS
- e.g. FAST_HOLEY_ELEMENTS => HOLEY_ELEMENTS

The following exceptions are left intact, for lack of a better name:

- FAST_SLOPPY_ARGUMENTS_ELEMENTS
- SLOW_SLOPPY_ARGUMENTS_ELEMENTS
- FAST_STRING_WRAPPER_ELEMENTS
- SLOW_STRING_WRAPPER_ELEMENTS

This makes it easier to reason about elements kinds, and less confusing to
explain how they’re used.

R=jkummerow@chromium.org, cbruni@chromium.org
BUG=v8:6548

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ie7c6bee85583c3d84b730f7aebbd70c1efa38af9
Reviewed-on: https://chromium-review.googlesource.com/556032
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46361}
2017-06-30 13:31:44 +00:00
Ulan Degenbaev
f341bb0f62 Revert "[heap] Allow a minimum semi-space size of 512K."
This reverts commit 0d2ed6c328.

The CL introduced perf regressions: crbug.com/735649.

We are going to reland the CL in an isolated V8 roll to ensure
that perf regressions are attributed correctly.

Original commit message:
> [heap] Allow a minimum semi-space size of 512K.
> This CL also reduces the minimum semi-space size to 512K.
> BUG=chromium:716032

BUG=chromium:735649

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I1f1b08ca6853347c00070f000c309d839ff8a4bb
Reviewed-on: https://chromium-review.googlesource.com/552541
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46349}
2017-06-30 12:03:04 +00:00
Michael Achenbach
49787a609f Revert "Switch tracing to use v8::TracingController"
This reverts commit 3d8e87aa7d.

Reason for revert: tsan errors:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/15977

Original change's description:
> Switch tracing to use v8::TracingController
> 
> BUG=v8:6511
> R=​fmeawad@chromium.org
> 
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I4961e4b61a9ddc98385ed97c3ffcbcaef2d9cba7
> Reviewed-on: https://chromium-review.googlesource.com/543144
> Commit-Queue: Jochen Eisinger <jochen@chromium.org>
> Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46307}

TBR=fmeawad@chromium.org,jochen@chromium.org

Change-Id: I3f39081001104c634cc8cab9d58ec420fc7293d8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6511
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/554771
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46308}
2017-06-29 09:01:50 +00:00
Jochen Eisinger
3d8e87aa7d Switch tracing to use v8::TracingController
BUG=v8:6511
R=fmeawad@chromium.org

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I4961e4b61a9ddc98385ed97c3ffcbcaef2d9cba7
Reviewed-on: https://chromium-review.googlesource.com/543144
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46307}
2017-06-29 08:40:35 +00:00
Leszek Swirski
9845f01a34 [compiler] Remove OSR code cache
There are very few cases where OSR code can be re-used, and where the
function won't be non-concurrently optimized after OSR has happened.
Maintaining the OSR code cache is unnecessary complexity, and caching
OSR prevents us from e.g. seeding the optimizer with the actual OSR
values.

So, this patch removes it.

Change-Id: Ib9223de590f35ffc1dc2ab593b7cc9fe97dde4a6
Reviewed-on: https://chromium-review.googlesource.com/552637
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46306}
2017-06-29 08:20:10 +00:00
Ulan Degenbaev
8060b9cc45 [heap] Fix cctest/test-concurrent-marking/ConcurrentMarking
BUG=chromium:694255

Change-Id: Ib954eaf868862577fb567a1438ca1c9136821eb4
Reviewed-on: https://chromium-review.googlesource.com/549417
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46251}
2017-06-27 12:38:22 +00:00
Michael Achenbach
7dea0f7b38 Revert "[heap] Make aborting compaction a fatal"
This reverts commit 3c04ee6d4e.

Reason for revert: Speculative revert for OOMs in:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/18563

Original change's description:
> [heap] Make aborting compaction a fatal
> 
> Last attempt failed because of too agressive growing and no proper GC
> scheduling.
> 
> Also refactor live object iteration on the way to avoid a branch when we
> know that we will succeed.
> 
> Bug: chromium:651354
> Change-Id: I8f52cbc79ac293989fb7c29c492d4ae4afe5ebe4
> Reviewed-on: https://chromium-review.googlesource.com/544829
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46245}

TBR=ulan@chromium.org,mlippautz@chromium.org

Change-Id: Ifb9fd0c873c4ec6d4bd895f2978849cc2a223a05
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:651354
Reviewed-on: https://chromium-review.googlesource.com/549324
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46247}
2017-06-27 11:40:28 +00:00
Michael Lippautz
3c04ee6d4e [heap] Make aborting compaction a fatal
Last attempt failed because of too agressive growing and no proper GC
scheduling.

Also refactor live object iteration on the way to avoid a branch when we
know that we will succeed.

Bug: chromium:651354
Change-Id: I8f52cbc79ac293989fb7c29c492d4ae4afe5ebe4
Reviewed-on: https://chromium-review.googlesource.com/544829
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46245}
2017-06-27 11:17:25 +00:00
Ulan Degenbaev
acf4929379 [heap] Replace concurrent marking deque with work-stealing worklist.
BUG=chromium:694255
TBR=mlippautz@chromium.org

Change-Id: I8eaec556d187453bd0d1cfbd0a12c0e81306862c
Reviewed-on: https://chromium-review.googlesource.com/548597
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46224}
2017-06-26 15:16:33 +00:00
Ulan Degenbaev
66e9152fe6 [heap] Rename MarkingDeque to MarkingWorklist.
This prepares ground for switching mark-compactor to use
Worklist data-structure instead of the existing marking deque.

BUG=chromium:694255

Change-Id: I0ac4c563018a9619962fb4bf388b5f3cceffb86d
Reviewed-on: https://chromium-review.googlesource.com/544933
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46178}
2017-06-23 13:43:59 +00:00
Michael Starzinger
8d921ca7f3 [turbofan] Remove --turbo shorthand for --turbo-filter.
This removes the --turbo flag and solely relies on the filter pattern
provided via --turbo-filter when deciding whether to use TurboFan. Note
that disabling optimization wholesale can still be done with --no-opt,
which should be used in favor of --no-turbo everywhere.

Also note that this contains semantic changes to the TurboFan activation
criteria. We respect the filter pattern more stringently and no longer
activate TurboFan just because the source contains patterns forcing use
of Ignition via {AstNumberingVisitor::DisableFullCodegenAndCrankshaft}.

R=rmcilroy@chromium.org
BUG=v8:6408

Change-Id: I0c855f6a62350eb62283a3431c8cc1baa750950e
Reviewed-on: https://chromium-review.googlesource.com/528121
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46167}
2017-06-23 11:19:19 +00:00
Jochen Eisinger
c4852ea94c Pull tracing related methods out of Platform
This will allow for embedders to easily implement their own Platform
without duplicating the tracing controller code.

BUG=v8:6511
R=fmeawad@chromium.org

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I7c64933d12b2cf53f0636fbc87f6ad5d22019f5c
Reviewed-on: https://chromium-review.googlesource.com/543015
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46118}
2017-06-22 08:58:40 +00:00
Michael Lippautz
ee35abf125 [heap] Build proper iterator for iterating live objects
- Iterator advancing is kept mainly unchanged.
- The iterator stores the size of the object which is to be used by the
  caller in follow ups. This way we might be able to avoid further out
  of line loads.
- The iteartor follows the regular std conventions allowing range based
  loops.

Bug: chromium:651354
Change-Id: I8928224a62d3a48a48145a2d00279a28608bc634
Reviewed-on: https://chromium-review.googlesource.com/543335
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46085}
2017-06-21 12:20:14 +00:00
mvstanton
b2b38f00c0 Remove enum RelocInfo::CODE_TARGET_WITH_ID.
RelocInfo no longer needs CODE_TARGET_WITH_ID thanks to the removal
of Crankshaft.

BUG=v8:6408
R=mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2951473002
Cr-Commit-Position: refs/heads/master@{#46047}
2017-06-20 13:30:17 +00:00
hpayer
0d2ed6c328 [heap] Allow a minimum semi-space size of 512K.
This CL also reduces the minimum semi-space size to 512K.

BUG=chromium:716032
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2942543002
Cr-Commit-Position: refs/heads/master@{#45992}
2017-06-19 10:16:13 +00:00
Camillo Bruni
015edc60ff [runtime] Don't store object literal boilerplates on first run
Storing the boilerplate on the first run leads to memory ovehead for code
that is run only once. Hence we directly return the creating literal on the
first run and only start creating copies from the second run on.

Bug: v8:6211
Change-Id: I69b96d124a5b594b991fdbcc76dbf935d973ffad
Reviewed-on: https://chromium-review.googlesource.com/530688
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45975}
2017-06-16 10:43:19 +00:00
Ulan Degenbaev
eb6b3408dc [heap] TSAN annotation for mark-bits initialization.
This patch also fixes several cctests that require manual GC.

BUG=chromium:694255

Change-Id: Ida93ed2498a6c5b0187ee78d2b1da27d2ff1906a
Reviewed-on: https://chromium-review.googlesource.com/533233
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45913}
2017-06-13 15:17:45 +00:00
Ulan Degenbaev
28810a2aa6 [heap] More cctest fixes for concurrent marker.
BUG=chromium:694255

Change-Id: Ia985a00fe2193bac96057994d93718224706ca04
Reviewed-on: https://chromium-review.googlesource.com/531168
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45893}
2017-06-13 09:55:17 +00:00
Leszek Swirski
09637ab3ce [runtime] Don't count profiler ticks on Code objects
With the deprecation of Crankshaft, it's no longer necessary for
FullCodeGen to keep track of its runtime profiler ticks on the code
object, and we can instead unify the behaviour of FCG and Ignition to
both increment the SFI counter instead.

Bug: v8:6408
Change-Id: Idcdd673aa39af06fe15a0fc14dfda2afafb5e417
Reviewed-on: https://chromium-review.googlesource.com/528117
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45892}
2017-06-13 09:54:13 +00:00
Ulan Degenbaev
066ad18763 [heap] Disable concurrent marking for cctest that rely on manual GC.
BUG=chromium:694255

Change-Id: Ibfffc68a513511866dc4eebcf0728e51feb1a7fd
Reviewed-on: https://chromium-review.googlesource.com/530746
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45855}
2017-06-12 11:55:38 +00:00
Michael Lippautz
c375a548d2 [heap] Add retained size counter to array buffer tracking
Bug: 
Change-Id: If4a5408f8ff63a8a2b189f60fda37896a9403d3d
Reviewed-on: https://chromium-review.googlesource.com/519386
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45646}
2017-05-31 18:36:24 +00:00
neis
659e8f7b5c [compiler] Delay allocation of code-embedded heap numbers.
Instead of allocating and embedding certain heap numbers into the code
during code assembly, emit dummies but record the allocation requests.
Later then, in Assembler::GetCode, allocate the heap numbers and patch
the code by replacing the dummies with the actual objects. The
RelocInfos for the embedded objects are already recorded correctly when
emitting the dummies.

R=jarin@chromium.org
BUG=v8:6048

Review-Url: https://codereview.chromium.org/2900683002
Cr-Commit-Position: refs/heads/master@{#45635}
2017-05-31 14:00:11 +00:00
ulan
b853d7fbb3 [heap] Fix a missing write barrier in Heap::Allocate.
BUG=

Review-Url: https://codereview.chromium.org/2906313002
Cr-Commit-Position: refs/heads/master@{#45571}
2017-05-29 15:03:50 +00:00
ulan
bc32a0a78f [heap] Disable concurrent marking for cctests that rely on manual GC.
BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2910933002
Cr-Commit-Position: refs/heads/master@{#45570}
2017-05-29 14:43:05 +00:00
ulan
75e679113b [heap] Add --stress-incremental-marking flag.
BUG=

Review-Url: https://codereview.chromium.org/2900603004
Cr-Commit-Position: refs/heads/master@{#45553}
2017-05-29 11:06:13 +00:00
Ross McIlroy
f5d0df35d7 [Heap] Remove code flushing.
Only FullCodegen code ever gets flushed by code flushing. Since we are
deprecating the old pipeline, the added complexity introduced by code
flushing is no longer worth it. This CL removes it (but keeps code aging,
which is used to unlink SFIs from the compilation cache).

BUG=v8:6389,v8:6379,v8:6409

Change-Id: I90de113a101f86dbeaaf0511c61a090ef12aa365
Reviewed-on: https://chromium-review.googlesource.com/507388
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45446}
2017-05-22 09:34:43 +00:00
Mythri
96b0928939 Remove crankshaft flag.
Crankshaft flag and opt flag mostly serve the same purpose. Using 
crankshaft to mean use optimizing compiler is a bit confusing.
This cl: https://chromium-review.googlesource.com/c/490206/ fixes 
the tests to use opt instead of crankshaft flag.

One difference between --no-crankshaft and --no-opt would be that 
--no-opt would mean no optimizations at all where as with --no-crankshaft
would mean we can force optimizations using %OptimizeFunctionOnNextCall.

Bug: v8:6325
Change-Id: If17393ac5b6af4ea6e9a98e092f0261c2e0899c5
Reviewed-on: https://chromium-review.googlesource.com/490307
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45298}
2017-05-15 12:34:20 +00:00
Ross McIlroy
11a211ff1b Reland: [TypeFeedbackVector] Store optimized code in the vector
Since the feedback vector is itself a native context structure, why
not store optimized code for a function in there rather than in
a map from native context to code? This allows us to get rid of
the optimized code map in the SharedFunctionInfo, saving a pointer,
and making lookup of any optimized code quicker.

Original patch by Michael Stanton <mvstanton@chromium.org>

BUG=v8:6246,chromium:718891
TBR=yangguo@chromium.org,ulan@chromium.org

Change-Id: I3bb9ec0cfff32e667cca0e1403f964f33a6958a6
Reviewed-on: https://chromium-review.googlesource.com/500134
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45234}
2017-05-10 15:04:35 +00:00
Ross McIlroy
fd749344bf Revert "Reland: [TypeFeedbackVector] Store optimized code in the vector"
This reverts commit 662aa425ba.

Reason for revert: Crashing on Canary
BUG=chromium:718891

Original change's description:
> Reland: [TypeFeedbackVector] Store optimized code in the vector
> 
> Since the feedback vector is itself a native context structure, why
> not store optimized code for a function in there rather than in
> a map from native context to code? This allows us to get rid of
> the optimized code map in the SharedFunctionInfo, saving a pointer,
> and making lookup of any optimized code quicker.
> 
> Original patch by Michael Stanton <mvstanton@chromium.org>
> 
> BUG=v8:6246
> TBR=yangguo@chromium.org,ulan@chromium.org
> 
> Change-Id: Ic83e4011148164ef080c63215a0c77f1dfb7f327
> Reviewed-on: https://chromium-review.googlesource.com/494487
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45084}

TBR=ulan@chromium.org,rmcilroy@chromium.org,yangguo@chromium.org,jarin@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
BUG=v8:6246

Change-Id: Idab648d6fe260862c2a0e35366df19dcecf13a82
Reviewed-on: https://chromium-review.googlesource.com/498633
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45174}
2017-05-08 20:57:30 +00:00
Ross McIlroy
662aa425ba Reland: [TypeFeedbackVector] Store optimized code in the vector
Since the feedback vector is itself a native context structure, why
not store optimized code for a function in there rather than in
a map from native context to code? This allows us to get rid of
the optimized code map in the SharedFunctionInfo, saving a pointer,
and making lookup of any optimized code quicker.

Original patch by Michael Stanton <mvstanton@chromium.org>

BUG=v8:6246
TBR=yangguo@chromium.org,ulan@chromium.org

Change-Id: Ic83e4011148164ef080c63215a0c77f1dfb7f327
Reviewed-on: https://chromium-review.googlesource.com/494487
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45084}
2017-05-04 11:21:59 +00:00
mlippautz
bf74d43de0 [heap] MinorMC: Evacuation for young generation
In the spirit of the full MC, we evacuate and update pointers in parallel for
the young generation.

The collectors are connected during incremental marking when mark bits are
transferred from the young generation bitmap to the old generation bitmap.

The evacuation phase cannot (yet) move pages and relies completely on copying
objects.

BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2796233003
Cr-Commit-Position: refs/heads/master@{#45074}
2017-05-03 21:31:06 +00:00
Mythri
3dae78ebb4 Adds tests for detecting unmodified API objects during scavenge.
Adds tests for Heap::IsUnmodifiedHeapObject that is used during
scavenge.

Bug:

Change-Id: Ide549a6616101cbd6ed17372ed1ed168c7a76fbd
Reviewed-on: https://chromium-review.googlesource.com/484539
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45046}
2017-05-03 07:53:53 +00:00
ulan
c6816cd87d [heap] Implement simple concurrent marking deque.
This patch adds a concurrent marking deque that exposes the same interface
for the main thread as the existing marking deque.

The matching interface makes the concurrent marking deque a drop-in
replacement for the sequential marking deque without any change in
mark-compactor and incremental marker.

BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2810893002
Cr-Commit-Position: refs/heads/master@{#45042}
2017-05-02 17:03:31 +00:00
Michael Achenbach
5fcf508e07 Revert "[TypeFeedbackVector] Store optimized code in the vector"
This reverts commit c5ad9c6d8e.

Reason for revert: Fails on gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/12661

Original change's description:
> [TypeFeedbackVector] Store optimized code in the vector
> 
> Since the feedback vector is itself a native context structure, why
> not store optimized code for a function in there rather than in
> a map from native context to code? This allows us to get rid of
> the optimized code map in the SharedFunctionInfo, saving a pointer,
> and making lookup of any optimized code quicker.
> 
> Original patch by Michael Stanton <mvstanton@chromium.org>
> 
> BUG=v8:6246
> 
> Change-Id: I60ff8c408c3001bc272b4b198c9cbaea2872a9e5
> Reviewed-on: https://chromium-review.googlesource.com/476891
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45022}

TBR=ulan@chromium.org,rmcilroy@chromium.org,yangguo@chromium.org,mvstanton@chromium.org,jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6246

Change-Id: I9cd5735b03898cae6ae7adea0f19d32fceb31619
Reviewed-on: https://chromium-review.googlesource.com/493287
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45027}
2017-05-02 11:51:01 +00:00
Ross McIlroy
c5ad9c6d8e [TypeFeedbackVector] Store optimized code in the vector
Since the feedback vector is itself a native context structure, why
not store optimized code for a function in there rather than in
a map from native context to code? This allows us to get rid of
the optimized code map in the SharedFunctionInfo, saving a pointer,
and making lookup of any optimized code quicker.

Original patch by Michael Stanton <mvstanton@chromium.org>

BUG=v8:6246

Change-Id: I60ff8c408c3001bc272b4b198c9cbaea2872a9e5
Reviewed-on: https://chromium-review.googlesource.com/476891
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45022}
2017-05-02 11:20:23 +00:00
Mythri
7371c34b6b Use --opt instead of --crankshaft in tests.
1. Replaces --crankshaft with --opt in tests.
2. Also fixes presubmit to check for --opt flag when
assertOptimized is used.
3. Updates testrunner/local/variants.py and 
v8_foozie.py to use --opt flag.
This would mean, nooptimize variant means there are
no optimizations. Not even with %OptimizeFunctionOnNextCall.

Bug:v8:6325

Change-Id: I638e743d0773a6729c6b9749e2ca1e2537f12ce6
Reviewed-on: https://chromium-review.googlesource.com/490206
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44985}
2017-04-28 14:20:39 +00:00
hpayer
1e50277b9f [heap] Remove max executable size configuration.
BUG=chromium:716032

Review-Url: https://codereview.chromium.org/2842303003
Cr-Commit-Position: refs/heads/master@{#44975}
2017-04-28 11:41:04 +00:00
Adam Klein
8f0c2949c1 [cctest] Add one more GC to a flaky test
It now passes on both 32-bit and 64-bit nosnap bots.

TBR=ulan@chromium.org
NOTREECHECKS=true

Change-Id: Id797c88f1eb32868433e112883c2c64b8640eb2c
Reviewed-on: https://chromium-review.googlesource.com/489682
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44953}
2017-04-27 22:10:59 +00:00
Adam Klein
4afa9110e0 [cctest] Fix more flakiness in Heap-related cctests on nosnap builds
These tests assume that a newly-created Isolate is pristine, but that's
not true for nosnap builds.

TBR=ulan@chromium.org

Change-Id: Ie5d0fb0450f285c8eeb8e088feef6729102c0f14
Reviewed-on: https://chromium-review.googlesource.com/489063
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44952}
2017-04-27 19:17:29 +00:00
Adam Klein
b3887f8a2c [cctest] Simplify the majority of callers of CcTest::CollectAllGarbage
Most callers passed kFinalizeIncrementalMarkingMask, so use that as
a default argument (not using default argument syntax to avoid including
heap.h in cctest.h).

Change-Id: I904f1eb3a0f5fdbe63eab16f6a6f01d04618645d
Reviewed-on: https://chromium-review.googlesource.com/488104
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44950}
2017-04-27 17:20:54 +00:00
ulan
e671ed3610 Decouple root visitors from object visitors.
This patch adds a new interface called RootVisitor and changes the root
iteration functions to accept a RootVisitor instead of an ObjectVisitor.

Future CLs will change ObjectVisitor to provide the host object to all
visiting functions, which will bring it in sync with static visitors.

Having separate visitors for roots and objects removes ambiguity in
VisitPointers and reduces chances of forgetting to record slots.

This is intended as pure refactoring. All places that require behavior
change are marked with TODO and will addressed in future CLs.

BUG=chromium:709075

Review-Url: https://codereview.chromium.org/2801073006
Cr-Commit-Position: refs/heads/master@{#44852}
2017-04-25 13:32:18 +00:00
Adam Klein
1c762bb8ed Eagerly force GC in a few cctests to avoid spurious nosnap failures
See this v8-dev thread for more background:
https://groups.google.com/d/msg/v8-dev/71PVa9fMzoc/AvBZ9Fw4BQAJ

TBR=hpayer@chromium.org

Change-Id: I49957a72c8faec4cf5032cbf6437a461d7139b83
Reviewed-on: https://chromium-review.googlesource.com/486062
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44824}
2017-04-25 00:37:20 +00:00
ulan
3477957ecd [heap] Start concurrent marking simultaneously with incremental marking.
This patch hooks up concurrent marking (behind the flag) with the rest
of the GC:
1. Incremental marking spawns concurrent marking task seeded with the
root set.
2. Mark-compact waits for concurrent marking tasks to finish.
3. Scavenger does fast promotion if concurrent marking is pending.

BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2735803005
Cr-Commit-Position: refs/heads/master@{#44526}
2017-04-10 14:22:31 +00:00
mlippautz
2db171c2ba [heap] Fix page promotions tests
Drive-by: Fix some getters.

BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2798333002
Cr-Commit-Position: refs/heads/master@{#44449}
2017-04-06 15:20:39 +00:00
mlippautz
a0655790ae Reland of [heap] Fix CompactionSpace test and move to unittests
This reverts commit eddf90c4a7.

BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2792063004
Cr-Commit-Position: refs/heads/master@{#44398}
2017-04-05 07:36:15 +00:00
mlippautz
eddf90c4a7 Revert of [heap] Fix CompactionSpace test and move to unittests (patchset #3 id:40001 of https://codereview.chromium.org/2796033002/ )
Reason for revert:
Breaks
https://uberchromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20shared/builds/17291

Original issue's description:
> [heap] Fix CompactionSpace test and move to unittests
>
> BUG=chromium:651354
>
> Review-Url: https://codereview.chromium.org/2796033002
> Cr-Commit-Position: refs/heads/master@{#44382}
> Committed: ce9a2db1e1

TBR=ulan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2793033004
Cr-Commit-Position: refs/heads/master@{#44383}
2017-04-04 14:47:06 +00:00
mlippautz
ce9a2db1e1 [heap] Fix CompactionSpace test and move to unittests
BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2796033002
Cr-Commit-Position: refs/heads/master@{#44382}
2017-04-04 14:28:21 +00:00
Yang Guo
da5b745dba [api] deprecate unused context size estimate.
Change-Id: I8de170892f061a8b30d1e39d1a7d3b4e2fe9230d
Reviewed-on: https://chromium-review.googlesource.com/461823
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44222}
2017-03-29 09:56:22 +00:00
littledan
76e3fe97d6 [heap] Two minor fixes in EstimatedSize
A couple bugs had led code in one Context to be able to lead to
estimated memory usage in another Context, even in cases that should be
easy to detect.

- Ensure that the pointer to the next context is nulled out while
  recursing over the portion of the heap. It seems like there was
  previously some code to do this partway, but the nulling part
  was left out.
- Skip including maps in the understanding of the Context estimated
  size, as the maps are shared between Contexts and may be reachable
  from other Contexts

Review-Url: https://codereview.chromium.org/2780773002
Cr-Commit-Position: refs/heads/master@{#44208}
2017-03-28 20:41:11 +00:00
Ross McIlroy
980448dfcd [Compiler] Remove CompileBaseline and three tier pipeline.
Since we no longer support the ignition-staging configuration 
any longer,  we can retire the three tier pipeline and the
CompileBaseline functionallity.

We still need support for JSFunction self healing due to
liveedit (which for --no-turbo might end up replacing a
forced Ignition function with a FCG function) - we can
remove this once we remove --no-turbo support.

BUG=v8:4280

Change-Id: I5482abd17785324654e022affd6bdb555b19b181
Reviewed-on: https://chromium-review.googlesource.com/452620
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44141}
2017-03-27 11:15:43 +00:00
mlippautz
79ac83e121 [heap] Enforce explicit MarkingState
Require the use of MarkingState when going through ObjectMarking
and friends.

BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2770253002
Cr-Commit-Position: refs/heads/master@{#44123}
2017-03-24 18:54:04 +00:00
Michael Lippautz
66a5600505 [heap] Bail out of test that doesn't support --noflush-code
... when we run without code flushing.

BUG=

Change-Id: I956c53732598d805581388453010238c029fc3ba
Reviewed-on: https://chromium-review.googlesource.com/458199
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44016}
2017-03-22 12:23:56 +00:00
Michael Lippautz
173109b965 [heap] Introduce explicit marking state and instance for minor MC
BUG=chromium:651354

Change-Id: Idcd7780f53ad07b3d782a66455f9c60addc2418d
Reviewed-on: https://chromium-review.googlesource.com/457317
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43971}
2017-03-21 10:29:50 +00:00
jgruber
542b41a7cc [gn] Enable stricter build flags
Default to the chromium-internal build config (instead of the more
permissive no_chromium_code config).

BUG=v8:5878

Review-Url: https://codereview.chromium.org/2758563002
Cr-Commit-Position: refs/heads/master@{#43909}
2017-03-17 15:18:18 +00:00
Marja Hölttä
beacd656f2 [iwyu|arm64] Pre-work for removing the illegal include macro-assembler.h -> assembler-inl.h
BUG=v8:5294

Change-Id: I6214c50c7d1344210a80763b066e5ec56df1265a
Reviewed-on: https://chromium-review.googlesource.com/453460
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43820}
2017-03-15 12:08:50 +00:00
Toon Verwaest
afeb560c84 [ic] Remove ICUseVector and some access compiler cleanup
BUG=

Change-Id: I1fd0ae3dcb0e644e9f2a56c242720b4def4bb579
Reviewed-on: https://chromium-review.googlesource.com/454836
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43818}
2017-03-15 11:53:47 +00:00
binji
65200967b7 Reland moving Atomics builtins to C++
This reverts the previous revert, commit
5a04f4fd68.

Previously reverted changes:

>    Revert "[SAB] Move Atomics builtins to C++"
>
>     This reverts commit 2b9840d86f.
>
>     Revert "[SAB] Remove unreachable Uint8Clamped atomics paths"
>
>     This reverts commit d1160fb14f.
>
>     Revert "Remove tiny unit test for MinSimple/MaxSimple"
>
>     This reverts commit 837760ecb7.
>
>     Revert "Remove infrastructure for experimental JS natives"
>
>     This reverts commit 8cfe45b6f1.

These changes were reverted to improve a perf regression on a Chrome
bot. Since then, the regression has reappeared, then disappeared again
all from seemingly unrelated changes.

BUG=v8:6033
TBR=adamk@chromium.org,hpayer@chromium.org,yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2732213005
Cr-Commit-Position: refs/heads/master@{#43758}
2017-03-13 20:59:15 +00:00
Michael Lippautz
efd4b2d3af [heap] Bail out for page promotion tests when feature is disabled
BUG=chromium:651354

Change-Id: Iaa2be2504474842d101f19fa2f6c15baa88544c6
Reviewed-on: https://chromium-review.googlesource.com/451497
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43665}
2017-03-08 12:01:10 +00:00
hpayer
6517b4477c [heap] Do not clear mark bits of left trimmed old object start.
BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2731363002
Cr-Commit-Position: refs/heads/master@{#43645}
2017-03-07 15:16:49 +00:00
ulan
a3923ce210 [heap] Implement simple marking in the concurrent marking thread.
The concurrent marker uses ObjectVisitor to iterate pointers in objects
and local marking bitmaps to keep track of visited objects.

To keep it simple for now, I removed support for multiple tasks
and canceling unfinished tasks.

BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2732053002
Cr-Commit-Position: refs/heads/master@{#43618}
2017-03-06 20:46:41 +00:00
ulan
e96b5ed423 [heap] Implement concurrent marking boilerplate.
This patch adds a trivial ConcurrentMarking class that can start
background tasks.

BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2728363002
Cr-Commit-Position: refs/heads/master@{#43615}
2017-03-06 15:19:36 +00:00
Michael Lippautz
78867ad870 Remove object grouping
Enbedders should switch to EmbedderHeapTracer API.

BUG=v8:5828

Change-Id: I82f2bc583d246617865a17f5904e02cd35f92fec
Reviewed-on: https://chromium-review.googlesource.com/448539
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43551}
2017-03-02 17:53:07 +00:00
binji
5a04f4fd68 This is a speculative chain of reverts to improve a Chrome
perf regression. See crbug.com/695653 for more info.

Revert "[SAB] Move Atomics builtins to C++"

This reverts commit 2b9840d86f.

Revert "[SAB] Remove unreachable Uint8Clamped atomics paths"

This reverts commit d1160fb14f.

Revert "Remove tiny unit test for MinSimple/MaxSimple"

This reverts commit 837760ecb7.

Revert "Remove infrastructure for experimental JS natives"

This reverts commit 8cfe45b6f1.

BUG=695653
TBR=hablich@chromium.org

Review-Url: https://codereview.chromium.org/2715223003
Cr-Commit-Position: refs/heads/master@{#43462}
2017-02-27 22:26:27 +00:00
adamk
8cfe45b6f1 Remove infrastructure for experimental JS natives
Now that no harmony-flagged features are implemented in experimental
JS, most of this is simply dead code.

As PostExperimentals() is no longer needed, I also removed the use of
Import() in the debug context, allowing the deletion of PostDebug()
along with PostExperimentals(); cleanup code is moved to the
end of PostNatives.

Also gets rid of some longer-dead code in prologue.js related to
TypedArrays, and some duplicate code for setting up SharedArrayBuffer
builtins.

Review-Url: https://codereview.chromium.org/2705293004
Cr-Commit-Position: refs/heads/master@{#43418}
2017-02-24 17:43:28 +00:00
Marja Hölttä
83849da70f [iwyu] Pre-work for removing unallowed include macro-assembler.h -> assembler-inl.h
BUG=v8:5294

Change-Id: If45f25aae8de526027b7851cb4efe0ccf4a7c4b1
Reviewed-on: https://chromium-review.googlesource.com/444226
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43388}
2017-02-23 12:10:21 +00:00
ulan
9e187ea91b [heap] Remove Heap::TracePath* functions.
The functions do not work correctly with concurrent sweeper and they
do not take weak references into account.

The latter is a fundamental problem for this tracing approach.

BUG=

Review-Url: https://codereview.chromium.org/2707433002
Cr-Commit-Position: refs/heads/master@{#43284}
2017-02-17 15:06:58 +00:00
Michael Lippautz
a84b23399e Remove some unused flags
BUG=

Change-Id: I7542ada0eb557b5b813396f7d250549abb880f91
Reviewed-on: https://chromium-review.googlesource.com/444408
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43283}
2017-02-17 14:46:51 +00:00
bbudge
717c8f2c76 [HEAP] Remove SIMD 128 bit alignment from heap.
LOG=N
BUG=v8:4124, v8:5948

Review-Url: https://codereview.chromium.org/2694063005
Cr-Commit-Position: refs/heads/master@{#43219}
2017-02-15 15:42:27 +00:00
bbudge
deabb19abc Remove SIMD.js from V8.
LOG=Y
BUG=v8:4124,v8:5948
R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org

Review-Url: https://codereview.chromium.org/2684313003
Cr-Original-Original-Commit-Position: refs/heads/master@{#43162}
Committed: d170c57ab9
Review-Url: https://codereview.chromium.org/2684313003
Cr-Original-Commit-Position: refs/heads/master@{#43169}
Committed: a9b59a11f1
Review-Url: https://codereview.chromium.org/2684313003
Cr-Commit-Position: refs/heads/master@{#43176}
2017-02-14 06:57:25 +00:00
franzih
a386eb4f04 Revert of Remove SIMD.js from V8. (patchset #7 id:120001 of https://codereview.chromium.org/2684313003/ )
Reason for revert:
Breaks Node integration build.

Original issue's description:
> Remove SIMD.js from V8.
>
> LOG=Y
> BUG=v8:4124,v8:5948
> R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org
>
> Review-Url: https://codereview.chromium.org/2684313003
> Cr-Original-Commit-Position: refs/heads/master@{#43162}
> Committed: d170c57ab9
> Review-Url: https://codereview.chromium.org/2684313003
> Cr-Commit-Position: refs/heads/master@{#43169}
> Committed: a9b59a11f1

TBR=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org,bradnelson@google.com,machenbach@chromium.org,bbudge@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124,v8:5948

Review-Url: https://codereview.chromium.org/2695653005
Cr-Commit-Position: refs/heads/master@{#43170}
2017-02-13 21:33:46 +00:00
bbudge
a9b59a11f1 Remove SIMD.js from V8.
LOG=Y
BUG=v8:4124,v8:5948
R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org

Review-Url: https://codereview.chromium.org/2684313003
Cr-Original-Commit-Position: refs/heads/master@{#43162}
Committed: d170c57ab9
Review-Url: https://codereview.chromium.org/2684313003
Cr-Commit-Position: refs/heads/master@{#43169}
2017-02-13 20:43:08 +00:00
bradnelson
43fc15bb79 Revert of Remove SIMD.js from V8. (patchset #7 id:120001 of https://codereview.chromium.org/2684313003/ )
Reason for revert:
red

Original issue's description:
> Remove SIMD.js from V8.
>
> LOG=Y
> BUG=v8:4124,5948
> R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org
> (notry since trybots can't patch directory deletes)
> NOTRY=true
>
> Review-Url: https://codereview.chromium.org/2684313003
> Cr-Commit-Position: refs/heads/master@{#43162}
> Committed: d170c57ab9

TBR=bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org,bradnelson@google.com,bbudge@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124,5948

Review-Url: https://codereview.chromium.org/2692933002
Cr-Commit-Position: refs/heads/master@{#43164}
2017-02-13 18:12:14 +00:00
bbudge
d170c57ab9 Remove SIMD.js from V8.
LOG=Y
BUG=v8:4124,5948
R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org
(notry since trybots can't patch directory deletes)
NOTRY=true

Review-Url: https://codereview.chromium.org/2684313003
Cr-Commit-Position: refs/heads/master@{#43162}
2017-02-13 15:59:22 +00:00
ishell
a4f4c74050 [runtime][ic] Constant field tracking support.
This CL includes runtime and IC parts of the tracking. It is controlled by
compile-time flag FLAG_constant_field_tracking and currently disabled.

Transition from kConst to kMutable still involves map deprecation.

BUG=v8:5495

Review-Url: https://codereview.chromium.org/2598543003
Cr-Commit-Position: refs/heads/master@{#43081}
2017-02-10 08:05:25 +00:00
ishell@chromium.org
878a3df75e Rename FeedbackVectorSlot[Kind] -> FeedbackSlot[Kind].
BUG=

Change-Id: I31b8da09f4728d55c2da91966edcad49528b554b
Reviewed-on: https://chromium-review.googlesource.com/439146
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43003}
2017-02-07 16:38:47 +00:00
ishell@chromium.org
32971301ea Rename TypeFeedbackVector to FeedbackVector.
... and TypeFeedbackMetadata to FeedbackMetadata.

BUG=

Change-Id: I2556d1c2a8f37b8cf3d532cc98d973b6dc7e9e6c
Reviewed-on: https://chromium-review.googlesource.com/439244
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#42999}
2017-02-07 14:46:36 +00:00
mvstanton
aea3ce3df3 [TypeFeedbackVector] Root feedback vectors at function literal site.
TypeFeedbackVectors are strongly rooted by a closure. However, in modern
JavaScript closures are created and abandoned more freely. An important
closure may not be present in the root-set at time of garbage collection,
even though we've cached optimized code and use it regularly. For
example, consider leaf functions in an event dispatching system. They may
well be "hot," but tragically non-present when we collect the heap.

Until now, we've relied on a weak root to cache the feedback vector in
this case. Since there is no way to signal intent or relative importance,
this weak root is as susceptible to clearing as any other weak root at
garbage collection time.

Meanwhile, the feedback vector has become more important. All of our
ICs store their data there. Literal and regex boilerplates are stored there.
If we lose the vector, then we not only lose optimized code built from
it, we also lose the very feedback which allowed us to create that optimized
code. Therefore it's vital to express that dependency through the root
set.

This CL does this by creating a strong link to a feedback
vector at the instantiation site of the function closure.
This instantiation site is in the code and feedback vector
of the outer closure.

BUG=v8:5456

Review-Url: https://codereview.chromium.org/2674593003
Cr-Commit-Position: refs/heads/master@{#42953}
2017-02-06 10:18:05 +00:00
bmeurer
2baea747de [stubs] Remove obsolete CALL_IC code kind.
We don't need Code::CALL_IC for anything now that the CallICStub is
migrated and no longer hooks into the traditional IC system.

R=yangguo@chromium.org
BUG=v8:5049

Review-Url: https://codereview.chromium.org/2669193002
Cr-Commit-Position: refs/heads/master@{#42890}
2017-02-02 13:33:26 +00:00
yangguo
318b78d43c Add test to check for initial objects.
R=jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2671703002
Cr-Commit-Position: refs/heads/master@{#42886}
2017-02-02 12:38:51 +00:00
ishell
93f181b6b9 [ic] Introduce IsXyzIC() predicates.
This is a step towards encoding all the necessary information in
the feedback slot kind instead of storing it in the IC dispatcher's
code object flags.

BUG=v8:5849, v8:5917

Review-Url: https://codereview.chromium.org/2662113005
Cr-Commit-Position: refs/heads/master@{#42859}
2017-02-01 16:22:03 +00:00
jgruber
c67dc7e243 Store correct String.prototype map on the context
The String.prototype was altered after snapshot time (during
experimental natives setup), invalidating the stored map used for
fast-path checks.

BUG=

Review-Url: https://codereview.chromium.org/2663303003
Cr-Commit-Position: refs/heads/master@{#42842}
2017-02-01 09:29:50 +00:00
jgruber
0c3a507b3a [heap] Fix GrowAndShrinkNewSpace heap test
BUG=

Review-Url: https://codereview.chromium.org/2659573002
Cr-Commit-Position: refs/heads/master@{#42837}
2017-02-01 08:20:31 +00:00
mvstanton
93f05b64ae [TypeFeedbackVector] Combine the literals array and the feedback vector.
They have the same lifetime. It's a match!

Both structures are native context dependent and dealt with (creation,
clearing, gathering feedback) at the same time. By treating the spaces used
for literal boilerplates as feedback vector slots, we no longer have to keep
track of the materialized literal count elsewhere.

A follow-on CL removes even more parser infrastructure related to this count.

BUG=v8:5456

Review-Url: https://codereview.chromium.org/2655853010
Cr-Commit-Position: refs/heads/master@{#42771}
2017-01-30 12:31:35 +00:00
marja
92f36954bb [iwyu] Include handles.h less.
These headers only need forward declarations.

BUG=v8:5294

Review-Url: https://codereview.chromium.org/2654253002
Cr-Commit-Position: refs/heads/master@{#42740}
2017-01-27 13:53:13 +00:00
jgruber
4ec372801e [heap] Handle edge case in NewSpaceAllocationCounter test
This test checks that counters accurately reflect the allocated size.
There's an edge case that can occur when, previously to the allocation,
the page does not have enough space left to allocate the requested
object - then we move on to a fresh page, fill the remaining space of
the old page with a filler object, and allocate the requested object on
the new page.

The counters will show the size of the filler object plus the requested
object size, while the test expects only the requested size.

This CL fixes that case by performing two GCs to clear out new space.

BUG=

Review-Url: https://codereview.chromium.org/2652933002
Cr-Commit-Position: refs/heads/master@{#42646}
2017-01-25 07:41:34 +00:00
ishell
f9f5fc31fd Access double fields in C++ as uint64_t fields to preserve signaling bit of a NaN.
Manipulating the signaling NaN used for the hole and uninitialized double
field sentinel in C++, e.g. with bit_cast or HeapNumber::value()/set_value(),
will change its value on ia32 (the x87 stack is used to return values and
stores to the stack silently clear the signalling bit).

BUG=v8:5495

Review-Url: https://codereview.chromium.org/2652553003
Cr-Commit-Position: refs/heads/master@{#42609}
2017-01-23 18:18:48 +00:00
mvstanton
55feaaea4c Revert [TypeFeedbackVector] Root literal arrays in function literal slots
GC performance issues need to be addressed first.

TBR=bmeurer@chromium.org, mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:5456

Review-Url: https://codereview.chromium.org/2642743002
Cr-Original-Commit-Position: refs/heads/master@{#42495}
Committed: 7803aa1ffb
Review-Url: https://codereview.chromium.org/2642743002
Cr-Commit-Position: refs/heads/master@{#42517}
2017-01-19 17:12:28 +00:00
jbroman
ba2cd16986 Mark JSArrayBuffer::SetupAllocatingData with WARN_UNUSED_RESULT.
Also update a call in cctest to check the result.

BUG=chromium:681843

Review-Url: https://codereview.chromium.org/2647573003
Cr-Commit-Position: refs/heads/master@{#42513}
2017-01-19 16:23:07 +00:00
machenbach
a8f2890757 Revert of Revert [TypeFeedbackVector] Root literal arrays in function literal slots (patchset #2 id:20001 of https://codereview.chromium.org/2642743002/ )
Reason for revert:
Breaks nosnap:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/13802

Original issue's description:
> Revert [TypeFeedbackVector] Root literal arrays in function literal slots
>
> GC performance issues need to be addressed first.
>
> TBR=bmeurer@chromium.org, mstarzinger@chromium.org, yangguo@chromium.org
> BUG=v8:5456
>
> Review-Url: https://codereview.chromium.org/2642743002
> Cr-Commit-Position: refs/heads/master@{#42495}
> Committed: 7803aa1ffb

TBR=mvstanton@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5456

Review-Url: https://codereview.chromium.org/2642933003
Cr-Commit-Position: refs/heads/master@{#42496}
2017-01-19 12:01:36 +00:00
mvstanton
7803aa1ffb Revert [TypeFeedbackVector] Root literal arrays in function literal slots
GC performance issues need to be addressed first.

TBR=bmeurer@chromium.org, mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:5456

Review-Url: https://codereview.chromium.org/2642743002
Cr-Commit-Position: refs/heads/master@{#42495}
2017-01-19 10:38:04 +00:00
jgruber
47684fe852 [heap] Don't allocate immovable code in LO space during serialization
Background: the first page of each space is implicitly immovable.
Recently, our builtin code objects have reached a size at which we
fill up the first page of code space during initialization. Once
that occurs, newly requested allocations of immovable code are
allocated in a large object space page of 512K.

This CL mitigates these effects by simply marking pages as immovable
during snapshot creation instead of going into LO space.

On snapshot builds, this should just work: deserialized pages are
trimmed and marked immovable when deserialization finishes.

However, non-snapshot builds and allocations of immovable CEntryStub
code at runtime are still affected.

BUG=v8:5831

Review-Url: https://codereview.chromium.org/2635973002
Cr-Commit-Position: refs/heads/master@{#42411}
2017-01-17 14:19:58 +00:00
mlippautz
68c994795e [heap] Remove markbits getter from raw address
BUG=651354

Review-Url: https://codereview.chromium.org/2638803002
Cr-Commit-Position: refs/heads/master@{#42397}
2017-01-17 10:35:16 +00:00
hpayer
38088853de [heap] Fix live object iterator to skip grey filler objects.
BUG=v8:5829

patch from issue 2634493004 at patchset 20001 (http://crrev.com/2634493004#ps20001)

Review-Url: https://codereview.chromium.org/2634033003
Cr-Commit-Position: refs/heads/master@{#42383}
2017-01-16 17:21:20 +00:00