Commit Graph

872 Commits

Author SHA1 Message Date
Ross McIlroy
7e677b2eae Revert "[ptr-compr] New RelocInfo for compressed pointers."
This reverts commit b5da9fcb51.

Reason for revert: Breaks pointer compression bot:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20pointer%20compression/3098

Original change's description:
> [ptr-compr] New RelocInfo for compressed pointers.
> 
> New enum RelocInfo::COMPRESSED_EMBEDDED_OBJECT created to support
> compressed pointers in generated code. Enum name EMBEDDED_OBJECT
> changed to FULL_EMBEDDED_OBJECT.
> 
> RelocInfo::[set_]target_object() abstract away the difference between
> FULL_EMBEDDED_OBJECT and COMPRESSED_EMBEDDED_OBJECT.
> 
> Compressed embedded objects can only be created at this time on
> x64 with pointer compression turned on. Arm64 constant pools don't
> support compressed objects at this time.
> 
> Bug: v8:7703
> Change-Id: I03bfd84effa33c65cf9bcefa5df680ab7eace9dd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547661
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61076}

TBR=ulan@chromium.org,mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,ishell@chromium.org

Change-Id: I262b2b98315fa987c5a66b1050dc726563ccdb2d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588135
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61087}
2019-04-29 13:54:38 +00:00
Clemens Hammacher
4b0f9c856e [cleanup] Use Vector::begin instead of Vector::start
Our {Vector} template provides both {start} and {begin} methods. They
return exactly the same value. Since the {begin} method is needed for
iteration, and is also what standard containers provide, this CL
switches all uses of the {start} method to use {begin} instead.

Patchset 1 was auto-generated by using this clang AST matcher:
    callExpr(
        callee(
          cxxMethodDecl(
            hasName("start"),
            ofClass(hasName("v8::internal::Vector")))
        ),
        argumentCountIs(0))

Patchset 2 was created by running clang-format. Patchset 3 then
removes the now unused {Vector::start} method.

R=jkummerow@chromium.org
TBR=mstarzinger@chromium.org,yangguo@chromium.org,verwaest@chromium.org

Bug: v8:9183
Change-Id: Id9f01c92870872556e2bb3f6d5667463b0e3e5c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587381
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61081}
2019-04-29 12:43:16 +00:00
Mike Stanton
b5da9fcb51 [ptr-compr] New RelocInfo for compressed pointers.
New enum RelocInfo::COMPRESSED_EMBEDDED_OBJECT created to support
compressed pointers in generated code. Enum name EMBEDDED_OBJECT
changed to FULL_EMBEDDED_OBJECT.

RelocInfo::[set_]target_object() abstract away the difference between
FULL_EMBEDDED_OBJECT and COMPRESSED_EMBEDDED_OBJECT.

Compressed embedded objects can only be created at this time on
x64 with pointer compression turned on. Arm64 constant pools don't
support compressed objects at this time.

Bug: v8:7703
Change-Id: I03bfd84effa33c65cf9bcefa5df680ab7eace9dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547661
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61076}
2019-04-29 11:59:16 +00:00
Toon Verwaest
b7ed86ecde [runtime] Simplify/unify utf8 handling
- Removes Utf8Iterator
- Replaces Utf8Decoder with something based on ValueOfIncremental +
  NonAsciiStart and moves it into v8/internal.
- Internalizes utf8 strings by first converting them to one or two byte
- Removes IsUtf8EqualsTo and replaces current uses with IsOneByteEqualsTo

Tbr: jgruber@chromium.org
Change-Id: I16e08d910a745e78d6fd465718fc69ad731fd217
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585840
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61049}
2019-04-26 15:44:31 +00:00
Clemens Hammacher
5f652b84c0 [flags] Receive length as size_t
This is one step towards removing the {StrLength} helper and using
{size_t} consistently instead.

R=mstarzinger@chromium.org

Bug: v8:8834
Change-Id: Ibcdfd579531a259d490c39a8e8c96d469a5a4aac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578901
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60974}
2019-04-24 10:43:17 +00:00
Michael Lippautz
4214933c6b Reland "[api,heap] Remove deprecated Persistent APIs"
Removes APIs:
- MarkIndependent
- IsIndependent
- MarkActive
- RegisterExternalReference

All weak persistent handles are now treated as independent. Users of
traced handles should already use v8::EmbedderHeapTracer.

This reverts commit 49954eb56f.

Bug: chromium:923361
Change-Id: I0b9fcd678964331f926f6b725f70eb64268ca33f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578462
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60971}
2019-04-24 09:34:27 +00:00
Michael Lippautz
49954eb56f Revert "[api,heap] Remove deprecated Persistent APIs"
This reverts commit 1ebf5f7281.

Reason for revert: Breaks TSAN

Original change's description:
> [api,heap] Remove deprecated Persistent APIs
> 
> Removes APIs:
> - MarkIndependent
> - IsIndependent
> - MarkActive
> - RegisterExternalReference
> 
> All weak persistent handles are now treated as independent. Users of
> traced handles should already use v8::EmbedderHeapTracer.
> 
> Bug: chromium:923361
> Change-Id: Ic90a647fe2ce9db92197ad6560e4907290805592
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578459
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60953}

TBR=ulan@chromium.org,mlippautz@chromium.org

Change-Id: I8281daf30b67c1b71ef6e65d8f13a59230ba0334
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:923361
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578900
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60954}
2019-04-23 14:56:53 +00:00
Michael Lippautz
1ebf5f7281 [api,heap] Remove deprecated Persistent APIs
Removes APIs:
- MarkIndependent
- IsIndependent
- MarkActive
- RegisterExternalReference

All weak persistent handles are now treated as independent. Users of
traced handles should already use v8::EmbedderHeapTracer.

Bug: chromium:923361
Change-Id: Ic90a647fe2ce9db92197ad6560e4907290805592
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578459
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60953}
2019-04-23 14:08:51 +00:00
Clemens Hammacher
6832f29250 Revert "[heap] Skip ro-space from heap iterators, add CombinedHeapIterator."
This reverts commit 3d1d8eae77.

Reason for revert: Speculative revert; seems to break all nosnap bots, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20nosnap/25240

Original change's description:
> [heap] Skip ro-space from heap iterators, add CombinedHeapIterator.
> 
> Read-only space sharing requires an iterator independent of heap. This
> also enables future removal of read-only space from heap.
> 
> Bug: v8:7464
> Change-Id: Ia07a9369494ea2c547d12c01ffa1d7b8b6bbeabc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552795
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60819}

TBR=ulan@chromium.org,hpayer@chromium.org,delphick@chromium.org,goszczycki@google.com

Change-Id: I64b58b1b0c5eb073a6d2cfae81bb4de65f0511bf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7464
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565895
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60825}
2019-04-12 16:38:00 +00:00
Maciej Goszczycki
3d1d8eae77 [heap] Skip ro-space from heap iterators, add CombinedHeapIterator.
Read-only space sharing requires an iterator independent of heap. This
also enables future removal of read-only space from heap.

Bug: v8:7464
Change-Id: Ia07a9369494ea2c547d12c01ffa1d7b8b6bbeabc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552795
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60819}
2019-04-12 13:26:34 +00:00
Simon Zünd
93d6356c47 [stack-trace] Remove JSArray wrapper for simple stack traces
This CL changes the Symbol "stack_trace_symbol" to directly hold a
FrameArray instead of wrapping it with a JSArray first.

Bug: v8:9115
Change-Id: I2ac0b1fb380211568abdc6d9f50431c405349dec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564060
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60801}
2019-04-12 08:54:43 +00:00
Clemens Hammacher
33148af282 [heap][cleanup] Using 'using' instead of 'typedef'
Even though both are allowed in the style guide, it recommends to use
'using', as its syntax is more consistent with the rest of C++.
This CL turns all typedefs in heap code to 'using' declarations.

R=mstarzinger@chromium.org

Bug: v8:8834
Change-Id: I8a9f6e1eebdd0adca4373c866e95ebab0a1e992d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545892
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60523}
2019-03-29 12:15:30 +00:00
Mythri
7629afdb9d [lite] Allocate feedback vectors lazily
Allocate feedback vectors lazily when the function's interrupt budget has
reached a specified threshold. This cl introduces a new field in the
ClosureFeedbackCellArray to track the interrupt budget for allocating
feedback vectors. Using the interrupt budget on the bytecode array could
cause problems when there are closures across native contexts and we may
delay allocating feedback vectors in one of them causing unexpected
performance cliffs. In the long term we may want to remove interrupt budget
from bytecode array and use context specific budget for tiering up decisions
as well.

Bug: v8:8394
Change-Id: Ia8fbb71f5e8543a92f14c44aa762973da82d445c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520719
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60450}
2019-03-25 16:02:38 +00:00
Michael Lippautz
c4eae87a1a heap: Fix incremental-concurrent processing of large FixedArray
FixedArray object in LO space are processed incrementally in ranges of slots
size kProgressBarScanningChunk to reduce latency when returning to the
processing loop is critical. A progress bar stores how much slots have been
processed already.

In the case of regular concurrent marking there was a guarantee that the
object was only processed by one thread (main *or* concurrent marking
thread) at the same time.

However, some optimizations that avoid write barriers for each
individual write operation emit a batched write barrier that requires
re-visiting the FixedArray for the marking barrier. In such cases, the
progress bar would be reset using relaxed stores which is problematic as
the concurrent marking thread could race on setting its own progress on the
progress bar. As a result, the array would only be re-scanned partially.

The fix involves using CAS to set the progress bar and bail out in the
case an inconsistent state was observed.

In the following:
MT... main thread
CM... concurrent marking thread

The interesting cases are:
1. MT *or* CM processes the array without interfering: Progress bar is
   updated monotonically without failing.
3. MT interferes with itself: The progress bar is just reset and the main
   thread will restart scanning from index 0. The object is added twice to
   the marking worklist and processed each time one of the entries is
   retrieved from the worklist.
4. MT interferes with CM:
   4.a.: CM processes a range of slots and re-adds the left overs by
   setting the progress bar and re-adding the array to the worklist.  In
   this case CM *and* MT process the array from index 0. The first time
   the CAS for setting the progress bar fails on either of the threads,
   the looser will bail out and leave processing for the winner.
   4.b.: CM is interrupted while processing a range of the array and
   fails in setting the progress bar for the left overs. In this case
   the CM bails out right away and the main thread starts processing
   from index 0.

In addition, there is a transition from index 0 to the index of the
first actual slot. This transition makes it possible to observe a reset
while processing the first actual chunk of slots.

Bug: chromium:942699
Change-Id: I0b06f47ee075030dadfc959528cd77b6b69bbec2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532325
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60385}
2019-03-21 09:21:58 +00:00
Michael Lippautz
f4b860d9b8 [heap,api] Remove deprecated APIs
Bug: chromium:923361, v8:8834
Change-Id: I6ec42aeb74bea5c0629fcdc3f95c125f5de534a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526195
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60289}
2019-03-18 12:51:22 +00:00
Hannes Payer
f72f3ef233 Retire PretenureFlag and use AllocationType everywhere.
Bug: v8:8945
Change-Id: I14ca4b29f1b12ff95e718d431f65d88ab1238c53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511478
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60177}
2019-03-12 08:10:44 +00:00
Michael Lippautz
4c7cabb1d8 [heap] Delay embedder tracing prologue until heap is set up
v8::EmbedderHeapTracer::TracePrologue may call back into V8 during
StartMarking. In this case we expect that the write barriers are set up and
consistent, i.e., global flag matches page flag.

Blink calls back into V8 in a corner case where sweeping is finalized on
incremental marking start which may trigger resettting a V8 Value which may
trigger DescriptorArray re-shuffling.

Bug: chromium:940003
Change-Id: Ia15c798d0faaab802df1c3b569b5b6a323a4fe59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514492
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60145}
2019-03-11 09:39:32 +00:00
Hannes Payer
cbc18b1836 [heap] Introduce AllocationType and use it in Heap::AllocateRaw.
Bug: v8:8945
Change-Id: I4e5f08a722e83fd8b4accb066eca50242a116a6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503452
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60029}
2019-03-05 12:29:30 +00:00
Pierre Langlois
b152bb75f8 [heap] Relax accessing markbits in ranges.
When calling the `bitmap(chunk)` method of the various *MarkingState accessors
we would receive a raw `Bitmap` pointer which does not tell you if accesses to
markbits should be made atomically or not. As a result, we would default to
doing atomic operation when in fact it may not be necessary.

Here we're introducing a templated `ConcurrentBitmap` class that wraps
operations done on the markbits and allows them to be made non-atomic.

Additionaly, some of the `Bitmap` methods were only used to verify the heap and
in the tests so they do not need atomic implementations. Using them in a
concurrent context should now fail to link to make sure they're not mis-used in
the future.

Change-Id: Ifb55f8522c8bf0c87d65da9227864ee428d21bbd
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1482916
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#59836}
2019-02-25 15:28:41 +00:00
Ulan Degenbaev
d56da5467b [heap] Small fixes for young large objects
This replaces Heap::InNewSpace with Heap::InYoungGeneration and
fixes tests that are sensitive to page size.

Bug: chromium:852420
Change-Id: I32b1eafb45813ea3bdcbda075f9e6156aaf4c5e3
Reviewed-on: https://chromium-review.googlesource.com/c/1475766
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59647}
2019-02-18 09:43:44 +00:00
Peter Marshall
5d1d079538 [cleanup] Use unique_ptr for MemoryAllocator in Heap
Also drive-by cleanup the TestMemoryAllocatorScope class so that it
takes ownership of the old allocator while it holds onto it, and so
that the MemoryAllocator for testing is constructed inside the scope
rather than passed into it. This means users don't need to explicitly
call TearDown() and delete the allocator as the scope does it for them.

Change-Id: Id7da3c074618a376d2edfe3385bb185ba8287cea
Reviewed-on: https://chromium-review.googlesource.com/c/1392194
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59627}
2019-02-15 11:53:46 +00:00
Jakob Kummerow
6cac1382f4 [cleanup] #include heap-inl.h less often
This takes heap-inl.h out of the "Giant Include Cluster".
Naturally, that means adding a bunch of explicit includes
in a bunch of places that relied on transitively including
them before.
As of this patch, no header file outside src/heap/ includes
heap-inl.h.

Bug: v8:8562,v8:8499
Change-Id: I65fa763f90e66afc30d105b9277792721f05a6d4
Reviewed-on: https://chromium-review.googlesource.com/c/1459659
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59617}
2019-02-15 06:22:53 +00:00
Alexander Timokhin
2da19bd4cb Fix HeapNumber/MutableHeapNumber value alignment
HeapNumbers and MutableHeapNumber requires alignment for their double
value field but for now this field can be misaligned on 32-bit platforms.

According to code in Heap::GetFillToAlign() function, kDoubleUnaligned
doesn't actually mean "unaligned" but "aligned to half of double".

This CL fixes this misalignment.

Change-Id: I9b9c58d580bb287e7dad44bc96cd6b4593707b5e
Reviewed-on: https://chromium-review.googlesource.com/c/1470113
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59599}
2019-02-14 13:51:47 +00:00
Georg Neis
cbee0b9cf1 [ic] Remove FeedbackNexus::StateFromFeedback() in favor of ic_state()
They did the same thing.

Change-Id: I6b63762352dae2dce58fb3a6182af52cd0aadef6
Reviewed-on: https://chromium-review.googlesource.com/c/1470126
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59566}
2019-02-13 14:52:48 +00:00
Nico Weber
bff96cef06 v8: Fix -Wextra-semi warnings, enable warning.
For macros expanding to function definitions, I removed the spurious ; after
macro invocations. For macros expandign to function declarations, I made the ;
required and consistently inserted it.

No behavior change.

Bug: chromium:926235
Change-Id: Ib8085d85d913d74307e3481f7fee4b7dc78c7549
Reviewed-on: https://chromium-review.googlesource.com/c/1467545
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59558}
2019-02-13 14:11:28 +00:00
Ulan Degenbaev
933dfb1ea7 [heap] Replace InNewSpace checks with InYoungGeneration checks
Most of the users of InNewSpace actually mean InYoungGeneration.
Subsequent CL will remove InNewSpace to avoid confusion.

Bug: chromium:852420
Tbr: mlippautz@chromium.org
Change-Id: I6234d162d51c215787972e7ada1cd5b804b60fda
Reviewed-on: https://chromium-review.googlesource.com/c/1463521
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59523}
2019-02-12 10:22:51 +00:00
Ulan Degenbaev
0544466ccb [heap] Small fixes for young large objects near OOM
Bug: chromium:852420
Change-Id: I659e8d2d047387d7b73f11406b29696d74d84ff7
Reviewed-on: https://chromium-review.googlesource.com/c/1462965
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59503}
2019-02-11 14:49:25 +00:00
Matheus Marchini
3724a12549 Reland "[error] extend error stack w/ function parameters"
This is a reland of 97628eeeb9.

Original change's description:
> [error] extend error stack w/ function parameters
>
> Extend FrameArray to hold weak references to parameters forfunctions in
> the call stack. The goal here is to provide more metadata for postmortem
> tools (such as llnode), especially in cases of rethrowing (this will be
> particularly useful when using postmortem with promises on Node.js).
>
> Besides postmortem, these changes allow us to print a more detailed
> stack trace for errors with parameters types (or even values), which can
> be useful since JavaScript functions can receive any number of
> parameters of any type, and having a function behave differently
> according to the number of parameters received as well as their types is
> a common pattern on JS libraries and frameworks.
>
> R=<U+200B>bmeurer@google.com, yangguo@google.com
>
> Change-Id: Idf0984d0dbac16041f11d738d4b1c095a8eecd61
> Reviewed-on: https://chromium-review.googlesource.com/c/1289489
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58468}

R=bmeurer@google.com, jkummerow@chromium.org, yangguo@google.com

Change-Id: I53d90bb862d9c5e9541116b375fa4de70e3e76dd
Reviewed-on: https://chromium-review.googlesource.com/c/1405568
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59458}
2019-02-08 13:35:27 +00:00
Ulan Degenbaev
4c65986a44 [heap] Rework incremental marking scheduling
The new scheduling reduces the main thread marking performed in
tasks and on allocation. It is based on two counters:
- bytes_marked,
- scheduled_bytes_to_mark.

The bytes_marked accounts marking done both the main thread and
the concurrent threads. The scheduled_bytes_to_mark increases based
on allocated bytes and also based on time passed since the start
of marking. The main thread steps are allowed to mark the minimal
amount if bytes_marked is greater than scheduled_bytes_to_mark.

This also changes tasks posted for marking. Before only normal
tasks were posted. Now delayed tasks are posted if the marker is
ahead of schedule.

Bug: 926189

Change-Id: I5bc9c33a5ecfc9f8d09f78d08ae277d16a2779ca
Reviewed-on: https://chromium-review.googlesource.com/c/1443056
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59433}
2019-02-07 11:40:41 +00:00
Ulan Degenbaev
cbcbb05971 [heap] Fix tests for young large objects
Some tests assume that kMaxRegularHeapObjectSize is close to the
page size. They break if the constant is decreased to 16KB to stress
young large objects.

Bug: chromium:852420
Change-Id: I2542878810823f7a73019b1e451a080fcfc1f78f
Reviewed-on: https://chromium-review.googlesource.com/c/1456043
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59430}
2019-02-07 11:01:20 +00:00
Michael Lippautz
edef7f1341 [api,global-handle] Introduce TracedGlobal::SetFinalizationCallback
Introduce a way to set a custom finalization callback that can be used
to signal and set up destruction of embedder memory.

Bug: chromium:923361
Change-Id: Ifc62ebd534aba3b02511c74b59161ec3edc0ee0d
Reviewed-on: https://chromium-review.googlesource.com/c/1452447
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59381}
2019-02-05 21:46:07 +00:00
Michael Lippautz
96315d1622 [api] Mark old method for tracing as soon deprecated
Users should switch to TracedGlobal and the newly added methods of
v8::EmbedderHeapTracer.

Bug: chromium:923361, v8:8562
Change-Id: I3e5ed5785a0a49c0b65c7b1d1d103e568dd3e938
Reviewed-on: https://chromium-review.googlesource.com/c/1445752
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59297}
2019-02-01 14:51:34 +00:00
Ulan Degenbaev
18ad43c749 [heap] Move the chunk map to CodeLargeObjectSpace.
Only Heap::GcSafeFindCodeForInnerPointer requires the chunk map.
Other large object spaces use more the efficient
MemoryChunk::FromAnyPointerAddress.

Additionally, this patch renames Register/Unregister to AddPage/RemovePage
to be consistent with other spaces and makes them virtual.

Bug: chromium:852420
Change-Id: I8d637bb59e15bd61fe452fda7f4a55049d32030c
Reviewed-on: https://chromium-review.googlesource.com/c/1439417
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59207}
2019-01-30 14:11:18 +00:00
Michael Lippautz
76c9368593 [api, global-handles] Add TracedGlobal
TracedGlobal integrates with the use case of EmbedderHeapTracer and replaces
regular weak Global or Persistent nodes for such cases. This allows to simplify
the case for regular weak handles in a sense that they follow regular weak
semantics (if the underlying object is otherwise unreachable the weak handle
will be reset).

TracedGlobal requires slightly different semantics in the sense that it can be
required to keep them alive on Scavenge garbage collections because there's a
transitive path that is only known when using the EmbedderHeapTracer.
TracedGlobal accomodates that use case.

TracedGlobal follows move semantics and can thus be used in regular std
containers without wrapping data structure.

The internal state uses 20% less memory and allows for only iterating those
nodes when necessary. The design trades the virtual call when iterating
interesting persistents in the GC prologue with calling out through the
EmbedderHeapTracer for each node which is also a virtual call. There is one less
iteration over the set of handles required though and the design is robust
against recursive GCs that mutate the embedder state during the prologue
callback.

Bug: chromium:923361
Change-Id: Idbacfbe4723cd12af9de21058a4792e51dc4df74
Reviewed-on: https://chromium-review.googlesource.com/c/1425523
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59183}
2019-01-29 20:15:39 +00:00
Ulan Degenbaev
2423deb554 [heap] Refactor usages of the InNewSpace() predicate
This replaces InNewSpace with InYoungGeneration, which is
a prerequisite for young large objects.

Additional changes:
- FROM_SPACE, TO_SPACE flags are renamed to FROM_PAGE, TO_PAGE.
- A new LARGE_PAGE flag is added.
- The external string table is refactored to track young string
  instead of new space strings.

Bug: chromium:924547
Change-Id: Ia4e3ba1b72995c3400257a1f98559f091533e811
Reviewed-on: https://chromium-review.googlesource.com/c/1437274
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59156}
2019-01-29 09:34:26 +00:00
Mythri
592aeefa8d Defer inferring language mode as far as possible
Inferring the language mode involves iterating the stack to find the
closure. This is an expensive operation and should be done only when
required. This cl changes the implementation to infer the language
mode only when we can't defer it any further. Currently, we infer the
language mode when throwing an exception or when passing this
information to PropertyCallbackArguments.

This cl also changes the language mode parameter to SetProperty
related methods to Maybe<ShouldThrow>. We only use the language mode to
decide if we need to throw and using ShouldThrow instead of language
mode simplifies the code by avoiding conversions from Maybe<ShouldThrow>
to Maybe<LanguageMode> and vice-versa.

Bug: v8:8580, chromium:923820, chromium:925289
Change-Id: I72497497f62fe0d86fcecd57b06b3183b7531f7b
Reviewed-on: https://chromium-review.googlesource.com/c/1425912
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59094}
2019-01-25 11:53:19 +00:00
Michael Lippautz
2452e59835 [api] Remove deprecated EmbedderHeapTracer::AbortTracing
V8 has no path in calling this API and thus there is no way for the
embedder to get notified about this event.

Bug: chromium:843903
Change-Id: I938675aed9191a292f21bae0fed0e3ea8acaf936
Reviewed-on: https://chromium-review.googlesource.com/c/1434377
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59087}
2019-01-25 09:08:41 +00:00
Mythri
e2846ea6e4 Reland "Change SetProperty/SetSuperProperty to infer language mode when possible"
This is a reland of 0896599f6f with a fix for
failing layout test.

Original change's description:
> Change SetProperty/SetSuperProperty to infer language mode when possible
>
> In most cases, the language mode can be inferred from the closure and
> the context. Computing the language mode instead of passing it around
> simplifies the ICs and will make it possible to go towards lazily
> allocating feedback vectors. Currently ICs obtain the language mode from
> the feedback vectors and with lazy feedback allocation we may not always
> have feedback vectors. Since computing language mode is a bit expensive
> we want to defer it as far as possible.
>
> In Array builtins and other builtins like Reflect.Set we need to force a
> language mode when setting the properties. To support these cases the
> SetProperty methods allow the language mode to be overridden when needed.
>
> This is a first cl in a series of cls, that will defer the language mode
> computation further and remove language mode where it is not needed.
>
> BUG: v8:8580
> Change-Id: I9c2396e3bcfe77c3c9d6760c46d86954d54744b9
> Reviewed-on: https://chromium-review.googlesource.com/c/1409426
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58893}

TBR: ahaas@chromium.org
Change-Id: Id5d81eae91b55638dbc72168f0e5203e684869fb
Reviewed-on: https://chromium-review.googlesource.com/c/1421077
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59075}
2019-01-24 16:57:23 +00:00
Peter Marshall
b63fcd190b [cleanup] Reduce the includes and forward-declarations of log.h
Some includes in log.h were only needed by log.cc so move them there.
Some were not needed at all, so remove them completely.

Drive-by cleanup FunctionEvent(), which was never called without args
for the last parameters which had default values.

Change-Id: Id8b0c634c4d39d3c278ab3d932ed7af4142fd9c9
Reviewed-on: https://chromium-review.googlesource.com/c/1425914
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59003}
2019-01-22 17:25:48 +00:00
Ulan Degenbaev
30602560a8 [heap] Fix stress marking observer and remove --black-allocation
The main fix is to ensure that the recently allocated object is marked
black in StressMarkingObserver::Step. Otherwise, the concurrent marker
can observe an uninitialized white object in the old generation.

This patch also removes the --black-allocation flag.

Bug: v8:8676
Change-Id: Iba8f00330eabc4847eaef2cd3dfb2884d62a48b4
Reviewed-on: https://chromium-review.googlesource.com/c/1425915
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59002}
2019-01-22 17:08:19 +00:00
Ulan Degenbaev
3f25e56f58 [heap] Activate the memory reducer on smaller heaps
Currently the memory reducer is activated only after the first mark-
compact GC, which triggered after the old generation reaches 8 MB.

That threshold is too large for mobile. This patch adds a heuristic
to activate the memory reducer if the old generation expands by more
than 1 MB after the bootstrap.

Change-Id: Ic38bc6e2fe8887677f764246c45e38d237e49a94
Reviewed-on: https://chromium-review.googlesource.com/c/1425898
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58982}
2019-01-22 11:14:32 +00:00
Ulan Degenbaev
8b3fbe1d9f Reland "[heap] Remove bailout marking worklist."
This reverts commit 13e07389ff.

Original change's description:
> [heap] Remove bailout marking worklist.
>
> The concurrent marker can now process all objects.
> This patch also eagerly visits the objects that undergo layout
> changes. This is because previously such objects were pushed
> onto the bailout worklist, which is gone now.
> To preserve the incremental step accounting, the patch introduces
> a new GC tracer scope called MC_INCREMENTAL_LAYOUT_CHANGE.
>
> Bug: v8:8486
> Change-Id: Ic1c2f0d4e2ac0602fc945f3258af9624247bd65f
> Reviewed-on: https://chromium-review.googlesource.com/c/1386486
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58712}

Change-Id: I85c99837819f6971c248198bd51ad40eebdb4fac
Reviewed-on: https://chromium-review.googlesource.com/c/1417595
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58913}
2019-01-18 10:04:17 +00:00
Maya Lekova
697885b9df Revert "Change SetProperty/SetSuperProperty to infer language mode when possible"
This reverts commit 0896599f6f.

Reason for revert: Speculative revert, seems to cause a layout test failure blocking the LKGR - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/29320

Original change's description:
> Change SetProperty/SetSuperProperty to infer language mode when possible
> 
> In most cases, the language mode can be inferred from the closure and
> the context. Computing the language mode instead of passing it around
> simplifies the ICs and will make it possible to go towards lazily
> allocating feedback vectors. Currently ICs obtain the language mode from
> the feedback vectors and with lazy feedback allocation we may not always
> have feedback vectors. Since computing language mode is a bit expensive
> we want to defer it as far as possible.
> 
> In Array builtins and other builtins like Reflect.Set we need to force a
> language mode when setting the properties. To support these cases the
> SetProperty methods allow the language mode to be overridden when needed.
> 
> This is a first cl in a series of cls, that will defer the language mode
> computation further and remove language mode where it is not needed.
> 
> BUG: v8:8580
> Change-Id: I9c2396e3bcfe77c3c9d6760c46d86954d54744b9
> Reviewed-on: https://chromium-review.googlesource.com/c/1409426
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58893}

TBR=mlippautz@chromium.org,mythria@chromium.org,jgruber@chromium.org,verwaest@chromium.org

Change-Id: I2e0f80a4577a8ca86c05a62205f9dfa488418a52
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1420758
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58911}
2019-01-18 09:43:50 +00:00
Mythri
0896599f6f Change SetProperty/SetSuperProperty to infer language mode when possible
In most cases, the language mode can be inferred from the closure and
the context. Computing the language mode instead of passing it around
simplifies the ICs and will make it possible to go towards lazily
allocating feedback vectors. Currently ICs obtain the language mode from
the feedback vectors and with lazy feedback allocation we may not always
have feedback vectors. Since computing language mode is a bit expensive
we want to defer it as far as possible.

In Array builtins and other builtins like Reflect.Set we need to force a
language mode when setting the properties. To support these cases the
SetProperty methods allow the language mode to be overridden when needed.

This is a first cl in a series of cls, that will defer the language mode
computation further and remove language mode where it is not needed.

BUG: v8:8580
Change-Id: I9c2396e3bcfe77c3c9d6760c46d86954d54744b9
Reviewed-on: https://chromium-review.googlesource.com/c/1409426
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58893}
2019-01-17 15:32:13 +00:00
Clemens Hammacher
edfb8cadd0 [assembler] Remove legacy constructor
Refactor all call sites to use the new API introduced in
https://crrev.com/c/1411347 and remove the legacy constructors.

R=mstarzinger@chromium.org

Bug: v8:8689, v8:8562
Change-Id: Id73686413726b2860f551dd200ef4b8823ef3034
Reviewed-on: https://chromium-review.googlesource.com/c/1415491
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58884}
2019-01-17 12:39:57 +00:00
Clemens Hammacher
edab9a2021 Use forwarding constructors for MacroAssembler
and TurboAssembler. Instead of listing all the different combinations
of arguments (which is one more now, temporarily), just forward all
arguments down via MacroAssembler and TurboAssembler to
TurboAssemblerBase.
Interestingly, this requires more specific types sometimes (int instead
of size_t), since further down the forwarding chain, the compiler does
not recognize any more that the value is a constant, and emits a
warning about a possibly truncating implicit conversion.

R=mstarzinger@chromium.org

Bug: v8:8689, v8:8562
Change-Id: Ifd13d2210ee64251c0075c0d9b68cacd5107d9ab
Reviewed-on: https://chromium-review.googlesource.com/c/1414913
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58869}
2019-01-17 08:20:36 +00:00
Ulan Degenbaev
93283bf04a [heap, api] Add API for automatically restoring the heap limit.
Now the embedder can instruct V8 to restore the initial heap limit
once the heap size drops below the given percentage of the heap limit.

Bug: chromium:922038
Change-Id: Ib668406c5d59c02b45a8eae7de96527ebc3f2b4d
Reviewed-on: https://chromium-review.googlesource.com/c/1411606
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58837}
2019-01-15 18:08:07 +00:00
Jakob Kummerow
102e22658d [cleanup] Use Page::FromHeapObject where applicable
It is slightly faster than Page::FromAddress(o->address()) (saves
one instruction), and more concise than Page::FromAddress(o->ptr()).
Same for MemoryChunk::FromHeapObject().

Bug: v8:8562
Change-Id: I9dc2b787aed5cad2d4087850dfa2e8eb157ad225
Reviewed-on: https://chromium-review.googlesource.com/c/1405031
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58806}
2019-01-15 01:20:11 +00:00
Ulan Degenbaev
13e07389ff Revert "[heap] Remove bailout marking worklist."
This reverts commit 68a8bdd829.

Reason for revert: memory regression: crbug.com/921239

Original change's description:
> [heap] Remove bailout marking worklist.
> 
> The concurrent marker can now process all objects.
> This patch also eagerly visits the objects that undergo layout
> changes. This is because previously such objects were pushed
> onto the bailout worklist, which is gone now.
> To preserve the incremental step accounting, the patch introduces
> a new GC tracer scope called MC_INCREMENTAL_LAYOUT_CHANGE.
> 
> Bug: v8:8486
> Change-Id: Ic1c2f0d4e2ac0602fc945f3258af9624247bd65f
> Reviewed-on: https://chromium-review.googlesource.com/c/1386486
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58712}

TBR=ulan@chromium.org,mlippautz@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:8486, chromium:921239
Change-Id: I1f851b948f4ce403316e469999f0b16e8dfdb62d
Reviewed-on: https://chromium-review.googlesource.com/c/1408990
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58787}
2019-01-14 15:00:11 +00:00
Ulan Degenbaev
68a8bdd829 [heap] Remove bailout marking worklist.
The concurrent marker can now process all objects.
This patch also eagerly visits the objects that undergo layout
changes. This is because previously such objects were pushed
onto the bailout worklist, which is gone now.
To preserve the incremental step accounting, the patch introduces
a new GC tracer scope called MC_INCREMENTAL_LAYOUT_CHANGE.

Bug: v8:8486
Change-Id: Ic1c2f0d4e2ac0602fc945f3258af9624247bd65f
Reviewed-on: https://chromium-review.googlesource.com/c/1386486
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58712}
2019-01-10 17:39:45 +00:00
Jakob Kummerow
ae8f83fe08 [ubsan] Rename ObjectPtr to Object
The two names refer to the same thing by now, so this patch is
entirely mechanical.

Bug: v8:3770
Change-Id: Ia360c06c89af6b3da27fd21bbcaeb2bdaa28ce22
Reviewed-on: https://chromium-review.googlesource.com/c/1397705
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58615}
2019-01-08 09:08:59 +00:00
peterwmwong
263dce9b57 [js] Remove CORE JS Natives (prologue.js), port extra utils to C++/Torque
- Removes the last `CORE` JS native script: `prologue.js`.
- Removes build step and bootstrapping associated with building/loading `CORE` JS natives.
- Removes `natives_utils_object` from context.
- Deprecates `--expose-natives-as` flag.
- Ports extra utils functions to C++ (`uncurryThis`) or Torque
  (`createPrivateSymbol`, `markPromiseAsHandled`, and `promiseState`).
- Move extra utils constants initialization into bootstrapper
  (`kPROMISE_PENDING`, `kPROMISE_FULFILLED`, `kPROMISE_REJECTED`).
- Removes unused extra utils functions `log` and `logStackTrace`.

Drive-by: Added test coverage for Array#includes being an unscopeable.

Bug: v8:7624
Change-Id: I5d983f8d11b76cb4dd3c2c67592ce1dc88364cd9
Reviewed-on: https://chromium-review.googlesource.com/c/1381672
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#58577}
2019-01-07 11:57:46 +00:00
Jakob Kummerow
056f927861 [ubsan] Port Object to the new design
Tbr: ahaas@chromium.org,leszeks@chromium.org,verwaest@chromium.org
Bug: v8:3770
Change-Id: Ia6530fbb70dac05e9972283781c3550d8b50e1eb
Reviewed-on: https://chromium-review.googlesource.com/c/1390116
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58470}
2018-12-26 20:54:07 +00:00
Jakob Kummerow
444741ac11 Revert "[error] extend error stack w/ function parameters"
This reverts commit 97628eeeb9.

Reason for revert: breaks compilation in Lite mode, which does not allow overriding of certain flags. See https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8926078411629093216/+/steps/build/0/steps/compile/0/stdout.

Original change's description:
> [error] extend error stack w/ function parameters
> 
> Extend FrameArray to hold weak references to parameters for functions in
> the call stack. The goal here is to provide more metadata for postmortem
> tools (such as llnode), especially in cases of rethrowing (this will be
> particularly useful when using postmortem with promises on Node.js).
> 
> Besides postmortem, these changes allow us to print a more detailed
> stack trace for errors with parameters types (or even values), which can
> be useful since JavaScript functions can receive any number of
> parameters of any type, and having a function behave differently
> according to the number of parameters received as well as their types is
> a common pattern on JS libraries and frameworks.
> 
> R=​bmeurer@google.com, yangguo@google.com
> 
> Change-Id: Idf0984d0dbac16041f11d738d4b1c095a8eecd61
> Reviewed-on: https://chromium-review.googlesource.com/c/1289489
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58468}

TBR=yangguo@chromium.org,bmeurer@google.com,bmeurer@chromium.org,mat@mmarchini.me

Change-Id: Ide0a434c1521ab2bbeca6821397ff63ba7d40fe5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1390128
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58469}
2018-12-26 19:03:45 +00:00
Matheus Marchini
97628eeeb9 [error] extend error stack w/ function parameters
Extend FrameArray to hold weak references to parameters for functions in
the call stack. The goal here is to provide more metadata for postmortem
tools (such as llnode), especially in cases of rethrowing (this will be
particularly useful when using postmortem with promises on Node.js).

Besides postmortem, these changes allow us to print a more detailed
stack trace for errors with parameters types (or even values), which can
be useful since JavaScript functions can receive any number of
parameters of any type, and having a function behave differently
according to the number of parameters received as well as their types is
a common pattern on JS libraries and frameworks.

R=bmeurer@google.com, yangguo@google.com

Change-Id: Idf0984d0dbac16041f11d738d4b1c095a8eecd61
Reviewed-on: https://chromium-review.googlesource.com/c/1289489
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58468}
2018-12-26 11:54:17 +00:00
Ulan Degenbaev
6c740734c4 [heap] Add a regression test for v8:8617
This also adjusts debug printing of descriptor arrays and adds a check
to the code serializer.

Bug: v8:8617
Tbr: mlippautz@chromium.org
Change-Id: Ic04f01abf9f7ed5a310b9e51a22c04fda108f563
Reviewed-on: https://chromium-review.googlesource.com/c/1387501
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58438}
2018-12-21 14:38:36 +00:00
Jakob Kummerow
9302db480e [ubsan] Port HeapObject to the new design
Merging the temporary HeapObjectPtr back into HeapObject.

Bug: v8:3770
Change-Id: I5bcd23ca2f5ba862cf5b52955dca143e531c637b
Reviewed-on: https://chromium-review.googlesource.com/c/1386492
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58410}
2018-12-20 16:43:49 +00:00
Igor Sheludko
4ba29d0503 [cleanup][heap] Fix kPointerSize usages in src/heap/
Bug: v8:8477, v8:8562
Change-Id: Iaa995c8fbb9f309dadac4e308d727f628fdb8b3c
Reviewed-on: https://chromium-review.googlesource.com/c/1384314
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58379}
2018-12-19 19:58:20 +00:00
Ulan Degenbaev
0400fc2049 [heap] Optimize marking of descriptor arrays.
Now a descriptor array tracks the number of descriptors that were
already marked. The marking visitor of a map only marks the subset
of the descriptors that it needs and that are not already marked.

If a descriptor array is shared between M maps and has N descriptos,
then the number of marking operations is reduced from O(M*N) to O(N).

This patch also adds a marking barrier for descriptors.

The marked descriptor counter in a descriptor array is not cleared
after mark-compact GC. Instead, it embeds two bits from the global
mark-compact epoch counter and is considered 0 if the bits do not match
the current value of the global epoch counter.

Bug: v8:8486
Change-Id: I2a7822a6833f3143e1d351e5e4819c2ef2c07fb0
Reviewed-on: https://chromium-review.googlesource.com/c/1382746
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58372}
2018-12-19 16:49:06 +00:00
Mythri
1ca0de67d2 [reland] Don't allocate feedback vectors and feedback metadata in lite mode
Don't allocate feedback vectors and feedback metadata in lite mode.
Also updates to skip tests that require feedback vectors.

This is a reland of
https://chromium-review.googlesource.com/c/v8/v8/+/1384087 after skipping
the failing tests.

Bug: v8:8394
Change-Id: I7766533b85a144e62996ceed8d542cdc534feeb5
Reviewed-on: https://chromium-review.googlesource.com/c/1384307
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58363}
2018-12-19 14:29:30 +00:00
Clemens Hammacher
9efa28bf00 Revert "Do not allocate feedback vectors and feedback metadata in lite mode"
This reverts commit 62e86b88e5.

Reason for revert: Fails on arm sim lite debug: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite%20-%20debug/1075

Original change's description:
> Do not allocate feedback vectors and feedback metadata in lite mode
> 
> Don't allocate feedback vectors and feedback metadata in lite mode.
> Also updates to skip tests that require feedback vectors.
> 
> Bug: v8:8394
> Change-Id: I22c64a32c44bb8f25fb09003d6e9fc5a04e84f8a
> Reviewed-on: https://chromium-review.googlesource.com/c/1378173
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58351}

TBR=rmcilroy@chromium.org,yangguo@chromium.org,mlippautz@chromium.org,mythria@chromium.org

Change-Id: I88fd37ea4e21aa2cc81eceb87ddb35c23224beae
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8394
Reviewed-on: https://chromium-review.googlesource.com/c/1384087
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58355}
2018-12-19 11:31:32 +00:00
Mythri
62e86b88e5 Do not allocate feedback vectors and feedback metadata in lite mode
Don't allocate feedback vectors and feedback metadata in lite mode.
Also updates to skip tests that require feedback vectors.

Bug: v8:8394
Change-Id: I22c64a32c44bb8f25fb09003d6e9fc5a04e84f8a
Reviewed-on: https://chromium-review.googlesource.com/c/1378173
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58351}
2018-12-19 10:30:48 +00:00
Jakob Kummerow
766ef168fb [objects.h splitting] Move HeapNumber to heap-number.h
Along with HeapNumberBase and MutableHeapNumber, of course.

Bug: v8:5402
Change-Id: I14a7f8052de3839cad36bb7e4ebb6da38b2ac096
Reviewed-on: https://chromium-review.googlesource.com/c/1379884
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58293}
2018-12-17 17:58:09 +00:00
Jakob Kummerow
b5a2839b92 [objects.h splitting] Move FreeSpace to free-space.h
Bug: v8:5402
Change-Id: I07f276dc6a06a2850aaae0a5ee4cbbfd27d8aa81
Reviewed-on: https://chromium-review.googlesource.com/c/1379875
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58289}
2018-12-17 15:56:39 +00:00
Jakob Kummerow
824596aa28 [ubsan] Replace a few more Object** with alternatives
Either Address* or Handle<Object> or ObjectSlot, depending on
circumstances.

Bug: v8:3770
Change-Id: Id00dfede6eb92ec30b658c0090b5310548ba5162
Reviewed-on: https://chromium-review.googlesource.com/c/1379228
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58282}
2018-12-17 14:17:22 +00:00
Jakob Kummerow
8dc9e26eda [ubsan] Port Struct subclasses, part 8: Script
Bug: v8:3770
Change-Id: Id7a05e5687d36c9347f35f6f3276af2a4b6115fd
Reviewed-on: https://chromium-review.googlesource.com/c/1377770
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58279}
2018-12-17 13:36:35 +00:00
Jakob Kummerow
c31f33b212 [ubsan] Port Struct subclasses, part 2
AllocationMemento, AllocationSite, ArrayBoilerplateDescription

Bug: v8:3770
Change-Id: I0081d222c73d9d66ba35ae28e73b6388e4e58ac0
Reviewed-on: https://chromium-review.googlesource.com/c/1377455
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58255}
2018-12-14 20:43:54 +00:00
peterwmwong
640d3adf5f [builtins] Remove InternalArray and reduce InternalPackedArray constructors.
InternalPackedArray now only has one constructor variant that expects no
arguments (Chrome's only usage of InternalPackedArray). As such, these TFC
builtins are no longer used and were removed:
- InternalArrayNoArgumentConstructor_Holey
- InternalArraySingleArgumentConstructor_Packed
- InternalArraySingleArgumentConstructor_Holey

On x64.release, this reduces builtins size by ~1.2KB.

Bug: v8:7624
Change-Id: I7316608dc02b1e09e9e414ee1aeb1fb08410c6f6
Reviewed-on: https://chromium-review.googlesource.com/c/1372772
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58193}
2018-12-12 16:13:41 +00:00
Ross McIlroy
a55803a15d [SFI] Add support for flushing old Bytecode from SharedFunctionInfos.
This change makes the SFI to bytecode link pseudo-weak. The marking visitors
check whether the bytecode is old, and if so, don't mark it and instead
push the SFI onto a bytecode_flushing_candidates worklist. Once marking
is complete, this list is walked, and for any of the candidates who's bytecode
has not been marked (i.e., is only referenced by the shared function info),
the bytecode is flushed and the SFI has the function data replaced with
an UncompiledData (which overwrites the flushed bytecode array).

Since we don't track JSFunctions, these can still think the underlying
function is compiled, and so calling them will invoke
InterpreterEntryTrampoline. As such, logic is added to
InterpreterEntryTrampoline to detect flushed functions, and enter
CompileLazy instead.

BUG=v8:8395

Change-Id: I4afba79f814ca9a92dec45d59485935845a6669d
Reviewed-on: https://chromium-review.googlesource.com/c/1348433
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58158}
2018-12-11 14:50:07 +00:00
Jakob Kummerow
cfb5bb726f [ubsan] Port JSReceiver and subclasses to the new design
Bug: v8:3770
Change-Id: I1d74ffe9e5478b4b8bc0acbf088d20919d458d50
Reviewed-on: https://chromium-review.googlesource.com/c/1363822
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58112}
2018-12-08 04:05:50 +00:00
Jakob Gruber
24e766168b Reland "[nojit] Remove code stubs"
This is a reland of f849396c3a

Original change's description:
> [nojit] Remove code stubs
>
> All stubs have been migrated to builtins. This CL removes most related
> code.
>
> Bug: v8:7777, v8:5784
> Change-Id: I4470cfef34788e6c8e0fd5fd09e40e250d088dad
> Reviewed-on: https://chromium-review.googlesource.com/c/1365284
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58093}

Tbr: mstarzinger@chromium.org,yangguo@chromium.org,jkummerow@chromium.org,bmeurer@chromium.org
Bug: v8:7777, v8:5784
Change-Id: I005ee2a820d49a75a90481d262a310e4ccfd1391
Reviewed-on: https://chromium-review.googlesource.com/c/1367746
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58101}
2018-12-07 15:46:17 +00:00
Jakob Gruber
05100848ba Revert "[nojit] Remove code stubs"
This reverts commit f849396c3a.

Reason for revert: arm64: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/24229

Original change's description:
> [nojit] Remove code stubs
> 
> All stubs have been migrated to builtins. This CL removes most related
> code.
> 
> Bug: v8:7777, v8:5784
> Change-Id: I4470cfef34788e6c8e0fd5fd09e40e250d088dad
> Reviewed-on: https://chromium-review.googlesource.com/c/1365284
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58093}

TBR=jkummerow@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,jarin@chromium.org,jgruber@chromium.org,bmeurer@chromium.org

Change-Id: I52c3abd3f4e5872fe26ed7e527a58b118e02b387
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7777, v8:5784
Reviewed-on: https://chromium-review.googlesource.com/c/1367804
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58095}
2018-12-07 13:54:22 +00:00
Jakob Gruber
f849396c3a [nojit] Remove code stubs
All stubs have been migrated to builtins. This CL removes most related
code.

Bug: v8:7777, v8:5784
Change-Id: I4470cfef34788e6c8e0fd5fd09e40e250d088dad
Reviewed-on: https://chromium-review.googlesource.com/c/1365284
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58093}
2018-12-07 13:41:21 +00:00
Igor Sheludko
8799f78080 [ptr-compr] Use FullObjectSlot for off-heap slots
(mostly for roots, handles and stack locations).
Thi CL also changes RootVisitor interface to use FullObjectSlots instead of
ObjectSlots.

Bug: v8:8518
Change-Id: I217c7ae176387a8c64f4754e62339727bdb36018
Reviewed-on: https://chromium-review.googlesource.com/c/1366035
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58091}
2018-12-07 12:35:27 +00:00
Igor Sheludko
014eb84f1f [ptr-compr] Introduce MemsetTagged() for initializing on-heap kTaggedSize-sized slots
Bug: v8:8518
Change-Id: I39db0adbd84627491bcb653b90de724eb988d383
Reviewed-on: https://chromium-review.googlesource.com/c/1363145
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58057}
2018-12-05 22:58:54 +00:00
Jakob Kummerow
371ba71f82 [ubsan] Port WeakArrayList to the new design
and also its pure-static subclass PrototypeUsers, whose porting
is a no-op.

Bug: v8:3770
Change-Id: I075806f784a0631058692149e71c45e455e90f73
Reviewed-on: https://chromium-review.googlesource.com/c/1355631
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58003}
2018-12-03 23:35:12 +00:00
Jakob Kummerow
f53d4d70a9 [ubsan] Port FeedbackVector and FeedbackMetadata
to the new design.

Bug: v8:3770
Change-Id: I63291cc8eccfa1da20e84c6d3e9f48f253409396
Reviewed-on: https://chromium-review.googlesource.com/c/1355627
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57981}
2018-11-30 20:00:20 +00:00
Hannes Payer
9ec92be9c8 [heap] Fix cctest expectations for large object allocations.
Bug: chromium:852420
Change-Id: Ie1f656cafe78c517ff53676d8cb7200d0bf1d7cc
Reviewed-on: https://chromium-review.googlesource.com/c/1356518
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57972}
2018-11-30 14:47:54 +00:00
Ulan Degenbaev
799dfad502 Prepare bottleneck for setting instance descriptors.
This refactors Map operations to update the instance descriptors and
the number of own descriptors via the SetInstanceDescriptors bottleneck.
This will allow us to add a special marking barrier for these updates.

Bug: v8:8486
Change-Id: Ie9c746d4bcdd6166d38402622734693fa59faf21
Reviewed-on: https://chromium-review.googlesource.com/c/1354883
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57934}
2018-11-29 12:50:53 +00:00
Jakob Kummerow
862266a2aa [ubsan] Port WeakFixedArray and subclasses
TransitionArray, NormalizedMapCache, DependentCode to the new design.

Bug: v8:3770
Change-Id: I8bd56f231fb62b146e0fb05989418aedb62a628b
Reviewed-on: https://chromium-review.googlesource.com/c/1350287
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57921}
2018-11-29 02:03:20 +00:00
Jakob Kummerow
81620900e9 [ubsan] Port SharedFunctionInfo to the new design
Bug: v8:3770
Change-Id: If405611d359d29ae1958beebd9202e068434a621
Reviewed-on: https://chromium-review.googlesource.com/c/1350286
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57918}
2018-11-28 21:23:50 +00:00
Hannes Payer
9266bc2453 Reland: [heap] Release dead young generation large objects in the Scavenger.
This reverts commit 33713b5b61.

Bug: chromium:852420
Change-Id: I45f447b690af8534aeec8630a717abe92f4099f8
Reviewed-on: https://chromium-review.googlesource.com/c/1350997
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57850}
2018-11-26 19:47:20 +00:00
Hannes Payer
1abc28e328 [heap] Remove large object tenure limit for now.
Bug: chromium:852420
Change-Id: Ie0a6eeb42b57db2309403acd23e986f73cb33afe
Reviewed-on: https://chromium-review.googlesource.com/c/1350123
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57824}
2018-11-26 13:59:49 +00:00
Jakob Kummerow
8bb236d7c9 [ubsan] Port FixedArray{,Base} to the new design
Removing the temporarily duplicated classes FixedArrayPtr and
FixedArrayBasePtr.

Bug: v8:3770
Change-Id: I056ad74ff69593e9f134ef5c976766812c4d9275
Reviewed-on: https://chromium-review.googlesource.com/c/1345913
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57807}
2018-11-25 03:08:14 +00:00
Jakob Kummerow
4ff869ed3c [ubsan] Port ByteArray and subclasses to the new design
Bug: v8:3770
Change-Id: I49d4fdc1cac6c4bde81fbe0bf76341be12711109
Reviewed-on: https://chromium-review.googlesource.com/c/1345911
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57803}
2018-11-24 09:29:14 +00:00
Yang Guo
33713b5b61 Revert "[heap] Release dead young generation large objects in the Scavenger."
This reverts commit 40b448eadd.

Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64/27711

Original change's description:
> [heap] Release dead young generation large objects in the Scavenger.
> 
> Bug: chromium:852420
> Change-Id: Ieefbee7bfd625d62e9104950bdfa8e46d5f4270a
> Reviewed-on: https://chromium-review.googlesource.com/c/1348081
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57761}

TBR=ulan@chromium.org,hpayer@chromium.org

Change-Id: I6b57dd8ed92d85b5ce012da754611278ceaefe20
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:852420
Reviewed-on: https://chromium-review.googlesource.com/c/1349270
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57763}
2018-11-23 09:15:33 +00:00
Hannes Payer
40b448eadd [heap] Release dead young generation large objects in the Scavenger.
Bug: chromium:852420
Change-Id: Ieefbee7bfd625d62e9104950bdfa8e46d5f4270a
Reviewed-on: https://chromium-review.googlesource.com/c/1348081
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57761}
2018-11-23 08:04:49 +00:00
Hannes Payer
be77c3ef75 [heap] Handle young generation large objects by MC.
Bug: chromium:852420
Change-Id: Ice7548bf9993bc5dd57b301c410c019eb956daa5
Reviewed-on: https://chromium-review.googlesource.com/c/1348077
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57755}
2018-11-22 17:48:43 +00:00
Hannes Payer
ac9908a090 [heap] Introduce a large object space for code objects.
Change-Id: Ie2d740b6b584c5104849e46c1286550c80f1f5c9
Reviewed-on: https://chromium-review.googlesource.com/c/1340252
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57713}
2018-11-22 08:23:09 +00:00
Hannes Payer
42c41a1fbb Don't run young generation large object tests for nosnap configurations.
Bug: chromium:852420
Change-Id: I01d0bed33a573adbe1d9365868d63ea9c3cb0552
Reviewed-on: https://chromium-review.googlesource.com/c/1346499
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57697}
2018-11-21 18:52:44 +00:00
Ulan Degenbaev
6b55356d3a [heap] Decouple code deoptimization from clearing weak objects.
This patch allows the deoptimizer to keep embedded pointers intact.
Previously, the deoptimizer had to clear embedded pointers because
the mark-compactor relied on the Code::marked_for_deoptimization flag
to indicate whether the embedder pointers were cleared or not.

This patch adds a new flag called Code::embedded_objects_cleared()
and thus can correctly clear dead weak objects in deoptimized code.

Bug: v8:8459
Change-Id: I6eb6ff3aa2182bc41730e0a249965f8d8c0525ce
Reviewed-on: https://chromium-review.googlesource.com/c/1335943
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57584}
2018-11-16 18:31:06 +00:00
Jakob Kummerow
0dbda17de5 [ubsan] Port Map to the new design
Bug: v8:3770
Change-Id: I52660eeda1bd299953793af9af1395f47e89072e
Reviewed-on: https://chromium-review.googlesource.com/c/1331155
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57454}
2018-11-13 06:59:12 +00:00
Jakob Kummerow
fe61cd6487 [ubsan] Port Code to the new design
Bug: v8:3770
Change-Id: I413ce57f7fa91cef2445995ca22650477f92b0df
Reviewed-on: https://chromium-review.googlesource.com/c/1321892
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57445}
2018-11-12 18:47:04 +00:00
Igor Sheludko
4001f86afa [ptr-compr] Make cleared weak reference value pointer compression friendly
because otherwise cleared weak references require special treatment during
decompression.

Bug: v8:7703
Change-Id: I38761d656c606e7ba7fc3075dffbd855a9f72302
Reviewed-on: https://chromium-review.googlesource.com/c/1322909
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57315}
2018-11-07 13:28:43 +00:00
Jakob Kummerow
6d706ae3a0 [ubsan] Port Smi to the new design
and split Smi out of objects.h into smi.h.

Bug: v8:3770, v8:5402
Change-Id: I5ff7461495d29c785a76c79aca2616816a29ab1e
Reviewed-on: https://chromium-review.googlesource.com/c/1313035
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57252}
2018-11-05 20:52:51 +00:00
Ross McIlroy
21784e3d94 [Lite] Disable ICs in lite mode
BUG=v8:8293

Change-Id: I1d0e75f8671d3ec1c899c65bb9a865f2358173de
Reviewed-on: https://chromium-review.googlesource.com/c/1280527
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57042}
2018-10-26 16:07:20 +00:00
Jakob Kummerow
e7b8699910 [ubsan] Port MaybeObject to new design
This CL applies the equivalent of the Object -> ObjectPtr
transformation to MaybeObject and HeapObjectReference. We
need no renaming in this case because we can just migrate
them both in one go.

Bug: v8:3770
Change-Id: Ie1259c3e8c556eff00f8bcf534d7270ca9fe00e1
Reviewed-on: https://chromium-review.googlesource.com/c/1298386
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57010}
2018-10-26 01:08:30 +00:00
Hannes Payer
7103cd8b10 Reland "[heap] Clean-up MemoryChunk allocation area constants."
This is a reland of 1d83709303

Original change's description:
> [heap] Clean-up MemoryChunk allocation area constants.
> 
> Change-Id: I8ba59546ab93c7af98bc5ece2f0160628844dd92
> Reviewed-on: https://chromium-review.googlesource.com/c/1280584
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56908}

Change-Id: I110b70ee5cb5609e54e24e17f183b8c6d6086b8a
Reviewed-on: https://chromium-review.googlesource.com/c/1297318
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56941}
2018-10-24 13:27:41 +00:00
Jakob Kummerow
266c0b967b [ubsan,heap] Replace Object** with ObjectSlot
as part of the continuing quest to get rid of Object*/Object**.
This is a fairly mechanical replacement of Object**/MaybeObject** with
wrapper objects carrying the same data. No change in behavior is intended.
Overloaded operators are provided to minimize code churn.

Bug: v8:3770
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I76cee82b8bf2dd80a1b66f09dd2bb2b65038eeb7
Reviewed-on: https://chromium-review.googlesource.com/c/1287889
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56920}
2018-10-24 00:14:20 +00:00
Yang Guo
0d75b76c64 Revert "[heap] Clean-up MemoryChunk allocation area constants."
This reverts commit 1d83709303.

Reason for revert: Speculative revert for https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Arm%20-%20debug/8158

Original change's description:
> [heap] Clean-up MemoryChunk allocation area constants.
> 
> Change-Id: I8ba59546ab93c7af98bc5ece2f0160628844dd92
> Reviewed-on: https://chromium-review.googlesource.com/c/1280584
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56908}

TBR=ulan@chromium.org,yangguo@chromium.org,hpayer@chromium.org

Change-Id: I0ce51513864d3f7e4337391dc510fb828c083d48
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1296488
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56914}
2018-10-23 18:20:07 +00:00
Hannes Payer
1d83709303 [heap] Clean-up MemoryChunk allocation area constants.
Change-Id: I8ba59546ab93c7af98bc5ece2f0160628844dd92
Reviewed-on: https://chromium-review.googlesource.com/c/1280584
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56908}
2018-10-23 15:13:34 +00:00
Ross McIlroy
0c9c0adf62 [Lite] Disable optimization for Lite mode.
BUG=v8:8293

Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ic0e12cbcea76f76fce543714dee972c784095143
Reviewed-on: https://chromium-review.googlesource.com/c/1290795
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56852}
2018-10-22 13:16:24 +00:00
Hannes Payer
581192aab9 [heap] Reclaim inaccessible memory.
Bug: chromium:897074
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I728572cda9a8914ee689eeee68a060b5713e4c6b
Reviewed-on: https://chromium-review.googlesource.com/c/1290972
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56845}
2018-10-22 10:21:57 +00:00
Jakob Kummerow
aa3023102d Revert "[Lite] Disable optimization for Lite mode."
This reverts commit 5847574eb9.

Reason for revert: Break mjsunit tests in Lite mode. You'll have to find a solution for tests using assertOptimized().

Original change's description:
> [Lite] Disable optimization for Lite mode.
> 
> BUG=v8:8293
> 
> Change-Id: I6b2e02420ab69fb1d2e24945d48b08d2bc24b0d0
> Reviewed-on: https://chromium-review.googlesource.com/c/1280526
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56795}

TBR=rmcilroy@chromium.org,delphick@chromium.org

Change-Id: I09f6c17cc325f50560329c46f06ad847f0bb021d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8293
Reviewed-on: https://chromium-review.googlesource.com/c/1290111
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56796}
2018-10-19 00:26:06 +00:00
Ross McIlroy
5847574eb9 [Lite] Disable optimization for Lite mode.
BUG=v8:8293

Change-Id: I6b2e02420ab69fb1d2e24945d48b08d2bc24b0d0
Reviewed-on: https://chromium-review.googlesource.com/c/1280526
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56795}
2018-10-18 23:07:38 +00:00
Michael Lippautz
e11053a96f [api] Remove deprecated EmbedderHeapTracer APIs
Also fully deprecate AbortTracing.

Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I852d28d8ce0f02b3a048b1061de29c9fce71ce62
Reviewed-on: https://chromium-review.googlesource.com/c/1278811
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56655}
2018-10-15 16:37:49 +00:00
Ross McIlroy
c73fa4fce4 [Build] Add support for V8 Lite mode.
Adds a build-time flag to control enabling of V8 Lite mode. Currently
this mode enables optimize-for-size and makes that flag read-only so that
it can't be changed at runtime.

This mode also replaces the --minimal flag which was previously used
to make porting easier.

BUG=v8:8293

Change-Id: I8360b4d55dd15a2a7c18429c94329dc5264dea86
Reviewed-on: https://chromium-review.googlesource.com/c/1276467
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56653}
2018-10-15 16:04:17 +00:00
Clemens Hammacher
40be7df641 Remove redundant IsAddressAligned function
Since {Address} is just {uintptr_t}, we can just use the standard
{IsAligned} function.

R=mlippautz@chromium.org

Bug: v8:8238
Change-Id: I260591e88b50855cf327096a07b2c18f0c1e4508
Reviewed-on: https://chromium-review.googlesource.com/c/1280204
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56631}
2018-10-15 12:16:44 +00:00
Hannes Payer
17890f67fb [heap] Externalize mark bitmap.
Change-Id: Idc52e3ed6af13b20569a412e98bae0841d32e009
Reviewed-on: https://chromium-review.googlesource.com/c/1254125
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56572}
2018-10-11 15:03:40 +00:00
Igor Sheludko
54855b67d4 [ptr-compr] Move Heap::root() to Isolate
... and Heap::root_handle() to RootsTable.

This is a preliminary step before moving IsolateData object from Heap to Isolate
which is required for pointer-compression friendly heap layout.

Bug: v8:8182
Change-Id: Ideacc1c9e4435be7a33db08415ac1ad46e956199
Reviewed-on: https://chromium-review.googlesource.com/c/1273238
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56552}
2018-10-11 08:59:50 +00:00
Igor Sheludko
33ebe358a5 [cleanup] Split the mutable roots list into immovable and movable
... and remove Heap::RootCanBeWrittenAfterInitialization() and
Heap::RootCanBeTreatedAsConstant() in favour of RootsTable::IsImmortalImmovable().

Bug: v8:8238
Change-Id: I804d06136de9584b8c4940fd8ab9d18fb3ef7980
Reviewed-on: https://chromium-review.googlesource.com/c/1270837
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56500}
2018-10-10 00:05:11 +00:00
Igor Sheludko
5bc86670b6 [cleanup] Cleanup IMMORTAL_IMMOVABLE_ROOT_LIST
... by removing entries corresponding to read only roots (which are
immortal immovable by definition) and using READ_ONLY_ROOT_LIST explicitly.

This CL also renames the list to MUTABLE_IMMORTAL_IMMOVABLE_ROOT_LIST and
moves Heap::RootIsImmortalImmovable() to RootsTable::IsImmortalImmovable().

Bug: v8:8238
Change-Id: I3e44a06d7a816955bc3471e788e883fb053b03d9
Reviewed-on: https://chromium-review.googlesource.com/c/1269035
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56466}
2018-10-09 09:05:37 +00:00
Andreas Haas
c862d2c2e4 [cleanup] Use the new taskrunner API in the gc
We want to replace all uses of CallOnForegroundThread eventually by the
new TaskRunner API so that we can eventually deprecate the old API and
remove it.

R=ulan@chromium.org

Bug: v8:8238
Change-Id: I7e451eddf05f1f7f273c5cfd57d82737380f3f02
Reviewed-on: https://chromium-review.googlesource.com/c/1261145
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56378}
2018-10-04 11:18:32 +00:00
Clemens Hammacher
989e2e31d2 Revert "[heap] Free dead young generation large objects."
This reverts commit e4c650ad94.

Reason for revert: Break Linux nosnap: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/20786

Original change's description:
> [heap] Free dead young generation large objects.
> 
> Bug: chromium:852420
> Change-Id: I77479c3a96bcae6041ddce316c5062f129447edd
> Reviewed-on: https://chromium-review.googlesource.com/1249124
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56280}

TBR=hpayer@chromium.org,mlippautz@chromium.org

Change-Id: If35a09497e09f5cc7ceef8ec33a7c86761f2a336
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:852420
Reviewed-on: https://chromium-review.googlesource.com/1251124
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56282}
2018-09-28 10:08:55 +00:00
Hannes Payer
e4c650ad94 [heap] Free dead young generation large objects.
Bug: chromium:852420
Change-Id: I77479c3a96bcae6041ddce316c5062f129447edd
Reviewed-on: https://chromium-review.googlesource.com/1249124
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56280}
2018-09-28 09:04:22 +00:00
Hannes Payer
6b5b3a5abf [heap] Promote surviving young generation large objects in the Scavenger.
Surviving large objects are directly promoted to the old generation.

Bug: chromium:852420
Change-Id: I460649714544d4338e01085f487d4b70065ecfb5
Reviewed-on: https://chromium-review.googlesource.com/1238173
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56237}
2018-09-26 12:34:24 +00:00
Igor Sheludko
647e0c2312 [cleanup] Use RootIndex instead of int in serializer code
Bug: v8:8015
Change-Id: I2f407c5ffaed96b90b9ead452a98a19ef1700b75
Reviewed-on: https://chromium-review.googlesource.com/1240336
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56233}
2018-09-26 09:49:40 +00:00
Dan Elphick
d235f550ab [deprecation] Deprecate ToBoolean(Local<Context>)
ToBoolean and BooleanValue cannot throw exceptions so the Maybe versions
of the functions don't make sense. As such this deprecates the Maybe
versions and undeprecates ToBoolean(Isolate*). It also adds
BooleanValue(Isolate*).

Fix up all of the v8 code to not use the deprecated functions.

Bug: v8:7279, v8:8015
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I50e7474d205c75baa153f0dea7f02dcf60232d1d
Reviewed-on: https://chromium-review.googlesource.com/1238476
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56163}
2018-09-24 12:02:09 +00:00
Igor Sheludko
2fde54330a [cleanup] Move enum Heap::RootListIndex to enum class RootIndex
and introduce RootsTable - a V8 heap roots storage.

So, the renaming part looks like this:
  Heap::RootListIndex -> RootIndex
  Heap::kBlahBlahRootIndex -> RootIndex::kBlahBlah

Bug: v8:8015, v8:8182
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I38e1f3e3f6813ef35e37b0bed35e9ae14a62134f
Reviewed-on: https://chromium-review.googlesource.com/1234613
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56067}
2018-09-20 11:16:05 +00:00
Michael Lippautz
fe566be004 [heap] Concurrently process wrapper objects
Concurrently process objects and only read embedder fields on the main
thread.

Also prepares the concurrent marking infrastructure to plug this
processing into different types.

Bug: chromium:885125, chromium:843903
Change-Id: I23b7f778c16cff118dec93e11e2bbd02aaf11a78
Reviewed-on: https://chromium-review.googlesource.com/1231175
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56043}
2018-09-19 14:14:06 +00:00
Michael Lippautz
44e77f8d93 [heap] Remove marking finalization flag
The flag was not used anymore and any CollectGarbage call will finalize
marking.

Change-Id: I29ee60b187c9038acc4b42b8334546498f54f117
Reviewed-on: https://chromium-review.googlesource.com/1228013
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56018}
2018-09-19 09:08:35 +00:00
Florian Sattler
6df4c37779 [cleanup] Mark heap/ methods in subclasses with override.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: Ibdb4b81e1ba764d73bac6592eeef5783097076fc
Reviewed-on: https://chromium-review.googlesource.com/1225896
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55965}
2018-09-17 15:32:31 +00:00
Michael Lippautz
34c8119d49 [heap] Remove support for aborting incremental marking
Abort incremental marking pulls in the requirement to also be able to abort on
the embedder side. In practice, aborting is never really needed and the GC
should just finalize the existing collection and do an atomic followup if exact
marking information is required.

Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic471332d01b0c4be26b71a06248af03255c61a9d
Reviewed-on: https://chromium-review.googlesource.com/1225705
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55949}
2018-09-17 10:44:52 +00:00
Clemens Hammacher
55a8ad0cbe Clean up VirtualMemory allocation
VirtualMemory objects can be moved since https://crrev.com/c/1213062,
so there is no need any more to return them via pointer argument. This
also makes the {AllocVirtualMemory} and {AlignedAllocVirtualMemory}
functions superfluous.

R=ishell@chromium.org, titzer@chromium.org

Bug: v8:8015
Change-Id: Id72921e1c66a6c10be6647194603b8283e010e24
Reviewed-on: https://chromium-review.googlesource.com/1226972
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55947}
2018-09-17 10:16:38 +00:00
Marja Hölttä
c696376e0b Reland [in-place weak refs] Fix MaybeObject function names
E.g., "ToWeakHeapObject" was misleading, since it didn't convert to a weak heap
object, instead returned a weakly pointed heap object. Change the function names
(in this case, to "GetHeapObjectIfWeak") to reflect this.

Also make casts explicit, if a MaybeObject is an Object, we can call cast<Object>().

Previous version: https://chromium-review.googlesource.com/1219025

BUG=v8:7308
TBR=ishell@chromium.org, ulan@chromium.org, ahaas@chromium.org, yangguo@chromium.org, tebbi@chromium.org

Change-Id: I503d4a2a3a68f85e9e02e1c2f9fc1c4187c8e9a1
Reviewed-on: https://chromium-review.googlesource.com/1226800
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55934}
2018-09-17 08:27:59 +00:00
Igor Sheludko
37d87f610f [ptr-compr] Introduce BoundedPageAllocator and use it instead of CodeRange.
This is a reland of 16816e53be

Bug: v8:8096
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I257fc391931a0a4bf01f2e8136183aaed044231c
Reviewed-on: https://chromium-review.googlesource.com/1226915
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55928}
2018-09-15 22:25:40 +00:00
Marja Hölttä
3a79fe2363 Revert "[in-place weak refs] Fix MaybeObject function names"
This reverts commit ad72d19516.

Reason for revert: Build failures on *san

Original change's description:
> [in-place weak refs] Fix MaybeObject function names
> 
> E.g., "ToWeakHeapObject" was misleading, since it didn't convert to a weak heap
> object, instead returned a weakly pointed heap object. Change the function names
> (in this case, to "GetHeapObjectIfWeak") to reflect this.
> 
> Also make casts explicit, if a MaybeObject is an Object, we can call cast<Object>().
> 
> BUG=v8:7308
> 
> Change-Id: I4ef078572b4f4415afe7e2e706d3bd684e16e47d
> Reviewed-on: https://chromium-review.googlesource.com/1219025
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55906}

TBR=ulan@chromium.org,marja@chromium.org,yangguo@chromium.org,ahaas@chromium.org,tebbi@chromium.org,ishell@chromium.org

Change-Id: I054b578518e3f6fd7dbcddf0b56cc018726c1e7a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7308
Reviewed-on: https://chromium-review.googlesource.com/1226874
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55918}
2018-09-14 15:30:05 +00:00
Marja Hölttä
ad72d19516 [in-place weak refs] Fix MaybeObject function names
E.g., "ToWeakHeapObject" was misleading, since it didn't convert to a weak heap
object, instead returned a weakly pointed heap object. Change the function names
(in this case, to "GetHeapObjectIfWeak") to reflect this.

Also make casts explicit, if a MaybeObject is an Object, we can call cast<Object>().

BUG=v8:7308

Change-Id: I4ef078572b4f4415afe7e2e706d3bd684e16e47d
Reviewed-on: https://chromium-review.googlesource.com/1219025
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55906}
2018-09-14 13:58:06 +00:00
Florian Sattler
b2dac95379 [cleanup] Replace 0 and NULL with nullptr for test files.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I2a7a8c8447d2835205f7a506f04efe4d1801b934
Reviewed-on: https://chromium-review.googlesource.com/1224316
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55903}
2018-09-14 12:56:00 +00:00
Florian Sattler
49d1c8663e [cleanup] Refactor heap classes to use default members.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: Ibe5906fa96f2d7327bce1eff70637a2d00f99668
Reviewed-on: https://chromium-review.googlesource.com/1224030
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55865}
2018-09-13 13:35:56 +00:00
Michael Achenbach
0005c2de36 Revert multiple commits
Revert "[ptr-compr] Introduce BoundedPageAllocator and use it instead of CodeRange."

This reverts commit 16816e53be.

Revert "[cleanup] Introduce LsanPageAllocator decorator"

This reverts commit 0606bf91ed.

Revert "[ptr-compr][heap] Fix TODOs about always using proper page allocator"

This reverts commit b0edf8e66a.

The fist CL in the list is suspected to block the roll:
https://chromium-review.googlesource.com/c/chromium/src/+/1216022

Pseudo bisect points to that CL:
https://chromium-review.googlesource.com/c/chromium/src/+/1219612

TBR=ishell@chromium.org

Bug: v8:8096
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I9fafedd3810e14cdfc2068df7727cf90fc0cc85a
Reviewed-on: https://chromium-review.googlesource.com/1219695
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55818}
2018-09-12 08:34:10 +00:00
Igor Sheludko
16816e53be [ptr-compr] Introduce BoundedPageAllocator and use it instead of CodeRange.
Bug: v8:8096
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: If44c1a9a76c517fe329485d385f445b2be9f5ec2
Reviewed-on: https://chromium-review.googlesource.com/1213186
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55744}
2018-09-10 09:30:50 +00:00
Igor Sheludko
3d76e88f13 [ptr-compr] Explicitly specify page allocator instance for VirtualMemory.
The provided page allocator will serve all the memory requests done by the virtual
memory object.
This is a necessary cleanup before introducing BoundedPageAllocator.

Bug: v8:8096
Change-Id: I95477d67e5f532013322a991db3ee1a1f2e821e6
Reviewed-on: https://chromium-review.googlesource.com/1210122
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55703}
2018-09-07 09:39:28 +00:00
Igor Sheludko
51224eab41 [ptr-compr] Explicitly pass v8::PageAllocator instance to helper functions.
... like AllocatePage[s](), FreePages() and SetPermissions().
This CL also changes base::PageAllocator to cache AllocatePageSize and CommitPageSize
values returned by the OS.
This is a necessary cleanup before introducing BoundedPageAllocator.

Bug: v8:8096
Change-Id: Ifb7cdd2caa6a1b029ce0fca6545c61df9d281be2
Reviewed-on: https://chromium-review.googlesource.com/1209343
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55690}
2018-09-06 14:45:58 +00:00
Michael Lippautz
8206187381 Revert GC scheduling for external backing stores
Revert "Reland "[heap] Attempt to incorporate backing store counters into heap sizing and GC trigger stragery.""

This reverts commit eb164dbd00.

Revert "[d8] Fixed external gc test (limit multiplied by number of isolates)."

This reverts commit 38cbc26a75.

Revert "[heap] Fixed typo in method name."

This reverts commit 263174af75.

Bug: chromium:845409, chromium:879045
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I555bcff2ad04ae23368c7b3999a237083010f9c6
Reviewed-on: https://chromium-review.googlesource.com/1196550
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55529}
2018-08-30 14:24:38 +00:00
Rodrigo Bruno
eb164dbd00 Reland "[heap] Attempt to incorporate backing store counters into heap sizing and GC trigger stragery."
This is a reland of ba735dde20

Original change's description:
> [heap] Attempt to incorporate backing store counters into heap sizing and GC trigger stragery.
> 
> Bug: chromium:845409
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: Ic62a4339110e3dd2a6b1961a246e2bee0c07c03b
> Reviewed-on: https://chromium-review.googlesource.com/1160162
> Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55128}

Bug: chromium:845409
Change-Id: Iaff177f7bebbc073460fab0ae4e5cd9e632e1921
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1177301
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
Cr-Commit-Position: refs/heads/master@{#55454}
2018-08-28 12:41:53 +00:00
Michael Starzinger
a500f20175 [test] Remove %SetFlags runtime test method.
This method introduces an inherent race because it allows changing
global static flag variables from concurrently running Isolates (or
Workers). Since there are not too many use-cases left, the method in
question can be removed entirely.

R=hpayer@chromium.org

Change-Id: I9798730dd775b04f0bc83f18ed5982672e76e5d5
Reviewed-on: https://chromium-review.googlesource.com/1186731
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55392}
2018-08-24 10:48:39 +00:00
Michael Lippautz
cfa5fec62f [embedder-tracing] Only expose GC call when used with --expose_gc
Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ie959e443fdf5dce92c4cd42ef62ec914a13b867e
Reviewed-on: https://chromium-review.googlesource.com/1187151
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55376}
2018-08-24 08:35:20 +00:00
Bill Budge
d67d91dbe6 [memory] Replace Memory class with templated Memory functions.
Change-Id: I0870a13fd257e014a3b6dca8ee7ccb3aa5485066
Reviewed-on: https://chromium-review.googlesource.com/1183525
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55359}
2018-08-23 15:20:21 +00:00
Creddy
365e241780 [interpreter][runtime] Avoid AllocationSites for Array literals in oneshot code
No need to create allocation site for array literals in oneshot code since
they are executed only once. The interpreter emits a runtime call to
CreateArrayLiteralWithoutAllocationSite for creating literals in
oneshot code instead.

Change-Id: I285879c84759ff9e2ce281e9548112f52ce5e7d1
Reviewed-on: https://chromium-review.googlesource.com/1167843
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#55349}
2018-08-23 12:00:43 +00:00
Michael Lippautz
a6938128f4 [embedder-tracing] Add GarbageCollectionForTesting call
This call can be used by embedder to request a GC for testing reasons.
The GC also takes the current embedder stack state as an argument that
is forwarded to the embedder when entering the atomic pause.

This way embedders can request garbage collections for testing and set
how the embedder should treat the stack.

Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id10604565b4457dd0fca402afeb5f8e592fa0bae
Reviewed-on: https://chromium-review.googlesource.com/1183431
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55285}
2018-08-21 18:42:05 +00:00
Michael Starzinger
60408d97ab [heap][cleanup] Avoid exposing store-buffer internals.
R=mlippautz@chromium.org
BUG=v8:7490

Change-Id: Ifb4b41db3ca34567d735203667978451815c60d4
Reviewed-on: https://chromium-review.googlesource.com/1181056
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55221}
2018-08-20 14:21:26 +00:00
Ben L. Titzer
515d3400d1 [objects] Split js-array-buffer.h from js-array.h
JSArrays and JSArrayBuffers are very different animals. As such,
split the js-array.h header into two parts.

R=ulan@chromium.org,mstarzinger@chromium.org

Bug: v8:5402
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I82f987ecea3e2e1ceaf8f8962a2b88165558c57e
Reviewed-on: https://chromium-review.googlesource.com/1177760
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55183}
2018-08-17 08:58:08 +00:00
Marja Hölttä
8b63f353e6 [in-place weak refs] Remove WeakCell
BUG=v8:7308

Change-Id: I310d9453be8b90a82856c0d394442aad5527a3ae
Reviewed-on: https://chromium-review.googlesource.com/1169167
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55105}
2018-08-14 08:05:05 +00:00
Ulan Degenbaev
51e6ecb9df Reland "Fix invalidation of old-to-old slots after object trimming."
This reverts commit 5b434929a3.

Changes after the original CL:
- Right-trimming registers the array as an object with invalidated
  slots.
- Left-trimming moves the array start in the invalidated slots map.

Original change's description:
> Fix invalidation of old-to-old slots after object trimming.
>
> A recorded old-to-old slot may be overwritten with a pointer to a new
> space object. If the object containing the slot is trimmed later on,
> then the mark-compactor may crash on a stale pointer to new space.
>
> This patch ensures that:
> 1) On trimming of an object we add it to the invalidated_slots sets.
> 2) The InvalidatedSlotsFilter::IsValid returns false for slots outside
>    the invalidated object unless the page was already swept.
>
> Array left-trimming is handled as a special case because object start
> moves and cannot be added to the invalidated set. Instead, we clear
> the freed memory so that the recorded slots contain Smi values.
>
> Bug: chromium:870226,chromium:816426
> Change-Id: Iffc05a58fcf52ece45fdb085b5d1fd4b3acb5d53
> Reviewed-on: https://chromium-review.googlesource.com/1163784
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54953}

Change-Id: I1f1080f680196c581f62aef8d3a00a595f9bb9b0
Reviewed-on: https://chromium-review.googlesource.com/1165555
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55066}
2018-08-11 08:35:39 +00:00
Creddy
ec8700c418 [interpreter][runtime] Avoid AllocationSites for oneshot code
No need to create allocation site for literals in oneshot code since
they are executed only once. The interpreter emits a runtime call to
CreateObjectLiteralWithoutAllocationSite for creating literals in
oneshot code instead.

Change-Id: I224b3a30f10361cfe9ff63129b36da8230c5e403
Reviewed-on: https://chromium-review.googlesource.com/1163615
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55050}
2018-08-10 13:34:13 +00:00
Rodrigo Bruno
d077c1fa7e [test-heap] fixed test to avoid internal call that will be removed
Bug: chromium:845409
Change-Id: I73a5db1c09e0adb3eab0ee0bdf675edbdea6c6e7
Reviewed-on: https://chromium-review.googlesource.com/1170762
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
Cr-Commit-Position: refs/heads/master@{#55045}
2018-08-10 12:12:07 +00:00
Ulan Degenbaev
27aecd5c54 Avoid excessive GCs triggered by AdjustAmountOfExternalMemory
When the memory pressure level is critical and there are managed objects
that call AdjustAmountOfExternalMemory in their finalizer, we trigger
GC for each dying managed object. See the test for an example.

This fixes the bug by clearing the memory pressure level before GC.

Bug: v8:8014
Change-Id: Id5144430a52fb8545aa23f33229a11b1714cbf10
Reviewed-on: https://chromium-review.googlesource.com/1169011
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55021}
2018-08-09 12:10:21 +00:00
Marja Hölttä
e2fb86f804 [in-place weak refs] Use in-place weak refs in DependentCode
BUG=V8:7308

Change-Id: I4836aaca1474f08098120e6c17cc2b3bd65c70eb
Reviewed-on: https://chromium-review.googlesource.com/1166914
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54975}
2018-08-08 12:48:18 +00:00
Ulan Degenbaev
5b434929a3 Revert "Fix invalidation of old-to-old slots after object trimming."
This reverts commit 719d23c032.

Reason for revert: TSAN failures

Original change's description:
> Fix invalidation of old-to-old slots after object trimming.
> 
> A recorded old-to-old slot may be overwritten with a pointer to a new
> space object. If the object containing the slot is trimmed later on,
> then the mark-compactor may crash on a stale pointer to new space.
> 
> This patch ensures that:
> 1) On trimming of an object we add it to the invalidated_slots sets.
> 2) The InvalidatedSlotsFilter::IsValid returns false for slots outside
>    the invalidated object unless the page was already swept.
> 
> Array left-trimming is handled as a special case because object start
> moves and cannot be added to the invalidated set. Instead, we clear
> the freed memory so that the recorded slots contain Smi values.
> 
> Bug: chromium:870226,chromium:816426
> Change-Id: Iffc05a58fcf52ece45fdb085b5d1fd4b3acb5d53
> Reviewed-on: https://chromium-review.googlesource.com/1163784
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54953}

TBR=ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org

Change-Id: I2e1ff83c2db7902488951a8f597d38133aeb3b04
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:870226, chromium:816426
Reviewed-on: https://chromium-review.googlesource.com/1165862
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54954}
2018-08-07 19:15:58 +00:00