Adds SIMD 128 alignment sizes and masks.
Adds support in Heap for SIMD alignments and fills.
Reworks cctest so that each test independently aligns its allocation address, rather than depending on the previous tests ending state. Adds test cases for SIMD.
LOG=N
BUG=v8:4124
Committed: https://crrev.com/4347d56a6919ae06a70e4a4a8b2f1179cf47bc7e
Cr-Commit-Position: refs/heads/master@{#28767}
Review URL: https://codereview.chromium.org/1159453004
Cr-Commit-Position: refs/heads/master@{#28771}
Reason for revert:
Breaks Linux - arm64 - sim - MSAN
TBR=jochen
Original issue's description:
> Add SIMD 128 alignment support to Heap.
> Adds SIMD 128 alignment sizes and masks.
> Adds support in Heap for SIMD alignments and fills.
> Reworks cctest so that each test independently aligns its allocation address, rather than depending on the previous tests ending state. Adds test cases for SIMD.
>
> LOG=N
> BUG=v8:4124
TBR=hpayer@chromium.org,jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124
Review URL: https://codereview.chromium.org/1169453003
Cr-Commit-Position: refs/heads/master@{#28768}
Adds SIMD 128 alignment sizes and masks.
Adds support in Heap for SIMD alignments and fills.
Reworks cctest so that each test independently aligns its allocation address, rather than depending on the previous tests ending state. Adds test cases for SIMD.
LOG=N
BUG=v8:4124
Review URL: https://codereview.chromium.org/1159453004
Cr-Commit-Position: refs/heads/master@{#28767}
Moves alignment fill calculations into two static Heap methods.
Adds a Heap method to handle the complex case where filler is potentially needed before and after a heap object.
Makes DoubleAlignForDeserialization explicitly fill after an already
aligned object.
LOG=N
BUG=v8:4124
Committed: https://crrev.com/fcfb080eb9a637f0ae066bed4c45095e60df8a84
Cr-Commit-Position: refs/heads/master@{#28687}
Review URL: https://codereview.chromium.org/1150593003
Cr-Commit-Position: refs/heads/master@{#28702}
Reason for revert:
Breaks mjsunit, webkit, mozilla, benchmarks.
TBR=hpayer@chromium.org
Original issue's description:
> Clean up aligned allocation code in preparation for SIMD alignments.
>
> Moves alignment fill calculations into two static Heap methods.
> Adds a Heap method to handle the complex case where filler is potentially needed before and after a heap object.
> Makes DoubleAlignForDeserialization explicitly fill after an already
> aligned object.
>
> LOG=N
> BUG=v8:4124
>
> Committed: https://crrev.com/fcfb080eb9a637f0ae066bed4c45095e60df8a84
> Cr-Commit-Position: refs/heads/master@{#28687}
TBR=hpayer@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124
Review URL: https://codereview.chromium.org/1159123002
Cr-Commit-Position: refs/heads/master@{#28688}
Moves alignment fill calculations into two static Heap methods.
Adds a Heap method to handle the complex case where filler is potentially needed before and after a heap object.
Makes DoubleAlignForDeserialization explicitly fill after an already
aligned object.
LOG=N
BUG=v8:4124
Review URL: https://codereview.chromium.org/1150593003
Cr-Commit-Position: refs/heads/master@{#28687}
When we enter a method that needs access to the [[HomeObject]]
we allocate a local variable `.home_object` and assign it the
value from the [[HomeObject]] private symbol. Something along
the lines of:
method() {
var .home_object = %ThisFunction()[home_object_symbol];
...
}
BUG=v8:3867, v8:4031
LOG=N
Review URL: https://codereview.chromium.org/1135243004
Cr-Commit-Position: refs/heads/master@{#28644}
* Hash code is now just done with a private own symbol instead of the hidden string, which predates symbols.
* In the long run we should do all hidden properties this way and get rid of the
hidden magic 0-length string with the zero hash code. The advantages include
less complexity and being able to do things from JS in a natural way.
* Initially, the performance of weak set regressed, because it's a little harder
to do the lookup in C++. Instead of heroics in C++ to make things faster I
moved some functionality into JS and got the performance back. JS is supposed to be good at looking up named properties on objects.
* This also changes hash codes of Smis so that they are always Smis.
Performance figures are in the comments to the code review. Summary: Most of js-perf-test/Collections is neutral. Set and Map with object keys are 40-50% better. WeakMap is -5% and WeakSet is +9%. After the measurements, I fixed global proxies, which cost 1% on most tests and 5% on the weak ones :-(.
In the code review comments is a patch with an example of the heroics we could do in C++ to make lookup faster (I hope we don't have to do this. Instead of checking for the property, then doing a new lookup to insert it, we could do one lookup and handle the addition immediately). With the current benchmarks above this buys us nothing, but if we go back to doing more lookups in C++ instead of in stubs and JS then it's a win.
In a similar vein we could give the magic zero hash code to the hash code
symbol. Then when we look up the hash code we would sometimes see the table
with all the hidden properties. This dual use of the field for either the hash
code or the table with all hidden properties and the hash code is rather ugly,
and this CL gets rid of it. I'd be loath to bring it back. On the benchmarks quoted above it's slightly slower than moving the hash code lookup to JS like in this CL.
One worry is that the benchmark results above are more monomorphic than real
world code, so may be overstating the performance benefits of moving to JS. I
think this is part of a general issue we have with handling polymorphic code in
JS and any solutions there will benefit this solution, which boils down to
regular property access. Any improvement there will lift all boats.
R=adamk@chromium.org, verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1149863005
Cr-Commit-Position: refs/heads/master@{#28622}
Reason for revert:
[Sheriff] Speculative revert because chromebook is really misbehaving:
http://build.chromium.org/p/client.v8/builders/V8%20Arm/builds/2109
I also triggered a retry with the failing build to be sure. If the revert doesn't help or the bot had a scary hiccup, this can reland.
Original issue's description:
> Pass GC flags to incremental marker and start incremental marking with
> reduce memory footprint in idle notification.
>
> BUG=
>
> Committed: https://crrev.com/4656308147b12405037678b1ab192fb4f2437bbc
> Cr-Commit-Position: refs/heads/master@{#28567}
TBR=hpayer@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1151143002
Cr-Commit-Position: refs/heads/master@{#28568}
Replace the --turbo-deoptimization flag with --turbo-asm-deoptimization
and enable deoptimization for non-asm.js TurboFan code unconditionally.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1153483002
Cr-Commit-Position: refs/heads/master@{#28543}
Sample new space allocation throughput at scavenge and at idle notificatioon.
This will allow better estimation of mutator idleness for switching between
latency and memory modes in idle notification handler.
BUG=chromium:486005
LOG=NO
TEST=cctest/test-heap/NewSpaceAllocationThroughput
Review URL: https://codereview.chromium.org/1125193005
Cr-Commit-Position: refs/heads/master@{#28537}
When the page is controlled by a ServiceWorker, the ServiceWorker can return an opaque (non-CORS cross origin) resource response.
We need to treat the messages from such script resource as opaque.
Committed: https://crrev.com/7a599c5e1242d3c5ab7515ee149623da90ae69ec
Cr-Commit-Position: refs/heads/master@{#28445}
Review URL: https://codereview.chromium.org/1140673002
Cr-Commit-Position: refs/heads/master@{#28459}
When the page is controlled by a ServiceWorker, the ServiceWorker can return an opaque (non-CORS cross origin) resource response.
We need to treat the messages from such script resource as opaque.
Review URL: https://codereview.chromium.org/1140673002
Cr-Commit-Position: refs/heads/master@{#28445}
While the mutator is active, the idle time handler optimizes for latency by doing only incremental steps and scavenges.
When the mutator becomes inactive, the idle time handler forces few incremental GCs to reclaim memory and then stops until mutator is active again.
BUG=460090
LOG=N
Review URL: https://codereview.chromium.org/1105293004
Cr-Commit-Position: refs/heads/master@{#28300}
We shouldn't have shared state between isolates by default. The embedder
is free to pass the same allocator to all isolates it creates.
BUG=none
R=dcarney@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1116633002
Cr-Commit-Position: refs/heads/master@{#28127}
...when handing out validity cells to handlers; because invalidating said cells is
the only time we'll need the user registrations.
Along the way, fix a corner case in WeakFixedArray, which can now be empty after
the recently introduced compaction support.
This reverts commit 968715c653.
Original review: https://codereview.chromium.org/1104813004/
Review URL: https://codereview.chromium.org/1110513002
Cr-Commit-Position: refs/heads/master@{#28076}
Reason for revert:
Suspected of causing GC stress failures.
Original issue's description:
> Lazily register prototype users
>
> when handing out validity cells to handles; because invalidating said cells is the only time we'll need the user registrations.
> Along the way, fix a corner case in WeakFixedArray, which can now be empty after the recently introduced compaction support.
>
> Committed: https://crrev.com/a4bb7643c076b014816431a9b85af3e2edf828e7
> Cr-Commit-Position: refs/heads/master@{#28047}
TBR=yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1108583002
Cr-Commit-Position: refs/heads/master@{#28049}
when handing out validity cells to handles; because invalidating said cells is the only time we'll need the user registrations.
Along the way, fix a corner case in WeakFixedArray, which can now be empty after the recently introduced compaction support.
Review URL: https://codereview.chromium.org/1104813004
Cr-Commit-Position: refs/heads/master@{#28047}
This fixes a race where
- mutator changes the fixed array length by trimming it,
- sweeper thread reads the length of the fixed array.
Also rename FROM_GC and FROM_MUTATOR to be more precise.
BUG=chromium:462908
LOG=NO
Review URL: https://codereview.chromium.org/1034163002
Cr-Commit-Position: refs/heads/master@{#27869}
Add a finalize incremental marking mode for CollectAllGarbage to finalize incremental marking when incremental marking is in progress, but we want a full gc at a given CollectAllGarbage call site.
Default mode for CollectAllGarbage is finalize incremental marking and perform a full GC.
BUG=
Review URL: https://codereview.chromium.org/1082973003
Cr-Commit-Position: refs/heads/master@{#27831}
This makes some tests in test-heap.cc more robust against flags, now
that top-level code can be optimized by the --always-opt flag.
R=hpayer@chromium.org
TEST=cctest/test-heap/TestInternalWeakLists
Review URL: https://codereview.chromium.org/1071063004
Cr-Commit-Position: refs/heads/master@{#27699}
Original issue: https://codereview.chromium.org/980573002/
Simple transitions are now stored in a map's "transitions" field (as a WeakCell wrapping the target map); full TransitionArrays are used when that's not sufficient.
To encapsulate these storage format implementation details, functions for manipulating and querying transitions have been refactored to be static functions on the TransitionArray class, and take maps as inputs.
Review URL: https://codereview.chromium.org/988703002
Cr-Commit-Position: refs/heads/master@{#27044}
This keeps dying maps alive for FLAG_retain_maps_for_n_gc garbage collections
to increase chances of them being reused for new objects in future and
decrease number of deoptimizations.
BUG=v8:3664
LOG=N
TEST=cctest/test-heap/MapRetaining
Review URL: https://codereview.chromium.org/980523004
Cr-Commit-Position: refs/heads/master@{#27040}
Reason for revert:
x64 test failures
Original issue's description:
> Simplify and compact transitions storage
>
> Simple transitions are now stored in a map's "transitions" field (as a WeakCell wrapping the target map); full TransitionArrays are used when that's not sufficient.
> To encapsulate these storage format implementation details, functions for manipulating and querying transitions have been refactored to be static functions on the TransitionArray class, and take maps as inputs.
>
> Committed: https://crrev.com/45fbef7f2252fce10634931cb103ccc1fc95ae6a
> Cr-Commit-Position: refs/heads/master@{#27029}
TBR=verwaest@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/982143002
Cr-Commit-Position: refs/heads/master@{#27030}
Simple transitions are now stored in a map's "transitions" field (as a WeakCell wrapping the target map); full TransitionArrays are used when that's not sufficient.
To encapsulate these storage format implementation details, functions for manipulating and querying transitions have been refactored to be static functions on the TransitionArray class, and take maps as inputs.
Review URL: https://codereview.chromium.org/980573002
Cr-Commit-Position: refs/heads/master@{#27029}
This reverts commit b57be748b1 and
disables the test/mjsunit/debug-clearbreakpointgroup.js because
BreakLocationIterator::ClearBreakPoint is already broken for unrelated reasons (see v8:3924).
BUG=v8:3877
LOG=N
TEST=cctest/test-heap/Regress3877
Review URL: https://codereview.chromium.org/957373002
Cr-Commit-Position: refs/heads/master@{#26893}
Reason for revert:
Breaks test/mjsunit/debug-clearbreakpointgroup.js on arm64.debug.
Original issue's description:
> Fix memory leak caused by field type in descriptor array.
>
> When a field type is a map, it is wrapped in a weak cell upon storing to the descriptor array.
>
> Map::GetFieldType(i) does the unwrapping.
>
> BUG=v8:3877
> LOG=N
> TEST=cctest/test-heap/Regress3877
>
> Committed: https://crrev.com/77d3ae0e119893ac8d34ea6ca090cddd5bbf987e
> Cr-Commit-Position: refs/heads/master@{#26879}
TBR=verwaest@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3877
Review URL: https://codereview.chromium.org/960103003
Cr-Commit-Position: refs/heads/master@{#26883}
When a field type is a map, it is wrapped in a weak cell upon storing to the descriptor array.
Map::GetFieldType(i) does the unwrapping.
BUG=v8:3877
LOG=N
TEST=cctest/test-heap/Regress3877
Review URL: https://codereview.chromium.org/955063002
Cr-Commit-Position: refs/heads/master@{#26879}
Contribution of PowerPC port (continuation of 422063005, 817143002,
866843003, and 901083004. The bulk of the changes are to remove some
hard coded assumptions about heap page size within existing tests.
The remaining change is to use a larger heap page size for PPC linux
as this provides a performance benefit due to the larger memory page size.
modified: src/base/build_config.h
modified: src/heap/heap.cc
modified: test/cctest/test-alloc.cc
modified: test/cctest/test-constantpool.cc
modified: test/cctest/test-heap.cc
modified: test/cctest/test-spaces.cc
modified: test/cctest/test-weakmaps.cc
modified: test/cctest/test-weaksets.cc
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/910333004
Cr-Commit-Position: refs/heads/master@{#26833}
The first try failed because I needed to make a better distinction
between clearing ICs according to policy at GC time or unconditional
clearing (say, via %ClearFunctionTypeFeedback).
It was also blocked by an issue in super constructor calls.
This fix (https://codereview.chromium.org/892113002/) needs to land
before checking in this CL.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/866493003
Cr-Commit-Position: refs/heads/master@{#26420}
Reason for revert:
Breaks a regression test on linux isloates, and linux with gcc 4.8.
Original issue's description:
> Use a WeakCell in the CallIC type vector.
>
> This allows us to clear the IC on a more sedate schedule, just
> like Load and Store ICs.
>
> R=ulan@chromium.org
> BUG=
>
> Committed: https://crrev.com/bcc79d33ca6d97d9ecfcfcf110a6ea84a0225389
> Cr-Commit-Position: refs/heads/master@{#26332}
TBR=ulan@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/886663004
Cr-Commit-Position: refs/heads/master@{#26334}
In DevTools we need one more flag for script origin - is debugger script. We already have "is shared origin" flag. The new flag added by analogy with the old but new has accessor in script object.
R=yurys@chromium.org
Review URL: https://codereview.chromium.org/879553002
Cr-Commit-Position: refs/heads/master@{#26324}
This solves an issue with the custom startup snapshot, in cases where
deserializing the isolate requires more than one page per space.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/876613002
Cr-Commit-Position: refs/heads/master@{#26285}
This method circumvented JS semantics, and should not be used.
BUG=
Review URL: https://codereview.chromium.org/854493004
Cr-Commit-Position: refs/heads/master@{#26157}
Math functions:
Some Math functions require typed arrays for their implementation. The embedded
script may call those Math functions. The serializer needs to deal with this.
Added assertion to make sure no other typed array is created when snapshotting.
Number-string cache:
We assume that the initial snapshot does not expand the number-string cache.
This is no longer true for custom heap snapshots.
Bound functions:
Bound functions store the bound arguments in a COW fixed array, including the
bindee function. COW arrays are serialized into the startup snapshot and
referenced in the partial snapshot via partial snapshot cache. However, the
bindee function is context-dependent and must not be part of the startup
snapshot. There is no need for bound functions to use a COW array though.
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/851073002
Cr-Commit-Position: refs/heads/master@{#26072}
This API is used by Blink to inform V8 about HTML frames being disposed.
Using the optional parameter, Blink can tell V8 whether the disposed
frame was a main frame. In that case, we might want to reset GC
parameters
BUG=none
R=hpayer@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/823583003
Cr-Commit-Position: refs/heads/master@{#25926}
Regular ICs in MONOMORPHIC and POLYMORPHIC state now hold onto maps with
WeakCells. Vector-based ICs should do the same.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/815953002
Cr-Commit-Position: refs/heads/master@{#25907}
