This change removes the unswept free bytes counter.
The new approach
- directly decrements allocated memory and capacity before sweeping (using live
bytes from the marker), and
- adds back capacity during refilling a free list.
This is another pre-work for moving around free lists while keeping the counters
in a sane state.
The previous approach allowed us to nail down how much memory is to-be-swept.
However, there were no users of this as we only used it do decrement it from
allocated memory (which still accounted for dead objects). If we want to keep
track of unswept free bytes in a space during compaction we can introduce a
separate new concurrent counter for this purpose.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1380723002
Cr-Commit-Position: refs/heads/master@{#31175}
There's no need for a dedicated ToBoolean builtin in JavaScript, since
ToBoolean(x) can easily be expressed in JavaScript as !!x, which has the
additional advantage that the compilers are able to properly optimize
that (out of the box).
Review URL: https://codereview.chromium.org/1400463002
Cr-Commit-Position: refs/heads/master@{#31172}
For property cells with cell type kConstantType, we can compute an
appropriate JavaScript type based on the current value of that cell.
Numbers cannot use Type::Of here, because the type might be too precise,
so we handle smi and heap number specially.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1400483002
Cr-Commit-Position: refs/heads/master@{#31171}
Reason for revert:
Breaks Arm debug.
Original issue's description:
> Reland: Introduce a V8_NORETURN macro and use it to make GCC 4.9.2 happy again.
>
> Without that, it has a few false positives about out-of-bounds array accesses.
> Also makes the clang static-analyzer happy.
>
> Original code review from Sven Panne:
> https://codereview.chromium.org/790723002/
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg
>
> Committed: https://crrev.com/93ae81101af68d81b7af84ea4046ea849e605116
> Cr-Commit-Position: refs/heads/master@{#31163}
TBR=jochen@chromium.org,karl@skomski.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1398643002
Cr-Commit-Position: refs/heads/master@{#31167}
Implements support for declaring global variables. Also adds support for loading
from and storing to both global and unallocated global variables. Adds the
following bytecodes:
- StoreGlobal
- LoadContextSlot
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1378523005
Cr-Commit-Position: refs/heads/master@{#31166}
This patch brings test262 up to the latest version on GitHub. Some
highlights from new failures are:
- Reflect
- Default parameters
- Case conversion edge cases
R=adamk
Review URL: https://codereview.chromium.org/1391793002
Cr-Commit-Position: refs/heads/master@{#31165}
Add a flag to explicitly filter scripts in ignition and use it for the test262
variant. The previous approach of overloading ignition-filter meant that only
top-level code was getting compiled through ignition.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1396493002
Cr-Commit-Position: refs/heads/master@{#31164}
Without that, it has a few false positives about out-of-bounds array accesses.
Also makes the clang static-analyzer happy.
Original code review from Sven Panne:
https://codereview.chromium.org/790723002/
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg
Review URL: https://codereview.chromium.org/1383053005
Cr-Commit-Position: refs/heads/master@{#31163}
In ES5, ToObject was called on elements before invoking the
.toLocaleString() method on them. ES2015 specifies that ToObject is
not called. A test262 test verifies this change. This patch
implements the new ES2015 behavior. It is verified by the test262 test
built-ins/Array/prototype/toLocaleString/primitive_this_value_getter
R=adamk
Review URL: https://codereview.chromium.org/1390893003
Cr-Commit-Position: refs/heads/master@{#31160}
In ES2015, section 20.3.1.15, TimeClip (an internal algorihtm which is
called when normalizing Date representations) is specified to add 0
to its result, which converts -0 into +0. This patch adds that conversion
to the Date code. It is verified by the test262 test
built-ins/Date/TimeClip_negative_zero
R=adamk
Review URL: https://codereview.chromium.org/1387293002
Cr-Commit-Position: refs/heads/master@{#31159}
Calling LowerInlineAllocationLimit from the bottom of Heap::Scavenge seems to be
a no-op.
new_space_.LowerInlineAllocationLimit(
new_space_.inline_allocation_limit_step());
LowerInlineAllocatoinLimit does the following things:
1. Set the inline_allocation_limit_step_ to the passed in value. No-op.
2. Calls UpdateInlineAllocationLimit(0). This is unnecessary here as it has
already been called when new_space_.ResetAllocationInfo was called above.
3. Sets top_on_previous_step_. This again is unnecessary as it gets reached by
ResetAllocationInfo as well.
BUG=
R=hpayer@chromium.org,ulan@chromium.org
Review URL: https://codereview.chromium.org/1390013002
Cr-Commit-Position: refs/heads/master@{#31156}
Previously, arrow function scopes had a separate ScopeType. However,
Scope::DeserializeScopeChain() erroneously deserialized ARROW_SCOPE
ScopeInfos as FUNCTION_SCOPE. This could lead to bugs such as the
attached one, where "super" was disallowed where it should have
been allowed.
This patch utilizes the Scope's FunctionKind to distinguish arrow
functions from others. Besides fixing the above bug, this also
simplifies code in various places that had to deal with two different
ScopeTypes both of which meant "function".
BUG=v8:4466
LOG=n
Review URL: https://codereview.chromium.org/1386253002
Cr-Commit-Position: refs/heads/master@{#31154}
This makes it explicit when the --ignition-filter pattern should be
applied to the script name instead of the function name by using a
proper "s:{name}" pattern. It also hardcodes it to be a prefix match
instead of an exact match, because that is all we need for test262.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1389353002
Cr-Commit-Position: refs/heads/master@{#31153}
Allow access to Array Iterator through the API, in order to simplify
setting up interfaces which use these methods. This applies to
WebIDL interfaces with "length" attributes returning integer types and
a getter taking an unsigned long type.
BUG=
LOG=N
R=adamk@chromium.org
Review URL: https://codereview.chromium.org/1378403004
Cr-Commit-Position: refs/heads/master@{#31152}
This separates the core machinery and the heuristics involved with
inlining functions calls. So far the heuristic only respects our
%SetForceInlineFlag hint, but it will the place where general inlining
heuristics can live without impeding clarity of the core machinery.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1391903002
Cr-Commit-Position: refs/heads/master@{#31150}
Untangles committed memory from capacity in a given space and unifies accounting
for all spaces.
Pre-work for parallel compaction.
R=hpayer@chromium.org
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1388383002
Cr-Commit-Position: refs/heads/master@{#31149}
Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context. Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.
Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations. Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
Cr-Commit-Position: refs/heads/master@{#31139}
Review URL: https://codereview.chromium.org/1387393002
Cr-Commit-Position: refs/heads/master@{#31148}
- Reflect.deleteProperty
- Reflect.get
- Reflect.has
- Reflect.isExtensible
Reflect.get doesn't support the receiver argument yet, and
some of the others don't support proxies yet.
R=rossberg
BUG=v8:3931
LOG=n
Review URL: https://codereview.chromium.org/1379313002
Cr-Commit-Position: refs/heads/master@{#31146}
Reason for revert:
Breaks GC stress: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/1984/steps/Bisect%20c5528ac1.Retry/logs/regress-crbug-450960
Original issue's description:
> [turbofan] Add initial support for global specialization.
>
> Introduce a new JSGlobalSpecialization advanced reducer that runs
> during the initial inlining and context specialization, and specializes
> the graph to the globals of the native context. Currently we assume
> that we do not inline cross native context, but long-term we will grab
> the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
> new global load/store ICs that are currently in the workings), and then
> this whole specialization will be fully compositional even across
> cross-context inlining.
>
> Note that we cannot really handle most of the stores to global object
> property cells because TurboFan doesn't have a mechanism to enforce
> certain representations. Also note that we cannot yet fully benefit
> from the type feedback collected on the global object property cells,
> because the type system cannot deal with maps in a reasonable way.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
> R=jarin@chromium.org
> BUG=v8:4470
> LOG=n
>
> Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
> Cr-Commit-Position: refs/heads/master@{#31139}
TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4470
Review URL: https://codereview.chromium.org/1390073004
Cr-Commit-Position: refs/heads/master@{#31144}
Thus TypeFeedbackMetadata can now be shared between different native contexts.
Review URL: https://codereview.chromium.org/1384673002
Cr-Commit-Position: refs/heads/master@{#31143}
Adds support for compiling top level code to bytecode to be run in the
interpreter.
Also moves PassesFilter to String:: so that it can be used to filter top
level script names as well as functions (used in
https://codereview.chromium.org/1379093002/)
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1372293005
Cr-Commit-Position: refs/heads/master@{#31142}
Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context. Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.
Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations. Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1387393002
Cr-Commit-Position: refs/heads/master@{#31139}
Reason for revert:
Suspected to cause crbug.com/539892
Original issue's description:
> improve perf_basic_prof filename reporting
>
> The buffer used for appending filenames to the string printed to the
> perf_basic_prof log was unnecessarily too small. Bump it up to be at least
> kUtf8BufferSize.
>
> Truncation of filenames makes it really hard to work with profiles gathered on
> Node.js. Because of the way Node.js works, you can have node module dependencies
> in deeply nested directories. The last thing you want when investigating a
> performance problem is to have script names be truncated.
>
> This patch is a stop-gap. Ideally, I want no truncation of the filename at all
> and use a dynamically growing buffer. That would be a larger change, and I
> wanted to have a quick fix available that can be back-ported to Node.js LTS
> release.
>
> R=yangguo@chromium.org,yurys@chromium.org
> BUG=
>
> Committed: https://crrev.com/03ef3cd004c2fd31ae7e48772f106df67b8c2feb
> Cr-Commit-Position: refs/heads/master@{#31092}
TBR=yangguo@chromium.org,yurys@chromium.org,ofrobots@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1390923004
Cr-Commit-Position: refs/heads/master@{#31137}
Optimizing global constants such as "NaN", "Infinity" and "undefined" is
best performed during graph building. Then the optimization and lowering
passes only need to deal with real loads in case of JSLoadGlobal.
R=mstarzinger@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1384953002
Cr-Commit-Position: refs/heads/master@{#31135}
Adds support for strict mode load / store ICs and cleans up BinaryOp and
CompareOp to only trigger an UNIMPLEMENTED abort if called with STRONG
mode (which is the only language mode which has different compare/binary ops.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1385623002
Cr-Commit-Position: refs/heads/master@{#31134}
Symbols marked as "well-known" now return an undefined value when loaded with a failed access check, instead of throwing.
Currently, only @@isConcatSpreadable is marked as well-known, until the correct behaviour is properly specified.
BUG=v8:4289, 507553
LOG=N
R=adamk@chromium.org, jochen@chromium.org, verwaest@chromium.org
Review URL: https://codereview.chromium.org/1230793002
Cr-Commit-Position: refs/heads/master@{#31131}
Reason for revert:
[Sheriff] Speculative revert due to crbug.com/539814
Original issue's description:
> Changed scavenge GC to collect unmodified references
>
> Added a scavenge GC pass that collects unmodified references instead of
> processing object groups. This mode can be controlled by setting
> FLAG_scavenge_remove_unmodified_objects. By default this is turned off.
> Also, modified a test case to suit the handle the new GC pass.
>
> BUG=v8:4421
> LOG=N
>
> Committed: https://crrev.com/6254019238a853c9f3c09d615ba153043f6957c7
> Cr-Commit-Position: refs/heads/master@{#31102}
TBR=jochen@chromium.org,rmcilroy@chromium.org,mythria@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4421,chromium:539814
Review URL: https://codereview.chromium.org/1388133002
Cr-Commit-Position: refs/heads/master@{#31130}
Previously, cases like
var [foo]
led to a parser crash because the parser tried to do something with
the initializer, which was not syntactically present.
This patch fixes the parser issue (implicitly creating an undefined
initializer) and inserts a check for array destructuring that the
right-hand side is coercible to an object, so it can have iterator
methods called on it safely.
BUG=v8:4462
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1384413002
Cr-Commit-Position: refs/heads/master@{#31128}
ASLR is much weaker in a 2GB address space. Plus the vast
majority of 32-bit Windows hosts are XP, which don't have
ASLR anyway. So, avoid the fragmentation and skip it in
this case.
BUG=chromium:394591
LOG=Y
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/1385023002
Cr-Commit-Position: refs/heads/master@{#31127}
