During incremental marking we need to clear to old generation
mark bits for promoted pages.
Bug: chromium:651354
Change-Id: I986de08d6a123b2eff3dd7824729cc1cfe29aeba
Reviewed-on: https://chromium-review.googlesource.com/522665
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45683}
Execution tests regress-336820 and regress-678917 finished with error
messages "allocation failure GC in old space requested" and "fatal
javascript OOM in CALL_AND_RETRY_LAST". For successful execution,
parameter max_old_space_size must be increased and this is done inside
tests.
TEST=mjsunit/regress/regress-336820,
mjsunit/regress/regress-678917
BUG=
Review-Url: https://codereview.chromium.org/2907363003
Cr-Original-Commit-Position: refs/heads/master@{#45672}
Committed: 1550c86909
Review-Url: https://codereview.chromium.org/2907363003
Cr-Commit-Position: refs/heads/master@{#45681}
When the input to Function.prototype.bind is a known function, we can
inline the allocation of the JSBoundFunction into TurboFan, which
provides a 2x speed-up for several hot functions in Node streams (as
discovered by Matteo Collina). One of example of this can be found in
https://github.com/nodejs/node/pull/13322, which can be optimized and
made more readable using bind instead of closures.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2916063002
Cr-Commit-Position: refs/heads/master@{#45679}
Based on past discussions I'm going to try to reland this change. This makes window.document and document behave the same after navigation, which is a change from what the spec says. If this works out though, it would greatly simplify the spec; and fix the fact that currently it's leaking the underlying global object, which we don't want for security and object-identity reasons.
Bug: chromium:713732
Change-Id: I5ce89afb46349ff92b7f5a884a7c388fcff887bf
Reviewed-on: https://chromium-review.googlesource.com/522605
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45678}
We want to be stricter about checking in the future, so give embedders a
way to disable checking while they fix their microtasks scopes.
BUG=chromium:728583
R=machenbach@chromium.org
Change-Id: I443575bf6820b432def59cbbd4d048b2007573c8
Reviewed-on: https://chromium-review.googlesource.com/522604
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45677}
Unfortunately, even for an empty generator, we still use 8 register for various things (try-finally, copies of generator object, parser-introduced temporaries). I will try to get rid of these in separate CLs.
Changes:
- SuspendGenerator bytecode now takes register list to save.
- ResumeGenerator was split into two bytecodes:
* Resume generator reads the state out and marks the generator as
'executing'.
* RestoreGeneratorRegisters reloads the registers from
the generator.
+ this required adding support for output register list.
- Introduced generator_object_ register in the bytecode generator.
* in subsequent CLs, I will make better use of it, the goal is
to get rid if the .generator_object local variable.
- Taught register optimizer to flush unassigned registers.
BUG=v8:6379
Review-Url: https://codereview.chromium.org/2894293003
Cr-Commit-Position: refs/heads/master@{#45675}
Execution tests regress-336820 and regress-678917 finished with error
messages "allocation failure GC in old space requested" and "fatal
javascript OOM in CALL_AND_RETRY_LAST". For successful execution,
parameter max_old_space_size must be increased and this is done inside
tests.
TEST=mjsunit/regress/regress-336820,
mjsunit/regress/regress-678917
BUG=
Review-Url: https://codereview.chromium.org/2907363003
Cr-Commit-Position: refs/heads/master@{#45672}
This is in an effort to narrow down the root cause of the
referenced, very flaky, bug.
Bug: chromium:725559
Change-Id: I8235983fea6f579d228e81177fdcac9ef6115d1f
Reviewed-on: https://chromium-review.googlesource.com/521923
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45668}
This patch adds ability to connect multiple sessions to a single context group. This is an experimental feature, which is already supported in test harness.
So far covered runtime domain with tests (and found a bug thanks to the test). More tests to follow in next patches, probably with code adjustments as well.
BUG=chromium:590878
Review-Url: https://codereview.chromium.org/2906153002
Cr-Commit-Position: refs/heads/master@{#45667}
Similar to marking, seed the pointers updating with items.
Bug: chromium:726040
Change-Id: Iaa480d153de96d744c425c478c68e7629550c85a
Reviewed-on: https://chromium-review.googlesource.com/521145
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45666}
Currently x instanceof Map/Set checks cannot take the fast path, since
the Map/Set constructor has dictionary properties. To avoid that, just
forcibly migrate the Map/Set constructor to fast properties again once
it's fully setup in the bootstrapper.
Bug: v8:5717, v8:5902
Change-Id: I23dfd00456c9206a0ca5af71dfbc9236982936fc
Reviewed-on: https://chromium-review.googlesource.com/520578
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45663}
This fixes an issue with ful-codegen where code target entries for the OSR
check were being incorrectly shared. We now explicitly disable sharing of code
target constant pool entries for full-codegen and for calls to builtins from
WASM code, using a scope.
BUG=chromium:725743
Review-Url: https://codereview.chromium.org/2922433002
Cr-Commit-Position: refs/heads/master@{#45661}
This reverts commit ba8a753947.
Reason for revert: A layout test is unhappy:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/16010
Original change's description:
> Reland "[runtime] Pass global proxy as receiver to native accessors in case of contextual access"
>
> Based on past discussions I'm going to try to reland this change. This makes window.document and document behave the same after navigation, which is a change from what the spec says. If this works out though, it would greatly simplify the spec; and fix the fact that currently it's leaking the underlying global object, which we don't want for security and object-identity reasons.
>
> Bug: chromium:713732
> Change-Id: I835ef510fc78f04c602434a7cec6420e027c4012
> Reviewed-on: https://chromium-review.googlesource.com/520764
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Kentaro Hara <haraken@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45654}
TBR=haraken@chromium.org,verwaest@chromium.org
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:713732
Change-Id: Iecde1cd855c21efa73939bbfbff0c26540ee2d98
Reviewed-on: https://chromium-review.googlesource.com/521045
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45659}
SRWLOCK is a faster and lightweight alternative of CRITICAL_SECTION for
non-recursive use case.
Bug: chromium:592752
Change-Id: Ie97cd9cee2d50a95f316b41c30e953f586b06c99
Reviewed-on: https://chromium-review.googlesource.com/520828
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Loo Rong Jie <loorongjie@gmail.com>
Cr-Commit-Position: refs/heads/master@{#45658}
Furthermore avoid lock-step between pointer updating phases as they
should execute in parallel without synchronization restrictions.
This reverts commit bc6adb868d.
Bug: chromium:726040
Change-Id: I1713d4333f0ce1604ff51c02461f3ef91e4bdaed
Reviewed-on: https://chromium-review.googlesource.com/521062
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45657}
On left trimming the main thread ensures that the array
is black before changing its map and length.
The concurrent marker snapshots the length of the array
and then tries to change its color to black. If the change
is successful, then the array is iterated using the saved
length.
BUG=chromium:694255
Change-Id: Ib06c1c9c3240ace56c1897e5a73462aa447d41f5
Reviewed-on: https://chromium-review.googlesource.com/519323
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45656}
Based on past discussions I'm going to try to reland this change. This makes window.document and document behave the same after navigation, which is a change from what the spec says. If this works out though, it would greatly simplify the spec; and fix the fact that currently it's leaking the underlying global object, which we don't want for security and object-identity reasons.
Bug: chromium:713732
Change-Id: I835ef510fc78f04c602434a7cec6420e027c4012
Reviewed-on: https://chromium-review.googlesource.com/520764
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45654}
On ia32, AssembleMove used to emit different code depending on whether
the to-be-moved heap object is in new space or not. This may have been
necessary in the past but is no longer. Moreoever, it's incompatible
with running off-thread. With this CL, we don't do the new-space check
and just emit a mov.
R=mstarzinger@chromium.org
Bug: v8:6048
Change-Id: I93abd61a5f290311a431edee3d4fa0a240d52085
Reviewed-on: https://chromium-review.googlesource.com/519248
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45653}
Use relaxed reads to allow changing the pointer concurrently in the
GC. The layout descriptor will either be fast and there's nothing
to be done, or it will be slow, and we will use the forwarding
pointer to determine the proper version to use.
Bug: chromium:726040
Change-Id: I0a376752c3a99abf0874070387fcaeb3cee0dcb2
Reviewed-on: https://chromium-review.googlesource.com/519346
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45652}
Switch to use Win32 CONDITION_VARIABLE like Chromium.
This greatly simplifies the implementation of ConditionVariable
class for Windows with better performance.
Bug:NO
Change-Id: Iea5e5cb80520a966aeb687bebb4b5256396cb13b
Reviewed-on: https://chromium-review.googlesource.com/519542
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Loo Rong Jie <loorongjie@gmail.com>
Cr-Commit-Position: refs/heads/master@{#45651}
Visitor id for JSObjects does not depend on the instance size.
BUG=chromium:694255
Change-Id: I6b4b559207609f4a4c19373572be6692a55c5187
Reviewed-on: https://chromium-review.googlesource.com/520763
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45650}
This fixes the counter inconsistencies while leaving the memory in an
inaccessible state.
Bug: chromium:724947
Change-Id: I431eb6fda84922a52dfb9380c6b482ada55bccee
Reviewed-on: https://chromium-review.googlesource.com/519164
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45647}
Furthermore avoid lock-step between pointer updating phases as they
should execute in parallel without synchronization restrictions.
This reverts commit 68a723996b.
Bug: chromium:726040
Change-Id: I76bb31d146f8aa20f8b7c486eeae9f09efa0cd53
Reviewed-on: https://chromium-review.googlesource.com/518150
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45644}
When checking {const char*} (or similar) against each other, don't
print them as c strings on failure. Just print the pointer value.
In wasm, where we use byte pointers into wasm wire bytes, this was
sometimes hiding check failures behind segfaults which happened when
trying to output invalid pointers as c strings.
Anyway, it's more useful to see the raw pointer values in these cases.
Other use cases, where we really compare against c string pointers
should be rare in our code base.
R=ishell@chromium.org
Change-Id: I92a13221d18c987a97cf2a29ac8f454178ff2bb5
Reviewed-on: https://chromium-review.googlesource.com/517166
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45642}
DebugInfo was very closely tied to break point support:
* It contained only information relevant to break points.
* It was created and freed by break point implementation.
* Existence of a DebugInfo on the shared function info implied existence of
break points.
This CL is a step towards making DebugInfo usable by other debugging
functionality such as block coverage by decoupling it from break point support,
which is now only one kind of information stored on the DebugInfo object.
BUG=v8:6000
Review-Url: https://codereview.chromium.org/2909893002
Cr-Commit-Position: refs/heads/master@{#45640}
Most prototype implementations are not fully supported in the
interpreter. This is the case at least for exception handling, simd, and
atomics. Any function can be redirected to the interpreter though,
either by passing --wasm-interpret-all, or by dynamically redirecting to
the interpreter for debugging.
Making the flags experimental keeps the fuzzer from playing around with
these flags.
Drive-by: Refactor tests which explicitly set the prototype flag to use
a new scope for that.
R=ahaas@chromium.org
BUG=chromium:727584
Change-Id: I67da79f579f1ac93c67189afef40c6524bdd4430
Reviewed-on: https://chromium-review.googlesource.com/519402
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45639}
V8 provides ScriptCompiler::CompileFunctionInContext method which takes expression and compile it as anonymous function like (function() .. expression ..). To produce correct locations for stmts inside of this expression V8 compile this function with negative offset. Instead of stmt position blackboxing use function start position which is negative in described case.
Bug: chromium:705963
Change-Id: I86b113198fb59e77b3bbf523c8cd943e22f8a6ca
Reviewed-on: https://chromium-review.googlesource.com/519384
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45637}
