Reason for revert:
Reverted because 507840 came back on recent Chromecrash. Should not have committed this Cl.
Original issue's description:
> Reland concurrent sweeping of code space.
>
> BUG=
>
> Committed: https://crrev.com/8516dccf6a561020441773c93c564dd4aa6ee59e
> Cr-Commit-Position: refs/heads/master@{#29967}
TBR=jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1263343002
Cr-Commit-Position: refs/heads/master@{#29975}
The calculation now takes into account the size of the arguments object
if it is present in the optimized frame.
(Yang, many thanks for the awesome repro!)
BUG=chromium:514362
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1264483008
Cr-Commit-Position: refs/heads/master@{#29973}
This fixes a bug introduced by r28826 (Unify decoding of deoptimization
translations, https://codereview.chromium.org/1136223004), where we
started leaking arguments marker sentinel to the debugger, which would
then cause crashes. This change replaces the sentinel with the undefined
value in the debugger-inspectable frame.
BUG=chromium:514362
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1263333002
Cr-Commit-Position: refs/heads/master@{#29971}
The BytecodeArrayBuilder has responsibility for emitting the BytecodeArray. It will be used by the AST walker.
Bytecode now uses an accumulator plus registers rather being pure register based.
Update BytecodeArray::Disassemble to print operand information.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1266713004
Cr-Commit-Position: refs/heads/master@{#29970}
port ec9bc79473 (r29949).
original commit message:
Previously these instructions tried to jump to the value at the code entry's
location, rather than jumping to this location. Also adds a test.
BUG=
Review URL: https://codereview.chromium.org/1256163003
Cr-Commit-Position: refs/heads/master@{#29964}
port 1a5751f9b3 (r29956)
original commit message:
Since we need the notion of a dummy vector ic, we can use that to avoid
a special case of the IC constructor. Also, consolidate the two dummy
ICs into one.
BUG=
Review URL: https://codereview.chromium.org/1265113002
Cr-Commit-Position: refs/heads/master@{#29963}
Introduce new mechanism for relocating j/jal.
Resolves flaky failures of mozilla regress tests.
Additionally:
- internal encoded references are not relocated during code generation phase.
- remove asserts from j and jal which are not
valid because addresses are not final and valid in code generation phase.
TEST=mozilla/js1_5/Regress/regress-280769-2, regress-367561-01,
mozilla/ecma_3/Statements/regress-444979
BUG=
R=paul.lind@imgtec.com
Review URL: https://codereview.chromium.org/1216823003 .
Patch from dusan.milosavljevic <dusan.milosavljevic@imgtec.com>.
Cr-Commit-Position: refs/heads/master@{#29962}
Since we need the notion of a dummy vector ic, we can use that to avoid
a special case of the IC constructor. Also, consolidate the two dummy
ICs into one.
BUG=
Review URL: https://codereview.chromium.org/1268783004
Cr-Commit-Position: refs/heads/master@{#29956}
This is the initial (big) step towards a more uniform implementation of
the ToObject abstract operation (ES6 7.1.13), where we have a fallback
implementation in JSReceiver::ToObject() and a fast (hydrogen) CodeStub
to deal with the fast case (we should be able to do more cleanup on this
in a followup CL). For natives we expose the abstract operation via a
%_ToObject intrinsic, also exposed via a macro TO_OBJECT, that unifies
the previous confusion with TO_OBJECT_INLINE, ToObject, TO_OBJECT,
$toObject and %$toObject. Now the whole implementation of the abstract
operation is context independent, meaning we don't need any magic in the
builtins object nor the native context.
R=mvstanton@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1266013006
Cr-Commit-Position: refs/heads/master@{#29953}
Also, a one line fix in TurboFan to call the correct store ic.
BUG=
Review URL: https://codereview.chromium.org/1266983002
Cr-Commit-Position: refs/heads/master@{#29952}
Previously these instructions tried to jump to the value at the code entry's
location, rather than jumping to this location. Also adds a test.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1265723003
Cr-Commit-Position: refs/heads/master@{#29949}
port c5dd553cf3 (r29929).
original commit message:
Adds interpreter entry and exit trampoline builtins. Also implements the
Return bytecode handler and fixes a few bugs in InterpreterAssembler
highlighted by running on other architectures.
BUG=
Review URL: https://codereview.chromium.org/1271433002
Cr-Commit-Position: refs/heads/master@{#29943}
port 597da50322 (r29910).
original commit message:
Changes the interpreter to use a BytecodeArray pointer and an offset to avoid
having an inner pointer to a BytecodeArray object in registers during dispatch.
BUG=
Review URL: https://codereview.chromium.org/1267783002
Cr-Commit-Position: refs/heads/master@{#29942}
Add factory methods for different types of LinkageLocations, and ensure that
accesses to the underlying data in the location are classified by type and
funneled through explicit accessors.
Also change the representation of LinkageLocation to use a BitField rather
than using a reserved section of the integer range.
Review URL: https://codereview.chromium.org/1262343002
Cr-Commit-Position: refs/heads/master@{#29938}
When enabling the v8 profiler (Using the following command parameters: --js-flags=--prof)
or vtune profiling in chromium. it will break. This failure is introduced by this CL:
https://codereview.chromium.org/1218863002.
The reason is that V8 will enable the JITted code logging if --prof is set for V8. And under
this condition, the function Logger::LogCodeObjects() will be invoked and it will trigger a
mark-compact GC when deserializing the snapshot. This GC will use MemoryReducer to post a
delay task by invoking V8Platform::CallDelayedOnForegroundThread() function. But at this point
V8 isolation is still under initialization and the PerIsolationData of this isolation has not
been created. (isolation_holder.cc:39~40 line). This leads to V8Platform::CallDelayedOnForegroundThread()
failure because of segment fault.
According to my understanding, I proposed the following fix. If the heap deserialization has not
be completed, it does not post the delay task for next GC.
BUG=
Review URL: https://codereview.chromium.org/1270493002
Cr-Commit-Position: refs/heads/master@{#29937}
This forces the second pass of the pending phantom callbacks to run immediately after the first.
BUG=chromium:511294
LOG=Y
Review URL: https://codereview.chromium.org/1252993004
Cr-Commit-Position: refs/heads/master@{#29933}
