Reason for revert:
Breaks test/mjsunit/debug-clearbreakpointgroup.js on arm64.debug.
Original issue's description:
> Fix memory leak caused by field type in descriptor array.
>
> When a field type is a map, it is wrapped in a weak cell upon storing to the descriptor array.
>
> Map::GetFieldType(i) does the unwrapping.
>
> BUG=v8:3877
> LOG=N
> TEST=cctest/test-heap/Regress3877
>
> Committed: https://crrev.com/77d3ae0e119893ac8d34ea6ca090cddd5bbf987e
> Cr-Commit-Position: refs/heads/master@{#26879}
TBR=verwaest@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3877
Review URL: https://codereview.chromium.org/960103003
Cr-Commit-Position: refs/heads/master@{#26883}
We cannot yet detect use-before-declaration in general, because for that we'd
need to analyze the context when compiling. But we can detect an error case
where we first see a use, then a declaration.
For this, I also added end position tracking (needed for error messages) to
VariableProxy.
Note: the position naming is completely inconsistent: start_position &
end_position, position & end_position, pos & end_pos, beg_pos & end_pos, to name
a few. This doesn't fix all of it, but tries to unify towards start_position &
end_position whenever possible w/ minimal changes.
BUG=
Review URL: https://codereview.chromium.org/943543002
Cr-Commit-Position: refs/heads/master@{#26880}
When a field type is a map, it is wrapped in a weak cell upon storing to the descriptor array.
Map::GetFieldType(i) does the unwrapping.
BUG=v8:3877
LOG=N
TEST=cctest/test-heap/Regress3877
Review URL: https://codereview.chromium.org/955063002
Cr-Commit-Position: refs/heads/master@{#26879}
Side note: tools/v8-info.sh seems to have been broken ever
since the move to git. At least it's not more broken now.
BUG=v8:3075
LOG=y
TEST=./script_test.py
Review URL: https://codereview.chromium.org/959713003
Cr-Commit-Position: refs/heads/master@{#26873}
Bad scenario:
- Enter a binop IC miss handler from optimized code object C from call
site S,
- From the binop IC, invoke arbitrary javascript that lazy deopts C,
so all relocation info is nuked and replaced with lazy deopt entries'
reloc info. In particular, there is no reloc info for S.
- Still from the arbitrary JavaScript, make IC target's code object move.
Note that the call site S is not updated.
- Return to the miss handler and inspect the IC's target. This will try
to get the target from S, but that is a potentially invalid pointer.
It is quite possible that we will have to do a similar fix for other ICs,
but we will have to find a reliable repro first. I am not submitting a
repro here because it is quite long running and brittle (it
relies on code compaction happening while in the binop IC).
BUG=v8:3910
LOG=n
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/958473004
Cr-Commit-Position: refs/heads/master@{#26872}
The new logic ensures that the error messages are the same in the
"import { <reserved word> }" and "import { foo as <reserved ord> }"
cases.
Also prepares ParseImportNames for returning both the import and local
names to ParseImportClause.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/952863006
Cr-Commit-Position: refs/heads/master@{#26863}
Xcode uses a different naming scheme for directories within
the xcodebuild directory. But it is safe to just delete
everything withing xcodebuild or out. Keep the soft clobber
for windows' build directory only, where subdirectories
follow the *release* and *debug* naming scheme.
BUG=chromium:403263
LOG=n
TBR=jochen@chromium.org
Review URL: https://codereview.chromium.org/955953002
Cr-Commit-Position: refs/heads/master@{#26852}
Without this change, it is non-trivial to know during
runhooks, if a landmine was just triggered in a checkout
that doesn't have the initial landmines script CL yet, i.e.
that didn't create a .landmines file yet.
BUG=chromium:403263
LOG=n
Review URL: https://codereview.chromium.org/954153002
Cr-Commit-Position: refs/heads/master@{#26842}
The FunctionLiteral returned from the parser for modules now has a MODULE_SCOPE,
instead of associating the module scope with a Block inside it. This makes
it easy to get at the ModuleDescriptor from the caller of Parse(), so I've added
a basic test that pokes at the scope and the descriptor. Expect more tests
in this vein.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/953983002
Cr-Commit-Position: refs/heads/master@{#26836}
This is to reduce code duplication but also to get the correct
behavior when we make for-of handle abrupt completion correctly.
BUG=None
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/956623003
Cr-Commit-Position: refs/heads/master@{#26834}
