Use an intrinsic for GetImportMetaObject and generate bytecode for the
case where import.meta has been initialized already. This way the
runtime method will only be called once per module.
Bug: v8:6693
Change-Id: If661e88e6accfb1c5795e37a80582d04f6dd87dd
Reviewed-on: https://chromium-review.googlesource.com/716536
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48801}
The spec got rid of `CheckObjectCoercible` a while back, and so should
we. This change is not observable in most of the affected cases since
`ToObject` is up near the top of most Array method algorithms. An
example of an observable effect of this change occurs for the following
input:
Array.prototype.sort.call(null, 1);
Behavior before applying the patch (incorrect message):
TypeError: Array.prototype.sort called on null or undefined
Expected behavior:
TypeError: The comparison function must be either a function or
undefined
This patch removes `CheckObjectCoercible` and adds tests to ensure the
few observable cases are addressed correctly.
The patch also adds a missing `ToObject(this)` to
`Array.prototype.lastIndexOf` which would otherwise become observable
as a result of `CheckObjectCoercible` being removed.
BUG=v8:3577,v8:6921
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ia086095076c4bf4d8d58dab26bc28df02994ed01
Reviewed-on: https://chromium-review.googlesource.com/718577
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48800}
as well as "BitwiseOp". Builtins and Interpreter bytecode handlers need
quite a bit of similar functionality with minor differences.
This CL factors out and generalizes the TaggedToNumeric[WithFeedback]
and the TaggedToWord[OrBigInt][WithFeedback] groups of helpers into one
shared implementation each in the CodeStubAssembler.
Bug: v8:6921
Change-Id: Iae5dcc4c50c7fde3423f801cb5484de337381ce6
Reviewed-on: https://chromium-review.googlesource.com/721606
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48798}
Whitespace-only strings count as empty too.
This behavior is different from BigInt.parseInt(""),
which throws a SyntaxError.
Bug: v8:6791, v8:6957
Change-Id: I6671c803f3ba83e23c3e0cad81d3af29dba61c9f
Reviewed-on: https://chromium-review.googlesource.com/727301
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48797}
- Introduce the new union type UnionType<T1,T2>, used for Number and
Numeric. Similarly, PairType<T1,T2> is used for a Turbofan operation
with two results. Further details in the design doc:
https://docs.google.com/document/d/10foP3m7SDWyFfbda96iEJ_XYOLQdd32AeoP8SD1cTcs/edit#heading=h.bghdno28mr7u
- Allow to derive the MachineType from a static type.
This allows to select the right MachineType when performing a
load/store.
- Disallow casts (UncheckedCast() or CAST()) when the target and
origin type have no overlap.
New cast ReinterpretCast() is an UncheckedCast without this check.
- Caveat of this CL: Checked casts (CAST()) are not possible for
UnionType<T1,T2> with the exception of Number (due to the existence
of Number in OBJECT_TYPE_LIST and the existence of an IsNumber()
function in the runtime).
Bug: v8:6949
Change-Id: I21a683d1341f69cebd8a347f545b454b463c52ad
Reviewed-on: https://chromium-review.googlesource.com/723320
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48796}
The motivation for the new field is to provide race-free way to
iterate used in-object properties of a JSObject in concurrent marker.
This CL keeps the new field in sync with the unused_property_fields
and subsequent CL will remove unused_property_fields.
Bug: chromium:774644
Change-Id: I0971f079094d58d3a57415834c43c09427dacc77
Reviewed-on: https://chromium-review.googlesource.com/726639
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48795}
This adds a wrapper script for run-tests.py that continues support for
iterating over multiple modes and architectures.
This also fixes a bug of the auto-detect target in gyp.
Bug: chromium:772804
Change-Id: I61ff47b12e1925e010d822327a8aae8c402f435d
Reviewed-on: https://chromium-review.googlesource.com/730225
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48794}
[wasm] Fix signature canonicalization for error case.
The decoder should not attempt to insert null signatures into the SignatureMap.
R=ahaas@chromium.org
Bug: chromium:775366
Change-Id: I0fbc0547dbf00fd25d37271a03b6756481a4c6a1
Reviewed-on: https://chromium-review.googlesource.com/730752
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48793}
And less Node *. The creeping introduction of types.
Bug: v8:6949
Change-Id: I8a559ef03e14ede8110faa4c456bbb9ce6cf56ca
Reviewed-on: https://chromium-review.googlesource.com/730467
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48791}
Arm64's implementation of `TurboAssembler::Abort()` supports printing the
bailout reason to the standard output without calling to the runtime. For this
to work, we need access to the host's printf function so we can call it
directly. In the general case, `Abort` does call the runtime, however, we cannot
do it if we want to abort from inside CEntryStub.
Bug: v8:6939
Change-Id: I2a57603cdc182a45cf770f405bd6ae449f40a047
Reviewed-on: https://chromium-review.googlesource.com/730746
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#48790}
If the input array is a JSArray with fast elements, it makes sense
to create an output array of the same ElementsKind when possible.
Bug: v8:1956
Change-Id: Ie9c937cf1751ccbbbe7cc76f40e1e1a0328ed37c
Reviewed-on: https://chromium-review.googlesource.com/730748
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48789}
JSClassOf may lower to a call to a builtin, and needs to be
modeled in a way that the effect chain can be maintained.
Bug: v8:6929
Change-Id: Ida332e6d85e2eb8b33fcad810d195ef3e897ccb0
Reviewed-on: https://chromium-review.googlesource.com/727204
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48786}
Instead we only change the map for the node being checked.
This also changes AbstractMaps to look through renames for keys. That
might theoretically lead to seeing less precise types for MayAlias
tests, the hope is it does not matter much.
Bug: v8:6396
Change-Id: I28a067080a3bc58c62a9dd5a76dce1aa348d8e0c
Reviewed-on: https://chromium-review.googlesource.com/730705
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48785}
In the special case of KeyedLoadIC, where the key that is passed in is a
Name that is always the same we only checked for identity in both the
stub and the TurboFan case, which works fine for symbols and internalized
strings, but doesn't really work with non-internalized strings, where
the identity check will fail, the runtime will internalize the string,
and the IC will then see the original internalized string again and not
progress in the feedback lattice. This leads to tricky deoptimization
loops in TurboFan and constantly missing ICs.
This adds fixes the stub to always try to internalize strings first
when the identity check fails and then doing the check again. If the
name is not found in the string table we miss, since in that case the
string cannot match the previously recorded feedback name (which is
always a unique name).
In TurboFan we represent this checks with new CheckEqualsSymbol and
CheckEqualsInternalizedString operators, which validate the previously
recorded feedback, and the CheckEqualsInternalizedString operator does
the attempt to internalize the input.
Bug: v8:6936, v8:6948, v8:6969
Change-Id: I3f3b4a587c67f00f7c4b60d239eb98a9626fe04a
Reviewed-on: https://chromium-review.googlesource.com/730224
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48784}
The issue in the arm simulator is fixed, reenable the tests.
R=ahaas@chromium.org
Bug: v8:6947
Change-Id: Ie57dbc01e02dbda3a978306b61ffff92c78d2f97
Reviewed-on: https://chromium-review.googlesource.com/725291
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48782}
This allocates and populates potential source position table before the
underlying {Code} objects is allocated. It essentially makes the field
holding said table immutable after allocation.
R=verwaest@chromium.org
BUG=v8:6792
Change-Id: If35462688a1b502f28ae84f73b82b5df5005735f
Reviewed-on: https://chromium-review.googlesource.com/727895
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48781}
This is a reland of 6f93d59d92.
One more test had to be disabled (tracked by bug 6954), and
two machops tests needed to be changed to use boxed floats
and doubles.
Original change's description:
> [test] Add nan bit patterns to uint{32,64}_vector
>
> If you just cast those patterns to float or double and pass them
> around, the quiet/signaling NaN bit might change. We had several bugs
> around this, so add these patterns to the general input vectors.
>
> This uncovers a bug in the wasm interpreter, which will be fixed in a
> separate CL.
>
> R=ahaas@chromium.org
>
> Bug: v8:6947, v8:6954
> Change-Id: I205b8ab784b087b1e4988190fa725df0b90e7ee0
> Reviewed-on: https://chromium-review.googlesource.com/725345
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48731}
Bug: v8:6947, v8:6954
Change-Id: I9a38b5d9324131c3950c537910371a73c93d2c13
Reviewed-on: https://chromium-review.googlesource.com/728439
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48780}
Due to a bug in gcc<5, we could not make some arrays constexpr. This CL
fixes this by encapsulating the respective functions in functors.
R=tebbi@chromium.org
Change-Id: I9947e38f7fd9b801f85623663849699c0f8ffd75
Reviewed-on: https://chromium-review.googlesource.com/730303
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48779}
A Load(kWord32) generates a movl instruction, which clears the high word
of a register already.
R=bmeurer@chromium.org
Change-Id: I835e5549483043a3faea08a1223070514f634c9e
Reviewed-on: https://chromium-review.googlesource.com/729863
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48777}
This reverts commit 06ff9e974a.
Reason for revert: Breaks deopt information with --prof. Deopts no longer show up properly in the logfile / profview
Original change's description:
> [logging] Use OFStream for log events
>
> This simplifies a few operations and removes the size limitations
> implied by the message buffer used.
>
> Change-Id: I8b873a0ffa399a037ff5c2501ba4b68158810968
> Reviewed-on: https://chromium-review.googlesource.com/724285
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48766}
TBR=adamk@chromium.org,cbruni@chromium.org
Change-Id: I290da0b2472ad0e765b765b26bdde334253376e3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/730164
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48776}
This reverts commit 9fd029ef25.
Due to a ClusterFuzz issue.
TBR=mstarzinger@chromium.org
Bug: chromium:776511
Change-Id: I0f30e2e8de97f3c437a1756c82e645828358ad91
Reviewed-on: https://chromium-review.googlesource.com/730006
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48775}
This CL provides the basic infrastructure on the GC side for write protected code pages.
The only thing missing on the GC side is the out-of-line free list implementation. In this
CL sweeper threads and the mutator need to synchronize when page protection mode changes.
This would not be necessary if the sweepr use and out-of-line free list.
Code allocation is currently protected by a CodeSpaceMemoryModificationScope. This may
go away with a unification of code space allocation and initialization that will happen
later.
One thing missing in this CL: freshly added pages are still read+write+executable. This
also needs to change: WIP
Bug: chromium:774108,v8:6792
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ib8d1ed1c09cc144791e462277bf43a4641e1490d
Reviewed-on: https://chromium-review.googlesource.com/716379
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48774}
This CL fixes the clang ToT bots.
R=jarin@chromium.org,neis@chromium.org
Change-Id: If903c59cb2ed70fcb3115310df71ba1e924ef824
Reviewed-on: https://chromium-review.googlesource.com/729244
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48772}
Restructuring the code a bit, dropping unnecessary labels and
trivial comments. Replacing the InstanceType jump table with
a few comparisons is faster and smaller.
No change in functionality intended.
Bug: v8:6921
Change-Id: Ia8c751717c0dbcd6a664ca508ddeff898cd84359
Reviewed-on: https://chromium-review.googlesource.com/729466
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48769}
The wasm memory deserialization didn't properly increment the object id, so
wouldn't work properly if the memory object (or its contained
SharedArrayBuffer) where included multiple times in the object.
Bug: v8:6895
Change-Id: I5c4c25bad2ec6152883c5a7321038aba1950480a
Reviewed-on: https://chromium-review.googlesource.com/721630
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48767}
This simplifies a few operations and removes the size limitations
implied by the message buffer used.
Change-Id: I8b873a0ffa399a037ff5c2501ba4b68158810968
Reviewed-on: https://chromium-review.googlesource.com/724285
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48766}
intl.js throws an exception when datetime-value to format is
Infinity or NaN, but there was a way to thwart the check.
Moreover, intl.js and runtime-intl.cc have unnecessary conversions
of 'Number->Date->Number'. I removed the unnecessary conversion
and made 'Number' be passed to %InternalDateFormat. With this
streamlining, the work-around mentioned above does not work
anymore.
Add a check in runtime_intl.cc for Infinity/NaN and throw a
RangeError.
Add invalid-time test for invalid datetime-values passed to
Intl.DateTimeFormat.format().
Bug: chromium:774833
Test: intl/date-format/invalid-time.js
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Idc575e532a86ee110dc4bb945ae023d6516650ee
Reviewed-on: https://chromium-review.googlesource.com/724860
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48765}
Change-Id: Ia403b1fc379688de5cd7e68fa99c364c1df36c00
Reviewed-on: https://chromium-review.googlesource.com/728955
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48764}
This reverts commit 71bcc1d960.
Reason for revert: Regresses Octane/Box2D, among other things.
Original change's description:
> [turbofan] Load elimination prunes control flow based on instance type.
>
> Changes:
> - introduce the notion of unreachable abstract states.
>
> - reconnect unreachables states to runtime abort in effect phis (so that
> the merged states are not polluted by unreachable branches while
> preserving SSA).
>
> - mark states with failed map checks, unreachable map guars as unreachable.
>
> - add instance type to AbstractMaps, only invalidate instance type on
> mismatched effect merges.
>
>
> This results in 2-3% improvement on ARES/ML steady state.
>
> Bug: v8:6396
> Change-Id: I35b0d4482fa400ba7ee9a754f8ef1b2663ebc7dc
> Reviewed-on: https://chromium-review.googlesource.com/727761
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48742}
TBR=jarin@chromium.org,bmeurer@chromium.org
Change-Id: I6302b37dbf5ea781c64815ef1900681531ad7d71
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6396
Reviewed-on: https://chromium-review.googlesource.com/728440
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48763}
This is to catch remaining instances or main thread's RCS accessed from other
threads. It could have a small negative impact on performance with RCS enabled.
We are going to revert this patch within a week.
BUG=chromium:760649
Change-Id: I437bf7206829c813c0090552c031199840f4baf4
Reviewed-on: https://chromium-review.googlesource.com/728398
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48761}
HTMLCollection and NodeList have InstanceType
JS_SPECIAL_API_OBJECT_TYPE, and therefore always run the slow case
of GetAlignedPropertyFromInternalField. This slows down the performance
of indexedPropertyGetter for both types, which are very commonly used
in websites.
Bug:
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I36bd2cd7d9bbc19149e15174f6868b8a1f1658c8
Reviewed-on: https://chromium-review.googlesource.com/726529
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Adithya Srinivasan <adithyas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48760}
The regression sneaked in when unifying the marking visitors in
4b42656dd6. The concurrent marker keeps a
local live byte count per page so it is safe to rely on non-atomic
writes from the main thread.
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
Bug: chromium:775864
Change-Id: If67d2accd1d7953aa30d815da8bf41b0039ad2dd
Reviewed-on: https://chromium-review.googlesource.com/728239
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48758}
Moves the feedback vector slot allocation out of ast-numbering and into
bytecode generation directly. This has a couple of benifits, including reduced
AST size, avoid code duplication and reduced feedback vector sizes in many cases
due to only allocating slots when needed. Also removes AstProperties since
this is no longer needed.
AstNumbering is now only used to allocate suspend ids for generators.
BUG=v8:6921
Change-Id: I103e8593c94ef5b2e56c34ef4f77bd6e7d64796f
Reviewed-on: https://chromium-review.googlesource.com/722959
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48757}
And fix the last violations which were introduced since the cleanup CLs
landed.
R=mstarzinger@chromium.org, jgruber@chromium.org
Bug: v8:6837, v8:6921
Change-Id: I317cce06f1e5c2bcdd57283c9c1b75cbe6415cbb
Reviewed-on: https://chromium-review.googlesource.com/727885
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48756}
Also ensure that CSA's CloneFixedArray and ExtractFixedArray correctly
transition COW to non-COW maps when doing a clone requiring copying.
Bug: chromium:775888
Change-Id: I31c97072761fdd2360d86f840c9fd6ab2d72973a
Reviewed-on: https://chromium-review.googlesource.com/727900
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48754}
Includes the fix for aborted compaction pages that now require processing
with all other ArrayBufferTrackers because the considered length (byteLength)
may be a HeapNumber allocated on a compacted page.
This is a reland of 46f9d5a254
Original change's description:
> Reland "[heap] ArrayBufferTracker: Only consider committed size"
>
> This is a reland of 6488c9e5a6
> Original change's description:
> > [heap] ArrayBufferTracker: Only consider committed size
> >
> > - Only consider commited size of ABs.
> > - Compute freed memory from retained sizes byte length might be a
> > HeapNumber and thus prohibited from accessing (as it may be already
> > collected).
> >
> > CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
> >
> > Bug: chromium:775896
> > Change-Id: Ia0bed66afac5e4d5ed58194950a55156e19cec72
> > Reviewed-on: https://chromium-review.googlesource.com/725722
> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48699}
>
> Bug: chromium:775896
> Change-Id: Ibbec1ffa8fe90d3668f0fe0c1b8b9997b5fd644e
> Cq-Include-Trybots: master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
> Reviewed-on: https://chromium-review.googlesource.com/726579
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48707}
Bug: chromium:775896
Change-Id: I9b7b2ae865ef6cdb25692abb65108df5c2ecc157
Cq-Include-Trybots: master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
Reviewed-on: https://chromium-review.googlesource.com/726800
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48753}
