With the upcoming "exception handling" proposal, we have to ensure
that traps are not catchable. This patch adds missing "uncatchable"
annotations to traps in the C-API and table-related instructions.
Fixed: v8:11813
Change-Id: I7bbd5043ede58a5315bd5117eb496ed014e79e91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953160
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75082}
- Fix an issue where weak containers would not be marked properly when
running with full object names. The problem was that in this
configuration the object graph was not traversed at all in the first
phase, meaning that no weak links would be found.
- Add edges to weak containers in the second phase that actually builds
the snapshot.
- Mark all weak containers instead of just ephemerons, to avoid having
fully weak containers show up as retainers.
Bug: chromium:1056170
Change-Id: I8b29e00a5d77028892c16e3c29258cd598083082
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2951730
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75081}
JS nodes that are connected to C++ nodes are merged with them in the
snapshot.
Bug: chromium:1056170
Change-Id: I137a21b3d847e669bf65962224050f5402bcff7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2951732
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75080}
This is a reland of febfbb21b9
Original change's description:
> [sparkplug] Adjust compare and jump function in sparkplug
>
> Mips and risc-v do not have the flag register and can not decide
> whether to jump through flags in JumpIf();
>
> Therefor, we merge the comparison with the jump;
>
> Bug: v8:11803
>
> Change-Id: If53752da93b97e8ff65affdfe99e5de8e1a1493f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2921034
> Auto-Submit: Liu yu <liuyu@loongson.cn>
> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75001}
Bug: v8:11803
Change-Id: Ib3cb89d8a9f59aad3fbd857881699e84e8fcd8aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945538
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75078}
We have to not have any instructions between EmitOOLTrapIfNeeded and the
movs. For this reason, we are now emitting EmitTSANStoreOOLIfNeeded
after the store rather than before.
We are also now requiring the code_kind to know if we are compiling a
FOR_TESTING function.
Finally, we have to differentiate between two different wasm-to-js
functions: one lives in the wasm code space, and another one lives on
the heap. The one that lives in wasm code space calls wasm stub calls,
and the other one calls the builtin like JS does.
Bug: v8:7790, v8:11600
Change-Id: Iafb4643068ae4e31881662e032f73af98a66baca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945185
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75077}
We can detect the sequence during instruction selection and
if possible emit a single load/store byte reversed opcode instead
of doing the same separately (i.e load/store and then reverse).
Change-Id: Ib7d0c8c7105382637c33cafac5b5f4e23e8e553d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2950243
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75076}
Migrate the remaining architectures to the new callee save RecordWrite
approach.
Bug: v8:11420
Change-Id: I9da56cbb5bf8c6ca4bcc7c0e2a1233e2f5ef587c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944844
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75075}
- Vertically adjust flamechart to show deep stacks
- Highlight currently hovered function in the complete flamechart
Bug: v8:10644, v8:11835
Change-Id: Ibb5839c332f28c552162943f3eb65435de11a36a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2950244
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75074}
If a label was binded after Branch in 4096 offst, we should use Branchshort.
Change-Id: I2197e2a18a43627370ed9b67b7ef7d678a2a62a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944795
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Brice Dobry <brice.dobry@futurewei.com>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Cr-Commit-Position: refs/heads/master@{#75073}
In trampoline, we emit auipc+jalr first. But the offset between target and trampoline is less than int21, so we can use jal to replace auipc+jalr.
It can reduce number of execution instruction.
Change-Id: Idc37d80341030130c478209681cb54c63d1ddf27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2939442
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Brice Dobry <brice.dobry@futurewei.com>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Cr-Commit-Position: refs/heads/master@{#75072}
For Cobalt's purpose in the past, we introduced base::Memcpy to
intercept memcpy calls and replace it with SbMemoryCopy on
Starboard/Cobalt. Recently Cobalt removed SbMemoryCopy because we found
out that memcpy implementation is universal. To reduce the cost to
maintain base::Memcpy, let us remove it and revert back to raw memcpy.
Bug: v8:10927
Change-Id: I060f191f8f1aed8b78ffe4558a3743f3a2da008b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2951462
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: John Xu <johnx@google.com>
Cr-Commit-Position: refs/heads/master@{#75070}
This reverts commit 1f0b0ed0e4.
Reason for revert: still crashing https://ci.chromium.org/ui/p/chromium/builders/try/android-marshmallow-arm64-rel/877258/test-results
Original change's description:
> Reland "heap: Fix initial GC configuration for C++-only heaps"
>
> This is a reland of 7ef67b2e9e
>
> Manually checked that the CL was not the culprit breaking
> media_blink_unittests --gtest_filter=WebMediaPlayerImplTest.MemDumpReporting
>
> Original change's description:
> > heap: Fix initial GC configuration for C++-only heaps
> >
> > Heaps in V8 start with a large limit that is shrunk upon young
> > generation GCs, based on some liveness estimate. This provides best
> > throughput during startup while at the same time finding a reasonable
> > first limit.
> >
> > For C++ (embedder memory) there is no estimate which is why it was
> > piggy-backing on V8. This breaks in scenarios where no JS memory is
> > allocated.
> >
> > In this fix we start a memory reducer after embedder memory has hit
> > the activation threshold if no GC happened so far. As soon as a single
> > Scavenger has happened, we leave it up to the JS estimate to figure
> > out a limit. Memory reducing GCs will then find a regular limit based
> > on the initial live size.
> >
> > Drive-by: Give embedders the same activiation threshold of 8MB as JS.
> >
> > Bug: chromium:1217076
> > Change-Id: I8469696002ac2af8d75d6b47def062d2608387a1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944935
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75012}
>
> Bug: chromium:1217076
> Change-Id: I482d8525379e33095834d5b41be8bb49bdd8a5d4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949094
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75048}
Bug: chromium:1217076
Change-Id: Ia409d7a3a22127af749cff5eb5db1ff508b969e4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2951468
Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75068}
This change addresses inconsistencies wrt. to stepping into generator
functions and breaking on the implicit initial yield. The new behavior
is the following:
1. Stepping into a generator function doesn't trigger "generator
stepping", but rather pauses right before the initial yield
(assuming there a no non-simple parameters in between).
2. When paused on the initial yield and stepping into or over, we also
don't turn on "generator stepping" immediately, but rather return to
the caller and only enter "generator stepping" on SuspendGenerator
bytecodes that correspond to `yield`s or `await`s in the source
code.
This matches the stepping behavior of regular functions more closely and
seems like a good compromise.
Fixed: chromium:901814
Change-Id: Ifc6c174011df1afea183e2c6ec21de27d72b17a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949099
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75066}
.. when concurrent inlining is on.
SerializeBackPointer
SerializeForElementLoad
SerializeRootMap
For SerializeRootMap: Due to changed root map access timing, it
is now possible to see an abandoned prototype map - added logic
for that in RemoveImpossibleMaps.
Bug: v8:7790
Change-Id: Icdb3fff12536bfdc84923e7cd40bad9978a2a401
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948658
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75065}
In fond memory of kPossiblyBackgroundSerialized, this CL adds a new
subtype of kNeverSerialized called NeverEverSerialized. Such refs are
never ever serialized, i.e. not even when concurrent inlining is
disabled.
The first Ref in this category is RegExpBoilerplateDescriptionRef.
The intent is to gradually transition all kNeverSerialized refs to
NeverEverSerialized and then remove NeverEverSerialized (making it the
default behavior).
Bug: v8:7790
Change-Id: I8741a94212426a773ec3dc20758a41cb89f13368
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947415
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75064}
Pass along the intended atomicity parameter for a getter in a DCHECK.
Bug: chromium:1218072
Change-Id: Ib83c8f548d3de9c944546c74291cd148643e185c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2950242
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75060}
And also make sure that even long names don't get truncated.
Fixed: chromium:1216284
Change-Id: I2792b60ddeb40a87816cb54fb0414ef0dea45da0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947409
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75059}
For tail calls, we already set the flag kCallTail on CallBufferFlags,
the bool is_tail_cal always matches the flag (and there is only one call
site (L3037).
Drive-by clean up to get SaveFPRegsMode once, this is used when we need
to save and restore caller-saved registers.
Change-Id: Id175922c4cb5162d38b5ab61b84e151aaf2083e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945536
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75056}
By moving this out of counters.h, counters.h no longer needs to depend
on isolate.h.
Change-Id: Ic5272e3b3a729c0a438124dc5cdc1835817f3341
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949098
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75055}
IsPendingAllocation will now load the space from the object's page
header first and then only check the object against the current LAB
of that particular space. Previously we were looking up that object
in the LABs of all spaces.
This new design also makes it feasible to have one dedicated mutex for
original_top/original_limit (respectively pending_object) for each
space. This will reduce contention on the mutexes.
Change-Id: I8e7636410259fd03b7970084bfbbaeadb2d8ba61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2936606
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75054}
Better explain why internalized strings have to be in old space. The
scavenger doesn't need to iterate and update references in the string
table and the stub cache.
Change-Id: I93c3e0b743f85fbf4de2ad877f3667abb2e0ae53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949101
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75052}
This is a reland of 7ef67b2e9e
Manually checked that the CL was not the culprit breaking
media_blink_unittests --gtest_filter=WebMediaPlayerImplTest.MemDumpReporting
Original change's description:
> heap: Fix initial GC configuration for C++-only heaps
>
> Heaps in V8 start with a large limit that is shrunk upon young
> generation GCs, based on some liveness estimate. This provides best
> throughput during startup while at the same time finding a reasonable
> first limit.
>
> For C++ (embedder memory) there is no estimate which is why it was
> piggy-backing on V8. This breaks in scenarios where no JS memory is
> allocated.
>
> In this fix we start a memory reducer after embedder memory has hit
> the activation threshold if no GC happened so far. As soon as a single
> Scavenger has happened, we leave it up to the JS estimate to figure
> out a limit. Memory reducing GCs will then find a regular limit based
> on the initial live size.
>
> Drive-by: Give embedders the same activiation threshold of 8MB as JS.
>
> Bug: chromium:1217076
> Change-Id: I8469696002ac2af8d75d6b47def062d2608387a1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944935
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75012}
Bug: chromium:1217076
Change-Id: I482d8525379e33095834d5b41be8bb49bdd8a5d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949094
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75048}
Changes:
- Implement a single function
WriteGlobalValue(const WasmGlobal&, const WasmValue&). Compute an
intermediate WasmValue when needed.
- Add WasmValue::CopyTo() to avoid reading little endian values in
WasmValue, and then transforming back to little endian.
- Add WasmValue::to_string() for tracing.
Change-Id: Ia7d9b9cddc7b8f77ae35fc588fe34c41ef444a2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948664
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75047}
Previously, for generating the snapshot, ephemerons containers were just
traced strongly, without handling their ephemeron pairs. This resulted
in the snbapshot missing out on all the value objects (as keys were
traced through regular Visit()).
The fix here
a) Adds ephemeron tracing;
b) Adds a flag to avoid showing the key being retained by the
ephemeron collection;
Bug: chromium:1056170
Change-Id: I45cc95bf4876879fa78b83154b13f20751b262b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948889
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75044}
Loop fallthroughs should leave values according to their out-type on the
stack, even when the stack is polymorphic.
Bug: chromium:1217470
Change-Id: I0a7e0569fa24fc16fcac76569a5ba14b6c7b0a9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949090
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75043}
Similar to https://crrev.com/c/v8/v8/+/2270548, we can add an early
return since we will not be creating thin strings while
single_generation is on.
Bug: v8:7790, v8:10614
Change-Id: Ib6ccc00bc79058daa163920a944ad328515f667e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948888
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75042}
This CL adds a new method intended for tests or lab settings to
cleanup V8 caches. The synchronous nature of the method greatly reduces
flakiness of blink leak detection in many cases.
Bug: chromium:1217831
Change-Id: I107eddc8b88d91aa7e69430ecfc135fe39538a5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948666
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75041}
These can now be implemented with EvaluateInitExpression
Change-Id: I891e0ef91627eaac1af85af10748ada5f032e5c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948663
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75040}
It was added years ago and in 2017 it was enabled by default[1], which
means enough time has passed and we can remove the flag.
[1]: https://chromium-review.googlesource.com/c/v8/v8/+/528076/
Change-Id: I059417d4683910e86ebfddd93f504006094fa342
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947406
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75039}
... and add regression test for contextual stores to JSGlobalObject
with interceptor in the prototype chain.
Bug: chromium:1216437
Change-Id: Ibd344288c6327b35f3276f59517995d591acb967
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944895
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75038}
--stress-concurrent-inlining has a negative implication for
--lazy-feedback-allocation. We need to explicitly add
--no-stress-concurrent-inlining, since the test relies on lazy feedback
allocation.
Bug: v8:11853
Change-Id: I2bd8f0da05a766dd7282cdb3b70c4a1b478c71cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948647
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75037}
* Skip 8 tests that timeout due to the low-performance of current MMTk non-moving GC.
- This will be enabled after TPH performance issues are addressed.
* Skip 2 new tests that creates a second isolate -- TPH does not support it at the moment.
* Skip 1 test that expects concurrent sweeping behavior of cppgc.
Bug: v8:11641
Change-Id: If86cdcc303b01536d278368886bb30d91da5c5c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2909692
Auto-Submit: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75036}
This reverts commit 7ef67b2e9e.
Reason for revert: Speculative revert for a blocked roll - https://chromium-review.googlesource.com/c/chromium/src/+/2947365
Original change's description:
> heap: Fix initial GC configuration for C++-only heaps
>
> Heaps in V8 start with a large limit that is shrunk upon young
> generation GCs, based on some liveness estimate. This provides best
> throughput during startup while at the same time finding a reasonable
> first limit.
>
> For C++ (embedder memory) there is no estimate which is why it was
> piggy-backing on V8. This breaks in scenarios where no JS memory is
> allocated.
>
> In this fix we start a memory reducer after embedder memory has hit
> the activation threshold if no GC happened so far. As soon as a single
> Scavenger has happened, we leave it up to the JS estimate to figure
> out a limit. Memory reducing GCs will then find a regular limit based
> on the initial live size.
>
> Drive-by: Give embedders the same activiation threshold of 8MB as JS.
>
> Bug: chromium:1217076
> Change-Id: I8469696002ac2af8d75d6b47def062d2608387a1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944935
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75012}
Bug: chromium:1217076
Change-Id: Ic1530162e846c2a767ea5ea902a01a21967d8e35
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947419
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75034}
This is a step towards making JSObjectRef non-serialized.
Change JSObjectRef::RawFastPropertyAt to use a direct load with
relaxed semantics. Special handling of `uninitialized` sentinel values
is moved to the only use-site.
A new lock `boilerplate_migration_access` protects against concurrent
boilerplate migrations while we are iterating over properties.
Bug: v8:7790
Change-Id: Ic9de54ca16c1f3364d497a77058cfa33d48dd4a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928184
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75033}
