The first try failed because I needed to make a better distinction
between clearing ICs according to policy at GC time or unconditional
clearing (say, via %ClearFunctionTypeFeedback).
It was also blocked by an issue in super constructor calls.
This fix (https://codereview.chromium.org/892113002/) needs to land
before checking in this CL.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/866493003
Cr-Commit-Position: refs/heads/master@{#26420}
Reason for revert:
Breaks a regression test on linux isloates, and linux with gcc 4.8.
Original issue's description:
> Use a WeakCell in the CallIC type vector.
>
> This allows us to clear the IC on a more sedate schedule, just
> like Load and Store ICs.
>
> R=ulan@chromium.org
> BUG=
>
> Committed: https://crrev.com/bcc79d33ca6d97d9ecfcfcf110a6ea84a0225389
> Cr-Commit-Position: refs/heads/master@{#26332}
TBR=ulan@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/886663004
Cr-Commit-Position: refs/heads/master@{#26334}
In DevTools we need one more flag for script origin - is debugger script. We already have "is shared origin" flag. The new flag added by analogy with the old but new has accessor in script object.
R=yurys@chromium.org
Review URL: https://codereview.chromium.org/879553002
Cr-Commit-Position: refs/heads/master@{#26324}
This solves an issue with the custom startup snapshot, in cases where
deserializing the isolate requires more than one page per space.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/876613002
Cr-Commit-Position: refs/heads/master@{#26285}
This method circumvented JS semantics, and should not be used.
BUG=
Review URL: https://codereview.chromium.org/854493004
Cr-Commit-Position: refs/heads/master@{#26157}
Math functions:
Some Math functions require typed arrays for their implementation. The embedded
script may call those Math functions. The serializer needs to deal with this.
Added assertion to make sure no other typed array is created when snapshotting.
Number-string cache:
We assume that the initial snapshot does not expand the number-string cache.
This is no longer true for custom heap snapshots.
Bound functions:
Bound functions store the bound arguments in a COW fixed array, including the
bindee function. COW arrays are serialized into the startup snapshot and
referenced in the partial snapshot via partial snapshot cache. However, the
bindee function is context-dependent and must not be part of the startup
snapshot. There is no need for bound functions to use a COW array though.
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/851073002
Cr-Commit-Position: refs/heads/master@{#26072}
This API is used by Blink to inform V8 about HTML frames being disposed.
Using the optional parameter, Blink can tell V8 whether the disposed
frame was a main frame. In that case, we might want to reset GC
parameters
BUG=none
R=hpayer@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/823583003
Cr-Commit-Position: refs/heads/master@{#25926}
Regular ICs in MONOMORPHIC and POLYMORPHIC state now hold onto maps with
WeakCells. Vector-based ICs should do the same.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/815953002
Cr-Commit-Position: refs/heads/master@{#25907}
This keeps dying maps alive for FLAG_retain_maps_for_n_gc garbage collections to increase chances of them being reused for new objects in future.
BUG=v8:3664
LOG=N
TEST=cctest/test-heap/MapRetaining
Review URL: https://codereview.chromium.org/794583003
Cr-Commit-Position: refs/heads/master@{#25887}
This relands macroassembler instructions and weak cell caching and
does not include parts that caused "Linux ASan LSan" test failures.
BUG=v8:3663
LOG=N
Review URL: https://codereview.chromium.org/764003003
Cr-Commit-Position: refs/heads/master@{#25615}
Not clearing can lead to a crash under following conditions:
1. Backing store of a weak map is allocated in large object space.
2. The backing store is marked incrementaly via the weak map.
3. The weak map is updated and gets a new backing store.
4. The store buffer overflows and marks the chunk of the old backing store as
"scan on scavenge."
5. Mark-compact collection kills some elements of the weak map. Note that the
old backing store survives because it was marked incrementally, but its dead
elements are not cleared.
6. Scavenger iterates over the old backing store, tries to move a dead object
and crashes.
BUG=v8:3631
LOG=N
TEST=cctest/test-heap/Regress3631
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/686783003
Cr-Commit-Position: refs/heads/master@{#25032}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25032 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Each time a transition is added to a hidden class, the whole
transitions array must be copied, which causes poor performance
in some circumstances. This change limits the maximum size of
the transition array, avoiding this behavior in the pathological
case. For example, this improves the performance of the EtchMark
benchmark by nearly 60%.
BUG=v8:3616
LOG=
R=verwaest@chromium.org, svenpanne@chromium.org
Review URL: https://codereview.chromium.org/635883003
Patch from Kevin M. McCormick <mckev@amazon.com>.
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24857 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
