- 26 Sep, 2019 1 commit
-
-
Dominik Inführ authored
InvalidateRecordedSlots needs to invalidate old-to new objects unconditionally. Checking slot_set_[OLD_TO_NEW] is not enough, since the sweeping_slot_set_ could still contain slots. ClearRecordedSlot in MigrateFastToFast is not necessary as well. This is only required in DeleteObjectPropertyFast since we might potentially shrink the object. Bug: chromium:1008301,chromium:1008046 Change-Id: If2c757a619b52d070825e4faadce7710eae61a07 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826717Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63985}
-
- 25 Sep, 2019 1 commit
-
-
Dominik Inführ authored
The previous CL https://crrev.com/c/1771783 introduced the old-to-new invalidation set, while still manually deleting slots in the remembered set. This CL only clears slots during sweeping when shrinking objects. The invalidation set is now used to filter slots in scavenge and mark-compact. Bug: v8:9454 Change-Id: I3a4c562d29cce0eddd9884e5f6fc1a09d1b5cd5e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807275 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63964}
-
- 23 Sep, 2019 1 commit
-
-
Dominik Inführ authored
Since invalidation is disabled at the moment, slots still need to be cleared explicitly. This was not the case in MigrateFastToFast in case a slot transitioned from tagged to untagged. Bug: chromium:1006630 Change-Id: I8d32ab9196603dabad9a382ec49b39144624c30d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815248Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63929}
-
- 16 Sep, 2019 1 commit
-
-
Dominik Inführ authored
Split OLD_TO_NEW remembered set and add OLD_TO_NEW_SWEEPING. The OLD_TO_NEW remembered set is moved to OLD_TO_NEW_SWEEPING during mark-compact. OLD_TO_NEW_SWEEPING is then modified by the sweeper. Before using the page again, OLD_TO_NEW and OLD_TO_NEW_SWEEPING are merged again. This means only the main thread modifies OLD_TO_NEW, the sweeper only removes entries from OLD_TO_NEW_SWEEPING. We can use this property to make accesses non-atomic in a subsequent CL. Bug: v8:9454 Change-Id: I9057cf85818d647775ae4c7beec4c8ccf73e18f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771783Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63807}
-
- 13 Sep, 2019 1 commit
-
-
Victor Gomes authored
Discussing with Toon, we've decided that these flags are no longer needed. Bug: v8:9714 Change-Id: Ic5ae8b4c0b2f470fad915ada8fec753a5d7e50ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801844 Commit-Queue: Victor Gomes <victorgomes@google.com> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Auto-Submit: Victor Gomes <victorgomes@google.com> Cr-Commit-Position: refs/heads/master@{#63765}
-
- 10 Sep, 2019 1 commit
-
-
Bill Budge authored
- Eliminates non-const reference parameters in src/objects. Bug: v8:9429 Change-Id: Ic39a59d54bda26c622db29f07143055c3cc6c7a0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1794683Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#63650}
-
- 09 Sep, 2019 1 commit
-
-
Dominik Inführ authored
Slots are always valid inside an invalidated area when outside the respective object's current size. This allows us to remove the size from the InvalidatedSlots data structure. This change was enabled by https://crrev.com/c/1771793. Reland after revert in https://crrev.com/c/1783106, this CL was not the culprit of the issue (chromium:1000404). Bug: v8:9454 Change-Id: I823d34670515924bf74200daa21a834044087310 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787431Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63607}
-
- 04 Sep, 2019 1 commit
-
-
Dominik Inführ authored
Reduce number of old-to-new invalidations. MigrateFastToFast, MigrateFastToSlow and DeleteObjectPropertyFast only need to invalidate objects in some cases but not in all. Bug: v8:9454 Change-Id: I901eecb9409c6dfa30cf6b4ee0bdd597862fc229 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781042Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63557}
-
- 03 Sep, 2019 1 commit
-
-
Dominik Inführ authored
This reverts commit 93063ade. Reason for revert: Clusterfuzz found issue. Original change's description: > [heap] Remove size from invalidated slots > > Slots are always valid inside an invalidated area when outside the > respective object's current size. This allows us to remove the size > from the InvalidatedSlots data structure. > > This change was enabled by https://crrev.com/c/1771793. > > Bug: v8:9454 > Change-Id: I2b5a7234d47227cb6ad8d67de20e9b5a2028ae83 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1773242 > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63510} TBR=ulan@chromium.org,sigurds@chromium.org,tebbi@chromium.org,dinfuehr@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:9454 Change-Id: I7daf96cf50aaedd4dbdab48fd550182df94e54bf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783106Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63535}
-
- 02 Sep, 2019 2 commits
-
-
Michael Lippautz authored
Those object types can carry embedder fields as they are generated from embedder-provided function templates. Bug: v8:9672 Change-Id: Iaea794ba8bea2ffec3559131eecfe1941479759a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781048Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#63511}
-
Dominik Inführ authored
Slots are always valid inside an invalidated area when outside the respective object's current size. This allows us to remove the size from the InvalidatedSlots data structure. This change was enabled by https://crrev.com/c/1771793. Bug: v8:9454 Change-Id: I2b5a7234d47227cb6ad8d67de20e9b5a2028ae83 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1773242Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63510}
-
- 28 Aug, 2019 1 commit
-
-
Z Nguyen-Huu authored
Currently the backing store and elements kind might not aligned aka backing store can be dictionary where elements kind is frozen/sealed element kinds or the other way around. The reason is that Object.preventExtensions change elements kind to DICTIONARY while Object.seal/freeze change elements kind to SEALED/FROZEN element kind. Apply both these operations can lead to that problem as in chromium:992914 To solve this issue, we avoid Object.preventExtensions to change backing store to dictionary by introducing new nonextensible elements kind. These new nonextensible elements kind are handled similar to frozen, sealed element kinds. This change not only fixes the problem but also optimize the performance of nonextensible objects. Change-Id: Iffc7f14eb48223c11abf3c577f305d2d072eb65b Bug: chromium:992914, v8:6831 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760976 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#63432}
-
- 22 Aug, 2019 2 commits
-
-
Dominik Inführ authored
This reverts commit aba185a7. Reason for revert: We want to keep this API. Original change's description: > [heap] Remove slots when shrinking objects > > Immediately remove recorded old-to-new slots when shrinking objects. > This operation needs to drain the store buffer, however the store buffer > is supposed to be removed anyway. > > Also do not remove slots when left-trimming since this isn't needed for > correctness. > > Bug: v8:9454 > Change-Id: I751baf2dcd03c87aee9cb1ebd168e05bf373a738 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762012 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63271} TBR=ulan@chromium.org,dinfuehr@chromium.org Bug: v8:9454 Change-Id: I9524a7448cc49948915fdccc5a6b1aa22e4de4a9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762524Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63342}
-
Dominik Inführ authored
This reverts commit 74e68e6a. Reason for revert: We want to keep this API. Original change's description: > [heap] Remove ClearRecordedSlots > > Do not pass it as argument to CreateObjectFillerAt and remove the enum. > > Bug: v8:9454 > Change-Id: Iafa37acbfea73d3cabb1732dbec0944db859fac2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762017 > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63282} TBR=ulan@chromium.org,petermarshall@chromium.org,dinfuehr@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:9454 Change-Id: I9a0a249294957740f831b28f5fefef132123d0e8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762523Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63338}
-
- 20 Aug, 2019 3 commits
-
-
Leszek Swirski authored
Since the mutability of HeapNumbers is determined by their owning object's descriptor array, we can remove the MutableHeapNumber type entirely, at the cost of a few fewer DCHECKs and a couple of TODOs to use the descriptor array information. This is a necessary step towards a follow-up which allows in-place Double -> Tagged transitions Design doc: https://docs.google.com/document/d/1VeKIskAakxQFnUBNkhBmVswgR7Vk6T1kAyKRLhqerb4/ Bug: v8:9606 Change-Id: I13209f9c86f1f204088f6fd80089e17d956b4a50 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743972 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#63294}
-
Dominik Inführ authored
Do not pass it as argument to CreateObjectFillerAt and remove the enum. Bug: v8:9454 Change-Id: Iafa37acbfea73d3cabb1732dbec0944db859fac2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762017Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63282}
-
Dominik Inführ authored
Immediately remove recorded old-to-new slots when shrinking objects. This operation needs to drain the store buffer, however the store buffer is supposed to be removed anyway. Also do not remove slots when left-trimming since this isn't needed for correctness. Bug: v8:9454 Change-Id: I751baf2dcd03c87aee9cb1ebd168e05bf373a738 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762012Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63271}
-
- 19 Aug, 2019 2 commits
-
-
Dominik Inführ authored
This reverts commit 60843b42. Reason for revert: TSAN detected issue between Scavenge workers. One task could invoke RefillFreeList(), while the other task iterates the remembered set of a swept page. Original change's description: > Use list of invalidated objects for old-to-new refs > > Instead of inserting "deletion" entries into the store buffer, keep a > list of invalidated objects to filter out invalid old-to-new slots. > > The first CL https://crrev.com/c/1704109 got reverted because both the > sweeper and the main task were modifying the invalidated slots data > structure concurrently. This CL changes this, such that the sweeper > only modifies the invalidated slots during the final atomic pause when > the main thread is not running. The sweeper does not need to clean this > data structure after the pause, since the "update pointers" phase > already removed all invalidated slots. > > The second CL https://crrev.com/c/1733081 got reverted because the > sweeper might find more free space than the full GC before it. If an > object shrinks after the pause but before the sweep, the invalidated > object might span free memory and potentially new allocated objects. > Therefore shrink invalidated objects when processing swept pages on > the main thread. Also clean recorded slots in the gap. > > TBR=petermarshall@chromium.org > > Bug: v8:9454 > Change-Id: I80d1fa3bbc24e97f7c97a373aaad66f105456f12 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751795 > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63239} TBR=ulan@chromium.org,hpayer@chromium.org,dinfuehr@chromium.org Change-Id: I9c6a371ebe36a1873acbe0d6c6a75dd2f5a55f4e No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9454 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760817Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63253}
-
Dominik Inführ authored
Instead of inserting "deletion" entries into the store buffer, keep a list of invalidated objects to filter out invalid old-to-new slots. The first CL https://crrev.com/c/1704109 got reverted because both the sweeper and the main task were modifying the invalidated slots data structure concurrently. This CL changes this, such that the sweeper only modifies the invalidated slots during the final atomic pause when the main thread is not running. The sweeper does not need to clean this data structure after the pause, since the "update pointers" phase already removed all invalidated slots. The second CL https://crrev.com/c/1733081 got reverted because the sweeper might find more free space than the full GC before it. If an object shrinks after the pause but before the sweep, the invalidated object might span free memory and potentially new allocated objects. Therefore shrink invalidated objects when processing swept pages on the main thread. Also clean recorded slots in the gap. TBR=petermarshall@chromium.org Bug: v8:9454 Change-Id: I80d1fa3bbc24e97f7c97a373aaad66f105456f12 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751795 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63239}
-
- 08 Aug, 2019 1 commit
-
-
Dominik Inführ authored
This reverts commit e2f98ec2. Reason for revert: Caused performance regression in ArrayLiteralInitialSpreadSmallHoley. Original change's description: > Use list of invalidated objects for old-to-new refs > > Instead of inserting "deletion" entries into the store buffer, keep > a list of invalidated objects to filter out invalid old-to-new slots. > > The first CL https://crrev.com/c/1704109 got reverted because both the sweeper and the main task were modifying the invalidated slots data structure concurrently. This CL changes this, such that the sweeper only modifies the invalidated slots during the final atomic pause when the main thread is not running. The sweeper does not need to clean this data structure after the pause, since the "update pointers" phase already removed all invalidated slots. > > Bug: v8:9454 > Change-Id: Iffb5bf96de2c89eee1ee1231a3414a0f2a155cbc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733081 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63087} TBR=ulan@chromium.org,petermarshall@chromium.org,dinfuehr@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:9454 Change-Id: I328b9f72df45fc9570d4a4d1b5389eac010638c7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743970 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#63131}
-
- 07 Aug, 2019 1 commit
-
-
Ross McIlroy authored
Previous differences in eager and lazy parsing meant that it was possible that feedback vectors could be different for the same function depending on how it was compiled. These issues have now been fixed, so remove the workaround and add an explicit CHECK that the feedback vectors are the same. BUG=chromium:984344,v8:9511 Change-Id: I0edfa350b1a2f236db1ee2f86bc46690da926af1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741650 Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#63116}
-
- 06 Aug, 2019 1 commit
-
-
Dominik Inführ authored
Instead of inserting "deletion" entries into the store buffer, keep a list of invalidated objects to filter out invalid old-to-new slots. The first CL https://crrev.com/c/1704109 got reverted because both the sweeper and the main task were modifying the invalidated slots data structure concurrently. This CL changes this, such that the sweeper only modifies the invalidated slots during the final atomic pause when the main thread is not running. The sweeper does not need to clean this data structure after the pause, since the "update pointers" phase already removed all invalidated slots. Bug: v8:9454 Change-Id: Iffb5bf96de2c89eee1ee1231a3414a0f2a155cbc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733081Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63087}
-
- 05 Aug, 2019 1 commit
-
-
Simon Zünd authored
This CL changes the signature of AccessorPair::GetComponent to take an additional parameter {native_context}. The current native_context does not always match the native context of the holder, resulting in JSFunctions that have the wrong native context for lazy instantiated AccessorPairs. Bug: chromium:989909, v8:6495 Change-Id: I45bfcb27ac367858dd6788736eba1a2e1302e802 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735311Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#63078}
-
- 30 Jul, 2019 1 commit
-
-
Yuki Shiino authored
Object::Get, Set, etc. properly invoke an interceptor registered via SetAccessCheckCallbackAndHandler, however, Object::GetOwnPropertyDescriptor does not invoke an interceptor. This patch supports access-check-interceptor for descriptors. Change-Id: Ie2b2f2456be95c6eef8c2cdfee2bdd651c011fa3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1720969Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Yuki Shiino <yukishiino@chromium.org> Cr-Commit-Position: refs/heads/master@{#62978}
-
- 23 Jul, 2019 1 commit
-
-
Sathya Gunasekaran authored
Bug: v8:9433, v8:8179 Change-Id: I10a643cac348a5a76b137427e5e0565db81e3dbb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1714649Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#62868}
-
- 18 Jul, 2019 1 commit
-
-
Ross McIlroy authored
If we flush the bytecode from a SFI we might recompile a JSFunction while the function still has its old feedback vector. This should usually be fine since the new and old feedback vectors have the same layout, however some bugs in the parser mean that it's possible for eagerly and lazily compiled eval functions to have different bytecode and so potentially different feedback vector layouts. For now reset the feedback vector if it doesn't have the same size when we compile the JSFunction, and recreate a new one of the correct layout. This will be replaced with a CHECK once the parser bugs are fixed. BUG=chromium:984344,v8:9511 Change-Id: Ib8976f2541516f7a07e4d4ab7dc3c750dfe9b5d4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708474 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62800}
-
- 16 Jul, 2019 2 commits
-
-
Dominik Inführ authored
This reverts commit dcac02ee. Reason for revert: TSAN discovered issue with cleaning invalidated slots in sweeper threads and inserting new slots in the main thread. Original change's description: > Use list of invalidated objects for old-to-new refs > > Instead of inserting "deletion" entries into the store buffer, keep > a list of invalidated objects to filter out invalid old-to-new slots. > > Bug: v8:9454 > Change-Id: Icd21d8cb2159190457f54d0f8b56742ecc820419 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695474 > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62744} TBR=ulan@chromium.org,petermarshall@chromium.org,dinfuehr@chromium.org Change-Id: I4278e9100c76657663e0a6a62f5d86bb3a343c0e No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9454 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1704109Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#62746}
-
Dominik Inführ authored
Instead of inserting "deletion" entries into the store buffer, keep a list of invalidated objects to filter out invalid old-to-new slots. Bug: v8:9454 Change-Id: Icd21d8cb2159190457f54d0f8b56742ecc820419 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695474 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#62744}
-
- 12 Jul, 2019 1 commit
-
-
Peter Marshall authored
Everyone was getting a copy of this through debug.h. Bug: v8:9396 Change-Id: I5189cb4bf27a3381768b0be479d7b3d60dec20bb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695472 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#62670}
-
- 09 Jul, 2019 2 commits
-
-
Z Nguyen-Huu authored
This DCHECK is unnecessary because the object can be sealed or frozen before it is set as a prototype map. The repro is Object.seal(Object);// Object is HOLEY_FROZEN_ELEMENTS const v3 = Object(); v3.__proto__ = Object; // Set prototype map bit and dictionary map bit const v6 = Object.seal(Object); // Turn Object to DICTIONARY_ELEMENTS Bug: chromium:980168 Change-Id: Iec50249d0ff0c5ed959201707b837871fcb88a02 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687280 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62606}
-
Igor Sheludko authored
Tbr: verwaest@chromium.org Bug: v8:9353 Change-Id: I8164e2235ca43e203410277b86e6f166010c11d6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687673Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62597}
-
- 08 Jul, 2019 1 commit
-
-
Clemens Hammacher authored
Cpplint usually checks for non-const reference arguments. They are forbidden in the style guide, and v8 does not explicitly make an exception here. This CL re-enables that warning, and fixes all current violations by adding an explicit "NOLINT(runtime/references)" comment. In follow-up CLs, we should aim to remove as many of them as possible. TBR=mlippautz@chromium.org Bug: v8:9429 Change-Id: If7054d0b366138b731972ed5d4e304b5ac8423bb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687891Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62551}
-
- 03 Jul, 2019 1 commit
-
-
Igor Sheludko authored
... and DescriptorArray. Bug: v8:9353 Change-Id: Ie05cbdc57f95e2edadbbed47cc2252bd381a76c8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683727Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62499}
-
- 01 Jul, 2019 1 commit
-
-
Z Nguyen-Huu authored
When applying Object.seal(), Object.freeze() to Smi, Double elements kind, it will transition to Object elements kind first then to new frozen, sealed elements kind accordingly. Also, add more mjsunit. Bug: v8:6831 Change-Id: I454b42d7eb329b03e20245896641eb6c1a87831d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662657 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62457}
-
- 26 Jun, 2019 1 commit
-
-
Igor Sheludko authored
... for defining isolate-full getters. Bug: v8:9353 Change-Id: I91aa11bfe41ab61b2fa72c21018fc38753a846bd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1676286Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62375}
-
- 24 Jun, 2019 1 commit
-
-
Mathias Bynens authored
We currently use the class name “JSValue” for JSObjects that wrap primitive values. This name is a common source of confusion. This patch switches to a name that’s more clear. In addition to manual tweaks, the patch applies the following mechanical global replacements: before | after --------------------------------|-------------------------------------- if_valueisnotvalue | if_valueisnotwrapper if_valueisvalue | if_valueiswrapper js_value | js_primitive_wrapper JS_VALUE_TYPE | JS_PRIMITIVE_WRAPPER_TYPE JSPrimitiveWrapperType | JSPrimitiveWrapper type jsvalue | js_primitive_wrapper JSValue | JSPrimitiveWrapper _GENERATED_JSVALUE_FIELDS | _GENERATED_JSPRIMITIVE_WRAPPER_FIELDS Change-Id: I9d9edea784eab6067b013e1f781e4db2070f807c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672942Reviewed-by:
Tamer Tas <tmrts@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#62337}
-
- 19 Jun, 2019 1 commit
-
-
Leszek Swirski authored
Rather than starting a new, orphaned transition tree in various bailout cases, simply drop down into dictionary mode. Aside from potential memory benefits, this allows us to remove CopyGeneralizeAllFields, which was the only path along which fields could end up in a different order than their descriptors. Change-Id: I5577e8a1ca51f0ffdadd7504e7895f367605aa27 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662298 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62279}
-
- 13 Jun, 2019 1 commit
-
-
Toon Verwaest authored
Bug: chromium:973363 Change-Id: Id2e46702f73e901df5f26b764d98fb3d4f681a98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657914 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#62143}
-
- 12 Jun, 2019 1 commit
-
-
Seth Brenith authored
This change adjusts object initialization order for a few classes so that the GC can never see those objects in an invalid, partially- initialized state. AccessorInfo: Just zeros out a few fields upon construction. This is the simplest case. FunctionTemplateInfo: Slightly changes the order in which fields are set, so that the Smi field is set ahead of the call to SetCallHandler, which can GC. Also a pretty simple case. JSListFormat, JSPluralRules, JSRelativeTimeFormat, JSSegmenter: The spec requires that we start with OrdinaryCreateFromConstructor, which has observable side effects (it fetches the prototype from the new.target). So we split JSObject::New in half: the first half does all of the user- visible things and returns a Map, which we can pass to the second half when we're ready to actually allocate the object. JSTypedArray: Extends the pattern from JSListFormat into Torque code: start with a Map and don't allocate the object until we're ready to set all of its properties. Bug: v8:9311 Change-Id: Id7703e8a0727ec756c774cfbb56af787658a111a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1646844 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#62123}
-
- 11 Jun, 2019 1 commit
-
-
Jose Dapena Paz authored
elements.cc invokes ApplyAttributesToDictionary using NumberDictionary as its template parameter. But the declaration of the template method is in js-object.cc, so nobody can actually compile the version for number dictionary. This is fixed requesting explicit instantiation for NumberDictionary. This was breaking GCC build. Bug: chromium:819294 Change-Id: I685ddc5b97e129d1a534dbdb04025c0932bc5ecd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649565Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: José Dapena Paz <jose.dapena@lge.com> Cr-Commit-Position: refs/heads/master@{#62097}
-