- 03 Dec, 2015 6 commits
-
-
v8-autoroll authored
Rolling v8/tools/clang to b2ed9e4af62108938543234380912eeb9d5a58e6 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Review URL: https://codereview.chromium.org/1491363003 Cr-Commit-Position: refs/heads/master@{#32542}
-
machenbach authored
BUG=v8:4588 LOG=n TBR=yangguo@chromium.org NOTRY=true Review URL: https://codereview.chromium.org/1496863002 Cr-Commit-Position: refs/heads/master@{#32541}
-
zhengxing.li authored
port 531dde9f (r32516) original commit message: The new step-in implementation no longer tries to predict the step-in target, so we don't need the arguments count nor call type anymore. BUG= Review URL: https://codereview.chromium.org/1493993002 Cr-Commit-Position: refs/heads/master@{#32540}
-
bmeurer authored
The optimized code generated by Crankshaft cannot properly deal with proxies (in the prototype chain), and there's probably no point in trying to make that work^Wfast with Crankshaft at all. TurboFan will handle that properly; Crankshaft just bails out to fullcodegen, which then goes to the runtime, which should do the right thing soon. BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1492983002 Cr-Commit-Position: refs/heads/master@{#32539}
-
zhengxing.li authored
port 3e7e3ed7 (r32508) original commit message: * Add a sibling interface to InterpreterAssembler called CodeStubAssembler which provides a wrapper around the RawMachineAssembler and is intented to make it easy to build efficient cross-platform code stubs. Much of the implementation of CodeStubAssembler is shamelessly stolen from the InterpreterAssembler, and the idea is to eventually merge the two interfaces somehow, probably moving the InterpreterAssembler interface over to use the CodeStubAssembler. Short-term, however, the two interfaces shall remain decoupled to increase our velocity developing the two systems in parallel. * Implement the StringLength stub in TurboFan with the new CodeStubAssembler. Replace and remove the old Hydrogen-stub version. * Remove a whole slew of machinery to support JavaScript-style code stub generation, since it ultimately proved unwieldy, brittle and baroque. This cleanup includes removing the shared code stub context, several example stubs and a tangle of build file changes. BUG= Review URL: https://codereview.chromium.org/1492213002 Cr-Commit-Position: refs/heads/master@{#32538}
-
zhengxing.li authored
port 19741ac9 (r32301) original commit message: The Float32RoundTruncate operator rounds float32 numbers towards zero. The operator is currently implemented on x64, ia32, arm, and arm64. Additionally I added support for the float32 vrintz, vrintn, and vrinta instructions to the arm simulator. BUG= Review URL: https://codereview.chromium.org/1493213002 Cr-Commit-Position: refs/heads/master@{#32537}
-
- 02 Dec, 2015 34 commits
-
-
adamk authored
Both the is_const and declaration_scope fields can be reliably derived from the mode field. needs_init cannot be, unfortunately, due to the special case of CONST in for loops. Also inline the sole remaining non-trivial caller of Parser::DeclarationScope(VariableMode). Review URL: https://codereview.chromium.org/1487603003 Cr-Commit-Position: refs/heads/master@{#32536}
-
adamk authored
Review URL: https://codereview.chromium.org/1485823003 Cr-Commit-Position: refs/heads/master@{#32535}
-
adamk authored
These bits were relevant back when we had nested lexical modules, but I don't think they'll be of any use for ES2015 modules. Review URL: https://codereview.chromium.org/1485053002 Cr-Commit-Position: refs/heads/master@{#32534}
-
mbrandy authored
Port 531dde9f Original commit message: The new step-in implementation no longer tries to predict the step-in target, so we don't need the arguments count nor call type anymore. R=yangguo@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1490413002 Cr-Commit-Position: refs/heads/master@{#32533}
-
mbrandy authored
Port 3e7e3ed7 Original commit message: * Add a sibling interface to InterpreterAssembler called CodeStubAssembler which provides a wrapper around the RawMachineAssembler and is intented to make it easy to build efficient cross-platform code stubs. Much of the implementation of CodeStubAssembler is shamelessly stolen from the InterpreterAssembler, and the idea is to eventually merge the two interfaces somehow, probably moving the InterpreterAssembler interface over to use the CodeStubAssembler. Short-term, however, the two interfaces shall remain decoupled to increase our velocity developing the two systems in parallel. * Implement the StringLength stub in TurboFan with the new CodeStubAssembler. Replace and remove the old Hydrogen-stub version. * Remove a whole slew of machinery to support JavaScript-style code stub generation, since it ultimately proved unwieldy, brittle and baroque. This cleanup includes removing the shared code stub context, several example stubs and a tangle of build file changes. R=danno@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:4587 LOG=n Review URL: https://codereview.chromium.org/1492633006 Cr-Commit-Position: refs/heads/master@{#32532}
-
mbrandy authored
Port 411c5b7f Original commit message: Also remove the ResultMode from ToBooleanStub and always return true or false and use the same mechanism in fullcodegen. This is in preparation for adding ToBoolean hints to TurboFan. Drive-by-fix: We can use the power of the ToBooleanIC in TurboFan now that the ResultMode is gone (and the runtime always returns true or false from the miss handler). R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:4583 LOG=n Review URL: https://codereview.chromium.org/1490363003 Cr-Commit-Position: refs/heads/master@{#32531}
-
littledan authored
Revert of Disable non-standard Promise functions in staging (patchset #1 id:1 of https://codereview.chromium.org/1478533002/ ) Reason for revert: Will test better; there seems to be a bug related to this. Original issue's description: > Reland of Disable non-standard Promise functions in staging (patchset #1 id:1 of https://codereview.chromium.org/1473603002/ ) > > Reason for revert: > Breakage in Ignition seems unrelated; relanding. > > Original issue's description: > > Revert of Disable non-standard Promise functions in staging (patchset #5 id:80001 of https://codereview.chromium.org/1469543003/ ) > > > > Reason for revert: > > [Sheriff] This breaks ignition on arm sim debug: > > https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/5317 > > > > Seems to not be caught by the cq bot that builds release with dchecks. > > > > Original issue's description: > > > Disable non-standard Promise functions in staging > > > > > > This patch removes Promise functions and methods which are absent > > > from the ES2015 specification when the --es-staging flag is on. > > > > > > BUG=v8:3237 > > > R=rossberg > > > LOG=Y > > > > > > Committed: https://crrev.com/941251af7e04d50ac2243da2870249a42111221a > > > Cr-Commit-Position: refs/heads/master@{#32194} > > > > TBR=rossberg@chromium.org,littledan@chromium.org > > NOPRESUBMIT=true > > NOTREECHECKS=true > > NOTRY=true > > BUG=v8:3237 > > > > Committed: https://crrev.com/86bd2b3c23b562213d5af158849dcd65f347a827 > > Cr-Commit-Position: refs/heads/master@{#32199} > > TBR=rossberg@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=v8:3237 > > Committed: https://crrev.com/9278b7b05a45c2089007e8b61822af96b5d0c8df > Cr-Commit-Position: refs/heads/master@{#32235} TBR=rossberg@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:3237 Review URL: https://codereview.chromium.org/1493713004 Cr-Commit-Position: refs/heads/master@{#32530}
-
thakis authored
update.sh is gone in chromium, and using update.py will do the right thing both before and after the deletion in chromium (previously, update.py used to call update.sh internally on non-win). This also has the benefit of working on Windows. No intended behavior change. BUG=chromium:494442 LOG=n Review URL: https://codereview.chromium.org/1495653002 Cr-Commit-Position: refs/heads/master@{#32529}
-
kozyatinskiy authored
LOG=Y BUG=chromium:558998 R=yangguo@chromium.org Review URL: https://codereview.chromium.org/1495633002 Cr-Commit-Position: refs/heads/master@{#32528}
-
verwaest authored
This hackily disambiguates multiple calls for the iterator protocols in ForOf / Yield* by adding -2 / -1 to the pos. BUG=v8:3953 LOG=y Review URL: https://codereview.chromium.org/1491923003 Cr-Commit-Position: refs/heads/master@{#32527}
-
mbrandy authored
While execution will not return to this location, stack iteration logic will attempt to find the code object associated with the return address. This makes sure that it maps to the correct object and not to the one immediately following it in memory. R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1490343002 Cr-Commit-Position: refs/heads/master@{#32526}
-
jkummerow authored
Split out of PropertyAttributes, and used for all filtering purposes. Also moved PropertyAttributes into the v8::internal:: namespace. No change in behavior intended. Review URL: https://codereview.chromium.org/1492653004 Cr-Commit-Position: refs/heads/master@{#32525}
-
bmeurer authored
Also remove the ResultMode from ToBooleanStub and always return true or false and use the same mechanism in fullcodegen. This is in preparation for adding ToBoolean hints to TurboFan. Drive-by-fix: We can use the power of the ToBooleanIC in TurboFan now that the ResultMode is gone (and the runtime always returns true or false from the miss handler). R=mstarzinger@chromium.org BUG=v8:4583 LOG=n Review URL: https://codereview.chromium.org/1491223002 Cr-Commit-Position: refs/heads/master@{#32524}
-
sigurds authored
R=mstarzinger@chromium.org BUG=v8:4586 LOG=n Review URL: https://codereview.chromium.org/1491903002 Cr-Commit-Position: refs/heads/master@{#32523}
-
mlippautz authored
Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #1 id:1 of https://codereview.chromium.org/1493523003/ ) Reason for revert: Speculative revert for crashing Canary. Original issue's description: > Reland of [heap] Refactor evacuation for young and old gen into visitors. (patchset #1 id:1 of https://codereview.chromium.org/1483393002/ ) > > Reason for revert: > Reland after fixing the potential root cause of the canary crasher. > > Original issue's description: > > Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #5 id:80001 of https://codereview.chromium.org/1470253002/ ) > > > > Reason for revert: > > Still investigating bad canary. > > > > Original issue's description: > > > [heap] Refactor evacuation for young and old gen into visitors. > > > > > > Create a visitor for evacuating objects for young and old generation. This is > > > the first step of preparing a task to process, both, newspace and oldspace > > > pages in parallel. > > > > > > BUG=chromium:524425 > > > LOG=N > > > > > > Committed: https://crrev.com/138d9bae5d7014e0d205634a49b5eac3697744c8 > > > Cr-Commit-Position: refs/heads/master@{#32349} > > > > TBR=mlippautz@chromium.org > > NOPRESUBMIT=true > > NOTREECHECKS=true > > NOTRY=true > > BUG=chromium:524425 > > > > Committed: https://crrev.com/aa24a3135ec308e1f84bce334844caf0cae2437a > > Cr-Commit-Position: refs/heads/master@{#32462} > > TBR=mlippautz@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:524425 > > Committed: https://crrev.com/120b640dfce5f02cecc5af72ca0b2b3b93ce8652 > Cr-Commit-Position: refs/heads/master@{#32500} TBR=hpayer@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:524425 Review URL: https://codereview.chromium.org/1495583002 Cr-Commit-Position: refs/heads/master@{#32522}
-
mlippautz authored
Revert of [heap] Unify evacuating an object for new and old generation. (patchset #1 id:1 of https://codereview.chromium.org/1494533002/ ) Reason for revert: Speculative revert for crashing Canary. Original issue's description: > Reland of [heap] Unify evacuating an object for new and old generation. (patchset #1 id:1 of https://codereview.chromium.org/1483963004/ ) > > Reason for revert: > Reland after fixing the potential root cause of the canary crasher. > > Original issue's description: > > Revert of [heap] Unify evacuating an object for new and old generation. (patchset #2 id:20001 of https://codereview.chromium.org/1481873002/ ) > > > > Reason for revert: > > Still investigating bad canary. > > > > Original issue's description: > > > [heap] Unify evacuating an object for new and old generation. > > > > > > BUG=chromium:524425 > > > LOG=N > > > > > > Committed: https://crrev.com/afb8bcce8ba889280ed747eb218d287ddd233b4a > > > Cr-Commit-Position: refs/heads/master@{#32365} > > > > TBR=mlippautz@chromium.org > > NOPRESUBMIT=true > > NOTREECHECKS=true > > NOTRY=true > > BUG=chromium:524425 > > > > Committed: https://crrev.com/9c60ddc60e96da0c59e646660789c26550ad52a2 > > Cr-Commit-Position: refs/heads/master@{#32460} > > TBR=mlippautz@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:524425 > > Committed: https://crrev.com/7ea8ac98f6eb5ffa9d4976aa22fec9befb814e0c > Cr-Commit-Position: refs/heads/master@{#32501} TBR=hpayer@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:524425 Review URL: https://codereview.chromium.org/1491013003 Cr-Commit-Position: refs/heads/master@{#32521}
-
mlippautz authored
Revert of "[heap] Clean up stale store buffer entries for aborted pages." (patchset #3 id:40001 of https://codereview.chromium.org/1494503004/ ) Reason for revert: Still failing on GC stress https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/690 Original issue's description: > Reland of "[heap] Clean up stale store buffer entries for aborted pages." > > This reverts commit d4fc4a8c. > > 1. Let X be the aborted slot (slot in an evacuated object in an aborted page) > 2. Assume X contains pointer to Y and Y is in the new space, so X is in the > store buffer. > 3. Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)). > 4. The current mark-sweep finishes. The slot X is in free space and is also in > the store buffer. > 5. A string of length 9 "abcdefghi" is allocated in the new space. The string > looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is > previous garbage. Let's assume that NNNNNNN0 was pointing to a new space > object before. > 6. Scavenge happens. > 7. Slot X is still in free space and in store buffer. [It causes scavenge of > the object Y in > store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But > it is not important]. > 8. Our string is promoted and is allocated over the slot X, such that NNNNNNNi > is written in X. > 9. The scavenge finishes. > 9. Another scavenge starts. > 10. We crash in > store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when > processing slot X, because it doesn't point to valid map. > > BUG=chromium:524425, chromium:564498 > LOG=N > R=hpayer@chromium.org, ulan@chromium.org > > Committed: https://crrev.com/fc6ff534003480e49dc481d9c665e961ab709c02 > Cr-Commit-Position: refs/heads/master@{#32514} TBR=hpayer@chromium.org,ulan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:524425, chromium:564498 Review URL: https://codereview.chromium.org/1492823002 Cr-Commit-Position: refs/heads/master@{#32520}
-
bmeurer authored
We can constant fold %_IsJSReceiver(x) based on whether x is always a receiver or can never be a receiver. This is important as %_IsJSReceiver is inserted by the JSInliner. R=jarin@chromium.org BUG=v8:4544 LOG=n Review URL: https://codereview.chromium.org/1486383003 Cr-Commit-Position: refs/heads/master@{#32519}
-
mbrandy authored
R=mvstanton@chromium.org, yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/1491683003 Cr-Commit-Position: refs/heads/master@{#32518}
-
yangguo authored
R=verwaest@chromium.org Review URL: https://codereview.chromium.org/1493733002 Cr-Commit-Position: refs/heads/master@{#32517}
-
yangguo authored
The new step-in implementation no longer tries to predict the step-in target, so we don't need the arguments count nor call type anymore. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/1484893003 Cr-Commit-Position: refs/heads/master@{#32516}
-
zhengxing.li authored
port 4f494789 (r32262) original commit message: The Float32RoundUp operator rounds float32 numbers towards infinity. The operator is currently implemented on x64, ia32, arm, and arm64. BUG= Review URL: https://codereview.chromium.org/1491843003 Cr-Commit-Position: refs/heads/master@{#32515}
-
mlippautz authored
This reverts commit d4fc4a8c. 1. Let X be the aborted slot (slot in an evacuated object in an aborted page) 2. Assume X contains pointer to Y and Y is in the new space, so X is in the store buffer. 3. Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)). 4. The current mark-sweep finishes. The slot X is in free space and is also in the store buffer. 5. A string of length 9 "abcdefghi" is allocated in the new space. The string looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is previous garbage. Let's assume that NNNNNNN0 was pointing to a new space object before. 6. Scavenge happens. 7. Slot X is still in free space and in store buffer. [It causes scavenge of the object Y in store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But it is not important]. 8. Our string is promoted and is allocated over the slot X, such that NNNNNNNi is written in X. 9. The scavenge finishes. 9. Another scavenge starts. 10. We crash in store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when processing slot X, because it doesn't point to valid map. BUG=chromium:524425, chromium:564498 LOG=N R=hpayer@chromium.org, ulan@chromium.org Review URL: https://codereview.chromium.org/1494503004 Cr-Commit-Position: refs/heads/master@{#32514}
-
cbruni authored
BUG= Review URL: https://codereview.chromium.org/1491613002 Cr-Commit-Position: refs/heads/master@{#32513}
-
machenbach authored
Revert of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1495443003/ ) Reason for revert: Still not working Original issue's description: > Reland of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1485813004/ ) > > Reason for revert: > Should be fixed after https://codereview.chromium.org/1487413002/ > > Original issue's description: > > Revert of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1486963002/ ) > > > > Reason for revert: > > Maybe causing problems > > > > Original issue's description: > > > [CQ] Update proto format to fix triggered builders. > > > > > > Depends on https://chromereviews.googleplex.com/319777013/ > > > > > > BUG=chromium:561530 > > > LOG=n > > > TBR=sergiyb@chromium.org, tandrii@chromium.org > > > NOTRY=true > > > > > > Committed: https://crrev.com/51d6d619330080a76c5bc7a2ebdafebc6a808aa8 > > > Cr-Commit-Position: refs/heads/master@{#32453} > > > > TBR=sergiyb@chromium.org,tandrii@chromium.org > > NOPRESUBMIT=true > > NOTREECHECKS=true > > NOTRY=true > > BUG=chromium:561530 > > > > Committed: https://crrev.com/79ded5acc9da6a80cbd739c24c6dfa0cf207ae93 > > Cr-Commit-Position: refs/heads/master@{#32464} > > TBR=sergiyb@chromium.org,tandrii@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:561530 > > Committed: https://crrev.com/3cea13351c1af365013f51c7b67e72eeba79afe6 > Cr-Commit-Position: refs/heads/master@{#32511} TBR=sergiyb@chromium.org,tandrii@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:561530 Review URL: https://codereview.chromium.org/1493693003 Cr-Commit-Position: refs/heads/master@{#32512}
-
machenbach authored
Reland of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1485813004/ ) Reason for revert: Should be fixed after https://codereview.chromium.org/1487413002/ Original issue's description: > Revert of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1486963002/ ) > > Reason for revert: > Maybe causing problems > > Original issue's description: > > [CQ] Update proto format to fix triggered builders. > > > > Depends on https://chromereviews.googleplex.com/319777013/ > > > > BUG=chromium:561530 > > LOG=n > > TBR=sergiyb@chromium.org, tandrii@chromium.org > > NOTRY=true > > > > Committed: https://crrev.com/51d6d619330080a76c5bc7a2ebdafebc6a808aa8 > > Cr-Commit-Position: refs/heads/master@{#32453} > > TBR=sergiyb@chromium.org,tandrii@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:561530 > > Committed: https://crrev.com/79ded5acc9da6a80cbd739c24c6dfa0cf207ae93 > Cr-Commit-Position: refs/heads/master@{#32464} TBR=sergiyb@chromium.org,tandrii@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:561530 Review URL: https://codereview.chromium.org/1495443003 Cr-Commit-Position: refs/heads/master@{#32511}
-
hablich authored
NOTRY=true TBR=hpayer@chromium.org, ulan@chromium.org Review URL: https://codereview.chromium.org/1490263002 Cr-Commit-Position: refs/heads/master@{#32510}
-
jochen authored
BUG=v8:2487 LOG=n R=vogelheim@chromium.org Review URL: https://codereview.chromium.org/1496493002 Cr-Commit-Position: refs/heads/master@{#32509}
-
danno authored
* Add a sibling interface to InterpreterAssembler called CodeStubAssembler which provides a wrapper around the RawMachineAssembler and is intented to make it easy to build efficient cross-platform code stubs. Much of the implementation of CodeStubAssembler is shamelessly stolen from the InterpreterAssembler, and the idea is to eventually merge the two interfaces somehow, probably moving the InterpreterAssembler interface over to use the CodeStubAssembler. Short-term, however, the two interfaces shall remain decoupled to increase our velocity developing the two systems in parallel. * Implement the StringLength stub in TurboFan with the new CodeStubAssembler. Replace and remove the old Hydrogen-stub version. * Remove a whole slew of machinery to support JavaScript-style code stub generation, since it ultimately proved unwieldy, brittle and baroque. This cleanup includes removing the shared code stub context, several example stubs and a tangle of build file changes. BUG=v8:4587 LOG=n Review URL: https://codereview.chromium.org/1475953002 Cr-Commit-Position: refs/heads/master@{#32508}
-
bmeurer authored
The main part of the Proxy constructor was already in C++, there's actually no point in keeping a JavaScript wrapper. R=cbruni@chromium.org BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1491893002 Cr-Commit-Position: refs/heads/master@{#32507}
-
cbruni authored
BUG= Review URL: https://codereview.chromium.org/1484393002 Cr-Commit-Position: refs/heads/master@{#32506}
-
bmeurer authored
Allow to pass new.target (in addition to target) to C++ builtins, and remove some obsolete/dangerous code from the C++ builtins. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/1491883002 Cr-Commit-Position: refs/heads/master@{#32505}
-
mlippautz authored
Revert of [heap] Clean up stale store buffer entries for aborted pages. (patchset #4 id:60001 of https://codereview.chromium.org/1493653002/ ) Reason for revert: Not completely correct fix. Original issue's description: > [heap] Clean up stale store buffer entries for aborted pages. > > 1. Let X be the aborted slot (slot in an evacuated object in an aborted page) > 2. Assume X contains pointer to Y and Y is in the new space, so X is in the > store buffer. > 3. Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)). > 4. The current mark-sweep finishes. The slot X is in free space and is also in > the store buffer. > 5. A string of length 9 "abcdefghi" is allocated in the new space. The string > looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is > previous garbage. Let's assume that NNNNNNN0 was pointing to a new space > object before. > 6. Scavenge happens. > 7. Slot X is still in free space and in store buffer. [It causes scavenge of > the object Y in > store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But > it is not important]. > 8. Our string is promoted and is allocated over the slot X, such that NNNNNNNi > is written in X. > 9. The scavenge finishes. > 9. Another scavenge starts. > 10. We crash in > store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when > processing slot X, because it doesn't point to valid map. > > BUG=chromium:524425,chromium:564498 > LOG=N > R=hpayer@chromium.org, ulan@chromium.org > > Committed: https://crrev.com/2e7eea4aef3403969fe885e30f892d46253b3572 > Cr-Commit-Position: refs/heads/master@{#32495} TBR=hpayer@chromium.org,ulan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:524425,chromium:564498 Review URL: https://codereview.chromium.org/1489243004 Cr-Commit-Position: refs/heads/master@{#32504}
-
hpayer authored
Reland of [heap] Remove live weak cells from weak cell list when finalizing incremental marking. (patchset #1 id:1 of https://codereview.chromium.org/1481383004/ ) Reason for revert: Reland after fixing the potential root cause of the canary crasher. Original issue's description: > Revert of [heap] Remove live weak cells from weak cell list when finalizing incremental marking. (patchset #3 id:40001 of https://codereview.chromium.org/1474303002/ ) > > Reason for revert: > Still investigating bad canary. > > Original issue's description: > > [heap] Remove live weak cells from weak cell list when finalizing incremental marking. > > > > BUG=chromium:548562 > > LOG=n > > > > Committed: https://crrev.com/6190c608c8f3ced0f00ff53965e115b78646cecd > > Cr-Commit-Position: refs/heads/master@{#32372} > > TBR=ulan@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:548562 > > Committed: https://crrev.com/72ae472ccc51ec304a66a8730c1fedbe265c16fa > Cr-Commit-Position: refs/heads/master@{#32459} TBR=ulan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:548562 Review URL: https://codereview.chromium.org/1491743003 Cr-Commit-Position: refs/heads/master@{#32503}
-