1. 08 Aug, 2018 33 commits
  2. 07 Aug, 2018 7 commits
    • Ulan Degenbaev's avatar
      Revert "Fix invalidation of old-to-old slots after object trimming." · 5b434929
      Ulan Degenbaev authored
      This reverts commit 719d23c0.
      
      Reason for revert: TSAN failures
      
      Original change's description:
      > Fix invalidation of old-to-old slots after object trimming.
      > 
      > A recorded old-to-old slot may be overwritten with a pointer to a new
      > space object. If the object containing the slot is trimmed later on,
      > then the mark-compactor may crash on a stale pointer to new space.
      > 
      > This patch ensures that:
      > 1) On trimming of an object we add it to the invalidated_slots sets.
      > 2) The InvalidatedSlotsFilter::IsValid returns false for slots outside
      >    the invalidated object unless the page was already swept.
      > 
      > Array left-trimming is handled as a special case because object start
      > moves and cannot be added to the invalidated set. Instead, we clear
      > the freed memory so that the recorded slots contain Smi values.
      > 
      > Bug: chromium:870226,chromium:816426
      > Change-Id: Iffc05a58fcf52ece45fdb085b5d1fd4b3acb5d53
      > Reviewed-on: https://chromium-review.googlesource.com/1163784
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#54953}
      
      TBR=ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org
      
      Change-Id: I2e1ff83c2db7902488951a8f597d38133aeb3b04
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: chromium:870226, chromium:816426
      Reviewed-on: https://chromium-review.googlesource.com/1165862Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54954}
      5b434929
    • Ulan Degenbaev's avatar
      Fix invalidation of old-to-old slots after object trimming. · 719d23c0
      Ulan Degenbaev authored
      A recorded old-to-old slot may be overwritten with a pointer to a new
      space object. If the object containing the slot is trimmed later on,
      then the mark-compactor may crash on a stale pointer to new space.
      
      This patch ensures that:
      1) On trimming of an object we add it to the invalidated_slots sets.
      2) The InvalidatedSlotsFilter::IsValid returns false for slots outside
         the invalidated object unless the page was already swept.
      
      Array left-trimming is handled as a special case because object start
      moves and cannot be added to the invalidated set. Instead, we clear
      the freed memory so that the recorded slots contain Smi values.
      
      Bug: chromium:870226,chromium:816426
      Change-Id: Iffc05a58fcf52ece45fdb085b5d1fd4b3acb5d53
      Reviewed-on: https://chromium-review.googlesource.com/1163784
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54953}
      719d23c0
    • Jakob Kummerow's avatar
      [intl] Port CanonicalizeLocaleList to C++ · bbe8db59
      Jakob Kummerow authored
      This CL also contains some drive-by cleanup of related code.
      
      Bug: v8:5751, v8:7987
      Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      Change-Id: I6144d16c1d85922efc1dc419cce8a2eba2a60056
      Reviewed-on: https://chromium-review.googlesource.com/1161545Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
      Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54952}
      bbe8db59
    • Mike Stanton's avatar
      [Torque] Turn Torque HasProperty usage into builtin calls · 38c664fa
      Mike Stanton authored
      The CSA HasProperty has an inlining that makes it rather large.
      
      Also, tighten up some type usage. ToObject() returns a JSReceiver
      and we can do with less casting if we make use of this.
      
      Change-Id: I56d2443b5d409314cc3c74a5a079810d857727ad
      Reviewed-on: https://chromium-review.googlesource.com/1165241
      Commit-Queue: Michael Stanton <mvstanton@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54951}
      38c664fa
    • Tobias Tebbi's avatar
      [torque] allow overloading generic macros · 7957886b
      Tobias Tebbi authored
      Previously, we requested instantiation of generics prior to selecting
      a template overload, which resulted in unused templates being
      instantiated, possibly triggering unnecessary compile errors.
      
      Bug: v8:7793
      Change-Id: I45f4bdbf8aa93749ece416c6c7458d64e6e051f5
      Reviewed-on: https://chromium-review.googlesource.com/1154977
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarDaniel Clifford <danno@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54950}
      7957886b
    • Creddy's avatar
      [Interpreter] Do not use IC slots for property load/stores in an IIFE and top-level code · 690bda84
      Creddy authored
      An IIFE or top-level code is executed only once hence, there is no need to collect
      type feedback. We can save some memory by not using IC slots for property Loads/Stores
      within a IIFE/top-level code. This CL emits Runtime Get/Set property calls instead of LdaNamedProperty
      /StaNamedProperty for the property loads within a IIFE and top-level code.
      
      Change-Id: I3e0ce26d05d82bb3648cb9262c4e112a2c4556c9
      Reviewed-on: https://chromium-review.googlesource.com/1146579Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarMarja Hölttä <marja@chromium.org>
      Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Commit-Queue: Chandan Reddy <chandanreddy@google.com>
      Cr-Commit-Position: refs/heads/master@{#54949}
      690bda84
    • Tobias Tebbi's avatar
      [torque] generate implicit_cast according to VisitResult types · 46952216
      Tobias Tebbi authored
      In the generated CSA, we called overloaded macros while relying on CSA
      subtyping of TNodes. This doesn't work well with overloads, because
      for C++ any TNode subtyping is treated as an implicit conversion, which
      makes these calls ambiguous for C++.
      As a solution, we insert implicit_cast conversions for arguments
      according to the type predicted by Torque. This way, a CSA overload is always
      called with exactly the signature declared in base.tq.
      This has the additional benefit that it validates the signatures declared in
      base.tq, which could previously be too permissive.
      Also, this triggered a bug in structs, where VisitResult's were
      carrying the wrong type.
      
      Bug: v8:7793
      TBR: danno@chromium.org
      Change-Id: I8ed4bfd04793c8a8805a4a3dd5cf2a85c20ce786
      Reviewed-on: https://chromium-review.googlesource.com/1165237
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54948}
      46952216