1. 21 May, 2019 1 commit
  2. 20 May, 2019 1 commit
  3. 15 May, 2019 1 commit
  4. 14 May, 2019 2 commits
    • Sigurd Schneider's avatar
      [torque] Introduce @abstract annotation for Torque classes · 4d05884e
      Sigurd Schneider authored
      This annotation indicates that the class itself is not instantiated,
      and does not have its own instance type: The instance types that
      logically belong to the class are the instance types of the derived
      classes.
      
      Currently, we need the indication @dirtyInstantiatedAbstractClass
      for several classes that are used as both, abstract base classes
      and concrete classes. The prime example is JSObject which is the
      base for many other classes, and also serves as the class to allocate
      plain JSObjects. The annotation is purposefully ugly because in the
      future we should refactor code to make it unnecessary.
      
      Another annotation we introduce is @hasSameInstanceTypeAsParent,
      which indicates another design pattern that currently occurs in the
      code-base: Some Torque classes have the same instance types as their
      parent class, but rename some fields, or possibly have a different map.
      In such cases, the parent class is not abstract and the derived classes
      can be seen as refinements of this class (that, for example, narrows the
      type of a field). In the future, Torque should accomodate this pattern
      better, but at moment we are content with just indicating where it is
      used.
      
      Bug: v8:7793
      Change-Id: I1892dcc7325250df75d80308bf3d767d6d43bcc2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607761
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61495}
      4d05884e
    • Sigurd Schneider's avatar
      [torque] Rename ...from-dsl... to ...tq... · f6f31d15
      Sigurd Schneider authored
      This CL introduces the new suffix '-tq' for Torque generated files,
      and replaces the infix 'FromDSL' in type names with a prefix
      'TorqueGenerated'.
      
      Change-Id: I1e90460cc0c666da6cf5017e8b3cb7c39c6ac668
      Bug: v8:7793
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609798
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61490}
      f6f31d15
  5. 10 May, 2019 1 commit
    • Dan Elphick's avatar
      Reland "Reland "[compiler] Don't collect source positions for the top frame"" · bf9e3e4d
      Dan Elphick authored
      This is a reland of f2e65226
      
      Nothing has changed but
      https://chromium-review.googlesource.com/c/v8/v8/+/1585269 has been rolled
      back due to v8:9234.
      
      Original change's description:
      > Reland "[compiler] Don't collect source positions for the top frame"
      >
      > Fixed crashes by adding missing call to EnsureSourcePositionsAvailable,
      > which requires clearing and restoring the pending exception.
      >
      > > While most source positions were not collected even throwing exceptions,
      > > the top frame still was always collected as it was used to initialize
      > > the JSMessageObject. This skips even that frame, by storing the
      > > SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
      > > it to lazily evaluate the actual source position.
      > >
      > > Also adds tests to test-api.cc that test each of the source position
      > > functions in isolation to ensure that they don't rely on previous
      > > invocations to call the source collection function.
      > >
      > > Since no source positions are now collected at the point when an
      > > exception is thrown, the mjsunit/stack-traces-overflow now passes again
      > > with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
      > > only failure).
      >
      > Bug: v8:8510
      > Change-Id: Ifa5fe31d3db34a6c6d6a9cef3d646ad620dabd81
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601270
      > Commit-Queue: Dan Elphick <delphick@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#61372}
      
      TBR=ulan@chromium.org
      
      Bug: v8:8510
      Change-Id: Iaa9e376f90d10c0f25d1bcc352808363e4ea8b4d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605946Reviewed-by: 's avatarDan Elphick <delphick@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61418}
      bf9e3e4d
  6. 09 May, 2019 2 commits
    • Maya Lekova's avatar
      Revert "Reland "[compiler] Don't collect source positions for the top frame"" · 9dff517a
      Maya Lekova authored
      This reverts commit f2e65226.
      
      Reason for revert: Speculative revert, seems to break GC stress bot and block LKGR - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/25701
      
      Original change's description:
      > Reland "[compiler] Don't collect source positions for the top frame"
      > 
      > Fixed crashes by adding missing call to EnsureSourcePositionsAvailable,
      > which requires clearing and restoring the pending exception.
      > 
      > > While most source positions were not collected even throwing exceptions,
      > > the top frame still was always collected as it was used to initialize
      > > the JSMessageObject. This skips even that frame, by storing the
      > > SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
      > > it to lazily evaluate the actual source position.
      > >
      > > Also adds tests to test-api.cc that test each of the source position
      > > functions in isolation to ensure that they don't rely on previous
      > > invocations to call the source collection function.
      > >
      > > Since no source positions are now collected at the point when an
      > > exception is thrown, the mjsunit/stack-traces-overflow now passes again
      > > with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
      > > only failure).
      > 
      > Bug: v8:8510
      > Change-Id: Ifa5fe31d3db34a6c6d6a9cef3d646ad620dabd81
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601270
      > Commit-Queue: Dan Elphick <delphick@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#61372}
      
      TBR=ulan@chromium.org,rmcilroy@chromium.org,delphick@chromium.org
      
      Change-Id: Ie590df6c308b38836afc5d417d03d2a63260bcb2
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:8510
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602692Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Commit-Queue: Maya Lekova <mslekova@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61381}
      9dff517a
    • Dan Elphick's avatar
      Reland "[compiler] Don't collect source positions for the top frame" · f2e65226
      Dan Elphick authored
      Fixed crashes by adding missing call to EnsureSourcePositionsAvailable,
      which requires clearing and restoring the pending exception.
      
      > While most source positions were not collected even throwing exceptions,
      > the top frame still was always collected as it was used to initialize
      > the JSMessageObject. This skips even that frame, by storing the
      > SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
      > it to lazily evaluate the actual source position.
      >
      > Also adds tests to test-api.cc that test each of the source position
      > functions in isolation to ensure that they don't rely on previous
      > invocations to call the source collection function.
      >
      > Since no source positions are now collected at the point when an
      > exception is thrown, the mjsunit/stack-traces-overflow now passes again
      > with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
      > only failure).
      
      Bug: v8:8510
      Change-Id: Ifa5fe31d3db34a6c6d6a9cef3d646ad620dabd81
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601270
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61372}
      f2e65226
  7. 07 May, 2019 2 commits
    • Dan Elphick's avatar
      Revert "[compiler] Don't collect source positions for the top frame" · 4bb78818
      Dan Elphick authored
      This reverts commit 758700a7.
      
      Reason for revert: Broken
      
      Original change's description:
      > [compiler] Don't collect source positions for the top frame
      > 
      > While most source positions were not collected even throwing exceptions,
      > the top frame still was always collected as it was used to initialize
      > the JSMessageObject. This skips even that frame, by storing the
      > SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
      > it to lazily evaluate the actual source position.
      > 
      > Also adds tests to test-api.cc that test each of the source position
      > functions in isolation to ensure that they don't rely on previous
      > invocations to call the source collection function.
      > 
      > Since no source positions are now collected at the point when an
      > exception is thrown, the mjsunit/stack-traces-overflow now passes again
      > with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
      > only failure).
      > 
      > Bug: v8:8510
      > Change-Id: Ic5382bdbab65cd8838f0c84b544fabb1a9109d13
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587385
      > Commit-Queue: Dan Elphick <delphick@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#61271}
      
      TBR=ulan@chromium.org,rmcilroy@chromium.org,delphick@chromium.org
      
      Change-Id: I3ee0b5db5f8a1b3255f68070dc10d27d0e013048
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:8510
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598758Reviewed-by: 's avatarDan Elphick <delphick@chromium.org>
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61273}
      4bb78818
    • Dan Elphick's avatar
      [compiler] Don't collect source positions for the top frame · 758700a7
      Dan Elphick authored
      While most source positions were not collected even throwing exceptions,
      the top frame still was always collected as it was used to initialize
      the JSMessageObject. This skips even that frame, by storing the
      SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
      it to lazily evaluate the actual source position.
      
      Also adds tests to test-api.cc that test each of the source position
      functions in isolation to ensure that they don't rely on previous
      invocations to call the source collection function.
      
      Since no source positions are now collected at the point when an
      exception is thrown, the mjsunit/stack-traces-overflow now passes again
      with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
      only failure).
      
      Bug: v8:8510
      Change-Id: Ic5382bdbab65cd8838f0c84b544fabb1a9109d13
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587385
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61271}
      758700a7
  8. 29 Apr, 2019 1 commit
  9. 16 Apr, 2019 1 commit
  10. 11 Apr, 2019 1 commit
  11. 10 Apr, 2019 2 commits
  12. 09 Apr, 2019 2 commits
  13. 04 Apr, 2019 1 commit
  14. 01 Apr, 2019 1 commit
  15. 29 Mar, 2019 1 commit
  16. 25 Mar, 2019 2 commits
  17. 12 Mar, 2019 1 commit
  18. 06 Mar, 2019 1 commit
  19. 05 Mar, 2019 1 commit
  20. 04 Mar, 2019 1 commit
  21. 01 Mar, 2019 1 commit
  22. 27 Feb, 2019 3 commits
    • Irina Yatsenko's avatar
      Torquefy a few simple types · 1f2d9475
      Irina Yatsenko authored
      Creates Torque classes for JSProxy, JSAccessorPropertyDescriptor, JSCollection, JSProxyRevocableResult, JSValue
      
      Change-Id: I01eec27b158b4beb778cb5efce44f241c09ef0f7
      Reviewed-on: https://chromium-review.googlesource.com/c/1489184
      Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#59921}
      1f2d9475
    • Sathya Gunasekaran's avatar
      [class] Expose private fields through GetPrivateFields · 95506041
      Sathya Gunasekaran authored
      This will allow the devtools UI to display private fields on the scope
      panel.
      
      Instead of extending GetInternalProperties, we expose a separate
      GetPrivateFields method on the debug interface. This allows us to do
      better type checking, for example, we can directly cast to a
      v8::Private as this can only contain private fields.
      
      This also allows us to have better constraints on the input type --
      v8::Object, as opposed to a v8::Value.
      
      The KeyAccumulator is extended to collect private names for the
      PRIVATE_NAMES_ONLY PropertyFilter.
      
      Bug: v8:8773
      Change-Id: Id47c551186c59dae9a06721074ef78144f25892f
      Reviewed-on: https://chromium-review.googlesource.com/c/1475664
      Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarDmitry Gozman <dgozman@chromium.org>
      Reviewed-by: 's avatarDaniel Ehrenberg <littledan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#59920}
      95506041
    • tzik's avatar
      Reland "Do not enqueue or run a microtask on detached contexts" · a32e37ed
      tzik authored
      This is a reland of 734a6575
      
      Original change's description:
      > Do not enqueue or run a microtask on detached contexts
      >
      > This CL disables EnqueueMicrotask and RunMicrotasks on detached
      > contexts. That is, if an embedder call DetachGlobal() on a v8::Context,
      > EnqueueMicrotask on that context will not take effect, and all Microtask
      > that is enqueued before DetachGlobal will be cancelled.
      >
      > On Blink, this implies that a frame will no longer run a microtask after
      > it's navigated away. OTOH, detached frames in Blink are not affected.
      >
      > Bug: v8:8124
      > Change-Id: I5b00ceef5ea2afb87cf067a65eb95c29bf91176d
      > Reviewed-on: https://chromium-review.googlesource.com/c/1416071
      > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
      > Reviewed-by: Adam Klein <adamk@chromium.org>
      > Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#59445}
      
      Tbr: adamk@chromium.org, yangguo@chromium.org, verwaest@chromium.org
      Bug: v8:8124
      Change-Id: I959a18ae214f1385d5f453b3ed94772e60f71e0f
      Reviewed-on: https://chromium-review.googlesource.com/c/1469544
      Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#59884}
      a32e37ed
  23. 26 Feb, 2019 1 commit
  24. 25 Feb, 2019 1 commit
  25. 13 Feb, 2019 2 commits
  26. 30 Jan, 2019 1 commit
    • Benedikt Meurer's avatar
      [runtime] Better instance pre-sizing with transpiled classes. · 4b9eb7f7
      Benedikt Meurer authored
      For instances created via constructors and `new` we try to pre-size
      the instances such that ideally all the data properties can be
      allocated as in-object properties (and we don't need to allocate the
      out-of-object PropertyArray backing store). This is accomplished with
      the helper of the Parser, which counts the property assignments to
      `this` in the constructor, and we use that as the starting point for
      pre-sizing logic (a mechanism called *slack tracking* is used to
      dynamically shrink the objects based on the real memory usage, and
      eventually compute the final starting size for instances of the
      individual constructors).
      
      This works well even with class hierarchies, since for a derived class
      constructor we just include the current constructor plus all the base
      constructors. I.e. with
      
      ```js
      class A {
        constructor() {
          this.x00 = null;
          this.x01 = null;
          this.x02 = null;
          this.x03 = null;
          this.x04 = null;
          this.x05 = null;
          this.x06 = null;
          this.x07 = null;
          this.x08 = null;
          this.x09 = null;
          this.x10 = null;
          this.x11 = null;
          this.x12 = null;
          this.x13 = null;
          this.x14 = null;
          this.x15 = null;
          this.x16 = null;
          this.x17 = null;
          this.x18 = null;
          this.x19 = null;
        }
      }
      
      class B extends A {
        constructor() {
          super();
        }
      }
      ```
      
      we will eventually learn that instances of `B` need 20 in-object
      properties. However this breaks with transpiled code (i.e. as
      generated via TypeScript or Babel), even when the constructors are
      properly chained.
      
      ```js
      function A() {
        this.x00 = null;
        this.x01 = null;
        this.x02 = null;
        this.x03 = null;
        this.x04 = null;
        this.x05 = null;
        this.x06 = null;
        this.x07 = null;
        this.x08 = null;
        this.x09 = null;
        this.x10 = null;
        this.x11 = null;
        this.x12 = null;
        this.x13 = null;
        this.x14 = null;
        this.x15 = null;
        this.x16 = null;
        this.x17 = null;
        this.x18 = null;
        this.x19 = null;
      }
      
      function B() {
        A.call(this);
      }
      Object.setPrototypeOf(B, A);
      ```
      
      Here we will always have 10 in-object properties for instances of
      `B` (due to the generic over-allocation logic), and the other 10
      properties have to be allocated in the out-of-object PropertyArray.
      
      This is unfortunate and actually not necessary. Instead we could just
      do the same [[Prototype]] walk on the constructor for regular function
      constructors that we perform for derived (native) class constructors.
      This CL changes that, such that we give the same treatment to transpiled
      class that we have for native classes.
      
      R=verwaest@chromium.org
      
      Bug: v8:8764, v8:8765
      Doc: https://bit.ly/v8-instance-presizing-with-transpiled-classes
      Change-Id: Iac54391e41c9a39101751a678b3a647269fb009d
      Reviewed-on: https://chromium-review.googlesource.com/c/1442643
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#59214}
      4b9eb7f7
  27. 25 Jan, 2019 1 commit
    • Mythri's avatar
      Defer inferring language mode as far as possible · 592aeefa
      Mythri authored
      Inferring the language mode involves iterating the stack to find the
      closure. This is an expensive operation and should be done only when
      required. This cl changes the implementation to infer the language
      mode only when we can't defer it any further. Currently, we infer the
      language mode when throwing an exception or when passing this
      information to PropertyCallbackArguments.
      
      This cl also changes the language mode parameter to SetProperty
      related methods to Maybe<ShouldThrow>. We only use the language mode to
      decide if we need to throw and using ShouldThrow instead of language
      mode simplifies the code by avoiding conversions from Maybe<ShouldThrow>
      to Maybe<LanguageMode> and vice-versa.
      
      Bug: v8:8580, chromium:923820, chromium:925289
      Change-Id: I72497497f62fe0d86fcecd57b06b3183b7531f7b
      Reviewed-on: https://chromium-review.googlesource.com/c/1425912
      Commit-Queue: Mythri Alle <mythria@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#59094}
      592aeefa
  28. 22 Jan, 2019 1 commit
  29. 18 Jan, 2019 2 commits
    • Clemens Hammacher's avatar
      Revert "Reland "[GC] Ensure JSFunctions with flushed bytecode are flushed during GC."" · 1a95d4de
      Clemens Hammacher authored
      This reverts commit d5e63b03.
      
      Reason for revert: Fails gc-stress: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Mac64%20GC%20Stress/5312
      
      Original change's description:
      > Reland "[GC] Ensure JSFunctions with flushed bytecode are flushed during GC."
      > 
      > This is a reland of f5729f1c
      > 
      > TBR=ulan@chromium.org
      > 
      > Original change's description:
      > > [GC] Ensure JSFunctions with flushed bytecode are flushed during GC.
      > >
      > > When bytecode is flushed from a SFI, the JSFunctions still retain their
      > > FeedbackVector's and point to the interpreter entry trampoline. They are
      > > reset if re-executed, however if not they could hold onto the feedback
      > > vector indefinetly. This CL adds a pass the GC to detect JSFunctions that
      > > need to be reset, and performs the reset at the end of GC.
      > >
      > > BUG=v8:8395
      > >
      > > Change-Id: I3de8655aff9ff80f912b4fd51dee43eb98cfd519
      > > Reviewed-on: https://chromium-review.googlesource.com/c/1393292
      > > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#58775}
      > 
      > Bug: v8:8395
      > Change-Id: I9bc84b62332575a080561c51f08b699b91e41e4a
      > Reviewed-on: https://chromium-review.googlesource.com/c/1414859
      > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#58924}
      
      TBR=ulan@chromium.org,rmcilroy@chromium.org
      
      Change-Id: I5d3012d4c7277ae792b0488780ff426d51dd602f
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:8395
      Reviewed-on: https://chromium-review.googlesource.com/c/1421838Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58925}
      1a95d4de
    • Ross McIlroy's avatar
      Reland "[GC] Ensure JSFunctions with flushed bytecode are flushed during GC." · d5e63b03
      Ross McIlroy authored
      This is a reland of f5729f1c
      
      TBR=ulan@chromium.org
      
      Original change's description:
      > [GC] Ensure JSFunctions with flushed bytecode are flushed during GC.
      >
      > When bytecode is flushed from a SFI, the JSFunctions still retain their
      > FeedbackVector's and point to the interpreter entry trampoline. They are
      > reset if re-executed, however if not they could hold onto the feedback
      > vector indefinetly. This CL adds a pass the GC to detect JSFunctions that
      > need to be reset, and performs the reset at the end of GC.
      >
      > BUG=v8:8395
      >
      > Change-Id: I3de8655aff9ff80f912b4fd51dee43eb98cfd519
      > Reviewed-on: https://chromium-review.googlesource.com/c/1393292
      > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#58775}
      
      Bug: v8:8395
      Change-Id: I9bc84b62332575a080561c51f08b699b91e41e4a
      Reviewed-on: https://chromium-review.googlesource.com/c/1414859
      Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58924}
      d5e63b03
  30. 14 Jan, 2019 1 commit