This adds heuristics to perform young and full GCs on allocation
of external ArrayBuffer backing stores.

Young GCs are performed proactively based on the external backing
store bytes for the young generation. Full GCs are performed only
if the allocation fails. Subsequent CLs will add heuristics to
start incremental full GCs based on the external backing store bytes.

This will allow us to remove AdjustAmountOfExternalMemory for
ArrayBuffers.

Bug: v8:9701, chromium:1008938
Change-Id: I0e8688f582989518926c38260b5cf14e2ca93f84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803614
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65480}

Since RecordStats during GC, (when it fails to recover enough memory),
it unsafe for it to allocate any memory. Thus it cannot call PrintStack
which can call SharedFunctionInfo::EnsureSourcePositionsAvailable and
which may allocate, so this removes the call to PrintStack which is
apparently not useful for debugging anyway.

Bug: chromium:1032087
Change-Id: I94feeaab1445f7fd4f770a20197546fc40c77390
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967377Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65475}

Add an API on Isolate that returns a sorted vector of code pages allocated
within V8. The implementation is designed to be signal-safe, so that the
user (the UMA sampling profiler) can access this information from a signal
handler, where allocation and taking locks is prohibited.

This CL adds the machinery for maintaining the list of allocated code
pages. Further CLs will modify the Unwinder API itself to accept the code
pages provided by this API.

The unwinder API currently uses the reserved virtual-memory range called
the CodeRange to identify where all V8 code objects live, but this doesn't
exist on arm32 or any 32-bit platform, so this approach adds a way to
expose the location of all valid V8 code objects in a signal-safe way for
use by the UMA sampling profiler.

On 64-bit, this API always gives the code_range and embedded_code_range, and
does not maintain a vector of code pages. This is so that we have a unified
API on 32 and 64-bit that can be used in exactly the same way by embedders.

Design doc:
https://docs.google.com/document/d/1VGwUult5AHLRk658VetwEHMOmDDxA2eDQs9lDFMZTE0

Bug: v8:8116
Change-Id: I732509a45121fc54853182481c24d1083275afce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564068
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65469}

Maximum semispace size was capped at kMaxSemiSpaceSize. Also allow
non-power-of-2 sizes.

Change-Id: I3385674a13455b47802a3f6e62ac5b9ed3987264
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962863Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65445}

R=hpayer@chromium.org

Change-Id: I2b9a77317cd4dcf8502c237b7f8f167b80859859
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962866Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65443}

R=clemensb@chromium.org

Change-Id: Ibd6790a222590fd4dce9f918219a19f01c2e1e0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1960293Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65439}

This unifies marking worklists handling by the main thread marker and
by the concurrent markers. A new class called MarkingWorklistsHolder
owns all marking worklists: the default worklist, the on-hold worklist,
and the embedder worklist. Each thread creates a local view of the
marking worklists by creating an instance of MarkingWorklists.

Additionally, marking visitors now work on MarkingWorklists instead of
accessing each worklist individually.

Besides cleaning the code up, this CL provides a bottleneck for
implementing per-context worklists.

Bug: chromium:973627
Change-Id: I52ad65c94bc0695287ba7bf4d8a814a9035e2888
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1941947Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65421}

Add HeapObject overloads for MarkingBarrier, GenerationalBarrier and
WriteBarrierForCode, which the compiler automatically prefers if a
setter's type is a subclass of HeapObject. These overloads can skip
the IsHeapObject check, providing maybe a small performance boost and
I measure a ~4.5kB binary size reduction in libv8.so

Change-Id: Ia65ff8425ae4895da406587101c7813fe6bf5a2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958055
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65395}

Before this CL a byte was used per bucket to store whether the bucket
is possibly empty or not. This CL changes this such that each bucket
only needs a single bit.

PossiblyEmptyBuckets is now a word in the page header. If more bits
are needed than fit into a single word, an external bitmap is
allocated using AlignedAlloc. Storing this on the page header, allows
to remove initial_buckets from the SlotSet. The SlotSet allocation is
then again a power-of-2 in release mode.

Reland of https://crrev.com/c/1906376: Incorrect DCHECK was removed.
WordsForBuckets was simplified and a test was added for it.

Bug: chromium:1023139
Change-Id: I9a08e03a9c10e5781a146b9a28dab38824aad91f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954391Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65385}

This fixes DCHECK build with --noincremental-marking flag.

Change-Id: If1e8f9ec09bd91e628c3e92bbcd40f6960473f5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1955598Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65374}

The cache adds a strong pointer from a code object to closures and
thus can leak arbitrary objects.

Bug: chromium:1030043
Tbr: yangguo@chromium.org
Change-Id: I8ce90119fa97eaea59d42e7fae5acd336b5fe5d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954392
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65363}

Currently a TracedNode of a TracedReference is freed only if its target
V8 object is unreachable. This is problematic for TracedNodes created for
long-living (or immortal) V8 objects and leads to memory leaks.

This CL adds logic for collecting unreachable TracedNodes:
1) Each TracedNode gets a markbit. Initially the markbit is set (i.e.
   we have black allocation for TracedNodes).
2) During marking RegisterEmbedderReference sets the markbit of the
   corresonding TracedNode.
3) In the atomic pause of Mark-Compact when TracedNodes are iterated,
   we check the markbits and free TracedNodes with cleared markbits.
   After this processing all markbits are cleared for the next GC.

Note that the new logic does not apply to TracedNode that have
callbacks and/or destructors.

Bug: chromium:1029738
Change-Id: I38e76a8b4a84170793998988b1a7962e40874428
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948722
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65347}

Since other files now call this template function, where no definition
of it is available, definitions need to be generated explicitly.

This fixes Node.js debug builds with the current V8 master branch.

Refs: https://chromium-review.googlesource.com/c/v8/v8/+/1940250
Refs: https://github.com/nodejs/node-v8/issues/129
Change-Id: Icc99f7a4c3669452ade65229d6ae48b49e2da0e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950971Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65339}

When converting a Smi to a String, we can skip the check for a
cached array index on the result in case of a number-to-string
cache hit. When trying to convert a String back to an index, the
inlined fast path can check for a cached index (in addition to
checking for a cached known negative).
Locally this yields about 5% on the JSTests/Proxies/GetIndex* tests.

Bug: chromium:1028021
Change-Id: I117eae01b1ad9c5d107ad7e598464b96dae9a6b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943160
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65299}

This removes object visiting logic from IncrementalMarking and makes it
call the corresponding methods of MarkCompactCollector. As a result
we have one place where objects are visited (on the main thread), which
is necessary for implementing per-context visitation.

Bug: chromium:973627
Change-Id: Ibdfbb9a910b592307bdba2bd73eada35c80a0d61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940154Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65278}

Change-Id: I60fdb6af5382e0ccd6bff16f89aad804c13cd900
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943147Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65267}

Change-Id: I5d98dac3cde530f2bac5ef1239bc0e8805a01f99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1942609
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65249}

Ensure that all fields of `SyntheticModule` are set before creating
the exports hash table for it, because the latter may trigger
garbage collection, leading to crashes.

This has been causing failures in the Node.js CI over the last weeks,
after making the creating of synthetic modules part of Node’s
startup sequence.

(I am generally not very familiar with this part of the V8
code and there might be a better way, or possibly a way to add a
reliable regression test, that I am not aware of.)

Refs: https://github.com/nodejs/node/issues/30498
Refs: https://github.com/nodejs/node/issues/30648
Change-Id: I32da4b7bd888c6ec1421f34f5bd52e7bad154c1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939752
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65247}

If V8_SHARED_RO_HEAP is set, then GetSharedMemoryStatistics now reports
the size of RO_SPACE. Additionally size values for RO_SPACE are zeroed
in the per-isolate Heap and Space stats.

Bug: v8:7464
Change-Id: I2d6843c001b55974460d1df034f08d1ed5b0d8da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900459
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65231}

This removes the marking worklist draining loop from IncrementalMarking
and makes it use the one of MarkCompactCollector.

Bug: chromium:973627
Change-Id: I226b4b45be7d542a82bba20162ad210dfb419c39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940250
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65212}

adler32 is strictly faster than the old checksum - see this doc:
https://docs.google.com/document/d/1fFhuShavlUwf0FqTc-6L3XLYbAVe0DhpmHSv4oenZL8/edit?pli=1#heading=h.ojvfq6akbz5f

adler32 also no longer requires alignment to be maintained.

Bug: chromium:833361
Change-Id: I3dbfa699b712aa908c87e6f8261756a4a1209df4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925562
Commit-Queue: Sam Maier <smaier@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65160}

Currently these events are emitted by Blink in GC prologue/epilogue.
That however does not respect event nesting and breaks with future
perfetto changes. This CL emits the events inside V8 using a scope to
guarantee proper event nesting. The events are same except for the
"type" argument that now gets more detailed information.

The corresponding Blink CL that removes these trace events:
https://chromium-review.googlesource.com/c/chromium/src/+/1929227

Bug: chromium:1026658
Change-Id: Ifbfab647f40f81af7acf315ff4608b9dc9444f94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928857Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65120}

This CL adds build flags for pluging in third-party heap implementation.
Additionally it redirects allocation requests when the flags are on.

Bug: v8:9533

Change-Id: I7ef300ca9dc2b5f498a13211611ae4b4b3df8fa0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928860
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65114}

Drive-by-fix: enable heap verification in mksnapshot.

Bug: chromium:1025468
Change-Id: Ieb52d5139fa37df4ff0d8e8d46c3e0e6d14c2c8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924363Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65102}

&vector[i] is invalid unless 0 <= i < vector.size(). This means:

- &vector[0] is invalid if the vector is empty.

- &vector[vector.size()] is not a valid way to point past the end of the
  vector.

Fix these to use vector.data() + vector.size() which is the defined to
get begin and end pointers for a vector.

Bug: chromium:1027059
Change-Id: Ife1f0e64807b32ebdca66dba8ffc206d90a0de75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1929071
Auto-Submit: David Benjamin <davidben@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65091}

They have to be in sync, so this patch updates both systems.

Bug: v8:4153
Change-Id: I09252e41a710e79f823fe6818c1c6c0038faeb31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903434Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65078}

Since it doesn't allocate, make UncompiledData::Init a member function,
consistent with SharedFunctionInfo::Init.

Bug: chromium:1011762
Change-Id: I984adf9004193eb9da504ddd39dd95345eccaf82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926031
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65076}

In {EmptyBackingStore}, the {free_on_destruct} flag was not set as an
optimization: Since there is no memory, it also does not have to be
freed. However, this flag has a side-effect: any backing store where
this flag is not set is considered {external}. The {external} flag is
mis-used by blink to indicate if ArrayBuffers need to be wrapped or not.

With this CL we set the {free_on_destruct} flag in {EmptyBackingStore},
but we change the ArrayBufferTracker to just ignore empty backing
stores.

R=ulan@chromium.org

Bug: chromium:1008840
Change-Id: I1552a6e013c8b23f39fba1c2d9d9c61dc30c0c74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924263Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65067}

For many subclasses of JSObject, we used kSize instead of kHeaderSize
even though they can contain in-object properties. In fact, kSize
was very much used as the header size, as can be seen in many examples
in this CL.

This change is a preparation for a for a cleanup of how Torque
generates field offsets.

TBR=hpayer@chromium.org

Change-Id: I350e996057cd66c427381334080f8ac93de88597
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917141
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65013}

This reverts commit 80caf2cf.

Reason for revert: Breaks gpu tests:
https://ci.chromium.org/p/v8/builders/ci/Win%20V8%20FYI%20Release%20(NVIDIA)/5570
# Debug check failed: !possibly_empty_buckets->Contains(bucket_index).

Original change's description:
> [heap] Reduce size of possibly empty buckets
> 
> Before this CL a byte was used per bucket to store whether the bucket
> is possibly empty or not. This CL changes this such that each bucket
> only needs a single bit.
> 
> PossiblyEmptyBuckets is now a word in the page header. If more bits
> are needed than fit into a single word, an external bitmap is
> allocated using AlignedAlloc. Storing this on the page header, allows
> to remove initial_buckets from the SlotSet. The SlotSet allocation is
> then again a power-of-2 in release mode.
> 
> Change-Id: If61fd5cfa153f98757beeb444a530f6e2803fdb6
> Bug: chromium:1023139
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906376
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64991}

TBR=ulan@chromium.org,dinfuehr@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:1023139
Change-Id: Ia90b07b9562af934dacba012da31e4f172f2922d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918258Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65001}

Before this CL a byte was used per bucket to store whether the bucket
is possibly empty or not. This CL changes this such that each bucket
only needs a single bit.

PossiblyEmptyBuckets is now a word in the page header. If more bits
are needed than fit into a single word, an external bitmap is
allocated using AlignedAlloc. Storing this on the page header, allows
to remove initial_buckets from the SlotSet. The SlotSet allocation is
then again a power-of-2 in release mode.

Change-Id: If61fd5cfa153f98757beeb444a530f6e2803fdb6
Bug: chromium:1023139
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906376
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64991}

utils.h itself is fairly large and contains lots of unrelated functions
as well as having a fair number of dependencies itself, so this splits
bounds checking and bit field operations into their own headers in base
and replaces uses of utils.h with the more appropriate header where
possible. (Also fixes some cases where other headers were previously
brought in transitively).

Bug: v8:9810, v8:8912
Change-Id: I76c53f953848a57e2c5bfad6ce45abcd6d2a4f1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916604Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64983}

This helps reduce the number of false positives encountered by
the dead variable analysis in gcmole.

TBR=jgruber@chromium.org, verwaest@chromium.org, yangguo@chromium.org

Bug: v8:9810
Change-Id: I1a34ccaab340e6abc37832b4ce1a0cabc56fa438
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917146
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64981}

After allocation of an object, we need to initialize it to make it safe
for the GC to see it. For complex objects like SharedFunctionInfo, this
initialization code is long and requires understanding of the object. So,
it makes sense for the initialization to live in the SharedFunctionInfo
code itself (as an Init method) rather than in the factory.

Aside from being a neat cleanup, this will allow us to share this
initialization logic between different allocation methods, as part of the
off-thread allocation project:
https://docs.google.com/document/d/1-_96kok0AcavkbcdqqZvpqt_2q-_XWAsAJwbRXlfwCo/

Bug: chromium:1011762
Change-Id: Ie276eb711423272f85abfeb3d88df1826a77b984
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1872402
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64926}

Shrink RO_SPACE since it contains Immortal immovable objects and is
otherwise reporting a virtual size of 256KB when only half of that
will ever be used.

Bug: v8:9230, v8:7464
Change-Id: I68c17bb6c4ff12170774bad6a07dbb8b9d49cce1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906207
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64865}

Now incremental marker and stop-the-world marker use the same visitor,
which is derived from MarkingVisitorBase. This removes code duplication
and also should reduce binary size.

The marking worklist processing code also changes to not color the
object black before visiting it. Instead the visitor colors the
object black in ShouldVisit method.

Bug: chromium:1019218
Change-Id: I57971122f3c77ad2770b6754d696b79d802ef1a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1901271
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64848}

Change-Id: I5c6004e77ffdf76679ecf764d3048917f2890b23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903438Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64839}

Reuse sweeping+free list allocation code from
SweepAndRetryAllocation in RawSlowRefillLinearAllocationArea.

Share code such that bugs like the linked one are less likely to
happen.

Bug: chromium:1020981
Change-Id: I0abfaa9f7a8f2b62ad24ca85774130f354104e93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1901277Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64829}

Now that builtins are embedded into the binary unconditionally, GC
visitation can be reduced. The interpreter dispatch table points
directly at embedded instruction starts. It is initialized once in
Isolate::Init, and its contents are immutable afterwards.
Visitation by GC is not needed.

Drive-by: Remove outdated comment on IsWasmRuntimeStub.

Bug: v8:7873
Change-Id: I14edc0beebb31c04f1429346b57ade9e8d838670
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1899773Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64814}

CompactionSpace::SweepAndRetryAllocation was sweeping the space
without clearing invalidated objects. CompactionSpace is only used
during collections, mark-compact needs invalidated objects in
swept memory to be removed.

Bug: chromium:1020981
Change-Id: Ib5b0edcdd841257cf66af6de8b6a3bf785e5c813
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900452Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64798}