Create a visitor for evacuating objects for young and old generation. This is
the first step of preparing a task to process, both,  newspace and oldspace
pages in parallel.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1499893002

Cr-Commit-Position: refs/heads/master@{#32617}

Fix the missed store buffer entries for live objects on aborted pages. Marking
the page as scan_on_scavenge takes care of rebuilding the entries. Note that
this requires an additional case in the rebuilding logic as we cannot iterate an
aborted pages using the object layout, but rather have to use mark bits for
this.

BUG=chromium:524425, chromium:564498
LOG=N

Review URL: https://codereview.chromium.org/1497883003

Cr-Commit-Position: refs/heads/master@{#32610}

Reason for revert:
Probably causes GC stress test failures.

TBR=mvstanton@chromium.org
BUG=
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1493393002

Cr-Commit-Position: refs/heads/master@{#32574}

It's expensive to walk all shared function infos during the gc atomic pause. Instead, use WeakCells to implement this structure without manual clearing.

BUG=

Review URL: https://codereview.chromium.org/1478943003

Cr-Commit-Position: refs/heads/master@{#32567}

Reland of Introduce instance type for transition arrays. (patchset #1 id:1 of https://codereview.chromium.org/1483003002/ )

Reason for revert:
Suspect for crashing found, relanding for canary coverage.

Original issue's description:
> Revert of Introduce instance type for transition arrays. (patchset #6 id:100001 of https://codereview.chromium.org/1480873003/ )
>
> Reason for revert:
> Broken canary. Trying to find out root cause.
>
> Original issue's description:
> > Introduce instance type for transition arrays.
> >
> > The motivation is to allow specialized marking visitor for transition arrays and collect all transition array in a list for post-processing in ClearNonLiveReferences.
> >
> > BUG=chromium:554488
> > LOG=NO
> >
> > Committed: https://crrev.com/026095a3c7932573e1810b8064ec3008ed696601
> > Cr-Commit-Position: refs/heads/master@{#32396}
>
> TBR=mlippautz@chromium.org,jkummerow@chromium.org,ulan@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:554488
>
> Committed: https://crrev.com/38bf70b9cd2a07b99ac0c0b7eda111849e79c146
> Cr-Commit-Position: refs/heads/master@{#32404}

TBR=mlippautz@chromium.org,jkummerow@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:554488

Review URL: https://codereview.chromium.org/1500623002

Cr-Commit-Position: refs/heads/master@{#32561}

Split out of PropertyAttributes, and used for all filtering purposes.
Also moved PropertyAttributes into the v8::internal:: namespace.

No change in behavior intended.

Review URL: https://codereview.chromium.org/1492653004

Cr-Commit-Position: refs/heads/master@{#32525}

Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #1 id:1 of https://codereview.chromium.org/1493523003/ )

Reason for revert:
Speculative revert for crashing Canary.

Original issue's description:
> Reland of [heap] Refactor evacuation for young and old gen into visitors. (patchset #1 id:1 of https://codereview.chromium.org/1483393002/ )
>
> Reason for revert:
> Reland after fixing the potential root cause of the canary crasher.
>
> Original issue's description:
> > Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #5 id:80001 of https://codereview.chromium.org/1470253002/ )
> >
> > Reason for revert:
> > Still investigating bad canary.
> >
> > Original issue's description:
> > > [heap] Refactor evacuation for young and old gen into visitors.
> > >
> > > Create a visitor for evacuating objects for young and old generation. This is
> > > the first step of preparing a task to process, both,  newspace and oldspace
> > > pages in parallel.
> > >
> > > BUG=chromium:524425
> > > LOG=N
> > >
> > > Committed: https://crrev.com/138d9bae5d7014e0d205634a49b5eac3697744c8
> > > Cr-Commit-Position: refs/heads/master@{#32349}
> >
> > TBR=mlippautz@chromium.org
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=chromium:524425
> >
> > Committed: https://crrev.com/aa24a3135ec308e1f84bce334844caf0cae2437a
> > Cr-Commit-Position: refs/heads/master@{#32462}
>
> TBR=mlippautz@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:524425
>
> Committed: https://crrev.com/120b640dfce5f02cecc5af72ca0b2b3b93ce8652
> Cr-Commit-Position: refs/heads/master@{#32500}

TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1495583002

Cr-Commit-Position: refs/heads/master@{#32522}

Revert of [heap] Unify evacuating an object for new and old generation. (patchset #1 id:1 of https://codereview.chromium.org/1494533002/ )

Reason for revert:
Speculative revert for crashing Canary.

Original issue's description:
> Reland of [heap] Unify evacuating an object for new and old generation. (patchset #1 id:1 of https://codereview.chromium.org/1483963004/ )
>
> Reason for revert:
> Reland after fixing the potential root cause of the canary crasher.
>
> Original issue's description:
> > Revert of [heap] Unify evacuating an object for new and old generation. (patchset #2 id:20001 of https://codereview.chromium.org/1481873002/ )
> >
> > Reason for revert:
> > Still investigating bad canary.
> >
> > Original issue's description:
> > > [heap] Unify evacuating an object for new and old generation.
> > >
> > > BUG=chromium:524425
> > > LOG=N
> > >
> > > Committed: https://crrev.com/afb8bcce8ba889280ed747eb218d287ddd233b4a
> > > Cr-Commit-Position: refs/heads/master@{#32365}
> >
> > TBR=mlippautz@chromium.org
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=chromium:524425
> >
> > Committed: https://crrev.com/9c60ddc60e96da0c59e646660789c26550ad52a2
> > Cr-Commit-Position: refs/heads/master@{#32460}
>
> TBR=mlippautz@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:524425
>
> Committed: https://crrev.com/7ea8ac98f6eb5ffa9d4976aa22fec9befb814e0c
> Cr-Commit-Position: refs/heads/master@{#32501}

TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1491013003

Cr-Commit-Position: refs/heads/master@{#32521}

Revert of "[heap] Clean up stale store buffer entries for aborted pages." (patchset #3 id:40001 of https://codereview.chromium.org/1494503004/ )

Reason for revert:
Still failing on GC stress
  https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/690

Original issue's description:
> Reland of "[heap] Clean up stale store buffer entries for aborted pages."
>
> This reverts commit d4fc4a8c.
>
> 1.  Let X be the aborted slot (slot in an evacuated object in an aborted page)
> 2.  Assume X contains pointer to Y and Y is in the new space, so X is in the
>     store buffer.
> 3.  Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)).
> 4.  The current mark-sweep finishes. The slot X is in free space and is also in
>     the store buffer.
> 5.  A string of length 9 "abcdefghi" is allocated in the new space. The string
>     looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is
>     previous garbage. Let's assume that NNNNNNN0 was pointing to a new space
>     object before.
> 6.  Scavenge happens.
> 7.  Slot X is still in free space and in store buffer. [It causes scavenge of
>     the object Y in
>     store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But
>     it is not important].
> 8.  Our string is promoted and is allocated over the slot X, such that NNNNNNNi
>     is written in X.
> 9.  The scavenge finishes.
> 9.  Another scavenge starts.
> 10. We crash in
>     store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when
>     processing slot X, because it doesn't point to valid map.
>
> BUG=chromium:524425, chromium:564498
> LOG=N
> R=hpayer@chromium.org, ulan@chromium.org
>
> Committed: https://crrev.com/fc6ff534003480e49dc481d9c665e961ab709c02
> Cr-Commit-Position: refs/heads/master@{#32514}

TBR=hpayer@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425, chromium:564498

Review URL: https://codereview.chromium.org/1492823002

Cr-Commit-Position: refs/heads/master@{#32520}

This reverts commit d4fc4a8c.

1.  Let X be the aborted slot (slot in an evacuated object in an aborted page)
2.  Assume X contains pointer to Y and Y is in the new space, so X is in the
    store buffer.
3.  Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)).
4.  The current mark-sweep finishes. The slot X is in free space and is also in
    the store buffer.
5.  A string of length 9 "abcdefghi" is allocated in the new space. The string
    looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is
    previous garbage. Let's assume that NNNNNNN0 was pointing to a new space
    object before.
6.  Scavenge happens.
7.  Slot X is still in free space and in store buffer. [It causes scavenge of
    the object Y in
    store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But
    it is not important].
8.  Our string is promoted and is allocated over the slot X, such that NNNNNNNi
    is written in X.
9.  The scavenge finishes.
9.  Another scavenge starts.
10. We crash in
    store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when
    processing slot X, because it doesn't point to valid map.

BUG=chromium:524425, chromium:564498
LOG=N
R=hpayer@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/1494503004

Cr-Commit-Position: refs/heads/master@{#32514}

Revert of [heap] Clean up stale store buffer entries for aborted pages. (patchset #4 id:60001 of https://codereview.chromium.org/1493653002/ )

Reason for revert:
Not completely correct fix.

Original issue's description:
> [heap] Clean up stale store buffer entries for aborted pages.
>
> 1.  Let X be the aborted slot (slot in an evacuated object in an aborted page)
> 2.  Assume X contains pointer to Y and Y is in the new space, so X is in the
>     store buffer.
> 3.  Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)).
> 4.  The current mark-sweep finishes. The slot X is in free space and is also in
>     the store buffer.
> 5.  A string of length 9 "abcdefghi" is allocated in the new space. The string
>     looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is
>     previous garbage. Let's assume that NNNNNNN0 was pointing to a new space
>     object before.
> 6.  Scavenge happens.
> 7.  Slot X is still in free space and in store buffer. [It causes scavenge of
>     the object Y in
>     store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But
>     it is not important].
> 8.  Our string is promoted and is allocated over the slot X, such that NNNNNNNi
>     is written in X.
> 9.  The scavenge finishes.
> 9.  Another scavenge starts.
> 10. We crash in
>     store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when
>     processing slot X, because it doesn't point to valid map.
>
> BUG=chromium:524425,chromium:564498
> LOG=N
> R=hpayer@chromium.org, ulan@chromium.org
>
> Committed: https://crrev.com/2e7eea4aef3403969fe885e30f892d46253b3572
> Cr-Commit-Position: refs/heads/master@{#32495}

TBR=hpayer@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425,chromium:564498

Review URL: https://codereview.chromium.org/1489243004

Cr-Commit-Position: refs/heads/master@{#32504}

Reland of [heap] Cleanup mark bit usage. (patchset #1 id:1 of https://codereview.chromium.org/1490753003/ )

Reason for revert:
Reland after fixing the potential root cause of the canary crasher.

Original issue's description:
> Revert of [heap] Cleanup mark bit usage. (patchset #1 id:1 of https://codereview.chromium.org/1474203003/ )
>
> Reason for revert:
> Still investigating bad canary.
>
> Original issue's description:
> > [heap] Cleanup mark bit usage.
> >
> > BUG=
> >
> > Committed: https://crrev.com/5874ac783ff9bc4bb4b2fda81f5077f06619f96c
> > Cr-Commit-Position: refs/heads/master@{#32362}
>
> TBR=mlippautz@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/d3faef8658598e68331208b5a1846ac1c250cb49
> Cr-Commit-Position: refs/heads/master@{#32461}

TBR=mlippautz@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1488393003

Cr-Commit-Position: refs/heads/master@{#32502}

Reland of [heap] Unify evacuating an object for new and old generation. (patchset #1 id:1 of https://codereview.chromium.org/1483963004/ )

Reason for revert:
Reland after fixing the potential root cause of the canary crasher.

Original issue's description:
> Revert of [heap] Unify evacuating an object for new and old generation. (patchset #2 id:20001 of https://codereview.chromium.org/1481873002/ )
>
> Reason for revert:
> Still investigating bad canary.
>
> Original issue's description:
> > [heap] Unify evacuating an object for new and old generation.
> >
> > BUG=chromium:524425
> > LOG=N
> >
> > Committed: https://crrev.com/afb8bcce8ba889280ed747eb218d287ddd233b4a
> > Cr-Commit-Position: refs/heads/master@{#32365}
>
> TBR=mlippautz@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:524425
>
> Committed: https://crrev.com/9c60ddc60e96da0c59e646660789c26550ad52a2
> Cr-Commit-Position: refs/heads/master@{#32460}

TBR=mlippautz@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1494533002

Cr-Commit-Position: refs/heads/master@{#32501}

Reland of [heap] Refactor evacuation for young and old gen into visitors. (patchset #1 id:1 of https://codereview.chromium.org/1483393002/ )

Reason for revert:
Reland after fixing the potential root cause of the canary crasher.

Original issue's description:
> Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #5 id:80001 of https://codereview.chromium.org/1470253002/ )
>
> Reason for revert:
> Still investigating bad canary.
>
> Original issue's description:
> > [heap] Refactor evacuation for young and old gen into visitors.
> >
> > Create a visitor for evacuating objects for young and old generation. This is
> > the first step of preparing a task to process, both,  newspace and oldspace
> > pages in parallel.
> >
> > BUG=chromium:524425
> > LOG=N
> >
> > Committed: https://crrev.com/138d9bae5d7014e0d205634a49b5eac3697744c8
> > Cr-Commit-Position: refs/heads/master@{#32349}
>
> TBR=mlippautz@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:524425
>
> Committed: https://crrev.com/aa24a3135ec308e1f84bce334844caf0cae2437a
> Cr-Commit-Position: refs/heads/master@{#32462}

TBR=mlippautz@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1493523003

Cr-Commit-Position: refs/heads/master@{#32500}

1.  Let X be the aborted slot (slot in an evacuated object in an aborted page)
2.  Assume X contains pointer to Y and Y is in the new space, so X is in the
    store buffer.
3.  Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)).
4.  The current mark-sweep finishes. The slot X is in free space and is also in
    the store buffer.
5.  A string of length 9 "abcdefghi" is allocated in the new space. The string
    looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is
    previous garbage. Let's assume that NNNNNNN0 was pointing to a new space
    object before.
6.  Scavenge happens.
7.  Slot X is still in free space and in store buffer. [It causes scavenge of
    the object Y in
    store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But
    it is not important].
8.  Our string is promoted and is allocated over the slot X, such that NNNNNNNi
    is written in X.
9.  The scavenge finishes.
9.  Another scavenge starts.
10. We crash in
    store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when
    processing slot X, because it doesn't point to valid map.

BUG=chromium:524425,chromium:564498
LOG=N
R=hpayer@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/1493653002

Cr-Commit-Position: refs/heads/master@{#32495}

Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #5 id:80001 of https://codereview.chromium.org/1470253002/ )

Reason for revert:
Still investigating bad canary.

Original issue's description:
> [heap] Refactor evacuation for young and old gen into visitors.
>
> Create a visitor for evacuating objects for young and old generation. This is
> the first step of preparing a task to process, both,  newspace and oldspace
> pages in parallel.
>
> BUG=chromium:524425
> LOG=N
>
> Committed: https://crrev.com/138d9bae5d7014e0d205634a49b5eac3697744c8
> Cr-Commit-Position: refs/heads/master@{#32349}

TBR=mlippautz@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1483393002

Cr-Commit-Position: refs/heads/master@{#32462}

Revert of [heap] Cleanup mark bit usage. (patchset #1 id:1 of https://codereview.chromium.org/1474203003/ )

Reason for revert:
Still investigating bad canary.

Original issue's description:
> [heap] Cleanup mark bit usage.
>
> BUG=
>
> Committed: https://crrev.com/5874ac783ff9bc4bb4b2fda81f5077f06619f96c
> Cr-Commit-Position: refs/heads/master@{#32362}

TBR=mlippautz@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1490753003

Cr-Commit-Position: refs/heads/master@{#32461}

Revert of [heap] Unify evacuating an object for new and old generation. (patchset #2 id:20001 of https://codereview.chromium.org/1481873002/ )

Reason for revert:
Still investigating bad canary.

Original issue's description:
> [heap] Unify evacuating an object for new and old generation.
>
> BUG=chromium:524425
> LOG=N
>
> Committed: https://crrev.com/afb8bcce8ba889280ed747eb218d287ddd233b4a
> Cr-Commit-Position: refs/heads/master@{#32365}

TBR=mlippautz@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1483963004

Cr-Commit-Position: refs/heads/master@{#32460}

This moves the decision whether code flushing is active into the setup
phase of the GC. Components are no longer allowed to dynamically switch
the code flushing mode on demand.

R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1487743002

Cr-Commit-Position: refs/heads/master@{#32446}

Revert of Introduce instance type for transition arrays. (patchset #6 id:100001 of https://codereview.chromium.org/1480873003/ )

Reason for revert:
Broken canary. Trying to find out root cause.

Original issue's description:
> Introduce instance type for transition arrays.
>
> The motivation is to allow specialized marking visitor for transition arrays and collect all transition array in a list for post-processing in ClearNonLiveReferences.
>
> BUG=chromium:554488
> LOG=NO
>
> Committed: https://crrev.com/026095a3c7932573e1810b8064ec3008ed696601
> Cr-Commit-Position: refs/heads/master@{#32396}

TBR=mlippautz@chromium.org,jkummerow@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:554488

Review URL: https://codereview.chromium.org/1483003002

Cr-Commit-Position: refs/heads/master@{#32404}

The motivation is to allow specialized marking visitor for transition arrays and collect all transition array in a list for post-processing in ClearNonLiveReferences.

BUG=chromium:554488
LOG=NO

Review URL: https://codereview.chromium.org/1480873003

Cr-Commit-Position: refs/heads/master@{#32396}

It needs ot to flush icaches all over the place

BUG=v8:2487
LOG=n
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1477343002

Cr-Commit-Position: refs/heads/master@{#32371}

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1481873002

Cr-Commit-Position: refs/heads/master@{#32365}

BUG=

Review URL: https://codereview.chromium.org/1474203003

Cr-Commit-Position: refs/heads/master@{#32362}

Compaction selection now derives target fragmentation based on compaction speed
and a goal per page, if compaction speed has been traced. This way we avoid
overlong compaction of single pages.

This change could regress memory consumption if (a) the memory reducer does not
kick in, and (b) lots of medium fragmented pages would be compacted in our fast
path.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1480553004

Cr-Commit-Position: refs/heads/master@{#32361}

Create a visitor for evacuating objects for young and old generation. This is
the first step of preparing a task to process, both,  newspace and oldspace
pages in parallel.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1470253002

Cr-Commit-Position: refs/heads/master@{#32349}

No more uses left for this code (thank goodness.)

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1474693003

Cr-Commit-Position: refs/heads/master@{#32305}

Iterating live objects using mark bits is memory bound and already pretty heavy
on the cache as we always need to look at the mark bits, the objects (payload),
and their maps.

This CL changes the object start computation from a table lookup, which was yet
another memory location, to a CPU-bound computation.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1478623003

Cr-Commit-Position: refs/heads/master@{#32291}

BUG=chromium:554488
LOG=NO

Review URL: https://codereview.chromium.org/1470773003

Cr-Commit-Position: refs/heads/master@{#32272}

Optimize ClearNonLiveReferences: collect dependent code only from maps that are embedded in optimize code.

BUG=chromium:554488
LOG=NO

Review URL: https://codereview.chromium.org/1471703002

Cr-Commit-Position: refs/heads/master@{#32218}

This simplifies follow-on changes to the FastNewClosureStub.

BUG=

Review URL: https://codereview.chromium.org/1433923002

Cr-Commit-Position: refs/heads/master@{#32123}

This splits the work to be done for dead and life maps
and avoids unnecessary operations in the hot loop.

Results for v8.infinite_scroll:

Before:
nonlive_refs
  len: 93
  min: 0.0
  max: 6.3
  avg: 1.35268817204
  [0,5[: 91
  [5,10[: 2

After:
nonlive_refs
  len: 91
  min: 0.0
  max: 4.2
  avg: 0.968131868132
  [0,5[: 91

BUG=chromium:554488
LOG=no

Review URL: https://codereview.chromium.org/1441633002

Cr-Commit-Position: refs/heads/master@{#32042}

This way we can properly cancel them on the main thread in case they never get
scheduled by the platform.

BUG=chromium:524425
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg;tryserver.v8:v8_linux_gc_stress_dbg;tryserver.v8:v8_mac_gc_stress_dbg;tryserver.v8:v8_linux64_msan_rel;tryserver.v8:v8_linux64_tsan_rel;tryserver.v8:v8_mac64_asan_rel

Review URL: https://codereview.chromium.org/1446523003

Cr-Commit-Position: refs/heads/master@{#32007}

This CL introduces the following visitors:
1) RecordMigratedSlotVisitor which simplifies MarkCompactCollector::MigrateObject().
2) IteratePointersToFromSpaceVisitor which simplifies Heap::IteratePointersToFromSpace().
3) FindPointersToNewSpaceVisitor which simplifies StoreBuffer::IteratePointersToNewSpace().

These changes make the object's body descriptors the one and only place that knows how to traverse the object.

Review URL: https://codereview.chromium.org/1441453002

Cr-Commit-Position: refs/heads/master@{#31992}

1) Body descriptors moved to their own header files.
2) Missing body descriptors added.
3) Template versions of HeapObject::Iterate*() methods added.
4) Body descriptors support new kind of queries: IsValidSlot(offset) which can be used for invalid slots filtering.

This is a first step towards virtual and static visitors unification and support in-object properties in built-in (sub-)classes.

Review URL: https://codereview.chromium.org/1440243002

Cr-Commit-Position: refs/heads/master@{#31980}

This CL fixes several sources of non-predictability by making Platform::MonotonicallyIncreasingTime() the only bottleneck for all time-querying functions and providing PredictablePlatform implementation.

Review URL: https://codereview.chromium.org/1415383004

Cr-Commit-Position: refs/heads/master@{#31959}

This separates the post-processing step for optimized code maps out of
the CodeFlusher. It uses the complete SharedFunctionInfo::Iterator to
visit all candidates instead of gathering candidates during marking.

Gathering candidates during marking no longer makes sense, now that the
majority of SharedFunctionInfo objects will hold such an optimized code
map. Also it reduces complexity of the implementation. Also conflating
this mechanism with "code flushing" was confusing.

This reverts commit 7f1fb29f.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1418453008

Cr-Commit-Position: refs/heads/master@{#31876}

Now that the VisitCode visitor is actually marking through to inlined
code objects (as opposed to the VisitJSFunction visitor), we can make
this helper method private again.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1422853008

Cr-Commit-Position: refs/heads/master@{#31860}

Revert of [heap] Separate out optimized code map processing. (patchset #2 id:20001 of https://codereview.chromium.org/1421903012/ )

Reason for revert:
Causes GC-Stress failures.

Original issue's description:
> [heap] Separate out optimized code map processing.
>
> This separates the post-processing step for optimized code maps out of
> the CodeFlusher. It uses the complete SharedFunctionInfo::Iterator to
> visit all candidates instead of gathering candidates during marking.
>
> Gathering candidates during marking no longer makes sense, now that the
> majority of SharedFunctionInfo objects will hold such an optimized code
> map. Also it reduces complexity of the implementation. Also conflating
> this mechanism with "code flushing" was confusing.
>
> This reverts commit b6644e84.
>
> R=ulan@chromium.org
>
> Committed: https://crrev.com/bb7a5eb2d89bae25f2b5ecb9515669f0ac73c111
> Cr-Commit-Position: refs/heads/master@{#31836}

TBR=ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1412063012

Cr-Commit-Position: refs/heads/master@{#31837}

This separates the post-processing step for optimized code maps out of
the CodeFlusher. It uses the complete SharedFunctionInfo::Iterator to
visit all candidates instead of gathering candidates during marking.

Gathering candidates during marking no longer makes sense, now that the
majority of SharedFunctionInfo objects will hold such an optimized code
map. Also it reduces complexity of the implementation. Also conflating
this mechanism with "code flushing" was confusing.

This reverts commit b6644e84.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1421903012

Cr-Commit-Position: refs/heads/master@{#31836}