- 24 Jul, 2017 23 commits
-
-
Ulan Degenbaev authored
This reverts commit 5ea58bde. Reason for revert: potential perf regression. BUG=chromium:748100 Original change's description: > [heap] Use AdjustAmountOfExternalMemory to account freed array buffers. > > Currently GC decrements the external memory counter directly bypassing > the AdjustAmountOfExternalMemory. This is inconsistent with array > buffer allocation, which actually uses the API to increment the counter. > > Change-Id: I401087872213fdd60f1a40c99c8f459c14dc0608 > Reviewed-on: https://chromium-review.googlesource.com/582008 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46835} TBR=ulan@chromium.org,mlippautz@chromium.org Change-Id: Ibde2acb9ae2e4274946124fc4606321b95c80758 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/583453Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#46847}
-
Jaroslav Sevcik authored
Bug: v8:5717 Change-Id: Iac82b4960cc3ed89820c49b091d6860136839300 Reviewed-on: https://chromium-review.googlesource.com/583147 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#46846}
-
Jaideep Bajwa authored
Port 9b3174b2 Original Commit Message: Remove all IsHeapObject/IsSmi checks from assembler and also from the macro-assembler functions that Turbofan code generation uses. Note for porters: In case it's unclear which macro-assembler functions need to be modified, it may be best to wait until I split MacroAssembler in a followup-CL, which will make that clear. R=neis@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:6048 LOG=N Change-Id: Ic24c7145fa9c3d44d0359e93583eb5ddf0bcf5a8 Reviewed-on: https://chromium-review.googlesource.com/581796 Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#46845}
-
Michael Starzinger authored
This switches the "code entry" field on JSFunction to no longer be an inner pointer into a Code object (i.e. to the start of the instruction stream), but a properly tagged pointer instead. Motivation behind this is the ability to treat this field regularly as part of escape analysis in the optimizing compiler. Also simplifies the object visitation for JSFunction objects. R=bmeurer@chromium.org Change-Id: Ib53a3fc5f3d783a6fed06dbcab319f5568632acc Reviewed-on: https://chromium-review.googlesource.com/577890 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#46844}
-
Jaideep Bajwa authored
Port 040fa06f Port 659e8f7b R=neis@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:6048 LOG=N Change-Id: Id3030a64d462344eb8612f8009b0c8e15a5edcb9 Reviewed-on: https://chromium-review.googlesource.com/581744Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#46843}
-
Michael Lippautz authored
The barrier assumed that the number of tasks is fixed. However, we cannot rely on that because other tasks might take up threads. In the ein thend this would result in the Scavenge task being (rightfully) cancelled. The barrier now assumes no tasks in the beginning and relies on the fact that reaching the barrier means that no global work is left. Tasks that lag behing will just observe the barrier being in its end state. Bug: chromium:738865 Change-Id: I4d47e8ec4b9cf7c615b3d9585e4a6bb9d271d409 Reviewed-on: https://chromium-review.googlesource.com/582947Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#46842}
-
Igor Sheludko authored
This reverts commit 3d023952. Reason for revert: breaks gcc build Original change's description: > [runtime] Make JSFunction::prototype_or_initial_map field optional. > > Functions that don't have prototype need to store neither prototype nor > initial map, so the |prototype_or_initial_map| field is not required for > such maps. > > Bug: v8:6459 > Change-Id: I4b3066bd6a4fed42c19f217bae82a8bce552bdca > Reviewed-on: https://chromium-review.googlesource.com/570250 > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46840} TBR=jkummerow@chromium.org,jarin@chromium.org,ishell@chromium.org Change-Id: Ie9951c87b15c8bd365ed187d7f719b8f08dd0bb5 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6459 Reviewed-on: https://chromium-review.googlesource.com/583088Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#46841}
-
Igor Sheludko authored
Functions that don't have prototype need to store neither prototype nor initial map, so the |prototype_or_initial_map| field is not required for such maps. Bug: v8:6459 Change-Id: I4b3066bd6a4fed42c19f217bae82a8bce552bdca Reviewed-on: https://chromium-review.googlesource.com/570250Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#46840}
-
Jaroslav Sevcik authored
Bug: v8:5717 Change-Id: Iff5b71b9e27b3e4a790118cbd4877b4460d07b1d Reviewed-on: https://chromium-review.googlesource.com/582810 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#46839}
-
Peter Marshall authored
Increase from 2^28 - 16 to 2^30 - 25 for 64-bit platforms. Bug: v8:6148 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I3529d7ed757a7ab49a001af8641cf888db171cdb Reviewed-on: https://chromium-review.googlesource.com/570047Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#46838}
-
jgruber authored
Now that literal allocation is inlined, it is possible to optimize out regexp literal allocation completely. If a lazy deopt is triggered in that situation, the deoptimizer needs to know how to materialize regexp objects. Bug: v8:6605,v8:6556,chromium:747825 Change-Id: Id491053f8e64fec16540efbfdc6c7c524da3e080 Reviewed-on: https://chromium-review.googlesource.com/582609Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#46837}
-
Michael Lippautz authored
- Avoids allocations when adding entries to the global pool - Avoids taking the lock when not working on the global pool Bug: Change-Id: I380b91d8fed2cab95fd84c4a3f4144cc8d6de86d Reviewed-on: https://chromium-review.googlesource.com/582691 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#46836}
-
Ulan Degenbaev authored
Currently GC decrements the external memory counter directly bypassing the AdjustAmountOfExternalMemory. This is inconsistent with array buffer allocation, which actually uses the API to increment the counter. Change-Id: I401087872213fdd60f1a40c99c8f459c14dc0608 Reviewed-on: https://chromium-review.googlesource.com/582008Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#46835}
-
Michael Starzinger authored
This adds handling for exceptional control projections when lowering calls to {Array.prototype.forEach} in the call reducer. R=jarin@chromium.org TEST=mjsunit/optimized-foreach BUG=v8:1956 Change-Id: I282048b203814cbc1c90df983879578b210f92fb Reviewed-on: https://chromium-review.googlesource.com/574542 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#46834}
-
Yang Guo authored
This reverts commit 990dd947. Reason for revert: <INSERT REASONING HERE> Original change's description: > Introduce HASH_TABLE_TYPE instance type. > > This is so that we can distinguish hash tables by instance type. We can > then introduce maps for each kind of hash tables to further distinguish. > > R=mstarzinger@chromium.org > > Bug: v8:6593 > Change-Id: I1a532884758e571abdfe2e2743fc5ea611d12f7e > Reviewed-on: https://chromium-review.googlesource.com/581009 > Commit-Queue: Yang Guo <yangguo@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46828} TBR=yangguo@chromium.org,mstarzinger@chromium.org Change-Id: Ia47d408e5cf47983940227b4cc445a704d7f8d19 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6593 Reviewed-on: https://chromium-review.googlesource.com/581493Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#46833}
-
Benedikt Meurer authored
Properly hook up the (existing) IC slots for the CallWithSpread and ConstructWithSpread bytecodes, and change the interpreter to collect feedback (call counts and regular target function feedback) for those. There's no integration with the Array constructor yet, since that requires some yak shaving to thread through the AllocationSite to the Array constructor stub. Once we have a solution for that, we can also remove the current code duplication in the Call/Construct IC logic. Also properly hook up the newly available feedback in TurboFan. This will fix not only the missing target feedback, but more importantly the tear-up decisions for optimization are correct now in the presence of spread calls, and even more importantly the inlining heurstic has proper call frequencies for those. Some follow-up changes will be necessary to make sure we use the feedback even for corner cases that aren't handled properly yet. Also we should consider collecting feedback about the map of the spread at some point to be able to always inline the spread calls. Bug: v8:6399, v8:6527, v8:6630 Change-Id: I818dbcb411fd3951d8e9d31f5d7e794f8d60fa00 Reviewed-on: https://chromium-review.googlesource.com/582647Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#46832}
-
jgruber authored
Bytecode handlers are technically not builtins, but very similar to CSA builtins in most respects (CSA-generated code, currently included in the snapshot and deserialized for every isolate). This prints bytecode handler sizes (in addition to standard CSA builtin sizes) when --print-builtin-size is passed. Bug: Change-Id: Ibd78422c5138b77ccf298f97c7c1fc1b73a3a09b Reviewed-on: https://chromium-review.googlesource.com/581191 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#46831}
-
Igor Sheludko authored
... in order to avoid the need to update field types through elements kind transitions. Bug: chromium:738763, chromium:745844 Change-Id: I9f0e7f321e7f44ab5b36c06dd4c5633611370807 Reviewed-on: https://chromium-review.googlesource.com/581647Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#46830}
-
Jaroslav Sevcik authored
Change-Id: I8a1e53d1836f4c68f571d397c35dd6f091e68076 Reviewed-on: https://chromium-review.googlesource.com/577537Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#46829}
-
Yang Guo authored
This is so that we can distinguish hash tables by instance type. We can then introduce maps for each kind of hash tables to further distinguish. R=mstarzinger@chromium.org Bug: v8:6593 Change-Id: I1a532884758e571abdfe2e2743fc5ea611d12f7e Reviewed-on: https://chromium-review.googlesource.com/581009 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#46828}
-
Jaroslav Sevcik authored
Bug: v8:5717 Change-Id: I2c3304070529272e84060bd625bf52a1a91203b5 Reviewed-on: https://chromium-review.googlesource.com/581490Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#46827}
-
Igor Sheludko authored
This reverts commit 6e27386d. Reason for revert: There will be another much simpler and back-mergeable fix. Original change's description: > Reland "[runtime] Add shortcuts for elements kinds transitions." > > This is a reland of b90e83f5 > Original change's description: > > [runtime] Add shortcuts for elements kinds transitions. > > > > The shortcuts ensure that field type generalization is properly > > propagated in the transition graph. > > > > Bug: chromium:738763 > > Change-Id: Id701a6f95ed6ea093c707fbe0bac228f1f856e9f > > Reviewed-on: https://chromium-review.googlesource.com/567992 > > Commit-Queue: Igor Sheludko <ishell@chromium.org> > > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#46622} > > Bug: chromium:738763, chromium:742346, chromium:742381, chromium:745844 > Change-Id: I93974e3906b2c7710bd525f15037a2dd97f263ad > Reviewed-on: https://chromium-review.googlesource.com/575227 > Commit-Queue: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46759} TBR=ulan@chromium.org,jkummerow@chromium.org,ishell@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: chromium:738763, chromium:742346, chromium:742381, chromium:745844 Change-Id: I203dc748c47db554e0a86d61f0e2b7b8b96f2370 Reviewed-on: https://chromium-review.googlesource.com/581547 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#46826}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/277effe..d9a25a7 TBR=machenbach@chromium.org,hablich@chromium.org Change-Id: I34d9dab2d4ae63e589b7a4af78438fce4d8e71f3 Reviewed-on: https://chromium-review.googlesource.com/581890Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#46825}
-
- 22 Jul, 2017 2 commits
-
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/995d759..277effe Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/d8bc21b..b5d2ffa Rolling v8/tools/gyp: https://chromium.googlesource.com/external/gyp/+log/eb296f6..d61a939 TBR=machenbach@chromium.org,hablich@chromium.org Change-Id: Ied3febaf622d126652b35249010b7b5785352cf8 Reviewed-on: https://chromium-review.googlesource.com/581710Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#46824}
-
Michael Achenbach authored
This reverts commit b2bf43d5. Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/14149 Original change's description: > [runtime] Load only 10 bits as PropertyArray length > > Bug: v8:6404 > Change-Id: I187f20006c14aab4a36e2bfef31ca68ebb249e43 > Reviewed-on: https://chromium-review.googlesource.com/576516 > Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46822} TBR=ulan@chromium.org,jkummerow@chromium.org,mstarzinger@chromium.org,cbruni@chromium.org,gsathya@chromium.org Change-Id: If55b65f040a5a541726e39c35c12e3a5731aa744 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6404 Reviewed-on: https://chromium-review.googlesource.com/582607Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#46823}
-
- 21 Jul, 2017 15 commits
-
-
Sathya Gunasekaran authored
Bug: v8:6404 Change-Id: I187f20006c14aab4a36e2bfef31ca68ebb249e43 Reviewed-on: https://chromium-review.googlesource.com/576516 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#46822}
-
Mircea Trofin authored
This change gets the streaming compile APIs closer to their final shape, by moving to a promise-based design. Bug: chromium:747396 Bug: v8:6619 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Ifd22ff83c79391a0f2a8ec2e5af39f71df1ea1c2 Reviewed-on: https://chromium-review.googlesource.com/581412 Commit-Queue: Brad Nelson <bradnelson@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#46821}
-
Caitlin Potter authored
Simplify the model for generating Awaits, because the resume point is always immediately following the suspend point, and registers used are always the same for both operations. Includes a minor refactoring of BytecodeGenerator::VisitYield() to perform iterator result creation before the SuspendGenerator bytecode, rather than between SuspendGenerator and Return. This adds a small number of bytecodes for each yield. BUG=v8:2355, v8:5855 Change-Id: I4868b89a6bc1b251f887d2a45890c8fa19f7b089 Reviewed-on: https://chromium-review.googlesource.com/576286Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Caitlin Potter <caitp@igalia.com> Cr-Commit-Position: refs/heads/master@{#46820}
-
Ulan Degenbaev authored
This reverts commit a9428d52. Original change's description: > [heap, runtime] Fix data race in prototype map transition during > concurrent marking. > > BUG=chromium:694255 > > Change-Id: I172167623e9deab692fb506d7d4211d210b09a80 > Reviewed-on: https://chromium-review.googlesource.com/579092 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46813} Change-Id: Ib4b4b989620800ce8a4f4247e4dae2a88c186be9 Reviewed-on: https://chromium-review.googlesource.com/581194Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#46819}
-
jgruber authored
This refactors logic for handling IfStatement and Conditional nodes (including block-coverage related slot and counter creation) into a new control-flow builder. Bug: v8:6000 Change-Id: Ib5b1724bdf8571fb55d310be79cc60dcf5473b81 Reviewed-on: https://chromium-review.googlesource.com/579509Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#46818}
-
Ross McIlroy authored
This reverts commit 69c8f16d. Reason for revert: Causing crashes on Clusterfuzz - http://crbug.com/747154 BUG=chromium:747154 Original change's description: > [Turbofan] Merged the OSR phase into the graph building phase. > > Now the OSR phase is only used when OSRing from the ast graph builder. > When OSRing from Turbofan, the implementation is now in the graph > building phase, at the beginning of the VisitBytecode function. > We are no longer generating any OSRLoopEntry or OSRNormalEntry nodes, > nor nodes for the possible code of the OSRed function which is before > the OSRed loops. > > The trimming and reducing of the OSR phase is not done either. This > change in the way the way the OSR is done enabled to remove the > workaround to the bug mentioned below. > > Bug: v8:6112 > Bug: v8:6518 > Change-Id: I1c9231810b923486d55ea618d550d981d695d797 > Reviewed-on: https://chromium-review.googlesource.com/543042 > Commit-Queue: Alexandre Talon <alexandret@google.com> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46801} TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,leszeks@chromium.org,alexandret@google.com Change-Id: Ifa9bf5d86e888a47cad7fb10446b36fda5029604 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6112, v8:6518 Reviewed-on: https://chromium-review.googlesource.com/581288Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#46817}
-
Ulan Degenbaev authored
when black allocation is on. The scenario: 1) Incremental marking is off. 2) Partial deserialization starts and calls Heap::ReserveSpace. 2) ReserveSpace creates (white) reservations in old space. 3) ReserveSpace allocates map placeholders. One of these allocations starts incremental marking, which starts black allocation (currently when concurrent marking is on). Subsequent maps are black allocated. 4) ReserveSpace succeeds without triggering a GC. 5) Deserialization continues. Some maps are black. Note that deserialization emits only old->new write barriers and skips marking write barriers. 6) Deserialization finishes and re-visits the black allocated reservations and large object. This misses black allocated maps. 7) There is black->white descriptor array pointer in one of these map. BUG=chromium:723600 Change-Id: Ifffe46f22a7d7dbc5cff2e882190234fcc722ccb Reviewed-on: https://chromium-review.googlesource.com/581187 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#46816}
-
Ulan Degenbaev authored
This reverts commit b2d1f272. Reason for revert: assertion failure Original change's description: > [heap, runtime] Fix data race in prototype map transition during > concurrent marking. > > BUG=chromium:694255 > > Change-Id: I172167623e9deab692fb506d7d4211d210b09a80 > Reviewed-on: https://chromium-review.googlesource.com/579092 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46813} TBR=ulan@chromium.org,ishell@chromium.org Change-Id: Ida5c66c3e880b9a03ffacbc6f32b1d5b2cfc8260 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:694255 Reviewed-on: https://chromium-review.googlesource.com/581287Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#46815}
-
Ross McIlroy authored
Removes the SharedFunctionInfo field from the ParseInfo structure. Instead require a SharedFunctionInfo to be explicitly passed to ParseFunction. Also renames GetUnoptimizedCode to CompileUnoptimizedFunction to make it clear it should only be called for non-top-level code. BUG=v8:5203 Change-Id: Ibce016e6a5290c3685f7f0a2f5fb1eb2df2ffc3b Reviewed-on: https://chromium-review.googlesource.com/574589 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#46814}
-
Ulan Degenbaev authored
concurrent marking. BUG=chromium:694255 Change-Id: I172167623e9deab692fb506d7d4211d210b09a80 Reviewed-on: https://chromium-review.googlesource.com/579092Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#46813}
-
Michael Lippautz authored
The Scavenger is the only consumer of free list entries besides MC evacuation and pretenured allocations. Make use of all size classes for allocation. Bug: chromium:738865 Change-Id: Ieb62c01b41f2aa62222efac91dde4dce2127ff70 Reviewed-on: https://chromium-review.googlesource.com/580409Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#46812}
-
Andreas Haas authored
The class Float32 stores the bit pattern of a float as uint32_t to guarantee that the exact bit pattern of the contained value is preserved. This is necessary because the bit pattern of a NaN may change, e.g. when it is passed as a parameter. For convenience the Float32 class provides a constructor with a float parameter. Since this constructor cannot guarantee that the right bit pattern will be stored for NaNs, this CL adds a DCHECK now to make sure that the constructor is never used with a NaN. R=mstarzinger@chromium.org Change-Id: Iba85a5a1bb2778d5f8bdc1aad97524ef8369b73d Reviewed-on: https://chromium-review.googlesource.com/579367 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#46811}
-
Ross McIlroy authored
After moving the shared function info creation to be during unoptmized compile finalization the --print-bytecode flag caused a crash by trying to access the shared function info before it was created. This CL fixes it. BUG=v8:5203 Change-Id: I82c0431bace51aa44154c55ad4bebde897f7a39e Reviewed-on: https://chromium-review.googlesource.com/579769Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#46810}
-
Yang Guo authored
And alpha-sort some lists. R=jgruber@chromium.org Change-Id: I01fcf01cf8e1eb1e6c99202156c1013e92bf4e7e Reviewed-on: https://chromium-review.googlesource.com/579711 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#46809}
-
jgruber authored
Move block coverage slot creation into BreakableControlFlowBuilder for Switch/Loop/Block constructs. Bug: v8:6000 Change-Id: I4fa7fdb2ffbb56fd1016c22741458c103b42219c Reviewed-on: https://chromium-review.googlesource.com/571808 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#46808}
-