mvstanton [Mon, 30 Mar 2015 09:19:58 +0000 (02:19 -0700)]
Ensure object literal element boilerplates aren't modified.
A bug allows JSObject literals with elements to have the elements in the
boilerplate modified.
BUG=466993
LOG=N
Review URL: https://codereview.chromium.org/
1037273002
Cr-Commit-Position: refs/heads/master@{#27511}
dcarney [Mon, 30 Mar 2015 09:15:54 +0000 (02:15 -0700)]
ensure maybe results are checked in v8.h
also some drive-by handlescope fixes in api.cc
R=svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1040043002
Cr-Commit-Position: refs/heads/master@{#27510}
bmeurer [Mon, 30 Mar 2015 07:33:46 +0000 (00:33 -0700)]
[turbofan] Add backend support for float32 operations.
This adds the basics necessary to support float32 operations in TurboFan.
The actual functionality required to detect safe float32 operations will
be added based on this later. Therefore this does not affect production
code except for some cleanup/refactoring.
In detail, this patchset contains the following features:
- Add support for float32 operations to arm, arm64, ia32 and x64
backends.
- Add float32 machine operators.
- Add support for float32 constants to simplified lowering.
- Handle float32 representation for phis in simplified lowering.
In addition, contains the following (related) cleanups:
- Fix/unify naming of backend instructions.
- Use AVX comparisons when available.
- Extend ArchOpcodeField to 9 bits (required for arm64).
- Refactor some code duplication in instruction selectors.
BUG=v8:3589
LOG=n
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/
1044793002
Cr-Commit-Position: refs/heads/master@{#27509}
svenpanne [Mon, 30 Mar 2015 06:28:35 +0000 (23:28 -0700)]
Added %_NewConsString intrinsic.
No compiler support for now (BTW: %_NewString, doesn't have that,
either), inline allocation will come later. Hopefully the last
intrisic to add for a StringAddStub POC...
Review URL: https://codereview.chromium.org/
1041723002
Cr-Commit-Position: refs/heads/master@{#27508}
jkummerow [Sat, 28 Mar 2015 18:04:03 +0000 (11:04 -0700)]
Reland^2 "Filter invalid slots out from the SlotsBuffer after marking."
And reland "Use a slot that is located on a heap page when removing
invalid entries from the SlotsBuffer."
This reverts commits
de018fbda32e8ac57d8440e8fe6c3d3386bb9b11 and
d23a9f7a3e509bd405e1e4b0b851e463a4a736c2.
Reason for relanding: looking fine on Canary, let's get these fixes back in.
BUG=chromium:454297,chromium:470801
LOG=y
TBR=ishell@chromium.org
Review URL: https://codereview.chromium.org/
1043703003
Cr-Commit-Position: refs/heads/master@{#27507}
michael_dawson [Fri, 27 Mar 2015 21:58:47 +0000 (14:58 -0700)]
PPC: Serializer: move to a subfolder and clean up includes.
Port
019096f82915b68a22807f683b878e42517a3cab
Original commit message:
R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1036273003
Cr-Commit-Position: refs/heads/master@{#27506}
baptiste.afsa [Fri, 27 Mar 2015 21:57:41 +0000 (14:57 -0700)]
[turbofan][arm64] Use immediates instead of MiscField for stack operations.
This avoid to depend on MiscField to be big enough to hold the offset/size.
This patch also remove the Arm64PokePair which is no longer used.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/
1039753002
Cr-Commit-Position: refs/heads/master@{#27505}
dusan.milosavljevic [Fri, 27 Mar 2015 21:56:34 +0000 (14:56 -0700)]
MIPS64: Tweak constants used in serialization process to reflect real state.
We do not need to step one instruction further since we do not use Jr to J
optimization anymore for mips64.
TEST=
BUG=
Review URL: https://codereview.chromium.org/
1041833002
Cr-Commit-Position: refs/heads/master@{#27504}
ishell [Fri, 27 Mar 2015 21:55:27 +0000 (14:55 -0700)]
This fixes missing incremental write barrier issue when double fields unboxing is enabled.
This CL also adds useful machinery that helps triggering incremental write barriers.
BUG=chromium:469146
LOG=Y
Review URL: https://codereview.chromium.org/
1039733003
Cr-Commit-Position: refs/heads/master@{#27503}
dslomov [Fri, 27 Mar 2015 18:33:09 +0000 (11:33 -0700)]
Make sure debugger is ready for breakpoins when we process 'debugger' statement.
On 'debugger' statement, if anything in debugger calls 'EnsureDebugInfo'
on a function, EnsureDebugInfo would compile and substitute code without
debug break slots. This causes weird behavior later when stepping fails
to work (see added test as an example).
This fix is to make sure the debugger is prepared for breakpoints in
that case as well.
Also adds extra testing for bug 468661.
R=yangguo@chromium.org,yurys@chromium.orh
BUG=v8:3990,chromium:468661
LOG=N
Review URL: https://codereview.chromium.org/
1032353002
Cr-Commit-Position: refs/heads/master@{#27502}
yangguo [Fri, 27 Mar 2015 15:28:55 +0000 (08:28 -0700)]
Serializer: move to a subfolder and clean up includes.
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/
1041743002
Cr-Commit-Position: refs/heads/master@{#27501}
michael_dawson [Fri, 27 Mar 2015 13:30:31 +0000 (06:30 -0700)]
PPC64: Fix return value checks for generated regexp code.
This fixes simulated debug-mode failures in the following tests:
mjsunit/regexp-stack-overflow
mjsunit/regress/regress-crbug-467047
R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1035003002
Cr-Commit-Position: refs/heads/master@{#27500}
dusan.milosavljevic [Fri, 27 Mar 2015 11:31:12 +0000 (04:31 -0700)]
MIPS64 [turbofan]: Fix AssembleSwap for double stack slots.
TEST=mjsunit/compiler/regress-3, osr-maze1
BUG=
Review URL: https://codereview.chromium.org/
1038173003
Cr-Commit-Position: refs/heads/master@{#27499}
dcarney [Fri, 27 Mar 2015 10:12:50 +0000 (03:12 -0700)]
fix reconfigure of indexed integer exotic objects
R=verwaest@chromium.org
BUG=466084
LOG=N
Review URL: https://codereview.chromium.org/
1037213002
Cr-Commit-Position: refs/heads/master@{#27498}
svenpanne [Fri, 27 Mar 2015 10:06:43 +0000 (03:06 -0700)]
Add %_IncrementStatsCounter intrinsic.
Review URL: https://codereview.chromium.org/
1031383002
Cr-Commit-Position: refs/heads/master@{#27497}
mvstanton [Fri, 27 Mar 2015 09:52:20 +0000 (02:52 -0700)]
perf-to-html.py - render JSON try perf jobs in a pleasing way.
Convert a perf trybot JSON file into a pleasing HTML page. It can read
from standard input or via the --filename option. Examples:
cat results.json | perf-to-html.py --title "ia32 results"
perf-to-html.py -f results.json -t "ia32 results" -o results.html
Options:
-h, --help show this help message and exit
-f FILENAME, --filename=FILENAME
Specifies the filename for the JSON results rather
than reading from stdin.
-t TITLE, --title=TITLE
Optional title of the web page.
-o OUTPUT, --output=OUTPUT
Write html output to this file rather than stdout.
R=machenbach@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1033603004
Cr-Commit-Position: refs/heads/master@{#27496}
yangguo [Fri, 27 Mar 2015 09:11:51 +0000 (02:11 -0700)]
Revert of [turbofan][arm64] Match fneg for -0.0 - x pattern. (patchset #1 id:1 of https://codereview.chromium.org/
1013743006/)
Reason for revert:
Revert due to crash.
Original issue's description:
> [turbofan][arm64] Match fneg for -0.0 - x pattern.
>
> Note that this patch add an extra bit to the ArchOpcodeField.
>
> R=bmeurer@chromium.org
>
> Committed: https://crrev.com/
fe7441225100660d01e66ce3bcaefe368f62df81
> Cr-Commit-Position: refs/heads/master@{#27494}
TBR=bmeurer@chromium.org,baptiste.afsa@arm.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/
1041633002
Cr-Commit-Position: refs/heads/master@{#27495}
baptiste.afsa [Fri, 27 Mar 2015 08:32:19 +0000 (01:32 -0700)]
[turbofan][arm64] Match fneg for -0.0 - x pattern.
Note that this patch add an extra bit to the ArchOpcodeField.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/
1013743006
Cr-Commit-Position: refs/heads/master@{#27494}
hpayer [Fri, 27 Mar 2015 08:00:40 +0000 (01:00 -0700)]
Simplified garbage collection idle handler.
The current GC idle time handling heuristics are getting too complicated. Moreover, with longer idle time we are getting more full garbage collections. This CL shrinks the idle round window and reduces complexity in the case where we cause a full garbage collection.
BUG=chromium:468554
LOG=n
Review URL: https://codereview.chromium.org/
1024043003
Cr-Commit-Position: refs/heads/master@{#27493}
hpayer [Fri, 27 Mar 2015 07:59:34 +0000 (00:59 -0700)]
Print PID and time since start when tracing idle notification events.
BUG=
Review URL: https://codereview.chromium.org/
1039153002
Cr-Commit-Position: refs/heads/master@{#27492}
ishell [Fri, 27 Mar 2015 06:50:56 +0000 (23:50 -0700)]
Revert of Reland "Filter invalid slots out from the SlotsBuffer after marking." (patchset #2 id:2 of https://codereview.chromium.org/
1032833002/)
Reason for revert:
Reverting risky GC changes that block v8 roll.
Original issue's description:
> Reland "Filter invalid slots out from the SlotsBuffer after marking."
>
> > There are two reasons that could cause invalid slots appearance in SlotsBuffer:
> > 1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
> > 2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
>
> > This CL also adds useful machinery that helps triggering incremental write barriers.
>
> > BUG=chromium:454297
> > LOG=Y
>
> NOTRY=true
>
> Committed: https://crrev.com/
f86aadd1d45c756467dff8e08a055b462d7a060b
> Cr-Commit-Position: refs/heads/master@{#27433}
TBR=machenbach@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/
1041593002
Cr-Commit-Position: refs/heads/master@{#27491}
ishell [Fri, 27 Mar 2015 06:34:30 +0000 (23:34 -0700)]
Revert of Use a slot that is located on a heap page when removing invalid entries from the SlotsBuffer. (patchset #1 id:1 of https://codereview.chromium.org/
1020853022/)
Reason for revert:
Reverting risky GC changes that block v8 roll.
Original issue's description:
> Use a slot that is located on a heap page when removing invalid entries from the SlotsBuffer.
>
> BUG=chromium:470801
> LOG=Y
>
> Committed: https://crrev.com/
2f3a42f9a1d66ffc9d260d9700ff831c3aa1cd41
> Cr-Commit-Position: refs/heads/master@{#27467}
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:470801
Review URL: https://codereview.chromium.org/
1033163002
Cr-Commit-Position: refs/heads/master@{#27490}
paul.lind [Thu, 26 Mar 2015 22:50:54 +0000 (15:50 -0700)]
MIPS64: [turbofan] Fix loading of JSFunction from activation in case of adapter frame.
Use 64-bit load.
BUG=
Review URL: https://codereview.chromium.org/
1037863003
Cr-Commit-Position: refs/heads/master@{#27489}
michael_dawson [Thu, 26 Mar 2015 22:11:53 +0000 (15:11 -0700)]
PPC64: [turbofan] Fix DCHECK in AssembleSwap.
Fixes these tests in PPC,debug,non-sim
mjsunit/compiler/osr-maze1
mjsunit/compiler/regress-3
mjsunit/regress/regress-crbug-173907
mjsunit/regress/regress-crbug-
173907b
R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1038923003
Cr-Commit-Position: refs/heads/master@{#27488}
sergiyb [Thu, 26 Mar 2015 20:27:55 +0000 (13:27 -0700)]
Removed default value for project_bases
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/
1034153003
Cr-Commit-Position: refs/heads/master@{#27487}
michael_dawson [Thu, 26 Mar 2015 18:23:39 +0000 (11:23 -0700)]
PPC: [turbofan] Fix loading of JSFunction from activation in case of adapter frame.
Port
ebc51674766dd5b17ebbfadf4a35c514ab638a5f
Original commit message:
R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1016003005
Cr-Commit-Position: refs/heads/master@{#27486}
erikcorry [Thu, 26 Mar 2015 16:53:47 +0000 (09:53 -0700)]
Disable test on deopt fuzzer that uses a little too much memory
R=ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1032373002
Cr-Commit-Position: refs/heads/master@{#27485}
chunyang.dai [Thu, 26 Mar 2015 16:16:09 +0000 (09:16 -0700)]
Update the parameters of VisitSwitch function for turbofan unsupported platform.
This change comes from
a6940f7aa3d7dc36e2c8713d11daccdf6837371b.
BUG=
Review URL: https://codereview.chromium.org/
1031253005
Cr-Commit-Position: refs/heads/master@{#27484}
ulan [Thu, 26 Mar 2015 15:54:51 +0000 (08:54 -0700)]
Revert "Reland "Allow compaction when incremental marking is on.""
This reverts commit
89ba65fd4970130eea02b675e448a8219ae3d0dd.
Reason: crash in v8.detached_context_age_in_gc benchmark.
BUG=chromium:450824
LOG=NO
NOTRY=true
NOTREECHECKS=true
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/
1034203002
Cr-Commit-Position: refs/heads/master@{#27483}
dcarney [Thu, 26 Mar 2015 15:21:54 +0000 (08:21 -0700)]
add access checks to receivers on function callbacks
R=verwaest@chromium.org
BUG=468451
LOG=N
Review URL: https://codereview.chromium.org/
1036743004
Cr-Commit-Position: refs/heads/master@{#27482}
mstarzinger [Thu, 26 Mar 2015 15:04:39 +0000 (08:04 -0700)]
Fix broken JSFunction::is_compiled predicate.
The aforementioned predicate reported a JSFunction that was marked for
optimization as already compiled. This in turn also prevented us from
being aggressive about FLAG_always_opt treatment.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/
1019293003
Cr-Commit-Position: refs/heads/master@{#27481}
balazs.kilvady [Thu, 26 Mar 2015 15:01:04 +0000 (08:01 -0700)]
MIPS: Fix [turbofan] Factor out common switch-related code in instruction selectors.
BUG=
Review URL: https://codereview.chromium.org/
1019923004
Cr-Commit-Position: refs/heads/master@{#27480}
jochen [Thu, 26 Mar 2015 13:29:27 +0000 (06:29 -0700)]
Add CHECKs when updating pointers from the slots and store buffers
We want to verify that we always overwrite heap objects with heap
objects, and non-heap objects with non-heap objects
BUG=chromium:452095
R=hpayer@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/
1035763002
Cr-Commit-Position: refs/heads/master@{#27479}
chunyang.dai [Thu, 26 Mar 2015 13:06:47 +0000 (06:06 -0700)]
X87: Switch full-codegen from StackHandlers to handler table.
port
38a719f965d0a83ddac04392d5b9c5abe214281c (r27440)
original commit message:
This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.
Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).
On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).
BUG=
Review URL: https://codereview.chromium.org/
1030283003
Cr-Commit-Position: refs/heads/master@{#27478}
mstarzinger [Thu, 26 Mar 2015 12:30:43 +0000 (05:30 -0700)]
[debugger] Make Runtime_DebugEvaluate safe for reentry.
Only one FrameInspector can be active at a time on any given stack,
this ensures that it's lifetime is sufficiently scoped.
R=yangguo@chromium.org
TEST=mjsunit/regress/regress-crbug-259300
Review URL: https://codereview.chromium.org/
1034743002
Cr-Commit-Position: refs/heads/master@{#27477}
jochen [Thu, 26 Mar 2015 11:58:31 +0000 (04:58 -0700)]
Don't start marking while sweeping
BUG=none
R=hpayer@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/
1032963002
Cr-Commit-Position: refs/heads/master@{#27476}
dcarney [Thu, 26 Mar 2015 11:50:16 +0000 (04:50 -0700)]
two pass phantom collection
R=jochen@chromium.org, erikcorry@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
998253006
Cr-Commit-Position: refs/heads/master@{#27475}
pcc [Thu, 26 Mar 2015 11:40:51 +0000 (04:40 -0700)]
Use a different variant of CpuFeatures::FlushICache asm with clang.
This variant avoids a constant pool entry, which can be problematic
when LTO'ing. It is also slightly shorter.
R=bmeurer@chromium.org,Jacob.Bramley@arm.com
BUG=chromium:453195
LOG=n
Review URL: https://codereview.chromium.org/
986643004
Cr-Commit-Position: refs/heads/master@{#27474}
verwaest [Thu, 26 Mar 2015 11:21:52 +0000 (04:21 -0700)]
Remove CanRetainOtherContext since embedded objects are now weak.
Instead of CanRetainOtherContext, we now manually blacklist all access-checked objects.
BUG=
Review URL: https://codereview.chromium.org/
1020803004
Cr-Commit-Position: refs/heads/master@{#27473}
yangguo [Thu, 26 Mar 2015 10:43:37 +0000 (03:43 -0700)]
Revert of Revert of Debugger: deduplicate shared function info when setting script break points. (patchset #1 id:1 of https://codereview.chromium.org/
999273003/)
Reason for revert:
Reland since the failure has been fixed in https://codereview.chromium.org/
1035523005/
Original issue's description:
> Revert of Debugger: deduplicate shared function info when setting script break points. (patchset #4 id:60001 of https://codereview.chromium.org/
998253005/)
>
> Reason for revert:
> Code caching failures.
>
> Original issue's description:
> > Debugger: deduplicate shared function info when setting script break points.
> >
> > Also fix Debug.showBreakPoints for multiple break points at the same location.
> >
> > BUG=v8:3960
> > LOG=N
> >
> > Committed: https://crrev.com/
73b17a71a22564c0b66d9aa7c00948c748f5b290
> > Cr-Commit-Position: refs/heads/master@{#27444}
>
> TBR=mstarzinger@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:3960
>
> Committed: https://crrev.com/
9b29d008dfcc00bf56be8040add1d2c5e404673b
> Cr-Commit-Position: refs/heads/master@{#27448}
TBR=mstarzinger@chromium.org
BUG=v8:3960
LOG=N
Review URL: https://codereview.chromium.org/
1037013002
Cr-Commit-Position: refs/heads/master@{#27472}
yangguo [Thu, 26 Mar 2015 09:50:34 +0000 (02:50 -0700)]
Serializer: ensure unique script ids when deserializing.
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/
1035523005
Cr-Commit-Position: refs/heads/master@{#27471}
titzer [Thu, 26 Mar 2015 09:38:11 +0000 (02:38 -0700)]
[turbofan]: Integrate basic type feedback for property accesses.
BUG=
Review URL: https://codereview.chromium.org/
1021713005
Cr-Commit-Position: refs/heads/master@{#27470}
titzer [Thu, 26 Mar 2015 09:17:57 +0000 (02:17 -0700)]
[turbofan] Enable OSR.
R=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1037913002
Cr-Commit-Position: refs/heads/master@{#27469}
titzer [Thu, 26 Mar 2015 09:08:45 +0000 (02:08 -0700)]
[turbofan] Factor out common switch-related code in instruction selectors.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1019803005
Cr-Commit-Position: refs/heads/master@{#27468}
ishell [Thu, 26 Mar 2015 09:00:16 +0000 (02:00 -0700)]
Use a slot that is located on a heap page when removing invalid entries from the SlotsBuffer.
BUG=chromium:470801
LOG=Y
Review URL: https://codereview.chromium.org/
1020853022
Cr-Commit-Position: refs/heads/master@{#27467}
yurys [Thu, 26 Mar 2015 08:49:52 +0000 (01:49 -0700)]
Return timestamp of the last recorded interval to the caller of HeapProfiler::GetHeapStats
Before this patch the embedder could assign timestamp to the last interval after calling GetHeapStats. This would be slightly different from the timstamps assigned by v8 internally and written into heap snapshot. This patch allow to avoid this small discrepancy by returning timestamp along with last heap stats update.
BUG=chromium:467222
LOG=Y
Review URL: https://codereview.chromium.org/
1037803002
Cr-Commit-Position: refs/heads/master@{#27466}
svenpanne [Thu, 26 Mar 2015 08:36:28 +0000 (01:36 -0700)]
Add full TurboFan support for accessing SeqString contents.
LOG=n
Review URL: https://codereview.chromium.org/
1013753016
Cr-Commit-Position: refs/heads/master@{#27465}
yangguo [Thu, 26 Mar 2015 08:15:32 +0000 (01:15 -0700)]
Debugger: remove unused JS Debugger API.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/
1005053004
Cr-Commit-Position: refs/heads/master@{#27464}
michael_dawson [Thu, 26 Mar 2015 08:06:41 +0000 (01:06 -0700)]
Fix host_arch detection for AIX and one new warning as error
The value returned on AIX for platform.machine() is not the
best value to map the architecture from. Use platform.system
to determine if we are on AIX and if so set host_arch to
ppc64 as AIX 6.1 (the earliest supported) only provides a
64 bit kernel
AIX was reporting warning that offset may be used uninitialized
modified: build/detect_v8_host_arch.py
modified: build/standalone.gypi
modified: src/hydrogen-bce.cc
R=mbrandy@us.ibm.com, jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1006583004
Cr-Commit-Position: refs/heads/master@{#27463}
v8-autoroll [Thu, 26 Mar 2015 07:29:13 +0000 (00:29 -0700)]
Update V8 DEPS.
Rolling v8/tools/clang to
ea2f0a2d96ffc6f5a51c034db704ccc1a6543156
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/
1032223004
Cr-Commit-Position: refs/heads/master@{#27462}
chunyang.dai [Thu, 26 Mar 2015 02:52:59 +0000 (19:52 -0700)]
X87: VectorICs: keyed element loads were kicking out non-smi keys unnecessarily
port
6689cc27ebe60685c025de9ae1f09919093f8213 (r27377)
original commit message:
Handlers should be in charge of this work. The change uncovered a bug in
vector-ics related to keyed loads into strings. It's important for
StringCharCodeAtGenerator, a helper used in full code and in
LoadIndexedStringStub (a handler) to protect the vector and slot registers
when it makes a runtime call to convert a HeapNumber to a Smi.
It's still possible for the handler to MISS after this call, perhaps due
to out of bounds access. In that case, the vector and slot registers need
to be delivered safely to the MISS handler.
BUG=
Review URL: https://codereview.chromium.org/
1033733005
Cr-Commit-Position: refs/heads/master@{#27461}
chunyang.dai [Thu, 26 Mar 2015 02:24:22 +0000 (19:24 -0700)]
X87: [es6] implement Reflect.apply() & Reflect.construct()
port
d21fd15467e16f185e511dbfbaeef7caddfe804a (r27316)
original commit message:
[es6] implement Reflect.apply() & Reflect.construct()
BUG=
Review URL: https://codereview.chromium.org/
1021723006
Cr-Commit-Position: refs/heads/master@{#27460}
chunyang.dai [Thu, 26 Mar 2015 02:11:14 +0000 (19:11 -0700)]
X87: [es6] generate rest parameters correctly for subclass constructors
port
bef80fcfd7e89cadc215f7d10a016a375e346490 (r27344)
original commit message:
[es6] generate rest parameters correctly for subclass constructors
BUG=
Review URL: https://codereview.chromium.org/
1033643002
Cr-Commit-Position: refs/heads/master@{#27459}
kozyatinskiy [Wed, 25 Mar 2015 23:11:01 +0000 (16:11 -0700)]
Reland [V8] Removed SourceLocationRestrict
This method uses in messages.js in GetSourceLine and GetPositionInLine. This methods uses in v8::Message API methods and there is no documentation about it.
Method looks obsolete.
One of the strange side effect is shown by attached issue.
BUG=chromium:468781
TBR=yangguo@chromium.org
LOG=Y
Review URL: https://codereview.chromium.org/
1033973002
Cr-Commit-Position: refs/heads/master@{#27458}
machenbach [Wed, 25 Mar 2015 18:31:36 +0000 (11:31 -0700)]
Revert of add access checks to receivers on function callbacks (patchset #5 id:80001 of https://codereview.chromium.org/
1036743004/)
Reason for revert:
This seems to lead to lots of timeouts of layout tests, e.g.:
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2064/builds/2807
Original issue's description:
> add access checks to receivers on function callbacks
>
> R=verwaest@chromium.org
> BUG=468451
> LOG=N
>
> Committed: https://crrev.com/
255528710b0a128eef7b66827d9ac43e44650ff4
> Cr-Commit-Position: refs/heads/master@{#27452}
TBR=verwaest@chromium.org,dcarney@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=468451
Review URL: https://codereview.chromium.org/
1023783009
Cr-Commit-Position: refs/heads/master@{#27457}
jacob.bramley [Wed, 25 Mar 2015 18:22:11 +0000 (11:22 -0700)]
ARM64: Remove some unused variables.
This fixes warnings on some compilers.
BUG=
Review URL: https://codereview.chromium.org/
1038623002
Cr-Commit-Position: refs/heads/master@{#27456}
titzer [Wed, 25 Mar 2015 18:05:57 +0000 (11:05 -0700)]
Disable some flags on threading tests that will break with --turbo-osr.
R=vogelheim@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1023753008
Cr-Commit-Position: refs/heads/master@{#27455}
titzer [Wed, 25 Mar 2015 17:46:03 +0000 (10:46 -0700)]
[turbofan] Fix loading of JSFunction from activation in case of adapter frame.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1026023004
Cr-Commit-Position: refs/heads/master@{#27454}
michael_dawson [Wed, 25 Mar 2015 17:26:31 +0000 (10:26 -0700)]
PPC: Switch full-codegen from StackHandlers to handler table.
Port
38a719f965d0a83ddac04392d5b9c5abe214281c
Original commit message:
This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.
Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).
On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).
TEST=cctest/test-run-jsexceptions/DeoptTry
R=yangguo@chromium.org, R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1035533004
Cr-Commit-Position: refs/heads/master@{#27453}
dcarney [Wed, 25 Mar 2015 16:16:47 +0000 (09:16 -0700)]
add access checks to receivers on function callbacks
R=verwaest@chromium.org
BUG=468451
LOG=N
Review URL: https://codereview.chromium.org/
1036743004
Cr-Commit-Position: refs/heads/master@{#27452}
ulan [Wed, 25 Mar 2015 15:59:28 +0000 (08:59 -0700)]
Reland "Allow compaction when incremental marking is on."
BUG=chromium:450824
LOG=NO
Review URL: https://codereview.chromium.org/
1038663002
Cr-Commit-Position: refs/heads/master@{#27451}
machenbach [Wed, 25 Mar 2015 15:55:51 +0000 (08:55 -0700)]
Mark test as flaky.
BUG=v8:3838
LOG=n
TBR=ulan@chromium.org
Review URL: https://codereview.chromium.org/
1012993007
Cr-Commit-Position: refs/heads/master@{#27450}
yurys [Wed, 25 Mar 2015 15:32:04 +0000 (08:32 -0700)]
Remove v8::Isolate::ClearInterrupt
The method was deprecated a while ago: https://crrev.com/
87e4bba31eabfd3b12e42b5886dc9da08d2daf13
LOG=Y
BUG=YES
API=Remove v8::Isolate::ClearInterrupt
Review URL: https://codereview.chromium.org/
1032623007
Cr-Commit-Position: refs/heads/master@{#27449}
yangguo [Wed, 25 Mar 2015 15:19:05 +0000 (08:19 -0700)]
Revert of Debugger: deduplicate shared function info when setting script break points. (patchset #4 id:60001 of https://codereview.chromium.org/
998253005/)
Reason for revert:
Code caching failures.
Original issue's description:
> Debugger: deduplicate shared function info when setting script break points.
>
> Also fix Debug.showBreakPoints for multiple break points at the same location.
>
> BUG=v8:3960
> LOG=N
>
> Committed: https://crrev.com/
73b17a71a22564c0b66d9aa7c00948c748f5b290
> Cr-Commit-Position: refs/heads/master@{#27444}
TBR=mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3960
Review URL: https://codereview.chromium.org/
999273003
Cr-Commit-Position: refs/heads/master@{#27448}
mstarzinger [Wed, 25 Mar 2015 15:02:31 +0000 (08:02 -0700)]
[turbofan] Support initial step-in through debugger statement.
This adapts the debugger so that the first break event starting the
stepping process can come from optimized code. TurboFan supports a
debugger statement and hence can be the top-most frame whenever the
Debug::HandleDebugBreak handler is triggered.
R=yangguo@chromium.org
TEST=mjsunit/debug,cctest/test-debug
Review URL: https://codereview.chromium.org/
1038613002
Cr-Commit-Position: refs/heads/master@{#27447}
michael_dawson [Wed, 25 Mar 2015 14:59:13 +0000 (07:59 -0700)]
PPC: Ensure predictable code size at map_check in LCodeGen::DoInstanceOfKnownGlobal.
R=mbrandy@us.ibm.com, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1035723003
Cr-Commit-Position: refs/heads/master@{#27446}
machenbach [Wed, 25 Mar 2015 14:54:47 +0000 (07:54 -0700)]
Fix line breaks in md documentation.
NOTRY=true
Review URL: https://codereview.chromium.org/
1030813003
Cr-Commit-Position: refs/heads/master@{#27445}
yangguo [Wed, 25 Mar 2015 14:53:32 +0000 (07:53 -0700)]
Debugger: deduplicate shared function info when setting script break points.
Also fix Debug.showBreakPoints for multiple break points at the same location.
BUG=v8:3960
LOG=N
Review URL: https://codereview.chromium.org/
998253005
Cr-Commit-Position: refs/heads/master@{#27444}
balazs.kilvady [Wed, 25 Mar 2015 14:41:23 +0000 (07:41 -0700)]
MIPS: Switch full-codegen from StackHandlers to handler table.
Port
38a719f965d0a83ddac04392d5b9c5abe214281c
Original commit message:
This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.
Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).
On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).
TEST=cctest/test-run-jsexceptions/DeoptTry
BUG=
Review URL: https://codereview.chromium.org/
1037743002
Cr-Commit-Position: refs/heads/master@{#27443}
alexandre.rames [Wed, 25 Mar 2015 14:22:27 +0000 (07:22 -0700)]
Fix the V8_GNUC_PREREQ macro.
BUG=
Review URL: https://codereview.chromium.org/
1003383004
Cr-Commit-Position: refs/heads/master@{#27442}
dusan.milosavljevic [Wed, 25 Mar 2015 14:21:20 +0000 (07:21 -0700)]
Make ParameterTraits specializations for 32-bit integers valid for all arches.
TEST=
BUG=
Review URL: https://codereview.chromium.org/
1031113002
Cr-Commit-Position: refs/heads/master@{#27441}
mstarzinger [Wed, 25 Mar 2015 13:13:51 +0000 (06:13 -0700)]
Switch full-codegen from StackHandlers to handler table.
This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.
Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).
On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).
R=yangguo@chromium.org
TEST=cctest/test-run-jsexceptions/DeoptTry
Review URL: https://codereview.chromium.org/
1010883002
Cr-Commit-Position: refs/heads/master@{#27440}
verwaest [Wed, 25 Mar 2015 13:05:06 +0000 (06:05 -0700)]
Restore PushStackTraceAndDie for the case where we lookup starting with null
BUG=chromium:434952
LOG=n
Review URL: https://codereview.chromium.org/
1035613003
Cr-Commit-Position: refs/heads/master@{#27439}
dslomov [Wed, 25 Mar 2015 12:51:59 +0000 (05:51 -0700)]
Test for access checks on super assignments.
R=verwaest@chromium.org
BUG=chromium:470113
LOG=N
Review URL: https://codereview.chromium.org/
1034523002
Cr-Commit-Position: refs/heads/master@{#27438}
mstarzinger [Wed, 25 Mar 2015 12:43:38 +0000 (05:43 -0700)]
[turbofan] Remove obsolete JSDebugger operator.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/
1029583009
Cr-Commit-Position: refs/heads/master@{#27437}
dcarney [Wed, 25 Mar 2015 12:34:01 +0000 (05:34 -0700)]
fix nonmasking interceptor ic with interceptor on receiver
TBR=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1036843002
Cr-Commit-Position: refs/heads/master@{#27436}
mvstanton [Wed, 25 Mar 2015 11:15:14 +0000 (04:15 -0700)]
VectorICs: Address test-heap TODOS
Tests for non-clearing of weak cells in LoadICs weren't running when
vector ICs are enabled.
R=ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1032843002
Cr-Commit-Position: refs/heads/master@{#27435}
fedor [Wed, 25 Mar 2015 10:09:58 +0000 (03:09 -0700)]
postmortem: fixup after
33994b4
This commit has changed the enum names:
33994b4a22834efb26620ffa3053a5d15d48a6bd
`FIELD` is now called `DATA`.
BUG=
R=danno
Review URL: https://codereview.chromium.org/
1033733003
Cr-Commit-Position: refs/heads/master@{#27434}
ulan [Wed, 25 Mar 2015 08:52:51 +0000 (01:52 -0700)]
Reland "Filter invalid slots out from the SlotsBuffer after marking."
> There are two reasons that could cause invalid slots appearance in SlotsBuffer:
> 1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
> 2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
> This CL also adds useful machinery that helps triggering incremental write barriers.
> BUG=chromium:454297
> LOG=Y
NOTRY=true
Review URL: https://codereview.chromium.org/
1032833002
Cr-Commit-Position: refs/heads/master@{#27433}
yangguo [Wed, 25 Mar 2015 07:40:05 +0000 (00:40 -0700)]
Revert of [turbofan] Enable --turbo-osr. (patchset #1 id:1 of https://codereview.chromium.org/
1035643002/)
Reason for revert:
Crash in pdfjs benchmark.
Original issue's description:
> [turbofan] Enable --turbo-osr.
>
> R=yangguo@chromium.org
> BUG=
>
> Committed: https://crrev.com/
50305aac39f90b6455305313db56ff3365ec96f5
> Cr-Commit-Position: refs/heads/master@{#27431}
TBR=titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/
1005163003
Cr-Commit-Position: refs/heads/master@{#27432}
Ben L. Titzer [Wed, 25 Mar 2015 07:29:09 +0000 (08:29 +0100)]
[turbofan] Enable --turbo-osr.
R=yangguo@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1035643002
Cr-Commit-Position: refs/heads/master@{#27431}
michael_dawson [Wed, 25 Mar 2015 06:42:17 +0000 (23:42 -0700)]
PPC: VectorICs: keyed element loads were kicking out non-smi keys unnecessarily
Port
6689cc27ebe60685c025de9ae1f09919093f8213
Original commit message:
Handlers should be in charge of this work. The change uncovered a bug in
vector-ics related to keyed loads into strings. It's important for
StringCharCodeAtGenerator, a helper used in full code and in
LoadIndexedStringStub (a handler) to protect the vector and slot registers
when it makes a runtime call to convert a HeapNumber to a Smi.
It's still possible for the handler to MISS after this call, perhaps due
to out of bounds access. In that case, the vector and slot registers need
to be delivered safely to the MISS handler.
R=mbrandy@us.ibm.com, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1029413002
Cr-Commit-Position: refs/heads/master@{#27430}
chunyang.dai [Wed, 25 Mar 2015 06:41:10 +0000 (23:41 -0700)]
X87: [turbofan] Turn Math.clz32 into an inlinable builtin.
port
3aa206b86560da94f895625186295bf07a0301d8 (r27329)
original commit message:
BUG=
Review URL: https://codereview.chromium.org/
1022523005
Cr-Commit-Position: refs/heads/master@{#27429}
michael_dawson [Wed, 25 Mar 2015 06:40:02 +0000 (23:40 -0700)]
PPC: Fix 'PPC: Serializer: serialize internal references via object visitor.'
Port
56d2ee0310972119ec47810ee03a4f7077f7117e
Original commit message:
R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1036453002
Cr-Commit-Position: refs/heads/master@{#27428}
machenbach [Tue, 24 Mar 2015 22:02:28 +0000 (15:02 -0700)]
Revert of Track how many pages trigger fallback strategies in GC (patchset #2 id:20001 of https://codereview.chromium.org/
1029323003/)
Reason for revert:
This seems to cause lots of crashes in layout tests debug:
../../third_party/WebKit/Source/bindings/core/v8/V8PerIsolateData.cpp(67) : void blink::useCounterCallback(v8::Isolate *, v8::Isolate::UseCounte
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/2332
Original issue's description:
> Track how many pages trigger fallback strategies in GC
>
> R=hpayer@chromium.org
> BUG=
>
> Committed: https://crrev.com/
bb880058f6499510cff12d98dc7d524d35d769cb
> Cr-Commit-Position: refs/heads/master@{#27421}
TBR=hpayer@chromium.org,erikcorry@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/
1000523003
Cr-Commit-Position: refs/heads/master@{#27427}
machenbach [Tue, 24 Mar 2015 22:01:20 +0000 (15:01 -0700)]
Revert of Filter invalid slots out from the SlotsBuffer after marking. (patchset #6 id:220001 of https://codereview.chromium.org/
1010363005/)
Reason for revert:
Need to revert in order to revert https://codereview.chromium.org/
1029323003/
Original issue's description:
> Filter invalid slots out from the SlotsBuffer after marking.
>
> There are two reasons that could cause invalid slots appearance in SlotsBuffer:
> 1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
> 2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
>
> This CL also adds useful machinery that helps triggering incremental write barriers.
>
> BUG=chromium:454297
> LOG=Y
>
> Committed: https://crrev.com/
5c47c1c0d3e4a488f190c16a64ee02f5a14e6561
> Cr-Commit-Position: refs/heads/master@{#27423}
TBR=hpayer@chromium.org,erik.corry@gmail.com,ishell@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:454297
Review URL: https://codereview.chromium.org/
1033453005
Cr-Commit-Position: refs/heads/master@{#27426}
titzer [Tue, 24 Mar 2015 19:02:48 +0000 (12:02 -0700)]
Set test expectations prior to enabling --turbo-osr.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1018513003
Cr-Commit-Position: refs/heads/master@{#27425}
dslomov [Tue, 24 Mar 2015 17:16:45 +0000 (10:16 -0700)]
Do not assign positions to parser-generated desugarings.
The root cause for the bug is that the positions assigned to desugared
code was inconsistent with the source ranges of block scopes.
Since the fact that the position is assigned causes the debugger to
break at the parser-generated statement, the fix is to remove positions
from those nodes that we do not want to break on.
The CL also teaches Hydrogen to tolerate these cases.
R=adamk@chromium.org,rossberg@chromium.org
BUG=chromium:468661
LOG=Y
Review URL: https://codereview.chromium.org/
1032653002
Cr-Commit-Position: refs/heads/master@{#27424}
ishell [Tue, 24 Mar 2015 17:07:31 +0000 (10:07 -0700)]
Filter invalid slots out from the SlotsBuffer after marking.
There are two reasons that could cause invalid slots appearance in SlotsBuffer:
1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
This CL also adds useful machinery that helps triggering incremental write barriers.
BUG=chromium:454297
LOG=Y
Review URL: https://codereview.chromium.org/
1010363005
Cr-Commit-Position: refs/heads/master@{#27423}
marja [Tue, 24 Mar 2015 16:46:53 +0000 (09:46 -0700)]
[strong] Check strong mode free variables against the global object.
Gather references to unbound variables where the reference (VariableProxy) is
inside strong mode. Check them against the global object when a script is bound
to a context (during compilation).
This CL only checks unbound variables which are not inside lazy functions - TBD
how do we solve that; alternatives: add developer mode which disables laziness /
do the check whenever lazy functions are really compiled.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/
1005063002
Cr-Commit-Position: refs/heads/master@{#27422}
erikcorry [Tue, 24 Mar 2015 16:17:42 +0000 (09:17 -0700)]
Track how many pages trigger fallback strategies in GC
R=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1029323003
Cr-Commit-Position: refs/heads/master@{#27421}
dcarney [Tue, 24 Mar 2015 16:09:59 +0000 (09:09 -0700)]
fix attribute lookup for all can read indexed interceptors
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1034513002
Cr-Commit-Position: refs/heads/master@{#27420}
aandrey [Tue, 24 Mar 2015 16:02:03 +0000 (09:02 -0700)]
Make debugger step into bound callbacks passed to Array.forEach.
BUG=chromium:450004
R=yangguo@chromium.org, kozyatinskiy@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/
1030673002
Cr-Commit-Position: refs/heads/master@{#27419}
titzer [Tue, 24 Mar 2015 15:38:20 +0000 (08:38 -0700)]
[turbofan] Macro-ify the tracing code in RegisterAllocator.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1014093008
Cr-Commit-Position: refs/heads/master@{#27418}
mvstanton [Tue, 24 Mar 2015 15:37:14 +0000 (08:37 -0700)]
Prevent leaks of cross context maps in the Oracle.
Some code in type-info.cc could allow a cross context map to be visible to
crankshaft. Tighten up this code to be certain that only a JSFunction, an
AllocationSite or a Symbol can be returned.
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1026343004
Cr-Commit-Position: refs/heads/master@{#27417}
Michael Achenbach [Tue, 24 Mar 2015 15:33:56 +0000 (16:33 +0100)]
Move entire CQ config to the V8 repository
R=machenbach@chromium.org
BUG=408675
LOG=n
NOTRY=true
Review URL: https://codereview.chromium.org/
1025553007
Cr-Commit-Position: refs/heads/master@{#27416}
svenpanne [Tue, 24 Mar 2015 15:20:46 +0000 (08:20 -0700)]
Added %_HeapObjectGetMap and %_MapGetInstanceType intrinsics.
These are needed (among other things) for a TurboFan-generated
StringAddStub. Furthermore, they can be used to nuke the overly
complex %_IsInstanceType intrisic, it's completely expressible in
JavaScript now, but that will be done in a separate CL.
Alpha-sorted things a bit on the way to ease navigation.
Review URL: https://codereview.chromium.org/
1010973010
Cr-Commit-Position: refs/heads/master@{#27415}
erikcorry [Tue, 24 Mar 2015 15:02:21 +0000 (08:02 -0700)]
Fix OOM bug 3976.
Also introduce --trace-fragmentation-verbose, and fix --always-compact.
R=ulan@chromium.org
BUG=v8:3976
LOG=y
Review URL: https://codereview.chromium.org/
1024823002
Cr-Commit-Position: refs/heads/master@{#27414}
titzer [Tue, 24 Mar 2015 15:01:13 +0000 (08:01 -0700)]
[turbofan] Address minor TODOs in simplified lowering.
R=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1029843002
Cr-Commit-Position: refs/heads/master@{#27413}
ulan [Tue, 24 Mar 2015 14:35:55 +0000 (07:35 -0700)]
Reload length of retained_maps array after GC.
This fixes flaky GC stress failure:
> Fatal error in ../src/heap/mark-compact.cc, line 2127
> Check failed: retained_maps->Get(i)->IsWeakCell().
BUG=
TEST=test-heap/RegressArrayListGC
Review URL: https://codereview.chromium.org/
1026113004
Cr-Commit-Position: refs/heads/master@{#27412}