Original commit message
[heap] Fix memory leak in the remembered set.
Empty slot set buckets can leak in the following scenarios.
Scenario 1 (large object space):
1) A large array is allocated in the large object space.
2) The array is filled with old->new references, which
allocates new slot set buckets.
3) The references are overwritten with smis or old space
pointers, which make the slots set buckets empty.
4) Garbage collection (scavenge or mark-compact) iterates the
slots set of the array and pre-frees the empty buckets.
5) Steps 2-4 repeated many times and leak arbitary many empty buckets.
The fix to free empty buckets for large object space in mark-compact.
Scenario 2 (no mark-compact):
1) A small array is allocated in the old space.
2) The array is filled with old->new references, which allocates new
slot set buckets.
3) The references are overwritten with smis or old space pointers,
which make the slots set buckets empty.
4) Scavenge iterates the slots set of the array and pre-frees the
empty buckets.
5) Steps 2-4 repeated many times and leak arbitary many empty buckets.
The fix to free empty buckets for swept pages in scavenger.
Bug: v8:6800
TBR: mlippautz@chromium.org
Change-Id: I48d94870f5acf4f6208858271886911c895a9126
Reviewed-on: https://chromium-review.googlesource.com/668442
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48041}
PR-URL: https://github.com/nodejs/node/pull/15664
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Benedikt Meurer <benedikt.meurer@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit messages:
a2ab1353f6
[snapshot] Rehash strings after deserialization.
See https://goo.gl/6aN8xA
Bug: v8:6593
Change-Id: Ic8b0b57195d01d41591397d5d45de3f0f3ebc3d9
Reviewed-on: https://chromium-review.googlesource.com/574527
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46732}
182caaf4a9
Do not track transitions for built-in objects.
Objects created during bootstrapping do not need
a transition tree except for elements kind transitions.
Bug: v8:6596
Change-Id: I237b8b2792f201336e1c9731c815095dd06bc182
Reviewed-on: https://chromium-review.googlesource.com/571750
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46693}
Fixes: https://github.com/nodejs/node/issues/14171
Refs: https://github.com/nodejs/node/pull/14345
PR-URL: https://github.com/nodejs/node/pull/14004
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Original commit messages:
a2ab1353f6
[snapshot] Rehash strings after deserialization.
See https://goo.gl/6aN8xA
Bug: v8:6593
Change-Id: Ic8b0b57195d01d41591397d5d45de3f0f3ebc3d9
Reviewed-on: https://chromium-review.googlesource.com/574527
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46732}
182caaf4a9
Do not track transitions for built-in objects.
Objects created during bootstrapping do not need
a transition tree except for elements kind transitions.
Bug: v8:6596
Change-Id: I237b8b2792f201336e1c9731c815095dd06bc182
Reviewed-on: https://chromium-review.googlesource.com/571750
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46693}
Fixes: https://github.com/nodejs/node/issues/14171
PR-URL: https://github.com/nodejs/node/pull/14345
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
This fixes a build failure on Windows.
Original commit message:
Rename TypeFeedbackVector to FeedbackVector.
... and TypeFeedbackMetadata to FeedbackMetadata.
BUG=
Change-Id: I2556d1c2a8f37b8cf3d532cc98d973b6dc7e9e6c
Reviewed-on: https://chromium-review.googlesource.com/439244
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#42999}
Refs: https://github.com/nodejs/v8/issues/4
PR-URL: https://github.com/nodejs/node/pull/11752
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Note: When this was cherry-picked for v8 v4.4 (landed in nodejs#2636),
test-heap.cc:1989 chunk did not exist. It now exists in
v8 v4.5.103.30. This PR completes the cherry pick of the whole commit
from v8.
PR-URL: https://github.com/nodejs/node/pull/2692
Reviewed-By: ofrobots - Ali Ijaz Sheikh <ofrobots@google.com>
Original commit message:
Use static_cast<> for NULL (clang 3.7)
The following errors come up when compiling v8
with clang 3.7 on FreeBSD/amd64:
src/runtime/runtime-i18n.cc:629:37: error: reinterpret_cast from
'nullptr_t' to 'v8::internal::Smi *' is not allowed
local_object->SetInternalField(1, reinterpret_cast<Smi*>(NULL));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
test/cctest/test-heap.cc:131:20: error: reinterpret_cast from
'nullptr_t' to 'v8::internal::Object *' is not allowed
Handle<Object> n(reinterpret_cast<Object*>(NULL), isolate);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test/cctest/test-heap.cc:1989:18: error: reinterpret_cast from
'nullptr_t' to 'Address' (aka 'unsigned char *') is not
allowed
Address base = reinterpret_cast<Address>(NULL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+add myself to the AUTHORS file.
BUG=
Review URL: https://codereview.chromium.org/1277353002
Cr-Commit-Position: refs/heads/master@{#30103}
Note: chunk in test-heap.cc:1989 discarded as related code missing
from current version in node.
Original commit message:
Use static_cast<> for NULL (clang 3.7)
The following errors come up when compiling v8
with clang 3.7 on FreeBSD/amd64:
src/runtime/runtime-i18n.cc:629:37: error: reinterpret_cast from
'nullptr_t' to 'v8::internal::Smi *' is not allowed
local_object->SetInternalField(1, reinterpret_cast<Smi*>(NULL));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
test/cctest/test-heap.cc:131:20: error: reinterpret_cast from
'nullptr_t' to 'v8::internal::Object *' is not allowed
Handle<Object> n(reinterpret_cast<Object*>(NULL), isolate);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test/cctest/test-heap.cc:1989:18: error: reinterpret_cast from
'nullptr_t' to 'Address' (aka 'unsigned char *') is not
allowed
Address base = reinterpret_cast<Address>(NULL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+add myself to the AUTHORS file.
BUG=
Review URL: https://codereview.chromium.org/1277353002
Cr-Commit-Position: refs/heads/master@{#30103}
PR-URL: https://github.com/nodejs/node/pull/2636
Reviewed-By: thefourtheye - Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Upgrade the bundled V8 and update code in src/ and lib/ to the new API.
Notable backwards incompatible changes are the removal of the smalloc
module and dropped support for CESU-8 decoding. CESU-8 support can be
brought back if necessary by doing UTF-8 decoding ourselves.
This commit includes https://codereview.chromium.org/1192973004 to fix
a build error on python 2.6 systems. The original commit log follows:
Use optparse in js2c.py for python compatibility
Without this change, V8 won't build on RHEL/CentOS 6 because the
distro python is too old to know about the argparse module.
PR-URL: https://github.com/nodejs/io.js/pull/2022
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
* @indutny's SealHandleScope patch (484bebc38319fc7c622478037922ad73b2edcbf9)
has been cherry picked onto the top of V8 to make it compile.
* There's some test breakage in contextify.
* This was merged at the request of the TC.
PR-URL: https://github.com/iojs/io.js/pull/1632
This commit applies some secondary changes in order to make `make test`
pass cleanly:
* disable broken postmortem debugging in common.gypi
* drop obsolete strict mode test in parallel/test-repl
* drop obsolete test parallel/test-v8-features
PR-URL: https://github.com/iojs/io.js/pull/1232
Reviewed-By: Fedor Indutny <fedor@indutny.com>
V8 3.26.31 has received 14 patches since the upgrade to 3.26.33. Since
3.26.33 is technically a tag on the 3.27 branch, reverting back to
3.26.31 would remove now default functionality like WeakMaps. Because of
that the patches have simply been cherry-picked and squashed.
Here is a summary of all patches:
* Fix index register assignment in LoadFieldByIndex for arm, arm64, and
mips.
* Fix invalid attributes when generalizing because of incompatible map
change.
* Skip write barriers when updating the weak hash table.
* MIPS: Avoid HeapObject check in HStoreNamedField.
* Do GC if CodeRange fails to allocate a block.
* Array.concat: properly go to dictionary mode when required.
* Keep CodeRange::current_allocation_block_index_ in range.
* Grow heap slower if GC freed many global handles.
* Do not eliminate bounds checks for "<const> - x".
* Add missing map check to optimized f.apply(...).
* In GrowMode, force the value to the right representation to avoid
deopts between storing the length and storing the value.
* Reduce max executable size limit.
* Fix invalid condition in check elimination effects.
* Fix off-by-one error in Array.concat slow mode check.
For more information see: https://github.com/v8/v8/commits/3.26
Reviewed-By: Fedor Indutny <fedor@indutny.com>
This commit removes the simple/test-event-emitter-memory-leak test for
being unreliable with the new garbage collector: the memory pressure
exerted by the test case is too low for the garbage collector to kick
in. It can be made to work again by limiting the heap size with the
--max_old_space_size=x flag but that won't be very reliable across
platforms and architectures.
After the upgrade from 3.20.17.7 to 3.20.17.11, we've begun hitting
random assertions in V8 in memory-constrained / GC-heavy situations.
The assertions all seem to be related to heap allocations and garbage
collection but apart from that, they're all over the place.
This reverts commit 970bdccc38.
Ali Ijaz Sheikh
Michaël Zasso
Yang Guo
Myles Borins
Michaël Zasso
saper
Ben Noordhuis
Chris Dickinson
Fedor Indutny
Refael Ackermann
Trevor Norris
Fedor Indutny
Timothy J Fontaine