Filter invalid slots out from the SlotsBuffer after marking.

Filter invalid slots out from the SlotsBuffer after marking.

There are two reasons that could cause invalid slots appearance in SlotsBuffer:
1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).

This CL also adds useful machinery that helps triggering incremental write barriers.

BUG=chromium:454297
LOG=Y

Committed: https://crrev.com/5c47c1c0d3e4a488f190c16a64ee02f5a14e6561
Cr-Commit-Position: refs/heads/master@{#27423}

[Igor Sheludko, 2015-03-24 11:19:34]

Patchset #4 (id:60001) has been deleted

[Igor Sheludko, 2015-03-24 11:19:40]

Patchset #3 (id:40001) has been deleted

[Igor Sheludko, 2015-03-24 11:19:46]

Patchset #2 (id:20001) has been deleted

[Igor Sheludko, 2015-03-24 11:19:53]

Patchset #1 (id:1) has been deleted

[Igor Sheludko, 2015-03-24 11:52:21]

Patchset #1 (id:80001) has been deleted

[Igor Sheludko, 2015-03-24 12:33:27]

Patchset #1 (id:100001) has been deleted

[Igor Sheludko, 2015-03-24 12:34:12]

ishell@chromium.org changed reviewers:
+ hpayer@chromium.org

[Igor Sheludko, 2015-03-24 12:34:13]

PTAL

[Hannes Payer (out of office), 2015-03-24 14:47:06]

https://codereview.chromium.org/1010363005/diff/140001/src/heap/mark-compact.cc
File src/heap/mark-compact.cc (right):

https://codereview.chromium.org/1010363005/diff/140001/src/heap/mark-compact....
src/heap/mark-compact.cc:4544: DCHECK_EQ(Smi::FromInt(0), g_smi_slot);
SMI 0 will indicate an embedded object slot. Why don't we just shrink the slots
buffer here, similar to the store buffer code?

https://codereview.chromium.org/1010363005/diff/140001/src/heap/mark-compact.h
File src/heap/mark-compact.h (right):

https://codereview.chromium.org/1010363005/diff/140001/src/heap/mark-compact....
src/heap/mark-compact.h:368: // Ensures that there are no invalid slots in the
chain of store buffers.
slot

[Hannes Payer (out of office), 2015-03-24 15:02:52]

Offline discussion: We can delete entries in a follow up cl if it turns out that
it is an issue. Moreover this is a short term solution.
LGTM

[Igor Sheludko, 2015-03-24 15:10:25]

https://codereview.chromium.org/1010363005/diff/140001/src/heap/mark-compact.cc
File src/heap/mark-compact.cc (right):

https://codereview.chromium.org/1010363005/diff/140001/src/heap/mark-compact....
src/heap/mark-compact.cc:4544: DCHECK_EQ(Smi::FromInt(0), g_smi_slot);
On 2015/03/24 14:47:05, Hannes Payer wrote:
> SMI 0 will indicate an embedded object slot. Why don't we just shrink the
slots
> buffer here, similar to the store buffer code?

We delete entries by replacing them with address of g_smi_slot but not with a
smi zero. So it would not look like a typed slot and they would be skipped
during slots updating phase. 
Since we don't expect the number of invalid slots to be high we agreed that it
would probably be more efficient to replace invalid entries than to right shift
the tail of the buffer.

Here we just ensure that this g_smi_slot was not modified and still contains smi
zero.

https://codereview.chromium.org/1010363005/diff/140001/src/heap/mark-compact.h
File src/heap/mark-compact.h (right):

https://codereview.chromium.org/1010363005/diff/140001/src/heap/mark-compact....
src/heap/mark-compact.h:368: // Ensures that there are no invalid slots in the
chain of store buffers.
On 2015/03/24 14:47:05, Hannes Payer wrote:
> slot

Done.

[Erik Corry, 2015-03-24 15:11:44]

erik.corry@gmail.com changed reviewers:
+ erik.corry@gmail.com

[Erik Corry, 2015-03-24 15:11:45]

https://codereview.chromium.org/1010363005/diff/140001/src/heap/mark-compact.h
File src/heap/mark-compact.h (right):

https://codereview.chromium.org/1010363005/diff/140001/src/heap/mark-compact....
src/heap/mark-compact.h:366: static void RemoveInvalidSlots(Heap* heap,
SlotsBuffer* buffer);
It would be good with a 1-line comment to explain when it can be called.

[Igor Sheludko, 2015-03-24 15:17:56]

https://codereview.chromium.org/1010363005/diff/140001/src/heap/mark-compact.h
File src/heap/mark-compact.h (right):

https://codereview.chromium.org/1010363005/diff/140001/src/heap/mark-compact....
src/heap/mark-compact.h:366: static void RemoveInvalidSlots(Heap* heap,
SlotsBuffer* buffer);
On 2015/03/24 15:11:45, Erik Corry wrote:
> It would be good with a 1-line comment to explain when it can be called.

Done.

[Igor Sheludko, 2015-03-24 15:31:28]

The CQ bit was checked by ishell@chromium.org

[Igor Sheludko, 2015-03-24 15:31:29]

The patchset sent to the CQ was uploaded after l-g-t-m from hpayer@chromium.org
Link to the patchset: https://codereview.chromium.org/1010363005/#ps180001
(title: "More comments addressed")

[Erik Corry, 2015-03-24 15:34:02]

lgtm

[commit-bot: I haz the power, 2015-03-24 15:37:02]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1010363005/180001

[commit-bot: I haz the power, 2015-03-24 15:57:31]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2015-03-24 15:57:32]

Try jobs failed on following builders:
  v8_win_rel on tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_win_rel/builds/4346)

[Igor Sheludko, 2015-03-24 16:34:58]

The CQ bit was checked by ishell@chromium.org

[Igor Sheludko, 2015-03-24 16:34:58]

The patchset sent to the CQ was uploaded after l-g-t-m from hpayer@chromium.org,
erik.corry@gmail.com
Link to the patchset: https://codereview.chromium.org/1010363005/#ps200001
(title: "Rebasing")

[commit-bot: I haz the power, 2015-03-24 16:35:10]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1010363005/200001

[commit-bot: I haz the power, 2015-03-24 16:36:31]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2015-03-24 16:36:32]

Try jobs failed on following builders:
  v8_linux_arm64_rel on tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_linux_arm64_rel/builds/4185)

[Igor Sheludko, 2015-03-24 16:45:59]

The CQ bit was checked by ishell@chromium.org

[Igor Sheludko, 2015-03-24 16:46:00]

The patchset sent to the CQ was uploaded after l-g-t-m from hpayer@chromium.org,
erik.corry@gmail.com
Link to the patchset: https://codereview.chromium.org/1010363005/#ps220001
(title: "Rebasing (argh!)")

[commit-bot: I haz the power, 2015-03-24 16:46:12]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1010363005/220001

[commit-bot: I haz the power, 2015-03-24 17:07:37]

Committed patchset #6 (id:220001)

[commit-bot: I haz the power, 2015-03-24 17:07:51]

Patchset 6 (id:??) landed as
https://crrev.com/5c47c1c0d3e4a488f190c16a64ee02f5a14e6561
Cr-Commit-Position: refs/heads/master@{#27423}

[Michael Achenbach, 2015-03-24 22:01:00]

A revert of this CL (patchset #6 id:220001) has been created in
https://codereview.chromium.org/1033453005/ by machenbach@chromium.org.

The reason for reverting is: Need to revert in order to revert
https://codereview.chromium.org/1029323003/.

[Igor Sheludko, 2015-03-27 06:35:43]

A revert of this CL (patchset #6 id:220001) has been created in
https://codereview.chromium.org/1033173002/ by ishell@chromium.org.

The reason for reverting is: Reverting risky GC changes that block v8 roll..