Reland "[heap] Track length for array buffers to avoid free-ing dependency"

Reland "[heap] Track length for array buffers to avoid free-ing dependency"

The dependency would only happen if we have a smi overflow for the length and
have create a heap number. In this case the heap number would've to survive
until the array buffer is collected.

To avoid this dependency we track the length (as we previously used to).

BUG=chromium:625752
LOG=N
TEST=test/mjsunit/regress/regress-625752.js
R=hpayer@chromium.org

This reverts commit 1791d7bb9ad26d8096bc5e2ed2216ea8b8dcc3cd.

Committed: https://crrev.com/da3745d8d9a40e6abd6449e9bdeb38df19b2c6fe
Cr-Commit-Position: refs/heads/master@{#37537}

[Michael Lippautz, 2016-07-05 15:42:44]

Description was changed from

==========
Reland "[heap] Track length for array buffers to avoid free-ing dependency"

This reverts commit 1791d7bb9ad26d8096bc5e2ed2216ea8b8dcc3cd.

BUG=
==========

to

==========
Reland "[heap] Track length for array buffers to avoid free-ing dependency"

The dependency would only happen if we have a smi overflow for the length and
have create a heap number. In this case the heap number would've to survive
until the array buffer is collected.

To avoid this dependency we track the length (as we previously used to).

BUG=chromium:625752
LOG=N
TEST=test/mjsunit/regress/regress-625752.js
R=hpayer@chromium.org

This reverts commit 1791d7bb9ad26d8096bc5e2ed2216ea8b8dcc3cd.
==========

[Michael Lippautz, 2016-07-05 15:42:53]

mlippautz@chromium.org changed reviewers:
+ hpayer@chromium.org

[Michael Lippautz, 2016-07-05 15:43:08]

The CQ bit was checked by mlippautz@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-05 15:43:19]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Hannes Payer (out of office), 2016-07-05 15:52:19]

lgtm

[commit-bot: I haz the power, 2016-07-05 16:05:59]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-07-05 16:06:00]

Dry run: This issue passed the CQ dry run.

[Michael Lippautz, 2016-07-05 16:29:10]

The CQ bit was checked by mlippautz@chromium.org

[commit-bot: I haz the power, 2016-07-05 16:29:19]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-05 16:31:44]

Description was changed from

==========
Reland "[heap] Track length for array buffers to avoid free-ing dependency"

The dependency would only happen if we have a smi overflow for the length and
have create a heap number. In this case the heap number would've to survive
until the array buffer is collected.

To avoid this dependency we track the length (as we previously used to).

BUG=chromium:625752
LOG=N
TEST=test/mjsunit/regress/regress-625752.js
R=hpayer@chromium.org

This reverts commit 1791d7bb9ad26d8096bc5e2ed2216ea8b8dcc3cd.
==========

to

==========
Reland "[heap] Track length for array buffers to avoid free-ing dependency"

The dependency would only happen if we have a smi overflow for the length and
have create a heap number. In this case the heap number would've to survive
until the array buffer is collected.

To avoid this dependency we track the length (as we previously used to).

BUG=chromium:625752
LOG=N
TEST=test/mjsunit/regress/regress-625752.js
R=hpayer@chromium.org

This reverts commit 1791d7bb9ad26d8096bc5e2ed2216ea8b8dcc3cd.
==========

[commit-bot: I haz the power, 2016-07-05 16:31:45]

Committed patchset #2 (id:20001)

[commit-bot: I haz the power, 2016-07-05 16:32:24]

Description was changed from

==========
Reland "[heap] Track length for array buffers to avoid free-ing dependency"

The dependency would only happen if we have a smi overflow for the length and
have create a heap number. In this case the heap number would've to survive
until the array buffer is collected.

To avoid this dependency we track the length (as we previously used to).

BUG=chromium:625752
LOG=N
TEST=test/mjsunit/regress/regress-625752.js
R=hpayer@chromium.org

This reverts commit 1791d7bb9ad26d8096bc5e2ed2216ea8b8dcc3cd.
==========

to

==========
Reland "[heap] Track length for array buffers to avoid free-ing dependency"

The dependency would only happen if we have a smi overflow for the length and
have create a heap number. In this case the heap number would've to survive
until the array buffer is collected.

To avoid this dependency we track the length (as we previously used to).

BUG=chromium:625752
LOG=N
TEST=test/mjsunit/regress/regress-625752.js
R=hpayer@chromium.org

This reverts commit 1791d7bb9ad26d8096bc5e2ed2216ea8b8dcc3cd.

Committed: https://crrev.com/da3745d8d9a40e6abd6449e9bdeb38df19b2c6fe
Cr-Commit-Position: refs/heads/master@{#37537}
==========

[commit-bot: I haz the power, 2016-07-05 16:32:25]

Patchset 2 (id:??) landed as
https://crrev.com/da3745d8d9a40e6abd6449e9bdeb38df19b2c6fe
Cr-Commit-Position: refs/heads/master@{#37537}

[Michael Achenbach, 2016-07-06 12:06:28]

Not sure if relevant. We're seeing this flaky OOM now:
https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/11455/steps...

[Michael Lippautz, 2016-07-06 12:13:49]

On 2016/07/06 12:06:28, Michael Achenbach wrote:
> Not sure if relevant. We're seeing this flaky OOM now:
>
https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/11455/steps...

Thanks, we'll remove the test in https://codereview.chromium.org/2127803002

It was useful to reproduce locally but it creates too much heap pressure (OOM,
slowness) to be useful on the bots.