We sometimes get non-reproducible exception mismatches in the fuzzers.
This might come from OOM exceptions.
This CL makes us print some information about them, so we learn more
from the occasional fuzzer reports. In a follow-up we can then handle
OOM exceptions better, if that turns out to cause this.
R=ahaas@chromium.org
Bug: chromium:1412084
Change-Id: Ic0bf3880fe733320c2532c0f69d8f88fe9c9ff5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4217417
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85624}
The function relied on passed pointers always being compressed, which
is no longer the case with subtle::UncompressedMember<>.
Bug: chromium:1412021, chromium:1412221
Change-Id: I531e41d24fcab34e527db99f8047123f254e8a74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4217411
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85623}
- Mac Arm64 doesn't like cross-compiling to 32bit platforms
- Build the language server and torque files for the host platform
(x64, arm64) by default
No-Try: true
Change-Id: I4df68d416c58f58335fecc52b802c4bfe4ce2f24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4218352
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85621}
We have a shared large object space now. This CL supports
externalization of strings in shared LO space.
Bug: v8:12957
Change-Id: Ic540aed4d3e99248ef27bdccb525a0bc8ff7b28b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4217416
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85620}
The contract of passing in a Code object for builtins and
InstructionStream objects for everything else was confusing. In this
CL we change it to:
void VisitRunningCode(FullObjectSlot code_slot,
FullObjectSlot istream_or_smi_zero_slot)
where we *always* pass in both parts of the composite
{Code,InstructionStream} object. The istream_or_smi_zero_slot must
equal raw_instruction_stream() of the given code_slot. We pass in
both, because it is convenient at the single call site in frames.cc.
Drive-by: extract deopt literal iteration to a Code method.
Bug: v8:13654
Change-Id: I09d658fbd8d26bf483e1c778e566a53e1817f80f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212399
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85619}
This accounts for a big difference between the total length of the
atomic pause (v8:gc:cycle:main_thread:full:atomic) and the sum of
the four phases, when GC stats are enabled.
Change-Id: I5d5abd1e6a8d28ae45a04739d2ca937ef54148af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4217418
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85618}
"InitMerge" did compute the state at the merge point, and a following
"MergeStackWith" or "MergeFullStackWith" would then generate the code to
merge the current state into the computed state.
As every "InitMerge" is followed by an actual merge, we can combine the
two and save one iteration over the two states.
The only change in generated code is that we initialize the merge state
after a one-armed if from the if-state instead of the else-state. This
could potentially make the if-branch slightly cheaper and the
else-branch slightly slower, but will not negatively impact overall code
size.
This CL should save roughly 2% of Liftoff compilation time.
R=dlehmann@chromium.org
Bug: v8:13565, v8:13673
Change-Id: Id323a15e7fd765727f46830509fbaf7f5498c229
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4203380
Reviewed-by: Daniel Lehmann <dlehmann@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85616}
No concurrent allocation lock should be needed when allocating in new space.
Bug: v8:12612
Change-Id: I5242817b49564e0b786c16cee017762631de6bc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4215296
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85615}
This is a reland of commit 77d08fcde5
Original change's description:
> [static-roots] Use static map range checks instead of instance types
>
> Some instance types, or type ranges, corresponds to a range of pointers
> in the static read only roots table. Instead of loading the instance
> type of a map it can therefore be beneficial to compare the map itself
> against this range.
>
> This CL adds:
>
> * Add infrastructure to compute and output a mapping of
> `(instance_type_first, instance_type_last) ->
> (map_ptr_first, map_ptr_last)` for interesting ranges.
> * Extend InstanceTypeChecker to use these ranges.
>
> For single instance types that map onto a range of maps it is not
> obvious which check is faster. Checking the map range saves a load,
> whereas checking the instance type saves an additional jump.
>
> Bug: v8:13466
> Change-Id: I670fc10fad9920645c0ce0d976ae7e7a13a86e60
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4188379
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Olivier Flückiger <olivf@chromium.org>
> Auto-Submit: Olivier Flückiger <olivf@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85599}
Bug: v8:13466
Change-Id: I0317a7b88e391e0a7502cc056a2fe691d294fba1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4217131
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85614}
The move constructor left the "other" (source) vector in an
unpredictable state, depending on the size: For "big" small-vectors
(using dynamically allocated storage) we would reset it to an empty
vector. "Small" small-vectors on the other hand were not reset.
Fix this to make it possible to reuse a SmallVector after moving its
content to another SmallVector. This also flushes out a bug more easily,
see https://crrev.com/c/4215292.
R=dlehmann@chromium.org
CC=thibaudm@chromium.org
Change-Id: Ia188c3639e9104dfbeb589bfc49e3228f4cbeda7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4215297
Reviewed-by: Daniel Lehmann <dlehmann@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85612}
CacheState::Steal didn't actually call the move assignment operator,
even though it should (and unlike what the comment says in its body).
The reason is the incompatible const-qualifier, such that the move
assignment operater wasn't selected during overload resolution.
Due to C++'s operator overloading, the compiler silently used the copy
assignment operator instead. That works, but is naturally slower.
This actually gave `Steal` the exact same behavior as `Split` until now,
which masked yet another bug, where we called `Steal` but should have
called `Split`.
This CL fixes both issues.
Bug: v8:13673
Change-Id: I940eb0fed383d78244f497bc6f7b67730038de42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4215292
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85611}
There is no real difference between MacroAssembler and TurboAssembler
anymore. Initially the idea was to differentiate thread-safe
operations, but it got out of hand. With LocalHeaps we could ensure
differently by passing a local_isolate.
In this CL:
TurboAssemblerBase was renamed to MacroAssemblerBase
The file containing it also renamed from turbo-assembler to macro-assembler-base.
TurboAssembler and MacroAssembler were merged into MacroAssembler
in each of the architectures.
turbo-assembler-unittests-arch were included in
macro-assembler-unittests-arch
tasm renamed to masm
Bug: v8:13707
Change-Id: I716bbfc51b33ac890c72e8541e01af0af41b6770
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212396
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85610}
This was never supported to start with and can cause invalid script names.
This CL partially reverts https://crrev.com/c/3513892
Drive-by-fix: Dehandlify more code.
Change-Id: I96cf4c1244d9f00dc47738cd481b440e6bed0541
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4174074
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85609}
Rolling v8/base/trace_event/common: 68e6038..05a225a
Rolling v8/build: e0df145..d112664
Rolling v8/buildtools: 295c6e5..9ad5f9f
Rolling v8/buildtools/third_party/libc++/trunk: 59bae40..bd44075
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5a468cc..2d3ccea
Rolling v8/third_party/depot_tools: 3d072ab..8361a9b
Rolling v8/third_party/fuchsia-sdk/sdk: version:11.20230131.1.1..version:11.20230201.0.1
Rolling v8/third_party/instrumented_libraries: 09ba70c..63d81e4
Rolling v8/tools/luci-go: git_revision:c41d94e382727fc5276cd2771741990543fce337..git_revision:46eca1e3a280c340bf58f967aaded13c87ca3859
Rolling v8/tools/luci-go: git_revision:c41d94e382727fc5276cd2771741990543fce337..git_revision:46eca1e3a280c340bf58f967aaded13c87ca3859
Change-Id: Ic6f881cd4d017cb85797bdfcb70fa06752ddce41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4214886
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85608}
# Conflicts:
#include/v8-cppgc.h
(reverted v8 changes, keeping our fix. again, doesn't resolve msvc build issues.
this does not fix the issue properly. xref: 4c7c7d1a)
#src/codegen/cpu-features.h
(...did something change?)
#src/flags/flag-definitions.h
(xref: 053e54e7)
#src/heap/safepoint.cc
[-] (USE AFTER FREE) quick hack: removing a mutex guard on shared RemoveClient to temporarily mitigate a crash on deinit
well, this is fucking dumb. i think someone at google also figured out this can lead to crashing. their solution: remove the mutex with a call to AssertActive.
considering my issue was related to a dead context with everything else alive, i dont want to find out what that AssertActive is doing. reverting v8 change.
#src/objects/fixed-array-inl.h
who cares
After TruncateInt64ToInt32 elided, ChangeInt32ToInt64 must be
implemented to convert int32 to int64.
This is a temporary fix for crrev.com/c/4100664, and does not
fix all problems.
Change-Id: Iece6f5753c775bd59354e34926fb1eff1506eb6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4206968
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#85607}
This reverts commit 0d4200055b.
Reason for revert: Breaks integration bots, and blocks API changes : https://ci.chromium.org/ui/p/v8/builders/try/v8_linux_chromium_gn_rel/83678/overview
Original change's description:
> Reduce build size when building with Perfetto SDK
>
> Building Chromium with full Perfetto SDK included increases build time
> significantly. We can reduce this overhead by including only those
> parts that are required. See b/266913150 for context.
>
> Change-Id: I0cde5cb7df7b6151ec686e993488d8467c416fac
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212390
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Mikhail Khokhlov <khokhlov@google.com>
> Cr-Commit-Position: refs/heads/main@{#85603}
Change-Id: I88210ada35e0d7e68a0dbccad518cf6177303430
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4216171
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85606}
Building Chromium with full Perfetto SDK included increases build time
significantly. We can reduce this overhead by including only those
parts that are required. See b/266913150 for context.
Change-Id: I0cde5cb7df7b6151ec686e993488d8467c416fac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212390
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mikhail Khokhlov <khokhlov@google.com>
Cr-Commit-Position: refs/heads/main@{#85603}
... in particular, for keyed loads that have names in the feedback.
Also make InstanceType printing more robust against invalid instance
types.
Change-Id: Ib4bef4646c3a18643291d0bb517ef3470b7497cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4213911
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85602}
Add a CheckValueEqualsString node which compares strings by contents,
not just by reference, to avoid deopt loops from comparing
uninternalized to internalized strings in name-feedback keyed loads.
Bug: v8:7700
Change-Id: If64e54e6e4a4c89824e6ab1f3f3cf3b4a25f2a51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212405
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85601}
This reverts commit 77d08fcde5.
Reason for revert: compile failures on Arm64 bots https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Arm64%20-%20builder/24010/overview
Original change's description:
> [static-roots] Use static map range checks instead of instance types
>
> Some instance types, or type ranges, corresponds to a range of pointers
> in the static read only roots table. Instead of loading the instance
> type of a map it can therefore be beneficial to compare the map itself
> against this range.
>
> This CL adds:
>
> * Add infrastructure to compute and output a mapping of
> `(instance_type_first, instance_type_last) ->
> (map_ptr_first, map_ptr_last)` for interesting ranges.
> * Extend InstanceTypeChecker to use these ranges.
>
> For single instance types that map onto a range of maps it is not
> obvious which check is faster. Checking the map range saves a load,
> whereas checking the instance type saves an additional jump.
>
> Bug: v8:13466
> Change-Id: I670fc10fad9920645c0ce0d976ae7e7a13a86e60
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4188379
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Olivier Flückiger <olivf@chromium.org>
> Auto-Submit: Olivier Flückiger <olivf@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85599}
Bug: v8:13466
Change-Id: I88afb05948d934d15f8512bcd37d56429aac23a6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4214812
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85600}
Some instance types, or type ranges, corresponds to a range of pointers
in the static read only roots table. Instead of loading the instance
type of a map it can therefore be beneficial to compare the map itself
against this range.
This CL adds:
* Add infrastructure to compute and output a mapping of
`(instance_type_first, instance_type_last) ->
(map_ptr_first, map_ptr_last)` for interesting ranges.
* Extend InstanceTypeChecker to use these ranges.
For single instance types that map onto a range of maps it is not
obvious which check is faster. Checking the map range saves a load,
whereas checking the instance type saves an additional jump.
Bug: v8:13466
Change-Id: I670fc10fad9920645c0ce0d976ae7e7a13a86e60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4188379
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85599}
This is a follow-up to https://crrev.com/c/4204032 which allowed
wrapper inlining for the nullable externref type.
Bug: v8:7748
Change-Id: I5a82c37b7cf0cfcbcacbe399f8b3119176c3bba4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212394
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85598}
In particular, {CountTrailingZeros} can skip a dynamic check if it knows
that the input is not zero.
R=ahaas@chromium.org
Bug: v8:13565, v8:13673
Change-Id: I46d4fea2952d22f57b0695f5db690d6fefd7c1ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212401
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85597}
The GC doesn't handle interrupts at this level and all callbacks that
would execute user code are invoked before entering the marker.
Bug: v8:12612
Change-Id: I13c7dab1f69c51d1dbe66721b3422d8ebf48c1c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212398
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85595}
Drive-by refactoring: Make it evident that currently we upload additional files only for Android platform.
Bug: v8:13686
Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel
Change-Id: I8081c1185d6a92dfdcef82e697e301f3e7838dc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205916
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@google.com>
Cr-Commit-Position: refs/heads/main@{#85592}
We should not mix Baseline vs Maglev ScratchScope. x14 is considered
an extra-scratch register in arm64 for Baseline, but not for Maglev,
which has a more comprehensive way to allocate extra scratches.
Bug: v8:7700, chromium:1410970
Change-Id: Ia7eb77ff7fffc3c91d572931aa2ea001c90c1ffc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212388
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85590}
In JavaSCript implementations that supports ECMA-402,
`Array.prototype.toLocaleString()` must invoke the `toLocaleString` method of
each non-undefined, non-null elements witch exactly two (2) arguments.
See: https://tc39.es/ecma402/#sup-array.prototype.toLocaleString step 6.c.i.
V8 appears to provide no arguments when locale is undefined and to not provide options when options is undefined.
Bug: v8:13564
Change-Id: I655917210554d20d2eaebe2ac333421dd5d157ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4184564
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Auto-Submit: Juan José <soyjuanarbol@gmail.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85588}
.. similar to the way the build works in BUILD.gn:
- When TF is enabled, TF is compiled into both v8_library("v8") and
v8_binary("mksnapshot").
- When disabled, TF is compiled into mksnapshot, but not
v8_library("v8").
This required splitting torque-generated files into (object)
definitions and initializers; definitions are always included,
initializers only in mksnapshot.
Bug: v8:13629
Change-Id: I987f02ad809cce3b922e3b0568d9695b16776e26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4196117
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85587}
This means TurboFan might not see what Maglev did, and it might make
different decisions, but if we deopt we'll learn in Ignition anyway and
won't make the same mistake later. At the same time this avoids a lot of
unnecessary operations that impact tight loops.
Bug: v8:7700
Change-Id: I6fada2ed0218b0b97fc8c9d9ba10fb2218cd71d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4200631
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85585}
Script::IsSubjectToDebugging() returns true for "Normal" and
"WebAssembly" scripts. This is exactly when we want to notify the
debug delegate. We can remove the round-about way this is currently
checked.
R=pfaffe@chromium.org
Bug: None
Change-Id: I1d3b2560043cebffb8eb3db68f58bf0a137abe06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208947
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85584}
- Remove camel-case Code accessors like InstructionStream since
they only make sense on Code (where we have to distinguish between
embedded builtins and other Code).
- Remove the prefix from 'raw_'-prefixed accessors since it was
intended to clearly disambiguate from the camel-case accessors and
is now no longer needed.
- Remove various dead functions.
- Update comments.
Bug: v8:13654
Change-Id: Ife51e4aef502fc30ab1526c205a49e5620be96f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205925
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85580}
.. which no longer makes sense in today's code base. This was originally
introduced to distinguish Code objects containing the actual instruction
stream (= all non-builtin Code objects) from Code objects only
containing a trampoline with a `jmp` to the .text section (= where
instruction streams for embedded builtins are located).
Today, trampoline code no longer exists; rename the predicate to
`has_instruction_stream`, where
has_instruction_stream == !is_off_heap_trampoline
Bug: v8:13654
Fixed: v8:13698
Change-Id: I78be1cee2e045c1944486b8a54a03eb9d1ce0c27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205921
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85579}
The cleanup is in practice only needed when heap verification is active.
In all other cases it can be delayed until the next full GC.
Bug: v8:12612
Change-Id: Ic31e1011d6377c2df255554eae56bd9eed40744a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208928
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85578}
Port commit 76a817e03a
Also, rename the enum variable in FFlagsMask from kOverflow to kFPUOverflow to avoid redefinition due to the commit 949bd4467d.
Change-Id: I83e42d4cb0cf48d678719572adb008ef101b23e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4204830
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji.odyssey@gmail.com>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#85577}
The load of the {second_string} field should only be
4 Byte size. In case of the object being at a page
boundary, the wrong load can trigger a segmentation
fault.
In all other cases, a wrongly loaded value will just
result in a deferred runtime call.
Bug: chromium:1411533
Change-Id: Icd22f6baa4a9625ebfced69f3b7a601adf795a5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208936
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85576}
