When deserializing the startup snapshot, call IterateStrongRoots with
VISIT_FOR_SERIALIZATION rather than VISIT_ONLY_STRONG. To compensate,
make the StartupDeserializer explicitly iterate over the partial
snapshot cache.
This makes the deserializer and serializer consistent in their use of
the function and makes their differences explicit in the snapshot code
itself.
Bug: chromium:902230
Change-Id: I3a2ac858f4f6b3097b98a10ed2dd5ac5b9bf83e8
Reviewed-on: https://chromium-review.googlesource.com/c/1319585
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57275}
- Fix ParseBCP47 to return just the extension. The second argument to
substr function is actually the length, not the end position of the
substring :')
- Remove extension keys that aren't part of the relevant extension keys
- Use 'ca' as an relevant extension key for DateTimeFormat
- Use the canonicalized locale tag after create the ICU locale is
created, rather than the input locale tag.
Bug: chromium:895942, v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I189709714d847e684b04409b734a60ff04ed7dd2
Reviewed-on: https://chromium-review.googlesource.com/c/1291076
Reviewed-by: Frank Tang <ftang@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57274}
This is to ensure the snapshot is deterministic.
Internal fields can contain:
- reference to heap object
- embedder-defined aligned pointer
- a smi
The latter two are not distinguishable by V8, so if the serializer
callback returns non-zero value, we consider it to be an aligned pointer
and clear it to ensure that the snapshot does not contain memory
addresses that may not be deterministic. If the callback returns
{ nullptr, 0 } as result, we consider it to be a smi or some in-place
data that we then serialize verbatim.
R=jgruber@chromium.org
Bug: chromium:870584
Change-Id: I3cf9abf135ffd28d8138fa32636b12596b076e13
Reviewed-on: https://chromium-review.googlesource.com/c/1304441
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57272}
This is a reland of c88994f84c
Turned out to not be the issue.
Original change's description:
> Fix Array.prototype.sort speed regression
>
> CanUseSameAccessor<ElementsAccessor: type> is array-sort.tq is super
> performance-critical. Reverting the type-safe cleanup made in this
> function while landing Array.prototype.slice.
>
> Bug=chromium:852764
>
> Change-Id: I1252d2ff8e431581f916794807e59abb39248abb
> Reviewed-on: https://chromium-review.googlesource.com/c/1317815
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Daniel Clifford <danno@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57248}
TBR=danno@chromium.org
Change-Id: I627a131a8525ae4e131c6467561cab9832f3792f
Reviewed-on: https://chromium-review.googlesource.com/c/1319581
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57270}
Instead of passing and storing uint8_t* and size_t, we now more often
store a Vector or OwnedVector, which encapsulates these two fields.
This provides some more DCHECKs which happen automatically when getting
a subvector into the buffer.
Drive-by: More refactorings and removals of unneeded or rarely used helper
methods.
R=ahaas@chromium.org
Bug: v8:8238
Change-Id: I1b24f90f1517fc50360854f46c2d001075544858
Reviewed-on: https://chromium-review.googlesource.com/c/1317817
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57263}
Currently to obtain a v8::Array out of a C array or a std::vector,
one needs to loop through the elements and call array->Set() multiple
times, and these calls go into v8::Object::Set() which can be slow.
This patch adds a new Array::New overload that converts a
Local<Value>* with known size into a Local<Array>.
Change-Id: I0a768f0e18eec51e78d58be455482ec6425ca188
Reviewed-on: https://chromium-review.googlesource.com/c/1317049
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#57261}
Unlike other v8::Context getter on v8::Isolate, the v8::Context returned
by GetEnteredOrMicrotaskContext may be non-NativeContext. However,
Blink implicitly assumes all v8::Context is backed by NativeContexts.
This CL updates GetEnteredOrMicrotaskContext() to check the resulting
Context is NativeContext, and updates callers of EnterMicrotaskContext
to use NativeContext.
Change-Id: Ifae528f4ce8feb067f4ad1a43330dc55f4a8ed79
Reviewed-on: https://chromium-review.googlesource.com/c/1301653
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57259}
This should allow for better parallelization when running these tests.
Change-Id: Ib3cae7d6e8f0d2608470ca616eeac7eecae3b7ab
Reviewed-on: https://chromium-review.googlesource.com/c/1318094
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57256}
This will give us some clusterfuzz coverage.
Bug: v8:7871
Change-Id: I670572454e196b7617a446769216722302f697a9
Reviewed-on: https://chromium-review.googlesource.com/c/1306973
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57250}
CanUseSameAccessor<ElementsAccessor: type> is array-sort.tq is super
performance-critical. Reverting the type-safe cleanup made in this
function while landing Array.prototype.slice.
Bug=chromium:852764
Change-Id: I1252d2ff8e431581f916794807e59abb39248abb
Reviewed-on: https://chromium-review.googlesource.com/c/1317815
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57248}
The maps in question are already processed in
NativeContextData::Serialize.
R=jarin@chromium.org
Bug: v8:7790
Change-Id: Ifbbff64e10458605b09c74fe09e574b2f2659839
Reviewed-on: https://chromium-review.googlesource.com/c/1317809
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57247}
In particular FunctionLiteral body. Now clients cannot use
function_literal->body() == nullptr anymore to figure out whether it was
preparsed; but have to check the eager compile hint.
Change-Id: Ia0d3a6b51c6fb7e803157e98a9d224224e03c8a7
Reviewed-on: https://chromium-review.googlesource.com/c/1317811
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57246}
Use early returns instead. The general scheme is to return early in the
abnormal case (e.g. error) and fall through to the end of the method in
the normal case.
R=ahaas@chromium.org
Bug: v8:8238
Change-Id: I281d35f5aad1f51b6d476fdc685565d9819397bb
Reviewed-on: https://chromium-review.googlesource.com/c/1317812
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57245}
A Property access is only a valid reference expression if the accessed object
is a valid expression.
Bug: v8:8409
Change-Id: I9bc9ac60ca3bf4e261d10af97aba18e9db2085ea
Reviewed-on: https://chromium-review.googlesource.com/c/1317816
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57244}
- Add the WeakRef class and its deref() function.
- Add WeakFactory.prototype.makeRef
- Implement the "keep during job" behavior for WeakRef constructor and deref().
- Here we keep the targets alive longer than until the end of the job
(microtask), contradicting the spec. However, this is probably the indended
behavior, see https://github.com/tc39/proposal-weakrefs/issues/39 .
BUG=v8:8179
Change-Id: I41990d41ac1799e34f675d8431b9a7aa7ed3d48d
Reviewed-on: https://chromium-review.googlesource.com/c/1306435
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57242}
This is resurrecting an optimization from the pre-torque version.
Avoid allocating another sequential string for the result when there's only one
element, just return the ToString-ed element. This not only saves time writing
to this destination string, but also reduce GC pressure.
The System Health Memory Benchmark (load:media:google_images) exposed this missing
optimization with a 15% regression in memory usage. Very large external strings
were being copied into V8's heap as sequential string.
Bug: chromium:896612
Change-Id: Ieb61906f64100cdc15bf96f3ebcccb1207f75356
Reviewed-on: https://chromium-review.googlesource.com/c/1316620
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#57241}
This is a reland of 7bd9eb7e1e. No changes
to that patch other than adding a test case. The bug that lead to the
revert has been fixed in 9bf8f72c5b.
Original change's description:
> Add fast paths to Array.from.
>
> This reuses the fast path from IterableToList for Array.from. The fast
> paths are taken when .from is called with the receiver Array and the only
> argument is the iterable (no mapping function or thisArg).
>
> Bug: v8:7980
> Change-Id: I975b0c5e3f838262d7b71ad4dec5111fb031d746
> Reviewed-on: https://chromium-review.googlesource.com/c/1297322
> Commit-Queue: Hai Dang <dhai@google.com>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56993}
Bug: v8:7980
Change-Id: Id081837946c0989ec2b31ce991f48d09e0219b09
Reviewed-on: https://chromium-review.googlesource.com/c/1317586
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57240}
The relocation mode in question was by now only used in tests to model a
wrapper call from wrapper code (on the GC'ed heap) to a non-movable wasm
code object. Instead of using a special relocation mode, we switch to
using the existing {EXTERNAL_REFERENCE} mode similar to other static C++
functions called from generated code.
R=sigurds@chromium.org
BUG=v8:8238
Change-Id: I30af98b92aed207c52ccccaf018a455ecac39c2b
Reviewed-on: https://chromium-review.googlesource.com/c/1309821
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57239}
This introduces a new syntax for identifiers and calls: modulename::foo.
Such a name is resolved by trying to find a module modulename in one of
the parent scopes and looking for foo there. So this roughly corresponds
to C++ qualified namespace lookup.
Bug: v8:7793
Change-Id: Iedc43e6ebe125cd74575cbbcbf990bbcc0155a1f
Reviewed-on: https://chromium-review.googlesource.com/c/1309818
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57238}
There's only one allocator kind left post-builtin-snapshot-removal,
so the 'Default' prefix can be removed.
Bug: v8:6666, v8:7990
Change-Id: Ib3c3eeb121792708591ca7be1e30adef77d3c111
Reviewed-on: https://chromium-review.googlesource.com/c/1309638
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57236}
No longer use inheritance to associate Torque-generated assemblers
with corresponding CSA subclasses. Instead, all references to CSA
and CSA-derived assemblers are now explicitly qualified, by generating
a short-lived assembler instance in-place. As a consequence, Torque
files have to mention the assembler external macros live in.
The CodeStubAssembler is the default for this and can be omitted.
As a drive-by cleanup, also distinguish between names that are emitted
in C++ and names that are intended to be read in error messages. This
is relevant for generic instantiations, where the generated names are
rather unreadably mangled.
As a follow-up, it will be easy to allow for qualified access to
different modules, thus implementing full namespace semantics for
modules.
Bug: v8:7793
Change-Id: Ie6f1b6b549b510fb49be2442393d898d5f130950
Reviewed-on: https://chromium-review.googlesource.com/c/1309636
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57235}
Ignore invalid input for all arguments of OptimizeFunctionOnNextCall
potentially produced by fuzzers.
Bug: chromium:901645
Change-Id: Ic185812c228a92f8dbb48212c45685bd14892947
Reviewed-on: https://chromium-review.googlesource.com/c/1317567
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57234}
The fast paths for sets and maps did not support allocation in
large object space, yet they were taken in these cases. This CL
adds support, simply by passing the kAllowLargeObjectAllocation
argument to AllocateJSArray.
It also changes the fast path for strings to use this argument
rather than take the slow path.
Bug: v8:7980, v8:8410
Change-Id: I18e88cb4ceb7ebeca250edd8b8b0eb401fdbd6e4
Reviewed-on: https://chromium-review.googlesource.com/c/1317507
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57232}
- Name lookup in module scopes has namespace semantics now: All
overloads from all parent modules are combined before overload
resolution.
- Allow overloads of different callables: runtime-functions,
macros, builtins, and generics.
- The duplication between the DeclarationVisitor and the
ImplementationVisitor is removed: The DeclarationVisitor creates
declarables for everything except for implicit generic specializations.
The ImplementationVisitor iterates over declarables.
The DeclarationVisitor only looks at the header of declarations, not
at the body.
- Modules become Declarable's, which will enable them to be nested.
- Modules replace the existing Scope chain mechanism, which will make it
easier to inline macros.
- The DeclarationVisitor and Declarations become stateless. All state is
moved to contextual variables and the GlobalContext.
- Implicit specializations are created directly from the
ImplementationVisitor. This will enable template parameter inference.
- As a consequence, the list of all builtins is only available after the
ImplementationVisitor has run. Thus GenerateBuiltinDefinitions has to
move to the ImplementationVisitor. Also, this makes it necessary to
resolve the link from function pointer types to example builtins only
at this point.
Bug: v8:7793
Change-Id: I61cef2fd3e954ab148c252974344a6e38ee2d01d
Reviewed-on: https://chromium-review.googlesource.com/c/1304294
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57231}
I will enable /Zc:DllexportInlines- flags for faster build time on windows.
But the flag makes clang's -Wundefined-inline check more strict as a secondary effect.
Actually, having inline function specifier for the function not defined in header file seems bit strange.
Let me remove inline specifier from such functions.
Bug: chromium:857548, chromium:901709
Change-Id: Ic06d10e2445cfedc7af67b72154f93a51ac26853
Reviewed-on: https://chromium-review.googlesource.com/c/1186017
Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57229}
CopyWords, as the name implies, copies raw words anyway, so there
is no need for type specialization.
MoveWords was dead code.
Bug: v8:8238
Change-Id: Ib497cfbabdcf8bac672ac74ef69f679b50ddfd6e
Reviewed-on: https://chromium-review.googlesource.com/c/1316609
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57226}
