We have a PeekArgs version that operates on a signature, and another
version that operates on a vector of value types. We can easily get the
latter from the former and remove one of the two identical
implementations.
R=jkummerow@chromium.org
Bug: v8:13636
Change-Id: Ib60d323c810305e4604eff1d1c95079b7b176676
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4188394
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85453}
The patch fixes two bugs in hinting:
- trimmed whitespace in hints was not taken into account.
- range check for out-of-bound hints did not include the offset.
Bug: chromium:1409286
Change-Id: I5838cd6b697ed13a19c30f158963c0d9fac2f045
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4187224
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85448}
Stack information is thread-specific and, until now, it was stored in a
field in ThreadLocalTop. This CL moves stack information to the isolate
and makes sure to update the stack start whenever a main thread enters
the isolate. At the same time, the Stack object is refactored and
simplified.
As a side effect, after removing the Stack object, ThreadLocalTop
satisfies the std::standard_layout trait; this fixes some issues
observed with different C++ compilers.
Bug: v8:13630
Bug: v8:13257
Change-Id: I026a35af3bc6999a09b21f277756d4454c086343
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152476
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85445}
- Introduce a new SetFunctionName runtime
- Call SetFunctionName in DefineKeyedOwnIC to handle function name for initializers of computed class fields
- Ensure that we don't set function name twice in the case '({ ['c']: class { static x = this.name; static name = 'd' } })', which would incorrectly reconfigure the defined own property `name`
Bug: v8:13451
Change-Id: I10dcb858a65c6e59cba6bae94b8e63a78e44778b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4035497
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85444}
When setting up the read only heap in mksnapshot with static roots
enabled we should ensure as early as possible that the roots are
unchanged. This prevents us from running any further code with an
incorrect roots table leading to hard to debug crashes.
Bug: v8:13466
Change-Id: I4ed9efadc79a2bf6f04c2365dabe9bf0116852d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4188380
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85443}
This change reduces the size of translation arrays by adding two more
translation opcodes to reduce the number of operands that must be
written. In particular:
- The last two operands for INTERPRETED_FRAME are usually zero, so we
can add a separate opcode with two fewer operands where those values
are implicitly zero.
- The update_feedback operand for BEGIN is always either zero or one, so
we can split BEGIN into _WITH_FEEDBACK and _WITHOUT_FEEDBACK variants.
This change saves about 13% of the total generated TranslationArray
bytes in an Octane run, a reduction from around 1.4 MB to 1.2 MB. I
don't see any difference in the time taken by V8.TFCodeGeneration with
this change.
Bug: v8:11354
Change-Id: Ic049d0b636693cd3278514e5e5e975b80a78d8e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178895
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85439}
This improves performance of `String.prototype.replace` by avoiding
a runtime call in the case of strings.
Change-Id: Id2339defa660b28ffde3d2e116c0a666ad1bfb1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4173577
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85437}
Since the heap snapshot generator is based on generic objects-visiting
infrastructure, it already reported all objects, but it showed WasmGC
objects as generic "system" objects. This patch adds proper categorization,
including support for named types and fields.
Bug: v8:7748
Change-Id: I1b0997059c9cf0290fe5d6c5402412ba09ecf143
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181031
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85435}
The fast path implementation for toLocaleLowercase (added in
333db24b55, https://crrev.com/c/3952317)
skipped the locale validation if the string to be converted is the empty
string.
This CL addresses it by delaying the early return for empty string to be
performed after the locale validation.
Bug: chromium:1409058
Change-Id: I2f2839dc836d8de662d308c86099707bf9ddfd9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4184199
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85434}
When our various debugging and error reporting facilities want to
perform a side effect free conversion of a value (which could be
a BigInt) to a String, then the usual BigInt::ToString is not a
great fit because it reacts to termination requests.
This patch adds a method BigInt::NoSideEffectsToString, which uses
a low upper bound instead of termination requests.
Fixed: chromium:1406774
Change-Id: Ibc5d37027823e4a03c470f1dd0a63c16c552850c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4177099
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85433}
.. and only keep BytecodeArray || Code. This is part of the effort to
reduce the number of InstructionStream references.
Drive-by: Fix a few outdated InstructionStream uses.
Bug: v8:13654
Change-Id: If70fd6a0cb3c8d7e677495d133db64f5c5a26101
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178821
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85432}
This will allow on the infra side to easier link to the respective
shard on a test failure. Without that it's a hassle to find out on
which shard the failing test ran.
This also simplifies how the global test_config stores information.
Some information was duplicated, but is now rather shared through
properties if the owning object is already present.
Bug: v8:13681
Change-Id: I52f01a4fac74627575d80f25923faba99eb6a1fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181030
Reviewed-by: Liviu Rau <liviurau@google.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85429}
This reverts commit 7eb8937bca.
Reason for revert: crbug.com/1408957
Original change's description:
> [turbofan] Optimize access to the length property of functions
>
> When compiling to JavaScript a language that supports curryfication, it
> is convenient to be able to efficiently get the arity of a function to
> check for partial application.
>
> Change-Id: I6611b523b2c3795f1f8fb123f63f5b6d604d793d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111447
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85409}
Fixed: chromium:1408957
Change-Id: I5200392af7532a864afd73fb0e88be9a2153a312
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4187075
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85428}
This CL hides the ctor of the MemoryReducer::State class and only
provides factory methods for creating states. This simplifies creation
of states and makes it impossible to misuse the API.
Direct field accesses are also replaced with invocations of their
corresponding getter methods. The getter method will check whether
the current state is allowed to access that field.
Bug: v8:13653
Change-Id: I252a6d75d0ddb4813b16a706061ad1951cfa35ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181026
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85426}
Previously we stored kProxy in this case, which resulted in
set semantics for proxies.
Bug: chromium:1408310
Change-Id: Id9f215b4c3c08416b6d6c5f4605839668a5df340
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178811
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#85422}
Previously in the DevTools console, users could inspect a preview of all private class members on an instance, but if they wanted to evaluate or inspect a specific private class member out of a long list, they had to be debugging and in a scope that has access to those private names.
This patch adds support for extraordinary access of out-of-scope private member access in debug-evaluate, specifically for Debugger.evaluateOnCallframe() (for console calls invoked during debugging) and Runtime.evaluate() (for console calls invoked when the user is not debugging). This kind of access is not otherwise allowed in normal execution, but in the DevTools console it makes sense to relax the rules a bit for a better developer experience.
To support this kind of extraordinary access, if the parsing_while_debugging or is_repl_mode flag is set, when we encounter a private name reference that's in a top-level scope or an eval scope under a top-level scope, instead of throwing immediately, we bind the reference to a dynamic lookup variable, and emit bytecode that calls to %GetPrivateName() or %SetPrivateName() in the runtime to perform lookup of the private name as well as the load/store operations accordingly.
If there are more than on private name on the receiver matching the description (for example, an object with two `#field` private names from different classes), we throw an error for the ambiguity (we can consider supporting selection among the conflicting private names later, for the initial support we just throw for simplicity).
If there are no matching private names, or if the found private class member does not support the desired operation (e.g. attempting to write to a read-only private accessor), we throw an error as well.
If there is exactly one matching private name, and the found private class member support the desired operation, we dispatch to the proper behavior in the runtime calls.
Doc: https://docs.google.com/document/d/1Va89BKHjCDs9RccDWhuZBb6LyRMAd6BXM3-p25oHd8I/edit
Bug: chromium:1381806
Change-Id: I7d1db709470246050d2e4c2a85b2292e63c01fe9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020267
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85421}
Add a shortcutting branch for TestTypeOf, similar to the compare
branches.
To do this, move the TestTypeOf implementation into MaglevAssembler. We
want to support label distances and fallthroughs correctly, so
additionally implement a generic Branch for labels with distances and
support for fallthroughs.
Bug: v8:7700
Change-Id: Ib8c6b0eeeec0a7f3429d3692081853d25278fba4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181034
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85420}
This CL adds the shared large object space to OldGenerationCapacity(),
CommittedOldGenerationMemory() and OldGenerationSizeOfObjects().
Bug: v8:13267
Change-Id: Ifdf5f78452d226266cf18c4c0bb1ed0117b1da60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4183485
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85416}
Reuse scratch register in deferred code instead of acquire a new one.
Note that with MaglevAssembler::ScratchRegisterScope, it is now
safe to pass a scratch to DeferredCode.
Fixed: chromium:1408900
Bug: v8:7700
Change-Id: I1e82285a0bd93a76e7f28b9a483b95c9b2f84712
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4183484
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85415}
The data race in [1] occurs because when reaching marking-barrier-inl.h,
value is in the shared heap while host is in the client heap.
Generally concurrent sweeping and marking barriers should not be active
at the same time. However, that only holds for a single heap.
In this case, the client is in the midst of incremental marking, thus
marking barriers are active for it, while concurrent sweeping is active
on the shared heap/space. This results in a race between reading the
value's mark bit and clearing the mark bit for the chunk.
[1] https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8791534956079065361/+/u/Check__flakes_/regress-crbug-1394741
Bug: v8:13665
Change-Id: I1b6210b9162b78b3c3635802a1e74432f5c89757
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181038
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85412}
When compiling to JavaScript a language that supports curryfication, it
is convenient to be able to efficiently get the arity of a function to
check for partial application.
Change-Id: I6611b523b2c3795f1f8fb123f63f5b6d604d793d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111447
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85409}
Annotate slow path call for creating a new GCInfo accordingly. This
path will only hit for the first object allocation for a given type.
All subsequent allocations will use the fast path.
Bug: chromium:1408821
Change-Id: Ifc1d3491a94b30dfeee1a2c9679c64939025fefe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4161752
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85408}
The built-in wasm function behaves similar to string.new_utf8
but in case of invalid characters returns `null` instead of
throwing an exception.
Bug: v8:12868
Change-Id: Idde9bc2563d6bff1ab163ca8ed2219b6db23ca28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4177105
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85406}
This allows MemoryReducer::Event to be an internal implementation
detail except for tests and make it impossible to misuse the API.
Bug: v8:13653
Change-Id: I333a6e17368ddaba562ec929b4950b6c234fc312
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178818
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85405}
