For large BigInts, computing the decimal representation can take a
very long time, so send them as hexadecimal strings instead. Also
make sure to abbreviate the RemoteObject description for bigints
appropriately always.
Also-By: jarin@chromium.org
Fixed: chromium:1068663
Change-Id: I2f7e4e1cbd2f66ce45be307fb787e101d9a8e2a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578653
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79872}
Since the inspector does not longer hold on strongly to Script objects
after they were collected by V8, this test was relying on the GC to not
collect the scripts too eagerly in case where nothing else holds on to
the script. So explicitly adding a global object property assignment
here in those cases to ensure that the Script is kept alive.
Fixed: chromium:1314212, v8:12699
Bug: chromium:1246884, chromium:1295659
Change-Id: Ia16fcf841aeb29bf131fc6fa066f120d342f94b2
Doc: https://bit.ly/v8-inspector-script-caching
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576117
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79852}
Similar to what we did for FunctionMirror before in
https://crrev.com/c/2887508, we also need to avoid running user
JavaScript for DateMirrors.
This also refactors the ToDateString logic a bit.
Fixed: chromium:1311613
Change-Id: I793b86106765550a9aa449f85f0766840081cc58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571896
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79821}
Reporting messages can trigger termination in case of `inspector-test`,
which we need to be able to deal with gracefully for the fuzzer.
Fixed: chromium:1307449
Change-Id: I88ba2b13d920134a1670b808adc4ace4ca6d1dff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540260
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79543}
Maglev is mid-tier optimising compiler designed mainly for compilation
speed that can still generate good code for straightforward JS.
This initial commit is an MVP for Maglev which can compile and run some
very simple code, and sets up a framework that we can build upon.
Design:
https://docs.google.com/document/d/13CwgSL4yawxuYg3iNlM-4ZPCB8RgJya6b8H_E2F-Aek/edit#
Bug: v8:7700
Change-Id: I5ae074ae099126c2c0d50864ac9b3d6fa5c9e85a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3483664
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79247}
When triggering a step out action, we check whether we already
are at a return or suspend location. If not, we first flood all
return positions with breakpoints, set the fast_forward_to_return_
flag and continue.
With the new way of reporting instrumentation breakpoints, we now
may get into the situation where we stopped on an instrumentation,
but may still need to continue until we reach the return point for
the step out. This CL fixes a bug in which we ran into a DCHECK
that expected us to stop on a return location (since
fast_forward_to_return_ is set to true), but we didn't.
Drive-by: adapt other stepping tests to properly wait for all pauses
Bug: chromium:1229541
Change-Id: Ie5fd358922f4cdaf1f8584bb0b35e87b0e221fb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3480094
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79226}
Previously we'd hold on to Script objects strongly after they are
considered unreachable by V8 itself, and keep them around for the
V8DebuggerAgent cache (whose upper limit can be controlled with a
parameter to `Debugger.enable`).
This CL changes that to instead copy out the script source and the
WebAssembly bytecode (depending on whether it's JavaScript or Wasm)
to the C++ heap and keep it cached there.
Fixed: chromium:1295659
Bug: chromium:1246884
Change-Id: Idfcd7172715eafca6b011826ae03a573d58803f2
Doc: https://bit.ly/v8-inspector-script-caching
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472082
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79217}
When calling `Runtime.getProperties` with `accessorPropertiesOnly` we
previously did not report any private fields at all, although it is
possible to define private accessors.
Bug: chromium:1296855
Change-Id: I18b84bfc81449d224738ba3de1f0c41c234025b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3477112
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79210}
Calling didContinue() after having paused on an instrumentation break
clears the breakpoint reasons that were stored in the debugger agent.
This removes clearBreakDetails() from didContinue() and specifically
calls it if we need it.
Drive-by: removing left-over dead code
Bug: chromium:1229541
Change-Id: I49f598d0e97801661e003c3911967c64ea63373e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3477099
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79203}
The ExceptionDetails structure allows the association of requests and
issues with JavaScript errors. These are currently only reported
when an exception goes through `Runtime#exceptionThrown`, but we
also want the metadata available when the ExceptionDetails are
requested explicitly for any Error object.
R=bmeurer@chromium.org
Bug: chromium:1280141
Change-Id: I1b1514207b9e146fda3452c3f7991cd7dc9a387b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3477098
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79199}
This changes the way how we are handling instrumentation breakpoints.
Motivation:
with instrumentation breakpoints, we need a way to break
on (conditional) breakpoints that were just set by the client on
the instrumentation pause.
How:
We want to first find out if we have an instrumentation break, and
trigger a pause. For this to work, we need to distinguish between
regular and instrumentation breakpoints in the debugger back-end.
On resume, we want to check if we have hit any breakpoints (may
now contain new breakpoints due to the client setting new breakpoints
at the previous instrumentation pause) and trigger a separate pause
for them.
Fixed: chromium:1292930
Change-Id: Idaadd276c44c693f856c4b08c7a72ea67271f420
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3442676
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79053}
Handle the case of nested super() by checking if the class scope
contains a private brand. In this case the ContextScope chain
is different from the actual context chain so this added back
the AddPrivateBrand() runtime function but with the additional
step of walking the context chain to get the correct class
context that will be stored as the value of the brand property
for the debugger.
Bug: v8:12354
Change-Id: Ieeb9b9d6372bfbb1a39c4c2dc9e9848e9109f02a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275137
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#79032}
Not all environments (like ShadowRealm) would expect console
APIs to present in their globals. Moving console API to
context's extras binding to allow them to be still
snapshotted to not slow down the bootstrap.
The console API is not removed from the global in this CL,
but it is planned to be removed in the later release.
Bug: v8:11989
Change-Id: Ieca09e0bafdf8943e8fff8fee97fc21c2326320f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364786
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#78998}
Previously the inspector was trying to handle step-out for async
functions by annotating the async stacks, but this was merely a
hack and didn't work reliably
(a) when the async caller that is `await`ing the result of the
callee was still in the synchronous part (because then there
was no async task yet in the inspector), or
(b) not at all when the async stack tracking wasn't enabled or the
maximum async stack depth was too small.
This CL replaces that hack with a pragmatic solution inside the
V8 debugger, where upon `await` we memorize the async function
object of the caller on the outer promise of the callee, and when
stepping out of the callee we check whether the returned promise
has a memorized async function object and if so, we schedule that
to resume.
This CL thereby effectively reverts https://crrev.com/c/1054618
and replaces it with a V8 debug solution, and thereby further
reduces the (memory) overhead of an AsyncStackTrace.
Fixed: chromium:1246867
Bug: v8:6161, v8:7753, chromium:1277451, chromium:1280519
Change-Id: I6aa79e90f49d204f66bfd37e7a328c7fb8d635b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439865
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78990}
Properly push back the current request promise for async generators when
resuming after an `await` to ensure that the catch prediction works as
expected for async generators.
Fixed: chromium:1220203
Change-Id: I8c3592ceb567aadcba8f460794cd5d60a965a360
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3442680
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78984}
This is the final step towards moving away from sending `url` with
every call frame when emitting the `Debugger.paused` event.
Fixed: chromium:1270316
Bug: chromium:1271078
Change-Id: I87a286d81eb91a9bed64213c4b18db0675858822
Doc: https://bit.ly/devtools-debugger-callframe-url
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3345001
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78974}
This is the second step towards moving away from sending `url` with
every call frame when emitting the `Debugger.paused` event.
Bug: chromium:1270316, chromium:1271078
Change-Id: Ib4f996024b5200cded155bd8a564d01d36856400
Doc: https://bit.ly/devtools-debugger-callframe-url
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3431485
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78906}
Previously we'd predict exceptions thrown in [[Reject]] handlers as
always caught (by PromiseRejectReactionJob), but that's not what is
actually specified in ECMAScript. The PromiseRejectReactionJob will turn
any exception thrown into a promise rejection just like we do in the
case of PromiseFulfillReactionJob, and so the catch prediction should
match that behavior.
Fixed: chromium:1290861
Change-Id: Id992708b009666da7c6bf1b6e3cf30752ca0a227
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3423775
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78864}
This CL replaces the equirecursive type system for wasm-gc with the
isorecursive hybrid type system presented here:
https://github.com/WebAssembly/gc/issues/257.
In broad strokes, this includes the following changes:
- In the module decoder, remove equirecursive types. Implement recursive
type groups, subtype definitions, and function/struct/array
definitions. Treat nominal modules as syntactic sugar of an
isorecursive module, where all types belong in the same recursive
group.
- Remove rtt.sub and all related infrastructure.
- Change subtyping to work with explicit supertypes only.
- Add ValidSubtypeDefinition in subtyping, to check that subtype
declarations are valid during decoding.
- Remove the subtyping cache.
- Add support for functions to have specific signature index in
WasmModuleBuilder and in test-gc.cc.
- Adapt tests.
Current restrictions:
- Recursive groups are not stored beyond decoding.
- Type canonicalization is not implemented. No tests relying on types
being considered identical post-canonicalization.
- No cross-module subtyping is possible. Tests relying on cross-module
subtyping have been commented out.
Bug: v8:7748
Change-Id: I69fd04ecc5611f6230c95d5c89d1c520163fffae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416239
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78816}
This CL replaces 'InvalidArgument' with 'ServerError' for
Runtime#getExceptionDetails. The reason is that the error we
raise is on the application level, allowing the DevTools frontend
to handle it to a certain degree. 'InvalidArgument' errors would be
interpreted as "something went really wrong", which is not the case
here.
Bug: chromium:1280141
Change-Id: Id72f06ce8daa06875adeb2528638a80ae61d9e55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420304
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78809}
This is a reland of 91f08378bc
When the class scope does not need a context, the deserialized
outer scope of the initializer scope would not be the class scope,
and we should not and do not need to use it to fix up the allocation
information of the context-allocated variables. The original patch
did not consider this case and resulted in a regression when we
tried to reparse the initializer function to look for destructuring
assignment errors. This fixes the regression by not deserializing
the class scope that's going to be reparsed, and using the positions
of the scopes to tell whether the scope info matches the reparsed
scope and can be used to fix up the allocation info.
Original change's description:
> [class] implement reparsing of class instance member initializers
>
> Previously, since the source code for the synthetic class instance
> member initializer function was recorded as the span from the first
> initializer to the last initializer, there was no way to reparse the
> class and recompile the initializer function. It was working for
> most use cases because the code for the initializer function was
> generated eagarly and it was usually alive as long as the class was
> alive, so the initializer wouldn't normally be lazily parsed. This
> didn't work, however, when the class was snapshotted with
> v8::SnapshotCreator::FunctionCodeHandling::kClear,
> becuase then we needed to recompile the initializer when the class
> was instantiated. This patch implements the reparsing so that
> these classes can work with FunctionCodeHandling::kClear.
>
> This patch refactors ParserBase::ParseClassLiteral() so that we can
> reuse it for both parsing the class body normally and reparsing it
> to collect initializers. When reparsing the synthetic initializer
> function, we rewind the scanner to the beginning of the class, and
> parse the class body to collect the initializers. During the
> reparsing, field initializers are parsed with the full parser while
> methods of the class are pre-parsed.
>
> A few notable changes:
>
> - Extended the source range of the initializer function to cover the
> entire class so that we can rewind the scanner to parse the class
> body to collect initializers (previously, it starts from the first
> field initializer and ends at the last initializer). This resulted
> some expectation changes in the debugger tests, though the
> initializers remain debuggable.
> - A temporary ClassScope is created during reparsing. After the class
> is reparsed, we use the information from the ScopeInfo to update
> the allocated indices of the variables in the ClassScope.
>
> Bug: v8:10704
> Change-Id: Ifb6431a1447d8844f2a548283d59158742fe9027
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2988830
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Cr-Commit-Position: refs/heads/main@{#78299}
Bug: chromium:1278086, chromium:1278085, v8:10704
Change-Id: Iea4f1f6dc398846cbe322adc16f6fffd6d2dfdf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3325912
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#78745}
This is a regression test for the fixes in
https://crrev.com/c/v8/v8/+/3299592 . Some of the helper functions were
copied from console-retaining-path.js in the same directory.
Bug: v8:12112
Change-Id: I3c313ad003ede5e5036f886161e1d164c98f87fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3400149
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#78689}
CDP has a "ExceptionDetails" structure that is attached to various
CDP commands, e.g. "Runtime#exceptionThrown" or "Runtime#evaluate".
The stack trace in the "ExceptionDetails" structure is used in
various places in DevTools. The information in the "ExceptionDetails"
structure is extracted from a v8::Message object. Message objects
are normally created at the exception throw site and may augment
the error with manually inspecting the stack (both to capture a fresh
stack trace in some cases, as well as to calculate location info).
The problem is that in some cases we want to get an "ExceptionDetails"
structure after the fact, e.g. when logging a JS "Error" object in
a catch block. To help in this case, this CL introduces a new
CDP method "Runtime#getExceptionDetails" that behaves exactly as
advertised: It provides a populated "ExceptionDetails" structure
from a JS Error object.
R=bmeurer@chromium.org
Doc: https://bit.ly/runtime-get-exception-details
Bug: chromium:1278650
Change-Id: I084be10c1d852d3b7cac8d88e7f820e867be4722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3337258
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78676}
When creating a new JSError object (or using the non-standard API
`Error.captureStackTrace`) V8 would previously capture the "simple stack
trace" (as FixedArray of CallSiteInfo instances) to be used for the non-
standard `error.stack` property, and if the inspector was active also
capture the "detailed stack trace" (as FixedArray of StackFrameInfo
instances). This turns out to be quite a lot of overhead, both in terms
of execution time as well as memory pressure, especially since the
information needed for the inspector is a proper subset of the
information needed by `error.stack`.
So this CL addresses the above issue by capturing only the "simple stack
trace" (in the common case) and computing the "detailed stack trace"
from the "simple stack trace" when on demand. This is accomplished by
introducing a new ErrorStackData container that is used to store the
stack trace information on JSErrors when the inspector is active. When
capturing stack trace for a JSError object while the inspector is
active, we take the maximum of the program controlled stack trace limit
and the inspector requested stack trace limit, and memorize the program
controlled stack trace limit for later formatting (to ensure that the
presence of the inspector is not observable by the program).
On the `standalone.js` benchmark from crbug.com/1283162 (with the
default max call stack size of 200) we reduce execution time by around
16% compared to ToT. And compared to V8 9.9.4 (the version prior to the
regression in crbug.com/1280831), we are 6% faster now.
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Bug: chromium:1280831, chromium:1278650, chromium:1258599
Bug: chromium:1280803, chromium:1280832, chromium:1280818
Fixed: chromium:1283162
Change-Id: I57dac73e0ecf7d50ea57c3eb4981067deb28133e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366660
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78542}
The V8InspectorSessionImpl constructor accepts a state, as either text
or CBOR encoded, and generally ignores all invalid inputs, except for
the case where it's a valid value, but not a dictionary value, in which
case it'll leak the value and crash upon casting to a `DictionaryValue`.
This is purely an issue with the test driver, so no security impact on
Chromium in the wild.
Fixed: chromium:1281031
Change-Id: I7b4d0aea83370499b1274d3fa214a14dc098d2f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361838
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78490}
This change fixes the implementation of the previously introduced API
`Runtime.setMaxCallStackSizeToCapture` to work correctly and also apply
(consistently) to stack traces captured by V8 when exceptions are
thrown. It does so in a fully backwards compatible manner.
This change thus makes the previous fix for catapult (which landed in
http://crrev.com/c/3347789) effective, and therefore ensures that real
world performance benchmarks aren't affected by the use of the `Runtime`
domain in the catapult test framework.
Note this is basically a reland of crrev.com/c/3361839, but without
touching the stack traces for console messages (which led to the
regressions in crbug/1283516, crbug/1283523, etc.).
Fixed: chromium:1280831
Bug: chromium:1283162, chromium:1278650, chromium:1258599
Bug: chromium:1280803, chromium:1280832, chromium:1280818
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Change-Id: I3dcec7b75d76ca267fac8bd6fcb2cda60d5e60dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364086
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78479}
This reverts commit 34f73cc759.
Reason for revert: Performance regressions throughout a lot of
system health and browsing benchmarks.
Original change's description:
> [inspector] Fix `Runtime.setMaxCallStackSizeToCapture`.
>
> This change fixes the implementation of the previously introduced API
> `Runtime.setMaxCallStackSizeToCapture` to work correctly and also apply
> (consistently) to stack traces captured by V8 when exceptions are
> thrown. It does so in a fully backwards compatible manner.
>
> This change thus makes the previous fix for catapult (which landed in
> http://crrev.com/c/3347789) effective, and therefore ensures that real
> world performance benchmarks aren't affected by the use of the `Runtime`
> domain in the catapult test framework.
>
> Bug: chromium:1283162, chromium:1278650, chromium:1258599
> Bug: chromium:1280803, chromium:1280832, chromium:1280818
> Fixed: chromium:1280831
> Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
> Change-Id: I4ec951a858317fa49096cd4023deb0104d92c9c9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361839
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78458}
Bug: chromium:1283162, chromium:1278650, chromium:1258599
Bug: chromium:1280803, chromium:1280832, chromium:1280818
Bug: chromium:1280831
Change-Id: Id1efaffa2f7f08c47f833f68b8a297494edee21e
Fixed: chromium:1283751, chromium:1283749, chromium:1283746
Fixed: chromium:1283729, chromium:1283700, chromium:1283700
Fixed: chromium:1283691, chromium:1283687, chromium:1283678
Fixed: chromium:1283677, chromium:1283676, chromium:1283675
Fixed: chromium:1283674, chromium:1283618, chromium:1283536
Fixed: chromium:1283523, chromium:1283516
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364078
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78462}
This change fixes the implementation of the previously introduced API
`Runtime.setMaxCallStackSizeToCapture` to work correctly and also apply
(consistently) to stack traces captured by V8 when exceptions are
thrown. It does so in a fully backwards compatible manner.
This change thus makes the previous fix for catapult (which landed in
http://crrev.com/c/3347789) effective, and therefore ensures that real
world performance benchmarks aren't affected by the use of the `Runtime`
domain in the catapult test framework.
Bug: chromium:1283162, chromium:1278650, chromium:1258599
Bug: chromium:1280803, chromium:1280832, chromium:1280818
Fixed: chromium:1280831
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Change-Id: I4ec951a858317fa49096cd4023deb0104d92c9c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361839
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78458}
Previously the `Debugger.CallFrame`s in `Debugger.paused` events would
report locations relative to the surrounding document in case of inline
scripts with `//@ sourceURL` annotations (while `Runtime.CallFrame` was
already fixed previously as part of crrev.com/c/3069289). With this CL
the locations in `Debugger.CallFrame` are also appropriately adjusted.
Drive-by-fix: Several inspector tests were (incorrectly) relying on this
wrong treatment, and were also unnecessarily using //# sourceURL
annotations. So part of this CL also addresses that problem and makes
the tests more robust, using addInlineScript() helper.
Fixed: chromium:1283049
Bug: chromium:1183990, chromium:578269
Change-Id: I6e3b215d951c3453c0a9cfc9bccf3dc3d5e92fd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359619
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78450}
This updates the following set of console builtins in V8 to match the
Console Standard (https://console.spec.whatwg.org) with respect to
(potentially side effecting) type conversions:
- console.debug
- console.error
- console.info
- console.log
- console.trace
- console.warn
- console.group
- console.groupCollapsed
- console.assert
The V8 implementation only performs the type conversions and updates
the arguments in-place with the results from the %String% constructor,
%parseInt%, or %parseFloat% invocations. The actual formatting is
still left completely to the debugger front-end.
To give a concrete example, the following code
```js
const msgFmt = {
toString() { return 'Message %i' }
};
console.log('LOG: %s`, msgFmt, 42);
```
sends the following parameters to the debugger front-end
```js
["LOG: %s", "Message %i", 42]
```
and it's then the job of the front-end to perform the actual string
substitutions.
It's also worth calling out that the console builtins are only
concerned with %s, %f, %d, and %i formatting specifiers, since
these are the only ones that trigger type conversions, and %o, %O,
and %c can only be implemented in a meaningful way at a higher
level.
Fixed: chromium:1277944
Bug: chromium:1282076
Doc: https://bit.ly/v8-proper-console-type-conversions
Spec: https://console.spec.whatwg.org
Change-Id: I0996680811aa96236bd0d879e4a11101629ef1a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3352118
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78432}
This CL renames a number of things related to the V8 sandbox.
Mainly, what used to be under V8_HEAP_SANDBOX is now under
V8_SANDBOXED_EXTERNAL_POINTERS, while the previous V8 VirtualMemoryCage
is now simply the V8 Sandbox:
V8_VIRTUAL_MEMORY_CAGE => V8_SANDBOX
V8_HEAP_SANDBOX => V8_SANDBOXED_EXTERNAL_POINTERS
V8_CAGED_POINTERS => V8_SANDBOXED_POINTERS
V8VirtualMemoryCage => Sandbox
CagedPointer => SandboxedPointer
fake cage => partially reserved sandbox
src/security => src/sandbox
This naming scheme should simplify things: the sandbox is now the large
region of virtual address space inside which V8 mainly operates and
which should be considered untrusted. Mechanisms like sandboxed pointers
are then used to attempt to prevent escapes from the sandbox (i.e.
corruption of memory outside of it). Furthermore, the new naming scheme
avoids the confusion with the various other "cages" in V8, in
particular, the VirtualMemoryCage class, by dropping that name entirely.
Future sandbox features are developed under their own V8_SANDBOX_X flag,
and will, once final, be merged into V8_SANDBOX. Current future features
are sandboxed external pointers (using the external pointer table), and
sandboxed pointers (pointers guaranteed to point into the sandbox, e.g.
because they are encoded as offsets). This CL then also introduces a new
build flag, v8_enable_sandbox_future, which enables all future features.
Bug: v8:10391
Change-Id: I5174ea8f5ab40fb96a04af10853da735ad775c96
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322981
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78384}
Some embedders might want to process console.info and console.log
differently. So inspector needs to return a different level for
these console log messages.
Change-Id: I936990a25f079a0d72f877a5095ed93819fc539a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3331929
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alexey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78357}
Since the reftypes proposal has shipped, we remove the respective flag
and the code that handled its absence. We maintain a WasmFeature for
reftypes for feature detection purposes. We remove the flag declaration
from tests, and adapt some tests that make no sense without the flag.
Bug: v8:7581
Change-Id: Icf2f8d0feae8f30ec68d5560f1e7ee5959481483
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3329781
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78351}
This reverts commit 91f08378bc.
Reason for revert: It's a fairly big change, and the clusterfuzz
found some bugs. Will reland with the fix after M98 branch point.
Original change's description:
> [class] implement reparsing of class instance member initializers
>
> Previously, since the source code for the synthetic class instance
> member initializer function was recorded as the span from the first
> initializer to the last initializer, there was no way to reparse the
> class and recompile the initializer function. It was working for
> most use cases because the code for the initializer function was
> generated eagarly and it was usually alive as long as the class was
> alive, so the initializer wouldn't normally be lazily parsed. This
> didn't work, however, when the class was snapshotted with
> v8::SnapshotCreator::FunctionCodeHandling::kClear,
> becuase then we needed to recompile the initializer when the class
> was instantiated. This patch implements the reparsing so that
> these classes can work with FunctionCodeHandling::kClear.
>
> This patch refactors ParserBase::ParseClassLiteral() so that we can
> reuse it for both parsing the class body normally and reparsing it
> to collect initializers. When reparsing the synthetic initializer
> function, we rewind the scanner to the beginning of the class, and
> parse the class body to collect the initializers. During the
> reparsing, field initializers are parsed with the full parser while
> methods of the class are pre-parsed.
>
> A few notable changes:
>
> - Extended the source range of the initializer function to cover the
> entire class so that we can rewind the scanner to parse the class
> body to collect initializers (previously, it starts from the first
> field initializer and ends at the last initializer). This resulted
> some expectation changes in the debugger tests, though the
> initializers remain debuggable.
> - A temporary ClassScope is created during reparsing. After the class
> is reparsed, we use the information from the ScopeInfo to update
> the allocated indices of the variables in the ClassScope.
>
> Bug: v8:10704
> Change-Id: Ifb6431a1447d8844f2a548283d59158742fe9027
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2988830
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Cr-Commit-Position: refs/heads/main@{#78299}
Bug: v8:10704
Change-Id: I039cb728ebf0ada438a8f26c7d2c2547dbe3bf2d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3325328
Auto-Submit: Joyee Cheung <joyee@igalia.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78315}
Previously, since the source code for the synthetic class instance
member initializer function was recorded as the span from the first
initializer to the last initializer, there was no way to reparse the
class and recompile the initializer function. It was working for
most use cases because the code for the initializer function was
generated eagarly and it was usually alive as long as the class was
alive, so the initializer wouldn't normally be lazily parsed. This
didn't work, however, when the class was snapshotted with
v8::SnapshotCreator::FunctionCodeHandling::kClear,
becuase then we needed to recompile the initializer when the class
was instantiated. This patch implements the reparsing so that
these classes can work with FunctionCodeHandling::kClear.
This patch refactors ParserBase::ParseClassLiteral() so that we can
reuse it for both parsing the class body normally and reparsing it
to collect initializers. When reparsing the synthetic initializer
function, we rewind the scanner to the beginning of the class, and
parse the class body to collect the initializers. During the
reparsing, field initializers are parsed with the full parser while
methods of the class are pre-parsed.
A few notable changes:
- Extended the source range of the initializer function to cover the
entire class so that we can rewind the scanner to parse the class
body to collect initializers (previously, it starts from the first
field initializer and ends at the last initializer). This resulted
some expectation changes in the debugger tests, though the
initializers remain debuggable.
- A temporary ClassScope is created during reparsing. After the class
is reparsed, we use the information from the ScopeInfo to update
the allocated indices of the variables in the ClassScope.
Bug: v8:10704
Change-Id: Ifb6431a1447d8844f2a548283d59158742fe9027
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2988830
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#78299}
This removes the additional call to `didPause` solely for
instrumentation breakpoints. They will be reported along with any
other pause reasons, and if several apply, 'ambiguous' will be
reported as a reason.
Bug: chromium:1229541
Change-Id: I38557248dc2274c2ff2c396aa19073f4a5c5abd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300134
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78271}
This CL makes sure to forward the information that we are pausing
because of a debugger statement, and to encode it explicitly
as an 'other' reason when reporting the pause to the front-end.
Drive-by: refactoring the way break reasons are propagated by
introducing a new enum for break reasons
Bug: chromium:1229541, chromium:1133307
Change-Id: I9d2e8d8da54d96a231eff9d1f62b74507955b18f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306978
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78202}
Previously when hitting a debugger statement we would ignore reporting
the hit breakpoints.
Bug: chromium:1229541, chromium:1133307
Change-Id: I47427a541391a27fc7783930e5e7eb41fbf2bb6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306373
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78145}
With https://crrev.com/c/3272577 we introduced a `StackFrame` cache for
the inspector, which is keyed on the script ID, line and column number,
so the syntactic properties of the function. However, the name that we
report for functions is dynamic and can change (per closure) by
explicitly reconfiguring the "name" property via
```js
var f = function() { /* ... */ }
Object.defineProperty(f, "name", {value: "super duper function"});
```
for example, so we need to take that into account as well, and only use
the cached `StackFrame` instance if the dynamic names still match up.
Otherwise we just overwrite the cached entry with a new instance (the
assumption here is that "name" isn't reconfigured often).
Fixed: chromium:1274529
Bug: chromium:1268436
Change-Id: I519017c762aed5b4f93b9dc4553fa81d5979f1a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306376
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78127}
Previously, we would encode 'other' as a reason for pausing when
stepping too, however, it would not show as such in case it would
overlap with another reason. This CL makes sure that we always report
'other' as a reason if we are stepping.
Drive-by: only encode 'other' as a reason once
Bug: chromium:1229541
Change-Id: Id73822dff68d1d54a2f1fafdf2a097e1377ece75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295346
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78118}
This CL explicitly encodes the 'other' reason for breaking for:
* regular breakpoints
* triggered pause events.
The reason for explicitly encoding the reason is that we may otherwise
not know why we pause when we handle it. This knowledge is needed
in order to fully support instrumentation breakpoints, e.g. if we do
not know that we paused on a triggered pause, and this happens to
overlap with an instrumentation, we would previously only report
'instrumentation' as a reason which would be wrong.
Bug: chromium:1229541
Change-Id: I93c08f965a491f6d34f280157b182a78d5b3cf07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289638
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77970}
In assignments the lhs should be evaluated first and shouldn't be
re-evaluated when the value of the rhs is available. Fix it by
saving the receiver and the key registers into AssignmentLhsData
before building the assignment and use them later, instead of visiting
the AST again to retrieve the receiver.
In addition, now that we save the receiver register, use it to
perform the brand check even when we know for sure that it's
going to fail later because it's a write to a private
method or accessing the accessor in the wrong way (v8:11364),
so that the brand check error always appears first if it is present,
as specified in
https://tc39.es/proposal-private-methods/#sec-privatefieldget
Drive-by: unify the brand check error messages, and replace "Object"
with "Receiver" in the messages for clarity. The instance private
brand check now throws "Receiver must be an instance of class <name>"
and the static private brand check now throws "Receiver must be
class <name>". Also always set the expression position to the
property load position, because the brand check failure comes from
the load operation.
Bug: v8:12352, v8:11364
Change-Id: I61a8979b2e02b561dd5b2b35f9e0b6691fe07599
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3266964
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77797}
This reverts commit f9ebad0119.
Reason for revert: suspected root cause of crbug.com/1257806 Additionally, this patch might actually be incorrect as we eagerly evaluate native accessors, which can only happen if the debugger is running.
Original change's description:
> [inspector] Use side-effect free debug evaluate for inherited accessors.
>
> Replace the hard-coded blocklist ("Response.body" and "Request.body") in
> the V8 inspector with proper side-effect free debug evaluate. This is
> otherwise a non-functional change and in particular preserves the
> behavior of reporting accessors as (own) data properties. That will be
> tackled in a follow-up CL.
>
> This CL is possible because with https://crrev.com/c/3056879 Blink now
> properly marks accessors as side-effect free consistently with what the
> V8 inspector had done before.
>
> Doc: http://doc/1gLyyOlssS5zyCSEyybVC-5sp0UnNJj2hBoFyf6ryrTc
> Bug: chromium:829571, chromium:1076820, chromium:1119900
> Change-Id: Idb256accaf4cfb5db5982b3eb06ddcef588be635
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062573
> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
> Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76019}
Bug: chromium:829571, chromium:1076820, chromium:1119900, chromium:1257806
Fixed: chromium:1265372
Change-Id: Ia31a3022aaa9ddeae1f01eaa90e345f8bdbb21c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259653
Commit-Queue: Tim van der Lippe <tvanderlippe@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77708}
