v8_debug_helper attempts to flag known object pointers when it can
recognize them, even if the memory pointed to is not available in the
crash dump. In ptr-compr builds, the first pages of the map space,
read-only space, and old space are always at the same offsets within the
heap reservation region, so we can more easily detect known objects.
Bug: v8:9376
Change-Id: I04e0d2357143d753f575f556e94f8fd42ce9d811
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783729
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63624}
This CL implements the tier-up strategy where the interpreter can be used for
an arbitrary number of executions for every regex, before tiering-up to the
compiler. The only exception is for functional global replaces, where we
eagerly tier-up to native code right away.
To use the tier-up logic --regexp-tier-up=value needs to be set. It is
currently set to 0 by default.
Change-Id: I770857e5eae710a952fe47661cb42957c53848b4
Bug: v8:9566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789299
Commit-Queue: Ana Pesko <anapesko@google.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63623}
The fuzzer found a crash when we want to execute the {valueOf} function
of an imported value for an i64-global. The problem is that we cannot
execute JavaScript at that moment (I did not check why, I guess we open
some scope at some point). I checked the WebAssembly spec now, and it
defines that only numbers are valid values for imported globals. I
adjust our bigint implementation accordingly with this CL, i.e. that
only bigint values are valid as imported i64-globalsl.
I also created github issues to discuss this problem.
R=jkummerow@chromium.org
Bug: chromium:1001804
Change-Id: I47f0b31fab53163346f341ad290fd3c58e7707bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792167
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63621}
... to make them unique. With this fix the --trace-turbo no longer
overwrites bytecode handler graphs and --trace-turbo-filter allows
to select exact bytecode handler version.
Bug: v8:9396
Change-Id: I260edc8872e320aadd5d70aa95cf5bf2cd24b22f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792904
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63620}
TNodified:
* AbortIfRegisterCountInvalid
* MaybeDropFrames
* TraceBytecodeDispatch
* UpdateInterruptBudget
* OperandOffset
There are currently no more Node* in interpreter-assembler!
Bug: v8:6949
Change-Id: I352a1fd18444c6ffb0f85d95f5da2e3e4a1681e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787432
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63618}
This reverts commit 9da3483136
Original change's description:
> "Reland x4 [arraybuffer] Rearchitect backing store ownership"
>
> This is a reland of bc33f5aeba
>
> Contributed by titzer@chromium.org
>
> Original change's description:
> > [arraybuffer] Rearchitect backing store ownership
> >
> > This CL completely rearchitects the ownership of array buffer backing stores,
> > consolidating ownership into a {BackingStore} C++ object that is tracked
> > throughout V8 using unique_ptr and shared_ptr where appropriate.
> >
> > Overall, lifetime management is simpler and more explicit. The numerous
> > ways that array buffers were initialized have been streamlined to one
> > Attach() method on JSArrayBuffer. The array buffer tracker in the
> > GC implementation now manages std::shared_ptr<BackingStore> pointers,
> > and the construction and destruction of the BackingStore object itself
> > handles the underlying page or embedder-allocated memory.
> >
> > The embedder API remains unchanged for now. We use the
> > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> > keep the backing store alive properly, even in the case of aliases
> > from live heap objects. Thus the embedder has a lower chance of making
> > a mistake. Long-term, we should move the embedder to a model where they
> > manage backing stores using shared_ptr to an opaque backing store object.
>
> TBR=yangguo@chromium.org
>
> BUG=v8:9380,v8:9221,chromium:986318
>
> Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63041}
TBR=yangguo@chromium.org
Change-Id: I3cc4bb80081c662b1751234bc16a821c20e744be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792166
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63617}
This increases readability of the wasm-stepping test significantly.
Drive-by: Use more 'let' instead of 'var'.
R=yangguo@chromium.org
Change-Id: If80ba3a4b92cd3ab1c994e17fb8f40f5526517da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789298
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63616}
After https://crrev.com/c/1789294, the {AddAndPublishAnonymousCode} has
only a single caller, {AddCodeForTesting}. Thus inline the method there.
R=mstarzinger@chromium.org
Change-Id: I698b37baa55221b82ead0b0bb8205233693ffced
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789703
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63614}
Getting the type from the internal object avoids a costly allocation.
Not doing it this way all along was an oversight.
Change-Id: I22197cbb6ab2a68dd0faba78152e7cc2eb473e23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1790102
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63613}
The bot that runs gcmole was failing before
https://crrev.com/c/1789707 because the test file was missing.
It returned with exit status 0 anyway though. After fixing the
original fault, this CL ensures that the gcmole tests also
trigger an error on the bot(s) if they fail.
R=mstarzinger@chromium.org
CC=mslekova@chromium.org
Change-Id: I29ae40301062baadfcd38b26c336c5749924b0d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789702
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63612}
This is a reland of b1c3ca2a71
Original change's description:
> [heap] Reschedule concurrent marking tasks earlier
>
> Currently we reschedule concurrent marking tasks if all tasks finish.
> This is too conservative and we can improve performance by rescheduling
> finished tasks without waiting for all other tasks.
>
> As a drive-by this also changes task_count_ to total_task_count_.
>
> Change-Id: If0b3bd45ce6d52f6bcd0065dd8d3efe9ea84184a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789142
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63593}
Change-Id: Id18bbb3cab85cd38bb7d2f21611825252ed4a1dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789288
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63610}
No-embed builds are deprecated since v7.4 and will successively be
removed soon.
These no-embed builds complicate the design of far jump tables, so
we stop to support this configuration now.
R=mstarzinger@chromium.org
CC=szuend@chromium.org, jgruber@chromium.org, hablich@chromium.org
Bug: v8:8519, v8:9477
Change-Id: I6ab6f83019e7a182a50f4c599f3dd8c03aa2c02f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789294
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63609}
The bots currently fail to run the gcmole self tests, because the file
is not contained in the generated archive.
This CL fixes that.
R=mstarzinger@chromium.orgCC=mslekova@chromium.org
Change-Id: I691c207be1809516a5cc5e250287427674146a7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789707
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63608}
Slots are always valid inside an invalidated area when outside the
respective object's current size. This allows us to remove the size
from the InvalidatedSlots data structure.
This change was enabled by https://crrev.com/c/1771793. Reland after
revert in https://crrev.com/c/1783106, this CL was not the culprit
of the issue (chromium:1000404).
Bug: v8:9454
Change-Id: I823d34670515924bf74200daa21a834044087310
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787431
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63607}
Filtering was reverted in https://crrev.com/c/1773252 because of
chromium:998256, but this issue seems to be unrelated.
Bug: v8:9454
Change-Id: Ie266976c8fc664fe2a7395198a010307f5297f25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792163
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63606}
It is not recommended to define type alias in C++ header file. cctest defines
type alias `using Label=CodeAssemblerLabel` in anonymous namespace under
namespace `v8::internal::compiler` in test-code-assembler.cc. This is fine
because this type alias is expected to take effect only in this .cc file. But in
jumbo build, multiple source files are combined as a single one, and the
previous `Label` type alias could shadow definition of `Label` from other header
file (for example, v8/src/codegen/label.h which is included by another .cc file)
This is totally unexpected and triggers bad class layout and accessing in the
latter .cc file for the places where `Label` is referenced.
This change fixes cctest from Windows ARM64 jumbo build, but it applies to
other architectures too.
Bug: chromium:893460
Change-Id: Ib2e9df76f6e3371b3940649668c5d13e6b36f028
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1788537
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tom Tan <Tom.Tan@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#63605}
ScopeIterator was changed to re-parse the whole script instead of
just a single function. The CL in question went through a few
iterations. At one point, it was necessary to wrangle the source
position of generator functions to correctly identify their
closure scope. This is no longer necessary and this CL removes
the manual source position adjustment.
Change-Id: If1a61ed32a903997b70a62cd464198f3dffa385a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792162
Auto-Submit: Simon Zünd <szuend@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63604}
Currently this is very similar to TurboFan's OptimizeGraph phase, but avoids
a number of passes to reduce optimization time. With time this will have more
differences.
BUG=v8:9684
Change-Id: Id416385e55fa52e1103fd103032c6db86c17f047
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784295
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63602}
GetMaxBackgroundTasks should return 0 in predictable mode, since
compilation is done in the foreground.
R=clemensh@chromium.org
Change-Id: I4a617cadb53ca91ee21e40c46a93d54e2a1ceb8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789301
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63600}
This is a reland of 8b89a7c32d
Reland after disabling the test getting deadlocked with '--gc_stress' flag.
The CL was reverted because of the 'wasm/grow-shared-memory' test from
the mjsunit test suite deadlocked for the 'gc_stress' variant. This is
the known issue (v8:9221) and the deadlocking test is now disabled (
1c8981e3f4).
Original change's description:
> Update GetIterator bytecode to load and call object[Symbol.iterator]
>
> The functionality of the GetIterator bytecode introduced previously is
> now extended from loading the @@iterator property to calling the property
> as well. This change basically absorbs the functionality of additional
> two bytecodes - Star, CallProperty0 in the GetIterator bytecode.
> Importantly, this change handles the cases of eager and lazy deoptimization
> in the middle of the bytecode, i.e., lazy deopt for LdaNamedProperty and
> eager deopt of the CallProperty0 bytecode, using the continuation builtins.
> This mechanism can work as a template for the future bytecode that require
> handling such inter-bytecode deopt scenario. The tests evaluating the eager
> and lazy deopt scenarios are also included.
>
> Bug: v8:9489
> Change-Id: I93eb022bbc3d37582407820aa8482a343cac6c12
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758313
> Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63528}
Bug: v8:9489,v8:9221
Change-Id: I4286255aef457bfdbbe5eb50fc6dabdf9c0955b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787427
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com>
Cr-Commit-Position: refs/heads/master@{#63599}
This is a reland of 096d9c5663
Fixed DEPS files which were not caught by presubmit trybot
Original change's description:
> [tracing] Roll perfetto @ 28b633cd
>
> This catches up with [1] that make the proto include path
> relative to the project root rather than ./protos/
>
> [1] https://android-review.googlesource.com/c/platform/external/perfetto/+/1108421
>
> Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
> Bug: v8:8339
> Change-Id: I1f2dec93120142ea61cee864e4bf76a6947d958d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776088
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Commit-Queue: Primiano Tucci <primiano@chromium.org>
> Auto-Submit: Primiano Tucci <primiano@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63584}
Bug: v8:8339
Change-Id: I70e8b2d4520c620d02d5251d14bd61b90fb1d73f
Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789143
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63598}
Disable the 'wasm/grow-shared-memory' test from the mjsunit test suite for
all the 'gc_stress' variants. The test is currently disabled only for
executions with the combination of 'gc_stress' and 'slow_path'.
With the --gc-stress flag enabled, the test time outs as a result of
deadlock or fails with the DCHECK error because of the known issue.
Bug: v8:9221
Change-Id: Ia2cbbb6f1e5678e5583176fcdd557bd8760234e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789290
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com>
Cr-Commit-Position: refs/heads/master@{#63597}
Since C++14, we can use a switch in a constexpr function.
R=ahaas@chromium.org
Bug: v8:9686, v8:9687
Change-Id: I082a7be6c54d6c705b678f19aa56bdb7a3313f80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1786284
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63596}
Since we do not support gcc < 5 any more, we can switch to C++14 now.
Gcmole is the only tool preventing this currently.
R=mstarzinger@chromium.org
Bug: v8:9687, v8:9690
Change-Id: Ie7fee25061bdf6f1e7f156bc150b7142c824f5d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787426
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63595}
This reverts commit b1c3ca2a71.
Reason for revert: TSan issues: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/28147
Original change's description:
> [heap] Reschedule concurrent marking tasks earlier
>
> Currently we reschedule concurrent marking tasks if all tasks finish.
> This is too conservative and we can improve performance by rescheduling
> finished tasks without waiting for all other tasks.
>
> As a drive-by this also changes task_count_ to total_task_count_.
>
> Change-Id: If0b3bd45ce6d52f6bcd0065dd8d3efe9ea84184a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789142
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63593}
TBR=ulan@chromium.org,omerkatz@chromium.org
Change-Id: I5e6b406a021c8fd4834e346e02388552ee3e0036
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789287
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63594}
Currently we reschedule concurrent marking tasks if all tasks finish.
This is too conservative and we can improve performance by rescheduling
finished tasks without waiting for all other tasks.
As a drive-by this also changes task_count_ to total_task_count_.
Change-Id: If0b3bd45ce6d52f6bcd0065dd8d3efe9ea84184a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789142
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63593}
This CL changes the {ScopeIterator} to re-parse the whole script instead
of just the immediate function. The result are accurate parent scopes,
which will enable better variable lookup for debug evaluation.
Drive-by: Remove unused IGNORE_NESTED_SCOPES ScopeIterator::Option and
refactor ScopeIteartor::Next.
Change-Id: I6cb9d303fe5f84da4f4b11c6e2057f07c232316c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771785
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63592}
This reduces the size per runtime stub slot by using the same sequence
we plan to use for far jumps.
Note that alignment is not an issue here, since runtime stub slots are
never patched.
R=mstarzinger@chromium.orgCC=joey.gouly@arm.com
Bug: v8:9477
Change-Id: I38666c8fce93a977bc5b9ca5fafc54f6ae739f12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784293
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63591}
Shadowing key is used to exclude non-enumerable keys when iterating
over the prototype chain. This CL skips adding shadowing key for
end prototype to improve for-in performance. It can improve the
performance of below microbench by ~50%.
Object.prototype.foo = function() {};
let obj = {
a:0,
b:1
};
let start = Date.now();
for (let i = 0; i<1e6; i++) {
for (var j in obj) {}
}
console.log(Date.now() - start);
This CL also improves the score of JetStream2-tagcloud-SP case
by 8% on IA Chromebook.
Contributed by tao.pan@intel.com
Change-Id: I456082c08bf70f1f450ff54f657cdab26eb7bc2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781113
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Cr-Commit-Position: refs/heads/master@{#63587}
Expressions in class heritage position do not have access to the
inheriting class's private names, only its lexical bindings. The parser
currently uses the same scope chain for both.
This CL makes scopes in class heritage position skip their outer class
when resolving private names. Whether a scope needs to skip is kept as a
bit on various scope-related data structures.
See implementation doc at
https://docs.google.com/document/d/1d3o_SQqcICxfjLMw53OOaiIQux0ppNHQJnjZHtCQLwA
Bug: v8:9177
Change-Id: I77e491a9d4a261131274f12ddf052af7ac31a921
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1769486
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63586}
This catches up with [1] that make the proto include path
relative to the project root rather than ./protos/
[1] https://android-review.googlesource.com/c/platform/external/perfetto/+/1108421
Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: I1f2dec93120142ea61cee864e4bf76a6947d958d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776088
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Primiano Tucci <primiano@chromium.org>
Auto-Submit: Primiano Tucci <primiano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63584}
{JavaScriptFrame::GetParameters} allocates a new {FixedArray}, hence
all object references need to be handified to survive that allocation.
R=mstarzinger@chromium.org
Bug: chromium:1000635
Change-Id: I76df5ac109bdb6999fe897bdafaf2175344ecca4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787429
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63583}
This is a reland of 981aafaf97
It adds double checks to LoadFieldByIndex in the optimizing compiler, which
are likely the source of the crashes.
Original change's description:
> Reland "[ic] In-place Double -> Tagged transitions"
>
> This is a reland of 0736599a69.
> This is a reland of 7e1fbe8f34.
>
> Original change description:
> > [ic] In-place Double -> Tagged transitions
> >
> > With no more MutableHeapNumber, we can make Double -> Tagged transitions
> > in-place, at the cost of an extra map check when accessing double fields
> > to make sure they are still doubles.
> >
> > Bug: v8:9606
> > Change-Id: I74ff39ed6fba62ee223cd37dfe761f7d73020e1c
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743973
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#63374}
>
> TBR=verwaest@chromium.org, tebbi@chromium.org
>
> Bug: v8:9606
> Change-Id: I2d1b7416064d743582f4983fb868316b7e8a4cf2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1777661
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63499}
TBR=verwaest@chromium.org
Bug: v8:9606
Bug: chromium:997989
Change-Id: Iccfff8e5c6306c9ee4f6c62767dce883b1c6f743
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784288
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63582}
Implements match indices for regexp, as specified by
https://github.com/tc39/proposal-regexp-match-indices,
a stage 3 TC39 proposal. This implementation is hidden
behind the '--harmony-regexp-match-indices' flag.
Regexp match indices extends the JSRegExpResult object
with an array of indices of matches, as well as a
dictionary of capture names to match indices.
Bug: v8:9548
Change-Id: Ia9efcee00d997dda6158539b8d0f4c4e5965e5e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771379
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63581}
TNodified:
* Jump (both versions)
* JumpBackward
* JumpIfTaggedEqual
* JumpIfTaggedNotEqual
* JumpConditional
* LoadOsrNestingLevel
Removed slopiness from Advance's parameter.
Renamed "delta" to jump_offset for JumpXXX arguments. They were called
jump_offset in .h and delta in .cc.
Bug: v8:6949
Change-Id: I6b34391dcb2ee881670d04edac9382258f6bcb51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782821
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63578}
TNodified:
* code-assembler
* TailCallBytecodeDispatch
* interpreter-assembler
* GetContextAtDepth
* ExportParametersAndRegisterFile
* ImportRegisterFile
* Dispatch
* DispatchToBytecode
* DispatchToBytecodeHandlerEntry
* DispatchWide
* return type of Jump (Jumps are coming in another CL)
* LoadBytecode
Removed DispatchToBytecodeHandler since it was unused.
Removed target_bytecode parameter of DispatchToBytecodeHandlerEntry
since it was unused.
Bug: v8:6949
Change-Id: Icd3ded28cc1fd1dc528219dd83cf646e67c9b878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782838
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63577}
TNodified from interpreter-generator:
* SwitchOnSmiNoFeedback
* CreateFunctionContext
* CreateEvalContext
* SwitchOnGeneratorState
since they were using some of the interpreter-assembler now TNodified
methods.
Bug: v8:6949
Change-Id: I0055100428232e8bdc79cb4356954bac52f4a30d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781689
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63576}
There was no problem with the original CL. I just had a problem with
my local git branches.
Original message:
The implementation on wasm-bigint has been done, as far as I can tell.
There are no spec tests yet, only an out-dated copy of the original
spec tests which don't pass anymore. Therefore I disabled all the tests
for now and created a tracking bug at https://crbug.com/v8/9673.
TBR=adamk@chromium.org
Bug: v8:7741, v8:9673
Change-Id: Ida7ccda4547cf3fdcdff151d8b02946b7aa534ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787420
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63575}
