After sorting the work array but before writing the values back into
the actual receiver, we have an accessor check. This accessor check
needs to be stricter, in order to catch Array prototype protector
cell invalidations.
R=jgruber@chromium.org
Bug: chromium:1077508
Change-Id: I3c3bd4711f9019f9d4423701724319eee9d800a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187171
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67638}
This patch replaces V8's tracing implementation (i.e., the TRACE_EVENT
macros) with the track event base implementation from Perfetto. The
advantages of doing this are:
1) This allows us to remove most tracing-related backend code from V8.
2) V8 can start writing strongly typed trace event arguments, which
are more compact, easier to process and more extensible than legacy
JSON-based trace arguments.
For the time being, we still support the old trace macros when V8 is
embedded into Chrome and other embedders.
Design doc: https://docs.google.com/document/d/1f7tt4cb-JcA5bQFR1oXk60ncJPpkL02_Hi_Bc6MfTQk/edit#heading=h.398p6b4eaen2
Bug: chromium:1006766
Change-Id: Ie71474fbe065821772b13d851487ebbca680c4ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1947688
Commit-Queue: Sami Kyöstilä <skyostil@chromium.org>
Auto-Submit: Sami Kyöstilä <skyostil@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67217}
In the process:
* Augment C++-generated Torque classes with SizeFor methods to
calculate size of instances.
* Add a new "@generateBodyDescriptor" annotation that causes Torque to
generate C++ BodyDescriptors code that can be used to visit objects
compatible with existing V8 mechanisms, e.g. GC
* Fully automate C++ macro machinery so that adding non-extern Torque
class doesn't require any C++ changes, including ensuring generation
of instance types and proper boilerplate for validators and
printers.
* Make handling of @export a true annotation, allowing the modifier to
be used on class declarations.
* Add functionality such that classes with the @export annotation are
available to be used from C++. Field accessors for exported classes
are public and factory methods are generated to create instances of
the objects from C++.
* Change the Torque compiler such that Non-exported classes implicitly
have the @generateBodyDescriptor annotation added and causes both
verifiers and printers to be generated.
* Switch non-extern Torque classes from using existing Struct-based
machinery to being first-class classes that support more existing
Torque class features.
Change-Id: Ic60e60c2c6bd7acd57f949bce086898ad14a3b03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007490
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66621}
Upstream PR:
"Implement crdtp::ErrorSupport, replacing the jinja2 template."
https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/2036608
In addition; this PR includes removal of now unused routines
in string-util.h (StringBuilder and number conversions).
New Rev: e4ffb7288a17b2bbe2f7b7cd62abcb1d1e55681a
Change-Id: Iae14c001c1f468466a42cb1b842c0ded766fccc9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2037959
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66165}
"Remove the JSON parser and revamp Value::parseBinary."
Upstream review: https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/2026351
In addition to the upstream changes, this PR includes the necessary
tweaks to the V8 inspector (now taking the detour via
CBOR to parse Javascript).
New Revision: 0e0a1995497511008864546c094e885f3f1e13a3
Change-Id: I5ccfea5a3e1bab3e183b45c87726747d17d06944
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020518
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66116}
Upstream PR: https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/1989575
Remove support for emitting cbor into an std::string.
New Revision: b29d8a5d2bb56b3e555bb27a0e035a9d571c5f28
Change-Id: I6bf63822c4c6551db30f5902d1f27f6933b209a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1989973
Auto-Submit: Johannes Henkel <johannes@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65645}
This CL implements enums in Torque in three steps:
1.) It implements necessary changes to Torque's type system. In
particular, the constraints on constexpr types are relaxed such that
constexpr types can exist without a corresponding non-constexpr
version. Furthermore, constexpr and their non-constexpr counterpart
need not be of the same kind of type. This allows an AbstractType to
have a UnionType as its non-constexpr counterpart.
2.) The enum feature itself is realized as a pure desugaring in the
parser, where all required types, constants and macro specializations
(like FromConstexpr<>) are generated from a simple enum declaration,
such that enum entries are not just constants, but are namespace
scoped and have distinct types so that they can be used within
typeswitch constructs.
3.) Almost all of the existing constants defined in torque
(.tq files) are ported to new enum definitions.
Bug: v8:10053
Change-Id: I72426d3b1434f301fd690847e15603de0dc1021b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1964392
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65503}
This makes it obvious that methods are actually macros.
Also, in the future, we might allow methods that are actually builtins.
Bug: v8:7793
Change-Id: Ib641c4b5a222b27c67aa0c31fd3611ed4a11842c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967330
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65455}
New revision: f5a3199a3f37c7e48a9ffdbee04aa5c8f38d2889
Use crdtp::span<uint8_t> instead of const ProtocolMessage&. (V8)
Also includes a PR which moves Serializable into the crdtp library
and adds a simple test. Hadn't rolled this yet.
Upstream review:
https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/1952196
Change-Id: If78bc8f11be8fb248dd66babc0190870312f7ec4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1952158
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65356}
That's possible because JS builtins are JSFunctions that embed a
NativeContext.
Bug: v8:7793
Change-Id: Id2bf7844fcfb53df733100f1e3e554f25a78482a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926150
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65068}
This is part of a general move of math builtins away from
builtins-math-gen.cc.
Change-Id: Ifb6e5d4779bb9e6f69ff7c58d09ca8fc94f4cc66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914210
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64943}
This decomposes the crdtp library into multiple files.
Since it wasn't previously rolled
it's a bit more than just that.
Upstream review: https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/1907115
New Revision: d020a9e614d4a5116a7c71f288c0340e282e1a6e
Change-Id: I5c588469654bec3e933804ac706fa967c6fe57bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1907973
Auto-Submit: Johannes Henkel <johannes@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64902}
This has two advantages:
- It improves error messages by avoiding wrong template instantiations.
- More flexible overloads by disabling generics for overload resolution
when their constraints are violated.
Bug: v8:7793
Change-Id: I7d2b8ef736988e8de16d25a4a4b16b49e27c6a11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1890097
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64676}
New revision: d2fc9b958e1eeb1e956f3e2208afa9923bdc9b67
To roll this I need to update some call sites; this is because the
Serializable interface is changing.
Upstream change / review was here:
https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/1879870
Change-Id: I93c4747609c6003baf1c160a68b8fb6bb07ac565
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879519
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64618}
... and let it gracefully crash with OOM.
Bug: v8:4153, chromium:1018598
Change-Id: I20dd9874cdbdf78665de3a83d0bc1611dc088c68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883551
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64589}
The Torque formatter script did a hack to put spaces arount the | of
union types. This was broken when the inserted comment ended up on the
end of a line. For this reason, and since it doesn't make sense to
fight the Google-wide TypeScript style for union types, this CL reverts
to not putting spaces around union types.
Bug: v8:7793
Change-Id: Ic0acf9e1da82540432a8e21b58497a6a7d523b9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871604
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64536}
During deletion in the write-back phase, we do not necessarly need
to check with HasOwnProperty before calling DeleteProperty. Since this
is observable behavior when using proxies, we remove the HasOwnProperty
check to mirror more closely what Spidermonkey does.
R=jgruber@chromium.org
Change-Id: I67768b1d8b13e695b956b2fa0624dcb28fd0664d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809366
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63866}
Host info used to be stored on the global reference underlying a Ref;
now it is stored in a JSWeakMap and hence tied to the lifetime of the
actual object on V8's heap.
Additionally, the internal metadata needed for C-API functions is now
stored on the SharedFunctionInfo and no longer overlaps with the host
info mechanism.
Bonus content:
Roll 6db391e: Remove a few more leftover uses of _enum types
Change-Id: Ibb1fa4b0dd5157fef15c030bac705a11aa3beaea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1768368
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63400}
Changes in the reland: Rebased and added a check that JavaScript-linkage
builtins use JSAny in parameters and return type, plus the necessary
cleanups for this test to pass.
Design Doc: https://docs.google.com/document/d/1z6j0pWHnNIfId0v00uWN2HBrGRDJxJfYuCr5K7Kr1xA
This reverts commit 4418a7b96a.
Original change's description:
> Revert "[torque] introduce JSAny type for user-accessible JavaScript values"
>
> This reverts commit 79b00555ea.
>
> Reason for revert: needs more discussion
>
> Original change's description:
> > [torque] introduce JSAny type for user-accessible JavaScript values
> >
> > This CL introduces a JSAny type for user-exposed JavaScript values and
> > a few new types to define it. Especially, it splits Symbol into
> > PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed
> > symbols).
> >
> > The change is mostly mechanical, but a few things are interesting:
> > - PropertyKey and JSPrimitive were designed to coincide with the spec
> > notions of IsPropertyKey() and primitive value, respectively.
> > - Since Name is an open type, we define AnyName to be the known
> > subtypes of Name. This is not too elegant, but by using AnyName
> > instead of Name, typeswitch can properly conclude something if a
> > subtype of Name is excluded.
> >
> > Small drive-by changes, which were necessary:
> > - Allow subtyping on label parameters.
> > - Fix the formatting of typeswitch, it was broken with union types
> > in case types.
> >
> > Bug: v8:7793
> > Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#63114}
>
> TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org
>
> Change-Id: Ifde7881d74afe407628f40047997339d54cb2424
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:7793
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741652
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63115}
TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7793
Change-Id: Icca34e3824f55009b984d9348fd21884400f0081
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1769316
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63395}
This just adds the upstream tests; our implementation already had support.
Change-Id: If8d340ebe79eae65d12164a01883482d521b8451
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762287
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63280}
This change is very mechanical:
own<Foo*> → own<Foo>
vec<Foo*> → ownvec<Foo>
As usual, everything in third_party/ is straight-up copied from upstream.
Change-Id: If5fabda99e2b281da6f2e71ce23a2f5b68aaac86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760815
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63263}
This contains the following upstream commits:
486d3fe: Rename DEBUG to WASM_API_DEBUG
8d8e37d: Explicitly number wasm_valkind_t
299ebe0: Fix underlying types for enums
70be7c6: Fix test
Change-Id: I692fb6c909e5211920438740d2c57ea7ee74ab12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1745483
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63147}
This reverts commit 79b00555ea.
Reason for revert: needs more discussion
Original change's description:
> [torque] introduce JSAny type for user-accessible JavaScript values
>
> This CL introduces a JSAny type for user-exposed JavaScript values and
> a few new types to define it. Especially, it splits Symbol into
> PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed
> symbols).
>
> The change is mostly mechanical, but a few things are interesting:
> - PropertyKey and JSPrimitive were designed to coincide with the spec
> notions of IsPropertyKey() and primitive value, respectively.
> - Since Name is an open type, we define AnyName to be the known
> subtypes of Name. This is not too elegant, but by using AnyName
> instead of Name, typeswitch can properly conclude something if a
> subtype of Name is excluded.
>
> Small drive-by changes, which were necessary:
> - Allow subtyping on label parameters.
> - Fix the formatting of typeswitch, it was broken with union types
> in case types.
>
> Bug: v8:7793
> Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63114}
TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org
Change-Id: Ifde7881d74afe407628f40047997339d54cb2424
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741652
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63115}
This CL introduces a JSAny type for user-exposed JavaScript values and
a few new types to define it. Especially, it splits Symbol into
PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed
symbols).
The change is mostly mechanical, but a few things are interesting:
- PropertyKey and JSPrimitive were designed to coincide with the spec
notions of IsPropertyKey() and primitive value, respectively.
- Since Name is an open type, we define AnyName to be the known
subtypes of Name. This is not too elegant, but by using AnyName
instead of Name, typeswitch can properly conclude something if a
subtype of Name is excluded.
Small drive-by changes, which were necessary:
- Allow subtyping on label parameters.
- Fix the formatting of typeswitch, it was broken with union types
in case types.
Bug: v8:7793
Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63114}
Also roll 0705a10: Comments
Change-Id: I9802283fa68093839286779503b6073122cbc8d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1739369
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63108}
Now that we can short-circuit control flow in the optimizing compiler,
there is no more need for BranchIf... macros in CSA/Torque.
Thus removing support for them in Torque and rewriting Torque macros to
use bool return values instead.
Bug: v8:7793
Change-Id: Ie4b7522aa5558be038fe821d8b5d02859d522ed1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1724211
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63079}
New Revision: 8b7ea912e516a6daa61487c700687a9426e3a396
Update v8 files / build config accordingly.
- There's now a new library in third_party/inspector_protocol,
bindings/bindings.h, which is configured much like encoding/encoding.h.
It doesn't have much stuff in it yet, but will soon get more code
that would otherwise need to go into jinja templates.
It also comes with a new test, only a smoke test thus far.
Change-Id: I9c00a54a840c214b4bb744a3b272e5ce221954fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678273
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62442}
Rework the implementation of non-external Torque classes to use
Struct machinery rather than FixedArray machinery. This allows
Torque-only defined 'internal' classes to the automatically generate
class verifiers and printers.
As part of this change, generate C++ boilerplate accessors for
internal Torque classes, since this is a pre-requisite for the
verifiers, printers and other Struct-based functionality.
Moreover, augment the header-generating functionality in Torque
to create separate header files for field offset definitions,
internal class C++ definitions and instance types.
Bug: v8:7793
Change-Id: I47d5f1570040c2b44d378f23b6cf95d3d132dacc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607645
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62317}
This CL changes the generic version of Array#sort to use 'strict'
DeleteProperty when "moving" holes to the end of the sort range.
This brings V8 not only in line with the proposed Array#sort spec
change, but also closer to what other engines do. Now all engines
throw a TypeError when the new test case is run.
R=jgruber@chromium.org, mathias@chromium.org
Bug: v8:8714
Change-Id: Ic5bcd152ad55fd534c1e9e3218393bfe4a50667e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666995
Commit-Queue: Simon Zünd <szuend@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62273}
For every @noVerifier in base.tq, this change either removes it or
ensures that it has some annotation explaining why it can't be removed.
The @noVerifier usages that can't be removed fall into the following
categories:
1. Classes that don't have their own instance types and therefore have
no meaningful way to do an Is...() check
2. Fields that might not exist
3. Fields that are waiting for MaybeObject support in Torque
Bug: v8:9311
Change-Id: Id452d4151ec07347ae96a9b5f3b26e2ac8065d31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1659134
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62263}
New revision: 83b1154a9661d22bba9a368d368214cc20880419
This updates the usages of the protocol types to the new
definitions, using std::vector-based implementations
of protocol::Array.
Change-Id: Ibb095862fed7db23f1a0b4b5b726bddbe1e2585e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1654091
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62194}
Implicit parameters for builtins with JavaScript linkage are now separate, using
the keyword "js-implicit". They have to be one of:
- context: Context
- receiver: Object (this in JS)
- target: JSFunction (arguments.callee in JS)
- newTarget: Object (new.target in JS)
Bug: v8:9120 v8:7793
Change-Id: I916f60971bb53d5046b6006725d0ce39291ca55e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658159
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62174}
This CL adds a lint error for variables that are unnecessarily bound
with 'let' when they could be bound using 'const. This test is skipped
for struct types. For struct types, the "constness" also depends on
the struct methods called and whether these methods write to the struct
or not. This is not straight-forward to detect.
Drive-by: Fix all the newly introduced lint errors.
Bug: v8:7793
Change-Id: I0522ffcc4321350eef2e9573b8430bc78200ddce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645322
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62085}
This CL adds lint errors when 'let' bindings, arguments and labels
are not used. Note that errors for 'const' bindings will be added
later.
In cases where arguments are actually needed to match the signature,
the warning can be silenced by prefixing identifiers with "_". This
might be needed for generic specializations or builtins called from
TurboFan. Trying to use a variable or label that was marked with
"_" results in a compilation error.
Implicit arguments are not linted. They are implemented using exact
string matching. Prefixing an implicit argument with "_" in a callee
would break all callers as the names would no longer match.
Drive-by: Fix all new lint errors in the existing Torque code.
Bug: v8:7793
Change-Id: I68b3c59c76b956e9f88709e9388a40a19546ce52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645092
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62027}
When allocating large arrays on 32-bit systems, the length conversion
caused the work array capacity to become negative. As the sort range
is currently clamped at kSmiMaxValue anyway, the fix is to also
clamp the work capacity to that value.
R=jgruber@chromium.org
Bug: chromium:967065
Change-Id: I9ea60464c5b7f3796c5389cbaf668b990eddecf6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630672
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61845}
COW arrays were previously handled in the C++ pre-processing runtime
function. The Torque version forgot a "EnsureWritableFastElements".
This CL fixes that.
Bug: chromium:967254
Change-Id: Ifbf89e57cfe724e61316b8abc226f7e8a262fce2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630675
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61835}
This is a reland of 2b0ac2fb9f
The layout test that caused this revert was fixed with:
https://crrev.com/c/1627386
Original change's description:
> [array] Move Array#sort pre-processing to Torque
>
> This CL removes the "PrepareElementsForSort" runtime function, and
> replaces it with a simpler version in Torque. The biggest difference
> is that certain sparse configurations no longer have a fast-path.
>
> The Torque pre-processing step replaces the existing Torque mechanism that
> copied already pre-processed elements into the "work" FixedArray. The Torque
> compacting works as follows:
> - Iterate all elements from 0 to {length}
> - If the element is the hole: Do nothing.
> - If the element is "undefined": Increment undefined counter.
> - In all other cases, push the element into the "work" FixedArray.
>
> Then the "work" FixedArray is sorted as before. Writing the elements from
> the "work" array back into the receiver, after sorting, has three steps:
> 1. Copy the sorted elements from the "work" FixedArray to the receiver.
> 2. Add previously counted number of "undefined" to the receiver.
> 3. Depending on the backing store either delete properties or
> set them to the Hole up to {length}.
>
> Bug: v8:8714
> Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61812}
TBR: jgruber@chromium.org
Bug: v8:8714
Change-Id: If7613f6e5f37c5e0d649e8192195594bc6c32100
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627977
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61827}
This reverts commit 2b0ac2fb9f.
Reason for revert: Breaks scrollingcoordinator/non-fast-scrollable-region-nested.html layout test on https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Linux%2064/32241
Original change's description:
> [array] Move Array#sort pre-processing to Torque
>
> This CL removes the "PrepareElementsForSort" runtime function, and
> replaces it with a simpler version in Torque. The biggest difference
> is that certain sparse configurations no longer have a fast-path.
>
> The Torque pre-processing step replaces the existing Torque mechanism that
> copied already pre-processed elements into the "work" FixedArray. The Torque
> compacting works as follows:
> - Iterate all elements from 0 to {length}
> - If the element is the hole: Do nothing.
> - If the element is "undefined": Increment undefined counter.
> - In all other cases, push the element into the "work" FixedArray.
>
> Then the "work" FixedArray is sorted as before. Writing the elements from
> the "work" array back into the receiver, after sorting, has three steps:
> 1. Copy the sorted elements from the "work" FixedArray to the receiver.
> 2. Add previously counted number of "undefined" to the receiver.
> 3. Depending on the backing store either delete properties or
> set them to the Hole up to {length}.
>
> Bug: v8:8714
> Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61812}
TBR=peter.wm.wong@gmail.com,jgruber@chromium.org,tebbi@chromium.org,szuend@chromium.org
Change-Id: If1c1bc07f38dfbd4bf6b6ce8f9d70714e7526877
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8714
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627976
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61814}
This CL removes the "PrepareElementsForSort" runtime function, and
replaces it with a simpler version in Torque. The biggest difference
is that certain sparse configurations no longer have a fast-path.
The Torque pre-processing step replaces the existing Torque mechanism that
copied already pre-processed elements into the "work" FixedArray. The Torque
compacting works as follows:
- Iterate all elements from 0 to {length}
- If the element is the hole: Do nothing.
- If the element is "undefined": Increment undefined counter.
- In all other cases, push the element into the "work" FixedArray.
Then the "work" FixedArray is sorted as before. Writing the elements from
the "work" array back into the receiver, after sorting, has three steps:
1. Copy the sorted elements from the "work" FixedArray to the receiver.
2. Add previously counted number of "undefined" to the receiver.
3. Depending on the backing store either delete properties or
set them to the Hole up to {length}.
Bug: v8:8714
Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61812}
With very few exceptions, this verifies all skipped write-barriers in
CSA and Torque, showing that the MemoryOptimizer together with some
type information on the stored value are enough to avoid unsafe skipped
write-barriers.
Changes to CSA:
SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
MemoryOptimizer by default.
Type information about the stored values (TNode<Smi>) is exploited to
safely skip write barriers for stored Smi values.
In some cases, the code is re-structured to make it easier to consume
for the MemoryOptimizer (manual branch and load elimination).
Changes to the MemoryOptimizer:
Improve the MemoryOptimizer to remove write barriers:
- When the store happens to a CSA-generated InnerAllocate, by ignoring
Bitcasts and additions.
- When the stored value is the HeapConstant of an immortal immovable root.
- When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
- Fast C-calls are treated as non-allocating.
- Runtime calls can be white-listed as non-allocating.
Remaining missing cases:
- C++-style iterator loops with inner pointers.
- Inner allocates that are reloaded from a field where they were just stored
(for example an elements backing store). Load elimination would fix that.
- Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
We could handle that in Torque.
- Double-aligned allocations, which are not lowered in the MemoryOptimizer
but in CSA.
Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
can be handled by overload resolution (in Torque and C++).
Reland Change: Support pointer compression operands.
R=jarin@chromium.orgTBR=mvstanton@chromium.org
Bug: v8:7793
Change-Id: I84e1831eb6bf9be14f36db3f8b485ee4fab6b22e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612904
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61522}
This brings in
third_party/inspector_protocol/encoding/encoding_test.cc
from the upstream project and makes it work for v8's
unittest suite.
encoding_test_helper.h is a V8 specific implementation,
which delegates to src/inspector/v8-string-conversions{.h,.cc},
for the utf8 / utf16 conversion routines.
I'm also fixing / updating roll.py, for future rolls.
Change-Id: I08e4784838ff81ef3ac328f783512b42c91b6bcd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1597215
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61393}
New revision: 2039736177ee11d96a096cdab9c58cc1d78faa43
This modifies roll.py to update namespaces and header guards.
Also I'm removing --reverse, to avoid making this more complicated.
third_party/encoding/encoding{.h,cc} are already up to date,
since I manually propaged them earlier. So this is why this change
is only updating the template.
Change-Id: I5ddb075c9d6dad28b5665348023860683e964841
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1596392
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61253}
Keep the existing method for compatibility, by converting
to json from CBOR using the inspector_protocol_encoding library,
via a v8 specific interface library that directs routines for
converting between strings and doubles to v8's implementations.
This change also brings in the encoding.h / encoding.cc files from the
upstream inspector_protocol project. The only modification here
are the header guards, and the namespace. I will fix roll.py to
make it so that we pick up future changes.
third_party/inspector_protocol/BUILD.gn is specific to v8, by necessity.
third_party/inspector_protocol/.clang-format is a copy of the upstream
file. If we don't put this, we'll find ourselves auto-formatting the roll,
which is annoying.
This is a reland of
https://chromium-review.googlesource.com/c/v8/v8/+/1590627 with the
only modification in the DEPS file; this time I'm including
third_party/inspector_protocol/encoding/encoding{.h,cc} in addition to
the relative include there. Not sure why this is needed but I'm hoping
it gets me past the presubmit which may resolve the include path
relative to the V8 base (the ../../third_party is needed for when V8 is
embedded into Chromium).
Change-Id: Ic76b2b5faa7e1cbdceb15aff3f369e9a303e3e85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593646
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61214}
This reverts commit b7134d3af6.
Reason for revert: breaks presubmit
Original change's description:
> [DevTools] Add V8InspectorSession::state(), which returns binary (CBOR).
>
> Keep the existing method for compatibility, by converting
> to json from CBOR using the inspector_protocol_encoding library,
> via a v8 specific interface library that directs routines for
> converting between strings and doubles to v8's implementations.
>
> This change also brings in the encoding.h / encoding.cc files from the
> upstream inspector_protocol project. The only modification here
> are the header guards, and the namespace. I will fix roll.py to
> make it so that we pick up future changes.
>
> third_party/inspector_protocol/BUILD.gn is specific to v8, by necessity.
> third_party/inspector_protocol/.clang-format is a copy of the upstream
> file. If we don't put this, we'll find ourselves auto-formatting the roll,
> which is annoying.
>
> Change-Id: I20fa8759164e7a39f8a7c30e0d2a3f8a7e4be227
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1590627
> Reviewed-by: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Commit-Queue: Johannes Henkel <johannes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61187}
TBR=dgozman@chromium.org,alph@chromium.org,caseq@chromium.org,johannes@chromium.org
Change-Id: I67f297ef8454499036c94bf88e0d23657a579140
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1592130
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61189}
Keep the existing method for compatibility, by converting
to json from CBOR using the inspector_protocol_encoding library,
via a v8 specific interface library that directs routines for
converting between strings and doubles to v8's implementations.
This change also brings in the encoding.h / encoding.cc files from the
upstream inspector_protocol project. The only modification here
are the header guards, and the namespace. I will fix roll.py to
make it so that we pick up future changes.
third_party/inspector_protocol/BUILD.gn is specific to v8, by necessity.
third_party/inspector_protocol/.clang-format is a copy of the upstream
file. If we don't put this, we'll find ourselves auto-formatting the roll,
which is annoying.
Change-Id: I20fa8759164e7a39f8a7c30e0d2a3f8a7e4be227
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1590627
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61187}
This reverts commit da7322c05f.
Reason for revert: Breaking the pointer compression bots, e.g.:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20pointer%20compression/3047
Original change's description:
> [csa] verify skipped write-barriers in MemoryOptimizer
>
> With very few exceptions, this verifies all skipped write-barriers in
> CSA and Torque, showing that the MemoryOptimizer together with some
> type information on the stored value are enough to avoid unsafe skipped
> write-barriers.
>
> Changes to CSA:
> SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
> MemoryOptimizer by default.
> Type information about the stored values (TNode<Smi>) is exploited to
> safely skip write barriers for stored Smi values.
> In some cases, the code is re-structured to make it easier to consume
> for the MemoryOptimizer (manual branch and load elimination).
>
> Changes to the MemoryOptimizer:
> Improve the MemoryOptimizer to remove write barriers:
> - When the store happens to a CSA-generated InnerAllocate, by ignoring
> Bitcasts and additions.
> - When the stored value is the HeapConstant of an immortal immovable root.
> - When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
> - Fast C-calls are treated as non-allocating.
> - Runtime calls can be white-listed as non-allocating.
>
> Remaining missing cases:
> - C++-style iterator loops with inner pointers.
> - Inner allocates that are reloaded from a field where they were just stored
> (for example an elements backing store). Load elimination would fix that.
> - Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
> We could handle that in Torque.
> - Double-aligned allocations, which are not lowered in the MemoryOptimizer
> but in CSA.
>
> Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
> can be handled by overload resolution (in Torque and C++).
>
> R=jarin@chromium.org
> TBR=mvstanton@chromium.org
>
> Change-Id: I0af9b710673f350e0fe81c2e59f37da93c024b7c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571414
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61016}
TBR=mvstanton@chromium.org,jarin@chromium.org,tebbi@chromium.org
Change-Id: I36877cd6d08761726ef8dce8a3e3f2ce3eebe6cf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585732
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61038}
With very few exceptions, this verifies all skipped write-barriers in
CSA and Torque, showing that the MemoryOptimizer together with some
type information on the stored value are enough to avoid unsafe skipped
write-barriers.
Changes to CSA:
SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
MemoryOptimizer by default.
Type information about the stored values (TNode<Smi>) is exploited to
safely skip write barriers for stored Smi values.
In some cases, the code is re-structured to make it easier to consume
for the MemoryOptimizer (manual branch and load elimination).
Changes to the MemoryOptimizer:
Improve the MemoryOptimizer to remove write barriers:
- When the store happens to a CSA-generated InnerAllocate, by ignoring
Bitcasts and additions.
- When the stored value is the HeapConstant of an immortal immovable root.
- When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
- Fast C-calls are treated as non-allocating.
- Runtime calls can be white-listed as non-allocating.
Remaining missing cases:
- C++-style iterator loops with inner pointers.
- Inner allocates that are reloaded from a field where they were just stored
(for example an elements backing store). Load elimination would fix that.
- Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
We could handle that in Torque.
- Double-aligned allocations, which are not lowered in the MemoryOptimizer
but in CSA.
Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
can be handled by overload resolution (in Torque and C++).
R=jarin@chromium.orgTBR=mvstanton@chromium.org
Change-Id: I0af9b710673f350e0fe81c2e59f37da93c024b7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571414
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61016}
Plus a script to compile/link/run them.
Change-Id: Iac8ffcda3a73902261c07a7b4e5d967a19414c75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564058
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60911}
Imported from https://github.com/WebAssembly/wasm-c-api/ and
updated to work inside V8.
Tests will be added in an upcoming CL.
This is experimental; it is not yet recommended to rely on it.
Change-Id: I05914f4b63298bf7c848c4d4c8811f0f6eb882e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1516478
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60910}
Change-Id: Ic31b33ef4c290aee31be2d66295978908f568775
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1563410
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60775}
This changes the syntax for constructing structs and classes to explicitly
mention the fieldnames, similar to JavaScript object literals.
The fields still have to be listed in the same order as in the struct/class
declaration.
As in Javascript, {foo: foo} can be abbreviated as {foo}.
Example:
macro NewJSArray(implicit context: Context)(
map: Map, elements: FixedArrayBase): JSArray {
return new JSArray{
map,
properties_or_hash: kEmptyFixedArray,
elements,
length: elements.length
};
}
Drive-by cleanup: Make struct and class constructors follow the same pattern
in the parser and the AST.
Bug: v8:9018 v8:7793
Change-Id: I22ff7f68270e4f406aa80731a709d41ea52f52bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1551999
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60622}
The bottlenecks to prevent storing signalling NaNs in backing stores
were not perfect. This change makes it harder by ensuring that all
the Torque-side "[]=" operator overloads for FixedDoubleArray stores
have signalling NaNs silenced.
Bug: chromium:944435
Change-Id: I295d9b34f4c896db30989bb9db1a2b452daa03ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538517
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60459}
