For a script '()=>42', the anonymous arrow function has both start and
end position the same as the script function itself. This causes issues
when sorting the SourcePositionEvents of the function, in two ways:
* If the start positions are the same, we should order by *furthest*
end position to ensure the stack is in the right order
* If both start and end are the same, we need to order by function
literal id to make sure that start order and end order are inversed.
Also, MapLiterals assumes that start+end position uniquely identifies a
function, which is false in this case, so we process the top-level
script function separately in MapLiterals.
Change-Id: I2b2185dc2825018b7ea44c7d0918238e9b1dd972
Reviewed-on: https://chromium-review.googlesource.com/1141741
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54525}
This CL moves Array.p.fill from JavaScript to a C++ builtin. It has
a generic slow-path and fast-paths implemented via ElementsAccessor in
elements.cc.
R=cbruni@chromium.org
Bug: v8:7624
Change-Id: I8820e1195d2cd9b41c254058923ad9875aab067c
Reviewed-on: https://chromium-review.googlesource.com/1131130
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54522}
This is no longer necessary since we removed the debug context.
R=jgruber@chromium.org
Bug: v8:5530
Change-Id: Ibb9df3a1f139ee076296faedb80204e7fcc23197
Reviewed-on: https://chromium-review.googlesource.com/1134746
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54521}
This helps debugging unexpected traps, as you can figure out which
instruction triggered the trap.
R=mstarzinger@chromium.org
Change-Id: I61735f14e2838ace195f6b84b555b9ddfc06aa0f
Reviewed-on: https://chromium-review.googlesource.com/1140296
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54515}
Convert all remaining uses (in api.cc) to use private local
implementations. These local uses all appear inside deprecated
functions.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I86bcafd4c8a737da32fcb8ab275ec708632f9e39
Reviewed-on: https://chromium-review.googlesource.com/1140319
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54514}
Strictly speaking there are some left in api.cc, but they are in
deprecated functions with non-deprecated alternatives.
Apart from changes made using tooling, this also modifies
FieldType::AsClass to return Map* rather than Handle<Map> and converts
its call sites to create the Handle when they need it - currently
several sites immediately dereference the Handle.
Also marks WasmDebugInfo as NeverReadOnlySpaceObject so GetIsolate and
GetHeap remain usable.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I7ea5048f97f140c757f651712b8c33a5c7e0ebc1
Reviewed-on: https://chromium-review.googlesource.com/1140302
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54513}
This removes two pointers to Histograms from the memory tracker. These
histograms are stored as part of the Isolate and their lifetime is also
coupled to the Isolate. We cannot bind the pointers but need to pass
them (or the Isolate) as a parameter instead.
R=clemensh@chromium.org
BUG=v8:7424
Change-Id: I6b141b924bd858234641d6603a25fcb08cdf40e3
Reviewed-on: https://chromium-review.googlesource.com/1140312
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54512}
Now we can finally get rid of Map::weak_cell_cache!
BUG=v8:7308
Change-Id: I87a06509bf638bf6833ea2ba1eca525fb4b15df1
Reviewed-on: https://chromium-review.googlesource.com/1128882
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54511}
The BodyDescriptor of an object should use its aligned size.
Change-Id: If743ca130b3cb97c4f25054db6dc887d88fc5e32
Reviewed-on: https://chromium-review.googlesource.com/1140309
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54510}
Brokerized ReduceJSCreateEmptyLiteralObject and added the scope
for ReduceJSCreateLiteralArrayOrObject.
Bug: v8:7790
Change-Id: Ife34a6b610678a3fe24152151cf343400ee515bd
Reviewed-on: https://chromium-review.googlesource.com/1140306
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54507}
We try to prevent side effects by forbidding running any JavaScript
when we get property from node object.
In case of object node it is possible that by calling property we force
internal object initialization which may force creation of new context,
this initialization can not be made with forbided JavaScript and at the
same time is side effect free.
As workaround we can warmup dom objects first and then generate
description.
R=dgozman@chromium.org
Bug: chromium:827585
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ifd2c6317ffd5cb3822d2a2eedf3d0b0f36a201f1
Reviewed-on: https://chromium-review.googlesource.com/1041078
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54505}
This patch makes `d8` recognize files with the `.mjs` extension as
modules instead of classic scripts. This change can be tested by saving
the following JavaScript program as both `module.mjs` and as
`script.js`:
console.log(this === undefined ? 'strict' : 'sloppy');
Then, run these files in `d8` without passing the `--module` flag:
$ d8 module.mjs
strict
$ d8 script.js
sloppy
The use of `.mjs` matches not just Google’s recommendation [1] but also
the current modules implementation in Node.js [2].
[1] https://developers.google.com/web/fundamentals/primers/modules
[2] https://nodejs.org/api/esm.html
Bug: v8:7950
Change-Id: I8f39420dc24a5eedd7e88d3b1aa48207ebfeff6e
Reviewed-on: https://chromium-review.googlesource.com/1140314
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54502}
Struct are bundles of value types. They are essentially just shorthand
for passing around a group of individually defined values.
Struct types are declared like this:
struct A {
x: Smi;
y: int32;
}
and can be constructed explicitly like this:
A{0, 0}
Structs can be used wherever other types are used (e.g. variables,
parameters, return values) except for parameter/return types of
builtins and runtime functions.
Struct use field access notation to set/get their values like this:
let a: A = A{0, 0};
let b: Smi = a.x;
a.y = 0;
Change-Id: I9fd36a6514c37882831256a49a50809c5db75b56
Reviewed-on: https://chromium-review.googlesource.com/1122133
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54501}
i32 stack parameters can be loaded by Turbofan as 64-bit value, hence
they would not be zero extended. If this loaded value is then passed to
Liftoff (which assumes zero-extended i32 values), we could use it for
memory accesses, which would be out of bounds.
R=mstarzinger@chromium.org
Bug: chromium:864509, v8:6600
Change-Id: I0f45a269b1fb1c2befc2e6bc660c559a88323767
Reviewed-on: https://chromium-review.googlesource.com/1140168
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54500}
This reverts commit f5a8352b0f.
Reason for revert: Performance issues
Original change's description:
> [embedded-builtins] Enable on all arches except x86 for benchmarks
>
> This CL enables embedded builtins to get benchmark feedback. We need
> this feedback to identify and address remaining performance problems.
>
> Bug: v8:6666
> Change-Id: I8f77f218e656b55ddabe1236eb2a1d14a5ac6233
> Reviewed-on: https://chromium-review.googlesource.com/1105834
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53836}
TBR=sigurds@chromium.org,jgruber@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:6666
Change-Id: I0e0897eefa069b0b9ad2dd56b2ffc3e3617f9258
Reviewed-on: https://chromium-review.googlesource.com/1139974
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54498}
This changes the ARM64-specific {TurboAssembler::AssertSpAligned} helper
to not generate calls to the {Abort} builtin. It is needed to ensure all
WebAssembly runtime stubs (e.g. {WasmGrowMemory}) are independent of the
Isolate. In general calling the {Abort} builtin without a valid frame
being present will produce bogus debug messages anyways. Hence we just
unconditionally use traps for the debug code in question.
R=sigurds@chromium.org
Change-Id: I93eb87e8b87209da8506c9b28e2c800950d1118a
Reviewed-on: https://chromium-review.googlesource.com/1140170
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54496}
We used to have an optimized version for ToString on number nodes
which was allocating an object on the heap, therefore
preventing this code from being executed on the compiler thread.
Octane benchmark results show insignificant increase in performance
(< 0.5%) without this optimization - see
https://docs.google.com/spreadsheets/d/1MC5NrMoMSsqxZqw0ojoZvomBb7q2EOt1S0sFoJ8ld2c/edit#gid=1732639373
which leads to the conclusion we can safely remove the optimization for now.
Bug: v8:7790
Change-Id: Ia1d53608f8d10ba20e0ff57cccb34583655382c6
Reviewed-on: https://chromium-review.googlesource.com/1139063
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54495}
Also moves ObjectVerify to GlobalHandles::CopyGlobal from
V8::CopyPersistent (which was the only caller) so it can get hold of an
Isolate*.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I0758bf6e431bf6e617244741ab2e1583a3566b20
Reviewed-on: https://chromium-review.googlesource.com/1140295
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54493}
Pass Isolate directly into several LayoutDescriptor methods so they
don't call GetIsolate on unsafe objects.
Also marks DebugInfo as non-read-only (so our GetIsolate removal tools
stop trying to change BreakIterator::isolate() to call itself).
Bug: v8:7786
Change-Id: I626a83d603ab74f648c72eb50d027b3866cedceb
Reviewed-on: https://chromium-review.googlesource.com/1138326
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54490}
The instruction selector currently sometimes emits a lea32 with an
offset of 0, which the code generator just ignores (emits no code at
all). This can result in the result of TruncateInt64ToInt32 to not be
zero extended.
This CL fixes that by disallowing lea32 instructions with 0 offset, and
fixing the instruction selector to generate a movl or just no code for
that case.
R=jarin@chromium.org
Bug: chromium:863810, v8:7947
Change-Id: I1b21fc5f0fda9ca3144917538c3d0bbf46601c33
Reviewed-on: https://chromium-review.googlesource.com/1137825
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54489}
Ran GetIsolate/GetHeap removal script over all the header files included
into objects.cc. Affected classes include: ScriptContextTable
RuntimeCallTimerScope GlobalDictionaryShape Map LookupIterator
PrototypeIterator FixedArrayBuilder
Manually fixed up Map to mark its write operations as safe for
GetIsolate since they modify the object as so can't be done in RO_SPACE.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2fd0960f085d1bcb4cf54b3418899ac0217917ca
Reviewed-on: https://chromium-review.googlesource.com/1138076
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54488}
Also deletes lots of code that attempts to detect when the heap is
corrupt but would likely just crash if the heap was corrupt.
Bug: v8:7786
Change-Id: I2e6bbea2e393b0f640a9d7180114560e7f6d3670
Reviewed-on: https://chromium-review.googlesource.com/1140061
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54487}
kMaximalCodeRangeSize can be zero to indicate no limit, which was
misinterpreted by mksnapshot.
Bug: v8:6666
Change-Id: I512412a5ef866c0595654aa78c6761bc00b82c56
Reviewed-on: https://chromium-review.googlesource.com/1140057
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54486}
This is a reland of f0a9a6a5ad
Original change's description:
> Update GN configs for v8_perf target to allow running perf tests in swarming
>
> This will allow us to migrate our deprecated configs to android_docker.
>
> R=machenbach@chromium.org
>
> Bug: chromium:838864
> Change-Id: I5f7db648520847aa2077e9fc2a5970e63daa9a50
> Reviewed-on: https://chromium-review.googlesource.com/1131944
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54441}
R=machenbach@chromium.org
Bug: chromium:838864
Change-Id: I35e1ab911ac3b5ddd8478faae4799ed5d7bbccbf
Reviewed-on: https://chromium-review.googlesource.com/1139973
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54484}
This changes several CHECK macros textually (but not semantically)
to make them distinguishable by message in crash dumps.
Bug: chromium:855041
Change-Id: I74b66a80c63b264b463eadb333b5359fb412130a
Reviewed-on: https://chromium-review.googlesource.com/1138320
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54482}
It's a growing weak array which also has an API for marking slots empty (those
will then be filled before growing the array again).
This is a more efficient implementation than the corresponding feature in
FixedArrayOfWeakCells, because we chain the empty slots together.
BUG=v8:7308
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I335cd3f9cc7838c7f6ca350735b1503b2f5b8eed
Reviewed-on: https://chromium-review.googlesource.com/1090922
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54481}
This makes it more convenient to work with brokerized data.
Bug: v8:7790
Change-Id: I7ffb4054b809c10c67787b2fb89a05e8ce8f4575
Reviewed-on: https://chromium-review.googlesource.com/1138248
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54480}
This CL adds local const bindings. This means that instead of
generating TVARIABLEs for variables, we can generate simple TNodes.
Example:
macro FooBar(): {
const kSomeSmi: Smi = 10;
...
}
This CL also enforces that variables with a constexpr type are bound
using 'const' and not 'let'.
R=tebbi@chromium.org
Bug: v8:7793
Change-Id: Id20a18149df9fc374ce718bdb1478e3eabb6e6df
Reviewed-on: https://chromium-review.googlesource.com/1138316
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54479}
Deprecate String::Utf8Length in favor of a new, similar function that
takes the Isolate used for the String::Flatten call as an argument.
BUG: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Icaf04b272679fd853e9cdbe6c7088f63e9aacb95
Reviewed-on: https://chromium-review.googlesource.com/1124724
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54476}
