Unifies GetSharedFunctionForStreamedScript with GetSharedFunctionForScript
so that both share a more similar API and some common code can be moved to
common helpers.
Introduces a Compiler::ScriptDetails struct to hold script meta-data
used to build new script objects.
BUG=v8:5203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I3e6b4cd50da9bb92ef5a2bfd666a09b3619c34a4
Reviewed-on: https://chromium-review.googlesource.com/924189
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51438}
x86, arm, arm64: no change in behavior
mips, mips64: disasm-mips(64).cc grows an UNREACHABLE that's
maybe optimistic (but if it's not true, then that
looks like a current unintentional fallthrough at
that spot)
test-js-typed-lowering.cc: looks like a clear bug, but test-only code
Follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/911731 which
did this for x64.
Doesn't turn on the warning yet.
Bug: chromium:812686
Change-Id: I7dd79c9885c90f41dd7e3a595256a954ab0ae643
Reviewed-on: https://chromium-review.googlesource.com/923528
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51437}
This is a step towards off-heap (and eventually isolate-independent)
builtins.
Off-heap code cannot use the standard CallStub/CallRuntime mechanisms,
since they directly embed the callee code object pointer within the
caller. There are two main issues with that: 1. the callee may be
moved by GC, and 2. the pc-relative addressing we currently use breaks
(i.e. ends up pointing to a random spot on the heap) when moving the
caller off-heap.
This CL addresses that by introducing a constants list stored on the
roots array. Instead of embedding code targets, we now have the option
of loading them from constants list. The code sequence is:
REX.W movq rax,[r13+0x4a0] // Load the constants cache.
REX.W movq rdx,[rax+0xf] // From there, load the code target.
...
REX.W addq rdx,0x5f // Add instruction_start.
call rdx
There's no visible performance impact on the web tooling benchmark.
This list will later be extended to also contain other constants such
as Strings.
Bug: v8:6666
Change-Id: Ifcf67d1f682804ba0b6d3d0383216e16575b6bf5
Reviewed-on: https://chromium-review.googlesource.com/923729
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51434}
Make --max_old_space_size and friends work with values >= 2**31.
Such values did not work reliably (or sometimes not all) due to
signed integer overflow in size computations, which is UB.
Fixes https://github.com/nodejs/node/issues/18786.
Bug: chromium:814138
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ibe23cef2417fd5b4a727022b8b0d4b50f1417182
Reviewed-on: https://chromium-review.googlesource.com/927063
Commit-Queue: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51433}
WriteBarrierKindFor would always return kMapWriteBarrier in
SimplifiedLowering even if the map that's to be stored is part
of the immortal immovable roots which don't need write barriers
ever.
Bug: v8:7310
Change-Id: I0a87a1c3ddd7f71ccf8ebacba8409067dc00cd1c
Reviewed-on: https://chromium-review.googlesource.com/928564
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51431}
Reland reason : the failure was
Check failed: IsGlobalEmpty().
v8::base::debug::StackTrace::StackTrace()
v8::platform::(anonymous namespace)::PrintStackTrace()
V8_Fatal(char const*, int, char const*, ...)
v8::internal::Worklist<v8::internal::HeapObject*, 64>::~Worklist()
v8::internal::MarkCompactCollector::~MarkCompactCollector()
v8::internal::MarkCompactCollector::~MarkCompactCollector()
v8::internal::Heap::TearDown()
v8::internal::Isolate::Deinit()
v8::internal::Isolate::TearDown()
v8::Shell::OnExit(v8::Isolate*)
v8::Shell::Main(int, char**)
this is believed to be fixed by the change to flush the shared
worklist to global in
https://chromium-review.googlesource.com/c/v8/v8/+/925267
Follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/924867
(cherry picked from commit 8b53b9d908)
Bug: chromium:812178
Change-Id: I796204656e2c89e7efecda2c275a1888c31aba7b
Reviewed-on: https://chromium-review.googlesource.com/925268
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51430}
This CL removes a GC invocation which might not be needed anymore.
Change-Id: I27c57936677ba2ec0bc32588c485a2c3b6ffed01
Reviewed-on: https://chromium-review.googlesource.com/928241
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51428}
This CL changes the WASM implementation to access indirect function
tables through the WasmContext, whereas previously indirect function
tables and their sizes were constants that were inlined into compiled
into code, requiring code patching. This is a necessary step for sharing
code between instances and eventually, isolates.
R=clemensh@chromium.org,mstarzinger@chromium.org
Bug: v8:7424
Change-Id: Ida4138ed92729730dfbc0a81a84d8484b233d808
Reviewed-on: https://chromium-review.googlesource.com/895683
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51427}
This CL also adds speculation to all Math builtins,
and refactors the JSCallReducer.
Bug: v8:7250, v8:7240
Change-Id: Icdaddb767e875bb191939d907f65c7a8dcf79b8b
Reviewed-on: https://chromium-review.googlesource.com/873916
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51426}
Add support for CSDB in the 32-bit assembler, disassembler and simulator.
Change-Id: I0e5432e4d219dd4699d5f9b7f911791acc87114c
Reviewed-on: https://chromium-review.googlesource.com/928522
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#51425}
Moves BackgroundParsingTask to compiler.cc and renames as BackgroundCompileTask.
This moves code out api.cc and parsing/ into compiler.cc where it belongs.
BUG=v8:7311,v8:5203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I08a72ab8a6bdb480f519d42b36875d347b801ddc
Reviewed-on: https://chromium-review.googlesource.com/919481
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51421}
Add support for CSDB, equivalent to HINT #20, in the system instruction space.
Additionally, relax the "unallocated" identification of hint instructions that
we don't support, such that they'll now disassemble as "unimplemented (System)"
rather than "unallocated".
Change-Id: Ia36d13fe17a98edb872f234e7cdda33d033618e8
Reviewed-on: https://chromium-review.googlesource.com/926806
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#51420}
Simplifies boolean logic since shortcuts mean most will never be
executed and also replaces variables with constants to improve
readability.
Change-Id: Ic1678bc60c3e85daced758ce139f7d03c25632dc
Reviewed-on: https://chromium-review.googlesource.com/928320
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51419}
This adds a frame state for the call to the executor in inlined promise
constructors. We provide a continuation function in case of deopts which
just returns the created promise. This is not totally correct yet: if
the executor function also throws, we need to catch it and call the
reject function instead.
We also still need to add a frame state for the isCallable check on the
executor, so that the stack is correct for the thrown TypeError.
Bug: v8:7253
Change-Id: I3ee042ec82f1a9a35d59e576f6c8efe9bc98698c
Reviewed-on: https://chromium-review.googlesource.com/926523
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51417}
We don't use parser caches anymore and request code caches
explicitly using ScriptCompiler::CreateCodeCache. Hence
removing the support for both parser cache and code cache options.
They are still retained in CompileOptions for backwards
compatibility. Apart from the api.cc, no other part should see
this option.
Bug: chromium:779254, chromium:783124
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ic8ad9afe3fa44bbb5adc71bdde59c0b4057a523d
Reviewed-on: https://chromium-review.googlesource.com/916261
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51416}
- Use CallCFunction to call C implementation of copying elements for
slice, instead of Runtime call
- Copy elements without allocating handles when copying different types
of typed arrays
Bug: v8:5929
Change-Id: Icd4fed8846542e71b623e600ba9aaac64062f0d4
Reviewed-on: https://chromium-review.googlesource.com/920563
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51415}
This allows liftoff compiled functions to receive f64 values as
parameters and pass f64 values as arguments to called functions.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ie7467b424ccdf1ec8b7f7625d9439ab4ea427022
Reviewed-on: https://chromium-review.googlesource.com/926105
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51414}
Before, configurations were chosen on clusterfuzz side. This migrates
the choice to the V8 repo, to enable easier changing it and to allow
sharing it between different fuzzers.
NOTRY=true
TBR=sergiyb@chromium.org
Bug: chromium:813833
Change-Id: I9890a36fd6aab171d3e13172fc55b274f189e532
Reviewed-on: https://chromium-review.googlesource.com/927681
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51410}
This is the same treatment we give other numeric literals, and seems
sensible since they end up referenced from Ignition's constant pool.
R=jkummerow@chromium.org
Bug: v8:6791
Change-Id: Ia689c709d402e4e87b7d2d22c582108400c25580
Reviewed-on: https://chromium-review.googlesource.com/922283
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51409}
There were two failure paths where the CodeProtectionInfo object would not be
freed. This adds a free() on those paths to prevent a memory leak.
Bug: v8:7434
Change-Id: I48d60aee3255d829bf39b51cc30fabaf76b1fb07
Reviewed-on: https://chromium-review.googlesource.com/927746
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51408}
Liftoff currently allocates a stack frame of fixed size for each
function, and bails out if more stack space is needed during code
generation for the function.
This CL prepares the interface and the assemblers on ia32 and x64 to
allow patching of the stack frame size after the whole function body
was generated.
R=mstarzinger@chromium.org, titzer@chromium.orgCC=sreten.kovacevic@mips.com
Bug: v8:6600
Change-Id: Iff54ff65f3e6e13d53ff90ec34b2c5cf7d276d5e
Reviewed-on: https://chromium-review.googlesource.com/925463
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51406}
Too many files know how to deal with decoding, counting, and splitting UTF-8
into uc16 chars. This consolidates several callers who deal with full
(Vector<char>, not streaming) bytes by using a UTF-8 Iterator to decode bytes
into individual uc16 chars.
R=marja@chromium.org
Bug:
Change-Id: Ia36df3e8c1abd0398415ad23a474557c71c19a01
Reviewed-on: https://chromium-review.googlesource.com/831093
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Justin Ridgewell <jridgewell@google.com>
Cr-Commit-Position: refs/heads/master@{#51405}
After f1a551800f, we no longer have to
deal with a case where we rewrite destructuring assignments belonging
to some inner function. Remove a bit of code and add DCHECKs to reflect
that fact.
Change-Id: I7553e86d4ae2f6290853eee38f85d2f243b778a9
Reviewed-on: https://chromium-review.googlesource.com/922893
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51404}
Also delete a bit of dead code depending on dead types.
Change-Id: I6cfc7e2f6c8fd006bd0de054bfc3e9f725996741
Reviewed-on: https://chromium-review.googlesource.com/923083
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51403}
- Changes assert to reflect that we might exceed the number of attempts
to allocate a padded memory region while attempting to get an aligned
allocation and return null instead.
Bug: chromium:813587
Change-Id: I0e225f50b7a64a2f2a72de15322525574445efbd
Reviewed-on: https://chromium-review.googlesource.com/926968
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51401}
This is a partial revert of:
https://crrev.com/c/890938 and https://crrev.com/c/893982
Before this CL, the test runner blocked on ongoing tests in order to
process their results after an internal timeout. However, the logic
required for this feature was overly complicated and prevented an
acceptable implementation for fast aborts. Furthermore, also the fuzzers
suffered from timeouts on swarming due to hanging tests.
Instead, we now abort immediately on internal timeout (used on
fuzzers), SIGINT (Ctrl-C) and SIGTERM. Ongoing tests are immediately
terminated and their results are disregarded. On SIGTERM and SIGINT,
we return with non-zero exit codes, and zero on internal timeout.
This will also properly return json output, when the external hard
timeout is reached on swarming (causes SIGTERM).
TBR=sergiyb@chromium.org
Bug: v8:7423, chromium:813065
Change-Id: Ib20f835f58a0970693bdd3b21dc5d766d8e115d8
Reviewed-on: https://chromium-review.googlesource.com/924852
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51399}
During hash calculation, an array type was reinterpreted
from uint16_[] to uint32_t[]. Uint32 arrays have stricter
alignment requirements and these causes failures of several
tests from the debugger suite.
TEST=debugger/debug/debug-eval-scope
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I463c7aeb56a1010ddfb0c34f8404f05b75e6c466
Reviewed-on: https://chromium-review.googlesource.com/926341
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51398}
This makes sure that an existing unmodified snapshot works together with
the --branch-load-poisoning feature by unconditionally resetting the
underlying register in {CEntryStub::Generate}.
R=mvstanton@chromium.org
Change-Id: I4d9f12a3b45bd7b46eda55a342beadf9b9a4bb8a
Reviewed-on: https://chromium-review.googlesource.com/926365
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51397}
For some wasm functions, name information is not available, resulting
in a nullptr being passed to the profiling event listener. While we
probably should have better names, this at least prevents a crash.
Change-Id: I41bd7827124e9c193a076a57d3a134f5df1d6a15
Reviewed-on: https://chromium-review.googlesource.com/926367
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51396}
Without processing the input, a phi node can be flagged as unused and
replaced with {Dead}, although it is used by a {DeadValue} node.
Bug: chromium:808472
Change-Id: I7446883535b34770e31e4e26e1c242eb05673a91
Reviewed-on: https://chromium-review.googlesource.com/919362
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51395}
Each DOM node has the corresponding V8 wrapper object. This leads to
apparent duplication in the heap snapshot and may confuse the users.
This patch allows the embedder to specify V8 wrapper for each embedder
node. In the heap snapshot the wrapper node will be merged into the
embedder node. The resulting node will have the same properties as
the embedder node. If the wrapper node name has a tag, then the tag
is also added to the merged node.
Bug: chromium:811925
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I2492f5b28163a78aee707b9ced1b09ac4b203e3f
Reviewed-on: https://chromium-review.googlesource.com/919482
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51394}
Until now lookbehind assertions have been quantifiable in non-unicode regexps.
This seems to be an oversight in the spec.
R=jgruber@chromium.org
Bug: v8:7462
Change-Id: Iad0db441089c7510dd2c42a861db92c05545ce1e
Reviewed-on: https://chromium-review.googlesource.com/926102
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51392}
This makes the inlining of the default resolve/reject closures generated
by the Promise constructor effective. To be really useful we still need
to have the Promise constructor inlined (work-in-progress) and eventually
track SharedFunctionInfo feedback in the CALL_IC.
Bug: v8:2206, v8:7253
Change-Id: I08fa8ca72754f459ae36027a55377ef57d411cdc
Reviewed-on: https://chromium-review.googlesource.com/926103
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51390}
Inline the promise constructor when we have one argument and target
matches new_target.
This is not complete, and is sitting behind an experimental flag for
now. We need to fix deoptimization by providing proper frame states.
Create a unittest class for JSCallReducer - just assert whether there
was a change or not, rather than specify the exact graph that should be
produced.
Bug: v8:7253
Change-Id: Ib6886a8feb2799f47cd647853cabcf12a189bc25
Reviewed-on: https://chromium-review.googlesource.com/919282
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51389}
