This is a reland of 02103b276b
Fix for the original build break: build android with noop crashkeys for now
Original change's description:
> Add Crash Keys support
>
> This adds crash keys containing the isolate address and addresses of
> the read_only, map, and code spaces to crash report minidumps.
> When not compiling V8 with Chrome, a noop implementation is used.
>
> Bug: v8:9323
> Change-Id: I8523630e7a4ff792855163c06bf76dab35b1b9e5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1641326
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#62059}
Bug: v8:9323
Change-Id: I6bb115ad14b2ce5865f4d8fb255245c38fb0cd14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658505
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62320}
Calling FindIndexInScript performs a linear search on the script functions and can
take considerable time. With Bytecode flushing we will lose the function_literal_id
and have to call FindIndexInScript if we ever recompile the flushed function. This
can take a significant proportion of the recompilation time and has caused regressions
in rendering times for some web applications (e.g, 395ms in FindIndexInScript for 132ms
spent lazily re-compiling code).
To avoid this, add function_literal_id back into the SFI and remove it from
UnoptimizedCompileInfo. This will slightly regress memory usage (particularly
in cases where many of the SFIs are compiled), however it means we can remove
the FindIndexInScript function and avoid these long-tail regressions when
bytecode is flushed.
BUG=chromium:965833
Change-Id: Ia31e82eb6c871a6d698a518326a8555822a7a1d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669700
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62319}
Convert the new class SourceTextModuleRecord to use Torque
to define its fields.
Bug: v8:9292
Change-Id: Iddad3b266dd0dc122aee510cc41c69be27988c4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1668011
Commit-Queue: Dan Clark <daniec@microsoft.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62318}
Rework the implementation of non-external Torque classes to use
Struct machinery rather than FixedArray machinery. This allows
Torque-only defined 'internal' classes to the automatically generate
class verifiers and printers.
As part of this change, generate C++ boilerplate accessors for
internal Torque classes, since this is a pre-requisite for the
verifiers, printers and other Struct-based functionality.
Moreover, augment the header-generating functionality in Torque
to create separate header files for field offset definitions,
internal class C++ definitions and instance types.
Bug: v8:7793
Change-Id: I47d5f1570040c2b44d378f23b6cf95d3d132dacc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607645
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62317}
The extensions require isolate address to be set but don't rely on calling
any runtime functions, which makes them viable for post-mortem debugging,
if the corresponding memory is included into the dump
!set_iso(isolate_address)
call this function before using !mem or other heap routines
!mem or !mem(\"space1[ space2 ...]\")
prints memory chunks from the 'space' owned by the heap in the
isolate set by !set_iso; valid values for 'space' are:
new, old, map, code, lo [large], nlo [newlarge], ro [readonly]
if no 'space' specified prints memory chunks for all spaces,
e.g. !mem(\"code\"), !mem(\"ro new old\")
!where(address)
prints name of the space and address of the MemoryChunk the
'address' is from, e.g. !where(0x235cb869f9)
Output from !mem would look something like this:
0:000> !mem("old")
Heap at 0x210652b8838
Im address: object area start - end (size)
OldSpace (allocating at: 0x1703dae7a20):
* 0x33d9a8c0000: 0x33d9a8c0138 - 0x33d9a8f1000 (0x31000)
0x1703dac0000: 0x1703dac0138 - 0x1703db00000 (0x40000)
Change-Id: Iae1a217bbc5c5a88e2cf742db88ead9bb6fc904c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669744
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62316}
The table.copy instruction used the indirect_function_table_size field
of the instance for bounds-checks. However, when Table 0 is of type
anyref, this field is not set. Now we use the actual size of the table
instead.
R=clemensh@chromium.org
Bug: chromium:977101
Change-Id: Idda9cfe228141877747ed9a824936a1232f58cf8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669695
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62315}
The {indirect_function_table_size} field of the instance was initialized
with the size of the first anyfunc table. However, this field should
only be set if Table 0 is of type anyfunc.
R=clemensh@chromium.org
Bug: chromium:977101
Change-Id: I4729feb6b67387ccda53d17179a34d719347efed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669697
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62314}
The platform is allowed to remove the foreground task without ever
executing it if the isolate is shutting down. This can happen
immediately when spawning the task. This would leave a stale pointer to
the deleted task in the engine, and can lead to UAF.
Thus deregister the task also from the destructor. At that point, we do
not need to report back any live code for that isolate.
R=ahaas@chromium.org
Bug: v8:8217, chromium:971293
Change-Id: I7081efde8f306649d08956e758254a8875db8271
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669694
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62312}
Port 20d29a3617
Original Commit Message:
This disallows using CSA macros from Torque that have a Node* return
type instead of TNode<>. By enforcing CSA types at the boundary between
CSA and Torque, we can ensure that the Torque types and the CSA types
match.
As a drive-by, this CL adds a bit more of CSA typing where it made sense.
R=tebbi@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I531531e9029875b7685a9d775410ec9f924f8b69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669827
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#62311}
A few are still left and made explicit with Allow* scopes.
Bug: v8:7790
Change-Id: I85e78949730d046d3449e0cee70997e60a043825
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622108
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62310}
v8memory.h does not have V8 specific definitions, and having it in base
makes it clear that every component may include the file. It also
ensures that including it does not create spurious dependencies on
v8_base.
Change-Id: I565f63b25f33a9ada19d7b2ac5990863ab17f4a7
Bug: v8:9183, v8:8855
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657923
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62309}
The stub cache doubles in size when switching to 64-bit. The references
stored in it are not currently compressed even with ptr-compr enabled.
This patch compresses those references so the table is the same size on
32- and 64-bit architectures, which is beneficial on benchmarks which
utilise the stub cache heavily.
Reducing the stub cache size has lead to an improvement of 0.7% in
runs/minute being observed on Speedometer on a Pixel device, and 0.4% on
a Pixel3 device.
Also add constructors to [Strong]TaggedValue to support compression.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Change-Id: I3b643d674356deaa129588189df7adfc91d15db4
Bug: v8:7703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635694
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62308}
Adds basic support for CompressedHeapConstants to Arm64 by moving to a ldr_w
instruction and passing COMPRESSED_EMBEDDED_OBJECT as the RelocInfo. However,
we still haven't made the COMPRESSED_EMBEDDED_OBJECT be actually compressed
in the code-stream (they still take up a full 64-bits). Support for this will
be added next.
Adding a test on macro assembler that checks that the
RelocInfo::COMPRESSED_EMBEDDED_OBJECT is flowing through.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703, v8:9298
Change-Id: Ibc64cdfdd85d5cdfa060ed6227b10bb47eae3a8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635692
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62306}
Right now there is both a v8::internal::RegExp class and a
v8::RegExp class so when code says just "RegExp" the name lookup
depends on what the compiler knows. In some jumbo builds the
compiler suddenly knew about v8::internal::RegExp which made
the symbol lookup choose that class instead of v8::RegExp.
Bug: v8:9359
Change-Id: Ic226d187a397ef2ed4e1e7b415c4f68ba72aa0e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669688
Auto-Submit: Daniel Bratell <bratell@opera.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62305}
Makes the order of the generated calls to the Runtime function
DefineAccessorPropertyUnchecked fixed regardless of hashseed so that
recompilation for lazy source positions always generates the same
result.
Moves AccessorTable from src/ast/ast.h to bytecode-generator.cc since
that's the only place that uses it.
Bug: v8:9383, v8:8510
Change-Id: I89e0aad1683a793714bfb48eca1b00abe20cad0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669689
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62303}
This is a reland of a5fa211f30
des_checksum and call_once_run were undefined and unused respectively when
shared read-only heap was enabled. Fixed with a copious amounts of USE.
Original change's description:
> [roheap] Check that ro-heap is always passed the same read-only snapshot
>
> Previously the ReadOnlyHeap simply discarded all but the first
> ReadOnlyDeseralizer. ClearSharedHeapForTest should be called if using a
> new ReadOnlyDeserializer (this might change in the future).
>
> Remove an obsolete 'StartupSerializerRootMapDependencies' test. It used
> to test Map::WeakCellForMap which doesn't exist anymore and was
> difficult to adapt to a shared read-only heap.
>
> Bug: v8:7464
> Change-Id: I64b8e953b0e3466e003541ec8a9321e439a01d33
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660612
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Cr-Commit-Position: refs/heads/master@{#62250}
TBR: yangguo@chromium.org
Bug: v8:7464
Change-Id: Id66e781be890c5ed03d066f8c62de703d5cb435e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667415
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62302}
Port: 7629afdhttps://crrev.com/c/1520719
Original Commit Message:
Allocate feedback vectors lazily when the function's interrupt budget has
reached a specified threshold. This cl introduces a new field in the
ClosureFeedbackCellArray to track the interrupt budget for allocating
feedback vectors. Using the interrupt budget on the bytecode array could
cause problems when there are closures across native contexts and we may
delay allocating feedback vectors in one of them causing unexpected
performance cliffs. In the long term we may want to remove interrupt budget
from bytecode array and use context specific budget for tiering up decisions
as well.
Change-Id: Icddceec22df3dad7861a30f0190397db130db10d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669116
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#62301}
The debugger should be notified whenever a new Module is created so it
displayed properly. Without this change, the Module is only displayed once,
regardless of the number of times it is referenced (by other Workers, say).
That is potentially reasonable behavior, but it doesn't match the way
JavaScript does it.
With this change, the debugger will display the sources like this:
```
▼ top
▶ localhost
▼ wasm
▼ wasm-82570336
wasm-82570336-0
▼ worker.js
▶ localhost
▼ wasm
▶ wasm-82570336
```
Change-Id: I61177e8a07e36ea8e2234aa25e75b1489c9da95f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666616
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62297}
Introduce SourceTextModule as a subclass of Module. Move all the
JavaScript-module-specific code down from Module to
SourceTextModule, with all code applicable to other future
module types remaining in Module.
With this change, Module is roughly equivalent to the spec's
Abstract Module Record and SourceTextModule is roughly equivalent
to Source Text Module Record.
Bug: v8:9292
Change-Id: I6e9cd3ece9d0c1da57e52f8af8ed5848d87dd22d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1633154
Commit-Queue: Dan Clark <daniec@microsoft.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62296}
This reverts commit ccf0d80261.
Reason for revert: Breaks https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/26472
Original change's description:
> Reland "Enable lazy source positions by default"
>
> This is a reland of 69fafb5fe3
> after fixing the in crash with
> https://chromium-review.googlesource.com/c/v8/v8/+/1664334
>
> Original change's description:
> > Enable lazy source positions by default
> >
> > Also adds a compile time flag which allows the default to be configured
> > so node can disable it since it hangs the node cpu profiler tests.
> >
> > Bug: v8:8510
> > Change-Id: Idf4785036dc6242769410091518a67ac9179b718
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1491491
> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > Commit-Queue: Dan Elphick <delphick@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#62089}
>
> Bug: v8:8510
> Change-Id: I81b36dbba3cc7b9a99dc5cc4ea72040fabfec97e
> Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg,v8_linux64_gc_stress_custom_snapshot_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660484
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Auto-Submit: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62288}
TBR=rmcilroy@chromium.org,delphick@chromium.org
Change-Id: Icbe93550850f79d1c29bed3e8084676c453cdf06
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8510
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg, v8_linux64_gc_stress_custom_snapshot_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667419
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62294}
This disallows using CSA macros from Torque that have a Node* return
type instead of TNode<>. By enforcing CSA types at the boundary between
CSA and Torque, we can ensure that the Torque types and the CSA types
match.
As a drive-by, this CL adds a bit more of CSA typing where it made sense.
Bug: v8:7793, v8:6949
Change-Id: I12ea0337c628105ea3c420be747ae50d3a172547
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660481
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62293}
This patch implements the access of private methods:
- When building property loads, check whether it requires
a brand check. If so, build the brand check and load the
property (the method) from the context instead.
- Throw type errors when there is an attempted write to private
methods.
Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit#
Bug: v8:8330
Change-Id: Ic917d2a0030196c1940b0c0ba65a340af736c769
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1610383
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62292}
... and add i::GetIsolateFromHeapObject(HeapObject, Isolate*) and
i::IsReadOnlyHeapObject(HeapObject) instead.
Previously the removed function was also used for checking if given heap
object is a read only object. But if pointer compression is enabled
the i::GetIsolateFromHeapObject() will succeed for both read only and
writable heap objects.
Bug: v8:9379, v8:7703
Change-Id: Ib0a9babafe32f43716dac70620b51657dfb97d7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667416
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62291}
Prevents potential double free if
ReleaseAllocatedMemoryNeededForWritableChunk were to be called twice.
Change-Id: I97f0b3e6a279297faa37d541b81f465fec68b894
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667414
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#62290}
The map in the cache is the LHS, not the RHS.
Change-Id: Idf6b4fafc8c62aea5b8f5f55258241939cf9829d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667410
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62289}
This is a reland of 69fafb5fe3
after fixing the in crash with
https://chromium-review.googlesource.com/c/v8/v8/+/1664334
Original change's description:
> Enable lazy source positions by default
>
> Also adds a compile time flag which allows the default to be configured
> so node can disable it since it hangs the node cpu profiler tests.
>
> Bug: v8:8510
> Change-Id: Idf4785036dc6242769410091518a67ac9179b718
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1491491
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62089}
Bug: v8:8510
Change-Id: I81b36dbba3cc7b9a99dc5cc4ea72040fabfec97e
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg,v8_linux64_gc_stress_custom_snapshot_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660484
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62288}
Fix JSSegmentIterator::Create getting the unicode string as a raw object
pointer and then performing memory allocation which then invalidates it.
This changes SetTextToBreakIterator to return a handle instead.
Bug: v8:6891
Change-Id: I57e175b31e78a074a0b3c5a8fc26b4af05b4a752
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667409
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62287}
Now that fields are always in the same order as descriptors, we can
change the property scan during NextFreePropertyIndex into a faster
reverse search that simply tries to find the last field.
Change-Id: I24d0781cd7d7c5b15998c35f281be69cd492d5ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667402
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62286}
This flag will be useful to analyze (and then improve) fragmentation
and compaction.
Bug: v8:9329
Change-Id: Ie3c5b618fa5717277cf2b9617e2d8f9dc2138056
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664333
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Cr-Commit-Position: refs/heads/master@{#62285}
... to prepare for merging this back to stable chanel.
Bug: chromium:972921
Change-Id: I04ced1c81b5f8730014ecee8935799fccc377a49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667006
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62283}
A class's fields can appear twice in the class AST, via the properties
array and the synthetised initializer method. This means that the
reindexer can end up visiting the same function literal twice, since the
T in AST is no longer a T but rather a DAG.
Now, we special case the class visitor in the reindexer to avoid these
double visits where appropriate. We know what kinds of fields can be
double visisted, so we don't need a visited set, but we now also have
one for debug builds to verify that each function is visited exactly
once.
Bug: chromium:974627
Change-Id: Ib531becc6e3f3c73f420b5fb49790fe4a2022d65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667003
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62282}
Rather than starting a new, orphaned transition tree in various bailout
cases, simply drop down into dictionary mode.
Aside from potential memory benefits, this allows us to remove
CopyGeneralizeAllFields, which was the only path along which fields
could end up in a different order than their descriptors.
Change-Id: I5577e8a1ca51f0ffdadd7504e7895f367605aa27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662298
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62279}
Outset:
The more advanced features of OutSet are no longer used, thus the
rename to DynamicBitSet to reflect its current purpose.
BoyerMoorePositionInfo:
Use bitset backing store in BoyerMoorePositionInfo (previously this
was based on a (statically-sized) ZoneList<bool>).
Bug: v8:9359
Change-Id: I40ca89467ae90ee90c616be5fd0d51e54e94e157
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664064
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62277}
The last use of V8's SplayTree was in diagnostics and is now replaced
by std::map.
Bug: v8:9359
Change-Id: I7b79fe619eb734343579652058be4d2b81fd4a1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664060
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62276}
This is a reland of 333615cfc2 after
disabling the failing layout test. I am still investigating the failure
and will re-enable the test as soon as I find a fix. The related bug
is here: crbug.com/976587
Original change's description:
> Reland "Enable lazy feedback allocation"
>
> This is a reland of 8c10501be5.
> Reland after fixing test failures.
>
> Original change's description:
> > Enable lazy feedback allocation
> >
> > Bug: v8:8394
> > Change-Id: I29ffd38725bdcaa9dd11221045dba681eb0d567b
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643430
> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > Commit-Queue: Mythri Alle <mythria@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#61991}
>
> Bug: v8:8394
> Change-Id: Icc9e276ab22ca6455b775f3c27e0d43c3f08b887
> TBR: rmcilroy@chromium.org
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647161
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62018}
Bug: v8:8394
Change-Id: I014b14933bfa7f98a2c3666ba5a650917e96a819
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666999
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62275}
This CL changes the generic version of Array#sort to use 'strict'
DeleteProperty when "moving" holes to the end of the sort range.
This brings V8 not only in line with the proposed Array#sort spec
change, but also closer to what other engines do. Now all engines
throw a TypeError when the new test case is run.
R=jgruber@chromium.org, mathias@chromium.org
Bug: v8:8714
Change-Id: Ic5bcd152ad55fd534c1e9e3218393bfe4a50667e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666995
Commit-Queue: Simon Zünd <szuend@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62273}
There are two RegExp classes, one in v8 and one in
v8::internal and in some Windows jumbo builds the compiler
tried to use v8::internal when v8 was intended. In normal builds
the compiler does not know about v8::internal::RegExp so
it works anyway.
Bug: v8:9359
Change-Id: I9a39d342ddefd6570d5d070b7c073dc257705969
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666992
Commit-Queue: Daniel Bratell <bratell@opera.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Daniel Bratell <bratell@opera.com>
Cr-Commit-Position: refs/heads/master@{#62272}
