With a shared cage, there's no easy way to recover an Isolate from a
heap pointer. Symbol::Description relies on RO symbols' description slot
being uncompressed so a Handle could point to it. This isn't possible
with a shared cage without going through TLS to get an Isolate for
Handle construction, so deprecate the method in favor of one that takes
an Isolate directly.
Bug: v8:11460
Change-Id: I69b2b7d77f4c00d0f58954cd80e22cba5ff222e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2802860
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73924}
Port 5e0b94c4dc
Original Commit Message:
This CL adds features to pack/unpack map words.
Currently V8 cannot store extra metadata in object headers -- because V8
objects do not have a proper header, but only a map pointer at the start
of the object. To store per-object metadata like marking data, a side
table is required as the per-object metadata storage.
This CL enables V8 to use higher unused bits in a 64-bit map word as
per-object metadata storage. Map pointer stores come with an extra step
to encode the metadata into the pointer (we call it "map packing").
Map pointer loads will also remove the metadata bits as well (we call it
"map packing").
Since the map word is no longer a valid pointer after packing, we also
change the tag of the packed map word to make it looks like a Smi. This
helps various GC and barrier code to correctly skip them instead of
blindly dereferencing this invalid pointer.
A ninja flag `v8_enable_map_packing` is provided to turn this
map-packing feature on and off. It is disabled by default.
* Only works on x64 platform, with `v8_enable_pointer_compression`
set to `false`
R=wenyu.zhao@anu.edu.au, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I4a13093e7b20bb38990d947c697008a920cfe715
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2821649
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73923}
It's used when setting up the context snapshot for blink, so we want to
be sure that it doesn't execute script.
Bug: chromium:728583
Change-Id: I46507e18d178e6473dd10348a9f253016a9178b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807615
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73920}
Finer grained control of platforms that support threads are
enforced by chromium.
Bug: chromium:1167733
Change-Id: Ic34a4950aebf6ba394053b79df97b703af333636
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810190
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73919}
The existing code assumes that the number of inputs is fixed to 4.
However, the fuzzer says that at least 5 inputs are also possible.
This CL makes the number of inputs more flexible.
CC=sam.parker@arm.com
Bug: chromium:1197393
Change-Id: I487ac96570b96f04b4d0a47065e7b383ba39016f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2821435
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73917}
The pointer compression cage is the virtual memory reservation
that all compressed pointers fall within. This CL splits pointer
compression into two modes: a per-Isolate cage and a shared cage
among multiple Isolates.
When multiple Isolates are sharing a cage, they can decompress
each others' pointers and share the same virtual memory range.
Bug: v8:11460
Change-Id: I7b89b7413b8e7ca6b8b6faafd083dc387542a8b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783674
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73916}
This CL adds features to pack/unpack map words.
Currently V8 cannot store extra metadata in object headers -- because V8
objects do not have a proper header, but only a map pointer at the start
of the object. To store per-object metadata like marking data, a side
table is required as the per-object metadata storage.
This CL enables V8 to use higher unused bits in a 64-bit map word as
per-object metadata storage. Map pointer stores come with an extra step
to encode the metadata into the pointer (we call it "map packing").
Map pointer loads will also remove the metadata bits as well (we call it
"map packing").
Since the map word is no longer a valid pointer after packing, we also
change the tag of the packed map word to make it looks like a Smi. This
helps various GC and barrier code to correctly skip them instead of
blindly dereferencing this invalid pointer.
A ninja flag `v8_enable_map_packing` is provided to turn this
map-packing feature on and off. It is disabled by default.
* Only works on x64 platform, with `v8_enable_pointer_compression`
set to `false`
Bug: v8:11624
Change-Id: Ia2bdf79553945e5fc0b0874c87803d2cc733e073
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247561
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73915}
We have to have special rules for bit_fields since we multiple accesors
touch the same field. I used:
* If the accessor is set at map initalization time only and:
* only the main thread accesses it: non-atomic write/read
* bg accesses it too: non-atomic write, relaxed read (read has to be
relaxed due to the whole bit_field being modified concurrently via
other bit_field3 accessors)
* If the accessor is set after map initialization:
* but it is not necessary for synchronization: relaxed write/read
* If the accessor is needed for synchronization: release/acquire
As a note, Map::NumberOfOwnDescriptors are the bits accessed by the
concurrent marker. For concurrent marker reasons it can be relaxed, but
we would like it to be release/acquire for the compiler since that's
where we synchronize Maps with adding descriptors to the descriptor
array.
Bug: v8:7790, chromium:1150811
Change-Id: I0ba7d2f8cb81d65a487970b4ea0bfa2a4cb3a975
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773286
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73911}
Make runtime-call-stats a compile-time flag. Disabling RCS saves roughly
1MB binary size on 64bit systems and yields minor performance
improvements.
Bug: v8:11299
Change-Id: Ia1db75e330a665db5251b685c164b96857e38d2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2799766
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73910}
We have to respect the TypeCheckKind.
Bug: chromium:1195777
Change-Id: If1eed719fef79b7c61d99c29ba869ddd7985c413
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817791
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73909}
Skip wasm/simd test for riscv64
Add buitin info when call a builtin.
Port 064ca18ca2
Change-Id: I1150de98a95231abf9d5def9e95ad38a8a42bbb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814128
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Commit-Queue: Brice Dobry <brice.dobry@futurewei.com>
Cr-Commit-Position: refs/heads/master@{#73908}
If a loop is removed in dead code elimination, we may have a dead node
in the control chain. This wasn't expected, and endless recursion could
result.
Bug: chromium:1196185
Change-Id: Id6d69d0eaed11b0c6158b5643d3433b11611af59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817792
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73906}
This CL makes more assumptions in the fast-api-call mjsunit test
explicit and specifies --deopt-every-n-times=0 for it, as it relies
on particular optimization/deoptimization sequences. It also fixes an
inconsistency between the fast/slow path results.
Bug: v8:11620
Change-Id: I385949a04534cd1658236878875efa6622936bc5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817607
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73905}
In Isolate::UnwindAndFindHandler(), the thread-in-wasm flag was set
before the destructor of some objects in that function got executed,
e.g. the destructor of {WasmCodeRefScope}. On Windows-asan, these
destructors could throw exceptions (asan on Windows uses exceptions for
its memory access tracking), which get handled initially by the wasm
trap handler, and would thereby invalidate the thread-in-wasm flag.
With this CL a new scope gets introduced which makes sure that setting
the thread-in-wasm flag is the last thing that happens in
Isolate::UnwindAndFindHandler().
Bug: chromium:1195595
Change-Id: If9f5f486c55b3bc2718a1d5aee3e3bd290d0ff35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817598
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73904}
Several spots in arm codegen require 24-bit integers; since getting
this wrong is usually a security problem, let's change these DCHECKs
into CHECKs.
Bug: chromium:1197363
Change-Id: I277dc8fe4771adae89375adbe19a33d2c9f6783c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2820972
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73902}
The de-duplication happens when
1) we have a JSFunction for an outer function and a JSFunction for its
inner function in the snapshot and
2) we call the outer function again after deserializing
Expectation: the created JSFunction for the inner function uses the
SFI which was created when deserializing.
Bug: v8:11525
Change-Id: I80933514873e857452585317248fa34913d8d8e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794438
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73900}
This is a reland of 2b94e5677f
Original change's description:
> [inspector] Report [[Prototype]] as internal property.
>
> Previously the inspector was trying to add a special `__proto__`
> property to every JSObject, which looked and behaved like a real
> data property on the object. But this is confusing to developers
> since `__proto__` is not a real data property, but usually an
> accessor property on the `Object.prototype`.
>
> Additionally all other internal properties are reported using the
> [[Name]] notation, with the [[Prototype]] having been the strange
> outlier.
>
> Drive-by-cleanup: Use an ArrayList to collect the name/value pairs
> inside Runtime::GetInternalProperties(), which makes this function
> more readable and easier to add things.
>
> Bug: chromuium:1162229
> Fixed: chromium:1197019
> Screenshot: https://imgur.com/a/b7TZ32s.png
> Change-Id: Ic4c1e35e2e65f90619fcc12bf3a72806cadb0794
> Doc: http://doc/1Xetnc9s6r0yy4LnPbqeCwsnsOtBlvJsV4OCdXMZ1wCM
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814565
> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73881}
Bug: chromuium:1162229, chromium:1197019
Screenshot: https://imgur.com/a/b7TZ32s.png
Doc: http://doc/1Xetnc9s6r0yy4LnPbqeCwsnsOtBlvJsV4OCdXMZ1wCM
Change-Id: Ie1e2276b385b18a5f865fdae583d1ce0101157c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2820970
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73899}
Defence in depth patch to prevent JavaScript from executing
from within IterateElements.
R=ishell@chromium.orgR=cbruni@chromium.org
Bug: chromium:1195977
Change-Id: Ie59d468b73b94818cea986a3ded0804f6dddd10b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2819941
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73898}
Fuzz tests could mess with some library methods used by stubs for
NaN-pattern problems in typed arrays. This change makes the stubs
more robust.
Bug: chromium:1197627
Change-Id: I84975f798d616fd5e82fd9ab84ad01fc35336a04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2820968
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73896}
This CL enables the fast-api-calls mjsunit test again on gc_stress
with a fix for --stress-flush-bytecode.
Change-Id: I3a65f8cb4ec319945319d533ed92241b14f624c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817604
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73895}
Rolling v8/build: 0006b44..2ae82a1
Rolling v8/third_party/aemu-linux-x64: SCU6888HuyC5TF12MrqnyC2eTRFiqzg1KUCITYThpxIC.._EJXYI9PIL6jmQi9nGYfsMiQZf2CFqi_hE7uUCqpScAC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/868d5d0..ab687ea
Rolling v8/third_party/depot_tools: 1cabb17..057831e
Rolling v8/tools/clang: 3b0c35b..6e92ef6
Rolling v8/tools/luci-go: git_revision:0f11e003d56071a19f4403570ebfdb8f197c2f87..git_revision:b1ba7603f4b71ab63a1df050e03137463309f348
Rolling v8/tools/luci-go: git_revision:0f11e003d56071a19f4403570ebfdb8f197c2f87..git_revision:b1ba7603f4b71ab63a1df050e03137463309f348
Rolling v8/tools/luci-go: git_revision:0f11e003d56071a19f4403570ebfdb8f197c2f87..git_revision:b1ba7603f4b71ab63a1df050e03137463309f348
TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I7fc14996e10ac3d1e725af863ae6df9483bf6aa5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2819207
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73889}
This command is broken, no testing and no clear demand for it.
Change-Id: Ic86ab346ab29a5d6804f74a3d4458bb3332a7718
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814131
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#73888}
This removes the heap sandbox's dependency on being able to reconstruct
an Isolate from the pointer cage base address.
Bug: v8:11460
Change-Id: I501ace5b83a2cefdf717de0d7387fd816edfb3f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783673
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73887}
This reverts commit 2b94e5677f.
Reason for revert: Speculative based on layout test failures on
win and mac which could block the roll:
https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Win/5294https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Mac/4955
Original change's description:
> [inspector] Report [[Prototype]] as internal property.
>
> Previously the inspector was trying to add a special `__proto__`
> property to every JSObject, which looked and behaved like a real
> data property on the object. But this is confusing to developers
> since `__proto__` is not a real data property, but usually an
> accessor property on the `Object.prototype`.
>
> Additionally all other internal properties are reported using the
> [[Name]] notation, with the [[Prototype]] having been the strange
> outlier.
>
> Drive-by-cleanup: Use an ArrayList to collect the name/value pairs
> inside Runtime::GetInternalProperties(), which makes this function
> more readable and easier to add things.
>
> Bug: chromuium:1162229
> Fixed: chromium:1197019
> Screenshot: https://imgur.com/a/b7TZ32s.png
> Change-Id: Ic4c1e35e2e65f90619fcc12bf3a72806cadb0794
> Doc: http://doc/1Xetnc9s6r0yy4LnPbqeCwsnsOtBlvJsV4OCdXMZ1wCM
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814565
> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73881}
Bug: chromuium:1162229
Change-Id: Ia893ad672eb370fa6fce7eddf2947bf8f6755831
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2818386
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73886}
This reverts commit b49638c524.
Reason for revert: Buggy for avx2 and --no-enabled-sse4-2 (but avx is available on bots), see review comments for details.
Original change's description:
> [x64][ia32] Set lower SSE flags when newer extensions are enabled
>
> If SSE4.2 is enabled, all the previous extensions should also be
> enabled. In particular, you cannot have --enable-sse4_1 and
> --no-enable-sse3.
>
> Bug: chromium:1195579
> Change-Id: Id3e10db24cee2aee14449a77c9e7cff82e97edff
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808621
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73840}
Tbr: ahaas@chromium.org,clemensb@chromium.org
Bug: chromium:1195579
Change-Id: Iabce159a82e8b71cbec8336091323f35e9aff16e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2818562
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73885}
This reverts commit dcdaf42fa8.
Reason for revert: This has problems on mac-arm64:
https://ci.chromium.org/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release/3591
Original change's description:
> [wasm] Add CPU time metrics
>
> This adds CPU time metrics to the WasmModuleDecoded (except for streaming),
> WasmModuleCompiled and WasmModuleTieredUp events. This can later be used
> to provide this information as UKMs or UMAs.
>
> Bug: v8:11611
> Change-Id: I36818f5efbdcae2d3ed6f27c16db21f9d8440d98
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2796952
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73882}
Bug: v8:11611
Change-Id: I1c82c3e4f19b3a486538fd62665669f6c5b98438
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2818380
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73884}
This adds CPU time metrics to the WasmModuleDecoded (except for streaming),
WasmModuleCompiled and WasmModuleTieredUp events. This can later be used
to provide this information as UKMs or UMAs.
Bug: v8:11611
Change-Id: I36818f5efbdcae2d3ed6f27c16db21f9d8440d98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2796952
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73882}
Previously the inspector was trying to add a special `__proto__`
property to every JSObject, which looked and behaved like a real
data property on the object. But this is confusing to developers
since `__proto__` is not a real data property, but usually an
accessor property on the `Object.prototype`.
Additionally all other internal properties are reported using the
[[Name]] notation, with the [[Prototype]] having been the strange
outlier.
Drive-by-cleanup: Use an ArrayList to collect the name/value pairs
inside Runtime::GetInternalProperties(), which makes this function
more readable and easier to add things.
Bug: chromuium:1162229
Fixed: chromium:1197019
Screenshot: https://imgur.com/a/b7TZ32s.png
Change-Id: Ic4c1e35e2e65f90619fcc12bf3a72806cadb0794
Doc: http://doc/1Xetnc9s6r0yy4LnPbqeCwsnsOtBlvJsV4OCdXMZ1wCM
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814565
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73881}
This is a reland of 62ff82e44b
Original change's description:
> cppgc: Add tests for in-construction during ctor
>
> Adds explicit tests that check that an object is marked as in
> construction while running the constructor.
>
> Bug: chromium:1056170
> Change-Id: I7f7340832e1bc31cec98784c261ed86deb402e72
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2811238
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73869}
Bug: chromium:1056170
Change-Id: I38c8579dc2ed437f2ad530bd552b5ef037ba8621
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817603
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73880}
The primary reason for this change is that this fixes a race condition
when one scavenger thread moves a WasmTypeInfo object that another
scavenger thread needs to read for visiting a Wasm struct.
Aside from that, since these objects are long-lived, it also generally
makes sense to pretenure them.
Fixed: v8:11618
Change-Id: I61e81752306dd6f29e0d26a0c40120a6301b0c12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814561
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73879}
These tests unnecessarily rely on the `//# sourceURL` annotation. This
is preparatory work to eventually move the treatment of `sourceURL` to
the DevTools front-end.
Bug: chromium:1183990
Change-Id: I934eb1580f503b7b9f8d97c250b7c798bc67e268
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814568
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73878}
This CL temporarily skips the fast-api-calls mjsunit test, as it
fails on GC stress bots for unrelated CLs (see
https://chromium-review.googlesource.com/c/v8/v8/+/2814740).
Change-Id: I884827a0a5fb030d676f9ded738f644cd4086ec6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814564
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73877}
Use the newer method getBestMatchResult() and
makeResolvedLocale() to resolve the locale instead.
Bug: v8:11584
Change-Id: Ifbd7a9b0d05506d83c2603c301b4d9e4caf2d689
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783662
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73876}
Rolling v8/build: 77edba1..0006b44
Rolling v8/third_party/aemu-linux-x64: SeLS6a0f6IL-PCOUKbMTN5LYgjjJbDSnb3DGf5q9pwsC..SCU6888HuyC5TF12MrqnyC2eTRFiqzg1KUCITYThpxIC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/41a5e5e..868d5d0
Rolling v8/third_party/depot_tools: 98a52e2..1cabb17
Rolling v8/tools/clang: a387faa..3b0c35b
Rolling v8/tools/luci-go: git_revision:d6d24b11ecded4d89f3dfd1b2e5a0072a3d4ab15..git_revision:0f11e003d56071a19f4403570ebfdb8f197c2f87
Rolling v8/tools/luci-go: git_revision:d6d24b11ecded4d89f3dfd1b2e5a0072a3d4ab15..git_revision:0f11e003d56071a19f4403570ebfdb8f197c2f87
Rolling v8/tools/luci-go: git_revision:d6d24b11ecded4d89f3dfd1b2e5a0072a3d4ab15..git_revision:0f11e003d56071a19f4403570ebfdb8f197c2f87
TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I84f879faeaf0ab23dd1ae37976dbb8e822a85c34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2816303
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73875}
