If a value dies in deferred code, there is no need to reload it at the
end of the deferred code, as it will be dead in the non-deferred code
that follows in control flow order. In the linearized view of register
allocation, this is encoded as a lifetime gap (or the end of an
interval).
Moreover, this may lead to wrong assignments if the value dies
between two deferred blocks and we leave a non-splintered live
range in the middle of deferred code.
Bug: chromium:915975
Change-Id: Iec68fe86f0dfbbac612635a637f3239475906d14
Reviewed-on: https://chromium-review.googlesource.com/c/1433784
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59068}
This reverts commit 25457c60a7.
Reason for revert: https://crbug.com/v8/8731
Original change's description:
> [testrunner] load tests concurrently into test execution processor
>
> loading every test up-front into the processing queue costs about 224MB for a
> x64 testsuite run.
>
> This CL eliminates that overhead by utilizing generators and threading.
>
> LoadingProc now loads test after receiving the results of the loaded tests.
>
> R=machenbach@chromium.org
> CC=yangguo@chromium.org,sergiyb@chromium.org
>
> Bug: v8:8174
> Change-Id: I8f4e6de38430c54fe126e4504b52851866769efb
> Reviewed-on: https://chromium-review.googlesource.com/c/1420678
> Commit-Queue: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59056}
TBR=machenbach@chromium.org,tmrts@chromium.org
Change-Id: I1e074a031dced367a32a93827b9e863b0331340f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8174
Reviewed-on: https://chromium-review.googlesource.com/c/1433792
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59065}
All users have elements already, and we can just pass that in.
Change-Id: Ie9b8c1290d74bce120461c9f15695e8eb7dfd7c2
Reviewed-on: https://chromium-review.googlesource.com/c/1430072
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59064}
... more precisely, do not mess up the exceptional edges.
Bug: chromium:924151
Change-Id: I3541a1c339c07f509519d4ece6d677dd499f181e
Reviewed-on: https://chromium-review.googlesource.com/c/1429860
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59063}
Previously, trusted (or no-mitigations) has been tested on a subset of builders
from all platforms. This reduces it to arm-sim and native Android devices.
Change-Id: I90066686e6a92db4a944025538e01a117f324421
Reviewed-on: https://chromium-review.googlesource.com/c/1433777
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59062}
After the v8:8689 "Split compilation in three stages" commit landed,
WasmCompilationUnit::result_ was left dangling. In builds that
noticed this (in particular certain jumbo builds), the
-Wunused-private-field warning triggered which broke the build.
Bug: v8:8689
Change-Id: Iafc56b3dc6bb53e2e8417cabce540c2fcfd3431a
Reviewed-on: https://chromium-review.googlesource.com/c/1433780
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59059}
Other platforms besides ARM64 Windows may also have alignment
requirements, e.g. PPC and s390. These requirements may affect
both the code pointer field and the size field, and so they
each need alignment directives because they are stored in
different sections.
Since aligning wastes a handful of bytes at most, not making
alignment conditional on the platform type seems like a good idea.
Refs: https://github.com/nodejs/node/pull/24875
Change-Id: I1f58606af294be65e74a1f107cd05fc21e032704
Reviewed-on: https://chromium-review.googlesource.com/c/1433778
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59058}
This CL implements handling of Call/ConstructWithSpread bytecodes
by passing empty hints for the parameters mapped to the spread argument.
R=neis@chromium.org
Bug: v8:7790
Change-Id: I00f4e87e7bf62c3f387ee92d9aa4d252bdf79838
Reviewed-on: https://chromium-review.googlesource.com/c/1429864
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59057}
loading every test up-front into the processing queue costs about 224MB for a
x64 testsuite run.
This CL eliminates that overhead by utilizing generators and threading.
LoadingProc now loads test after receiving the results of the loaded tests.
R=machenbach@chromium.org
CC=yangguo@chromium.org,sergiyb@chromium.org
Bug: v8:8174
Change-Id: I8f4e6de38430c54fe126e4504b52851866769efb
Reviewed-on: https://chromium-review.googlesource.com/c/1420678
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59056}
v8::Global may be used as a weak reference. In the case this reference is a
simple phantom reference, we need to update the internal state to be able to
clear the right slot once the object referred to is dead.
This reverts commit 18f32ca89c.
Bug: chromium:924220
Change-Id: I3caec77448b0c5fcb461c8f8b5015de2978b3931
Reviewed-on: https://chromium-review.googlesource.com/c/1430015
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59055}
If __FILE__ contained a backslash (which happened in jumbo builds on
Windows), then the generated embedded.S could contain broken strings.
This replaces backslashes with forward slashes before writing the
paths to embedded.S.
Bug: v8:8418,chromium:924454
Change-Id: I32134e9cd8acd2437f61a8f74c14583fa87a4bdf
Reviewed-on: https://chromium-review.googlesource.com/c/1430699
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Daniel Bratell <bratell@opera.com>
Cr-Commit-Position: refs/heads/master@{#59053}
This requires honoring the instance size of the object stored in the
map for JSObject. To do this, allocation is now split into two
instrinsics, one that calculates the base size of the allocated object
(%GetAllocationBaseSize) and one that actually allocates (%Allocate).
In the process, remove objects.tq, which only existed to contain a
macro to fetch the default JSObject map, which is functionality that
is now in the JSObject class constructor.
Bug: v8:7793
Change-Id: I426a7943aac67eacad46d4ff39f5c821489a04bc
Reviewed-on: https://chromium-review.googlesource.com/c/1426959
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59052}
using add insetad of addi when Operand is more than 16 bits long
Change-Id: I7f9452381ed8b321ec71e68d0d90485508b69885
Reviewed-on: https://chromium-review.googlesource.com/c/1430619
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#59049}
This is part of an effort to improve the performance of TA#subarray.
Bug: v8:7161
Change-Id: I1579ee45a810e1f2d0279fef9e18bad09e1fc3d9
Reviewed-on: https://chromium-review.googlesource.com/c/1426107
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59048}
This reverts commit 584f0b43b2.
Reason for revert: Breaks MSAN build - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/24872
Original change's description:
> [api, global-handles] Fix moving weak Global<T>
>
> v8::Global may be used as a weak reference. In the case this reference is a
> simple phantom reference, we need to update the internal state to be able to
> clear the right slot once the object refered to is dead.
>
> Bug: chromium:924220
> Change-Id: I2ab7c3afcbe22988791faef406c284db03a43caf
> Reviewed-on: https://chromium-review.googlesource.com/c/1430101
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59040}
TBR=ulan@chromium.org,mlippautz@chromium.org
Change-Id: I19c3e929962203df4e1f24191d054180723b1c9d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:924220
Reviewed-on: https://chromium-review.googlesource.com/c/1430833
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59046}
Testrunner has ancient support for JUnit compatible XML output.
This CL removes this old feature.
R=mstarzinger@chromium.org,jgruber@chromium.org,jkummerow@chromium.org
CC=machenbach@chromium.org
Bug: v8:8728
Change-Id: I7e1beb011dbaec3aa1a27398a5c52abdd778eaf0
Reviewed-on: https://chromium-review.googlesource.com/c/1430065
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59045}
Also insert NestedVariableDeclarations in the preparser if they occur. This
should be uncommon enough to not hurt preparser performance. This will also
allow us to stop checking for conflicts on already preparsed code. Since the
preparser itself will mainly run off the main thread, this can allow us to free
some main-thread time.
Bug: v8:7829, v8:8706
Change-Id: I03f2690eb7b22e941995d6f2697e64211ddbeffb
Reviewed-on: https://chromium-review.googlesource.com/c/1430069
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59044}
For the reference types anyref, anyfunc, and nullref, there exist
sub-typing rules. The spec says
A reference type reftype1 matches a reference type reftype2 if and only
if:
* Either both reftype1 and reftype2 are the same.
* Or reftype1 is nullref.
* Or reftype2 is anyref.
This CL introduces the type nullref for ref-null, and implements the
sub-typing rules in the function-body-decoder.
Note that because of the sub-typing check validation performance may
regresses. In that case we can optimize the sub-typing check.
R=titzer@chromium.org, clemensh@chromium.org
Bug: v8:7581
Change-Id: I55bab72a109f3374da3770d141b0fc8067aad8b2
Reviewed-on: https://chromium-review.googlesource.com/c/1430061
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59043}
For jitless mode, we must be able to switch between the native regexp
engine and interpreted regexps at runtime since --jitless is itself a
runtime flag.
This CL unconditionally compiles in the regexp interpreter in all
builds. It can be toggled through the --regexp-interpret-all flag.
Bug: v8:7777, v8:8678
Change-Id: Iadd21a152de7c07586d5af32bee5fdf9931f1a01
Reviewed-on: https://chromium-review.googlesource.com/c/1408929
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59041}
v8::Global may be used as a weak reference. In the case this reference is a
simple phantom reference, we need to update the internal state to be able to
clear the right slot once the object refered to is dead.
Bug: chromium:924220
Change-Id: I2ab7c3afcbe22988791faef406c284db03a43caf
Reviewed-on: https://chromium-review.googlesource.com/c/1430101
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59040}
This reverts commit c5154eeada.
Reason for revert: Broke ASAN bot
Original change's description:
> [build][torque] remove workarounds for clang bug
>
> Now that https://bugs.llvm.org/show_bug.cgi?id=40118 has been fixed and
> rolled into V8, we can remove the workarounds for this Clang bug.
>
> This also effectively reverts
> https://chromium-review.googlesource.com/c/v8/v8/+/1280222
>
> Bug: chromium:893437
> Change-Id: Ia0d6d8ebdafafbc380b1b7a7809ef16effe50d71
> Reviewed-on: https://chromium-review.googlesource.com/c/1425519
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58987}
TBR=jarin@chromium.org,tebbi@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:893437 chromium:924534
Change-Id: Idfc266c11e3413334a12694dd573bdecf5427890
Reviewed-on: https://chromium-review.googlesource.com/c/1430067
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59039}
The implementation already exists, but the test doesn't.
R=titzer@chromium.org
Bug: v8:7581
Change-Id: I42e1b0a1c930ec4cc1f1701d5613828acab4fc30
Reviewed-on: https://chromium-review.googlesource.com/c/1426123
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59038}
The table.init bytecode copies a range of elements from an element
segment into a table, trapping if the segment is not passive, is
dropped, or would cause out-of-bounds accesses.
R=mstarzinger@chromium.orgCC=binji@chromium.org
BUG=v8:7747
Change-Id: Ib27af9cca45a464fd1f876ddd092e99941481896
Reviewed-on: https://chromium-review.googlesource.com/c/1430063
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59037}
Directly access the std::vector buffer backing store to write bytes. By
reserving enough space upfront we can avoid many superflous bounds checks
that were previously necessary when using push_back.
Change-Id: I9b2fb467809e40743b0d9409c9cccb0c6f36f8c1
Reviewed-on: https://chromium-review.googlesource.com/c/1425910
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59036}
This is a reland of 92d9b09c0e.
Patch unchanged, errors fixed by https://crrev.com/c/1430059.
Original change's description:
> [wasm] Decouple background compile jobs from NativeModule
>
> Background compile jobs should not keep the NativeModule alive, for two
> reasons:
> 1) We sometimes have to wait for background compilation to finish (from
> a foreground task!). This introduces unnecessary latency.
> 2) Giving the background compile tasks shared ownership of the
> NativeModule causes the NativeModule (and the CompilationState) to
> be freed from background tasks, which is error-prone (see
> https://crrev.com/c/1400420).
>
> Instead, this CL introduces a BackgroundCompileToken which is held
> alive by the NativeModule and all background compile jobs. The initial
> and the final phase of compilation (getting and submitting work)
> synchronize on this token to check and ensure that the NativeModule is
> and stays alive. During compilation itself, the mutex is released, such
> that the NativeModule can die.
> The destructor of the NativeModule cancels the BackgroundCompileToken.
> Immediately afterwards, the NativeModule and the CompilationState can
> die.
>
> This change allows to remove two hacks introduced previously: The atomic
> {aborted_} flag and the {FreeCallbacksTask}.
>
> R=mstarzinger@chromium.org
> CC=titzer@chromium.org
>
> Bug: v8:8689, v8:7921
> Change-Id: I42e06eab3c944b0988286f2ce18e3c294535dfb6
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
> Reviewed-on: https://chromium-review.googlesource.com/c/1421364
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59020}
TBR=mstarzinger@chromium.org
Bug: v8:8689, v8:7921
Change-Id: Iead972ef77c8503da7246cab48e7693b176d8f02
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1429862
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59035}
This implements support for the "throw" operation in the interpreter.
Note that support for catching/handling exceptions is still missing
from the interpreter in will be done separately.
This also introduces a {WasmExceptionPackage} class to the object model
that acts as an interface for allocating and accessing exceptions that
originate from WebAssembly. It does not represent a new instance type
however as exceptions are instances of {WebAssembly.RuntimeError} for
now.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions
BUG=v8:8091
Change-Id: I1f0cb548efb798e3c1488d42e4a31421c3c1aada
Reviewed-on: https://chromium-review.googlesource.com/c/1430099
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59033}
This was disabled in 2014 (https://crrev.com/267383002), together with
a comment about a broken serializer. The conditional v8 initialization
was since then moved back to be unconditional, but the TearDown was
never restored.
Now we need it for wasm, since during tear down the wasm engine
synchronizes on all background compile jobs. Omitting this leads to
uses of the disposed platform (see https://crrev.com/c/1429861).
R=mstarzinger@chromium.org
Bug: v8:8689, v8:7921, v8:8725
Change-Id: Ia24f746094f38fc6ce349532587b622384379125
Reviewed-on: https://chromium-review.googlesource.com/c/1430059
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59032}
- Output from console.timeEnd is now supported
- The final result is printed in table format with ; separator,
making it easy to copy/paste into a spreadsheet.
- Various style improvements.
Change-Id: Iba00ee54720344765262b5cc44c1e939278b03a4
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/1405030
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59030}
Otherwise we might come across invalid locations.
Bug: chromium:923675
Change-Id: I0b01ba4b11cc7270744ec438bedb0b8ada2aa29d
Reviewed-on: https://chromium-review.googlesource.com/c/1426126
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59026}
The Assembler class (or some of them at least) have a CodeTargetAlign
method that aligns the code to a target specific value (16 byte on x86,
8 byte on arm). However, these were not used. Instead we always aligned
to 16 byte boundaries, hence wasting up to 8 bytes on arm.
Change-Id: Iee7d24ebc13a9a58002a9d7d0ce53955bee7d628
Reviewed-on: https://chromium-review.googlesource.com/c/1426125
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59024}
Code object iteration was missing logic for RELATIVE_CODE_TARGET
reloc entries. Garbage collection could thus miss objects that were
referenced only as targets of pc-relative calls or jumps.
RELATIVE_CODE_TARGETs are only used on arm, mips, and s390 and only
at mksnapshot-time.
This exposed another issue in that the interpreter entry trampoline
copy we generate for profiling *did* contain relative calls in
runtime-accessible code. This is a problem, since code space on arm is,
by default, too large to be fully addressable through pc-relative
calls. This CL thus also disables the related
FLAG_interpreted_frames_native_stack feature on arm.
Drive-by: Ensure the builtins constants table does not contain Code
objects.
Bug: v8:8713,v8:6666
Change-Id: Idd914b46970ad08f9091fc72113fa7aed2732e71
Reviewed-on: https://chromium-review.googlesource.com/c/1424866
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59023}
This reverts commit 92d9b09c0e.
Reason for revert: Crashes on several bots, e.g. https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20UBSan/4237
Original change's description:
> [wasm] Decouple background compile jobs from NativeModule
>
> Background compile jobs should not keep the NativeModule alive, for two
> reasons:
> 1) We sometimes have to wait for background compilation to finish (from
> a foreground task!). This introduces unnecessary latency.
> 2) Giving the background compile tasks shared ownership of the
> NativeModule causes the NativeModule (and the CompilationState) to
> be freed from background tasks, which is error-prone (see
> https://crrev.com/c/1400420).
>
> Instead, this CL introduces a BackgroundCompileToken which is held
> alive by the NativeModule and all background compile jobs. The initial
> and the final phase of compilation (getting and submitting work)
> synchronize on this token to check and ensure that the NativeModule is
> and stays alive. During compilation itself, the mutex is released, such
> that the NativeModule can die.
> The destructor of the NativeModule cancels the BackgroundCompileToken.
> Immediately afterwards, the NativeModule and the CompilationState can
> die.
>
> This change allows to remove two hacks introduced previously: The atomic
> {aborted_} flag and the {FreeCallbacksTask}.
>
> R=mstarzinger@chromium.org
> CC=titzer@chromium.org
>
> Bug: v8:8689, v8:7921
> Change-Id: I42e06eab3c944b0988286f2ce18e3c294535dfb6
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
> Reviewed-on: https://chromium-review.googlesource.com/c/1421364
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59020}
TBR=mstarzinger@chromium.org,clemensh@chromium.org
Change-Id: I724f460f5aa654a9e75d3ce73d351214e69e2d96
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8689, v8:7921
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1429861
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59022}
The receiver is now passed around as the first argument in the Hints array.
This allows for Construct bytecodes to not supply it at all.
Bug: v8:7790
Change-Id: Iae57095526dbc52ed12e0f884875ceb07280c371
Reviewed-on: https://chromium-review.googlesource.com/c/1426118
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59021}
Background compile jobs should not keep the NativeModule alive, for two
reasons:
1) We sometimes have to wait for background compilation to finish (from
a foreground task!). This introduces unnecessary latency.
2) Giving the background compile tasks shared ownership of the
NativeModule causes the NativeModule (and the CompilationState) to
be freed from background tasks, which is error-prone (see
https://crrev.com/c/1400420).
Instead, this CL introduces a BackgroundCompileToken which is held
alive by the NativeModule and all background compile jobs. The initial
and the final phase of compilation (getting and submitting work)
synchronize on this token to check and ensure that the NativeModule is
and stays alive. During compilation itself, the mutex is released, such
that the NativeModule can die.
The destructor of the NativeModule cancels the BackgroundCompileToken.
Immediately afterwards, the NativeModule and the CompilationState can
die.
This change allows to remove two hacks introduced previously: The atomic
{aborted_} flag and the {FreeCallbacksTask}.
R=mstarzinger@chromium.orgCC=titzer@chromium.org
Bug: v8:8689, v8:7921
Change-Id: I42e06eab3c944b0988286f2ce18e3c294535dfb6
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1421364
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59020}
This CL prepares JSON#stringify for improved error messages when
serializing circular structures. To this end, we also push the
key/index, in addition to the object itself, onto the stack that keeps
track of circular structures.
The stack itself is changed from a JSArray to a std::vector.
R=yangguo@chromium.org
Bug: v8:6513, v8:8698
Change-Id: I6dc4cb3be75a4514281411c654337f37c8798e55
Reviewed-on: https://chromium-review.googlesource.com/c/1424863
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59019}
