From verwaest@ work on the Json's parser, we know that removing the allocation type argument when creating objects using the factory class increases performance. This will also allow us to optimise these functions in a latter CL.
Change-Id: If78f62a63fe41453f4def8bea77b6eddc2ab7f36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792168
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#63670}
functionality is:
If rhs_is_smi is true, we are sure that rhs is a Smi.
If rhs_is_smi is false, rhs might or not be a Smi.
Therefore, rhs_known_smi fits better.
Change-Id: Ie6dd0446ef85ba0730189e2012a21c24d1731b74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796551
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63669}
This CL changes how variables are resolved during debug evaluate.
We now re-parse the whole script when creating a ScopeIterator.
This gives us accurate scope information for all parent scopes of the
closure in which we stopped. Using this information, we build
blacklists of stack-allocated variables. Each context on the chain
in between the closure context up to the original native context is
wrapped in a debug-evaluate context with such a blacklist attached.
Variable lookup for debug-evalute contexts then works as follows:
1) Look up in the materialized stack variables (stayed the same).
2) Check the blacklist to find out whether to abort further lookup.
3) Look up in the original context.
Steps 1-3 is repeated for each debug-evaluate context, since they
mirror the original context chain.
R=ulan@chromium.org, yangguo@chromium.org
Change-Id: Ied8e5786772c70566da9627ee3b7eff066fba2b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795354
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63666}
Fix build errors introduced by
commit af063685fe
and not fully fixed by
commit db3cc4a247
Change-Id: Ifdc92f5d55061670127999058d374914985df762
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795643
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mu Tao <pamilty@gmail.com>
Auto-Submit: Mu Tao <pamilty@gmail.com>
Cr-Commit-Position: refs/heads/master@{#63665}
Port ab0f971091
Original Commit Message:
- Eliminates non-const reference parameters in test/cctest.
Change-Id: I038314e0cc2b28e70e7ebcbd2d076ef62893285e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795646
Commit-Queue: Mu Tao <pamilty@gmail.com>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Auto-Submit: Mu Tao <pamilty@gmail.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63664}
Rolling v8/build: 2d9fa32..0f7adef
Rolling v8/buildtools: 74cfb57..cd73d21
Rolling v8/buildtools/linux64: git_revision:152c5144ceed9592c20f0c8fd55769646077569b..git_revision:ad9e442d92dcd9ee73a557428cfc336b55cbd533
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/884c81e..050abd8
Rolling v8/third_party/depot_tools: e5641be..d207f49
Rolling v8/third_party/googletest/src: 3a45039..33a0d4fTBR=machenbach@chromium.org,tmrts@chromium.org
Change-Id: I465ba35dd9e70e02c684687b656c34c5bd53ff23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796705
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63661}
Reuse the existing builtin and extension infrastructure to provide a
garbage collection mechanism that allows for asynchronous execution.
On --expose-gc, this changes the gc call to parse parameters the
following:
(1) Parse options when encountering an options object with known properties.
(2) No parameters is parsed as
{type: 'major', execution: 'sync'}.
(3) Truthy parameter that is not setting options is parsed as
{type: 'minor', execution: 'sync'}.
(2) and (3) preserve backwards compatibility for existing callers as this may be
used widely across various test and benchmarking infrastructures.
Valid options:
- type: 'major' or 'minor' for full GC and Scavenge, respectively.
- execution: 'sync' or 'async' for synchronous and asynchronous
execution respectively.
Returns a Promise that resolves when GC is done when asynchronous execution
is requested, and undefined otherwise.
Note: This is implemented as builtin to avoid having any stack at all. This
information is also passed to the embedder to allow skipping stack scanning.
Change-Id: Ie5c9b6f0d55238abfeb9051ffa1837501d474934
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1793143
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63659}
Bug: v8:9553
Change-Id: I376d4bd3d1554e1ed0bdeea79c47bd2a45e643d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795886
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63657}
Port f72c844aa7
Original Commit Message:
Port f5ab7d38be
Port 65f3861e3b
Original Commit Message:
In a new test suite: "wasm-api-tests", using a new binary "wasm_api_tests",
powered by gtest/gmock (like unittests).
Also fix a bunch of issues that these tests uncovered, mostly to ensure
that the stack is walkable.
R=miladfar@ca.ibm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Id52e771fee79210d6c295cecf56a322657cf2b8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795864
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#63655}
This reverts commit 05d83a0e73.
Reason for revert: We passed the M78 branch point and should proceed testing
the new elements kinds support.
Original change's description:
> Temporarily disable frozen/sealed elements kinds
>
> ... to prepare for merging this back to stable channel.
>
> Bug: chromium:992914
> Change-Id: Icbb257b5c02417d9222e60346575567360376264
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762021
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Auto-Submit: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63277}
TBR=leszeks@chromium.org,ishell@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:992914, v8:996176
Change-Id: Iaa36c140c0c9c72ca0e58f5c3e7d4cad67027085
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795342
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63653}
Rather than duplicating code paths for in- and out-of-object stores,
have one code path which checks whether it needs to load the property
store (and change the storage location to the HeapNumber value for
unboxed doubles).
As a drive-by, change the representation dispatch into a switch, and
inline the representation checks into that switch, to make explicit
what checks for what and which paths transform the value. Also, TNodify
some of the surrounding functions.
Change-Id: Ia1bf698b4cec3ffce9aaa5732cda2e3be9efd8e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795345
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63652}
If there are multiple code spaces, make sure to patch the jump tables
in all of them.
R=mstarzinger@chromium.org
Bug: v8:9477
Change-Id: I2ec3d3de913b99623fd310004555337329588da0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789289
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63651}
This CL changes how we handle the case when both --regexp-tier-up and
--regexp-interpret-all flags are on. Previously, we had a CHECK that would
crash if both flags were turned on, now we turn off the tier-up flag and
print a warning message.
Change-Id: I902a59cac9aaf316be05ab2acaee233aa32e023d
Bug: chromium:1002242
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795353
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ana Pesko <anapesko@google.com>
Cr-Commit-Position: refs/heads/master@{#63648}
After https://crrev.com/c/1793065 the test should be fast enough to
execute it everywhere.
R=mslekova@chromium.org
Bug: v8:9696, v8:7783
Change-Id: I2485d703d6e973217eddde2f2814e31f7fcd8a61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795343
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63647}
An upcoming CL will remove the COLLECT_NON_LOCALS support of the
ScopeIterator. The DebugStackTraceIterator uses the list of non-locals
to restore the receiver for arrow functions.
This CL extracts the relevant logic into a small helper and calls
it directly.
Change-Id: Ia396fd599e41ca65810497d2f5228619cfdf7cc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795347
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63645}
This CL is necessary for disabling write-barriers that involoves
referencing pages via address arithmetic, which is required from
third-party heap implementation.
Change-Id: I1d3f572d48015e5c8cf691b2dc71a32834621c2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781008
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63644}
Since we switched to C++14 now, we can use {std::make_unique} instead
of our own {base::make_unique} from {template-utils.h}.
R=mstarzinger@chromium.org, yangguo@chromium.org
Bug: v8:9687
No-Try: true
Change-Id: I660eb30038bbb079cee93c7861cd87ccd134f01b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789300
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63642}
We don't handle all cases for stores to typed arrays in the builtins
related to storing a property. Bailout to runtime when storing into
a typed array if the property is not found on the object.
Bug: chromium:996161
Change-Id: I684c7c4f526b15cdfb5bfe3fd23218910486a59e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789396
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63639}
No invalidation of slots necessary for String::MakeThin. ThinString
only stores tagged value, so it can't store an untagged value in a
recorded slot. CreateFillerObjectAt takes care of slots in case of
right-trimming objects.
Bug: v8:9454
Change-Id: Id16e8ebceb334a845bdbf77282fbeb2069efce7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1794682
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63637}
When analyzing functions scopes with the script_scope as parent, don't
skip migrating unresolved variables upwards if we could still be inside
an arrow head, which means accesses to those variables will be
correctly context allocated.
Bug: v8:8510, chromium:1000094
Change-Id: I684f2f8bc692de420203990f93e5c943b5b769c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789705
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63635}
Fix build errors introduced by
commit af063685fe
Change-Id: I467ea39f020d07bed00875f69152191b94029dd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1794327
Auto-Submit: Mu Tao <pamilty@gmail.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63633}
Port 9f01d5c1e0
Original Commit Message:
Stack overflow checks are typically implemented as part of the TurboFan
graph of a function. This means that the stack check code is executed
after frame construction. When a frame is too big, though, there may not
be enough space on the stack anymore to throw the stack overflow
exception after frame construction. With this CL we do an additional
stack check before frame construction for functions with big frames.
As discussed offline with mstarzinger, I do this change currently only
for WebAssembly.
This CL contains only the changes for arm. I will do the other platforms
in separate CLs
R=xwafish@gmail.com
Change-Id: I46c6dd8fac1385e5da13e03cfffd9c640a7c2c57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792582
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Mu Tao <pamilty@gmail.com>
Cr-Commit-Position: refs/heads/master@{#63632}
It looks like the loop is there to create objects and trigger GC. It's
also tailored to Crankshaft, which was removed long ago.
This code currently times out on some arm bots, and it's hard to see
any value in it. Thus remove it.
R=mslekova@chromium.org
Change-Id: Ia47d4f70d679f79cfea523f467ff7adc3360cf6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1793065
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63630}
v8_debug_helper attempts to flag known object pointers when it can
recognize them, even if the memory pointed to is not available in the
crash dump. In ptr-compr builds, the first pages of the map space,
read-only space, and old space are always at the same offsets within the
heap reservation region, so we can more easily detect known objects.
Bug: v8:9376
Change-Id: I04e0d2357143d753f575f556e94f8fd42ce9d811
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783729
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63624}
This CL implements the tier-up strategy where the interpreter can be used for
an arbitrary number of executions for every regex, before tiering-up to the
compiler. The only exception is for functional global replaces, where we
eagerly tier-up to native code right away.
To use the tier-up logic --regexp-tier-up=value needs to be set. It is
currently set to 0 by default.
Change-Id: I770857e5eae710a952fe47661cb42957c53848b4
Bug: v8:9566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789299
Commit-Queue: Ana Pesko <anapesko@google.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63623}
The fuzzer found a crash when we want to execute the {valueOf} function
of an imported value for an i64-global. The problem is that we cannot
execute JavaScript at that moment (I did not check why, I guess we open
some scope at some point). I checked the WebAssembly spec now, and it
defines that only numbers are valid values for imported globals. I
adjust our bigint implementation accordingly with this CL, i.e. that
only bigint values are valid as imported i64-globalsl.
I also created github issues to discuss this problem.
R=jkummerow@chromium.org
Bug: chromium:1001804
Change-Id: I47f0b31fab53163346f341ad290fd3c58e7707bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792167
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63621}