This reverts commit ac79b539ec.
Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim/18611
Original change's description:
> [arm64] Refactor constant pool implementation
>
> This refactors the constant pool handling for arm64. The immediate goal
> is to allow 32bit compressed pointers in the pool. The mediate goal is
> to unify the implementation with the arm constant pool, which will be
> done in a follow-up CL.
>
> Bug: v8:8054
> Change-Id: I74db4245e5e1025f2e4de4144090fa4ce25883ab
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645316
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62209}
TBR=mstarzinger@chromium.org,sigurds@chromium.org,jgruber@chromium.org,georgia.kouveli@arm.com
Change-Id: Iff03e81a2e70d125ef2c06b6ff3aff8d0e3688ef
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8054
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662293
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62211}
This adds preliminary support for storing constructed WebAssembly
functions in tables. Note that for now only tables at index #0 are
supported, extending it to other tables indexes will be done as a
follow-up.
R=ahaas@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: I9aa07813e07f0ceb4eafe37af412b45c7d235722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640209
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62210}
This refactors the constant pool handling for arm64. The immediate goal
is to allow 32bit compressed pointers in the pool. The mediate goal is
to unify the implementation with the arm constant pool, which will be
done in a follow-up CL.
Bug: v8:8054
Change-Id: I74db4245e5e1025f2e4de4144090fa4ce25883ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645316
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62209}
RegExp assertions (e.g.: '^', '$', '\b', ...) sequences have certain
properties that this rewriter exploits:
1. They are zero-width and order-independent, thus one can remove all
duplicate assertions.
2. If a subsequence is guaranteed to fail, the entire sequence fails.
Any sequence always known to fail (e.g. containing both '\b' and '\B')
can be rewritten to a single node that triggers failure.
This CL generalizes the previous optimization for repeated assertions
to be order-independent, i.e. assertions only have to be in the same
sequence but not next to each other.
Bug: v8:6515, v8:6126
Change-Id: I3f92f081ce8a55ad8c34c269a09a6686e3b008f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657925
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62201}
This extends the existing Isolate::SetAllowCodeGenerationFromStringsCallback
mechanism, by adding SetModifyCodeGenerationFromStringCallback, which
can also modify the eval argument (it could e.g. add escaping).
Bug: chromium:940927
Change-Id: I2b72ec2e3b77a5a33f428a0db5cef3f9f8ed6ba2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593336
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62185}
- Lower LoadObjectField to LoadFromObject
- Mark LoadFromObject and StoreToObject as non-allocating
- Use optimizable BitcastTaggedSignedToWord in TaggedIsNotSmi check
R=jarin@chromium.org, tebbi@chromium.org
Change-Id: I42992d46597be795aee3702018f7efd93fcc6ebf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657926
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62173}
The CL https://crrev.com/c/1646846 changed column numbers for Wasm
frames in Error.stack traces. Instead of using the offset relative to
the beginning of the function, the absolute offset inside the module
is displayed as hex.
This CL propagates that change to the StackTrace C++ API, so
StackFrame::GetColumn() also returns the absolute offset. Note that the
StackFrame API historically uses "0" to signal "no information", so the
line and column numbers for Wasm frames are also adjusted to 1-based,
even though they signify function index and absolute offset
into the module.
This CL does not touch Script::PositionInfo.column. That field still
contains the offset relative to the function start.
Bug: v8:8742
Change-Id: If4fd37fa681c7ebd0823ce0d95eccc1335c35272
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655300
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62171}
Func::type() was broken for functions created with Func::make().
Change-Id: I2867bcf00d9e5c1488165a804598c9ca8081ff25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655648
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62167}
When iterating over the holdings inside the cleanup callback,
we could potentially unregister the weakref which is next or
prev on the key list causing these checks to be incorrect.
Bug: v8:9360, v8:8179
Change-Id: I53ea12346eb4882b16a82677b64ba2c756d23a1c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658161
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62165}
Disable bytecode flushing for test as it messes up lazy source
positions and the flags aren't representative anyway.
Bug: v8:8510
Change-Id: I6d5bc8dcd174a9bfc48f682518e6c62d79acb691
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658152
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62155}
This is a reland of 811bfbbc56
Original change's description:
> [regexp] Move AST-to-Node code to a dedicated file
>
> Prior to this CL, jsregexp contains a bunch of things that are slightly
> related but would be cleaner in separate files, including: AST-to-Node
> transformations, the compiler implementation, and a debugging printer.
>
> This CL extracts AST-to-Node transformations.
>
> Bug: v8:9359
> Change-Id: I030cfca5c40cfd72e3a7abe2188e4654cfe2277c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655303
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62148}
Tbr: yangguo@chromium.org
Bug: v8:9359
Change-Id: I68a16086dc56c9a059547033ca8bc1e9de1080db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658568
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62154}
Include API-instantiated functions in the definition of Callable so
that PromiseReactionJobTask::handler can verify correctly. Also make
Callable verification stricter regarding JSProxy instances: they must
have the callable bit set.
Also update test-weak-references to use a different object type, since
FeedbackVector::optimized_code_weak_or_smi should never point to a
FixedArray.
Bug: v8:9311
Change-Id: I4242df993e381a75f5b53302fee8fd2b12e96d34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1650563
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62153}
The store element handlers don't check if the array length is writable
before updating the length. Since this is not expected to be a common
case no need of handling this in the element handlers. Just moving to
megamorphic would be sufficient.
Bug: chromium:967104
Change-Id: I7a7f9ea768266b9ffd6289328d61d2297d455619
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658154
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62152}
This reverts commit 811bfbbc56.
Reason for revert: Breaks noi18n build (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20noi18n%20-%20debug/27201)
Original change's description:
> [regexp] Move AST-to-Node code to a dedicated file
>
> Prior to this CL, jsregexp contains a bunch of things that are slightly
> related but would be cleaner in separate files, including: AST-to-Node
> transformations, the compiler implementation, and a debugging printer.
>
> This CL extracts AST-to-Node transformations.
>
> Bug: v8:9359
> Change-Id: I030cfca5c40cfd72e3a7abe2188e4654cfe2277c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655303
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62148}
TBR=yangguo@chromium.org,jgruber@chromium.org,petermarshall@chromium.org
Change-Id: I079e15b02d73d81aef806992f324f08d7008e367
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9359
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658160
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62149}
Prior to this CL, jsregexp contains a bunch of things that are slightly
related but would be cleaner in separate files, including: AST-to-Node
transformations, the compiler implementation, and a debugging printer.
This CL extracts AST-to-Node transformations.
Bug: v8:9359
Change-Id: I030cfca5c40cfd72e3a7abe2188e4654cfe2277c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655303
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62148}
ObjectPreventExtensions and ReflectPreventExtensions are now Torque builtins (previously CPP) and the Proxy path is implemented completely in Torque while everything else calls into runtime (and is thus a bit slower than previously).
Perf improvement in micro-benchmark JSTests/Proxies
Before:
PreventExtensionsWithoutTrap-Proxies(Score): 1978
PreventExtensionsWithTrap-Proxies(Score): 739
After:
PreventExtensionsWithoutTrap-Proxies(Score): 3017
PreventExtensionsWithTrap-Proxies(Score): 2044
Bug: v8:6664
Change-Id: I6505d730cea6b0d197f6f5d0540b39056c8b763d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1652688
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62130}
JSModuleNamespace does not have well defined CreationContext: current
implementation of JSReceiver::GetCreationContext crashes on CHECK.
R=lushnikov@chromium.org,yangguo@chromium.org
Bug: none
Change-Id: Ie2c0bfa39117d42d81f9709c21376c177b18e5ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1652559
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62128}
Make sure to use the callback passed to cleanupSome
Bug: v8:8179
Change-Id: Ia5d90b56edf80e05bdaf0dc520b555c29042b64c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655306
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62122}
With bytecode flushing and lazy feedback allocation, we need to call
%PrepareForOptimization before we call %OptimizeFunctionOnNextCall,
ideally after declaring the function.
Bug: v8:8801, v8:8394, v8:9183
Change-Id: I3fb257282a30f6526a376a3afdedb44786320d34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648255
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62119}
This adds regexp-macro-assembler-arch.h which contains the arch-specific
include dispatch.
Change-Id: Ibc2be8059d54b57afeed9b7ce244229ce1bd79bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655296
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62118}
This is pre-work for a refactoring that changes how heap objects
are handled in the assembler: Currently, we put the handle location in
the constant pool, and replace these with the actual heap object when
we copy the code from the assembler's buffer to the heap.
In the future, we will put a small index in the constant pool, which
will ultimately enable 32bit constant pool slots for compressed heap
objects. This small index will be fixed up when we copy the code to
the heap.
This CL makes the assembler tests copy the code to the heap, which
ensures that the fix-up phase is actually run.
Change-Id: I80cd69dc57414a3bd0a27f8d558616aadcae05a2
Bug: v8:7703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647166
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62112}
As a component of the wider Turbofan logging scheme, it makes sense
for JSHeapBroker logging to come through flags specified in the
OptimizedCompilationInfo class, which uses --trace-turbo-filter
to control which functions are logged.
Bug: v8:7790
Change-Id: I3b068d8be78867ab0bd9607dda9eca4123b9d7b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655297
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62111}
API calls made via the CallApiCallback builtin, which is used from the
ICs and optimized code, are currently misattributed to the wrong counter
InvokeFunctionCallback instead of FunctionCallback. In addition we don't
use the C trampoline when only runtime call stats are enabled, but the
Chrome DevTools profiler is not active, which means that these calls
will not be attrituted properly at all, and that had to be worked around
using all kinds of tricks (i.e. disabling fast-paths in ICs when RCS is
active and not inlining calls/property accesses into optimized code
depending on the state of RCS).
All of this was really brittle and only due to the fact that the central
builtin didn't properly check for RCS (in addition to checking for the
CDT profiler). With this fix it's now handled in a central place and
attributed to the correct category, so user code doesn't need to worry
about RCS anymore and can just call straight into the fast-path.
Drive-by-fix: Do the same for AccessorInfo getter calls, which share the
core hand-written native code with the API callback logic.
Bug: v8:9183
Change-Id: Id0cd99d3dd676635fe3272b67cd76a19a9a9cea4
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1651470
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62109}
Currently, in wasm-function stack traces, v8 displays the decimal offset
from the start of the function. However, the WebAssembly WebAPI
specification says that it should be a hex offset into the module.
This change makes the stack trace display with hex module offsets, as
well as fixing all the unit tests that depended on the old behaviour.
R=fgm@chromium.org, titzer@chromium.org, yangguo@chromium.org
Bug: v8:9172
Change-Id: I73737a319a42dd665521ab8a4b825199ae11c87f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1646846
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Guanzhong Chen <gzchen@google.com>
Cr-Commit-Position: refs/heads/master@{#62103}
It was a good flag, but it's time to say goodbye. Let us take a moment
to remember the good times we've had during its short time on earth.
It shipped in Chrome 74.
BUG=v8:8523
R=adamk@chromium.org, mathias@chromium.org, gsathya@chromium.org
Change-Id: I37e58360614c0bb3582b8bbfac795d5ed3e5a149
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1641205
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Auto-Submit: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#62099}
This CL adds lint errors for unused Torque macros. To prevent lots of
noisy warnings, the check is rather narrow. Macros declared as "extern"
or marked with "@export" are ignored. Also macros starting with "Convert",
"Cast" or "FromConstexpr" are not checked.
Drive-by: Removing some unused macros.
Bug: v8:7793
Change-Id: Ie0d2e445f8882a9b0ebbda45876b342abf341248
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645312
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62092}
An error object's 'stack' property is lazily formatted once the
property is first read. It is thus possible that lazy formatting
happens in a different realm than where the error object was
constructed.
In this case, we should use the origin-realm's prepareStackTrace
function to format the stack trace.
This CL implements that behavior by fetching prepareStackTrace from
the given error object's context's error function.
Bug: v8:7848
Change-Id: Ibc383cf24f2c0dab2fd8bb7bc740f1488d9954a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1113438
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62090}
This CL adds a lint error for variables that are unnecessarily bound
with 'let' when they could be bound using 'const. This test is skipped
for struct types. For struct types, the "constness" also depends on
the struct methods called and whether these methods write to the struct
or not. This is not straight-forward to detect.
Drive-by: Fix all the newly introduced lint errors.
Bug: v8:7793
Change-Id: I0522ffcc4321350eef2e9573b8430bc78200ddce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645322
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62085}
This CL introduces an 'import' statement. It does not produce any AST
node. The AST contextual directly collects what source id imports what other
source id.
Currently the import map is unused. In the future, import syntax will be
used to implement partial compilation.
Bug: v8:7793
Change-Id: I5f09e6254d7ca2e7bc1a93d2e2d82e202cafc8ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649357
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62080}
This CL adds two mjsunit tests that transition an error object to
dictionary mode before and after Error.stack is formatted and verify
that the custom 'stack' property accessor works as intended.
Bug: v8:8742
Change-Id: I4beb52c75b94533c10fac007f41117ab8915fac8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649789
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62078}
This CL is the starting point to convert all FrameArray users to
use StackTraceFrame objects instead.
Bug: v8:8742
Change-Id: I7bd0081dfd428e9914dedebd5065ac262aacec0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627332
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62076}
Quotes have been added around the token to make the message clearer.
Bug: chromium:943636
Change-Id: Ic38f3e6d307157af2c0146e69fb611a2cfb46564
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593307
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62074}
The path for sealed elements is handled by using the same path for SmiOrObjectElementKind, just need to extend a DCHECK in CodeStubAssembler::IsFixedArrayWithKind.
The only special case is when we write to a hole in holey sealed elements. Since we can not write in that case, just bail out.
Bug: chromium:967101
Change-Id: Ibf837ae053fe609bca83da432f298ef056f3aced
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632830
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62071}
The CloneObject bytecode was only able to handle objects, null and
undefined, and explicit bytecode had to be generated to perform the
ToObject outside the bytecode (unlike the other IC bytecodes that
just perform the ToObject implicitly). That means the simplest possible
object cloning would also generate a sequence of 5 bytecodes (at least):
```
Mov <register>, a0
JumpIfNull @1
JumpIfUndefined @1
ToObject <register>
1: CloneObject <register>
```
That is quite wasteful and unnecessary, since the core logic in the
runtime already does the ToObject properly anyways. This change
refactors the CloneObjectIC slightly to behave more like the other ICs
and do the ToObject implicitly when necessary.
Bug: v8:7611, v8:9114, v8:9183, v8:9343
Change-Id: I11973e90bf875f154a5a7739287bee17041e4a7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649554
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62064}
PrintWasmText is used for disassembling wasm code in DevTools, but many
instructions are not implemented. This test should make it easier to
remember to implement this when adding new instructions.
Change-Id: I6030a70113320f11a1ac0436bf0d220b5c41e6d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647475
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62063}
The DoubleToFloat32 helper takes care of everything, so use it
consistently.
Bug: chromium:969498
Change-Id: If71e5374684b89615006548cb0329f4d4cb7fd6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648253
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62062}
The linked lists of FreeLists could contain empty elements
(FreeListCategories whose `top()` is null). The code is carefuly
written so that this case won't break anything (probably just slow
things a little bit). When `FreeList::FindNodeIn` (the fast path of
`FreeList::Allocate`) found such an empty `FreeListCategory`, it
removed it by calling `FreeList::RemoveCategory`, and looked in the
next `FreeListCategory` of the same size. However, on the slow path of
`FreeList::Allocate`, the functions that iterates the
`FreeListCategory` are `FreeList::TryFindNodeIn` and
`FreeListCategory::PickNodeFromList`, none of which removed empty
elements. Therefore, it could happen that a `FreeListCategory` "real"
first element could be used, but was never considered due to the top of
the linked list being empty. The behavior for the slow path should be
the same as for the fast path on that regard.
The problem was actually deeper than that: FreeListCategories were not
always in a consistent state, since they could have empty members. The
removal of those empty elements should be done as soon as they are
created, ie when allocating the last element.
This CL ensures that empty FreeListCategories are removed as soon as
they become empty.
Bug: v8:9329
Change-Id: Idda8096dc5978745894854a0405da59f7e8691a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648476
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62058}
When trying to find a spot in the freelists for a tiniest object,
the tiny freelist was never searched.
This was fixed by modifying FreeList::Allocate in order to handle
that special case.
A test was added in cctest/heap/test-spaces.cc. It allocates a
Tiny object on a new page, then fills up the page, then frees the
first object, and finally tries to allocate a Tiniest
object. Before, this Tiniest object would go on a different page;
now it goes on the same one (which is what the test checks for).
Bug: v8:9329
Change-Id: Ia810726d1bfe1dae4ef2055a7f5b314b1514ee9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647162
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62055}
Currently, decompression elimination may reduce phis by pushing decompressions in the value inputs of the phi "down" and replacing it by a single decompression following the phi node. Because of the way that the replacement is currently done, other reducers in the same phase will not generally get a chance to revisit the modified phi.
In the specific case of v8:9335 this blocked an additional optimization in CommonOperatorReducer from being applied, causing the overall load elimination test to fail.
This CL fixes the replacement behavior in decompression elimination to also allow for revisitations of the modified phi node.
Bug: v8:9335 v8:9336
Change-Id: I3ca5686dacb41a525160b08456905ba77cf28b39
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Change-Id: I3ca5686dacb41a525160b08456905ba77cf28b39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648238
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Schmid <gsps@google.com>
Cr-Commit-Position: refs/heads/master@{#62054}
Adding and improving tests should have as little friction
as possible.
Change-Id: I61c09ccadf12b7367979fbf3b8cb97a64e0c70bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648243
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62038}
As per the new specs, when the exception is thrown by iterator's return method
while doing iterator close because it is not callable, the exception is
suppressed in the same way as if the return method is called and threw an exception.
https://github.com/tc39/ecma262/issues/1398
Bug: v8:9056
Change-Id: I21abd5fdd01d3a957c3c16d9d3aaab9091e43142
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648256
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com>
Cr-Commit-Position: refs/heads/master@{#62035}
If the embedder specifies an initial heap size, then we can take it
as a hint to skip full GCs below that threshold.
Bug: v8:9306
Change-Id: I42a4c597bf75c6ba9845ed7a6bd9946012979005
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1646515
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62030}
This CL adds lint errors when 'let' bindings, arguments and labels
are not used. Note that errors for 'const' bindings will be added
later.
In cases where arguments are actually needed to match the signature,
the warning can be silenced by prefixing identifiers with "_". This
might be needed for generic specializations or builtins called from
TurboFan. Trying to use a variable or label that was marked with
"_" results in a compilation error.
Implicit arguments are not linted. They are implemented using exact
string matching. Prefixing an implicit argument with "_" in a callee
would break all callers as the names would no longer match.
Drive-by: Fix all new lint errors in the existing Torque code.
Bug: v8:7793
Change-Id: I68b3c59c76b956e9f88709e9388a40a19546ce52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645092
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62027}
The new API function is called ConfigureDefaultsFromHeapSize and
accepts two parameters: the initial and the maximum heap size.
Based on the given limits the function computes the default size
for the young and the old generation.
The patch also cleans up the existing functions to make them
consistent in terms of units and heap structure.
Bug: v8:9306
Change-Id: If2200a9cdb45b0b818a373207efe4e6426f7b688
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631593
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62017}
We need to hold onto the bytecode array so it doesn't get flushed.
Bug: v8:8394
Change-Id: Ia583a0a662740e369fcbc1c94041895e463be26e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645329
Commit-Queue: Mythri Alle <mythria@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62011}
ObjectIsExtensible is now a Torque builtin (previously CPP) and the Proxy path is implemented completely in Torque while everything else calls into runtime (and is thus a bit slower than previously).
Improvement in micro-benchmark
Before:
IsExtensibleWithoutTrap-Proxies(Score): 2228
IsExtensibleWithTrap-Proxies(Score): 917
After:
IsExtensibleWithoutTrap-Proxies(Score): 3683
IsExtensibleWithTrap-Proxies(Score): 3310
Bug: v8:6664
Change-Id: I1fbe1c51cb724a23d7a59fc8231bb3d1461a6add
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637444
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62006}
With bytecode flushing and lazy feedback allocation, we need to call
%PrepareForOptimization before we call %OptimizeFunctionOnNextCall,
ideally after declaring the function.
Bug: v8:8801, v8:8394, v8:9183
Change-Id: I6bf119e726426df8527d97546b6ce806112c894d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643167
Auto-Submit: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61988}
On Windows, long is 32-bits, so the 'L' suffix shouldn't be used if a
64-bit value is needed. This caused a test failure in 'Int64MulWithImmediate'.
Change-Id: I93c43a1f166aa0e5bcd53aaf7a860fffd006fd0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627538
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61986}
These were only used by test-log/EquivalenceOfLoggingAndTraversal,
which itself has been marked as failing since 2013. This CL removes
the test itself as well as the TEST natives kind.
Bug: v8:7624,v8:2857
Change-Id: Iedf2b1c94e31ccd1ea885d72bf1fac5d33defa90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643467
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61984}
Avoid the linear lookup of function literal id when getting the shared
function info TraceID, by optionally passing through a FunctionLiteral.
Additionally, use the FunctionLiteralId helper when a FunctionLiteral is
not available, since it can also fast-path in some cases.
As a drive-by, allow using a ScriptIterator without an Isolate pointer
(e.g. manually creating a handle) to allow calling FunctionLiteralId
without an Isolate pointer.
Bug: v8:9325
Change-Id: Ibfa053f300d6d5005485c67174a848264a5d1372
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643429
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61983}
This fixes the assembler tests on Windows arm64, that were previously crashing.
Bug: v8:9235
Change-Id: I616e6eb00bb71d70195787f80f8b54a9ae33abe6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634919
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61981}
As it stands most of ReadOnlySpace class's method are unusable once it
has been sealed, since all of its pages are read-only. Set owner_ to null
to ensure nothing unintentionally uses it.
This also helps with separating the ReadOnlySpace from the Heap class in
the future as ReadOnlySpace might not inherit from Space.
Bug: v8:7464
Change-Id: I3b24f20c644d6f5e23647bc1de4d256a20a0eb19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637800
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61979}
Following up on https://chromium-review.googlesource.com/c/v8/v8/+/1637879,
this CL removes the tests that used explicit Compress/Decompress functions
in CSA
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:7703
Change-Id: I063678a732545eb505fa752612242ceeb42be823
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640206
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61962}
This CL changes "MessageWriter" type to std::function instead of a
plain function pointer. This allows capturing lambdas, which in turn
are used to make unittests more robust.
R=sigurds@chromium.org
Bug: v8:8880
Change-Id: I9d71ddcac173af36e5b62852f2a9ec6dcfac9f78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640201
Commit-Queue: Simon Zünd <szuend@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61958}
