Identify validation fails to read the index of prefixed opcodes, and not
continue to decode the next bytes.
Change-Id: I2c737af55615ba69ba0c5f5adf18a06c6cdb951a
Bug: chromium:905815
Reviewed-on: https://chromium-review.googlesource.com/c/1390927
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58485}
Currently the concurrent marker visits any fixed array in one go
ignoring the progress bar and does not expect seeing black arrays
in the worklist. For this reason, if the main thread marker starts
visiting a large array with the progress bar, then it has to re-push
the array in the bailout worklist. So all subsequent visitations of
the array happen on the main thread.
This patch makes the progress bar thread-safe and allows the
concurrent marker to visit arrays in chunks.
Change-Id: I5e8867077ed2908b7f9c5d8bde34d0401f7fe446
Reviewed-on: https://chromium-review.googlesource.com/c/1385164
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58484}
Prevent aliasing between problematic registers for
shift operations with int64 values in the arm port
of Liftoff.
Bug: v8:6600, chromium:912592
Change-Id: I905f0a657626fdfac3e41fe2878e918e3c779a8f
Reviewed-on: https://chromium-review.googlesource.com/c/1388564
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58480}
They will later be detected as redundant again, but we can save memory
and performance by just not adding them in the first place.
R=mvstanton@chromium.org
Bug: v8:8423
Change-Id: I11d88642333681612e2f8f4eaee7ba700cbf64d5
Reviewed-on: https://chromium-review.googlesource.com/c/1390132
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58479}
This silences the new presubmit check for all base classes.
R=tebbi@chromium.org
Bug: v8:8616
Change-Id: I389fedde1b44d9c583dd2fb75e6c8af138c4feb0
Reviewed-on: https://chromium-review.googlesource.com/c/1387491
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58478}
This reverts commit 2d2c137492.
Reason for revert: layout test timeout - crbug.com/917714
Original change's description:
> Reland^2 "[turbofan] Use feedback when reducing global loads/stores."
>
> This reverts commit ac85ab0a3d. A
> chromium test caused trouble and was taken care of in
> https://chromium-review.googlesource.com/c/1384064.
>
> Original change's description:
> > [turbofan] Use feedback when reducing global loads/stores.
> >
> > We already record the script context location or the property cell
> > as feedback of the global load/store IC, so Turbofan doesn't need
> > to do the lookups again.
>
> TBR=sigurds@chromium.org
>
> Change-Id: I58bcd9bceec2f9cf401f7b0fc4460a6da6cd0abc
> Reviewed-on: https://chromium-review.googlesource.com/c/1386404
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58393}
TBR=neis@chromium.org,sigurds@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I9003135cfc5cc3ffb8bbf06ca35c9773adac93e7
Reviewed-on: https://chromium-review.googlesource.com/c/1390129
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58475}
This reverts commit 97628eeeb9.
Reason for revert: breaks compilation in Lite mode, which does not allow overriding of certain flags. See https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8926078411629093216/+/steps/build/0/steps/compile/0/stdout.
Original change's description:
> [error] extend error stack w/ function parameters
>
> Extend FrameArray to hold weak references to parameters for functions in
> the call stack. The goal here is to provide more metadata for postmortem
> tools (such as llnode), especially in cases of rethrowing (this will be
> particularly useful when using postmortem with promises on Node.js).
>
> Besides postmortem, these changes allow us to print a more detailed
> stack trace for errors with parameters types (or even values), which can
> be useful since JavaScript functions can receive any number of
> parameters of any type, and having a function behave differently
> according to the number of parameters received as well as their types is
> a common pattern on JS libraries and frameworks.
>
> R=bmeurer@google.com, yangguo@google.com
>
> Change-Id: Idf0984d0dbac16041f11d738d4b1c095a8eecd61
> Reviewed-on: https://chromium-review.googlesource.com/c/1289489
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58468}
TBR=yangguo@chromium.org,bmeurer@google.com,bmeurer@chromium.org,mat@mmarchini.me
Change-Id: Ide0a434c1521ab2bbeca6821397ff63ba7d40fe5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1390128
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58469}
Extend FrameArray to hold weak references to parameters for functions in
the call stack. The goal here is to provide more metadata for postmortem
tools (such as llnode), especially in cases of rethrowing (this will be
particularly useful when using postmortem with promises on Node.js).
Besides postmortem, these changes allow us to print a more detailed
stack trace for errors with parameters types (or even values), which can
be useful since JavaScript functions can receive any number of
parameters of any type, and having a function behave differently
according to the number of parameters received as well as their types is
a common pattern on JS libraries and frameworks.
R=bmeurer@google.com, yangguo@google.com
Change-Id: Idf0984d0dbac16041f11d738d4b1c095a8eecd61
Reviewed-on: https://chromium-review.googlesource.com/c/1289489
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58468}
The concurrent marker can now visit maps and mark the subset of
descriptors that a map requires.
Bug: v8:8486
Change-Id: I184442ec90a8f60c73cfe16d6e9d66f4efa92a01
Reviewed-on: https://chromium-review.googlesource.com/c/1384320
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58466}
Factory::NewRawOneByteString initializes the string length without
atomic accessor. This leads to data race if the string is pretenured
and black allocated because the concurrent marker loads the string
length before checking the string markbits.
This patch changes the order to check the markbits first.
Bug: v8:8579
Change-Id: Ic434f7dde9baa6264fe133499d2394c0d4cc5394
Reviewed-on: https://chromium-review.googlesource.com/c/1388542
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58465}
Logic is added to InterpreterEntryTrampoline to detect flushed functions,
and enter CompileLazy instead. Get the bytecode array from the function
object and load it. The bytecode array could have been flushed from the
shared function info, if so, call into CompileLazy.
This fixes:
cctest/test-heap/TestBytecodeFlushing
cctest/test-heap/TestOptimizeAfterBytecodeFlushingCandidate
debugger/debug/lazy-deopt-then-flush-bytecode
[mips] Macro-assembler fix
Fix massive failing of tests after fa3cbf6.
Change-Id: Ic1978b5233eefc743fd7b020f65153630ffa281f
Reviewed-on: https://chromium-review.googlesource.com/c/1388528
Reviewed-by: Sreten Kovacevic <skovacevic@wavecomp.com>
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#58463}
These test off-heap builtin call sequences and don't make sense in
noembed builds.
Tbr: sigurds@chromium.org
Bug: v8:7777
Change-Id: I2795257e33b6ad87958d08f0845b75a7e88988f2
Reviewed-on: https://chromium-review.googlesource.com/c/1390120
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58461}
noembed bots have started failing since https://crrev.com/c/1382461.
The reason was that inline_offheap_trampolines option was set to true
even in noembed builds, and the assembler tried to inline trampolines
to non-existent embedded builtins.
Tbr: sigurds@chromium.org
Bug: v8:7777
Change-Id: I483dd8b77269b8684e57f8da6e659a9648b1657b
Reviewed-on: https://chromium-review.googlesource.com/c/1390117
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58458}
- Removes ModuleCompiledCallback typedef and Set function.
- Adds WasmStreaming::Client abstraction and Set function.
Bug: chromium:719172
Change-Id: I8a207b628394a7660bda73cde560da1e461248a7
Reviewed-on: https://chromium-review.googlesource.com/c/1377450
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58454}
Presumably this was obsoleted when this functionality moved to
the BytecodeGenerator.
Change-Id: I691fdaa01610ea050511825b5ad1f3ba4963421c
Reviewed-on: https://chromium-review.googlesource.com/c/1387991
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58453}
A computed property can never be a private field. That's a SyntaxError.
Change the check to a DCHECK.
Bug: v8:5368
Change-Id: I6701b60f3193639f3ccffacda25074d32d5de5b8
Reviewed-on: https://chromium-review.googlesource.com/c/1385267
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58451}
Change-Id: I8292b10afd2494199b5db11a5e3d64912cff919b
Reviewed-on: https://chromium-review.googlesource.com/c/1387988
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58450}
NATIVE_CONTEXT_IMPORTED_FIELDS are no longer different from other
NATIVE_CONTEXT_FIELDS, so this CL joins them together.
While doing so, removed the OBJECT_VALUE_OF slot, which is not
referenced anywhere.
Change-Id: I79c46e6e6cc92c90e90e68165cf7b0ae31e8151d
Reviewed-on: https://chromium-review.googlesource.com/c/1387631
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58449}
%AddNamedProperty was only used by regression tests, and is easily
replaced by Object.defineProperty (or deleted, in the case of a
cctest that was designed to test it directly).
%AddElement was unused (probably due to the death of array.js).
Bug: v8:7624
Change-Id: Icc17fd7a7419aa649275414a351f176f104040e2
Reviewed-on: https://chromium-review.googlesource.com/c/1387990
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58448}
This reverts commit 3411e7c3e8.
Reason for revert: Breaks test expecations - https://ci.chromium.org/p/chromium/builders/luci.chromium.try/linux_chromium_rel_ng/260731
Original change's description:
> [parser] Create arrow function scopes while parsing the head
>
> This simplifies NextArrowFunctionInfo, allows us to Scope::Snapshot::Reparent
> directly rather than moving it, and allows us to skip reparenting in the simple
> parameter arrow function cases.
>
> This CL additionally fixes arrow function name inferring.
>
> Change-Id: Ie3e5ea778f3d7b84b2a10d4f4ff73931cfc9384a
> Reviewed-on: https://chromium-review.googlesource.com/c/1386147
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58405}
TBR=ishell@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I8f31b96f844f0673364bf435fa6c809e40d62fa3
Reviewed-on: https://chromium-review.googlesource.com/c/1388541
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58446}
Always pass in the target scope for the body, and check whether we're in
LexicalVariableMode instead to distinguish for(let/const from for(var.
Change-Id: Idf59423466f45eebe7c9d716f8eb6ccd92235abc
Reviewed-on: https://chromium-review.googlesource.com/c/1388534
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58445}
This CL makes both absolute address and opcode literal (byte sequence
of the instruction) display optional, which improves readability.
Additionally, jump offsets are parsed and can now once again be clicked.
TBR=neis@chromium.org
Bug: v8:7327
Notry: true
Change-Id: I709f44540b32f6d4afabdd1e5eb27e932208e7fc
Reviewed-on: https://chromium-review.googlesource.com/c/1388540
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58444}
This changes a few bits about how continuation counters are handled.
It introduces a new mechanism that allows removal of a continuation
range after it has been created. If coverage is enabled, we run a first
post-processing pass on the AST immediately after parsing, which
removes problematic continuation ranges in two situations:
1. nested continuation counters - only the outermost stays alive.
2. trailing continuation counters within a block-like structure are
removed if the containing structure itself has a continuation.
R=bmeurer@chromium.org, jgruber@chromium.org, yangguo@chromium.org
Bug: v8:8381, v8:8539
Change-Id: I6bcaea5060d8c481d7bae099f6db9f993cc30ee3
Reviewed-on: https://chromium-review.googlesource.com/c/1339119
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58443}
Ensure that GetUnusedRegister is always called before
acquiring the scratch register in case it is needed
for spilling the value of the used register.
Bug: v8:6600, chromium:910824
Change-Id: I93ae684ad504584807dfa6227b6af14609c6bcf5
Reviewed-on: https://chromium-review.googlesource.com/c/1387498
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58442}
This CL does two things:
1. It introduces Call/JumpCodeObject as the bottleneck for all calls
to non-heap-constant Code objects; and
2. it dispatches directly to the off-heap entry point for all embedded
code.
Codegen at runtime remains unchanged to preserve the shorter,
branch-less calling sequence.
Bug: v8:7777
Change-Id: I15fdcb51625209904c6a56737f085a23219319b9
Reviewed-on: https://chromium-review.googlesource.com/c/1382461
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58440}
Since code serializer also serializers descriptor arrays, the clearing
has to be done in deserializer.
Bug: v8:8486
Change-Id: Ic2c5848e5add80176a6f7191c56e7af9e9a6019f
Reviewed-on: https://chromium-review.googlesource.com/c/1388532
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58439}
This also adjusts debug printing of descriptor arrays and adds a check
to the code serializer.
Bug: v8:8617
Tbr: mlippautz@chromium.org
Change-Id: Ic04f01abf9f7ed5a310b9e51a22c04fda108f563
Reviewed-on: https://chromium-review.googlesource.com/c/1387501
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58438}
This reverts commit 2963f1b2e3.
Reason for revert: Speculative revert, possibly causing timeout in layout test https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/WebKit%20Linux%20Trusty%20MSAN/11631
Original change's description:
> [parser] Simplify ParseFunctionBody
>
> - Merge is_simple branches at the top
> - Remove block around inner_body parsing. Always merge fully at the end.
> - Remove conditional inner block adding to outer body. Simply add it to the
> inner body making merge push it to the parent.
>
> Change-Id: I1f062918a7abac354b949136463517bd0440984f
> Reviewed-on: https://chromium-review.googlesource.com/c/1386111
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58390}
TBR=ishell@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I0ab903df5caaadff56625e9b46b03981c8a9b930
Reviewed-on: https://chromium-review.googlesource.com/c/1388524
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58436}