The {TYPE_CHECK} macro used an ancient pattern to check for
assignability, by assigning to a static_casted nullptrs of the
respective types.
C++11 introduced standard library helpers to express this more
naturally. The most direct translation would have been to use
{std::is_assignable} or {std::is_convertible} on the pointer types, but
in most cases we can be even more strict and force one type to be a
proper subtype of the other.
The only exception is {ReturnValue}, which allows to assign anything if
it's void.
R=ulan@chromium.org
Bug: v8:10155
Change-Id: I41c1103e0206514c8700c47a0bf107ad704cfc47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2093497
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66695}
Report the allocated size of global handles in GetHeapStatistics as
well, not including free handles.
Bug: chromium:1060192
Change-Id: I1aedba36735f897cd8518edbb5ef2261cc348bff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2093493
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66651}
String::NewFromLiteral is a templated function that takes a char[N]
argument that can be used as an alternative to String::NewFromUtf8 and
returns a Local<String> rather than a MaybeLocal<String> reducing the
number of ToLocalChecked() or other checks.
Since the string length is known at compile time, it can statically
assert that the length is less than String::kMaxLength, which means that
it can never fail at runtime.
This also converts all found uses of NewFromUtf8 taking a string literal
or a variable initialized from a string literal to use the new API. In
some cases the types of stored string literals are changed from const
char* to const char[] to ensure the size is retained.
This API does introduce a small difference compared to NewFromUtf8. For
a case like "abc\0def", NewFromUtf8 (using length -1 to infer length)
would treat this as a 3 character string, whereas the new API will treat
it as a 7 character string.
As a drive-by fix, this also fixes all redundant uses of
v8::NewStringType::kNormal when passed to any of the String::New*
functions.
Change-Id: Id96a44bc068d9c4eaa634aea688e024675a0e5b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2089935
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66622}
This state can be set on the NativeContext by the embedder. When a
PromiseReaction/PromiseReactionJobTask is constructed, store this
contextual state if present, and restore it while the reaction job
is running.
Change-Id: I141cdbd9e36ea83ce4a6bf08440ae7eaa54523df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2005849
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Nate Chapin <japhet@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66617}
Report the total size of global handles in GetHeapStatistics as well.
This size includes used and free global handles.
Change-Id: I08c0647d993a810a37ae9f332732de9551b5ea8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2083020
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66562}
We need to track misc features launched in 2019 to understand the impact.
Also we need to measure the v8BreakIterator usage of 'word' and 'line'
to lobby the need for 'line' in the replacement standard Intl.Segmenter
which an Apple engineer opposed to include.
Bug: v8:10251
Change-Id: I5d4cbe6ccf458c9ec4adfebad235f9c6dcd2ac37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2067512
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66506}
The interface for ArgumentInfo was allowing out-of-bounds
read from the returned array. Improved that by passing the
index explicitly as a parameter and checking against the
expected bounds.
Bug: v8:10267
Change-Id: Ic1022def3e338598cd9bd9e6582d67a62836d0db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2078578
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66499}
This adds static types to the argument class that accesss the arguments in the
stack. kRuntime arguments are used by runtime functions and kJS arguments
are used to access the JS stack (eg. builtins).
The distinction allows the reversal of arguments in the JS stack without
changing the runtime arguments order.
Bug: v8:10201
Change-Id: I7c08164d53c4071c7910836fa733dee8ff7fa680
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2066985
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66470}
The method was deprecated in favor of {IsWasmModuleObject}.
R=adamk@chromium.org
Bug: v8:10155
Change-Id: Id21a1b74dde5576c2c82cc209555c22209a9e5d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2033170
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66469}
The deprecated legacy FinalizationGroup APIs are left unchanged for
compat.
Bug: v8:8179
Change-Id: I9bdcaa92360db318c96fc8524c04163ece25118e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2071236
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66437}
This will enable people to check if an object is
document.all without having to use tricks like
`typeof v === 'undefined' && v !== undefined`.
Change-Id: I74670e4d3886fcd90f0f3cef9c3644a24ee08fda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2067681
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66412}
Relanding the Fast C API code with fix for UBSan undefined behavior
issue.
Design doc:
http://doc/1SAHn7d8M7CoazTd1laVF8gduFC_ikZWiYuytrR9c4Oc/
This CL implements basic API with integer and pointer types marshaling.
What is not supported yet:
- sequences
- annotations
- floating point arguments
- 64-bit arguments
- exception handling
- InstanceOf checks for the pointer types
- functions with non-void return type
Bug: chromium:1052746
TBR=yangguo@chromium.org,mvstanton@chromium.org,neis@chromium.org,leszeks@chromium.org,verwaest@chromium.org,mslekova@chromium.org
Change-Id: Ifca9de3156cf18c9dac0d14c19f8d6a7004cad83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2066971
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66391}
This reverts commit 4e11ad92f3.
Reason for revert: Signed int overflow in TestFastApiCalls in UBSan https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/9976
Original change's description:
> [turbofan] Fast API calls from TurboFan
>
> Relanding the Fast C API code with fix for arm sim lite build.
>
> Design doc:
> http://doc/1SAHn7d8M7CoazTd1laVF8gduFC_ikZWiYuytrR9c4Oc/
>
> This CL implements basic API with integer and pointer types marshaling.
>
> What is not supported yet:
> - sequences
> - annotations
> - floating point arguments
> - 64-bit arguments
> - exception handling
> - InstanceOf checks for the pointer types
> - functions with non-void return type
>
> Bug: chromium:1052746
>
> TBR=yangguo@chromium.org,mvstanton@chromium.org,neis@chromium.org,leszeks@chromium.org,verwaest@chromium.org,mslekova@chromium.org,nicohartmann@chromium.org
>
> Change-Id: I4421ce817e3b6159a38d2cb39fb97847f128e648
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2064223
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66344}
TBR=mvstanton@chromium.org
Change-Id: I63bde3e0b7f92506fd8ec6d39683524bc9811aa6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1052746
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2062739
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66347}
Relanding the Fast C API code with fix for arm sim lite build.
Design doc:
http://doc/1SAHn7d8M7CoazTd1laVF8gduFC_ikZWiYuytrR9c4Oc/
This CL implements basic API with integer and pointer types marshaling.
What is not supported yet:
- sequences
- annotations
- floating point arguments
- 64-bit arguments
- exception handling
- InstanceOf checks for the pointer types
- functions with non-void return type
Bug: chromium:1052746
TBR=yangguo@chromium.org,mvstanton@chromium.org,neis@chromium.org,leszeks@chromium.org,verwaest@chromium.org,mslekova@chromium.org,nicohartmann@chromium.org
Change-Id: I4421ce817e3b6159a38d2cb39fb97847f128e648
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2064223
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66344}
In the spec, WeakRefs that are dereferenced are kept alive until there's
no JS on the stack, and then the host is expected to call
ClearKeptObjects to clear those strong references [1]. HTML calls
ClearKeptObjects at the end of a PerformMicrotaskCheckpoint [2].
In V8, leaving this up to the embedder is error prone in the same way
the deprecated FinalizationGroup callback APIs were error prone: it
depends on the embedder doing the right thing. This CL moves the call to
ClearKeptObjects to be after running of microtasks within V8.
However, the Isolate::ClearKeptObjects API should not be removed or
deprecated in case an embedder uses an entirely custom MicrotaskQueue
implementation and invokes MicrotaskQueue::PerformCheckpoint manually.
[1] https://tc39.es/proposal-weakrefs/#sec-clear-kept-objects
[2] https://github.com/whatwg/html/pull/4571
Bug: v8:8179
Change-Id: Ie243804157b56241ca69ed8fad300e839a0c9f75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2055967
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66327}
In the final version of our pointer compression scheme, decompression
uses zero-extension of the compressed value. The API copy of that code
erroneously still used a sign-extending decompression from an earlier
iteration of the scheme.
Bug: v8:9706, v8:10198
Change-Id: I17c3a52d26ce26bc0623627d725f686c379fbd6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051954
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66256}
Coverage updates are sent as deltas, and this means that it
is very important that the consumer gets /all/ updates;
otherwise, the coverage information will be wrong.
Previously, we introduces the ability into the back-end to
send triggered updates, i.e. updates that are triggered by
the back-end at interesting points in time. These updates
are delivered via an event, and any consumer must process
these events.
This CL introduces a flag to startPreciseCoverage that
controls whether the back-end is allowed to send such
triggered updates on its own initiative. The default is
`false` to maintain backwards compatibility with consumers
that don't yet handle the events.
Bug: chromium:1022031
Change-Id: Ie36a92a3b627b19ea4041f1b8da1ec66c6b9b771
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2043798
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66232}
Deprecate the following explicit FinalizationGroup APIs in favor of
automatic handling of FinalizationGroup cleanup callbacks:
- v8::Isolate::SetHostCleanupFinalizationGroupCallback
- v8::FinaliationGroup::Cleanup
If no HostCleanupFinalizationGroupCallback is set, then
FinalizationGroup cleanup callbacks are automatically scheduled by V8
itself as non-nestable foreground tasks.
When a Context being disposed, all FinalizationGroups that are
associated with it are removed from the dirty list, cancelling
scheduled cleanup.
This is a reland of 31d8ff7ac5
Bug: v8:8179, v8:10190
Change-Id: I704ecf48aeebac1dc2c05ea1c052f6a2560ae332
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2045723
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66208}
The logic for V8 GC normally only takes the external memory growth
since last mark-compact into account. Unfortunately, the amount of
external memory recorded at the end of MC is often too high. The
reason is that it might take a while for the external memory
associated with the GCed objects to be released (e.g. V8 itself post a
task to release external memory for ArrayBuffer backing stores). In a
worst case scenario GC is driven only by external memory and none of
the external memory is released by the end of the MC. Then each MC
will record the external memory at its highest point and the GC logic
will allow the external memory to grow a bit higher each time which
can lead to excessive memory use.
This patch improves the situation a bit by calculating the growth from
the lowest external memory seen since the last MC. That way the growth
calculation will be offset from a level presumably closer to the
intended one (to what it would have been if the external memory
associated with the GCed objects was released during the MC). Now,
this fix is not perfect because it can be thrown off by external
memory growth occurring before the lingering memory is
released. However, it seems to work rather well in practice (e.g. when
playing MSE video on YT).
Bug: v8:10185
Change-Id: Ifcdd87eb45f3ae4a99d2aeec667c3ae4ca9a52b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2042711
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66193}
This reverts commit 31d8ff7ac5.
Reason for revert: https://crbug.com/v8/10190
Original change's description:
> [weakrefs] Schedule FinalizationGroup cleanup tasks from within V8
>
> Deprecate the following explicit FinalizationGroup APIs in favor of
> automatic handling of FinalizationGroup cleanup callbacks:
> - v8::Isolate::SetHostCleanupFinalizationGroupCallback
> - v8::FinaliationGroup::Cleanup
>
> If no HostCleanupFinalizationGroupCallback is set, then
> FinalizationGroup cleanup callbacks are automatically scheduled by V8
> itself as non-nestable foreground tasks.
>
> When a Context being disposed, all FinalizationGroups that are
> associated with it are removed from the dirty list, cancelling
> scheduled cleanup.
>
> Bug: v8:8179
> Change-Id: Ic09313a11dd00af36d1f698250b3d735155f45e8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1986392
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66184}
TBR=ulan@chromium.org,rmcilroy@chromium.org,syg@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:8179
Change-Id: If7869e9a5841803c10e748691f019a7d28f3b62e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2043807
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66190}
Deprecate the following explicit FinalizationGroup APIs in favor of
automatic handling of FinalizationGroup cleanup callbacks:
- v8::Isolate::SetHostCleanupFinalizationGroupCallback
- v8::FinaliationGroup::Cleanup
If no HostCleanupFinalizationGroupCallback is set, then
FinalizationGroup cleanup callbacks are automatically scheduled by V8
itself as non-nestable foreground tasks.
When a Context being disposed, all FinalizationGroups that are
associated with it are removed from the dirty list, cancelling
scheduled cleanup.
Bug: v8:8179
Change-Id: Ic09313a11dd00af36d1f698250b3d735155f45e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1986392
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66184}
The functionality was not used since a long time, and was hence removed
for the 8.1 branch, and the method was deprecated.
This CL removed the deprecated method completely.
R=adamk@chromium.org
Bug: v8:10155
Change-Id: Iae299d64decb7230d38c2fda8d269a7b0387bb0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2033169
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66167}
TracedReference is supposed to be as light-weight as possible without
destructor or other callbacks, essentially just representing a plain managed
reference.
Change-Id: Iae52cf7460e3623f1fb7d183757ecd39b2431369
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2033173
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66106}
This method was used to implement deserialization via the value
serializer. It was deprecated since this functionality is not used any
more, and hence untested.
This CL cleans up by removing the deprecated method and two private
helper methods.
R=adamk@chromium.org
Bug: v8:10155
Change-Id: I4dda1949fd4f1b499cb6f8d6e6a76b642179303a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2033171
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66096}
This CL implements functionality to allow an embedder to mark a
debug scope as terminate-on-resume. This results in a termination
exception when that debug scope is left and execution is resumed.
Execution of JavaScript remains possible after a debug scope is
marked as terminate-on-resume (but before execution of the paused
code resumes).
This is used by blink to correctly prevent resuming JavaScript
execution upon reload while being paused at a breakpoint.
This is important for handling reloads while paused at a breakpoint
in blink. The resume command terminates blink's nested message loop
that is used while to keep the frame responsive while the debugger
is paused. But if a reload is triggered while execution is paused
on a breakpoint, but before execution is actually resumed from the
breakpoint (that means before returning into the V8 JavaScript
frames that are paused on the stack below the C++ frames that belong
to the nested message loop), we re-enter V8 to do tear-down actions
of the old frame. In this case Runtime.terminateExecution() cannot be
used before Debugger.resume(), because the tear-down actions that
re-enter V8 would trigger the termination exception and crash the
browser (because the browser expected the tear-down to succeed).
Hence we introduce this flag on V8 that says: It is OK if someone
re-enters V8 (to execute JS), but upon resuming from the breakpoint
(i.e. returning to the paused frames that are on the stack below),
generate a termination exception.
We deliberated adding a corresponding logic on the blink side (instead
of V8) but we think this is the simplest solution.
More details in the design doc:
https://docs.google.com/document/d/1aO9v0YhoKNqKleqfACGUpwrBUayLFGqktz9ltdgKHMk
Bug: chromium:1004038, chromium:1014415
Change-Id: I896692d4c21cb0acae89c1d783d37ce45b73c113
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924366
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66084}
Without pointer compression, the max string length on 64-bit platforms
used to be 2**30 (minus header). With pointer-compression, this was
accidentally lowered to 2**28 (which is the historical limit for 32-bit
platforms). This CL bumps the limit on 64-bit platforms to 2**29, which
is the maximum we can support given that any heap object's size in bytes
must fit into a Smi (which are now 31-bit on all 64-bit platforms, with
or without pointer compression).
Change-Id: I263544317d9e6137f6b6a044784a21f41a2761b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030916
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66083}
We will use this state in devtools via the inspector to indicate
whether a thread is currently stuck polling in atomics.wait.
VMState already distinguishes the important states we care about which
are idle vs. running JS. We also want to know the state for
atomics.wait(), which is commonly used in WebWorkers to poll the main
page for work to do.
This CL just adds and maintains the state and adds assertions in
atomics tests. Another CL will emit inspector notifications when the
VMState changes in a way that the inspector cares about.
Re-flow comments as a drive-by cleanup.
Bug: chromium:1025490
Change-Id: I961051bfb846aa20454a56214310370ea8e47d1c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2033168
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66071}
This patch adds a new BackingStore::Reallocate function that internally
uses a new ArrayBuffer::Allocator::Reallocate provided by the embedder.
The default implementation of the function simply copies the backing
store. The embedder can override the function and provide a more
efficient implementation e.g. using realloc.
Bug: v8:9908, v8:9380
Change-Id: I2179c80ba199c045b6900c620a813916150e7098
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007274
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66044}
The feature has been on-by-default in Chrome for nearly a year now,
and is an established part of the ECMAScript standard.
Change-Id: Icf9d424e5fe9139c12fc26b41603b4e39f79ea54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2015942
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65935}
This flag was used for IndexedDB support. Last uses in chrome were
removed in https://crrev.com/c/2013046, hence the API method can be
deprecated.
Also remove deserializer tests that were disabled by default or just
test that random bytes (from the deserializer's perspective) fail
to decode.
R=adamk@chromium.org
Bug: v8:10146
Change-Id: I8596849c3b51ab1c60272a49ff3fdaa0946452bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013104
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65931}
Both the API wrapper as well as the internal object are named
"WasmModuleObject". This CL renames the object type check from
"IsWebAssemblyCompiledModule" to "IsWasmModuleObject" to be consistent.
R=adamk@chromium.org
Bug: v8:10021
Change-Id: I6d5814421f38bc5f5bd73a492ff4a36f552ff763
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013109
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65930}
The actual allocatable size still depends on the allocator;
in particular Blink's ArrayBufferAllocator is currently limited
to 2GB.
WebAssembly memories are not affected by this change (i.e. still
capped at 2GB as well).
For 32-bit platforms, the limit remains at 2**30-1 (=max smi) elements.
Bug: v8:4153
Change-Id: If0d6047dd4061028688d85a3dc0a2684dcca8693
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007495
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65924}
This API was used for IndexedDB support and for transferring modules by
serializing and deserializing (before we were sharing code between
isolates). Last uses were removed in https://crrev.com/c/1847366, thus
this whole API is unused by now.
This CL deprecates the API and refactors tests to use the internal APIs
instead.
R=adamk@chromium.org
Bug: v8:10146
Change-Id: I838039b4be7ea4eebe6769f31f48e51e7bcd4645
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2006090
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65908}
This CL adds a new event that enables the back-end to send coverage
updates on its own initiative. This event can be triggered via the C++
method `triggerPreciseCoverageDeltaUpdate` on the agent in a way that
causes coverage data to be immediatelly collected.
This is useful in the back-end to collect coverage at a certain point
in time, i.e. when a lifecycle event such as first contentful paint
occurs.
The previous interface could not support this, because it could not
reasonably be triggered from C++, and if triggered through the protocol,
dispatching messages added delay that invalidated the data (i.e. data
might have been taken too late to be accurate).
TBR=yangguo@chromium.org
Change-Id: I0f7201412a8d64866e6e314e5bc850354c13a9da
Bug: chromium:1022031
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1992437
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65864}
This adds a new API function that can be customized by the embedder
by providing a delegate that defines contexts to be measured and
reports the results to JS.
A memory measurement request is carried out as follows:
1) MeasureMemory(delegate) invocation enqueues a new request in
MemoryMeasurement::received_ and schedules a delayed GC task.
2) At the start of the next GC (that is triggered either by the
GC schedule or by the delayed task) each request in received_
moves to processing_. Per-context marking worklists are created
for each native context that was selected by the delegates
(using the ShouldMeasure predicate).
3) At the end of the GC the sizes of the native contexts are
recorded for each request in processing_. The requests move
to the done_ list and result reporting task is scheduled.
4) When the result reporting task runs it invokes the
MeasurementComplete function of each delegate in done_.
Bug: chromium:973627
Change-Id: I0254cae693c5b8fab7c85a9eca0a3a128210b6c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1981493
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65856}
Previously, V8 was just relinking nodes which broke when a move involves
an on-stack reference as such nodes have different semantics.
The solution is to create new internal nodes when necessary.
Bug: chromium:1040038
Change-Id: Ia5b3866ae68d014beb30972c4266aa5bae6559fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002546
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65823}
This reverts commits
- 63dc55568b
Add a debug v8 API SetDetachedWindowReason
- 9645810552
Introduce and emit "function calls in detached window" use counters.
- db18e49556
PPC/s390: Add a debug v8 API SetDetachedWindowReason
Note, macro-assembler-x64.cc isn't reverted b/c DCHECK_NE
is currently in a better place.
Reason for revert: No longer needed. It was intended for only 1 milestone.
Bug: chromium:1018156,chromium:1023293
Change-Id: Ic1c19e6e12bb4ac967cf8e687a77c58edc405833
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2004133
Auto-Submit: Bartek Nowierski <bartekn@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Bartek Nowierski <bartekn@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65811}
- Introduces a API to set top of the stack through
EmbedderHeapTracer::SetStackTop.
- Introduces a new API to inform V8 about an empty embedder stack.
- Switch internal representation of TracedReference
for on-stack handles to a proper stack that considers all
contained handles as roots.
- Handle garbage is avoided by cleaning up on handle creation or
GC.
Design doc: https://bit.ly/on-stack-traced-reference
Bug: chromium:1040038
Change-Id: I927ef0abb268fdb5853c9e17b1bc96e2491cf101
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993973
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65757}
The time was reported in milliseconds, but should be reported in seconds
instead.
TBR=ulan@chromium.org, szuend@chromium.org
Change-Id: I171cdb0107cd522b0d62ac6ed4edfacf7599da0b
Bug: chromium:1022031
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1997137
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65727}
Using the message listener is more in line with what Chromium does, and
would allow d8 to report exceptions of JS tasks posted internally by V8
(e.g. FinalizationGroup cleanups).
Bug: v8:8179
Change-Id: Ie058e1104818b77b2e8ca5e18173a7e68837c9e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1986390
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65711}
This CL adds timestamps to coverage updates. This is useful for clients,
because between requesting a coverage update and collecting coverage data
significant time may pass. This change allows precise attribution at what
time a coverage update was taken.
Change-Id: I65a9cccb0171e892b7dbe35d105d3ca246ba08d0
Bug: chromium:1022031
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1992435
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65696}
It has been deprecated in v7.9, but needed to be changed
again for v8.0 by providing a default implementation. This
allowed embedders to remove all overrides. We can now
remove the definitions in v8.1.
R=ulan@chromium.org
CC=ahaas@chromium.org
Bug: v8:9810
Change-Id: I9d303bf8a01d863bce3522abccdd3ded5e551818
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868620
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65633}
This new API uses the code pages rather than code ranges approach.
It's supported on arm32, as well as the previous two supported
platforms, x64 and arm64.
Deprecate the old API which only works on x64 and arm64 to reduce the
maintenance overhead of keeping both. Users of the old API should
migrate to the new one as it can be used all on supported platforms.
We keep the tests for the old API by ignoring deprecation warnings so
that we don't accidentally break it while it is still in the codebase.
Design doc:
https://docs.google.com/document/d/1VGwUult5AHLRk658VetwEHMOmDDxA2eDQs9lDFMZTE0
Bug: v8:8116
Change-Id: I1de8246a48fc1b4991603501ea6087db6b43fdd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1969900
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65521}
This CL adds an argument to the heap profiler that allows to control
whether global objects (e.g. 'window' in JavaScript) are treated as
roots in the heap snapshot. Doing so hides blink-internal details and
is often a good choice when user-JS leaks are investigated. Sometimes,
however, this introduces spurious retainer cycles, which are hard to
debug.
Previously, this option was exposed as a V8 flag. The blink
implications of the build-time V8 flag are now available via
the new blink flag `enable_additional_blink_object_names`.
Tbr: hpayer@chromium.org
Bug: chromium:1034504
Change-Id: Ibe9412917ae598a3ff0c3dc956ab0bc179f50a21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967387
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65491}
Add an API on Isolate that returns a sorted vector of code pages allocated
within V8. The implementation is designed to be signal-safe, so that the
user (the UMA sampling profiler) can access this information from a signal
handler, where allocation and taking locks is prohibited.
This CL adds the machinery for maintaining the list of allocated code
pages. Further CLs will modify the Unwinder API itself to accept the code
pages provided by this API.
The unwinder API currently uses the reserved virtual-memory range called
the CodeRange to identify where all V8 code objects live, but this doesn't
exist on arm32 or any 32-bit platform, so this approach adds a way to
expose the location of all valid V8 code objects in a signal-safe way for
use by the UMA sampling profiler.
On 64-bit, this API always gives the code_range and embedded_code_range, and
does not maintain a vector of code pages. This is so that we have a unified
API on 32 and 64-bit that can be used in exactly the same way by embedders.
Design doc:
https://docs.google.com/document/d/1VGwUult5AHLRk658VetwEHMOmDDxA2eDQs9lDFMZTE0
Bug: v8:8116
Change-Id: I732509a45121fc54853182481c24d1083275afce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564068
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65469}
This improves documentation about some things that came up
in conversation and things that I noticed while working on
those other things. :)
Change-Id: I4f47cec6594f7b331259bea8ed506f5de908d438
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954386
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65449}
Setting up JSArrayBuffer may trigger GC. Delay this until we
are done with deserialization.
R=ulan@chromium.org
Bug: chromium:1033395
Change-Id: I6c79bc47421bc2662dc1906534fc8e820c351ced
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1965580
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65441}
Add a method to set the URL of a Wasm script from a WasmStreaming object.
This will allow devtools to report the actual URL when it is available.
R=clemensb@chromium.org
Bug: v8:9762
Change-Id: Iccd41d76c9a4a2e1858716e8d555782404719faa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944153
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65405}
NOTE! This re-introduces the following change with a modification that
detached_window_time_in_seconds is initialized with 0, instead of
current time.
https://chromium-review.googlesource.com/c/v8/v8/+/1924000
Bug: chromium:1018156
Change-Id: I6d0880e0355d2cb08dbf4f2ef92c8fcead03f9ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958344
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Bartek Nowierski <bartekn@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65393}
This patch implements inspector support for private instance methods:
- Previously to implement brand checking for instances with private
instance methods we store the brand both as the value with the brand
itself as the key in the stances. Now we make the value the context
associated with the class instead.
- To retrieve the private instance methods and accessors from the
instances at runtime, we look into the contexts stored with the
brands, and analyze the scope info to get the names as well as
context slot indices of them.
- This patch extends the `PrivatePropertyDescriptor` in the inspector
protocol to include optional `get` and `set` fields, and make the
`value` field optional (similar to `PropertyDescriptor`s).
Private fields or private instance methods are returned in the
`value` field while private accessors are returned in the `get`
and/or `set` field. Property previews for the instaces containing
private instance methods and accessors are also updated similarly,
although no additional protocol change is necessary since the
`PropertyPreview` type can already be used to display accessors.
Design doc: https://docs.google.com/document/d/1N91LObhQexnB0eE7EvGe57HsvNMFX16CaWu-XCTnnmY/edit
Bug: v8:9839, v8:8330
Change-Id: If37090bd23833a18f75deb1249ca5c4405ca2bf2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934407
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65337}
They have been deprecated in v7.9, hence they can be removed in v8.0.
R=ulan@chromium.org
CC=mstarzinger@chromium.org
Bug: v8:10021
Change-Id: Ic21c5ee5703b548ddcca2ffeba6c583715d3fbd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864947
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65237}
Deprecated in 79.
Change-Id: If0e2b95b4b66328858b33a533454a469c80fad63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940147
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65204}
Currently the inspector reports Wasm in one of two ways:
- If there is a source map, report one script per Wasm script, with
bytecode but no source.
- If there is no source map, report one script per Wasm function, with
source (Wasm disassembly) but no bytecode.
With this change, behavior with source map is same, but without source
map it will report both ways. This will allow us to change the frontend
to do its own disassembly, allowing us to remove the per-function scripts
in a future change.
Bug: chromium:1013527
Change-Id: I0c559ad08896e8d0da419e3c6ad8d1edff3976fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1899782
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Eric Leese <leese@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64980}
... even with ptr-compr.
Although full uintptr-sized TypedArrays are not supported yet
we may already start using uint32-sized typed arrays as we no
longer rely on TypedArray length to be a Smi.
Bug: v8:4153
Change-Id: If179541ad4f02c4ec7de9d1f3836138fe526d8a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1905847
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64897}
All the data types defined under ArgValue are 8 bytes
expect "bool as_bool". When casting to <uint64_t> under
"tracing/trace-event.h", boolean gets placed on the lower
byte of the memory on LE, and on the higher byte on BE machines.
When using a "Union" to read back the value as a boolean, only
the lower byte of the memory location is read which makes it
fine on LE machines, however the value will not be present on BE
machines.
Using an 8 byte data type as boolean will assure the entire filed
is read instead of only the lower byte.
Change-Id: I0740b9c019588c963a4c7878af60c6df04827141
TBR: petermarshall@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1896835
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64859}
Move the API from Isolate to V8 and add better memory fields.
Bug: v8:7464
Change-Id: Ic82c7c74ac8f20a2f2cb896dc0203fdd0b5d8d5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1905546
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64856}
Creates new APIs to get Shared Memory statistics like the size of
read-only space and potentially the memory used by shared array buffers.
Currently all shared memory statistics are zero.
Bug: v8:7464
Change-Id: Ib8d58f885beaa1d65ccef7b64dd4f3db4149bca3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900465
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64831}
The file contains testing features only used in d8. This CL prepares
deprecation and moves the logic into d8.cc.
Bug: v8:9941
Change-Id: I71de4cfd41d8f9fa209f936744cb170856365a6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1899774
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64800}
The new APIs are:
enableRuntimeCallStats
disableRuntimeCallStats
getRuntimeCallStats
The RunTime Call Stats are collected per isolate.
Change-Id: I7e520e2c866288aa9f9dc74f12572abedf0d3ac8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881601
Commit-Queue: Peter Kvitek <kvitekp@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64784}
Currently there are two ways wasm locations are represented in the
inspector. This remains unchanged for now. Also, currently there are
multiple ways location is represented within V8, with the line number
sometimes being a function index and sometimes being 0, and the column
number being a byte offset which is sometimes function relative and
sometimes module relative. With this change, the line number is never
used within V8 (it is always 0), and the column number is always a
byte offset from the beginning of the module. This simplifies
translation logic and keeps it in one place, and will simplify future
changes to wasm location representation in the inspector API.
Bug: chromium:1013527
Change-Id: I8813d47c881988f9ab49d7529fb81fe10dbbccff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886915
Commit-Queue: Eric Leese <leese@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64774}
Instead of inferring allow_codegen from the state of MaybeLocal<String>, return it separately. This allows to distinguish "could not stringify this object" from "block execution of this object", regardless of whether the object is a string or not. Currently, the hook can trigger an EvalError only if the original source was a string.
Modify the logic so that one of the three mechanisms (unconditional, non-modifying, modifying) decides alone. Before, if the non-modifying callback rejected a value, the value would be forwarded to the modifying callback, but the unconditional would not forward to the non-modifying callback. This introduces a more uniform behaviour where the three mechanisms act in decreasing priority.
Change-Id: Iaaa9873227052653d714df65f31c4de914f48b7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776082
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Stefano Sanfilippo <ssanfilippo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64763}
A window is a Blink concept. This API marks the context as backing
a detached window. This doesn't necessarily mean that the context is
detached.
Every time a JS function is called within a context that has a non-zero
DetachedWindowReason, Runtime::kReportDetachedWindowAccess is invoked,
which will report this call to Blink via a callback, which in turn can
report number of such calls via UKM metrics.
Bug: chromium:1018156
Change-Id: I67c89fef459f4efcb912229eed8a4f3ea3b60f54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862829
Auto-Submit: Bartek Nowierski <bartekn@chromium.org>
Commit-Queue: Bartek Nowierski <bartekn@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64707}
The new API with v8::BackingStore should be used instead as explained in
https://docs.google.com/document/d/1sTc_jRL87Fu175Holm5SV0kajkseGl2r8ifGY76G35k
This also relaxes the pre-condition for [Shared]ArrayBuffer::Detach to
not require externalization first.
Bug: v8:9380, v8:9908
Change-Id: Idd119fcd28be84a2fae74ae86f7381fd997766f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859628
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64625}
The overload taking a `MicrotaskQueue*` was introduced in
cce33f3752 but never actually implemented.
This aligns the constructor signature to actually work, and
aligns it with e.g. `MicrotasksScope`. The previous signature
without an `Isolate*` argument would not work, because there’s
no pointer back from a MicrotaskQueue to the Isolate.
Refs: https://chromium-review.googlesource.com/c/v8/v8/+/1414950
Bug: v8:8124
Change-Id: I5dbaabef54c8de2b48f6172808825a186971524d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879901
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64584}
Add an `array_buffer_allocator_shared` field to the
`Isolate::CreateParams` struct that allows embedders to share
ownership of the ArrayBuffer::Allocator with V8, and which in
particular means that when this method is used that the
BackingStore deleter will not perform an use-after-free access to the
Allocator under certain circumstances.
For Background:
tl;dr: This is necessary for Node.js to perform the transition to
V8 7.9, because of the way that ArrayBuffer::Allocators and their
lifetimes currently work there.
In Node.js, each Worker thread has its own ArrayBuffer::Allocator.
Changing that would currently be impractical, as each allocator
depends on per-Isolate state. However, now that backing stores
are managed globally and keep a pointer to the original
ArrayBuffer::Allocator, this means that when transferring an
ArrayBuffer (e.g. from one Worker to another through postMessage()),
the original Allocator has to be kept alive until the ArrayBuffer
no longer exists in the receiving Isolate (or until that Isolate
is disposed). See [1] for an example Node.js test that fails with
V8 7.9.
This problem also existed for SharedArrayBuffers, where Node.js
was broken by V8 earlier for the same reasons (see [2] for the bug
report on that and [3] for the resolution in Node.js).
For SharedArrayBuffers, we already had extensive tracking logic,
so adding a shared_ptr to keep alive the ArrayBuffer::Allocator
was not a significant amount of work. However, the mechanism for
transferring non-shared ArrayBuffers is quite different, and
it seems both easier for us and better for V8 from an API standpoint
to keep the Allocator alive from where it is being referenced.
By sharing memory with the custom deleter function/data pair,
this comes at no memory overhead.
[1]: https://github.com/nodejs/node/pull/30044
[2]: https://github.com/nodejs/node-v8/issues/115
[3]: https://github.com/nodejs/node/pull/29637
Bug: v8:9380
Change-Id: Ibc2c4fb6341b53653cbd637bd8cb3d4ac43809c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1874347
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64542}
Previously, embedders had to fetch the 'exec' property off the RegExp
prototype in order to call exec (and such calls involve two
transitions between C++ and JS).
This CL exposes a convenient RegExp::Exec method through the API.
Bug: v8:9695
Change-Id: I57a9174626143d26f2ea34676b8e55fef64932cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864940
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64508}
These counters track how often the slow path of these two builtins is
hit. Exec is very permissive, its fast-path check doesn't look at the
regexp prototype at all. Replace is strict; any change on the
prototype will trigger the slow path.
Chromium CL: https://crrev.com/c/1875250
Bug: v8:5577
Change-Id: I9807f43829981445b75b5c5d29800cbdac9bc26a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873698
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64496}
The new predicate indicates whether the backing store was created for
an ArrayBuffer or a SharedArrayBuffer. It is useful for some embedders.
Bug: v8:9380
Change-Id: I804063bb8c4c17815defd6538ce6a1b32f6a4531
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873689
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64479}
This CL adds a boolean flag to Runtime.evaluate that allows REPL
mode to be enabled. REPL mode hasn't landed in V8 yet, and the internal
API for it is still in flux.
R=yangguo@chromium.org
Bug: chromium:1004193
Change-Id: I281285e225d3fd2dd4175f3dd967d6562459a203
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1866510
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64470}
These are useful for the cases when an embedder works with backing
stores without creating JS ArrayBuffer objects.
Bug: v8:9380
Change-Id: I452bd911e7b20fb38568f18f9d15ea1a7ffb5a57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1825339
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64460}
The natives blob was deprecated in V8 7.8. This CL removes all related
functionality, including:
- Build system support, i.e.: generation of natives_blob.bin and the
v8_extra_library_files gn flag.
- Related scripts (js2c.py, concatenate-files.py).
- Related API functions (SetNativesDataBlob,
InitializeExternalStartupData).
- Natives bootstrapping logic.
- The InternalArray type (previously exposed through natives).
- Other natives-exposed builtins.
- Inlining of these builtins.
- The dedicated 'uncached external one byte string' type.
Step 1 landed in https://crrev.com/c/1824944.
Step 2 landed in https://crrev.com/c/1835536.
Step 3 (this CL) removes these all functionality related to natives
support in V8.
Bug: v8:7624
Change-Id: Ice6c2662781efe8417231805276476d32bc5a625
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1844771
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64446}
Per spec, Module::SetSyntheticModuleExport should throw a ReferenceError
when called with an export name that was not supplied when constructing
that SyntheticModule. Instead, the current implementation crashes with
a failed CHECK().
Add a new Module::SyntheticModuleSetExport that throws (without an ensuing
crash) for this case, and deprecate the old
Module::SetSyntheticModuleExport.
Bug: v8:9828
Change-Id: I3b3d353064c3851882781818099bd8f6ee74c809
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1860996
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#64438}
On Windows ARM64, it is insufficient to just follow the linked list of
frame pointers in all cases. This is similar to logic added in
https://crrev.com/c/v8/v8/+/1701133 except this affects the Unwinder
methods rather than the function metadata for RtlVirtualUnwind.
Together with https://crrev.com/c/chromium/src/+/1844276 , this allows
the Chromium unit test V8UnwinderTest.UnwindThroughV8Frames to pass on
Windows ARM64.
Change-Id: I82d4d894be14d4a6ace75bba10c13b10342d0b12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1845189
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#64432}
Before we can remove the deprecated methods, we need to provide default
implementations for them. Then, we can remove all overrides in
embedders, and finally remove the methods from v8.
R=ulan@chromium.orgCC=ahaas@chromium.org
Bug: v8:9810
Change-Id: If9286dc8ba441c226c9a1d524832ff203ac4bce6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871915
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64419}
We still set a lot of macros depending on specific gcc versions. All
these old versions are unsupported by now anyways, so we can also just
define these macros as 1.
If this CL sticks for a while, we can start actually cleaning up all
code relying on these macros, as most of them should be 1 now on all
platforms.
R=ulan@chromium.org
Bug: v8:9810
Change-Id: I2f9c55170091f8c263deeddfb7ff89e5b2a0bb12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862564
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64413}
This is a reland of c7c47c68f2.
This makes TSAN happy in addition to:
Previously I presumed that the context read from a frame in the profiler was
a valid context. Turns out that on non-intel we're not guaranteed that the
frame is properly set up. In the case we looked at, the profiler took a
sample right before writing the frame marker indicating a builtin frame,
causing the "context" pointer from that frame to be a bytecode array. Since
we'll read random garbage on the stack as a possible context pointer, I made
the code reading the native context from it a little more defensive.
Bug: v8:9860
Tbr: ulan@chromium.org, neis@chromium.org, ishell@chromium.org
Original change's description:
> [runtime] Move Context::native_context to the map
>
> Remove the native context slot from contexts by making context maps
> native-context-specific. Now we require 2 loads to go from a context to the
> native context, but we have 1 field fewer to store when creating contexts.
>
> Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64296}
Change-Id: I4d0ab4cbbb23a9ae616407f17ef8f35a0b68ddb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864654
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64360}
This CL logs debug information of WASM in Intel VTune Amplifer via
VTune's JIT Profiling API. With this CL, the profiling information
of JITted code and its corresponding C/C++ source code is displayed
optionally. To use this feature, a runtime flag "vtune_prof_annotat
e_wasm" should be passed to the VTune-enabled V8 engine. Currently,
the inline function in C/C++ is not well supported due to the
limitation of source map.
As a drive-by fix, the dynamically allocated event-specific data
of JavaScript (src/third_party/vtune/vtune-jit.cc) is managed with
C++ containers for safety.
Change-Id: Ic27420fcdcd775bc5c7778abf5cff6edf0fb38b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782126
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Zhiguo Zhou <zhiguo.zhou@intel.com>
Cr-Commit-Position: refs/heads/master@{#64351}
This reverts commit c7c47c68f2.
Reason for revert: breaks TSAN
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/28738
Original change's description:
> Reland "[runtime] Move Context::native_context to the map"
>
> This is a reland of f05bae1e0d
>
> Previously I presumed that the context read from a frame in the profiler was
> a valid context. Turns out that on non-intel we're not guaranteed that the
> frame is properly set up. In the case we looked at, the profiler took a
> sample right before writing the frame marker indicating a builtin frame,
> causing the "context" pointer from that frame to be a bytecode array. Since
> we'll read random garbage on the stack as a possible context pointer, I made
> the code reading the native context from it a little more defensive.
>
> Bug: v8:9860
>
> Original change's description:
> > [runtime] Move Context::native_context to the map
> >
> > Remove the native context slot from contexts by making context maps
> > native-context-specific. Now we require 2 loads to go from a context to the
> > native context, but we have 1 field fewer to store when creating contexts.
> >
> > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Reviewed-by: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#64296}
>
> Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Auto-Submit: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64314}
TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com
Change-Id: I4f9edc62ea6f9f5857619ff0ad1a63cab4b33cc3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9860
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864937
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64316}
This is a reland of f05bae1e0d
Previously I presumed that the context read from a frame in the profiler was
a valid context. Turns out that on non-intel we're not guaranteed that the
frame is properly set up. In the case we looked at, the profiler took a
sample right before writing the frame marker indicating a builtin frame,
causing the "context" pointer from that frame to be a bytecode array. Since
we'll read random garbage on the stack as a possible context pointer, I made
the code reading the native context from it a little more defensive.
Bug: v8:9860
Original change's description:
> [runtime] Move Context::native_context to the map
>
> Remove the native context slot from contexts by making context maps
> native-context-specific. Now we require 2 loads to go from a context to the
> native context, but we have 1 field fewer to store when creating contexts.
>
> Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64296}
Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64314}
DCHECKs are not really special, they just create a non-constexpr path
within an otherwise constexpr function. Since C++14, this is allowed.
Unfortunately, gcc only supports this since version 6, but we still
need to support gcc 5.
R=ulan@chromium.org
Change-Id: If74486144abafa5bbdcdbb9a567ee9295ac4cfc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862568
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64310}
Previous API owners (adamk, yangguo) are less-involved with the JS API
then ever, so it seems appropriate to have an owner whose responsibility
is squarely in the JS domain.
Change-Id: I4235778fda8f55d0429e875d52ff74049024dad1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1860328
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64300}
This reverts commit f05bae1e0d.
Reason for revert: broke arm sim debug
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/17714https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8899519852984476944/+/steps/Check_-_trusted/0/logs/FunctionDetailsInlining/0
Original change's description:
> [runtime] Move Context::native_context to the map
>
> Remove the native context slot from contexts by making context maps
> native-context-specific. Now we require 2 loads to go from a context to the
> native context, but we have 1 field fewer to store when creating contexts.
>
> Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64296}
TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com
Change-Id: Ie7b4086c3a9ab2627ecac599da36b20cf8d1f948
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863200
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64299}
Remove the native context slot from contexts by making context maps
native-context-specific. Now we require 2 loads to go from a context to the
native context, but we have 1 field fewer to store when creating contexts.
Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64296}
Use v8::Data as basetype for managed objects that can integrate with
v8::EmbedderHeapTracer.
Bug: v8:9841
Change-Id: Id3e06701207a23870cea89e1d7d334c48fcd3006
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856002
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64283}
... for the case we haven't seen any elements on the entire prototype chain.
Contributed by tao.pan@intel.com
Change-Id: Ied7d1a918b545e71d94ab1521bf0d233ea15cfce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1848960
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Cr-Commit-Position: refs/heads/master@{#64261}
The flag is enabled since M-70, and we do not use the previous
behaviour anywhere. Hence, remove the flag and clean up some API code.
In particular, the concept of {TransferrableModule} is not needed any
more, we can just use {CompiledWasmModule}.
R=mstarzinger@chromium.org, adamk@chromium.org
Bug: v8:9810
Change-Id: I9b3aa4972277a9262b58da70b141e90d1de31f35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847366
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64209}
The V8_HAS_DECLSPEC_NORETURN macro is unused since
https://crrev.com/c/529072, where we switched to the standard
[[noreturn]] attribute.
R=ulan@chromium.org
Bug: v8:9810
Change-Id: Ifd76c967df1da7bb71369e61cd0adc1807b62d44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847365
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64175}
Since C++14, there is a spec'ed attribute for deprecation of methods,
functions, types, aliases or anything else.
This CL switches from the GCC __attribute__ to this standard attribute.
This allows to use the V8_DEPRECATED and V8_DEPRECATE_SOON macros on
anything where the standard attribute can be used (including {using}
statements that were not working before). It also avoids the need to
nest the whole declaration in the macro, making the code more readable.
R=adamk@chromium.org
Bug: v8:9810
Change-Id: I7adab7694af75423fb31ade2fc982dbf9c9bc699
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847361
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64174}
Unfortunately, codebase contains lots of places that use one of the two
formats as an internal representation for Wasm locations:
1) {line: 0, column: byte offset within entire module}
2) {line: function index, column: byte offset within function}
These places choose these formats interchangeably and convert from one
to another depending on the presence of source map URL in Wasm.
This is not very convenient and makes it hard to add support for DWARF
which should behave just like Wasm with source maps - that is, report a
raw Wasm script instead of fake scripts per each disassembled function,
and use representation (1) instead of (2) internally.
I tried to refactor these locations and avoid checking for source map
URLs in the previous CL - https://crrev.com/c/v8/v8/+/1833688. However,
it quickly got out of hand, and updating code in one place just kept
revealing yet another that gets broken by the changes, so I made a
decision to abandon it and leave to someone who knows the codebase
better.
Instead, this CL is based on https://crrev.com/c/v8/v8/+/1809375, but,
rather than trying to integrate DWARF separately and only for supported
agents, it pretends that encountering DWARF section is the same as
encountering a `sourceMappingURL` section with fake URL "wasm://dwarf".
This ensures that Wasm with DWARF behaves exactly in the same way as
Wasm with source maps, just like we want, with minimal changes to the
codebase. The only downside is that frontends without DWARF support
won't get even a disassembled version of Wasm that contains DWARF info.
This is unfortunate, but, as per previous discussions, should be fine
given current state of Wasm debugging.
Change-Id: Ia7256075e4bfd2f407d001d02b96883d7267436e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1834341
Commit-Queue: Ingvar Stepanyan <rreverser@google.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64157}
TracedGlobalTrait was unable to override v8::TracedGlobal<v8::Object> for
avoiding the destructor because it is needed on the API surface itself and C++
ODR which prohibits specialization after template instantiation.
Avoid this problem by providing a separate type TracedReference
that, similar to TracedGlobal, is purely traced but avoids the destructor
completely. This only works for embedders that have their memory management
tied to V8 as it is prone to accessing already reclaimed objects otherwise.
Bug: chromium:995684
Change-Id: Iab4332ed417b26c58638a8f9389174cc355a305b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1840972
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64150}
With the smi-corrupting decompression approach we don't have to sign
extend Smis anymore and therefore we can switch to zero extending
approach by moving the isolate root to the beginning of the reserved
4Gb region.
Bug: v8:9706
Change-Id: Icd6008fa87d0924519b574fdec445976f742e306
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1835548
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64144}
The natives blob is deprecated and will be removed in the next
release.
Step 1 landed in https://crrev.com/c/1824944.
Step 2 (this CL) is to mark API functions as V8_DEPRECATED.
Step 3, in the next V8 release, is to remove these functions and all
other natives support in V8.
Bug: v8:7624
Change-Id: I177fa6197e06a3ca21787b4e2d74dd1689038b6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1835536
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64101}
The natives blob is deprecated and will be removed in the next
release.
This commit does two things, 1. it disables the v8_extra_library_files
gn argument which will make building natives_blob.bin through gn
impossible; 2. it marks API functions associated with the natives blob
as V8_DEPRECATE_SOON.
Embedders should remove any uses of SetNativesDataBlob and replace all
calls to
InitializeExternalStartupData(const char*, const char*)
with the new function
InitializeExternalStartupDataFromFile(const char*)
Step 2 is to mark API functions as V8_DEPRECATED.
Step 3, in the next V8 release, is to remove these functions and all
other natives support in V8.
Bug: v8:7624
Change-Id: I745e96c60204a9b94d9240be65dd59bb9bdd0699
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824944
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64080}
Explicitly #include<string> in v8.h, since std::string is referenced
in it. In the C++ STL shipped with Visual Studio 2019, none of the
headers included in v8.h ends up including the C++ string header, which
caused a compile error.
Bug: v8:9793
Change-Id: I84a133dd10dd6dcc7b70287af393e82cf0dc97df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1834321
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64074}
This new optional parameter controls whether "Runtime.evaluate" ignores
break points and previous "Debugger.pause" calls while evaluating the
expression. This will be used for live expressions, which should never
interfere with debugging.
Bug: chromium:1001216
Change-Id: Ie37f6616a4a1cae40399b79255ab92fb254d91b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826664
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64018}
This CL fixes comparison operations that take into account full-word
value instead of the lower 32 bits and tweaks some CSA helper functions
for smi-corrupting decompression.
Bug: v8:9706
Change-Id: I50e38a9f34b911ec0b8dd4e21298417bf23160aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824943
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63995}
This addition will allow to experiment with parsing DWARF information from
WebAssembly on the frontend side for improved debugging.
The frontend must explicitly opt-in to this experiment by setting
`supportsWasmDwarf: true` in `Debugger.enable` params.
When this option is present, and Wasm appears to contain DWARF information
(heuristic: `.debug_info` custom section is present), V8 will not try to
disassemble and report each WebAssembly function as a separate fake script, but
instead will report Wasm module as a whole.
Note that V8 already does this when Wasm is associated with a source map.
Additionally, this CL adds a dedicated `Debugger.getWasmBytecode` command that
accepts scriptId and returns raw wire bytes of the chosen WebAssembly module.
Change-Id: I7a6e80daf8d91ffaaba04fa15688f2ba9552870f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809375
Commit-Queue: Ingvar Stepanyan <rreverser@google.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63969}
Also report code relocation events through the public CodeEventHandler
API, so that embedders can expose this information to external
profilers, allowing those profilers to correctly translate function
names even after they were relocated.
R=bmeurer@chromium.org, jgruber@chromium.org, yangguo@chromium.org
Change-Id: I8795186f5f5c58ede9054e4b83e2d290d92b6e00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1802657
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63943}
This makes it possible to plumb string representation of stack trace id
across various channels, e.g. for network requests.
Drive-by: extracted class V8DebuggerId, which encapsulates operations
with pair<int64_t, int64_t>.
Bug: chromium:988842
Change-Id: I348c91390a85bf07c746d1b1c4a7775f44c7d769
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1725193
Commit-Queue: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63900}
This CL allows us to distinguish between the host- and target OS. The
host OS is defined by V8_OS_ macros (e.g. V8_OS_WIN). The target OS is
defined by V8_TARGET_OS_ macros (e.g. V8_TARGET_OS_WIN).
V8_TARGET_OS_ macros are defined by gn, based on the `target_os` gn
variable. If a V8_TARGET_OS_ is set, we also define V8_HAVE_TARGET_OS
(this determines fall-back behavior in V8; if it is not defined, we set
V8_TARGET_OS_ to equal the equivalent V8_OS_ define).
Besides adding the defines, this CL also adds logic to consider the
target OS in codegen. Specifically, x64 builds now look at the
V8_TARGET_OS_WIN define instead of V8_OS_WIN or _WIN64. This
effectively makes cross-compilation to x64 Windows in mksnapshot
possible.
In future work, we could add similar support for cross-compiling to
other platforms such as ia32 Windows.
Bug: v8:9736,chromium:803591
Change-Id: I689f3de8c206b743c4bef703f5ade0bba32ce995
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809374
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63892}
This complements [Shared]ArrayBuffer::GetBackingStore and allows the
embedder to transfer (shared) array buffers using only BackingStores.
Bug: v8:9380
Change-Id: I4714a27e06d5be43aef06dc633f11f2d43e4ee75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1811037
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63889}
This adds an additional V8 API to get the backing store of an array
buffer. Unlike the existing API, the backing store comes wrapped
in a std::shared_ptr, making lifetime management with the embedder
explicit. This obviates the need for the old GetContents() and
Externalize() APIs, which will be deprecated in a future CL.
Contributed by titzer@chromium.org
Bug: v8:9380
Change-Id: I8a87f5dc141dab684693fe536b636e33f6e45173
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807354
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63883}
This is an unmodified reland of
60624b5692. Nosnap bots do not block
LKGR any more: https://crbug.com/v8/9737#c10.
Original change's description:
> Disallow nullptr arguments for {CopyChars}
>
> This allows to remove special casing for the {count == 0} case, which
> was needed because {memmove} does not accept {nullptr} arguments even
> if the {count} is zero.
>
> R=leszeks@chromium.org
>
> Bug: v8:9396
> Change-Id: Iaef3cdbbffa74c2ba1c4e4501dafd943282cbcd9
> Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807366
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63838}
TBR=leszeks@chromium.org
Bug: v8:9396
Change-Id: I6ab13575f13df060b450ff105e4b9db516671dcf
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809365
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63863}
This reverts commits 9febc505bd
(along with followup commit 60624b5692).
Reason for revert: Breaks win32 nosnap shared, blocking lkgr & roll:
https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20nosnap%20-%20shared/35145
nosnap bots may be deprecated, but as long as they're in LKGR
we need to mind them.
Original change's description:
> Reland "Remove all custom CopyCharsUnsigned implementations"
>
> This is a reland of 5d8c489000
>
> Original change's description:
> > Remove all custom CopyCharsUnsigned implementations
> >
> > It's unclear whether the custom implementation have any advantage over
> > the standard library one's.
> > Since we update our toolchain and standard library regularly, it might
> > well be the case that the custom implementations are slower by now.
> >
> > Thus this CL removes all {CopyCharsUnsigned} implementations and
> > implements {CopyChars} generically using {std::copy_n}.
> >
> > Note that this does not touch the {MemMove} and {MemCopy} functions
> > yet, as we have seen regressions when trying to remove them before
> > (https://crbug.com/v8/8675#c5).
> >
> > R=leszeks@chromium.org
> >
> > Bug: v8:9396
> > Change-Id: I97a183afebcccd2fbb567bdba02e827331475608
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800577
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#63808}
>
> Bug: v8:9396
> Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
> Change-Id: I9cd754ebe6b802bb4aabd6d2a448de41da040874
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807357
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63823}
TBR=leszeks@chromium.org,clemensh@chromium.org
Change-Id: Ic53ab2293d5dc7722a1121d1aa1159328a6ed8f5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9396
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1808035
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63854}
This allows to remove special casing for the {count == 0} case, which
was needed because {memmove} does not accept {nullptr} arguments even
if the {count} is zero.
R=leszeks@chromium.org
Bug: v8:9396
Change-Id: Iaef3cdbbffa74c2ba1c4e4501dafd943282cbcd9
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807366
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63838}
After https://crrev.com/c/1800575 and https://crrev.com/c/1803343,
which tried to fix this on occuring compile errors, this CL
systematically adds the <memory> include to each header that uses
{std::unique_ptr}.
R=sigurds@chromium.orgTBR=mlippautz@chromium.org,alph@chromium.org,rmcilroy@chromium.org,verwaest@chromium.org
Bug: v8:9396
Change-Id: If7f9c3140842f9543135dddd7344c0f357999da0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803349
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63767}
Currently, debugger pauses on async call schedule and then waits for Debugger.pauseOnAsyncCall
with parentStackTraceId to actually schedule the pause.
This CL combines these two steps:
- For local async tasks, it just stores m_taskWithScheduledBreak at the time of schedule,
to be able to pause once this task is run.
- For external async tasks, it plumbs "should_pause" boolean in V8StackTraceId from
the point of schedule to the point of execution, and schedules a pause once
externalAsyncTaskStarted is called with "should_pause" set to true.
This approach greatly simplifies the implementation, and reduced frontend to a single
"breakOnAsyncCall: true" parameter in Debugger.stepInto.
Drive-by: introduce hasScheduledBreakOnNextFunctionCall() to make
SetBreakOnNextFunctionCall management more robust.
Note: artificial pauses at async call schedule time are gone from test expectations -
we now only pause when user actually wants to pause, which makes protocol much simpler.
See also design doc linked in the bug.
BUG=chromium:1000475
Change-Id: I2d16f79c599fe196b2aaeca8223c63437a2954a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783724
Commit-Queue: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63737}
This adds a new API function and provides a simple implementation
of performance.measureMemory() in d8. The implementation currently
immediately resolves the result promise with the current heap size.
Bug: chromium:973627
Change-Id: Ia8e1963a49b7df628b5487a2c0d601473f0cb039
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796502
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63694}
This reverts commit 9da3483136
Original change's description:
> "Reland x4 [arraybuffer] Rearchitect backing store ownership"
>
> This is a reland of bc33f5aeba
>
> Contributed by titzer@chromium.org
>
> Original change's description:
> > [arraybuffer] Rearchitect backing store ownership
> >
> > This CL completely rearchitects the ownership of array buffer backing stores,
> > consolidating ownership into a {BackingStore} C++ object that is tracked
> > throughout V8 using unique_ptr and shared_ptr where appropriate.
> >
> > Overall, lifetime management is simpler and more explicit. The numerous
> > ways that array buffers were initialized have been streamlined to one
> > Attach() method on JSArrayBuffer. The array buffer tracker in the
> > GC implementation now manages std::shared_ptr<BackingStore> pointers,
> > and the construction and destruction of the BackingStore object itself
> > handles the underlying page or embedder-allocated memory.
> >
> > The embedder API remains unchanged for now. We use the
> > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> > keep the backing store alive properly, even in the case of aliases
> > from live heap objects. Thus the embedder has a lower chance of making
> > a mistake. Long-term, we should move the embedder to a model where they
> > manage backing stores using shared_ptr to an opaque backing store object.
>
> TBR=yangguo@chromium.org
>
> BUG=v8:9380,v8:9221,chromium:986318
>
> Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63041}
TBR=yangguo@chromium.org
Change-Id: I3cc4bb80081c662b1751234bc16a821c20e744be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792166
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63617}
This reverts commit 62e168308c.
Reason for revert: it will be relanded after branch
Original change's description:
> Reland x5 [arraybuffer] Rearchitect backing store ownership
>
> This reverts commit 8fdb23873b.
>
> Original change's description:
> > "Reland x4 [arraybuffer] Rearchitect backing store ownership"
> >
> > This is a reland of bc33f5aeba
> >
> > Contributed by titzer@chromium.org
> >
> > Original change's description:
> > > [arraybuffer] Rearchitect backing store ownership
> > >
> > > This CL completely rearchitects the ownership of array buffer backing stores,
> > > consolidating ownership into a {BackingStore} C++ object that is tracked
> > > throughout V8 using unique_ptr and shared_ptr where appropriate.
> > >
> > > Overall, lifetime management is simpler and more explicit. The numerous
> > > ways that array buffers were initialized have been streamlined to one
> > > Attach() method on JSArrayBuffer. The array buffer tracker in the
> > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
> > > and the construction and destruction of the BackingStore object itself
> > > handles the underlying page or embedder-allocated memory.
> > >
> > > The embedder API remains unchanged for now. We use the
> > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> > > keep the backing store alive properly, even in the case of aliases
> > > from live heap objects. Thus the embedder has a lower chance of making
> > > a mistake. Long-term, we should move the embedder to a model where they
> > > manage backing stores using shared_ptr to an opaque backing store object.
> >
> > TBR=yangguo@chromium.org
> >
> > BUG=v8:9380,v8:9221,chromium:986318
> >
> > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
> > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#63041}
>
> TBR=yangguo@chromium.org,clemensh@chromium.org,mstarzinger@chromium.org
>
> Change-Id: Iba55c7ab71e5642b5cb6aeb699d6fc9cf9061486
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771795
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63461}
TBR=ulan@chromium.org,mlippautz@chromium.org
Change-Id: Id8f67a68ab398032eb2975b1b24ee125394d9c4b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776095
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63471}
Allow querying whether an object is capable of holding information that
is relevant to the embedder in its embedder fields.
Bug: chromium:999262
Change-Id: Iced1a1cc78142481990d40d91d8e70e6e5518c5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1773268
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63463}
This reverts commit 8fdb23873b.
Original change's description:
> "Reland x4 [arraybuffer] Rearchitect backing store ownership"
>
> This is a reland of bc33f5aeba
>
> Contributed by titzer@chromium.org
>
> Original change's description:
> > [arraybuffer] Rearchitect backing store ownership
> >
> > This CL completely rearchitects the ownership of array buffer backing stores,
> > consolidating ownership into a {BackingStore} C++ object that is tracked
> > throughout V8 using unique_ptr and shared_ptr where appropriate.
> >
> > Overall, lifetime management is simpler and more explicit. The numerous
> > ways that array buffers were initialized have been streamlined to one
> > Attach() method on JSArrayBuffer. The array buffer tracker in the
> > GC implementation now manages std::shared_ptr<BackingStore> pointers,
> > and the construction and destruction of the BackingStore object itself
> > handles the underlying page or embedder-allocated memory.
> >
> > The embedder API remains unchanged for now. We use the
> > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> > keep the backing store alive properly, even in the case of aliases
> > from live heap objects. Thus the embedder has a lower chance of making
> > a mistake. Long-term, we should move the embedder to a model where they
> > manage backing stores using shared_ptr to an opaque backing store object.
>
> TBR=yangguo@chromium.org
>
> BUG=v8:9380,v8:9221,chromium:986318
>
> Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63041}
TBR=yangguo@chromium.org,clemensh@chromium.org,mstarzinger@chromium.org
Change-Id: Iba55c7ab71e5642b5cb6aeb699d6fc9cf9061486
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771795
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63461}
... to let C++ compiler know that isolate root is 4Gb aligned and give
it a chance to generate a better code.
Bug: v8:9353
Change-Id: Ibd23c14cc44107c722a446a84dd14ca66f3bccfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776079
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63445}
Provide copy ctor and assignment operators as it turned out that they are
useful for embedders in certain scenarios when dealing with TracedGlobal
handles without finalization callbacks.
Bug: v8:9660
Change-Id: I2b04f540baeef61a0bc8329ca06b999571cbfe66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1773250
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63439}
This CL adds a new class WasmModuleSourceMap for source map support of WasmModule,
which maps C/C++ source code to WASM bytecode. Via this support, V8 can build a
direct map of source code and JITted code and inform profilers of it, thus the
source-code-level profiling information is presented.
Change-Id: I346f6216809ce4f3bf8b27f1e839dd4efdb00ead
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708029
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Zhiguo Zhou <zhiguo.zhou@intel.com>
Cr-Commit-Position: refs/heads/master@{#63401}
Replace uses of WordEqual on two tagged representation nodes with a new
TaggedEqual helper, which on pointer compressed configs only compares
the bottom 32-bits of the word. We no longer allow using WordEqual on
anything not known to be a WordT (i.e. Node* or TNode<Object>).
In the future, this may allow us to ignore the top bits of an
uncompressed Smi, and have simpler decompression, though this patch is
not sufficient for such a change.
As a necessary drive-by, TNodify a bunch of stuff.
Bug: v8:8948
Change-Id: Ie11b70709e5d3073f12551b37b420a172a71bc99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763531
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63372}
Avoid clearing the memory on the embedder-side of a TracedGlobal handle.
When using destructors in TracedGlobal this is safe as long as the embedder
reports the handle on tracing GCs. If the embedder does not report a handle it
is assumed that the containing object is dead as well.
Without using destructors the same argument holds for tracing GCs. In addition,
embedders using the optimization of clearing references on non-tracing GCs
are expected to clear the reference in ResetHandleInNonTracingGC.
It is suggested that only expert embedders make use of (a) no destructors and
(b) IsRootForNonTracingGC.
Change-Id: Ia417c0eb0860094fcaa554e7046d38abac905714
Bug: chromium:995684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763539
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63362}
ClusterFuzz found another case where "weird" embedder calls can cause
signed integer overflow. This patch fixes the last addition in that
function to use unsigned types.
Bug: chromium:991676
Change-Id: Ia77a12020908de8f0a3bd1be7d3722ba5c5c919b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743971
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63349}
This reverts commit e66cee7e9e.
Reason for revert: Speculative revert for https://ci.chromium.org/p/chromium/builders/try/linux-rel/173349
Original change's description:
> [debug] only break on entry when immediately called from JS
>
> When we break on function entry, check whether the target function is being
> called from JS after entering V8 through V8's API. We implement this by
> keeping track of the stack height when we enter V8 through the API, and compare
> the caller JS frame's stack height with that.
>
> R=szuend@chromium.org
>
> Bug: chromium:991217, chromium:992406
> Change-Id: I258ad9cef11fe0ef48de6fd5055790792fd0ec0c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762298
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63331}
TBR=yangguo@chromium.org,szuend@chromium.org
Change-Id: I4bfb42f7ce1484807696048a09609f14113d10f4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:991217, chromium:992406
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762525
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63341}
When we break on function entry, check whether the target function is being
called from JS after entering V8 through V8's API. We implement this by
keeping track of the stack height when we enter V8 through the API, and compare
the caller JS frame's stack height with that.
R=szuend@chromium.org
Bug: chromium:991217, chromium:992406
Change-Id: I258ad9cef11fe0ef48de6fd5055790792fd0ec0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762298
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63331}
We have internal::TickSample which inherits from this, but we never
use the public version in the API despite defining it there.
Change-Id: I6f0ce7ee663ef821be57cfbad540c1660484a525
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1745472
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63329}
Implement move ctor and assignment for both, the version that matches T
and the version where T and S are related in the type hierarchy.
Bug: chromium:995684
Change-Id: I21a747d706b224117c398e6feff42cc4ffc4cae8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762296
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63325}
Since the mutability of HeapNumbers is determined by their owning
object's descriptor array, we can remove the MutableHeapNumber type
entirely, at the cost of a few fewer DCHECKs and a couple of TODOs
to use the descriptor array information.
This is a necessary step towards a follow-up which allows in-place
Double -> Tagged transitions
Design doc: https://docs.google.com/document/d/1VeKIskAakxQFnUBNkhBmVswgR7Vk6T1kAyKRLhqerb4/
Bug: v8:9606
Change-Id: I13209f9c86f1f204088f6fd80089e17d956b4a50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743972
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63294}
TracedGlobal is already cleared by V8 during garbage collections. It's
the embedders responsibility to clear the reference if it destroys the
underlying reference through other means.
Allow embedders to specify whether they want TracedGlobal to execute
clear on destruction via TracedGlobalTrait.
Bug: chromium:995684
Change-Id: Ieb10cf21f95eb97e01eff15d4fbd83538f17cf7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762007
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63289}
Adds support to the CPU profiler for scraping the incumbent contexts of
V8 stack frames. While it is generally unsafe to access heap objects
during a profiling interrupt, the native context is uniquely usable due
to being guaranteed an alive root on the stack, as well as its slots
being immutable after context creation.
Change-Id: I2c3149c1302b74d2f13aa99d1fdd0cf006e0f9d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1580020
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63258}
V8_EXPORT is not required for public class templates, and using it may
lead to linker errors when users attempt to dllimport V8.
Change-Id: I0b2db2371d0fcbf50af94ba629670486b8f2bc00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757284
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63225}
In generated code, we access fields inside IsolateData through the
root-register. On some platforms it is significantly cheaper to access
things that are close to the root-register value than things that are
located far away. The motivation for this CL was a 5% difference in
Octane/Mandreel scores between
// Part of the stack check.
cmpq rsp,[r13+0x9ea8]
and
cmpq rsp,[r13-0x30] // Mandreel score improved by 5%.
This moves the StackGuard up to fix Mandreel. As a drive-by, also move
two more fields up that are accessed by each CallCFunction.
Tbr: yangguo@chromium.org
Bug: v8:9534,chromium:993264
Change-Id: I5418b63d40274a138e285fa3c99b96e33a814fb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751345
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63187}
This allows us to keep v8 free of the dependency on the crash/base components.
Second half of the change: https://chromium-review.googlesource.com/c/chromium/src/+/1690003.
Bug: v8:9323
Change-Id: If35288e3916df951ae6e2ae39e1cb06fab5fbf8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1699102
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63177}
- Adds regular native heap entries to the HeapObjectsMap.
- Adds a side map for keeping a mapping of native objects to their canonical
heap entry that they have been merged into.
Change-Id: Ida00628126ded1948ceb2a0cbe14da817af7f361
Bug: chromium:988350
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1720810
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63140}
This CL changes the dispatch technique in the regex interpreter to
token-threaded dispatch, if computed gotos are supported by the
compiler. Otherwise old switch-based dispatch is still used
(e.g. for MSVC).
With computed gotos, less jumps will be emitted (no extra jump to
single branch point/begin of switch) and branch prediction will
be better because of no single branch point.
This CL improves performance on the RexBench Benchmark suite by ~10%.
Bug: v8:9575
Change-Id: I585ad824ff1cc595a5dfa8831ad66d6810d0119b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733073
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Patrick Thier <pthier@google.com>
Cr-Commit-Position: refs/heads/master@{#63126}
Update the TracingCpuProfiler test to work properly with perfetto.
Roll perfetto to get fixes for bugs encountered with starting/stopping
tracing rapidly, which happens in the test for the tracing profiler.
Add a check that the DataSource::Register call was successful to flush
out any errors there (although they are fixed by the perfetto roll).
Emit a fake trace event when stopping tracing in order to avoid
losing the final trace event that the user provided. Remove the ad-hoc
fake final trace events that the cctests for perfetto added.
Add a test StartAndStopRepeated which flushes out the issues fixed by
the perfetto roll.
TBR=yangguo@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: I042d7385486bf42c86f1631406974693868a477f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731006
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63083}
This reverts commit 5611f70b3d.
Reason for revert: flaky tests: v8:9588, v8:9587
Original change's description:
> "Reland x4 [arraybuffer] Rearchitect backing store ownership"
>
> This is a reland of bc33f5aeba
>
> Contributed by titzer@chromium.org
>
> Original change's description:
> > [arraybuffer] Rearchitect backing store ownership
> >
> > This CL completely rearchitects the ownership of array buffer backing stores,
> > consolidating ownership into a {BackingStore} C++ object that is tracked
> > throughout V8 using unique_ptr and shared_ptr where appropriate.
> >
> > Overall, lifetime management is simpler and more explicit. The numerous
> > ways that array buffers were initialized have been streamlined to one
> > Attach() method on JSArrayBuffer. The array buffer tracker in the
> > GC implementation now manages std::shared_ptr<BackingStore> pointers,
> > and the construction and destruction of the BackingStore object itself
> > handles the underlying page or embedder-allocated memory.
> >
> > The embedder API remains unchanged for now. We use the
> > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> > keep the backing store alive properly, even in the case of aliases
> > from live heap objects. Thus the embedder has a lower chance of making
> > a mistake. Long-term, we should move the embedder to a model where they
> > manage backing stores using shared_ptr to an opaque backing store object.
>
> TBR=yangguo@chromium.org
>
> BUG=v8:9380,v8:9221,chromium:986318
>
> Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63041}
TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,clemensh@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9380, v8:9221, chromium:986318
Change-Id: Ic7381239f4e90d0c437b7e47a5ac6e8bce60f882
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1736747
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63081}
When the --initial-heap-size flag is set V8's heap will grow to that
value without full GCs. Additionally, full GCs will be skipped
if the heap size drops below that value.
This patch also adds a comment for the initial_heap_size_in_bytes
parameter of ResourceConstraints:ConfigureDefaultsFromHeapSize
Change-Id: I85fda14bc6422af7bf2193d530efbc9b0bd0553d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728622
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63054}
This is a reland of bc33f5aeba
Contributed by titzer@chromium.org
Original change's description:
> [arraybuffer] Rearchitect backing store ownership
>
> This CL completely rearchitects the ownership of array buffer backing stores,
> consolidating ownership into a {BackingStore} C++ object that is tracked
> throughout V8 using unique_ptr and shared_ptr where appropriate.
>
> Overall, lifetime management is simpler and more explicit. The numerous
> ways that array buffers were initialized have been streamlined to one
> Attach() method on JSArrayBuffer. The array buffer tracker in the
> GC implementation now manages std::shared_ptr<BackingStore> pointers,
> and the construction and destruction of the BackingStore object itself
> handles the underlying page or embedder-allocated memory.
>
> The embedder API remains unchanged for now. We use the
> v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> keep the backing store alive properly, even in the case of aliases
> from live heap objects. Thus the embedder has a lower chance of making
> a mistake. Long-term, we should move the embedder to a model where they
> manage backing stores using shared_ptr to an opaque backing store object.
TBR=yangguo@chromium.org
BUG=v8:9380,v8:9221,chromium:986318
Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63041}
This reverts commit df8e617772.
Reason for revert: Multiple flakes in apparently related areas:
https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8906409837768155568/+/steps/Check__flakes_/0/logs/BackingStoreTest.RacyGrowWasmMem.../0
Original change's description:
> "Reland x3 [arraybuffer] Rearchitect backing store ownership"
>
> This is a reland of bc33f5aeba
>
> Original change's description:
> > [arraybuffer] Rearchitect backing store ownership
> >
> > This CL completely rearchitects the ownership of array buffer backing stores,
> > consolidating ownership into a {BackingStore} C++ object that is tracked
> > throughout V8 using unique_ptr and shared_ptr where appropriate.
> >
> > Overall, lifetime management is simpler and more explicit. The numerous
> > ways that array buffers were initialized have been streamlined to one
> > Attach() method on JSArrayBuffer. The array buffer tracker in the
> > GC implementation now manages std::shared_ptr<BackingStore> pointers,
> > and the construction and destruction of the BackingStore object itself
> > handles the underlying page or embedder-allocated memory.
> >
> > The embedder API remains unchanged for now. We use the
> > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> > keep the backing store alive properly, even in the case of aliases
> > from live heap objects. Thus the embedder has a lower chance of making
> > a mistake. Long-term, we should move the embedder to a model where they
> > manage backing stores using shared_ptr to an opaque backing store object.
>
> R=mlippautz@chromium.org
> BUG=v8:9380,v8:9221,chromium:986318
> TBR=ulan@chromium.org
>
> Change-Id: I6c49e2425029b5664ef1c68dab8b5146f4ed0ff2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1719191
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63007}
TBR=mstarzinger@chromium.org,titzer@chromium.org,mlippautz@chromium.org
Change-Id: If0266e5893b1325a332d5986337fa7ece2cb6943
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9380, v8:9221, chromium:986318
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1729549
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63011}
This is a reland of bc33f5aeba
Original change's description:
> [arraybuffer] Rearchitect backing store ownership
>
> This CL completely rearchitects the ownership of array buffer backing stores,
> consolidating ownership into a {BackingStore} C++ object that is tracked
> throughout V8 using unique_ptr and shared_ptr where appropriate.
>
> Overall, lifetime management is simpler and more explicit. The numerous
> ways that array buffers were initialized have been streamlined to one
> Attach() method on JSArrayBuffer. The array buffer tracker in the
> GC implementation now manages std::shared_ptr<BackingStore> pointers,
> and the construction and destruction of the BackingStore object itself
> handles the underlying page or embedder-allocated memory.
>
> The embedder API remains unchanged for now. We use the
> v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> keep the backing store alive properly, even in the case of aliases
> from live heap objects. Thus the embedder has a lower chance of making
> a mistake. Long-term, we should move the embedder to a model where they
> manage backing stores using shared_ptr to an opaque backing store object.
R=mlippautz@chromium.org
BUG=v8:9380,v8:9221,chromium:986318
TBR=ulan@chromium.org
Change-Id: I6c49e2425029b5664ef1c68dab8b5146f4ed0ff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1719191
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63007}
Previously, this was run as a microtask and this CL changes it to run
as a separate task as mandated by the current WeakRef spec.
This CL also introduces a FinalizationGroup type to the V8 API
representing the JSFinalizationGroup. This has a `Cleanup`
function that runs the cleanup callback associated with it.
SetHostCleanupFinalizationGroupCallback is added to set
the embedder defined HostCleanupFinalizationGroupCallback.
ClearKeptObject is exposed on the v8::Isolate to reset the strongly
held set of objects.
The general workflow is the following:
(a) When the GC notices that a given finalization group has dirty
cells, it calls HostCleanupFinalizationGroupCallback with the given
finalization group.
(b) As part of HostCleanupFinalizationGroupCallback, the embedder
enqueues a task that at some point later calls
FinalizationGroup::Cleanup.
(c) At some point in the future, FinalizationGroup::Cleanup is called,
which runs the cleanup callback of the finalization group.
This patch also includes d8 changes to use these new APIs. Currently,
d8 cycles through the enqueued finalization groups after a synchronous
turn (and it's microtask checkpoint) and runs the cleanup callbacks.
Change-Id: I06eb4da2c103b2792a9c62bc4b98fd4e5c4892fc
Bug: v8:8179
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655655
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62984}
Implements ProfilerCodeObserver, a class to track the generation and
movement of code on the heap for the lifetime of each CpuProfiler. When
sampling is inactive, logged code is committed directly to the CodeMap.
During profiling, ProfilerCodeObserver redirects these events onto the
profiling thread for later dispatch.
Bug: v8:9151
Change-Id: Ib5b152446d2a3838e1b00a80253fc4fbd2f6e8c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1604143
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#62943}
Per the July TC39 meeting consensus, we'd like to make the
upcoming String.prototype.replaceAll proposal throw for
non-global RegExp searchValues. However,
String.prototype.matchAll currently does not throw in this
case, causing consistency concerns.
This patch adds a use counter for String.prototype.matchAll
with a non-global RegExp as the searchValue. Hopefully, this
pattern isn't too common in real-world code today, in which case
we can both a) change matchAll and b) proceed with the desired
replaceAll semantics.
https://github.com/tc39/proposal-string-replaceall/issues/16
V8 CL: https://chromium-review.googlesource.com/c/v8/v8/+/1718145
Chromium CL: https://chromium-review.googlesource.com/c/chromium/src/+/1718367
BUG=v8:9551
Change-Id: Ica660a0a6189d84c3d33398c98305d0bcb9f8c23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1718145
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62913}
This reverts commit 306cf40344.
Reason for revert: performance regressions / too near branch point
TBR=mslekova@chromium.org
BUG=v8:9380
Change-Id: If77630b73eafbf1190c823199fe2a34361da303f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1714867
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62867}
This is a reland of bc33f5aeba
Original change's description:
> Reland "[arraybuffer] Rearchitect backing store ownership"
>
> This is a reland of 31cd5d83d3
>
> Original change's description:
> > [arraybuffer] Rearchitect backing store ownership
> >
> > This CL completely rearchitects the ownership of array buffer backing stores,
> > consolidating ownership into a {BackingStore} C++ object that is tracked
> > throughout V8 using unique_ptr and shared_ptr where appropriate.
> >
> > Overall, lifetime management is simpler and more explicit. The numerous
> > ways that array buffers were initialized have been streamlined to one
> > Attach() method on JSArrayBuffer. The array buffer tracker in the
> > GC implementation now manages std::shared_ptr<BackingStore> pointers,
> > and the construction and destruction of the BackingStore object itself
> > handles the underlying page or embedder-allocated memory.
> >
> > The embedder API remains unchanged for now. We use the
> > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> > keep the backing store alive properly, even in the case of aliases
> > from live heap objects. Thus the embedder has a lower chance of making
> > a mistake. Long-term, we should move the embedder to a model where they
> > manage backing stores using shared_ptr to an opaque backing store object.
> >
> > R=mlippautz@chromium.org
> > BUG=v8:9380,v8:9221
> >
> > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
> > Commit-Queue: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#62572}
>
> Bug: v8:9380, v8:9221
> Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62809}
Bug: v8:9380, v8:9221
Change-Id: I9a2525753ae2424108d074fa81df5f25d945c824
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709409
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62847}
Adds a new out param which allows accessing the ScriptOrModule
of a function, which allows an embedder such as Node.js to use
the function's i::Script lifetime.
Refs: https://github.com/nodejs/node-v8/issues/111
Change-Id: I34346d94d76e8f9b8377c97d948673f4b95eb9d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1699698
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62830}
This reverts commit bc33f5aeba.
Reason for revert: Still failing (OOM on win32): https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/22210
Original change's description:
> Reland "[arraybuffer] Rearchitect backing store ownership"
>
> This is a reland of 31cd5d83d3
>
> Original change's description:
> > [arraybuffer] Rearchitect backing store ownership
> >
> > This CL completely rearchitects the ownership of array buffer backing stores,
> > consolidating ownership into a {BackingStore} C++ object that is tracked
> > throughout V8 using unique_ptr and shared_ptr where appropriate.
> >
> > Overall, lifetime management is simpler and more explicit. The numerous
> > ways that array buffers were initialized have been streamlined to one
> > Attach() method on JSArrayBuffer. The array buffer tracker in the
> > GC implementation now manages std::shared_ptr<BackingStore> pointers,
> > and the construction and destruction of the BackingStore object itself
> > handles the underlying page or embedder-allocated memory.
> >
> > The embedder API remains unchanged for now. We use the
> > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> > keep the backing store alive properly, even in the case of aliases
> > from live heap objects. Thus the embedder has a lower chance of making
> > a mistake. Long-term, we should move the embedder to a model where they
> > manage backing stores using shared_ptr to an opaque backing store object.
> >
> > R=mlippautz@chromium.org
> > BUG=v8:9380,v8:9221
> >
> > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
> > Commit-Queue: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#62572}
>
> Bug: v8:9380, v8:9221
> Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62809}
TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,gdeepti@chromium.org,mlippautz@chromium.org
Change-Id: Iea755df9aaa1e95d284135bd0a6681b1340b6832
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9380, v8:9221
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708487
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62811}
This is a reland of 31cd5d83d3
Original change's description:
> [arraybuffer] Rearchitect backing store ownership
>
> This CL completely rearchitects the ownership of array buffer backing stores,
> consolidating ownership into a {BackingStore} C++ object that is tracked
> throughout V8 using unique_ptr and shared_ptr where appropriate.
>
> Overall, lifetime management is simpler and more explicit. The numerous
> ways that array buffers were initialized have been streamlined to one
> Attach() method on JSArrayBuffer. The array buffer tracker in the
> GC implementation now manages std::shared_ptr<BackingStore> pointers,
> and the construction and destruction of the BackingStore object itself
> handles the underlying page or embedder-allocated memory.
>
> The embedder API remains unchanged for now. We use the
> v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> keep the backing store alive properly, even in the case of aliases
> from live heap objects. Thus the embedder has a lower chance of making
> a mistake. Long-term, we should move the embedder to a model where they
> manage backing stores using shared_ptr to an opaque backing store object.
>
> R=mlippautz@chromium.org
> BUG=v8:9380,v8:9221
>
> Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62572}
Bug: v8:9380, v8:9221
Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62809}
ResolveExport and Evaluate are the final unimplemented SyntheticModule methods; with this
change the implementation is complete.
Test-api unit tests are also provided.
Bug: v8:9292
Change-Id: Ieb7643cc5b6495dd201a51f04199d2406a703e52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1681187
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62582}
The current integration of crash keys into v8 got the dependencies wrong: it introduced into v8 a dependency on components and base. This change will allow moving the implementation into "gin" (via Platform's abstraction), which is ok to depend on components and base, while providing the default noop implementation for the embedders that don't care to collect crash keys. Gin's side: https://chromium-review.googlesource.com/c/chromium/src/+/1690003.
Bug: v8:9323
Change-Id: I7b6e3e2cdc4b5f14f61ad20d2c362344d53896c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1689834
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62579}
This reverts commit 31cd5d83d3.
Reason for revert: It breaks my heart to revert this, but it fails differently on several bots, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/26671.
Original change's description:
> [arraybuffer] Rearchitect backing store ownership
>
> This CL completely rearchitects the ownership of array buffer backing stores,
> consolidating ownership into a {BackingStore} C++ object that is tracked
> throughout V8 using unique_ptr and shared_ptr where appropriate.
>
> Overall, lifetime management is simpler and more explicit. The numerous
> ways that array buffers were initialized have been streamlined to one
> Attach() method on JSArrayBuffer. The array buffer tracker in the
> GC implementation now manages std::shared_ptr<BackingStore> pointers,
> and the construction and destruction of the BackingStore object itself
> handles the underlying page or embedder-allocated memory.
>
> The embedder API remains unchanged for now. We use the
> v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> keep the backing store alive properly, even in the case of aliases
> from live heap objects. Thus the embedder has a lower chance of making
> a mistake. Long-term, we should move the embedder to a model where they
> manage backing stores using shared_ptr to an opaque backing store object.
>
> R=mlippautz@chromium.org
> BUG=v8:9380,v8:9221
>
> Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62572}
TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,gdeepti@chromium.org,mlippautz@chromium.org
Change-Id: Ib35788ba8c31192d90cbc72df3dbc41030f109de
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9380, v8:9221
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691034
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62578}
This CL completely rearchitects the ownership of array buffer backing stores,
consolidating ownership into a {BackingStore} C++ object that is tracked
throughout V8 using unique_ptr and shared_ptr where appropriate.
Overall, lifetime management is simpler and more explicit. The numerous
ways that array buffers were initialized have been streamlined to one
Attach() method on JSArrayBuffer. The array buffer tracker in the
GC implementation now manages std::shared_ptr<BackingStore> pointers,
and the construction and destruction of the BackingStore object itself
handles the underlying page or embedder-allocated memory.
The embedder API remains unchanged for now. We use the
v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
keep the backing store alive properly, even in the case of aliases
from live heap objects. Thus the embedder has a lower chance of making
a mistake. Long-term, we should move the embedder to a model where they
manage backing stores using shared_ptr to an opaque backing store object.
R=mlippautz@chromium.org
BUG=v8:9380,v8:9221
Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62572}
The client API provides a much simpler interface so that we don't have
to deal with producers, consumers etc. directly. This CL removes all the
code that dealt with the more complex API used previously.
The architecture used here requires that the embedder call into
Tracing::Initialize() to set up the tracing backend. The tracing
controller then connects to this backend when calling
DataSource::Register() and Tracing::NewTrace(). This will ultimately
avoid the need for a virtual call (or two) for every trace event that
need to be dispatched over the API - chrome can provide a backend
and V8 will connect to it opaquely with the same code when tracing is
enabled.
Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: I6b74fbb49ffcc89638caeb59ed3d5cc81238f3e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634916
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62568}
Cpplint usually checks for non-const reference arguments. They are
forbidden in the style guide, and v8 does not explicitly make an
exception here.
This CL re-enables that warning, and fixes all current violations by
adding an explicit "NOLINT(runtime/references)" comment. In follow-up
CLs, we should aim to remove as many of them as possible.
TBR=mlippautz@chromium.org
Bug: v8:9429
Change-Id: If7054d0b366138b731972ed5d4e304b5ac8423bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687891
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62551}
This change is a partial implementation of Synthetic Module Record as specified here:
https://heycam.github.io/webidl/#synthetic-module-records
This includes:
- Introduce SyntheticModule class inheriting from Module.
- Extend v8::Module interface in v8.h to include Synthetic Module APIs, with corresponding
implementations in api.cc.
- Provide SyntheticModule implementations of PrepareInstantiate, FinishInstantiate, and SetExport.
- Provide cctest unit tests for the implementations in the preceding item.
We will follow up with further submissions to implement the remaining members of
SyntheticModule (ResolveExport and Evaluate).
Bug: v8:9292
Change-Id: I25b1b695b5d1c3004677cd685f0dfd95283438fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1626829
Commit-Queue: Dan Clark <daniec@microsoft.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62433}
... when building inspector objects.
This is useful in Chromium, when recording the initiator information
for navigations.
See https://chromium-review.googlesource.com/c/chromium/src/+/1674885
Change-Id: Ib9ddcaf05586ca1f48a31921a20ab11a703ec7b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1677381
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62389}
There's no reason to use the API RegExp type instead of the internal
JSRegExp type. In fact, the parsed flags end up in
Runtime_CreateRegExpLiteral, which assumes them to be of type
JSRegExp::Flags.
Drive-by: Additional asserts and helper functions in JSRegExp.
Bug: v8:9359
Change-Id: I5c12aba7d4e39a4891fb23d8b47c55fc480a28d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667004
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62376}
This makes sure that BUILDING_V8_SHARED and USING_V8_SHARED are not
both set at once.
Change-Id: Iba3a4fac37518b6ec3658da4575453a7967ece0f
Bug: v8:8855
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627978
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62369}
Bug: v8:9183
Change-Id: I40c1cd1f55efc353af19cdee48e85ddc8085586c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664059
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62344}
This does not delete the files in the old locations yet since we need
to fix up the references in Chrome and Node.js.
Bug: v8:9247
Change-Id: I75dd469e19b6d4249ed187dd6d095d306f1b6c45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649355
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62258}
