Since https://crrev.com/c/1335572, our sanitizers allow to set custom
segfault handlers. Thus remove special code that was added to handle
sanitizers that prevent installation of segfault handlers. Instead,
CHECK that the signal handler was installed correctly.
R=ahaas@chromium.org, mseaborn@chromium.org, mark@chromium.org
Bug: chromium:830894
Change-Id: I3bd66e33efdceb3e8469f3f4a09fbde90cb3d7ec
Reviewed-on: https://chromium-review.googlesource.com/c/1392199
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58513}
Instead of de-sugaring destructuring assignment in the parser (using the
pattern rewriter), pass the Object/ArrayLiterals through to the bytecode
generator, which can desugar them in-place.
This allows us to decrease the amount of AST node creation, and improve
the generated bytecode using domain-specific knowledge. As a side effect
we partially fix an old execution ordering spec bug.
Currently only implemented for assignments, not declarations, as the
latter has some additional complexity.
Bug: v8:4951
Change-Id: I3d69d232bea2968ef20df68a74014d9e05808cfe
Reviewed-on: https://chromium-review.googlesource.com/c/1375660
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58512}
Port 640d3adf5f
Original Commit Message:
InternalPackedArray now only has one constructor variant that expects no
arguments (Chrome's only usage of InternalPackedArray). As such, these TFC
builtins are no longer used and were removed:
- InternalArrayNoArgumentConstructor_Holey
- InternalArraySingleArgumentConstructor_Packed
- InternalArraySingleArgumentConstructor_Holey
On x64.release, this reduces builtins size by ~1.2KB.
R=peter.wm.wong@gmail.com, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I46d86178c33e47acf2fb75fd3de743686641caa1
Reviewed-on: https://chromium-review.googlesource.com/c/1393825
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58509}
Port a55803a15d
Original Commit Message:
This change makes the SFI to bytecode link pseudo-weak. The marking visitors
check whether the bytecode is old, and if so, don't mark it and instead
push the SFI onto a bytecode_flushing_candidates worklist. Once marking
is complete, this list is walked, and for any of the candidates who's bytecode
has not been marked (i.e., is only referenced by the shared function info),
the bytecode is flushed and the SFI has the function data replaced with
an UncompiledData (which overwrites the flushed bytecode array).
Since we don't track JSFunctions, these can still think the underlying
function is compiled, and so calling them will invoke
InterpreterEntryTrampoline. As such, logic is added to
InterpreterEntryTrampoline to detect flushed functions, and enter
CompileLazy instead.
R=rmcilroy@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:8395
LOG=N
Change-Id: I4a913d318363a584d79aa6d7f4ee09f04a89bbbe
Reviewed-on: https://chromium-review.googlesource.com/c/1393824
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58508}
This Mac/Fuchsia build was broken as the generated assembly file must
follow Linux-style calling conventions.
Change-Id: I05d946e77690e97f05d57a3d5ba04cd2e63fbb9d
Reviewed-on: https://chromium-review.googlesource.com/c/1377230
Commit-Queue: Fabrice de Gans-Riberi <fdegans@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58507}
These are FixedArrays, not ObjectHashTable
Change-Id: I8f5a4d8c16bc0f566719815fbea6be51b6bd8ec5
Reviewed-on: https://chromium-review.googlesource.com/c/1387864
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58505}
Port 24e766168b
Original Commit Message:
This is a reland of f849396c3a
Original change's description:
> [nojit] Remove code stubs
>
> All stubs have been migrated to builtins. This CL removes most related
> code.
>
> Bug: v8:7777, v8:5784
> Change-Id: I4470cfef34788e6c8e0fd5fd09e40e250d088dad
> Reviewed-on: https://chromium-review.googlesource.com/c/1365284
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58093}
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ie05463245c24975804a8bb7ffdf902c70e042127
Reviewed-on: https://chromium-review.googlesource.com/c/1393302
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58504}
Port b89d4249c0
Original Commit Message:
This migrates the JSEntryStub to three dedicated builtins:
JSEntry
JSConstructEntry
JSRunMicrotasksEntry
correct macro assembler method to load and store external references
through the kRootRegister).
kRootRegister is initialized, so we first reserve the slot and later
load its value.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ib84feca5e88d032307b5fab42377c56d074faf7f
Reviewed-on: https://chromium-review.googlesource.com/c/1393296
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58503}
This CL doesn't change anything, but builds the infrastructure to inline
selected macros into the Torque IR.
Bug: v8:7793
Change-Id: Icdaa014633edfb314f9263c1a8ad84de4a9e9f97
Reviewed-on: https://chromium-review.googlesource.com/c/1392202
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58502}
Bring ia32 in line with the arm implemention. Instead of computing the
"half index" manually, pass the index and an enum pointing to either
half.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ia3799a42fe2b9890aa4076d2e09947380331348e
Reviewed-on: https://chromium-review.googlesource.com/c/1391758
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58501}
Apart from being more in-line with the style guide, this allows to use
DEFINE_LAZY_LEAKY_OBJECT_GETTER for defining {TypeCache::Get}.
R=tebbi@chromium.org
Bug: v8:8562
Change-Id: I016b28624950ce9404180fc1ca1a232551f75cd0
Reviewed-on: https://chromium-review.googlesource.com/c/1392201
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58500}
Port f7f18b0f1e
Original Commit Message:
In preparation for converting JSEntry into a builtin. The root register
used to be initialized by an embedded external reference, which is not
isolate-independent. Pass in its value explicitly instead.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I447c880c7f840a012e53870e28e2bd3bfa552040
Reviewed-on: https://chromium-review.googlesource.com/c/1393288
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58499}
The first leak only happens if the default platform does not provide a
page allocator, which is never the case in d8. I am not sure why the
second leak was not detected so far. Anyway, this CL removes it.
R=tebbi@chromium.org
Change-Id: I215435f28a498298034e1657e7d2ebb8db8450c4
Reviewed-on: https://chromium-review.googlesource.com/c/1392197
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58498}
And use it in several places in wasm.
R=tebbi@chromium.org
Bug: v8:8562
Change-Id: I1e857baf33e99849eb32ac2c94e39d7f27b180c8
Reviewed-on: https://chromium-review.googlesource.com/c/1391757
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58495}
Introduce a LeakyObject template and use that to implement static
lazily initialized objects that never get destructed. This was done in a
hand-crafted and complex way before via LazyInstance and
LazyStaticInstance.
R=tebbi@chromium.org
Bug: v8:8600, v8:8562
Change-Id: Id160996753b2cb1baf0f4b2cec9e1727f1d01512
Reviewed-on: https://chromium-review.googlesource.com/c/1388539
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58494}
In the description of the `v8_use_snapshot` gn arg, we had a link to
the old location of our blog.
R=mathias@chromium.org
No-Try: true
Change-Id: Ib7d0ae21f3e109b4fae9ca51a1c69d07d42f9017
Reviewed-on: https://chromium-review.googlesource.com/c/1392191
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58493}
This improves validation time by 7-8% and Liftoff compilation time by
2-3% while increasing binary size by ~12kB.
R=mvstanton@chromium.org
Bug: v8:8423
Change-Id: I08961097fb61f4a218522138efe51a9165a7c62b
Reviewed-on: https://chromium-review.googlesource.com/c/1391748
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58486}
Identify validation fails to read the index of prefixed opcodes, and not
continue to decode the next bytes.
Change-Id: I2c737af55615ba69ba0c5f5adf18a06c6cdb951a
Bug: chromium:905815
Reviewed-on: https://chromium-review.googlesource.com/c/1390927
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58485}
Currently the concurrent marker visits any fixed array in one go
ignoring the progress bar and does not expect seeing black arrays
in the worklist. For this reason, if the main thread marker starts
visiting a large array with the progress bar, then it has to re-push
the array in the bailout worklist. So all subsequent visitations of
the array happen on the main thread.
This patch makes the progress bar thread-safe and allows the
concurrent marker to visit arrays in chunks.
Change-Id: I5e8867077ed2908b7f9c5d8bde34d0401f7fe446
Reviewed-on: https://chromium-review.googlesource.com/c/1385164
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58484}
Prevent aliasing between problematic registers for
shift operations with int64 values in the arm port
of Liftoff.
Bug: v8:6600, chromium:912592
Change-Id: I905f0a657626fdfac3e41fe2878e918e3c779a8f
Reviewed-on: https://chromium-review.googlesource.com/c/1388564
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58480}
They will later be detected as redundant again, but we can save memory
and performance by just not adding them in the first place.
R=mvstanton@chromium.org
Bug: v8:8423
Change-Id: I11d88642333681612e2f8f4eaee7ba700cbf64d5
Reviewed-on: https://chromium-review.googlesource.com/c/1390132
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58479}
This silences the new presubmit check for all base classes.
R=tebbi@chromium.org
Bug: v8:8616
Change-Id: I389fedde1b44d9c583dd2fb75e6c8af138c4feb0
Reviewed-on: https://chromium-review.googlesource.com/c/1387491
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58478}
This reverts commit 2d2c137492.
Reason for revert: layout test timeout - crbug.com/917714
Original change's description:
> Reland^2 "[turbofan] Use feedback when reducing global loads/stores."
>
> This reverts commit ac85ab0a3d. A
> chromium test caused trouble and was taken care of in
> https://chromium-review.googlesource.com/c/1384064.
>
> Original change's description:
> > [turbofan] Use feedback when reducing global loads/stores.
> >
> > We already record the script context location or the property cell
> > as feedback of the global load/store IC, so Turbofan doesn't need
> > to do the lookups again.
>
> TBR=sigurds@chromium.org
>
> Change-Id: I58bcd9bceec2f9cf401f7b0fc4460a6da6cd0abc
> Reviewed-on: https://chromium-review.googlesource.com/c/1386404
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58393}
TBR=neis@chromium.org,sigurds@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I9003135cfc5cc3ffb8bbf06ca35c9773adac93e7
Reviewed-on: https://chromium-review.googlesource.com/c/1390129
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58475}
This reverts commit 97628eeeb9.
Reason for revert: breaks compilation in Lite mode, which does not allow overriding of certain flags. See https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8926078411629093216/+/steps/build/0/steps/compile/0/stdout.
Original change's description:
> [error] extend error stack w/ function parameters
>
> Extend FrameArray to hold weak references to parameters for functions in
> the call stack. The goal here is to provide more metadata for postmortem
> tools (such as llnode), especially in cases of rethrowing (this will be
> particularly useful when using postmortem with promises on Node.js).
>
> Besides postmortem, these changes allow us to print a more detailed
> stack trace for errors with parameters types (or even values), which can
> be useful since JavaScript functions can receive any number of
> parameters of any type, and having a function behave differently
> according to the number of parameters received as well as their types is
> a common pattern on JS libraries and frameworks.
>
> R=bmeurer@google.com, yangguo@google.com
>
> Change-Id: Idf0984d0dbac16041f11d738d4b1c095a8eecd61
> Reviewed-on: https://chromium-review.googlesource.com/c/1289489
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58468}
TBR=yangguo@chromium.org,bmeurer@google.com,bmeurer@chromium.org,mat@mmarchini.me
Change-Id: Ide0a434c1521ab2bbeca6821397ff63ba7d40fe5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1390128
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58469}
Extend FrameArray to hold weak references to parameters for functions in
the call stack. The goal here is to provide more metadata for postmortem
tools (such as llnode), especially in cases of rethrowing (this will be
particularly useful when using postmortem with promises on Node.js).
Besides postmortem, these changes allow us to print a more detailed
stack trace for errors with parameters types (or even values), which can
be useful since JavaScript functions can receive any number of
parameters of any type, and having a function behave differently
according to the number of parameters received as well as their types is
a common pattern on JS libraries and frameworks.
R=bmeurer@google.com, yangguo@google.com
Change-Id: Idf0984d0dbac16041f11d738d4b1c095a8eecd61
Reviewed-on: https://chromium-review.googlesource.com/c/1289489
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58468}
The concurrent marker can now visit maps and mark the subset of
descriptors that a map requires.
Bug: v8:8486
Change-Id: I184442ec90a8f60c73cfe16d6e9d66f4efa92a01
Reviewed-on: https://chromium-review.googlesource.com/c/1384320
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58466}
Factory::NewRawOneByteString initializes the string length without
atomic accessor. This leads to data race if the string is pretenured
and black allocated because the concurrent marker loads the string
length before checking the string markbits.
This patch changes the order to check the markbits first.
Bug: v8:8579
Change-Id: Ic434f7dde9baa6264fe133499d2394c0d4cc5394
Reviewed-on: https://chromium-review.googlesource.com/c/1388542
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58465}