The missing check that runtime function parameters have to be tagged
lead to a bug: https://chromium-review.googlesource.com/c/v8/v8/+/1604071
drive-by-fix: Remove obsolete verbose mode. It hasn't been maintained
since the very early Torque versions, and the remaining printf's are
rather useless.
Bug: v8:7793
Change-Id: I59adf4c6c5d92a8838cdc638afb2ab7a41550b55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609910
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61483}
This is a reland of 2c0b1f6e9d
This fixes two bugs:
- Unreachable might have value uses even after being connected
to Throw, so the solution is to just not replace them with the Dead node
anymore.
- We didn't trigger initial visitation of the new Throw node.
Re-visiting the changed End node takes care of this.
Original change's description:
> [turbofan] re-wire Unreachable to the graph end at EffectPhi's
>
> This avoids the EffectControlLinearizer stumbling upon unreachable
> code.
>
> Bug: chromium:958718
> Change-Id: I135c17813741e48e878a4624370eee1e06081031
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605737
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61434}
Bug: chromium:958718 chromium:962475 chromium:962474
Change-Id: I388a59912e6260a221cccc76102e0c4b00bff93e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609791
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61482}
When receiver is null or undefined we should not look into key. Calling
ToName on key is observable. This cl fixes the GenericKeyedLoadIC to
miss into runtime when the receiver is null or undefined.
Bug: v8:8394
Change-Id: Iaed07cd1b77b63e550284108777e165141af57a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605948
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61481}
test-sampler-api.cc calls {Simulator::get_pc} and
{Simulator::get_register}, hence these methods need to be exported.
R=ahaas@chromium.org
Change-Id: I5ba48d877f7101d1e8527c8138fa2e930ba686ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611678
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61478}
We landed two mitigations for the bug, and crash data shows that it is
indeed fixed. It is still not clear whether this is a compiler bug,
wrong use of inline assembly, or LTO. The original fix to move the call
to {FlushInstructionCache} should not be needed any more though.
This CL thus reverts https://crrev.com/c/1571619 and uses V8_NOINLINE
instead of the noinline attribute.
If this reintroduces any crashes, please revert. We are far enough away
from the branch to detect this on canary without too much trouble.
R=jkummerow@chromium.org
Bug: chromium:952759
Change-Id: I76f9850d8d6a8af0926b88e961f89df41b662ae7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611677
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61477}
... in order to make it optimizable for enabled pointer compression.
Bug: v8:9183
Change-Id: I8b92e48cc43dcc823eefb5a8a4a29de7a8ba0e78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609545
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61476}
When looking up toJSON function presence on the BigInt prototype,
we must pass the original primitive value as the receiver to any
getter calls. Thanks to the magic of the LookupIterator, this is
actually easier than the alternative.
Bug: v8:9048
Change-Id: I72e144dbfa2862df479fd4deee40acd5dd468243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611538
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61475}
After introducing explicit compress and decompress nodes for each load
and store we are left with many nodes that are redundant.
This CL aims to eliminate redundant decompressions and compressions in the
"direct decompression & compression" category.
Also added tests to test the new reducer.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I93e024d13af34d484086b7983f379265d16ac154
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602702
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61473}
This work-around got lost in the recent refactorings.
Bug: v8:8193
Change-Id: I81d22e0702666d1d8ef954cd3d074e22c89378cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609806
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#61468}
Previously we would attribute some frames of inline stacks to the wrong
line number.
For inlined frames, the source position table contains the line number
of the most-inlined frame (innermost). It's quite possible that this
function is within another script though, in which case the line number
will be wrong. Fix that here by taking the script from the
InliningStack, rather than assuming it is the same script as the
original code entry.
Bug: v8:7203, chromium:953309
Change-Id: Ia8795dbdd97d2f24f4bc685565d1e3a94e6067b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1403114
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61467}
Previously, processing second pass callbacks could have been called
recursively, and depending on the source of the GC, either with the
ability to call into JS or not.
Make the behaviour consistent by a) no iterating over the second pass
callback list when we are already doing so and b) explicitly allowing
JS execution.
Refs: https://github.com/nodejs/node/issues/27577
Change-Id: Ia13f775b323df4e49e28429ca88cf7d3a77883e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607762
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61466}
For keyed stores to JSArrays we can generally allow the receiver to grow
to the necessary size by bumping the magical length property. This works
for regular Arrays, but not in the case the prototype chain contains a
TypedArray, as that is going to swallow all stores that are considered
out-of-bounds for it.
We don't wanna deal with that kind of complexity in the IC handlers, so
we just refuse to handle that case (also giving TurboFan the signal that
it shouldn't attempt to handle growing stores in that case).
Bug: chromium:960134, chromium:961709
Change-Id: Ia886de590c32ae51ed4ebe38fc237ed975a635aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609790
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61465}
This is a preparation for doing a similar change to JSTypedArrays to
be able to finally access huge ArrayBuffers with TypedArrays. This CL
itself improves the performance of DataViews, sometimes to be even
faster than TypedArrays now. On the test case[1] we go from
testDataViewGetUint8: 711 ms.
testUint8Array: 654 ms.
testDataViewGetUint16: 801 ms.
testUint16Array: 649 ms.
testDataViewGetInt32: 699 ms.
testInt32Array: 648 ms.
testDataViewGetFloat64: 701 ms.
testFloat64Array: 650 ms.
to
testDataViewGetUint8: 622 ms.
testUint8Array: 656 ms.
testDataViewGetUint16: 634 ms.
testUint16Array: 656 ms.
testDataViewGetInt32: 629 ms.
testInt32Array: 655 ms.
testDataViewGetFloat64: 631 ms.
testFloat64Array: 661 ms.
so the performance improves by up to **20%**.
[1] https://github.com/bmeurer/js-micro-benchmarks/blob/master/bench-dataview.js
Tbr: ulan@chromium.org
Bug: chromium:225811, v8:4153, v8:8383
Change-Id: Ie4409e2fe96e5085ddcf5eb3f24f3cacfb3afe02
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601144
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61464}
Instead of using sequential search for each string type,
this CL partition the search space into two groups.
In arm64, observed about 10% speedup in the benchmark posted in bug7326.
Bug: v8:7326
Change-Id: I42d4580eddf7bde7b9eb2225b08c8e26989f14e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605355
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61463}
The language server needs Torque compilation artifacts like
declarables for more advanced features. This CL moves the GlobalContext
into the LanguageServerData class when Torque compilation finishes, to
preserve all the compiler data.
Additionally, all declarables are split up by source id. This makes
providing all symbols of a file easier.
R=tebbi@chromium.org
Bug: v8:8880
Change-Id: I424d1ddc04fcd18934f76a736900bc5d08261c07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601132
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61462}
Added null check when printing the brand with --print-ast.
Bug: chromium:961507, chromium:961508
Original change's description:
> [class] implement private method declarations
>
> This patch implements the declarations of private methods, the access
> of private methods would be left to a future patch.
> When a private methods declaration is encountered, we now:
>
> - Create a brand symbol during class evaluation and store it in the
> context.
> - Create the closures for the private methods
> - Load the brand from the context and store it in the instance in the
> constructor.
>
> Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit#
>
> Bug: v8:8330
> Change-Id: I2d695cbdc8a7367ddc7620d627b318f779d36150
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568708
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61387}
Change-Id: I3bf465f70c27914c9ec19f3f59ae018b28c9a866
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605521
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61459}
Fixed by 6644f2b872
(https://chromium-review.googlesource.com/c/v8/v8/+/1605728)
This is a reland of 652e32f9f9
Original change's description:
> [heap] Make trampoline CodeDataContainers immutable and deduplicate them
>
> Moves all trampoline CodeDataContainers to read-only space, making them
> immutable. Containers with no 'kind specific flags' set or 'promise
> rejection' flag are deduplicated by replacing them with the new canonical
> CodeDataContainers roots.
>
> This saves around 36KB from the snapshot.
>
> RO_SPACE NEW_SPACE OLD_SPACE CODE_SPACE MAP_SPACE LO_SPACE
> old 32048 0 225944 149280 20240 0
> new 32120 0 189344 149280 20240 0
>
> Bug: v8:7464
> Change-Id: Iedd538a86311ef501cd88c90ec75e1308195762f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601257
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61378}
Bug: v8:7464
Change-Id: Ib98577d7d6c8c1205c94bf8c57d9cb38f51fdad3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609539
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61451}
{CommitPageSize()} can be smaller than {AllocatePageSize()} (on win64,
it's 4kb vs 64kb), thus use the commit size where appropriate.
R=titzer@chromium.org
Change-Id: Ic9a009158d788aa0c53e15790ea089f01ade0d0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605940
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61450}
If the gc foreground task is running, we don't expect any wasm code to
be live on the stack.
This CL adds a SLOW_DCHECK for this assumption.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I0c221f6acaebd8c622d0f55ff85f69105482942f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609541
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61449}
TurboFan truncated null to +0 even in contexts such as -0 == null
because it was not handling the TypeCheck correctly. This restricts
the type conversion case to not apply truncation in this case (see
comment in patch).
Change-Id: Ia38ace9608800c8d61988de402a31dd863d9160a
Bug: chromium:961237
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609538
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61446}
This factors out a {WasmCodeAllocator} which manages all code
reservations and allocations for a {NativeModule}. This will allow for
better testing of this component (which will be added in a separate CL).
R=titzer@chromium.org
Change-Id: I09727c30afc533e95569276147792d0e641b0507
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605738
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61445}
This removes the need for passing ever more boolean flags
to the class constructor.
Change-Id: I0271e1b96585252183dcf070eb440ebdaf2a270f
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607760
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61444}
I did the implementation with a runtime function. I extracted some code
from the implementation of table.get.
By accident I formatted anyfunc.js. However, since it's an improvement,
I don't want to undo it. I didn't change anything in the older tests
though, I only added new tests at the end.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I31832ccc817e1e7989f486d6487108c14d21bbea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602701
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61442}
Having an TaggedImpl template will simplify adding compressed variants
of Object and MaybeObject which is required for avoiding unnecessary
value decompression in tight copying loops and write barrier
implementations.
Bug: v8:7703, v8:9183
Change-Id: I388b008aad0dbeb2d33fc5fb80c5f29b55ef993e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588419
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61441}
The FATAL macro (without arguments) is used by some other libraries
e.g. protobuf and this causes conflicts. We only declared FATAL()
previously, so go back to that behavior by declaring arguments
for FATAL every time we define it.
Change-Id: Ia4c280fd7a1f27c2031de2fb691d60083f361a9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607649
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61440}
This allows handler tables to be followed by (at maximum) 4 bytes of
alignment padding. Data following the handler table (e.g. the constant
pool) might cause such padding to be added.
R=jgruber@chromium.org
Change-Id: Icb1d3156032b847dc805b8e3e63b02c0b29dbd51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605723
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61437}
harmony-locale is shipped in m74 and m74 is already out.
Remove harmony-locale flag from the code.
Bug: v8:8910
Change-Id: If9634b6767cfe449cfa03980bbad26ceb7408c79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1592465
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61429}
FATAL() calls with more than one argument are preserved.
The rest of chrome does this as well. Stack traces and minidumps should
be sufficient for analyzing the reason for crashes.
This saves 110kb for Android arm32.
Bug: chromium:958807
Change-Id: I88a1ec82f1ed7bd5e7dbccf6d645d5584f16de82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598159
Commit-Queue: Andrew Grieve <agrieve@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61426}
They are added under the global scope object, as follows:
{
"memory": ...,
"globals": {
"global#0": ...,
"global#1": ...,
"global#2": ...,
}
}
We currently don't have any way to name globals in the wasm binary
format, but it is possible to extend the name section with these names
in the future.
Bug: v8:6846
Change-Id: I79fa4ed3d83964bc8e26d66516605d41e92b3d03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601829
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61425}
In the longer run we only want the CBOR code path, for now we need to handle
JSON as well. So we convert if possible.
Change-Id: I726b737f4cd2602d4fb676ce7cf996fcd1ba33e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598254
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61424}
This change generates functions that verify the things that Torque knows
about objects and their fields. We still must implement each verifier
function in objects-debug.cc, but we can call into the generated code to
verify that field types match their Torque definitions. If no additional
verification is required, we can use the macro USE_TORQUE_VERIFIER as a
shorthand for a verifier that calls the corresponding generated
function.
A new annotation @noVerifier can be applied to both class and field
definitions, to prevent generating verification code. This allows fully
customized verification for complicated cases like
JSFunction::prototype_or_initial_map, which might not exist at all, and
JSObject::elements, which might be a one pointer filler map.
Because Factory::InitializeJSObjectFromMap fills new objects with
undefined values, and many verifiers need to deal with partially-
initialized objects, the generated verifiers allow undefined values on
every class deriving from JSObject. In cases where stricter checks were
previously performed, they are kept in objects-debug.cc.
Bug: v8:7793
Change-Id: I84034efadca89ba0aceddf92e886ffbfaa4c23fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594042
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61422}
1. Use the newer LocalizedNumberFormatter API which improve
the performance score x3.3.
Here are how I got the performance score:
$ python -u tools/run_perf.py --binary-override-path \
out/x64.release/d8 --filter "JSTests/Intl" \
test/js-perf-test/JSTests5.json
Look for NewIntlNumberFormat-Intl(Score) for 3 runs.
BEFORE: 539 507 507
AFTER: 2009 2069 1994
2. Also add symbol and enum to prepare implementing of the unified
number proposal.
Bug: v8:8515
Change-Id: Ie1ca1dba1e806449632cc96b81d44f0dc61b6093
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1392233
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61421}
Create an Intl::GetNumberingSystem function shared by several
Intl object which throw exception internally.
Bug: v8:9190
Change-Id: Ibe658e61bc8d0e5c061b26fe8527e69d086ea185
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1590442
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61419}
This is a reland of f2e652264d
Nothing has changed but
https://chromium-review.googlesource.com/c/v8/v8/+/1585269 has been rolled
back due to v8:9234.
Original change's description:
> Reland "[compiler] Don't collect source positions for the top frame"
>
> Fixed crashes by adding missing call to EnsureSourcePositionsAvailable,
> which requires clearing and restoring the pending exception.
>
> > While most source positions were not collected even throwing exceptions,
> > the top frame still was always collected as it was used to initialize
> > the JSMessageObject. This skips even that frame, by storing the
> > SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
> > it to lazily evaluate the actual source position.
> >
> > Also adds tests to test-api.cc that test each of the source position
> > functions in isolation to ensure that they don't rely on previous
> > invocations to call the source collection function.
> >
> > Since no source positions are now collected at the point when an
> > exception is thrown, the mjsunit/stack-traces-overflow now passes again
> > with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
> > only failure).
>
> Bug: v8:8510
> Change-Id: Ifa5fe31d3db34a6c6d6a9cef3d646ad620dabd81
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601270
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61372}
TBR=ulan@chromium.org
Bug: v8:8510
Change-Id: Iaa9e376f90d10c0f25d1bcc352808363e4ea8b4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605946
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61418}
MIPS64 has a user space of 2^40 bytes on most processors, address
space limits needs to be smaller. 256G is ok, but it will cause
mjsunit/wasm/bulk-memory-spec/memory_copy.wast get a OOM error.
Bug: v8:7747
Change-Id: Ie7a96336ef4ab6340def813478a09bdf3f76894e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605524
Auto-Submit: Yu Yin <xwafish@gmail.com>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61417}
Brokerize parts of named property access.
Bug: v8:7790
Change-Id: I465bced5f266969040d1e966946a162b0a850c5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1596734
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61414}
... by moving the EffectControlLinearizer class into the .cc file and
only exposing a single function in the header.
Change-Id: I63dc3edd9de7df60041f0687d920996e308e0d4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605739
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61413}
Everything after UNREACHABLE is dead code, so it makes sense to remove them.
Bug: v8:9183
Change-Id: If76468a73b926d74717cc2348fd5b36d30f680c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605727
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61411}
Precise code-coverage, collecting type profile and logging function events
need feedback vectors. This cl allocates feedback vector eagerly when any of
these features are required. When the code-coverage mode changes to anything
other than best case, this scans over the entire heap and allocates feedback
vectors for the required functions.
For best case code coverage we use interrupt budget field on the feedback
cell to infer if a function has executed. We still use the invocation count
on the feedback vector if feedback vector is available.
Bug: v8:8394
Change-Id: Ia0e656aaaa024d6d893a5badafc9a42ce36e9ea3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601143
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61410}
This is a more general fix than 84435fa because tests that rely on
the sweeping order mark all unwanted pages as never-allocate using
SealCurrentObjects.
Bug: v8:9205
Change-Id: I261de3183ee38189ed72de28883a4fdf7b6f253d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605728
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61407}
This reverts commit b9191bd355.
Reason for revert: Clusterfuzz bugs
BUG=chromium:961507,chromium:961508
Original change's description:
> [class] implement private method declarations
>
> This patch implements the declarations of private methods, the access
> of private methods would be left to a future patch.
> When a private methods declaration is encountered, we now:
>
> - Create a brand symbol during class evaluation and store it in the
> context.
> - Create the closures for the private methods
> - Load the brand from the context and store it in the instance in the
> constructor.
>
> Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit#
>
> Bug: v8:8330
> Change-Id: I2d695cbdc8a7367ddc7620d627b318f779d36150
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568708
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61387}
TBR=rmcilroy@chromium.org,gsathya@chromium.org,verwaest@chromium.org,joyee@igalia.com
Change-Id: I429bbe8af9f94598de132814aa2c3ab9fa69b986
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8330
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605730
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61406}
... which works properly when intptr_t is bigger than int and makes
MSVC happy about this.
Bug: v8:9183
Change-Id: I224eff00c1cbcb9a8c9f16eadaec078db7cf16db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601511
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61405}
{NativeModule::GetCode} can actually return {nullptr} if no code was
compiled yet for a function, e.g. in asm.js where we use lazy
compilation. In that case, we must not try to increment the ref count
on the nonexisting code object.
We had a few errors recently that were hard to reproduce because we do
not have a flag to enable code logging. Clusterfuzz managed to
accomplish this by passing --trace-ic.
In order to test bugs in code logging properly, this CL introduces a
new runtime function called "EnableCodeLoggingForTesting". It registers
a noop {CodeEventListener} and enables code logging in the wasm engine.
We should whitelist this flag in ClusterFuzz to potentially flush out
more bugs.
R=mstarzinger@chromium.orgCC=frgossen@chromium.org
Bug: v8:8217, chromium:961129, chromium:961245, chromium:961128
Change-Id: I2f97c109db70b41531d58580b71f6781beeb8dcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602700
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61404}
The new json parser reuses a lot of symbol names from the
ordinary parser and in some extreme jumbo builds those
symbols end up in the same translation unit and prevents
compilation.
This adds "Json" to some duplicate symbol names.
Change-Id: Ie38ec7e65f9807b877d35689b654c696dc880998
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602704
Auto-Submit: Daniel Bratell <bratell@opera.com>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61403}
Helps make configuring profilers more scalable as our number of
parameters grows.
Change-Id: I81263a30c221edaa3934a92eb000b71ddfbdea60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601585
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#61402}
JSInliner class wrongly assumed that all functions passing through
JSInliningHeuristic have feedback vectors, but that's not the case
when the inlining candidate hasn't been called yet.
Bug: chromium:961522
Change-Id: I89c0f2098add19d9b59394f1e7230cbec426119d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605720
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61400}
Per 262, yield* for async generators is supposed to Await the input value.
#sec-generator-function-definitions-runtime-semantics-evaluation
Section 14.4.13, yield *, 7.c.iii.1
Bug: v8:9051
Change-Id: Ie1e829309fe78683a9ff0adf816208c2bf0bb524
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1600508
Commit-Queue: Joshua Litt <joshualitt@google.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61390}
This reverts commit 652e32f9f9.
Reason for revert: speculative revert due to flaky test failures:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20nosnap%20-%20debug/23920
Original change's description:
> [heap] Make trampoline CodeDataContainers immutable and deduplicate them
>
> Moves all trampoline CodeDataContainers to read-only space, making them
> immutable. Containers with no 'kind specific flags' set or 'promise
> rejection' flag are deduplicated by replacing them with the new canonical
> CodeDataContainers roots.
>
> This saves around 36KB from the snapshot.
>
> RO_SPACE NEW_SPACE OLD_SPACE CODE_SPACE MAP_SPACE LO_SPACE
> old 32048 0 225944 149280 20240 0
> new 32120 0 189344 149280 20240 0
>
>
> Bug: v8:7464
> Change-Id: Iedd538a86311ef501cd88c90ec75e1308195762f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601257
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61378}
TBR=ulan@chromium.org,delphick@chromium.org,goszczycki@google.com
Change-Id: Ifaf9987bc3770f9e80701e8d011ab19da5c747ca
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7464
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602877
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61388}
This patch implements the declarations of private methods, the access
of private methods would be left to a future patch.
When a private methods declaration is encountered, we now:
- Create a brand symbol during class evaluation and store it in the
context.
- Create the closures for the private methods
- Load the brand from the context and store it in the instance in the
constructor.
Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit#
Bug: v8:8330
Change-Id: I2d695cbdc8a7367ddc7620d627b318f779d36150
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568708
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61387}
This is a first step towards unification of Object and MaybeObject
definitions.
Having an TaggedImpl template will simplify adding compressed variants
of Object and MaybeObject which is required for avoiding unnecessary
value decompression in tight value copying loops and write barrier
implementations.
Bug: v8:7703, v8:9183
Change-Id: I4c1931c22359533d50cf4a2c7f1339dd55c0c707
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588460
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61385}
This reverts commit f2e652264d.
Reason for revert: Speculative revert, seems to break GC stress bot and block LKGR - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/25701
Original change's description:
> Reland "[compiler] Don't collect source positions for the top frame"
>
> Fixed crashes by adding missing call to EnsureSourcePositionsAvailable,
> which requires clearing and restoring the pending exception.
>
> > While most source positions were not collected even throwing exceptions,
> > the top frame still was always collected as it was used to initialize
> > the JSMessageObject. This skips even that frame, by storing the
> > SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
> > it to lazily evaluate the actual source position.
> >
> > Also adds tests to test-api.cc that test each of the source position
> > functions in isolation to ensure that they don't rely on previous
> > invocations to call the source collection function.
> >
> > Since no source positions are now collected at the point when an
> > exception is thrown, the mjsunit/stack-traces-overflow now passes again
> > with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
> > only failure).
>
> Bug: v8:8510
> Change-Id: Ifa5fe31d3db34a6c6d6a9cef3d646ad620dabd81
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601270
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61372}
TBR=ulan@chromium.org,rmcilroy@chromium.org,delphick@chromium.org
Change-Id: Ie590df6c308b38836afc5d417d03d2a63260bcb2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8510
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602692
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61381}
Started as a cleanup of my own CLs but I noticed there were some checks
that I could update as well.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703, v8:9183
Change-Id: I19092347e33324c24ff4396fa35c40a311c45799
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594557
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61380}
The function body decoder stored popped arguments in a field of the
decoder class, which is a non-obvious side channel.
This CL refactors this to return the popped vector directly instead.
In local benchmarks, this has no measurable performance impact.
R=titzer@chromium.org
Bug: v8:9183
Change-Id: I79b28e349e3009b9f01be25f116c4085ca569ca7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1596732
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61379}
Moves all trampoline CodeDataContainers to read-only space, making them
immutable. Containers with no 'kind specific flags' set or 'promise
rejection' flag are deduplicated by replacing them with the new canonical
CodeDataContainers roots.
This saves around 36KB from the snapshot.
RO_SPACE NEW_SPACE OLD_SPACE CODE_SPACE MAP_SPACE LO_SPACE
old 32048 0 225944 149280 20240 0
new 32120 0 189344 149280 20240 0
Bug: v8:7464
Change-Id: Iedd538a86311ef501cd88c90ec75e1308195762f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601257
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61378}
Since we updated the access builders, in particular AccessBuilder::ForMap(),
the StoreField from CSA's OptimizedStoreMap was missing the corresponding
ChangeTaggedPointerToCompressedPointer node.
Tests were passing, but it was failing to compile with verify CSA enabled.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I0ddb03eb2ba19b55f9b9cef4eef94e32bc84ef18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601506
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61377}
This fixes the source position printed in the stack trace for exceptions
rethrown from within Wasm code. This only affects the message propagated
to the console, not the trace stored as part of the exception object.
Note that there still is a more fundamental issues with preserving the
original message of a caught exception and funneling it through to each
rethrow site, which is still missing. This change just makes sure that
the interpreter and TurboFan are consistent.
R=clemensh@chromium.org
TEST=message/fail/wasm-exception-rethrow
BUG=v8:8091
Change-Id: Iac04149ded3c54f5b23faeb83b1228081bbd3dfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598754
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61374}
Removes:
* ReturnValue::Set(Persistent)
* String::NewFromUtf8/NewFromTwoByte/NewExternal overloads that
returned Locals instead of MaybeLocal
* String::NewStringType
Now that the old String overloads are gone, the new ones can now have
a default parameter for NewStringType matching the old overloads.
Bug: v8:7289, v8:7281, v8:9183
Change-Id: If66e6d587ac778e015c281b376a9b4d6093f6ec3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591605
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61373}
Fixed crashes by adding missing call to EnsureSourcePositionsAvailable,
which requires clearing and restoring the pending exception.
> While most source positions were not collected even throwing exceptions,
> the top frame still was always collected as it was used to initialize
> the JSMessageObject. This skips even that frame, by storing the
> SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
> it to lazily evaluate the actual source position.
>
> Also adds tests to test-api.cc that test each of the source position
> functions in isolation to ensure that they don't rely on previous
> invocations to call the source collection function.
>
> Since no source positions are now collected at the point when an
> exception is thrown, the mjsunit/stack-traces-overflow now passes again
> with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
> only failure).
Bug: v8:8510
Change-Id: Ifa5fe31d3db34a6c6d6a9cef3d646ad620dabd81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601270
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61372}
Going back on https://chromium-review.googlesource.com/c/v8/v8/+/1480382
since now 'tagged' means 'full tagged' again.
I am keeping the access builder since that seems useful to have (as
opposed to building the access builder in the implementation).
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703, v8:9206
Change-Id: I7c38b090190aa1c3e91c5ab9f729588aeae2dc1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594439
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61371}
The original CL title was updated to reflect CL contents. The
--win64-unwinding-info flag still exists but it is set by default.
This is a reland of efd8c2d975
Original change's description:
> Remove --win64-unwinding-info flag and always generate unwind info on Win/x64
>
> The generation of unwind info to enable stack walking on Windows/x64
> (https://chromium-review.googlesource.com/c/v8/v8/+/1469329) was implemented
> behind a temporary flag, in order to coordinate these changes with the
> corresponding changes in Chromium.
>
> The required changes to Chromium
> (https://chromium-review.googlesource.com/c/chromium/src/+/1474703) have also
> been merged, so we can now remove the flag and enable the generation of stack
> unwinding info by default on Windows/x64.
>
> Bug: v8:3598
> Change-Id: I88814aaeabecc007f5262227aa0681a1d16156d5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1573138
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Paolo Severini <paolosev@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#61020}
Bug: v8:3598, chromium:958035
Change-Id: Ie53b39f3bb31567797a61e5110685284c266c1f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1599596
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61368}
We pretty much always want tracing data as a JSON file. Implement a
Consumer which converts protos to the JSON trace events format.
This duplicates a lot of the internals of TraceWriter in
trace-writer.cc but we will remove that eventually.
Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: I85f86562f1b3c4d24ecd755413d1c3f88b292adb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1541042
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61366}
Puts back source position collection for inlined functions when
concurrent inlining is not enabled.
Bug: v8:8510
Change-Id: I8e8a7ef15c0854b1e37299a007303b3213988cf6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601266
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61362}
The implementation of the method is long gone, just the declaration was
left for some reason.
Bug: v8:9183
Change-Id: Id68fc6afa63c3663769f9d8e0a6bc1a7a3aa5e35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601497
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61361}
A DCHECK in LookupIterator::name hits when we add a indexed property,
as it requires a named property.
This replaces it with GetName to avoid the failure.
Bug: chromium:959727
Change-Id: I1e98b313ec9257db80460a34d691016acbceb3c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1597372
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61358}
This will allow me to reuse the routines for the
inspector_protocol/encoding/encoding_test, rather than copy them.
I've already verified that this works.
Change-Id: I5b61e4f48c2d00d9d0a5305c9790093c66b3c765
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1600360
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61355}
There are two possible type:
- scriptParsed - breakpoint for any script,
- scriptWithSourceMapParsed - breakpoint for script with
sourceMappingURL.
When one of the breakpoints is set then for each matched script
we add breakpoint on call to top level function of that script.
Node: https://github.com/nodejs/node/issues/24687R=dgozman@chromium.org
Bug: chromium:887384,chromium:724793,chromium:882909
Change-Id: I9c08b2a2a5ba7006adfedd85fc92ae191517af00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1354245
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61353}
To prevent OOMs for leaked CPU profilers, add the option to limit the
maximum number of samples that are included in a CPU profile.
Bug: chromium:956688
Change-Id: I119d0622e7d39c187f8e09e2d49dec91fd724ecb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588412
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61352}
This change introduces a new decorator syntax @ifdef which can be used
on any class fields in .tq files, and updates SharedFunctionInfo to use
it as an example.
Bug: v8:7793
Change-Id: I690ae2a10d6cab044eedf5b931e4f95e757ed469
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1536985
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61349}
