Mostly gc-related flags didn't flush out any bugs yet, but often reduce
test performance and lead to timeouts.
No-Try: true
Bug: chromium:1044942
Change-Id: I2a7b55f78bfa3d597de1a5674658829e0812d01a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273861
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68608}
Previously we ran baseline (e.g. ignition) and one random secondary
comparison configuration (e.g. turbofan) from the list of experiments.
But Clusterfuzz imposes limitations on the total amount of fuzz tests.
Therefore this change enables more throughput by always running the
default configuration (ignition_turbofan like V8 is shipped)
additionally to the baseline and the secondary configuration.
This, hence, doubles the number of comparisons we run, with less than
50% additional runtime, since the slow baseline configuration is only
run once.
The experiments table is updated accordingly. Explicit entries running
ignition_turbofan are removed (as it always runs now), instead some
of the other configurations are increased in their relative
percentage. We also get a few new configurations that didn't run
before (e.g. forcing the slow path on x86).
No-Try: true
Bug: chromium:1100114
Change-Id: I69b2a41d78c06e556b309743a2aace1053c22f91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270307
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68607}
Indicium is a new tool that integrates all our Map and IC processing
tools into one tool.
This CL does not attempt to cleanly integrate the Map Processor
and IC explorer, but provides an in initial starting point for further
integration work.
Bug: v8:10644
Change-Id: I753c116fd409c8c07613bf15f22e14aa1e8c8a0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2259935
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68605}
This modernizes python code without breaking Py2 compat.
Ran with command:
futurize --stage1 -w predictable_wrapper.py
futurize --stage1 -w run-num-fuzzer.py
futurize --stage1 -w run-tests.py
futurize --stage1 -w v8_presubmit.py
This only adds the absolute import, which use these semantics. It
doesn't do anything differently in our case, these scripts are already
doing absolute imports. But with these changes, running `futurize
--stage2` will be less messy.
Bug: v8:9871
Change-Id: I28182ab73dac6cfcbd544c2046026f14e5157eb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252555
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68588}
This shares the code of running the comparisons on the fuzz test
and on the smoke tests. While this change retains behavior for running
the fuzz test, the smoke test has slight changes in favor of code
readability:
1. Smoke tests can now bail out on output suppressions (There are
none now. And if we'd ever add any we'd need to write them in a way,
such that they ignore the output of the smoke tests, which don't
have much output anyways).
2. Crashes in smoke tests are now a hard failure. This is a desired
feature anyways. It's unlikely that the smoke test crashes as then
nothing would work.
No-Try: true
Bug: chromium:1100114
Change-Id: Ice3c6d18b549727c486a70756a72038c8b2029ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273125
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68586}
This adds a class representing all values needed for an execution.
It simplifies the parameters passed to formatting functions and
lifts the restriction of a first/second config pair in the options.
This will allow to run more than two configs in a follow up.
No-Try: true
Bug: chromium:1100114
Change-Id: I568253b8ca3220870b8f5af615108140587680a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270550
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68583}
Relanding without changes, revert reason was fixed by:
https://chromium-review.googlesource.com/c/v8/v8/+/2272564
Originally reviewed at:
https://chromium-review.googlesource.com/c/v8/v8/+/2260566
Original description:
RTTs are internally represented as Maps. To store supertype information,
this patch introduces a WasmTypeInfo object, which is installed on Wasm
objects' Maps and points at both the off-heap type information and the
parent RTT.
In this patch, rtt.sub always creates a fresh RTT. The canonicalization
that the proposal requires will be implemented later.
Bug: v8:7748
Change-Id: I7fd4986efa3153ac68037ec418ea617f3f7636e8
Tbr: ulan@chromium.org
Tbr: tebbi@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273123
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68581}
This makes output and test-case suppressions independent of the used
comparison configs and architecture. Such fine-grained suppressions
were only needed during the inception of differential fuzzing, but
by now, most remaining suppressions are implemented in d8 behind
a flag.
This prepares for running with more than two comparison configs in a
follow up.
No-Try: true
Bug: chromium:1100114
Change-Id: I072769adb3ef7c6e6c43459aa23ac906f461b307
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270095
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68579}
It is obsolete to filter out error-message differences since the
time we pass --correctness-fuzzer-suppressions to d8, which already
stubs all messages:
https://cs.chromium.org/chromium/src/v8/src/execution/messages.cc?l=1031
No-Try: true
Bug: chromium:1100114
Change-Id: Iac42a8e2a32f9bae4034f79eaff429bf3ee41724
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270024
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68577}
This simplifies the lengthy main method by extracting some code and
by replacing the scattered returns with exceptions.
We introduce two exceptions for early bail-out. This enables helper
methods on multiple layers. The early bail-out on time-out is
moved to the point where it is detected.
Previously on timeout and crash we also printed out the step number.
Clusterfuzz doesn't parse this, it was only for statistical purposes,
and the latest version of the experimental workbench only parses
crashes and timeouts, not the step in which they happened. Hence,
this CL removes those step numbers.
Except the change described in the last paragraph, this CL doesn't
intend to change behavior.
No-Try: true
Bug: chromium:1100114
Change-Id: Ie8c18f183e4fc538577f3eb49aaf6df1acd1e4e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270547
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68576}
This adds a simple test runner that prints a line for every test with
the appropriate status prefix: PASS, FAIL, CRASH or TIMEOUT
Change-Id: Ic1ba78667c38cd4392af027bb6cb671b274680b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264098
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68570}
This reverts commit 04ce88eae5.
Reason for revert: TSAN failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/32135
Original change's description:
> [wasm-gc] Implement rtt.sub
>
> RTTs are internally represented as Maps. To store supertype information,
> this patch introduces a WasmTypeInfo object, which is installed on Wasm
> objects' Maps and points at both the off-heap type information and the
> parent RTT.
> In this patch, rtt.sub always creates a fresh RTT. The canonicalization
> that the proposal requires will be implemented later.
>
> Bug: v8:7748
> Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68564}
TBR=ulan@chromium.org,jkummerow@chromium.org,tebbi@chromium.org
Change-Id: I311732e1ced4de7a58b87d4a9b6056e0d62aa986
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7748
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270734
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68567}
RTTs are internally represented as Maps. To store supertype information,
this patch introduces a WasmTypeInfo object, which is installed on Wasm
objects' Maps and points at both the off-heap type information and the
parent RTT.
In this patch, rtt.sub always creates a fresh RTT. The canonicalization
that the proposal requires will be implemented later.
Bug: v8:7748
Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68564}
The BigInt proposal got to stage 4 and integrated into the main spec.
Therefore the proposal tests are unnecessary and will be outdated soon.
R=thibaudm@chromium.org
Change-Id: I149de015f098a89333dd907bf5a4d18a36086c2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264095
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68542}
If we pass flags that make runs very slow, also the validity checks
might time out. Previously this wasn't checked and output was just
cut off.
This also tightens the timeout on validity checks as they are
expected to run very fast.
No-Try: true
Bug: chromium:1098646
Change-Id: Iea9a932be86e84040b72a2311aaa1d44100b3378
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2262915
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68510}
GCMole now comes with the long forgotten use-after-free detection
enabled by default. The CL also improves error logging when test
expectations mismatch with the actual output and updates the hash
of GCMole to be used with the newly built version with enabled UAF
detection.
The CL also contains an ignore for isolate.cc due to inability to
fix a warning there and fixes a couple of UAF warnings.
Bug: v8:9680
Change-Id: I7a009ffd5f67b1b5437567691ca4235ea873de70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257236
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68505}
This modernizes python code without breaking Py2 compat.
Ran with command:
futurize --stage1 -w tools/testrunner
Bug: v8:9871
Change-Id: Ie23333cbd923197be0bffcad5041056e00990042
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252554
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68496}
Get value from type payload, check and show bitset name.
Change-Id: I6d0e0f30fca0b2aaddfd5f18abf948886552f2dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2258815
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#68495}
This modernizes python code without breaking Py2 compat.
Ran with command:
futurize --stage1 -w tools/testrunner/testpro
Manual fixup to util_unittest to modify import paths and change to
absolute imports.
Bug: v8:9871
Change-Id: I2ac29622aff5daebc9dc42145c1d96dff8258546
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252549
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68492}
This modernizes python code without breaking Py2 compat.
Ran with command:
futurize --stage1 -w tools/testrunner
and manual fixup in statusfile_unittest.py to change to update import
path and change to absolute imports (similar to pool_unittest.py)
Bug: v8:9871
Change-Id: I8851e2188ef9285f2bd57cc07e959e22e1b05f6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252548
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68490}
This change enables automatic generation of Cast<> operators for
classes that are defined in Torque.
* Cast<> macros are generated for all classes that are defined in
Torque code that are neither shapes nor marked with a new
@doNotGenerateCast annotation.
* Implicitly generated Cast macros simply call through to an
internally-defined "DownCastForTorqueClass" macro that implements
the cast using one of three strategies for efficiency. If the class
has subclasses (i.e. a range of instance types including subtypes),
the DownCastForTorqueClass checks for inclusion in the instance type
range. If the class has a single instance type (i.e. no subclasses),
then either 1) a map check is used if the class has a globally-
defined map constant or 2) an equality check for the instance type
is used.
* Added new intrinsics to introspect class information, e.g. fetching
instance type ranges for a class, accessing the globally-defined map
for a class.
* Removed a whole pile of existing explicit Cast<> operators that are
no longer needed because of the implicitly generated Cast<> macros.
* Added tests for the new Cast<> implementations.
Bug: v8:7793
Change-Id: I3aadb0c62b720e9de4e7978b9ec4f05075771b8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250239
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68478}
As of May 2020 the Google C++ Style Guide suggests using references
for out paramters. Adjust V8's presubmit checks to allow mutable
reference parameters.
Bug: v8:10624
Change-Id: Idcd027892916a14f91ca3bfcb5eba48757cab523
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252185
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68449}
Extend gm.py to support long flags (starting with --), which are treated
as test runner flags, and passed unchanged. These flags must be as
single word, '--progress=verbose' instead of '--progress verbose', as gm
only does simple one-at-a-time args parsing.
Change-Id: Icfa161ff231715d0b7eb3ba259fca35a65c68964
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250875
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68416}
If mksnapshot fails then all that is printed is
"FAILED: gen/v8/embedded.S snapshot_blob.bin"
and the command line. That complicates the investigation. Printing the
error code in run.py can help. The printing code handles large negative
numbers specially so that special Windows failure codes like 0xC0000005
are recognizable.
This code was tested by adding this early-out to main in mksnapshot.cc.
if (argc < 1000)
return 0xc0000005;
Bug: Chromium:1095767
Change-Id: I5dc81d368beaa339f0c519ce1c01bd13cdb18d93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249518
Auto-Submit: Bruce Dawson <brucedawson@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68395}
This fixes a bug when an encoded character appears in the difference
string. Python3 doesn't require any encoding.
TBR=tmrts@chromium.org
No-Try: true
Bug: chromium:1095964
Change-Id: I49c66b5b9c105ad64d3a7839d0eb5df97ff5f404
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249660
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68384}
The interpreter is only used for testing, and is now instantiated and
invoked directly instead of via the {WasmDebugInfo}, holding the
{InterpreterHandle}.
This CL removes both classes.
R=ahaas@chromium.org
Bug: v8:10389
Change-Id: Iede3feea413decae1edc28146b871a819e204768
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237132
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68271}
... collected via --trace-zone-stats flag or v8.zone_stats trace
category.
This is an initial version inspired by heap-stats UI.
Bug: v8:10572
Change-Id: Ib87cf0b4e120bc99683227eef02668a2a5c3d594
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2226855
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68133}
Passing tests that are marked as fail in a status file are not
immediately visible as such.
- Always show "--- FAILED ---" for failing tests
- Show "--- UNEXPECTED PASS ---" for unexpectedly passing tests
Drive-by-fixes:
- Color failures in red with --progress=color
- Color repro command in yellow with --progress=color
Change-Id: Id43ecec348dbfd4ff627ea6aa4ba458a2e5a8445
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2213434
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68131}
Display UsePositions in the intervals
in live ranges in turbolizer.
Uses are shown as vertical red lines.
Bug: v8:7327
Change-Id: Iab8d08989b9113d1b7d393252de5988e8b25b8de
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224215
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68102}
Currently, it can be little difficult to understand why a command in
lldb-commands.py stops working. For example, at the moment running the
jlh command results in an empty line:
$ lldb --one-line "command script import ../../tools/lldb_commands.py" \
v8_hello_world
(lldb) br s -f hello-world.cc -l 49
(lldb) jlh script
(lldb)
With this commit this would instead display the following error message:
(lldb) jlh script
Failed to evaluate command
_v8_internal_Print_Object(*(v8::internal::Object**)(*(void*)(script))) :
error: cannot cast from type 'v8::Local<v8::Script>' to pointer type
'void *'
The output is really only two lines but I've wrapped the lines here so
they don't exceed the 72 column width. I'll follow up with a commit to
fix the issue reported.
Change-Id: I634a412b616dad7cadd74dce36418d27c1997777
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2083477
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68093}
Hide the arrow button div for snapping the live range
panel when a new file is loaded.
Bug: v8:7327
Change-Id: I576444f12a0557cc6716eb0214586b54a042a899
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224838
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68087}
This prepares using ochang_js_fuzzer with foozzie. The fuzzer uses
tests from CrashTests in the corpus. This leads to a loop when
used with differential fuzzing, as foozzie dedupes failures based
on the original file path. Foozzie finds a new failure for the
existing failure in CrashTests, for which clusterfuzz creates a new
crash test and so on.
This subsumes all failures from CrashTests under the same key.
Once such a failure is reported, a developer can add it to a
mapping in foozzie.py, after which the global key can be used
again by clusterfuzz to report another failure.
No-Try: true
Bug: chromium:1044942
Change-Id: I801a23faeb0c672d6ad64b4100c463f53e36cbc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2214837
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68053}
Display register allocation live ranges alongside sequences in
turbolizer.
The existing --trace-turbo flag now also outputs the register
allocation data as part of the json file alongside the
instruction sequence data that is already produced before and
after register allocation is performed. This data includes live
range intervals for each virtual and fixed register and the state
of their assignments.
This json data can now be displayed in turbolizer alongside the
instruction sequences. The information is presented as a grid,
with each grid cell representing a LifeTimePosition of a certain
virtual register, determined by the column and row indices
respectively. Each LifeTimePosition is shown to be part of an
instruction id which itself is shown to be part of a block id.
Each interval is shown as a coloured rectangle positioned over
the relevant cells, and displaying text to indicate the state of
their assignment.
The Resizer object has been extended to allow the grid's html
panel to be varied in size in the same manner that the left and
right panels can be. The size of the grid itself must also be
adjusted whenever the div container changes size.
The RangeView class is introduced and is created and held by the
single SequenceView object used to display the
InstructionSequence data before and after register allocation.
A checkbox allows the user to show/hide the range view, this is
disabled when register allocation data is not provided or more
than 249 instructions are in the sequence. The latter being
required due to the css grid-row-col limit of 1000 alond with
helping alleviate performance issues. The SequenceView object
tracks the phase index currently selected as well as whether or
not it is currently being shown. This ensures that the RangeView
is not hidden and shown when switching between before and after
register allocation, allowing for a smoother transition between
the two. The scroll position is also saved and restored for
convenience.
The data about the instruction sequence required for the display
is held by the RangeView object and reset whenever a new
instruction sequence is shown. The grid div must sync its scroll
with the headers and row labels so as to ensure a consistent
view. The register allocation data is extracted from the json,
with each register row showing all intervals within the relevant
ranges. When the view is switched between before and after
register allocation, the relevant intervals are swapped in.
Bug: v8:7327
Notry: true
Change-Id: I183535a2410a7d663382f387199885250fb98691
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184232
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68019}
This CL also fixes a small bug in the update-wasm-spec-tests.sh script,
as it was not able to handle proposals without additional core spec
tests. It also disables a lot of tests.
R=jkummerow@chromium.org
bug:v8:10556
Change-Id: Ibd885350478de935dc67edb664715cfa64f1d8e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2210248
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67949}
Currently, if d8 is run with the --turbo-profiling flag, it prints info
about every TurboFan-compiled function. This info includes the number of
times that each basic block in the function was run. It also includes
text representations of the function's schedule and code, so that the
person reading the output can associate counters with blocks of code.
The data about each function is currently stored in a
BasicBlockProfiler::Data instance, which is attached to a list owned by
the singleton BasicBlockProfiler. Each Data contains an
std::vector<uint32_t> which represents how many times each block in the
function has executed. The generated code for each block uses a raw
pointer into the storage of that vector to implement incrementing the
counter.
With this change, if you compile with v8_enable_builtins_profiling and
then run with --turbo-profiling, d8 will print that same info about
builtins too.
In order to generate code that can survive being serialized to a
snapshot and reloaded, this change uses counters in the JS heap instead
of a std::vector outside the JS heap. The steps for instrumentation are
as follows:
1. Between scheduling and instruction selection, add code to increment
the counter for each block. The counters array doesn't yet exist at
this point, and allocation is disallowed, so at this point the code
refers to a special marker value.
2. During finalization of the code, allocate a BasicBlockProfilingData
object on the JS heap containing data equivalent to what is stored in
BasicBlockProfiler::Data. This includes a ByteArray that is big
enough to store the counters for each block.
3. Patch the reference in the BuiltinsConstantsTableBuilder so that
instead of referring to the marker object, it now refers to this
ByteArray. Also add the BasicBlockProfilingData object to a list that
is attached to the heap roots so it can be easily accessed for
printing.
Because these steps include modifying the BuiltinsConstantsTableBuilder,
this procedure is only applicable to builtins. Runtime-generated code
still uses raw pointers into std::vector instances. In order to keep
divergence between these code paths to a minimum, most work is done
referring to instances of BasicBlockProfiler::Data (the C++ class), and
functions are provided to copy back and forth between that type and
BasicBlockProfilingData (the JS heap object).
This change is intended only to make --turbo-profiling work consistently
on more kinds of functions, but with some further work, this data could
form the basis for:
- code coverage info for fuzzers, and/or
- hot-path info for profile-guided optimization.
Bug: v8:10470, v8:9119
Change-Id: Ib556a5bc3abe67cdaa2e3ee62702a2a08b11cb61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159738
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67944}
We can use existing macros to define this getter/setter rather than hand
writing it -- as a side effect this ends up defining an Isolate overload
of the getter which was otherwise missing.
Bug: v8:10506
Change-Id: I0bc5a3082b5ed0416c8099a94e7d2e32a2bd363f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2199350
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67798}
We can't attach a meaningful stack trace to the AggregateError
Promise.any rejects with, but we can augment the individual errors'
stack traces with Promise.any and the index of the corresponding
Promise in the input.
Bug: v8:9808
Change-Id: I7ba754c9b043594decaac8b3a23be74f05c3dffd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2198983
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67778}
The native context independent (NCI) code variant will be used to test
various aspects as the NCI implementation progresses. Examples:
- Test js-generic-lowering with feedback collection.
- Test NCI codegen without caching or tier-up.
- Test NCI codegen and tier-up without caching.
- Test full NCI (codegen, caching, tier-up).
At some point a build-time flag may be required, we'll see when we get
there.
This variant should be removed once work on NCI is complete.
Bug: v8:8888
Change-Id: I8b12c9a5d69bf167e39e002af385f8f523585550
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2198776
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67767}
There's no need for them to be in NativeContext.
This CL moves the only remaining Proxy-related SFI.
Bug: v8:10482
Change-Id: I2f5e2d250c30f552787915d306c1be23b9d033bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196184
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67766}
Some bots turned red. Might be an infra failure. Let's see if this CL
makes it disappear.
Tbr: machenbach@chromium.org
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I269257184cfca5423fb2c52ae8cfc1ad696002e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196352
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67757}
This CL adds 2 new values to the EmbedderStackState enum with more
explicit names. The old values are updated as aliases to the new
values and marked as soon to be deprecated. This CL also moves the
enum to v8-platform.h so that it can be reused by cppgc.
Depracating individual values in an enum is supported by GCC only
since version 6. Thus new macros were needed for the deprecation
(which delegate to the existing macros when supported). GCC versions
older than 6 are still used by the CQ bots.
Bug: chromium:1056170
Change-Id: Id1ea73edfbbae282b0d8a3bb103dbbbf8ebd417e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2188971
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67744}
There's no need for them to be in NativeContext.
This CL moves the rest of the Promise-related SFIs.
Bug: v8:10482
Change-Id: I7eb926be14bf44fb3cd01cb96b4769eff1c2911b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190752
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67732}
Also, rename the WASM_COMPILED frame type to just WASM.
R=jkummerow@chromium.org
Bug: v8:10389
Change-Id: I71f16f41a69f8b0295ba34bd7d7fad71729546f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187613
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67698}
There's no need for them to be in NativeContext.
This CL moves the minimal subset of SFIs related to Promises / finally.
Bug: v8:10482
Change-Id: I06a20dc927f13b7bfc8cea853a11913314ee019d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187271
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67674}
along with WASM_ARRAY_TYPE, a WasmArray class, and a very basic
test.
Bug: v8:7748
Change-Id: I1ad4ff78e428972be52130cc179a91c76fcdbdc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185136
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67671}
There's no need for them to be in NativeContext.
This CL moves the minimal subset of SFIs related to async iterators.
Bug: v8:10482
Change-Id: I80a34a886387398e6565afe77ab99f389d2ccabd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184233
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67636}
This prevents bug flooding based on differences from calling
%GetOptimizationStatus in correctness tests. It is supposed to
be suppressed with --allow-natives-for-differential-fuzzing.
This ensures early bail-out in case the flag is forgotten at
some point. The v8_sanity_checks.js file is executed before
each correctness test case for this purpose.
NOTRY=true
Bug: chromium:1044942
Change-Id: I74a836a82562604b35e94e5e123a2a8bff939423
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184294
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67618}
Interpreter entry compilation was removed in
https://crrev.com/c/2172962. This CL removes the
{WasmInterpreterEntryFrame} and the corresponding
{WASM_INTERPRETER_ENTRY} code kind.
Some follow-up cleanups are left as TODOs.
R=jkummerow@chromium.org,bmeurer@chromium.org
Bug: v8:10389
Change-Id: I1a43eba1ac1a751e05990c688088d99fc901231f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182456
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67607}
There's no need for them to be in NativeContext.
This CL moves the minimal subset of SFIs related to async functions
and async generators.
Bug: v8:10482
Change-Id: Ic90e342ae77b406c12dedf6b8f7e3fadb661b205
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2179843
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67590}
Slow tests are now collected in a heap with a fixed size.
When the maximum size is reached we evict the fastest test
after adding a new test to the heap.
Bug: v8:10168
Change-Id: If3298df85d6e924451f55fe9350e293169cc849d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2106205
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67572}
Summary of changes:
- GC visitors no longer rely on superclass visitors, but instead visit
everything themselves. This enables generating better code.
- Try to match simple body descriptors to reduce the amount of generated
code.
- Turn SizeFor(instance) into an AllocatedSize() method.
- Remove the special handling of resizable object sizes from Torque
and instead overwrite AllocatedSize in classes that need special
handling in C++.
- Split the visitor id lists depending on whether the class has pointer
fields.
- Turn Torque-generated body descriptors into an .inc file to
simplify includes.
- Fix generated size functions to properly align the size.
- Generate GC visitors (and C++ class definitions) for all string
classes and FixedArray, WeakFixedArray, and WeakArrayList.
- Store generated instance types in Torque class types. This is only
used to determine if a type has a single instance type in this CL.
Bug: v8:7793
Change-Id: I4d362e96b047c305bd6d065247734957b8958c42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2110014
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67542}
This variant passes the --stress-snapshot d8 flag. There's a large
initial list of skips, these should be removed as issues are fixed
over time. The variant is currently not enabled on any bots.
Bug: v8:10416
Change-Id: I80aea80600c51b2f5d28b8ec8a09ff0ba2ebaa7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2179002
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67536}
Formatter does not recognize #include, since we format .tq files as TS.
So replace it with a comment first, then substitute it back.
This should also fix the Presubmit in waterfall
https://ci.chromium.org/p/v8/builders/ci/V8%20Presubmit/10296
Change-Id: I316d52fc24e099474c542f75773683b54e8d0a63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2175089
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67512}
This enables comparing single runs from the direct command line ouptut
generated by --runtime-call-stats
No-Try: true
No-Presubmit: true
Change-Id: Ieac06bbd95c2a73f8064af161fe35f6fb083648f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170093
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67432}
This reverts the changes made in
https://chromium-review.googlesource.com/c/v8/v8/+/1695465https://chromium-review.googlesource.com/c/v8/v8/+/1776078
We originally moved this protector to the native context to avoid
cross-native-context pollution of protector state. Ideally,
invalidating a protector in one NC should not affect any other NC.
But as it turns out, having the protector on the NC causes more
problems than it solves since all affected callers now need to find
the correct native context to check. Sometimes (e.g. in CSA regexp
builtins) it is possible to blindly check the current NC, but the
reasoning behind this optimization is tricky to understand.
Sometimes, fetching the correct NC is not possible due to access
restrictions. These implementation complexities outweigh the (unknown)
potential performance benefits.
In the future we should attempt to move away from the protector
concept for these kinds of checks.
Bug: chromium:1069964,v8:9463
Change-Id: I2cbb2ec7266282165dae5e4a6c8bdbda520c50a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157382
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67415}
The multi-value proposal is now merged in the main spec repository, so:
- Remove everything that references the multi-value spec repository
- Add --experimental-wasm-mv to the default flags
R=ahaas@chromium.org
Change-Id: I9f809c21404bb5c1d21eb330748ea51a15688546
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2153219
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67313}
Use the InstallFunction helper to create the initial map and prototypes
instead of manually doing so. WeakRef is currently creating an unused
Map tied to JS_WEAK_REF_TYPE that would cause the various LogMaps
cctests to fail when the feature ships.
Bug: v8:8179
Change-Id: Ic1b35ebe5da722fa030af336099fff6153b4baed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2158488
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67294}
This patch replaces V8's tracing implementation (i.e., the TRACE_EVENT
macros) with the track event base implementation from Perfetto. The
advantages of doing this are:
1) This allows us to remove most tracing-related backend code from V8.
2) V8 can start writing strongly typed trace event arguments, which
are more compact, easier to process and more extensible than legacy
JSON-based trace arguments.
For the time being, we still support the old trace macros when V8 is
embedded into Chrome and other embedders.
Design doc: https://docs.google.com/document/d/1f7tt4cb-JcA5bQFR1oXk60ncJPpkL02_Hi_Bc6MfTQk/edit#heading=h.398p6b4eaen2
Bug: chromium:1006766
Change-Id: Ie71474fbe065821772b13d851487ebbca680c4ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1947688
Commit-Queue: Sami Kyöstilä <skyostil@chromium.org>
Auto-Submit: Sami Kyöstilä <skyostil@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67217}
A new realm doesn't contain the mocks and suppressions on the global
object for correctness fuzzing. We replace Realm.eval with eval to
keep exercising the code.
Bug: chromium:1071133
Change-Id: Iffe82d37bf08829fc5937c17c2089277403e71dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2153206
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67187}
- Fix property name table with very long names
- List all keyboard shortcuts
Change-Id: I4eba14143a0cf71f4e8c02159a1f16113aa2600a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2142267
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67088}
The two refactorings are somewhat orthogonal, but intersect at the
class and instance type list generation, which is why it's easier to
put them in one CL.
For the removal of HasIndexedField, the removal is motivated by the
fact that is no longer necessary, and that using a flag to store this
kind of information is hacky.
For the class list changes, this is a cleanup in that we no longer
generate third-order macros, but instead normal macro lists.
There is a functional change and bug-fix in that we no longer include
abstract classes in lists that refer to instance types or maps. It's
still somewhat broken though, so I can't test abstract internal classes
yet, though. Coming in a follow-up CL.
TBR=ulan@chromium.org
Bug: v8:7793
Change-Id: Ided8591370570ca3810d7991f53177ca32e03048
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2108034
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67056}
Print ALL_VARIANTS and VARIANT_ALIASES when passing a wrong
--variants argument to tools/run-tests.py.
Change-Id: I6d4278633dd11990d0ace1c93f544213fbfc156e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2139579
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67039}
WasmValue holds a Wasm value with its type. This will be exposed to the
inspector (via a to-be-created class in debug_interface.h) for debugging
in DevTools.
Design at http://doc/1XQlX6DWsv6BPYnRtw-JZSASPEjsRlyXLnke7TTQ9Wrg.
Bug: v8:10347
Change-Id: Ib523e617d46fdf1adb13d13bf49749c4ce23a126
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2132720
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67029}
- avoid endless recursion with corrupted traces
- speed up page by async bar repainting
- minor tweaks to avoid unnecessary work
- move helper functions to make command line version parse log files
Change-Id: If8ce9cc4093030d648fbc7bbb60e53412e9f7a79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2115434
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66942}
Use Oboe.js streaming JSON parser for reading tracing file which
provides the following advantages:
1) streaming parsing allows keeping alive only relevant entries which
should consume less memory when parsing of huge files (although
currently the whole file is kept in memory anyway),
2) avoids the need to sanitize tracing file
Bug: v8:10155
Change-Id: Id5268264a610eff804672d09b3e9f3ac353b67de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2120542
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66888}
Yet another corner case how non-deterministic timestamps slipped into
the tests.
Bug: chromium:1064900
Change-Id: I33e8b4c8141b3854b7eca5d7ad9b45b6f5130d9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2120584
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66881}
Now that the trace json file has changed name, update the extension
checked by the --retain=json flag in generate-runtime-callstats.py.
Bug: v8:10348
Change-Id: Ieb14b77d2d399a1246049170f289b4666658f376
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2122015
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66870}
Fix generate-run-benchmark to pick the trace json file now that
run_benchmark generates a different directory structure due to the
protobuf change.
Bug: v8:10348
No-Try: true
Change-Id: I4d671071db68a7a82ec542bf41bf1d9afcdb3837
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2120590
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66868}
... to make it work from any location.
Bug: v8:10155
Change-Id: I4b949ed6fde0b38a92c1c1ab57eba0cf0f007b6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2116034
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66835}
Don't use deprecated HTML Imports, directly fetch the template files from
html instead.
Bug: v8:10155
Change-Id: Ic85a8b2cf227231fc6abf5adca6f1f144bf728f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2113371
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66825}
Because run-tests.py still requires it.
No-try: true
Change-Id: Ief1f3d7a93ba4c36232420ee9ab0a4ff3ea6739b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2096628
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66664}
The code was almost compatible, only one small issue had snuck in.
No-try: true
Change-Id: I52225fb2092bf16a5fffbde957cd1dfe4f2c4fd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2093492
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66642}
Bill kindly pointed out to me that v8windbg was not handling bit_field2
correctly. The issue was that the constexpr type for ElementsKind was,
somewhat unsurprisingly, "ElementsKind", but v8windbg expected a fully-
qualified type name like "v8::internal::ElementsKind". This change
addresses the problem in two ways:
1. Update v8windbg's type resolution logic to resolve type names as if
they were used in the v8::internal namespace. This makes it more
consistent with how those type names are used in other generated
Torque code, reducing surprises and the number of times we have to
write `v8::internal::` in .tq files.
2. Add compile-time verification that any constexpr type name used as a
string in class-debug-readers-tq.cc can also resolve as a type name.
Bug: v8:9376
Change-Id: I349cd6ab586fd8345a1fa8bfc3989bb8e6376ab8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2063769
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#66633}
In the process:
* Augment C++-generated Torque classes with SizeFor methods to
calculate size of instances.
* Add a new "@generateBodyDescriptor" annotation that causes Torque to
generate C++ BodyDescriptors code that can be used to visit objects
compatible with existing V8 mechanisms, e.g. GC
* Fully automate C++ macro machinery so that adding non-extern Torque
class doesn't require any C++ changes, including ensuring generation
of instance types and proper boilerplate for validators and
printers.
* Make handling of @export a true annotation, allowing the modifier to
be used on class declarations.
* Add functionality such that classes with the @export annotation are
available to be used from C++. Field accessors for exported classes
are public and factory methods are generated to create instances of
the objects from C++.
* Change the Torque compiler such that Non-exported classes implicitly
have the @generateBodyDescriptor annotation added and causes both
verifiers and printers to be generated.
* Switch non-extern Torque classes from using existing Struct-based
machinery to being first-class classes that support more existing
Torque class features.
Change-Id: Ic60e60c2c6bd7acd57f949bce086898ad14a3b03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007490
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66621}
Example can be inspector tests.
Bug: v8:10264
Change-Id: I996bb68d0f36920568a04f93cd8c1256a4f41a96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2070912
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66572}
Improve postmortem metadata generated by gen-postmortem-metadata by also
including weak and synchronous accessors, as well as CHECKED and
CHECKED2 variants of all accessors currently considered by
gen-postmortem-metadata. Also improve type collection by parsing
TORQUE_INSTANCE_CHECKERS_SINGLE_FULLY_DEFINED, as we were missing
several types with the previous heuristic (like StackTraceFrame,
PromiseReaction, and many others). This will include 96 new v8dbg
constants which can be used by debuggers like llnode.
R=hpayer@google.com, verwaest@google.com, victorgomes@google.com
Change-Id: Ia9bea21eec38b92d255c3636c6a284eb27e9ed9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056126
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66551}
The frame created by the WasmDebugBreak builtin now has a separate frame
type, which will (later) allow to inspect the spilled registers.
Once Liftoff supports reference types, this frame will also need special
GC support for spilled heap references.
R=jkummerow@chromium.org
Bug: v8:10222
Change-Id: I110e51d1e6d09b0f44dcdd1cdcaafa2eaa64fddd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2083013
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66531}
This fixes a build break in certain configurations. v8_debug_helper
depends on generate_bytecode_builtins_list via the following headers:
In file included from gen/v8/tools/debug_helper/heap-constants-gen.cc:5:
In file included from ../../v8\src/common/ptr-compr-inl.h:10:
In file included from ../../v8\src/execution/isolate.h:19:
In file included from ../../v8\src/builtins/builtins.h:9:
Change-Id: I38e5d851afc6ce52716d3e5e64ae9219df396bd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2078768
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66517}
Recently the callstats runner started crashing due to scipy imports.
This CL moves the import to mitigate the crashes.
TBR=machenbach@chromium.org
Bug: v8:10269
Change-Id: I67c2093f12ae287354a59e9cd32b79c6288b8edd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2078571
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66483}
Renaming the JS-visible identifiers and strings is left for a future CL.
FinalizationGroup was renamed at Feb 2020 TC39, to better signal that if
a FinalizationRegistry dies, the finalization actions registered with it
may no longer be performed.
Bug: v8:8179
Change-Id: I0d676a71a4a67d2b7175994a67458a6158065844
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2055381
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66416}
- Update the input parser to handle the new object-based format
- Try to maintain backwards compatibility to the array-based format
- Use input file name as version name when appending results
Change-Id: I5efe9d887f6d2ccbfaba18e0918945353dfcc640
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2064389
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66346}
If we do not want _all_ tests durations, it makes sense to reuse the existing slow test collection and aggregation
Bug: v8:10168
Change-Id: I500acdb799f41ee6f0fb2c57afb95e1e1830b2dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2064221
Auto-Submit: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66342}
The extra checks done with --testing-d8-test-runner might not hold
when using NumFuzz. This refactors the test runner and allows passing
implementation specific flags. The --testing-d8-test-runner flag is
now only passed in the standard-runner not in the numfuzz
implementation.
Bug: v8:10220
Change-Id: I83cac57a948c98c34f2d84f41d719e0434e25ee7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2064217
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66341}
Please take a look at tools/v8windbg/README.md for an overview of what
v8windbg can do and how it's structured. This platform-specific
debugging plugin makes use of the data provided by the V8 postmortem
debugging API in tools/debug_helper.
Note: This code began as https://github.com/billti/v8dbg and then moved
into the Edge repository, where I added features gradually and got code
reviews for individual changes. Now, taken in its entirety, it's an
obnoxiously large CL. I'm open to breaking it up into a few chunks if
that would be preferable.
Bug: v8:9376
Change-Id: I3e503de00bb1aea870ae83e9bd99e4e2eab9ef98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2031700
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#66319}
This allows CoverageInfo to be distinguished from other kinds of
FixedArray at runtime. I also updated it to use untagged data since it
only stores ints, since that seems like the generally right thing to do
(even though I doubt anybody allocates enough of these to notice the
reduced GC work).
Related Torque changes:
- Allow structs containing untagged data to be used as class fields.
This requires classifying them into the tagged or untagged sections of
the class layout, and checking that their alignment requirements are
met when stored in a packed array.
- Generate a struct containing struct field offsets, so we can ensure
that the layouts defined in Torque and C++ code match. Of course it
would be nice to generate a lot more (indexed accessors, synchronized
accessors, GC visitors, etc.), but we can't do it all at once.
Change-Id: I29e2a2afe37e4805cd80e3a84ef9edfe7ca7bb6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2047399
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#66318}
This adds tests for the mock logic used in differential fuzzing. The
tests uncovered a couple of issues in the mock files that are also
fixed.
This also does some minor code clean up in the mock code.
Bug: chromium:1044942
Change-Id: I5b67f70f8b104bb681548f742ab863395a88360f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2043843
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66304}
This adds 3 flags to the numfuzz fuzzer depending on a probability:
--budget-for-feedback-vector-allocation=0
--interrupt-budget=100
--no-lazy-feedback-allocation
No-Try: true
Bug: v8:10204
Change-Id: I83dabcd0e3ca80bebe596d65d03b3e99d8ecbf03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2060490
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66291}
This reduces the pointer-compression experiment by 3% as it is in
production since a while.
This also uses turbofan when comparing across architectures as tests
run faster and likely find the same or more relevant bugs.
No-Try: true
Change-Id: I35ec97188a101a7cb43454903f7bf9765e57893c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2059995
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66290}
Pass --no-lazy-feedback-allocation in all second runs depending
on a probability. Also combine with --interrupt-budget=100.
This also allows adding several extra flags behind one probability.
The tests are improved to ensure valid flags and configs.
No-Try: true
Bug: v8:10215
Change-Id: I2766ef5044cd8c7096f6b76f39b60b568f550bde
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2059991
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66289}
This skips gay-*.cc cctest files for lint checking. The files
contain 99.9% data not structures. Alternatively, maybe the
data could be moved to non-cc resource files.
This speeds up v8_presubmit without caching locally from 39s to 23s.
This is how it's executed on the continuous CI builder.
No-Try: true
Change-Id: Ide58618a0b1ecd5900b5c9633d584c59b559df32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056463
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66267}
This will allow sharing the configs between Python and JavaScript
based fuzzers.
No-Try: true
Bug: chromium:1044942
Change-Id: Idd47ad31430cfed0629dbb5b9dd5fd2ef8c764f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051951
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66243}
We ensure now that fuzzers don't produce the f.arguments pattern and
instead replace it with a random variable.
No-Try: true
Bug: chromium:1044942, chromium:1020573
Change-Id: I899985f1a238f36d10fb22f76d93b7d5f444eab1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051944
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66238}
Un-ignore some files that only failed in obsolete comparisons.
We don't compare eager anymore and console functions are mocked out
in d8 by now. The exponentiation operator bug doesn't repro anymore.
No-Try: true
Bug: chromium:1044942
Change-Id: I0a572836bc9a4a6aa4736447f638a522ff8e8168
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050400
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66233}
The assumtion that V8 has no output differences within a single line
before a stack overflow, didn't hold. The prefix of e.g. console.info
can lead to a difference in a recursive call.
This change makes foozzie's output capping before a crash work on the
level of characters instead of lines to fix this.
No-Try: true
Bug: chromium:1050942
Change-Id: I13f747caf4f5848d40c31bd4232811285bab3c17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2049844
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66217}
- In log.cc, we used InstructionStart() for code create events, but
the Code object address for code move events. Change to use
InstructionStart() for both.
- The symbol table contains some kind of virtual address, not file
offsets. They happened to be identical in the past but are no longer,
probably due to toolchain changes. Now we use objdump to figure out
the difference between virtual addresses and file offsets.
- When a new code object happened to be created at the same address as
a previous one, we wouldn't update it.
This is indeed wrong, as predicted in a TODO by Jaro.
- For 64bit addresses, using >>> is wrong, now replaced with division.
Change-Id: Ib23114ed736f98bfc33c65004a039a3fd04d3c49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016586
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66145}
The bug appears to be fixed.
No-Try: true
Bug: chromium:693426
Change-Id: Ibd029c906dca87a3fd0c3e00be0b795e87390bd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2037439
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66134}
This will allow uploading repro test cases to clusterfuzz for
already suppressed known issues. This will allow tracking if those
issues still reproduce and that suppressions don't become stale.
No-Try: true
Bug: chromium:1044942
Change-Id: I997f11293c51836b97d143b0fea992055b39955e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2036083
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66114}
Respective differences were fixed and the suppressions didn't fire
anymore according to the statistics.
No-Try: true
Bug: chromium:664068, chromium:667678
Change-Id: I5e1aa802e0b0288a73d0f236c154289ab45314a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2035878
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66100}
Crashes in the presence of RangeError happen often during differential
fuzzing. Until now we have ignored such cases completely.
After this change we compare as much output as possible when one or
both runs have crashed, dramatically increasing the coverage.
No-Try: true
Bug: chromium:1048099
Change-Id: I923c10e9064b5dc6cae1e39a254e221d2867e0e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030914
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66085}
This adds two flags for whitelisting natives on fuzzers:
--allow-natives-for-fuzzing:
Enables a small subset of runtime functions and replaces others with
undefined.
--allow-natives-for-differential-fuzzing
Restricts the allowed runtime functions even further, excluding the
ones that break differential fuzzing.
Bug: chromium:1044942
Change-Id: I890bd4a6ff7c2e483dd74155290a7ace06f85239
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020773
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66068}
We will be able to collect test duration and later upload them in BQ.
Change-Id: Ie5610d4e872259857bf3f26ba698fa65d23058be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020952
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66040}
These both have to do with extremely large numbers, so it's unlikely to cause a problem in practice. Still, correctness.
First, encoding `-2147483648` in VLQ returns the value `"B"`. When decoding, we get the value `1` after reading the base64. We then check if the first bit is set (it is) to see if we should negate it, then we shift all bits right once. Now, `value` will be `0` and `negate` will be `true`. So, we'd return `-0`. Which is a bug! `-0` isn't `-2147483648`, and we've broken a round trip.
Second, encoding any number with the 31st bit set, we'd return the opposite sign. Let's use `1073741824`. Encoding, we get `"ggggggC"`. When decoding, we get the value `-2147483648` after reading the base64. Notice, it's already negative (the 32nd bit is set, because the 31st was set and we shifted everything left once). We'd then check the first bit (it's not) and shift right. But we used `>>`, which does not shift the sign bit. We actually wanted `>>>`, which will. Because of that bug, we get back `-1073741824` instead of the positive `1073741824`. It's even worse if the 32nd and 31st bits are set, `-1610612736` becomes `536870912` after a round trip.
I recently fixed the same two bugs in Closure Compiler: https://github.com/google/closure-compiler/commit/584418eb
Change-Id: Ib6592ad50ae3764479c1a766bbb19042ee83b99d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2018882
Auto-Submit: Justin Ridgewell <jridgewell@google.com>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65987}
This change adds support for the postmortem inspection library to show
the content of cached external strings if that content is available. It
also fixes a minor annoyance where strings with unavailable data would
show up as "...". Now, if fetching the very first character fails, we
omit the literal value from the output.
Bug: v8:9376
Change-Id: Id694a774c231ab3467fb59b1c149284729acfb20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1987922
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65961}
I hit a case where the 'V8_Dcheck' was only the sixth stack frame. Thus
increase the limit from 5 to 7.
R=ahaas@chromium.org
No-Try: true
Change-Id: I1ea37f07ff08ab5acffdfcc89d01ff102750a1e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016589
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65943}
Otherwise, the last tests that ran in a worker keep sitting on their
sigterm handlers without any running processes. This creates
exceptions when workers terminate.
Bug: v8:8292
Change-Id: Iefb9a4a353399c1e3168eae2916e3cedca4e09b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011831
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65907}
This adds a new API function that can be customized by the embedder
by providing a delegate that defines contexts to be measured and
reports the results to JS.
A memory measurement request is carried out as follows:
1) MeasureMemory(delegate) invocation enqueues a new request in
MemoryMeasurement::received_ and schedules a delayed GC task.
2) At the start of the next GC (that is triggered either by the
GC schedule or by the delayed task) each request in received_
moves to processing_. Per-context marking worklists are created
for each native context that was selected by the delegates
(using the ShouldMeasure predicate).
3) At the end of the GC the sizes of the native contexts are
recorded for each request in processing_. The requests move
to the done_ list and result reporting task is scheduled.
4) When the result reporting task runs it invokes the
MeasurementComplete function of each delegate in done_.
Bug: chromium:973627
Change-Id: I0254cae693c5b8fab7c85a9eca0a3a128210b6c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1981493
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65856}
The contructor arguments were omitted for Android in a previous
CL, which broke the Android builder.
TBR=tmrts@chromium.org
Bug: v8:8292
Change-Id: I266826e2531ba421161d6cd2241eae34b07e7521
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007494
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65839}
This prints the same details about a process when attempting to kill it
as when termination fails with an exception. This will make it
easier to correlate the two and to see which might be hanging.
Bug: v8:8292
Change-Id: I4b6a50386d4e9d84ded55cf262f19529138654a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2006092
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65837}
When an overall timeout is reached, swarming sends a SIGTERM to
terminate the test runner. The test runner has a signal handler on the
main process to terminate all workers gracefully.
Additionally, every worker process installs a signal handler for
terminating ongoing tests wrapped by command.Command.
Also, command.Command is used on the main process to list tests for
cctest and gtest executables, which led to overriding the test runner's
main signal handler.
This CL disables using signal handlers in commands by default and only
explicitly enables it in safe source locations.
Bug: v8:8292
Change-Id: Ifceadaff75bdd2b77e761498bccbe00b6a3e265c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002528
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65815}
There is no particular reason that PropertyDescriptorObject should be a
subclass of FixedArray. By using a separate struct type, we get better
generated accessor functions, automatic verification, and runtime type
info, plus we save four bytes per instance.
Change-Id: If076782832aa9398806794e4ee6d019aea2f92b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1999463
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65756}
This change moves the definitions of the bitfield flags used by Symbol
and Map to Torque. Symbol could directly follow the pattern established
by SharedFunctionInfo, but Map required some other changes:
- Until now, Torque bitfield definitions have required unsigned types. I
thought that this would be the least-surprising behavior, since we
never sign-extend when decoding bitfield values. However, I believe
that the amount of churn involved in making ElementsKind be unsigned
outweighs the benefit we were getting from this restriction (and
similar difficulties are likely to arise in converting other bitfield
structs to Torque), so this CL updates Torque to allow signed bitfield
values.
- If we try to make Map extend from all of the generated classes that
define its flags, we end up with class sizing problems because some
compilers only apply empty base class optimization to the first in a
row of empty base classes. We could work around this issue by
generating macros instead of classes, but I took this as an
opportunity for a minor clean-up instead: rather than having bitfield
definitions for several different bitfield structs all jumbled
together in Map, they can be split up. I think this makes the code a
little easier to follow, but if others disagree I'm happy to implement
macro generation instead.
Change-Id: Ibf339b0be97f72d740bf1daa8300b471912faeba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1988934
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65701}
This CL factors out the decision-making logic whether a property key should
be treated as a "property" or "element" into LookupIterator::Key, which can
be constructed on its own, allowing use sites to take this distinction into
account before constructing a LookupIterator from the Key, without needing
to duplicate the logic.
This also makes the assortment of LookupIterator constructors more uniform.
Bug: chromium:1031175
Change-Id: I81d7b11ab7e4915f5c05668138e6e0c51ae11821
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962272
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65672}
This change updates CachedTemplateObjectMap, BreakPointInfo, and
BreakPoint to inherit directly from Struct rather than Tuple2 or Tuple3.
It also removes Tuple3 because nothing else used Tuple3. By avoiding
tuple types, we get various benefits that Torque can provide:
- stricter debug verifier functions
- accessors, cast functions, and printers are generated
- BreakPoint and BreakPointInfo have different instance types, so you
can tell them apart at runtime or in a debugger
Change-Id: I9367bc08c6dea55d659fd610f9f6105fd61c907a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1988793
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65668}
This is a cleanup to remove unneeded flags after these changes (in
https://crrev.com/c/1988548):
* --future does not imply --wasm-tier-up any more, and
* --wasm-tier-up does not imply --liftoff any more.
Instead, now
* --wasm-tier-up is enabled by default,
* --wasm-tier-up has no effect if --liftoff is not set, and
* --future implies --liftoff.
R=ahaas@chromium.org
Bug: chromium:1040061
Change-Id: I5d04ee1f1d84ddcd0654df0e0a4c6298f80aee9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993280
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65666}
Add jkummerow, thibaudm, zhin; drop titzer.
Also make src/wasm/OWNERS the source of truth and let test-specific
OWNERS files refer to that.
No-Try: true
Change-Id: I9862ae452970e20b7842269721ad6a7953f275fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1989827
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65636}
Most dead variable warnings in GCMole are false positives, either from
failing to detect that TryEvacuateObject returning false means it didn't
allocate, or a regex error thinking that GarbageCollectionReasonToString
causes garbage collection (because the mangled version is something like
GarbageCollectionReasonToString[...]GarbageCollectionReason, and that
matches /Collect.*Garbage/).
Update the whitelist and fix the "Collect.*Garbage" regex to only look
at the function name.
Bug: v8:9985
Change-Id: I62284e97e4975a6a87616d1d535b2ac7958d17bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1989829
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65622}
This change updates GetObjectProperties to list all of the bitfields
within a class field, if that class field's type is a bitfield struct.
The representation of bitfields in the GetObjectProperties response is
very similar to the representation of struct fields, but with two extra
bytes of data specifying the shift and size of the bitfield.
Bug: v8:9376
Change-Id: I40a22169f3d01652a7f2db8cface43c2a1e30cfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1960835
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65610}
Adds --retain option (all, none, json) which controls which files are
kept after running the benchmark.
No-Try: true
Change-Id: I033a8ff7938fd10f8a0fc9425043e24f1229ce0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1980575
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65553}
When V8 throws an uncaught exception, we store a JSMessageObject
with a stack trace and source positions on the isolate itself.
The JSMessageObject can be retrieved by a TryCatch scope
and is used by the inspector to provide additional information to the DevTools
frontend (besides the exception).
Introducing top-level await for REPL mode causes all thrown exceptions
to be turned into a rejected promise. The implicit catch block that does this
conversion clears the JSMessageObject from the isolate as to not leak memory.
This CL preserves the JSMessageObject when the debugger is active and stores
the JSMessageObject on the rejected promise itself. The inspector is changed
to retrieve the JSMessageObject in the existing catch handler and pass the
information along to the frontend.
Drive-by: This CL removes a inspector test that made assumptions when a promise
is cleaned up by the GC. These assumptions no longer hold since we hold on to
the promise longer.
Bug: chromium:1021921
Change-Id: Id0380e2cf3bd79aca05191bc4f3c616f6ced8db7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967375
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65497}
Some test cases stress all global functions and hang when calling
readline.
No-Try: true
Bug: chromium:1034285
Change-Id: I0eaf64437c0806cf3df0a5306aecea4367763cad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967381
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65460}
Factors out the group regexes from callstats.py so the two tools can
share them. When --group is specified, the stats are grouped together
using the callstats.py groupings. Also adds --filter (can be supplied
multiple times) to only show certain groups.
Under the hood, this converts the simple arrays and dictionaries to use
classes to simplify the code somewhat.
Change-Id: If6b548e109212adfdf46fa04e7b21638f84a0e26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962864
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65429}
This cl: https://chromium-review.googlesource.com/c/v8/v8/+/1924439 has
renamed the optimize passed happening on the background to
OptimizeBackground instead of OptimizeConcurrent or RecompileConcurrent.
Concurrent optimization has main thread phases so using
OptimizeConcurrent for background computations only was a bit confusing.
Bug: chromium:1029456
Change-Id: I8f4a485831851d5a43ab87b3a5d74857559fd679
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944157
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65425}
Before this CL a byte was used per bucket to store whether the bucket
is possibly empty or not. This CL changes this such that each bucket
only needs a single bit.
PossiblyEmptyBuckets is now a word in the page header. If more bits
are needed than fit into a single word, an external bitmap is
allocated using AlignedAlloc. Storing this on the page header, allows
to remove initial_buckets from the SlotSet. The SlotSet allocation is
then again a power-of-2 in release mode.
Reland of https://crrev.com/c/1906376: Incorrect DCHECK was removed.
WordsForBuckets was simplified and a test was added for it.
Bug: chromium:1023139
Change-Id: I9a08e03a9c10e5781a146b9a28dab38824aad91f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954391
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65385}
Some fuzz test cases set Math.min to a different function. Let the fake
typed array constructors remember the original Math.min.
No-Try: true
Bug: chromium:1024815
Change-Id: Ia389439fe6757f2497e22187042c5cdf1d1c649f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958050
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65383}
Add --benchmark option to allow selecting a benchmark other
v8.browsing_desktop. If not using the default, the options to generate
v8 runtime call stats will be automatically added.
Adds --stdev option to calculate the standard deviation of the
results in the table.
Add --device and --browser option that are passed through to
run_benchmark.
Change-Id: I8c57c9eba7aea84108a2e3d4fdd098a7695cad53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1955588
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65369}
The cache adds a strong pointer from a code object to closures and
thus can leak arbitrary objects.
Bug: chromium:1030043
Tbr: yangguo@chromium.org
Change-Id: I8ce90119fa97eaea59d42e7fae5acd336b5fe5d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954392
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65363}
This is a reland of 5bddc0e142
The original CL was speculatively reverted as it was suspected to
cause failures on the non-determinism bot. This was ultimately
confirmed to not be the case, so this CL is safe to reland as-is.
Original change's description:
> Implement top-level await for REPL mode
>
> Design doc: bit.ly/v8-repl-mode
>
> This CL allows the usage of 'await' without wrapping code in an async
> function when using REPL mode in global evaluate. REPL mode evaluate
> is changed to *always* return a Promise. The resolve value of the
> promise is the completion value of the REPL script.
>
> The implementation is based on two existing mechanisms:
> - Similar to async functions, the content of a REPL script is
> enclosed in a synthetic 'try' block. Any thrown error
> is used to reject the Promise of the REPL script.
>
> - The content of the synthetic 'try' block is also re-written the
> same way a normal script is. This is, artificial assignments to
> a ".result" variable are inserted to simulate a completion
> value. The difference for REPL scripts is, that ".result" is
> used to resolve the Promise of the REPL script.
>
> - ".result" is not returned directly but wrapped in an object
> literal: "{ .repl_result: .result}". This is done to prevent
> resolved promises from being chained and resolved prematurely:
>
> > Promse.resolve(42);
>
> should evaluate to a promise, not 42.
>
> Bug: chromium:1021921
> Change-Id: I00a5aafd9126ca7c97d09cd8787a3aec2821a67f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900464
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65273}
TBR: yangguo@chromium.org,verwaest@chromium.org
Bug: chromium:1021921
Change-Id: I95c5dc17593161009a533188f91b4cd67234c32f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954388
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65360}
Adds a script that runs a v8.browsing_desktop story a number of times
and extracts the runtime call stats as either a table or csv.
Change-Id: I4e93cd120b3496410517a2f26547b954fc59d92a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1953343
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65353}
This reverts commit 5bddc0e142.
Reason for revert: Possible culprit for https://bugs.chromium.org/p/chromium/issues/detail?id=1029863
Original change's description:
> Implement top-level await for REPL mode
>
> Design doc: bit.ly/v8-repl-mode
>
> This CL allows the usage of 'await' without wrapping code in an async
> function when using REPL mode in global evaluate. REPL mode evaluate
> is changed to *always* return a Promise. The resolve value of the
> promise is the completion value of the REPL script.
>
> The implementation is based on two existing mechanisms:
> - Similar to async functions, the content of a REPL script is
> enclosed in a synthetic 'try' block. Any thrown error
> is used to reject the Promise of the REPL script.
>
> - The content of the synthetic 'try' block is also re-written the
> same way a normal script is. This is, artificial assignments to
> a ".result" variable are inserted to simulate a completion
> value. The difference for REPL scripts is, that ".result" is
> used to resolve the Promise of the REPL script.
>
> - ".result" is not returned directly but wrapped in an object
> literal: "{ .repl_result: .result}". This is done to prevent
> resolved promises from being chained and resolved prematurely:
>
> > Promse.resolve(42);
>
> should evaluate to a promise, not 42.
>
> Bug: chromium:1021921
> Change-Id: I00a5aafd9126ca7c97d09cd8787a3aec2821a67f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900464
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65273}
TBR=yangguo@chromium.org,leszeks@chromium.org,verwaest@chromium.org,szuend@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:1021921
Change-Id: I9eaea584e2e09f3dffcbbca3d75a3c9bcb0a1adf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948719
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65333}
Design doc: bit.ly/v8-repl-mode
This CL allows the usage of 'await' without wrapping code in an async
function when using REPL mode in global evaluate. REPL mode evaluate
is changed to *always* return a Promise. The resolve value of the
promise is the completion value of the REPL script.
The implementation is based on two existing mechanisms:
- Similar to async functions, the content of a REPL script is
enclosed in a synthetic 'try' block. Any thrown error
is used to reject the Promise of the REPL script.
- The content of the synthetic 'try' block is also re-written the
same way a normal script is. This is, artificial assignments to
a ".result" variable are inserted to simulate a completion
value. The difference for REPL scripts is, that ".result" is
used to resolve the Promise of the REPL script.
- ".result" is not returned directly but wrapped in an object
literal: "{ .repl_result: .result}". This is done to prevent
resolved promises from being chained and resolved prematurely:
> Promse.resolve(42);
should evaluate to a promise, not 42.
Bug: chromium:1021921
Change-Id: I00a5aafd9126ca7c97d09cd8787a3aec2821a67f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900464
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65273}
This cl: https://chromium-review.googlesource.com/c/v8/v8/+/1924439 has
renamed the optimize passed happening on the backgroudn to
OptimizeBackground instead of OptimizeConcurrent or RecompileConcurrent.
Concurrent optimization has main thread phases so using
OptimizeConcurrent for background computations only was a bit confusing.
Bug: chromium:1029456
Change-Id: Idd0a0ff82597bb18c2d8896c7288f268e59acc05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943156
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65261}
