As Nico pointed out in [1], it is a little strange that the pair of
annotations "@export @customCppClass" behaves similarly to the keyword
"extern": both indicate that the class is defined in a C++ file and
Torque generates only a base class template for it. In this change, I
explore a possible alternative which might be more consistent.
Removed annotations:
- @customCppClass, which required @export, instructed Torque to only
generate a base class template instead of a full class.
- @customMap, which also required @export, instructed Torque to not emit
code for setting up a unique Map instance for the class.
Added annotations:
- @generateUniqueMap, which requires extern, instructs Torque to emit
code for setting up a unique Map instance for the class.
- @generateFactoryFunction, which requires extern, instructs Torque to
emit a function for creating a class instance.
Subtracting two annotations and adding two others still leaves us with
way too many annotations, but the usage of "extern" becomes more
consistent and I think that the new opt-in annotations might be easier
to understand.
[1] https://docs.google.com/document/d/1q_gZLnXd4bGnCx3IUfbln46K3bSs9UHBGasy9McQtHI/edit
Bug: v8:7793
Change-Id: Ic9e147a095bc492d6645001b9275357386e8adcf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3266008
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#77799}
In assignments the lhs should be evaluated first and shouldn't be
re-evaluated when the value of the rhs is available. Fix it by
saving the receiver and the key registers into AssignmentLhsData
before building the assignment and use them later, instead of visiting
the AST again to retrieve the receiver.
In addition, now that we save the receiver register, use it to
perform the brand check even when we know for sure that it's
going to fail later because it's a write to a private
method or accessing the accessor in the wrong way (v8:11364),
so that the brand check error always appears first if it is present,
as specified in
https://tc39.es/proposal-private-methods/#sec-privatefieldget
Drive-by: unify the brand check error messages, and replace "Object"
with "Receiver" in the messages for clarity. The instance private
brand check now throws "Receiver must be an instance of class <name>"
and the static private brand check now throws "Receiver must be
class <name>". Also always set the expression position to the
property load position, because the brand check failure comes from
the load operation.
Bug: v8:12352, v8:11364
Change-Id: I61a8979b2e02b561dd5b2b35f9e0b6691fe07599
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3266964
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77797}
We want to skip the readability/check rule on the
bigint directory while keeping the rest of the linting.
Bug: v8:12024
Change-Id: I56f84554af9aa44d4436249916269b5441d4fbaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264221
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77796}
In the future we will allow arbitrary objects as host-defined options.
To prepare the embedders for the upcoming changes we migrate the API
to use v8::Data where possible.
Internally we still use i::FixedArray with primitive values until the
migration to context-stored host-defined options is completed.
Note: This CL also introduces a temporary cast and inheritance
between Data and PrimitiveArray which will be removed again.
Bug: chromium:1244145
Change-Id: I852d0d827708d32b6f3a6d03457234a006e2fd77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264285
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77795}
In order to construct the optimal source code combination for functions
(and especially the positions inside the optimal source code for each
function), we need to know all functions upfront.
Rewrite the d8-based snapshotter so that it discovers all objects first
(+ assigns ids), then does the actual snapshotting.
Bug: v8:11525
Change-Id: I4f4e5589575ee9738e8a83aa6cda2c8164803b4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268915
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77794}
Adds support for aborting compaction when finalizing with stack:
- never_compact_with_stack: All pages are aborted;
- never_compact_code_space_with_stack: Only code space pages are
aborted;
This flags allow simulating a worst case where a stack cannot
be considered precise, or evacuation candiate is refered to from
a stack slot that V8 has no info for.
Bug: v8:12251
Change-Id: Ice24ac87a985b8ecf7b5cbb5c106ad4a3ae1944b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3173682
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77792}
This CL fixes a memory leak where we would not properly pop all
Promises from the Isolate-wide Promise stack. This can happen under
the following conditions:
- `await`ing a Promise in an async function
- Debugger is active
- AsyncEventDelegate is not set.
In the case above, the promise of the surrounding async function is
pushed onto the global Promise stack, but not poped before the
await. This CL fixes that.
R=bmeurer@chromium.org
Fixed: chromium:1225905
Change-Id: If03f6bfda48b8cb14bc6a68815fd702632edc68d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268464
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77790}
This reverts commit b9ddcbc86f.
Reason for revert: Hits unreachable on MSAN, see https://bugs.chromium.org/p/chromium/issues/detail?id=1267854
Original change's description:
> [fastcall] Enable float support on arm64 simulator
>
> This CL adds support for handling calls to C functions with arbitrary
> signatures on the arm64 simulator. It adds infrastructure for
> encoding the signature data from CallDescriptor and FunctionInfo
> classes into a compact representation, stored in the simulator and
> called EncodedCSignature.
>
> Design doc:
> https://docs.google.com/document/d/1ZxOF3GSyNmtU0C0YJvrsydPJj35W_tTJZymeXwfDxoI/edit
>
> This CL is a follow up on the native support added in
> https://chromium-review.googlesource.com/c/v8/v8/+/3182232
> and is partially based on the previous attempt:
> https://chromium-review.googlesource.com/c/v8/v8/+/2343072
>
> Bug: chromium:1052746
> Change-Id: I0991b47bd644b2fc2244c5eb923b085261f04765
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060486
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77744}
Bug: chromium:1052746, chromium:1267854, chromium:1267841
Change-Id: If3d5aaab6b5f4309ce90add614d674aaa86b43c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268910
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77788}
This is a reland of ef62cd066c
Original change's description:
> [heap] Remove executable_memory_ from release code
>
> The map is only used to check invariants.
>
> Bug: v8:12054
> Change-Id: I7d067cca801c9b6104efb22a26cf27f1f62920c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268286
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77766}
Bug: v8:12054
Change-Id: I2a699d1db4c1ed5a2881a1ccd9dd3b36b20ea8e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268303
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77786}
This reverts commit 3a46c81c26.
Reason for revert: Breaking roll (or rather, oh no, cast_shell is broken, need to fix that before relanding): https://ci.chromium.org/ui/p/chromium/builders/try/cast_shell_linux/1053410/overview
Original change's description:
> [flags] Add a sanity check for unchanged jitless flags
>
> V8 flags in general should not change in a process after the
> first Isolate has been initialized. --jitless and related flags
> especially sensitive to this, so we introduce a dedicated check
> just for them.
>
> Bug: chromium:1262676, v8:9019, v8:12366
> Change-Id: I239726889d236a3785c1fdc076fa21d1b8983c92
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260508
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77759}
Bug: chromium:1262676, v8:9019, v8:12366
Change-Id: Ie47d183bfd68633c3d30a13a038219051c38eba0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268734
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77785}
Besides, port commit 9711289d06 to mips
and loong64, and fix an error with the usage of BlockTrampolinePoolFor.
Change-Id: Ifee64f8471e1d2db8945768370a30ab06210420c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3269369
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#77784}
Relaxed f32x4 and f64x2 min and max.
These instructions only guarantee results when the inputs are non nans,
and when the inputs are not 0s of opposite signs.
Drive-by rename of instruction codes to be Minps/Maxps/Minpd/Maxpd
since they map down exactly to a single instruction.
ia32 port of c3f346b7ac.
Bug: v8:12284
Change-Id: If64da551524ea8c304e1fa8f9cf4acbd54abfe5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3251708
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77780}
4 instructions, i8x16, i16x8, i32x4, i64x2 relaxed lane select. These
instructions only guarantee results when the entire lane is set or
unset, so vpblendvb will give correct results for all of them.
Same instruction selector code as x64.
Bug: v8:12284
Change-Id: Icd0bc8c5125cd2780141117830d6cb6e6babbb74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3251701
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77779}
Explicit write barriers for internal fields are deprecated as they are
automatically emitted by V8.
Depends on:
https://crrev.com/c/3263924
Bug: v8:12356
Change-Id: I171ba5b42a6570ce52e2e2ea1b7c1029d5a8a3a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263888
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77772}
The map is only used to check invariants.
Bug: v8:12054
Change-Id: I7d067cca801c9b6104efb22a26cf27f1f62920c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268286
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77766}
This is an unecessary boolean, that makes reason about the code more
complicated.
Bug: v8:12054
Change-Id: I5bdf2069ead427f53ce774e825fe9656e668480e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268284
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77765}
And make the GC visit spilled references in the frame.
R=ahaas@chromium.org
CC=fgm@chromium.org
Bug: v8:12191
Change-Id: Ida430f12a6de7658972e7890542fb02f7f7ddbb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3226784
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77763}
This CL
* adds forwarding accessors to CodeDataContainer for certain widely
used Code object's fields and predicates,
* adds JSFunction::set_code() overloads accepting CodeT values,
* migrates SharedFunctionInfo getters to CodeT,
* migrates InterpreterData::interpreter_trampoline to CodeT.
Drive-by-fix: replace #if V8_EXTERNAL_CODE_SPACE with #ifdef to be
consistent.
Bug: v8:11880
Change-Id: I1e114076a0568068038ca6f70a86431a3a9cfb9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3262716
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77762}
V8 flags in general should not change in a process after the
first Isolate has been initialized. --jitless and related flags
especially sensitive to this, so we introduce a dedicated check
just for them.
Bug: chromium:1262676, v8:9019, v8:12366
Change-Id: I239726889d236a3785c1fdc076fa21d1b8983c92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260508
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77759}
... which could contain a smi value during CodeDataContainer setup.
Bug: v8:11880
Change-Id: Ibc67818411e9b824843bc5a20d249335c88d5f57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264291
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77758}
This CL fixes a null dereference when an attempt is made to access
the current arm64 simulator from a background thread.
Bug: chromium:1267491
Change-Id: I9232fe134fccbff162eb5076aff20884872e4cc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264219
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77757}
This CL adds an Allocator to SmallVector to control how dynamic
storage is managed. The default value uses the plain old C++
std::allocator<T>, i.e. acts like malloc/free.
For use with zone memory, one can pass a ZoneAllocator as follows:
// Allocates in zone memory.
base::SmallVector<int, kInitialSize, ZoneAllocator<int>>
xs(ZoneAllocator<int>(zone));
Note: this is a follow-up to crrev.com/c/3240823.
Drive-by: hide the internal `reset` function. It doesn't free the
dynamic backing store; that's a surprise and should not be exposed to
external use.
Change-Id: I1f92f184924541e2269493fb52c30f2fdec032be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257711
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77755}
Since the indirect function table at index 0 in an instance is now
represented like the other tables, the IndirectFunctionTableEntry
abstraction is no more useful. We replace it with direct access to the
tables and a simpler abstraction {FunctionTargetAndRef}.
Bug: v8:11510
Change-Id: Iab4a6ca7eda8eb1757dbd321cb3997e98e78267e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247030
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77754}
Design doc: https://bit.ly/3jEVgzz
We represent the indirect function table of a WasmInstanceObject at
index 0 like the rest of the tables, i.e., as the 0th element of the
instance's indirect_function_tables() field. For performance, we
maintain direct links from the instance to the contents of table 0
(indirect_function_table_{size, sig_ids, refs, targets} in
WasmInstanceObject).
Bug: v8:11510
Change-Id: Ice49fd855109051d304ef9033cac7a495b68ab8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3246970
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77752}
The isolate root pointer in a WasmApiFuncionRef cannot be sandboxed,
because we would need the isolate root in the first place to decode it.
Therefore we do not use Foreign as the parent class of
WasmApiFunctionRef.
Bug: v8:11510
Change-Id: Idcbe654274c543ee571a335cb8e212ca3492d973
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3262134
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77751}
