TSAN was flakily detecting a race in the Add/RemoveSampler functions.
It could also be fixed by moving the USE(atomic_->Value()); line below
the do loop in the constructor of AtomicGuard.
Given that base::AtomicValue is deprecated and std::atomic has a
compare_exchange operation with std::memory_order_seq_cst, we can just
use std::atomic_bool to fix the TSAN false-positive.
Bug: v8:7702
Change-Id: Id2038ea1ccced7339f45991263e944394e935454
Reviewed-on: https://chromium-review.googlesource.com/c/1288814
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56794}
Make heap profiler provide information about each sample currently
alive. That information can be used to build diagrams of memory
allocations over time.
BUG=chromium:889545
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ibcbe2f5302263d0b3976ee4cd3601eff11375cae
Reviewed-on: https://chromium-review.googlesource.com/c/1285130
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56793}
When InferReceiverMaps doesn't provide us with reliable maps for the
resolution, we can still utilize the information if all the maps that
are found are stable - aka leaf - maps. But in that case we need to
make sure that we add proper dependencies on the stability of these
maps.
Bug: v8:7253
Change-Id: I6f5825583acc3f2575e83a244d55609ac64d04d3
Reviewed-on: https://chromium-review.googlesource.com/c/1288633
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56789}
By default zx_vmo_create() creates resizable VMOs, which may be
hazardous in some cases. It's safer to use ZX_VMO_NON_RESIZABLE unless
VMO needs to be resizable. It doesn't make much difference in
OS::Allocate() because it drops the VMO handle immediately after
mapping it, still it's better to use ZX_VMO_NON_RESIZABLE for
consistency.
Change-Id: I688ee44b08042a9df7e3fae0b1b3298271b53b1c
Reviewed-on: https://chromium-review.googlesource.com/c/1277605
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Sergey Ulanov <sergeyu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56788}
Make sure we wait for the worker thread to finish compilation before removing
aborted jobs.
BUG=v8:8317,v8:8041
Change-Id: I42f30c4d430b7787ea5e724bdfda6460e5461233
Reviewed-on: https://chromium-review.googlesource.com/c/1288812
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56787}
Since ValidateExpression just throws the only queued (first) expression error,
we can delay throwing it until the latest possible moment. That's right before
the matching expression classifier dies (goes out of scope or accumulates).
Change-Id: I4538de333b789ae786278b94b76b4799ccdf4903
Reviewed-on: https://chromium-review.googlesource.com/c/1286678
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56785}
Async tail might be long. On frontend side we use only top frame so
we can report tail using id.
R=dgozman@chromium.org
Bug: chromium:873865
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie9e6b5c4c000cc6bedce2d5fec9f3fa22ea21768
Reviewed-on: https://chromium-review.googlesource.com/c/1286959
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56784}
- Use token-range checks
- Delay ValidateExpression until after the loop
- Only queue classifier errors at the beginning
- Only inline Token-range check rather than the entire
ParseMemberExpressionContinuation to reduce binary size.
Change-Id: Ib81ce071851fe5c13b4bb405cd883df7a82c84c9
Reviewed-on: https://chromium-review.googlesource.com/c/1286677
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56783}
This also changes Consume to bypass the stackoverflow check. Otherwise the
following pattern wouldn't work:
if (peek() == expected) {
f()
}
f() {
Consume(expected);
}
since the call to f can cause the overflow.
Change-Id: If2fd3181ecdf1fd681f584b630e83e0af4e4bf9d
Reviewed-on: https://chromium-review.googlesource.com/c/1286684
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56782}
This separates the fast-non-asan path from the asan path so it can be inlined.
Additionally avoid updating allocation_size_ on each Zone::New call.
Inlining Zone::New actually reduces binary size by 50kb...
Change-Id: Ie5d58638284e5a1a5e0198c24080b0f600d79092
Reviewed-on: https://chromium-review.googlesource.com/c/1288641
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56780}
Teach TurboFan about the maps produced by JSPerformPromiseThen and
JSCreatePromise, which yields a ~1-2% improvement on the doxbee
promises benchmark by removing the redundant checks from the optimized
code with promise chaining.
Bug: v8:7253
Change-Id: If0edce8ba15917c1b7e76b9d06490cfffe911650
Reviewed-on: https://chromium-review.googlesource.com/c/1288639
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56778}
It seems that the Promise.resolve() lowering in JSCallReducer was no
longer called.
Bug: v8:7253
Change-Id: I3c80aed085d15fb54d88245b9d71b9caed7de075
Reviewed-on: https://chromium-review.googlesource.com/c/1288452
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56773}
If the user's cleanup function didn't iterate all available WeakCells, we need
to schedule the cleanup task again at some point. The previous condition
resulted it never being scheduled.
BUG=v8:8179
Change-Id: I8f5f4c01d1eb6a3cca8bd21bdc52c38663889882
Reviewed-on: https://chromium-review.googlesource.com/c/1286686
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56772}
Change-Id: Ic7d90d479b090670339200e4b6255fb1fb2441a5
Reviewed-on: https://chromium-review.googlesource.com/c/1288352
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#56770}
When creating the buffer for the fall back, the initial entry was not
considered when calculating the size.
Bug: chromium:896181
Change-Id: I7f15bb1bdf31b3255db91b1fe8dcd68c76033980
Reviewed-on: https://chromium-review.googlesource.com/c/1286957
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#56768}
This is necessary for the arguments adaptor, as there are only
5 gp registers available and a call to the arguments adaptor
trampoline that does not have the trampoline address as a immediate
needs 6 (4 arguments + esi as context + register to call through).
Bug: v8:6666
Change-Id: Ie96cf0352c323e07e0daf369953df8f4ee9acb81
Reviewed-on: https://chromium-review.googlesource.com/c/1283050
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56767}
I had forgotten to upload this to my previous CL.
TBR: mslekova@chromium.org
Change-Id: I1195ffd947ad82226af41cd7103b389a6733f4e4
Reviewed-on: https://chromium-review.googlesource.com/c/1288590
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56766}
This lets us remove the unsafe object<T>() getter.
Bug: v8:7790
Change-Id: Ie438c68d4c96f1525eee5afd252523b222dc8f53
Reviewed-on: https://chromium-review.googlesource.com/c/1288411
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56761}
AllocateJSArray always allocates in new space, so we bailout of the fast
path for strings if the new array does not fit in new space.
Bug found by ClusterFuzz. Regression test added.
This also switches to the BranchIf pattern to avoid materialize a bool.
Bug: chromium:895860, v8:7980
Change-Id: Ic7c41268c394ac2796b7694252390ab50fd74838
Reviewed-on: https://chromium-review.googlesource.com/c/1286337
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#56759}
We can strength-reduce JSResolvePromise(p,v) to JSFulfillPromise(p,v)
if the v is known to be a primitive. This not only avoids the dynamic
checks for v inside JSResolvePromise, but also removes the need to
have a frame state, as the JSFulfillPromise operation cannot call
back into arbitrary JavaScript, and thus cannot deoptimize lazily.
This triggers for example for async functions where the return value
is known (to TurboFan) to be a primitive value.
Bug: v8:7253
Change-Id: I4698d6026e0632ab3e2fef6c7f4aaacf6c2a508c
Reviewed-on: https://chromium-review.googlesource.com/c/1288449
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56758}
We use the object<T>() getter to extract the handle from an ObjectRef
instance and cast it to Handle<T>. In DEBUG mode, the cast does a type
check which accesses the heap. We must not access the heap though. This
CL is a quick fix that skips the type check. Eventually we should
replace the templatized accessor with a subclass-specific one to have
some safety.
Bug: v8:7790, v8:8316
Change-Id: I71048be2bc36570cce33b0e680824dd6bc407d14
Reviewed-on: https://chromium-review.googlesource.com/c/1282963
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56756}
We'll automatically figure out that we can't parse an expression at the EOS
anyway.
Change-Id: I663e3b9d030ee048b28472710071778bfc511747
Reviewed-on: https://chromium-review.googlesource.com/c/1286681
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56755}
We forgot to eliminate the read accesses of these two cells.
Bug: v8:7790, v8:8315
Change-Id: Id175e4d96461f88759b2d29ab1d407ba4c54e733
Reviewed-on: https://chromium-review.googlesource.com/c/1286680
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56752}
Failing test are: cctest/cctest/test-run-wasm/RunWasmLiftoff*.
Test started to fail after this commit: 56b8ab5d07
This patch also fixes MIPS big endian build failure.
Change-Id: I333450f2a8f9c9a61db9aea18e5e973f48742d52
Reviewed-on: https://chromium-review.googlesource.com/c/1286348
Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#56742}
Some confusion has crept in over time, specifically around
the distinction between an offset to an external reference's
address and an offset to its entry in the external reference
table. This CL unifies naming and interfaces.
Drive-by: Fix formatting in macro-assembler-x64.
Bug: v8:6666
Change-Id: Iade98ca28a7304aba0254b92b553343826a08e41
Reviewed-on: https://chromium-review.googlesource.com/c/1286674
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56741}
Currently ProfilerListener channels the code events to Processor
via CpuProfiler - we don't need this indirection and can just hook
it up directly. This also makes it easier to test because we don't need
a CpuProfiler object just to test the Processor.
Drive-by cleanup:
- Remove NUMBER_OF_TYPES from CodeEventRecord as it is not used.
- Remove Isolate* parameter from AddDeoptStack and AddCurrentStack as
a Processor object is only ever for one Isolate. Store the Isolate*
on the ProfilerEventsProcessor object itself.
- Remove the default case from switch in ProcessCodeEvent().
Bug: v8:5193
Change-Id: I26c1a46b0eec34b5248b707d1997c3a9409a9604
Reviewed-on: https://chromium-review.googlesource.com/c/1286341
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56740}
Drive-by: Fix ExternalReferenceAddressAsOperand. Now it correctly
returns an operand to within the external reference table.
Bug: v8:6666
Change-Id: I8226257f27a2747584d37fd948d66c6e9b0d7ecf
Reviewed-on: https://chromium-review.googlesource.com/c/1286671
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56739}
This will also be useful for JSCallReducer.
In order to avoid extra work, the CL restricts one path of the JSCall
lowering to functions from the own native context.
Bug: v8:7790
Change-Id: I9f3a478969d641da59661ff196fdedae8195d680
Reviewed-on: https://chromium-review.googlesource.com/c/1286335
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56733}
This enables by the default the
export * as foo from "bar"
syntax in modules.
Bug: v8:8101
Change-Id: I98b07d217ae08ff6a556e69cb3bf6e8f4bd46a07
Reviewed-on: https://chromium-review.googlesource.com/c/1282972
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56732}
This bundles a bunch of miscellaneous things to make more builtins
isolate-independent (e.g.: using tasm::Move instead of asm::mov
methods).
Drive-by: The isolate-independence whitelist was changed to a blacklist.
Bug: v8:6666
Change-Id: I7e0fbe8bb2ca3dc751ad070f1a92aebb88b43125
Reviewed-on: https://chromium-review.googlesource.com/c/1286331
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56728}
Store the bits of a small type into the lower bits
of a pointer type that are free due to alignment.
Furthermore, reordering of members to reduce size of some classes.
Change-Id: I3c619cb74053f64995ea7d0cb395e8edda604f18
Reviewed-on: https://chromium-review.googlesource.com/c/1273019
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56726}
