When aborting evacuation of a page, the GC also needs to take care
of invalidated objects and recorded slots on the page. Add a test
to ensure that future changes do not break this behavior.
Bug: chromium:1012081
Change-Id: I110db67157e4b8c7fdb4d1061e9df6955b532a70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1855758
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64234}
Tweaks AdvanceBytecodeOffsetOrReturn so that the sequence of (cmp,beq)+
instructions is converted to (cmp, cmpne+, beq) saving an instruction
for every return bytecode. In reality this just saves a single
instruction.
Bug: v8:9771
Change-Id: I7cf2d5ae27ff5495808792aa4c953b97c2bb5b71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1853246
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64232}
The vst1 and vld1 instruction does a post-increment access. What we
intend is the usual access at (base+offset). This change adds a helper
function that is called for load and stores of s128, which emits the add
instruction to do base+offset, and then change the addressing mode of
the load/store to Operand2_R, which generates the variant of vld1/vst1
without the offset register. This is similar to how kSimd128 values are
loaded/stored in VisitUnalignedLoad and VisitUnalignedStore.
We also remove kSimd128 cases from UnalignedLoad and UnalignedStore,
since it is supported (see A3.2.1 Unaligned Data Access, ARM DDI
0406C.d)
Bug: v8:9746
Bug: v8:9748
Change-Id: I60b987ac58a5eaacd498a940625163484a3dc2db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1834771
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64229}
This patch implements https://github.com/tc39/proposal-class-fields/pull/269
and makes sure we always throw TypeError when there is invalid private
name access in computed property keys.
Before this patch, private name variables of private fields and methods
are initialized together with computed property keys in the order they
are declared. Accessing undefined private names in the computed property
keys thus fail silently.
After this patch, we initialize the private name variables of private
fields before we initialize the computed property keys, so that invalid
access to private fields in the computed keys can be checked in the IC.
We now also initialize the brand early, so that invalid access to private
methods or accessors in the computed keys throw TypeError during brand
checks - and since these accesses are guarded by brand checks, we can
create the private methods and accessors after the class is
defined, and merge the home object setting with the creation
of the closures.
Bug: v8:8330, v8:9611
Change-Id: I01363f7befac6cf9dd28ec229b99a99102bcf012
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1846571
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64225}
While removing dead code, v8 currently removes jump targets, but leaves
suspend points, resulting in bytecode analysis issues. This cl simply
removes the suspend point if the remainder of the block is dead.
Bug: v8:9825
Change-Id: Ib147ca01cf64c695c0316017852d61f52fd10cf4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849197
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64223}
When evacuation is aborted for a page, objects at the beginning of a
page might have been evacuated. In addition to deleting recorded slots
for this area, evacuated objects need to be removed from the set of
invalidated objects since those objects store a forwarding pointer in
their map word. Calls to Size() and IsValidSlot() in the subsequent
"pointers updating"-phase would fail without a valid map pointer.
Bug: chromium:1012081
Change-Id: I15df6f6840cbecf019437562190d4fc1f3b6e368
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852764
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64221}
This patch refactors the declaration and allocation of the class variable, and
implements static private methods:
- The class variable is declared in the class scope with an explicit
reference through class_scope->class_variable(). Anonymous classes
whose class variable may be accessed transitively through static
private method access use the dot string as the class name. Whether
the class variable is allocated depending on whether it is used.
Other references of the class variable in the ClassLiteral AST node
and the ClassInfo structure are removed in favor of the reference
through the class scope.
- Previously the class variable was always (stack- or context-)
allocated if the class is named. Now if the class variable is only
referenced by name, it's stack allocated. If it's used transitively
by access to static private methods, or may be used through eval,
it's context allocated. Therefore we now use 1 less context slots
in the class context if it's a named class without anyone referencing
it by name in inner scopes.
- Explicit access to static private methods or potential access to
static private methods through eval results in forced context
allocation of the class variables. In those cases, we save its index
in context locals in the ScopeInfo and deserialize it later, so that
we can check that the receiver of static private methods is the class
constructor at run time. This flag is recorded as
HasSavedClassVariableIndexField in the scope info.
- Classes that need the class variable to be saved due to
access to static private methods now save a
ShouldSaveClassVariableIndexField in the preparse data so that the
bits on the variables can be updated during a reparse. In the case
of anonymous classes that need the class variables to be saved,
we also re-declare the class variable after the reparse since
the inner functions are skipped and we need to rely on the preparse
data flags to remember declaring it.
Design doc: https://docs.google.com/document/d/1rgGRw5RdzaRrM-GrIMhsn-DLULtADV2dmIdh_iIZxlc/edit
Bug: v8:8330
Change-Id: Idd07803f47614e97ad202de3b7faa9f71105eac5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781011
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64219}
An error can easily cause a lot of false positive lint messages, due to
unused variables, macros, etc. Thus we suppress subsequent lint messages
when there are errors.
Bug: v8:8880
Change-Id: I5c8ba89312b8eacb7ab22523677854bf9fe45da6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789160
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64217}
The total number of CPU features in use is 32, and is thus hitting the
integer-size limit.
This CL splits the CPU features by platform such that we have some
space again for adding more features.
R=neis@chromium.org
Change-Id: I5cdbe10808e10d143c1e92510dd275d8c5542535
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1850371
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64215}
This moves the list of {BreakPointInfo} objects from {WasmModuleObject}
to the corresponding {Script} object. Breakpoints are expected to affect
all modules/instances for a given script, hence the new placement of the
list is a preparation to fully support per-script breakpoints.
R=clemensb@chromium.org
BUG=v8:6847,chromium:893069
Change-Id: Id97058be5ed79cfdba2cecac5733ba161a6021d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852127
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64213}
The tier-up check is only needed for instances that currently go
through the interpreter. It is simpler to move the check into the
interpreter's C++ entry point. At that point, when we see a JSRegExp
that should tier-up, we simply return RETRY which will automatically
send us back into runtime where the actual recompilation happens.
Bug: v8:9566
Change-Id: Ib7bb5d21a30bae45d6e14846edd2a47469989b35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852125
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64210}
The flag is enabled since M-70, and we do not use the previous
behaviour anywhere. Hence, remove the flag and clean up some API code.
In particular, the concept of {TransferrableModule} is not needed any
more, we can just use {CompiledWasmModule}.
R=mstarzinger@chromium.org, adamk@chromium.org
Bug: v8:9810
Change-Id: I9b3aa4972277a9262b58da70b141e90d1de31f35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847366
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64209}
This requires a change to instruction selector to UseUnique so that it
does not shadow the temporary register.
Bug: v8:9810
Change-Id: I3da3e18fbbcc1dd8d40821a6c2453fd2d975ad15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849981
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64203}
In preparation for allowing Torque to generate the list of instance
types, I'd like to make the rules a bit more consistent for how instance
types are spelled. This CL is my proposal for a system where every
non-String instance type name is exactly equal to calling
CapifyStringWithUnderscores on the corresponding class name and
appending "_TYPE".
This change is almost all find&replace; the only manual changes are in:
- src/objects/instance-type.h
- src/torque/utils.cc
- tools/gen-postmortem-metadata.py
This change is in response to the review comment
https://chromium-review.googlesource.com/c/v8/v8/+/1757094/25/src/builtins/base.tq#132
Change-Id: Ife3857292669f54931708e934398b2684e60bea5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1814888
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64199}
Since SlotSet is just an array of Buckets, RecordWrite doesn't need
to calculate the SlotSet-address in the SlotSet-array. bucket_index is
now directly calculated from the offset of the slot from the start of
the page. bucket_index may therefore now also exceed SlotSet::kBuckets,
for large objects.
Also calculate cell_offset and bit_index from page_start_offset, it is
not necessary to truncate page_start_offset to MemoryChunk::kPageSize.
Bug: v8:9454
Change-Id: I17edeafa4681a6348482c64dd0616065ce3121c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849525
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64197}
When simulating how standard higher-order builtins call their function
argument, we were inconsistent and imprecise in what hints we used for
the arguments.
Bug: v8:7790
Change-Id: I9a76225f0f036f3e7ce1a62644204790e4eba74d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849519
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64196}
The method allocates, so it should return the buffer in a {unique_ptr}.
Also, the internals can be simplified by using {size_t} instead of
{int} and removing a redundant special case.
R=mlippautz@chromium.org
Bug: v8:9810
Change-Id: I94ac5814c284bf6ab075841ddbfb768d31dfff4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849514
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64195}
Trivial changes to the parser to allow parsing for-await. Unfortunately,
these tests uncovered a stress bug related to using await in for
loops(see v8:9825).
Bug: v8:9817, v8:9825
Change-Id: Ie699c85389e94b834a22dc1fb2f9970fc37fcdd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1848434
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64193}
This moves the weak list of instances from {WasmModuleObject} to the
corresponding {Script} object. The list is used solely for breakpoints
which are intended to affect all instances belonging to a given script,
hence the new placement of the list is a preparation to fully support
per-script breakpoints.
R=clemensb@chromium.org
BUG=v8:6847,chromium:893069
Change-Id: I52315e0ba1e5e5021f55bf05d8cb0f01bf9f0fbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847359
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64191}
Due to https://chromium-review.googlesource.com/c/v8/v8/+/1835541 it's
now possible that we reach ProcessApiCall without any arguments hints.
I don't know how to test this in d8.
Bug: chromium:1011727, v8:7790
Change-Id: I556f562515548c6355ff2358e635a2e1fc3974a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847157
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64187}
Remove TaggedIsAsyncGenerator since all but one use is to generate
asserts that are handled automatically by TNodes. The remaining use is
then just inlined.
Also removes unused IsFastJSIterResult function.
Bug: v8:6949
Change-Id: Id5631586b7e4d4f43d352493a3e2638cf449665f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849516
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64186}
The plan is to eliminate the DecompressionElimination reducer
as well as the Compressed representation. We are adding a flag to
easily swap between the old system and the new one.
Bug: v8:7703, v8:9206
Change-Id: I083fc7a835962eddfd60e9c403131587489f4632
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815134
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64185}
