Previously the KeyAccumulator incorrectly reused the filter properties when
collecting the keys of a proxy target. This led to incorect behavior where for
instance non-enumerable properties were filtered too early.
Bug: v8:7818
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I9b43b65be168ef0975fea9245d433a54338d228e
Reviewed-on: https://chromium-review.googlesource.com/1113743
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54008}
This CL adds a fast path for DataView getters and setters when the
load or store to be performed is aligned and when the requested
endianness matches the platform endianness.
In that case, we can just emit the right load/store instruction
instead of having to read and write data byte by byte.
Change-Id: I10bd95a7fe8d23f695899eb8173bc654fb38fbb0
Reviewed-on: https://chromium-review.googlesource.com/1106168
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54005}
The upstream test suite for Unicode property escapes [1] is exhaustive
and is updated soon after every new release of the Unicode Standard.
It is then upstreamed into Test262.
This patch simplifies our own Script_Extensions tests and the script
used to generate them. Now, only a few code points are tested for each
Script_Extension. This avoids unnecessary friction every time ICU
is updated based on a new Unicode version.
[1] https://github.com/mathiasbynens/unicode-property-escapes-tests
[2] https://github.com/tc39/test262/tree/master/test/built-ins/RegExp/property-escapes
Bug: chromium:850334, v8:7825
Change-Id: I792d6848ef48b41ea5e9db18b777040d019822f3
Reviewed-on: https://chromium-review.googlesource.com/1112250
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54003}
Unittests may take compilation dependencies without committing them,
because no code object is ever created. This CL ensures that after each
unittest, all uncommitted dependencies are discarded. Without this,
the compilation dependencies leaks pointers to already freed C++ objects
between test-cases, which are then accessed after free if a unittest
invalidates the corresponding compilation dependency.
Bug: v8:851886
Change-Id: I55d989c42d45f5d713613bc1d3f86e00bd1b8d21
Reviewed-on: https://chromium-review.googlesource.com/1113313
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53998}
This reverts commit aafd5c52ab.
Reason for revert: Tentative revert for
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64/24825https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64%20-%20msvc/3242
Original change's description:
> [parser][log] Log script id during background compilation
>
> - Add separate script-create, script-reserve-id and script-details log events
> - Add log events for CompilationCache hits and puts
> - Simplify function event logging by only pass along the script id
> - Explicitly create Scripts in parse-processor.js on script events only
> - Create a temporary script id in the ParseInfo for use during background
> parsing and compilation
> - Clean up ParseInfo initialization to centralize creation and use of
> script ids
> - Allow creating Scripts with predefined script ids
>
> Bug: chromium:757467, chromium:850038
> Change-Id: I02dfd1d5725795b9fe0ea94ef57b287b934a1efe
> Reviewed-on: https://chromium-review.googlesource.com/1097131
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53978}
TBR=ulan@chromium.org,cbruni@chromium.org,gsathya@chromium.org,leszeks@chromium.org
Change-Id: I629f72f51d5e086e2b54658c1fdd18cec268aab2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:757467, chromium:850038
Reviewed-on: https://chromium-review.googlesource.com/1112538
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53984}
This is a reland of ada648006b, fixed
for 32 bit architectures (register pairs).
Original change's description:
> [Liftoff] Fix register use count
>
> In {SetLocalFromStackSlot}, we decrement the use count of the register
> in the target slot without updating this slot, and then call
> {GetUnusedRegister}. At that point, the register use counts do not
> match the cache state, which leads to errors later on.
> This CL fixes this by marking the target slot as a stack slot after
> reducing the register use count.
>
> It also adds a Validation which helped to find that error and will
> catch similar errors earlier.
>
> R=titzer@chromium.org
>
> Bug: chromium:854050, v8:6600
> Change-Id: I74d3a5aa947ec4247d7b4557567f642bf4082316
> Reviewed-on: https://chromium-review.googlesource.com/1111958
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53976}
TBR=titzer@chromium.org
Bug: chromium:854050, v8:6600
Change-Id: Ibc8801737e9604a8490382c569b0378585625376
Reviewed-on: https://chromium-review.googlesource.com/1112238
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53981}
It looks like we do not need live_edit flag.
R=dgozman@chromium.org,yangguo@chromium.org
Bug: v8:7862
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2b635f7d24138894b7a0f94fc90293d50e40f22c
Reviewed-on: https://chromium-review.googlesource.com/1108386
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53980}
This reverts commit ada648006b.
Reason for revert: Failure with slow dchecks: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/20982
Original change's description:
> [Liftoff] Fix register use count
>
> In {SetLocalFromStackSlot}, we decrement the use count of the register
> in the target slot without updating this slot, and then call
> {GetUnusedRegister}. At that point, the register use counts do not
> match the cache state, which leads to errors later on.
> This CL fixes this by marking the target slot as a stack slot after
> reducing the register use count.
>
> It also adds a Validation which helped to find that error and will
> catch similar errors earlier.
>
> R=titzer@chromium.org
>
> Bug: chromium:854050, v8:6600
> Change-Id: I74d3a5aa947ec4247d7b4557567f642bf4082316
> Reviewed-on: https://chromium-review.googlesource.com/1111958
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53976}
TBR=titzer@chromium.org,clemensh@chromium.org
Change-Id: I5b8d8d405dcd7f82ee431cba290419425b9859a1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:854050, v8:6600
Reviewed-on: https://chromium-review.googlesource.com/1112277
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53979}
- Add separate script-create, script-reserve-id and script-details log events
- Add log events for CompilationCache hits and puts
- Simplify function event logging by only pass along the script id
- Explicitly create Scripts in parse-processor.js on script events only
- Create a temporary script id in the ParseInfo for use during background
parsing and compilation
- Clean up ParseInfo initialization to centralize creation and use of
script ids
- Allow creating Scripts with predefined script ids
Bug: chromium:757467, chromium:850038
Change-Id: I02dfd1d5725795b9fe0ea94ef57b287b934a1efe
Reviewed-on: https://chromium-review.googlesource.com/1097131
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53978}
The wire bytes are currently stored as {SeqOneByteString} on the JS
heap. In order to make the {NativeModule} isolate independent, and to
ensure fast access to the wire bytes, they should move to the native
heap.
R=titzer@chromium.org
Bug: chromium:854794, v8:7868, v8:7424
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I36811ec87f780c5b1f6863cd6de89a165aa0b7d5
Reviewed-on: https://chromium-review.googlesource.com/1108208
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53977}
In {SetLocalFromStackSlot}, we decrement the use count of the register
in the target slot without updating this slot, and then call
{GetUnusedRegister}. At that point, the register use counts do not
match the cache state, which leads to errors later on.
This CL fixes this by marking the target slot as a stack slot after
reducing the register use count.
It also adds a Validation which helped to find that error and will
catch similar errors earlier.
R=titzer@chromium.org
Bug: chromium:854050, v8:6600
Change-Id: I74d3a5aa947ec4247d7b4557567f642bf4082316
Reviewed-on: https://chromium-review.googlesource.com/1111958
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53976}
Cleanup decoding of flags so that invalid flags for sections other than
memory are caught correctly.
Bug: chromium:853453
Change-Id: Ia347d5f7672eee93ca3f6a743f06fba629f55cb5
Reviewed-on: https://chromium-review.googlesource.com/1104976
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53972}
This changes the WebAssembly pipeline to no longer expect source
position tables for {WasmCode} to be allocated on the GC'ed heap.
R=clemensh@chromium.org
BUG=v8:7721
Change-Id: Ib2c6e3d0840e47b83809f60519c0d1b94af186af
Reviewed-on: https://chromium-review.googlesource.com/1109686
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53961}
Before flipping the flag, some tests need to be adapted. This CL
prepares these tests, such that the flag flip CL really just flips a
flag.
R=titzer@chromium.org, hablich@chromium.org
Bug: v8:6600, chromium:787421
Change-Id: I8030df69cda5f3fb81354350a37f65c0d1c669bd
Reviewed-on: https://chromium-review.googlesource.com/1110363
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53959}
This prologue is not needed any more now that we have the jump table.
If optimized code exists, we will not even enter the Liftoff code any
more, but instead jump to the optimized code right away.
This also allows to remove the {WASM_CODE_TABLE_ENTRY} relocation info
kind.
R=mstarzinger@chromium.org
Bug: v8:7758
Change-Id: I0449693d7434088fb264104fe59365d7ca2b74c6
Reviewed-on: https://chromium-review.googlesource.com/1110222
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53954}
Pass Isolate directly into CallHandlerInfo methods so that calls to
GetHeap can be removed.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: If28fbbd65530b01b69786c3e743754cff3b1ba3a
Reviewed-on: https://chromium-review.googlesource.com/1107926
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53945}
Also add a DCHECK to a branch that can only be taken for the null
prototype.
R=sigurds@chromium.org
Change-Id: Ib94fe8f25ecfd1a4baa576915e6edfa60bcd771b
Reviewed-on: https://chromium-review.googlesource.com/1109961
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53939}
After this CL all liveedit tests call the same LiveEdit::PatchScript
method. This method will be updated later.
As well some new liveedit cctests added, unfortunately part of them
do not work with current implementation.
R=dgozman@chromium.org,yangguo@chromium.org
Bug: v8:7862
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3521af12b0f95b39d13aaafb1d1cf60f3f642a97
Reviewed-on: https://chromium-review.googlesource.com/1108382
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53936}
Each local ABT is logically for one page. We passed the space in to the
constructor, but this is wrong because the space a page is in can
change, e.g. for compaction pages.
Instead, pass the page to the local ABT constructor and always get the
space from this. To do this we need to push the AllocateLocalTracker()
helper and friends down to Page, rather than its superclass MemoryChunk.
Unfortunately, we need to keep ReleaseLocalTracker() on MemoryChunk even
though only Pages can have local trackers, because we can't do virtual
dispatch on MemoryChunk::ReleaseAllocatedMemory() which would allow us
to clean up the tracker memory nicely for pages only.
We also have to make sure we update external bytes accounting properly
when swapping spaces, as in SemiSpace::Swap().
Change-Id: Iff02e41dd12a6b04a57fcc32f9e2b4f049fcbc24
Reviewed-on: https://chromium-review.googlesource.com/1107635
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53930}
The name {CallerOwnedBuffer} does not make sense in all situations,
especially if such an object is returned instead of being passed as
argument.
I am working on moving the wasm wire bytes off the JS heap, and hence
will return unowned references via the API. To prepare this change, I
deprecate the existing {CallerOwnedBuffer} and introduce a new
{BufferReference} struct with proper field names.
R=titzer@chromium.org, adamk@chromium.org
Bug: v8:7868
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic8953951447038a831b15a336a52a199bfbeafd5
Reviewed-on: https://chromium-review.googlesource.com/1108207
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53929}
Other fuzzers already have this ability. This CL adds it to the fuzzer.
The input has to be valid bytes, otherwise we cannot generate the text
representation.
R=titzer@chromium.orgCC=gdeepti@chromium.org
Change-Id: If1ba8accc707bee3b042e93f4201949f0233c90e
Reviewed-on: https://chromium-review.googlesource.com/1109794
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53926}
This completes the transition to Assembler::Options, which reduces
the assemblers's dependency on isolates, and there is now only one
way to create an Assembler, which is to use the options.
Note that some operations on assemblers still need an isolate, such
as GetCode(), and in these cases, the isolate is an additional
argument to the method.
R=jgruber@chromium.orgCC=mstarzinger@chromium.org
Change-Id: I413209d816c63a7c3640f1c226764693dcad1e7f
Reviewed-on: https://chromium-review.googlesource.com/1106169
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53925}
This is a reland of c2f1090db8, fixing jumbo builds.
Original change's description:
> [wasm] Move serialization tests to own file
>
> Move out all serialization related tests to
> {test-wasm-serialization.cc}, to reduce the size of
> {test-run-wasm-module.cc}.
>
> R=titzer@chromium.org
>
> Bug: v8:7754
> Change-Id: I0b2133baf69e2557df27d1733cc267d1d4cf7452
> Reviewed-on: https://chromium-review.googlesource.com/1107980
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53909}
TBR=titzer@chromium.org
Bug: v8:7754
Change-Id: Ic0bb02b1b782676c6100daa2d588adce8b54c388
Reviewed-on: https://chromium-review.googlesource.com/1109838
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53919}
All other sorting benchmarks use arrays of roughly the same length.
This CL adds a set of benchmarks that sort arrays of various lengths.
Two data configurations are used for each length: Completely random
and already sorted.
R=jgruber@chromium.org
Bug: v8:7382
Change-Id: Ib80a3421a68029c8e4f823605bab7b2d7fe1ae34
Reviewed-on: https://chromium-review.googlesource.com/1109509
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53917}
This CL adds sorting of a randomized array to the PreSorted benchmark
to act as a baseline/reference point.
R=jgruber@chromium.org
Bug: v8:7382
Change-Id: I45b77a6584d5d9a4f14a807f3796af7197673eaa
Reviewed-on: https://chromium-review.googlesource.com/1109508
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53913}
Move out all serialization related tests to
{test-wasm-serialization.cc}, to reduce the size of
{test-run-wasm-module.cc}.
R=titzer@chromium.org
Bug: v8:7754
Change-Id: I0b2133baf69e2557df27d1733cc267d1d4cf7452
Reviewed-on: https://chromium-review.googlesource.com/1107980
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53909}
Byteswap operations are used a lot in WASM on big endian
architecture. This CL removed unused 1-byte swapping,
rewrite tests so they have better coverage and cleans up
some other minor things.
TEST=cctest/test-run-wasm/RunWasmTurbofan_I32DivSOnDifferentRegisters
Change-Id: I60466bbd5fe3f64e8e55684265dc43e92fcabc2c
Reviewed-on: https://chromium-review.googlesource.com/1106379
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#53908}
This CL fixes a bug where execution would continue on a fast-path
even though a previous recursion step bailed to the slow path. This
would allow possibly illegal loads that could leak to JS.
Drive-by change: Instead of bailing to the slow-path on each recursion
step, we now bail completely and start the slow-path afterwards.
R=cbruni@chromium.org, jgruber@chromium.org
Bug: chromium:854299, v8:7382
Change-Id: Ib2fd5d85dbd0c3894d7775c4f62e053c31b5e5d1
Reviewed-on: https://chromium-review.googlesource.com/1107702
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53892}
When encountering a LoadStackPointer input to a comparison, generate a register
LocationOperand that points to the stack pointer. This can avoid unnecessary
spilling of the stack pointer.
Since sp is a special register for arm64, we need to add a mechanism to print
its name in RegisterConfiguration.
This is a port of https://chromium-review.googlesource.com/1055568 that made
the same change for arm.
It also ports the tests added in
https://chromium-review.googlesource.com/1099068 to arm and arm64.
Bug: v8:7844
Change-Id: I5adc672ff877b9888ef755e8e60e4eabbc61061b
Reviewed-on: https://chromium-review.googlesource.com/1107810
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#53889}
There is no point calling AllocationSpaceName manually every time. We
could get rid of AllocationSpaceName entirely, except that the
serializer calls it directly on ints that are casted to AllocationSpace
objects first.
Change-Id: I26b2181347dba960c8523d5dcecf8128208c59a2
Reviewed-on: https://chromium-review.googlesource.com/1107816
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53888}
Some cctests force fresh creation of heap constants, even though the
cctest binary itself is an embedded snapshot build (i.e.: a snapshot
blob exists, and a binary-embedded blob exists). This breaks a few
assumptions, for example that off-heap builtins have a single,
canonical off-heap code range.
Unfortunately this isn't that easy to fix. I see a few alternatives:
1. In builtins setup, if an embedded blob exists, regenerate the
builtins for their metadata (things like the safepoint table offset),
and then replace them by off-heap trampolines.
2. As above, but deserialize the trampolines from the snapshot blob.
3. As above, but pack required metadata into the embedded blob and
create trampolines from there.
4. Act as if the embedded blob does not exist.
Alternative 1 does not work because the generated code can be slightly
different at at runtime vs. mksnapshot-time. Alternative 2 is out
because we do not have access to the snapshot blob in TestIsolate
setup. Alternative 3 is probably the preferred option but would be a
more involved change.
This CL takes path 4. It's not an optimal solution, but it can be
replace by alternative 3 later.
TBR=ulan@chromium.org
Bug: v8:7718, v8:7751
Change-Id: I36c024cb0179615011c886ed3978bc95f0d197ac
Reviewed-on: https://chromium-review.googlesource.com/1098924
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53886}
Unconditionally setting the JSFunction code to that of the SFI
may skip initializing the feedback vector.
R=leszeks@chromium.org
Bug: v8:7857
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I65d4bf32493be4cade2eaf3d665d44f93e80f809
Reviewed-on: https://chromium-review.googlesource.com/1107618
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53881}
This test was not adapted for the jump table yet.
R=mstarzinger@chromium.org
Bug: v8:7867
Change-Id: Ifd03899b0757972525dcc54f04949635d03fa493
Reviewed-on: https://chromium-review.googlesource.com/1107624
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53878}
This is a reland of 380dba0a5c
Original change's description:
> [runtime][gc] Drop AllocationSite::weak_next field for sub-literals
>
> Use AllocationSite without Weaknext field for all the allocations in nested
> literal except for Root. The nested field is sufficient to link all the
> allocations in a nested literal. Only the Root is added to heap weak_alloc_list
> for GC to traverse
>
> Change-Id: I946e63292c6d168197cd2a087f697c73cc431272
> Reviewed-on: https://chromium-review.googlesource.com/1101323
> Commit-Queue: Chandan Reddy <chandanreddy@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53813}
Change-Id: Ic451fb3600b87f8f69748b1659ff89a80c9322fa
Reviewed-on: https://chromium-review.googlesource.com/1106257
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#53872}
The reference to the {NativeModule} (stored in a {Managed}) should live
on the {WasmModuleObject}, not on the individual {WasmCompiledModule}
objects.
R=titzer@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I21dfa088c9643d36d9fd5052a145e7e2af5e47f9
Reviewed-on: https://chromium-review.googlesource.com/1106380
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53860}
Our tests currently don't set {WasmModule::num_declared_functions}
correctly. This CL fixes that.
This enables the use of {WasmModule::num_declared_functions} instead of
{NativeModule::num_functions_ - NativeModule::num_imported_functions_}.
Drive-by: Fix {std::vector} reservation to reserve enough space for all
functions during decoding.
R=titzer@chromium.org
Change-Id: I6d7783aed1c0de3275fc72787dec17c38ff8c73b
Reviewed-on: https://chromium-review.googlesource.com/1106166
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53857}
We need to create one {WasmCompiledModule} before creating the
{WasmModuleObject}. This CL refactors the code such that the
{WasmModuleObject} itself creates the {WasmCompiledModule}. This moves
us closer to removing the {WasmCompiledModule}.
R=titzer@chromium.org
Change-Id: I9f85e47f643c39840036f4f1f92df736732c8f74
Reviewed-on: https://chromium-review.googlesource.com/1105762
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53833}
This is a reland of 733b7c8258.
The arm64 bug was fixed in https://crrev.com/c/1105051.
Original change's description:
> [wasm] Introduce jump table
>
> This introduces the concept of a jump table for WebAssembly, which is
> used for every direct and indirect call to any WebAssembly function.
> For lazy compilation, it will initially contain code to call the
> WasmCompileLazy builtin, where it passes the function index to be
> called.
> For non-lazy-compilation, it will contain a jump to the actual code.
> The jump table allows to easily redirect functions for lazy
> compilation, tier-up, debugging and (in the future) code aging. After
> this CL, we will not need to patch existing code any more for any of
> these operations.
>
> R=mstarzinger@chromium.org, titzer@chromium.org
>
> Bug: v8:7758
> Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
> Reviewed-on: https://chromium-review.googlesource.com/1097075
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53805}
TBR=titzer@chromium.org,mstarzinger@chromium.org
Bug: v8:7758
Change-Id: I68555230c6db97e70f0b8fef784188f55ee04794
Reviewed-on: https://chromium-review.googlesource.com/1105158
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53829}
This removes several GetIsolate calls from Map:: methods and instead
passes the Isolate in. This is a very noisy change but mostly it is just
adding Isolate to method declarations and forwarding it on.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I159505e50a9462d01066f14da0fcc29762bd5531
Reviewed-on: https://chromium-review.googlesource.com/1075267
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53826}
This CL changes all ArraySort benchmarks to execute the setup
function for each iteration (one run call), instead of only once for
all iterations.
Even though we now also measure the time needed to copy and prepare
the array, this is needed, otherwise we would mainly measure sorting
already sorted arrays.
R=cbruni@chromium.org, jgruber@chromium.org
Change-Id: I2e0e301b52b0288b8c825c3c8401c348c4a0dee7
Reviewed-on: https://chromium-review.googlesource.com/1105045
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53825}
TurboFan returned null handles if compilation did not succeed. This CL
changes that to a MaybeHandle to make it explicit that client code needs
to handle the error.
Bug: v8:7856
Change-Id: I6087e6263faa1150b9788213dd22c398b4a2fc2d
Reviewed-on: https://chromium-review.googlesource.com/1104688
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53824}
Bump limit for isolate creation in cctest; the test started crashing recently
on nosnap.debug builds, hence we bump the limit.
Bug: v8:7856
Change-Id: I7c2396c7f112a2ed7fc189f0fa72658e0ed75050
Reviewed-on: https://chromium-review.googlesource.com/1104691
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53816}
This reverts commit 380dba0a5c.
Reason for revert: Fails gc-stress: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Mac64%20GC%20Stress/1471
Original change's description:
> [runtime][gc] Drop AllocationSite::weak_next field for sub-literals
>
> Use AllocationSite without Weaknext field for all the allocations in nested
> literal except for Root. The nested field is sufficient to link all the
> allocations in a nested literal. Only the Root is added to heap weak_alloc_list
> for GC to traverse
>
> Change-Id: I946e63292c6d168197cd2a087f697c73cc431272
> Reviewed-on: https://chromium-review.googlesource.com/1101323
> Commit-Queue: Chandan Reddy <chandanreddy@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53813}
TBR=ulan@chromium.org,cbruni@chromium.org,chandanreddy@google.com
Change-Id: Icc87027f14f917da3033db256c2535e08e2a4a34
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1105159
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53815}
Use AllocationSite without Weaknext field for all the allocations in nested
literal except for Root. The nested field is sufficient to link all the
allocations in a nested literal. Only the Root is added to heap weak_alloc_list
for GC to traverse
Change-Id: I946e63292c6d168197cd2a087f697c73cc431272
Reviewed-on: https://chromium-review.googlesource.com/1101323
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53813}
This CL fixes a bug that allowed OOB read/stores on fastpaths when
a comparison function caused the underlying FixedArray to change
while keeping the elements kinds and size property on the original
JSArray the same.
R=jgruber@chromium.org
Bug: chromium:852592
Change-Id: I09af357d10e7f41e75241e4c87430fc9aa806f8c
Reviewed-on: https://chromium-review.googlesource.com/1104158
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53811}
This reverts commit 733b7c8258.
Reason for revert: breaks arm64 gc-stress: https://ci.chromium.org/buildbot/client.v8.ports/V8%20Linux%20-%20arm64%20-%20sim%20-%20gc%20stress/11659
Original change's description:
> [wasm] Introduce jump table
>
> This introduces the concept of a jump table for WebAssembly, which is
> used for every direct and indirect call to any WebAssembly function.
> For lazy compilation, it will initially contain code to call the
> WasmCompileLazy builtin, where it passes the function index to be
> called.
> For non-lazy-compilation, it will contain a jump to the actual code.
> The jump table allows to easily redirect functions for lazy
> compilation, tier-up, debugging and (in the future) code aging. After
> this CL, we will not need to patch existing code any more for any of
> these operations.
>
> R=mstarzinger@chromium.org, titzer@chromium.org
>
> Bug: v8:7758
> Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
> Reviewed-on: https://chromium-review.googlesource.com/1097075
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53805}
TBR=mstarzinger@chromium.org,titzer@chromium.org,clemensh@chromium.org,sreten.kovacevic@mips.com
Change-Id: Iea358db2cf13656a65cf69a6d82cbbc10d3e7e1c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7758
Reviewed-on: https://chromium-review.googlesource.com/1105157
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53807}
This introduces the concept of a jump table for WebAssembly, which is
used for every direct and indirect call to any WebAssembly function.
For lazy compilation, it will initially contain code to call the
WasmCompileLazy builtin, where it passes the function index to be
called.
For non-lazy-compilation, it will contain a jump to the actual code.
The jump table allows to easily redirect functions for lazy
compilation, tier-up, debugging and (in the future) code aging. After
this CL, we will not need to patch existing code any more for any of
these operations.
R=mstarzinger@chromium.org, titzer@chromium.org
Bug: v8:7758
Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
Reviewed-on: https://chromium-review.googlesource.com/1097075
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53805}
Currently each isolate stores its own array of
{CallInterfaceDescriptorData}. This array has size 173, and each entry
has 40 bytes. That's already 7kB per isolate.
Additionally, each {CallInterfaceDescriptorData} allocates two
heap-allocated arrays, which probably add up to more than the static
size of the {CallInterfaceDescriptorData}. Note that all the
{CallInterfaceDescriptorData} instances are initialized eagerly on
isolate creation.
Since {CallInterfaceDescriptor} is totally isolate independent itself,
this CL refactors the current design to avoid a copy of them per
isolate, and instead shares them process-wide. Still, we need to free
the allocated heap arrays when the last isolate dies to avoid leaks.
This can probably be refactored later by statically initializing more
and avoiding the heap allocations all together.
This refactoring will also allow us to use {CallInterfaceDescriptor}s
from wasm background compilation threads, which are not bound to any
isolate.
R=mstarzinger@chromium.org, titzer@chromium.org
Bug: v8:6600
Change-Id: If8625b89951eec8fa8986b49a5c166e874a72494
Reviewed-on: https://chromium-review.googlesource.com/1100879
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53803}
For now we keep params since NewSloppyArguments uses it to figure out how to structure the arguments object. We should be able to only keep params in case we have a special case though. E.g., leaf functions with no duplicate parameters don't need special treatment. Or we simply encode the parameter index for each context slot. (I'm not sure duplicates need special treatment.)
Change-Id: Icfbb844e5331aeb93c50bc07edd58246c8aeb1d7
Reviewed-on: https://chromium-review.googlesource.com/1104420
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53802}
We currently store the {WasmModule} (generated during decoding) in a
unique_ptr and pass ownership to the {WasmModuleObject} after
compilation.
I plan to move the {Managed<NativeModule>} from {WasmCompiledModule} to
{WasmModuleObject}, which will force us to create the
{WasmModuleObject} *before* compilation, so that the {CompilationState}
is available during compilation.
This CL prepares that refactoring by storing the {WasmModule} in a
{shared_ptr} in the {AsyncCompileJob}. Note that it will eventually be
stored in a {shared_ptr} in the {Managed} anyway.
R=titzer@chromium.org
Change-Id: Iac5e3c1067af2801e938f77a455a68807801526a
Reviewed-on: https://chromium-review.googlesource.com/1104117
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53801}
Reading up on the bug description, this is a test
that is triggered by TurboFan execution. This can
be done with natives and does not need excessive
loop iterations. Additionally, we have a more specific
regression test for the original issue in the repo:
http://crrev.com/c/584837
Bug: v8:7783
Change-Id: Id022b515b663e6fb897acb29f43ef92b70b547b8
Reviewed-on: https://chromium-review.googlesource.com/1101018
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53799}
The test test-api/InitializeDefaultIsolateOnSecondaryThread1 has been
failing since at least 6.8, but our infra only recently realized that.
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
Bug: v8:7856
Change-Id: I8cbfd4ea554bb32c50c01d437efa5b18f60c2fde
Reviewed-on: https://chromium-review.googlesource.com/1104458
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53795}
We currently have a system where the protected instructions are
unregistered when the last instance dies, and registered again on the
next instantiation. This is triggered by {WasmCompiledModule::Reset}.
Since the reference to the {NativeModule} will move to the
{WasmModuleObject}, and this object stays alive even if the last
instance dies, this will become hard to maintain.
It will also make it harder to share wasm code across isolates.
This CL refactors this to register trap handler data once when the code
is added to the {NativeModule}, and releases it if the code dies.
R=mstarzinger@chromium.org
CC=eholk@chromium.org
Bug: v8:5277
Change-Id: I3f1b336095230b255f3849c271b37b62f2b96cd6
Reviewed-on: https://chromium-review.googlesource.com/1103567
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53791}
This is a step towards avoiding materializing function_ altogether if we deoptimize. Typically we only need the SharedFunctionInfo.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Idee78f02d1afe3d2cb70e93a6d96a5a33907f892
Reviewed-on: https://chromium-review.googlesource.com/1100474
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53789}
Return the raw Object* when accessing the constant pool of bytecode
with the bytecode array accessor, to avoid needing an isolate there.
If the returned value needs to be a handle, we create the handle
later.
Bug: v8:7786
Change-Id: Ifeac2a06f0383230bf7e9bfc1b751d9750ecfb51
Reviewed-on: https://chromium-review.googlesource.com/1102334
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53784}
The FuzzAssemble* tests rely on two CSA functions which are relatively big. And
with the --enable-slow-asserts flag they get so big that the register
allocator's memory consumption becomes a problem. Let's just override this flag.
Bug: v8:7819, v8:6848, v8:7842
Change-Id: I95db59b9c788aa665d04339892b2e0b5d92d9a89
Reviewed-on: https://chromium-review.googlesource.com/1093315
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#53779}
This CL moves the remaining runtime DataView getters to Torque,
namely DataViewGetBigInt64/BigUint64, and removes the associated
runtime code that is now unneeded.
All of the DataView getters are now implemented in Torque, which brings
a nice performance improvement over the former C++ builtin code.
Change-Id: I35cf2eabce3c79cc0d3200e7f24dbe0c3e5c2804
Reviewed-on: https://chromium-review.googlesource.com/1092736
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53765}
We currently create a managed object holding a shared reference to the
WasmModule, and pass this to the factory method for the
WasmModuleObject. Instead, we can just create it inside that factory
method, removing code duplication.
R=herhut@chromium.org
Change-Id: I3cea858ba445971dc8dbeb693061ef5684bc02da
Reviewed-on: https://chromium-review.googlesource.com/1102336
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53763}
No longer access the heap directly, as policed by Disallow*
scopes in JSContextSpecialization::Reduce.
Bug: v8:7790
Change-Id: I40f1c500b04b96152421fd5de631747ba386bca1
Reviewed-on: https://chromium-review.googlesource.com/1101322
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53759}
This reverts commit 9e27d4735f.
Reason for revert: Layout Test failures: https://ci.chromium.org/buildbot/client.v8.fyi/V8-Blink%20Linux%2064/24123
Original change's description:
> [debugger] Rewrite the ScopeIterator/DebugEvaluate to use Scope rather than ScopeInfo for inner scopes.
>
> This CL also bottlenecks all current scope handling in the ScopeIterator, and cleans up frame handling in debug-frames and the deoptimizer.
>
> Change-Id: I061922a356ce17794262f8d77d5d7c824558fc50
> Reviewed-on: https://chromium-review.googlesource.com/1095094
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53741}
TBR=yangguo@chromium.org,jarin@chromium.org,neis@chromium.org,jgruber@chromium.org,verwaest@chromium.org
Change-Id: I892856056258e3c68b36409b8b2d69e7686fc385
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1102377
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53756}
This is a reland of 9e27d4735f
Original change's description:
> [debugger] Rewrite the ScopeIterator/DebugEvaluate to use Scope rather than ScopeInfo for inner scopes.
>
> This CL also bottlenecks all current scope handling in the ScopeIterator, and cleans up frame handling in debug-frames and the deoptimizer.
>
> Change-Id: I061922a356ce17794262f8d77d5d7c824558fc50
> Reviewed-on: https://chromium-review.googlesource.com/1095094
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53741}
Change-Id: I05262fef66d852876b9bb2869339053629c9b51d
Reviewed-on: https://chromium-review.googlesource.com/1102297
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53751}
Byte offset can be outside of Smi range and must be loaded as a Number
rather than a Smi.
Bug: chromium:852258
Change-Id: Ida6e07ba68a050d4f5a9f28500986cc67c619b4c
Reviewed-on: https://chromium-review.googlesource.com/1100886
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53748}
This reverts commit 9e27d4735f.
Reason for revert: Fails MSan (use of uninitialized value): https://ci.chromium.org/buildbot/client.v8/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/21562
Original change's description:
> [debugger] Rewrite the ScopeIterator/DebugEvaluate to use Scope rather than ScopeInfo for inner scopes.
>
> This CL also bottlenecks all current scope handling in the ScopeIterator, and cleans up frame handling in debug-frames and the deoptimizer.
>
> Change-Id: I061922a356ce17794262f8d77d5d7c824558fc50
> Reviewed-on: https://chromium-review.googlesource.com/1095094
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53741}
TBR=yangguo@chromium.org,jarin@chromium.org,neis@chromium.org,jgruber@chromium.org,verwaest@chromium.org
Change-Id: Ief87c1e79fa2ec40f52fd747ec4ebbacf0da798b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1101377
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53743}
This CL also bottlenecks all current scope handling in the ScopeIterator, and cleans up frame handling in debug-frames and the deoptimizer.
Change-Id: I061922a356ce17794262f8d77d5d7c824558fc50
Reviewed-on: https://chromium-review.googlesource.com/1095094
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53741}
The stack check instruction sequence is pattern-matched in
instruction-selector-{ia32,x64}.cc and replaced with its own specialized
opcode, for which we later generate an efficient stack check in a single
instruction.
But this pattern matching has never worked for CSA-generated code. The
matcher expected LoadStackPointer in the right operand and the external
reference load in the left operand. CSA generated exactly vice-versa.
This CL does a few things; it
1. reverts the recent change to load the
limit from smi roots:
Revert "[csa] Load the stack limit from smi roots"
This reverts commit 507c29c940.
2. tweaks the CSA instruction sequence to output what the matcher
expects.
3. refactors stack check matching into a new StackCheckMatcher class.
4. typifies CSA::PerformStackCheck as a drive-by.
Bug: v8:6666,v8:7844
Change-Id: I9bb879ac10bfe7187750c5f9e7834dc4accf28b5
Reviewed-on: https://chromium-review.googlesource.com/1099068
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53737}
This is a reland of 0909dbe3d6.
Added missing V8_EXPORT_PRIVATE to AndroidLogStream.
TBR=mstarzinger@chromium.org
Original change's description:
> Introduce StdoutStream which prints to Android log or stdout
>
> The often used construct {OFStream(stdout)} does not work on Android.
> This CL introduces an {StdoutStream} which behaves exactly like
> {OFStream(stdout)} on non-android platforms, and redirects to the
> Android log on appropriate systems and configurations.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:7820
> Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b
> Reviewed-on: https://chromium-review.googlesource.com/1088911
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53692}
Bug: v8:7820
Change-Id: I8164bad78a401dbe4246c9ffcacd050fe511ed58
Reviewed-on: https://chromium-review.googlesource.com/1100636
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53733}
This reverts commit 0909dbe3d6.
Reason for revert: Blocks roll:
https://chromium-review.googlesource.com/c/chromium/src/+/1099143
Original change's description:
> Introduce StdoutStream which prints to Android log or stdout
>
> The often used construct {OFStream(stdout)} does not work on Android.
> This CL introduces an {StdoutStream} which behaves exactly like
> {OFStream(stdout)} on non-android platforms, and redirects to the
> Android log on appropriate systems and configurations.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:7820
> Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b
> Reviewed-on: https://chromium-review.googlesource.com/1088911
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53692}
TBR=mstarzinger@chromium.org,jarin@chromium.org,jgruber@chromium.org,clemensh@chromium.org,bmeurer@chromium.org
Change-Id: Iadadd9a0df10dca0fad647138a83db50148e864d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7820
Reviewed-on: https://chromium-review.googlesource.com/1100635
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53725}
- Test that order of getter initialization doesn't change.
- Test properties of each getter against the spec.
Bug: v8:7684
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I85d0d80947e55233f10f62f96fe33d4281db4315
Reviewed-on: https://chromium-review.googlesource.com/1083879
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53721}
Previously, we sent a critical low memory pressure notification when
attempting to commit WASM code when the code manager was near the
limit for total amount of code allocated.
https://chromium-review.googlesource.com/c/v8/v8/+/1073412 "fixed" that,
but it causes OOMs on Windows.
Since we no longer have the isolate on the code manager, and thus cannot
send this notification on commit, send the notification upon the next
module creation.
This is still not optimal, but should fix OOM issues for lots of
small modules on Windows.
BUG=v8:7845
R=mstarzinger@chromium.orgCC=clemensh@chromium.org
Change-Id: I6e20d0c1ee9bc6926a83e0c2fbdc9e9e453588ec
Reviewed-on: https://chromium-review.googlesource.com/1098921
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53700}
The {WasmSharedModuleData} struct was introduced to hold data common to
all wasm instances belonging to the same module. The idea was to keep
"internal state" separate from the JS-facing {WasmModuleObject}. Since
this objective has no real value, and we already store some internal
data on the {WasmModuleObject}, this CL merges these two objects.
R=titzer@chromium.org, mstarzinger@chromium.org
Bug: v8:7754
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I04f6d07bf5d812bc4717af26f0f64231345861f9
Reviewed-on: https://chromium-review.googlesource.com/1097491
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53698}
The often used construct {OFStream(stdout)} does not work on Android.
This CL introduces an {StdoutStream} which behaves exactly like
{OFStream(stdout)} on non-android platforms, and redirects to the
Android log on appropriate systems and configurations.
R=mstarzinger@chromium.org
Bug: v8:7820
Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b
Reviewed-on: https://chromium-review.googlesource.com/1088911
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53692}
We assumed that if the ErrorThrower is empty after instantiation, then
instantiation succeeded and an instance exists which we can return.
However, if the start function throws, no instance exists, which caused
a crash. With this CL we handle execeptions thrown by the start
function correctly.
R=clemensh@chromium.org
Bug: chromium:848966
Change-Id: I51dc94e6bc563aa4a4b88c44a14e831af913fbd8
Reviewed-on: https://chromium-review.googlesource.com/1092234
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53687}
Mutable globals are now included in the wasm v1 spec.
Bug: v8:7625
Change-Id: Ib9b92d8348102f99a3b92820d0057b2c11a1e49a
Reviewed-on: https://chromium-review.googlesource.com/1095650
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53683}
This is a reland of a229e12101
The original commit broke a layout test in Blink. The test in Blink
has been marked to be skipped and will be updated once this patch
lands.
See https://chromium-review.googlesource.com/c/chromium/src/+/1097455
Original change's description:
> [builtins] set DataView.length to 1
>
> Refs: https://github.com/tc39/ecma262/pull/1131
> Test: test262/built-ins/DataView/length
> Bug: v8:7816
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I66a06734bd32cd2043a8d04728b2185f6093bd69
> Reviewed-on: https://chromium-review.googlesource.com/1094980
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53649}
Bug: v8:7816
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: If63be80523a68d3a2b515fe1d55a243d2dd2a9b2
Reviewed-on: https://chromium-review.googlesource.com/1097568
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53682}
Mutable globals are stored in the instance differently, so they must be
exported differently as well.
Also fix a counting bug that occurred when a module contained a global
and an imported mutable global (CalculateGlobalOffsets is called
twice).
Bug: v8:7625
Change-Id: I1cd7ef5d6ff7cb7e09239035f89d7b36d0436063
Reviewed-on: https://chromium-review.googlesource.com/1096673
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53681}
The isolate is mainly used for accounting purposes. As such, it
doesn't need a field in the WasmCodeManager, and cannot have one
if it is to be made isolate independent. Instead, pass the isolate
explicitly in the appropriate cases.
R=mstarzinger@chromium.org
BUG=v8:7424
Change-Id: I539c2b33692e57605a280530bd704ef25269ad0f
Reviewed-on: https://chromium-review.googlesource.com/1073412
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53676}
This CL estimates the sizes of the important managed objects in WASM:
the decoded module {WasmModule}, the native module that contains code
{NativeModule}, and the natively-allocated indirect and import tables
{WasmInstanceNativeAllocations}.
Since Managed<T> updates the isolate's external allocated memory,
it is no longer necessary to do so upon committing or releasing a
native module's memory.
R=mstarzinger@chromium.orgCC=ulan@chromium.org
Bug: v8:7424
Change-Id: Iff4e07d0d328383a925febd654ccbfc95f0930e9
Reviewed-on: https://chromium-review.googlesource.com/1079067
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53675}
As specified in https://tc39.github.io/ecma262/#sec-atomics-wait, the
critical section must occur before the load and comparison.
This slightly changes the `AtomicsWaitCallback` API, but in a
direction that arguably makes it more consistent.
As a drive-by fix, reset `node->waiting_` in case there
was an exception from the first callback.
Refs: https://chromium-review.googlesource.com/c/v8/v8/+/1095814
Bug: v8:7836
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I577cdf76cedfe39bc61f783203b543c7c68fc238
Reviewed-on: https://chromium-review.googlesource.com/1096236
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53673}
This CL inserts NOP instructions a little bit earlier into empty
blocks; this ensures that instructions keep their initial position.
Bug: v8:7327
Change-Id: Idee5269f4fd7fc15c44bda83a2be74e8cff62df8
Reviewed-on: https://chromium-review.googlesource.com/1097078
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53672}
These tests are also affected by duplicate builtin copies (on- and
off-heap).
TBR=yangguo@chromium.org
Bug: v8:6666, v8:7718
Change-Id: I8adfe8b8b63fb5f539cdff5e709e9358a47dfc7e
Reviewed-on: https://chromium-review.googlesource.com/1097088
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53668}
In the process:
- Add strict ordering of Types so that name mangling is consistent
and build time. Previously, the UnionType stored the union's
types in a std::set<const Type*>, which did not have a consistent
ordering of the types in the set.
- Add a int31 type to enable consistency and correctness of
handling of 'constexpr int31' values on the C++ side.
- By removing the "implicit" keyword for operators, there is now
one less difference between operators and calls, another
incremental step in unifying operators and calls.
- Enable external (i.e. C++-defined) generic specializations
- Add CSA support for checking double ElementsKinds, including
tests.
- Clean up some constexpr/non-constexpr handling of ElementsKinds.
Bug: v8:7793
Change-Id: I27699aba70b98ebf5466e5b62b045d7b1dad62c8
Reviewed-on: https://chromium-review.googlesource.com/1091155
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53664}
This CL re-enables a mjsunit test for some simulator configurations
after Array.p.sort pivot selection improvements have landed.
R=jgruber@chromium.org
Bug: v8:7795
Change-Id: I03599c34e34a0bafd5f276b03aa4f059a8078026
Reviewed-on: https://chromium-review.googlesource.com/1096764
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53660}
This patch ports over the spec defined operation `GetOption` from
JavaScript to C++:
https://tc39.github.io/ecma402/#sec-getoption
The JS implementation will be deleted once all it's
users are migrated.
Refactors LocaleConstructor to use this method which fixes some test262
tests. The test262 test status file is updated to reflect this.
Bug: v8:5751, v8:7684
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ief5eae9b69dcea50062825163ca7658ed20bd0cf
Reviewed-on: https://chromium-review.googlesource.com/1094201
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53652}
- Shuffle canonicalization improved to reverse operands to match
more architectural shuffles.
- Handles shuffles where the order of operands is reversed.
- Adds tests for non-canonical shuffles, and for swizzles.
- Improves TryMatchConcat method.
- Substantially rewrites shuffles on ia32 to better handle swizzles
and fix bugs on reversed shuffles where source registers are
overwritten.
- Adds Palignr macro-assembler instructions for ia32.
Bug: v8:6020
Change-Id: I8e43a1e7650057c66690af1504b67509a1437d75
Reviewed-on: https://chromium-review.googlesource.com/1070934
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53648}
This CL adds a TFS stub for RegExp#test and moves several checks to
the JSCallReducer. In particular, the JSCallReducer checks that
- property {exec} on the regexp is still the original exec
- property {lastIndex} on the regexp is a non-negative smi
The stub does not repeat these checks in release mode.
This effectively means that if the regexp is known, we can perform these
checks at compile time, and get away with a map dependency.
Bug: v8:7779, v8:7200
Change-Id: I0c6d711d4f1d2f6f325a1c02855b0e1b62e014c8
Reviewed-on: https://chromium-review.googlesource.com/1074654
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53630}
Whenever an Isolate is available on a variable, field, or method
parameter, use that instead of GetIsolate(). Also convert simple
cases of the one-argument handle constructor to either use an
available Isolate, or use GetIsolate() if their first parameter
is a variable.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I52805905a9ca8729615ead78859f43d5e8f605f1
Reviewed-on: https://chromium-review.googlesource.com/1092853
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53629}
For errors, it just printed "Failure: expected <Error()> found
<Error()>" and completely omitted the specific error type and the
message.
The new output is:
Failure:
expected:
Error(Error: my explicit error)
found:
Error(ReferenceError: ffi is not defined)
R=mstarzinger@chromium.org
Change-Id: Ie17a97e4413c4585b9560fd1c408018ee8c06701
Reviewed-on: https://chromium-review.googlesource.com/1092746
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53625}
ExistingCodeLogger was behaving incorrectly when the CodeEventHandler
API was used in combination with --interpreted-frames-native-stack.
Instead of collecting copied trampolines as InterpretedFunction:functionName,
they were being collected as Builtin:IntepreterEntryTrampolines.
This patch adds special handling for copied trampolines when
using ExistingCodeLogger.
R=yangguo@google.com
Change-Id: I3ee4be03800122d28d53b51b20c60dcf6263e4c1
Reviewed-on: https://chromium-review.googlesource.com/1087813
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53624}
Internal references create absolute pointers within the code and must
therefore be disallowed for embedded builtins to remain
position-independent.
Drive-by: remove related cctest. This test used to be relevant before
embedding was fully implemented, but by now it is useless and rather
misleading since it gives a false sense of safety.
Bug: v8:6666
Change-Id: I57a62274b57c3ef1303d5114c68e2a9b1f92bda4
Reviewed-on: https://chromium-review.googlesource.com/1092732
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53623}
OrderedHashTableHandler (to be renamed to OrderedHashTable) is the
interface that abstracts away the two different ordered hash tables.
All operations on the two ordered hash tables must be performed
through this new interface so that we can seamlessly migrate from one
table to another behind the scenes.
Bug: v8:6443, v8:7569
Change-Id: Ifc0a38974605b63e0a2a36b4aafb8dc68a081f4a
Reviewed-on: https://chromium-review.googlesource.com/1059865
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53622}
The mock histogram functions cannot be cleared and can be called on
isolate tear down if incremental marking is in progress.
Bug: chromium:850508
Tbr: mlippautz@chromium.org
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I99e52aaa81c863f71e195aeed691b37da9e71da6
Reviewed-on: https://chromium-review.googlesource.com/1093073
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53616}
Since we never extract pools from a {DisjointAllocationPool}, the
{Allocate} method can just return an {AddressRange}, and also {Merge}
just needs to merge a single {AddressRange}.
Drive-by: Make {AddressRange} a proper struct, for DCHECKs and better
accessors.
R=mstarzinger@chromium.org
Bug: v8:7754
Change-Id: I19fd02b2c6d8eb5316a5e994835b89be9cfa792b
Reviewed-on: https://chromium-review.googlesource.com/1090723
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53610}
The globals tests for simd are failing on mips big endian. Will re-enable
after fixing.
R=clemensh@chromium.org
BUG=v8:6020
Change-Id: I8a8a17c4e947b69ccc2eb6bbe79c308b1129d1af
Reviewed-on: https://chromium-review.googlesource.com/1089814
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53595}
This is a reland of 91bab5588c
This CL contains two major changes w.r.t to the original CL:
The random state is removed from the Smi root list and we pre-seed the RNG
on each sort with the length of the array.
To cut down on the length of the arguments list and to keep track of the
random state across recursive calls, we move most of the sort arguments into
a FixedArray and reload from the array for each recursion.
Original change's description:
> [array] Use random middle element to determine pivot during sorting
>
> This CL adds a "random state" to the Smi Root list and implements a
> basic Linear congruential pseudo random number generator in Torque.
>
> The RNG is used to determine the pivot element for sorting. This will
> prevent the worst cases for certain data layouts.
>
> Drive-by-fix: Make sorting of ranges and execution pauses for profviz
> deterministic by adding a secondary sorting criteria.
>
> Bug: v8:7382
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ieb871e98e74bdb803f821b0cd35d2f67ee0f2868
> Reviewed-on: https://chromium-review.googlesource.com/1082193
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Simon Zünd <szuend@google.com>
> Cr-Commit-Position: refs/heads/master@{#53524}
Bug: v8:7382
Change-Id: Ia7bef7ed1c0e904ffe43bc428e702f64f9c6a60b
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1087888
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53583}
This reverts commit ceb9c8127f.
Reason for revert: Tanks compile time
Original change's description:
> [sfi] Remove SFI function literal id field
>
> SharedFunctionInfos store their original function literal's id. This is
> also their index in the Script's SFI list.
>
> Since the function literal id is only needed for lazy compilation and live
> edit, we can calculate it on-the-fly by linear search in the Script SFI list,
> and save a field on the SFI.
>
> If this regresses compile performance, we could alternatively store the
> function literal id on the preparsed scope data as future work.
>
> Bug: chromium:818642
> Change-Id: I5468cea0e115921f1c864d94e567d749a4349882
> Reviewed-on: https://chromium-review.googlesource.com/1082480
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53523}
TBR=hpayer@chromium.org,leszeks@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:818642
Bug: chromium:850417
Change-Id: If2fd21331b7062532c04004a51e705f7e9d0a151
Reviewed-on: https://chromium-review.googlesource.com/1090494
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53573}
JSWeakCollection should use EphemeronHashTable as backing store instead of
ObjectHashTable such that the GC can handle these structures differently in
the future.
Bug: chromium:844008
Change-Id: Icc6df60c975a942877e2507ef45e0d235e5f72be
Reviewed-on: https://chromium-review.googlesource.com/1089063
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53572}
As a first step towards moving accesses to the broker, this moves
heap accesses from BitsetType::Lub to the broker.
Bug: v8:7790
Change-Id: Ie240b84b979717caae42cb8aa06ee8d9877a446d
Reviewed-on: https://chromium-review.googlesource.com/1088695
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53571}
This CL adds the simplest version of a trap handler fallback. At
instantiation time, we check whether the module was compiled to use
trap handlers and the memory is guarded. If the memory is not guarded
but the module is supposed to use trap handlers, we recompile the
module with bounds checks so that we can use an unguarded memory.
The compiled module is replaced with a bounds checking version, meaning
future instances from this module will also use bounds checks.
Some likely desirable features that are current missing but can be
added future CLs include:
* Disabling trap handler mode entirely.
* Recompiling all old instances so that trap handler and bounds checked
code does not coexist in the same process.
Bug: v8:7143
Change-Id: I161fc0d544133b07dc4a93cc6af813369aaf3efe
Reviewed-on: https://chromium-review.googlesource.com/1018182
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53566}
The typical use of assertThrowsEquals is to check that a specific
object is thrown. However, assertEquals only does a proper equality
check for primitive types, not for complex types. Using assertSame
does a reference equality check on objects, which is more what you
would expect from assertThrowsEquals. For exception kind testing,
assertThrowsEquals actually did not work correctly, assertThrows is
better for that case.
R=clemensh@chromium.org, mythria@chromium.org
Change-Id: I24fb22e75fa33ebe90eb4bae40825119a054bba5
Reviewed-on: https://chromium-review.googlesource.com/1087952
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53556}
Test ThreadTicks.ThreadNow fails on systems with low resolution
thread timers because the tests detects that no time elapsed
since the beginning of the test.
This CL adds a counting loop that makes sure the thread
timer has progressed by at least one tick.
TEST=unittests/ThreadTicks.ThreadNow
Change-Id: I910309208b3a154798cbc43813d41d3755ab819d
Reviewed-on: https://chromium-review.googlesource.com/1082352
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53548}
`SetBuildEmbedderGraphCallback`, unlike `SetWrapperClassInfoProvider`,
assumes a monolithic embedder that can provide all necessary information.
That is not the case for e.g. Node.js, which can e.g. provide multiple Node.js
instances per V8 Isolate, as well as native addons that may allocate resources
on their own.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib53dfde82416dd69934b08623e27d674a483ac2d
Reviewed-on: https://chromium-review.googlesource.com/1082441
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53545}
Enabling once again post-branch point. This CL is expected to come
with major memory improvements and slight performance regressions.
Recent work on performance improvements has focused on x64, hence only
enabling there for now.
Bug: v8:6666
Change-Id: I29dc55eb4e592465073559647e280f74253b73e1
Reviewed-on: https://chromium-review.googlesource.com/1076247
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53544}
This reverts commit 91bab5588c.
Reason for revert: Seems to break a layout test:
https://ci.chromium.org/buildbot/client.v8.fyi/V8-Blink%20Linux%2064/23895
See also:
https://github.com/v8/v8/wiki/Blink-layout-tests
Original change's description:
> [array] Use random middle element to determine pivot during sorting
>
> This CL adds a "random state" to the Smi Root list and implements a
> basic Linear congruential pseudo random number generator in Torque.
>
> The RNG is used to determine the pivot element for sorting. This will
> prevent the worst cases for certain data layouts.
>
> Drive-by-fix: Make sorting of ranges and execution pauses for profviz
> deterministic by adding a secondary sorting criteria.
>
> Bug: v8:7382
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ieb871e98e74bdb803f821b0cd35d2f67ee0f2868
> Reviewed-on: https://chromium-review.googlesource.com/1082193
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Simon Zünd <szuend@google.com>
> Cr-Commit-Position: refs/heads/master@{#53524}
TBR=hpayer@chromium.org,cbruni@chromium.org,jgruber@chromium.org,szuend@google.com
Change-Id: I54f5d3f719428fd089ff12ff217d1c819f9ad1f7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7382
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1088506
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53542}
DevTools may process another protocol message during API interrupt this
API may lead to createInjectedScript reentrance and will fail.
Let's postpone interrupts.
Bug: chromium:846099
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ia06e034a6287087e4674559d8911d2f4a0b1b459
Reviewed-on: https://chromium-review.googlesource.com/1086372
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53531}
Currently we enable instrumentation if debugger is active. With this
approach we can not:
- capture async stack when debugger is disabled,
- avoid async instrumentation overhead when debugger is enabled and
async stacks are disabled.
R=dgozman@chromium.org,yangguo@chromium.org
Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I19400c4c4e12b6c9b5a980fb6bd3293bac6e6a64
Reviewed-on: https://chromium-review.googlesource.com/1081494
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53530}
`date` could be outside the int32_t range and thus FastD2I may not be
used.
Bug: chromium:849663
Change-Id: I96a012b40d35ec8f80e449e4e687b0ce7b572d5e
Reviewed-on: https://chromium-review.googlesource.com/1087063
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53526}
This CL adds a "random state" to the Smi Root list and implements a
basic Linear congruential pseudo random number generator in Torque.
The RNG is used to determine the pivot element for sorting. This will
prevent the worst cases for certain data layouts.
Drive-by-fix: Make sorting of ranges and execution pauses for profviz
deterministic by adding a secondary sorting criteria.
Bug: v8:7382
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ieb871e98e74bdb803f821b0cd35d2f67ee0f2868
Reviewed-on: https://chromium-review.googlesource.com/1082193
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53524}
SharedFunctionInfos store their original function literal's id. This is
also their index in the Script's SFI list.
Since the function literal id is only needed for lazy compilation and live
edit, we can calculate it on-the-fly by linear search in the Script SFI list,
and save a field on the SFI.
If this regresses compile performance, we could alternatively store the
function literal id on the preparsed scope data as future work.
Bug: chromium:818642
Change-Id: I5468cea0e115921f1c864d94e567d749a4349882
Reviewed-on: https://chromium-review.googlesource.com/1082480
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53523}
This CL changes the behaviour of number literals. Large integer
literals (bigger than Smi, but fit into int32) should have
type "constexpr int32" instead of "constexpr float64".
R=tebbi@chromium.org
Change-Id: I3a83c617c7d257451d299670c891fac5b21d045c
Reviewed-on: https://chromium-review.googlesource.com/1084991
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53522}
This CL introduces a new gn argument: v8_enable_pointer_compression which is
false by default. All the changes done in this CL are made under this flag.
Upper half-word of a Smi word must be properly sign-extended according to the
sign of the lower-half containing the actual Smi value.
Bug: v8:7703
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2b52ab49cd18c7c613130705de445fef44c30ac5
Reviewed-on: https://chromium-review.googlesource.com/1061175
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53519}
Removes all explicit calls to GetIsolate() in transitions.cc by passing
it through calling functions and implicit calls via the single argument
Handle constructor and handle function.
Unfortunately in the interests of making these changes vaguely
manageable, I've also pushed some new GetIsolates down into
objects-debug.cc, objects-printer.cc and objects.cc.
Bug: v8:7786
Change-Id: I1f98530dec6c004e17dc3336f3cef09fbb446bae
Reviewed-on: https://chromium-review.googlesource.com/1085451
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53518}
Add an inspection callback for embedders that allows tracking
of `Atomics.wait()` calls in order to enable diagnostic tooling
around it, as well as providing a way to break out of an
`Atomics.wait()` call without having to fully terminate execution.
The motivation here is that this allows embedders to perform
somewhat customizable deadlock detection.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib6346747aa3cbffb07cf6abd12645e2d98584f0f
Reviewed-on: https://chromium-review.googlesource.com/1080788
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53517}
date in Makeday should be converted to integer.
https://www.ecma-international.org/ecma-262/5.1/#sec-15.9.1.12
Bug: v8:7475,chromium:846723
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I3aa725e7ce1822345502284aec919695c4ca084d
Reviewed-on: https://chromium-review.googlesource.com/1080110
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53516}
This cl enables sharing of feedback slots for load / sotre named property.
This is a follow up cl of
https://chromium-review.googlesource.com/c/v8/v8/+/966302 that introduces
this feature.
Bug: v8:7530
Change-Id: I0c056b7a3608117db2fc99ebcd6836dfeed471d8
Reviewed-on: https://chromium-review.googlesource.com/1065737
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53515}
Removes most[1] explicit calls to GetIsolate() in parsing/ by passing
it through calling function functions and implicit calls via the single
argument Handle constructor and handle function.
[1] One remains in preparsed-scope-data.cc:
data_->GetIsolate()->PushStackTraceAndDie()
Bug: v8:7786
Change-Id: I4c445995a73c19bdf4649b65487b7443d56ddd2a
Reviewed-on: https://chromium-review.googlesource.com/1085057
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53513}
This is a reland of 515cc07d28
Original change's description:
> [csa] Ensure the requested allocation size fits in a Smi
>
> In CSA::AllocateRaw, ensure that the given allocation size fits into a
> Smi.
>
> Bug: chromium:848672
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I4e74791296163188b1ca77cae8226a9833fba8ef
> Reviewed-on: https://chromium-review.googlesource.com/1084930
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53495}
TBR=yangguo@chromium.org,ishell@chromium.org
Bug: chromium:848672
Change-Id: I135868390784a0ee95ff42224dd00f66f3bf2d80
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1086828
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53512}
This is a reland of df1676e616
Original change's description:
> [array] Implement Array.p.sort in Torque
>
> This CL implements a generic baseline version and 3 fastpaths, for
> various elements kinds, of Array.p.sort in Torque. Details can be found
> in the Design Doc: https://goo.gl/Ge321G.
>
> Performance impact on micro benchmarks depends on the element kind
> and whether the user provides a comparison function.
> For HoleySmi/HoleyElement we have a speedup between 1.5-1.8 across
> the board. For Dictionary we are slower in all micro benchmarks (0.7).
> For PackedSmi it depends on the call site and whether or not a
> comparison function is used.
>
> Detailed numbers: https://goo.gl/mTyPSb
>
> Bug: v8:7382
> Change-Id: I50acabd2032af0bc01d36b0de0f555d66be56a7e
> Reviewed-on: https://chromium-review.googlesource.com/1061523
> Commit-Queue: Simon Zünd <szuend@google.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53481}
Bug: v8:7382,v8:7806,chromium:849293
Change-Id: I176cb660d92eb174bd91685cb0a39f50c4cbaa69
Reviewed-on: https://chromium-review.googlesource.com/1086827
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53511}
1) Let firstNonEmptySourceURL traverse async stack trace (if any).
2) Expose Runtime.setMaxCallStackSizeToCapture API to control the number of frames to capture.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I72f021c6ae9e317af67c3114fd4860ce0f06d977
Reviewed-on: https://chromium-review.googlesource.com/1085643
Commit-Queue: Hidy Han <hidyhan@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53506}
This reverts 667555c6b8.
This is a short-term fix for NodeJS regression caused by Scavenger
not collecting weak handles that are marked as independent.
Bug: chromium:847863, chromium:780749
Change-Id: Ia1c02e042d0e593c6f5badb82c4ef20b923d3806
Reviewed-on: https://chromium-review.googlesource.com/1082442
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53502}
After [1], a manual dependency on exe_and_shlib_deps is no longer necessary
since it's automatically added. This CL removes all remaining manual references
to exe_and_shlib_deps.
[1] d7ed1f0a9c
BUG=chromium:845700
R=machenbach
Change-Id: I17da573b7b6509a690caf8be6ae6afc180105f07
Reviewed-on: https://chromium-review.googlesource.com/1082913
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53500}
In CSA::AllocateRaw, ensure that the given allocation size fits into a
Smi.
Bug: chromium:848672
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I4e74791296163188b1ca77cae8226a9833fba8ef
Reviewed-on: https://chromium-review.googlesource.com/1084930
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53495}
This reverts commit df1676e616.
Reason for revert: https://crbug.com/v8/7382#c26
Original change's description:
> [array] Implement Array.p.sort in Torque
>
> This CL implements a generic baseline version and 3 fastpaths, for
> various elements kinds, of Array.p.sort in Torque. Details can be found
> in the Design Doc: https://goo.gl/Ge321G.
>
> Performance impact on micro benchmarks depends on the element kind
> and whether the user provides a comparison function.
> For HoleySmi/HoleyElement we have a speedup between 1.5-1.8 across
> the board. For Dictionary we are slower in all micro benchmarks (0.7).
> For PackedSmi it depends on the call site and whether or not a
> comparison function is used.
>
> Detailed numbers: https://goo.gl/mTyPSb
>
> Bug: v8:7382
> Change-Id: I50acabd2032af0bc01d36b0de0f555d66be56a7e
> Reviewed-on: https://chromium-review.googlesource.com/1061523
> Commit-Queue: Simon Zünd <szuend@google.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53481}
TBR=cbruni@chromium.org,jgruber@chromium.org,szuend@google.com
Change-Id: I4c1b32a434d49caba67c80bccb068390607f90a2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7382
Reviewed-on: https://chromium-review.googlesource.com/1085407
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53494}
This avoids embedding the {CEntryStub} into generated {WasmCode} and
instead loads it from the instance object. It is another step towards
making the generated code independent of the Isolate.
R=clemensh@chromium.org
BUG=v8:7472
Change-Id: Ic6ab7602a77fc11e6ec4a03e1bdba647d54df5e3
Reviewed-on: https://chromium-review.googlesource.com/1084841
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53491}
1) The code table never grows, so store it in a heap-allocated byte
array instead of an std::vector.
2) Rename {functions_count} to {num_functions} for consistency with
{num_imported_functions} and occurences in other data structures.
R=mstarzinger@chromium.org
Bug: v8:7754
Change-Id: Id9d66545ed7aa675d663dad5936a9ef6d44ace7d
Reviewed-on: https://chromium-review.googlesource.com/1066014
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53488}
This makes stack checks in WasmCode independent of the underlying
Isolate by loading the limit address from the WasmInstanceObject instead
of embedding it into the instruction stream. It hence removes the last
use of the Isolate field from WasmGraphBuilder.
Additionally this introduces the notion of a "runtime stub" which
represents stub code global to the NativeModule that can be directly
called from each WasmCode in the same module. These stubs can act as
trampolines via which Isolate-independent WasmCode can enter other V8
builtins or runtime functions that remain Isolate-dependent. They will
eventually replace the current "trampoline" in a NativeModule.
R=titzer@chromium.org
BUG=v8:7424
Change-Id: Ie1f5582ee656b1ab7716ea06316d6e21a0268e74
Reviewed-on: https://chromium-review.googlesource.com/1078732
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53487}
This CL implements a generic baseline version and 3 fastpaths, for
various elements kinds, of Array.p.sort in Torque. Details can be found
in the Design Doc: https://goo.gl/Ge321G.
Performance impact on micro benchmarks depends on the element kind
and whether the user provides a comparison function.
For HoleySmi/HoleyElement we have a speedup between 1.5-1.8 across
the board. For Dictionary we are slower in all micro benchmarks (0.7).
For PackedSmi it depends on the call site and whether or not a
comparison function is used.
Detailed numbers: https://goo.gl/mTyPSb
Bug: v8:7382
Change-Id: I50acabd2032af0bc01d36b0de0f555d66be56a7e
Reviewed-on: https://chromium-review.googlesource.com/1061523
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53481}
This is a reland of 49c4ac7753
Original change's description:
> [inspector] added Runtime.installBinding method
>
> A lot of different clients use console.debug as a message channel from
> page to protocol client. console.debug is a little slow and not
> designed for this use case.
>
> This CL introduces new method: Runtime.installBinding. This method
> installs binding function by given name on global object on each
> inspected context including any context created later.
> Binding function takes exactly one string argument. Each time when
> binding function is called, Runtime.bindingCalled notification is
> triggered and includes passed payload.
>
> Binding function survives page reload and reinstalled right after
> console object is setup. So installed binding can be used inside
> script added by Page.addScriptToEvaluateOnNewDocument so client may do
> something like:
> Runtime.installBinding({name: 'send'});
> Page.addScriptToEvaluateOnNewDocument({source: 'console.debug = send'});
> .. navigate page ..
>
> In microbenchmark this function is ~4.6 times faster then
> console.debug.
>
> R=lushnikov@chromium.org,pfeldman@chromium.org
>
> Bug: none
> Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I3e0e231dde9d45116709d248f6e9e7ec7037e8e3
> Reviewed-on: https://chromium-review.googlesource.com/1077662
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53462}
TBR=dgozman@chromium.org
Bug: none
Change-Id: I58d053581a86f15338dea621498058b7b75c7c85
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1081833
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53479}
Also enables tests for globals and mixed type use
R=gdeepti@chromium.org,bbudge@chromium.org,clemensh@chromium.org,titzer@chromium.org
BUG=v8:6020
Change-Id: I828f1628a1c27d9f07ba3a830600f81c5a404b2d
Reviewed-on: https://chromium-review.googlesource.com/1080340
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53477}
This reverts commit 49c4ac7753.
Reason for revert: breaks linux_chromium_rel_ng when rolling into Chromium: https://ci.chromium.org/p/chromium/builders/luci.chromium.try/linux_chromium_rel_ng/107377
Original change's description:
> [inspector] added Runtime.installBinding method
>
> A lot of different clients use console.debug as a message channel from
> page to protocol client. console.debug is a little slow and not
> designed for this use case.
>
> This CL introduces new method: Runtime.installBinding. This method
> installs binding function by given name on global object on each
> inspected context including any context created later.
> Binding function takes exactly one string argument. Each time when
> binding function is called, Runtime.bindingCalled notification is
> triggered and includes passed payload.
>
> Binding function survives page reload and reinstalled right after
> console object is setup. So installed binding can be used inside
> script added by Page.addScriptToEvaluateOnNewDocument so client may do
> something like:
> Runtime.installBinding({name: 'send'});
> Page.addScriptToEvaluateOnNewDocument({source: 'console.debug = send'});
> .. navigate page ..
>
> In microbenchmark this function is ~4.6 times faster then
> console.debug.
>
> R=lushnikov@chromium.org,pfeldman@chromium.org
>
> Bug: none
> Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I3e0e231dde9d45116709d248f6e9e7ec7037e8e3
> Reviewed-on: https://chromium-review.googlesource.com/1077662
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53462}
TBR=dgozman@chromium.org,lushnikov@chromium.org,pfeldman@chromium.org,kozyatinskiy@chromium.org
Change-Id: I1ebafd42db01d8a6435d58386f2c667b92db12f1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1082311
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53470}
Remove all uses of GetIsolate/GetHeap by passing Isolate in from all
call sites.
Bug: v8:7786
Change-Id: I64ff8d5796db9d602e86bff4d0b9297cbe700d0d
Reviewed-on: https://chromium-review.googlesource.com/1080819
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53467}
A lot of different clients use console.debug as a message channel from
page to protocol client. console.debug is a little slow and not
designed for this use case.
This CL introduces new method: Runtime.installBinding. This method
installs binding function by given name on global object on each
inspected context including any context created later.
Binding function takes exactly one string argument. Each time when
binding function is called, Runtime.bindingCalled notification is
triggered and includes passed payload.
Binding function survives page reload and reinstalled right after
console object is setup. So installed binding can be used inside
script added by Page.addScriptToEvaluateOnNewDocument so client may do
something like:
Runtime.installBinding({name: 'send'});
Page.addScriptToEvaluateOnNewDocument({source: 'console.debug = send'});
.. navigate page ..
In microbenchmark this function is ~4.6 times faster then
console.debug.
R=lushnikov@chromium.org,pfeldman@chromium.org
Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3e0e231dde9d45116709d248f6e9e7ec7037e8e3
Reviewed-on: https://chromium-review.googlesource.com/1077662
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53462}
This reverts commit 003159e777.
Reason for revert: breaks roll into Chromium: https://ci.chromium.org/p/chromium/builders/luci.chromium.try/linux_chromium_headless_rel/3140
Original change's description:
> [inspector] RemoteObject.description should be empty for primitive type
>
> We currently report description field for numbers. On client side user
> can calculate description as remoteObject.unserializableValue ||
> (remoteObject.value + ''). Let's report description only for objects to
> simplify value -> remoteObject logic a bit.
>
> R=dgozman@chromium.org
> TBR=jgruber@chromium.org
>
> Bug: chromium:595206
> Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I91356a44aa3024e20c8f966869abf4a41b88e4bc
> Reviewed-on: https://chromium-review.googlesource.com/737485
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53453}
TBR=dgozman@chromium.org,pfeldman@chromium.org,kozyatinskiy@chromium.org
Change-Id: Ifc184e1ac158d9ea7034922a7250444448fac49f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:595206
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1081207
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53461}
This is another step to remove a huge amount of legacy code from v8.
R=dgozman@chromium.org
Bug: v8:5530
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I634bda41c53a49dc4912291eb52f02847f56f4f3
Reviewed-on: https://chromium-review.googlesource.com/1080398
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53459}
We currently report description field for numbers. On client side user
can calculate description as remoteObject.unserializableValue ||
(remoteObject.value + ''). Let's report description only for objects to
simplify value -> remoteObject logic a bit.
R=dgozman@chromium.orgTBR=jgruber@chromium.org
Bug: chromium:595206
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I91356a44aa3024e20c8f966869abf4a41b88e4bc
Reviewed-on: https://chromium-review.googlesource.com/737485
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53453}
If async function A awaited async function B, stepOut from function B
should go to function A.
Bug: v8:7753
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iedc1d8b85a52aa60519e56b319325436fc2168c9
Reviewed-on: https://chromium-review.googlesource.com/1054618
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53451}
This was renamed recently in the spec.
Change-Id: I825e47e8b4113ddb2c3356ee8e7663705ba65e1c
Reviewed-on: https://chromium-review.googlesource.com/1079851
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53448}
Compress the parameter count (and function length) stored in
SharedFunctionInfo to a uint16_t. This limits us to 2^16 - 1 parameters
per function, minus one for the "don't adapt arguments" sentinel value,
which is one fewer than Code::kMaxArguments was already. Anyway, 65534
arguments should be enough for anyone!
This drops SFI size by 4 bytes.
Bug: chromium:818642
Change-Id: I126bfb24453dcdc5087a104d3a12cf195a56fa9f
Reviewed-on: https://chromium-review.googlesource.com/1076627
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53447}
We use name of the function at the moment of first appearance of given
function in stack trace. Any further name changes would be ignored.
It gives us around 20% speedup.
Perf analysis: https://bit.ly/2wp99vtR=yangguo@chromium.org,jgruber@chromium.org
Bug: v8:7078
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I9f21f0bd9cd923e5abaeffb9209df0be2f49afff
Reviewed-on: https://chromium-review.googlesource.com/1050984
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53446}
New intstrumentation consists of:
- kAsyncFunctionSuspended when async function is suspended on await
(called on each await),
- kAsyncFunctionFinished when async function is finished.
Old instrumentation was based on reusing async function promise.
Using this promise produces couple side effects:
- for any promise instrumentation we first need to check if it is
special case for async function promise or not - it requires
expensive reading from promise object.
- we capture stack for async functions even if it does not contain
awaits.
- we do not properly cancel async task created for async function.
New intsrumntation resolved all these problems as well as provide
clear mapping between async task and generator which we can use later
to fetch scope information for async functions on pause.
R=dgozman@chromium.org,yangguo@chromium.org
Bug: v8:7078
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ifdcec947d91e6e3d4d5f9029bc080a19b8e23d41
Reviewed-on: https://chromium-review.googlesource.com/1043096
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53445}
With this CL we use interrupt for pause in two cases:
- when we process Debugger.pause on interruption,
- when we would like to break as soon as possible after OOM.
In all other cases, e.g. for async step into we use break
on function call by calling StepIn debugger action.
In mentioned cases we should not actually use interrupt as well:
- Debugger.pause in this case scheduled using interrupt and we
may just break right now without requesting another interrupt,
unfortunately blink side is not ready,
- we should use more reliable way to break right after near OOM
callback, otherwise we can get this callback, increase limit,
request break on next interrupt, before interrupt get another
huge memory allocation and crash.
There are couple advantages:
- we get much better break locations for async stepping
(see inspector tests expectations),
- we can remove DEBUG_BREAK interruption
(it should speedup blackboxing with async tasks, see
removed todo in debug.cc for details)
- it is required preparation step for async step out,
(see https://chromium-review.googlesource.com/c/v8/v8/+/1054618)
Bug: v8:7753
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iabd7627dbffa9a0eab1736064caf589d02591926
Reviewed-on: https://chromium-review.googlesource.com/1054155
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53439}
Extends the functionality of Managed<T> to track an estimated size
for the external memory associated with an instance of Managed<T>
in order to allow for proper accounting in the garbage collector.
R=mstarzinger@chromium.orgCC=ulan@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I8c49c6245eaf267c9264ebb93b43d5dfbf4671fd
Reviewed-on: https://chromium-review.googlesource.com/1076332
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53433}
This extends the ScriptCompiler::CompileModule function with a
CompileOptions argument. Accepted values are kNoCompileOptions (in
which case, behavior remains unmodified) and kConsumeCodeCache. If the
latter is passed, we try to fetch the given module from the code
cache.
Since it is possible to compile the same source code as both a script
and a module (and different code is generated for the two cases), a
new is_module bit is added to the SerializedCodeData header to
disambiguate between the two cases.
Bug: v8:7685
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I34b3642505577ed9ed0caedbee5876308c5a53ea
Reviewed-on: https://chromium-review.googlesource.com/1073327
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53432}
