We need to keep strong references to the final map, otherwise the test
may start failing randomly depending on GC timing, because the optimized
code will get deoptimized when the map disappears.
Bug: v8:9236
Change-Id: I3c18cba96546020b4d70b95993e1531e787ed253
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607652
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61438}
This allows handler tables to be followed by (at maximum) 4 bytes of
alignment padding. Data following the handler table (e.g. the constant
pool) might cause such padding to be added.
R=jgruber@chromium.org
Change-Id: Icb1d3156032b847dc805b8e3e63b02c0b29dbd51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605723
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61437}
harmony-locale is shipped in m74 and m74 is already out.
Remove harmony-locale flag from the code.
Bug: v8:8910
Change-Id: If9634b6767cfe449cfa03980bbad26ceb7408c79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1592465
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61429}
FATAL() calls with more than one argument are preserved.
The rest of chrome does this as well. Stack traces and minidumps should
be sufficient for analyzing the reason for crashes.
This saves 110kb for Android arm32.
Bug: chromium:958807
Change-Id: I88a1ec82f1ed7bd5e7dbccf6d645d5584f16de82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598159
Commit-Queue: Andrew Grieve <agrieve@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61426}
They are added under the global scope object, as follows:
{
"memory": ...,
"globals": {
"global#0": ...,
"global#1": ...,
"global#2": ...,
}
}
We currently don't have any way to name globals in the wasm binary
format, but it is possible to extend the name section with these names
in the future.
Bug: v8:6846
Change-Id: I79fa4ed3d83964bc8e26d66516605d41e92b3d03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601829
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61425}
In the longer run we only want the CBOR code path, for now we need to handle
JSON as well. So we convert if possible.
Change-Id: I726b737f4cd2602d4fb676ce7cf996fcd1ba33e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598254
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61424}
This change generates functions that verify the things that Torque knows
about objects and their fields. We still must implement each verifier
function in objects-debug.cc, but we can call into the generated code to
verify that field types match their Torque definitions. If no additional
verification is required, we can use the macro USE_TORQUE_VERIFIER as a
shorthand for a verifier that calls the corresponding generated
function.
A new annotation @noVerifier can be applied to both class and field
definitions, to prevent generating verification code. This allows fully
customized verification for complicated cases like
JSFunction::prototype_or_initial_map, which might not exist at all, and
JSObject::elements, which might be a one pointer filler map.
Because Factory::InitializeJSObjectFromMap fills new objects with
undefined values, and many verifiers need to deal with partially-
initialized objects, the generated verifiers allow undefined values on
every class deriving from JSObject. In cases where stricter checks were
previously performed, they are kept in objects-debug.cc.
Bug: v8:7793
Change-Id: I84034efadca89ba0aceddf92e886ffbfaa4c23fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594042
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61422}
1. Use the newer LocalizedNumberFormatter API which improve
the performance score x3.3.
Here are how I got the performance score:
$ python -u tools/run_perf.py --binary-override-path \
out/x64.release/d8 --filter "JSTests/Intl" \
test/js-perf-test/JSTests5.json
Look for NewIntlNumberFormat-Intl(Score) for 3 runs.
BEFORE: 539 507 507
AFTER: 2009 2069 1994
2. Also add symbol and enum to prepare implementing of the unified
number proposal.
Bug: v8:8515
Change-Id: Ie1ca1dba1e806449632cc96b81d44f0dc61b6093
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1392233
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61421}
Create an Intl::GetNumberingSystem function shared by several
Intl object which throw exception internally.
Bug: v8:9190
Change-Id: Ibe658e61bc8d0e5c061b26fe8527e69d086ea185
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1590442
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61419}
This is a reland of f2e652264d
Nothing has changed but
https://chromium-review.googlesource.com/c/v8/v8/+/1585269 has been rolled
back due to v8:9234.
Original change's description:
> Reland "[compiler] Don't collect source positions for the top frame"
>
> Fixed crashes by adding missing call to EnsureSourcePositionsAvailable,
> which requires clearing and restoring the pending exception.
>
> > While most source positions were not collected even throwing exceptions,
> > the top frame still was always collected as it was used to initialize
> > the JSMessageObject. This skips even that frame, by storing the
> > SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
> > it to lazily evaluate the actual source position.
> >
> > Also adds tests to test-api.cc that test each of the source position
> > functions in isolation to ensure that they don't rely on previous
> > invocations to call the source collection function.
> >
> > Since no source positions are now collected at the point when an
> > exception is thrown, the mjsunit/stack-traces-overflow now passes again
> > with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
> > only failure).
>
> Bug: v8:8510
> Change-Id: Ifa5fe31d3db34a6c6d6a9cef3d646ad620dabd81
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601270
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61372}
TBR=ulan@chromium.org
Bug: v8:8510
Change-Id: Iaa9e376f90d10c0f25d1bcc352808363e4ea8b4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605946
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61418}
MIPS64 has a user space of 2^40 bytes on most processors, address
space limits needs to be smaller. 256G is ok, but it will cause
mjsunit/wasm/bulk-memory-spec/memory_copy.wast get a OOM error.
Bug: v8:7747
Change-Id: Ie7a96336ef4ab6340def813478a09bdf3f76894e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605524
Auto-Submit: Yu Yin <xwafish@gmail.com>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61417}
This is a reland of 42beed975e
Relanding after fixing Chromium issues.
Original change's description:
> [ptr-compr][x64] Temporarily enable pointer compression on x64
>
> ... and make sure that the x64 ptr-compr bots proceed testing V8 without
> pointer compression in order to keep testing the full pointer mode.
>
> Bug: v8:7703
> Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng,v8_linux64_tsan_rel
> Change-Id: Iee725deda813425a6f0722948b54976154f50909
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1497139
> Reviewed-by: Michael Hablich <hablich@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60230}
Bug: v8:7703
Change-Id: Ib1498609603cb03be2464043658131d5a2f1e012
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng,v8_linux64_tsan_rel
Cq-Include-Trybots: luci.chromium.try:fuchsia_x64,linux-rel,mac-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559850
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61416}
Brokerize parts of named property access.
Bug: v8:7790
Change-Id: I465bced5f266969040d1e966946a162b0a850c5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1596734
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61414}
... by moving the EffectControlLinearizer class into the .cc file and
only exposing a single function in the header.
Change-Id: I63dc3edd9de7df60041f0687d920996e308e0d4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605739
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61413}
Everything after UNREACHABLE is dead code, so it makes sense to remove them.
Bug: v8:9183
Change-Id: If76468a73b926d74717cc2348fd5b36d30f680c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605727
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61411}
Precise code-coverage, collecting type profile and logging function events
need feedback vectors. This cl allocates feedback vector eagerly when any of
these features are required. When the code-coverage mode changes to anything
other than best case, this scans over the entire heap and allocates feedback
vectors for the required functions.
For best case code coverage we use interrupt budget field on the feedback
cell to infer if a function has executed. We still use the invocation count
on the feedback vector if feedback vector is available.
Bug: v8:8394
Change-Id: Ia0e656aaaa024d6d893a5badafc9a42ce36e9ea3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601143
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61410}
This is a more general fix than 84435fa because tests that rely on
the sweeping order mark all unwanted pages as never-allocate using
SealCurrentObjects.
Bug: v8:9205
Change-Id: I261de3183ee38189ed72de28883a4fdf7b6f253d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605728
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61407}
This reverts commit b9191bd355.
Reason for revert: Clusterfuzz bugs
BUG=chromium:961507,chromium:961508
Original change's description:
> [class] implement private method declarations
>
> This patch implements the declarations of private methods, the access
> of private methods would be left to a future patch.
> When a private methods declaration is encountered, we now:
>
> - Create a brand symbol during class evaluation and store it in the
> context.
> - Create the closures for the private methods
> - Load the brand from the context and store it in the instance in the
> constructor.
>
> Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit#
>
> Bug: v8:8330
> Change-Id: I2d695cbdc8a7367ddc7620d627b318f779d36150
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568708
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61387}
TBR=rmcilroy@chromium.org,gsathya@chromium.org,verwaest@chromium.org,joyee@igalia.com
Change-Id: I429bbe8af9f94598de132814aa2c3ab9fa69b986
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8330
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605730
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61406}
... which works properly when intptr_t is bigger than int and makes
MSVC happy about this.
Bug: v8:9183
Change-Id: I224eff00c1cbcb9a8c9f16eadaec078db7cf16db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601511
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61405}
{NativeModule::GetCode} can actually return {nullptr} if no code was
compiled yet for a function, e.g. in asm.js where we use lazy
compilation. In that case, we must not try to increment the ref count
on the nonexisting code object.
We had a few errors recently that were hard to reproduce because we do
not have a flag to enable code logging. Clusterfuzz managed to
accomplish this by passing --trace-ic.
In order to test bugs in code logging properly, this CL introduces a
new runtime function called "EnableCodeLoggingForTesting". It registers
a noop {CodeEventListener} and enables code logging in the wasm engine.
We should whitelist this flag in ClusterFuzz to potentially flush out
more bugs.
R=mstarzinger@chromium.orgCC=frgossen@chromium.org
Bug: v8:8217, chromium:961129, chromium:961245, chromium:961128
Change-Id: I2f97c109db70b41531d58580b71f6781beeb8dcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602700
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61404}
The new json parser reuses a lot of symbol names from the
ordinary parser and in some extreme jumbo builds those
symbols end up in the same translation unit and prevents
compilation.
This adds "Json" to some duplicate symbol names.
Change-Id: Ie38ec7e65f9807b877d35689b654c696dc880998
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602704
Auto-Submit: Daniel Bratell <bratell@opera.com>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61403}
Helps make configuring profilers more scalable as our number of
parameters grows.
Change-Id: I81263a30c221edaa3934a92eb000b71ddfbdea60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601585
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#61402}
JSInliner class wrongly assumed that all functions passing through
JSInliningHeuristic have feedback vectors, but that's not the case
when the inlining candidate hasn't been called yet.
Bug: chromium:961522
Change-Id: I89c0f2098add19d9b59394f1e7230cbec426119d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605720
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61400}
These are added as mjsunit tests for now since they haven't been merged
to the spec repo. When that happens, the wasm-spec-tests testsuite can
be updated to include these tests, and the tests in this directory can
be removed.
This CL also adds the test/mjsunit/wasm/bulk-memory-spec directory to a
list of directories that aren't checked for copyright (since these files
are auto-generated).
Bug: v8:7747
Change-Id: I906f2ca45f497a6728f94afb9b3330971e1d3fd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1600363
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61395}
This brings in
third_party/inspector_protocol/encoding/encoding_test.cc
from the upstream project and makes it work for v8's
unittest suite.
encoding_test_helper.h is a V8 specific implementation,
which delegates to src/inspector/v8-string-conversions{.h,.cc},
for the utf8 / utf16 conversion routines.
I'm also fixing / updating roll.py, for future rolls.
Change-Id: I08e4784838ff81ef3ac328f783512b42c91b6bcd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1597215
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61393}
Per 262, yield* for async generators is supposed to Await the input value.
#sec-generator-function-definitions-runtime-semantics-evaluation
Section 14.4.13, yield *, 7.c.iii.1
Bug: v8:9051
Change-Id: Ie1e829309fe78683a9ff0adf816208c2bf0bb524
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1600508
Commit-Queue: Joshua Litt <joshualitt@google.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61390}
