The current unwinding data for JSEntry correctly restores the frame
pointer and program counter from the caller frame, which might or might
not be sufficient to continue unwinding, depending on the contents of
that caller frame. Currently, the cctest StackUnwindingWin64 is broken
(at least with my build config) because the caller frame also needs the
stack pointer, which is not restored correctly.
In particular, I see this xdata for v8::internal::GeneratedCode<...>,
which is the function that calls Builtins_JSEntry:
10400015 : 2 code words, 1 epilog, function length=15
01000012 : epilog starts at 12 and its unwind handler starts at 4
e405c8d2 : save_reg x=b z=8
alloc_s x=5
end
e405c8d2 : same thing but for the epilog
The prolog that corresponds to the unwind codes above is:
sub sp, sp, #50
str lr, [sp, #0x40]
Note that it does not set fp, so unwinding requires an accurate sp.
This change emits slightly more complicated unwinding data for JSEntry
so that the frame pointer, stack pointer, and program counter can all be
restored.
Change-Id: I0c7f3eba97ef64408f46631b487c4b0ceb06fa9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1848860
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64435}
On Windows ARM64, it is insufficient to just follow the linked list of
frame pointers in all cases. This is similar to logic added in
https://crrev.com/c/v8/v8/+/1701133 except this affects the Unwinder
methods rather than the function metadata for RtlVirtualUnwind.
Together with https://crrev.com/c/chromium/src/+/1844276 , this allows
the Chromium unit test V8UnwinderTest.UnwindThroughV8Frames to pass on
Windows ARM64.
Change-Id: I82d4d894be14d4a6ace75bba10c13b10342d0b12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1845189
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#64432}
We previously had a DCHECK to protect the assumption that the
continuation to StackPointerGreaterThan must be a branch. This is not
a valid assumption to make, in fact the second callsite of
VisitStackPointerGreaterThan immediately violates it.
Instead, this CL additionally considers non-branch continuations when
getting the effect level.
A slight digression since it was not clear to me how comparison
results were materialized for 'Set' continuations: this happens during
codegen, where CodeGenerator::AssembleInstruction inserts a call to
AssembleArchBoolean if necessary.
Bug: v8:9829,v8:9534
Change-Id: Ib554071b7aa33e0f6b8a0d605219db6b6dc7d5b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871912
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64430}
Disallow reorderings across calls and across caller registers save/restore.
Bug: v8:9775
Change-Id: I8b1037dd127217ed9f4a42d45e0d928380c9241a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862558
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64429}
.. similar to how it is applied in the interpreter. We reserve a stack
slot for the backtrack count, increment it on each backtrack, and fail
if the limit is hit.
Bug: v8:9695
Change-Id: I835888c612d6c8bfa2f34e73ab8c8241dcabc6ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864938
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64426}
This is a reland of 0347f00a64
Original change's description:
> Refactor platform tests to avoid deprecated API
>
> The old tasks API is deprecated and we want to remove it in 8.0.
> Thus, this CL refactors the platform tests to use the new
> TaskRunner-based API, and removes redundant tests.
>
> R=ahaas@chromium.org
>
> Bug: v8:9810
> Change-Id: Ie53c90184639e77b3247228059fd88290b233e0c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868619
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64412}
Bug: v8:9810
Cq-Include-Trybots: luci.v8.try:v8_linux64_msan_rel
Change-Id: I0f66791828e0f605a67f9af575dbead35e8feb9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871917
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64425}
This reverts commit c48096d442.
Reason for revert: Flaky bot failures (https://bugs.chromium.org/p/v8/issues/detail?id=9744#c9)
Original change's description:
> Reland "[runtime] Remove extension slots from context objects"
>
> This is a reland of c07c02e1c4
>
> Original change's description:
> > [runtime] Remove extension slots from context objects
> >
> > Context objects have an extension slot, which contains further
> > additional data that depends on the type of the context.
> >
> > This CL removes the extension slot from contexts that don't need
> > them, hence reducing memory.
> >
> > The following contexts will still have an extension slot: native,
> > module, await, block and with contexts. See objects/contexts.h for
> > what the slot is used for.
> > The following contexts will not have an extension slot anymore (they
> > were not used before): script, catch and builtin contexts.
> > Eval and function contexts only have the extension slot if they
> > contain a sloppy eval.
> >
> > Bug: v8:9744
> > Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> > Commit-Queue: Victor Gomes <victorgomes@google.com>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Auto-Submit: Victor Gomes <victorgomes@google.com>
> > Cr-Commit-Position: refs/heads/master@{#64372}
>
> TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
>
> Bug: v8:9744
> Change-Id: I0749cc2d8f59940c25841736634a70047116d647
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64380}
TBR=ulan@chromium.org,jgruber@chromium.org,petermarshall@chromium.org,leszeks@chromium.org,verwaest@chromium.org,victorgomes@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9744
Change-Id: Ia58067b41f1eb5880a52b36ead754d7190ff7f6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871922
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64424}
The MOVE_ONLY_NO_DEFAULT_CONSTRUCTOR macro defines a defaulted move
constructor and move-assignment operator. The {std::unique_ptr} on the
other hand needs the contained type to be complete when instantiating
the move assignment operator. Hence, this fails e.g. on MSVC, see
https://github.com/nodejs/node/pull/30020#issuecomment-544485991.
It turns out that we never actually move the interpreter, so we can
just replace the MOVE_ONLY_NO_DEFAULT_CONSTRUCTOR by
DISALLOW_COPY_AND_ASSIGN.
R=ahaas@chromium.org
Change-Id: Iba7d30243510ed9554be62b0c4c8e6f47f0c3307
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871921
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64423}
Before this change, the activeElement used to be the body and not
multiview. Then, the EventListener wasn't triggering.
Bug: v8:7327
Change-Id: I9782159ffd510c9a7afd83695f20ede9e774ac20
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868624
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64422}
Since the resizers (the handles used to resize the panes) were
getting bigger when selected, they obscured part of the scrollbar
making the scrollbar too hard to select.
Also, when they were snapped, the right resizer totally obscured
the scrollbar.
Bug: v8:7327
Change-Id: I04f3df00181df2265890ef54706091b3bc36f23e
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869191
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64421}
This is a reland of ad9bd3a0cc
Reland reason: Probably not the cause of the TSAN failures
Original change's description:
> [ptr-compr][CSA] Enable the DecompressionOptimizer phase in CSA
>
> Also update the MachineGraphVerifier to take into account the
> possibility of the Store receiving a Compressed representation as well.
>
> Bug: v8:7703
> Change-Id: I6d6e28b980151af6296000cfe6f67a3a037b029c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859627
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64410}
TBR=tebbi@chromium.org, jgruber@chromium.org
Bug: v8:7703
Change-Id: Ic8181d0288a8504e611437601f6b34e472fcac47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871919
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64420}
Before we can remove the deprecated methods, we need to provide default
implementations for them. Then, we can remove all overrides in
embedders, and finally remove the methods from v8.
R=ulan@chromium.orgCC=ahaas@chromium.org
Bug: v8:9810
Change-Id: If9286dc8ba441c226c9a1d524832ff203ac4bce6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871915
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64419}
On Windows with MSVC, the current code triggers a fatal error C1017
(invalid integer constant expression).
Change-Id: I41c371a1d7909737052c03c830bb62c41154a192
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871918
Commit-Queue: Michaël Zasso <mic.besace@gmail.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64418}
V8 uses a backtracking regexp engine, which has the caveat that some
regexp patterns can have exponential runtime behavior when excessive
backtracking is involved.
Especially when regexp patterns are user-controlled, it would be useful
to be able to set an upper limit for a single regexp execution. This CL
takes an initial step in that direction by adding a backtracking limit
(intended to approximate execution time):
- The limit is stored in the JSRegExp's data array.
- A limit can currently only be set through the %NewRegExpWithLimit
runtime function.
- The limit is applied during interpreter execution. When exceeded, the
interpreter stops execution and returns FAILURE (even if continued
execution would at some later point have resulted in SUCCESS).
In follow-up CLs, this mechanism will be extended to work in jitted
regexp code, and exposed through the V8 API.
Bug: v8:9695
Change-Id: Iadb5c100052f4a63b26f1ec49cf97c6713a66b9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864934
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64417}
This reverts commit 0347f00a64.
Reason for revert: MSAN failures (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/29288)
Original change's description:
> Refactor platform tests to avoid deprecated API
>
> The old tasks API is deprecated and we want to remove it in 8.0.
> Thus, this CL refactors the platform tests to use the new
> TaskRunner-based API, and removes redundant tests.
>
> R=ahaas@chromium.org
>
> Bug: v8:9810
> Change-Id: Ie53c90184639e77b3247228059fd88290b233e0c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868619
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64412}
TBR=ahaas@chromium.org,clemensb@chromium.org
Change-Id: I1b240df992425f25a2a4a9d33d27f6262d91c004
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9810
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871913
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64414}
We still set a lot of macros depending on specific gcc versions. All
these old versions are unsupported by now anyways, so we can also just
define these macros as 1.
If this CL sticks for a while, we can start actually cleaning up all
code relying on these macros, as most of them should be 1 now on all
platforms.
R=ulan@chromium.org
Bug: v8:9810
Change-Id: I2f9c55170091f8c263deeddfb7ff89e5b2a0bb12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862564
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64413}
The old tasks API is deprecated and we want to remove it in 8.0.
Thus, this CL refactors the platform tests to use the new
TaskRunner-based API, and removes redundant tests.
R=ahaas@chromium.org
Bug: v8:9810
Change-Id: Ie53c90184639e77b3247228059fd88290b233e0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868619
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64412}
It was unused and the last commit was a long time ago.
NOPRESUBMIT=true
Change-Id: I5c4992cbc2e9977549787e21e4f5dac284291c58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863938
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64411}
Also update the MachineGraphVerifier to take into account the
possibility of the Store receiving a Compressed representation as well.
Bug: v8:7703
Change-Id: I6d6e28b980151af6296000cfe6f67a3a037b029c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859627
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64410}
TurboFan can normally inline an arrow function closure callback like:
[1, 2, 3].map(x => x * x);
The serializer has information to support this in the form of
FunctionBlueprint Hints, though it's not exploiting them. This CL
remedies that.
Bug: v8:7790
Change-Id: I8fc10f04ffc9bd2ea03cd761e8a5a41258000c76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863939
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64409}
This reverts commit dfd9ceb984.
Reason for revert: Regressions https://chromeperf.appspot.com/group_report?rev=64356https://crbug.com/1015749
Original change's description:
> [regexp] Clone match info for match indices.
>
> The current behavior for generating match indices simply stashes a
> pointer to the match info and then constructs the indices lazily.
> However, it turns out the match info object used to create the result
> object is the regexp_last_match_info living on native context, and thus
> it can change between the creation of the result object and the generation
> of indices. This cl clones the match info which will be safer.
>
> Bug: v8:9548
> Change-Id: Ia6f26f88fbc22fd09671bf4c579d39a1510b552d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864585
> Commit-Queue: Joshua Litt <joshualitt@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64356}
TBR=jgruber@chromium.org,joshualitt@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9548, chromium:1015749
Change-Id: I9c30b8fb459cf2aa89d920bf061614441250844d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1870236
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64407}
Port 7d09b270d8
Original Commit Message:
It turns out that because we are *subtracting* from fp, we need to
*subtract less* to get a higher address. Who knew.
R=xwafish@gmail.com, clemensb@chromium.org
Change-Id: I1ddb5e15ef7fab2f198aebf07a5ce607add4c3c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868559
Auto-Submit: Mu Tao <pamilty@gmail.com>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64406}
When using promise hooks we can actually end up in capturing stack trace
with an async generator on the stack whose queue is empty, and we need
to gracefully handle that case as well.
Fixed: chromium:1015945
Change-Id: Ia459e7444b373ecab01ca6900a781fd8b4021d1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1870230
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64403}
This is a reland of 97ed8b277b
Original change's description:
> [regexp] Guarantee an allocated regexp stack
>
> The regexp stack is used during execution of jitted regexp matcher
> code. Previously, the stack was initially not present / nullptr, and
> we had to explicitly check for this condition and bail out in builtin
> code.
>
> This CL changes behavior to guarantee a present stack by adding a
> statically-allocated area that is used whenever no
> dynamically-allocated stack exists.
>
> Change-Id: I52934425ae72cf0e5d13fab2b9d63d37ca76fcf3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852126
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64326}
Change-Id: If345c09bdbfc8dc6b63f016c3f10ffda811bbb6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1866771
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64401}
Local testing shows that this switch for small counts (up to size 16)
is significantly faster than the default {std::copy_n} (by up to 20%,
e.g. for the "join-int" js perf test). It's also faster than just a
loop covering all sizes up to 16.
R=leszeks@chromium.orgCC=jkummerow@chromium.org
Bug: chromium:1006157
Change-Id: I4d179f064704261fa18f453c23c04ee0b351e942
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864831
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64397}
The missing include causes compilation failures for node.js, see
https://github.com/nodejs/node/pull/30020.
It's not great to have includes in a file called "macros.h", but we
define several functions there that make use of type traits. Fixing
that is a separate project.
R=mlippautz@chromium.org
Change-Id: Idb067679e597521230f94eb8c99f1347ed3808cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868622
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64386}