They were marked V8_DEPRECATE_SOON for the 6.9 branch, so we deprecate
them for the 7.0 branch.
R=yangguo@chromium.org
Bug: v8:7868
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idc42affd4d1b103e9946e3b77a93720694eb2dfd
Reviewed-on: https://chromium-review.googlesource.com/1150024
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54803}
This reverts commit d854d3512e.
Reason for revert: Speculative revert for webkit unit tests:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/25209
Original change's description:
> [builtins] Clear RelocInfo for off-heap trampolines
>
> For technical reasons, we used to serialize off-heap trampolines with a
> RelocInfo containing a single OFF_HEAP_TARGET entry. This RelocInfo was
> never needed at runtime. It also ended up being somewhat misleading
> because printing an embedded code object would show the OFF_HEAP_TARGET
> entry (belonging to the trampoline) at the first 'real' instruction.
>
> With this CL, we explicitly serialize an empty byte array as the reloc
> info for each off-heap trampoline, i.e. the snapshot will never contain
> such off-heap target reloc infos.
>
> Bug: v8:6666, v8:7969
> Change-Id: If6fa85a438d093ed5dcea07ce0de1db49a224d28
> Reviewed-on: https://chromium-review.googlesource.com/1146643
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54786}
TBR=yangguo@chromium.org,jgruber@chromium.org
Change-Id: If5eabd162141149361df90095b89a173fe2cb81e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666, v8:7969
Reviewed-on: https://chromium-review.googlesource.com/1155594
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54801}
This reverts commit d9f6c685f0.
Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20gc%20stress/17584
Original change's description:
> Reland [CloneObjectIC] overwrite monomorphic/polymorphic feedback if deprecated
>
> An object with a deprecated Map which has already been cached in
> CloneObjectIC feedback is still a valid Map for fast cloning --- but
> to be consistent with other ICs, deprecated maps are ignored, and are
> expected to be transitioned away from.
>
> If the source object has a deprecated map, the instance is migrated.
>
> BUG=v8:7611, chromium:867958, chromium:868586
> R=jkummerow@chromium.org, mvstanton@chromium.org
>
> Change-Id: I477aec6c8d0ae1e1648a70e85d2fd46146521d1c
> Reviewed-on: https://chromium-review.googlesource.com/1154143
> Commit-Queue: Caitlin Potter <caitp@igalia.com>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54799}
TBR=jkummerow@chromium.org,mvstanton@chromium.org,caitp@igalia.com
Change-Id: Ifcb422c3a692543490710d450590323524a6359a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7611, chromium:867958, chromium:868586
Reviewed-on: https://chromium-review.googlesource.com/1155593
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54800}
An object with a deprecated Map which has already been cached in
CloneObjectIC feedback is still a valid Map for fast cloning --- but
to be consistent with other ICs, deprecated maps are ignored, and are
expected to be transitioned away from.
If the source object has a deprecated map, the instance is migrated.
BUG=v8:7611, chromium:867958, chromium:868586
R=jkummerow@chromium.org, mvstanton@chromium.org
Change-Id: I477aec6c8d0ae1e1648a70e85d2fd46146521d1c
Reviewed-on: https://chromium-review.googlesource.com/1154143
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54799}
From the promotion code point of view, a ThinString being forwarded to
an ExternalString is exactly the same as an actual ExternalString being
forwarded to its promoted copy. These changes provide a way to disambiguate
both scenarios since they are different for external memory accounting.
Bug: chromium:867902
Change-Id: I6fd56ee5e0f8900318466108273ab26e936eb439
Reviewed-on: https://chromium-review.googlesource.com/1152975
Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54790}
The following are ready for iwyu:
- src/heap/mark-compact.h
- src/heap/objects-visiting.h
Bug: v8:7490
Change-Id: I4cb9b1146586adcef8c0e0cf187ca363fe6e9a8d
Reviewed-on: https://chromium-review.googlesource.com/1154970
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54788}
For technical reasons, we used to serialize off-heap trampolines with a
RelocInfo containing a single OFF_HEAP_TARGET entry. This RelocInfo was
never needed at runtime. It also ended up being somewhat misleading
because printing an embedded code object would show the OFF_HEAP_TARGET
entry (belonging to the trampoline) at the first 'real' instruction.
With this CL, we explicitly serialize an empty byte array as the reloc
info for each off-heap trampoline, i.e. the snapshot will never contain
such off-heap target reloc infos.
Bug: v8:6666, v8:7969
Change-Id: If6fa85a438d093ed5dcea07ce0de1db49a224d28
Reviewed-on: https://chromium-review.googlesource.com/1146643
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54786}
AdvanceUntil allows the Utf16CharacterStream to advance until a charater is found
that passes the check.
Bug: v8:7926
Change-Id: Iae39fb24194aa0ee2f544a55a7847956aa324b64
Reviewed-on: https://chromium-review.googlesource.com/1151303
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54783}
This CL introduces InstanceTypeChecker namespace with type checkers for
types used by the optimizing compiler. The type checkers are global
functions. Examples:
bool InstanceTypeChecker::IsJSFunction(InstanceType);
bool InstanceTypeChecker::IsAllocationSite(InstanceType);
The CL also uses these type checkers in the HeapObject::IsXXXX()
functions to ensure consistency.
Bug: v8:7790
Change-Id: I7eb9e79ca28da02fd489201f532e566d0d13243a
Reviewed-on: https://chromium-review.googlesource.com/1154529
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54782}
When disassembling code (in particular embedded builtins), try to
print better information about root-relative accesses. For example:
REX.W movq rdx,[r13+0x548]
REX.W movq rax,[r13+0x10a8]
turns into
REX.W movq rdx,[r13+0x548] (root (0x1ff420d0ccd9 <FixedArray[1672]>))
REX.W movq rax,[r13+0x10a8] (external reference (check_object_type))
This is a band-aid solution until we come up with something better. It
does not understand multi-instruction sequences (such as loads from
the builtins constants table), assumes every kRootRegister-relative
access is actually root-relative (i.e. the register is not initialized
to some other value), and is limited to a particular instruction
pattern.
Bug: v8:6666,v8:7969
Change-Id: I35af92e8233c9bb0f2ad6ba0e86bd0ab69177205
Reviewed-on: https://chromium-review.googlesource.com/1146806
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54777}
Now we can remove FixedArrayOfWeakCells (this was the last user).
BUG=v8:7308
Change-Id: I7b74f7833288b20d8f4d098a4afce640ea6db823
Reviewed-on: https://chromium-review.googlesource.com/1150170
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54776}
This is a reland of 51ad234ffe
With a manual layout rebaseline of js/fast/string-prototype-properties
[1], this CL can be relanded without breaking the layout test.
[1] https://chromium-review.googlesource.com/c/chromium/src/+/1154289
also marks the test for skipping until this fix is rolled to Chromium.
Original change's description:
> [Intl] move localeCompare to C++
>
>
> Bug: v8:7958
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I84a27dda5205c8581a7ffe37213d685cc49974fa
> Reviewed-on: https://chromium-review.googlesource.com/1144644
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54740}
TBR=ftang@chromium.org, gsathya@chromium.org
Bug: v8:7958
Test: layout test: js/fast/string-prototype-properties
Change-Id: Ic546349fcbc935917ded018801f7d942e50565d5
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1154247
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54772}
Functions/variables for some atomic memory operators use type,
representation interchangeably. Fix to make it consistent.
Bug: v8:7754, v8:6532
Change-Id: I16ae35b72728739aee4bc67287317c2fd4a9088a
Reviewed-on: https://chromium-review.googlesource.com/1152462
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54763}
The ToBigInt conversion can have side effects, so the check for
neutered-ness must happen afterwards.
Bug: chromium:867776
Change-Id: I6e550c77a284da4cf132c21a6c3b1ed8f34eedc9
Reviewed-on: https://chromium-review.googlesource.com/1153553
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54761}
An object with a deprecated Map which has already been cached in
CloneObjectIC feedback is still a valid Map for fast cloning --- but
to be consistent with other ICs, deprecated maps are ignored, and are
expected to be transitioned away from.
If the source object has a deprecated map, the instance is migrated.
BUG=v8:7611, chromium:867958
R=jkummerow@chromium.org, mvstanton@chromium.org
Change-Id: I9771b00400fb4dda45a62e874a31d9b50630d847
Reviewed-on: https://chromium-review.googlesource.com/1152414
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#54758}
Also removed an obsolete test that is covered by test262/intl402
Bug: v8:7954, v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I41113653cd27c165e6f0a52e4b63bb9ddc553cba
Reviewed-on: https://chromium-review.googlesource.com/1150453
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54757}
We currently only expose this to desugarings and not in the grammar
to keep 'const' and 'let' bindings consistent.
A side-effect of this change is that it is now possible to use a
shadowed name in the initializer of a const binding.
Bug: v8:7793
Change-Id: Ic2ca6af0735acf0e748d394f9039fe6612bd4a06
Reviewed-on: https://chromium-review.googlesource.com/1150534
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54755}
Add codegen support for up to 4GiB memories in Liftoff code.
This CL also adds three new mjsunit tests that stress large WASM
memories (1, 2, and 4 GiB) and checks that accesses near these
boundaries properly generate traps.
Note there is still some trickiness around the setting of:
1.) the flag --wasm-max-mem-pages
2.) wasm-limits.h kSpecMaxWasmMemoryPages = 65536
3.) wasm-limits.h kV8MaxWasmMemoryPages = 32767
In particular, the allocation of memories is still limited to
3.) and the runtime flag can only lower this limit.
The above means that the tests for 2GiB and 4GiB memories will silently
OOM by design until 3.) is changed (though they currently pass with
manual testing). I argue it is better to include these tests up front,
since they will immediately trigger if their memory allocation succeeds.
Therefore the plan is to lift the restriction on 3.) after removing
all other other internal V8 limitations including array buffers and views.
R=clemensh@chromium.orgCC=mstarzinger@chromium.org
BUG=v8:7881
Change-Id: I3205ac2daf5c9a84364c670a2c3ef2258e5649f6
Reviewed-on: https://chromium-review.googlesource.com/1151309
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54754}
