Add a bit on the isolate which indicates that the stack is currently
not iterable for the SafeStackFrameIterator.
This is needed during deoptimization, when we do a fast C call without
a return address on the stack, meaning we can't iterate the stack
frames.
Re-enable DeoptAtFirstLevelInlinedSource which is fixed by this CL.
Bug: v8:9057
Change-Id: I76379a2dd38023be7e6f5153edeb1f838e9ac4d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1688049
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62634}
This fixes a corner-case where a {WasmExportedFunction} that represents
a re-export of a JavaScript callable from another module was identified
correctly, but not all corner-cases were correctly covered. Concretely
we failed to check for function signatures incompatible with JavaScript.
R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-9447
BUG=v8:9447
Change-Id: Ia6c73c82f4c1b9c357c08cde039be6af100727d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690941
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62632}
This reverts commit e8d865973f.
Reason for revert: crbug.com/981701
Original change's description:
> [parsing] Improve elision of hole checks for default parameters
>
> Use the position of the next parameter to be declared as the end of the
> initializer for default parameters, so that hole checks can be elided
> for initializers using previous parameters in arrow functions.
>
> This fixes a source of bytecode mismatches when collecting source
> positions lazily.
>
> Bug: chromium:980422, v8:8510
> Change-Id: I5ab074231248b661156e7d8e47c01685448b56d5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683267
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62525}
TBR=verwaest@chromium.org,delphick@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:980422, v8:8510
Change-Id: I3abd70a1fb00967e58b46177655a0078e24db720
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697242
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62630}
The {InterpretWasmModuleForTesting} is used to determine whether a
module is cheap enough to execute the compiled code (there is a cap on
the number of executed instructions). If the module executes too much
code, {InterpretWasmModuleForTesting} returns {false}.
The check for a stack overflow was missing though, so it would return
{true} in that case, and the compiled code would be executed. This can
lead to timeouts.
R=ahaas@chromium.org
Bug: chromium:947909
Change-Id: I0b003963d3ca548f388fdf4ec4995c4199656f91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1693011
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62617}
This adds test coverage for calling "table.set" with a constructed
{WebAssembly.Function} object that uses a signature incompatible with
JavaScript.
R=ahaas@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: I939d63db85b4eb9cffe5a901efe477397f20f925
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691917
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62616}
This reverts commit 8f8ae4f8c3.
Reason for revert: Still failing layout tests: https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Linux%2064/33036
Original change's description:
> Reland: Serialize native errors
>
> This is a reland of https://crrev.com/c/v8/v8/+/1649257. The original
> change was reverted because it conflicted with a blink-side serialization
> tag.
>
> Make native errors serializable.
>
> The implementation is mostly straightforward, but there is one
> exception: the stack property. Although the property is not specified,
> the spec for error cloning asks us to preserve the property if
> possible. This implementation serializes the property only when it is
> a string, and otherwise ignores it.
>
> Spec: https://github.com/whatwg/html/pull/4665
> Intent-to-Ship: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/f8JngIi8qYs
>
> Bug: chromium:970079
> Change-Id: Ic1ff07be2c5be415bfb564fa3975bc1a55a06a72
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1692366
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62607}
TBR=jbroman@chromium.org,yhirano@chromium.org,szuend@chromium.org
Change-Id: Ia52b3e3997663fc293e9d217e5a56544b28d050d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:970079
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695462
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62614}
This makes it clearer what this class does, and is more consistent with
the terminology used by ignition (BytecodeGenerator).
Change-Id: I9085f29f437cf15605a5ae971b1fc72d6c79feaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1692923
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62612}
a77323416a missed a case when receiver is
Smi in TryPrototypeChainLookup.
Bug: chromium:980292, chromium:980226
Change-Id: Ife6be4541d6b280253a7e87cf6f57c96efe8300f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687283
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62608}
This is a reland of https://crrev.com/c/v8/v8/+/1649257. The original
change was reverted because it conflicted with a blink-side serialization
tag.
Make native errors serializable.
The implementation is mostly straightforward, but there is one
exception: the stack property. Although the property is not specified,
the spec for error cloning asks us to preserve the property if
possible. This implementation serializes the property only when it is
a string, and otherwise ignores it.
Spec: https://github.com/whatwg/html/pull/4665
Intent-to-Ship: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/f8JngIi8qYs
Bug: chromium:970079
Change-Id: Ic1ff07be2c5be415bfb564fa3975bc1a55a06a72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1692366
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62607}
This DCHECK is unnecessary because the object can be sealed or frozen
before it is set as a prototype map.
The repro is
Object.seal(Object);// Object is HOLEY_FROZEN_ELEMENTS
const v3 = Object();
v3.__proto__ = Object; // Set prototype map bit and dictionary map bit
const v6 = Object.seal(Object); // Turn Object to DICTIONARY_ELEMENTS
Bug: chromium:980168
Change-Id: Iec50249d0ff0c5ed959201707b837871fcb88a02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687280
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62606}
The name dictionary allocated to store named captures on the regexp
result object could be too large for regular heap spaces and
ConstructNewResultFromMatchInfo must thus also handle the large object
case.
Bug: chromium:980891
Change-Id: Ia1dbecd0a9d9d6b39f80e77680386c385d95c97c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691907
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62591}
In the rare case that a tagged template is not initialized before
optimization time, we currently cache this created template in the
feedback vector. If we stop doing this, we simplify the interface
usefully for concurrent compilation and pay little for it.
Bug: v8:7790
Change-Id: Ifc82b0eb931a706767596febd4f4b312e167fd25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690837
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62590}
This reverts commit 85bc4ef6c2.
Reason for revert: The tag 'e' conflicts with a blink serialization tag: kFileIndexTag.
Original change's description:
> Serialize native errors
>
> Make native errors serializable.
>
> The implementation is mostly straightforward, but there is one
> exception: the stack property. Although the property is not specified,
> the spec for error cloning asks us to preserve the property if
> possible. This implementation serializes the property only when it is
> a string, and otherwise ignores it.
>
> Spec: https://github.com/whatwg/html/pull/4665
> Intent-to-Ship: <TBD>
>
> Bug: chromium:970079
> Change-Id: I7f36b8b4fc5dff22d726d849ccfb9748d0888365
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649257
> Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62584}
TBR=jbroman@chromium.org,yhirano@chromium.org,adamk@chromium.org,domenic@chromium.org,szuend@chromium.org
Change-Id: Ia0cc902eaa1419cdb0cfec377d8a40fa914612c9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:970079
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1692365
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62589}
EscapeRegExpPattern should return a string representation of a
RegExp instance that in turn can be used to construct a new
RegExp instance with the same internal state as the original one.
Previous versions incorrectly escaped '/' also inside character classes
(e.g. /[/]/ returned "[\/]").
This patch properly escapes '/' when necessary and omits unnecessary
escapes.
Bug: v8:8615, v8:1982, v8:9446
Change-Id: I4ecb993dc69d6976f4637cedf43465cd0c32e427
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1688050
Commit-Queue: Patrick Thier <pthier@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62587}
Make native errors serializable.
The implementation is mostly straightforward, but there is one
exception: the stack property. Although the property is not specified,
the spec for error cloning asks us to preserve the property if
possible. This implementation serializes the property only when it is
a string, and otherwise ignores it.
Spec: https://github.com/whatwg/html/pull/4665
Intent-to-Ship: <TBD>
Bug: chromium:970079
Change-Id: I7f36b8b4fc5dff22d726d849ccfb9748d0888365
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649257
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62584}
This CL changes non-const reference arguments to either a const
reference, or pass-by-value combined with std::move.
Bug: v8:9429
Change-Id: Iabace132f855462612ac31922fbd8b456d8ae20d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690827
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62583}
ResolveExport and Evaluate are the final unimplemented SyntheticModule methods; with this
change the implementation is complete.
Test-api unit tests are also provided.
Bug: v8:9292
Change-Id: Ieb7643cc5b6495dd201a51f04199d2406a703e52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1681187
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62582}
Change-Id: Ia506f4741e6ff9f024199d1b1fa7abb7dafe2b25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1682835
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62581}
This reverts commit 31cd5d83d3.
Reason for revert: It breaks my heart to revert this, but it fails differently on several bots, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/26671.
Original change's description:
> [arraybuffer] Rearchitect backing store ownership
>
> This CL completely rearchitects the ownership of array buffer backing stores,
> consolidating ownership into a {BackingStore} C++ object that is tracked
> throughout V8 using unique_ptr and shared_ptr where appropriate.
>
> Overall, lifetime management is simpler and more explicit. The numerous
> ways that array buffers were initialized have been streamlined to one
> Attach() method on JSArrayBuffer. The array buffer tracker in the
> GC implementation now manages std::shared_ptr<BackingStore> pointers,
> and the construction and destruction of the BackingStore object itself
> handles the underlying page or embedder-allocated memory.
>
> The embedder API remains unchanged for now. We use the
> v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> keep the backing store alive properly, even in the case of aliases
> from live heap objects. Thus the embedder has a lower chance of making
> a mistake. Long-term, we should move the embedder to a model where they
> manage backing stores using shared_ptr to an opaque backing store object.
>
> R=mlippautz@chromium.org
> BUG=v8:9380,v8:9221
>
> Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62572}
TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,gdeepti@chromium.org,mlippautz@chromium.org
Change-Id: Ib35788ba8c31192d90cbc72df3dbc41030f109de
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9380, v8:9221
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691034
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62578}
This reverts commit 907f3a64b7.
Reason for revert: speculative revert for v8:9445
I will reland if the crash is not fixed by the revert.
Original change's description:
> [heap] Replace ConcurrentSweepingState with a MemoryChunk local epoch counter.
>
> Bug: v8:9093
> Change-Id: I7c415fd0ea9e48f7ee189115f164825cb120695b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624213
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62423}
TBR=ulan@chromium.org,hpayer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9093, v8:9445
Change-Id: Ia81a52579dc0a89f57ee41c7d0f8b1ba0f9bba81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691025
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62575}
This CL completely rearchitects the ownership of array buffer backing stores,
consolidating ownership into a {BackingStore} C++ object that is tracked
throughout V8 using unique_ptr and shared_ptr where appropriate.
Overall, lifetime management is simpler and more explicit. The numerous
ways that array buffers were initialized have been streamlined to one
Attach() method on JSArrayBuffer. The array buffer tracker in the
GC implementation now manages std::shared_ptr<BackingStore> pointers,
and the construction and destruction of the BackingStore object itself
handles the underlying page or embedder-allocated memory.
The embedder API remains unchanged for now. We use the
v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
keep the backing store alive properly, even in the case of aliases
from live heap objects. Thus the embedder has a lower chance of making
a mistake. Long-term, we should move the embedder to a model where they
manage backing stores using shared_ptr to an opaque backing store object.
R=mlippautz@chromium.org
BUG=v8:9380,v8:9221
Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62572}
The client API provides a much simpler interface so that we don't have
to deal with producers, consumers etc. directly. This CL removes all the
code that dealt with the more complex API used previously.
The architecture used here requires that the embedder call into
Tracing::Initialize() to set up the tracing backend. The tracing
controller then connects to this backend when calling
DataSource::Register() and Tracing::NewTrace(). This will ultimately
avoid the need for a virtual call (or two) for every trace event that
need to be dispatched over the API - chrome can provide a backend
and V8 will connect to it opaquely with the same code when tracing is
enabled.
Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: I6b74fbb49ffcc89638caeb59ed3d5cc81238f3e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634916
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62568}
When I implemented these instructions, I copied the naming scheme of
{GetGlobal}. That's not appropriate for the table.get instruction
though, and I decided I suffered enough from that bad name now.
R=clemensh@chromium.org
Bug: v8:7581, v8:9396
Change-Id: Id1796425458f3d06a2da774374f02c49d665d2c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690835
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62563}
This CL aims to address the regressions that we saw in Octane 2.1,
particularly in the DeltaBlue test.
This CL brings a 5% improvement in said test by doing
CompressedSigned -> Word32 conversion (instead of
CompressedSigned -> TaggedSigned -> Word32).
There seems to be room for optimizations doing more specialized conversions
regarding representation changes.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:7703
Change-Id: I24e5b6c06436fdda9fa6a1ac4699dc55c3d67abd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1684075
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62557}
This adds a test case for using constructed {WebAssembly.Function}
objects in non-zero tables. Due to a recent refactoring that unifies
handling of dispatch tables, this works out of the box. The test
coverage however is still useful, since code paths are slightly
different for non-zero tables.
R=ahaas@chromium.org
TEST=mjsunit/wasm/type-reflection-with-anyref
BUG=v8:7742
Change-Id: I0cf4b0a8039bbef0422b06ee23744a949be8f1b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690821
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62555}
This is a reland of 89d93e3851
Original change's description:
> Reland "Let all early errors be SyntaxErrors."
>
> This is a reland of 99fd5b9b9d which includes a missed update to
> test/test262/test262.status.
>
> Implement the spec change from the following TC39 PR:
> https://github.com/tc39/ecma262/pull/1527
>
> Bug: v8:9326
> Change-Id: Ie3aac60db550e90fb648fc30886a05419fa41afe
> TBR: adamk@chromium.org
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1682989
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62500}
Bug: v8:9326
Change-Id: Ic30280400dfa5b83a4a397888e563eee479446c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1688271
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62553}
Cpplint usually checks for non-const reference arguments. They are
forbidden in the style guide, and v8 does not explicitly make an
exception here.
This CL re-enables that warning, and fixes all current violations by
adding an explicit "NOLINT(runtime/references)" comment. In follow-up
CLs, we should aim to remove as many of them as possible.
TBR=mlippautz@chromium.org
Bug: v8:9429
Change-Id: If7054d0b366138b731972ed5d4e304b5ac8423bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687891
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62551}
This CL teaches the deoptimizer about JavaScriptBuiltinContinuation
frames that are not preceded by argument adapter frames. This pattern
is used when calling C++ API functions from TurboFan.
This CL fixes a crash when the deoptimizer encounters the pattern
described above. The crash was caused when the deoptimizer tried to
read the arguments of the continuation frame. As no adapter frame
was present, the argument count was read from the SharedFunctionInfo
which had the kDontAdaptArgumentsSentinel value. This translated to
an argument count of ~65000 later down the line, which caused a
FATAL error when the deoptimizer tried to re-construct ~65000
non-existent values.
Bug: chromium:980529
Change-Id: Id2de3bf7607102ab5a16de344c649015e968b185
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687417
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62547}
Got rid of the following circular header dependency chains:
compilation-dependencies <-> js-heap-broker <-> access-info
types <-> js-heap-broker <-> access-info
Extracted former CompilationDependencies::Dependency class into its own header.
Extracted *Ref classes into their own header.
This should enable building on older GCC versions, e.g. 5.4.0.
Bug: v8:9440
Change-Id: Ia345bc227d8f7806d0b8622b706346a7ce6d01ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687415
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62541}
Once read-only space is not a Heap space it makes little sense to have
it in the Heap class.
Bug: v8:7464
Change-Id: I2230ce7cbf1cec3c83065c91bc14a9c23f72478b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1688841
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#62540}
And make --trace-turbo-alloc honor --trace-turbo-filter
This is useful to filter out a specific compile job, e.g.
if mksnapshot is crashing it easily produces 5GB of logs
without filter.
TBR=bmeurer@chromium.org
Change-Id: Ic7dea0a4cef793b517d98ca2ba1f6ea6eeac63ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1521111
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62536}
When `this` is context allocated inside a class constructor (strict mode
function), due to an arrow function, debug evaluate was unable to locate
the value. This is quick fix for the issue, which probably deserves a
more general rewrite at some later point in time (with more domain
expertise).
Bug: chromium:760225
Change-Id: I5208d8a202ad69439f60ada480599d0efcdc4ce4
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687412
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62532}
This will be used to test InterpreterEntryTrampoline
Change-Id: I2ee2cffea0741e15597a7e31f70e156e9aaa1c2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1688890
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62527}
Use the position of the next parameter to be declared as the end of the
initializer for default parameters, so that hole checks can be elided
for initializers using previous parameters in arrow functions.
This fixes a source of bytecode mismatches when collecting source
positions lazily.
Bug: chromium:980422, v8:8510
Change-Id: I5ab074231248b661156e7d8e47c01685448b56d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683267
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62525}
This CL moves the code responsible for serializing a stack trace frame into
a string, out of messages.cc and into stack-frame-info.cc. Instead of
symbolizing the stack trace frame while serializing, the code is changed to
work on top of StackTraceFrame and StackFrameInfo objects.
The result is that the serialization code no longer cares when a stack trace
frame is symbolized. Symbolization could happen eagerly during capturing, or
lazily the first time any of StackFrameInfo fields are accessed.
Drive-by: Existing users of StackFrameBase::ToString are adapted to the
new SerializeStackTraceFrame API. This includes Isolate::PrintCurrentStackTrace,
which is changed to re-use the existing capturing and serializing mechanism.
Bug: v8:8742
Change-Id: Ic7fd80668c9d993e99d586ef7fe022850104c34f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631414
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62522}
In native context specialization, reducing a JSResolvePromise
node requires us to know that there are no "then" properties on
the resolution object's maps. This work must be done at serialization
time.
Bug: v8:7790
Change-Id: If905513a028bc3d71379e2a31e86fff1d3383141
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666988
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62519}
This adds a test checking whether function identity is preserved upon
re-export of various function kinds. The tests are expected to all pass
and just increase code coverage.
R=ahaas@chromium.org
TEST=mjsunit/wasm/export-identity
Change-Id: I4fbb7db2d78c7ffeb6278d6b6d87a7c029326387
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687893
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62516}
This is the combined second and third step of refactoring indirect
function calls through tables with index > 0 to work without runtime
calls.
The first CL introduces the WasmIndirectFunctionTable heap object. For
a table of type anyfunc within a WebAssembly instance,
WasmIndirectFunctionTable stores the size, the signature id's, the
call targets, and the reference parameters for that table. I used the
names that are already used for the matching fields of the
WasmInstanceObject.
The second CL expands the IndirectFunctionTableEntry to work also on
WasmIndirectFunctionTable objects. All changes to a function table go
through this class.
The third CL introduces uses of the WasmIndirectFunctionTable. In this
CL I change the code generation in TurboFan to replace runime calls with
direct accesses to the new WasmIndirectFunctionTable. Additionally I
extended the initialization of WasmIndirectFunctionTable, and also
implement Table.grow.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: Ic7615c0138562d27897683358ddc0943add1acfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1684186
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62515}
This assertion was borked, as it accepted obviously "same" values like
the same object. This fixes the predicate by switching both assertSame
and assertNotSame to use {Object.is} underneath. It also adds a new
respective regression test (gotta test the tester).
R=ahaas@chromium.org
TEST=message/mjsunit/fail/assert_not_same
Change-Id: I6ba20c4b8b96a736ab924715b1cad78f2f43a120
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687541
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62512}
This reverts commit 89d93e3851.
Reason for revert: Breaks layout tests: https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Linux%2064/32929
Original change's description:
> Reland "Let all early errors be SyntaxErrors."
>
> This is a reland of 99fd5b9b9d which includes a missed update to
> test/test262/test262.status.
>
> Implement the spec change from the following TC39 PR:
> https://github.com/tc39/ecma262/pull/1527
>
> Bug: v8:9326
> Change-Id: Ie3aac60db550e90fb648fc30886a05419fa41afe
> TBR: adamk@chromium.org
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1682989
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62500}
TBR=adamk@chromium.org,gsathya@chromium.org,verwaest@chromium.org,rkirsling@gmail.com
Change-Id: Ia56dcda6780a2b1249749e1e7978b35b5e33fbcf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9326
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687678
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62509}
"Operand(num_saved_registers_)" might be bigger than 16 bits. Using a 32/64 bit load/mov
instruction to overcome the problem.
Port 4c156936e8
Original Commit Message:
Large regexp results may exceed kMaxRegularHeapObjectSize and must
thus be allocated in large object space.
R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ibfaf6150a139427f073f5f11873ad5832fc328ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1685027
Auto-Submit: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#62507}
and make Foreign::make() functional.
Change-Id: Idca3affee5ee89f1774641c5b6475445aef25756
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1685792
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62506}
Before running OOM on a wasm memory allocation, we trigger a GC, but
only in the isolate which allocates the new wasm memory. Hence if
multiple isolates are involved, we can run OOM anyway. This is a rare
case which did not cause trouble yet in the wild, so skip that test on
the 'isolates' bot for now.
R=ahaas@chromium.org
Bug: v8:9405
Change-Id: Ieb29a62e85db115320ae269e89d3e1fc451fd915
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1685793
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62505}
This add signature checking when a constructed {WebAssembly.Function} is
being imported into a module. Signatures must match exactly. Note that
importing itself is not yet implemented and will be done as a follow-up.
R=ahaas@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: Iaa3fee574f8edafdddfc9e7aafe2bbd1ae597ff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683729
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62502}
This is a reland of 99fd5b9b9d which includes a missed update to
test/test262/test262.status.
Implement the spec change from the following TC39 PR:
https://github.com/tc39/ecma262/pull/1527
Bug: v8:9326
Change-Id: Ie3aac60db550e90fb648fc30886a05419fa41afe
TBR: adamk@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1682989
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62500}
These instructions should return 0 or 1, previously it would return the
min/max of the elements.
Change-Id: I81913c07f11e4a98ce3b9f5d79b5d975e5bf953f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1681130
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#62498}
The test case SimdF32x4ExtractWithI32x4 was still passing when the codegen for
F32x4Extract was entirely commented out. This change adds a new test
cases that specifically exercises F32x4ExtractLane.
It copies what is done in SimdI32x4SplatFromExtract,
which involves moving the splatted and
extracted values around locals, to ensure we move the values around
registers and not unintentionally reuse registers that we splatted to,
without actually extracting anything.
Note that the existing SimdF32x4ExtractWithI32x4 is kept because it is
used to test scalar lowering passes.
Bug: v8:9420
Change-Id: Ieb883175b0e0139e8452c18f09d50b7dfb05a994
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1684699
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62496}
Lowering does not work correctly for I64x2 and F64x2. Those tests are
guarded with X64, so it is fine, but if we remove the guard next
time, the failing tests will be confusing.
Bug: v8:8460
Change-Id: I98da0a2de1fefa8f46bdc5c0a1407973e3ed2b81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683928
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62494}
Introduce a helper class for regular expression parsing
and use it to improve load poison tests readability and
maintainability.
Extend load poisoning tests for arm64 platform (e.g.
for both regular and compressed references cases).
Change-Id: Ie62dfd14a60186feaa5f48e1a6122d77766472af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645913
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62493}
plus a test that calls a CAPI function directly from C++ (without
the detour through Wasm).
Anyref tables are still unsupported.
Change-Id: I450a6a75fde411da99691deab04c59a760a65a7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1684076
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62489}
test262 changes already merged in
9d0072df3d1897a63738b029b3e8d00df18d1201
but not roll into v8 yet.
Bug: v8:9327, chromium:980085
Change-Id: I0a97e1038ab8a68d439a78512ef513b3510478d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1684703
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62482}
This mistake was introduced during big liveedit refactoring.
Reported in Node.js: https://github.com/nodejs/node/issues/28493R=dgozman@chromium.org,yangguo@chromium.org
Change-Id: Ic19984f1776dd5e0a25c6d7c41b4a7b7a9c76d22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683101
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62479}
Bug: v8:8460
Change-Id: Id159c81cd2d25924be96e49c64073e154ef32e6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667867
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62475}
Negating the maximum int32 failed in ubsan. Use
{base::NegateWithWraparound} to avoid UB.
R=jkummerow@chromium.org
Bug: chromium:980007
Change-Id: If52a3bb3158eb5b465e7bd29deaffc0b18660360
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683993
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62470}
This fixes undefined behavior in the implicit cast from double to float
when a double literal is passed through {fround} while declaring a local
variable.
R=jkummerow@chromium.org
TEST=mjsunit/regress/regress-crbug-976934
BUG=chromium:976934
Change-Id: I0efa2bf3f89d32c445f0b9bf719880d17fe9743c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683999
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62469}
crrev.com/c/1656852 Added an Array.reduce microbenchmark for frozen objects. On
Android devices, resources need to be whitelisted for loading.
This CL whitelists the missing resource file
R=bmeurer@chromium.org,verwaest@chromium.org
CC=duongn@microsoft.com
Bug: v8:9417
Change-Id: I0a2caca2eaaa769b085f28c3fede3a0c62d64754
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683994
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62468}
This reduces the time it takes to run this test in --jitless mode
from 32s to 0.7s.
Bug: v8:9416
Change-Id: Ie9a7465b604b28ff8ccaa50f0918c62e3128ac08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1682575
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62464}
crrev.com/c/1653733 Added an Array.map microbenchmark for frozen objects. The
micro-benchmark is missing from the resource files. On Android devices,
resources need to be whitelisted for loading. The missing resource file is
causing the error in
https://chrome-swarming.appspot.com/task?id=45c1664eaeefd410
This CL adds the missing resource file
R=bmeurer@chromium.org,verwaest@chromium.org,duongn@microsoft.com
Bug: v8:9417
Change-Id: I66f8d989a1fafe5b2a357bdae7b3abd58ae54223
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1682576
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62463}
Since https://codereview.chromium.org/2777583003, the Boyer-Moore
lookahead (used by the irregexp engine) also looks inside submatches
to narrow down its range of accepted characters at specific offsets.
But the end of a submatch, designated by a PositiveSubmatchSuccess
action node, was not handled correctly. When a submatch terminates,
we have no knowledge of what may follow, and thus must accept any
character at following positions. This is done by the SetRest call
added in this CL.
An example, since this is fairly obscure:
/^.*?Y(((?=B?).)*)Y$/s
The initial non-greedy loop, together with the s flag,
will trigger an attempted Boyer-Moore lookahead. After this follows
an unconditional Y, a *-quantified loop matching any char and
containing a lookahead that matches either 1 B or 0 B's, and an
unconditional trailing Y.
When the BM lookahead scans the subject string for the beginning of
this pattern after the non-greedy loop, it should look for: a Y at
offset 0, and either a B, a Y, or '.' (-> any character) at offset 1.
Prior to this CL this was not the case:
- The lookaround is internally generated as a submatch.
- The optional 'B?' is unrolled into 'either B followed by submatch
end' or 'submatch end'.
- Filling in BM infos terminates when encountering a submatch end.
Thus in the former case we added B to the set of accepted characters
and terminated, while in the latter case we simply terminated.o
This CL ensures that BM will accept any character at any offset at or
exceeding the first encountered submatch end.
Bug: v8:8770
Change-Id: Iff998ba307cd9669203846a9182798b8cf6a85dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1679506
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Erik Corry <erikcorry@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62460}
regress-976627 is pass and should pass on mips64el,
see 4c15693https://crrev.com/c/1674027
Change-Id: I4da905ea129a78988d75e5b19cca3a4e5a17fdcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1679960
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Yu Yin <xwafish@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62459}
The previous fix for this bug (crrev.com/c/1678365) pessimistically
would mark all shadowed variables as maybe_assigned. Unfortunately,
this doesn't work across a parse/preparse boundary, where the shadowing
variable is found via Scope::AnalyzePartially while the shadowed
variable is outside of the preparser entry point. In those cases, the
referencing proxy is copied to the outer scope, in which case the
dynamicness of the original lookup is lost and the maybe_assigned
pessimisation no longer applies.
This means that maybe_assigned status of a variable is dependent on
which function is being parsed. In particular, it can cause bytecode
to change on recompilation, causing issues for lazy source positions.
This patch allows SetMaybeAssigned to walk its shadowed variables,
and recursively set them to maybe_assigned too. Checking for
maybe_assigned changing prevents this recursion from having a
quadratic performance failure mode.
Bug: v8:8510
Bug: v8:9394
Change-Id: Id19fe1fad5ec8f0f9aa03b00eb24497f88f71216
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1677265
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62458}
When applying Object.seal(), Object.freeze() to Smi, Double elements
kind, it will transition to Object elements kind first then to new
frozen, sealed elements kind accordingly.
Also, add more mjsunit.
Bug: v8:6831
Change-Id: I454b42d7eb329b03e20245896641eb6c1a87831d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662657
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62457}
Implement the spec change from the following TC39 PR:
https://github.com/tc39/ecma262/pull/1527
Bug: v8:9326
Change-Id: I9639903b12e7621e323990e2335f00e0313a59c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643171
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62451}
1. Move the reading of Notation before calling
SetNumberFormatDigitOptions()
( sync after https://github.com/tc39/proposal-unified-intl-numberformat/pull/37)
2. Sync SetNumberFormatDigitOptions to the spec.
3. Consider the case that while RoundingType is "compact-rounding"
do not set the precision.
4. correct the tests accordingly.
5. Fix the rounding of notation: "compact" and put regression cases
into test/intl/regress-9408.js
Bug: v8:9408
Change-Id: I78d66601fe21b1a74a50047b2abe6a2838a58b8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1681599
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62450}
Measure speed regression of a range of char in complex regexp
The measurement is using the code from chromium:977003
To measure
python -u tools/run_perf.py --binary-override-path out/x64.release/d8 \
test/js-perf-test/RegExp.json
Run on three setting:
a. m74 based on tag 7.4.301
b. trunk (m77)
c. apply cl 1674851 on trunk
ComplexCaseInsensitiveTest-RegExp
Score is better if higher
Score imp % comp to m74
m74 22910
23430
23360
Trunk (m77) 15190 66.30%
15710 67.05%
15570 66.65%
CL 1674851 24590 161.88% 107.33%
24690 157.16% 105.38%
24200 155.43% 103.60%
Bug: chromium:977003
Change-Id: I7756f4739c44a07949103650565d1ca902e1b7ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1679651
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62449}
The latter is better because it takes field type into account when
decompressing field value.
Drive-by: use [DECL_]ACCESSOR macros for some fields.
Bug: v8:9353
Change-Id: I3d7f07d11b1e379e3e6cf0310d836af6b48c1338
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1680539
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62444}
New Revision: 8b7ea912e516a6daa61487c700687a9426e3a396
Update v8 files / build config accordingly.
- There's now a new library in third_party/inspector_protocol,
bindings/bindings.h, which is configured much like encoding/encoding.h.
It doesn't have much stuff in it yet, but will soon get more code
that would otherwise need to go into jinja templates.
It also comes with a new test, only a smoke test thus far.
Change-Id: I9c00a54a840c214b4bb744a3b272e5ce221954fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678273
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62442}
This change is a partial implementation of Synthetic Module Record as specified here:
https://heycam.github.io/webidl/#synthetic-module-records
This includes:
- Introduce SyntheticModule class inheriting from Module.
- Extend v8::Module interface in v8.h to include Synthetic Module APIs, with corresponding
implementations in api.cc.
- Provide SyntheticModule implementations of PrepareInstantiate, FinishInstantiate, and SetExport.
- Provide cctest unit tests for the implementations in the preceding item.
We will follow up with further submissions to implement the remaining members of
SyntheticModule (ResolveExport and Evaluate).
Bug: v8:9292
Change-Id: I25b1b695b5d1c3004677cd685f0dfd95283438fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1626829
Commit-Queue: Dan Clark <daniec@microsoft.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62433}
GetPropertyWithReceiver is similar to GetProperty, except that additional receiver parameter is used in TryPrototypeChainLookup to support GetPropertyWithReceiver stub.
We only use this stub in ProxyGetProperty builtin for now.
Bug: v8:8958
Change-Id: Ied60e4f6ee6e09bca2f161048b481a0bf37a78a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1676879
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62431}
powered by a new function Execution::CallWasm and a corresponding,
Turbofan-generated CWasmEntry stub. This entirely sidesteps the
traditional Execution::Invoke -> JSEntryStub path.
Change-Id: If2b97825cca4ce927eecbddc248c64782d903287
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660618
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62424}
d8 treats files with the .mjs extension as modules instead of
classic scripts. Thus, the `// MODULE` pragma and its corresponding
logic in test runners can be removed in favor of explicitly adding
the extension.
Bug: v8:7950, v8:9395, v8:9406
Also-By: tmrts@chromium.org
Change-Id: Ic74328dc5c5f176bb4bdf6d74bdd4d3966279ba5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675958
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Auto-Submit: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62421}
Currently, `intl/regress-7770` fails on environments with `LC_ALL`
set, e.g.
export LC_ALL=en_US.UTF-8
While engineers can manually work around it using `unset LC_ALL`
before running the test suite, it would be more convenient if the test
runner didn't rely on the absence of this environment variable in the
first place.
Bug: v8:8845
Change-Id: I8116e2fd369be1d561dfe465f2901d07d3f75510
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1680538
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Auto-Submit: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62417}
If there was an assignment to a maybe-shadowing dynamic variable,
then the shadowing variable would be marked maybe_assigned, but the
maybe-shadowed variable would stay unchanged. This meant that in
non-shadowing cases, the not-actually-shadowed variable would have
the wrong maybe_assigned state, and e.g. would break context
specialization.
This patch pessimistically unconditionally sets maybe_assigned on
variables shadowed by a dynamic variable in a `with` scope. This
marking can cause false positives and sub-optimal optimization for
some functions with 'with' blocks, but it's also the simplest fix
for this issue which doesn't affect performance in the common case
of no 'with' blocks.
Bug: v8:9394
Change-Id: I6924bd7d48dda61232aa9d72c39df1c76c665c67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678365
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62407}
This is a reland of 8de427fae8
Original change's description:
> [debugger] Expose reference to the function in debug-evaluate
>
> R=verwaest@chromium.org
>
> Bug: chromium:878723
> Change-Id: Ic07f75f15230018b6d19cd1ee21f4be6dcad6360
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667408
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62385}
TBR=jgruber@chromium.org
Bug: chromium:878723
Change-Id: I0386655a9b2632d2d9438e674d4205ce5e5365f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1679490
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62401}
Just the low-hanging fruit. There is more to do.
Bug: v8:2487
Change-Id: Ia9afa32797960f6c4c7c4fa0f39c70efc63663e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669698
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62397}
Boilerplate values may possess an unboxed double field filled with the kHoleNan64Int sentinel value, which indicates that the field is uninitialized. When a boilerplate value migrates away from the unboxed double representation to a tagged one, we should replace the sentinel value by the proper uninitialized oddball value.
This fixes an issue with JSCreateLowering::AllocateFastLiteral not detecting const stores of uninitialized values properly.
R=bmeurer@chromium.org, jarin@chromium.org
Bug: chromium:976598
Change-Id: I6bb216c0618a3105e6c8cfc04b1900d2f83a52ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674034
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Schmid <gsps@google.com>
Cr-Commit-Position: refs/heads/master@{#62394}
According to spec https://tc39.es/ecma262/#sec-object.preventextensions, the commit 8e0ef9b9a0 is missing the last step when object is proxy, it needs to return the object.
var proxy = new Proxy({}, {});
var object = Object.preventExtensions(proxy);
proxy === object; // should be true
Also, add mjsunit test.
Bug: v8:6664
Change-Id: Ic3688519539f8903ee0bc7e885905a86d195a4db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1668443
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62393}
This is a reland of 5ff38bae08
Original change's description:
> [TurboFan] Fast path for JSAdd with BigInt feedback
>
> This CL introduces the necessary infrastructure to generate speculative
> BigInt operations in case of BigInt feedback. In particular, the JSAdd
> operator is lowered to a speculative call to the BigIntAdd builtin,
> with a deopt bailout in case of exceptions or violated assumptions.
>
> Bug: v8:9213
> Change-Id: I05796336eef9a4389fc31d59cad2d69f75512647
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657916
> Commit-Queue: Nico Hartmann <nicohartmann@google.com>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62362}
Bug: v8:9213
Change-Id: Ic0caf7aab2103b8f5e22a504427e8604cc894d75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1677209
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@google.com>
Cr-Commit-Position: refs/heads/master@{#62381}
Deprecated maps might not be updated before being passed to
PrepareForDataProperty. If the target map is a dictionary map,
then adding the data property can fail.
As a drive-by, remove the dead ForTransitionHandler code, which
was another (potentially unsafe) caller of PrepareForDataProperty
Bug: chromium:977012
Change-Id: I894bbc9bca2001555474a3570eb03fe6b0f69ddd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674029
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62377}
There's no reason to use the API RegExp type instead of the internal
JSRegExp type. In fact, the parsed flags end up in
Runtime_CreateRegExpLiteral, which assumes them to be of type
JSRegExp::Flags.
Drive-by: Additional asserts and helper functions in JSRegExp.
Bug: v8:9359
Change-Id: I5c12aba7d4e39a4891fb23d8b47c55fc480a28d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667004
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62376}
In TurboFan, context specialization is an optimization that tries to
either replace the load of a value from the context with a constant,
or if that can't be achieved, at least reduce the hops up the
context chain by starting a walk to the required depth from the
first constant context that it can reach.
Currently, this optimization is performed by looking into the
heap during a reducer pass. With fully concurrent TurboFan, we
need to instead gather information about contexts we may want
to perform this optimization on during serialization.
This CL adds functionality to the serializer to recognize and
model operations that affect the context register. We add to the
hinting structure already used by the serializer. There is
a new type of hint: a VirtualContext. This is a tuple consisting
of a handle to a Context, and a distance field that indicates how
far away in a to-be-realized chain this VirtualContext sits from
the context in the handle. For example:
bytecode stream:
...
CreateBlockContext
...
After a block context is created, the accumulator now contains
a VirtualContext Hint with a distance of 1 from any context hints
that we are keeping track of in the current context register.
More details in the design doc here:
https://docs.google.com/document/d/1Y0LKKCEenLWyAZTetoAIpKTZRCxaNdkYV8X1GaCax2A/edit?usp=sharing
Change-Id: I63732ebd106cc138fb1e9789d0676ece63e15d27
Bug: v8:7790
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605941
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62370}
Large regexp results may exceed kMaxRegularHeapObjectSize and must
thus be allocated in large object space.
Drive-by: Rename '%InNewSpace' to '%InYoungGeneration'.
Bug: chromium:976627
Change-Id: I38b5aecb95a95cf2fdbb24d19550cec34361a09d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674027
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62368}
This reverts commit 5ff38bae08.
Reason for revert: flaky test that is not normally flaky failed.
See: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20nosnap%20-%20debug/24531
Original change's description:
> [TurboFan] Fast path for JSAdd with BigInt feedback
>
> This CL introduces the necessary infrastructure to generate speculative
> BigInt operations in case of BigInt feedback. In particular, the JSAdd
> operator is lowered to a speculative call to the BigIntAdd builtin,
> with a deopt bailout in case of exceptions or violated assumptions.
>
> Bug: v8:9213
> Change-Id: I05796336eef9a4389fc31d59cad2d69f75512647
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657916
> Commit-Queue: Nico Hartmann <nicohartmann@google.com>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62362}
TBR=jarin@chromium.org,neis@chromium.org,sigurds@chromium.org,nicohartmann@google.com
Change-Id: I5ae63a0183283894b6d1130792ab37a95b014550
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9213
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1676607
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62364}
This CL introduces the necessary infrastructure to generate speculative
BigInt operations in case of BigInt feedback. In particular, the JSAdd
operator is lowered to a speculative call to the BigIntAdd builtin,
with a deopt bailout in case of exceptions or violated assumptions.
Bug: v8:9213
Change-Id: I05796336eef9a4389fc31d59cad2d69f75512647
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657916
Commit-Queue: Nico Hartmann <nicohartmann@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62362}
Perform a best-effort check for module context and provide an
appropriate error.
As seen from the import-blah-script.js test, we could have invalid
import expressions in a script context that could result in an error
saying "Cannot use import statement outside a module" which isn't
the ideal error because the error is an incorrect import
expression.
But, when the developer changes to a module context, the
correct error is thrown.
To fix this, we'd have to refactor and call ParseImportDeclaration,
and then throw an appropriate error, which seems like a lot of
overhead for not enough gain.
Bug: v8:9392, v8:6513
Change-Id: I520ebb490fff4d95743a7c751d4095db9a35d41b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675948
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62358}
testrunner assumes that each test suite has a single extension for base tests.
".mjs" extension can be used for ECMAScript modules in addition to the standard
extension ".js" we use for the base tests.
This CL generalizes the {TestLoader} to accept multiple extensions for
a single test suite.
R=mathias@chromium.orgTBR=machenbach@chromium.org
CC=gsathya@chromium.org
Bug: v8:9395
Change-Id: Ibc155f4963472fe9f989458cd839f3642ffbddea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675961
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62356}
This CL refactors the type-checking for br_table instructions.
Originally, we iterated over all targets of br_table and checked
if the values on the stack match the types expected by the
target's signature. However, this caused problems with type
checking unreachable br_table instructions where some stack
values are unavailable. According to the anyref proposal, the
expected type of br_table is the greatest lower bound of
all its targets. With the existing implementation, the expected
types were the types of the first target.
With this CL, we first calculate the expected types of br_table,
and only then inspect the stack if matching values are available.
R=titzer@chromium.org
Bug: v8:7581
Change-Id: I12208323bda88c363e28ffb0e002d59ef9a6b9d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649791
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62354}
This is a reland of 93b6c866f3
The bug that caused the test failures has been fixed in
https://chromium-review.googlesource.com/c/v8/v8/+/1667417
Original change's description:
> [csa] add hint to CAST error message to break in mksnapshot
>
> Change-Id: I51a22de5d6367c38056ea91eface4f69f6651993
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664069
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62274}
TBR=mvstanton@chromium.org, ulan@chromium.org
Change-Id: I7bb0b4237b6eada82456bc9cf2f293d5986f0d65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675954
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62353}
In this bug, we might replace a phi node with the Dead node even though
it still has uses. DeadCodeElimination picks this up and inserts a
runtime crash into the code.
Bug: chromium:974474
Change-Id: Iea685913c8666806972719bbfb0891e516207d4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669693
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62352}
Shared read-only heap means that all isolates within a process must
share the same snapshot. Pass the back-end snapshot to the front-end
runner to fix that.
Bug: v8:7464
Change-Id: I0ec591a919d4d462ef38e372907592df3c759521
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669691
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62349}
This is a CL that aims to do a general cleanup of DecompressionElimination
to make it easier for devs to look at it, and to create new test cases.
Combined direct decompression & compression tests since they can be
summarized with a for loop in just one test that tries out
all the combinations.
Also created 'global' accesses to stop repeating them in every test.
Same for compression and decompression ops.
Added EXPECT in test cases that had none.
Added dots after comments.
Variables now use underscore instead of camelCase.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703, v8:9183
Change-Id: I38a5c6549e0b4ff89c3271ead23b626e8b6b4843
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628788
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62345}
We currently use the class name “JSValue” for JSObjects that wrap
primitive values. This name is a common source of confusion. This patch
switches to a name that’s more clear.
In addition to manual tweaks, the patch applies the following mechanical
global replacements:
before | after
--------------------------------|--------------------------------------
if_valueisnotvalue | if_valueisnotwrapper
if_valueisvalue | if_valueiswrapper
js_value | js_primitive_wrapper
JS_VALUE_TYPE | JS_PRIMITIVE_WRAPPER_TYPE
JSPrimitiveWrapperType | JSPrimitiveWrapper type
jsvalue | js_primitive_wrapper
JSValue | JSPrimitiveWrapper
_GENERATED_JSVALUE_FIELDS | _GENERATED_JSPRIMITIVE_WRAPPER_FIELDS
Change-Id: I9d9edea784eab6067b013e1f781e4db2070f807c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672942
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62337}
We have a global test/OWNERS that has "file://COMMON_OWNERS".
This CL removes redundant OWNERS files in test/ subdirectories and
removes redundant entries from OWNERS files we need to keep for
special per-file entries.
R=yangguo@chromium.org, machenbach@chromium.org
CC=jkummerow@chromium.org
Bug: v8:9247
Change-Id: Ic2e8cbe8e379d7d23c86c6164305e65807f28ed3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674024
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62336}
We tried to pass the load mode even for stores.
Bug: chromium:977670
Change-Id: I2527a5ca755dba343b75f54383d17e22be0a20a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672940
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62333}
1. Check resources and not solely depend on res_index.res file
2. Performance is +2-3% for Collator, DateTimeFormat, Locale,
-2-3% for PluralRules, RelativeTimeFormat, ListFormat, NumberFormat
Consider we improve the performance x3 not long ago, these perf
regression could be ignored.
Bug: v8:9340
Change-Id: Iab7cd64a77a55a03aae40f4d477523c37b3bcd3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655978
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62322}
Calling FindIndexInScript performs a linear search on the script functions and can
take considerable time. With Bytecode flushing we will lose the function_literal_id
and have to call FindIndexInScript if we ever recompile the flushed function. This
can take a significant proportion of the recompilation time and has caused regressions
in rendering times for some web applications (e.g, 395ms in FindIndexInScript for 132ms
spent lazily re-compiling code).
To avoid this, add function_literal_id back into the SFI and remove it from
UnoptimizedCompileInfo. This will slightly regress memory usage (particularly
in cases where many of the SFIs are compiled), however it means we can remove
the FindIndexInScript function and avoid these long-tail regressions when
bytecode is flushed.
BUG=chromium:965833
Change-Id: Ia31e82eb6c871a6d698a518326a8555822a7a1d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669700
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62319}
Rework the implementation of non-external Torque classes to use
Struct machinery rather than FixedArray machinery. This allows
Torque-only defined 'internal' classes to the automatically generate
class verifiers and printers.
As part of this change, generate C++ boilerplate accessors for
internal Torque classes, since this is a pre-requisite for the
verifiers, printers and other Struct-based functionality.
Moreover, augment the header-generating functionality in Torque
to create separate header files for field offset definitions,
internal class C++ definitions and instance types.
Bug: v8:7793
Change-Id: I47d5f1570040c2b44d378f23b6cf95d3d132dacc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607645
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62317}
The table.copy instruction used the indirect_function_table_size field
of the instance for bounds-checks. However, when Table 0 is of type
anyref, this field is not set. Now we use the actual size of the table
instead.
R=clemensh@chromium.org
Bug: chromium:977101
Change-Id: Idda9cfe228141877747ed9a824936a1232f58cf8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669695
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62315}
v8memory.h does not have V8 specific definitions, and having it in base
makes it clear that every component may include the file. It also
ensures that including it does not create spurious dependencies on
v8_base.
Change-Id: I565f63b25f33a9ada19d7b2ac5990863ab17f4a7
Bug: v8:9183, v8:8855
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657923
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62309}
Adds basic support for CompressedHeapConstants to Arm64 by moving to a ldr_w
instruction and passing COMPRESSED_EMBEDDED_OBJECT as the RelocInfo. However,
we still haven't made the COMPRESSED_EMBEDDED_OBJECT be actually compressed
in the code-stream (they still take up a full 64-bits). Support for this will
be added next.
Adding a test on macro assembler that checks that the
RelocInfo::COMPRESSED_EMBEDDED_OBJECT is flowing through.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703, v8:9298
Change-Id: Ibc64cdfdd85d5cdfa060ed6227b10bb47eae3a8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635692
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62306}
Makes the order of the generated calls to the Runtime function
DefineAccessorPropertyUnchecked fixed regardless of hashseed so that
recompilation for lazy source positions always generates the same
result.
Moves AccessorTable from src/ast/ast.h to bytecode-generator.cc since
that's the only place that uses it.
Bug: v8:9383, v8:8510
Change-Id: I89e0aad1683a793714bfb48eca1b00abe20cad0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669689
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62303}
This is a reland of a5fa211f30
des_checksum and call_once_run were undefined and unused respectively when
shared read-only heap was enabled. Fixed with a copious amounts of USE.
Original change's description:
> [roheap] Check that ro-heap is always passed the same read-only snapshot
>
> Previously the ReadOnlyHeap simply discarded all but the first
> ReadOnlyDeseralizer. ClearSharedHeapForTest should be called if using a
> new ReadOnlyDeserializer (this might change in the future).
>
> Remove an obsolete 'StartupSerializerRootMapDependencies' test. It used
> to test Map::WeakCellForMap which doesn't exist anymore and was
> difficult to adapt to a shared read-only heap.
>
> Bug: v8:7464
> Change-Id: I64b8e953b0e3466e003541ec8a9321e439a01d33
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660612
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Cr-Commit-Position: refs/heads/master@{#62250}
TBR: yangguo@chromium.org
Bug: v8:7464
Change-Id: Id66e781be890c5ed03d066f8c62de703d5cb435e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667415
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62302}
The debugger should be notified whenever a new Module is created so it
displayed properly. Without this change, the Module is only displayed once,
regardless of the number of times it is referenced (by other Workers, say).
That is potentially reasonable behavior, but it doesn't match the way
JavaScript does it.
With this change, the debugger will display the sources like this:
```
▼ top
▶ localhost
▼ wasm
▼ wasm-82570336
wasm-82570336-0
▼ worker.js
▶ localhost
▼ wasm
▶ wasm-82570336
```
Change-Id: I61177e8a07e36ea8e2234aa25e75b1489c9da95f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666616
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62297}
Introduce SourceTextModule as a subclass of Module. Move all the
JavaScript-module-specific code down from Module to
SourceTextModule, with all code applicable to other future
module types remaining in Module.
With this change, Module is roughly equivalent to the spec's
Abstract Module Record and SourceTextModule is roughly equivalent
to Source Text Module Record.
Bug: v8:9292
Change-Id: I6e9cd3ece9d0c1da57e52f8af8ed5848d87dd22d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1633154
Commit-Queue: Dan Clark <daniec@microsoft.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62296}
This disallows using CSA macros from Torque that have a Node* return
type instead of TNode<>. By enforcing CSA types at the boundary between
CSA and Torque, we can ensure that the Torque types and the CSA types
match.
As a drive-by, this CL adds a bit more of CSA typing where it made sense.
Bug: v8:7793, v8:6949
Change-Id: I12ea0337c628105ea3c420be747ae50d3a172547
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660481
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62293}
This patch implements the access of private methods:
- When building property loads, check whether it requires
a brand check. If so, build the brand check and load the
property (the method) from the context instead.
- Throw type errors when there is an attempted write to private
methods.
Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit#
Bug: v8:8330
Change-Id: Ic917d2a0030196c1940b0c0ba65a340af736c769
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1610383
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62292}
A class's fields can appear twice in the class AST, via the properties
array and the synthetised initializer method. This means that the
reindexer can end up visiting the same function literal twice, since the
T in AST is no longer a T but rather a DAG.
Now, we special case the class visitor in the reindexer to avoid these
double visits where appropriate. We know what kinds of fields can be
double visisted, so we don't need a visited set, but we now also have
one for debug builds to verify that each function is visited exactly
once.
Bug: chromium:974627
Change-Id: Ib531becc6e3f3c73f420b5fb49790fe4a2022d65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667003
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62282}
Rather than starting a new, orphaned transition tree in various bailout
cases, simply drop down into dictionary mode.
Aside from potential memory benefits, this allows us to remove
CopyGeneralizeAllFields, which was the only path along which fields
could end up in a different order than their descriptors.
Change-Id: I5577e8a1ca51f0ffdadd7504e7895f367605aa27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662298
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62279}