When we generate identical signatures in the fuzzer,
we generate one function for each of the copies.
However, when these functions are added to WasmModulBuilder,
all will be assigned the same signature index.
Therefore, when ref.func tries to find a function corresponding
to a signature index, it will fail, despite a matching signature
existing in the module.
This CL fixes this issue by looking up functions by signature
over signature index.
Bug: v8:11954, chromium:1254387
Change-Id: Iac8d5444d4914d993da63d0630ca4d95e671630c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197711
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Maria Tîmbur <mtimbur@google.com>
Cr-Commit-Position: refs/heads/main@{#77187}
The logic to locate the correct function to set a breakpoint in based
on script position was treating SharedFunctionInfo::EndPosition() as
inclusive rather than exclusive. There are various assumptions all over
the Debugger that seem to demand this treatment for the toplevel script.
But it's definitely wrong for function literals.
Fixed: chromium:1253277
Change-Id: I3421703673f4d78aee28e923e03e2fca24bc06ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197715
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77186}
Smi constants in 32 bit machines are guaranteed to be 31 bits.
Bug: chromium:1254189
Change-Id: I4ea296a7212c5e6ea14119fbd71cfb5789762b55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195874
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77185}
This CL adds a getStorageIfAligned method to obtaining a typed pointer
to the underlying TypedArray data, if the pointer to it is properly
aligned.
Bug: chromium:1052746
Change-Id: Ie8cb3438135b0da060e2b42ec71bba0e72ae4f5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195875
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77184}
Previously we'd treat %_AsyncFunctionReject (and %AsyncFunctionReject)
as side-effect free (in async functions), but that's not correct, since
promise rejections have side-effects (at the very least triggering the
unhandled promise rejection machinery in the browser).
This required a minor refactoring as previously we'd classify functions
as side-effecting or not depending on whether they contain any calls to
side-effecting intrinsics, no matter whether this call is actually
executed or not. That would break REPL mode however if we'd generally
treat all async functions with %_AsyncFunctionReject intrinsic calls as
side-effecting, so instead of performing the intrinsic checks ahead of
time, we now perform the test at execution time.
Before: https://imgur.com/5BvJP9d.png
After: https://imgur.com/10FanNr.png
Fixed: chromium:1249275
Change-Id: Ib06f945ba21f1e06ee9b13a1363fad342464fd9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197712
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77183}
We implement two optimizations for trap conditionals for patterns that
come up in wasm-gc.
In case of a Merge followed by a trap, where the path conditions of all
branches of the Merge contain the trap condition, we lift the trap into
the branches of the Merge.
In case of a Branch whose IfTrue branch is followed by a TrapIf with the
same condition, we replace it with the trap followed by the IfFalse
branch. Symmetrically for IfFalse and TrapUnless.
Bug: v8:7748
Change-Id: I43040aebe60eab7b2230fc3130e3b8250e8b2f45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190109
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77181}
Port 3e3a027da1
Original Commit Message:
Irregexp reentrancy (crrev.com/c/3162604) introduced a bug for global
regexp execution in which each iteration would use a new stack region
(i.e. we forgot to pop the regexp stack pointer when starting a new
iteration).
This CL fixes that by popping the stack pointer on the loop backedge.
At a high level:
- Initialize the backtrack_stackpointer earlier and avoid clobbering
it by setup code.
- Pop it on the loop backedge.
- Slightly refactor Push/Pop operations to avoid unneeded memory
accesses.
R=jgruber@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Iafe6814d3695e83fced6a46209accf5e712d56f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3198391
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77180}
Currently, it is possible to declare macros, builtins, etc., without
specifying a return type, in which case the return type is treated as
void. This is confusing; the code is more clear if we require the return
type to be specified.
Aside from src/torque, this change is almost entirely just adding
`: void` until the compiler is happy. However, two intrinsics in
src/builtins/torque-internal.tq have been corrected to declare an
appropriate return type. Those two intrinsics were only used in code
generated within the compiler after the type-checking phase, so we never
noticed that their return types were declared incorrectly.
Bug: v8:7793
Change-Id: Ib7df88678c25393a9e3eba389a6a1c4d9233dcbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3176502
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77178}
Loop exits are only used during loop unrolling and are then removed, as
they cannot be handled by later optimization stages. Since unrolling
comes before inlining in the compilation pipeline, we should not emit
loop exits in inlined functions.
Bug: v8:12166
Change-Id: I28b3ebaf67c9e15b127eeb1a63906c4ecfd77480
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195871
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77175}
Minor MC does not support processing the specialized remembered set
for ephemeron tables.
Temporarily delegate to the regular write barrier for correctness
until the other barrier is supported.
Bug: v8:12262
Change-Id: Iad74b27f8738237dcc1e146b2df3aa6ed8c9a505
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195895
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77170}
This is a reland of 9495817296
Original change's description:
> [torque] Get rid of @noVerifier annotation
>
> As one small step toward reducing annotations, I propose that all
> classes get generated verifiers unless they've opted out of C++ class
> generation via @doNotGenerateCppClass, and that generated verifiers
> always verify every Torque-defined field. If a generated verifier is
> incorrect, such as for JSFunction or DataHandler, we can just avoid
> calling it and hand-code the verification.
>
> Bug: v8:7793
> Change-Id: I7c0edb660574d0c688a59c7e90c41ee7ad464b42
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171758
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#77145}
Bug: v8:7793
Change-Id: I3da34705bf9fc2b1886161f8f59c7275583f7fc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194812
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77168}
We currently could produce the error message 'not enough arguments on
the stack for block, expected 0 more'. This CL fixes this by printing
the available number of arguments and the needed number, and adds
DCHECKs to catch similar miscomputations in the future.
It also adds a new test that produced the broken error before, and
includes the expected failure message in a few more tests for
robustness.
R=manoskouk@chromium.org
Change-Id: Ia08863889ae36ae0a05d96d36e92295b7159a01e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194264
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77167}
The test allocates a lot of wasm memories. This got a low slower after
https://crrev.com/c/3190476, because we can now allocate more than 102
memories, and do not explicitly trigger a GC any more to get rid of
unused memories.
We should figure out how to tell the GC about the external memory such
that the memories get collected earlier.
R=ahaas@chromium.org
Bug: v8:12076, v8:12278
Change-Id: I9b8795a9999a806380d86f22e751de2727942648
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3196131
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77164}
The address space limit puts an arbitrary cap on the total reservation
size, thus limiting the total number of Wasm memories to around 100 on
64-bit systems.
Since the usable address space on 64 bit is much larger than the
1TB+4GB limit, this makes us reject code that we could otherwise just
execute.
This CL thus removes that limit completely.
See the linked issue for more discussion, including security
considerations.
R=jkummerow@chromium.org, rsesek@chromium.org
Bug: v8:12076
Change-Id: I1f61511d68efdab1f8cef4e09c0a39fc1d6fed60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190476
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77161}
It's confusing that we have CSA_CHECK and CSA_ASSERT and it's not
clear from the names that the former works in release mode and the
latter only in debug mode.
Renaming CSA_ASSERT to CSA_DCHECK makes it clear what it does. So now
we have CSA_CHECK and CSA_DCHECK and they're not confusing.
This also renames assert() in Torque to dcheck().
Bug: v8:12244
Change-Id: I6f25d431ebc6eec7ebe326b6b8ad3a0ac5e9a108
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190104
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77160}
Irregexp reentrancy (crrev.com/c/3162604) introduced a bug for global
regexp execution in which each iteration would use a new stack region
(i.e. we forgot to pop the regexp stack pointer when starting a new
iteration).
This CL fixes that by popping the stack pointer on the loop backedge.
At a high level:
- Initialize the backtrack_stackpointer earlier and avoid clobbering
it by setup code.
- Pop it on the loop backedge.
- Slightly refactor Push/Pop operations to avoid unneeded memory
accesses.
Bug: v8:11382
Change-Id: Ibad6235767e110089a2b346034f923590b286a05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194251
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77158}
The V8 Inspector was sending an additional frame as part of async stack
traces for async functions, which pointed to the first executed `await`
in the async function. This is leaking an implementation detail of how
(and more precisely when) the inspector decides to collect this stack
trace. From the users perspective the async part of the stack trace is
supposed to capture what happened _prior to the task_ - meaning in case
of async functions: What lead to the execution of the async function.
This is reflected by the fact that the DevTools front-end (and the V8
Inspector itself) performs post-processing on these async call stacks,
removing the misleading top frame from it. But this post-processing is
not applied consistently to all async stack traces (i.e. the Console
message stack traces don't get this), and potentially also not applied
consistently across consumers of the Chromium debugger backend.
Instead the V8 Inspector now removes the top frame itself and thus
reports `await` consistently with how other async tasks are reported to
debugger front-ends.
Note: This preserves backwards compatibility with old versions of
devtools-frontend, which do post-processing (for the Call Stack) only on
async stack traces marked with "async function", while we now mark these
async stack traces with "await" instead (aligned with what the front-end
is using as user visibile string anyways in the Call Stack section, and
this matching will be updated in a separate follow up CL to look for
"await" instead of "async function").
Before: https://imgur.com/kIrWcIc.png
After: https://imgur.com/HvZGqiP
Fixed: chromium:1254259
Bug: chromium:1229662
Change-Id: I57ce051a28892177b6b96221f083ae957f967e52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193535
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77157}
Load instance type into a register instead of using memory operands for
several checks on ia32 and x64.
Drive-by: Name used registers in Generate_Call/Generate_Construct
Change-Id: I289c5e420fa03ca639c9b78266560cafb166f6f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190099
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77156}
It also updates the scripts to support Python3
Bug: chromium:1245634
Change-Id: Iffe29bacfd788575b35da6449d5830fc665da7a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194259
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77155}
Due to MIPS64 ISA feature, 32-bit values should be sign-extended
in 64-bit registers, no matter it's signed or unsigned.
Besides, LoongArch64 also has this feature, and a similar change
has been made before loong64 port's land in V8. This CL also make
a small fix for loong64.
Change-Id: Ib284662931082365f727925af61781e3653debc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193595
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#77154}
I'm trying to remove annotations and make behavior more consistent. For
@generatePrint, there are two options: either generate printers for
every extern class, or never generate printers for extern classes. This
change implements the option of always generating printers. Classes that
require custom printing can easily hide the generated printer by using
DECL_PRINTER. This causes the generated file
gen/torque-generated/objects-printer.cc to grow to 1600 lines, including
many functions that are never used, but I think the consistency benefit
outweighs a little more compilation time on one file. This change also
removes custom printers in cases where the generated printer includes
all of the same content.
If folks would prefer the option to never generate printers, I'm open to
doing that instead. I like the notion that generating more code could
reduce the friction of adding new classes and thereby encourage people
to define precise types rather than using FixedArrays, but the current
implementation of generated printers is limited, and many printers have
been customized to show the data that matters the most. Unlike verifiers
and body descriptors, there are no correctness or safety concerns with
hand-written printers.
Some bugs showed up once we start generating printers for everything,
and this change fixes them:
- Printers incorrectly included ungettable fields like padding
- Printers called getters which might be hidden by hand-written classes
- The generated getter for Map::instance_type used
ReadField<InstanceType>, which is not an arithmetic type since it's an
enum
One more tiny drive-by fix: added a missing newline in the printers for
JSMap and JSSet.
Bug: v8:7793
Change-Id: Ib9e9575fbcb57879935ff18bf4db49fe276d2966
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172190
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#77152}
Nobody uses the generated *_FIELDS macros anymore, so we can remove
them. I also renamed the generated file to represent its content better.
Bug: v8:7793
Change-Id: I49ab39e363d6961e7210cd67018b6fb83b65a162
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3192191
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#77151}
This fixes a long-standing TODO to disallow importing receivers that
have "toString" or "valueOf" patched. Calling those methods could have
observable side effects, so allowing that would require bigger
refactorings to ensure that we only call each such function exactly once
per import, and in the right order.
Since this use case is rare, we just forbid importing such receivers.
R=jkummerow@chromium.org
Bug: chromium:1248677
Change-Id: I99bbd7db950ec3c7ac9cc1f59e8c476688e7d7b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190475
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77149}
Port: 1cd7a58223
Original Commit Message:
Class Constructors are special, because they are callable but [[Call]]
raises an exception. Instead of checking if a JS function is a class
constructor for every JS function call, this CL adds a new instance
type for class constructors.
This way we can use a fast instance type range check for the common
case, and only check for class constructors in the uncommon case were
a class constructor is called and when we need to raise an exception.
Change-Id: I578fde90d00d1e80cf36ba28205ce9bfe6830afb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3192422
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77147}
This reverts commit 9495817296.
Reason for revert: Breaks arm/arm64 ports, e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim/30120/blamelist
Original change's description:
> [torque] Get rid of @noVerifier annotation
>
> As one small step toward reducing annotations, I propose that all
> classes get generated verifiers unless they've opted out of C++ class
> generation via @doNotGenerateCppClass, and that generated verifiers
> always verify every Torque-defined field. If a generated verifier is
> incorrect, such as for JSFunction or DataHandler, we can just avoid
> calling it and hand-code the verification.
>
> Bug: v8:7793
> Change-Id: I7c0edb660574d0c688a59c7e90c41ee7ad464b42
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171758
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#77145}
Bug: v8:7793
Change-Id: I56da8a9726d23470e927be1be5e7bcede1399861
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194262
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Owners-Override: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#77146}
As one small step toward reducing annotations, I propose that all
classes get generated verifiers unless they've opted out of C++ class
generation via @doNotGenerateCppClass, and that generated verifiers
always verify every Torque-defined field. If a generated verifier is
incorrect, such as for JSFunction or DataHandler, we can just avoid
calling it and hand-code the verification.
Bug: v8:7793
Change-Id: I7c0edb660574d0c688a59c7e90c41ee7ad464b42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171758
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#77145}
This is a reland of e47f920071
Relanding for clang only.
GCC and MSVC will not inline.
Original change's description:
> cppgc: Inline allocation fast path across api boundary
>
> Bug: chromium:1239030, chromium:1056170
> Change-Id: I4a559027e63ebbd99e51344aa659d4fb284df88f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190094
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77124}
Bug: chromium:1239030, chromium:1056170
Change-Id: Iaa52118ea0e6ccd78f5e7818fa30ed163906da83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3191211
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77144}
Class Constructors are special, because they are callable but [[Call]]
raises an exception. Instead of checking if a JS function is a class
constructor for every JS function call, this CL adds a new instance
type for class constructors.
This way we can use a fast instance type range check for the common
case, and only check for class constructors in the uncommon case were
a class constructor is called and when we need to raise an exception.
Change-Id: Ic6fdd9829722d05559fdfd01f6100c61873a0872
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3186434
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77140}
During a final atomic pause CrossThreadPersistent handles need to be
frozen after they have been marked to avoid any
WeakCrossThreadPersistent handles creating new strong references
(through their Lock() call) that would retain objects.
Handles are frozen by acquiring a lock. Since this lock is also taking
by other threads on WCTP::Lock() this can introduce jank.
This CL improves the situation by delaying processing of CTP
references until absolutely necessary, i.e., when we have otherwise no
more objects to mark.
Bug: chromium:1252743
Change-Id: I872f38c6d24d7955bea74fd59685abd3019b385e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194253
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77139}
.. and refactor js-regexp.h.
- Hide the generic DataAt/SetDataAt accessors and replace them by
dedicated accessors. Use the common lower_case naming scheme for
these.
- Shuffle around definitions in js-regexp.h s.t. they are in a
meaningful order.
- Dedupe the source/flags accessors - these fields are stored both
on the instance and on the data array. We keep only accessors for
the instance. Previously, these were disambiguated through naming
oddities (e.g. Pattern() returned data->source).
Change-Id: I3d53c8b095f0d59621ff779608438f7fa5e8c92a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193534
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77138}
