Given a map, its HasNonInstancePrototype bit in bit_field can differ
from the same bit in that map's root map. If that is the case just
return false from the equivalence check. (Currently, we just assert
that bit_field is the same for a map and its root map.)
Bug: chromium:930486
Change-Id: Ic0eb83f80725fb1224e0f97927127e1cb8ad92e6
Reviewed-on: https://chromium-review.googlesource.com/c/1462004
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59508}
Fixes a segfault that occurs when v8::CpuProfilers are restarted caused
by the reuse of a stale CodeEventObserver.
Bug: chromium:929928
Change-Id: I5d5f7eaf5cd903910130cdb0cfec8c3fd6608edd
Reviewed-on: https://chromium-review.googlesource.com/c/1459740
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59506}
The spec specifies that a non-true return values from the trap functions
should be treated as error in the strict mode. With the new lazy feedback
effort inferring the language mode is expensive and causes regression on
these tests. Since the test doesn't actually need to test this, fixing
them to return true would help test the performance of calling the trap
without the unnecessary overhead of inferring the language mode.
Bug: chromium:925289
Change-Id: Ib650c3210ee260296257ae3b56174099a5492675
Reviewed-on: https://chromium-review.googlesource.com/c/1462959
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59505}
The test says that it is testing dictionary mode, but it is only
creating fast mode arrays.
Bug: chromium:852420
Change-Id: I99ccc997aaa87ecf49bddf02e46b7e543f535374
Reviewed-on: https://chromium-review.googlesource.com/c/1462918
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59504}
tagged fields.
Implemented TurboAssembler::StoreTaggedField for tagged fields's store.
Instead of pushes like x64 does, in arm64 do loads due to doing a
load-poke combination rather than just a push.
See https://chromium-review.googlesource.com/c/v8/v8/+/1382740 for the x64
version.
Bug: v8:7703
Change-Id: I79fbba4b03260c0dba5624e990c5af51290b28c6
Reviewed-on: https://chromium-review.googlesource.com/c/1462956
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59502}
This CL introduces TurboAssembler::LoadTaggedPointerField() and
TurboAssembler::LoadAnyTaggedField(), which respectively loads a field
containing a HeapObject, or any tagged value, and decompresses it if necessary.
Bug: v8:7703
Change-Id: I71ace74d7433a3a78d56bdcef6d2ec041df630e4
Reviewed-on: https://chromium-review.googlesource.com/c/1456098
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59501}
Port 9e060e47c6
Original Commit Message:
When BUILDING_V8_SHARED in release builds __declspec(dllexport)
causes generation of implicit constructors in the forwarding class
while its deleted in TurboAssemblerBase, which leads to compilation
errors like:
In file included from gen/v8/v8_base_jumbo_6.cc:41:
In file included from .\../../v8/src/interface-descriptors.cc:7:
In file included from ../../v8\src/macro-assembler.h:40:
../../v8\src/x64/macro-assembler-x64.h(92,9): error: call to deleted constructor of 'v8::internal::TurboAssemblerBase'
: TurboAssemblerBase(std::forward<Args>(args)...) {}
^ ~~~~~~~~~~~~~~~~~~~~~~~~
../../v8\src/x64/macro-assembler-x64.h(536,25): note: in instantiation of function template specialization 'v8::internal::TurboAssembler::TurboAssembler<v8::internal::TurboAssembler>' requested here
class V8_EXPORT_PRIVATE MacroAssembler : public TurboAssembler {
^
../../v8\src/turbo-assembler.h(127,34): note: 'TurboAssemblerBase' has been explicitly marked deleted here
DISALLOW_IMPLICIT_CONSTRUCTORS(TurboAssemblerBase);
^
1 error generated.
The original changes were made in https://chromium-review.googlesource.com/c/v8/v8/+/1414913R=hop2deep@gmail.com, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I2a6e555b028583b89402b257e40757f34f3301c1
Reviewed-on: https://chromium-review.googlesource.com/c/1463179
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#59499}
Then the various methods that take receiver maps don't need to
worry about deprecated maps.
Change-Id: I09c53939275b1af19d54430bfecb23809a4257c2
Reviewed-on: https://chromium-review.googlesource.com/c/1458243
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59496}
When executing the interpreter, we should not try to create compiled
code. Otherwise we cannot implement and test a feature in the
interpreter in isolation.
R=ahaas@chromium.orgCC=fgm@chromium.org
Change-Id: I2074de31650a52b38b2f6e530e20b427d2d1db65
Reviewed-on: https://chromium-review.googlesource.com/c/1462876
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59493}
This CL prepares stack trace capturing for the switch from using
plain StackFrameInfos to StackTraceFrames backed by a FrameArray.
To reuse the caching mechanism, the relevant code is extracted into
a helper, as the CaptureStackTraceHelper class will be removed
in a future CL.
R=jgruber@chromium.org
Bug: v8:8742
Change-Id: I794faac09f414daf7946625606af7d7aa1630cde
Reviewed-on: https://chromium-review.googlesource.com/c/1460473
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59492}
For unknown reasons, we didn't try to update deprecated maps when
taking the shortcut for compatible element kinds.
Change-Id: I78f70f1d98acd40cfc6687f0b087182849a0188e
Reviewed-on: https://chromium-review.googlesource.com/c/1454722
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59491}
This automatically fixes another place in element access where the check
was missing.
Change-Id: I585079d76c03903f3486ec9e001a51a131259c0b
Reviewed-on: https://chromium-review.googlesource.com/c/1460950
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59490}
This make things more readable.
Change-Id: I1373a4d67de4b4dd8ec9f68b5a672dabc68daf67
Reviewed-on: https://chromium-review.googlesource.com/c/1460951
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59489}
That way we can properly walk the active ambiguous stack of expressions and
stop where it's non-ambiguous. In the bug we would have forced context
allocation of "this" in an outer function because an inner function was parsed
as part of an arrow function head and "this" was referenced. That caused the
ambiguous arrow head scope to be marked, even though the reference came from a
non-ambiguous function.
Bug: chromium:930580
Change-Id: I0bf0fa569e2d2ca1dc26b0514fe5bdb48ab7ae6f
Reviewed-on: https://chromium-review.googlesource.com/c/1462005
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59488}
This is a reland of 7179cdb116
The node integration build failure appears to be constant.
Original change's description:
> Reland "Introduce a PREMONOMORPHIC state to StoreGlobalIC"
>
> (Fixed test failure in lite-mode)
>
> Introduce a PREMONOMORPHIC state to StoreGlobalIC
>
> It's used rather narrowly for now -- only when we run into an
> interceptor during the lookup. After the call to SetProperty, we know
> more. That is, the interceptor was only there because it's a new
> property, and the call to SetProperty ends up creating it.
>
> By delaying the initialization of the IC, we recognize the (now)
> created property, and can provide good feedback downstream to
> TurboFan.
>
> TBR=ishell@chromium.org
>
> Bug: v8:8712
> Change-Id: Ieb79dcf1354ee294ad0f479a4a6c41a77f389850
> Reviewed-on: https://chromium-review.googlesource.com/c/1460955
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59483}
TBR=ishell@chromium.org
Bug: v8:8712
Change-Id: I31aa4c066ff46cb39187eed392313d2e524f4445
Reviewed-on: https://chromium-review.googlesource.com/c/1461998
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59485}
This reverts commit 7179cdb116.
Reason for revert: Breaks node integration build.
Original change's description:
> Reland "Introduce a PREMONOMORPHIC state to StoreGlobalIC"
>
> (Fixed test failure in lite-mode)
>
> Introduce a PREMONOMORPHIC state to StoreGlobalIC
>
> It's used rather narrowly for now -- only when we run into an
> interceptor during the lookup. After the call to SetProperty, we know
> more. That is, the interceptor was only there because it's a new
> property, and the call to SetProperty ends up creating it.
>
> By delaying the initialization of the IC, we recognize the (now)
> created property, and can provide good feedback downstream to
> TurboFan.
>
> TBR=ishell@chromium.org
>
> Bug: v8:8712
> Change-Id: Ieb79dcf1354ee294ad0f479a4a6c41a77f389850
> Reviewed-on: https://chromium-review.googlesource.com/c/1460955
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59483}
TBR=mvstanton@chromium.org,ishell@chromium.org
Change-Id: Ifd45908ee66760ef9199d9722b7e558c31f77830
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8712
Reviewed-on: https://chromium-review.googlesource.com/c/1461997
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59484}
(Fixed test failure in lite-mode)
Introduce a PREMONOMORPHIC state to StoreGlobalIC
It's used rather narrowly for now -- only when we run into an
interceptor during the lookup. After the call to SetProperty, we know
more. That is, the interceptor was only there because it's a new
property, and the call to SetProperty ends up creating it.
By delaying the initialization of the IC, we recognize the (now)
created property, and can provide good feedback downstream to
TurboFan.
TBR=ishell@chromium.org
Bug: v8:8712
Change-Id: Ieb79dcf1354ee294ad0f479a4a6c41a77f389850
Reviewed-on: https://chromium-review.googlesource.com/c/1460955
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59483}
This reverts commit ec06b5c456.
Reason for revert: Breaks "lite" builder.
Original change's description:
> Introduce a PREMONOMORPHIC state to StoreGlobalIC
>
> It's used rather narrowly for now -- only when we run into an
> interceptor during the lookup. After the call to SetProperty, we know
> more. That is, the interceptor was only there because it's a new
> property, and the call to SetProperty ends up creating it.
>
> By delaying the initialization of the IC, we recognize the (now)
> created property, and can provide good feedback downstream to
> TurboFan.
>
> Bug: v8:8712
> Change-Id: I4e10ba220c8363b393c6de84ce35fe5ef0e9c427
> Reviewed-on: https://chromium-review.googlesource.com/c/1456090
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59481}
TBR=mvstanton@chromium.org,ishell@google.com,ishell@chromium.org
Change-Id: I072a55275d64315924090a68247bb430f5c4f03d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8712
Reviewed-on: https://chromium-review.googlesource.com/c/1460954
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59482}
It's used rather narrowly for now -- only when we run into an
interceptor during the lookup. After the call to SetProperty, we know
more. That is, the interceptor was only there because it's a new
property, and the call to SetProperty ends up creating it.
By delaying the initialization of the IC, we recognize the (now)
created property, and can provide good feedback downstream to
TurboFan.
Bug: v8:8712
Change-Id: I4e10ba220c8363b393c6de84ce35fe5ef0e9c427
Reviewed-on: https://chromium-review.googlesource.com/c/1456090
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59481}
Bailout from map update if there are private symbol transitions on
non-extensible maps.
Bug: chromium:930045
Change-Id: I02fbea0ec0afde07cded688c06122d8f2bb25921
Reviewed-on: https://chromium-review.googlesource.com/c/1460949
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59480}
HeapObject::SizeFromMap() was too large to get inlined anyway.
HeapObject::IsFoo() predicates should be implemented in foo-inl.h,
because that's what they depend on.
This patch also fixes up includes: dropping unnecessary ones from
object-inl.h, and adding them in other places that previously
relied on getting them transitively.
Bug: v8:8562
Change-Id: Id062bed67257d9dc1899f2d71f44cf69a1368c83
Reviewed-on: https://chromium-review.googlesource.com/c/1450778
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59478}
This is a reland of 048a3a3ecb
Original change's description:
> [Intl] Cleans up intl-relative-time-format flag
>
> Cleans up always=true intl-relative-time-format flag
> It shipped in m71 in Dec 2018.
>
> Bug: v8:8704
> Change-Id: I52d86aea9aedf201a216a1df0773a486fbee37b9
> Reviewed-on: https://chromium-review.googlesource.com/c/1417299
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58904}
Bug: v8:8704
Change-Id: I0b3c58b89a81200e9ac8303494317d21d8936319
Reviewed-on: https://chromium-review.googlesource.com/c/1420360
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59475}
This commit allows inlining of Array#indexOf and Array#includes when the array type is polymorphic for types that are compatable for array iteration.
Bug: v8:8388
Change-Id: Ib826bad857c7dfe0ee7af99bb456b50b7a8b6ef9
Reviewed-on: https://chromium-review.googlesource.com/c/1450137
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59473}
... in favor of [Full]MaybeObjectSlot and finally make deserializer
pointer compression friendly.
Bug: v8:8794
Change-Id: I23e5b119ccfe7d0c12c15a857978d89813e0522f
Reviewed-on: https://chromium-review.googlesource.com/c/1460460
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59472}
... and update the list of unused bytecodes.
This CL also drops kInternalReferenceEncoded as all necessary details
are already encoded in RelocInfo.
Bug: v8:8794, v8:8562
Change-Id: Ia8aec1f4bcf9802fe15322bd6bb273218d8959fa
Reviewed-on: https://chromium-review.googlesource.com/c/1460459
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59471}
When creating the results object for an exec call, V8 is calling into a
runtime helper once per named capture group. It can instead create that
object without any runtime calls, using existing CSA helpers. The only
additional cost of this approach is that it internalizes the capture
group names at regex compilation time, even if the script never calls
exec on that regex.
Bug: v8:6914
Change-Id: I58975b8d7aea05f8c67ae087608715099f62fc48
Reviewed-on: https://chromium-review.googlesource.com/c/1454268
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#59470}
--parse-only only invokes the parser but does not compile / run the scripts
--max-lazy ignores eager compilation hints from IIFE.
Change-Id: Icd156cab16d796b9f676b95bb1542ad07c67546d
Reviewed-on: https://chromium-review.googlesource.com/c/1460939
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59469}
Instead of eliminating bounds checks based on types, we introduce
an aborting bounds check that crashes rather than deopts.
Bug: v8:8806
Change-Id: Icbd9c4554b6ad20fe4135b8622590093679dac3f
Reviewed-on: https://chromium-review.googlesource.com/c/1460461
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59467}
Change-Id: Ie996f5da3f2f4a45b5664e33833362b8d13c476c
Reviewed-on: https://chromium-review.googlesource.com/c/1460943
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59466}
This patch ensures that the serializer does not read the field of
the DescriptorArray that can be changed concurrently by GC.
Bug: v8:8803
Change-Id: I849fd2278abd228a46351ab18efb8bfd201ceafc
Reviewed-on: https://chromium-review.googlesource.com/c/1458239
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59465}