This CL simplifies the implementation of inlined DataView
methods in TurboFan. It removes the explicit exception handling,
and just deopts and relies on the baseline code to handle
exceptions instead.
It also adapts the DataView test files in mjsunit/compiler/
accordingly.
Change-Id: I013c76970e1480df2b755d17d397bd0f9f26f0ec
Reviewed-on: https://chromium-review.googlesource.com/1148207
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54648}
TestHeapRootsNotReadOnly was mistakenly checking for exceptions to the
rule by comparing the value of the root rather than the address. Since
several roots point to UndefinedValue, this meant that only one of the
matching roots had to be in the list.
This fixes it by instead getting a Handle from Factory and using the
address() method to check whether the roots match the exception list.
Also adds detached_contexts, feedback_vectors_for_profiling_tools,
microtask_queue, serialized_global_proxy_sizes and serialized_objects to
the exception list now that the test is working properly.
Change-Id: I599d584f94797a256d1c8c24c0fa2848ca1ca1df
Reviewed-on: https://chromium-review.googlesource.com/1148331
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54647}
This is a preparatory CL that refactors the WASM memory allocation path,
the WasmGraphBuilder, and several points of contact for ArrayBuffers to
allow them to eventually be up to 4GiB.
1.) Refactor definition of constants to prepare for memories of size 2^32
2.) Refactor WasmInstanceObject fields memory_size and memory_mask to
be stored as uintptr_t
3.) Refactor WasmGraphBuilder to use 64-bit comparisons for bounds checks
4.) Refactor JSArrayBuffer accessor methods to use size_t properly.
5.) Add empirical maximum memory and array buffer size tests
R=mstarzinger@chromium.org
BUG=v8:7881
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I78a49069cfa89757cc93f0a30b1c1a99c4b2edba
Reviewed-on: https://chromium-review.googlesource.com/1112003
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54646}
It indexes a FixedArray out of bounds, accessing an arbitrary object which
happens to be in that location. Now the object can also be an in-place weak ref,
which will cause a crash when trying to use it.
BUG=v8:5651
Change-Id: I73e4169e573ecb23e383970d7db336be08f5903c
Reviewed-on: https://chromium-review.googlesource.com/1148055
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54632}
Replace most uses of ZoneList in the parser with ZoneChunkList, which is
more Zone allocation friendly. Includes rewriting some index-based loops
as iterator-based, since ZoneChunkList random access isn't constant
time.
Bug: v8:7754
Change-Id: I49052b8afb90a4f3bfbe4076c2f90505b598e47a
Reviewed-on: https://chromium-review.googlesource.com/1145382
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54631}
We'll soon start collecting data from the JS heap prior to the typed
lowering pass, and then refrain from reading the heap in that pass.
This CL prepares the broker machinery by introducing a hash table that
maps an object (handle) to the corresponding cached data. For the time
being, that cached data is essentially just the handle itself.
Bug: v8:7790
Change-Id: I830e9c72faafb7ae1d10e8a111636b3a3762bbc6
Reviewed-on: https://chromium-review.googlesource.com/1143405
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54618}
If an exception is thrown in instrumented async code, for instance
await import('non-existing-module')
it should be correctly reported by the hooks that run around this code.
Also calling ToLocalChecked() on the hook result is wrong if the hook
has thrown an exception.
Bug: chromium:865892
Change-Id: I5712376fe4426a3e49223d821e4647150887a258
Reviewed-on: https://chromium-review.googlesource.com/1146561
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54610}
This is a reland of 9eca23e9ed
Adds a deopt continuation, which fixes JavaScript stack traces
to contain the number constructor after inlining.
Original change's description:
> [turbofan] Inline Number constructor in certain cases
>
> This CL adds inlining for the Number constructor if new.target is not
> present. The lowering is BigInt compatible, i.e. it converts BigInts to
> numbers.
>
> Bug: v8:7904
> Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82
> Reviewed-on: https://chromium-review.googlesource.com/1118557
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54454}
Bug: v8:7904
Change-Id: Ic416e5ba81fa3a0f59ae4afa80df83c46a759487
Reviewed-on: https://chromium-review.googlesource.com/1146581
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54609}
This reverts commit a462a7854a.
Reason for revert: Breaks a TurboAssembler test:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Arm/7726
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
TBR=mstarzinger@chromium.org,clemensh@chromium.org
Change-Id: I60c011cfe262ccebbb9abf32699a9fe17e72a3c8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:863799
Reviewed-on: https://chromium-review.googlesource.com/1145431
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54597}
As discussed in
https://docs.google.com/document/d/1sBdGe8RHgeYP850cKSSgGABTyfMdvaEWLy-vertuTCo/edit?ts=5b3ba5cc#,
this CL introduces a new bytecode (CloneObject), and a new IC type.
In this prototype implementation, the type feedback looks like the
following:
Uninitialized case:
{ uninitialized_sentinel, uninitialized_sentinel }
Monomorphic case:
{ weak 'source' map, strong 'result' map }
Polymorphic case:
{ WeakFixedArray with { weak 'source' map, strong 'result' map }, cleared value }
Megamorphic case:
{ megamorphic_sentinel, cleared_Value }
In the fast case, Object cloning is done by allocating an object with
the saved result map, and a shallow clone of the fast properties from
the source object, as well as cloned fast elements from the source object.
If at any point the fast case can't be taken, the IC transitions to the
slow case and remains there.
This prototype CL does not include any TurboFan optimization, and the
CloneObject operation is merely reduced to a stub call.
It may still be possible to get some further improvements by somehow
incorporating compile-time boilerplate elements into the cloned object,
or simplifying how the boilerplate elements are inserted into the
object.
In terms of performance, we improve the ObjectSpread score in JSTests/ObjectLiteralSpread/
by about 8x, with substantial improvements over the Babel and ObjectAssign scores.
R=gsathya@chromium.org, mvstanton@chromium.org, rmcilroy@chromium.org, neis@chromium.org, bmeurer@chromium.org
BUG=v8:7611
Change-Id: I79e1796eb77016fb4feba0e1d3bb9abb348c183e
Reviewed-on: https://chromium-review.googlesource.com/1127472
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54595}
For checks and assertions (mostly for debug code, like stack alignment
or zero extension), we had two modes: Emit a call to the {Abort}
runtime function (the default), and emit a debug break (used for
testing, enabled via --trap-on-abort).
In wasm, where we cannot just call a runtime function because code must
be isolate independent, we always used the trap-on-abort behaviour.
This causes problems for our fuzzers, which do not catch SIGTRAP, and
hence do not detect debug code failures.
This CL introduces a third mode ("hard abort"), which calls a C
function via {ExternalReference}. The C function still outputs the
abort reason, but does not print the stack trace. It then aborts via
"OS::Abort", just like the runtime function.
This will allow fuzzers to detect the crash and even find a nice error
message.
Even though this looks like a lot of code churn, it is actually not.
Most added lines are new tests, and other changes are minimal.
R=mstarzinger@chromium.org
Bug: chromium:863799
Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
Reviewed-on: https://chromium-review.googlesource.com/1142163
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54592}
Currently AtomicStores use AtomicExchange to store to memory, but
AtomicExchange produces an output that is ignored by the AtomicStore
visitor, a side effect of this is that a register already in use gets
overwritten by the output of the exchange.
BUG:v8:7602
Change-Id: I4ec3107a0a27503611e349e6f56ca9492d05d9f8
Reviewed-on: https://chromium-review.googlesource.com/1134576
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54565}
CHECK is accessing 1 byte across object boundary because
*expect and *actual will return the object address with
tag. And memcmp should return 0 if we expect (expected == actual)
R=cbruni@chromium.org, gsathya@chromium.org, ishell@chromium.org
Bug: v8:6443, v8:7569
Change-Id: I316e450a80400cea4c9394dbe470932a1f30cea5
Reviewed-on: https://chromium-review.googlesource.com/1142351
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#54561}
This CL changes Array.p.fill to use the baseline implementation
for everything other than JSArray.
One of the reasons is that shadowing the length property on
TypedArrays (and other ElementsKinds) is allowed and should be
respected by Array.p.fill. The fast-path for fill for TypedArrays
expects the indices to be clamped to the actual length of the
underlying backing store and not to some length property.
While this mismatch (and others) could probably be handled properly,
we do the conservative thing and only use the fast-path for specific
JSArrays.
R=jgruber@chromium.org
Bug: chromium:865312
Change-Id: Ib3050e3bfc22d47ca8597b6df34788dc2b59b6e1
Reviewed-on: https://chromium-review.googlesource.com/1142772
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#54558}
Change many uses of deprecated methods returning Locals to use the
MaybeLocal versions.
Also fix uses of Utf8Length to use the Isolate versions.
Bug: v8:7754
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib89df12e6cc5ca50296d21b2bb51a3f3ed065dd4
Reviewed-on: https://chromium-review.googlesource.com/1142779
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54550}
This reverts commit 9eca23e9ed.
Reason for revert: Clusterfuzz correctness issue
Original change's description:
> [turbofan] Inline Number constructor in certain cases
>
> This CL adds inlining for the Number constructor if new.target is not
> present. The lowering is BigInt compatible, i.e. it converts BigInts to
> numbers.
>
> Bug: v8:7904
> Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82
> Reviewed-on: https://chromium-review.googlesource.com/1118557
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54454}
TBR=jarin@chromium.org,neis@chromium.org,sigurds@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7904
Change-Id: Ie5fa6c1262b8acc33edb672a0124f4458fcded86
Reviewed-on: https://chromium-review.googlesource.com/1142777
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54544}
Remove the function identifier field from SharedFunctionInfo. This field
would store one of a) the function's inferred name, b) the "builtin
function id", or c) debug info. We remove these in turn:
a) The function's inferred name is available on the ScopeInfo, so like
the start/end position we read it off either the ScopeInfo (for
compiled functions) or the UncompiledData (for uncompiled functions).
As a side-effect, now both UncompiledData and its subclass,
UncompiledDataWithPreparsedScope, contain a pointer field. To keep
BodyDescriptors manageable, we introduce a SubclassBodyDescriptor
which effectively appends two BodyDescriptors together.
b) The builtin function id is < 255, so we can steal a byte from
expected no. of properies (also <255) and store these together.
Eventually we want to get rid of this field and use the builtin ID,
but this is pending JS builtin removal.
As a side-effect, BuiltinFunctionId becomes an enum class (for better
storage size guarantees).
c) The debug info can hang off anything (since it stores the field it
replaces), so we can attach it to the script field instead.
This saves a word on compiled function (uncompiled functions
unfortunately still have to store it in UncompiledData).
Bug: chromium:818642
Change-Id: I8b4b3a070f0fe328aafcaeac58842d144d12d996
Reviewed-on: https://chromium-review.googlesource.com/1138328
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54543}
The WebAssembly spec is not fully deterministic: the sign bit of NaN
can be arbitrary. This sign bit can be observed by several WebAssembly
opcodes. In the testcase the sign bit of NaN makes the difference
between terminating code and an infinite loop.
In the libfuzzer fuzzer we have to prevent infinite loops ourselves.
At the moment we do this by only execute generated code of WebAssembly
modules for which the interpretation of the code ends in a limited
number of steps. With the non-determinism described above we cannot
guarantee the absence of infinite loops with this method. Therefore
we stop now to execute generated code of WebAssembly modules for which
we observe possible non-determinism in the interpreter.
R=clemensh@chromium.org
Bug: chromium:863829
Change-Id: I461d67df87d672bed25d6c915ba7ea5134cb5890
Reviewed-on: https://chromium-review.googlesource.com/1141945
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54541}
This CL fixes a bug where a fast-path was used on non-extensible
objects.
R=jgruber@chromium.org
Bug: chromium:865264,chromium:865285
Change-Id: Ie14c95b383a65576799c71576a5c0f9f8e1c29ca
Reviewed-on: https://chromium-review.googlesource.com/1142766
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#54539}
The previous change to futex.js will spawn too many workers in d8 in
some test configurations, which will throw an error.
This CL works around that by spawning fewer workers for the
Atomics.notify tests.
TBR=adamk@chromium.org
Bug: v8:7338
Change-Id: I0f3583781e5352b4d6672d43a087dc56d920122d
Reviewed-on: https://chromium-review.googlesource.com/1142895
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54536}
Turbofan support for property loads from module namespace objects
has been tested by the test/js-perf-tests/Modules/basic-namespace
benchmark, but so far not by the mjsunit suite. This CL adds such
a test.
This is a follow-up to 8d7379c066.
Change-Id: I3c4183d761693199e6bc8740b812279efcd791a0
Reviewed-on: https://chromium-review.googlesource.com/1142594
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54535}
At the May 2018 TC39 meeting, they decided to rename Atomics.wake to
Atomics.notify. This change adds Atomics.notify as an alias, but does
not remove Atomics.wake, which will be removed later.
This allows for embedders to use either name to prevent
breaking tests. When the tests are switched over, we can remove
Atomics.wake.
Bug: v8:7883
Change-Id: If057ebff162bde975c6e1b60d83a4662f144e81f
Reviewed-on: https://chromium-review.googlesource.com/1142290
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54534}
ReadOnlyRoots means that some added Isolate parameters are no longer
needed. So, we can remove them.
This patch was generated mostly automatically with a bespoke tool.
Bug: v8:7786
Bug: v8:7754
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ia44fd2a66652253f780e3674bf7fb431caef0493
Reviewed-on: https://chromium-review.googlesource.com/1136305
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54526}
For a script '()=>42', the anonymous arrow function has both start and
end position the same as the script function itself. This causes issues
when sorting the SourcePositionEvents of the function, in two ways:
* If the start positions are the same, we should order by *furthest*
end position to ensure the stack is in the right order
* If both start and end are the same, we need to order by function
literal id to make sure that start order and end order are inversed.
Also, MapLiterals assumes that start+end position uniquely identifies a
function, which is false in this case, so we process the top-level
script function separately in MapLiterals.
Change-Id: I2b2185dc2825018b7ea44c7d0918238e9b1dd972
Reviewed-on: https://chromium-review.googlesource.com/1141741
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54525}
This CL moves Array.p.fill from JavaScript to a C++ builtin. It has
a generic slow-path and fast-paths implemented via ElementsAccessor in
elements.cc.
R=cbruni@chromium.org
Bug: v8:7624
Change-Id: I8820e1195d2cd9b41c254058923ad9875aab067c
Reviewed-on: https://chromium-review.googlesource.com/1131130
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54522}
This is no longer necessary since we removed the debug context.
R=jgruber@chromium.org
Bug: v8:5530
Change-Id: Ibb9df3a1f139ee076296faedb80204e7fcc23197
Reviewed-on: https://chromium-review.googlesource.com/1134746
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54521}
Strictly speaking there are some left in api.cc, but they are in
deprecated functions with non-deprecated alternatives.
Apart from changes made using tooling, this also modifies
FieldType::AsClass to return Map* rather than Handle<Map> and converts
its call sites to create the Handle when they need it - currently
several sites immediately dereference the Handle.
Also marks WasmDebugInfo as NeverReadOnlySpaceObject so GetIsolate and
GetHeap remain usable.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I7ea5048f97f140c757f651712b8c33a5c7e0ebc1
Reviewed-on: https://chromium-review.googlesource.com/1140302
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54513}
Now we can finally get rid of Map::weak_cell_cache!
BUG=v8:7308
Change-Id: I87a06509bf638bf6833ea2ba1eca525fb4b15df1
Reviewed-on: https://chromium-review.googlesource.com/1128882
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54511}
Struct are bundles of value types. They are essentially just shorthand
for passing around a group of individually defined values.
Struct types are declared like this:
struct A {
x: Smi;
y: int32;
}
and can be constructed explicitly like this:
A{0, 0}
Structs can be used wherever other types are used (e.g. variables,
parameters, return values) except for parameter/return types of
builtins and runtime functions.
Struct use field access notation to set/get their values like this:
let a: A = A{0, 0};
let b: Smi = a.x;
a.y = 0;
Change-Id: I9fd36a6514c37882831256a49a50809c5db75b56
Reviewed-on: https://chromium-review.googlesource.com/1122133
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54501}
i32 stack parameters can be loaded by Turbofan as 64-bit value, hence
they would not be zero extended. If this loaded value is then passed to
Liftoff (which assumes zero-extended i32 values), we could use it for
memory accesses, which would be out of bounds.
R=mstarzinger@chromium.org
Bug: chromium:864509, v8:6600
Change-Id: I0f45a269b1fb1c2befc2e6bc660c559a88323767
Reviewed-on: https://chromium-review.googlesource.com/1140168
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54500}
Pass Isolate directly into several LayoutDescriptor methods so they
don't call GetIsolate on unsafe objects.
Also marks DebugInfo as non-read-only (so our GetIsolate removal tools
stop trying to change BreakIterator::isolate() to call itself).
Bug: v8:7786
Change-Id: I626a83d603ab74f648c72eb50d027b3866cedceb
Reviewed-on: https://chromium-review.googlesource.com/1138326
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54490}
The instruction selector currently sometimes emits a lea32 with an
offset of 0, which the code generator just ignores (emits no code at
all). This can result in the result of TruncateInt64ToInt32 to not be
zero extended.
This CL fixes that by disallowing lea32 instructions with 0 offset, and
fixing the instruction selector to generate a movl or just no code for
that case.
R=jarin@chromium.org
Bug: chromium:863810, v8:7947
Change-Id: I1b21fc5f0fda9ca3144917538c3d0bbf46601c33
Reviewed-on: https://chromium-review.googlesource.com/1137825
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54489}
Ran GetIsolate/GetHeap removal script over all the header files included
into objects.cc. Affected classes include: ScriptContextTable
RuntimeCallTimerScope GlobalDictionaryShape Map LookupIterator
PrototypeIterator FixedArrayBuilder
Manually fixed up Map to mark its write operations as safe for
GetIsolate since they modify the object as so can't be done in RO_SPACE.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2fd0960f085d1bcb4cf54b3418899ac0217917ca
Reviewed-on: https://chromium-review.googlesource.com/1138076
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54488}
This is a reland of f0a9a6a5ad
Original change's description:
> Update GN configs for v8_perf target to allow running perf tests in swarming
>
> This will allow us to migrate our deprecated configs to android_docker.
>
> R=machenbach@chromium.org
>
> Bug: chromium:838864
> Change-Id: I5f7db648520847aa2077e9fc2a5970e63daa9a50
> Reviewed-on: https://chromium-review.googlesource.com/1131944
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54441}
R=machenbach@chromium.org
Bug: chromium:838864
Change-Id: I35e1ab911ac3b5ddd8478faae4799ed5d7bbccbf
Reviewed-on: https://chromium-review.googlesource.com/1139973
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54484}
It's a growing weak array which also has an API for marking slots empty (those
will then be filled before growing the array again).
This is a more efficient implementation than the corresponding feature in
FixedArrayOfWeakCells, because we chain the empty slots together.
BUG=v8:7308
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I335cd3f9cc7838c7f6ca350735b1503b2f5b8eed
Reviewed-on: https://chromium-review.googlesource.com/1090922
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54481}
This CL adds local const bindings. This means that instead of
generating TVARIABLEs for variables, we can generate simple TNodes.
Example:
macro FooBar(): {
const kSomeSmi: Smi = 10;
...
}
This CL also enforces that variables with a constexpr type are bound
using 'const' and not 'let'.
R=tebbi@chromium.org
Bug: v8:7793
Change-Id: Id20a18149df9fc374ce718bdb1478e3eabb6e6df
Reviewed-on: https://chromium-review.googlesource.com/1138316
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54479}
Deprecate String::Utf8Length in favor of a new, similar function that
takes the Isolate used for the String::Flatten call as an argument.
BUG: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Icaf04b272679fd853e9cdbe6c7088f63e9aacb95
Reviewed-on: https://chromium-review.googlesource.com/1124724
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54476}
Use the given locale and options when performing toLocaleString on each
individual element in a given array.
Bug: v8:7832
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I718a33c42e85819065599ee6bad59fb25afa7e15
Reviewed-on: https://chromium-review.googlesource.com/1132464
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54474}
SharedFunctionInfos store their original function literal's id. This is
also their index in the Script's SFI list.
The function literal id is only needed for lazy compilation and live edit,
and access only has to be fast in the former. So, we can move the SFI
function literal id field to UncompiledData, and if patching with live
edit, or discarding compiled code, we can perform a slower linear search
through the Script's SFI list.
This is a reland of
1) https://chromium-review.googlesource.com/1082480 and
2) https://chromium-review.googlesource.com/1128854
the differences being:
1) caching the literal id on UncompiledData rather than always linearly
searching the SFI list, and removing the unused runtime-liveedit.cc
file instead of fixing it to support this change.
2) clearing padding on UncompiledData now that it has 3 int32 fields,
making its end unaligned on x64.
TBR=yangguo@chromium.org,marja@chromium.org,ulan@chromium.org,cbruni@chromium.org
Bug: chromium:818642
Change-Id: I58dcb12a2a60a680f662568da428e01189c62638
Reviewed-on: https://chromium-review.googlesource.com/1138325
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54473}
This reverts commit 1d4a1172f5.
Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/21989
Original change's description:
> [sfi] Remove SFI function literal id field
>
> SharedFunctionInfos store their original function literal's id. This is
> also their index in the Script's SFI list.
>
> The function literal id is only needed for lazy compilation and live edit,
> and access only has to be fast in the former. So, we can move the SFI
> function literal id field to UncompiledData, and if patching with live
> edit, or discarding compiled code, we can perform a slower linear search
> through the Script's SFI list.
>
> This is a reland of
> https://chromium-review.googlesource.com/c/v8/v8/+/1082480
> but caching the literal id on UncompiledData rather than always linearly
> searching the SFI list. Also, removes the unused runtime-liveedit.cc file
> instead of fixing it to support this change.
>
> Bug: chromium:818642
> Change-Id: I977bcca0dc72903ca476a7079d156cc8bbe88fde
> Reviewed-on: https://chromium-review.googlesource.com/1128854
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54464}
TBR=ulan@chromium.org,marja@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org,cbruni@chromium.org,leszeks@chromium.org,verwaest@chromium.org
Change-Id: Icee5ee3ab7688b93e2963f91debed65a58164534
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:818642
Reviewed-on: https://chromium-review.googlesource.com/1138276
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54466}
SharedFunctionInfos store their original function literal's id. This is
also their index in the Script's SFI list.
The function literal id is only needed for lazy compilation and live edit,
and access only has to be fast in the former. So, we can move the SFI
function literal id field to UncompiledData, and if patching with live
edit, or discarding compiled code, we can perform a slower linear search
through the Script's SFI list.
This is a reland of
https://chromium-review.googlesource.com/c/v8/v8/+/1082480
but caching the literal id on UncompiledData rather than always linearly
searching the SFI list. Also, removes the unused runtime-liveedit.cc file
instead of fixing it to support this change.
Bug: chromium:818642
Change-Id: I977bcca0dc72903ca476a7079d156cc8bbe88fde
Reviewed-on: https://chromium-review.googlesource.com/1128854
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54464}
This CL adds inlining for the Number constructor if new.target is not
present. The lowering is BigInt compatible, i.e. it converts BigInts to
numbers.
Bug: v8:7904
Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82
Reviewed-on: https://chromium-review.googlesource.com/1118557
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54454}
- Reorganizes shuffle tests into tabular form.
- Adds a test that composes random numbers of random shuffles to
make new shuffles.
- Adds a test that generates functions to compute a complex expression
consisting of shuffles, and compares interpreter results to compiled
code results.
- Fixes a problem with temp register exhaustion on ARM 32-bit.
- Matches identity shuffles (returning first or second operand
unchanged) and uses EmitIdentity() for these.
Bug: v8:6020
Change-Id: Ie41c14fee52a7406b1d32e731e050096400e12f5
Reviewed-on: https://chromium-review.googlesource.com/1119567
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54446}
This will allow us to migrate our deprecated configs to android_docker.
R=machenbach@chromium.org
Bug: chromium:838864
Change-Id: I5f7db648520847aa2077e9fc2a5970e63daa9a50
Reviewed-on: https://chromium-review.googlesource.com/1131944
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54441}
All auto-generated with some fix-ups including marking the following
classes as NeverReadOnlySpaceObject so their GetIsolate/GetHeap methods
are safe to use:
Code, CodeDataContainer, AbstractCode, DeoptimizationData,
CompilationCacheTable, NormalizedMapCache, Script, SharedFunctionInfo
TBR=yangguo@chromium.org
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I6cb5dcca88a0bc99b5afe80f553e06a661b5da3c
Reviewed-on: https://chromium-review.googlesource.com/1135306
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54439}
The code under test is handling of multi-return values in TurboFan and
hence actually independent of WebAssembly. The only reason to generate
WasmCode is in order to use the WebAseembly linkages. This changes the
generated code to have {STUB} kind instead of {WASM_FUNCTION} kind to
avoid having stack checks in the generated code which would require a
proper WasmInstanceObject to be allocated.
R=ahaas@chromium.org
BUG=chromium:862508
Change-Id: I4feb7bff1a42bbf59cfc5f249f2e0585ce7011ad
Reviewed-on: https://chromium-review.googlesource.com/1136438
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54436}
This removes an occurrence where the "%Foo" native syntax appears as part
of a string. Such strings are picked up by the fuzzer and recombined in
unsupported ways, producing false-positive crash reports. Simply avoid
having those strings in the fuzzing corpus.
R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regress-808848
BUG=chromium:844842
Change-Id: I017c1552578f0d26033e58b11353e87e27a69ebf
Reviewed-on: https://chromium-review.googlesource.com/1136300
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54432}
This CL adds constants that can be defined in the module scope:
const kConstexprConst: constexpr int31 = 5;
const kIntptrConst: intptr = 4;
const kSmiConst: Smi = 3;
They are implemented by generating "mini-macros" that return the
expression on the right-hand side of the assignment.
Bug: v8:7793
Change-Id: I0a476cb3111707fad56bf15e9547b377c7adab37
Reviewed-on: https://chromium-review.googlesource.com/1114745
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54430}
This moves the entire code generation phase (including code emission
into the native module) into the background task. The code manager is
fully thread safe by now and there are no Isolate-bound steps anymore.
The only step remaining on the foreground task is publishing the fully
finished code to other threads via {NativeModule::PublishCode}.
R=clemensh@chromium.org
BUG=v8:7921
Change-Id: Ia64c6ce945aabd071b26e61ef8d397fb7727a038
Reviewed-on: https://chromium-review.googlesource.com/1135004
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54425}
The manual scope is usually used to test corner cases of GC behavior so
disable the ineffective GC detecton there.
Bug: v8:7859
Change-Id: I92a1e43db739846ff0db20a60cc2ace79496e5fe
Reviewed-on: https://chromium-review.googlesource.com/1135140
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54418}
Since Liftoff is fully implemented on arm64, we can enable the
wasm/liftoff test.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I901480a417a7cc438357a67b819f226e4d3b1df4
Reviewed-on: https://chromium-review.googlesource.com/1134776
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54417}
This patch adds a variant of EmbedderGraph::AddEdge() which
allows the embedder to specify the name of an edge. The edges
added without name are element edges with auto-incremented indexes
while the edges added with names will be internal edges with
the specified names for more meaningful output in the heap
snapshot.
Refs: https://github.com/nodejs/node/pull/21741
Bug: v8:7938
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I8feefa2cf6911743e24b3b2024e0e849b0c65cd3
Reviewed-on: https://chromium-review.googlesource.com/1133299
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54412}
Currently the fuzzer only tests Turbofan and Liftoff in isolation. In
order to test that both tiers use the same ABI, it should also test
calls from one tier to the other.
This CL introduces a new flag which controls which function will be
compiled by which tier, and uses that in the fuzzer.
R=ahaas@chromium.org
Bug: chromium:862931, v8:6600
Change-Id: I450b906700972cfdb496b1734faed9f8208d652f
Reviewed-on: https://chromium-review.googlesource.com/1134775
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54409}
When we changed FeedbackMetadata to be it's own type instead of a
subtype of FixedArray, we missed this check for valid objects in old
space. This restores the old behavior during verification.
Bug: chromium:862433
Change-Id: Icdb144df4aebc0c6d78a28405c7f53e40b2e1376
Reviewed-on: https://chromium-review.googlesource.com/1134995
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54408}
Instead of passing {uint8_t*, size_t} pairs as arguments, pass
{Vector<uint8_t>}. This is less error prone and {Vector} provides some
helpful methods.
R=ahaas@chromium.org
Bug: v8:7754
Change-Id: I7469054774618e0bd5c9d38501759b1b2c51d104
Reviewed-on: https://chromium-review.googlesource.com/1134773
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54406}
getGetoption() in intl.js misimplemented Ecma 402 #sec-getoption by
calling options[property] twice, once to check if it's defined
and the second time to retrieve the value when it's defined.
Bug: v8:7869
Test: test262/intl402/RelativeTimeFormat/con*/cons*/option*order
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I6d585767232c9f4c0252e65e2891c813db3da641
Reviewed-on: https://chromium-review.googlesource.com/1128444
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54405}
An unordered_map typically provides better performance. Instead of a
compare function, we now need a hash function and equality defined on
{Signature<T>}.
R=mstarzinger@chromium.org
Bug: chromium:862123
Change-Id: Iba71030f91949d7453740c884de1d8a4f921c618
Reviewed-on: https://chromium-review.googlesource.com/1131182
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54404}
The instruction got removed from the proposal.
R=titzer@chromium.org
Bug: v8:7581
Change-Id: I3e27bad923544896ebf6ab8969e5c365a397f6c9
Reviewed-on: https://chromium-review.googlesource.com/1128754
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54402}
With ReadOnlyRoots and GetIsolate on JSReceiver, we can remove almost
every isolate parameter from <Object>::Print. The remaining ones, like
Map, are special-caseable for read-only maps, and as a result we can
remove isolate parameters from <Object>::Print entirely.
This patch also opportunistically cleans up a few places where isolates
were only needed for Object::Print, such as TransitionAccessors and
DescriptorArrays.
TBR=yangguo@chromium.org,mstarzinger@chromium.org
Bug: v8:7786
Change-Id: Id44bd53b9893e679eea5f37b9548257595a1bfd9
Reviewed-on: https://chromium-review.googlesource.com/1133385
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54401}
With the introduction of multiple tables the element section is able to
initialize any of the defined tables. However, the spec says that only
tables of type AnyFunc can be initialized.
With this CL we validate that entries in the element section only
target AnyFunc tables.
R=titzer@chromium.org
Bug: v8:7581
Change-Id: Ifea383b13c91f582813b2aa4f01a5f724575cfa0
Reviewed-on: https://chromium-review.googlesource.com/1130519
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54400}
Uses Heap::FromWritableHeapObject where the object must be mutable and
otherwise pass Isolate in. String and subclasses should now be free of
GetIsolate/GetHeap.
Bug: v8:7786
Change-Id: Ic9d55250ea4afebbebda87be9415ccdaa4fc8779
Reviewed-on: https://chromium-review.googlesource.com/1131736
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54395}
Move some of PreParsedScopeData's santity checks, such as the magic
value separating skippable function data from scope data, to be debug
only, to save memory.
Start position of inner skippable functions is still kept, because it's
too good at catching bugs, but we may want to remove it in the future
as well.
Relanding unchanged after the (unrelated) flake it exposed is fixed in:
https://chromium-review.googlesource.com/1131503
Bug: chromium:818642
Change-Id: Id1d9fe757875cd05ea9a92b41e7256c3ee86fc8e
Reviewed-on: https://chromium-review.googlesource.com/1131505
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54380}
See
https://chromium-review.googlesource.com/c/chromium/deps/icu/+/1128503
for ICU changes.
Fix tests for ICU 61/Unicode 11/CLDR 33.1
* Update mjsunit/harmony/regexp-property-script-extensions.js per
ScriptExtensions.txt in Unicode 11
* Update mjsunit/intl-numberformat-formattoparts.js for CLDR 33.1
* Mark an invalid Mozilla test (Georgian uppercasing)
* Fix currency format test (U+00A0 instead of U+0020)
* Enable Script_Extensions tests (test262)
* Add support for Extended_Pictographic in regex
Ref. https://github.com/tc39/ecma262/issues/1219.
Bug: chromium:850334, v8:7825
Test: intl/*, test262/intl402/*
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I146080cdc1164db4a71f484918723cf302666df8
Reviewed-on: https://chromium-review.googlesource.com/1111857
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54376}
Allow the decoding of multiple tables, and allow these tables to have
any reference type. In addition, rename function-tables (in different
occurrences) to tables.
R=titzer@chromium.org
Bug: v8:7581
Change-Id: I191ea8e303b76563f9d91ae7447b373c4760d8b8
Reviewed-on: https://chromium-review.googlesource.com/1019581
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54355}
Heap::InNewSpace only needs to access the heap for a DCHECK and the part
that uses the heap only needs it if the object is in NEW_SPACE, in which
case getting it via pointer magic is fine.
Bug: v8:7786
Change-Id: Iaac237a3b8bcc9d55e436e3f972475e04b97f1f8
Reviewed-on: https://chromium-review.googlesource.com/1127798
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54345}
This CL completes the implementation of DataView prototype methods
in TurboFan, by implementing the Uint8, Int8, Uint16, Int16,
Uint32, Int32, Float32 and Float64 setters.
DataView performance is now ahead of the equivalent TypedArray wrapper,
and is now expected to at least match TypedArray performance in
the general case as well.
This CL also adds a test file in the compiler directory, to make
sure that the setters actually behave correctly.
Change-Id: I4ad4341c6b9b9d461348b62216f37a73abe321e8
Reviewed-on: https://chromium-review.googlesource.com/1128867
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#54331}
This CL correctly updates the JSTests.json file in test/mjsunit/
to reflect the new DataView Float32/64 performance tests from
commit e14699c520.
Change-Id: I9cbb05ac0cbd37f8d8a0bc66ebb59c1e05298776
Reviewed-on: https://chromium-review.googlesource.com/1128880
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#54323}
Add new types for function data for SharedFunctionInfo, for uncompiled
functions. UncompiledData holds start/end positions, allowing us to
remove these fields from SFI. Uncompiled functions with pre-parsed
scope data now hold an UncompiledDataWithScope that has a pointer to
PreParsedScopeData -- this allows us to also remove the start/end pos
from PreParsedScopeData.
Bug: chromium:818642
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I56f3c4e62cbf38929babac734a332709f12a8202
Reviewed-on: https://chromium-review.googlesource.com/1126381
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54319}
With this CL we now also support the decoding of the AnyFunc
type. I will add the type more deeply in subsequent CLs.
R=titzer@chromium.org
Bug: v8:7581
Change-Id: I9f30706a442462f915adfd8f720eb65168b80bb8
Reviewed-on: https://chromium-review.googlesource.com/1014111
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54318}
This adds an {AccountingAllocator} to the {WasmEngine}, separate from
the allocator used per Isolate. It is in preparation of being able to
share engines across multiple Isolates. For now we just add up the
stats from both allocators until a public API for the engine becomes
available.
R=ahaas@chromium.org
TEST=cctest/test-wasm-shared-engine/SharedEngineRunImported
BUG=v8:7424
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ia915a1ae4aa7ebed27073b7b6bd067e31717a6ea
Reviewed-on: https://chromium-review.googlesource.com/1127788
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54316}
Deprecates EmbedderHeapTracer::NumberOfWrappersToTrace and replaces it
with EmbedderHeapTracer::IsTracingDone.
V8 only really cares about the final state (emptiness) here and
embedders may choose implementations that have a hard time determinining
exact size for their work queues.
Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1e141c47771ef08aab7dbe204e8175cfee99cf92
Reviewed-on: https://chromium-review.googlesource.com/1127599
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54311}
This extends the current Promise Rejection Hook with two new events
kPromiseRejectAfterResolved
kPromiseResolveAfterResolved
which are used to detect (and signal) misuse of the Promise constructor.
Specifically the common bug like
new Promise((res, rej) => {
res(1);
throw new Error("something")
});
where the error is silently swallowed by the Promise constructor without
the user ever noticing can be caught via this hook.
Doc: https://goo.gl/2stLUY
Bug: v8:7919
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I890a7e766cdd1be88db94844fb744f72823dba33
Reviewed-on: https://chromium-review.googlesource.com/1126099
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54309}
- Refactors most of the logic into a helper CanonicalizeShuffle
overload that is more easily tested.
- Reorders these methods to be in the order they're used.
- Adds unit tests for this helper.
Bug: v8:6020
Change-Id: Ia7e08bd2ff3ae62b13c9283c6de04e0e1e85086b
Reviewed-on: https://chromium-review.googlesource.com/1118706
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54303}
Instead of creating a separate code object per exported function, we
can share the code per signature, and load the function index from the
{WasmExportedFunction} object which is being passed as an argument
anyway.
This greatly reduces instantiation time for modules with a lot of
exports.
As a next step, we could even share the code across instances, or (with
more work) across isolates.
R=mstarzinger@chromium.org
Bug: chromium:860491
Change-Id: I6438065b2de0df59dce980fb52408a0f475144b3
Reviewed-on: https://chromium-review.googlesource.com/1127660
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54299}
- Move the CompilationDependencies member of OptimizedCompilationInfo
to Turbofan's PipelineData (and thus into the compiler namespace).
- Move compilation-dependencies.{cc,h} to the compiler directory.
Bug: v8:7902
Change-Id: I5471d0923daf83abe975357325db5bc5ad0a8571
Reviewed-on: https://chromium-review.googlesource.com/1127793
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54295}
When calling an import which is an exported wasm function, the
interpreter needs to look through the jump table to find the
actual code object.
We already had that logic for indirect calls, but it was missing for
imported calls.
R=ahaas@chromium.org
Bug: chromium:860392
Change-Id: I6b5a0192f79c23cb1de55407fe93f6df9a17235a
Reviewed-on: https://chromium-review.googlesource.com/1127671
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54291}
This reverts commit f45045cca5.
Reason for revert: <INSERT REASONING HERE>
Original change's description:
> [parser] Move some PPSD sanity checks to debug
>
> Move some of PreParsedScopeData's santity checks, such as the magic
> value separating skippable function data from scope data, to be debug
> only, to save memory.
>
> Start position of inner skippable functions is still kept, because it's
> too good at catching bugs, but we may want to remove it in the future
> as well.
>
> Bug: chromium:818642
> Change-Id: If86ff1b9845e8dd3b015b4e554d0033328b145bf
> Reviewed-on: https://chromium-review.googlesource.com/1127046
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54263}
TBR=marja@chromium.org,leszeks@chromium.org
Change-Id: I15ceedd66d9ecb66cf65f5834d09975b41d3ed27
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:818642
Reviewed-on: https://chromium-review.googlesource.com/1127859
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54290}
This CL implements Reduction and Lowering for the DataView Int32,
Uint32, Float32 and Float64 getters.
This makes DataView getters fully supported in TurboFan (except for
BigInts), and should bridge the performance gap with TypedArrays.
Change-Id: Ifa98df9cf13e44d6468ad9ec8a19c86b41c6d2b1
Reviewed-on: https://chromium-review.googlesource.com/1127360
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54288}
This CL surfaces AssemblerOptions to CodeAssembler::GenerateCode and
to pipeline methods. To allow forward declaring AssemblerOptions,
AssemblerBase::Options was moved out of the AssemblerBase class.
Bug: v8:6666
Change-Id: If9fc50d3d4767bb5dd39a0c3b6e094021f4cae2b
Reviewed-on: https://chromium-review.googlesource.com/1127039
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54286}
This is a reland of 4b9b9b6845, which
accidentally disabled optimization after dependency changes (instead
of retrying).
TBR=jarin@chromium.orgTBR=mstarzinger@chromium.org
Original change's description:
> Reland "[turbofan] Rewrite CompilationDependencies"
>
> This is a reland of 52a10e5081, after
> eliminating an invalid assumption about maps.
>
> TBR=jarin@chromium.org
> TBR=mstarzinger@chromium.org
>
> Original change's description:
> > [turbofan] Rewrite CompilationDependencies
> >
> > Instead of installing code dependencies during graph reduction,
> > install them after code generation.
> >
> > Bug: v8:7902, v8:7790
> > Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
> > Reviewed-on: https://chromium-review.googlesource.com/1119913
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#54170}
>
> Bug: v8:7902, v8:7790
> Change-Id: I9cbaf98980379b9b17464af5952ec0c47e1cdc6f
> Reviewed-on: https://chromium-review.googlesource.com/1126999
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54254}
Bug: v8:7902, v8:7790
Change-Id: I2b7a7d186e03990350e375470569177e3309683c
Reviewed-on: https://chromium-review.googlesource.com/1127579
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54280}
After liveedit removed - we do not need this context any more.
R=yangguo@chromium.orgTBR=clemensh@chromium.org
Bug: v8:5530
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idb43d016d51b8048f6cd2ca590fd7510abcacb49
Reviewed-on: https://chromium-review.googlesource.com/1106802
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54273}
* Rename BoilerplateDescription to ObjectBoilerplateDescription
* Add literal_type flag to ObjectBoilerplateDescription,
which is stored as zeroth element of Fixed array
* Create ArrayBoilerplateDescription with elements_kind and
constant_elements field
* Replace CompileTimeValue and ConstantElementPair with
ArrayBoilerplateDescription
* Kill ConstantElementPair and CompileTimeValue
Change-Id: Icb42dcfd575a27e2b64ffd5e2e61f9d703d5e986
Bug: v8:7787, chromium:818642
Reviewed-on: https://chromium-review.googlesource.com/1122411
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54272}
This CL adds a Reduction for the DataViewGetInt16 and -Uint16 builtins,
and the corresponding handling in LoadDataViewElement node in the
effect control linearizer.
It also adds tests for the new getters.
Change-Id: I5101755e47657c25f10be1417f105e3ae72a3c39
Reviewed-on: https://chromium-review.googlesource.com/1126919
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54271}
Replace CHECK with throwing exception when no or invalid arguments
are passed to async_hooks.createHook.
Bug: chromium:860481
Change-Id: Ie5a915ee66f2a0ff79c4df5aef94ff883866ecda
Reviewed-on: https://chromium-review.googlesource.com/1127054
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54264}
Move some of PreParsedScopeData's santity checks, such as the magic
value separating skippable function data from scope data, to be debug
only, to save memory.
Start position of inner skippable functions is still kept, because it's
too good at catching bugs, but we may want to remove it in the future
as well.
Bug: chromium:818642
Change-Id: If86ff1b9845e8dd3b015b4e554d0033328b145bf
Reviewed-on: https://chromium-review.googlesource.com/1127046
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54263}
The embedder should ultimately be responsible for handling this since they
anyway give us a copy of the data. They can easily make sure that the chunks we
get do not have lonely bytes.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ie862107bbbdd00c4d904fbb457a206c2fd52e5d0
Reviewed-on: https://chromium-review.googlesource.com/1127044
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54262}
This introduces a second factory method for allocating new module
objects that are based on existing native modules which are potentially
shared between multiple Isolates.
R=clemensh@chromium.org
TEST=cctest/test-wasm-shared-engine
BUG=v8:7424
Change-Id: I8c74d821542d443a8ad2352cb77b84b445e21acb
Reviewed-on: https://chromium-review.googlesource.com/1126931
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54261}
Creates two different functions specialized for string and boolean
types.
Gets rid of several allocations and keeps the C++ <-> JS type
conversions to a minimum. Improves the API as we don't have to create
the fallback or V8 Strings unnecessarily.
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I788e43e6ef23f3e9144ff719f01d6334fe6cb9ce
Reviewed-on: https://chromium-review.googlesource.com/1126750
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54259}
This is a reland of 52a10e5081, after
eliminating an invalid assumption about maps.
TBR=jarin@chromium.orgTBR=mstarzinger@chromium.org
Original change's description:
> [turbofan] Rewrite CompilationDependencies
>
> Instead of installing code dependencies during graph reduction,
> install them after code generation.
>
> Bug: v8:7902, v8:7790
> Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
> Reviewed-on: https://chromium-review.googlesource.com/1119913
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54170}
Bug: v8:7902, v8:7790
Change-Id: I9cbaf98980379b9b17464af5952ec0c47e1cdc6f
Reviewed-on: https://chromium-review.googlesource.com/1126999
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54254}
This is a first set of test cases for sharing an {WasmEngine} and the
contained {WasmCode} between multiple Isolates. Currently this can only
be done using internal API methods on the Isolate, an external API that
is usable by embedders does not exist yet.
R=clemensh@chromium.org
TEST=cctest/test-wasm-shared-engine
BUG=v8:7424
Change-Id: I35541a76b5aceec4519e3a46e6a9ef4d01cad22b
Reviewed-on: https://chromium-review.googlesource.com/1126382
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54248}
In the WebAssembly fuzzers we detect infinite loops with the
interpreter: if the interpreter does not finish after a finite number
of steps, we do not execute the compiled code. However, we cannot
redirect the start function to the interpreter in the fuzzer, and
therefore we cannot detect infinite loops in the start function. With
this CL we avoid the problem completely by not instantiating a module
in the fuzzer which has a start function. Note that the module still
gets compiled.
R=clemensh@chromium.org
Bug: chromium:858914
Change-Id: Icbbe9a003544918d5267cdd1d9405b21bb681133
Reviewed-on: https://chromium-review.googlesource.com/1126766
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54246}
Replace Is<oddball>(GetIsolate()) calls with a no-parameter version
that goes through ReadOnlyRoots, and add a version that takes a
ReadOnlyRoots if that is available in the parent (but Isolate isn't).
Also opportunistically clean up a few places where ReadOnlyRoots are
available but we still pass in an Isolate parameter.
TBR=yangguo@chromium.org
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Icc0b8a7d8f9c6b84c0ec8fe771fcfb75c9dc5468
Reviewed-on: https://chromium-review.googlesource.com/1126302
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54245}
Now that ReadOnlyRoots is used everywhere to access the read-only roots,
this makes the Heap accessors for such roots private.
It also adds tests that the roots reachable from ReadOnlyRoots are all
in RO_SPACE as well as tests that the roots still publicly accessible
from Heap are not in RO_SPACE. There's a white list in the file for
the few roots where the root pointer itself can change. (For instance
materialized_objects points to empty_fixed_array to start with before
before later pointing to a mutable array).
Also fixes up new use of heap->empty_fixed_array() in elements.cc added
since I cleaned it up.
Bug: v8:7786
Change-Id: I9ac7985c9f85910b5b22d2f9f559dfd04d43ed44
Reviewed-on: https://chromium-review.googlesource.com/1126252
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54240}
Fixes V8 correctness failure when there's a proxy in the global object
prototype chain and unsuccessful attempt is made to access a property.
Bug: chromium:849024
Change-Id: I829e1a6c038982b7c7a77f8bdefb61facb4614f0
Reviewed-on: https://chromium-review.googlesource.com/1124446
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54237}
If the first object in the space already exceeds the target chunk size,
we would leave the first chunk empty. That violates some assumptions
later when we allocate for deserialization.
R=hpayer@chromium.org, jgruber@chromium.orgTBR=hpayer@chromium.org
Bug: v8:7887
Change-Id: Iee8147fe1205bb6b1c893d48acde1099b5032a14
Reviewed-on: https://chromium-review.googlesource.com/1126763
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54235}
This is just derived from is_wasm_memory.
Change-Id: I2f77fb5e32e325c51de9af4228ca33313c21abc6
Reviewed-on: https://chromium-review.googlesource.com/1126107
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54230}
Changes SharedFunctionInfo to store a function_token_offset, relative
to the start_position, instead of the full function_token_position.
This enables us to reduce both FunctionTokenPosition and
ExpectedNofProperties to 16 bits each, saving 32 bits per SFI.
BUG=chromium:818642,chromium:783853
TBR=yangguo@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I45aefcec605c1da502053c23c73564ceaed6c9b5
Reviewed-on: https://chromium-review.googlesource.com/1122982
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54220}
This reverts commit e438d5d4de.
Reason for revert: TSAN failures - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20TSAN/21357
Original change's description:
> [heap] Make objects allocated in new_lo_space look like young generation objects.
>
> The scavenger still does not handle young generation large objects correctly.
> This will be added in a follow-up CL.
>
> Bug: chromium:852420
> Change-Id: I2587509d6e7f329aeff3db246d949bb30b3a91a5
> Reviewed-on: https://chromium-review.googlesource.com/1124477
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54197}
TBR=ulan@chromium.org,hpayer@chromium.org
Change-Id: Ief44cfd841278f2d53d51f3a21c03b70b8025a7a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:852420
Reviewed-on: https://chromium-review.googlesource.com/1125979
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54205}
In future the RO_SPACE root accessors in Heap will become private, so
instead convert them all to use ReadOnlyRoots.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2f2c031c03d56d360ef940fc925e0583e6ae31dc
Reviewed-on: https://chromium-review.googlesource.com/1125720
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54202}
The scavenger still does not handle young generation large objects correctly.
This will be added in a follow-up CL.
Bug: chromium:852420
Change-Id: I2587509d6e7f329aeff3db246d949bb30b3a91a5
Reviewed-on: https://chromium-review.googlesource.com/1124477
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54197}
This is a reland of 8e0f67be3f
Previously landed as: 3c4d0316e4 / 1065818
Previously landed as: 8e0f67be3f / 1088890
Original change's description:
> [async] Expose async hooks to d8
>
> This implementation follows the Node.js API as a guideline.
Bug: chromium:850530
Change-Id: I8ba22b11c80328108b197d687826ce0198420c9c
Reviewed-on: https://chromium-review.googlesource.com/1125679
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54191}
This is a reland of 3dfaf8264f
Original change's description:
> [debug] liveedit in native
>
> Liveedit step-by-step:
> 1. calculate diff between old source and new source,
> 2. map function literals from old source to new source,
> 3. create new script for new_source,
> 4. mark literals with changed code as changed, all others as unchanged,
> 5. check that for changed literals there are no:
> - running generators in the heap,
> - non droppable frames (e.g. running generator) above them on stack.
> 6. mark the bottom most frame with changed function as scheduled for
> restart if any.
> 7. for unchanged functions:
> - deoptimize,
> - remove from cache,
> - update source positions,
> - move to new script,
> - reset feedback information and preparsed scope information if any,
> - replace any sfi in constant pool with changed one if any.
> 8. for changed functions:
> - deoptimize
> - remove from cache,
> - reset feedback information,
> - update all links from js functions to old shared with new one.
> 9. swap scripts.
>
> TBR=ulan@chromium.org
>
> Bug: v8:7862,v8:5713
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I8f6f6156318cc82d6f36d7ebc1c9f7d5f3aa1461
> Reviewed-on: https://chromium-review.googlesource.com/1105493
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54146}
TBR=dgozman@chromium.org
Bug: v8:7862, v8:5713
Change-Id: I163ed2fd2ca3115ba0de74cb35a6fac9e40fdd94
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1124879
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54187}
We need to push the sign-extended constant instead of just the lower 32
bits. Otherwise, the callee might read stale data from the stack.
Bug: chromium:854011, v8:6600
R=ahaas@chromium.orgCC=rodolph.perfetta@arm.com
Change-Id: Iafcfd6ba9532771615b41215fb4d1a2b85ce5623
Reviewed-on: https://chromium-review.googlesource.com/1124683
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54185}
Moves STRUCT_LIST AND ALLOCATION_SITE_LIST into roots.h and adds access
to their associated maps using ReadOnlyRoots.
Also corrects the location of external_map, message_object_map,
empty_script, many_closures_cell, invalid_prototype_validity_cell and
builtins_constants_table which are not in RO_SPACE.
Finally this adds a convenience ReadOnlyRoots(Isolate*) constructor.
Bug: v8:7786
Change-Id: I4982dd0cbea2062a124605678599ba48831f020f
Reviewed-on: https://chromium-review.googlesource.com/1124319
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54178}
Tests cctest/test-run-wasm-simd/RunWasm_I16x8ConvertI32x4_turbofan
and cctest/test-run-wasm-simd/RunWasm_I8x16ConvertI16x8_simd_lowered
will be skipped for big endian until implementation for big endian is
done correctly.
Change-Id: Ia6253070ede207f437e4b710a656bce8d65e412e
Reviewed-on: https://chromium-review.googlesource.com/1113307
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54176}
This CL adds a regression test that will check that the elements
pointer is properly reloaded after the JavaScript comparison
function is called during Array.p.sort.
R=jgruber@chromium.org
Bug: chromium:859809
Change-Id: I15f55fcc1906bd8d0751596e5457367a643b92da
Reviewed-on: https://chromium-review.googlesource.com/1124475
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54174}
Instead of installing code dependencies during graph reduction,
install them after code generation.
Bug: v8:7902, v8:7790
Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
Reviewed-on: https://chromium-review.googlesource.com/1119913
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54170}
Variables/return values with constexpr type cannot have multiple
assignments. We check this now.
For conditionals, it is important to always infer a non-constexpr type.
This CL adds the ability to map any type (including union types) to be
mapped to their non-constexpr variant. Conditionals infer their type as
the non-constexpr version of a combination of the two branch types.
In addition, this improves subtyping for constexpr types:
If A extends B, then constexpr A extends constexpr B.
This makes it necessary to clean up "constexpr String", which has nothing
to do with tagged values.
Bug: v8:7793
Change-Id: Ia4d3cd5dc98f45b0ec89adf05c5c6111a0e51cc6
Reviewed-on: https://chromium-review.googlesource.com/1122864
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54167}
This CL is a manual revert of the Array.p.sort Torque QuickSort
implementation.
The plan is to ship TimSort in either Chromium 69 or 70 and not ship
Torque-QuickSort at all (to keep disruption to a minimum). For this
reason we revert back to the implementation in array.js.
R=jgruber@chromium.org
Bug: chromium:859809, v8:7382
Change-Id: I92eb70408883f51d98311e78642f554316bc1e76
Reviewed-on: https://chromium-review.googlesource.com/1124334
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#54166}
The current output of release builds is not very helpful, as it does
not contain the line number, nor the values of {expect_exception} or
{i_isolate->has_pending_exception()}.
R=ahaas@chromium.org
Bug: chromium:854011
Change-Id: I0bc1b8be6151d5420310eb67b2ebd0dc866fc9a6
Reviewed-on: https://chromium-review.googlesource.com/1122869
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54164}
This CL adds a comparison for the performance of getting and setting
float32 and float64 values with DataViews and with TypedArrays.
Since TypedArrays do not specify endianness, we can't compare
performance across both possible endiannesses, but this is better
than no comparison at all.
Change-Id: Iea54b942c0bb8168e9d8002d94e2bb9bc6566331
Reviewed-on: https://chromium-review.googlesource.com/1120250
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#54158}
This CL adds code to inline the Int8 and Uint8 getters for DataView
objects in TurboFan in js-call-reducer.cc, as well as a new test file.
It already improves execution speed compared to the Torque baseline
implementation, and implements most of the architecture needed
for inlining the other DataView getters and setters as well.
Change-Id: I0e62b98fd6ec995f7db5ec42ea1eff1f03572f97
Reviewed-on: https://chromium-review.googlesource.com/1119909
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#54157}
This CL replaces most uses of the V8_EMBEDDED_BUILTIN define
by a new read-only runtime flag called FLAG_embedded_builtins.
The flag is true iff V8_EMBEDDED_BUILTINS is defined.
Bug: v8:6666
Change-Id: Ifcc909dc9b028a2c967f8a0e45029df5e71072df
Reviewed-on: https://chromium-review.googlesource.com/1122401
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54156}
This reverts commit 3dfaf8264f.
Reason for revert: Failures - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20gcc%204.8/20394
Original change's description:
> [debug] liveedit in native
>
> Liveedit step-by-step:
> 1. calculate diff between old source and new source,
> 2. map function literals from old source to new source,
> 3. create new script for new_source,
> 4. mark literals with changed code as changed, all others as unchanged,
> 5. check that for changed literals there are no:
> - running generators in the heap,
> - non droppable frames (e.g. running generator) above them on stack.
> 6. mark the bottom most frame with changed function as scheduled for
> restart if any.
> 7. for unchanged functions:
> - deoptimize,
> - remove from cache,
> - update source positions,
> - move to new script,
> - reset feedback information and preparsed scope information if any,
> - replace any sfi in constant pool with changed one if any.
> 8. for changed functions:
> - deoptimize
> - remove from cache,
> - reset feedback information,
> - update all links from js functions to old shared with new one.
> 9. swap scripts.
>
> TBR=ulan@chromium.org
>
> Bug: v8:7862,v8:5713
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I8f6f6156318cc82d6f36d7ebc1c9f7d5f3aa1461
> Reviewed-on: https://chromium-review.googlesource.com/1105493
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54146}
TBR=dgozman@chromium.org,ulan@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org
Change-Id: I45df5b6f3abaf29e593c6ac11edefbd0177d0109
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7862, v8:5713
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1124159
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54151}
This CL changes the NumberDictionary fast-path for Array.p.sort to
throw a TypeError when trying to write to a read-only property.
Previously, the fast-path simply bailed to the slow-path which could
swallow the TypeError by accident. I.e. because the fast-path could
leave the array in an inconsistent state that is already sorted.
Example:
let arr = new Array(10);
Object.defineProperty(arr, 0, {value: 2, writable: false});
Object.defineProperty(arr, 2, {value: 1, writable: false});
arr.sort();
The pre-processing step will move the value 1 to index 1: {0: 2, 1: 1}
When trying to swap those 2 values, the fast-path will write the 2 at
index 1, then try to write the 1 at index 0 and fail, bailing to the
slow-path. As the array looks like {0: 2, 1: 2} its already sorted
and the TypeError will not be thrown.
R=jgruber@chromium.org
Bug: v8:7382, v8:7907
Change-Id: I5d2f2d73478fdca066ce1048dcb2b8301751cb1f
Reviewed-on: https://chromium-review.googlesource.com/1122120
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54150}
For spread calls with arrays with double elements but zero length,
we skip the box-as-heapnumber step; so in this corner case the
Call builtin sees a FixedDoubleArray, which is fine because it
doesn't read any of the raw double values from it.
This patch doesn't change the implementation, it only updates the
assert to match reality.
Bug: chromium:856095
Change-Id: I0227f4ccbc6c61c8f5f7669a266ef7a64c6a9a43
Reviewed-on: https://chromium-review.googlesource.com/1117922
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54149}
Liveedit step-by-step:
1. calculate diff between old source and new source,
2. map function literals from old source to new source,
3. create new script for new_source,
4. mark literals with changed code as changed, all others as unchanged,
5. check that for changed literals there are no:
- running generators in the heap,
- non droppable frames (e.g. running generator) above them on stack.
6. mark the bottom most frame with changed function as scheduled for
restart if any.
7. for unchanged functions:
- deoptimize,
- remove from cache,
- update source positions,
- move to new script,
- reset feedback information and preparsed scope information if any,
- replace any sfi in constant pool with changed one if any.
8. for changed functions:
- deoptimize
- remove from cache,
- reset feedback information,
- update all links from js functions to old shared with new one.
9. swap scripts.
TBR=ulan@chromium.org
Bug: v8:7862,v8:5713
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I8f6f6156318cc82d6f36d7ebc1c9f7d5f3aa1461
Reviewed-on: https://chromium-review.googlesource.com/1105493
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54146}
Currently we rely on tasks to invoke the second pass phantom callbacks.
This may accumulate phantom callbacks and make GCs ineffective if we
do not enter the message loop to run the tasks between the GCs.
Bug: v8:7912
Change-Id: I799c97ff99ed6967480bda24ea0bf1c6a7dd69be
Reviewed-on: https://chromium-review.googlesource.com/1122621
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54144}
Adds Intl::IsObjectOfType method to do type checks. This will make it
easier to port the methods using the runtime type check calls as we
won't have to create a v8::string for type checks.
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I0babdc8709564be693ce808e2ef3ffef7b24ceec
Reviewed-on: https://chromium-review.googlesource.com/1121943
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54143}
This correctly serializes {RelocInfo::INTERNAL_REFERENCE} addresses in a
position-independent form, so that they can be properly relocated when
the code is deserialized again. We store the offset within the code in
the serialized stream.
R=clemensh@chromium.org
TEST=mjsunit/wasm/compiled-module-serialization
BUG=chromium:857049
Change-Id: Ie8c84ee67bdfc17a65faa159a21cc1f2a78ac924
Reviewed-on: https://chromium-review.googlesource.com/1122414
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54140}
Pass Isolate to ConsumedPreParsedScopeData::SetData (guaranteed to be
called on main thread) and use it to create the handle in
ConsumedPreParsedScopeData::GetDataForSkippableFunction, rather than
calling GetIsolate.
Bug: v8:7786
Change-Id: Ibd632bb57f35a921f37c620d77dd6dfdb1f092c6
Reviewed-on: https://chromium-review.googlesource.com/1088703
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54138}
When parsing a numeric literal in a line like "a=0x0e+b|0;",
currently the scanner consumes the "e+" part (as it thinks
it's the start of an exponent).
In the ECMAScript lexical grammar HexIntegerLiteral cannot
contain exponents, which means the '+' character should be
parsed as a binary operator.
R=bradnelson@chromium.org
BUG=v8:7893
Change-Id: I97a0d4ea2ee1d38a3462efbfaef5eb87b8ea704b
Reviewed-on: https://chromium-review.googlesource.com/1116551
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54132}
This makes sure the reverse tag translation of direct call targets to
respective call tags is properly performed. Otherwise all direct call
end up being deserialized to call the function with index '0'. Ooops!
R=clemensh@chromium.org
TEST=mjsunit/wasm/compiled-module-serialization
BUG=chromium:857049
Change-Id: I37c1ee72b000daec87efdeed08d60a067b1a1b0c
Reviewed-on: https://chromium-review.googlesource.com/1120256
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54124}
Provide a more complete BigInt API.
Bug: v8:7712
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic8562d616f3125deabdf8b52c7019b191bef0e07
Reviewed-on: https://chromium-review.googlesource.com/1101198
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54122}
Adds the builtin Trace and IsTraceCategoryEnabled functions
exposed via extra bindings. These are intended to use by
embedders to allow basic trace event support from JavaScript.
```js
isTraceCategoryEnabled('v8.some-category')
trace('e'.charCodeAt(0), 'v8.some-category',
'Foo', 0, { abc: 'xyz'})
```
Bug: v8:7851
Change-Id: I7bfb9bb059efdf87d92a56a0aae326650730c250
Reviewed-on: https://chromium-review.googlesource.com/1103294
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54121}
This CL adds simd select, addHoriz, shuffle, anyTrue and all true to the
interpreter. It also gets rid of SIMD_COMPILED_AND_LOWERED_TEST and
SIMD_COMPILED_TEST macros.
R=gdeepti@chromium.org
BUG=v8:6020
Change-Id: I44abbcaddc3223a95c79ccc65ae9c6bf1a911c5d
Reviewed-on: https://chromium-review.googlesource.com/1119258
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54116}
This CL fixes the NumberDictionary fast-path in Array.p.sort, when
storing to a read-only property that was never read from.
R=jgruber@chromium.org
Bug: v8:7907
Change-Id: I2b772fb5b1619a94a7d239ba4417ecb7902a167c
Reviewed-on: https://chromium-review.googlesource.com/1119910
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54109}
Just a refactoring to make clear that we are talking about function
names. Note that there are also names for locals inside functions,
which we currently don't use.
Drive-by: Remove style-guide violation by {WasmModule::names_} field.
R=mstarzinger@chromium.org
Bug: v8:7754
Change-Id: I9c47ea01893f128e1716be01032adfaf006ae28a
Reviewed-on: https://chromium-review.googlesource.com/1118271
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54105}
Commit edec05ea73
Usage of Print function was not consistent with it's signature,
which caused failures in compilation.
Original commit message:
`All Object::Print functions now take an Isolate* parameter. Various
XX::XXPrint functions now take an Isolate if it's needed rather than
calling GetIsolate(). Such method use DECL_PRINTER_WITH_ISOLATE rather
than DECL_PRINTER.
The _v8_internal_Print_ function (intended for use in gdb) now uses
Isolate::Current() to get hold of an Isolate.
Reduces the GetIsolate and GetHeap count by 9 and 5 respectively.
Also removes unneeded gdb/lldb macros (along with their support
functions), jfv, jfm, jda and jta, since job does the same thing.`
Cr-Original-Commit-Position: refs/heads/master@{#54029}
Change-Id: I5d4eb974340159ae91a50c1c2272ab195fc514ea
Reviewed-on: https://chromium-review.googlesource.com/1116965
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#54103}
- Adds some unit tests for InstructionSelector::TryMatch* methods.
- Adds a TryMatchIdentity method. We should detect identity shuffles
and emit no code in that case.
Bug: v8:6020
Change-Id: I5dea84738bf87db7112eb7d19f91b1e6b20811c7
Reviewed-on: https://chromium-review.googlesource.com/1116058
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54097}
When storing an indexed property in a typed array, it's necessary to
convert the value to a Number (or to a Bigint) before performing the
bounds check, per
https://tc39.github.io/ecma262/#sec-integerindexedelementset.
This CL adds appropriate type conversions in
Object::SetPropertyInternal (which technically is reached after the
bounds check has already occurred, but this isn't observable yet ---
In the future, once OOB accesses on TypedArrays actually throw, this
will need to be refactored again), and in StoreFastElementStub, and
ElementsTransitionAndStoreStub (via CSA::EmitElementStore).
The change was not necessary in TurboFan, as
JSNativeContextSpecialization already performs the value conversion
before the boundscheck.
The result is some fixed test262 tests, and some new test coverage
for this behaviour in mjsunit.
BUG=v8:7896, v8:5327
R=neis@chromium.org, jkummerow@chromium.org, gsathya@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ibe6bec24c72ef6a4fd3e77d5bcafa03737f4c5e3
Reviewed-on: https://chromium-review.googlesource.com/1117372
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54096}
Supporting postMessage from WebAssembly.Module requires implementing
some logic in the ValueSerializer and ValueDeserializer delegates. This
change implements some simple logic for d8.
This change also fixes a DCHECK that occurs when sending a shared
WebAssembly.Memory object to two Workers.
Bug: chromium:857049
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idddb23a48175c7175967af3fbc03d8572452a069
Reviewed-on: https://chromium-review.googlesource.com/1117871
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54093}
Another pair of {std::unique_ptr} and {size_t} that can be stored as
one {OwnedVector}, which allows to pass it as one thing.
R=mstarzinger@chromium.org
Bug: v8:7754
Change-Id: Ideac0dbd390ba8147b6620daa86f0d3da6c3b609
Reviewed-on: https://chromium-review.googlesource.com/1118236
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54091}
Instead of storing both the {NativeModule} and the {WasmModule} in a
{Managed} object, just store the {WasmModule} in the {NativeModule}
directly. This fixes crashes that happen if the {Managed<WasmModule>}
dies before the {Managed<NativeModule>}.
R=mstarzinger@chromium.org
Bug: chromium:854794, v8:7879, v8:7889
Change-Id: I6b11729943fe7a03d225138782655ee5dafd26a6
Reviewed-on: https://chromium-review.googlesource.com/1118171
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54090}
This CL adds the newline character as a valid character
in Torque strings.
You can now write Print('Hello, World!\n') in Torque and it works!
Change-Id: I2a1f87cfef492fedd3d24086e226d3ebaf882115
Reviewed-on: https://chromium-review.googlesource.com/1118229
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#54089}
When run locally, one times out and the other runs out of stack space.
R=sigurds@chromium.org
Change-Id: I7cc1aa9bb0857f12ac46baf80de18a2c5175b8b9
Reviewed-on: https://chromium-review.googlesource.com/1118231
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54087}
This CL removes the friendship between {NativeModule} and
{NativeModuleSerializer}/{NativeModuleDeserializer}.
Instead, it adds a new public method ({AddDeserializedCode}) which is
being called from the deserializer.
Drive-by: Unify the argument order to {AddCode}, {AddOwnedCode} and
{WasmCode}.
R=mstarzinger@chromium.org
Bug: chromium:856938
Change-Id: I88943c90c45650e21ae6bc17395a17f86319c046
Reviewed-on: https://chromium-review.googlesource.com/1117075
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54084}
This reverts commit fdf69d53b6.
Reason for revert: Speculative revert for broken GPU bots:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/Linux%20V8%20FYI%20Release%20%28NVIDIA%29/1638https://ci.chromium.org/p/v8/builders/luci.v8.ci/Mac%20V8%20FYI%20Release%20%28Intel%29/1624
Original change's description:
> [heap] Adds a young generation large object space
>
> This CL adds the young generation lage object spaces and a flag
> --young-generation-large-objects that by default allocates all
> large objects in this space. This is a preparation CL. The space
> is not fully functional.
>
> Bug: chromium:852420
> Change-Id: Ib66d26fa52cda89bf04787084826aeb84b6ec1ac
> Reviewed-on: https://chromium-review.googlesource.com/1099164
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54056}
TBR=ulan@chromium.org,yangguo@chromium.org,hpayer@chromium.org
Change-Id: I175514f806a19c7837022795210625ca40e3c318
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:852420
Reviewed-on: https://chromium-review.googlesource.com/1118038
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54072}
This is required for jumbo builds to work before the stable jumbo chunk
algorithm[*] can reland.
[*] https://chromium-review.googlesource.com/c/chromium/src/+/1102218
Bug: chromium:856964, chromium:782863
Change-Id: Ibbe0994980eb554acd4e1557e733d07526a90608
Reviewed-on: https://chromium-review.googlesource.com/1117059
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#54070}
This fixes include violations where normal "foo.h" headers included
inline "bar-inl.h" headers. It also removes two (almost) dead methods.
R=clemensh@chromium.org
BUG=v8:7754
Change-Id: I11c6ce71650db22f3c1d7cf5ca50529c94b94839
Reviewed-on: https://chromium-review.googlesource.com/1117076
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54060}
This CL adds the young generation lage object spaces and a flag
--young-generation-large-objects that by default allocates all
large objects in this space. This is a preparation CL. The space
is not fully functional.
Bug: chromium:852420
Change-Id: Ib66d26fa52cda89bf04787084826aeb84b6ec1ac
Reviewed-on: https://chromium-review.googlesource.com/1099164
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54056}
Rolling v8/third_party/icu: f61e46d..172d331
This also disables the test that is broken by this roll.
TBR=gsathya@chromium.org
Bug: chromium:856119
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: If400b5b388b683d6e2d013673b53ca0c1b7572ce
Reviewed-on: https://chromium-review.googlesource.com/1116794
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54055}
We currently store the protected instructions per code object in a
{std::unique_ptr<std::vector<ProtectedInstructionData>>}. This wastes
memory, because it requires two heap allocations, plus the vector might
over-allocate (and it currently does, because it is filled dynamically
during compilation).
This CL changes that to store the protected instructions in an
{OwnedVector}. This requires one copy after generating the list of
{ProtectedInstructionData} in an {std::vector} during compilation, but
saves memory afterwards.
R=mstarzinger@chromium.org
Bug: chromium:856938
Change-Id: Ie290a17dc32f27fbbfe0c000a52297181c954550
Reviewed-on: https://chromium-review.googlesource.com/1116701
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54052}
{PrintCollection} can print any collection which is iterable via a
standard for-each loop in C++. The output format of {4, 7, 11} is:
[4, 7, 11]
This helper avoids a few repetitions of manually outputting such
collections.
R=titzer@chromium.org
Bug: v8:7754
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Iaa91e5465968a029815b3aa2b35948f711956cdb
Reviewed-on: https://chromium-review.googlesource.com/1112005
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54048}
Instead of just discarding the expression classifier after parsing an after
parsing an arrow function, accumulate the async arrow formal parameters errors
BUG=v8:7817
R=gsathya@chromium.org, littledan@chromium.org, marja@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I0a84a25d7d42f89200b6fbf05eab3d39ab51fb10
Reviewed-on: https://chromium-review.googlesource.com/1113622
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#54034}
All Object::Print functions now take an Isolate* parameter. Various
XX::XXPrint functions now take an Isolate if it's needed rather than
calling GetIsolate(). Such method use DECL_PRINTER_WITH_ISOLATE rather
than DECL_PRINTER.
The _v8_internal_Print_ function (intended for use in gdb) now uses
Isolate::Current() to get hold of an Isolate.
Reduces the GetIsolate and GetHeap count by 9 and 5 respectively.
Also removes unneeded gdb/lldb macros (along with their support
functions), jfv, jfm, jda and jta, since job does the same thing.
Bug: v8:7786
Change-Id: Ib93ebca6ca47c4db9c85cc6d9ff8004da5942dec
Reviewed-on: https://chromium-review.googlesource.com/1112001
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54029}
