This was supposed to be only a clean-up, but the original code even
invalidated a test and thereby covered a test. I fixed the bug here as
well.
Without testing it I think this fixes https://crbug.com/964607.
Bug: v8:9183
Change-Id: I076f40a2302bfd5b7cecd2ae35d4e05a465e054b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621935
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61691}
This CL fixes an issue where V8 does not satisfy the WebAssembly spec of
the anyref proposal.
The table.fill instruction has 3 parameters, {start_index}, {length},
and {value}. V8 trapped with table-out-of-bounds when
{start_index >= table_size}. However, the spec requires that
{start_index == table_size} is valid when {length == 0}.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I5f83a03fb8e349b48c887535f6f065492feb9ac2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609537
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61689}
This is just for convenience, and actually surprising behavior.
R=clemensh@chromium.org
Bug: v8:9183
Change-Id: I3316856e63b97bfb06da897c6f8b716bc988aa36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621932
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61684}
This is a reland of 3dd5661204
The reland introduces a new flag "--experimental-stack-trace-frames".
The flag is disabled by default, but enabled for relevant tests.
The flag stays disabled by default until API frames are eagerly
symbolized to prevent leaks in blink web tests.
Original change's description:
> [stack-trace] Include API functions in Error.stack stack trace
>
> This CL extends Error.stack to include frames of functions declared
> with the C++ FunctionTemplate API. For example, "print" in d8.
>
> Two changes are necessary:
> - HandleApiCall and friends need to go through an BUILTIN_EXIT frame
> instead of an EXIT frame. The existing stack-trace machinery will
> then pick up FunctionTemplate frames without additional changes.
> - Turbofan doesn't go through HandleApiCall, but instead uses an
> ASM builtin to enter FunctionTemplate functions. A "marker"
> frame state is needed to include these frames in the stack trace.
>
> Note: This CL only includes these frames in Error.stack,
> but not (yet) in the stack-trace API (v8.h).
>
> Bug: v8:8742,v8:6802
> Change-Id: Ic0631af883cf56e0d0122a2e0c54e36fed324d91
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609835
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61602}
Bug: v8:8742, v8:6802
Change-Id: I1d3b79cdf0b2edcbaeff1ec15e10deeca725f017
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621925
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61683}
This parameter was just for convenience but did not end up in the
generated bytes.
R=clemensh@chromium.org
Bug: v8:9183
Change-Id: Id4faf5b9ad20a357c069c3189db6ed14945dea8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621929
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61681}
This CL also removes the corresponding intrinsic lowering of
IsTypedArray in TurboFan and Ignition.
Drive-by: Remove unused ArrayBufferViewWasDetached runtime function.
Bug: v8:9183
Change-Id: I2767b22fbdfb679cba30b9fbc555c8d41c7f4345
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617930
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61677}
Bug: v8:9247
Change-Id: I9bcf2694b449f79cdbe03f5fde59cb21b8cad418
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619758
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61676}
Macros are now inaccessible from CSA except if their declaration is
marked with the "export" keyword. The implicit field accessors for class
fields are always exported.
In this CL, unwarranted access from CSA is prevented by appending a
pseudo-random suffix to non-exported names. This is to be replaced by
something more principled, namely by not including these macros at all in
the headers included from CSA.
Bug: v8:7793
Change-Id: I3ffb2e91a616623f81b4b4508e001ad0cf65d2c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615258
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61672}
When reconfigure data field (e.g. change representation), it was allowed to transition from dictionary elements kind to sealed elements kind. With this change, this transition is forbidden.
Bug: chromium:963346
Change-Id: I6c9a5f6f269bc5ee4cd6176ff5e8d803f08dba1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613840
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61670}
This test needs detailed source positions which aren't available with
lazy source positions enabled so force them to always be present.
Bug: v8:8510
Change-Id: I1faf3d5614742b4181facc18eaf1d73d6a5712d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617677
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61663}
This adds two more message tests to test compile errors in
WebAssembly.compileStreaming and WebAssembly.instantiateStreaming.
R=mstarzinger@chromium.org
Bug: v8:9266
Change-Id: I34d1df4ce0fb02e14f3e5011569c8ba1d1374658
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619746
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61660}
This adds proper loading and parsing of the arguments that are being
passed to the {WebAssembly.Function} constructor function, including
tests covering most of the negative cases.
R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: Id4d67789604ee72aec5ad831004a01434c1c6d6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619748
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61659}
The invariant is that Map::bit_field2 shouldn't change, and the
IsInRetainedMapListBit apparently changes when the map is held
weakly from optimized code. This causes TurboFan compilations to
change the Map::Hash() result, which in turn causes lookups on
the normalized map cache to miss (and maybe other bad consequences).
With this change we swap Map::IsInRetainedMapListBit (previously in
bit_field2) and Map::HasHiddenPrototypeBit (previously in bit_field3)
to address this problem.
Bug: chromium:963411, v8:9114, v8:9267
Change-Id: I040a27c37305fa602649750bd93bee40c91fca78
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619747
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61657}
This fixes the error message generated for compile errors during
asynchronous instantiation. It shows "WebAssembly.instantiate()" now
instead of "WebAssembly.compile()".
R=mstarzinger@chromium.org
Bug: v8:9266
Change-Id: Ieae478d1c4f6843fbc17e15debb6c49f72059d99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617940
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61654}
This adds three message tests to test the message stack trace we show
for
- synchronous compilation,
- asynchronous compilation, and
- asynchronous instantiation.
Note that the message for the asynchronous cases currently contain the
"WebAssembly.Module()" prefix, which will be fixed in a separate CL.
R=mstarzinger@chromium.org
Bug: v8:9266
Change-Id: I370f4211b5f577ea1b5da026a78b292b50c6a339
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617938
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61653}
This also fixes a bug in 'InitializeCallBuffer', where it wouldn't claim enough
slots for each parameter. This caused the Simd128 instruction selector test to
only claim 3 slots (rather than 4) and then perform an unnecessary padding poke.
v8_Default_embedded_blob_size from the generated file gen/embedded.S
Before: 4957056
After: 4954368
This gives a 0.05% size decrease.
Change-Id: Ic9bb998fb8a9111fb90e1c3e537ea0f2a5fa7b33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617665
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#61649}
Added the comparison of two decompresses to the DecompressionElimination
AdvancedReducer. Note that it works in the case that lhs is equal to rhs.
Also added tests for its implementation.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I21676a78b592859692768c3499ea11117d3bb5a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609793
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61647}
COMPLETE events are being deprecated and don't work well with perfetto
because we can't give out a handle into the buffer like we used to so
that the caller can update the existing event with the duration.
BEGIN/END pairs should be used instead to add two separate trace events
to the buffer which can be associated with one another by the trace
processor e.g. the trace viewer UI.
Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: Ib73c19d77ad58456ce23d15f0b658c26f3dc3d53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615257
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61641}
These were leftover in another directory and can be incorporated into
our standard benchmark runner. We already had some Array slice cases
in js-perf-test so just add some of the important cases from the other
directory to the existing implementation.
Bug: v8:9254
Change-Id: I4cc235b8d3719ecd729f23fe9705ea36d445c340
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617258
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61640}
This reverts commit 3dd5661204.
Reason for revert: causes leak tests in blink layout tests to fail: https://ci.chromium.org/p/chromium/builders/ci/WebKit%20Linux%20Trusty%20Leak/34295
Steps to reproduce:
- Build blink_tests with following GN args
is_component_build = false
is_debug = false
strip_absolute_paths_from_debug_symbols = true
- Run
third_party/blink/tools/run_web_tests.py --additional-expectations third_party/blink/web_tests/LeakExpectations --time-out-ms 48000 --enable-leak-detection external/wpt/wasm/webapi/body.any.html
Original change's description:
> [stack-trace] Include API functions in Error.stack stack trace
>
> This CL extends Error.stack to include frames of functions declared
> with the C++ FunctionTemplate API. For example, "print" in d8.
>
> Two changes are necessary:
> - HandleApiCall and friends need to go through an BUILTIN_EXIT frame
> instead of an EXIT frame. The existing stack-trace machinery will
> then pick up FunctionTemplate frames without additional changes.
> - Turbofan doesn't go through HandleApiCall, but instead uses an
> ASM builtin to enter FunctionTemplate functions. A "marker"
> frame state is needed to include these frames in the stack trace.
>
> Note: This CL only includes these frames in Error.stack,
> but not (yet) in the stack-trace API (v8.h).
>
> Bug: v8:8742,v8:6802
> Change-Id: Ic0631af883cf56e0d0122a2e0c54e36fed324d91
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609835
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61602}
TBR=yangguo@chromium.org,sigurds@chromium.org,jgruber@chromium.org,bmeurer@chromium.org,szuend@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:8742, v8:6802
Change-Id: I4942cd32c6ee5e249dae046eea6b9b2f7120b8ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617933
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61639}
Code that is being moved primarily deal with layout of a JSObject,
accessing properties and elements, and map transitions.
NOTREECHECKS=true
NOTRY=true
Bug: v8:9247
Change-Id: Ibce5d5926ac4021c8d40c4dd109948775ce1da58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613994
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61638}
This is a reland of e7e512da66
Original change's description:
> [turbofan] Add fast path for single-character String#startsWith()
>
> This CL adds a fast path to String#startsWith(s) if s is a
> single character string.
>
> Bug: v8:8400
> Change-Id: Ibd6a9d1e46d98f41c198d2b579208e25003eedb0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1525362
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61504}
Bug: v8:8400
Change-Id: Ic2d60ccb8fdeb51373fcd025a7e970fda0c14d79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1618342
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61637}
deopt-unlinked.js: bytecode flushing destroys the information that
%GetDeoptCount relies on, so turn that off for this test.
cleanupsome-after-unregister.js: the function-local object {o} is
assumed to be alive throughout the function, so make sure its live
range (from the optimizing compiler's view) extends that far.
Drive-by cleanup: drop some unnecessary casting boilerplate from
Genesis::InitializeGlobal_harmony_intl_date_format_range().
Change-Id: I28617f842fe046dd0875a9a082cfc55a3a076bcf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617674
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61621}
es6/classes is slow to run in stress mode and times out on PPC.
As a long term fix we should split this into multiple tests so
each individual test runs faster.
Bug: v8:9246
Change-Id: I95eed06d85f73cc66229dfbd83ac7521dcbbb54f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615252
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61619}
Fastpath failed to store the hole on the array left side.
Bug: chromium:940274
Change-Id: I1eca7b241030474cf5aed6c68f155a1d22ae553e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617255
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61618}
This adds a constructor function to be used as the base class for all
exported functions. With type reflection enabled exported functions are
instances of this new constructor. Using the constructor directly as
well as the 'type' property is still missing.
R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: Id58359cf7866d24be0745abf36a839d3d86e5922
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617253
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61614}
Skipping rather than reverting the CL that introduced the slowness, due to
the fact that said CL is a Stable blocker fix.
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:9256
Change-Id: I8f8b57c415d2b54fe57c43a87e42990909295c57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615260
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61603}
This CL extends Error.stack to include frames of functions declared
with the C++ FunctionTemplate API. For example, "print" in d8.
Two changes are necessary:
- HandleApiCall and friends need to go through an BUILTIN_EXIT frame
instead of an EXIT frame. The existing stack-trace machinery will
then pick up FunctionTemplate frames without additional changes.
- Turbofan doesn't go through HandleApiCall, but instead uses an
ASM builtin to enter FunctionTemplate functions. A "marker"
frame state is needed to include these frames in the stack trace.
Note: This CL only includes these frames in Error.stack,
but not (yet) in the stack-trace API (v8.h).
Bug: v8:8742,v8:6802
Change-Id: Ic0631af883cf56e0d0122a2e0c54e36fed324d91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609835
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61602}
This reverts commit 5f28539599.
Reason for revert: presubmit failure
Original change's description:
> Move logging and diagnostics related source files
>
> This also introduces a COMMON_OWNERS file, which is derived from the
> current top-level OWNERS file. It is to be used for parts of the
> codebase that is not sensitive to domain-specific expertise.
>
> NOPRESUBMIT=true
> TBR=verwaest@chromium.org
>
> Bug: v8:9247
> Change-Id: I34a5eaa7cb1509a80d15094a2aceedd62665b17c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613987
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61600}
TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org
Change-Id: I3827c3af4fd63b18aa48c49617f318a01746e813
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9247
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617247
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61601}
This also introduces a COMMON_OWNERS file, which is derived from the
current top-level OWNERS file. It is to be used for parts of the
codebase that is not sensitive to domain-specific expertise.
NOPRESUBMIT=true
TBR=verwaest@chromium.org
Bug: v8:9247
Change-Id: I34a5eaa7cb1509a80d15094a2aceedd62665b17c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613987
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61600}
This commit attempts to change as little behavior as possible, but it
does require reordering the fields within Map to abide by Torque rules
specifying that strong and weak fields must be in separate sections.
Also includes some Torque compiler updates:
- Allow enums (types extending from integral types) as class fields
- Rename @ifdef to @if and add @ifnot for inverse checks
- Allow void fields in class declarations, which take up no space and
emit no accessors
Bug: v8:8952
Change-Id: I1de6f34c1b15ed87d718666a05176980a218e97c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1480919
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61588}
Now that function counts are based on dedicated call counters instead
of FeedbackVector::invocation_count, we can enable optimizations for
block coverage modes.
This significantly speeds up V8 with enabled coverage:
Before this CL, the web-tooling-benchmark regressed by 70% (block
count coverage vs. no coverage). With this CL, the regression is
reduced to 40%.
Bug: v8:6000,v8:9148
Change-Id: I6bb538bd66f32f016c66c1d1996bce3b25958232
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615241
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61582}
Helper functions to create and warm-up the snapshot blob were
duplicated in various spots (mksnapshot, inspector tests, serializer
cctests). This merges all of these into a single helper function
family declared in snapshot.h.
Bug: v8:9189, chromium:957029
Change-Id: I2d8d6fd8e955ffffd7d805c199d4a858500af588
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598695
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61576}
Prior to this CL, call counts at function scope were taken from the
FeedbackVector::invocation_count field. This had two major drawbacks:
1. for generator functions, these count the number of resumptions
instead of the number of calls; and 2. the invocation count is not
maintained in optimized code.
The solution implemented here is to add a dedicated call counter at
function scope which is incremented exactly once each time the
function is called.
A minor complication is that our coverage output format expects
function-scope counts in the dedicated CoverageFunction object, and
not as a CoverageBlock. Thus function-scope block counts are initially
marked with magic positions, and later recognized and rewritten during
processing.
This CL thus fixes reported generator function call counts and enables
optimizations in block coverage modes (more to come in a follow-up).
Drive-by: Don't report functions with empty source ranges.
Bug: v8:6000,v8:9148,v8:9212
Cq-Include-Trybots: luci.chromium.try:linux_layout_tests_layout_ng
Change-Id: Idbe5edb35a595cf12b6649314738ac00efd173b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613996
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61574}
This is a reland of 9141522739
Original change's description:
> Add test to show the crashing of TimeZone::AdoptDefault
>
> The ICU DEPS for chromium is landing in
> https://chromium-review.googlesource.com/c/chromium/src/+/1607506
>
> Bug: chromium:950851
> Change-Id: If16e82d70c319108ead06dd095b22ecda5408a6b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601370
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61550}
Bug: chromium:950851
Change-Id: I427eba86bb5d4017a43b6767a1da4280d87297eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613896
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61565}
This reverts commit 3e118baf00.
Reason for revert: Reverting as ftang@'s CL here will be reverted.
https://chromium-review.googlesource.com/c/v8/v8/+/1601370, and this was a fix for a bad landing.
Original change's description:
> Update include path to date.h which was moved in the meanwhile
>
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: chromium:950851
> Change-Id: Ia5e547e7cd7947f91814cb24de3dcf3b822905da
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611811
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61552}
TBR=gdeepti@chromium.org,ishell@chromium.org
Change-Id: Ibe1671b1973afae8db6180d3f5471763786bd23d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:950851
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613637
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61553}
Permit individual calls to CpuProfiler::StartSampling to provide their
own requested sampling interval, to be snapped to the profiler's
sampling interval. Use the greatest common divisor of all sample rates
to determine what sample rate should be chosen for the sampling thread,
and dispatch samples to attached profilers based on their requested
sample periodicity.
Change-Id: I0b076d09761d7176f31725e112578b68ab5da54c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1484461
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#61548}
The main change here is that in isolate-data.h, I'm switching from stateJSON to state.
This routine returns a CBOR encoded state cookie, which is also what we already
use in Chromium (blink).
In inspector-test.cc, I then put this byte vector into a V8 String,
and to make this roundtrip, change the extraction routine to get the
bytes. It's a little weird to store arbitrary bytes inside a v8 string,
but it appears to work fine because these bytes end up in the 8 bit portion,
much like isolatin characters would.
Change-Id: I72a0bdefd85a290f4e91db79be67d86952831685
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1610478
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61544}
All macros defined in "format-macros.h" are dead now (after
https://crrev.com/c/1613243). This CL removes this header, and includes
<cinttypes> instead wherever we use format macros for the types defined
in <cstdint>.
Plus some drive-by cleanup of includes.
R=mlippautz@chromium.org
Bug: v8:9183
Change-Id: Ic379759b79edb50e38833defb1577cc3af7c8150
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611800
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61540}
This avoids the need to throw range errors when we run out of stack, limiting
us only by available memory.
The main parser loop is implemented by two subloops.
The first subloop finishes whenever it generates primitive values, empty
arrays, or empty objects. If a non-empty object or array is started, the loop
continues to parse its first member.
The second subloop consumes produced values and either adds them to the parent
array or object, or returns it. The second loop finishes whenever a next value
needs to be produced. When the loop itself produces a finished array or object,
the loop continues.
Exceptions are handled by moving the cursor to end-of-input. Upon end-of-input,
the first loop sets the continuation to "kFail". That causes the second loop to
tear down continuation stack and related handle scopes, resulting in an empty
handle.
The CL additionally buffers all named properties and elements so we can
immediately allocate a correctly shaped object. For object elements we'll take
flat array or dictionary encoding depending on what is more efficient.
This means that element handles are now allocated in their parent HandleScope,
rather than having local handlescopes per-property (of big objects); which is
why I've adjusted the handle-count test to not allocate as many properties. In
the future it would be nice to not have to allocate (as many) handles since
almost everything in the JSON graph will survive JSON parsing...
Bug: chromium:710383
Change-Id: Ia3a7fd0ac260fb1c0e5f929276792b2f8e5fc0ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609802
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61533}
With very few exceptions, this verifies all skipped write-barriers in
CSA and Torque, showing that the MemoryOptimizer together with some
type information on the stored value are enough to avoid unsafe skipped
write-barriers.
Changes to CSA:
SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
MemoryOptimizer by default.
Type information about the stored values (TNode<Smi>) is exploited to
safely skip write barriers for stored Smi values.
In some cases, the code is re-structured to make it easier to consume
for the MemoryOptimizer (manual branch and load elimination).
Changes to the MemoryOptimizer:
Improve the MemoryOptimizer to remove write barriers:
- When the store happens to a CSA-generated InnerAllocate, by ignoring
Bitcasts and additions.
- When the stored value is the HeapConstant of an immortal immovable root.
- When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
- Fast C-calls are treated as non-allocating.
- Runtime calls can be white-listed as non-allocating.
Remaining missing cases:
- C++-style iterator loops with inner pointers.
- Inner allocates that are reloaded from a field where they were just stored
(for example an elements backing store). Load elimination would fix that.
- Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
We could handle that in Torque.
- Double-aligned allocations, which are not lowered in the MemoryOptimizer
but in CSA.
Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
can be handled by overload resolution (in Torque and C++).
Reland Change: Support pointer compression operands.
R=jarin@chromium.orgTBR=mvstanton@chromium.org
Bug: v8:7793
Change-Id: I84e1831eb6bf9be14f36db3f8b485ee4fab6b22e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612904
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61522}
Mechanical change with the exception of one threaded test, that had
to be turned into a normal test to turn green.
R=jgruber@chromium.org
Bug: v8:9183
Change-Id: Ie7c3350415e21f93e8161a3c844cbe165ecd7da5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612899
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61520}
Tests that expect type feedback vector ensure it by using
%EnsureFeedbackVector intrinsic. These tests now work with lazy feedback
allocation as well. Hence it is no longer required to initialize the
shared function info with a special bailout id.
Bug: v8:8394
Change-Id: Iba2f94be7e5651b4faeb8b3bf604d17fb4b146ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609542
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61509}
This CL adds a fast path to String#startsWith(s) if s is a
single character string.
Bug: v8:8400
Change-Id: Ibd6a9d1e46d98f41c198d2b579208e25003eedb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1525362
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61504}
This annotation indicates that the class itself is not instantiated,
and does not have its own instance type: The instance types that
logically belong to the class are the instance types of the derived
classes.
Currently, we need the indication @dirtyInstantiatedAbstractClass
for several classes that are used as both, abstract base classes
and concrete classes. The prime example is JSObject which is the
base for many other classes, and also serves as the class to allocate
plain JSObjects. The annotation is purposefully ugly because in the
future we should refactor code to make it unnecessary.
Another annotation we introduce is @hasSameInstanceTypeAsParent,
which indicates another design pattern that currently occurs in the
code-base: Some Torque classes have the same instance types as their
parent class, but rename some fields, or possibly have a different map.
In such cases, the parent class is not abstract and the derived classes
can be seen as refinements of this class (that, for example, narrows the
type of a field). In the future, Torque should accomodate this pattern
better, but at moment we are content with just indicating where it is
used.
Bug: v8:7793
Change-Id: I1892dcc7325250df75d80308bf3d767d6d43bcc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607761
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61495}
This CL introduces the new suffix '-tq' for Torque generated files,
and replaces the infix 'FromDSL' in type names with a prefix
'TorqueGenerated'.
Change-Id: I1e90460cc0c666da6cf5017e8b3cb7c39c6ac668
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609798
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61490}
Previously we had a special, unshared map on the native context that was
used for results of builtin iterators, which was different from the map
that is created from an object literal like `{value, done}`. This not
only leads to unnecessary polymorphism, but also makes it impossible
for user defined iterators to take the fast-paths that we have in
various places (i.e. in collections or promises).
With this change we now properly share the map for `{value, done}` and
use that for the builtin iterator result objects, as well as the
fast-paths.
Drive-by-fix: Remove the restrictions on map caching and transition
caching during bootstrapping. This no longer makes sense.
Bug: v8:9114, v8:9243
Change-Id: I19eb9071f7ec0ed58f8a6f87eed781bc790174b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609794
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61488}
When using the fast-properties optimization for `delete` with constant
fields we don't properly invalidate the constness on the original map
and might thereby just follow the same transition again later with the
same object, effectively violating the constness of that field. This
disables the fast-properties optimization for `delete` in case of a
field marked as "const" as a quick-fix. We might still want to change
the logic to properly invalidate the "const" bit later.
Bug: chromium:962588, v8:9233
Change-Id: I1d0a8649d117731a0cd5ebdb4b6d0b22a900f33d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609796
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61484}
The missing check that runtime function parameters have to be tagged
lead to a bug: https://chromium-review.googlesource.com/c/v8/v8/+/1604071
drive-by-fix: Remove obsolete verbose mode. It hasn't been maintained
since the very early Torque versions, and the remaining printf's are
rather useless.
Bug: v8:7793
Change-Id: I59adf4c6c5d92a8838cdc638afb2ab7a41550b55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609910
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61483}
When receiver is null or undefined we should not look into key. Calling
ToName on key is observable. This cl fixes the GenericKeyedLoadIC to
miss into runtime when the receiver is null or undefined.
Bug: v8:8394
Change-Id: Iaed07cd1b77b63e550284108777e165141af57a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605948
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61481}
When looking up toJSON function presence on the BigInt prototype,
we must pass the original primitive value as the receiver to any
getter calls. Thanks to the magic of the LookupIterator, this is
actually easier than the alternative.
Bug: v8:9048
Change-Id: I72e144dbfa2862df479fd4deee40acd5dd468243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611538
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61475}
After introducing explicit compress and decompress nodes for each load
and store we are left with many nodes that are redundant.
This CL aims to eliminate redundant decompressions and compressions in the
"direct decompression & compression" category.
Also added tests to test the new reducer.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I93e024d13af34d484086b7983f379265d16ac154
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602702
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61473}
Use the GeneratedCode construct in the EmbeddedObj test to ensure
clang with cfi support is happy.
Bug: v8:7703
Change-Id: Ib80add62127049ee5a763c6a4320add11682395d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611537
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61470}
Previously we would attribute some frames of inline stacks to the wrong
line number.
For inlined frames, the source position table contains the line number
of the most-inlined frame (innermost). It's quite possible that this
function is within another script though, in which case the line number
will be wrong. Fix that here by taking the script from the
InliningStack, rather than assuming it is the same script as the
original code entry.
Bug: v8:7203, chromium:953309
Change-Id: Ia8795dbdd97d2f24f4bc685565d1e3a94e6067b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1403114
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61467}
Previously, processing second pass callbacks could have been called
recursively, and depending on the source of the GC, either with the
ability to call into JS or not.
Make the behaviour consistent by a) no iterating over the second pass
callback list when we are already doing so and b) explicitly allowing
JS execution.
Refs: https://github.com/nodejs/node/issues/27577
Change-Id: Ia13f775b323df4e49e28429ca88cf7d3a77883e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607762
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61466}
For keyed stores to JSArrays we can generally allow the receiver to grow
to the necessary size by bumping the magical length property. This works
for regular Arrays, but not in the case the prototype chain contains a
TypedArray, as that is going to swallow all stores that are considered
out-of-bounds for it.
We don't wanna deal with that kind of complexity in the IC handlers, so
we just refuse to handle that case (also giving TurboFan the signal that
it shouldn't attempt to handle growing stores in that case).
Bug: chromium:960134, chromium:961709
Change-Id: Ia886de590c32ae51ed4ebe38fc237ed975a635aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609790
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61465}
The language server needs Torque compilation artifacts like
declarables for more advanced features. This CL moves the GlobalContext
into the LanguageServerData class when Torque compilation finishes, to
preserve all the compiler data.
Additionally, all declarables are split up by source id. This makes
providing all symbols of a file easier.
R=tebbi@chromium.org
Bug: v8:8880
Change-Id: I424d1ddc04fcd18934f76a736900bc5d08261c07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601132
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61462}
Added null check when printing the brand with --print-ast.
Bug: chromium:961507, chromium:961508
Original change's description:
> [class] implement private method declarations
>
> This patch implements the declarations of private methods, the access
> of private methods would be left to a future patch.
> When a private methods declaration is encountered, we now:
>
> - Create a brand symbol during class evaluation and store it in the
> context.
> - Create the closures for the private methods
> - Load the brand from the context and store it in the instance in the
> constructor.
>
> Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit#
>
> Bug: v8:8330
> Change-Id: I2d695cbdc8a7367ddc7620d627b318f779d36150
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568708
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61387}
Change-Id: I3bf465f70c27914c9ec19f3f59ae018b28c9a866
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605521
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61459}
This increases the kInstructionSize to give the nosnap Isolate
more space to initialize itself.
This is a reland of 2980961182
Original change's description:
> [heap] Add tests to CodeBuilder Build and TryBuild
>
> Bug: chromium:957934
> Change-Id: Ia1ce5f6150b7f862b38f4c135236b154a1b02d6c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594564
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Cr-Commit-Position: refs/heads/master@{#61391}
Bug: chromium:957934
Change-Id: Ib7458f7c18063dbc8bc685ddbb9f22f781c52aa5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609477
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61454}
{CommitPageSize()} can be smaller than {AllocatePageSize()} (on win64,
it's 4kb vs 64kb), thus use the commit size where appropriate.
R=titzer@chromium.org
Change-Id: Ic9a009158d788aa0c53e15790ea089f01ade0d0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605940
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61450}
TurboFan truncated null to +0 even in contexts such as -0 == null
because it was not handling the TypeCheck correctly. This restricts
the type conversion case to not apply truncation in this case (see
comment in patch).
Change-Id: Ia38ace9608800c8d61988de402a31dd863d9160a
Bug: chromium:961237
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609538
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61446}
This factors out a {WasmCodeAllocator} which manages all code
reservations and allocations for a {NativeModule}. This will allow for
better testing of this component (which will be added in a separate CL).
R=titzer@chromium.org
Change-Id: I09727c30afc533e95569276147792d0e641b0507
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605738
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61445}
I did the implementation with a runtime function. I extracted some code
from the implementation of table.get.
By accident I formatted anyfunc.js. However, since it's an improvement,
I don't want to undo it. I didn't change anything in the older tests
though, I only added new tests at the end.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I31832ccc817e1e7989f486d6487108c14d21bbea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602701
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61442}
We need to keep strong references to the final map, otherwise the test
may start failing randomly depending on GC timing, because the optimized
code will get deoptimized when the map disappears.
Bug: v8:9236
Change-Id: I3c18cba96546020b4d70b95993e1531e787ed253
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607652
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61438}
harmony-locale is shipped in m74 and m74 is already out.
Remove harmony-locale flag from the code.
Bug: v8:8910
Change-Id: If9634b6767cfe449cfa03980bbad26ceb7408c79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1592465
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61429}
FATAL() calls with more than one argument are preserved.
The rest of chrome does this as well. Stack traces and minidumps should
be sufficient for analyzing the reason for crashes.
This saves 110kb for Android arm32.
Bug: chromium:958807
Change-Id: I88a1ec82f1ed7bd5e7dbccf6d645d5584f16de82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598159
Commit-Queue: Andrew Grieve <agrieve@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61426}
They are added under the global scope object, as follows:
{
"memory": ...,
"globals": {
"global#0": ...,
"global#1": ...,
"global#2": ...,
}
}
We currently don't have any way to name globals in the wasm binary
format, but it is possible to extend the name section with these names
in the future.
Bug: v8:6846
Change-Id: I79fa4ed3d83964bc8e26d66516605d41e92b3d03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601829
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61425}
This change generates functions that verify the things that Torque knows
about objects and their fields. We still must implement each verifier
function in objects-debug.cc, but we can call into the generated code to
verify that field types match their Torque definitions. If no additional
verification is required, we can use the macro USE_TORQUE_VERIFIER as a
shorthand for a verifier that calls the corresponding generated
function.
A new annotation @noVerifier can be applied to both class and field
definitions, to prevent generating verification code. This allows fully
customized verification for complicated cases like
JSFunction::prototype_or_initial_map, which might not exist at all, and
JSObject::elements, which might be a one pointer filler map.
Because Factory::InitializeJSObjectFromMap fills new objects with
undefined values, and many verifiers need to deal with partially-
initialized objects, the generated verifiers allow undefined values on
every class deriving from JSObject. In cases where stricter checks were
previously performed, they are kept in objects-debug.cc.
Bug: v8:7793
Change-Id: I84034efadca89ba0aceddf92e886ffbfaa4c23fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594042
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61422}
Create an Intl::GetNumberingSystem function shared by several
Intl object which throw exception internally.
Bug: v8:9190
Change-Id: Ibe658e61bc8d0e5c061b26fe8527e69d086ea185
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1590442
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61419}
This is a reland of f2e652264d
Nothing has changed but
https://chromium-review.googlesource.com/c/v8/v8/+/1585269 has been rolled
back due to v8:9234.
Original change's description:
> Reland "[compiler] Don't collect source positions for the top frame"
>
> Fixed crashes by adding missing call to EnsureSourcePositionsAvailable,
> which requires clearing and restoring the pending exception.
>
> > While most source positions were not collected even throwing exceptions,
> > the top frame still was always collected as it was used to initialize
> > the JSMessageObject. This skips even that frame, by storing the
> > SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
> > it to lazily evaluate the actual source position.
> >
> > Also adds tests to test-api.cc that test each of the source position
> > functions in isolation to ensure that they don't rely on previous
> > invocations to call the source collection function.
> >
> > Since no source positions are now collected at the point when an
> > exception is thrown, the mjsunit/stack-traces-overflow now passes again
> > with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
> > only failure).
>
> Bug: v8:8510
> Change-Id: Ifa5fe31d3db34a6c6d6a9cef3d646ad620dabd81
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601270
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61372}
TBR=ulan@chromium.org
Bug: v8:8510
Change-Id: Iaa9e376f90d10c0f25d1bcc352808363e4ea8b4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605946
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61418}
... by moving the EffectControlLinearizer class into the .cc file and
only exposing a single function in the header.
Change-Id: I63dc3edd9de7df60041f0687d920996e308e0d4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605739
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61413}
Everything after UNREACHABLE is dead code, so it makes sense to remove them.
Bug: v8:9183
Change-Id: If76468a73b926d74717cc2348fd5b36d30f680c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605727
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61411}
This reverts commit b9191bd355.
Reason for revert: Clusterfuzz bugs
BUG=chromium:961507,chromium:961508
Original change's description:
> [class] implement private method declarations
>
> This patch implements the declarations of private methods, the access
> of private methods would be left to a future patch.
> When a private methods declaration is encountered, we now:
>
> - Create a brand symbol during class evaluation and store it in the
> context.
> - Create the closures for the private methods
> - Load the brand from the context and store it in the instance in the
> constructor.
>
> Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit#
>
> Bug: v8:8330
> Change-Id: I2d695cbdc8a7367ddc7620d627b318f779d36150
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568708
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61387}
TBR=rmcilroy@chromium.org,gsathya@chromium.org,verwaest@chromium.org,joyee@igalia.com
Change-Id: I429bbe8af9f94598de132814aa2c3ab9fa69b986
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8330
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605730
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61406}
{NativeModule::GetCode} can actually return {nullptr} if no code was
compiled yet for a function, e.g. in asm.js where we use lazy
compilation. In that case, we must not try to increment the ref count
on the nonexisting code object.
We had a few errors recently that were hard to reproduce because we do
not have a flag to enable code logging. Clusterfuzz managed to
accomplish this by passing --trace-ic.
In order to test bugs in code logging properly, this CL introduces a
new runtime function called "EnableCodeLoggingForTesting". It registers
a noop {CodeEventListener} and enables code logging in the wasm engine.
We should whitelist this flag in ClusterFuzz to potentially flush out
more bugs.
R=mstarzinger@chromium.orgCC=frgossen@chromium.org
Bug: v8:8217, chromium:961129, chromium:961245, chromium:961128
Change-Id: I2f97c109db70b41531d58580b71f6781beeb8dcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602700
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61404}
Helps make configuring profilers more scalable as our number of
parameters grows.
Change-Id: I81263a30c221edaa3934a92eb000b71ddfbdea60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601585
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#61402}
JSInliner class wrongly assumed that all functions passing through
JSInliningHeuristic have feedback vectors, but that's not the case
when the inlining candidate hasn't been called yet.
Bug: chromium:961522
Change-Id: I89c0f2098add19d9b59394f1e7230cbec426119d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605720
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61400}
These are added as mjsunit tests for now since they haven't been merged
to the spec repo. When that happens, the wasm-spec-tests testsuite can
be updated to include these tests, and the tests in this directory can
be removed.
This CL also adds the test/mjsunit/wasm/bulk-memory-spec directory to a
list of directories that aren't checked for copyright (since these files
are auto-generated).
Bug: v8:7747
Change-Id: I906f2ca45f497a6728f94afb9b3330971e1d3fd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1600363
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61395}
This brings in
third_party/inspector_protocol/encoding/encoding_test.cc
from the upstream project and makes it work for v8's
unittest suite.
encoding_test_helper.h is a V8 specific implementation,
which delegates to src/inspector/v8-string-conversions{.h,.cc},
for the utf8 / utf16 conversion routines.
I'm also fixing / updating roll.py, for future rolls.
Change-Id: I08e4784838ff81ef3ac328f783512b42c91b6bcd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1597215
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61393}
Per 262, yield* for async generators is supposed to Await the input value.
#sec-generator-function-definitions-runtime-semantics-evaluation
Section 14.4.13, yield *, 7.c.iii.1
Bug: v8:9051
Change-Id: Ie1e829309fe78683a9ff0adf816208c2bf0bb524
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1600508
Commit-Queue: Joshua Litt <joshualitt@google.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61390}
This patch implements the declarations of private methods, the access
of private methods would be left to a future patch.
When a private methods declaration is encountered, we now:
- Create a brand symbol during class evaluation and store it in the
context.
- Create the closures for the private methods
- Load the brand from the context and store it in the instance in the
constructor.
Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit#
Bug: v8:8330
Change-Id: I2d695cbdc8a7367ddc7620d627b318f779d36150
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568708
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61387}
This reverts commit f2e652264d.
Reason for revert: Speculative revert, seems to break GC stress bot and block LKGR - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/25701
Original change's description:
> Reland "[compiler] Don't collect source positions for the top frame"
>
> Fixed crashes by adding missing call to EnsureSourcePositionsAvailable,
> which requires clearing and restoring the pending exception.
>
> > While most source positions were not collected even throwing exceptions,
> > the top frame still was always collected as it was used to initialize
> > the JSMessageObject. This skips even that frame, by storing the
> > SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
> > it to lazily evaluate the actual source position.
> >
> > Also adds tests to test-api.cc that test each of the source position
> > functions in isolation to ensure that they don't rely on previous
> > invocations to call the source collection function.
> >
> > Since no source positions are now collected at the point when an
> > exception is thrown, the mjsunit/stack-traces-overflow now passes again
> > with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
> > only failure).
>
> Bug: v8:8510
> Change-Id: Ifa5fe31d3db34a6c6d6a9cef3d646ad620dabd81
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601270
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61372}
TBR=ulan@chromium.org,rmcilroy@chromium.org,delphick@chromium.org
Change-Id: Ie590df6c308b38836afc5d417d03d2a63260bcb2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8510
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602692
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61381}
Moved tests for IIFEs/top level code to AllocationSiteCreationForIIFE.
It is not possible to use %EnsureFeedbackVector for these tests. They
just turn the lazy_feedback_allocation flag to false.
Bug: v8:8394
Change-Id: Id18cb43bf350efc1a26d04b9c3fce4f638dbda84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601507
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61376}
This fixes the source position printed in the stack trace for exceptions
rethrown from within Wasm code. This only affects the message propagated
to the console, not the trace stored as part of the exception object.
Note that there still is a more fundamental issues with preserving the
original message of a caught exception and funneling it through to each
rethrow site, which is still missing. This change just makes sure that
the interpreter and TurboFan are consistent.
R=clemensh@chromium.org
TEST=message/fail/wasm-exception-rethrow
BUG=v8:8091
Change-Id: Iac04149ded3c54f5b23faeb83b1228081bbd3dfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598754
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61374}
Fixed crashes by adding missing call to EnsureSourcePositionsAvailable,
which requires clearing and restoring the pending exception.
> While most source positions were not collected even throwing exceptions,
> the top frame still was always collected as it was used to initialize
> the JSMessageObject. This skips even that frame, by storing the
> SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
> it to lazily evaluate the actual source position.
>
> Also adds tests to test-api.cc that test each of the source position
> functions in isolation to ensure that they don't rely on previous
> invocations to call the source collection function.
>
> Since no source positions are now collected at the point when an
> exception is thrown, the mjsunit/stack-traces-overflow now passes again
> with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
> only failure).
Bug: v8:8510
Change-Id: Ifa5fe31d3db34a6c6d6a9cef3d646ad620dabd81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601270
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61372}
The original CL title was updated to reflect CL contents. The
--win64-unwinding-info flag still exists but it is set by default.
This is a reland of efd8c2d975
Original change's description:
> Remove --win64-unwinding-info flag and always generate unwind info on Win/x64
>
> The generation of unwind info to enable stack walking on Windows/x64
> (https://chromium-review.googlesource.com/c/v8/v8/+/1469329) was implemented
> behind a temporary flag, in order to coordinate these changes with the
> corresponding changes in Chromium.
>
> The required changes to Chromium
> (https://chromium-review.googlesource.com/c/chromium/src/+/1474703) have also
> been merged, so we can now remove the flag and enable the generation of stack
> unwinding info by default on Windows/x64.
>
> Bug: v8:3598
> Change-Id: I88814aaeabecc007f5262227aa0681a1d16156d5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1573138
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Paolo Severini <paolosev@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#61020}
Bug: v8:3598, chromium:958035
Change-Id: Ie53b39f3bb31567797a61e5110685284c266c1f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1599596
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61368}
A DCHECK in LookupIterator::name hits when we add a indexed property,
as it requires a named property.
This replaces it with GetName to avoid the failure.
Bug: chromium:959727
Change-Id: I1e98b313ec9257db80460a34d691016acbceb3c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1597372
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61358}
There are two possible type:
- scriptParsed - breakpoint for any script,
- scriptWithSourceMapParsed - breakpoint for script with
sourceMappingURL.
When one of the breakpoints is set then for each matched script
we add breakpoint on call to top level function of that script.
Node: https://github.com/nodejs/node/issues/24687R=dgozman@chromium.org
Bug: chromium:887384,chromium:724793,chromium:882909
Change-Id: I9c08b2a2a5ba7006adfedd85fc92ae191517af00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1354245
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61353}
To prevent OOMs for leaked CPU profilers, add the option to limit the
maximum number of samples that are included in a CPU profile.
Bug: chromium:956688
Change-Id: I119d0622e7d39c187f8e09e2d49dec91fd724ecb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588412
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61352}
This change introduces a new decorator syntax @ifdef which can be used
on any class fields in .tq files, and updates SharedFunctionInfo to use
it as an example.
Bug: v8:7793
Change-Id: I690ae2a10d6cab044eedf5b931e4f95e757ed469
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1536985
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61349}
