This CL moves the timeline related methods of the
map model into timeline panel to encapsulate timeline
web component.
Bug: v8:10673, v8:10644
Change-Id: Ie82ca8dc920cb64bd5ba81ead1a346492bd2b738
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2302893
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Cr-Commit-Position: refs/heads/master@{#68908}
SSE requires operand0 to be a register, since we don't have memory
alignment yet. AVX can have performance issues for unaligned access.
Bug: v8:9198,chromium:1106285
Change-Id: Ic587d9e0d601664cf6010061d74b22740ba47702
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2303590
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68906}
... by migrating old-style code
MyObject* obj = new (zone) MyObject(...)
to the new style
MyObject* obj = zone->New<MyObject>(...)
... and prohibiting accidental use of the old-style.
Bug: v8:10689
Change-Id: Id75774ac12e3d0f95cb3a538066dffbf7815e438
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300490
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68905}
1) turn static methods to instance ones.
2) change New/Delete to NewArray/DeleteArray getting array length as
argument instead of raw size.
3) propagate type tags through allocate/delete methods of existing
AllocationPolicy classes.
This will allow implementing accounting of deallocated zone memory.
Bug: v8:10572
Change-Id: Ib41c646044814ac6d75d50b2847bbb8964ce25d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300489
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68904}
This CL depreciates the TransitionView Class of the
app model to handle map transition only within map
model. It isolates the Map Panel to comply web
component standards.
Bug: v8:10667, v8:10644
Change-Id: Idf8ca58744aacd0159ee4af6e71886374385377e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300541
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68902}
Replacing EnsureSweepingCompleted() with DrainSweepingWorklistForSpace()
caused sweeping to be completed later. This resulted in longer scavenger
pauses, since the scavenger had to stop & resume sweeping more often.
To avoid this, the scavenger now completes sweeping when all pages are
swept.
Bug: chromium:1106295, v8:10315
Change-Id: Ia46efdfb1f2492e9228f0349936be32a467f502b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2301935
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68900}
This CL adds a helper class for commonly used
helper methods inside web components, decreasing
the amount of duplicated code across the app.
Bug: v8:10667, v8:10644
Change-Id: I754396a9b3598d0930a82fc487857e946bfd3805
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299359
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Cr-Commit-Position: refs/heads/master@{#68899}
Property descriptor interceptor may and may not throw an
exception. If it's thrown, V8 has to propagate the exception
appropriately.
Especially HTML ([1][2]) requires that the cross origin case of
getOwnPropertyDescriptor throws a SecurityError. Hence, Blink
is going to throw a SecurityError in the cross origin descriptor
interceptor. Then, this fix is necessary.
[1] https://html.spec.whatwg.org/C#windowproxy-getownproperty
[2] https://html.spec.whatwg.org/C#location-getownproperty
Change-Id: I7e3a92f1a16f1a2cda3818fd585a89fd83989003
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2297076
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68898}
This is exactly the same issue as in https://crrev.com/c/2299364 for test-torque.cc
Change-Id: I066d93918c94d0c68278c72d9b60ec92a1c5f68b
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300546
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68897}
... this reduces the size of VariableMap object by one word which in
turn reduces zone memory pressure. The Scope class which contains
VariableMap as a field is usually in top 5 of all allocated objects
in zone memory.
Bug: v8:9923
Change-Id: I79c6bd9ae97db72f24b831fd5e3733d8d7e4c0fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300486
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68896}
... which might use an outdated result of a lookup.
Currently it's not an issue, since we don't reuse container's backing
stores allocated in zone memory.
Bug: v8:7790
Change-Id: I30cc0ba747fd704403422711d1f1a5952fe6d68c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2301931
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68894}
We must perform "smi-checks" before loading an object's map
whenever the object might be an i31ref.
Bug: v8:7748
Change-Id: I2d9839ddcb0c2e8c35b9bea38afe50d55dd084cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299370
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68893}
This CL ports MarkingVerifier from blink.
The existing verifier checks only references on heap.
This new verifier checks references both on heap and on stack.
Bug: chromium:1056170
Change-Id: I083dcb0087125312cca34a2201015a9aecfe6ea4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300484
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68891}
This prevents v8 to send too many breakpoints and
thus exceed the maximum length for a message in
mojo.
Bug: chromium:1105172
Change-Id: I2af21f117d24c52d2f0df6294f15f091b84b1a75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300542
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68890}
We cannot allocate large arrays exceeding the size of
kMaxRegularHeapObjectSize in young space. Bailout of optimization in
such cases.
Bug: chromium:1105746
Change-Id: I4f7357c2dd7b3e70d747f9067660725ecf6ae768
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300481
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68889}
Rest arguments were using the builtin NewArgumentsElements to create its backing store. This does work when the rest elements are a suffix of the arguments in the stack, but this is not the case when V8_REVERSE_JSARGS is enabled.
This CL ports the builtin to Torque and fix the previous issues with V8_REVERSE_JSARGS.
Change-Id: I82db0dfd409d909336f34312f62c379ca5929e1e
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284988
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68888}
This CL adds global state management
methods into the App Class. Thus, make it
easier to control global state of the web app.
Bug: v8:10667, v8:10644
Change-Id: I9e37c3e851a3912ebc6c672eb4372f77d20a989c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300482
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68887}
Now that --concurrent-inlining is already using LocalHeaps and requires
a global safepoint, let's measure how long it takes to stop-the-world.
Bug: v8:10315
Change-Id: I90f451448199fd43b9991849f4343f77e4aa3813
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300544
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68886}
This is an attempt to fix a build failure in MSVC14.26.28801.
Bug: v8:10691
Change-Id: Ic4b994b14e1ac70ab95f3da53bd7be382e38a4b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300540
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68884}
... which gets the zone from its ZoneAllocationPolicy instance.
This recovers memory regression caused by adding an AllocationPolicy
instance into TemplateHashMapImpl and therefore to VariableMap.
Bug: v8:10572
Change-Id: I7962b49e5f2669307e58b3ed7b1f29bab1c42cad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2298002
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68879}
In this test we both search and insert a transition in the main thread,
while the background thread searches.
Bug: v8:7790
Change-Id: Ic899f6c36c9bf9f7f5364ea30eb1c875b7ef6535
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243211
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68878}
... this will avoid the need to pass AllocationPolicy to every method
that can allocate/deallocate and allows to make deallocation method
implementation stateful.
The latter will also allow implementing accounting of deallocated zone
memory.
Adding one more field is generally fine because usually these hashmap
objects are allocated on the stack or inside other rarely-allocated
long-lived objects.
The only exception is Scope class. The Scope objects are created very
often during parsing and each of them has a VariableMap field.
The Scope object size issue will be addressed in a follow-up CL.
Bug: v8:10572
Change-Id: I63fbd41246cf2e568c8ba80c213d3e9caffc2c87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284992
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68877}
The cctests were wrong, since they access the first parameter using `Parameter(0)`. They should instead use `Parameter(1)`, since the index 0 is the receiver, and the receiver is set to be always the undefined object in `FunctionTester::Call`.
The reason it used to work is that the tests would set up an access to the stack with the wrong number of parameters, accessing only a stack suffix.
Change-Id: I02b7ee97c8759c7aecda0338863b7727762df1ba
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299364
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68876}
The snapshot code assumes that the entire snapshot's length fits into
an int, which implies that it doesn't support individual objects that
are bigger than that. That's okay, because it isn't reachable from
user code, and embedders would notice at compile time when they run
into this limit. So we can just continue to skip the few regression
tests we have for huge TypedArrays in the stress_snapshot variant.
Change-Id: Ib37c0582763d549a3d5c5ccc3a78d200b176f3b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299373
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68874}
This is a reland of 273f4e42e3
Original change's description:
> [heap] Avoid ParkedMutexGuard during allocation
>
> Since main thread allocation does not start incremental marking anymore
> while holding allocation_mutex_, background allocation does not need
> ParkedMutexGuard anymore to avoid deadlocks.
>
> This also means background thread allocation isn't paused anymore to
> perform a GC, which already resulted in subtle bugs (e.g. in
> ExpandBackground with incremental marking). We also do not
> stop-the-world anymore while holding allocation_mutex_.
>
> Bug: v8:10315
> Change-Id: Iadf00bc26434c765722b82a10497ab06151f15cc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289771
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68754}
Bug: v8:10315
Change-Id: If5aec78370685369ad0f1d7a76002d45f149ddfb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2297468
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68873}
Change names of global functions from
globalXYZEvent to handleXYZ format to increase
readability.
Bug: v8:10667
Change-Id: Ie5e7b6b7ab1c535f5c6beb65361d0a78cac96e46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299362
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68872}
This change adds a has_error parameter on the stack
which allows the fast callback to report an error. In case
this parameter is set to non-zero, the generated code calls
the slow (default) callback, which can throw the exception.
Bug: chromium:1052746
Change-Id: Ib11f6b0bef37d5eb1d04cd6d0a3ef59028dcc448
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183929
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68871}
This CL attaches global functions of the panels
as instance variables of an app class.
Bug: v8:10667, v8:10644
Change-Id: Ib76730652f977ac81e3558ddb18165e938859512
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2297476
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68867}
In addition to decoding them, we also have to evaluate the initializer
instructions when instantiating a module.
Drive-by fix: use "big-endian" encoding (prefix comes first) when
emitting initializers in the module builder.
Bug: v8:7748
Change-Id: Idfa0f5db298a8f6c6100fc09e1984e4a2e170e4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2298004
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68866}
mjsunit/regress/regress-896326.js failed on mips simulator, because mips
simulator has larger stack size and won't throw the expected RangeError
exception.
This CL set sim-stack-size to 100K in regress-896326 just like setting
the native machine's stack-size.
Change-Id: I51328b10a7b54addab2adb90401680c0581d7ee2
Bug: v8:10709
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299880
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68865}
This CL maps the colors being used in
the web app to variables to make it easier to
change color palette without having to track color
changes across files.
Bug: v8:10673
Change-Id: Icf1c53396b8a831367c4ed420931e6233d780a07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2298005
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68864}
When creating a new JSFunction (either through Factory::NewFunction or
the FastNewClosure builtin), install the cached Code object if one
exists. In the former, this happens explicitly; in the former implicitly
through %CompileLazy.
Drive-by: Clean up nci tracing methods.
Drive-by: Rename maybe_has_... to may_have_cached_code.
Bug: v8:8888
Change-Id: I98d87df10df496c45749b3fd76c072c36af45b68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2294662
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68863}
With CagedHeapLocalData, size of allocatable area in the caged heap has
reduced, but CL that introduced it didn't change the size passed to
BoundedPageAllocator.
Change-Id: I3720820589c88c3467af68cd7da1b305dc5a77b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2297474
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68862}
This is a follow-up fix for
https://chromium-review.googlesource.com/c/v8/v8/+/2292230
In this CL fixes the case when the property cell is added to the
dictionary but the value is not actually stored which leaves
PropertyCell with the hole in the dictionary.
Now the logic for GlobalDictionary matches the logic for
NameDictionary - the property cell is added to the dictionary in
LookupIterator::ApplyTransitionToDataProperty().
Bug: chromium:1104711, chromium:1105383
Change-Id: I56da16d85d13288fbc41fd60dbce556fec5e7d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2297472
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68860}
This CL fixes the Map Panel colors. The getColor
function of Edge class was always falling to the
default color unable to show correct colors in
the timeline panel.
Change-Id: Ide13b35703a656251222f512b2b9282f9f34cc04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2297473
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Cr-Commit-Position: refs/heads/master@{#68859}
