Implement the new spec behavior that says construction from a neutered
buffer should throw after the ToIndex call on the length argument.
Bug: v8:6216
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I219a107730b53fca639bc813f68f7ddc27e79017
Reviewed-on: https://chromium-review.googlesource.com/789847
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49639}
Previously we only created synthetic variables in the parser and not
in the preparser, causing mismatch in the preparsed scope data.
This patch creates the variables in both parsers.
Bug: v8:5367
Change-Id: I9c511d0b9212bd36816956b06dc204b0b5920e1c
Reviewed-on: https://chromium-review.googlesource.com/789848
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49637}
Within SanitizeImports it is possible that JavaScript code gets executed
therefore we have to open the CodeSpaceMemoryModificationScope after
SanitizeImports.
R=clemensh@chromium.org
Bug: chromium:788469
Change-Id: Ide9bbd4ee4613b28380979d4a6c66d26e6a9406f
Reviewed-on: https://chromium-review.googlesource.com/789936
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49635}
This adds a fast path that avoids the runtime transition for JSArray
source arguments with {packed,holey} {smi,double} elements kinds.
The fast path currently calls straight into C and copies there using
elements accessor logic.
Local tests show a 4x speedup when copying from 1-element JSArrays.
As the source array becomes larger, the time spent copying elements
begins to dominate.
Bug: v8:3590
Change-Id: I05ebe54d7b255d0a76ad46ac11ce7cfd516b8ac8
Reviewed-on: https://chromium-review.googlesource.com/789010
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49634}
VarState was a struct so far, but gained more and more functionality.
Even more will be added for supporting floating point operations.
Thus, make this a proper class.
Drive-by: Order all switch cases to first handle the stack case, then
register, then constant.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I694613ebc4910bcf74a1617485bd72878f46e987
Reviewed-on: https://chromium-review.googlesource.com/789937
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49632}
This fixes the computation of the {may_have_interesting_symbols} flag
for the last map computed in {Map::AddMissingTransitions} method. The
last map is allocated ahead of time, but the flag is only correct once
the descriptors are actually installed in the end.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-786020
BUG=chromium:786020
Change-Id: Iff97780609fe596437eb6bea85606a1c3bb2ac4c
Reviewed-on: https://chromium-review.googlesource.com/789839
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49631}
The GcSafe* methods rely on Heap internals and should thus belong to Heap.
Bug:
Change-Id: I4e6468d51c4dda1d10e94568698e05bee1b56b40
Reviewed-on: https://chromium-review.googlesource.com/789935
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49630}
Previously, the class fields initializer function was stored on a
synthetic context allocated variable. This approach had sevaral
problems:
- We didn't know that class literal had fields until after we had
completely parsed the class literal. This meant that we had to go back
and fix up the scope of the constructor to have this synthetic
variable. This resulted in mismatch between parser and preparsed scope
data.
- This synthetic variable could potentially resolve to an initializer
of an outer class.
For ex:
class X extends Object {
c = 1;
constructor() {
var t = () => {
class P extends Object {
constructor() {
var t = () => { super(); };
t();
}
}
super();
}
t();
}
}
In this the inner class P could access the outer class X's initiliazer
function. We would have to maintain extra metadata to make sure this
doesn't happen.
Instead this new approach uses a private symbol to store the
initializer function on the class constructor itself.
For the base constructor case, we can simply check for a bit on the
constructor function literal to see if we need to emit code that loads
and calls this initializer function. Therefore, we don't pay the cost
of loading this function in case there are no class fields.
For the derived constructor case, there are two possiblities:
(a) We are in a super() call directly in the derived constructor:
In this case we can do a check similar to the base constructor check,
we can check for a bit on the derived constructor and emit code for
loading and calling the initializer function.
This is usually the common case and we don't pay any cost for not using
class fields.
(b) We are in a super() call inside an arrow function in the derived
constructor:
In this case, we /always/ emit code to load and call the initializer
function. If the function doesn't exist then we have undefined and we
don't call anything. Otherwise we call the function.
super() can't be called twice so even if we emit code to load and call
the initializer function multiple times, it doesn't matter because it
would have already been an error.
Bug: v8:5367
Change-Id: I7f77cd6493ff84cf0e430a8c1039bc9ac6941a88
Reviewed-on: https://chromium-review.googlesource.com/781660
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49628}
This increases the maximum nesting level for memory modification scopes
from 3 to 4. It is a follow-up to WebAssembly optimizations which did
increase the total nesting in favor of performance. This also hoists
out the value into a constant, so that it is easier to change.
R=ahaas@chromium.org
BUG=v8:6792,chromium:787731
Change-Id: Ib60a7d66cdf42227d6b717a38c0923bcbbacf8dc
Reviewed-on: https://chromium-review.googlesource.com/788859
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49626}
When compaction is aborted we used to remember this in a data structure
and in a flag on the page that was set by the compacting thread.
Setting the flag races with other threads recording old-to-old slots and
thus checking the page's flags.
Since we already record the page in a data structure, we can delay
setting the flag on the page until post processing aborted compaction
pages right after the evacuation phase.
Bug: v8:7125
Change-Id: I20d109f0f69cf8eab90ed355c113abc6a2f606da
Reviewed-on: https://chromium-review.googlesource.com/789931
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49625}
The chromium style guide allows the use of c++14 features
(https://chromium-cpp.appspot.com/).
Thus ycm should use c++14 by default.
R=bmeurer@chromium.org
Change-Id: I6eca99931d117ad57213e8c6e18e75d83b7fd675
Reviewed-on: https://chromium-review.googlesource.com/789873
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49624}
... and use it for allocation of FixedArray-based objects with custom maps.
Change-Id: Id31d05cf506e3607210fe7fdaf05f55053de5e2a
Reviewed-on: https://chromium-review.googlesource.com/789113
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49622}
It is not possible to simulate big-endian systems on X64/X86,
so snapshots must be generated natively or using an emulator
such as qemu.
Bug:
Change-Id: Ib7ea6fe27ea5da19f270251f18fbc5f1c43413ce
Reviewed-on: https://chromium-review.googlesource.com/771673
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#49621}
Redirect forwards stdout to a file for the duration of a gdb command.
This is useful when inspecting very large objects that generate several pages
of output in a gdb session.
If the GDB_EXTERNAL_EDITOR environment variable is set, popup will
automatically open the generated temporary file in the provided editor.
A simple default that works is GDB_EXTERNAL_EDITOR="gnome-open". Note that
this should be a GUI editor since you would otherwise interrupt the
active gdb session.
redirect jco 0x12345678
redirect x/2000xg 0x12345678
Examples:
Change-Id: I2db78112a0141427c83813d16d94a19bc2cffddf
Reviewed-on: https://chromium-review.googlesource.com/788861
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49620}
During WebAssembly compilation and instantiation we entered a
{CodeSpaceMemoryModificationScope} several times per function. This
introduced significant overhead, see the referenced bug. With this CL
we enter the {CodeSpaceMemoryModificationScope} on a per-module
granularity and not on a function granularity. We enter now the
following scopes:
* one scope for the whole synchronous compilation;
* one scope for each finishing step in asynchronous compilation (each
step finishes multiple functions);
* one scope for module instantiation, without the execution of the
start function.
Locally these changes reduced the overhead significantly.
R=mstarzinger@chromium.org, titzer@chromium.orgCC=clemensh@chromium.org
Bug: chromium:787731
Change-Id: I5c5694544a97f4c1e5a2a29da9a005d0ca7616bd
Reviewed-on: https://chromium-review.googlesource.com/787851
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49618}
This removes:
- V8::AddGCPrologueCallback
- V8::RemoveGCPrologueCallback
- V8::AddGCEpilogueCallback
- V8::RemoveGCEpilogueCallback
The emebedder should use the Isolate versions of these functions.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I7974bc7478e542f29483cf939b33dbb872a3b41d
Reviewed-on: https://chromium-review.googlesource.com/788053
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49617}
In snapshots with several contexts, some contexts may not reference
function or object templates, and therefore would not require external
references for deserialization. However, function and object templates
are deserialized with the isolate as part of the partial snapshot cache,
so we would need these external references even if we only use contexts
that don't need them.
With this patch, we use a fallback in case no external references are
provided. This way, we only run into issues when we actually call native
callbacks.
R=jgruber@chromium.org, peria@chromium.org
Change-Id: I6af8a77f26c92bd73fdab6112474c62da270597f
Reviewed-on: https://chromium-review.googlesource.com/784831
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49615}
This is a reland of 4d3bc552b5
Original change's description:
> [coverage] add coverage for binary expressions
>
> Adds block-level coverage tracking for binary && and ||
> expressions. Introduces a BinaryOperation source-range
> for tracking the operations themselves and an Expression
> source-range, used for tracking NaryLogical expressions.
>
> This builds on work by jgruber@chromium.org in
> the issue.
>
> TBR=marja@chromium.org
> R=jgruber@chromium.org, rmcilroy@chromium.org
>
> Bug: v8:6660
> Change-Id: I83a81f13a3514a734c06948b2d3e91138fb00e18
> Reviewed-on: https://chromium-review.googlesource.com/754564
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49304}
Bug: v8:6660
Change-Id: I1c8571660d6c501d526886867bd841c49d5c44fd
Reviewed-on: https://chromium-review.googlesource.com/778288
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49613}
A bytecode array can be serialized while concurrent marking is running
and aging the bytecode array, which results in a data race.
This patch ensures that the age byte of a bytecode array is not
accessed during serialization.
Bug: v8:7085
Change-Id: I83e4b67fbef0754bf75015b4d1b9b660a0cd402f
Reviewed-on: https://chromium-review.googlesource.com/785677
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49612}
- Fast path for same type source typed array
- Move previous CPP implementation into a runtime function "TypedArraySet"
- Remove parts covered by the TFJ
- Basic receiver, offset, source checks
- Handling of same type source typed array
Bug: v8:3590
Change-Id: I0f19d961424c30cc8bbcb8648b623e7e6dfa33f4
Reviewed-on: https://chromium-review.googlesource.com/786414
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49608}
The existing access to the signatures is plain wrong. This CL fixes
this.
Note that cross-instance indirect calls are only enabled since a few
days (https://crrev.com/c/778159), which is why this bug was not
detected before.
R=titzer@chromium.org
Bug: chromium:787910
Change-Id: Iaac4d1d85840c921eb8554c5094933ec8d987802
Reviewed-on: https://chromium-review.googlesource.com/787312
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49607}
The typer's ToNumber (and thus ToInteger etc.) returns type None when
the input type is BigInt, but we weren't quite ready for that in a few
places.
R=jarin@chromium.org
Bug: v8:7121
Change-Id: Ib12c726338f1ec3dfb9ba5cf54b00cc8d1351a89
Reviewed-on: https://chromium-review.googlesource.com/785130
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49604}
Adds some additional RCS counters to correctly account background
compilation to the background thread.
Also adds a ParseBackgroundProgram as a top-level event for background
parsing since otherwise only pre-parsing was being tracked.
Perf Sheriffs: Note this is likely to increase the Parse-Background
bucket in v8.runtime_stats benchmarks as it now accounts all background
parsing correclty.
BUG=v8:5203
Change-Id: I6ff614b725d85b0bc1901a7bf0e2bac8de1f7cff
Reviewed-on: https://chromium-review.googlesource.com/786237
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49603}
Previously the ScriptCompiler event for compiling streaming sources
was not attaching the runtime trace events to the trace event, which
meant the runtime call stats for these were being lost.
Perf Sheriffs: This is likely to cause perf regressions in v8.runtime_stats
benchmarks because it will start attributing additional events we were
losing before.
BUG=v8:5203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I0ef9a10951dc976fb0415ae7b5a91c16e1968ae5
Reviewed-on: https://chromium-review.googlesource.com/786551
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49600}
The tsan skips were getting a bit spread all over the place. Added a
section for them below msan and asan to keep things together, where
the only cause for skipping the test is tsan.
Bug: v8:7093
Change-Id: I606c3ab2f23e4159c12c1e81d28e855412158f15
Reviewed-on: https://chromium-review.googlesource.com/785810
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49599}
If async stack is longer then max depth, we add externalParent as id,
client can fetch next max depth async stacks by Debugger.getStackTrace.
R=dgozman@chromium.org
Bug: chromium:778796
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I89d461e672251f03fb239f4f16ae3b0374fce766
Reviewed-on: https://chromium-review.googlesource.com/776242
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49595}
If protocol client needs to make step-into async call:
- pause before async call using any Debugger agent capabilities,
- call Debugger.stepInto with breakOnAsyncCall flag,
- wait for Debugger.paused event, this event will contain
asyncCallStackTrace if async call is scheduled,
- call Debugger.pauseOnAsyncCall on each known target,
- resume execution in current debugger by Debugger.resume.
Bug: chromium:778796
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I40c56278e7b1ceafc3bf81608b8ca6716c2b3168
Reviewed-on: https://chromium-review.googlesource.com/773573
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49594}
- Removes TODO implying that moving a 32 bit immediate to a stack slot
doesn't require the use of kScratchRegister. While movl can be used
to store a 32 bit immediate to memory, it doesn't zero extend leaving
part of the slot uninitialized.
Bug:
Change-Id: I0ebc873b752d508753b624e0b5e262193a568c2b
Reviewed-on: https://chromium-review.googlesource.com/784193
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49592}
Sometimes we need to capture stack trace on one debugger and use it
later as a parent stack on another debugger (e.g. worker.postMessage).
This CL includes following addition to our protocol and v8-inspector.h:
- added Runtime.StackTraceId, this id represents stack trace captured
on debugger with given id,
- protocol client can fetch Runtime.StackTrace by
Runtime.StacKTraceId using Debugger.getStackTrace method,
- externalParent field is added to Debugger.paused event, it may
contain external parent stack trace,
- V8Inspector::storeCurrentStackTrace captures current stack trace
and returns V8StackTraceId for embedder this id can be used as
argument for V8Inspector::externalAsyncTaskStarted and
V8Inspector::externalAsyncTaskFinished method. Any async stack
trace captured between these calls will get passed external stack
trace as external parent. These methods are designed to be called
on different debuggers. If async task is scheduled and started on
one debugger user should continue to use asyncTask* API,
- Debugger.enable methods returns unique debuggerId.
TBR=dgozman@chromium.org,jgruber@chromium.org
Bug: chromium:778796
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I2c1a2b2e30ed69ccb61d10f08686f4edb09f50e4
Reviewed-on: https://chromium-review.googlesource.com/786274
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49591}
