The BodyDescriptor of an object should use its aligned size.
Change-Id: If743ca130b3cb97c4f25054db6dc887d88fc5e32
Reviewed-on: https://chromium-review.googlesource.com/1140309
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54510}
Brokerized ReduceJSCreateEmptyLiteralObject and added the scope
for ReduceJSCreateLiteralArrayOrObject.
Bug: v8:7790
Change-Id: Ife34a6b610678a3fe24152151cf343400ee515bd
Reviewed-on: https://chromium-review.googlesource.com/1140306
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54507}
We try to prevent side effects by forbidding running any JavaScript
when we get property from node object.
In case of object node it is possible that by calling property we force
internal object initialization which may force creation of new context,
this initialization can not be made with forbided JavaScript and at the
same time is side effect free.
As workaround we can warmup dom objects first and then generate
description.
R=dgozman@chromium.org
Bug: chromium:827585
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ifd2c6317ffd5cb3822d2a2eedf3d0b0f36a201f1
Reviewed-on: https://chromium-review.googlesource.com/1041078
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54505}
This patch makes `d8` recognize files with the `.mjs` extension as
modules instead of classic scripts. This change can be tested by saving
the following JavaScript program as both `module.mjs` and as
`script.js`:
console.log(this === undefined ? 'strict' : 'sloppy');
Then, run these files in `d8` without passing the `--module` flag:
$ d8 module.mjs
strict
$ d8 script.js
sloppy
The use of `.mjs` matches not just Google’s recommendation [1] but also
the current modules implementation in Node.js [2].
[1] https://developers.google.com/web/fundamentals/primers/modules
[2] https://nodejs.org/api/esm.html
Bug: v8:7950
Change-Id: I8f39420dc24a5eedd7e88d3b1aa48207ebfeff6e
Reviewed-on: https://chromium-review.googlesource.com/1140314
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54502}
Struct are bundles of value types. They are essentially just shorthand
for passing around a group of individually defined values.
Struct types are declared like this:
struct A {
x: Smi;
y: int32;
}
and can be constructed explicitly like this:
A{0, 0}
Structs can be used wherever other types are used (e.g. variables,
parameters, return values) except for parameter/return types of
builtins and runtime functions.
Struct use field access notation to set/get their values like this:
let a: A = A{0, 0};
let b: Smi = a.x;
a.y = 0;
Change-Id: I9fd36a6514c37882831256a49a50809c5db75b56
Reviewed-on: https://chromium-review.googlesource.com/1122133
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54501}
i32 stack parameters can be loaded by Turbofan as 64-bit value, hence
they would not be zero extended. If this loaded value is then passed to
Liftoff (which assumes zero-extended i32 values), we could use it for
memory accesses, which would be out of bounds.
R=mstarzinger@chromium.org
Bug: chromium:864509, v8:6600
Change-Id: I0f45a269b1fb1c2befc2e6bc660c559a88323767
Reviewed-on: https://chromium-review.googlesource.com/1140168
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54500}
This reverts commit f5a8352b0f.
Reason for revert: Performance issues
Original change's description:
> [embedded-builtins] Enable on all arches except x86 for benchmarks
>
> This CL enables embedded builtins to get benchmark feedback. We need
> this feedback to identify and address remaining performance problems.
>
> Bug: v8:6666
> Change-Id: I8f77f218e656b55ddabe1236eb2a1d14a5ac6233
> Reviewed-on: https://chromium-review.googlesource.com/1105834
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53836}
TBR=sigurds@chromium.org,jgruber@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:6666
Change-Id: I0e0897eefa069b0b9ad2dd56b2ffc3e3617f9258
Reviewed-on: https://chromium-review.googlesource.com/1139974
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54498}
This changes the ARM64-specific {TurboAssembler::AssertSpAligned} helper
to not generate calls to the {Abort} builtin. It is needed to ensure all
WebAssembly runtime stubs (e.g. {WasmGrowMemory}) are independent of the
Isolate. In general calling the {Abort} builtin without a valid frame
being present will produce bogus debug messages anyways. Hence we just
unconditionally use traps for the debug code in question.
R=sigurds@chromium.org
Change-Id: I93eb87e8b87209da8506c9b28e2c800950d1118a
Reviewed-on: https://chromium-review.googlesource.com/1140170
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54496}
We used to have an optimized version for ToString on number nodes
which was allocating an object on the heap, therefore
preventing this code from being executed on the compiler thread.
Octane benchmark results show insignificant increase in performance
(< 0.5%) without this optimization - see
https://docs.google.com/spreadsheets/d/1MC5NrMoMSsqxZqw0ojoZvomBb7q2EOt1S0sFoJ8ld2c/edit#gid=1732639373
which leads to the conclusion we can safely remove the optimization for now.
Bug: v8:7790
Change-Id: Ia1d53608f8d10ba20e0ff57cccb34583655382c6
Reviewed-on: https://chromium-review.googlesource.com/1139063
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54495}
Also moves ObjectVerify to GlobalHandles::CopyGlobal from
V8::CopyPersistent (which was the only caller) so it can get hold of an
Isolate*.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I0758bf6e431bf6e617244741ab2e1583a3566b20
Reviewed-on: https://chromium-review.googlesource.com/1140295
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54493}
Pass Isolate directly into several LayoutDescriptor methods so they
don't call GetIsolate on unsafe objects.
Also marks DebugInfo as non-read-only (so our GetIsolate removal tools
stop trying to change BreakIterator::isolate() to call itself).
Bug: v8:7786
Change-Id: I626a83d603ab74f648c72eb50d027b3866cedceb
Reviewed-on: https://chromium-review.googlesource.com/1138326
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54490}
The instruction selector currently sometimes emits a lea32 with an
offset of 0, which the code generator just ignores (emits no code at
all). This can result in the result of TruncateInt64ToInt32 to not be
zero extended.
This CL fixes that by disallowing lea32 instructions with 0 offset, and
fixing the instruction selector to generate a movl or just no code for
that case.
R=jarin@chromium.org
Bug: chromium:863810, v8:7947
Change-Id: I1b21fc5f0fda9ca3144917538c3d0bbf46601c33
Reviewed-on: https://chromium-review.googlesource.com/1137825
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54489}
Ran GetIsolate/GetHeap removal script over all the header files included
into objects.cc. Affected classes include: ScriptContextTable
RuntimeCallTimerScope GlobalDictionaryShape Map LookupIterator
PrototypeIterator FixedArrayBuilder
Manually fixed up Map to mark its write operations as safe for
GetIsolate since they modify the object as so can't be done in RO_SPACE.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2fd0960f085d1bcb4cf54b3418899ac0217917ca
Reviewed-on: https://chromium-review.googlesource.com/1138076
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54488}
Also deletes lots of code that attempts to detect when the heap is
corrupt but would likely just crash if the heap was corrupt.
Bug: v8:7786
Change-Id: I2e6bbea2e393b0f640a9d7180114560e7f6d3670
Reviewed-on: https://chromium-review.googlesource.com/1140061
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54487}
kMaximalCodeRangeSize can be zero to indicate no limit, which was
misinterpreted by mksnapshot.
Bug: v8:6666
Change-Id: I512412a5ef866c0595654aa78c6761bc00b82c56
Reviewed-on: https://chromium-review.googlesource.com/1140057
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54486}
This is a reland of f0a9a6a5ad
Original change's description:
> Update GN configs for v8_perf target to allow running perf tests in swarming
>
> This will allow us to migrate our deprecated configs to android_docker.
>
> R=machenbach@chromium.org
>
> Bug: chromium:838864
> Change-Id: I5f7db648520847aa2077e9fc2a5970e63daa9a50
> Reviewed-on: https://chromium-review.googlesource.com/1131944
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54441}
R=machenbach@chromium.org
Bug: chromium:838864
Change-Id: I35e1ab911ac3b5ddd8478faae4799ed5d7bbccbf
Reviewed-on: https://chromium-review.googlesource.com/1139973
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54484}
This changes several CHECK macros textually (but not semantically)
to make them distinguishable by message in crash dumps.
Bug: chromium:855041
Change-Id: I74b66a80c63b264b463eadb333b5359fb412130a
Reviewed-on: https://chromium-review.googlesource.com/1138320
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54482}
It's a growing weak array which also has an API for marking slots empty (those
will then be filled before growing the array again).
This is a more efficient implementation than the corresponding feature in
FixedArrayOfWeakCells, because we chain the empty slots together.
BUG=v8:7308
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I335cd3f9cc7838c7f6ca350735b1503b2f5b8eed
Reviewed-on: https://chromium-review.googlesource.com/1090922
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54481}
This makes it more convenient to work with brokerized data.
Bug: v8:7790
Change-Id: I7ffb4054b809c10c67787b2fb89a05e8ce8f4575
Reviewed-on: https://chromium-review.googlesource.com/1138248
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54480}
This CL adds local const bindings. This means that instead of
generating TVARIABLEs for variables, we can generate simple TNodes.
Example:
macro FooBar(): {
const kSomeSmi: Smi = 10;
...
}
This CL also enforces that variables with a constexpr type are bound
using 'const' and not 'let'.
R=tebbi@chromium.org
Bug: v8:7793
Change-Id: Id20a18149df9fc374ce718bdb1478e3eabb6e6df
Reviewed-on: https://chromium-review.googlesource.com/1138316
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54479}
Deprecate String::Utf8Length in favor of a new, similar function that
takes the Isolate used for the String::Flatten call as an argument.
BUG: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Icaf04b272679fd853e9cdbe6c7088f63e9aacb95
Reviewed-on: https://chromium-review.googlesource.com/1124724
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54476}
Use the given locale and options when performing toLocaleString on each
individual element in a given array.
Bug: v8:7832
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I718a33c42e85819065599ee6bad59fb25afa7e15
Reviewed-on: https://chromium-review.googlesource.com/1132464
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54474}
SharedFunctionInfos store their original function literal's id. This is
also their index in the Script's SFI list.
The function literal id is only needed for lazy compilation and live edit,
and access only has to be fast in the former. So, we can move the SFI
function literal id field to UncompiledData, and if patching with live
edit, or discarding compiled code, we can perform a slower linear search
through the Script's SFI list.
This is a reland of
1) https://chromium-review.googlesource.com/1082480 and
2) https://chromium-review.googlesource.com/1128854
the differences being:
1) caching the literal id on UncompiledData rather than always linearly
searching the SFI list, and removing the unused runtime-liveedit.cc
file instead of fixing it to support this change.
2) clearing padding on UncompiledData now that it has 3 int32 fields,
making its end unaligned on x64.
TBR=yangguo@chromium.org,marja@chromium.org,ulan@chromium.org,cbruni@chromium.org
Bug: chromium:818642
Change-Id: I58dcb12a2a60a680f662568da428e01189c62638
Reviewed-on: https://chromium-review.googlesource.com/1138325
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54473}
Since RO_SPACE objects can't move then IsDereferenceAllowed, just return
true for any objects in RO_SPACE.
R=leszeks
Bug: v8:7786
Change-Id: I67d2d8902a3c2196991bf57ba719c8b05220cdbb
Reviewed-on: https://chromium-review.googlesource.com/1138324
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54472}
This also fixes JSCreateLowering::ReduceJSCreate to use in-object
property count after slack tracking. This would still deserve some
more bullet-proof treatment; in particular, we should make it
somehow hard to access the pre-slack-tracking instance_size and
inobject_property_count (and possibly other things that might be
derived from the stale instance_size).
Bug: v8:7790
Change-Id: Ie374e5a030ec2fe000647e94d848ca0f9ee346f4
Reviewed-on: https://chromium-review.googlesource.com/1138235
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54471}
This marks the following methods as V8_DEPRECATE_SOON and adds new
versions that take Isolate* as their first parameter:
PrimitiveArray::Set
PrimitiveArray::Get
StackTrace::GetFrame
String::Write
String::WriteOneByte
String::WriteUtf8
String::Concat
StringObject::New
Additionally StackFrameInfo, Module and TemplateInfo are marked as
NeverReadOnlySpaceObject so their GetIsolates calls are safe.
In api.cc, ContextFromHeapObject is split into
ContextFromNeverReadOnlySpaceObject and UnsafeContextFromHeapObject,
where the latter uses the deprecated methods but is only called from
methods that were themselves already marked V8_DEPRECATE_SOON.
Deprecation warnings for using HeapObject::GetHeap/GetIsolate are
suppressed for all the uses in V8_DEPRECATE_SOON methods so that stats
produced using tools/collect_deprecation_stats.sh don't show them.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I48799b5599711661b14d0cd04f21a0a00322da4a
Reviewed-on: https://chromium-review.googlesource.com/1136641
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54469}
We used to have an optimized version for nodes that are concatenating
two strings which was allocating an object on the heap, therefore
preventing this code from being executed on the compiler thread.
Octane benchmark results show insignificant increase in performance
(< 0.5%) without this optimization - see
https://docs.google.com/spreadsheets/d/1MC5NrMoMSsqxZqw0ojoZvomBb7q2EOt1S0sFoJ8ld2c/edit?usp=sharing
which leads to the conclusion we can safely remove the optimization for now.
Bug: v8:7790
Change-Id: I6492c6a76118cac568d28805995d55c5360bb123
Reviewed-on: https://chromium-review.googlesource.com/1138246
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54467}
This reverts commit 1d4a1172f5.
Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/21989
Original change's description:
> [sfi] Remove SFI function literal id field
>
> SharedFunctionInfos store their original function literal's id. This is
> also their index in the Script's SFI list.
>
> The function literal id is only needed for lazy compilation and live edit,
> and access only has to be fast in the former. So, we can move the SFI
> function literal id field to UncompiledData, and if patching with live
> edit, or discarding compiled code, we can perform a slower linear search
> through the Script's SFI list.
>
> This is a reland of
> https://chromium-review.googlesource.com/c/v8/v8/+/1082480
> but caching the literal id on UncompiledData rather than always linearly
> searching the SFI list. Also, removes the unused runtime-liveedit.cc file
> instead of fixing it to support this change.
>
> Bug: chromium:818642
> Change-Id: I977bcca0dc72903ca476a7079d156cc8bbe88fde
> Reviewed-on: https://chromium-review.googlesource.com/1128854
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54464}
TBR=ulan@chromium.org,marja@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org,cbruni@chromium.org,leszeks@chromium.org,verwaest@chromium.org
Change-Id: Icee5ee3ab7688b93e2963f91debed65a58164534
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:818642
Reviewed-on: https://chromium-review.googlesource.com/1138276
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54466}
SharedFunctionInfos store their original function literal's id. This is
also their index in the Script's SFI list.
The function literal id is only needed for lazy compilation and live edit,
and access only has to be fast in the former. So, we can move the SFI
function literal id field to UncompiledData, and if patching with live
edit, or discarding compiled code, we can perform a slower linear search
through the Script's SFI list.
This is a reland of
https://chromium-review.googlesource.com/c/v8/v8/+/1082480
but caching the literal id on UncompiledData rather than always linearly
searching the SFI list. Also, removes the unused runtime-liveedit.cc file
instead of fixing it to support this change.
Bug: chromium:818642
Change-Id: I977bcca0dc72903ca476a7079d156cc8bbe88fde
Reviewed-on: https://chromium-review.googlesource.com/1128854
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54464}
This is a reland of b7f0951ffa
Original change's description:
> [wasm] Add a separate CodeTracer to the WasmEngine.
>
> This makes sure the TurboFan pipeline is independent of the Isolate by
> getting the CodeTracer from the WasmEngine for WebAssembly compilations.
>
> R=clemensh@chromium.org
>
> Change-Id: I343af1a2bfaeff77e2f41ef0c53fbfe165e2e202
> Reviewed-on: https://chromium-review.googlesource.com/1134997
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54455}
Change-Id: I48b161b5f35dd388fd3ef299afe04214a666b5a6
Reviewed-on: https://chromium-review.googlesource.com/1138114
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54462}
