Makes the order of the generated calls to the Runtime function
DefineAccessorPropertyUnchecked fixed regardless of hashseed so that
recompilation for lazy source positions always generates the same
result.
Moves AccessorTable from src/ast/ast.h to bytecode-generator.cc since
that's the only place that uses it.
Bug: v8:9383, v8:8510
Change-Id: I89e0aad1683a793714bfb48eca1b00abe20cad0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669689
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62303}
This is a reland of a5fa211f30
des_checksum and call_once_run were undefined and unused respectively when
shared read-only heap was enabled. Fixed with a copious amounts of USE.
Original change's description:
> [roheap] Check that ro-heap is always passed the same read-only snapshot
>
> Previously the ReadOnlyHeap simply discarded all but the first
> ReadOnlyDeseralizer. ClearSharedHeapForTest should be called if using a
> new ReadOnlyDeserializer (this might change in the future).
>
> Remove an obsolete 'StartupSerializerRootMapDependencies' test. It used
> to test Map::WeakCellForMap which doesn't exist anymore and was
> difficult to adapt to a shared read-only heap.
>
> Bug: v8:7464
> Change-Id: I64b8e953b0e3466e003541ec8a9321e439a01d33
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660612
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Cr-Commit-Position: refs/heads/master@{#62250}
TBR: yangguo@chromium.org
Bug: v8:7464
Change-Id: Id66e781be890c5ed03d066f8c62de703d5cb435e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667415
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62302}
Port: 7629afdhttps://crrev.com/c/1520719
Original Commit Message:
Allocate feedback vectors lazily when the function's interrupt budget has
reached a specified threshold. This cl introduces a new field in the
ClosureFeedbackCellArray to track the interrupt budget for allocating
feedback vectors. Using the interrupt budget on the bytecode array could
cause problems when there are closures across native contexts and we may
delay allocating feedback vectors in one of them causing unexpected
performance cliffs. In the long term we may want to remove interrupt budget
from bytecode array and use context specific budget for tiering up decisions
as well.
Change-Id: Icddceec22df3dad7861a30f0190397db130db10d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669116
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#62301}
The debugger should be notified whenever a new Module is created so it
displayed properly. Without this change, the Module is only displayed once,
regardless of the number of times it is referenced (by other Workers, say).
That is potentially reasonable behavior, but it doesn't match the way
JavaScript does it.
With this change, the debugger will display the sources like this:
```
▼ top
▶ localhost
▼ wasm
▼ wasm-82570336
wasm-82570336-0
▼ worker.js
▶ localhost
▼ wasm
▶ wasm-82570336
```
Change-Id: I61177e8a07e36ea8e2234aa25e75b1489c9da95f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666616
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62297}
Introduce SourceTextModule as a subclass of Module. Move all the
JavaScript-module-specific code down from Module to
SourceTextModule, with all code applicable to other future
module types remaining in Module.
With this change, Module is roughly equivalent to the spec's
Abstract Module Record and SourceTextModule is roughly equivalent
to Source Text Module Record.
Bug: v8:9292
Change-Id: I6e9cd3ece9d0c1da57e52f8af8ed5848d87dd22d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1633154
Commit-Queue: Dan Clark <daniec@microsoft.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62296}
This reverts commit ccf0d80261.
Reason for revert: Breaks https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/26472
Original change's description:
> Reland "Enable lazy source positions by default"
>
> This is a reland of 69fafb5fe3
> after fixing the in crash with
> https://chromium-review.googlesource.com/c/v8/v8/+/1664334
>
> Original change's description:
> > Enable lazy source positions by default
> >
> > Also adds a compile time flag which allows the default to be configured
> > so node can disable it since it hangs the node cpu profiler tests.
> >
> > Bug: v8:8510
> > Change-Id: Idf4785036dc6242769410091518a67ac9179b718
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1491491
> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > Commit-Queue: Dan Elphick <delphick@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#62089}
>
> Bug: v8:8510
> Change-Id: I81b36dbba3cc7b9a99dc5cc4ea72040fabfec97e
> Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg,v8_linux64_gc_stress_custom_snapshot_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660484
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Auto-Submit: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62288}
TBR=rmcilroy@chromium.org,delphick@chromium.org
Change-Id: Icbe93550850f79d1c29bed3e8084676c453cdf06
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8510
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg, v8_linux64_gc_stress_custom_snapshot_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667419
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62294}
This disallows using CSA macros from Torque that have a Node* return
type instead of TNode<>. By enforcing CSA types at the boundary between
CSA and Torque, we can ensure that the Torque types and the CSA types
match.
As a drive-by, this CL adds a bit more of CSA typing where it made sense.
Bug: v8:7793, v8:6949
Change-Id: I12ea0337c628105ea3c420be747ae50d3a172547
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660481
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62293}
This patch implements the access of private methods:
- When building property loads, check whether it requires
a brand check. If so, build the brand check and load the
property (the method) from the context instead.
- Throw type errors when there is an attempted write to private
methods.
Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit#
Bug: v8:8330
Change-Id: Ic917d2a0030196c1940b0c0ba65a340af736c769
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1610383
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62292}
... and add i::GetIsolateFromHeapObject(HeapObject, Isolate*) and
i::IsReadOnlyHeapObject(HeapObject) instead.
Previously the removed function was also used for checking if given heap
object is a read only object. But if pointer compression is enabled
the i::GetIsolateFromHeapObject() will succeed for both read only and
writable heap objects.
Bug: v8:9379, v8:7703
Change-Id: Ib0a9babafe32f43716dac70620b51657dfb97d7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667416
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62291}
Prevents potential double free if
ReleaseAllocatedMemoryNeededForWritableChunk were to be called twice.
Change-Id: I97f0b3e6a279297faa37d541b81f465fec68b894
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667414
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#62290}
The map in the cache is the LHS, not the RHS.
Change-Id: Idf6b4fafc8c62aea5b8f5f55258241939cf9829d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667410
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62289}
This is a reland of 69fafb5fe3
after fixing the in crash with
https://chromium-review.googlesource.com/c/v8/v8/+/1664334
Original change's description:
> Enable lazy source positions by default
>
> Also adds a compile time flag which allows the default to be configured
> so node can disable it since it hangs the node cpu profiler tests.
>
> Bug: v8:8510
> Change-Id: Idf4785036dc6242769410091518a67ac9179b718
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1491491
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62089}
Bug: v8:8510
Change-Id: I81b36dbba3cc7b9a99dc5cc4ea72040fabfec97e
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg,v8_linux64_gc_stress_custom_snapshot_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660484
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62288}
Fix JSSegmentIterator::Create getting the unicode string as a raw object
pointer and then performing memory allocation which then invalidates it.
This changes SetTextToBreakIterator to return a handle instead.
Bug: v8:6891
Change-Id: I57e175b31e78a074a0b3c5a8fc26b4af05b4a752
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667409
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62287}
Now that fields are always in the same order as descriptors, we can
change the property scan during NextFreePropertyIndex into a faster
reverse search that simply tries to find the last field.
Change-Id: I24d0781cd7d7c5b15998c35f281be69cd492d5ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667402
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62286}
This flag will be useful to analyze (and then improve) fragmentation
and compaction.
Bug: v8:9329
Change-Id: Ie3c5b618fa5717277cf2b9617e2d8f9dc2138056
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664333
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Cr-Commit-Position: refs/heads/master@{#62285}
... to prepare for merging this back to stable chanel.
Bug: chromium:972921
Change-Id: I04ced1c81b5f8730014ecee8935799fccc377a49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667006
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62283}
A class's fields can appear twice in the class AST, via the properties
array and the synthetised initializer method. This means that the
reindexer can end up visiting the same function literal twice, since the
T in AST is no longer a T but rather a DAG.
Now, we special case the class visitor in the reindexer to avoid these
double visits where appropriate. We know what kinds of fields can be
double visisted, so we don't need a visited set, but we now also have
one for debug builds to verify that each function is visited exactly
once.
Bug: chromium:974627
Change-Id: Ib531becc6e3f3c73f420b5fb49790fe4a2022d65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667003
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62282}
Rather than starting a new, orphaned transition tree in various bailout
cases, simply drop down into dictionary mode.
Aside from potential memory benefits, this allows us to remove
CopyGeneralizeAllFields, which was the only path along which fields
could end up in a different order than their descriptors.
Change-Id: I5577e8a1ca51f0ffdadd7504e7895f367605aa27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662298
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62279}
Outset:
The more advanced features of OutSet are no longer used, thus the
rename to DynamicBitSet to reflect its current purpose.
BoyerMoorePositionInfo:
Use bitset backing store in BoyerMoorePositionInfo (previously this
was based on a (statically-sized) ZoneList<bool>).
Bug: v8:9359
Change-Id: I40ca89467ae90ee90c616be5fd0d51e54e94e157
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664064
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62277}
The last use of V8's SplayTree was in diagnostics and is now replaced
by std::map.
Bug: v8:9359
Change-Id: I7b79fe619eb734343579652058be4d2b81fd4a1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664060
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62276}
This is a reland of 333615cfc2 after
disabling the failing layout test. I am still investigating the failure
and will re-enable the test as soon as I find a fix. The related bug
is here: crbug.com/976587
Original change's description:
> Reland "Enable lazy feedback allocation"
>
> This is a reland of 8c10501be5.
> Reland after fixing test failures.
>
> Original change's description:
> > Enable lazy feedback allocation
> >
> > Bug: v8:8394
> > Change-Id: I29ffd38725bdcaa9dd11221045dba681eb0d567b
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643430
> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > Commit-Queue: Mythri Alle <mythria@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#61991}
>
> Bug: v8:8394
> Change-Id: Icc9e276ab22ca6455b775f3c27e0d43c3f08b887
> TBR: rmcilroy@chromium.org
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647161
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62018}
Bug: v8:8394
Change-Id: I014b14933bfa7f98a2c3666ba5a650917e96a819
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666999
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62275}
This CL changes the generic version of Array#sort to use 'strict'
DeleteProperty when "moving" holes to the end of the sort range.
This brings V8 not only in line with the proposed Array#sort spec
change, but also closer to what other engines do. Now all engines
throw a TypeError when the new test case is run.
R=jgruber@chromium.org, mathias@chromium.org
Bug: v8:8714
Change-Id: Ic5bcd152ad55fd534c1e9e3218393bfe4a50667e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666995
Commit-Queue: Simon Zünd <szuend@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62273}
There are two RegExp classes, one in v8 and one in
v8::internal and in some Windows jumbo builds the compiler
tried to use v8::internal when v8 was intended. In normal builds
the compiler does not know about v8::internal::RegExp so
it works anyway.
Bug: v8:9359
Change-Id: I9a39d342ddefd6570d5d070b7c073dc257705969
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666992
Commit-Queue: Daniel Bratell <bratell@opera.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Daniel Bratell <bratell@opera.com>
Cr-Commit-Position: refs/heads/master@{#62272}
This CL fixes a flaky mjsunit test, that exercises Array#reduce with
sealed arrays in TurboFan. The flake was caused by temporary objects,
whos maps didn't live long enough. The code object of the function
under test holds weakly onto this maps. With a low enough gc interval,
the maps, and thus the code object, get cleaned up before the
{assertOptimized} can execute.
The fix is simply to assign these temporary objects to variables.
Bug: v8:9374
Change-Id: I43da8ba6b0194872b176e27617d9ca7fbfe43ec2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666989
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62269}
CL https://chromium-review.googlesource.com/c/v8/v8/+/1660623
("[Turbofan] Brokerize more promise reductions in JSCallReducer")
introduced a bug where we bail out of a call reduction but failed
to remove graph constructs added by the MapInference class.
R=jarin@chromium.org
Bug: chromium:976256, chromium:976524
Change-Id: I97f142fe6c1caba5e679f7df742893536c83b2d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666990
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62267}
This is to allow instantiating things like bytecode array iterator for
accessing both on-heap and off-heap bytecode arrays.
Bug: v8:7790
Change-Id: I8dbd0884f79923d69dbc8b168d3a4a200eab14b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640199
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62266}
This reverts commit a5fa211f30.
Reason for revert: breaks ARM Lite builder:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/4843
Original change's description:
> [roheap] Check that ro-heap is always passed the same read-only snapshot
>
> Previously the ReadOnlyHeap simply discarded all but the first
> ReadOnlyDeseralizer. ClearSharedHeapForTest should be called if using a
> new ReadOnlyDeserializer (this might change in the future).
>
> Remove an obsolete 'StartupSerializerRootMapDependencies' test. It used
> to test Map::WeakCellForMap which doesn't exist anymore and was
> difficult to adapt to a shared read-only heap.
>
> Bug: v8:7464
> Change-Id: I64b8e953b0e3466e003541ec8a9321e439a01d33
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660612
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Cr-Commit-Position: refs/heads/master@{#62250}
TBR=yangguo@chromium.org,delphick@chromium.org,goszczycki@google.com
Change-Id: I099544913bec3bbd67840b1818a6ad6029fdf380
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7464
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666453
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62264}
For every @noVerifier in base.tq, this change either removes it or
ensures that it has some annotation explaining why it can't be removed.
The @noVerifier usages that can't be removed fall into the following
categories:
1. Classes that don't have their own instance types and therefore have
no meaningful way to do an Is...() check
2. Fields that might not exist
3. Fields that are waiting for MaybeObject support in Torque
Bug: v8:9311
Change-Id: Id452d4151ec07347ae96a9b5f3b26e2ac8065d31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1659134
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62263}
This class used to be based on DispatchTable, which itself uses an
interval tree to both categorize and canonicalize ranges
(i.e. such that no overlap and all immediately adjacent ranges are
merged). The produced ranges were then entered into lists for
{bmp,lead_surrogate,trail_surrogate,non_bmp} splits.
With this CL, we simplify to a plain loop over all character range
kinds instead. The dispatch table (and ZoneSplayList, perhaps
SplayList) can be removed in follow-ups.
Bug: v8:9359
Change-Id: I9c6b72f3bc44d1557af7c74419709ae5662611f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664053
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62260}
Consistently using word sized loads on all architectures.
Original port: ea4206556e
Change-Id: I1083b977eb3c1688e67d68a69a9311bafbb52584
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1663994
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#62259}
This does not delete the files in the old locations yet since we need
to fix up the references in Chrome and Node.js.
Bug: v8:9247
Change-Id: I75dd469e19b6d4249ed187dd6d095d306f1b6c45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649355
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62258}
Extract the maximum on-heap typed array size to a constant in the
JSTypedArray class. Add tests for allocating typed arrays of various
sizes and validate through the API whether they are allocated on heap.
It is not possible to observe from JavaScript.
R=mstarzinger@chromium.org
Change-Id: I1298e0a49010de829edaad32b7d6c6c9c52704fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662572
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62257}
ObjectGetPrototypeOf and ReflectGetPrototypeOf are now Torque builtins (previously CPP) and the Proxy path is implemented completely in Torque while everything else calls into runtime (and is thus a bit slower than previously).
Perf improvement in micro-benchmark JSTests/Proxies
Before:
GetPrototypeOfWithoutTrap-Proxies(Score): 1876
GetPrototypeOfWithTrap-Proxies(Score): 857
After:
GetPrototypeOfWithoutTrap-Proxies(Score): 2810
GetPrototypeOfWithTrap-Proxies(Score): 3197
Bug: v8:6664
Change-Id: If60dda67d6e90c2d6f0ec743f6cb7c0fff54d607
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658717
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62256}
This patch adds a new assign type `PRIVATE_METHOD`. We now use this
for private method references in the form `obj.#key` when `#key`
resolves to a private method.
To obtain the type of the key variables after scope analysis, this
patch add a bit to Variable to recognize private method variables
whose load requires a brand check.
Also renamed `PropertyExpressionWithPrivateFieldKey` in ExpressionType
to `PrivateReference` and added `PRIVATE_CALL` to `CallType` - we'll
use the new types later when we implement private methods, which
require special brand checking semantics to load methods directly
from the context instead of from the object in order to save memory.
Bug: v8:8330
Change-Id: Idc1dcd4d514c1b3f8a31c99e49e34249449f0677
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1642772
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62255}