I have a project that embeds V8 and uses a single `Isolate` from multiple
threads. The program runs just fine, but sometimes the inspector doesn't
stop on the correct line after stepping over a statement that switches
threads behind the scenes, even though the original thread is restored by
the time the next statement is executed.
After some digging, I discovered that the `Debug::ArchiveDebug` and
`Debug::RestoreDebug` methods, which should be responsible for
saving/restoring this `ThreadLocal` information when switching threads,
currently don't do anything.
This commit implements those methods using MemCopy, in the style of other
Archive/Restore methods in the V8 codebase.
Related: https://groups.google.com/forum/#!topic/v8-users/_Qf2rwljRk8
Note: I believe my employer, Meteor Development Group, has previously
signed the CLA using the group email address google-contrib@meteor.com.
R=yangguo@chromium.org,jgruber@chromium.org
CC=info@bnoordhuis.nl
Bug: v8:7230
Change-Id: Id517c873eb81cd53f7216c7efd441b956cf7f943
Reviewed-on: https://chromium-review.googlesource.com/833260
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54902}
This CL fixes a bug found by Clusterfuzz, in which the functions
LoadDataViewByteOffset and -ByteLength incorrectly had a return
type of TNode<Smi> instead of TNode<Number>.
This caused a CAST() call to fail when the requested byte offset
or byte length did not fit inside a Smi, i.e. when the underlying
ArrayBuffer of the DataView had a length longer than 2^30 on
32-bit platforms.
The CL also includes a new test in mjsunit to test against this.
Bug: chromium:869313
Change-Id: Ibb7d29bda5782a12c4b506c070bb03fef8c3ec70
Reviewed-on: https://chromium-review.googlesource.com/1158582
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54900}
We have two constants for the PC load delta; this CL
consolidates them into one. The CL does not change MIPS
as the two constants are defined to different values there.
Bug: v8:6666
Change-Id: If207a59dea3ef33756a5d7330217ab8a176bdf63
Reviewed-on: https://chromium-review.googlesource.com/1161926
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54898}
Also add more test cases of Array lastIndexOf with proxy, inspired by test262.
In the path for sparse arrays, no changes are needed because element accesses
are not observable there (thanks to UseSparseVariant).
Bug: v8:7813
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ifd47149f654e92f56d0a1ed6b3debc93718702be
Reviewed-on: https://chromium-review.googlesource.com/1160307
Commit-Queue: Hai Dang <dhai@google.com>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54887}
This skips two tests in TSAN with stress mode only. The tests are
particularly slow with isolates testing, but they're also the two
lowest hanging fruits in normal TSAN testing.
TBR=sergiyb@chromium.org
NOTRY=true
Bug: v8:8009
Change-Id: Ic262fc39dee8ee0d8d1fdad10beced0e8f9c87a0
Reviewed-on: https://chromium-review.googlesource.com/1160860
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54881}
Etc/GMT* time zones are listed in the INAN time zone database and
they should be accepted as valid.
This CL will be followed by a CL for moving time zone name checks to C++
that will accept all the time zone names (e.g. EST5EDT, Hongkong, ROK, Zulu).
Bug: chromium:364374
Test: intl/date-format/timezone.js
Test: mjsunit/regress/regress-crbug-364374
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: If0e5327d7e980504a9cb3d2b641e907ebce61180
Reviewed-on: https://chromium-review.googlesource.com/1159546
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54879}
While working on crrev.com/c/1141045 I caused 3 assertThrows() tests
under the 'Deeply nested target' tests to fail. The tests for
defineProperty, isExtensible, and preventExtensions began to fail under
a couple build configurations because my change modified the stack check
code such that it no longer inhibited tail call optimization. Under some
build configurations the methods responsible for causing a stack oveflow
for those 3 methods were tail call optimized and the tests no longer
threw an exception.
Other built-in implementations of proxy handler methods could also fail
in the future due to refactors moving variables off the stack. Change
the test to ensure v8 doesn't crash but don't rely on stack overflow
exceptions being thrown for the 'deeply nested target' test.
BUG=chromium:864705
Change-Id: Iefeaa1d5402986c1831d0f259f83025452756387
Reviewed-on: https://chromium-review.googlesource.com/1159356
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54878}
Previously, removing an element in the middle made it consume space
forever. This fixes that, without changing the complexity of removal /
addition. The trade-off is that RemoveOne will shuffle indices (which should be
OK for the current users).
BUG=v8:7308
Change-Id: I0373e30f2d9d1ffb93a78d383d41b500dbbf3429
Reviewed-on: https://chromium-review.googlesource.com/1159371
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54875}
This reverts commit b556c9eaa6.
Reason for revert: Flakes in layout tests: https://crbug.com/870187
Original change's description:
> [wasm] Implement the new API for WebAssembly.instantiateStreaming
>
> This is the second V8 CL to refactor WebAssembly.instantiateStreaming to
> make it spec compliant again. The design doc where the whole change is
> discussed is available in the tracking bug. The tracking bug also
> references prototype implementations of the whole change, which includes
> the changes in this CL.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:860637
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I776c0f24959ab5663727d3dfee0248a9b0642a42
> Reviewed-on: https://chromium-review.googlesource.com/1143187
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54834}
TBR=mstarzinger@chromium.org,ahaas@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:860637
Change-Id: Icbf2603143068a49c61de162aa7185a753703e5d
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1160261
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54872}
This adds two tests that generate calls to embedded builtins, one test
inlines the trampoline, and the other uses an indirect load from the
roots array.
Bug: v8:6666, v8:7997
Change-Id: I077f4e9ed311021edb8ee74db625ebb048fdf66b
Reviewed-on: https://chromium-review.googlesource.com/1160237
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54869}
The wasm/ directory is inconsistent in many places, often within the
same file. For all code that exists in a v8::internal::wasm namespace,
this CL removes any wasm:: qualifiers, which is especially helpful
since most types are already Wasm-named, such as WasmCode, WasmModule,
etc. Namespace qualifiers are redundant inside the wasm:: namespace and
thus go against the main point of using namespaces. Removing the
qualifiers for non Wasm-named classes also makes the code somewhat more
future-proof, should we move some things that are not really WASM-specific
(such as ErrorThrower and Decoder) into a higher namespace.
R=clemensh@chromium.org,mstarzinger@chromium.org
Change-Id: Ibff3e1e93c64c12dcb53c46c03d1bfb2fb0b7586
Reviewed-on: https://chromium-review.googlesource.com/1160232
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54862}
This CL introduces a new MemoryController that will be used to control
the size of external memory (array buffers and external string for now).
Bug: chromium:845409
Change-Id: I119506ce0243ac33cec2b783b888b53ee11225a9
Reviewed-on: https://chromium-review.googlesource.com/1156393
Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54854}
This templatizes CharacterStream by char type, and makes them subclass ScannerStream.
Methods that are widely used by tests are marked virtual on ScannerStream and final on
CharacterStream<T> so the specialized scanner will know what to call. ParseInfo passes
around ScannerStream, but the scanner requires the explicit CharacterStream<T>. Since
AdvanceUntil is templatized by FunctionType, I couldn't mark that virtual; so instead
I adjusted those tests to operate directly on ucs2 (not utf8 since we'll drop that in
the future).
In the end no functionality was changed. Some calls became virtual in tests. This is
mainly just preparation.
Change-Id: I0b4def65d3eb8fa5c806027c7e9123a590ebbdb5
Reviewed-on: https://chromium-review.googlesource.com/1156690
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54848}
Refactoring the code base to use noexcept for their move constructors and move
assignment operators.
Bug: v8:7999
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I13d24eddba3bfa601cff26fd680a040cf4e71426
Reviewed-on: https://chromium-review.googlesource.com/1152817
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#54841}
All compile tasks are already canceled when the {CompilationState}
dies. This happens when the {NativeModule} dies, and all
{NativeModule}s die before the {WasmEngine} dies. Thus, the WasmEngine
does not need to cancel any compile jobs, because there are none anyway.
R=mstarzinger@chromium.org
Bug: chromium:869420
Change-Id: I7e006392a1f9126333733c81c4c19985f626a470
Reviewed-on: https://chromium-review.googlesource.com/1158411
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54840}
We currently don't execute the tests on android, because the error
message is redirected to the android log. What we can still to though
is ensuring that the call aborts the process, but just ignore the error
message.
R=mstarzinger@chromium.org
Bug: chromium:863799
Change-Id: I54b503849358133ffe647be83eae7a964c2ac49e
Reviewed-on: https://chromium-review.googlesource.com/1148444
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54839}
This is the second V8 CL to refactor WebAssembly.instantiateStreaming to
make it spec compliant again. The design doc where the whole change is
discussed is available in the tracking bug. The tracking bug also
references prototype implementations of the whole change, which includes
the changes in this CL.
R=mstarzinger@chromium.org
Bug: chromium:860637
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I776c0f24959ab5663727d3dfee0248a9b0642a42
Reviewed-on: https://chromium-review.googlesource.com/1143187
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54834}
The original implementation of 'testAsync' in mjsunit.js required to
put the call to '%AbortJS' into an 'eval' statement. The reason is that
this call requires the flag --allow-natives-syntax to be set, but the
flag is not set in all mjsunit tests. With the use of 'eval'
compilation errors can be avoided.
The problem with this approach was that the fuzzer started to produce
test cases which include the line 'eval("%AbortJS(message)");', and
this line crashes intentionally. Different to the line
'%Abort(message)', however, the 'eval' statement cannot be filtered
so easily in the fuzzer. Therefore I pulled the implementation of
'testAsync' into a separate file to avoid the 'eval'.
Additional changes: I use '===' now instead of 'deepEquals' in
AsyncAssertion.equals because 'deepEquals' is not available outside
mjsunit.js. Using '===' seems more appropriate anyways because for
all tests but one it is sufficient, and it is more precise than
deepEquals.
R=gsathya@chromium.org
Bug: chromium:774841
Change-Id: I47270aa63ff5a1d6aa76a771f9276eaaf579c5ac
Reviewed-on: https://chromium-review.googlesource.com/1156598
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54833}
An object with a deprecated Map which has already been cached in
CloneObjectIC feedback is still a valid Map for fast cloning --- but
to be consistent with other ICs, deprecated maps are ignored, and are
expected to be transitioned away from.
If the source object has a deprecated map, the instance is migrated.
BUG=v8:7611, chromium:867958, chromium:868586, chromium:869342, chromium:869347, chromium:869293
R=jkummerow@chromium.org, mvstanton@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/1154143
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#54799}
Change-Id: I6e2f7b28c41bb9bd6255441da0f209a97bce5e8f
Reviewed-on: https://chromium-review.googlesource.com/1157142
Cr-Commit-Position: refs/heads/master@{#54830}
ICU maps a few grandfathered tags to made-up values even when there
is no preferred value entry in the IANA language tag registry. [1]
1. Check for grandfathered tags without preferred value upfront
and return them as they're.
2. Lowercase the input before structural validity check to simplify
check for grandfathered tag without preferred value as well
as regexps used in the structural validity check.
intl/general/grandfathered_tags_without_preferred_value is added and
intl/general/language_tags_with_preferred_values is changed to check
for case-insensitive matching of grandfathered tags.
[1] https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry
Bug: v8:7669
Test: test262/intl402/Intl/getCanonicalLocales/preferred-grandfathered
Test: intl/general/grandfathered_tags_without_preferred_value
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ie0520de8712928300fd71fe152909789483ec256
Reviewed-on: https://chromium-review.googlesource.com/1156529
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54829}
The test uses an incomplete native context, so the broker fails during
serialization.
Bug: v8:7790
Change-Id: I33e9e37df4e4acce62829123a8d16087d4fdc76d
Reviewed-on: https://chromium-review.googlesource.com/1156693
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54825}
The heap broker expects that handles get canonicalized.
R=jarin@chromium.org
Bug: v8:7790
Change-Id: If6162316bb2a256e783a8175ac7d4172d040b28b
Reviewed-on: https://chromium-review.googlesource.com/1155123
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54823}
MakeAssemblerBufferExecutable now flushes the i-cache, so we do
not need to do that again.
Change-Id: I46f5619167114cdb84064ef363106bee64282d1f
Reviewed-on: https://chromium-review.googlesource.com/1152813
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#54822}
Use sizeof of the C type instead.
Also fix a few #undef's that got reported after my changes.
R=jarin@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I30a43b3d93e6df04fb9fb33050b52988edd7fdb1
Reviewed-on: https://chromium-review.googlesource.com/1155108
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54817}
This new method only compares Strings and so doesn't need a Context. It
also can't throw so it returns bool. Can be used in place of the
deprecated Equals method and many Equals call currently taking a
Context.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I4cfe7747aa140e5a55d9513681ee4704414e1545
Reviewed-on: https://chromium-review.googlesource.com/1151321
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54812}
This avoids serializing and deserializing the sharable part of a module
when it is transferred via {TransferrableModule}, which is possible when
all Isolates run off the same engine via the --wasm-shared-engine flag.
This adds a new --wasm-shared-code flag to enable this feature.
R=ahaas@chromium.org
BUG=v8:7424
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I099d581d7ccc4d058a4646f545a011745fd84eb4
Reviewed-on: https://chromium-review.googlesource.com/1142144
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54806}
ReadFile returned a Vector with ownership transfer, i.e. the client
needed to call Dispose to free the memory. This CL changes the interface
to return a std::string instead, which manages ownership. As it turns
out, there is only one user of ReadString that sometimes calls an API
function which expects to take ownership of its Vector argument.
Bug: v8:7932
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie624a7a65cf5814fddce7a57bc557e4b9876bc53
Reviewed-on: https://chromium-review.googlesource.com/1155115
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54805}
This reverts commit d9f6c685f0.
Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20gc%20stress/17584
Original change's description:
> Reland [CloneObjectIC] overwrite monomorphic/polymorphic feedback if deprecated
>
> An object with a deprecated Map which has already been cached in
> CloneObjectIC feedback is still a valid Map for fast cloning --- but
> to be consistent with other ICs, deprecated maps are ignored, and are
> expected to be transitioned away from.
>
> If the source object has a deprecated map, the instance is migrated.
>
> BUG=v8:7611, chromium:867958, chromium:868586
> R=jkummerow@chromium.org, mvstanton@chromium.org
>
> Change-Id: I477aec6c8d0ae1e1648a70e85d2fd46146521d1c
> Reviewed-on: https://chromium-review.googlesource.com/1154143
> Commit-Queue: Caitlin Potter <caitp@igalia.com>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54799}
TBR=jkummerow@chromium.org,mvstanton@chromium.org,caitp@igalia.com
Change-Id: Ifcb422c3a692543490710d450590323524a6359a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7611, chromium:867958, chromium:868586
Reviewed-on: https://chromium-review.googlesource.com/1155593
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54800}
An object with a deprecated Map which has already been cached in
CloneObjectIC feedback is still a valid Map for fast cloning --- but
to be consistent with other ICs, deprecated maps are ignored, and are
expected to be transitioned away from.
If the source object has a deprecated map, the instance is migrated.
BUG=v8:7611, chromium:867958, chromium:868586
R=jkummerow@chromium.org, mvstanton@chromium.org
Change-Id: I477aec6c8d0ae1e1648a70e85d2fd46146521d1c
Reviewed-on: https://chromium-review.googlesource.com/1154143
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54799}
From the promotion code point of view, a ThinString being forwarded to
an ExternalString is exactly the same as an actual ExternalString being
forwarded to its promoted copy. These changes provide a way to disambiguate
both scenarios since they are different for external memory accounting.
Bug: chromium:867902
Change-Id: I6fd56ee5e0f8900318466108273ab26e936eb439
Reviewed-on: https://chromium-review.googlesource.com/1152975
Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54790}
AdvanceUntil allows the Utf16CharacterStream to advance until a charater is found
that passes the check.
Bug: v8:7926
Change-Id: Iae39fb24194aa0ee2f544a55a7847956aa324b64
Reviewed-on: https://chromium-review.googlesource.com/1151303
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54783}
