Summary of changes:
- GC visitors no longer rely on superclass visitors, but instead visit
everything themselves. This enables generating better code.
- Try to match simple body descriptors to reduce the amount of generated
code.
- Turn SizeFor(instance) into an AllocatedSize() method.
- Remove the special handling of resizable object sizes from Torque
and instead overwrite AllocatedSize in classes that need special
handling in C++.
- Split the visitor id lists depending on whether the class has pointer
fields.
- Turn Torque-generated body descriptors into an .inc file to
simplify includes.
- Fix generated size functions to properly align the size.
- Generate GC visitors (and C++ class definitions) for all string
classes and FixedArray, WeakFixedArray, and WeakArrayList.
- Store generated instance types in Torque class types. This is only
used to determine if a type has a single instance type in this CL.
Bug: v8:7793
Change-Id: I4d362e96b047c305bd6d065247734957b8958c42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2110014
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67542}
This variant passes the --stress-snapshot d8 flag. There's a large
initial list of skips, these should be removed as issues are fixed
over time. The variant is currently not enabled on any bots.
Bug: v8:10416
Change-Id: I80aea80600c51b2f5d28b8ec8a09ff0ba2ebaa7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2179002
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67536}
Formatter does not recognize #include, since we format .tq files as TS.
So replace it with a comment first, then substitute it back.
This should also fix the Presubmit in waterfall
https://ci.chromium.org/p/v8/builders/ci/V8%20Presubmit/10296
Change-Id: I316d52fc24e099474c542f75773683b54e8d0a63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2175089
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67512}
This enables comparing single runs from the direct command line ouptut
generated by --runtime-call-stats
No-Try: true
No-Presubmit: true
Change-Id: Ieac06bbd95c2a73f8064af161fe35f6fb083648f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170093
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67432}
This reverts the changes made in
https://chromium-review.googlesource.com/c/v8/v8/+/1695465https://chromium-review.googlesource.com/c/v8/v8/+/1776078
We originally moved this protector to the native context to avoid
cross-native-context pollution of protector state. Ideally,
invalidating a protector in one NC should not affect any other NC.
But as it turns out, having the protector on the NC causes more
problems than it solves since all affected callers now need to find
the correct native context to check. Sometimes (e.g. in CSA regexp
builtins) it is possible to blindly check the current NC, but the
reasoning behind this optimization is tricky to understand.
Sometimes, fetching the correct NC is not possible due to access
restrictions. These implementation complexities outweigh the (unknown)
potential performance benefits.
In the future we should attempt to move away from the protector
concept for these kinds of checks.
Bug: chromium:1069964,v8:9463
Change-Id: I2cbb2ec7266282165dae5e4a6c8bdbda520c50a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157382
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67415}
The multi-value proposal is now merged in the main spec repository, so:
- Remove everything that references the multi-value spec repository
- Add --experimental-wasm-mv to the default flags
R=ahaas@chromium.org
Change-Id: I9f809c21404bb5c1d21eb330748ea51a15688546
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2153219
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67313}
Use the InstallFunction helper to create the initial map and prototypes
instead of manually doing so. WeakRef is currently creating an unused
Map tied to JS_WEAK_REF_TYPE that would cause the various LogMaps
cctests to fail when the feature ships.
Bug: v8:8179
Change-Id: Ic1b35ebe5da722fa030af336099fff6153b4baed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2158488
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67294}
This patch replaces V8's tracing implementation (i.e., the TRACE_EVENT
macros) with the track event base implementation from Perfetto. The
advantages of doing this are:
1) This allows us to remove most tracing-related backend code from V8.
2) V8 can start writing strongly typed trace event arguments, which
are more compact, easier to process and more extensible than legacy
JSON-based trace arguments.
For the time being, we still support the old trace macros when V8 is
embedded into Chrome and other embedders.
Design doc: https://docs.google.com/document/d/1f7tt4cb-JcA5bQFR1oXk60ncJPpkL02_Hi_Bc6MfTQk/edit#heading=h.398p6b4eaen2
Bug: chromium:1006766
Change-Id: Ie71474fbe065821772b13d851487ebbca680c4ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1947688
Commit-Queue: Sami Kyöstilä <skyostil@chromium.org>
Auto-Submit: Sami Kyöstilä <skyostil@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67217}
A new realm doesn't contain the mocks and suppressions on the global
object for correctness fuzzing. We replace Realm.eval with eval to
keep exercising the code.
Bug: chromium:1071133
Change-Id: Iffe82d37bf08829fc5937c17c2089277403e71dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2153206
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67187}
- Fix property name table with very long names
- List all keyboard shortcuts
Change-Id: I4eba14143a0cf71f4e8c02159a1f16113aa2600a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2142267
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67088}
The two refactorings are somewhat orthogonal, but intersect at the
class and instance type list generation, which is why it's easier to
put them in one CL.
For the removal of HasIndexedField, the removal is motivated by the
fact that is no longer necessary, and that using a flag to store this
kind of information is hacky.
For the class list changes, this is a cleanup in that we no longer
generate third-order macros, but instead normal macro lists.
There is a functional change and bug-fix in that we no longer include
abstract classes in lists that refer to instance types or maps. It's
still somewhat broken though, so I can't test abstract internal classes
yet, though. Coming in a follow-up CL.
TBR=ulan@chromium.org
Bug: v8:7793
Change-Id: Ided8591370570ca3810d7991f53177ca32e03048
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2108034
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67056}
Print ALL_VARIANTS and VARIANT_ALIASES when passing a wrong
--variants argument to tools/run-tests.py.
Change-Id: I6d4278633dd11990d0ace1c93f544213fbfc156e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2139579
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67039}
WasmValue holds a Wasm value with its type. This will be exposed to the
inspector (via a to-be-created class in debug_interface.h) for debugging
in DevTools.
Design at http://doc/1XQlX6DWsv6BPYnRtw-JZSASPEjsRlyXLnke7TTQ9Wrg.
Bug: v8:10347
Change-Id: Ib523e617d46fdf1adb13d13bf49749c4ce23a126
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2132720
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67029}
- avoid endless recursion with corrupted traces
- speed up page by async bar repainting
- minor tweaks to avoid unnecessary work
- move helper functions to make command line version parse log files
Change-Id: If8ce9cc4093030d648fbc7bbb60e53412e9f7a79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2115434
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66942}
Use Oboe.js streaming JSON parser for reading tracing file which
provides the following advantages:
1) streaming parsing allows keeping alive only relevant entries which
should consume less memory when parsing of huge files (although
currently the whole file is kept in memory anyway),
2) avoids the need to sanitize tracing file
Bug: v8:10155
Change-Id: Id5268264a610eff804672d09b3e9f3ac353b67de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2120542
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66888}
Yet another corner case how non-deterministic timestamps slipped into
the tests.
Bug: chromium:1064900
Change-Id: I33e8b4c8141b3854b7eca5d7ad9b45b6f5130d9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2120584
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66881}
Now that the trace json file has changed name, update the extension
checked by the --retain=json flag in generate-runtime-callstats.py.
Bug: v8:10348
Change-Id: Ieb14b77d2d399a1246049170f289b4666658f376
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2122015
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66870}
Fix generate-run-benchmark to pick the trace json file now that
run_benchmark generates a different directory structure due to the
protobuf change.
Bug: v8:10348
No-Try: true
Change-Id: I4d671071db68a7a82ec542bf41bf1d9afcdb3837
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2120590
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66868}
... to make it work from any location.
Bug: v8:10155
Change-Id: I4b949ed6fde0b38a92c1c1ab57eba0cf0f007b6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2116034
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66835}
Don't use deprecated HTML Imports, directly fetch the template files from
html instead.
Bug: v8:10155
Change-Id: Ic85a8b2cf227231fc6abf5adca6f1f144bf728f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2113371
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66825}
Because run-tests.py still requires it.
No-try: true
Change-Id: Ief1f3d7a93ba4c36232420ee9ab0a4ff3ea6739b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2096628
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66664}
The code was almost compatible, only one small issue had snuck in.
No-try: true
Change-Id: I52225fb2092bf16a5fffbde957cd1dfe4f2c4fd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2093492
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66642}
Bill kindly pointed out to me that v8windbg was not handling bit_field2
correctly. The issue was that the constexpr type for ElementsKind was,
somewhat unsurprisingly, "ElementsKind", but v8windbg expected a fully-
qualified type name like "v8::internal::ElementsKind". This change
addresses the problem in two ways:
1. Update v8windbg's type resolution logic to resolve type names as if
they were used in the v8::internal namespace. This makes it more
consistent with how those type names are used in other generated
Torque code, reducing surprises and the number of times we have to
write `v8::internal::` in .tq files.
2. Add compile-time verification that any constexpr type name used as a
string in class-debug-readers-tq.cc can also resolve as a type name.
Bug: v8:9376
Change-Id: I349cd6ab586fd8345a1fa8bfc3989bb8e6376ab8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2063769
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#66633}
In the process:
* Augment C++-generated Torque classes with SizeFor methods to
calculate size of instances.
* Add a new "@generateBodyDescriptor" annotation that causes Torque to
generate C++ BodyDescriptors code that can be used to visit objects
compatible with existing V8 mechanisms, e.g. GC
* Fully automate C++ macro machinery so that adding non-extern Torque
class doesn't require any C++ changes, including ensuring generation
of instance types and proper boilerplate for validators and
printers.
* Make handling of @export a true annotation, allowing the modifier to
be used on class declarations.
* Add functionality such that classes with the @export annotation are
available to be used from C++. Field accessors for exported classes
are public and factory methods are generated to create instances of
the objects from C++.
* Change the Torque compiler such that Non-exported classes implicitly
have the @generateBodyDescriptor annotation added and causes both
verifiers and printers to be generated.
* Switch non-extern Torque classes from using existing Struct-based
machinery to being first-class classes that support more existing
Torque class features.
Change-Id: Ic60e60c2c6bd7acd57f949bce086898ad14a3b03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007490
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66621}
Example can be inspector tests.
Bug: v8:10264
Change-Id: I996bb68d0f36920568a04f93cd8c1256a4f41a96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2070912
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66572}
Improve postmortem metadata generated by gen-postmortem-metadata by also
including weak and synchronous accessors, as well as CHECKED and
CHECKED2 variants of all accessors currently considered by
gen-postmortem-metadata. Also improve type collection by parsing
TORQUE_INSTANCE_CHECKERS_SINGLE_FULLY_DEFINED, as we were missing
several types with the previous heuristic (like StackTraceFrame,
PromiseReaction, and many others). This will include 96 new v8dbg
constants which can be used by debuggers like llnode.
R=hpayer@google.com, verwaest@google.com, victorgomes@google.com
Change-Id: Ia9bea21eec38b92d255c3636c6a284eb27e9ed9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056126
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66551}
The frame created by the WasmDebugBreak builtin now has a separate frame
type, which will (later) allow to inspect the spilled registers.
Once Liftoff supports reference types, this frame will also need special
GC support for spilled heap references.
R=jkummerow@chromium.org
Bug: v8:10222
Change-Id: I110e51d1e6d09b0f44dcdd1cdcaafa2eaa64fddd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2083013
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66531}
This fixes a build break in certain configurations. v8_debug_helper
depends on generate_bytecode_builtins_list via the following headers:
In file included from gen/v8/tools/debug_helper/heap-constants-gen.cc:5:
In file included from ../../v8\src/common/ptr-compr-inl.h:10:
In file included from ../../v8\src/execution/isolate.h:19:
In file included from ../../v8\src/builtins/builtins.h:9:
Change-Id: I38e5d851afc6ce52716d3e5e64ae9219df396bd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2078768
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66517}
Recently the callstats runner started crashing due to scipy imports.
This CL moves the import to mitigate the crashes.
TBR=machenbach@chromium.org
Bug: v8:10269
Change-Id: I67c2093f12ae287354a59e9cd32b79c6288b8edd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2078571
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66483}
Renaming the JS-visible identifiers and strings is left for a future CL.
FinalizationGroup was renamed at Feb 2020 TC39, to better signal that if
a FinalizationRegistry dies, the finalization actions registered with it
may no longer be performed.
Bug: v8:8179
Change-Id: I0d676a71a4a67d2b7175994a67458a6158065844
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2055381
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66416}
- Update the input parser to handle the new object-based format
- Try to maintain backwards compatibility to the array-based format
- Use input file name as version name when appending results
Change-Id: I5efe9d887f6d2ccbfaba18e0918945353dfcc640
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2064389
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66346}
If we do not want _all_ tests durations, it makes sense to reuse the existing slow test collection and aggregation
Bug: v8:10168
Change-Id: I500acdb799f41ee6f0fb2c57afb95e1e1830b2dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2064221
Auto-Submit: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66342}
The extra checks done with --testing-d8-test-runner might not hold
when using NumFuzz. This refactors the test runner and allows passing
implementation specific flags. The --testing-d8-test-runner flag is
now only passed in the standard-runner not in the numfuzz
implementation.
Bug: v8:10220
Change-Id: I83cac57a948c98c34f2d84f41d719e0434e25ee7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2064217
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66341}
Please take a look at tools/v8windbg/README.md for an overview of what
v8windbg can do and how it's structured. This platform-specific
debugging plugin makes use of the data provided by the V8 postmortem
debugging API in tools/debug_helper.
Note: This code began as https://github.com/billti/v8dbg and then moved
into the Edge repository, where I added features gradually and got code
reviews for individual changes. Now, taken in its entirety, it's an
obnoxiously large CL. I'm open to breaking it up into a few chunks if
that would be preferable.
Bug: v8:9376
Change-Id: I3e503de00bb1aea870ae83e9bd99e4e2eab9ef98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2031700
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#66319}
This allows CoverageInfo to be distinguished from other kinds of
FixedArray at runtime. I also updated it to use untagged data since it
only stores ints, since that seems like the generally right thing to do
(even though I doubt anybody allocates enough of these to notice the
reduced GC work).
Related Torque changes:
- Allow structs containing untagged data to be used as class fields.
This requires classifying them into the tagged or untagged sections of
the class layout, and checking that their alignment requirements are
met when stored in a packed array.
- Generate a struct containing struct field offsets, so we can ensure
that the layouts defined in Torque and C++ code match. Of course it
would be nice to generate a lot more (indexed accessors, synchronized
accessors, GC visitors, etc.), but we can't do it all at once.
Change-Id: I29e2a2afe37e4805cd80e3a84ef9edfe7ca7bb6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2047399
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#66318}
This adds tests for the mock logic used in differential fuzzing. The
tests uncovered a couple of issues in the mock files that are also
fixed.
This also does some minor code clean up in the mock code.
Bug: chromium:1044942
Change-Id: I5b67f70f8b104bb681548f742ab863395a88360f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2043843
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66304}
This adds 3 flags to the numfuzz fuzzer depending on a probability:
--budget-for-feedback-vector-allocation=0
--interrupt-budget=100
--no-lazy-feedback-allocation
No-Try: true
Bug: v8:10204
Change-Id: I83dabcd0e3ca80bebe596d65d03b3e99d8ecbf03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2060490
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66291}
This reduces the pointer-compression experiment by 3% as it is in
production since a while.
This also uses turbofan when comparing across architectures as tests
run faster and likely find the same or more relevant bugs.
No-Try: true
Change-Id: I35ec97188a101a7cb43454903f7bf9765e57893c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2059995
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66290}
Pass --no-lazy-feedback-allocation in all second runs depending
on a probability. Also combine with --interrupt-budget=100.
This also allows adding several extra flags behind one probability.
The tests are improved to ensure valid flags and configs.
No-Try: true
Bug: v8:10215
Change-Id: I2766ef5044cd8c7096f6b76f39b60b568f550bde
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2059991
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66289}
This skips gay-*.cc cctest files for lint checking. The files
contain 99.9% data not structures. Alternatively, maybe the
data could be moved to non-cc resource files.
This speeds up v8_presubmit without caching locally from 39s to 23s.
This is how it's executed on the continuous CI builder.
No-Try: true
Change-Id: Ide58618a0b1ecd5900b5c9633d584c59b559df32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056463
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66267}
This will allow sharing the configs between Python and JavaScript
based fuzzers.
No-Try: true
Bug: chromium:1044942
Change-Id: Idd47ad31430cfed0629dbb5b9dd5fd2ef8c764f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051951
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66243}
We ensure now that fuzzers don't produce the f.arguments pattern and
instead replace it with a random variable.
No-Try: true
Bug: chromium:1044942, chromium:1020573
Change-Id: I899985f1a238f36d10fb22f76d93b7d5f444eab1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051944
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66238}
Un-ignore some files that only failed in obsolete comparisons.
We don't compare eager anymore and console functions are mocked out
in d8 by now. The exponentiation operator bug doesn't repro anymore.
No-Try: true
Bug: chromium:1044942
Change-Id: I0a572836bc9a4a6aa4736447f638a522ff8e8168
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050400
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66233}
The assumtion that V8 has no output differences within a single line
before a stack overflow, didn't hold. The prefix of e.g. console.info
can lead to a difference in a recursive call.
This change makes foozzie's output capping before a crash work on the
level of characters instead of lines to fix this.
No-Try: true
Bug: chromium:1050942
Change-Id: I13f747caf4f5848d40c31bd4232811285bab3c17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2049844
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66217}
- In log.cc, we used InstructionStart() for code create events, but
the Code object address for code move events. Change to use
InstructionStart() for both.
- The symbol table contains some kind of virtual address, not file
offsets. They happened to be identical in the past but are no longer,
probably due to toolchain changes. Now we use objdump to figure out
the difference between virtual addresses and file offsets.
- When a new code object happened to be created at the same address as
a previous one, we wouldn't update it.
This is indeed wrong, as predicted in a TODO by Jaro.
- For 64bit addresses, using >>> is wrong, now replaced with division.
Change-Id: Ib23114ed736f98bfc33c65004a039a3fd04d3c49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016586
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66145}
The bug appears to be fixed.
No-Try: true
Bug: chromium:693426
Change-Id: Ibd029c906dca87a3fd0c3e00be0b795e87390bd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2037439
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66134}
This will allow uploading repro test cases to clusterfuzz for
already suppressed known issues. This will allow tracking if those
issues still reproduce and that suppressions don't become stale.
No-Try: true
Bug: chromium:1044942
Change-Id: I997f11293c51836b97d143b0fea992055b39955e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2036083
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66114}
Respective differences were fixed and the suppressions didn't fire
anymore according to the statistics.
No-Try: true
Bug: chromium:664068, chromium:667678
Change-Id: I5e1aa802e0b0288a73d0f236c154289ab45314a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2035878
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66100}
Crashes in the presence of RangeError happen often during differential
fuzzing. Until now we have ignored such cases completely.
After this change we compare as much output as possible when one or
both runs have crashed, dramatically increasing the coverage.
No-Try: true
Bug: chromium:1048099
Change-Id: I923c10e9064b5dc6cae1e39a254e221d2867e0e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030914
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66085}
This adds two flags for whitelisting natives on fuzzers:
--allow-natives-for-fuzzing:
Enables a small subset of runtime functions and replaces others with
undefined.
--allow-natives-for-differential-fuzzing
Restricts the allowed runtime functions even further, excluding the
ones that break differential fuzzing.
Bug: chromium:1044942
Change-Id: I890bd4a6ff7c2e483dd74155290a7ace06f85239
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020773
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66068}
We will be able to collect test duration and later upload them in BQ.
Change-Id: Ie5610d4e872259857bf3f26ba698fa65d23058be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020952
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66040}
These both have to do with extremely large numbers, so it's unlikely to cause a problem in practice. Still, correctness.
First, encoding `-2147483648` in VLQ returns the value `"B"`. When decoding, we get the value `1` after reading the base64. We then check if the first bit is set (it is) to see if we should negate it, then we shift all bits right once. Now, `value` will be `0` and `negate` will be `true`. So, we'd return `-0`. Which is a bug! `-0` isn't `-2147483648`, and we've broken a round trip.
Second, encoding any number with the 31st bit set, we'd return the opposite sign. Let's use `1073741824`. Encoding, we get `"ggggggC"`. When decoding, we get the value `-2147483648` after reading the base64. Notice, it's already negative (the 32nd bit is set, because the 31st was set and we shifted everything left once). We'd then check the first bit (it's not) and shift right. But we used `>>`, which does not shift the sign bit. We actually wanted `>>>`, which will. Because of that bug, we get back `-1073741824` instead of the positive `1073741824`. It's even worse if the 32nd and 31st bits are set, `-1610612736` becomes `536870912` after a round trip.
I recently fixed the same two bugs in Closure Compiler: https://github.com/google/closure-compiler/commit/584418eb
Change-Id: Ib6592ad50ae3764479c1a766bbb19042ee83b99d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2018882
Auto-Submit: Justin Ridgewell <jridgewell@google.com>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65987}
This change adds support for the postmortem inspection library to show
the content of cached external strings if that content is available. It
also fixes a minor annoyance where strings with unavailable data would
show up as "...". Now, if fetching the very first character fails, we
omit the literal value from the output.
Bug: v8:9376
Change-Id: Id694a774c231ab3467fb59b1c149284729acfb20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1987922
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65961}
I hit a case where the 'V8_Dcheck' was only the sixth stack frame. Thus
increase the limit from 5 to 7.
R=ahaas@chromium.org
No-Try: true
Change-Id: I1ea37f07ff08ab5acffdfcc89d01ff102750a1e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016589
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65943}
Otherwise, the last tests that ran in a worker keep sitting on their
sigterm handlers without any running processes. This creates
exceptions when workers terminate.
Bug: v8:8292
Change-Id: Iefb9a4a353399c1e3168eae2916e3cedca4e09b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011831
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65907}
This adds a new API function that can be customized by the embedder
by providing a delegate that defines contexts to be measured and
reports the results to JS.
A memory measurement request is carried out as follows:
1) MeasureMemory(delegate) invocation enqueues a new request in
MemoryMeasurement::received_ and schedules a delayed GC task.
2) At the start of the next GC (that is triggered either by the
GC schedule or by the delayed task) each request in received_
moves to processing_. Per-context marking worklists are created
for each native context that was selected by the delegates
(using the ShouldMeasure predicate).
3) At the end of the GC the sizes of the native contexts are
recorded for each request in processing_. The requests move
to the done_ list and result reporting task is scheduled.
4) When the result reporting task runs it invokes the
MeasurementComplete function of each delegate in done_.
Bug: chromium:973627
Change-Id: I0254cae693c5b8fab7c85a9eca0a3a128210b6c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1981493
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65856}
The contructor arguments were omitted for Android in a previous
CL, which broke the Android builder.
TBR=tmrts@chromium.org
Bug: v8:8292
Change-Id: I266826e2531ba421161d6cd2241eae34b07e7521
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007494
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65839}
This prints the same details about a process when attempting to kill it
as when termination fails with an exception. This will make it
easier to correlate the two and to see which might be hanging.
Bug: v8:8292
Change-Id: I4b6a50386d4e9d84ded55cf262f19529138654a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2006092
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65837}
When an overall timeout is reached, swarming sends a SIGTERM to
terminate the test runner. The test runner has a signal handler on the
main process to terminate all workers gracefully.
Additionally, every worker process installs a signal handler for
terminating ongoing tests wrapped by command.Command.
Also, command.Command is used on the main process to list tests for
cctest and gtest executables, which led to overriding the test runner's
main signal handler.
This CL disables using signal handlers in commands by default and only
explicitly enables it in safe source locations.
Bug: v8:8292
Change-Id: Ifceadaff75bdd2b77e761498bccbe00b6a3e265c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002528
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65815}
There is no particular reason that PropertyDescriptorObject should be a
subclass of FixedArray. By using a separate struct type, we get better
generated accessor functions, automatic verification, and runtime type
info, plus we save four bytes per instance.
Change-Id: If076782832aa9398806794e4ee6d019aea2f92b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1999463
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65756}
This change moves the definitions of the bitfield flags used by Symbol
and Map to Torque. Symbol could directly follow the pattern established
by SharedFunctionInfo, but Map required some other changes:
- Until now, Torque bitfield definitions have required unsigned types. I
thought that this would be the least-surprising behavior, since we
never sign-extend when decoding bitfield values. However, I believe
that the amount of churn involved in making ElementsKind be unsigned
outweighs the benefit we were getting from this restriction (and
similar difficulties are likely to arise in converting other bitfield
structs to Torque), so this CL updates Torque to allow signed bitfield
values.
- If we try to make Map extend from all of the generated classes that
define its flags, we end up with class sizing problems because some
compilers only apply empty base class optimization to the first in a
row of empty base classes. We could work around this issue by
generating macros instead of classes, but I took this as an
opportunity for a minor clean-up instead: rather than having bitfield
definitions for several different bitfield structs all jumbled
together in Map, they can be split up. I think this makes the code a
little easier to follow, but if others disagree I'm happy to implement
macro generation instead.
Change-Id: Ibf339b0be97f72d740bf1daa8300b471912faeba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1988934
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65701}
This CL factors out the decision-making logic whether a property key should
be treated as a "property" or "element" into LookupIterator::Key, which can
be constructed on its own, allowing use sites to take this distinction into
account before constructing a LookupIterator from the Key, without needing
to duplicate the logic.
This also makes the assortment of LookupIterator constructors more uniform.
Bug: chromium:1031175
Change-Id: I81d7b11ab7e4915f5c05668138e6e0c51ae11821
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962272
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65672}
This change updates CachedTemplateObjectMap, BreakPointInfo, and
BreakPoint to inherit directly from Struct rather than Tuple2 or Tuple3.
It also removes Tuple3 because nothing else used Tuple3. By avoiding
tuple types, we get various benefits that Torque can provide:
- stricter debug verifier functions
- accessors, cast functions, and printers are generated
- BreakPoint and BreakPointInfo have different instance types, so you
can tell them apart at runtime or in a debugger
Change-Id: I9367bc08c6dea55d659fd610f9f6105fd61c907a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1988793
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65668}
This is a cleanup to remove unneeded flags after these changes (in
https://crrev.com/c/1988548):
* --future does not imply --wasm-tier-up any more, and
* --wasm-tier-up does not imply --liftoff any more.
Instead, now
* --wasm-tier-up is enabled by default,
* --wasm-tier-up has no effect if --liftoff is not set, and
* --future implies --liftoff.
R=ahaas@chromium.org
Bug: chromium:1040061
Change-Id: I5d04ee1f1d84ddcd0654df0e0a4c6298f80aee9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993280
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65666}
Add jkummerow, thibaudm, zhin; drop titzer.
Also make src/wasm/OWNERS the source of truth and let test-specific
OWNERS files refer to that.
No-Try: true
Change-Id: I9862ae452970e20b7842269721ad6a7953f275fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1989827
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65636}
Most dead variable warnings in GCMole are false positives, either from
failing to detect that TryEvacuateObject returning false means it didn't
allocate, or a regex error thinking that GarbageCollectionReasonToString
causes garbage collection (because the mangled version is something like
GarbageCollectionReasonToString[...]GarbageCollectionReason, and that
matches /Collect.*Garbage/).
Update the whitelist and fix the "Collect.*Garbage" regex to only look
at the function name.
Bug: v8:9985
Change-Id: I62284e97e4975a6a87616d1d535b2ac7958d17bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1989829
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65622}
This change updates GetObjectProperties to list all of the bitfields
within a class field, if that class field's type is a bitfield struct.
The representation of bitfields in the GetObjectProperties response is
very similar to the representation of struct fields, but with two extra
bytes of data specifying the shift and size of the bitfield.
Bug: v8:9376
Change-Id: I40a22169f3d01652a7f2db8cface43c2a1e30cfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1960835
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65610}
Adds --retain option (all, none, json) which controls which files are
kept after running the benchmark.
No-Try: true
Change-Id: I033a8ff7938fd10f8a0fc9425043e24f1229ce0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1980575
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65553}
When V8 throws an uncaught exception, we store a JSMessageObject
with a stack trace and source positions on the isolate itself.
The JSMessageObject can be retrieved by a TryCatch scope
and is used by the inspector to provide additional information to the DevTools
frontend (besides the exception).
Introducing top-level await for REPL mode causes all thrown exceptions
to be turned into a rejected promise. The implicit catch block that does this
conversion clears the JSMessageObject from the isolate as to not leak memory.
This CL preserves the JSMessageObject when the debugger is active and stores
the JSMessageObject on the rejected promise itself. The inspector is changed
to retrieve the JSMessageObject in the existing catch handler and pass the
information along to the frontend.
Drive-by: This CL removes a inspector test that made assumptions when a promise
is cleaned up by the GC. These assumptions no longer hold since we hold on to
the promise longer.
Bug: chromium:1021921
Change-Id: Id0380e2cf3bd79aca05191bc4f3c616f6ced8db7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967375
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65497}
Some test cases stress all global functions and hang when calling
readline.
No-Try: true
Bug: chromium:1034285
Change-Id: I0eaf64437c0806cf3df0a5306aecea4367763cad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967381
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65460}
Factors out the group regexes from callstats.py so the two tools can
share them. When --group is specified, the stats are grouped together
using the callstats.py groupings. Also adds --filter (can be supplied
multiple times) to only show certain groups.
Under the hood, this converts the simple arrays and dictionaries to use
classes to simplify the code somewhat.
Change-Id: If6b548e109212adfdf46fa04e7b21638f84a0e26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962864
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65429}
This cl: https://chromium-review.googlesource.com/c/v8/v8/+/1924439 has
renamed the optimize passed happening on the background to
OptimizeBackground instead of OptimizeConcurrent or RecompileConcurrent.
Concurrent optimization has main thread phases so using
OptimizeConcurrent for background computations only was a bit confusing.
Bug: chromium:1029456
Change-Id: I8f4a485831851d5a43ab87b3a5d74857559fd679
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944157
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65425}
Before this CL a byte was used per bucket to store whether the bucket
is possibly empty or not. This CL changes this such that each bucket
only needs a single bit.
PossiblyEmptyBuckets is now a word in the page header. If more bits
are needed than fit into a single word, an external bitmap is
allocated using AlignedAlloc. Storing this on the page header, allows
to remove initial_buckets from the SlotSet. The SlotSet allocation is
then again a power-of-2 in release mode.
Reland of https://crrev.com/c/1906376: Incorrect DCHECK was removed.
WordsForBuckets was simplified and a test was added for it.
Bug: chromium:1023139
Change-Id: I9a08e03a9c10e5781a146b9a28dab38824aad91f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954391
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65385}
Some fuzz test cases set Math.min to a different function. Let the fake
typed array constructors remember the original Math.min.
No-Try: true
Bug: chromium:1024815
Change-Id: Ia389439fe6757f2497e22187042c5cdf1d1c649f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958050
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65383}
Add --benchmark option to allow selecting a benchmark other
v8.browsing_desktop. If not using the default, the options to generate
v8 runtime call stats will be automatically added.
Adds --stdev option to calculate the standard deviation of the
results in the table.
Add --device and --browser option that are passed through to
run_benchmark.
Change-Id: I8c57c9eba7aea84108a2e3d4fdd098a7695cad53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1955588
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65369}
The cache adds a strong pointer from a code object to closures and
thus can leak arbitrary objects.
Bug: chromium:1030043
Tbr: yangguo@chromium.org
Change-Id: I8ce90119fa97eaea59d42e7fae5acd336b5fe5d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954392
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65363}
This is a reland of 5bddc0e142
The original CL was speculatively reverted as it was suspected to
cause failures on the non-determinism bot. This was ultimately
confirmed to not be the case, so this CL is safe to reland as-is.
Original change's description:
> Implement top-level await for REPL mode
>
> Design doc: bit.ly/v8-repl-mode
>
> This CL allows the usage of 'await' without wrapping code in an async
> function when using REPL mode in global evaluate. REPL mode evaluate
> is changed to *always* return a Promise. The resolve value of the
> promise is the completion value of the REPL script.
>
> The implementation is based on two existing mechanisms:
> - Similar to async functions, the content of a REPL script is
> enclosed in a synthetic 'try' block. Any thrown error
> is used to reject the Promise of the REPL script.
>
> - The content of the synthetic 'try' block is also re-written the
> same way a normal script is. This is, artificial assignments to
> a ".result" variable are inserted to simulate a completion
> value. The difference for REPL scripts is, that ".result" is
> used to resolve the Promise of the REPL script.
>
> - ".result" is not returned directly but wrapped in an object
> literal: "{ .repl_result: .result}". This is done to prevent
> resolved promises from being chained and resolved prematurely:
>
> > Promse.resolve(42);
>
> should evaluate to a promise, not 42.
>
> Bug: chromium:1021921
> Change-Id: I00a5aafd9126ca7c97d09cd8787a3aec2821a67f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900464
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65273}
TBR: yangguo@chromium.org,verwaest@chromium.org
Bug: chromium:1021921
Change-Id: I95c5dc17593161009a533188f91b4cd67234c32f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954388
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65360}
Adds a script that runs a v8.browsing_desktop story a number of times
and extracts the runtime call stats as either a table or csv.
Change-Id: I4e93cd120b3496410517a2f26547b954fc59d92a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1953343
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65353}
This reverts commit 5bddc0e142.
Reason for revert: Possible culprit for https://bugs.chromium.org/p/chromium/issues/detail?id=1029863
Original change's description:
> Implement top-level await for REPL mode
>
> Design doc: bit.ly/v8-repl-mode
>
> This CL allows the usage of 'await' without wrapping code in an async
> function when using REPL mode in global evaluate. REPL mode evaluate
> is changed to *always* return a Promise. The resolve value of the
> promise is the completion value of the REPL script.
>
> The implementation is based on two existing mechanisms:
> - Similar to async functions, the content of a REPL script is
> enclosed in a synthetic 'try' block. Any thrown error
> is used to reject the Promise of the REPL script.
>
> - The content of the synthetic 'try' block is also re-written the
> same way a normal script is. This is, artificial assignments to
> a ".result" variable are inserted to simulate a completion
> value. The difference for REPL scripts is, that ".result" is
> used to resolve the Promise of the REPL script.
>
> - ".result" is not returned directly but wrapped in an object
> literal: "{ .repl_result: .result}". This is done to prevent
> resolved promises from being chained and resolved prematurely:
>
> > Promse.resolve(42);
>
> should evaluate to a promise, not 42.
>
> Bug: chromium:1021921
> Change-Id: I00a5aafd9126ca7c97d09cd8787a3aec2821a67f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900464
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65273}
TBR=yangguo@chromium.org,leszeks@chromium.org,verwaest@chromium.org,szuend@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:1021921
Change-Id: I9eaea584e2e09f3dffcbbca3d75a3c9bcb0a1adf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948719
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65333}
Design doc: bit.ly/v8-repl-mode
This CL allows the usage of 'await' without wrapping code in an async
function when using REPL mode in global evaluate. REPL mode evaluate
is changed to *always* return a Promise. The resolve value of the
promise is the completion value of the REPL script.
The implementation is based on two existing mechanisms:
- Similar to async functions, the content of a REPL script is
enclosed in a synthetic 'try' block. Any thrown error
is used to reject the Promise of the REPL script.
- The content of the synthetic 'try' block is also re-written the
same way a normal script is. This is, artificial assignments to
a ".result" variable are inserted to simulate a completion
value. The difference for REPL scripts is, that ".result" is
used to resolve the Promise of the REPL script.
- ".result" is not returned directly but wrapped in an object
literal: "{ .repl_result: .result}". This is done to prevent
resolved promises from being chained and resolved prematurely:
> Promse.resolve(42);
should evaluate to a promise, not 42.
Bug: chromium:1021921
Change-Id: I00a5aafd9126ca7c97d09cd8787a3aec2821a67f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900464
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65273}
This cl: https://chromium-review.googlesource.com/c/v8/v8/+/1924439 has
renamed the optimize passed happening on the backgroudn to
OptimizeBackground instead of OptimizeConcurrent or RecompileConcurrent.
Concurrent optimization has main thread phases so using
OptimizeConcurrent for background computations only was a bit confusing.
Bug: chromium:1029456
Change-Id: Idd0a0ff82597bb18c2d8896c7288f268e59acc05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943156
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65261}
https://v8.dev/blog/tags/release is the new ChangeLog!
This also removes an unused file push_to_candidate.py which wasn't deleted
earlier as it's intertwined a lot in test cases. This CL also cleans that
up.
Furthermore, logic for selecting CLs for the ChangeLog (using LOG= lines)
is removed as well. Nobody has used this feature for more than 5 release
cycles.
We'll delete the ChangeLog file in a separate CL.
Bug: v8:10010
No-Try: true
Change-Id: Idee551dc0600c3df9f784cc543897e3e18517ca1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930616
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65191}
This should help reduce the number of false positives detected
by dead variable analysis.
Bug: v8:9680, chromium:1000635
Change-Id: Id2893dd5f26cad230dede96930a5caacc0272b64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924359
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65186}
Until now, the in-object properties on JSObject have been invisible to
tools using the postmortem debugging library. With this change, those
tools will get enough information to show a flat list of property
values. This is still less powerful than the runtime printers, which can
show the corresponding key for each value, but it's a big step up from
manually inspecting memory.
This change basically requires a reimplementation of
Map::GetInObjectProperties for postmortem debugging. I'm not
enthusiastic about duplicating this logic, but it's pretty small and I
don't see any good alternatives.
As a drive-by cleanup, I moved some inline string literals into a batch
of constexpr char arrays.
Bug: v8:9376
Change-Id: Ia24c05f6e823086babaa07882d0d320ab9a225db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930174
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65183}
This CL ensures we care only about our internal pointer types and not
about raw C++ pointers, because normally special care is taken when
storing raw pointers to the managed heap. Furthermore, checking for raw
pointers produces too many false positives in the dead variable
analysis.
Bug: v8:9680, chromium:1000635
Change-Id: Ica9ea1fe09b7456c011910a6886149b6dfdda1f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924357
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65174}
... after executing their action.
This allows to search for a regex, click "hide unselected nodes", and
then immediately using graph view's keyboard shortcuts (e.g i, o, r).
Bug: v8:7327
Change-Id: Ieb7dbb3f1e32a78131500f8fb8b7805417c60e4e
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930906
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65166}
This adds a regresson test case for the revert reason of:
https://crrev.com/c/1906378
The test data is tidied up by keeping the different fake d8s in
separate build directories like it would be in production.
A new test simulates an architecture difference and ensures we
pass the architecture mocks in all runs.
No-Try: true
Bug: chromium:1023091
Change-Id: Ic33c426ba8eb9c4b6b0fbb66d43c0859dc2edfcd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918248
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65140}
Refbuilds still require natives blob. We need to keep the logic for
handling it on android until the next branch point.
No-Try: true
Bug: chromium:1026556
Change-Id: I8375400e0d3ea0f881ef56edc7de8574ae94f3e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928862
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65134}
Remove sep(Left|Right)Snap as they were never read from
Bug: v8:7327
Change-Id: Id09fa0ec606a75d40cc946b354bc1a260f3b68ac
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928855
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65100}
This is a reland of f2a74165bf
Original change's description:
> [regexp] Re-execute regexp when '.indices' is accessed.
>
> Instead of storing a pointer to the last_match_info, which may
> change, this cl modifies JSRegExpResult to store a pointer to
> the original JSRegExp which generated it, as well as additional
> data needed to re-execute the match.
>
> Basically a straight copy and tidy off jgruber@'s prototype:
> https://chromium-review.googlesource.com/c/v8/v8/+/1876810
>
> Bug: v8:9548
> Change-Id: I11b7deae681b8287e41e8d0e342291ff484751fb
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910129
> Commit-Queue: Joshua Litt <joshualitt@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65053}
Bug: v8:9548
Change-Id: Ieeba4b1ae59ef0c7946d654dc314adfae09d24b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925554
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65096}
We now keep the same percentage of the window occupied by the panel
when toggling Maximize (both maximizing, or un-maximizing). This
also means that it no longer forces the side panels open when
toggling maximizing.
Also took the opportunity and cleaned up names and resizer.ts.
Bug: v8:7327
Change-Id: I60b574a833f3059e447aa17fae8a687d32ac29d5
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903970
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65085}
After searching now we are focused on the svg, which allows using
the keyboard shortcuts after searching.
Bug: v8:7327
Change-Id: I57f5490ecb9858971aefae66b9808460108dc936
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925147
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65084}
This change defines a way that v8_debug_helper can describe object
fields which are packed structs, and uses it for the "descriptors" field
in DescriptorArray.
In more detail:
- debug-helper.h (the public interface for v8_debug_helper) adds a size
and an optional list of struct properties to ObjectProperty.
- debug-helper-internal.h mirrors those changes to the internal class
hierarchy which maintains proper unique_ptr ownership.
- In src/torque/class-debug-reader-generator.cc,
- Some existing logic is moved into smaller functions.
- New logic is added to generate the field list for structs. Example
output is included in a comment above the function
GenerateGetPropsChunkForField.
Bug: v8:9376
Change-Id: I531acac039ccb42050641448a4cbaec26186a7bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1894362
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65079}
Don't overwrite WATCHLISTS each time with a checkout from the latest
release branch as that means it will never pick up changes from
master.
No-Try: true
Bug: chromium:832032
Change-Id: I3a9231369caa9a6591acb9b7f0c76dc031ab9178
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926029
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65063}
"preparser" is a legacy test-suite written in Python. "cctest/test-parsing"
provides the same coverage and more for the preparser.
This CL removes "preparser" stand-alone test-suite
R=verwaest@chromium.org
CC=machenbach@chromium.org
Bug: v8:10001
Change-Id: I1823967e654e8d6d9e42eadfd667f90074d57ba9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926027
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65059}
This reverts commit f2a74165bf.
Reason for revert: Clusterfuzz
Bug: chromium:1026479
Original change's description:
> [regexp] Re-execute regexp when '.indices' is accessed.
>
> Instead of storing a pointer to the last_match_info, which may
> change, this cl modifies JSRegExpResult to store a pointer to
> the original JSRegExp which generated it, as well as additional
> data needed to re-execute the match.
>
> Basically a straight copy and tidy off jgruber@'s prototype:
> https://chromium-review.googlesource.com/c/v8/v8/+/1876810
>
> Bug: v8:9548
> Change-Id: I11b7deae681b8287e41e8d0e342291ff484751fb
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910129
> Commit-Queue: Joshua Litt <joshualitt@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65053}
TBR=jgruber@chromium.org,joshualitt@chromium.org
Change-Id: I6294e3d7ac0b3e2bd9404697823b8d3cc2545c16
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9548
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925651
Reviewed-by: Joshua Litt <joshualitt@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65057}
Instead of storing a pointer to the last_match_info, which may
change, this cl modifies JSRegExpResult to store a pointer to
the original JSRegExp which generated it, as well as additional
data needed to re-execute the match.
Basically a straight copy and tidy off jgruber@'s prototype:
https://chromium-review.googlesource.com/c/v8/v8/+/1876810
Bug: v8:9548
Change-Id: I11b7deae681b8287e41e8d0e342291ff484751fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910129
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65053}
This reverts commit 80caf2cf53.
Reason for revert: Breaks gpu tests:
https://ci.chromium.org/p/v8/builders/ci/Win%20V8%20FYI%20Release%20(NVIDIA)/5570
# Debug check failed: !possibly_empty_buckets->Contains(bucket_index).
Original change's description:
> [heap] Reduce size of possibly empty buckets
>
> Before this CL a byte was used per bucket to store whether the bucket
> is possibly empty or not. This CL changes this such that each bucket
> only needs a single bit.
>
> PossiblyEmptyBuckets is now a word in the page header. If more bits
> are needed than fit into a single word, an external bitmap is
> allocated using AlignedAlloc. Storing this on the page header, allows
> to remove initial_buckets from the SlotSet. The SlotSet allocation is
> then again a power-of-2 in release mode.
>
> Change-Id: If61fd5cfa153f98757beeb444a530f6e2803fdb6
> Bug: chromium:1023139
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906376
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64991}
TBR=ulan@chromium.org,dinfuehr@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:1023139
Change-Id: Ia90b07b9562af934dacba012da31e4f172f2922d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918258
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65001}
Before this CL a byte was used per bucket to store whether the bucket
is possibly empty or not. This CL changes this such that each bucket
only needs a single bit.
PossiblyEmptyBuckets is now a word in the page header. If more bits
are needed than fit into a single word, an external bitmap is
allocated using AlignedAlloc. Storing this on the page header, allows
to remove initial_buckets from the SlotSet. The SlotSet allocation is
then again a power-of-2 in release mode.
Change-Id: If61fd5cfa153f98757beeb444a530f6e2803fdb6
Bug: chromium:1023139
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906376
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64991}
This reverts commit 1ec2ca266f.
Reason for revert: Preparing for re-enabling pointer compression.
Original change's description:
> [ptr-compr] Temporarily enable double fields unboxing
>
> We are not shipping ptr-compr in M79 on x64 because chromium:1009439
> blocks 31-bit Smis on 64-bit architectures, so these's no point in
> disabling double fields unboxing.
>
> This CL will be reverted after the M79 branch point.
>
> Bug: v8:9799, chromium:1009439
> Change-Id: I28d0013d3ab06ce41d5028ba4f66c9b249de52d7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862556
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64288}
Bug: v8:9799, chromium:1009439
Change-Id: I18e22422725777ad8bfbb19243158228f3559c32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1919320
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64990}
This adds an abstraction for command-line arguments for each of the
two comparison runs done in correctness fuzzing. No functional
changes intended.
No-Try: true
Bug: chromium:1023091
Change-Id: I9421715c4904416b9aaf53848954a5248c79ffd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906372
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64979}
This is a reland of 1d493d31ce
Original change's description:
> [foozzie] Refactor command abstraction
>
> This moves code for running d8 into its own class. No functional
> changes intended.
>
> No-Try: true
> Bug: chromium:1023091
> Change-Id: I7cbfeebd2911dc758322f89cf93666550f2956d9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906378
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64928}
Bug: chromium:1023091
Change-Id: I7df6e12084e20510a400ce209827c2bba8325f86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914209
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64966}
Allows the use of PageUp and PageDown in sequence and schedule phases.
Since graphmultiview had a tabindex of 0, it was sitting on top of
sequence and schedule. This blocked the use of PageUp and PageDown
to scroll in these phases.
Bug: v8:7327
Change-Id: I4fc129cd9d5ea82e469cd4b67c12a455ec920317
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914207
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64947}
This moves code for running d8 into its own class. No functional
changes intended.
No-Try: true
Bug: chromium:1023091
Change-Id: I7cbfeebd2911dc758322f89cf93666550f2956d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906378
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64928}
We used the same random seed for all test cases of a fuzz session
for transitioning from choosing the flags on V8 side.
Since the grace period for stable bisection is over, we now use
the same random number generator throughout the fuzz session which
leads to a wider range of differently chosen flags.
TBR=tmrts@chromium.org
No-Try: true
Bug: chromium:813833
Change-Id: I07b9fe5de378c01344afd486bfd85fcbf0fcd8d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906377
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64910}
Wasm code GC is on by default now.
R=machenbach@chromium.org
No-Try: true
Change-Id: Ib24e68f431876ecb91e7ae6ef6bc6cc08c2ea0c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910942
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64908}
This is a reland of ab1b511c16
The offending flags are removed.
Original change's description:
> [test] Add more flags to numfuzz flags fuzzer
>
> This adds a selection of flags to numfuzz that are already used
> for different testing variants or on clusterfuzz for
> correctness testing.
>
> No-Try: true
> Change-Id: I79745b281b001f57d2b24977f3a8e9ce3bbab2a4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906573
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64884}
No-Try: true
Change-Id: Ie01f244147be0b0fda8cec83f48ac3f73c5a81ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910113
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64905}
This reverts commit ab1b511c16.
Reason for revert: too many spurious errors
Original change's description:
> [test] Add more flags to numfuzz flags fuzzer
>
> This adds a selection of flags to numfuzz that are already used
> for different testing variants or on clusterfuzz for
> correctness testing.
>
> No-Try: true
> Change-Id: I79745b281b001f57d2b24977f3a8e9ce3bbab2a4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906573
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64884}
TBR=machenbach@chromium.org,clemensb@chromium.org,almuthanna@google.com,liviurau@chromium.org
Change-Id: Iba9cfa8e6e8e2cb3b9fe0f803b07376ae55d783c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910112
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64895}
Produces too many spurious errors with tests that normally get
skipped in jitless variant.
TBR=clemensb@chromium.org
No-Try: true
Change-Id: Iddf0e39e4c454a3b17568ba17a014e8d38922052
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910107
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64889}
This adds a selection of flags to numfuzz that are already used
for different testing variants or on clusterfuzz for
correctness testing.
No-Try: true
Change-Id: I79745b281b001f57d2b24977f3a8e9ce3bbab2a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906573
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64884}
This combines flags switching off CPU-features randomly with all
other flags on the numfuzz fuzzers.
In a follow up we can add also other interesting flags for testing
more features.
Bug: chromium:1021463
No-Try: true
Change-Id: Ia27d1b8b82dff2bf497242b30ec0b6ef2dfd722d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1905846
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64858}
Turbofan's instruction scheduling is currently only enabled for
mksnapshot and has thus little test coverage. This CL introduces two
new test variants, "instruction_scheduling" and
"stress_instruction_scheduling", and activates them on a selection of
bots.
Change-Id: I5917fc781e289377c58f584c770c91e31765b2de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1899778
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64807}
PR wasn't defined correctly and it was causing issues.
Added prettify to the npm packages, and removed the (not needed)
explicit prettify.css.
Bug: v8:7327
Change-Id: Ieb8999d63df6764354dd628516e0ed9270b8a862
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893344
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64726}
In the case where we fail on the 'before register allocation' phase,
we will have the instructions to print, but turbolizer will fail to
show them because it will look for the non-existent offsets.
Bug: v8:7327
Change-Id: I52e520dcb662fe9931f1bb29cd2c16cd62913158
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1889883
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64650}
This change begins making use of the fact that Torque now knows about
the relationship between classes and instance types, to replace a few
repetitive lists:
- Instance type checkers (single and range), defined in
src/objects/instance-type.h
- Verification dispatch in src/diagnostics/objects-debug.cc
- Printer dispatch in src/diagnostics/objects-printer.cc
- Postmortem object type detection in
tools/debug_helper/get-object-properties.cc
Torque is updated to generate four macro lists for the instance types,
representing all of the classes separated in two dimensions: classes
that correspond to a single instance type versus those that have a
range, and classes that are fully defined in Torque (with fields and
methods inside '{}') versus those that are only declared. The latter
distinction is useful because fully-defined classes are guaranteed to
correspond to real C++ classes, whereas only-declared classes are not.
A few other changes were required to make the lists above work:
- Renamed IsFiller to IsFreeSpaceOrFiller to better reflect what it does
and avoid conflicts with the new macro-generated IsFiller method. This
is the part I'm most worried about: I think the new name is an
improvement for clarity and consistency, but I could imagine someone
typing IsFiller out of habit and introducing a bug. If we'd prefer to
keep the name IsFiller, my other idea is to rename FreeSpace to
VariableSizeFiller and Filler to FixedSizeFiller.
- Made Tuple3 extend from Struct, not Tuple2, because IsTuple2 is
expected to check for only TUPLE2_TYPE and not include TUPLE3_TYPE.
- Normalized the dispatched behavior for BigIntBase and HeapNumber.
- Added a few new object printers.
Bug: v8:7793
Change-Id: I5462bb105f8a314baa59bd6ab6ab6215df6f313c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1860314
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64597}
Both LO_SPACE and NEW_LO_SPACE use the basic page management system of
LargeObjectSpace, but implement different AllocateRaw methods (with
the NEW_LO_SPACE version shadowing the LO_SPACE version).
To clean this up, and allow other future LargeObjectSpace implementations
(in particular, an off-thread variant), refactored the current
LargeObjectSpace into a base class, and make both LargeObjectSpace
(renamed to OldLargeObjectSpace) and NewLargeObjectSpace extend this
class.
Bug: chromium:1011762
Change-Id: I41b45b97f2611611dcfde677213131396df03a5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876824
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64560}
This class used to describe unoptimized but compiled frames. All such
frames are by now covered via the architecture-independent description
in the {StandardFrameConstants} class (or one of its subclasses).
R=clemensb@chromium.org
BUG=v8:9810
Change-Id: I294cc6eec7d4a05e88e7aa336f1ebedfa0eb6e98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1878708
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64556}
Basically we expose and put to shame the offending process
R=tmrts@chromium.org
Bug: v8:9855
Change-Id: I322e3f9db487b53e8cbfc8a5edd696fa8b480f84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1878707
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64555}
The native context used an empty function scope info. This is inconsistent with the fact the native context has an extension slot, since the empty function scope info doesn't have the extension slot flag set.
This CL creates a scope info dedicated for the native context with the flag set.
Bug: v8:9744
Change-Id: I00459e9a0ca75dd7a0e2add5e9e61747d0635f39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876821
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64550}
The Torque formatter script did a hack to put spaces arount the | of
union types. This was broken when the inserted comment ended up on the
end of a line. For this reason, and since it doesn't make sense to
fight the Google-wide TypeScript style for union types, this CL reverts
to not putting spaces around union types.
Bug: v8:7793
Change-Id: Ic0acf9e1da82540432a8e21b58497a6a7d523b9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871604
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64536}
This function was only used for the write barrier since the store
buffer only stored slots and needed a way to get to the object's start.
Now that we insert into the remembered set directly from the write
barrier this isn't an issue anymore: the write barrier knows the
object start.
Change-Id: I701465ea40b7c4ee20404ecbcf3750e5fa6fd219
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876049
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64518}
Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}
TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
Bug: v8:9744
Change-Id: I8700ed2fa62c89e86c39bb16ac3167f38ea8d63f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873695
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64477}
Embedded builtins are now unconditionally enabled, which removes the
need to differentiate between enabled/disabled embedded builtins.
This Cl removes the 'embedded_builtins' variant and related
*.status entries.
R=machenbach@chromium.org
Bug: v8:8519
Change-Id: I55d0dd54735b7cc437832af6fa2836fd6c14a317
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864936
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64464}
This CL removes the 'v8_enable_embedded_builtins' GN argument and sets
the 'V8_EMBEDDED_BUILTIN' define unconditionally.
Removing the now obsolete 'define' and corresponding C++ code will be
done in a separate CL.
R=machenbach@chromium.org
Bug: v8:8519
Change-Id: Ibaa3e958121931c0ce14baf48ad401fab87c5337
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864929
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64456}
This is a reland of c48096d442
Original change's description:
> Reland "[runtime] Remove extension slots from context objects"
>
> This is a reland of c07c02e1c4
>
> Original change's description:
> > [runtime] Remove extension slots from context objects
> >
> > Context objects have an extension slot, which contains further
> > additional data that depends on the type of the context.
> >
> > This CL removes the extension slot from contexts that don't need
> > them, hence reducing memory.
> >
> > The following contexts will still have an extension slot: native,
> > module, await, block and with contexts. See objects/contexts.h for
> > what the slot is used for.
> > The following contexts will not have an extension slot anymore (they
> > were not used before): script, catch and builtin contexts.
> > Eval and function contexts only have the extension slot if they
> > contain a sloppy eval.
> >
> > Bug: v8:9744
> > Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> > Commit-Queue: Victor Gomes <victorgomes@google.com>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Auto-Submit: Victor Gomes <victorgomes@google.com>
> > Cr-Commit-Position: refs/heads/master@{#64372}
>
> TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
>
> Bug: v8:9744
> Change-Id: I0749cc2d8f59940c25841736634a70047116d647
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64380}
TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
Bug: v8:9744
Change-Id: I621ffe98722f8c4defaf277b8d1666484ba2963f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1872400
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#64451}
The natives blob was deprecated in V8 7.8. This CL removes all related
functionality, including:
- Build system support, i.e.: generation of natives_blob.bin and the
v8_extra_library_files gn flag.
- Related scripts (js2c.py, concatenate-files.py).
- Related API functions (SetNativesDataBlob,
InitializeExternalStartupData).
- Natives bootstrapping logic.
- The InternalArray type (previously exposed through natives).
- Other natives-exposed builtins.
- Inlining of these builtins.
- The dedicated 'uncached external one byte string' type.
Step 1 landed in https://crrev.com/c/1824944.
Step 2 landed in https://crrev.com/c/1835536.
Step 3 (this CL) removes these all functionality related to natives
support in V8.
Bug: v8:7624
Change-Id: Ice6c2662781efe8417231805276476d32bc5a625
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1844771
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64446}
This reverts commit c48096d442.
Reason for revert: Flaky bot failures (https://bugs.chromium.org/p/v8/issues/detail?id=9744#c9)
Original change's description:
> Reland "[runtime] Remove extension slots from context objects"
>
> This is a reland of c07c02e1c4
>
> Original change's description:
> > [runtime] Remove extension slots from context objects
> >
> > Context objects have an extension slot, which contains further
> > additional data that depends on the type of the context.
> >
> > This CL removes the extension slot from contexts that don't need
> > them, hence reducing memory.
> >
> > The following contexts will still have an extension slot: native,
> > module, await, block and with contexts. See objects/contexts.h for
> > what the slot is used for.
> > The following contexts will not have an extension slot anymore (they
> > were not used before): script, catch and builtin contexts.
> > Eval and function contexts only have the extension slot if they
> > contain a sloppy eval.
> >
> > Bug: v8:9744
> > Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> > Commit-Queue: Victor Gomes <victorgomes@google.com>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Auto-Submit: Victor Gomes <victorgomes@google.com>
> > Cr-Commit-Position: refs/heads/master@{#64372}
>
> TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
>
> Bug: v8:9744
> Change-Id: I0749cc2d8f59940c25841736634a70047116d647
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64380}
TBR=ulan@chromium.org,jgruber@chromium.org,petermarshall@chromium.org,leszeks@chromium.org,verwaest@chromium.org,victorgomes@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9744
Change-Id: Ia58067b41f1eb5880a52b36ead754d7190ff7f6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871922
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64424}
Before this change, the activeElement used to be the body and not
multiview. Then, the EventListener wasn't triggering.
Bug: v8:7327
Change-Id: I9782159ffd510c9a7afd83695f20ede9e774ac20
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868624
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64422}
Since the resizers (the handles used to resize the panes) were
getting bigger when selected, they obscured part of the scrollbar
making the scrollbar too hard to select.
Also, when they were snapped, the right resizer totally obscured
the scrollbar.
Bug: v8:7327
Change-Id: I04f3df00181df2265890ef54706091b3bc36f23e
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869191
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64421}
This is a reland of c07c02e1c4
Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}
TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
Bug: v8:9744
Change-Id: I0749cc2d8f59940c25841736634a70047116d647
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#64380}
mmap behaves differently on Windows. This change adjust how grokdump.py
uses it so that the script will run on Windows.
The disassembly doesn't work due to lack of /usr/bin/objdump - fixing
that is out of scope for this change. The output is still useful even
without the disassembly.
Change-Id: I0db2d09e3ed10f0ca666cbbd438fbd82565906d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1866958
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64376}
This reverts commit c07c02e1c4.
Reason for revert: MSAN failures:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/29251
Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}
TBR=ulan@chromium.org,jgruber@chromium.org,petermarshall@chromium.org,leszeks@chromium.org,verwaest@chromium.org,victorgomes@google.com
Change-Id: I98dee04ab4d3ae977053982ec884b738d2f6f623
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9744
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868611
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64373}
Context objects have an extension slot, which contains further
additional data that depends on the type of the context.
This CL removes the extension slot from contexts that don't need
them, hence reducing memory.
The following contexts will still have an extension slot: native,
module, await, block and with contexts. See objects/contexts.h for
what the slot is used for.
The following contexts will not have an extension slot anymore (they
were not used before): script, catch and builtin contexts.
Eval and function contexts only have the extension slot if they
contain a sloppy eval.
Bug: v8:9744
Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
Commit-Queue: Victor Gomes <victorgomes@google.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#64372}
This is a reland of c7c47c68f2.
This makes TSAN happy in addition to:
Previously I presumed that the context read from a frame in the profiler was
a valid context. Turns out that on non-intel we're not guaranteed that the
frame is properly set up. In the case we looked at, the profiler took a
sample right before writing the frame marker indicating a builtin frame,
causing the "context" pointer from that frame to be a bytecode array. Since
we'll read random garbage on the stack as a possible context pointer, I made
the code reading the native context from it a little more defensive.
Bug: v8:9860
Tbr: ulan@chromium.org, neis@chromium.org, ishell@chromium.org
Original change's description:
> [runtime] Move Context::native_context to the map
>
> Remove the native context slot from contexts by making context maps
> native-context-specific. Now we require 2 loads to go from a context to the
> native context, but we have 1 field fewer to store when creating contexts.
>
> Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64296}
Change-Id: I4d0ab4cbbb23a9ae616407f17ef8f35a0b68ddb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864654
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64360}
The top bar was being scrolled down since the whole viewpane was
scrollable. It will now work in the way the "Dissasembly" tab
works: the content is scrollable, but not the pane.
This change makes Schedule and Sequence consistent within the
other panels.
As a drive-by fix, remove some unused constants.
Bug: v8:7327, v8:9517
Notry: true
Change-Id: I22f8abb6524cb297f43930fc8036b36b7ce59751
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863203
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64347}
This change extends v8_debug_helper to export a new method that returns
a list of all known heap object types.
Why? We can substantially improve the user experience in our work-in-
progress WinDbg extension if we register handlers not only for
v8::internal::Object but for every specific HeapObject type. This has
two benefits:
- You save a click: if you're expanding a local variable of a more
specific type than Object, you can see properties immediately rather
than first needing to expand a sub-item that casts the variable to
Object.
- You retain the type hint: GetObjectProperties accepts a type hint
string, and it's super important to pass it when working in a crash
dump because the object's Map is probably inaccessible. If we have to
cast to Object first, we lose this data.
Bug: v8:9376
Change-Id: I4d635a1826574a3d08ac657e848e1fe7b83849fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1822859
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#64331}
They have no function and are confusing to first time users, who think
that you have to click that to upload a file.
It would be better to not add them at all, but the logic searches for
'li.last-tab' and it seems hard to unravel.
Bug: v8:7327
Notry: true
Change-Id: I07e903947e15ccc0d5431488a4c4fcded999f91d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863194
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64325}
This reverts commit c7c47c68f2.
Reason for revert: breaks TSAN
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/28738
Original change's description:
> Reland "[runtime] Move Context::native_context to the map"
>
> This is a reland of f05bae1e0d
>
> Previously I presumed that the context read from a frame in the profiler was
> a valid context. Turns out that on non-intel we're not guaranteed that the
> frame is properly set up. In the case we looked at, the profiler took a
> sample right before writing the frame marker indicating a builtin frame,
> causing the "context" pointer from that frame to be a bytecode array. Since
> we'll read random garbage on the stack as a possible context pointer, I made
> the code reading the native context from it a little more defensive.
>
> Bug: v8:9860
>
> Original change's description:
> > [runtime] Move Context::native_context to the map
> >
> > Remove the native context slot from contexts by making context maps
> > native-context-specific. Now we require 2 loads to go from a context to the
> > native context, but we have 1 field fewer to store when creating contexts.
> >
> > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Reviewed-by: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#64296}
>
> Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Auto-Submit: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64314}
TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com
Change-Id: I4f9edc62ea6f9f5857619ff0ad1a63cab4b33cc3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9860
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864937
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64316}
This is a reland of f05bae1e0d
Previously I presumed that the context read from a frame in the profiler was
a valid context. Turns out that on non-intel we're not guaranteed that the
frame is properly set up. In the case we looked at, the profiler took a
sample right before writing the frame marker indicating a builtin frame,
causing the "context" pointer from that frame to be a bytecode array. Since
we'll read random garbage on the stack as a possible context pointer, I made
the code reading the native context from it a little more defensive.
Bug: v8:9860
Original change's description:
> [runtime] Move Context::native_context to the map
>
> Remove the native context slot from contexts by making context maps
> native-context-specific. Now we require 2 loads to go from a context to the
> native context, but we have 1 field fewer to store when creating contexts.
>
> Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64296}
Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64314}
Symbol and *String classes are now declared on Torque with
generateCppClass, which means they don't use macro accessors anymore. As
such, the gen-postmortem-metadata script is not able to automatically
detect fields for those classes. Define metadata for those fields
manually for now. In the future we might want to generate it from Torque
for consistency.
Also renamed a few *String fields metadata to match the expected format
(className__fieldName__fieldType). For more context:
https://github.com/nodejs/llnode/issues/287#issuecomment-539707117.
R=bmeurer@chromium.org, hpayer@chromium.org, verwaest@chromium.org, yangguo@chromium.org
Change-Id: I82fe8315cdbfd1b8c64c6a8d5dc011b1edaec39e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847783
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64313}
Using test runner with option --progress=ci can generate
output timeouts in an actual CI environment. To avoid
that we gonna write a timestamp in the standard output
at every minute.
Bug: v8:9146
Change-Id: Id2f05530956b01d9b07809e509cd0cefc0be54b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863196
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64311}
This is a reland of 1c56974f2a
This is a plain reland of the original CL. The original CL was speculatively
reverted, but ended up not being the cause for bot failures.
Original change's description:
> Unconditionally enable snapshot builds and remove 'v8_use_snapshot'
>
> This CL removes 'v8_use_snapshot' and the usages of the implied
> V8_USE_SNAPSHOT define. One test runner unittest was updated to use the
> "asan" variant instead of the now obsolete "no_snap" variant.
>
> Related chromium CL: https://crrev.com/c/1796325.
>
> Bug: v8:8531
> Change-Id: I5da7c9f8e9110fe7bc0f4e4f821bcb7f7d98f927
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784282
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Nico Weber <thakis@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64290}
TBR=thakis@chromium.org,machenbach@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tmrts@chromium.org,szuend@chromium.org
Bug: v8:8531
Change-Id: Id75a802279238138f7aefec62e0b6425a5acc08d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864649
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64305}
This reverts commit f05bae1e0d.
Reason for revert: broke arm sim debug
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/17714https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8899519852984476944/+/steps/Check_-_trusted/0/logs/FunctionDetailsInlining/0
Original change's description:
> [runtime] Move Context::native_context to the map
>
> Remove the native context slot from contexts by making context maps
> native-context-specific. Now we require 2 loads to go from a context to the
> native context, but we have 1 field fewer to store when creating contexts.
>
> Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64296}
TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com
Change-Id: Ie7b4086c3a9ab2627ecac599da36b20cf8d1f948
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863200
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64299}
Remove the native context slot from contexts by making context maps
native-context-specific. Now we require 2 loads to go from a context to the
native context, but we have 1 field fewer to store when creating contexts.
Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64296}
The tests were already passing because they happened to use objects
allocated in the lower half of the heap reservation, but this small
change should make behavior more consistent.
Change-Id: Ib6be3123d347234f4771c213f2209bfe6e19c569
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1860332
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#64294}
This reverts commit 1c56974f2a.
Reason for revert: Causes several bots to timeout, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/27945
Original change's description:
> Unconditionally enable snapshot builds and remove 'v8_use_snapshot'
>
> This CL removes 'v8_use_snapshot' and the usages of the implied
> V8_USE_SNAPSHOT define. One test runner unittest was updated to use the
> "asan" variant instead of the now obsolete "no_snap" variant.
>
> Related chromium CL: https://crrev.com/c/1796325.
>
> Bug: v8:8531
> Change-Id: I5da7c9f8e9110fe7bc0f4e4f821bcb7f7d98f927
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784282
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Nico Weber <thakis@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64290}
TBR=thakis@chromium.org,machenbach@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tmrts@chromium.org,szuend@chromium.org
Change-Id: I4024d818877e534b9f7908a2d14f33dca35b5924
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8531
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862572
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64293}
This CL removes 'v8_use_snapshot' and the usages of the implied
V8_USE_SNAPSHOT define. One test runner unittest was updated to use the
"asan" variant instead of the now obsolete "no_snap" variant.
Related chromium CL: https://crrev.com/c/1796325.
Bug: v8:8531
Change-Id: I5da7c9f8e9110fe7bc0f4e4f821bcb7f7d98f927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784282
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64290}
We are not shipping ptr-compr in M79 on x64 because chromium:1009439
blocks 31-bit Smis on 64-bit architectures, so these's no point in
disabling double fields unboxing.
This CL will be reverted after the M79 branch point.
Bug: v8:9799, chromium:1009439
Change-Id: I28d0013d3ab06ce41d5028ba4f66c9b249de52d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862556
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64288}
Design doc:
https://docs.google.com/document/d/1ZU6rCvF2YHBGMLujWqqaxlPsjFfjKDE9C3-EugfdlAE/edit
Changes from the design doc:
- Changed to use 'class' declarations rather than 'type' declarations
for things that need instance types but whose layout is not known to
Torque. These declarations end with a semicolon rather than having a
full set of methods and fields surrounded by {}. If the class's name
should not be treated as a class name in generated output (because
it's actually a template, or doesn't exist at all), we use the
standard 'generates' clause to declare the most appropriate C++ class.
- Removed @instanceTypeName.
- @highestInstanceType became @highestInstanceTypeWithinParentClassRange
to indicate a semantic change: it no longer denotes the highest
instance type globally, but only within the range of values for its
immediate parent class. This lets us use it for Oddball, which is
expected to be the highest primitive type.
- Added new abstract classes JSCustomElementsObject and JSSpecialObject
to help with some range checks.
- Added @lowestInstanceTypeWithinParentClassRange so we can move the new
classes JSCustomElementsObject and JSSpecialObject to the beginning of
the JSObject range. This seems like the least-brittle way to establish
ranges that also include JSProxy (and these ranges are verified with
static assertions in instance-type.h).
- Renamed @instanceTypeValue to @apiExposedInstanceTypeValue.
- Renamed @instanceTypeFlags to @reserveBitsInInstanceType.
This change introduces the new annotations and adds the ability for
Torque to assign instance types that satisfy those annotations. Torque
now emits two new macros:
- TORQUE_ASSIGNED_INSTANCE_TYPES, which is used to define the
InstanceType enumeration
- TORQUE_ASSIGNED_INSTANCE_TYPE_LIST, which replaces the non-String
parts of INSTANCE_TYPE_LIST
The design document mentions a couple of other macro lists that could
easily be replaced, but I'd like to defer those to a subsequent checkin
because this one is already pretty large.
Bug: v8:7793
Change-Id: Ie71d93a9d5b610e62be0ffa3bb36180c3357a6e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757094
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64258}
The pointer to the first page of code space is not consistent and
therefore shouldn't be included in the mkgrokdump output.
No-Tree-Checks: true
Bug: v8:9844
Change-Id: I697c34e30e9b67b44e603e92d4bd3c7b81c1af3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856511
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64250}
In preparation for allowing Torque to generate the list of instance
types, I'd like to make the rules a bit more consistent for how instance
types are spelled. This CL is my proposal for a system where every
non-String instance type name is exactly equal to calling
CapifyStringWithUnderscores on the corresponding class name and
appending "_TYPE".
This change is almost all find&replace; the only manual changes are in:
- src/objects/instance-type.h
- src/torque/utils.cc
- tools/gen-postmortem-metadata.py
This change is in response to the review comment
https://chromium-review.googlesource.com/c/v8/v8/+/1757094/25/src/builtins/base.tq#132
Change-Id: Ife3857292669f54931708e934398b2684e60bea5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1814888
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64199}
The `set disassembly-flavor` command is only available when debugging a x86
target. On other targets, sourcing `tools/gdbinit` fails as a result.
Sadly, we have to resort to using python's exception to ignore errors and carry
on.
NOTRY=true
Change-Id: If37450ee5bca43d5edb02fa9a5b218d7992f8885
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847353
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64182}
This adds a fake toolchain for pointer compression, used for
correctness fuzzing. The toolchain enables us to have an extra build
with inverse pointer-compression defaults side-by-side.
The extra build is used similarly to existing x64/x86 comparisons,
except that we now compare builds with different compile-time flags.
Change-Id: I75491371262204b86eaa006ca8d04848f49121ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829275
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64123}
This is a reland of b271ea3c94
The failing arm64 disasm poison test was fixed.
Original change's description:
> [ptr-compr] Disable double fields unboxing
>
> Double field unboxing optimization is incompatible with pointer compression so
> we land this CL before enabling pointer compression in order to separate memory
> and performance regressions caused by disabled double field unboxing from
> pointer compression change.
>
> Bug: v8:9799
> Change-Id: Ic8118356496a3f351344215b409f9722de6c9355
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1835546
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64089}
Tbr: verwaest@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_dbg
Bug: v8:9799
Change-Id: Ib7c126d70859537c3d0bce54a49f23909c14a6ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1840411
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64111}
merge_to_branch.py can fail partway through for many reasons (the EDITOR
environment variable not being set being one) and on the next run this
leads to an error saying:
Exception: A merge is already in progress
It is not obvious to those doing their first merge how to get past this.
Searching the source code leads to the -f option but it should be
possible to proceed without searching the source. This change adds
"Use -f to continue" to the message.
Change-Id: Ic9d8e404e044be3308e5ae3ef3a4430e4aa3ccc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1837028
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64096}
This reverts commit b271ea3c94.
Reason for revert: breaks arm build:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/17575
Original change's description:
> [ptr-compr] Disable double fields unboxing
>
> Double field unboxing optimization is incompatible with pointer compression so
> we land this CL before enabling pointer compression in order to separate memory
> and performance regressions caused by disabled double field unboxing from
> pointer compression change.
>
> Bug: v8:9799
> Change-Id: Ic8118356496a3f351344215b409f9722de6c9355
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1835546
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64089}
TBR=ishell@chromium.org,verwaest@chromium.org
Change-Id: Ief07d8d4b3c4a6f1439656f31b8d34ec99bf9747
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9799
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1834769
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64090}
Double field unboxing optimization is incompatible with pointer compression so
we land this CL before enabling pointer compression in order to separate memory
and performance regressions caused by disabled double field unboxing from
pointer compression change.
Bug: v8:9799
Change-Id: Ic8118356496a3f351344215b409f9722de6c9355
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1835546
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64089}
Premonomorphic state was only used for store globals to handle contextual
store on a global object [1]. We now handle these differently and we
move to fast handlers even without going through premonomorphic state
after this cl: https://chromium-review.googlesource.com/c/v8/v8/+/1807356.
Also, with lazy feedback this would be a relatively uncommon case anyway.
So, we no longer need premonomorphic state. This cl removes this state
entirely.
[1]: https://bugs.chromium.org/p/v8/issues/detail?id=8712
Bug: v8:8394
Change-Id: I71fb918b82b0c321a9705e32c8fc44e9ec223b38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1833690
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64085}
The natives blob is deprecated and will be removed in the next
release.
This commit does two things, 1. it disables the v8_extra_library_files
gn argument which will make building natives_blob.bin through gn
impossible; 2. it marks API functions associated with the natives blob
as V8_DEPRECATE_SOON.
Embedders should remove any uses of SetNativesDataBlob and replace all
calls to
InitializeExternalStartupData(const char*, const char*)
with the new function
InitializeExternalStartupDataFromFile(const char*)
Step 2 is to mark API functions as V8_DEPRECATED.
Step 3, in the next V8 release, is to remove these functions and all
other natives support in V8.
Bug: v8:7624
Change-Id: I745e96c60204a9b94d9240be65dd59bb9bdd0699
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824944
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64080}
This is a reland of 6612943010
Fixed: Unaligned reads, unspecified evaluation order.
Original change's description:
> [regexp] Bytecode peephole optimization
>
> Bytecodes used by the regular expression interpreter often occur in
> specific sequences. The number of dispatches in the interpreter can be
> reduced if those sequences are combined into a single bytecode.
>
> This CL adds a peephole optimization pass for regexp bytecodes.
> This pass checks the generated bytecode for pre-defined sequences that
> can be merged into a single bytecode.
>
> With the currently implemented bytecode sequences a speedup of 1.12x on
> regex-dna and octane-regexp is achieved.
>
> Bug: v8:9330
> Change-Id: I827f93273a5848e5963c7e3329daeb898995d151
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813743
> Commit-Queue: Patrick Thier <pthier@google.com>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63992}
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux_gcc_rel
Bug: v8:9330,chromium:1008502,chromium:1008631
Change-Id: Ib9fc395b6809aa1debdb54d9fba5b7f09a235e5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1828917
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64064}
Adds ability to pause JavaScript debugger from d8 by defining a global function
`handleInspectorMessage` which should block waiting for a new inspector message,
and `send` it afterwards.
Additionally, adds a simple helper script that, when invoked via `websocketd`
as per instructions, can be used for debugging `d8` using Chrome DevTools
(inspecting script sources, pausing, stepping over, etc.).
Change-Id: Iee75fb4e3f2ccc8c8552c804fefaefb233d6b089
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829221
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ingvar Stepanyan <rreverser@google.com>
Cr-Commit-Position: refs/heads/master@{#64040}
