In order for Error.prepareStackTrace() to be able to reconstruct the
same stack frame that the internal mechanism can, we need to also
expose the index for the Promise.all() builtin. The newly added
CallSite#getPromiseIndex() does exactly that.
Bug: v8:7522
Change-Id: I904a4c1005f539536a71926ea1da38b31e2a2e8a
Reviewed-on: https://chromium-review.googlesource.com/c/1304293
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57055}
Otherwise already peeked tokens will possibly pass later checks causing us to
parse more than necessary. Initially we held off on doing this since subsequent
Consume calls would fail after previous checks succeeded; especially in the
case of stack overflow. However, we've previously relaxed that DCHECK to also
pass if the parser has an error.
Change-Id: I413dffd475982d07299a08270fa94fdc3858e883
Reviewed-on: https://chromium-review.googlesource.com/c/1304313
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57054}
This blocks building with official clang-cl and Windows SDK
Refs: https://github.com/nodejs/node/issues/19630
Change-Id: I41fdf934f486c660df7a9e0dd284f6eb3c294dd4
Reviewed-on: https://chromium-review.googlesource.com/c/1297479
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57053}
In the process implement TopType to express undefined values and
transient types after they no longer are valid, as well as checks to
make sure that transtioning callables are transitively marked
to express if they or their call chain modify transient types.
Bug: v8:7793
Change-Id: Idb237e878d3a511a4f460b6510ffd4876593951d
Reviewed-on: https://chromium-review.googlesource.com/c/1297963
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57052}
This is a reland of 9cde880856 now the the underlying
problem in Chromium is fixed by:
https://chromium-review.googlesource.com/c/chromium/src/+/1301459
Original change's description:
> [Compile] Ensure we don't access the native context during bytecode finalization.
>
> Resets the isolate's context to nullptr in debug builds during bytecode finalization
> to ensure that we don't rely on the native context during context independent
> unoptimized compilation.
>
> BUG=chromium:898076, v8:8041
>
> Change-Id: Ifaa5006a7a3d31d7fbd535ebb63f8889c75526c4
> Reviewed-on: https://chromium-review.googlesource.com/c/1297961
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56979}
TBR=leszeks@chromium.org
Bug: chromium:898076, v8:8041
Change-Id: I11904e19e843b0eadab698196ac1ef9c7aeec766
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel; luci.chromium.try:linux_chromium_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/1301480
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57048}
The builder has shown to be too brittle when run on dirty V8 ToT.
TBR=sergiyb@chromium.org
NOTRY=true
Bug: chromium:898965
Change-Id: I7eb1f54febeebfcc6c385cc1a9d97262f8583103
Reviewed-on: https://chromium-review.googlesource.com/c/1302056
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57046}
This reverts commit 2690e2fc70.
Reason for revert: this is not needed because objects in the worklist
are guaranteed to be not black allocated.
Original change's description:
> [heap] Correctly check for black allocated objects in concurrent marker.
>
> The markbit check should be performed before using the map of the
> object.
>
> Change-Id: Ia19e48fd4660387d239e1e330368808727359c7f
> Reviewed-on: https://chromium-review.googlesource.com/c/1301496
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57040}
TBR=ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org
Change-Id: I4f188197620c511060fda4f60c80a3c389007054
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1301993
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57043}
In order to ensure that Isolate::New()/Isolate::Delete() are the bottlenecks
this CL also makes the Isolate class final.
Bug: v8:8182
Change-Id: I6bb170363a1210f66d63f4bcc46ea06fb5000d50
Reviewed-on: https://chromium-review.googlesource.com/c/1301481
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57041}
The markbit check should be performed before using the map of the
object.
Change-Id: Ia19e48fd4660387d239e1e330368808727359c7f
Reviewed-on: https://chromium-review.googlesource.com/c/1301496
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57040}
The assumption behind this optimization was invalid. Even if the
string's prototype is unchanged, the symbol could exist somewhere
further up the prototype chain.
GetProperty has been sped up significantly so it might be fine to just
skip this fast path. An alternative would be to use a protector cell.
Bug: v8:8357
Change-Id: Ia577107a58157350eb15780c02aa63d77e600637
Reviewed-on: https://chromium-review.googlesource.com/c/1301498
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57038}
and also move embedder fields from Isolate to IsolateData.
The external memory counter fields are temporarily moved to IsolateData in
order to avoid unexpected Node JS bot failures which happen if the fields
are left in the Heap class.
Bug: v8:8182
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I9d58f235c0ce40e110f595addd03b80b3617aa77
Reviewed-on: https://chromium-review.googlesource.com/c/1278793
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57037}
This changes the GC histograms from HistogramTimer to TimedHistogram.
Bug: chromium:898613
Change-Id: Ie18c6dd3b958c3ce93f0f84faec0f306d699afa0
Reviewed-on: https://chromium-review.googlesource.com/c/1299241
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57036}
This just adds calls to SerializePrototype right before we access the
serialized prototype. Eventually we need to do this earlier.
Bug: v8:7790, chromium:899115
Change-Id: I597e95f5f6df8aae608ee295fe9550e7c2a45e6d
Reviewed-on: https://chromium-review.googlesource.com/c/1301475
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57034}
Flag -Wno-defaulted-function-deleted is not known to clang 4.0, which is
currently the default on many systems, so filter the flag for now.
R=mslekova@chromium.org
Notry: true
Change-Id: I9ee9cbbf97f411d409b8b4150897d7741abe24af
Reviewed-on: https://chromium-review.googlesource.com/c/1301511
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57033}
This CL refactors the existing trap handler code for Linux to allow a
cleaner extension to Windows.
1) The CL extracts platform-specific code into separate files, see
https://docs.google.com/document/d/1HCgKIpdjy_CEodTLvZ5VuykDI6gGTHrTtau2j0zwm28.
Specifically this means:
* Move posix-specific API functions from v8.h to v8-wasm-trap-handler-posix.h.
Deprecate the existing TryHandleSignal API function.
* Move posix-specific function declarations from trap-handler-internal.h to
handler-inside-posix.h
* Move posix-specific function definitions from handler-shared.cc to
handler-outside-posix.cc
2) The CL changes filenames from *-linux.* to *-posix.*. I expect that
most of the implementation for MacOS will be the same as for Linux.
Bug: v8:6743
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I4bb7f199564a2f01042084d15a82311d11a93c7b
Reviewed-on: https://chromium-review.googlesource.com/c/1280324
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57028}
The valid store types of a {Float64Array} heap view are specified to be
"float?" and "double?". We correctly accepted both types but forgot to
emit the appropriate conversion in the "float?" case. This just adds the
missing conversion expression.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-898974
BUG=chromium:898974,v8:8347
Change-Id: I306b10e2088185b1522da29b1a113908ef9925f2
Reviewed-on: https://chromium-review.googlesource.com/c/1301499
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57025}
GCs should only trigger only trigger when growing external memory but
not when removing it.
- The limit is already lowered when removing memory, so possible future
allocations check against a lowered limit.
- Memory pressure signals are already handled via an explicit V8 API.
Bug: chromium:899035
Change-Id: I96da5862400e06edb8c9fa47357070b3b48560a1
Reviewed-on: https://chromium-review.googlesource.com/c/1301473
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57024}
This adds support for Promise.all() to --async-stack-traces (also at
zero cost, since we can derive the relevant information from the resolve
element closure and context). In case of `Promise.all(a)` the stack
trace even tells you which element of `a` is responsible, for example
```js
async function fine() {}
async function thrower() { await fine(); throw new Error(); }
async function test() { await Promise.all([fine(), thrower()]); }
```
will generate the following stack trace
```
Error
at thrower (something.js:1:9)
at async Promise.all (index 1)
at async test (something.js:3:3)
```
so it not only shows the async Promise.all() frames, but even tells the
user exactly that the second element of `[fine(), thrower()]` is the
relevant one.
Bug: v8:7522
Change-Id: I279a845888e06053cf0e3c9338ab71caabaabf45
Reviewed-on: https://chromium-review.googlesource.com/c/1299248
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57023}
Currently, because the source float_64_array has an iterator, it hits
the code in the "check_iterator" section of TypedArrayFrom which calls
IterableToList. This builds a temporary PACKED_ELEMENTS array (and boxes
all of the numeric values as HeapNumbers), then uses this as the source
array.
This patch checks if the source array is a TypedArray, and if the iterator
is the built-in one (where we know the iterator's behaviour). If both are
true then it bypasses the creation of this temporary array and uses the
original TypedArray as the source.
This allows it to take advantage of the existing fast code for copying one
typed array to another.
R=hablich@chromium.org, petermarshall@chromium.org
Bug: chromium:884671
Change-Id: I19a944c9d6d5d07699c7dc3ad7196fc871200b62
Reviewed-on: https://chromium-review.googlesource.com/c/1297312
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57022}
We can use GcSafeFindCodeForInnerPointer() when handling a code
added event. This method understands embedded builtins.
Change-Id: I94757f96b7b4ad10cbf7cb5f715d3368cc86b798
Reviewed-on: https://chromium-review.googlesource.com/c/1297953
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57021}
This test was incidentally fixed by
https://chromium-review.googlesource.com/c/v8/v8/+/1280436.
Calls to StartTickSample() and FinishTickSample() are not permitted by
multiple producers. If the signal handler interrupts the main thread,
both might receive the same pointer into the circular buffer and one
will overwrite the data of the other.
This means we cannot call it in tests, and have to use AddSample()
instead.
Bug: v8:8209
Change-Id: I6904204e88077f704f819b52cde0fdaab0f13462
Reviewed-on: https://chromium-review.googlesource.com/c/1299022
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57019}
This CL restores consistency with other platforms. ebx is now the
kRootRegister on ia32, and thus not an allocatable register any more.
The PreserveRootIA32 register configuration can be removed since it is
now identical to the Default configuration.
Bug: v8:6666
Change-Id: If4e2b4c52aa8b5db40bcd3b4469004b29c0e3d99
Reviewed-on: https://chromium-review.googlesource.com/c/1299078
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57018}
This skips big-object-literal on bots with dchecks (setting DEBUG) and with
stress mode in general.
NOTRY=true
Bug: v8:8328
Change-Id: I53480d1ee942d2c83e46c8804bd8920a5e36cad2
Reviewed-on: https://chromium-review.googlesource.com/c/1301495
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57017}
When creating a Code object, if it has valid builtin_index then create
its RelocInfo in RO_SPACE. For embedded builds this moves about 48 bytes
into RO_SPACE, but it's considerably more for nosnap builds.
Bug: v8:7464
Change-Id: I598cb960c0068ef4be8d72ae8f5c8d74c0195aca
Reviewed-on: https://chromium-review.googlesource.com/c/1299073
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57016}
Move fixing up Filler objects after deserialization from the
StartupDeserializer to the ReadOnlyDeserializer since that's what
deserializes the Filler maps.
Since only RO_SPACE can contain such objects, skip iterating over all
the spaces and just fix them up directly in RO_SPACE. To this end, the
PagedSpace code is moved to ReadOnlySpace and the Heap fix up method is
removed.
Change-Id: I7a01f1ef298e6d5e74d3173620fb7764c3b598f2
Reviewed-on: https://chromium-review.googlesource.com/c/1299013
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57015}
Checking impl()->IsAsync(identifier) is insufficient since it could be
parenthesized. By checking the token in addition to IsIdentifier guarantees
that we've only seen the single token ASYNC.
Bug: chromium:898812
Change-Id: Id94dd607381050b4bd8cd6d8672a5d11256db7da
Reviewed-on: https://chromium-review.googlesource.com/c/1300134
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57013}
This CL applies the equivalent of the Object -> ObjectPtr
transformation to MaybeObject and HeapObjectReference. We
need no renaming in this case because we can just migrate
them both in one go.
Bug: v8:3770
Change-Id: Ie1259c3e8c556eff00f8bcf534d7270ca9fe00e1
Reviewed-on: https://chromium-review.googlesource.com/c/1298386
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57010}
Port e893eb1403
Original Commit Message:
This adds support for having reference type values (i.e. anyref) stored
in an exception. It is the natural combination of the reference type
proposal and the exception handling proposal.
Note that this also introduces support for having write barriers in
generated WasmCode, as this is the first time we are storing references
within generated code. Such write barriers will be needed for other uses
of reference types (e.g. mutable global) regardless.
R=mstarzinger@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:8341
LOG=N
Change-Id: I6837a31791654ebe4171f6ecb563939beb3a66dd
Reviewed-on: https://chromium-review.googlesource.com/c/1299899
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#57009}
