Previously, guard regions were created by allocating pages with
PROT_NONE and relying on an allocation hint. This could fail however,
for example on Fuchsia (where it would allocate a VMO to back the guard
region) and possibly on Windows (where a placeholder mapping was
replaced by a "real" mapping).
Introducing an explicit VirtualAddressSpace::AllocateGuardRegion routine
now makes this operation more efficient and effectively guarantees that
it cannot fail if used correctly: in a regular subspace, there is no
need to allocate anything when creating guard regions since the address
space reservation backing the subspace is guaranteed to be inaccessible
when no pages are allocated in it.
Bug: chromium:1218005
Change-Id: I6945f17616b6b8dad47241af96d4cb1f660e8858
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366237
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78480}
This change fixes the implementation of the previously introduced API
`Runtime.setMaxCallStackSizeToCapture` to work correctly and also apply
(consistently) to stack traces captured by V8 when exceptions are
thrown. It does so in a fully backwards compatible manner.
This change thus makes the previous fix for catapult (which landed in
http://crrev.com/c/3347789) effective, and therefore ensures that real
world performance benchmarks aren't affected by the use of the `Runtime`
domain in the catapult test framework.
Note this is basically a reland of crrev.com/c/3361839, but without
touching the stack traces for console messages (which led to the
regressions in crbug/1283516, crbug/1283523, etc.).
Fixed: chromium:1280831
Bug: chromium:1283162, chromium:1278650, chromium:1258599
Bug: chromium:1280803, chromium:1280832, chromium:1280818
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Change-Id: I3dcec7b75d76ca267fac8bd6fcb2cda60d5e60dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364086
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78479}
This sprinkles some more trace events in the disabled by default
"v8.inspector" category, to help with understanding performance
impact of stack trace capturing better.
Bug: chromium:1283162
Change-Id: I6085d587f241635fbb6934bef3adc95f58c5d2aa
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364085
Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78477}
We unify the implementation of element segment expression entries with
other initializer expressions: we represent them with a {WireBytesRef}
and decode them with {InitExprInterface}. Except for reducing code
duplication, this also fixes a bug where {global.get} entries in element
segments could reference invalid globals.
Changes:
- Change {WasmElemSegment::Entry} to a union of a {WireBytesRef}
initializer expression and a {uint32_t} function index.
- In module-decoder, change parsing of expression entries to use
{consume_init_expr}. Add type checking to
{consume_element_func_index}, to complement type checking happening in
{consume_init_expr}.
- In module-instantiate.cc:
- Move instantiation of indirect tables before loading of element
segments. This way, when we call {UpdateDispatchTables} in
{SetTableEntry}, the indirect table for the current table will also
be updated.
- Consolidate table entry instantiation into {SetTableEntry}, which
handles lazily instantiated functions, or dispatches to
{WasmTableObject::Set}.
- Rename {InitializeIndirectFunctionTables} to
{InitializeNonDefaultableTables}.
- Change {InitializeNonDefaultableTables} and {LoadElemSegmentImpl}
to use {EvaluateInitExpression}.
- Add a test to exclude mutable/non-imported globals from the element
section.
- Update tests as needed.
- Update .js module emission in wasm-fuzzer-common.
Change-Id: I29c541bbca8531e8d0312ed95869c8e78a5a0c57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364082
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78476}
Chromium builds indicate that moving an optional doesn't reset the
source, and the source still indicates it has a value.
That may be a bug in base::optional, but we should fix it here first to
resolve current crashes.
Bug: chromium:1154636
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Change-Id: Ibfb53b6d06d5f0310e68b200cc27ca318a5a57e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366235
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78475}
The virtual register should be prefixed with a 'v' to match the printing
of virtual registers in other places.
R=mslekova@chromium.org
Bug: v8:12330
Change-Id: Ib79ace97b1c497efa3de85e1e48f5b07bb76d6cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3358293
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78474}
The mid-tier register allocator already did some consistency checks;
this CL extends them, and removes a redundant check.
The added check ensures that no two virtual registers are assigned to
the same register. A separate check for the correctness of the
{allocated_registers_bits_} bitset is folded into {CheckConsistency}.
A second check that an allocated register is contained in
{allocated_registers_bits_} is removed.
R=mslekova@chromium.org
Bug: v8:12330
Change-Id: I6420eede145f88006c49e6ab16fdbeabffb8c9c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3358291
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78473}
This fixes an unbalanced return stack that was caused by popping the
return address and jumping to it, instead of pushing it back and
returning properly.
R=leszeks@chromium.org
Bug: v8:11246
Change-Id: I5c58c587cc0f5433c0a3595f5ed4c765e90d1a30
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3365267
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78472}
See related CL for context.
Changes:
- In InitExprInterface, add the ability to evaluate function references
as index only. Remove the global buffers and use the ones passed with
the instance object instead.
- In WasmElemSegment, add a field indicating if elements should be
parsed as expressions or indices. Change module-decoder.cc to reflect
this change.
- In module-instantiate, change the signatures of LoadElemSegment,
LoadElemSegmentImpl, and EvaluateInitExpr. Move the latter out of
InstanceBuilder.
Change-Id: I1df54393b2005fba49380654bdd40429bd4869dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364081
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78470}
For low-cost exception handling, it's important to be able to quickly
drop frames from the stack until reaching the exception handler.
The Intel shadow stack offers an instruction to avoid offending
stack discipline, incsspq, which drops N values from the stack.
This CL integrates that instruction for v8 exception handling.
Bug: v8:11246
Change-Id: I908f0ab8bb3de6c36e6078e27b65132287328f2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289637
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78469}
Commit 84f3877c15 moved IsInRange to
base::IsInRange and updated src/parsing/keywords-gen.h, but did not
update tools/gen-keywords-gen-h.py.
Bug: v8:12507
Change-Id: I914ba73feac3bac6fd5d08d14d17149faf6c5c76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3356200
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78467}
This changes the StackFrameInfo to either hold on to a pair of
(Script,source position)
or a pair of
(SharedFunctioInfo,bytecode offset)
similar to what we do for MessageLocation. The idea here is to defer the
costly bytecode offset to source position lookup until really needed,
and in particular, avoid the costly lookup during stack trace capturing.
On the `standalone.js` benchmark in crbug.com/1283162#c1, this reduces
overall average execution time by roughly 25%, and the performance is
almost back to where it was before crrev.com/c/3302794 (being only 12%
slower than before on the `standalone.js` test case).
Note that due to unrelated limitations we cannot encode -1 as bytecode
offset in the flags field of the StackFrameInfo, and so we treat this
case specially (happens when stack trace capturing is triggered in the
function entry sequence) and just eagerly resolve it to the source
position.
Bug: chromium:1278650, chromium:1283162, chromium:1280803
Bug: chromium:1280818, chromium:1280831, chromium:1280832
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Change-Id: If7cf62fce48d32c0f188895d1f8c9eee51b9e70d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359633
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78466}
This is in line with PartitionAlloc's DiscardSystemPagesInternal.
When the sandbox is enabled, OS::DiscardSystemPages is used instead of
PA's version. As such, these two implementations should ideally be
mostly identical. Using MADV_FREE instead of MADV_DONTNEED as was
previously done appears to cause some memory regressions.
Bug: chromium:1276887
Change-Id: Ied92b106e9894d428e599801d753ab4c8cffd874
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364090
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78465}
Clear cached events if there is no embedder recorder.
Bug: chromium:1154636
Change-Id: I9ad3b752ea242d07b417ce3022936789c47afc6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3358292
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78464}
Int64Lowering may produce projection nodes with floating control input.
When inlining, we need to connect such nodes to the caller's start node
instead of the control dependency of the call node.
Bug: v8:12506, v8:12166
Change-Id: I1a726dc7b0ad40e98f3b745298062c2f7194288a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3352221
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78463}
This reverts commit 34f73cc759.
Reason for revert: Performance regressions throughout a lot of
system health and browsing benchmarks.
Original change's description:
> [inspector] Fix `Runtime.setMaxCallStackSizeToCapture`.
>
> This change fixes the implementation of the previously introduced API
> `Runtime.setMaxCallStackSizeToCapture` to work correctly and also apply
> (consistently) to stack traces captured by V8 when exceptions are
> thrown. It does so in a fully backwards compatible manner.
>
> This change thus makes the previous fix for catapult (which landed in
> http://crrev.com/c/3347789) effective, and therefore ensures that real
> world performance benchmarks aren't affected by the use of the `Runtime`
> domain in the catapult test framework.
>
> Bug: chromium:1283162, chromium:1278650, chromium:1258599
> Bug: chromium:1280803, chromium:1280832, chromium:1280818
> Fixed: chromium:1280831
> Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
> Change-Id: I4ec951a858317fa49096cd4023deb0104d92c9c9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361839
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78458}
Bug: chromium:1283162, chromium:1278650, chromium:1258599
Bug: chromium:1280803, chromium:1280832, chromium:1280818
Bug: chromium:1280831
Change-Id: Id1efaffa2f7f08c47f833f68b8a297494edee21e
Fixed: chromium:1283751, chromium:1283749, chromium:1283746
Fixed: chromium:1283729, chromium:1283700, chromium:1283700
Fixed: chromium:1283691, chromium:1283687, chromium:1283678
Fixed: chromium:1283677, chromium:1283676, chromium:1283675
Fixed: chromium:1283674, chromium:1283618, chromium:1283536
Fixed: chromium:1283523, chromium:1283516
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364078
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78462}
This change fixes the implementation of the previously introduced API
`Runtime.setMaxCallStackSizeToCapture` to work correctly and also apply
(consistently) to stack traces captured by V8 when exceptions are
thrown. It does so in a fully backwards compatible manner.
This change thus makes the previous fix for catapult (which landed in
http://crrev.com/c/3347789) effective, and therefore ensures that real
world performance benchmarks aren't affected by the use of the `Runtime`
domain in the catapult test framework.
Bug: chromium:1283162, chromium:1278650, chromium:1258599
Bug: chromium:1280803, chromium:1280832, chromium:1280818
Fixed: chromium:1280831
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Change-Id: I4ec951a858317fa49096cd4023deb0104d92c9c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361839
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78458}
The `Console` domain has been deprecated (in favor of `Log` and
`Runtime`) since over four years now, and its use is strongly
discouraged.
However, making `Runtime.setMaxCallStackSizeToCapture` useful (in
light of the refactorings for crbug.com/1283162) and more correct
(wrt. to the anticipated behavior), would be complicated seriously
if we also need to worry about `Console` domain interference.
So this CL simply removes the feature that `Console.enable` turns
on stack trace capturing for error and message objects, and won't
send `line`, `column`, and `url` with `Console.Message` events
if they aren't present on the `v8_inspector::V8ConsoleMessage`
instance (these fields have always been optional anyways).
Bug: chromium:1283162
Change-Id: I78bd1e040fe15a2372639c403bfc2f4579fd4d0c
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361837
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78454}
The v8-debug.h and its implementations in api.cc are effectively owned
by the DevTools team.
Bug: none
Change-Id: I0eacb901bad771fca9aff19ded6bde0c34753174
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361835
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78453}
This introduces a new `GetLocation()` method for `v8::StackFrame`s,
which returns both line and column number at the same time (using the
existing `v8::Location` class). Since `v8::StackFrame` instances store
only the source position (per https://bit.ly/v8-stack-frame), we
currently need to look up the source position in the Script's line table
twice, once when we request the line number, and another time when we
request the column number.
With `GetLocation()` we perform only a single lookup in the Script's
line table and return both line and column number at the same time. This
cuts roughly 8% of the average execution time from the `standalone.js`
benchmark mentioned in crbug.com/1280519.
Bug: chromium:1280519, chromium:1278650, chromium:1069425
Bug: chromium:1077657, chromium:1283162
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Change-Id: Ia3a0502990b6230363112a358b59875283399404
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359628
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78452}
Previously the `Debugger.CallFrame`s in `Debugger.paused` events would
report locations relative to the surrounding document in case of inline
scripts with `//@ sourceURL` annotations (while `Runtime.CallFrame` was
already fixed previously as part of crrev.com/c/3069289). With this CL
the locations in `Debugger.CallFrame` are also appropriately adjusted.
Drive-by-fix: Several inspector tests were (incorrectly) relying on this
wrong treatment, and were also unnecessarily using //# sourceURL
annotations. So part of this CL also addresses that problem and makes
the tests more robust, using addInlineScript() helper.
Fixed: chromium:1283049
Bug: chromium:1183990, chromium:578269
Change-Id: I6e3b215d951c3453c0a9cfc9bccf3dc3d5e92fd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359619
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78450}
On concurrent threads, CppMarkingState allocates its own
cppgc::internal::MarkingStateBase.
On the mutator thread, CppMarkingState reuses the same MarkingStateBase
as CppHeap's mutator thread visitor.
That means the mutator thread doesn't need to rely on publishing
segments to push object from V8 to CppHeap.
Bug: v8:12407
Change-Id: I161adf8dcdc9aa960de65b47feb2abd3b605df7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295454
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78449}
Included in this CL:
(*) Introduce CppMarkingState that V8 should use to push references to
Oilpan. CppMarkingState allocates its own Worklist::Locals to
support concurrent updates from V8.
(*) Split Oilpan MarkingWorklist object to form a base class used by
CppMarkingState.
(*) Remove MarkerFactory and split marking initialization. Marking
worklists should already be initialized when V8 initializes
visitors. For incremental marking, this requires splitting
marking initialization and marking start.
(*) Drive-by: Mark JSObject::IsApiWrapper and
JSObject::IsDroppableApiWrapper as const.
Bug: v8:12407
Change-Id: I35cc816343da86f69a68306204675720e9b3913f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3293410
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78446}
This CL splits the TF type for JSFunction into CallableFunction and
ClassConstructor. This differentiation allows us to lower calls to the
CallFunction Builtin only for functions that we can actually call.
Class Constructors are special, as they are callable but should raise
an exception if called.
By not lowering class constructors to calls to CallFunction (but the
more generall Call) builtin, we can remove the checks for class
constructors from CallFunction (in a follow-up CL).
Bug: chromium:1262750
Change-Id: I399967eb03b2f20d2dcb67aef2243b32c9d3174e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3350457
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78445}
Wasm values are stored in memory in little endian order even
on BE machines and as a result they need to be manually reversed
after a load.
Other such atomic ops get patched during Wasm compilation or
during code-gen, this is one of the few places where a runtime call is
made to C++ which requires this fix.
As the the runtime stub is used on both TurboFan and Liftoff this
patch will fix both cases.
Up until now the cctest was passing incorrectly as it's mixing the
Wasm memory buffer with TypedArrays. TypedArrays don't have the
LE enforcement and use the native byte order.
With this patch the test is now failing as expected
and is being skipped for now.
Bug: v8:12505
Change-Id: I49fac208f1fab7396b7d9911e803bc047b3b8263
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3350744
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78433}
This updates the following set of console builtins in V8 to match the
Console Standard (https://console.spec.whatwg.org) with respect to
(potentially side effecting) type conversions:
- console.debug
- console.error
- console.info
- console.log
- console.trace
- console.warn
- console.group
- console.groupCollapsed
- console.assert
The V8 implementation only performs the type conversions and updates
the arguments in-place with the results from the %String% constructor,
%parseInt%, or %parseFloat% invocations. The actual formatting is
still left completely to the debugger front-end.
To give a concrete example, the following code
```js
const msgFmt = {
toString() { return 'Message %i' }
};
console.log('LOG: %s`, msgFmt, 42);
```
sends the following parameters to the debugger front-end
```js
["LOG: %s", "Message %i", 42]
```
and it's then the job of the front-end to perform the actual string
substitutions.
It's also worth calling out that the console builtins are only
concerned with %s, %f, %d, and %i formatting specifiers, since
these are the only ones that trigger type conversions, and %o, %O,
and %c can only be implemented in a meaningful way at a higher
level.
Fixed: chromium:1277944
Bug: chromium:1282076
Doc: https://bit.ly/v8-proper-console-type-conversions
Spec: https://console.spec.whatwg.org
Change-Id: I0996680811aa96236bd0d879e4a11101629ef1a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3352118
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78432}
Private method loads are compiled to a named load of a private brand,
which always loads a BlockContext. This BlockContext holds the private
methods common to all instances of a class. TurboFan currently considers
JSLoadNamed to be of Type::NonInternal(). Private methods break this
assumption, since BlockContext is of Type::OtherInternal().
This CL changes the typing of JSLoadNamed of private brands to be
Type::OtherInternal().
Bug: v8:12500
Change-Id: I91f39747bf9422bd419d299f44152f567d8be8db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3351167
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78431}
