There was some common code regarding smi tagging and either overflowing
or deopting if the number was too big for 31 bit smis.
Bug: v8:10021
Change-Id: I9cd9e5ff29b06638a10dd0c5a9f72ff13df6d6bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950964
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65352}
Bug: v8:9970
Change-Id: I0e542fc63211e78800eab82257ccab9583305433
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946534
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65351}
This CL attempts to run unittests on Fuchsia
using Infra
Bug: chromium:934932
Change-Id: I4b7cb740e17e65e91ca8c6ba6dfd07719e473e20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948709
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65349}
Currently a TracedNode of a TracedReference is freed only if its target
V8 object is unreachable. This is problematic for TracedNodes created for
long-living (or immortal) V8 objects and leads to memory leaks.
This CL adds logic for collecting unreachable TracedNodes:
1) Each TracedNode gets a markbit. Initially the markbit is set (i.e.
we have black allocation for TracedNodes).
2) During marking RegisterEmbedderReference sets the markbit of the
corresonding TracedNode.
3) In the atomic pause of Mark-Compact when TracedNodes are iterated,
we check the markbits and free TracedNodes with cleared markbits.
After this processing all markbits are cleared for the next GC.
Note that the new logic does not apply to TracedNode that have
callbacks and/or destructors.
Bug: chromium:1029738
Change-Id: I38e76a8b4a84170793998988b1a7962e40874428
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948722
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65347}
Also make return and unconditional jumps kill the environment instead
of clearing it. This was still leftover from before we introduced
liveness and prevented sharing as well.
Bug: v8:7790
Change-Id: Ic79d64c9eaedf608d26e3265d4b27d21f7f3dfe1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948710
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65345}
port 91ee5f0https://crrev.com/c/1925614
Original Commit Message:
[wasm-simd] Implement f64x2 min max for arm
Change-Id: I41b350cdcc9242b2fed6260873dc202367509137
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1947690
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65342}
This patch implements inspector support for private instance methods:
- Previously to implement brand checking for instances with private
instance methods we store the brand both as the value with the brand
itself as the key in the stances. Now we make the value the context
associated with the class instead.
- To retrieve the private instance methods and accessors from the
instances at runtime, we look into the contexts stored with the
brands, and analyze the scope info to get the names as well as
context slot indices of them.
- This patch extends the `PrivatePropertyDescriptor` in the inspector
protocol to include optional `get` and `set` fields, and make the
`value` field optional (similar to `PropertyDescriptor`s).
Private fields or private instance methods are returned in the
`value` field while private accessors are returned in the `get`
and/or `set` field. Property previews for the instaces containing
private instance methods and accessors are also updated similarly,
although no additional protocol change is necessary since the
`PropertyPreview` type can already be used to display accessors.
Design doc: https://docs.google.com/document/d/1N91LObhQexnB0eE7EvGe57HsvNMFX16CaWu-XCTnnmY/edit
Bug: v8:9839, v8:8330
Change-Id: If37090bd23833a18f75deb1249ca5c4405ca2bf2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934407
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65337}
This reverts commit 5bddc0e142.
Reason for revert: Possible culprit for https://bugs.chromium.org/p/chromium/issues/detail?id=1029863
Original change's description:
> Implement top-level await for REPL mode
>
> Design doc: bit.ly/v8-repl-mode
>
> This CL allows the usage of 'await' without wrapping code in an async
> function when using REPL mode in global evaluate. REPL mode evaluate
> is changed to *always* return a Promise. The resolve value of the
> promise is the completion value of the REPL script.
>
> The implementation is based on two existing mechanisms:
> - Similar to async functions, the content of a REPL script is
> enclosed in a synthetic 'try' block. Any thrown error
> is used to reject the Promise of the REPL script.
>
> - The content of the synthetic 'try' block is also re-written the
> same way a normal script is. This is, artificial assignments to
> a ".result" variable are inserted to simulate a completion
> value. The difference for REPL scripts is, that ".result" is
> used to resolve the Promise of the REPL script.
>
> - ".result" is not returned directly but wrapped in an object
> literal: "{ .repl_result: .result}". This is done to prevent
> resolved promises from being chained and resolved prematurely:
>
> > Promse.resolve(42);
>
> should evaluate to a promise, not 42.
>
> Bug: chromium:1021921
> Change-Id: I00a5aafd9126ca7c97d09cd8787a3aec2821a67f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900464
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65273}
TBR=yangguo@chromium.org,leszeks@chromium.org,verwaest@chromium.org,szuend@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:1021921
Change-Id: I9eaea584e2e09f3dffcbbca3d75a3c9bcb0a1adf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948719
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65333}
Looks like even the small amount of logic needed to extract ReadOnlyRoots
from a const Isolate* (e.g. a HeapObject check) is enough to cause
regressions.
Revert these predicates to take non-const Isolate*, while keeping const
Isolate* elsewhere. If we ever need const Isolate* for the oddball
predicates, we can add it in addition to the non-const one.
Bug: chromium:1029457
Bug: chromium:1030001
Bug: chromium:1030003
Bug: chromium:1030102
Change-Id: Ia6fa45f282a1a1961c0afa8ed973baebf6fbafd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948721
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65331}
This fixes the operation functions (i.e. WebIDL interface member and
namespace member operations) for WebAssembly to not have 'prototype'
properties and not be marked as constructors.
R=ahaas@chromium.org
TEST=mjsunit/wasm/js-api
BUG=chromium:1027945
Change-Id: I4db753a9ca570b95c45cb033c36de65bcafafe8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950483
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65329}
This helper method is no longer needed since we have removed all usages
of indexes for the purpose of accessing stack spill slot.
The parameter names for FillStackSlotsWithZero in the header file is
also corrected to match the names in the implementation.
Bug: v8:9909
Change-Id: I6093f020e05701ff8e8d6362015d2e07165b2397
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950224
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65326}
Change-Id: Ia5c6793f22b3eeff3614542e455d46daa76657a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948792
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65324}
Imports can also have associated names, and in fact we generate these
names for asm.js. Thus in logging, just append this name to the
generated signature.
R=jkummerow@chromium.org
Bug: chromium:1030103
Change-Id: I3969bcf8d1d17f4256b5a0643acdf8a24766f889
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948705
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65321}
This was probably meant by the TODO removed in
https://crrev.com/c/1946354, I just failed to see it because the TODO
was placed at the wrong place.
The fix triggered a bug in the profiler, which made the wrong
assumption that the passed wasm name is null-terminated. This is also
fixed in this CL.
R=jkummerow@chromium.org, petermarshall@chromium.org
Change-Id: Ibf798e7511e61f6b305dd2d05d1aeca43be774a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948704
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65319}
The ScopeIterator only requires accurate information for the whole
script during local debug-evaluate, when the accurate scope information
is used to build stack local blacklists. Otherwise it is enough to only
reparse the closure. This should recover some performance during
stepping, especially with large stacks and scripts.
Drive-by: Remove unused COLLECT_NON_LOCALS enum option.
Bug: chromium:1028093, v8:9938
Change-Id: I6b3a34e9015e564d683e76b88388daabc426e1cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948715
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65318}
Currently, we show wasm frames, js frames, and js-to-wasm frames (the
latter two are identified as "OPTIMIZED"). This CL makes us also show
wasm-to-js frames in CPU profiling.
R=petermarshall@chromium.org
Bug: chromium:1029470
Change-Id: I2d09f73e7d7e62867554f2a95dc8ad4500a2cde1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948706
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65313}
Bug: chromium:1029576
Change-Id: If647f764da2682a0f278b9b8060d0665fab1c40c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948711
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65312}
I noticed that the generated code from the Torque macro
EnsureArrayLengthWritable included an imul instruction, even though the
inputs to that instruction are both constants. This change adds the
ability for MachineOperatorReducer to get rid of that operation.
Change-Id: Ia2050c888d76f110d1290fd9eab13853c3353a63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1941138
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65310}
Replace unsigned extract lane followed by sign extend
as added here https://chromium-review.googlesource.com/c/v8/v8/+/1846711
with a signed extract lane for I8x16 and I16x8.
Change-Id: I5a701417b772d12f5ef038efbb081716bb27e25a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873700
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65307}
Whenever we spill, num_used_spill_bytes_ is already updated using
RecordSpillSpillSlot, so we don't need to add the number of locals.
Bug: v8:9909
Change-Id: Ieecf957e71e0711be744a3f378d8ae11b941fc5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1947349
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65306}
The following changes were introduced with the recent proposal update:
- OOB access with 0 length traps
- Double drop of segments is allowed
- Dropped segments are treated like having size 0 (OOB error)
- Active segments are dropped right after initialization
R=ahaas@chromium.org
Change-Id: I4e9fc4d9212841c7d858585c672143f99287520d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946355
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65305}
Calculate the number of bytes of the stack frame used in
PatchPrepareStackFrame using the size of the spill instead of the number
of slots.
We only need the number of bytes spilled (without adding the number of
locals) because whenever we spill, we already track the largest offset,
with RecordUsedSpillSlot. GetTotalFrameSlotCount can also be changed to
remove the num_locals, in a future patch.
Change-Id: I08fe3e81eaebf5f2cf1e11292645663474483447
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1945944
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65303}
