Before fast C calls, store the current FP and PC on the isolate. When
iterating frames in SafeStackFrameIterator, check if these fields are
set and start iterating at the calling frame's FP instead of the current
FP, which will be in C++ code. We need to do this because c_entry_fp is
not set on the Isolate for Fast-C-Calls because we don't build an exit
frame.
This change makes stack samples that occur within 'Fast-C-Calls'
iterable, meaning we can properly attribute ticks within the JS caller.
Fast-C-Calls can't call back into JS code, so we can only ever have one
such call on the stack at a time, allowing us to store the FP on the
isolate rather than the stack.
TBR=v8-mips-ports@googlegroups.com
Bug: v8:8464, v8:7202
Change-Id: I7bf39eba779dad34754d5759d741c421b362a406
Reviewed-on: https://chromium-review.googlesource.com/c/1340241
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57896}
The MemoryInitImmediate and TableInitImmediate read a Memory/Table
index, followed by a segment index. If reading the first index fails, we
need to stop reading, or the decoder will read past the end.
Bug: chromium:907324
Change-Id: I3eb46c08d03e3b2e44ed4081d307b32c799abcec
Reviewed-on: https://chromium-review.googlesource.com/c/1351502
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57889}
waiting_ flag is now set inside a lock to prevent data race. This means
that waiting_ is false when callback is called at start of wait. To deal
with the new behavior, NotifyWake now always tries to Notify and sets
interrupted_ flag which will be handled by any future wait.
R=binji@chromium.org
BUG=v8:8497
Change-Id: Ia4fd39bcf18875d9be21bafc176ab562b083e68b
Reviewed-on: https://chromium-review.googlesource.com/c/1351237
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57887}
See usage in the js-api tests; previously it would have thrown without
executing any tests. Now, it can be used to generate trapping functions.
Bug: v8:8319
Change-Id: Ia1643d8f337a10ea86c1e700c7702ed7d3ed0c97
Reviewed-on: https://chromium-review.googlesource.com/c/1352298
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57885}
which are no longer derived from FixedArray and therefore IsFixedArray()
check no longer includes Contexts.
Bug: chromium:908877
Change-Id: I3aed0d38f5b1c00c9e27b7d5b6d29cdd5666ba86
Reviewed-on: https://chromium-review.googlesource.com/c/1352280
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57883}
That reduces the overhead of ParseAssignmentExpression at the cost of a few
more branches in the possible arrow head paths.
This also fixes the case where an outer scope of an arrow function didn't call eval
but a parameter initializer does. Previously the outer scope was also marked as
calling eval, causing worse performance. (Unlikely to happen though.)
Change-Id: I5263ef342f14e97372f5037fa659f32ec2ad6d34
Reviewed-on: https://chromium-review.googlesource.com/c/1352275
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57881}
This avoids leaving the heap in an invalid state if a GC occurs during
population of the cloned property array, as is done in other IC
builtins.
BUG=chromium:904167, v8:7611
R=jkummerow@chromium.org, ishell@chromium.org
Change-Id: I0350ed2d65b72e299f7109b7d5aa86331f60e940
Reviewed-on: https://chromium-review.googlesource.com/c/1350282
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57879}
This CL introduces Tagged_t and AtomicTagged_t typedefs which represent
the storage type of tagged values in V8 heap.
Bug: v8:7703
Change-Id: Ib57e85ea073eaf896b6406cf0f62adcef9a114ce
Reviewed-on: https://chromium-review.googlesource.com/c/1352294
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57878}
This patch refactors the parsing of object literal properties and
class literal properties, putting the out parameters into a pointer of
struct `ParsePropertyInfo`. This struct is also aware of its potition
so `ParsePropertyName()` can also use this information to error
when parsing a private name in an object literal. It also makes
sure that the `ClassLiteralProperty::Kind` are all inferred
from the `ParsePropertyKind` and get used right away instead of
being passed around as out parameters.
Bug: v8:8330
Change-Id: I4c52592dfcaa3c8df30c4aba4c46e5c675acb394
Reviewed-on: https://chromium-review.googlesource.com/c/1347904
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57876}
When restarting a frame on returning from a debug break, we are going
to drop the current function frame, therefore the return value and
next bytecode are not going to be used. Special case these situations
since with bytecode flushing it is possible the SFI for the
executing function might have been flushed (if edited by liveedit)
which causes failures when trying to read from the bytecode array.
BUG=v8:8395
Change-Id: I18adaa5d91c244e6d13e8703ed41c300f793681d
Reviewed-on: https://chromium-review.googlesource.com/c/1352270
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57875}
Only log incrementally deserialized maps with --trace-maps instead of
iterating the whole heap and print all existing maps on every partial
deserialization for new contexts. This should greatly improve
performance of --trace-maps on websites with many iframes.
- Add helpers to share code: LogNewObjectEvents, LogScriptEvents,
LogNewMapEvents
- Link AllocationSites before any GC
Change-Id: I5322421a83e057518f871540691511c80bc7786a
Reviewed-on: https://chromium-review.googlesource.com/c/1342029
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57874}
This CL fixes some style issues and improves json output for the LoC
counting script tools/locs.py.
Notry: true
Change-Id: I0805904e44ab240945ef88dd8214abb8ae02cf7d
Reviewed-on: https://chromium-review.googlesource.com/c/1352271
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57873}
Unfortunately the previous strategy was slower but more memory efficient. For now simply revert.
Revert "[zone] Use 32kb instead of 1MB as high zone page size"
Revert "[zone] Get rid of the Zone's segment pool"
Revert "[zone] Further simplify zone expansion, use single default page size"
Bug: chromium:908359
Change-Id: I649542e7e61eef0c14a26ffd21039e8340ab4d04
Reviewed-on: https://chromium-review.googlesource.com/c/1351027
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57872}
This CL fixes allocation size alignment violation when allocating store buffer.
If the actual CommitPageSize happens to be bigger than kMinExpectedOSPageSize
we will have a bit of memory wastage but that's a fair trade-off for having
fast store buffer overflow check in write barriers.
Change-Id: I1d775aa8b203cb198e8332477b0bc2befcd9b006
Reviewed-on: https://chromium-review.googlesource.com/c/1351007
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57871}
A pointer to MicrotaskQueue is stored in a NativeContext field as a Smi,
that is discouraged. This CL replaces it to use the dedicated field.
Bug: v8:8124
Change-Id: I5a770624b3a9c922051e86243da2ae216aaacf3a
Reviewed-on: https://chromium-review.googlesource.com/c/1351855
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57870}
This unifies the order of i-cache flushing and permission changing
throughout V8. According to cctest/test-icache flushing after the
permission change is not robust on some ARM32 and ARM64 devices.
There have been observed failures of {TestFlushICacheOfExecutable} on
some devices. So far there haven't been any observed failures of the
corresponding {TestFlushICacheOfWritable} test.
Also the order of flushing before the permission change is the natural
order in which the GC currently performs operations. Until we see
concrete data substantiating the opposite, the following is the
supported and intended order throughout V8:
exec -> perm(RW) -> patch -> flush -> perm(RX) -> exec
This CL tries to establish said order throughout the codebase.
R=ulan@chromium.org
TEST=cctest/test-icache
BUG=v8:8507,chromium:845877
Change-Id: Ic945082e643aa2d142d222a7913a99816aff4644
Reviewed-on: https://chromium-review.googlesource.com/c/1351025
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57869}
Pushing unresolved variables at the front was an optimization for the case
where we didn't have an end pointer. That forces us to do an O(<new elements>)
walk to rescope variables. The implementation was more generic and even did
O(<all elements>). Now that we have an end pointer we can simply push at the
end and MoveTail which is O(1).
Change-Id: I65cd5752b432223d95cd529452a064d8dcc812e1
Reviewed-on: https://chromium-review.googlesource.com/c/1351010
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57868}
This reverts commit fac6f63eb8.
Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=907479
Original change's description:
> Use CopyElements (which uses memcpy) to copy FixedDoubleArray.
>
> This improves the performance of ExtractFixedArray and
> CloneFastJSArray for double arrays, which in turn improve the
> performance of cloning double arrays with slice() or spreading.
>
> This, however, does not improve performance of spreading holey
> double arrays, because spreading needs extra work to convert
> holes to undefined.
>
> Bug: v8:7980
> Change-Id: Ib8aed74abbb0b06982a3b754e134fa415cb7de2d
> Reviewed-on: https://chromium-review.googlesource.com/c/1280308
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Hai Dang <dhai@google.com>
> Cr-Commit-Position: refs/heads/master@{#56680}
TBR=mvstanton@chromium.org,neis@chromium.org,sigurds@chromium.org,dhai@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7980, chromium:907479
Change-Id: Iacf37fa3276345fe8e264fe976d296b015ed6790
Reviewed-on: https://chromium-review.googlesource.com/c/1351003
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57864}
Moves ReturnValue::Set from V8_DEPRECATE_SOON to V8_DEPRECATED now that
chromium no longer uses it.
Bug: v8:7289, v8:8238
Change-Id: Ib705f62dcaa508a8b42a67ed7eaafe7860e3e848
Reviewed-on: https://chromium-review.googlesource.com/c/1351020
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57863}
This reverts commit 4644b32e02.
Reason for revert: Link errors on win64: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64%20-%20debug/25950
Original change's description:
> [wasm] Add more unit tests for trap handler
>
> The unittests test if the trap handler only handles those traps it
> is supposed to handle:
> * Only handle traps when the thread-in-wasm flag is set.
> * Only handle traps of the right type, i.e. memory access violations.
> * Only handle traps at recorded instructions.
>
> The tests also test the consistency of the thread-in-wasm flag. I made
> one change in the trap handler where that consistency could be
> violated.
>
> All tests are executed with the default trap handler provided by V8,
> and with the trap handler callback installed in a test signal/exception
> handler.
>
> Change-Id: I03904bb6effd2e8694d3f4d1fbf62bc38002646e
> Reviewed-on: https://chromium-review.googlesource.com/c/1340246
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57858}
TBR=mstarzinger@chromium.org,ahaas@chromium.org,mark@chromium.org
Change-Id: Iac2f20c73744226885ea1810813863a21c5faf8c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1351021
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57861}
The {setTableLength} method is redundant and has a single user. Remove
it, use {setTableBounds} instead.
Drive-by: Add default to the table max, to document that this can
actually be {undefined}, in which case the table has no maximum.
R=binji@chromium.org
Bug: v8:8238
Change-Id: I0d7a2f4d49d083f7adadbb4b6cd4933bcb1dc174
Reviewed-on: https://chromium-review.googlesource.com/c/1350126
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57860}
These functions have been marked V8_DEPRECATE_SOON for a long time,
now all uses have been removed from Chrome, mark them as deprecated.
BUG=v8:7290,v8:8238
Change-Id: If39a971a32b06ad3c32ce121db2effa23fce45fe
Reviewed-on: https://chromium-review.googlesource.com/c/1350124
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57859}
The unittests test if the trap handler only handles those traps it
is supposed to handle:
* Only handle traps when the thread-in-wasm flag is set.
* Only handle traps of the right type, i.e. memory access violations.
* Only handle traps at recorded instructions.
The tests also test the consistency of the thread-in-wasm flag. I made
one change in the trap handler where that consistency could be
violated.
All tests are executed with the default trap handler provided by V8,
and with the trap handler callback installed in a test signal/exception
handler.
Change-Id: I03904bb6effd2e8694d3f4d1fbf62bc38002646e
Reviewed-on: https://chromium-review.googlesource.com/c/1340246
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57858}
and Relaxed_Store(int, ...) by migrating the only call site
to using slot increment/decrement instead of offset calculations.
Also use SlotBase::location() more consistently.
Bug: v8:8238
Change-Id: I3099884a2a9e05041114205e7fb81691261afe19
Reviewed-on: https://chromium-review.googlesource.com/c/1349731
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57852}
The style guide says that only `int` should be used of the builtin
integer types. Instead, we should use the stdint types.
See https://google.github.io/styleguide/cppguide.html#Integer_Types
Change-Id: I1af53a3bceefbfed85589b74a602c8ebe1c7ee25
Reviewed-on: https://chromium-review.googlesource.com/c/1342663
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57851}
This CL makes it easier to organize the Context classes hierarchy and
simplifies Context class definition.
Bug: v8:8238
Change-Id: I65b8255daf255649c597dc195edf436d9471e3ea
Reviewed-on: https://chromium-review.googlesource.com/c/1350109
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57848}
Add a path into embedder tracing on allocation. This is safe as as Blink
is not allowed to call into V8 during object construction.
This is a reland of caed2cc033.
Also relands the cleanups of ce02d86bf2.
Bug: chromium:843903
Change-Id: Ic89792fe68337c540a1a93629aee2e92b8774ab2
Reviewed-on: https://chromium-review.googlesource.com/c/1350992
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57847}