A random hash could potential have top 10 bits be non zero which would
pass the hash != PropertyArray::kNoHashSentinel test but fail the
masked_hash != PropertyArray::kNoHashSentinel.
Bug: v8:6404, chromium:757750
Change-Id: Iade531fefc75dd76bd7a89b377d17e59532087d8
Reviewed-on: https://chromium-review.googlesource.com/627380
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47528}
Split the PromiseFinallyContextSlot enum into two separate enums
because the spec requires additional slot to store the Promise
constructor in the Promise.prototype.finally builtin. This will be
added in a follow on patch.
Inline the various context creation functions into their callsites since
they're only a single line and have only one callsite.
Bug: v8:5967
Change-Id: I2834c9c3d4940b8fbbdb7c162f42323d0fe0939f
Reviewed-on: https://chromium-review.googlesource.com/624543
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47525}
This fixed a TODO from cec289ea by marking RewritableExpressions as
rewritten in AddArrowFunctionFormalParameters when decomposing
Assignments into pattern/initializer.
Also added a set_rewritten() helper method to RewritableExpression
to simplify callsites.
Change-Id: Ifa36c9fb6c79193cbbcb168eedf7f782dc73a77b
Reviewed-on: https://chromium-review.googlesource.com/622353
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47524}
It caused crashes in the extension process on Canary.
This reverts commit b6059a67ca.
Also revert followup test CL:
"[api] Add test for EnumeratorCallback and for...in."
as it depends on the logic in the reverted change.
This reverts commit 56772de7f9.
Bug: chromium:757371, v8:6627
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id110128e6dc858a5a60ffc0175e8bb927b90bfc5
Reviewed-on: https://chromium-review.googlesource.com/626720
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47522}
This reverts commit 57af681191.
This adds the checkpoint between the call and the polymorphic load.
I thought that JSCall with constant target cannot cause eager deopt,
but Canary seems to disagree (http://crbug.com/718019).
Bug: v8:5267,chromium:718019
Change-Id: I552b850db6beb93e733b371ad0e7204513da1dc4
Reviewed-on: https://chromium-review.googlesource.com/622867
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47521}
Perf sheriffs: this is going to increase GC time in v8.runtimestats
benchmarks. That time was not accounted before.
Change-Id: I656aed7ec7f4fd9f29dd4a2eff44eb25a60f21ad
Reviewed-on: https://chromium-review.googlesource.com/626636
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47520}
This reverts commit fe50e8178f.
Reason for revert: Too close to branch point
Original change's description:
> [parser] Tentative: turn on FLAG_preparser_scope_analysis.
>
> The main motivation is to get bug reports / crashes from Canary.
>
> This commit is expected to break all kinds of things! The most typical failure
> modes are crashes, CHECK failures and JavaScript executing incorrectly.
>
> BUG=v8:5516
>
> Change-Id: Ifa02b420ad4e8eda46002b334bed2665c8ceeeb2
> Reviewed-on: https://chromium-review.googlesource.com/623751
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47502}
TBR=adamk@chromium.org,marja@chromium.org,cbruni@chromium.org
Change-Id: I98d2d186cbde6e185b05ef0d3460115a654b6b45
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5516
Reviewed-on: https://chromium-review.googlesource.com/626796
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47519}
Also remove a few bits of related dead code in Parser.
Bug: v8:6092
Change-Id: I310936341fe3e6193e36983723985a190d5d278b
Reviewed-on: https://chromium-review.googlesource.com/621958
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47518}
In a parallel marker world the recursion just avoids proper work
stealing.
It is removed in a separate CL to see the impact of recursive marking on
the benchmarks.
Bug: chromium:750084
Change-Id: Id37ae029e386b45c94e5fecbf349b31d2573d5c0
Reviewed-on: https://chromium-review.googlesource.com/625881
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47516}
Since we don't create an AllocationSite for the empty object literal, the
TF lowering bailed out early and used the slow runtime call as a fallback.
Bug: chromium:757596, v8:6211
Change-Id: I68307ff2d0870c35f07c3aad4cd10cf08e378686
Reviewed-on: https://chromium-review.googlesource.com/625619
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47514}
Reland of https://chromium-review.googlesource.com/c/v8/v8/+/623790
Add a --read-from-tcp flag to d8, which makes file reads (including
reading files from arguments, and the load and read builtins) read the
file contents off a TCP socket using a simple request/response protocol.
On top of this, add a script for transparently running d8 on an android
device using adb. The script loads d8 onto the device, starts a file
server providing the above protocol, and uses the above flag to run a d8
which loads javascript sources off the computer rather than off the
device.
Change-Id: I82a25be900c7608ed4c3a35828757a870ca2e115
Reviewed-on: https://chromium-review.googlesource.com/626396
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47513}
This reverts commit 29ad123568.
Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/19576
Original change's description:
> [d8] Allow reading files from a TCP socket
>
> Add a --read-from-tcp flag to d8, which makes file reads (including
> reading files from arguments, and the load and read builtins) read the
> file contents off a TCP socket using a simple request/response protocol.
>
> On top of this, add a script for transparently running d8 on an android
> device using adb. The script loads d8 onto the device, starts a file
> server providing the above protocol, and uses the above flag to run a d8
> which loads javascript sources off the computer rather than off the
> device.
>
> Change-Id: Icaa0577beb9bcd4f93476faa3ad8fb8b0a165e6e
> Reviewed-on: https://chromium-review.googlesource.com/623790
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47511}
TBR=rmcilroy@chromium.org,leszeks@chromium.org
Change-Id: I2de4a12aa8cb0d228df3e5793d997b9145f4da42
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/626017
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47512}
Add a --read-from-tcp flag to d8, which makes file reads (including
reading files from arguments, and the load and read builtins) read the
file contents off a TCP socket using a simple request/response protocol.
On top of this, add a script for transparently running d8 on an android
device using adb. The script loads d8 onto the device, starts a file
server providing the above protocol, and uses the above flag to run a d8
which loads javascript sources off the computer rather than off the
device.
Change-Id: Icaa0577beb9bcd4f93476faa3ad8fb8b0a165e6e
Reviewed-on: https://chromium-review.googlesource.com/623790
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47511}
This CL:
- removes the trampoline pc from deoptimization input
data and deoptimization state. This is no longer needed given
that we added this information to the safepoint table in
https://chromium-review.googlesource.com/c/v8/v8/+/596027).
This should also fixed the regression mentioned in
https://bugs.chromium.org/p/chromium/issues/detail?id=752873
- searches for the exception handler in the safepoint table.
- removes the code used for patching which is no longer needed.
Bug: v8:6563
Change-Id: I6cedc18c371f5707b7e0e1a8da409375ce1ebe5e
Reviewed-on: https://chromium-review.googlesource.com/595547
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47507}
CSA::AllocateSeq{One,Two}ByteString used its own home-grown handling to
allocate very large strings. This CL refactors both methods to use
AllocationFlags::kAllowLargeObjectAllocation instead. Callers now need
to specify explicitly if large-object allocation is possible or not.
Bug: chromium:636391
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I0b7ffb0b083f4e977cea42c500f8f2ee1c60519f
Reviewed-on: https://chromium-review.googlesource.com/625738
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47504}
LengthAndHashOffset describes the value stored in the offset better.
Bug: v8:6404
Change-Id: Ie5ea2a362c54aa03e0a4e314d1adb8b91d74a044
Reviewed-on: https://chromium-review.googlesource.com/624458
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47503}
The main motivation is to get bug reports / crashes from Canary.
This commit is expected to break all kinds of things! The most typical failure
modes are crashes, CHECK failures and JavaScript executing incorrectly.
BUG=v8:5516
Change-Id: Ifa02b420ad4e8eda46002b334bed2665c8ceeeb2
Reviewed-on: https://chromium-review.googlesource.com/623751
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47502}
Code aging is no longer supported by any remaining compilers now
that full codegen has been removed. This CL removes all vestiges of
code aging.
BUG=v8:6409
Change-Id: I945ebcc20c7c55120550c8ee36188bfa042ea65e
Reviewed-on: https://chromium-review.googlesource.com/619153
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47501}
Instead of creating a new character stream to re-parse the asm.js module,
use the existing stream which was used by the parser. By doing this, we
avoid accessing the heap if the original character stream is a streaming
source or an external string, which will enable asm.js verification to run
off-thread in those situations.
BUG=v8:5203
Change-Id: I5dbf83c993512eb2f3dd709120e152e3f9900bdf
Reviewed-on: https://chromium-review.googlesource.com/616723
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47500}
Does a couple of cleanups on interpreter assembler:
- Adding naming to the variable fields to improve debugability
- Grouping functions which deal with loading the state passed between
bytecode handlers (e.g. bytecode array / offset / etc.).
- Fix some comments in interpreter-generator.cc
Change-Id: I9decefebbdf7830a7ce75dd46e8a69a1db3c4cc8
Reviewed-on: https://chromium-review.googlesource.com/625797
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47499}
This makes sure that shift expressions (not wrapped in parentheses) can
appear as part of the index in a valid heap access expression. Only the
last operand of a sequence of shift expressions is taken into account
when validating the heap access.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-6700
BUG=v8:6700,chromium:754751
Change-Id: Icc7a71bd64461da4d3daea41b995964e3dfc6dc6
Reviewed-on: https://chromium-review.googlesource.com/623811
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47497}
If the elements fixed array is large enough, it must be allocated in
large-object space. This fixes two cases in which we'd incorrectly
assume elements fits into new space.
There are potentially quite a few other spots affected by a similar
issue, and we should find a more robust solution. See also:
crbug.com/636391.
Bug: v8:6716
Change-Id: I91f09355ac6b7cf399e13cc21d34113a506e58fb
Reviewed-on: https://chromium-review.googlesource.com/623808
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47495}
This reverts commit 9e839fce32.
Reason for revert: Wrong fix as we are not allowed to cache wrappers.
Original change's description:
> [heap] Fix incremental wrapper tracing toggle
>
> The flag is always on and support for turning it off is broken with
> conservative barriers.
>
> Bug:
> Change-Id: I1ff548f95d220bf0fcb6df7a1bf5f8a342163696
> Reviewed-on: https://chromium-review.googlesource.com/624494
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47482}
TBR=ulan@chromium.org,mlippautz@chromium.org
Change-Id: I90bc547a88cb8220c7261c607ef359df38e3bdf2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/623868
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47494}
There's no need for this code to be completely architecture specific.
Bug: v8:6563
Change-Id: I90aa1aa76fa266a247d8f374459a6eb6469c8c75
Reviewed-on: https://chromium-review.googlesource.com/612340
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47493}
Now that we no longer store the hash in the hash_code_symbol, we can
do a fast lookup on the kPropertiesOrHash offset instead.
Bug: v8:5717
Change-Id: I8724db3c9eb82c3f98aef650b54ae36b76fd12fd
Reviewed-on: https://chromium-review.googlesource.com/624377
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47491}
There's no need for these to be static.
Bug: v8:5717
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia704cdcb9ee9666c7724b78d58c56217cd5876ae
Reviewed-on: https://chromium-review.googlesource.com/624869
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47490}
This no longer causes allocation, so it's safe to unhandlify.
This will allow us to use directly call into C++ (via CallCFunction)
to calculate the hash instead of going through the runtime (via
%GenericHash).
Bug: v8:5717
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia561efb4d89d7a3d10c28913537b45b3ce477bb3
Reviewed-on: https://chromium-review.googlesource.com/624519
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47489}
PPC instr has 16bits to represent an imm, load constant
in register if imm is not in the range [-2^15, 2^15)
R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
Log=N
Bug:
Change-Id: Id9aa97538b1f93f01d5a297b6256e1b082f06ca1
Reviewed-on: https://chromium-review.googlesource.com/624714
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#47487}
This feature is a stage 3 proposal implemented as a
wrapper around ICU that categorizes singular/plural/etc
grammatical forms based on a number and locale.
Based on littledan's work started here:
https://codereview.chromium.org/2736543002/
Bug: v8:5601
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I4107cd28be72413ec43aa1ff0f4fe6e181a290f4
Reviewed-on: https://chromium-review.googlesource.com/562298
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47485}
This is a performance experiment. We will revert it if it causes
regressions.
The idea is that many map transitions are only performed once; but if
they are done by a non-UNINITIALIZED StoreIC, we would always create
a handler for them. With this CL, handler creation is postponed until
the second time a given transition is done. The first time, the IC
simply remains in its previous state.
Change-Id: I0fb2989bb675a09ed7b329520346048ad2049f94
Reviewed-on: https://chromium-review.googlesource.com/622147
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47483}
The flag is always on and support for turning it off is broken with
conservative barriers.
Bug:
Change-Id: I1ff548f95d220bf0fcb6df7a1bf5f8a342163696
Reviewed-on: https://chromium-review.googlesource.com/624494
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47482}
Some C libraries, notably Musl, define the regs member as a void pointer,
hence we need to use the gp_regs member instead.
Change-Id: I1ca2dbdba79a03ff81c25438c87c767d7a7cece4
Reviewed-on: https://chromium-review.googlesource.com/602327
Reviewed-by: Jaideep Bajwa <bjaideep@ca.ibm.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47481}
This API generates inspectRequested call with hints.queryObjects flag.
It's not possible to expose this method by itself since command line
API methods can leak.
R=pfeldman@chromium.org
Bug: v8:6732
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3c582186f65d84a25eed910925a1b6ab36966a72
Reviewed-on: https://chromium-review.googlesource.com/622370
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47480}
