Before this CL a byte was used per bucket to store whether the bucket
is possibly empty or not. This CL changes this such that each bucket
only needs a single bit.
PossiblyEmptyBuckets is now a word in the page header. If more bits
are needed than fit into a single word, an external bitmap is
allocated using AlignedAlloc. Storing this on the page header, allows
to remove initial_buckets from the SlotSet. The SlotSet allocation is
then again a power-of-2 in release mode.
Reland of https://crrev.com/c/1906376: Incorrect DCHECK was removed.
WordsForBuckets was simplified and a test was added for it.
Bug: chromium:1023139
Change-Id: I9a08e03a9c10e5781a146b9a28dab38824aad91f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954391
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65385}
This removes the --experimental-wasm-sat-f2i-conversions flag. This
feature is shipped since v7.5.
R=ahaas@chromium.org
Change-Id: I354d9528be40caac77cd4e41adcd39d013448339
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958009
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65384}
Some fuzz test cases set Math.min to a different function. Let the fake
typed array constructors remember the original Math.min.
No-Try: true
Bug: chromium:1024815
Change-Id: Ia389439fe6757f2497e22187042c5cdf1d1c649f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958050
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65383}
This CL is a prepatory step towards moving the stack locals blacklist
from the DebugEvaluateContext to the respective {ScopeInfo} objects.
The locals blacklist is used during local debug evaluate to
decide whether a context lookup can advance the context chain
upwards, or if lookup needs to stop at the current scope.
This CL also introduces a "Recreate" static helper method, that
allows an existing ScopeInfo to be cloned, but with a locals
blacklist attached. This will be needed since blacklists are only
created on-demand during debugging.
R=leszeks@chromium.org
Bug: chromium:1027475, v8:9938
Change-Id: I673dbc99ce9fdc84cb5cda3f9710ba2b76ab92ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946349
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65380}
For each wasm feature flag, this adds a link to the proposal repository,
and states who is the v8-side owner of the implementation.
For stated and shipped features, it also sais since which v8 version
this is the case.
It also adds some documentation about the meaning of the three categories
(experimental, stages, shipped).
R=mstarzinger@chromium.org, adamk@chromium.org
No-Try: true
Change-Id: Idbb26eb9e68c7a81aed0e1c1b1d12d5de40d7c2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954395
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65378}
This is a reland of 5253d7bf15
Original change's description:
> [runtime] Cache prototype chain enumerable keys in PrototypeInfo
>
> This CL adds a prototype_chain_enum_cache to cache the enumeration of a
> prototype and its entire chain on the PrototypeInfo. It can improve for-in
> performance via simply merging the receiver enumeration with this cache.
>
> It improves the score of JetStream2-tagcloud-SP case by ~9% on IA Chromebook.
>
> Contributed by tao.pan@intel.com
>
> Change-Id: Ib40bfe41e772672337155584672f06fa1ba1e70d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1870844
> Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65224}
Change-Id: I93b74727c46abbaab163324c50fbd977fcc9bb36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1955232
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Cr-Commit-Position: refs/heads/master@{#65377}
Rolling v8/build: 35a759a..4f02786
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/447ab8a..51a024f
Rolling v8/third_party/depot_tools: fe18a43..6b52dc2
Rolling v8/tools/clang: d1940b1..57e481c
Rolling v8/tools/luci-go: git_revision:7d11fd9e66407c49cb6c8546a2ae45ea993a240c..git_revision:37a855b64d59b7f079c9a0e5368f2757099d14d3
Rolling v8/tools/luci-go: git_revision:7d11fd9e66407c49cb6c8546a2ae45ea993a240c..git_revision:37a855b64d59b7f079c9a0e5368f2757099d14d3
Rolling v8/tools/luci-go: git_revision:7d11fd9e66407c49cb6c8546a2ae45ea993a240c..git_revision:37a855b64d59b7f079c9a0e5368f2757099d14d3
TBR=machenbach@chromium.org,tmrts@chromium.org
Change-Id: Ie906df3d577d1b5de1e520d2ac9b1a50d08c68dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1955988
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#65375}
This check is useful for preventing a segfault upon usage of this argument.
Change-Id: I3cc77f84d7e3ca2a96ec36a50bddb9c2eadeb62f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946336
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65373}
This change is the first part of adding Torque support for a "bitfield
struct", which represents a set of bitfields packed together into an
integer value. With this change, Torque can generate the list of
BitField template specializations that allow runtime code to use the
bitfield values. The flags used in SharedFunctionInfo are converted to
Torque to exercise this functionality. Bitfield values are not yet
accessible directly from Torque code.
Bug: v8:7793
Change-Id: I9e4a3df7c847111b6e02e513f175dbf938b0be35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1949047
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65371}
This adds a method to generate the debug side table via Liftoff, and
adds first tests that check that the number of entries is as expected.
These tests will be extended in a follow-up CL to test the actual
content of the debug side table.
R=mstarzinger@chromium.org
Bug: v8:10019
Change-Id: I393ffabed3408463ffba232a66e2dffd7dd74f15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954390
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65370}
Add --benchmark option to allow selecting a benchmark other
v8.browsing_desktop. If not using the default, the options to generate
v8 runtime call stats will be automatically added.
Adds --stdev option to calculate the standard deviation of the
results in the table.
Add --device and --browser option that are passed through to
run_benchmark.
Change-Id: I8c57c9eba7aea84108a2e3d4fdd098a7695cad53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1955588
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65369}
The cache adds a strong pointer from a code object to closures and
thus can leak arbitrary objects.
Bug: chromium:1030043
Tbr: yangguo@chromium.org
Change-Id: I8ce90119fa97eaea59d42e7fae5acd336b5fe5d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954392
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65363}
This is a reland of 5bddc0e142
The original CL was speculatively reverted as it was suspected to
cause failures on the non-determinism bot. This was ultimately
confirmed to not be the case, so this CL is safe to reland as-is.
Original change's description:
> Implement top-level await for REPL mode
>
> Design doc: bit.ly/v8-repl-mode
>
> This CL allows the usage of 'await' without wrapping code in an async
> function when using REPL mode in global evaluate. REPL mode evaluate
> is changed to *always* return a Promise. The resolve value of the
> promise is the completion value of the REPL script.
>
> The implementation is based on two existing mechanisms:
> - Similar to async functions, the content of a REPL script is
> enclosed in a synthetic 'try' block. Any thrown error
> is used to reject the Promise of the REPL script.
>
> - The content of the synthetic 'try' block is also re-written the
> same way a normal script is. This is, artificial assignments to
> a ".result" variable are inserted to simulate a completion
> value. The difference for REPL scripts is, that ".result" is
> used to resolve the Promise of the REPL script.
>
> - ".result" is not returned directly but wrapped in an object
> literal: "{ .repl_result: .result}". This is done to prevent
> resolved promises from being chained and resolved prematurely:
>
> > Promse.resolve(42);
>
> should evaluate to a promise, not 42.
>
> Bug: chromium:1021921
> Change-Id: I00a5aafd9126ca7c97d09cd8787a3aec2821a67f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900464
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65273}
TBR: yangguo@chromium.org,verwaest@chromium.org
Bug: chromium:1021921
Change-Id: I95c5dc17593161009a533188f91b4cd67234c32f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954388
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65360}
New revision: f5a3199a3f37c7e48a9ffdbee04aa5c8f38d2889
Use crdtp::span<uint8_t> instead of const ProtocolMessage&. (V8)
Also includes a PR which moves Serializable into the crdtp library
and adds a simple test. Hadn't rolled this yet.
Upstream review:
https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/1952196
Change-Id: If78bc8f11be8fb248dd66babc0190870312f7ec4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1952158
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65356}
In 5742da056a, the toString property was
accidentally applied to all NativeError prototypes, when it should only
be inherited from Error.prototype.
Refs: https://github.com/tc39/ecma262/issues/1794
Bug: v8:10017
Change-Id: I2af9a31f463deb9871dd7a4a5a2e4dd7485ed38c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1933054
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65355}
The current error message assumes all classes are named, which results
in a double space and awkward wording when calling an anonymous class
constructor.
Bug: v8:10025
Change-Id: Ibe913152c0816cbbaaa0c7a88db4e415762ae9bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1947336
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65354}
Adds a script that runs a v8.browsing_desktop story a number of times
and extracts the runtime call stats as either a table or csv.
Change-Id: I4e93cd120b3496410517a2f26547b954fc59d92a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1953343
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65353}
There was some common code regarding smi tagging and either overflowing
or deopting if the number was too big for 31 bit smis.
Bug: v8:10021
Change-Id: I9cd9e5ff29b06638a10dd0c5a9f72ff13df6d6bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1950964
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65352}
Bug: v8:9970
Change-Id: I0e542fc63211e78800eab82257ccab9583305433
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946534
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65351}
This CL attempts to run unittests on Fuchsia
using Infra
Bug: chromium:934932
Change-Id: I4b7cb740e17e65e91ca8c6ba6dfd07719e473e20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948709
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65349}
Currently a TracedNode of a TracedReference is freed only if its target
V8 object is unreachable. This is problematic for TracedNodes created for
long-living (or immortal) V8 objects and leads to memory leaks.
This CL adds logic for collecting unreachable TracedNodes:
1) Each TracedNode gets a markbit. Initially the markbit is set (i.e.
we have black allocation for TracedNodes).
2) During marking RegisterEmbedderReference sets the markbit of the
corresonding TracedNode.
3) In the atomic pause of Mark-Compact when TracedNodes are iterated,
we check the markbits and free TracedNodes with cleared markbits.
After this processing all markbits are cleared for the next GC.
Note that the new logic does not apply to TracedNode that have
callbacks and/or destructors.
Bug: chromium:1029738
Change-Id: I38e76a8b4a84170793998988b1a7962e40874428
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948722
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65347}
Also make return and unconditional jumps kill the environment instead
of clearing it. This was still leftover from before we introduced
liveness and prevented sharing as well.
Bug: v8:7790
Change-Id: Ic79d64c9eaedf608d26e3265d4b27d21f7f3dfe1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948710
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65345}
port 91ee5f0https://crrev.com/c/1925614
Original Commit Message:
[wasm-simd] Implement f64x2 min max for arm
Change-Id: I41b350cdcc9242b2fed6260873dc202367509137
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1947690
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65342}
This patch implements inspector support for private instance methods:
- Previously to implement brand checking for instances with private
instance methods we store the brand both as the value with the brand
itself as the key in the stances. Now we make the value the context
associated with the class instead.
- To retrieve the private instance methods and accessors from the
instances at runtime, we look into the contexts stored with the
brands, and analyze the scope info to get the names as well as
context slot indices of them.
- This patch extends the `PrivatePropertyDescriptor` in the inspector
protocol to include optional `get` and `set` fields, and make the
`value` field optional (similar to `PropertyDescriptor`s).
Private fields or private instance methods are returned in the
`value` field while private accessors are returned in the `get`
and/or `set` field. Property previews for the instaces containing
private instance methods and accessors are also updated similarly,
although no additional protocol change is necessary since the
`PropertyPreview` type can already be used to display accessors.
Design doc: https://docs.google.com/document/d/1N91LObhQexnB0eE7EvGe57HsvNMFX16CaWu-XCTnnmY/edit
Bug: v8:9839, v8:8330
Change-Id: If37090bd23833a18f75deb1249ca5c4405ca2bf2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934407
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65337}
