This will allow setting v8_debug from within a Chromium release bot.
Bug: chromium:828846
Change-Id: I714291feaa9ba90daba871ca9a12e6651bcd7dfa
Reviewed-on: https://chromium-review.googlesource.com/999486
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52432}
Remove redundant argument, add a DCHECK and explicitly specify the
capture list of the lambdas.
R=ahaas@chromium.org
Bug: v8:7570
Change-Id: I09fc6004ffc5cdc7b4c153748ed95e86ae85aaa2
Reviewed-on: https://chromium-review.googlesource.com/998098
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52430}
When serializing/deserializing RO_SPACE objects in CodeSerializer use
BackReferences to avoid re-allocating inside RO_SPACE.
Change-Id: Ie9063a43a4f758f0401ad59dfcc61c4b759591bc
Reviewed-on: https://chromium-review.googlesource.com/997837
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52429}
Inlines nameOrSourceURL and locationFromPosition of the Script object
at call sites.
R=jgruber@chromium.org
Bug: v8:7624
Change-Id: If217d4c1412fa22aaa856a017f73be4c803e70ac
Reviewed-on: https://chromium-review.googlesource.com/997741
Commit-Queue: Simon Zünd <szuend@google.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52427}
The byte_length of ArrayBuffers may be a heap number. This length is
needed for freeing a buffer during tear down, implying that ArrayBuffers
need to be freed before regular space tear down can remove actual pages.
Bug: v8:7623
Change-Id: Iab91843e48c50276a2e110915f69cf9e6c24ef8f
Reviewed-on: https://chromium-review.googlesource.com/997776
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52426}
--cache=code produces and consume cache in different isolates. Earlier
we created a new isolate for the run consuming the code cache. This cl
changes to create a new isolate when producing the code cache so that
RunShell works as expected.
Change-Id: I1c73aab2bee429aafdcc52a68ddcf742edfcd652
Reviewed-on: https://chromium-review.googlesource.com/997694
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52424}
Various fixes necessary to get the script working with V8 6.6
Upstreamed from https://github.com/nodejs/node/pull/19201
Change-Id: Ic7819eb17cf4be8380b8c1811e569236244e7400
Reviewed-on: https://chromium-review.googlesource.com/996858
Commit-Queue: Myles Borins <mborins@google.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52421}
This reverts commit f9a2e24bbc.
Reason for revert: gc stress failures not all fixed by follow up.
Original change's description:
> [cleanup] Refactor the Factory
>
> There is no good reason to have the meat of most objects' initialization
> logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
> this CL changes the protocol between Heap and Factory to be AllocateRaw,
> and all object initialization work after (possibly retried) successful
> raw allocation happens in the Factory.
>
> This saves about 20KB of binary size on x64.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
> Reviewed-on: https://chromium-review.googlesource.com/959533
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52416}
TBR=jkummerow@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org
Change-Id: Idbbc53478742f3e9525eee83342afc6aedae122f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/999414
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52420}
This reverts commit ad221d144a.
Reason for revert: Layout test failures:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/22780
Original change's description:
> [wasm] Always enable guard regions on 64-bit platforms
>
> This change makes full 8 GiB guard regions always enabled on 64-bit
> platforms.
>
> Additionally, since all Wasm memory allocation paths have some form of
> guard regions, this removes and simplifies most of the logic around
> whether to enable guard regions.
>
> This is a reland of https://crrev.com/c/985142.
>
> Bug: v8:7619
> Change-Id: I8bf1f86d6f89fd0bb2144431c7628f15a6b00ba0
> Reviewed-on: https://chromium-review.googlesource.com/996466
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52412}
TBR=bradnelson@chromium.org,eholk@chromium.org
Change-Id: Ic15d14c6fa69300bc0fdc036b9fee8ecf65fd397
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7619
Reviewed-on: https://chromium-review.googlesource.com/999412
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52418}
Allocating elements and/or property backing stores can, due to retrying,
cause a JSObject that has just been allocated in new space to be promoted
to old space, so skipping the write barrier is now an invalid optimization.
Tbr: hpayer@chromium.org
Change-Id: I4a1eacbd59912dd4aa9069b0636f683fb4674231
Reviewed-on: https://chromium-review.googlesource.com/998799
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52417}
There is no good reason to have the meat of most objects' initialization
logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
this CL changes the protocol between Heap and Factory to be AllocateRaw,
and all object initialization work after (possibly retried) successful
raw allocation happens in the Factory.
This saves about 20KB of binary size on x64.
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
Reviewed-on: https://chromium-review.googlesource.com/959533
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52416}
This is another small step towards detaching the JSFunction from Contexts.
In order to not break the debugger protocol we need the inferred name on the
ScopeInfo chain. This CL might increase memory usage slightly, given that the
inferred name field is duplicated on the ScopeInfo.
Bug: v8:7066, chromium:818642
Change-Id: I0dd9f18ae69791f774cf835669afa50491f7433b
Reviewed-on: https://chromium-review.googlesource.com/995792
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52415}
This change makes full 8 GiB guard regions always enabled on 64-bit
platforms.
Additionally, since all Wasm memory allocation paths have some form of
guard regions, this removes and simplifies most of the logic around
whether to enable guard regions.
This is a reland of https://crrev.com/c/985142.
Bug: v8:7619
Change-Id: I8bf1f86d6f89fd0bb2144431c7628f15a6b00ba0
Reviewed-on: https://chromium-review.googlesource.com/996466
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52412}
Port 7101881269
Original Commit Message:
This is a reland of 7a2c371383
Original change's description:
> [debug] introduced runtime side effect check
>
> This CL demonstrates minimum valuable addition to existing debug evaluate
> without side effects mechanism.
> With this CL user can evaluate expressions like:
> [a,b] // create any kind of temporary array literals
> [a,b].reduce((x,y) => x + y, 0); // use reduce method
> [1,2,3].fill(2); // change temporary arrays
>
> The core idea: any change of the object created during evaluation without
> side effects is side effect free. As soon as we try to store this temporary
> object to object existed before evaluation we will terminate execution.
>
> Implementation:
> - track all objects allocated during evaluation and mark them as temporary,
> - patch all bytecodes which change objects.
>
> A little more details (including performance analysis): [1].
>
> [1] https://docs.google.com/document/d/10qqAtZADspPnpYa6SEdYRxrddfKIZJIzbLtGpsZQkRo/edit#
>
> Bug: v8:7588
> Change-Id: I69f7b96e1ebd7ad0022219e8213211c7be72a111
> Reviewed-on: https://chromium-review.googlesource.com/972615
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52370}
R=kozyatinskiy@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I8706efa53d0bbf7d12e48f4f0c4ac387b5faa97b
Reviewed-on: https://chromium-review.googlesource.com/998180
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52411}
Use 64-bit addition if the pointer size is 8, use 32-bit addition
otherwise.
R=titzer@chromium.org
CC=sreten.kovacevic@mips.com
Change-Id: I129cc29454726b7be45ecea13484212cc4f72eea
Reviewed-on: https://chromium-review.googlesource.com/998552
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52410}
The bug was fixed in https://crrev.com/c/995796, but this CL adds a
regression test to make sure it stays fixed.
Bug: chromium:827806
Change-Id: I9f4aed364bbd310af4253da457887a8b8015533a
Reviewed-on: https://chromium-review.googlesource.com/993237
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52409}
The v8_base project can't be loaded in Visual Studio 2017 because
"src/zone/zone-allocator.h" is listed twice.
R=jgruber@chromium.org, yangguo@chromium.org
Change-Id: Ide2f27a7f8ffd3c57deb7f9ae16c55122d999d06
Reviewed-on: https://chromium-review.googlesource.com/998346
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52408}
|is_posix| will be switched to false for Fuchsia, this is a preliminary change.
Bug: chromium:812974
Change-Id: I2ae8e5ef4270cd0acbc7c69bb46d1be9ed4a5c5e
Reviewed-on: https://chromium-review.googlesource.com/988253
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Fabrice de Gans-Riberi <fdegans@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52407}
The AssembleMove and AssembleSwap tests would only perform moves on stack
parameters. This limits us to testing with slots that are likely to be in range
of loads and stores. As well as only testing memory accesses with positive
offsets relative to the frame pointer.
This patch addresses these limitations by moving half of the stack parameters
into spill slots, to then perform moves on them. Additionally, to increase
ranges, we create articial space between each spilled slot.
As a drive-by, allow giving custom names to code objects created with the
CodeAssemblerTester. It helps a lot inspecting disassembly.
And finally, this CL uncovered a bug where I had forgotten to initialize
FixedArrays, which would make the incremental marker crash.
Bug: v8:6848
Change-Id: Ic1954c1896130f6c55e09a3068bf341cc4c68670
Reviewed-on: https://chromium-review.googlesource.com/980613
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52406}
This CL further lowers the kMaxEmptyFactor constant to more aggressively shrink
the StringTable when it's empty.
Bug: v8:5443, chromium:818642
Change-Id: I1c263a0afd7e6bed8a8bb857db032bf126c3ef4b
Reviewed-on: https://chromium-review.googlesource.com/995473
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52401}
This is a small step towards making node build on Windows.
Bug: v8:6105
R=machenbach@chromium.org
Change-Id: I8d3a9b1830bb012d846a791fddc8d1d8d830515e
Reviewed-on: https://chromium-review.googlesource.com/980950
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52400}
This adds support for i64.and, i64.or and i64.xor.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ie64e1874f87cd250f3e0641e021f584ecd0aaff9
Reviewed-on: https://chromium-review.googlesource.com/995444
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52396}
The amortized cost of a single invocation is actually O(1), not O(n).
But this whole comment is needless anyway, so just remove it.
R=ahaas@chromium.org
NOTRY=true
Change-Id: Icffaedcd784584b1676cd7ed323555177a62d63e
Reviewed-on: https://chromium-review.googlesource.com/997812
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52395}
It looks like the normal ways of creating lookup iterators work better.
Bug: v8:5988, chromium:828282
Change-Id: Ifd623b2e93708ff8684d056d9292b7779f611a3c
Reviewed-on: https://chromium-review.googlesource.com/997474
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52392}
Add support for decoding anyref globals, and some drive-by cleanups.
R=titzer@chromium.org
Bug: v8:7581
Change-Id: I3527f996a3fa1a890918a5924e951fbafa394cf2
Reviewed-on: https://chromium-review.googlesource.com/997655
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52391}
This is a reland of 63ecddc814
Original change's description:
> [runtime] Remove the construct_stub field of the SFI
>
> Don't dispatch based on the construct_stub field anymore. Rather than
> read it out and jump to the construct stub, we can switch on the
> builtin_id.
>
> Builtins will always have builtin_id as a Smi, so this signals we need
> to jump to JSBuiltinsConstructStub. The only exception is for uncompiled
> functions, which will have kCompileLazy as the builtin_id, but need to
> jump to the generic stub instead.
>
> API function calls will have a FunctionTemplateInfo in the SFI
> function_data field, and need to go to the builtins stub as well.
>
> The final case is everything else, which should go to the generic stub.
>
> Bug: v8:7503
> Change-Id: I14790a5f9784dc0d940bf10a05f5310026e1d482
> Reviewed-on: https://chromium-review.googlesource.com/980941
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52345}
TBR=bmeurer@chromium.org
Bug: v8:7503
Change-Id: Ie46bfb0af173ad7ac8cbdfeed1865e60f3f413f7
Reviewed-on: https://chromium-review.googlesource.com/997712
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52389}
Fixes a crash that happens when calling postMessage on an empty typed
array.
GetBuffer should only call MaterializeArrayBuffer for on-heap buffers,
but the on-heap check is slightly wrong. This CL moves the on-heap check
logic to the JSTypedArray class so that other parts of the codebase
don't need to worry about how that is determined.
Also add some dchecks to materialize itself. It should only receive
on-heap buffers and should always transform them to off-heap buffers.
There is also no reason for it to be static, so change that here too.
Bug: chromium:797588
Change-Id: Icd88a5b68e424d82c9f1f7889ca42a40a72a1bdc
Reviewed-on: https://chromium-review.googlesource.com/995898
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52388}
In order to clarify the difference between, e.g., InstructionStart and
instruction_start, rename as follows:
Code::instruction_start -> raw_instruction_start
Code::instruction_end -> raw_instruction_end
Code::instruction_size -> raw_instruction_size
The difference between the camel-case and raw_* function families is
in how they handle off-heap-trampoline Code objects. For example, when
called on an off-heap-trampoline: raw_instruction_start returns the
trampoline's entry point, while InstructionStart returns the off-heap
code's entry point (located in the .text section of the binary).
Some callsites were updated to call the camel-case function family as
appropriate.
Bug: v8:6666
Change-Id: I4a572f47c2d161a853599d7c17879e263b0d1a87
Reviewed-on: https://chromium-review.googlesource.com/997532
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52387}
This pattern seems to reoccur in the code:
Handle<TransitionArray> array = TransitionArray::Allocate(...);
<something that causes allocation>
// Fill up the array
array->set(...);
If the allocation causes GC, we try to iterate the TransitionArrray
in MarkCompactCollector::ClearFullMapTransitions, and that crashes because it
expects the TransitionArray to contain handlers (not undefined).
This bug is present e.g., in TransitionAccessor::EnsureHasFullTransition.
BUG=v8:7308
Change-Id: I306204fc27d62041801427c466c82d1d9df1bf0c
Reviewed-on: https://chromium-review.googlesource.com/997493
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52386}
In addition, remove the default branch from the swtich in HeapObjectPrint, so
that it's no longer possible to leave out printing functionality by accident.
BUG=v8:7308
Change-Id: I2db67549e328aea6228d3a370f9ebb7494ab3730
Reviewed-on: https://chromium-review.googlesource.com/997492
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52384}
Removing these tests from skip list because corresponding wasm simd
opcodes lowering has been implemented.
Change-Id: I77bbbee573ba65cf27dc9ee39f4d352bafb5849f
Reviewed-on: https://chromium-review.googlesource.com/988032
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52383}
