Replacing a crash with a TypeError.
Bug: chromium:1203692
Change-Id: I6970f980b46f20033f29c1deb9bc5d49ea2014ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2856842
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74266}
Drive-by: Fix type hierarchies of a few FixedArray-related classes.
Done in this CL because it's based on the changes to FixedArrayData.
Drive-by: Allow AllocateFastLiteral (now TryAllocateFastLiteral) to
fail. Needed since currently ObjectRef creation may fail.
Bug: v8:7790
Change-Id: I1f8cf35a16408ed0e327f12602c832838254bb03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2853592
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74265}
In non-object-print builds, we were missing a trailing newline int
tracing output, messing up Memory.json parsing.
Tbr: machenbach@chromium.org
Change-Id: Ic826a4e20e348be6687c4981b48e6ab094f470ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857955
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74264}
GCC 7.4 has problems with combining [[nodiscard]] with
__attribute__((visibility(""))). Disable as there's enough compilation
coverage for clang to find issues.
Bug: v8:11707
Change-Id: I9e61463c4d11dbc3b03d458e2810206fb93de108
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854737
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74262}
This CL factors out a CodeRange class out of MemoryAllocator.
When V8_COMPRESS_POINTERS_IN_SHARED_CAGE is defined, there is a single
CodeRange shared by all Isolates in the process. This also turns short
builtins back for both configurations of pointer compression. When
sharing a cage, there is a single copy of the re-embedded builtins.
Since a shared pointer cage is still experimental, to avoid API churn
this CodeRange's size is not configurable and is always the maximal size
depending on the underlying platform.
Change-Id: Ie94f52746f2c5450247a999cc6071e3914d4cf0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2819206
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74261}
Use relative paths to access v8 root build rules since // means
something different in a chrome build.
Bug: v8:7330
Change-Id: I4eac73b394daaf0250b0fa2ad415af560b03c114
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2856840
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74258}
Currently there are 32 gn check failures across v8 (not including
third_party). These are due to issues in cppgc and inspector, which are
not trivially resolveable, so for now 4 targets (+ third_party) are
being excluded from the checks.
Bug: v8:7330
Change-Id: I506abe8e452c26239262499fc1fe2a6347a4c84b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851886
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74255}
After the --wasm-shared-engine flag was removed (in
https://crrev.com/c/1864935), there is no point any more in holding the
wasm engine in a shared_ptr. The engine is initialized once for the
whole process, and only deallocated during global tear down.
R=jkummerow@chromium.org
Bug: v8:11384
Change-Id: Id8e96eaecfcab8b44842ec323c94529e9c5a5e25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2853589
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74253}
This CL adds the new AllocationTypes kSharedOld and kSharedMap for
the allocation of objects in the shared heap. An Isolate can be converted
into a shared isolate with Isolate::UseAsSharedIsolate(). Client
isolates can then be attached to the shared isolate.
Bug: v8:11708
Change-Id: Ie2ed30b83b404e01e6f6079c5a4bdaa9302e8004
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850709
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74252}
Moves the v8_check_header_includes part of v8_base_without_compiler into
a separate v8_source_set that depends either directly or transitively on
every rule containing a header file.
Bug: v8:7330
Change-Id: I38bf4d62b514b3bede19c0180fbf436957a75391
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854752
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74251}
The exception concerning type None actually seems avoidable and
can cause issues with incomplete nodes remaining in the graph.
Bug: chromium:1202312, chromium:1202625
Change-Id: I89062715e7f640c66b3f7cdca249db8cde768f29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850917
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74250}
Previously we'd allow to replace the source of functions that are on the
current execution stack under certain conditions, but this has resulted
in an endless stream of bugs due to weird edge cases, and so we're now
limiting LiveEdit to functions that don't have any activation (including
not a suspended generator / async function activation).
We might eventually add the ability to LiveEdit functions with
activations and have them "upgrade upon next invocation", but that
doesn't seem to be an extremely important use case right now.
Fixed: chromium:1195927
Change-Id: I87a45ba4d0ddcfbf867bd4e73738d76b2d789e04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2846892
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74249}
When the embedder uses microtask scopes to control microtask execution,
we check in the V8 API that there's always a microtask scope on the
stack when entering V8. However, a microtask might call into the
embedder which in turn can call into V8, so we have to put a fake scope
on the stack before executing microtasks to avoid hitting the check.
Bug: chromium:728583
Change-Id: I99bcbcca26eaaac827d0ec09064044f616fb9efc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2853597
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74248}
BigInts are immutable after initialization, thus an acquire-release
synchronization point is sufficient to read safely from the background
thread. This CL introduces the `length` field as that sync point.
Bug: v8:7790
Change-Id: I977f30836b311c3851896dd29e708f78a090f547
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854745
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74245}
This renames UBSAN's lists to match the names expected by the sanitizer
config as specified in
1343ce81aa
Bug: v8:10619
Change-Id: I83f671cb68e4541735acb8d86d267f6a1a49b0a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854744
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74242}
.. which traces various stats (time, memory) related to the snapshot.
Due to various flag shuffles, it was broken as of Oct 2020, with some
line items reporting constant 0.
This also refactors --profile-deserialization and
--serialization-statistics s.t. the former only reports
deserialization times and the latter reports memory. Memory.json now
passes both flags.
Change-Id: I7dacbbbe9f7a667e0802d0f7a44703dc34524a4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854742
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74241}
Rather than pushing each root seperately, then emptying the
queue and pushing the next, instead push all roots together then
work through the queue. This reduces the number of node visits
by around 6x compared to pushing roots seperately.
BUG=v8:9684
Change-Id: I481fc177731f9d2b12e00c2a6d1be06a93429ff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854298
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74240}
Add a special builtin performing a ToBoolean operation for jumps in
baseline code, which
a) returns the original value as the first return value, to avoid
needing to save it in the caller, and
b) returns the true/false value as a Smi, to make the baseline-side
comparison a cheap comparison against zero.
This reduces JumpIfToBoolean (on x64) from ~40 to ~30 bytes.
Bug: v8:11420
Change-Id: Idee51405b1e450cdd11ccb45ed82ddbc9119ae74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854654
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74239}
With top-level await enabled by default, the behavior of
v8::Module::Evaluate is changed to always return a Promise, and should
be documented.
No-try: true
Change-Id: I8bf41a18d8d98befecd62d6423ab37fdbaac3aad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854874
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74238}
A NativeContext is initialized in two steps: First the map is allocated,
only afterwards the NativeContext. It could happen that there is a GC
happening when allocating the NativeContext. In such a case the
native_context for the Map is still set to null.
Fix this by also allowing null in Map::MapVerify.
Bug: v8:11695
Change-Id: Id8dcd6aef83aff4cbfff45a1e993e555cff8e7bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2853587
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74237}
Rolling v8/build: 6273d81..94367a1
Rolling v8/third_party/aemu-linux-x64: CMJyNq6nZ3RoBUYmon01iRJ7MYYfVl4ds1kgbGFcNRMC..KmvDYKZZ-xQz7ZzzSKBh3HrWPpQv89vfFY9mBp6RDq4C
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/00b0b51..ca2c407
Rolling v8/third_party/depot_tools: c91f5f6..ae1b2b1
Rolling v8/third_party/google_benchmark/src: 86da5ec..835951a
Rolling v8/tools/luci-go: git_revision:173195137e006c3bbbd2394409e3d752f8b3c62f..git_revision:a3a1f3a2e925eb44367c62783877c922c9ef7289
Rolling v8/tools/luci-go: git_revision:173195137e006c3bbbd2394409e3d752f8b3c62f..git_revision:a3a1f3a2e925eb44367c62783877c922c9ef7289
Rolling v8/tools/luci-go: git_revision:173195137e006c3bbbd2394409e3d752f8b3c62f..git_revision:a3a1f3a2e925eb44367c62783877c922c9ef7289
TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: Ia1b0769152c8b3e11691c452d8f0e338ede4b3af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2855902
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74236}
MatcherBase::buffer_ defined under "gtest/gtest-matchers.h"
is a union of sizes that may be too large for Config object
currently being passed to it. This might result in `buffer_` to remain
uninitialized.
More information about the error can be found
in the comment section of this CL: https://crrev.com/c/2228887
Change-Id: Ibeef1189a7db8056f00cc85dbccec506d345a7eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854278
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74235}
Changes:
- Add WasmInitExpr class which knows how to create initializer
expressions as pairs of {type, value}. Also define a default for every
type. Emit such pairs to a byte array with emit_init_expr().
- Add an initializer expression to every global (addGlobal() uses the
default if the argument is absent).
- Introduce wasmI64Const();
- Update tests as needed.
Change-Id: I75ffe96604891506ad78bd3677ce1efe5e0cee07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851892
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74231}
The kInt64, kUint64, and kIntPtr type definitions made no sense.
This CL removes kIntPtr and fixes+renames k(I|Ui)nt64. It also adds
some DCHECKs to avoid similar bugs in the future.
Bug: chromium:1202609
Change-Id: Ibe2e9c7501c22959b850d2b1076e819455440450
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851895
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74230}
Remove a couple of cases where builtins called by the baseline code
needed a context parameter, either because the interface descriptor
accidentally included the context, or by adding a trivial context load
from the frame where appropriate.
Bug: v8:11420
Change-Id: I3f34cd452f42dd876255375ae357feb245c78cdc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2848464
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74227}
FixedDoubleArrays are a special case:
1 The reads are 64-bit and unaligned, thus use memcpy underneath.
2 The compiler only reads FDArray values for (constant) boilerplate
elements.
1) makes proper atomic reads tricky-to-impossible without a lock.
Luckily, 2) means we know that the array values are immutable after
initialization, thus we can simply do a non-atomic read from the
compiler thread.
Bug: v8:7790
Change-Id: I39698d867543ce2214a2148511c5d90ced6364b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2848410
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74226}
- Move ASAN and MSAN support to base/
- Eval arguments for builds without sanitizer to preserve same
semantics
- IWYU fixes
Bug: chromium:1056170
Change-Id: I212becf205e03b155c188ffd13cf5629df6f2cb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851887
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74225}
The previously added perf-context Promise-hooks take a v8::Function as
arguments. However, the builtin code was only accepting JSFunctions
which causes cast errors.
Drive-by-fix: Directly pass nativeContext in more places.
Bug: chromium:1201465
Change-Id: Ic8bed11253a1f18a84e71eb9ea809b1ec1c3f428
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850162
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74223}
The config was mistakenly switched to Bionic already. We keep it
unspecified now to prepare reimaging the bots.
No-Try: true
Bug: chromium:1199430
Change-Id: Ib09d9abbe890fc891af69b6630bf21be85328196
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2853586
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74222}
This is another step towards improving TSAN and test coverage of
concurrent paths.
By purging reconstructible (background-serialized or never-serialized)
ObjectData instances from the cache after serialization, we increase
ObjectData-construction activity on the background thread.
Note that this means ObjectData is no longer canonicalized - two
instances can point at the same underlying object. Losing this
property is unfortunate, but we can revert back to it once work on the
concurrency project is further advanced.
Bug: v8:7790
Change-Id: I44b1366f61dc9087cddc76939512abed17e28d61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2844661
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74221}
This CL makes the object passed as argument to IsLeafTemplateForApiObject
be received as a handle instead of a raw C++ pointer. From the codegen
point of view, the memory representation is the same, so this doesn't
change its semantics.
Bug: chromium:1052746
Change-Id: Ibc116aa4d577ba95f30d1014f15f34ef3fbb1a35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851884
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74220}
With --stress-scavenge it is possible that we don't have a memento for
the object we are interested in anymore, making the test useless.
Bug: v8:11701
Change-Id: I05984de33dc0c21d01023ebaa4ceebacfb63cc84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851889
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74218}
Expose third_party/google_benchmark:google_benchmark as a public dep
from third_party/google_benchmark:benchmark_main and a v8_libbase
dependency to empty_benchmark to expose base/macros.h.
Bug: v8:7330
Change-Id: I5205af365da2ac7c35647acff90ed65d831cfa07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851888
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74217}
