While this seems like it should be true, the array buffer is not actually
neutered until the end of cloning. This is so that, if an exception is thrown
during serialization, the original array buffer is not left neutered. As a
result, Blink will not have neutered the buffer.
This fixes some DCHECK failures during layout tests.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2466563002
Cr-Commit-Position: refs/heads/master@{#40675}
This CL adds support for primitive maps to
1) PrototypeIterator,
2) PropertyHandlerCompiler::CheckPrototypes(),
3) Map::GetOrCreatePrototypeChainValidityCell(),
4) Prototype checks in data-driven ICs.
BUG=v8:5561
Review-Url: https://codereview.chromium.org/2466553002
Cr-Commit-Position: refs/heads/master@{#40673}
This exposes a couple of broken tests that used to silently throw within
the listener. Mark these as failing for now
BUG=v8:5330, v8:5581
Review-Url: https://codereview.chromium.org/2460833002
Cr-Commit-Position: refs/heads/master@{#40672}
Using a global proxy (e.g. 'window.f', 'w.f' or 'this.f') is considerably slower than evaluating just 'f'. This CL aims to perform the necessary checks at compile time and inline the accesses.
This is a follow-on CL to crrev.com/2369933005:
- The initial upload is crrev.com/2369933005 + a rebase.
- The remaining issues are the fixes requested by the reviewers on that CL.
BUG=chromium:634276, chromium:654716, chromium:656959
Committed: https://crrev.com/8f43d748272536117008aa6a1b53ea52126261c1
Committed: https://crrev.com/041314524952a3c1bc71bd3beafbbb37319f1d22
Review-Url: https://codereview.chromium.org/2403003002
Cr-Original-Original-Commit-Position: refs/heads/master@{#40153}
Cr-Original-Commit-Position: refs/heads/master@{#40365}
Cr-Commit-Position: refs/heads/master@{#40671}
ZeroConstant is a NumberConstant, so does not get matched
in IntMatchers, which results in missing some opportunities
in instruction selection. Use IntPtrConstant instead, which
generates an Int32Constant or an Int64Constant depending on
the word size.
BUG=
Review-Url: https://codereview.chromium.org/2467473002
Cr-Commit-Position: refs/heads/master@{#40669}
Similar to what crankshaft does, we introduce a mapcheck if necessary and a call to the CallApiCallbackStub.
BUG=
Review-Url: https://codereview.chromium.org/2458643002
Cr-Commit-Position: refs/heads/master@{#40664}
This enables Ignition unconditionally for all code that is destined for
optimization with TurboFan. This ensures all optimization attempts will
go through the BytecodeGraphBuilder and that the AstGraphBuilder pipe is
dried out in practice.
patch from issue 2427953002 at patchset 120001 (http://crrev.com/2427953002#ps120001)
R=mvstanton@chromium.org,rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2453973004
Cr-Commit-Position: refs/heads/master@{#40663}
Conflicting type feedback on Load/StoreICs can lead to out-of-bounds
field access, which is essentially dead code, but EscapeAnalysis was
confused about those. For now, mark the objects as escaping in these
cases, middle-term we want to deal better with this kind of compile-
time known dead code.
BUG=chromium:658185,v8:4586
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2459273002
Cr-Commit-Position: refs/heads/master@{#40662}
This patch implements TracingCategoryObserver to set global flag when a V8
specific category is enabled. Previously, we set a global flag each time when we
encounter a top level trace event, and use it as a global check. With this
patch, we can set a group of flags when tracing is enabled; besides, we make
V8 tracing feature use V8 flags instead of defining its own flag in a messy way.
With this patch, whatever V8 flag we want to imply in tracing, we define another
integer flag, and the original V8 flag will set it to 0x01 when passing by
commandline, tracing will set it to 0x10 when we start tracing and reset the bit
when we stop tracing.
Review-Url: https://codereview.chromium.org/2436273002
Cr-Commit-Position: refs/heads/master@{#40659}
These are added to the sampler stack trace when RCS are
enabled.
Resource name for a RCS frame is reported as "V8Runtime".
Counter names match ones from src/counters.h
BUG=chromium:660428
Review-Url: https://codereview.chromium.org/2461003002
Cr-Commit-Position: refs/heads/master@{#40658}
When Chromium and V8 use the same version of inspector_protocol, any protocol change takes at least 4 patches and 3 waiting for rolls.
To simplify this process we need to have two diffrent versions of inspector_protocol in Chromium and V8. Current state of inspector_protocol was extracted into separate repository [1]. This CL puts last version of inspector_protocol into third_party/inspector_protocol and removes dependency on inspector_protocol in Webkit.
[1] https://chromium.googlesource.com/deps/inspector_protocol/
BUG=chromium:637032
R=dgozman@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
Review-Url: https://codereview.chromium.org/2447323002
Cr-Commit-Position: refs/heads/master@{#40655}
Previously we reset runtime counters and dump them when we enter, exit top level
trace events respectively. However, there is gap between two top level trace
events and runtime counters may be activated, resetting the counters makes the
accumulated time inaccurate, and we may end up with negative time due to the
nature of how we accumulate time.
This patch fixes this problem by only resetting counters when there's no
counters active, and before dump counters, we traverse current active counters
to calculate their time, and then restart their timer.
BUG=chromium:658145
Review-Url: https://codereview.chromium.org/2457523002
Cr-Commit-Position: refs/heads/master@{#40653}
Reason for revert:
Seems to block rolling:
https://codereview.chromium.org/2447393005/
Original issue's description:
> [heap] Concurrent store buffer processing.
>
> BUG=chromium:648973, chromium:648568
TBR=ulan@chromium.org,mlippautz@chromium.org,hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:648973, chromium:648568
Review-Url: https://codereview.chromium.org/2449853010
Cr-Commit-Position: refs/heads/master@{#40650}
This is useful for things that don't ever change, but we don't want to
eagerly compute the result.
Doing this from the embedder is difficult, using DefineOwnProperty would
read the property to get the property descriptor, creating an endless
recursion.
R=verwaest@chromium.org,haraken@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2449783006
Cr-Commit-Position: refs/heads/master@{#40648}
The order is important for DEFINE_IMPLICATION to ensure transitive
implication: predictable => single_threaded => !concurrent_sweeping.
BUG=5580
Review-Url: https://codereview.chromium.org/2456323002
Cr-Commit-Position: refs/heads/master@{#40644}
The majority of context slot accesses are to the local context (current context
register and depth 0), so this adds bytecodes to optimise for that case.
This cuts down bytecode size by roughly 1% (measured on Octane and Top25).
Review-Url: https://codereview.chromium.org/2459513002
Cr-Commit-Position: refs/heads/master@{#40641}
... because the latter unlike the former records meaningful position.
BUG=
Review-Url: https://codereview.chromium.org/2456193005
Cr-Commit-Position: refs/heads/master@{#40640}
This flag is on by default for now. Whenever heuristics in the compiler
pipeline decide to use Ignition+TurboFan, then {BytecodeGraphBuilder} is
active. Removing the flag reduces maintenance overhead.
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2437103002
Cr-Commit-Position: refs/heads/master@{#40639}
This CL adds simple implementation of break and stepping-related functionality
as required by the debug-step.js test. This includes
* stepOver, stepInto, stepOut
* setBreakPoint
* clearBreakPoint
* evaluate
Some of these, e.g. setBreakPoint are not fully implemented for all cases but
only for the ones we need right now.
One interesting result of this is that using the inspector protocol is roughly
14x slower for debug-step.js (14s instead of 0.5s). One cause of this seems to
be iteration over all object properties in toProtocolValue, which is used to
serialize JS objects before being sent over the wire (e.g. FrameMirrors). This
is something that should be fixed at some point. In the meantime, the test now
runs 100 instead of 1000 iterations.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2447073007
Cr-Commit-Position: refs/heads/master@{#40636}
This adds a wrapper class around the inspector protocol for use in
debugger tests. The interface is intended to stay similar to the
currently exposed DebuggerContext.
Right now, we support adding a listener, (partial) handling of the
AfterCompile event, and enabling/disabling the debugger.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2451153003
Cr-Commit-Position: refs/heads/master@{#40635}
In the asm.js to wasm pipeline, we generate an entry function with
BUILTIN code, but still attached to a TYPE_NORMAL script.
This fix avoids trying to set a breakpoint there, resulting in a crash
on DCHECK(shared->HasDebugInfo()).
Also add two inspector tests to track regressions.
BUG=v8:5568
R=titzer@chromium.org,mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2457433002
Cr-Commit-Position: refs/heads/master@{#40633}
port 7d383be9da (r40608)
original commit message:
For inputs to truncating binary operations like <<, | or >>>, support
all Oddballs not just undefined, true and false. This unifies treatment
of these truncations in Crankshaft and TurboFan, and is very easy
nowadays, since the memory layout of Oddball and HeapNumber is
compatible.
BUG=
Review-Url: https://codereview.chromium.org/2450093007
Cr-Commit-Position: refs/heads/master@{#40632}
The reasons are:
1) Type feedback vectors are not shared between different native contexts and
therefore the IC handler created for one native context will not be reused
in other native context.
2) Access rights revocation is not supported at all, therefore given (1) once
we pass the access check we don't have to check access rights again.
BUG=v8:5561
Review-Url: https://codereview.chromium.org/2455953002
Cr-Commit-Position: refs/heads/master@{#40627}
