This was already unsupported by the map updated because the condition was
manually checked before CanBeInPlaceChangedTo. Since the latter function missed
the check, however, new code using the function (json parser) missed the
relevant check. Simply move the condition to the function.
Bug: chromium:964869
Change-Id: I9424a5706c5f6d637acbf532707da3f1e7d9b55e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622114
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61703}
When tracing function compilations, do also trace the function index
and the function body size. This information often helps investigating
bottlenecks in compilation.
R=ahaas@chromium.org
Bug: v8:8916, chromium:950493
Change-Id: Ibabd1b59827b67ac9b0ef3a78f121ab8fb2c4e09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622111
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61701}
Check uintptr_t sized blocks of UTF16 chars at a time similar to NonAsciiStart.
Fix readds the length precheck so we won't read out of bounds while aligning
the start.
Change-Id: Iaea901945a2445ba5bf50c67a6211356697ed1fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622115
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61700}
This CL changes the existing TorqueError struct into a more general
TorqueMessage by adding a "kind" enum. The contextual for lint errors
is removed and replaced by a list of TorqueMessages.
A MessageBuilder is introduced to help with the different
combinations of present information and method of reporting. A lint
error with custom SourcePosition can be reported like this:
Lint("naming convention error").Position(<src_pos_var>);
While a fatal error, with CurrentSourcePosition can be thrown
like this:
Error("something went horrible wrong").Throw();
This approach is both backwards compatible and should prove flexible
enough to add more information to messages or add other message kinds.
Bug: v8:7793
Change-Id: Ib04fa188e34b3e8e9a6526a086f80da8f690a6f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617245
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61696}
Check uintptr_t sized blocks of UTF16 chars at a time similar to NonAsciiStart.
Change-Id: Ib4c498cc064e6ac7b6f8cc87ab700eafc8132c39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622107
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61693}
This was supposed to be only a clean-up, but the original code even
invalidated a test and thereby covered a test. I fixed the bug here as
well.
Without testing it I think this fixes https://crbug.com/964607.
Bug: v8:9183
Change-Id: I076f40a2302bfd5b7cecd2ae35d4e05a465e054b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621935
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61691}
There was a case missing when we have a compressed value that:
* Can be compressed signed
* We know can't be a smi
* Has to be converted to tagged pointer
The case from tagged to compressed was also missing.
This was the proper way of fixing the chromium bug (963917), and it could
fix more things since a conversion was missing.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: chromium:963917, v8:8977, v8:7703, v8:8982
Change-Id: Id1df8e81bc900fef9bed3539c0ace621810ab1da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621941
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61690}
This CL fixes an issue where V8 does not satisfy the WebAssembly spec of
the anyref proposal.
The table.fill instruction has 3 parameters, {start_index}, {length},
and {value}. V8 trapped with table-out-of-bounds when
{start_index >= table_size}. However, the spec requires that
{start_index == table_size} is valid when {length == 0}.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I5f83a03fb8e349b48c887535f6f065492feb9ac2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609537
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61689}
This is not needed as this is already a method on all ArrayBufferViews
and there is only one caller which actually uses the cast.
Bug: v8:9183
Change-Id: Ic45b40bf433c870bc8cb0121c24755fd03ce405b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622106
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61688}
In contrast to (private) class fields, struct fields are public and
accessed directly, and do not end in an underscore.
This CL fixes naming in struct fields in the recently introduces
{CompilationUnitQueues} class.
R=ahaas@chromium.org
Bug: v8:9183
Change-Id: I87d80650dc4a1c58cf8067ebb4ecfadf929545ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621936
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61687}
The semantics of that method are not obvious (it returns an empty
MaybeHandle if the element is undefined, otherwise it assumes it is of
type T). Since there is only a single use of that method in the whole
code base, just having that logic there explicitly is much simpler.
Potential future uses of that method are probably also easier to
understand if they just to the checks explicitly.
Drive-by: Document semantics of {FixedArray::GetValueChecked}. Also for
this method it's quesionable whether it is useful overall.
Drive-by^2: Avoid else after return (see style guide).
R=mstarzinger@chromium.org
Bug: v8:9183
Change-Id: I88dcb0f080d728bbe55932f17cf4d7eb25ab5928
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619761
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61686}
This is just for convenience, and actually surprising behavior.
R=clemensh@chromium.org
Bug: v8:9183
Change-Id: I3316856e63b97bfb06da897c6f8b716bc988aa36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621932
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61684}
This is a reland of 3dd5661204
The reland introduces a new flag "--experimental-stack-trace-frames".
The flag is disabled by default, but enabled for relevant tests.
The flag stays disabled by default until API frames are eagerly
symbolized to prevent leaks in blink web tests.
Original change's description:
> [stack-trace] Include API functions in Error.stack stack trace
>
> This CL extends Error.stack to include frames of functions declared
> with the C++ FunctionTemplate API. For example, "print" in d8.
>
> Two changes are necessary:
> - HandleApiCall and friends need to go through an BUILTIN_EXIT frame
> instead of an EXIT frame. The existing stack-trace machinery will
> then pick up FunctionTemplate frames without additional changes.
> - Turbofan doesn't go through HandleApiCall, but instead uses an
> ASM builtin to enter FunctionTemplate functions. A "marker"
> frame state is needed to include these frames in the stack trace.
>
> Note: This CL only includes these frames in Error.stack,
> but not (yet) in the stack-trace API (v8.h).
>
> Bug: v8:8742,v8:6802
> Change-Id: Ic0631af883cf56e0d0122a2e0c54e36fed324d91
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609835
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61602}
Bug: v8:8742, v8:6802
Change-Id: I1d3b79cdf0b2edcbaeff1ec15e10deeca725f017
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621925
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61683}
This parameter was just for convenience but did not end up in the
generated bytes.
R=clemensh@chromium.org
Bug: v8:9183
Change-Id: Id4faf5b9ad20a357c069c3189db6ed14945dea8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621929
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61681}
Inputs to JSON can be two-byte because payload strings can contain two-byte
characters, without actually having any one-byte property key. Rather than
eagerly converting the string to one-byte, we can perform a string-table lookup
with a two-byte string key; only converting the result to one-byte if it's a
new key.
This speeds up json parsing of two-byte json from the Youtube benchmark by 20%.
Change-Id: If6d4a37d331724f48b008aef8ec3e28d366cd038
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619866
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61680}
Factory::NewStackFrameInfo was leaving fields with the default
initialization to 'undefined' for fields marked as Smi type in base.tq.
Our heap verifier dutifully found and reported the discrepancy. This CL
initializes all fields of the struct to values compatible with the Torque
specification. In the future, this should probably be done automatically.
Change-Id: I30c2e2830300d9d84af663384dd7e0283ec39b77
Bug: chromium:965042
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621928
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61679}
It has previously been moved to gni/
R=machenbach@chromium.org
Change-Id: If838616d28b9eaaea2bff0496a1ad2535845f420
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621926
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61678}
This CL also removes the corresponding intrinsic lowering of
IsTypedArray in TurboFan and Ignition.
Drive-by: Remove unused ArrayBufferViewWasDetached runtime function.
Bug: v8:9183
Change-Id: I2767b22fbdfb679cba30b9fbc555c8d41c7f4345
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617930
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61677}
Bug: v8:9247
Change-Id: I9bcf2694b449f79cdbe03f5fde59cb21b8cad418
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619758
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61676}
Macros are now inaccessible from CSA except if their declaration is
marked with the "export" keyword. The implicit field accessors for class
fields are always exported.
In this CL, unwarranted access from CSA is prevented by appending a
pseudo-random suffix to non-exported names. This is to be replaced by
something more principled, namely by not including these macros at all in
the headers included from CSA.
Bug: v8:7793
Change-Id: I3ffb2e91a616623f81b4b4508e001ad0cf65d2c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615258
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61672}
When reconfigure data field (e.g. change representation), it was allowed to transition from dictionary elements kind to sealed elements kind. With this change, this transition is forbidden.
Bug: chromium:963346
Change-Id: I6c9a5f6f269bc5ee4cd6176ff5e8d803f08dba1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613840
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61670}
When the 'disabled-by-default-v8.gc' category is enabled, emit an instant event
with heap statistics after every GC. The data that's emitted is the same as what
the V8 API gives you with `GetHeapStatistics()` and `GetHeapSpaceStatistics()`.
We generate JSON with the following format:
```
{
"isolate": "0x55dd5cf03b50",
"id": 1,
"time_ms": 42.619,
"total_heap_size": 3981312,
"total_heap_size_executable": 573440,
"total_physical_size": 2820440,
"total_available_size": 2195254440,
"used_heap_size": 1799616,
"heap_size_limit": 2197815296,
"malloced_memory": 251024,
"external_memory": 2981,
"peak_malloced_memory": 589280,
"spaces": [
{
"name": "read_only_space",
"size": 262144,
"used_size": 32568,
"available_size": 229256,
"physical_size": 32888
},
{
"name": "new_space",
"size": 2097152,
"used_size": 903392,
"available_size": 143904,
"physical_size": 1856136
},
...
]
}
```
Bug: v8:9186
Change-Id: I0d07aa37b65d45778d6b47dbe6e07a9dd25d1097
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619763
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#61667}
This test needs detailed source positions which aren't available with
lazy source positions enabled so force them to always be present.
Bug: v8:8510
Change-Id: I1faf3d5614742b4181facc18eaf1d73d6a5712d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617677
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61663}
Previously, compiling with perfetto would add 2.3 MiB to the d8 release
binary. With this change it's 472 KiB.
This is because trace:lite pulls in many more compiled proto classes
than we need, e.g. a bunch of stuff under ftrace/ which is only used
on Android.
Chrome uses a 'mirror proto' ChromeTrackPacket to only provide
compiled protos for the types of packets it will actually see, which on
non-android devices does not include anything under ftrace/.
We use the same trick here in the JSON consumer.
Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: Iae1f74eec3bd93b18e9f069701fc016440d3ce5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619759
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61662}
The read_only_object_cache call cannot return a vector when it is backed
by the embedded heap, so this adds a few methods to abstract this away.
ExtendReadOnlyObjectCache will eventually have a check to reject adding
objects to the embedded read-only object cache.
Prior to this change the read-only object cache would only be extended
conditionally if needed. Since it started out empty it was always
extended, so this removes this logic.
Bug: v8:7464
Change-Id: I5b172f629ac48be5cbb8f78b03a0a213ebd570e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619745
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61661}
This adds two more message tests to test compile errors in
WebAssembly.compileStreaming and WebAssembly.instantiateStreaming.
R=mstarzinger@chromium.org
Bug: v8:9266
Change-Id: I34d1df4ce0fb02e14f3e5011569c8ba1d1374658
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619746
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61660}
This adds proper loading and parsing of the arguments that are being
passed to the {WebAssembly.Function} constructor function, including
tests covering most of the negative cases.
R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: Id4d67789604ee72aec5ad831004a01434c1c6d6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619748
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61659}
ASAN on Windows uses exceptions to manage its shadow memory. However,
this behavior can conflict with WebAssembly trap handler, because
WebAssembly trap handler are executed before the ASAN exception handler.
For some WebAssembly instructions we do not generate assembly code but
call to C functions instead. Since these functions are very simple, we
do not want to reset the thread-in-wasm flag before calling them.
However, when these functions trigger the ASAN exceptions, the
thread-in-wasm flag gets out-of-sync. This happened for the
memory_fill_wrapper function. Originally we thought that it's sufficient
to just mark the function with DISABLE_ASAN. However, this is not enough
because clang compiles the function to use memset, and memset gets
replaced by ASAN with asan_memset.
Therefore I decided now that just for sanitizer builds on Windows, we
reset the thread-in-wasm flag in memory_fill_wrapper. This is not ideal
because it's test-specific code within production code. However, the
alternatives also don't sound convincing.
Alternatives would be:
* Resetting the thread-in-wasm flag whenever we call a c-function
- This would be unnecessary performance overhead for production code
just to make a test work.
* Configure ASAN to not change memset.
- This would weaken ASAN also for other cases.
* Disable ASAN for trap handlers, or trap handlers in ASAN builds.
- This would reduce test coverage.
R=binji@chromium.org
Bug: chromium:957405
Change-Id: Ibd13c6fe7b898238f636db576552e3e4b278c04a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617671
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61658}
The invariant is that Map::bit_field2 shouldn't change, and the
IsInRetainedMapListBit apparently changes when the map is held
weakly from optimized code. This causes TurboFan compilations to
change the Map::Hash() result, which in turn causes lookups on
the normalized map cache to miss (and maybe other bad consequences).
With this change we swap Map::IsInRetainedMapListBit (previously in
bit_field2) and Map::HasHiddenPrototypeBit (previously in bit_field3)
to address this problem.
Bug: chromium:963411, v8:9114, v8:9267
Change-Id: I040a27c37305fa602649750bd93bee40c91fca78
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619747
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61657}
Recently* a second ResolveRenames appeared in
typed-optimization.cc. In some extreme (non-default) jumbo
builds that file shared translation unit (and thus anonymous
namespace) with load-elimination.cc which also has a
ResolveRenames which is slightly different.
To avoid that name clash and failed compilation, this
renames ResolveRenames -> ResolveRenamesForOpt.
*) It appeared in
https://chromium-review.googlesource.com/c/v8/v8/+/1609803
Change-Id: Ia175468a8e978e93e95da1d28f74cee8dce253d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615465
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Daniel Bratell <bratell@opera.com>
Cr-Commit-Position: refs/heads/master@{#61655}
This fixes the error message generated for compile errors during
asynchronous instantiation. It shows "WebAssembly.instantiate()" now
instead of "WebAssembly.compile()".
R=mstarzinger@chromium.org
Bug: v8:9266
Change-Id: Ieae478d1c4f6843fbc17e15debb6c49f72059d99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617940
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61654}