This CL extracts the capturing for detailed and simple
stack traces into a configurable helper. Rather then introducing a
single flag for this helper, noting whether we capture simple or detailed
stack traces, each "difference" between the two can be turned on/off
separately, for easier, future refactorings.
R=jgruber@chromium.org
Bug: v8:8742
Change-Id: I0cf5e975438f05ff40f91d8a8f097059424e3d19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520326
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60213}
This updates the existing special casing of assignment operators by
gcmole to match for assignments of {HeapObject} instead of {HeapObject*}
variables. The former now uses the implicit C++ assignment operator call
instead of a primitive assignment binary operation.
Also removes the dead {handle_decl_name} field as a drive-by-fix.
R=mslekova@chromium.org
BUG=v8:8813
Change-Id: I0b48254e7ca1544bc064707a8ca1f204366ddbe4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1517879
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60212}
This CL just adds a parameter to addElementSegment and adjusts all
existing tests.
Note that addElementSegment contains some convenience code to construct
one initial table if it does not exist yet. I did not extend that code
to multiple tables. If you want to use multiple tables, you have to
create them first before calling addElementSegment.
R=clemensh@chromium.org
Bug: v8:7581
Change-Id: Ie131fd5dc19856703ab5cfb2fa8f7d576f70a18b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520709
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60211}
As pointed out on https://crrev.com/c/1508675, the number of buckets of
{V8.WasmModuleCodeSizeMiB} should not change, thus change it back to
64. Also change the number of buckets for the two new counters for
symmetry.
R=isherman@chromium.org, mstarzinger@chromium.org
Bug: v8:8217
Change-Id: Ia7b10460be2c059d865381d3164a781668a7b0f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518173
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60208}
This Cl adds a type to {WasmTableObject}, and extends
{WasmTableObject::Set} and {WasmTableObject::Get} to support anyref
tables. I did it in one CL so that I can write tests.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I6c6d78f84715a7805f7bb881a63d3c1174f6a6ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511332
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60206}
Enable cross-origin frame filtering by exposing this bit from
ScriptOriginOptions.
Bug: v8:8956
Change-Id: I109eec9db8b3d42d68d32abc5edd437b1c91a9b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1493294
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60205}
We need to ensure that the NativeModule stays alive while any
{BackgroundCompileScope} exists, because during that time we hold
shared ownership of the mutex in the {BackgroundCompileToken}. If the
{NativeModule} dies during that period, we would need to get exclusive
ownership of the mutex and deadlock.
This change requires holding a {std::weak_ptr<NativeModule>} in the
BackgroundCompileToken instead of a raw pointer, hence it can only be
initialized after the NativeModule was created. This is done via a
separate {InitCompilationState} method.
R=ahaas@chromium.org
Bug: v8:8979
Change-Id: Ia14bd272ea0bc47aec547024da6020608418c9d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518178
Auto-Submit: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60203}
We want to get rid of the atomicops library, hence switch all uses to
std::atomic.
R=mlippautz@chromium.org
Bug: v8:8926, v8:8834
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Change-Id: I7966d4ea98c5dd2ff712b1d84a6877f407f55ec7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518176
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60202}
The TryGetOwnProperty code supports only unique names that are not
array indices. Unfortunately, this is neither obvious from its type,
nor from its comment, nor from its code.
ProxiesCodeStubAssembler::CheckHasTrapResult violated the assumption
and was already fixed a few days ago. This CL fixes
CheckGetSetTrapResult and improves our code documentation in the
form of comments and assertions. Concretely:
- Add CodeStubAssembler::IsUniqueName and IsUniqueNameNoIndex
- Use IsUniqueNameNoIndex in CheckGetSetTrapResult to guard
TryGetOwnProperty (bailout to runtime if not satisfied).
- Similarly, use IsUniqueNameNoIndex to simplify the previous fix in
CheckHasTrapResult.
- Add a IsUniqueNameNoIndex CSA_ASSERT to TryGetOwnProperty and a few
other places to avoid such bugs in the future.
- Add a IsUniqueName CSA_ASSERT to a few places where we apparently
expect unique names (I don't know if those allow indices or not).
- Add a DCHECK to Name::IsUniqueName to ensure and document that this
shortcut version is equivalent to HeapObject::IsUniqueName.
Bug: chromium:937618
Change-Id: Id4a18ab2a0e9c7591b087dd0c9fe018aa9b9ef3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514732
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60196}
In particular, remove {toUint8Array} method and make {toBuffer} return
a {Uint8Array} view to the buffer like before
https://crrev.com/c/1508352. Also, the returned view does not need to be
another copy of the bytes, it can really just be a view.
As a follow-up, this requires the test-only DeserializeWasmModule
runtime method to receive the wire bytes as Uint8Array, and also
requires the {IsWasmCompileAllowed} callback to handle
{ArrayBufferView} (like chromium's version already does).
R=ahaas@chromium.org
Change-Id: I87296cdbac14b74e7c8b38a372aa3df572ca6ad6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518172
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60195}
This will allow us to avoid packaging cctest into official archives, while still
keeeping them around for refbuilds. As a result, official archives will become a
lot smaller.
Corresponding recipe change: https://crrev.com/c/1517881R=machenbach@chromium.org, tmrts@chromium.org
Bug: v8:8969
Change-Id: Icf67d2f6dd5dc4d4a4f32f9b5c5ef21758410546
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1517880
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60193}
This removes a redundant "mov <reg>, #0" by spilling the zero register
directly.
Change-Id: I608f5200ee25e176f6d3279aec07c581d9f7d769
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1517872
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#60192}
The regexp interpreter holds several unhandlified references to heap
objects, and is thus within a DisallowHeapAllocation scope. But there
are two situations in which we can and do allocate safely:
1. When creating & throwing a stack overflow exception. The interpreter
aborts afterwards, and thus possible-moved objects are never used.
2. When handling interrupts. We manually relocate unhandlified references
after interrupts have run.
This CL explicitly allows allocations on stack overflows.
Isolate::StackOverflow allocates heap objects.
Bug: chromium:940722, v8:8724
Change-Id: I74ef6f0dd7a30bd55f49a7bc0f2f6ac82adbeda8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518174
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60191}
Enabled Wasm interpreter as first-class tier. Depending on the flag
{--wasm-interpret-all} the interpreter is the default and only tier
used to run Wasm modules.
Change-Id: I9ffa333f7138437e646dee2113f06c1676bac331
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1516292
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60190}
We want to allocate feedback vectors lazily in lite mode. To do that,
we should create closures with the correct feedback cell. This cl
allocates feedback cell arrays to hold these feedback cells in lite mode.
This cl also modifies the compile lazy to builtin to expect these arrays
in the feedback cell.
Drive-by fix: InterpreterEntryTrampoline no longer has argument count in
a register. So updated comments and removed unnecessary push/pop of this
register.
Bug: v8:8394
Change-Id: I10d8ca67cebce61a284f0c80b200e1f0c24577a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511274
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60189}
This function is not used (anymore) but needs to be defined, so put an
UNREACHBLE inside.
Bug: v8:7790
Change-Id: I5a8df2cbc236f60ee95ccc9d91c288d8d9c19060
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1515792
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60188}
... similar to how we do this in native irregexp code, i.e. handle
interrupts on each backtrack. Unhandlified references into the code
ByteArray and the subject String object are updated after a potential
GC.
Since interrupts may change the subject string's representation, the
interpreter is now called in a loop to handle retries.
Bug: v8:8724
Change-Id: Ic34de8d69ccc56d4656b8ed080c2c168c212ebfc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511477
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60187}
Extensions are now always passed via unique_ptr and are owned by V8.
This CL removes the deprecated API where the embedder would own the
Extension, but has no mechanism for deleting it.
R=ulan@chromium.org
Bug: v8:8725
Change-Id: Icb83660fad9d04c66f8db2265091ebabcbb197c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514493
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60186}
Embedders should use WasmModuleObject instead.
R=adamk@chromium.org
Change-Id: Ibe5e4b160bb917bcd9f895be1b954acc40a045d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513616
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60184}
Added a new compilation unit for Wasm interpreter in order to make it
a first-class tier in the future. Adapted Wasm interpreter usage to
work with the new interface. The new compilation unit is currently
not used.
Change-Id: Ib9e1d0dc6ca1b03467cc43059f03ce153bb96400
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514734
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60183}
Seal read-only space before startup deserialization. This is necessary
for fully isolating read-only space creation. Strings within read-only
space are now eagerly rehashed.
Bug: v8:7464
Change-Id: I8b91a6f6b31e03e69d80109b1ca30c675a495c36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511485
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#60182}
According to the wasm js-spec, the table index can be uint32. The
implementation in our implementation expected an int though. We did not
check for the int overflow.
I replaced the throwing of the exception in WasmTableObject::Get to use
the ErrorThrower instead of throwing the exception with Isolate::Throw
directly. The reason is that I see with other CL's that I have to throw
several errors, and I don't want to introduce a new message and
MessageId for every error. Moreover, the ErrorThrower is a standard way
in wasm to throw errors. It feels right to throw the error the same way
here.
R=mstarzinger@chromium.org
Bug: chromium:940296
Change-Id: Idb77c813506fe66a3192b66fe0e8e807b80580ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514496
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60181}
Type declaration may contain a parent type in an "extends" clause.
This CL changes the token type of the name after such a clause
from std::string to Identifier*. The resulting SourcePosition is then
used to implement the "goto-definition" link from that name to the
definition of the parent type.
R=mvstanton@chromium.org
Bug: v8:8880
Change-Id: I9ea6cd83e4d6ef535906e36626f64d458c7d0270
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511481
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60179}
This is a reland of beaca8cf8b
Original change's description:
> [presubmit] use the correct path for third party libraries
>
> This CL ensures that presubmit script checks Torque files in third_party
> dependencies.
>
> R=szuend@chromium.org
> TBR=machenbach@chromium.org,sergiyb@chromium.org
> CC=yangguo@chromium.org
>
> No-Try: true
> Change-Id: I9e2b193defbebe7ae85cfc5d14ce50c2ac367e9b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513674
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Commit-Queue: Tamer Tas <tmrts@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60152}
R=szuend@chromium.orgTBR=machenbach@chromium.org,sergiyb@chromium.org
CC=yangguo@chromium.org
No-Try: true
Change-Id: Id74408fbc69cd45bd48ec06c2e4da556d384d99c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1515753
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60178}
This CL adds two sets of benchmarks. The first measures the effort
needed to walk the stack and create the data structure stored in
Error.stack, while the second measures the serialization of that
Error.stack data structure into a string.
R=petermarshall@chromium.org, yangguo@chromium.org
Bug: v8:8742
Change-Id: Ie7b86da5621cb186a036a3ec99692ec4d2048fba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505614
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60176}
See: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/windbg-scripting-preview
The script can be loaded into WinDbg with:
.scriptload full_path\windbg.js
Help:
!help
Currently provided functionality:
!jlh("local_handle_var_name")
prints object held by the handle, e.g. !jlh("key") or !jlh("this->receiver_")
!job(address_or_taggedint)
prints object at the address, e.g. !job(0x235cb869f9)
!jobs(start_address, count)
prints 'count' objects from a continuous range of Object pointers, e.g. !jobs(0x5f7270, 42)
!jst() or !jst
prints javascript stack (output goes into the console)
!jsbp() or !jsbp
sets bp in v8::internal::Execution::Call (begin user's script)
To run any function from this script (live or postmortem):
dx @$scriptContents.function_name(args)
e.g. dx @$scriptContents.pointer_size() or e.g. dx @$scriptContents.module_name('chrome_child')
Change-Id: I958ff0544582c1ea0b12fd3349d460d28ac7ed56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1506450
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60175}
Since kTaggedSize got shrinked and we are actually compressing
the pointers (as oppposed to zeroing their upper bits),
we need to update the arm64 codebase to accommodate this change.
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:7703
Change-Id: I890f3ab8c046f47232e80f85830f9ae8f4dbced4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499498
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60172}
When given a sticky regexp s.t. lastIndex > subject.length, the
following should happen:
1. exec returns null (= no match)
2. lastIndex is reset to 0.
This is usually done by the RegExp.p.exec builtin; but in some cases
we take different paths and try to re-implement the parts of exec that
we need.
One of these cases was in %StringReplaceNonGlobalRegExpWithFunction.
Here, we set lastIndex to 0 but then incorrectly called into
RegExpImpl::Exec. REI::Exec started matching with lastIndex == 0,
which is just plain wrong. With this CL we now correctly omit the
REI::Exec call and return null.
Bug: chromium:937681, v8:5361
Change-Id: I6bb1114a6b92ed3c6e63ec7f6ec2df4b95a19b4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514679
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60169}
This removes three unneeded includes from wasm-code-manager.h, and adds
four that were missing.
R=ahaas@chromium.org
Bug: v8:7490, v8:8834
Change-Id: I0f0f367c0ff748cc1561689b7e2badf3a7a01ca5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513717
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60168}
In order to get a more complete picture about the code sizes of
compiled wasm modules, sample the code size of each module after
top-tier compilation finished. This happens via the {WasmEngine}
because that's where we know which isolates use a given {NativeModule}
and can schedule foreground tasks to sample the code size.
R=mstarzinger@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Bug: v8:8217
Change-Id: Id585db8a9ab8f3aa1060b08411afaa31c5414f87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508404
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60167}
We currently see >20% of modules overflow on this counter, i.e. having
more than 100k functions. Thus increase the histogram size to 1M, which
is the maximum number of functions supported in v8.
R=titzer@chromium.org
Bug: v8:8975
Change-Id: Ie709ec37cdea90b78637da63b48aea0f4775cee5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514736
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60165}
Currently the total allocated address space is collected twice per Wasm
memory: Once on allocation, once on release. Recording it once provides
the same data.
R=titzer@chromium.org
Bug: v8:8975
Change-Id: I99719ecb44b14ce5da1be4a74291377f91f4038a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514738
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60164}