For the initial implementation we simply keep the capacity of
the young large object space in sync with the capacity of the
new space. The only subtlety is that we allow at least one
large object independent from its size. So it may exceed the
capacity of the space.
This also fixes setting of the large page flags for incremental
marking.
Bug: chromium:852420
Change-Id: I12a9d4a7350464ca291710917ecad782ae73b8e1
Reviewed-on: https://chromium-review.googlesource.com/c/1456092
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59422}
We often use raw assertPromiseResult with {success ==
assertUnreachable} for that. Having a separate helper increases
readability and allows us to generate consistent (and better) error
messages.
R=titzer@chromium.org
Bug: chromium:926311
Change-Id: I507941eacaafe6c576098d7829a76b27384a4fb6
Reviewed-on: https://chromium-review.googlesource.com/c/1456039
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59417}
This is a reland of I968a08cef6a6d49350aa79185b2c6fb856d15f23
Original change's description:
> [builtins] [turbofan] Refactor Float64Pow to use single implementation
>
> Remove platform-specific Float64Pow implementations and utils Pow in
> favor of a base::ieee754::pow implementation.
>
> This unifies the implementation of pow for the compiler, wasm, and
> runtime.
>
> Bug: v8:5848, v8:5086
> Change-Id: I968a08cef6a6d49350aa79185b2c6fb856d15f23
> Reviewed-on: https://chromium-review.googlesource.com/c/1403018
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59229}
Bug: v8:5848, v8:5086
Change-Id: I92f22ae03adafd9ad042e8d4bb406cbd5b5fb51e
Cq-Include-Trybots: luci.chromium.try:linux_chromium_ubsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/1447854
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59411}
This adds constant field tracking for arrays. To prevent changing the
field in some other elements-kind-branch of transition tree, we only
use the const information in the optimizing compiler if the map is not
an array map or if the map is stable (since stable maps cannot
transition to a different elements-kind-branch without deopt).
Some more details:
https://docs.google.com/document/d/1r2GAvdi_wudDS6iRUfdPw0gxWMfV-IX1PqKgwW47FyE
Bug: chromium:912162, v8:8361
Change-Id: Iea1b2f03ddee16205c2141ac5e813a973dd23cf4
Reviewed-on: https://chromium-review.googlesource.com/c/1454606
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59409}
V8 test suites return tests by loading them into memory up-front. Up-front
loading has memory and loading-time overhead for the testrunner.
This CL converts the test-suites to load tests during the test run in parallel.
After CL, most test suites start running immediately and all test suites start
running after 3 seconds on a modern SSD.
This CL eliminates the 200 MiB memory spikes that causes memory problems in mac
minis.
Overhead of running test262 before CL:
Line # Mem usage Increment Line Contents
=================================================
264 225.760 MiB 195.8.000 MiB tests = self._load_testsuite_generators(args, options)
-------------------------------------------------
Overhead of running test262 after CL:
Line # Mem usage Increment Line Contents
================================================
264 28.840 MiB 0.000 MiB tests = self._load_testsuite_generators(args, options)
-------------------------------------------------
R=machenbach@chromium.org
CC=yangguo@chromium.org,sergiyb@chromium.org
Bug: v8:8174, v8:8552, v8:8728
Change-Id: Iab540b9410239b05dc80b4a5228db25d8b8fb3b9
Reviewed-on: https://chromium-review.googlesource.com/c/1454478
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59408}
"this" is a very common expression. By using a single ThisExpression object
we can both avoid allocating many unnecessary VariableProxies and specialize
the resolution of this since we know where it's declared up-front. This also
avoids having to special-case "this" reference handling in the paths that would
behave differently for "this" than for regular references; e.g., with-scopes.
The tricky pieces are due to DebugEvaluate and this/super() used as default
parameters of arrow functions. In the former case we replace the WITH_SCOPE
with FUNCTION_SCOPE so that we make sure that "this" is intercepted, and still
rely on regular dynamic variable lookup. Arrow functions are dealt with by
marking "this" use in ArrowHeadParsingScopes. If the parenthesized expression
ends up being an arrow function, we force context allocate on the outer scope
(and mark "has_this_reference" on the FUNCTION_SCOPE so DebugEvaluate in the
arrow function can expose "this").
The CL also removes the now unused ThisFunction AST node.
Change-Id: I0ca38ab92ff58c2f731e07db2fbe91df901681ef
Reviewed-on: https://chromium-review.googlesource.com/c/1448313
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59393}
This is a reland of 81eec150f6
Original change's description:
> Reland "[test] refactor testsuite configuration"
>
> This is a reland of 7f92ad0ab6
>
> Original change's description:
> > [test] refactor testsuite configuration
> >
> > Every testsuite configuration consist of at least 30% code duplication.
> >
> > The code age ranges from 10 years old to 5 years old. Implementing anything that
> > touches the testsuite code becomes a technical fight to the death.
> >
> > This CL removes all the duplication by refactoring the common functionality.
> >
> > This CL contains structural changes without any logical changes % small bug
> > fixes.
> >
> > R=machenbach@chromium.org
> > CC=yangguo@chromium.org,sergiyb@chromium.org
> >
> > Bug: v8:8174, v8:8769
> > Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
> > Reviewed-on: https://chromium-review.googlesource.com/c/1445881
> > Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#59361}
>
> Bug: v8:8174, v8:8769
> Change-Id: I8e7078cfb875ceb3777e57084e6f8dfac09693e7
> Reviewed-on: https://chromium-review.googlesource.com/c/1454485
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Tamer Tas <tmrts@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59369}
Bug: v8:8174, v8:8790
Change-Id: I38ab9d37bca76057441a970f26e2102e4387a857
Reviewed-on: https://chromium-review.googlesource.com/c/1454724
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59387}
1. Change the function to align with UTS35 instead of (old) RFC.
2. Restrict tag as Unicode Locale Identifier by code that on top of ICU.
Because icu::Locale in ICU63 is not tight enough to restrict that.
Added comments to show what to do (to use icu::LocaleBuilder) after
the landing of ICU64
3. Fix to pass two tests in test262.
Bug: v8:8262,v8:8670,v8:7684
Change-Id: If244647e6a50daae305b9ae1a569100859be8a0c
Reviewed-on: https://chromium-review.googlesource.com/c/1435737
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59382}
Introduce a way to set a custom finalization callback that can be used
to signal and set up destruction of embedder memory.
Bug: chromium:923361
Change-Id: Ifc62ebd534aba3b02511c74b59161ec3edc0ee0d
Reviewed-on: https://chromium-review.googlesource.com/c/1452447
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59381}
This reverts commit 73dd9b5527.
Reason for revert: Broke telemetry layout tests - https://ci.chromium.org/p/chromium/builders/luci.chromium.try/win7-rel/9936 as can be seen in this roll - https://chromium-review.googlesource.com/c/chromium/src/+/1454259
Original change's description:
> [utf8] Rewrite NewStringFromUtf8 using Utf8::ValueOfIncremental
>
> This is 3-4x faster than using the Utf8Decoder. This matters for proper
> parse-time measurements using d8.
>
> Change-Id: I9870e9fbe400ec022a6eeb20491c80a2a32f8519
> Reviewed-on: https://chromium-review.googlesource.com/c/1451827
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59347}
TBR=ulan@chromium.org,leszeks@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I3f8faebb61c19a41ee496a571228f53c0d5fc8dd
Reviewed-on: https://chromium-review.googlesource.com/c/1454495
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59378}
Preserve coverage for unused functions by force marking them used when
code coverage is enabled.
Bug: chromium:927464
Change-Id: Ia973467d06f7268f4e98cc76d0bb98cc591e979c
Reviewed-on: https://chromium-review.googlesource.com/c/1454717
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59373}
This reverts commit 81eec150f6.
Reason for revert: windows mozilla test failures
Original change's description:
> Reland "[test] refactor testsuite configuration"
>
> This is a reland of 7f92ad0ab6
>
> Original change's description:
> > [test] refactor testsuite configuration
> >
> > Every testsuite configuration consist of at least 30% code duplication.
> >
> > The code age ranges from 10 years old to 5 years old. Implementing anything that
> > touches the testsuite code becomes a technical fight to the death.
> >
> > This CL removes all the duplication by refactoring the common functionality.
> >
> > This CL contains structural changes without any logical changes % small bug
> > fixes.
> >
> > R=machenbach@chromium.org
> > CC=yangguo@chromium.org,sergiyb@chromium.org
> >
> > Bug: v8:8174, v8:8769
> > Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
> > Reviewed-on: https://chromium-review.googlesource.com/c/1445881
> > Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#59361}
>
> Bug: v8:8174, v8:8769
> Change-Id: I8e7078cfb875ceb3777e57084e6f8dfac09693e7
> Reviewed-on: https://chromium-review.googlesource.com/c/1454485
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Tamer Tas <tmrts@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59369}
TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org
Change-Id: I8f5650b5f46be299c004e2fa8b708fa2c17a4dc2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8174, v8:8769
Reviewed-on: https://chromium-review.googlesource.com/c/1454607
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59370}
This is a reland of 7f92ad0ab6
Original change's description:
> [test] refactor testsuite configuration
>
> Every testsuite configuration consist of at least 30% code duplication.
>
> The code age ranges from 10 years old to 5 years old. Implementing anything that
> touches the testsuite code becomes a technical fight to the death.
>
> This CL removes all the duplication by refactoring the common functionality.
>
> This CL contains structural changes without any logical changes % small bug
> fixes.
>
> R=machenbach@chromium.org
> CC=yangguo@chromium.org,sergiyb@chromium.org
>
> Bug: v8:8174, v8:8769
> Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
> Reviewed-on: https://chromium-review.googlesource.com/c/1445881
> Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59361}
Bug: v8:8174, v8:8769
Change-Id: I8e7078cfb875ceb3777e57084e6f8dfac09693e7
Reviewed-on: https://chromium-review.googlesource.com/c/1454485
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59369}
This reverts commit 7f92ad0ab6.
Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win32/19148
Original change's description:
> [test] refactor testsuite configuration
>
> Every testsuite configuration consist of at least 30% code duplication.
>
> The code age ranges from 10 years old to 5 years old. Implementing anything that
> touches the testsuite code becomes a technical fight to the death.
>
> This CL removes all the duplication by refactoring the common functionality.
>
> This CL contains structural changes without any logical changes % small bug
> fixes.
>
> R=machenbach@chromium.org
> CC=yangguo@chromium.org,sergiyb@chromium.org
>
> Bug: v8:8174, v8:8769
> Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
> Reviewed-on: https://chromium-review.googlesource.com/c/1445881
> Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59361}
TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org,v8-reviews@chromium.org
Change-Id: I473f0d4c6b9c0239923b8c03699dbc38b7f85030
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8174, v8:8769
Reviewed-on: https://chromium-review.googlesource.com/c/1454599
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59362}
Every testsuite configuration consist of at least 30% code duplication.
The code age ranges from 10 years old to 5 years old. Implementing anything that
touches the testsuite code becomes a technical fight to the death.
This CL removes all the duplication by refactoring the common functionality.
This CL contains structural changes without any logical changes % small bug
fixes.
R=machenbach@chromium.orgCC=yangguo@chromium.org,sergiyb@chromium.org
Bug: v8:8174, v8:8769
Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
Reviewed-on: https://chromium-review.googlesource.com/c/1445881
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59361}
Test262 has a couple of duplicated test files with the identical inside both
"test262/data/test" and "test262/local-tests/test".
Testrunner used to deduplicate the tests, which masked this issue.
This CL removes the obsolete copies in the local-tests.
R=adamk@chromium.org,yangguo@chromium.org,machenbach@chromium.org
Bug: v8:8174,v8:8728
Change-Id: Iecdc40b417f237feb916f1c3a24f8def7ea11fad
Reviewed-on: https://chromium-review.googlesource.com/c/1452436
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59354}
Remove the call to [[HasProperty]] for the shared property when threads
feature is enabled.
Bug: v8:8782
Change-Id: I492ed3726ea846a1a52dc3a0e0a183d9ee506e96
Reviewed-on: https://chromium-review.googlesource.com/c/1451826
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Cr-Commit-Position: refs/heads/master@{#59352}
This is 3-4x faster than using the Utf8Decoder. This matters for proper
parse-time measurements using d8.
Change-Id: I9870e9fbe400ec022a6eeb20491c80a2a32f8519
Reviewed-on: https://chromium-review.googlesource.com/c/1451827
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59347}
This is a reland of a9e93572d4
Original change's description:
> [test] Check for illegal uses of mjsunit methods
>
> The assertThrows and assertDoesNotThrow methods expect either a
> function to execute, or a string to eval. In several tests however we
> accidentally passed the *result* of the statement to be tested instead
> of the code.
> This CL adds check to catch such error early, and removes wrong uses.
> In most places, we do not need to use assertDoesNotThrow anyway,
> because exceptions are handled as test failures.
>
> Drive-by: Unify catch syntax in mjsunit.js and make sure to propagate
> MjsUnitAssertionErrors correctly.
>
> R=mathias@chromium.org
>
> Bug: v8:8562
> Change-Id: I88894a667cbe0570774f748a9a23e8a527887a49
> Reviewed-on: https://chromium-review.googlesource.com/c/1439238
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59277}
Bug: v8:8562
Change-Id: I3b26935f7b35302d499266155273ea271bf8151d
Reviewed-on: https://chromium-review.googlesource.com/c/1449792
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59328}
This is a reland of 0befa6d4c3
Original change's description:
> [nojit] Check that --jitless is disabled when creating wasm code
>
> Drive-by: Amend wasm test skips for lite mode.
>
> Bug: v8:7777
> Change-Id: I23e13b65e548c19d6b24a26e0b962a9978f54ed7
> Reviewed-on: https://chromium-review.googlesource.com/c/1449616
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59314}
Tbr: mstarzinger@chromium.org
Bug: v8:7777
Change-Id: I0a076b36bb2e69b612df89b0f35067f299f27a7e
Reviewed-on: https://chromium-review.googlesource.com/c/1451819
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59325}
In the process add missing base Torque functionality for 8-bit and
16-bit integers and Cast<> operators to make them easy to use.
As a poster child, port the field declarations of SharedFunctionInfo
to the class definition in base.tq.
As a drive by: Add the missing GN dependency on
class-definitions-from-dsl.h
Bug: v8:7793
Change-Id: I76a41c2e81ffd1cbb90ac7a4ef8d4003ac86e8dc
Reviewed-on: https://chromium-review.googlesource.com/c/1445882
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59321}
This CL makes the TypedArray#sort unit test more robust, that checks
for the stable property.
R=jgruber@chromium.org
Bug: v8:8567
Change-Id: I8e6a729d0a8b54901535d49eb578b8b34bd6f2eb
Reviewed-on: https://chromium-review.googlesource.com/c/1449695
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59316}
These offsets are now transported via CodeDesc.
Bug: v8:8758
Change-Id: If7485c62878bc81a55c9b4ca8ce3578dab2376ce
Reviewed-on: https://chromium-review.googlesource.com/c/1447717
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59315}
Drive-by: Amend wasm test skips for lite mode.
Bug: v8:7777
Change-Id: I23e13b65e548c19d6b24a26e0b962a9978f54ed7
Reviewed-on: https://chromium-review.googlesource.com/c/1449616
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59314}
Set entries return an array with the value as first and second entry.
As such these are considered key value pairs to align with maps
entries iterator.
So far the return value was identical to the values iterator and that
is misleading.
This also adds tests to verify the results and improves the coverage
a tiny bit by testing different iterators.
Refs: https://github.com/nodejs/node/issues/24629R=yangguo@chromium.org
Change-Id: I669a724bb4afaf5a713e468b1f51691d22c25253
Reviewed-on: https://chromium-review.googlesource.com/c/1350790
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59311}
The result of Object::ToInteger is a number rounded to an
integer value, but not necessarily in the range of what a
C++ "int" can represent. Doing the 2 <= radix <= 36 range
check first makes the subsequent cast safe.
Bug: chromium:927212
Change-Id: I49f115140f6dc1f951cbc08a3025b3ac92ec8628
Reviewed-on: https://chromium-review.googlesource.com/c/1449040
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59303}
This reverts commit a1b431d7d3.
Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/22809
Original change's description:
> [serializer] share class positions tuple across contexts
>
> Class positions is a struct that stores the start and end positions of a class
> literal. It is stored both on class objects, and the template used to
> instantiate class objects.
>
> The template is reachable from the bytecode array and therefore serialized by
> the startup serializer. Class objects are context-dependent and therefore
> serialized by the partial serializer. Serializing class positions from both
> serializers violates the assumption that we don't serialize any object twice.
>
> R=gsathya@chromium.org
>
> Bug: v8:8761
> Change-Id: If22c554cc7396d63998a015454ce0c67a7d2e05c
> Reviewed-on: https://chromium-review.googlesource.com/c/1444956
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59292}
TBR=yangguo@chromium.org,mstarzinger@chromium.org,gsathya@chromium.org
Change-Id: I9f3fd1b29b5991b450223f8b27dfc7aa7e5a3171
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8761
Reviewed-on: https://chromium-review.googlesource.com/c/1450116
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59300}
This basically adjusts reality to match our expectations. Methods based
on Code::kConstantPoolOffset expected the constant pool to be located
immediately following the handler table and before the code comments
section, while it was actually emitted before the jump table. We did
not notice earlier since this is only relevant on ppc.
Bug: v8:8758
Change-Id: I189af491fe133a7dc480ff4056372ba7a27faa81
Reviewed-on: https://chromium-review.googlesource.com/c/1445880
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#59299}
Users should switch to TracedGlobal and the newly added methods of
v8::EmbedderHeapTracer.
Bug: chromium:923361, v8:8562
Change-Id: I3e5ed5785a0a49c0b65c7b1d1d103e568dd3e938
Reviewed-on: https://chromium-review.googlesource.com/c/1445752
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59297}
This CL revises some of our error messages, and removes unneeded parts
(like "AsyncCompilation: " or "(null): "). It also extends existing
tests to check for the precise error message more thoroughly to detect
changes or nondeterminism earlier.
R=titzer@chromium.org, ahaas@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: chromium:926311
Change-Id: I1ccfb307d4a61291f4582330152a53fbadd0848f
Reviewed-on: https://chromium-review.googlesource.com/c/1445897
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59296}
This adds support for integrity level transitions (preventExtensions,
seal and freeze) to MapUpdater and Map::TryUpdate.
In both cases, we first try to detect whether there were integrity
level transitions in the transition tree to the old map and make note
of the most restrictive integrity transition and the map just before
the transition (integrity-source-map). Then we find an appropriate root
(based on integrity-source-map's elements kind) and replay the
transitions based on the integrity-source-map's descriptor
array. Finally, if we saw an integrity level transition in
the beginning, we will find-or-create that transition (on the
updated version of integrity-source-map).
For the following micro-benchmark, we get about 10x speedup.
```
function C() {
this.x = 1;
Object.seal(this);
this.x = 0.1;
}
const start = Date.now();
for (let i = 0; i < 1e7; i++) {
new C();
}
console.log("Reconfigure sealed: " + (Date.now() - start));
```
Before:
> Reconfigure sealed: 5202
After:
> Reconfigure sealed: 479
Bug: v8:8538
Change-Id: If695be7469d8b6ccd44ac4528be8aa34b65b3e4d
Reviewed-on: https://chromium-review.googlesource.com/c/1442640
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59295}
Class positions is a struct that stores the start and end positions of a class
literal. It is stored both on class objects, and the template used to
instantiate class objects.
The template is reachable from the bytecode array and therefore serialized by
the startup serializer. Class objects are context-dependent and therefore
serialized by the partial serializer. Serializing class positions from both
serializers violates the assumption that we don't serialize any object twice.
R=gsathya@chromium.org
Bug: v8:8761
Change-Id: If22c554cc7396d63998a015454ce0c67a7d2e05c
Reviewed-on: https://chromium-review.googlesource.com/c/1444956
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59292}
This CL changes the usage pattern from
FOR_XXX_VALUES(i) { Use(*i); }
to
FOR_XXX_VALUES(i) { Use(i); }
which is way more intuitive.
Note that the replacement in the uses was done via regular expression,
so it's purely mechanical. In two locations I removed unneeded braces
around the macro, because they confused clang-format.
I plan to do more cleanups (remove redundant assignments within the
FOR_XXX_VALUES body) in a follow-up CL.
R=mstarzinger@chromium.org
Bug: v8:8562
Change-Id: I4329bfcf34e5b077d19b50f4204ceb3b4340fe61
Reviewed-on: https://chromium-review.googlesource.com/c/1449615
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59287}
If we need to allocate a DOUBLE_ELEMENTS backing store, it's important
to allow large object space allocation.
BUG: chromium:926856
Change-Id: I9dd94f7176891a6f8f11d5f579b67df8151a40b5
Reviewed-on: https://chromium-review.googlesource.com/c/1449531
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59285}
This reverts commit a9e93572d4.
Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/23956
Happened already 2 builds earlier, but the output is corrupted due to
an outage.
Original change's description:
> [test] Check for illegal uses of mjsunit methods
>
> The assertThrows and assertDoesNotThrow methods expect either a
> function to execute, or a string to eval. In several tests however we
> accidentally passed the *result* of the statement to be tested instead
> of the code.
> This CL adds check to catch such error early, and removes wrong uses.
> In most places, we do not need to use assertDoesNotThrow anyway,
> because exceptions are handled as test failures.
>
> Drive-by: Unify catch syntax in mjsunit.js and make sure to propagate
> MjsUnitAssertionErrors correctly.
>
> R=mathias@chromium.org
>
> Bug: v8:8562
> Change-Id: I88894a667cbe0570774f748a9a23e8a527887a49
> Reviewed-on: https://chromium-review.googlesource.com/c/1439238
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59277}
TBR=ahaas@chromium.org,clemensh@chromium.org,mathias@chromium.org
Change-Id: Iec06c95dd3223f27297e5c6e02835d26b5e753e7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8562
Reviewed-on: https://chromium-review.googlesource.com/c/1449634
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59284}
The assertThrows and assertDoesNotThrow methods expect either a
function to execute, or a string to eval. In several tests however we
accidentally passed the *result* of the statement to be tested instead
of the code.
This CL adds check to catch such error early, and removes wrong uses.
In most places, we do not need to use assertDoesNotThrow anyway,
because exceptions are handled as test failures.
Drive-by: Unify catch syntax in mjsunit.js and make sure to propagate
MjsUnitAssertionErrors correctly.
R=mathias@chromium.org
Bug: v8:8562
Change-Id: I88894a667cbe0570774f748a9a23e8a527887a49
Reviewed-on: https://chromium-review.googlesource.com/c/1439238
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59277}
This fixes stack height management when a call to an external function
raises a type error trap. It also adds a test case that such exceptions
can be caught locally.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8729
Change-Id: I54b19ba86eb937695584229753d7f6cfa7e1a15d
Reviewed-on: https://chromium-review.googlesource.com/c/1447773
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59273}
This CL replaces the current TypedArray#sort with a simpler mergesort.
The fastpath when the user does not provide a comparison function
is still used.
In addition, TypedArray#sort now converts all elements in the
TypedArray to tagged values upfront, sorts them and writes them
back into the TypedArray as the final step.
R=jgruber@chromium.org, tebbi@chromium.org
Bug: v8:8567
Change-Id: Ib672c5cf510f7c0a2e722d1baa2704305a9ff235
Reviewed-on: https://chromium-review.googlesource.com/c/1445987
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59271}
This way we can remove them correctly and avoid leaks.
R=mstarzinger@chromium.org, ulan@chromium.org
Bug: v8:8725
Change-Id: I52cbbf34a94171aaeb581b55aecb25311465544d
Reviewed-on: https://chromium-review.googlesource.com/c/1446453
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59266}
Multiplication, division, and toString can take a very long
time for large inputs. This patch adds stack checks to each
of these operations so embedders can interrupt them.
Bug: chromium:922032
Change-Id: Idae9d32d6f78a028de4d2ba3abdb79c624f0dca1
Reviewed-on: https://chromium-review.googlesource.com/c/1444913
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59262}
(The bug didn't affect any functionality; we just left detached WeakCells in
inconsistent state.)
BUG=v8:8179
Change-Id: I28f6c27532383b94bdfd746db903096f1dc6f1cc
Reviewed-on: https://chromium-review.googlesource.com/c/1447651
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59255}
This is a reland of 1e3582b5ae
Original change's description:
> Reland "[builtins] Verify Isolate compatibility with the embedded blob"
>
> This is a reland of b022e825bd
>
> Original change's description:
> > [builtins] Verify Isolate compatibility with the embedded blob
> >
> > Embedded builtins (= the embedded blob) have a few dependencies on the
> > snapshot state. For instance, they require that metadata stored on
> > builtin Code objects as well as the builtins constant table remain
> > unchanged from mksnapshot-time. Embedders may violate these
> > assumptions by accident, e.g. by loading a snapshot generated with
> > different build flags, leading to seemingly unrelated failures later
> > on.
> >
> > This CL introduces an Isolate hash stored in the embedded blob which
> > hashes relevant parts of builtin Code objects and the builtins
> > constant table. It's verified in Isolate::Init in debug builds.
> >
> > Bug: v8:8723
> > Change-Id: Ifc9bdbe6f56ea67d8984f162afa73a3572cfbba8
> > Reviewed-on: https://chromium-review.googlesource.com/c/1442641
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#59177}
>
> Tbr: yangguo@chromium.org,sigurds@chromium.org
> Bug: v8:8723
> Change-Id: I1dd001783f0f1fae21a9809c8639e40f55b8f663
> Reviewed-on: https://chromium-review.googlesource.com/c/1445985
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59236}
Tbr: yangguo@chromium.org,sigurds@chromium.org
Bug: v8:8723
Change-Id: I8e4ae2f09d16b693c1fb814477d8487385046ee4
Reviewed-on: https://chromium-review.googlesource.com/c/1448312
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59250}
This CL revises some of our error messages to be more precise or more
aesthetically appealing.
R=titzer@chromium.org, ahaas@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: chromium:926311
Change-Id: I38eaee09fd37f9b67fdb08bc7b0df64a6eaf96f9
Reviewed-on: https://chromium-review.googlesource.com/c/1445980
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59249}
This reverts commit 1e3582b5ae.
Reason for revert: Still fails nosnap: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/22789
Original change's description:
> Reland "[builtins] Verify Isolate compatibility with the embedded blob"
>
> This is a reland of b022e825bd
>
> Original change's description:
> > [builtins] Verify Isolate compatibility with the embedded blob
> >
> > Embedded builtins (= the embedded blob) have a few dependencies on the
> > snapshot state. For instance, they require that metadata stored on
> > builtin Code objects as well as the builtins constant table remain
> > unchanged from mksnapshot-time. Embedders may violate these
> > assumptions by accident, e.g. by loading a snapshot generated with
> > different build flags, leading to seemingly unrelated failures later
> > on.
> >
> > This CL introduces an Isolate hash stored in the embedded blob which
> > hashes relevant parts of builtin Code objects and the builtins
> > constant table. It's verified in Isolate::Init in debug builds.
> >
> > Bug: v8:8723
> > Change-Id: Ifc9bdbe6f56ea67d8984f162afa73a3572cfbba8
> > Reviewed-on: https://chromium-review.googlesource.com/c/1442641
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#59177}
>
> Tbr: yangguo@chromium.org,sigurds@chromium.org
> Bug: v8:8723
> Change-Id: I1dd001783f0f1fae21a9809c8639e40f55b8f663
> Reviewed-on: https://chromium-review.googlesource.com/c/1445985
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59236}
TBR=yangguo@chromium.org,sigurds@chromium.org,jgruber@chromium.org
Change-Id: If6082452c739d4de44ed70d3c6355f5282684ac1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8723
Reviewed-on: https://chromium-review.googlesource.com/c/1448311
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59241}
This is a reland of b022e825bd
Original change's description:
> [builtins] Verify Isolate compatibility with the embedded blob
>
> Embedded builtins (= the embedded blob) have a few dependencies on the
> snapshot state. For instance, they require that metadata stored on
> builtin Code objects as well as the builtins constant table remain
> unchanged from mksnapshot-time. Embedders may violate these
> assumptions by accident, e.g. by loading a snapshot generated with
> different build flags, leading to seemingly unrelated failures later
> on.
>
> This CL introduces an Isolate hash stored in the embedded blob which
> hashes relevant parts of builtin Code objects and the builtins
> constant table. It's verified in Isolate::Init in debug builds.
>
> Bug: v8:8723
> Change-Id: Ifc9bdbe6f56ea67d8984f162afa73a3572cfbba8
> Reviewed-on: https://chromium-review.googlesource.com/c/1442641
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59177}
Tbr: yangguo@chromium.org,sigurds@chromium.org
Bug: v8:8723
Change-Id: I1dd001783f0f1fae21a9809c8639e40f55b8f663
Reviewed-on: https://chromium-review.googlesource.com/c/1445985
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59236}
This reverts commit 595aafeb21.
Reason for revert:
https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8922824501209195616/+/steps/Mozilla/0/logs/15.8.2.13/0
Original change's description:
> [builtins] [turbofan] Refactor Float64Pow to use single implementation
>
> Remove platform-specific Float64Pow implementations and utils Pow in
> favor of a base::ieee754::pow implementation.
>
> This unifies the implementation of pow for the compiler, wasm, and
> runtime.
>
> Bug: v8:5848, v8:5086
> Change-Id: I968a08cef6a6d49350aa79185b2c6fb856d15f23
> Reviewed-on: https://chromium-review.googlesource.com/c/1403018
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59229}
TBR=yangguo@chromium.org,jarin@chromium.org,neis@chromium.org,clemensh@chromium.org,me@gus.host
Change-Id: I266df4b8350cfcebcea8f6063ad75ad962381105
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5848, v8:5086
Reviewed-on: https://chromium-review.googlesource.com/c/1447715
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59232}
Also use the feedback as a hint for the target, because target and
new.target are often the same and we have no way of checking that
in the serializer.
Bug: v8:7790
Change-Id: I9647bf9ab830a76657de400f413fc1cb798a2ade
Reviewed-on: https://chromium-review.googlesource.com/c/1445988
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59230}
Remove platform-specific Float64Pow implementations and utils Pow in
favor of a base::ieee754::pow implementation.
This unifies the implementation of pow for the compiler, wasm, and
runtime.
Bug: v8:5848, v8:5086
Change-Id: I968a08cef6a6d49350aa79185b2c6fb856d15f23
Reviewed-on: https://chromium-review.googlesource.com/c/1403018
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59229}
This adds support for handling exceptions between different frames of
one single interpreter activation. Frames are dropped until a local
handler is found. If none is found in the current activation then we
delegate to the existing stack unwinding mechanism to deal with multiple
activations interspersed with non-interpreter stack frames on the actual
machine stack.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8091
Change-Id: Ia4abb27ff037bf0d3e3b05721bd3c971ef820e3c
Reviewed-on: https://chromium-review.googlesource.com/c/1445989
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59228}
In particular, test all integrity level transitions properly.
The motivation for this fix was to get rid of the test that introduce {frozen_symbol}
transition while leaving properties configurable and writable. This CL tests each
integrity transition separately, and sets the attributes accordingly.
Bug: v8:8538
Change-Id: I741d87bba1472aec68bf92084e65edc16c1e08d8
Reviewed-on: https://chromium-review.googlesource.com/c/1446097
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59226}
The build config inherited from Chromium only enables a subset
of the checks that UBSan supports. We want them all, so this
patch overrides what "is_ubsan" means for V8.
Bug: v8:3770
Change-Id: I1d0a7d994279272f13ff1d4ac9ed235fcbfc0951
Reviewed-on: https://chromium-review.googlesource.com/c/1443502
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59222}
We noticed that almost every call site were loading both files,
the split isn't necessary anymore.
In some message tests, removed the absolute line number to allow future
changes.
Bug: v8:8726
Change-Id: I8527f0a1ecfa685aa01a5e2f5f47ddf1cb13a545
Reviewed-on: https://chromium-review.googlesource.com/c/1446452
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59220}
For instances created via constructors and `new` we try to pre-size
the instances such that ideally all the data properties can be
allocated as in-object properties (and we don't need to allocate the
out-of-object PropertyArray backing store). This is accomplished with
the helper of the Parser, which counts the property assignments to
`this` in the constructor, and we use that as the starting point for
pre-sizing logic (a mechanism called *slack tracking* is used to
dynamically shrink the objects based on the real memory usage, and
eventually compute the final starting size for instances of the
individual constructors).
This works well even with class hierarchies, since for a derived class
constructor we just include the current constructor plus all the base
constructors. I.e. with
```js
class A {
constructor() {
this.x00 = null;
this.x01 = null;
this.x02 = null;
this.x03 = null;
this.x04 = null;
this.x05 = null;
this.x06 = null;
this.x07 = null;
this.x08 = null;
this.x09 = null;
this.x10 = null;
this.x11 = null;
this.x12 = null;
this.x13 = null;
this.x14 = null;
this.x15 = null;
this.x16 = null;
this.x17 = null;
this.x18 = null;
this.x19 = null;
}
}
class B extends A {
constructor() {
super();
}
}
```
we will eventually learn that instances of `B` need 20 in-object
properties. However this breaks with transpiled code (i.e. as
generated via TypeScript or Babel), even when the constructors are
properly chained.
```js
function A() {
this.x00 = null;
this.x01 = null;
this.x02 = null;
this.x03 = null;
this.x04 = null;
this.x05 = null;
this.x06 = null;
this.x07 = null;
this.x08 = null;
this.x09 = null;
this.x10 = null;
this.x11 = null;
this.x12 = null;
this.x13 = null;
this.x14 = null;
this.x15 = null;
this.x16 = null;
this.x17 = null;
this.x18 = null;
this.x19 = null;
}
function B() {
A.call(this);
}
Object.setPrototypeOf(B, A);
```
Here we will always have 10 in-object properties for instances of
`B` (due to the generic over-allocation logic), and the other 10
properties have to be allocated in the out-of-object PropertyArray.
This is unfortunate and actually not necessary. Instead we could just
do the same [[Prototype]] walk on the constructor for regular function
constructors that we perform for derived (native) class constructors.
This CL changes that, such that we give the same treatment to transpiled
class that we have for native classes.
R=verwaest@chromium.org
Bug: v8:8764, v8:8765
Doc: https://bit.ly/v8-instance-presizing-with-transpiled-classes
Change-Id: Iac54391e41c9a39101751a678b3a647269fb009d
Reviewed-on: https://chromium-review.googlesource.com/c/1442643
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59214}
Changes made to the Wasm module builder:
- Create emit_u64v for emitting a LEB128 that conceptually represent
an 64-bits integer.
- Differentiate toBuffer and toUint8Array for returning respectively
ArrayBuffer and a Uint8Array.
- Moved wasmF32Const and wasmF64Const functions because we can take
advantage of the existing cached conversion buffers. Also, declaring
them in the constants file will collide with the module-builder since
they are loaded in the same scope.
- The byte_view buffer (used by some conversions to bytes) switched from
Int8Array to Uint8Array.
Changes made to the Wasm contants:
- Add a new kSharedHasMaximumFlag flag for shared memory with a maximum
value.
Bug: v8:8726
Change-Id: If16c59896cfa1d42008da413e2e144b73a0fa5ce
Reviewed-on: https://chromium-review.googlesource.com/c/1443062
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Cr-Commit-Position: refs/heads/master@{#59213}
This fixes how the interpreter modifies the operand stack in the case
calls with non-zero parameter or return count throw an exception. The
interpreter raises the exception before arguments are popped and before
results are pushed onto the stack. This makes the control transfer
analysis fit this model. It also makes the tests trigger this aspect.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8091
Change-Id: I001fc4bc0030393d3c97be3fa9425bc540575071
Reviewed-on: https://chromium-review.googlesource.com/c/1445972
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59212}
This patch changes the parser to allow for-of initializer
var-redeclaration of non-destructured catch parameters.
Previously, the spec allowed var-redeclaration of a
non-destructured catch parameter…
try {} catch (e) { var e; }
…except in the particular case where the var declaration is
a for-of initializer:
try {} catch (e) { for (var e of whatever) {} }
https://github.com/tc39/ecma262/pull/1393 removes this strange
exceptional case. This patch implements that change.
BUG=v8:8759
Change-Id: Ia4e33ac1eab89085f8a5fdb547f479cfa38bbee5
Reviewed-on: https://chromium-review.googlesource.com/c/1444954
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59209}
The test defined a function called "Register" which clashes with other functions
with the same name.
NOTRY=true
TBR=sigurds@chromium.org
BUG=v8:8179
Change-Id: I7ddfc481cd1de750272de7b43e2e7f9fe26626a9
Reviewed-on: https://chromium-review.googlesource.com/c/1445982
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59208}
Only Heap::GcSafeFindCodeForInnerPointer requires the chunk map.
Other large object spaces use more the efficient
MemoryChunk::FromAnyPointerAddress.
Additionally, this patch renames Register/Unregister to AddPage/RemovePage
to be consistent with other spaces and makes them virtual.
Bug: chromium:852420
Change-Id: I8d637bb59e15bd61fe452fda7f4a55049d32030c
Reviewed-on: https://chromium-review.googlesource.com/c/1439417
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59207}
This is an initial step towards clarifying the layout of the
instruction area. As follow-ups, we should remove additional
safepoint and handler table offset parameters, and perhaps alter
Code::safepoint_table_offset (handler_table) semantics to always
contain a real offset and avoid the magic 0 signifying nonexistent
tables.
Bug: v8:8758
Change-Id: I9f54629ff3ddad69904b0e1ce2a58e047397aa15
Reviewed-on: https://chromium-review.googlesource.com/c/1434036
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59202}
This implements preliminary handling of exceptions thrown by external
functions that have been imported into the module. Note that handling
internal function is still missing, but tests have been added.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8091
Change-Id: I9d07739d8b4715a5643114fd7a868cdd8d72efd0
Reviewed-on: https://chromium-review.googlesource.com/c/1445751
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59199}
In future, weak handles will be considered as independent and MarkActive() will
not be supported anymore. Users should switch to TracedGlobal, when relying on
special cases for using handles with v8::EmbedderHeapTracer.
Bug: chromium:923361, v8:8562
Change-Id: Ic6e01a1ab59a25c5fb0aa2ebfb8ddb02e454d72d
Reviewed-on: https://chromium-review.googlesource.com/c/1443064
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59194}
TracedGlobal integrates with the use case of EmbedderHeapTracer and replaces
regular weak Global or Persistent nodes for such cases. This allows to simplify
the case for regular weak handles in a sense that they follow regular weak
semantics (if the underlying object is otherwise unreachable the weak handle
will be reset).
TracedGlobal requires slightly different semantics in the sense that it can be
required to keep them alive on Scavenge garbage collections because there's a
transitive path that is only known when using the EmbedderHeapTracer.
TracedGlobal accomodates that use case.
TracedGlobal follows move semantics and can thus be used in regular std
containers without wrapping data structure.
The internal state uses 20% less memory and allows for only iterating those
nodes when necessary. The design trades the virtual call when iterating
interesting persistents in the GC prologue with calling out through the
EmbedderHeapTracer for each node which is also a virtual call. There is one less
iteration over the set of handles required though and the design is robust
against recursive GCs that mutate the embedder state during the prologue
callback.
Bug: chromium:923361
Change-Id: Idbacfbe4723cd12af9de21058a4792e51dc4df74
Reviewed-on: https://chromium-review.googlesource.com/c/1425523
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59183}
Enables WebAssembly's js-api module/customSection. The specification has
been updated; see https://github.com/WebAssembly/spec/issues/915. V8 was
already using DOMString.
Bug: v8:8633
Change-Id: I4c3e93c21594dbba84b3697e7e85069c3ff8b441
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/1415554
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59182}
This fixes RunWasmInterpreter_* tests on big endian mips/ppc/s390.
Change-Id: I4b9b767d0de45004ee1195ac225c6d1027c17a05
Reviewed-on: https://chromium-review.googlesource.com/c/1439517
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59174}
On Liftoff bailout, instead of binding all unbound labels (to avoid
triggering DCHECKS in their destructor), just Unuse them.
R=mstarzinger@chromium.org
Bug: chromium:924843
Change-Id: Icf581bca06eaa7369ab2bbd5d805112289d6a801
Reviewed-on: https://chromium-review.googlesource.com/c/1442645
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59172}
In some test-run-wasm-js cctests we want to call wasm code through the
js-to-wasm wrapper. This did not work if we wanted to run the wasm code
in the interpreter, because we never compiled a WasmInterpreterEntry,
and we did not patch the jump table.
With this CL we do both now.
R=clemensh@chromium.orgCC=fgm@chromium.org
Change-Id: I49971c5079053ed572928da7eab3e6ea3cb57c25
Reviewed-on: https://chromium-review.googlesource.com/c/1435941
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59170}
During execution, the tier can be switch from Liftoff to TurboFan. We
already handle this in some locations by getting the tier before
execution, so that we later know which was the requested tier for that
unit.
In the case of the --wasm-tier-mask-for-testing flag, this accounting
was not right because the tier was already switched in the constructor.
This CL changes the compilation units to store both the requested and
the executed tier explicitly, so we know which counter to decrement
when the unit finishes.
R=ahaas@chromium.org
Bug: chromium:925671
Change-Id: I673463135e9b3ab17e40cfdfd5d3a526ad5a9b79
Reviewed-on: https://chromium-review.googlesource.com/c/1442639
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59168}
There is no linking stage any more, and all the {Link} method did was
to set the module to executable. Thus rename the method to reflect that.
R=ahaas@chromium.org
Bug: v8:8562
Change-Id: Ifc83b5cbbb1377312d7c318e50a0f9d1ede45aa6
Reviewed-on: https://chromium-review.googlesource.com/c/1439237
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59167}
This is a followup change for https://crrev.com/c/1437275 to keep
the core wasm spec tests in sync with the tests checked out in
test/wasm-js/data.
R=clemensh@chromium.org
Change-Id: I3c78c5db647e9c871b4c64efbc9656acd1266efb
Reviewed-on: https://chromium-review.googlesource.com/c/1442638
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59166}
Currently, errors somewhere deep in a promise chain are not reported as
test failures. We would print the error, but still return with exit
status 0. This CL fixes this to treat any uncaught exception as
failure, as we already do in {Shell::ExecuteString}.
R=yangguo@chromium.org
Change-Id: Idc4e58cc0d45f8fca3f7b2c5070ab68d317fc00b
Reviewed-on: https://chromium-review.googlesource.com/c/1439378
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59165}
This replaces InNewSpace with InYoungGeneration, which is
a prerequisite for young large objects.
Additional changes:
- FROM_SPACE, TO_SPACE flags are renamed to FROM_PAGE, TO_PAGE.
- A new LARGE_PAGE flag is added.
- The external string table is refactored to track young string
instead of new space strings.
Bug: chromium:924547
Change-Id: Ia4e3ba1b72995c3400257a1f98559f091533e811
Reviewed-on: https://chromium-review.googlesource.com/c/1437274
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59156}
This CL extends the kCircularStructure error message to include the
constructors and keys involved in the circle:
const a = {};
a.arr = [];
a.arr[0] = a;
JSON.stringify(a);
TypeError: Converting circular structure to JSON
--> starting at object with constructor 'Object'
| property 'arr' -> object with constructor 'Array'
--- index 0 closes the circle
R=gsathya@chromium.org, yangguo@chromium.org
Bug: v8:6513, v8:8696
Change-Id: I393aa3ce47d8bfd03734fccac63445006940ef7a
Reviewed-on: https://chromium-review.googlesource.com/c/1433776
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59152}
This is a reland of 516d90685b
Original change's description:
> Expose the number of microtasks from RunMicrotasks
>
> This CL adds the number of processed microtasks to the tracing marker
> of RunMicrotasks, plus let RunMicrotasks return the number.
>
> Bug: v8:7804, v8:8124
> Change-Id: Ie584e22964121fbda3a822379d760e7518fc54a7
> Reviewed-on: https://chromium-review.googlesource.com/c/1425277
> Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59017}
Bug: v8:7804, v8:8124
Change-Id: I4a57ba3e23973f6b46414c4502244091c42cf532
Reviewed-on: https://chromium-review.googlesource.com/c/1430399
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59148}
Numeric conversions are defined behavior iff the value is in the
range of what the target type can represent.
Bug: v8:3770
Change-Id: Ic6f2276c64cb39345a45d8e37e604c28ecca34c2
Reviewed-on: https://chromium-review.googlesource.com/c/1436216
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59144}
Smi::LexicographicCompare: signed integer overflow on negation.
Drive-by improvement: reduce number of branches.
RegExpQuantifier: signed integer overflow on multiplication.
DateCache::DaylightSavingsOffsetInMs: signed integer overflow
on addition.
Bug: v8:3770,chromium:923466,chromium:923642,chromium:923626
Change-Id: If7d995a13893d1315449ee0bab8b5f2553e170f5
Reviewed-on: https://chromium-review.googlesource.com/c/1436229
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59143}
NativeRegExpMacroAssembler::Match() can return either a Result sentinel
or an int indicating the number of matches, so it should return a plain
int which we can only safely cast to Result or IrregexpResult when it's
guaranteed to be the former case.
Bug: v8:3770
Change-Id: I4c3447e0cdebd5f825964e086574ab504a1799cd
Reviewed-on: https://chromium-review.googlesource.com/c/1435735
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59142}
This adds preliminary support for exception handling to the interpreter.
Note that due to missing reference type support, the exception object is
not yet correctly put onto the operand stack. Also exceptions raised by
call operations are not handled properly yet.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8091
Change-Id: Ie68ca9448c7beafe8967dff5bb5de6642edcc9e4
Reviewed-on: https://chromium-review.googlesource.com/c/1436017
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59131}
Vars without initialisers don't need to allocate a VariableProxy, as the
proxy expression is not really needed for anything. So, we can special
case declaration parsing to look ahead for a '=' (plus a few other
cases), and skip the variable proxy allocation if it isn't there.
As a side-effect, variables that are only declared but never used are
no longer marked is_used, and thus not allocated. This saves on
generating dead code.
Change-Id: Ie4f04c6b5c1138df4c2e17acf1f0150459b3b571
Reviewed-on: https://chromium-review.googlesource.com/c/1434376
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59129}
An enum-typed value should never have a value outside of that enum's
range.
This patch enforces that in Debug mode, while in Release mode keeping
the previous behavior of returning "UnknownOpcode" as the mnemonic for
illegal IrOpcode values to ease debugging.
Bug: v8:3770
Change-Id: I83a5a356f1fb7a266921940a4495f1d39a1823cd
Reviewed-on: https://chromium-review.googlesource.com/c/1436221
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59102}
Not even when copying 0 bytes. Same for memmove and memcmp.
Bug: v8:3770
Change-Id: I3ed45a4572467ec7a9fc697ac28c004aa9b8b274
Reviewed-on: https://chromium-review.googlesource.com/c/1436217
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59101}
Anyref parameters can exist across GC runs. Therefore the GC has to
know where anyref parameters are on the stack so that it can mark them
in its marking phase, and update them in the compaction phase.
Already in a previous CL we grouped all anyref parameters so that they
can be found more easily in a stack frame, see
https://crrev.com/c/1371827. In this CL we implement the stack scanning
itself.
Note that anyref parameters are not scanned while iterating over the
caller's frame (to which they actually belong), but while iterating
over the callee's frame. The reason is that with tail-calls, only the
callee knows how many tagged stack parameters (aka anyref parameters)
there are.
R=mstarzinger@chromium.orgalso-by=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I7a41ce11d06c0d420146fdb0bb8d5606f28824d7
Reviewed-on: https://chromium-review.googlesource.com/c/1424955
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59099}
This fixes a corner case with the matching for a {UBFX} instruction.
According to the ISA reference "UBFX Rd, Rn, #lsb, #width" is only valid
for "#width" in the [1;32-#lsb] range. Specifically a "#width" of 0 is
invalid but was not checked against by the instruction selector.
R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-924905
BUG=chromium:924905
Change-Id: I470671282b215be62dfd147a619a0d317f7cc746
Reviewed-on: https://chromium-review.googlesource.com/c/1435939
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59096}
Inferring the language mode involves iterating the stack to find the
closure. This is an expensive operation and should be done only when
required. This cl changes the implementation to infer the language
mode only when we can't defer it any further. Currently, we infer the
language mode when throwing an exception or when passing this
information to PropertyCallbackArguments.
This cl also changes the language mode parameter to SetProperty
related methods to Maybe<ShouldThrow>. We only use the language mode to
decide if we need to throw and using ShouldThrow instead of language
mode simplifies the code by avoiding conversions from Maybe<ShouldThrow>
to Maybe<LanguageMode> and vice-versa.
Bug: v8:8580, chromium:923820, chromium:925289
Change-Id: I72497497f62fe0d86fcecd57b06b3183b7531f7b
Reviewed-on: https://chromium-review.googlesource.com/c/1425912
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59094}
The WasmCodeManager held a list of all Isolates that use the
WasmEngine/WasmCodeManager (those two are 1:1).
Since we want to move all isolate-specific tasks (like code logging and
compilation callbacks) to the WasmEngine, this CL moves this management
from the WasmCodeManager to the WasmEngine. We now have a bidirectional
mapping from NativeModules to the Isolates that use them, and from an
Isolate to all the NativeModules it uses (n:n).
The IsolateData struct will be extended in follow-up CLs to hold things
like the ForegroundTaskRunner. The Isolate* in the NativeModule /
CompilationState will eventually be removed.
R=mstarzinger@chromium.org
Bug: v8:8689
Change-Id: Ic2c003c3949f73ce3264dd9dac96884a5c0b9896
Reviewed-on: https://chromium-review.googlesource.com/c/1433793
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59092}
SetProperty now infers the language mode from the closure and the context
So we no longer have to pass around the language mode. Cleanup by
removing the parameter where it is no longer needed.
Bug: v8:8580
Change-Id: I89452b5a762eb48a911f158d22c7bfa9e3bb1be4
Reviewed-on: https://chromium-review.googlesource.com/c/1421840
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59089}
Declare Variables with a name and position, rather than by passing
through a VariableProxy. This allows us to not create dummy proxies
for things like function declarations, and allows us to consider those
declarations unused.
As a side-effect, we also have to check if a variable is unused in the
bytecode generator (as it will no longer be allocated), and we end up
skip generating code/SFIs for dead variables/functions.
Change-Id: I4c2c872473f23e124f9456b4b92f87159658f8e0
Reviewed-on: https://chromium-review.googlesource.com/c/1414916
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59088}
V8 has no path in calling this API and thus there is no way for the
embedder to get notified about this event.
Bug: chromium:843903
Change-Id: I938675aed9191a292f21bae0fed0e3ea8acaf936
Reviewed-on: https://chromium-review.googlesource.com/c/1434377
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59087}
Remove hc from -u- if does not agree with the resolved one.
Bug: v8:7482
Change-Id: I635c5357b8fd2b630ed80577a9b6a116e9a0e3f4
Reviewed-on: https://chromium-review.googlesource.com/c/1417170
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59084}
This is a partial reland of 048a3a3ecb
Original change's description:
> [Intl] Cleans up intl-relative-time-format flag
>
> Cleans up always=true intl-relative-time-format flag
> It shipped in m71 in Dec 2018.
>
> Bug: v8:8704
> Change-Id: I52d86aea9aedf201a216a1df0773a486fbee37b9
> Reviewed-on: https://chromium-review.googlesource.com/c/1417299
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58904}
Bug: v8:8704
Change-Id: Iac62a347eea7f85dd3fa4a3bbfb18091b80f9a5e
Reviewed-on: https://chromium-review.googlesource.com/c/1429224
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59081}
This adds the new runtime flag as a variant and runs it on a subset of
builders corresponding to the "extra" testing set.
Currently failing tests are skipped in the new variant.
After https://crrev.com/c/1433777 this costs only little additional
resources.
Bug: v8:8678
Change-Id: Ibd0e38872814d11252e55a7c6a58d313aa84ebe3
Reviewed-on: https://chromium-review.googlesource.com/c/1433774
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59080}
This is a reland of 0896599f6f with a fix for
failing layout test.
Original change's description:
> Change SetProperty/SetSuperProperty to infer language mode when possible
>
> In most cases, the language mode can be inferred from the closure and
> the context. Computing the language mode instead of passing it around
> simplifies the ICs and will make it possible to go towards lazily
> allocating feedback vectors. Currently ICs obtain the language mode from
> the feedback vectors and with lazy feedback allocation we may not always
> have feedback vectors. Since computing language mode is a bit expensive
> we want to defer it as far as possible.
>
> In Array builtins and other builtins like Reflect.Set we need to force a
> language mode when setting the properties. To support these cases the
> SetProperty methods allow the language mode to be overridden when needed.
>
> This is a first cl in a series of cls, that will defer the language mode
> computation further and remove language mode where it is not needed.
>
> BUG: v8:8580
> Change-Id: I9c2396e3bcfe77c3c9d6760c46d86954d54744b9
> Reviewed-on: https://chromium-review.googlesource.com/c/1409426
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58893}
TBR: ahaas@chromium.org
Change-Id: Id5d81eae91b55638dbc72168f0e5203e684869fb
Reviewed-on: https://chromium-review.googlesource.com/c/1421077
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59075}
... more precisely, do not mess up the exceptional edges.
Bug: chromium:924151
Change-Id: I3541a1c339c07f509519d4ece6d677dd499f181e
Reviewed-on: https://chromium-review.googlesource.com/c/1429860
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59063}
v8::Global may be used as a weak reference. In the case this reference is a
simple phantom reference, we need to update the internal state to be able to
clear the right slot once the object referred to is dead.
This reverts commit 18f32ca89c.
Bug: chromium:924220
Change-Id: I3caec77448b0c5fcb461c8f8b5015de2978b3931
Reviewed-on: https://chromium-review.googlesource.com/c/1430015
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59055}
This reverts commit 584f0b43b2.
Reason for revert: Breaks MSAN build - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/24872
Original change's description:
> [api, global-handles] Fix moving weak Global<T>
>
> v8::Global may be used as a weak reference. In the case this reference is a
> simple phantom reference, we need to update the internal state to be able to
> clear the right slot once the object refered to is dead.
>
> Bug: chromium:924220
> Change-Id: I2ab7c3afcbe22988791faef406c284db03a43caf
> Reviewed-on: https://chromium-review.googlesource.com/c/1430101
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59040}
TBR=ulan@chromium.org,mlippautz@chromium.org
Change-Id: I19c3e929962203df4e1f24191d054180723b1c9d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:924220
Reviewed-on: https://chromium-review.googlesource.com/c/1430833
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59046}
Also insert NestedVariableDeclarations in the preparser if they occur. This
should be uncommon enough to not hurt preparser performance. This will also
allow us to stop checking for conflicts on already preparsed code. Since the
preparser itself will mainly run off the main thread, this can allow us to free
some main-thread time.
Bug: v8:7829, v8:8706
Change-Id: I03f2690eb7b22e941995d6f2697e64211ddbeffb
Reviewed-on: https://chromium-review.googlesource.com/c/1430069
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59044}
For the reference types anyref, anyfunc, and nullref, there exist
sub-typing rules. The spec says
A reference type reftype1 matches a reference type reftype2 if and only
if:
* Either both reftype1 and reftype2 are the same.
* Or reftype1 is nullref.
* Or reftype2 is anyref.
This CL introduces the type nullref for ref-null, and implements the
sub-typing rules in the function-body-decoder.
Note that because of the sub-typing check validation performance may
regresses. In that case we can optimize the sub-typing check.
R=titzer@chromium.org, clemensh@chromium.org
Bug: v8:7581
Change-Id: I55bab72a109f3374da3770d141b0fc8067aad8b2
Reviewed-on: https://chromium-review.googlesource.com/c/1430061
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59043}
For jitless mode, we must be able to switch between the native regexp
engine and interpreted regexps at runtime since --jitless is itself a
runtime flag.
This CL unconditionally compiles in the regexp interpreter in all
builds. It can be toggled through the --regexp-interpret-all flag.
Bug: v8:7777, v8:8678
Change-Id: Iadd21a152de7c07586d5af32bee5fdf9931f1a01
Reviewed-on: https://chromium-review.googlesource.com/c/1408929
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59041}
v8::Global may be used as a weak reference. In the case this reference is a
simple phantom reference, we need to update the internal state to be able to
clear the right slot once the object refered to is dead.
Bug: chromium:924220
Change-Id: I2ab7c3afcbe22988791faef406c284db03a43caf
Reviewed-on: https://chromium-review.googlesource.com/c/1430101
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59040}
The implementation already exists, but the test doesn't.
R=titzer@chromium.org
Bug: v8:7581
Change-Id: I42e1b0a1c930ec4cc1f1701d5613828acab4fc30
Reviewed-on: https://chromium-review.googlesource.com/c/1426123
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59038}
The table.init bytecode copies a range of elements from an element
segment into a table, trapping if the segment is not passive, is
dropped, or would cause out-of-bounds accesses.
R=mstarzinger@chromium.orgCC=binji@chromium.org
BUG=v8:7747
Change-Id: Ib27af9cca45a464fd1f876ddd092e99941481896
Reviewed-on: https://chromium-review.googlesource.com/c/1430063
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59037}
