This CL introduces a mechanism for setting a stack marker, to be used
for scanning only the part of stack between its start and the marker
(instead of the current stack top). Without this, the marking verifier
may encounter objects that have not been marked, because of false
positives during conservative stack scanning. The marker is introduced
in the Stack object, replacing and generalizing the one that existed
in the CppHeap.
Bug: v8:13257
Change-Id: I59cfb01e90912f9e54828bf05a3bdcfddb23e7bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4187221
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85454}
The patch fixes two bugs in hinting:
- trimmed whitespace in hints was not taken into account.
- range check for out-of-bound hints did not include the offset.
Bug: chromium:1409286
Change-Id: I5838cd6b697ed13a19c30f158963c0d9fac2f045
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4187224
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85448}
Stack information is thread-specific and, until now, it was stored in a
field in ThreadLocalTop. This CL moves stack information to the isolate
and makes sure to update the stack start whenever a main thread enters
the isolate. At the same time, the Stack object is refactored and
simplified.
As a side effect, after removing the Stack object, ThreadLocalTop
satisfies the std::standard_layout trait; this fixes some issues
observed with different C++ compilers.
Bug: v8:13630
Bug: v8:13257
Change-Id: I026a35af3bc6999a09b21f277756d4454c086343
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152476
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85445}
- Introduce a new SetFunctionName runtime
- Call SetFunctionName in DefineKeyedOwnIC to handle function name for initializers of computed class fields
- Ensure that we don't set function name twice in the case '({ ['c']: class { static x = this.name; static name = 'd' } })', which would incorrectly reconfigure the defined own property `name`
Bug: v8:13451
Change-Id: I10dcb858a65c6e59cba6bae94b8e63a78e44778b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4035497
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85444}
The fast path implementation for toLocaleLowercase (added in
333db24b55, https://crrev.com/c/3952317)
skipped the locale validation if the string to be converted is the empty
string.
This CL addresses it by delaying the early return for empty string to be
performed after the locale validation.
Bug: chromium:1409058
Change-Id: I2f2839dc836d8de662d308c86099707bf9ddfd9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4184199
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85434}
When our various debugging and error reporting facilities want to
perform a side effect free conversion of a value (which could be
a BigInt) to a String, then the usual BigInt::ToString is not a
great fit because it reacts to termination requests.
This patch adds a method BigInt::NoSideEffectsToString, which uses
a low upper bound instead of termination requests.
Fixed: chromium:1406774
Change-Id: Ibc5d37027823e4a03c470f1dd0a63c16c552850c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4177099
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85433}
This will allow on the infra side to easier link to the respective
shard on a test failure. Without that it's a hassle to find out on
which shard the failing test ran.
This also simplifies how the global test_config stores information.
Some information was duplicated, but is now rather shared through
properties if the owning object is already present.
Bug: v8:13681
Change-Id: I52f01a4fac74627575d80f25923faba99eb6a1fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181030
Reviewed-by: Liviu Rau <liviurau@google.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85429}
This reverts commit 7eb8937bca.
Reason for revert: crbug.com/1408957
Original change's description:
> [turbofan] Optimize access to the length property of functions
>
> When compiling to JavaScript a language that supports curryfication, it
> is convenient to be able to efficiently get the arity of a function to
> check for partial application.
>
> Change-Id: I6611b523b2c3795f1f8fb123f63f5b6d604d793d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111447
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85409}
Fixed: chromium:1408957
Change-Id: I5200392af7532a864afd73fb0e88be9a2153a312
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4187075
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85428}
This CL hides the ctor of the MemoryReducer::State class and only
provides factory methods for creating states. This simplifies creation
of states and makes it impossible to misuse the API.
Direct field accesses are also replaced with invocations of their
corresponding getter methods. The getter method will check whether
the current state is allowed to access that field.
Bug: v8:13653
Change-Id: I252a6d75d0ddb4813b16a706061ad1951cfa35ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181026
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85426}
Previously we stored kProxy in this case, which resulted in
set semantics for proxies.
Bug: chromium:1408310
Change-Id: Id9f215b4c3c08416b6d6c5f4605839668a5df340
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178811
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#85422}
Previously in the DevTools console, users could inspect a preview of all private class members on an instance, but if they wanted to evaluate or inspect a specific private class member out of a long list, they had to be debugging and in a scope that has access to those private names.
This patch adds support for extraordinary access of out-of-scope private member access in debug-evaluate, specifically for Debugger.evaluateOnCallframe() (for console calls invoked during debugging) and Runtime.evaluate() (for console calls invoked when the user is not debugging). This kind of access is not otherwise allowed in normal execution, but in the DevTools console it makes sense to relax the rules a bit for a better developer experience.
To support this kind of extraordinary access, if the parsing_while_debugging or is_repl_mode flag is set, when we encounter a private name reference that's in a top-level scope or an eval scope under a top-level scope, instead of throwing immediately, we bind the reference to a dynamic lookup variable, and emit bytecode that calls to %GetPrivateName() or %SetPrivateName() in the runtime to perform lookup of the private name as well as the load/store operations accordingly.
If there are more than on private name on the receiver matching the description (for example, an object with two `#field` private names from different classes), we throw an error for the ambiguity (we can consider supporting selection among the conflicting private names later, for the initial support we just throw for simplicity).
If there are no matching private names, or if the found private class member does not support the desired operation (e.g. attempting to write to a read-only private accessor), we throw an error as well.
If there is exactly one matching private name, and the found private class member support the desired operation, we dispatch to the proper behavior in the runtime calls.
Doc: https://docs.google.com/document/d/1Va89BKHjCDs9RccDWhuZBb6LyRMAd6BXM3-p25oHd8I/edit
Bug: chromium:1381806
Change-Id: I7d1db709470246050d2e4c2a85b2292e63c01fe9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020267
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85421}
When compiling to JavaScript a language that supports curryfication, it
is convenient to be able to efficiently get the arity of a function to
check for partial application.
Change-Id: I6611b523b2c3795f1f8fb123f63f5b6d604d793d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111447
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85409}
The built-in wasm function behaves similar to string.new_utf8
but in case of invalid characters returns `null` instead of
throwing an exception.
Bug: v8:12868
Change-Id: Idde9bc2563d6bff1ab163ca8ed2219b6db23ca28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4177105
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85406}
If the phi moves are the same for all predecessors, the move optimizer
will merge them by picking an arbitrary move among them,
moving it to the phi's block, and eliminating the moves in the
predecessor blocks.
However, phi inputs may have different width, and this can result in a
mismatch between the source and destination representation.
Always emit gap moves based on the destination operand's
representation, to ensure that in this case the wider phi inputs are not
truncated.
R=tebbi@chromium.orgCC=dmercadier@chromium.org
Bug: chromium:1407571
Change-Id: I0263cd5024e8e1340fb971267b133a2a91090f8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178824
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85403}
In the end we managed to have static root builds without a two stage
isolate setup. Thus, the mode for creating isolates with an existing
read only page is unused. Also, no other usecase for this mode emerged.
Bug: v8:13598
Bug: v8:13466
Change-Id: I0a8174ba9383db7364b6e4545702aafc6f48170c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178814
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85396}
This CL reinstates the trampoline for pushing the values of
callee-saved registers on the stack, which is used for stack scanning.
It reintroduces the set of architecture-specific functions
PushAllRegistersAndIterateStack, removed in crrev.com/c/3989143.
The reason for this change is that the simpler architecture-specific
functions SaveCalleeSavedRegisters failed to correctly save the
values of the registers, in the presence of C++ compiler optimizations.
It also removes the stack context, introduced in crrev.com/c/4017512,
and uses again the trampoline for iterating through the stack.
Bug: v8:13257
Change-Id: I9e656a9b3ba6616168602300f2180b4f340593f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171639
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85394}
A first stab at using some static maps to have faster instance type
checks in C++ code. This adds an instance type check variant which
uses the map without loading the instance_type field, when the
instance type corresponds to a single static map.
Changes the format of the static roots table to be more in line with
other code and orders the names by address.
Bug: v8:13466
Change-Id: I5417071efd24ee52d51146ef0887d32cb9b62fcd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4177102
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85392}
This test sets a value to zero to simulate not knowing where read-only
space starts, since v8::debug_helper code often must work with only
partial information. However, the zero value persisted to another part
of the test which expected a precise result, and could cause a test
failure if an object happened to be allocated at the same offset from
its containing chunk as a known read-only object. This CL fixes the
test to only use the zero value during the steps that need it.
Bug: v8:13646
Change-Id: I90f1593bf9b5bb36177ee904a910a183384a4e64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178630
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85385}
Creating the full call frames is expensive. The client should only
need the script id. As the script id is passed in the 'data.scriptId'
field of the message, we can omit call frames from the instrumentation
pause event.
Bug: chromium:1408105
Change-Id: I11827865168946e1f412f7d351a0d359e2ac80ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4174085
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85382}
There exists load chain as below that can not be packed due to the
effect dependency to irrelevant load:
[Load1] -> [Irrelevant Load] -> [Load2]
We can avoid breaking this dependency by reordering the load chain so
[Load1] and [Load2] can be packed:
[Load1] -> [Load2] -> [Irrelevant Load]
Bug: v8:12716
Change-Id: I298a8fd3d44d0a147479e1f80ac67b6a491740ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4134474
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85379}
Port c0367102a3
Original Commit Message:
The biggest chunk of this CL is related to the CodeBuilder now
returning a Code object instead of an InstructionStream. Most
codegen-related parts of the codebase had to be updated, including
compiler.cc, pipeline.cc, and many tests. The good news is,
we now have 400 fewer references to InstructionStream.
Smaller changes:
- Remove ToAbstractCode
- Remove dead code
- Update comments
- Update method and variable names
R=jgruber@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Ib81459f65b474acb2f4f4e9bc547139e54877615
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4177048
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#85378}
ECMA262 22.2.6.4 specifies that the individual boolean-valued flags
should be checked in a particular order by the RegExp.flags getter.
'hasIndices' should be first - not last.
Bug: v8:13666
Change-Id: Ic4894dce84dc2454213d06c7356db0ded792a5be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171640
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85376}
The biggest chunk of this CL is related to the CodeBuilder now
returning a Code object instead of an InstructionStream. Most
codegen-related parts of the codebase had to be updated, including
compiler.cc, pipeline.cc, and many tests. The good news is,
we now have 400 fewer references to InstructionStream.
Smaller changes:
- Remove ToAbstractCode
- Remove dead code
- Update comments
- Update method and variable names
Bug: v8:13654
Change-Id: Ieb12bc698af576e07016e4c5c8c9d494e5addb0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4174091
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85372}
This CL introduces an initial implementation of code flushing, which
can be triggered from JavaScript with an explicit runtime call. The
runtime call allows easier testing. So far all Liftoff code gets
deallocated at a code flushing event. Experiments will show if this is
a good strategy.
Bug: chromium:1407659
Change-Id: I2c19a25ab5da1cf3b6d027d14cc6e719f33e300b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171627
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85365}
This completes the big Code/CodeDataContainer name shuffle.
Bug: v8:13654
Change-Id: If033e9153e751ab0d2a38572da2ce2f7029bc359
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4173569
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85354}
The runtime function took two parameters, the instance and the function
index. The function index, however, seems to be unnatural information,
as the function index is a value that only has meaning with the binary
format of a wasm module, and not for the embedder of a wasm module.
This CL changes the signature of the runtime function to a single
parameter, the wasm function that should be optimized.
R=manoskouk@chromium.org
Bug: v8:12926
Change-Id: I6802cb6c8ffc586f4997a4a069735785ce59583d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171625
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85352}
Liftoff will only be called on valid functions, but does not validate
itself. So we should not set the function to "validated" after executing
Liftoff compilation. Instead, we can DCHECK that the function was
validated before.
This requires a few changes to tests and fuzzers to correctly set the
{function_was_validated} bit.
R=ahaas@chromium.org
Change-Id: I669fca77724189c83d78bdfda9f08df9f7fd63f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4168411
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85349}
Tests with shared memory are non-deterministic and shall not be
run with --predictable.
Bug: v8:13267, v8:13669
Change-Id: I65c9e1b273ff96ea73acd817a297c08f83ba615f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4174076
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85345}
.. as part of the big Code/CodeDataContainer name shuffle. In the
next step, CodeDataContainer will be renamed to Code.
Bug: v8:13654
Change-Id: Ia80ac984d46dd6c2a108098055a5cd60e22a837c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171628
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85337}
Add a map check for the RHS of instanceof checks (i.e. the class) when
loading its hasInstance method. We were previously confirming the value
of the RHS, to make sure that it's a constant, but not considering the
case that the map of that class could change (e.g. because of a
prototype change or field definition).
Bug: v8:7700
Change-Id: Ia2923b99dd0524670bebcc57e4c0c209f8835d04
Fixed: chromium:1407959
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4173568
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85336}
The RegisterInput (NewTarget) was not correctly visited by the GC.
This:
- Creates a sentinel safepoint to indicate that the stack is not
fully created (we are in the stack guard call).
- Generalises RegisterInputs (we assumed only NewTarget before) and
save them in the graph.
- Pass the register input count via tagged_register_indexes in
this case.
Fixed: chromium:1407606
Bug: v8:7700
Change-Id: I8f599f8c1a992ee6fd886eec1e289454649dfec8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171626
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85331}
.. now that it unconditionally refers to CodeDataContainer. All
previous references to 'CodeT' (the type and as part of names) are
now updated to 'CodeDataContainer', including 'codet', 'CODET', etc.
Bug: v8:13654
Change-Id: I7abbba040091eddf3ef09028a891aed460363929
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165619
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85325}
In some cases, a declaration of a function may be covered by
variables with a same name and thus bound to one parameter. This
CL records variables which should not be bound to the parameter,
are skipped when inserting shadowing variable binding initilizers.
Bug: v8:13459
Change-Id: Id7d147392450b177d219bfd04245b47d9e58c20e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4130416
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85321}
After the latest fix (https://crrev.com/c/4118547), it could happen that
we stop execution even though the stored "max steps" counter did not
reach zero. This was previously not possible because we did always
subtract 1, and only terminated once we reached zero. Not we sometimes
subtract bigger numbers, and terminate if the counter is smaller than
the number we want to subtract.
This CL fixes this by first subtracting, and then checking if the
counter ran negative.
R=thibaudm@chromium.org
Bug: chromium:1405322
Change-Id: I19d7be263b000eb0a6319aaeb8838d11b8c5a3b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165602
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85317}
With --shared-space we weren't marking the main isolate's entry in
the EPT for the WaiterQueueNode.
Bug: v8:13267, chromium:1406729
Change-Id: I833b0a9f93d6b129529dcda71084c3bff5417bad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162927
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85309}
The tests deal with recording OLD_TO_SHARED slots during page promotion
(in MinorMC) on a client heap, and retaining the corresponding shared
objects.
These tests cover issues fixed by crrev.com/c/4152485 and
crrev.com/c/4094755 (in the reland, compared to the previously submitted
version).
Bug: v8:12612
Change-Id: I7ba399d56ad75646092e6955f347a210c3dcac6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156473
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85308}
The callback can be used to enable / disable Wasm GC from Chrome or
other users. For more simplicity and as many users of Wasm GC also use
stringrefs, enabling it via the callback will also stringrefs.
Bug: v8:7748
Change-Id: I474034eabe438f0ce9759c1d34dda12a99aa491e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165090
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85306}
We previously did not check for stack overflow when recursively nesting
functions and class declarations, with no statements in between.
Fixed: chromium:1404863
Change-Id: I00ec90ed4ac48ae7996a2d54201732bcaebc9757
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162925
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85289}
This is a reland of commit ec4f19d530
Original change's description:
> [turbofan] Properly perform range check for array access
>
> Turbofan optimized array access returned incorrect values in some cases
> when a negative index was provided. This CL fixes this by changing the
> way those bounds checks are performed in JSNativeContextSpecialization.
>
> Bug: chromium:1320641
> Change-Id: Id1f06680ccf7964994d179f7fb44199a0b1245b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147622
> Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85207}
Bug: chromium:1320641, chromium:1382948
Change-Id: I45e38598b97e2e997fc75d272dba470669e835c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4164680
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85286}
This is a reland of commit c74c9e63e1.
Types have been fixed to make MSVC happy.
Original change's description:
> [wasm][test] Remove useless macro
>
> Remove the BUILD macro, call a function with an initializer list
> instead. This makes the code slightly shorter, but most importantly it
> avoids an unnecessary macro, which improves maintainability and
> debuggability.
>
> R=jkummerow@chromium.org
>
> Bug: v8:13312
> Change-Id: I904ccf8e5b98c4d2f487c0cedc865db1386321c6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152482
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85259}
Bug: v8:13312
Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_rel
Change-Id: Ie3ca8dcd295ec22385b5d40262c2cb03bfcfeda4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162932
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85278}
This reverts commit 77de44e1c4.
Reason for revert: Seems fuchsia doesn't like this improvement: https://ci.chromium.org/ui/p/chromium/builders/try/fuchsia-arm64-rel/68601/overview
Original change's description:
> [ptr-compr] Improve ptr compression/decompresion in C++
>
> Optimizations introduced in
> https://chromium-review.googlesource.com/c/v8/v8/+/1776079
> are currently defeated since Address is not a pointer type.
> Clang does not seem to carry over alignment information as range
> information when casting to ints.
>
> Using __builtin_assume we can restore the same effect. Additionally
> we can help the compiler remember that when compressing the removed
> bits are actually the cage base. This helps e.g. with
> `decompress(compress(..))`.
>
> See https://godbolt.org/z/5r68G5qa6 for details.
>
> Bug: v8:9353
> Change-Id: Ief016fce0788f2bef6b684a18b104ada6e6d3856
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156060
> Commit-Queue: Olivier Flückiger <olivf@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85246}
Bug: v8:9353
Change-Id: I1fd6f36667302490f12d19c1fc8f64ca181c006b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162933
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85266}
We have been manually disallowing subtypes of anyref, as well as null
types, at the JS boundary, although the infrastructure to handle them
was basically in place. This CL removes this restriction.
Drive-by: Handle null correctly for typed functions in {ToJS}.
Bug: v8:7748
Change-Id: I51df2159ff4e6eea5a1ba401fa87920db9c4f2aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4154413
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85260}
Remove the BUILD macro, call a function with an initializer list
instead. This makes the code slightly shorter, but most importantly it
avoids an unnecessary macro, which improves maintainability and
debuggability.
R=jkummerow@chromium.org
Bug: v8:13312
Change-Id: I904ccf8e5b98c4d2f487c0cedc865db1386321c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152482
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85259}
There is no reason to keep the CodeT dispatch (which switches
between `CodeT = CodeDataContainer` and `CodeT = Code`) around. Using
CodeDataContainer doesn't actually depend on anything from v8_enable_external_code_space, so let's use it unconditionally and
simplify our codebase.
In this first step, update the
`v8_enable_external_code_space = false` configuration to use
`CodeT = CodeDataContainer` as well and remove all support for
`CodeT = Code`.
Upcoming CLs will remove the CodeT alias type, and rename
the Code/CodeDataContainer pair to something more intuitive.
Bug: v8:13654
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_no_pointer_compression_dbg,v8_linux64_no_pointer_compression_rel,v8_linux64_arm64_no_pointer_compression_rel;luci.node-ci.try:node_ci_linux64_rel
Change-Id: I58e4d510924f685ef0f2403220a2c33651c3c864
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138254
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85257}
We introduce high-level typed load elimination for wasm. It is based
on CSALoadElimination. It operates on wasm struct.set/get and
array.length operators (with array operations pending). Wasm types are
used to refine the may-alias analysis ran for stores.
Drive-by:
- Type more nodes in wasm-compiler and wasm-gc-operator-reducer.
- Remove an unsafe-cast test which now hits an Unreachable Turbofan
node.
Bug: v8:7748
Change-Id: I309e4af4d9f9c584e27ff79804a776666b5dc3c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146430
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85255}
This is a reland of commit 1e3dd39d09
and commit e5dbd05dcf
The fix is in https://chromium-review.googlesource.com/c/v8/v8/+/4094755/3..6
Original change's description:
> [heap] Iterate promoted pages during sweeping
>
> Promoted pages are iterated to record slots containing old to new and
> old to shared references. This takes a significant amount of time during
> the atomic pause.
> Instead we offload this task to the concurrent sweepers, record slots to
> a local cache, and merge it when finalizing sweeping.
>
> Array buffer sweeping depends on iteration of promoted pages, so it is
> frozen until iteration is done.
>
> See design doc at https://docs.google.com/document/d/1JzXZHguAnNAZUfS7kLeaPVXFfCYbf5bGCtyKgyiMDH4/edit?usp=sharing
>
> Bug: v8:12612
> Change-Id: Icdc79a7a70c53352e3a1b3961cfe369e8563b65b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4062041
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Auto-Submit: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84706}
Bug: v8:12612
Change-Id: I67bbf4753e9fa8b9194367996797aa103e58c16f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4094755
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85250}
Turbofan uses the feedback vectors created by liftoff during
compilation. It is assumed that for any given function liftoff and
turbofan use same-sized feedback vectors.
Calls in unreachable code don't allocate entries in the feedback vector.
Therefore it is required that turbofan and liftoff have the same
understanding of which parts of the code are treated as unreachable.
This is achieved by moving the unreachable handling from liftoff
into the decoder that is also used for the turbofan compilation.
Bug: chromium:1403398
Change-Id: I113726c1a0d773ea9483c80d8e3c3084be423ca2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152477
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85248}
Optimizations introduced in
https://chromium-review.googlesource.com/c/v8/v8/+/1776079
are currently defeated since Address is not a pointer type.
Clang does not seem to carry over alignment information as range
information when casting to ints.
Using __builtin_assume we can restore the same effect. Additionally
we can help the compiler remember that when compressing the removed
bits are actually the cage base. This helps e.g. with
`decompress(compress(..))`.
See https://godbolt.org/z/5r68G5qa6 for details.
Bug: v8:9353
Change-Id: Ief016fce0788f2bef6b684a18b104ada6e6d3856
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156060
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85246}
Add an alternative to any_ic_changed_, where instead of a global flag
that is updated on ICs changed (which prevents small function
optimisation), the interrupt budget of the particular function whose IC
was updated is reset to a default value.
This should have a similar effect, allowing small functions to tier up
quickly but still only once they have been stable enough for some time,
but should prevent cross-contamination of different functions'
stabilities due to the global nature of the flag.
It does, however, require a back pointer from the feedback vector to its
parent feedback cell (which holds the interrupt budget).
Drive-by, use any_ic_changed_ for Maglev tierup, to match small
function behaviour.
Change-Id: I7109cf3aff536af7ab36d3564ec8005ee7aa44f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156472
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85240}
This mode was used for an experiment and isn't used anymore.
IsolateInBackgroundNotification() can be used to achieve the same
memory savings mode.
Bug: v8:13653
Change-Id: I4bc0b0bd7ceac43f22e16b234b9482af9fe03152
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156054
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85239}
This CL fixes a bug where TurboFan was incorrectly compiling away the
shared value barrier for shared arrays.
TurboFan should not be compiling accesses to objects in the shared heap
until it natively has support for the shared value barrier, because it
is an invariant that shared objects do not point to non-shared objects.
Bug: chromium:1404052, v8:12547
Change-Id: I5bd44ce5c44ad81a97421598e6d5b24fb5e210cd
Fixed: chromium:1404052
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136980
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85233}
This should save about 0.23% cycles on the JQuery Speedometer story.
Bug: chromium:1406296
Change-Id: Ib2b76325c6441eb5da8051c3701291abf347c56d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152952
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85230}
If the register allocator assigns kJavaScriptCallArgCountRegister
to {object}, we were clobbering the object, before pushing it to
the stack.
Additionally, we use PushReverse instead of Push to indicate
that kDataViewPrototypeGetByteLength has a JS call convention
(arguments are reversed). This is a no-op for x64, but it guarantees
the correct order of the padding in arm64.
Fixed: chromium:1406456
Bug: v8:7700, v8:13645
Change-Id: Ia9126ff5315ab4ab08ae733f138a1e0cb2d021a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156053
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85227}
Rmove the deprecated array.len 0xfb17 variant which takes a type
immediate.
This has been superseded by 0xfb19 which does not need the type.
Bug: v8:7748
Change-Id: I7d4620423c786462444512abe40ee006aab99cf2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110831
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85225}
After we received feedback about some legitmate use-cases of the
internal [[Scopes]] property, we decided to not go ahead with its
removal.
This CL removes the corresponding experimental flag.
R=kimanh@chromium.org
Bug: chromium:1365858
Change-Id: I6744889b4e2e960695838648e2f4902cbdb75890
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4154416
Auto-Submit: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85214}
The feature shipped with M109 so we'll remove the flag with M111.
R=jarin@chromium.org
Bug: chromium:1363561
Change-Id: Ia9b276f6c56fb3f57c57f5da1abe02dda8dc36e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4154418
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85213}
Currently structref is interpreted as dataref by default for backwards
compatibility reasons.
This behavior is now being removed with this change.
Bug: v8:7748
Change-Id: I610fd04187b1bda53c83a82345eae09f23d99731
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111171
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85211}
When disabled, Turbofan is fully excluded from the compilation result.
This is expected to reduce V8's contribution to chromium's binary size
by roughly 20%.
If Turbofan is disabled, Maglev and Webassembly must also be disabled
(since both depend on TF).
Note this new configuration (v8_enable_turbofan=false) is not yet
used anywhere - we'll probably enable it for lite_mode bots in an
upcoming CL for test coverage.
Changes in detail:
- Split out all src/compiler files from the main source sets. This
was mostly done already, here we only clean up the few files that
were left.
- Define a new main TF entry point in turbofan.h. `NewCompilationJob`
replaces `Pipeline::NewCompilationJob`.
- When TF is enabled, turbofan-enabled.cc implements the above.
- When disabled, turbofan-disabled stubs out the above with a runtime
FATAL message.
- The build process is modified s.t. mksnapshot always has TF
available since it's needed to generate builtins. When disabled,
TF is removed from other components, in particular it is no longer
included in v8_compiler and transitively in v8_base.
- When disabled, v8_for_testing no longer has v8_initializers
available. These were only needed for test-serialize.cc, which
is now excluded from this build mode.
- When disabled, remove all related cctest/ und unittest/ files from
the build.
Bug: v8:13629
Change-Id: I63ab7632f03d0ee4a787cfc01574b5fdb08fd80b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128529
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85210}
The file `at.js` was missing in the resources list, and did therefore
not get uploaded to the perf bot. This caused an error on the perf bot.
R=machenbach@chromium.orgCC=dmercadier@chromium.org
Bug: v8:12926
Change-Id: I199591444da651854633a37e7164756981b9353f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4154414
Auto-Submit: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85208}
Turbofan optimized array access returned incorrect values in some cases
when a negative index was provided. This CL fixes this by changing the
way those bounds checks are performed in JSNativeContextSpecialization.
Bug: chromium:1320641
Change-Id: Id1f06680ccf7964994d179f7fb44199a0b1245b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147622
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85207}
This CL adds some tests for async generators to ensure that we
correctly report caught/uncaught exceptions.
Most of the cases were fixed by the for-of fix:
https://crrev.com/c/4146420
The remaining broken test cases contain a throw directly
after a `yield`. For each ".next" call we create a new promise
that we need to push on the promise stack before we actually
resume the generator.
R=bmeurer@chromium.org
Fixed: chromium:1270780
Change-Id: I8365d20490451be37cc6973d8d91aeffed7e3511
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146421
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85196}
Currently the shared value barrier manually fast paths instance types
for objects that are always in the shared heap. This CL makes a common
superclass, AlwaysSharedSpaceJSObject, and uses that for the fast path.
Bug: chromium:1402920, v8:12547
Fixed: chromium:1402920
Change-Id: I84421802791a4dc72925341eeb0cfc5949b8938a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4134475
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85192}
This is a reland of commit ebd933037e
Original change's description:
> [flags,testrunner] Consider readonly flags for conflict detection
>
> Flag conflict detection 1) bails out on incompatible flag values (e.g.
> --jitless and --turbofan) and 2) handles such bailouts transparently in
> the test runner by marking affected tests as OUTCOMES_FAIL.
>
> This CL adds full support for readonly flags to this system, together
> with required additional annotations in variants.py.
>
> Drive-by: assert proper use of v8_enable_slow_dchecks, and add
> support when dcheck_always_on is set.
> Drive-by: introduce has_maglev build variable detection based on
> v8_enable_maglev and use that for .status file annotations.
> Drive-by: protect against unintended overwrites of build variables
> in statusfile.py.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel
> Bug: v8:13629,v8:10577
> Change-Id: I04de399139a0490806df8bfee7e75e2ec767b4b5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135879
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85130}
Bug: v8:13629,v8:10577
Change-Id: I49ce322c3fda00a1e1e280d99d2d818772533927
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4151087
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85172}
- For TypedArrays, we bail out trying to reduce the access.
- For DataView, we check dynamically the DataView object bitfield
and call a builtin on a slow path.
Drive by: fix presubmit lint to allow assertOptimized when
passing --maglev flag.
Bug: v8:7700, v8:13645
Change-Id: I3ce4773466f045ff10c86c41734e00fbb94eb331
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146435
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85171}
Only byte displacement was handled for opcode F6F7,
this CL adds 32-bit displacement support.
Change-Id: I40b3140df582cd0dce008dbbb957e615751c2131
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4144627
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#85166}
The bytecode generator currently uses the wrong catch prediction in
the desugaring for for-of loops. This leads to unexpected pauses in
DevTools when 'pause on uncaught exceptions' is enabled, e.g. for throwing generators.
Specifically the call to .next of the iterator is unconditionally
marked as 'uncaught' instead of using the surrounding catch
prediction. Similarly, in the desugared "finally" block we call
.return which can also throw.
Note that if both the loop body and the ".return" throws, the
exception from ".return" is caught and only the loop body exception
is re-thrown. We still pause on both throw sites since we can't
detect this case statically.
R=leszeks@chromium.org
Bug: chromium:1270780
Change-Id: I2e642ef3fbfcfc6ad19e92cf611188801ebf2450
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146420
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85164}
