Optimization marker and the optimized code used to share the same slot
in the feedback vector as they were mutually exclusive. With turboprop
we would want to mark the function for tier up to Turbofan while holding
the optimized code for Turboprop. So this cl uses the existing padding
field to hold the optimization marker instead.
As a driveby, removes unused JSFunction::ClearOptimizedCodeSlot function
and fixes a minor bug in Runtime_GetOptimizationStatus.
Bug: v8:9684
Change-Id: I18c551a69648a0837d16c5453d023c0b295b1521
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467836
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70789}
This CL makes the metadata offsets stored in Code headers
relative to the start of the metadata section (instead of to
the start of the instructions section).
In a follow-up, metadata for embedded builtins will be moved
from the .text section (with r-x or --x permissions) to the
.rodata section (with r-- permissions).
Drive-by: Simplify invariants around section alignment. A
new invariant is that the end of the instruction section is
aligned to Code::kMetadataAlignment.
Drive-by: Ensure trampoline Code objects contain no metadata
(metadata offsets all refer to the off-heap metadata section).
Tbr: dinfuehr@chromium.org
Bug: v8:11036
Change-Id: Idd0980913bbde9d3d1946b558e3ca58ec6356fcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491036
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70788}
The crash scenario is as follows:
1) Add a getter for 'then' to the Object prototype that is
considered side-effecting.
2) Evaluate a simple string using 'REPL' mode with side-effect checks
enabled.
Note: REPL mode is not strictly necessary, but it causes a 'then'
lookup as the evaluation result is not a promise.
3) Calling the 'then' getter causes a termination exception, due
to the side-effect check. JSPromise::Resolve then tries to
put the termination exception as the reject reason, which causes
a CHECK failure.
The solution is to check for termination in the "abrupt completion"
case when 'then' was retrieved.
Bug: chromium:1140845
Change-Id: I72b644cd49355cea40f599fcbe80264e99ed7bd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501283
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70785}
Implement v128.load32_zero and v128.load64_zero on Liftoff, for ARM and
ARM64.
Bug: v8:11038
Change-Id: I5f845aca23f10b1a45a7ce9d1eb5bea0c1a22a55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486237
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70784}
Halve the number of lookups in ExtractLocationForJSFunction() by calling
GetPositionInfo() directly instead of making separate calls for column
and line number.
Improve the efficiency of position lookups in slow mode. The current
code does a linear walk through the source by calling String::Get() for
each character. This PR also does a linear walk, but avoids the overhead
of multiple Get() calls by pulling the String's flat content into a
local vector and walking through that.
Downstream Electron discussion of this can be found at
https://github.com/electron/electron/issues/24509
Apologies in advance if I've missed anything; this is my first V8 CL...
Change-Id: I22b034dc1bfe967164d2f8515a9a0c1d7f043c83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2496065
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70783}
Implement v128.load32_zero and v128.load64_zero on Liftoff, only for
ia32 and x64. ARM will follow.
Bug: v8:11038
Change-Id: I0fad054f462e27eb60825258dad385244b5e5a95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486236
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70782}
Like all metadata areas, the cp offset must be less than the body
size. (In a follow-up, this will change s.t. offsets must be less than
the metadata size.)
Tbr: leszeks@chromium.org
Bug: v8:11036
Change-Id: I108238601f36acd8d22fa161c042d4ca82b07e87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501281
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70781}
Implement these two instructions on arm.
Bug: v8:11038
Change-Id: I23d9c7291f60e29415cfbebced1bff323fd2465a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485250
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70779}
Rolling v8/build: 6da208e..929bcdb
Rolling v8/buildtools: 4be464e..98881a1
Rolling v8/third_party/aemu-linux-x64: KsPqcAfQNpcMneTUR-X2XLHNoNCcTLmqK-CIvqJ9zSMC..q6rFFTDSZ6MexUJ2yo5-IHfI0g1sohftVPqHt-TwJtYC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/7874beb..4f6c1bb
Rolling v8/third_party/depot_tools: 6f9b1bf..77cd4b4
Rolling v8/third_party/icu: 715ec35..d3c1cdc
Rolling v8/tools/clang: 7371bff..cf34aa6TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I9ff0f860ce1064a3ae0fee99f46dbdc43cfb70fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2499883
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#70778}
This reverts commit dde9376860.
Reason for revert: ubsan failures https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/13518
Original change's description:
> Add int64_t min and max to value helpers for test
>
> And also fix up a truncate float to int test that was using
> int list as input instead of a float list.
>
> Change-Id: I544e38b2d212f8d11dfb5758db4fe6b283acae0d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2419654
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70774}
TBR=clemensb@chromium.org,zhin@chromium.org
Change-Id: If0faa8be8c55715a529dfe777c0ad9819105fc5b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2500925
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70777}
We fixed float->uint conversion checks in https://crrev.com/c/2491382,
and so we can use those checks here.
Bug: v8:10933
Change-Id: Ie2697aaf8fb7761541aca60d5d0a8812a8f39e41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497383
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70776}
The SpecialValue field used in the disassembler covers too wide a range,
this causes some duplication in the disassembler of instructions like
mov, since the SpecialValue includes a bit used for the immediate.
Attempt to refactor and follow the decoding guide given in the
architecture manual [0], F4.1 A32 instruction set encoding, with the
eventual goal for removing the duplicated instruction disassembly.
[0] ARM DDI 0487F.b ARMv8 A32 instruction set
Bug: v8:10933
Change-Id: Iddf4df317f9a5b29be2544ad2f9f93180e9bcdfc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497395
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70775}
And also fix up a truncate float to int test that was using
int list as input instead of a float list.
Change-Id: I544e38b2d212f8d11dfb5758db4fe6b283acae0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2419654
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70774}
i8x16.extract_lane_u is pextrb, and i16x8.extract_lane_u is pextrw, we
can merge them instead of having separate opcodes.
R=bbudge@chromium.org
Bug: v8:10975
Change-Id: I7793a795905157b6094b1470d3437988c982af91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2481834
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70771}
Most instructions need get_modrm, and it doesn't affect instructions
which don't use it, since get_modrm doesn't mess with any pointers.
Bug: v8:10933
Change-Id: I5b97d138f7e6ab78e6a72dc6fa4f0d5d0784a03f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497296
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70770}
This relands commit 61b56d1650
The fix is to capture variables used in the lambda.
Original change's description:
> [wasm-simd] Add more tests for v128 load zero
>
> Add tests for all valid alignments, and using memarg immediate offset
> instead of i32 index.
>
> Also randomize the memory to help catch cases where we are loading
more
> than we should, and accidentally get correct values with zero-ed
memory.
>
> Bug: v8:10713
> Change-Id: I443c2799ba0d539bf23c63760c08e18c4d36607f
> Reviewed-on:
https://chromium-review.googlesource.com/c/v8/v8/+/2487880
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70693}
Bug: v8:10713
Change-Id: Ib8fa58c6600d85a37fc0b6647ddbdb991f3b1c04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497382
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70769}
max concurrency is inferred from queue size for OLD_SPACE & MAP_SPACE.
Extra Sweeper::TearDown() in MarkCompactCollector::TearDown() is needed
to cancel job.
Change-Id: Iafba7d7d24e8f6e5c5a1d5c0348dea731f0ac224
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480783
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70767}
Add support for empty values (i.e. set behaviour) and heterogeneous
lookup (lookup with a different key than the one you'll insert) to
TemplateHashMap, and use it for the string table in AstValueFactory.
Change-Id: I0c1487c9598127aac97059d4b9220e5c3c6283ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494705
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70765}
- The command line tool never fully worked
- All the main features of the map-processor are now available in
the system-analyzer
Bug: v8:10644
Change-Id: Ic55b1d6de561079b079045097856a3b4e5f4bb95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497178
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70764}
GCMole mistakenly thought that GC guards such as DisallowHeapAllocation
covered the whole scope of the function they are declared in. This CL
fixes the false negatives and adds appropriate testing.
Bug: v8:10071
Change-Id: Iffb369977af90ca053a55ca8f451e037a4f460f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497451
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70763}
Make the array elements in msunit/regress/regress-542823 larger, so that
it takes fewer of them to force the joined string to go into large
object space. Also, set the array's size dynamically based on the
maximum non-large object size, rather than having a fixed magic "large
enough" size, and verify that the resulting joined string is indeed in
LO space.
This reduces the runtime of this test under slow_path and gc-stress from
minutes to seconds.
Bug: v8:11060
Change-Id: I51d960b6a3e052199f50c1a6ba6fbce1b6d1ae38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498689
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70762}
This is a reland of bcb0a7c5c5.
Data races detected by TSan are fixed by using (relaxed) atomic
updates.
Original change's description:
> [wasm] Disallow late enabling of trap handlers
>
> It's dangerous if trap handlers are enabled after we already used the
> information whether they are enabled or not.
> This CL checks for such misbehaviour by remembering whether
> {IsTrapHandlerEnabled} was already called, and disallowing
> {EnableTrapHandler} afterwards. Also, calling {EnableTrapHandler}
> multiple times is disallowed now.
>
> The trap handler tests are changed to only enable trap handlers once,
> and to do that before allocating wasm memory or generating code.
>
> R=ahaas@chromium.org
>
> Bug: v8:11017
> Change-Id: Ib2256bb8435efd914c12769cedd4a0051052aeef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494935
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70750}
Bug: v8:11017
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: I24299c433ffa3ce31e2aac12134dc03f30609da2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498683
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70761}
Move CoverageInfo installation to the main-thread part of finalization.
Since this is debug-only, it won't affect non-debug compiles.
This allows us to use off-thread finalization when block coverage is
enabled, removing the last non-flag reason for disabling off-thread
finalization. This means we can remove the per-task "finalize
off-thread" flag on BackgroundCompileTask, and make off-thread
finalization always on when the flag is on.
Bug: chromium:1011762
Change-Id: Ib733d501c4043b493ded9a1951cceb5cfc524eb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497177
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70758}
For deserialized modules the compilation state was not set to
kFinishedTopTierCompilation and co. A consequence was that code that
required top tier compilation to be finished to block indefinitely.
With this CL the compilation state is initialized properly.
I tested this CL locally with the regression test mentioned in the bug
tracker issue. However, this regression test required to run this test
twice in separate processes. It would be possible to write a regression
test for this that runs on the bots, but I considered it not worth it.
R=clemensb@chromium.org
Bug: v8:11024
Change-Id: Ib4e75eae03fab13a3ff013118fc1f33a1278b33f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494930
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70757}
The counter gets created but isn't used anywhere.
R=clemensb@chromium.org
Bug: v8:10933
Change-Id: I480e601f8118475a3ce750ba97fdae6780342d49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497166
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70756}
msunit/regress/regress-542823 is intended to test large object
allocation in Array.prototype.join, but to do so it has a pretty
inefficient way of first building a large array.
Speed-up this test by using Array.prototype.fill, call .join directly,
and make the whole thing an IIFE to avoid global loads.
Bug: v8:11060
Change-Id: I5906bcb6c65b10ec830b026cf1f24acb6d5e1aaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498681
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70755}
The test creates an import error that references the current Script for
reporting the error location back to the embedder.
- This is not supported by the serializer
- We don't expect parse/import errors for serialization
Bug: v8:6513
Change-Id: Idf98e7ae189e8ffeaa478e5118a7b3f2d2c06047
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497171
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70754}
Due to the previous change to that function, we can end up with
set (non-null) fields even when the overall serialized_ field is
unset. This can cause DCHECK failures (I don't think it's otherwise
observable).
Bug: chromium:1142240,v8:7790
Change-Id: I2711fae8a73438277caf7aa539f24d628b03153c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497170
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70753}
This reverts commit bcb0a7c5c5.
Reason for revert: TSAN failure (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/33868)
Original change's description:
> [wasm] Disallow late enabling of trap handlers
>
> It's dangerous if trap handlers are enabled after we already used the
> information whether they are enabled or not.
> This CL checks for such misbehaviour by remembering whether
> {IsTrapHandlerEnabled} was already called, and disallowing
> {EnableTrapHandler} afterwards. Also, calling {EnableTrapHandler}
> multiple times is disallowed now.
>
> The trap handler tests are changed to only enable trap handlers once,
> and to do that before allocating wasm memory or generating code.
>
> R=ahaas@chromium.org
>
> Bug: v8:11017
> Change-Id: Ib2256bb8435efd914c12769cedd4a0051052aeef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494935
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70750}
TBR=ahaas@chromium.org,clemensb@chromium.org
Change-Id: I1d93dcb399e2a0b5b0543aa60d34087317c01cb3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:11017
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497176
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70751}
It's dangerous if trap handlers are enabled after we already used the
information whether they are enabled or not.
This CL checks for such misbehaviour by remembering whether
{IsTrapHandlerEnabled} was already called, and disallowing
{EnableTrapHandler} afterwards. Also, calling {EnableTrapHandler}
multiple times is disallowed now.
The trap handler tests are changed to only enable trap handlers once,
and to do that before allocating wasm memory or generating code.
R=ahaas@chromium.org
Bug: v8:11017
Change-Id: Ib2256bb8435efd914c12769cedd4a0051052aeef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494935
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70750}
Split GlobalObject tagging into collecting pairs of tags, followed by
writing those tags into an unordered_map after entering a safepoint
scope. This ensures that we follow moved global objects if they move
in the GCs between the tagging and the safepoint.
Bug: v8:11050
Change-Id: I333d50d000ec49e6c4218e71f0cc84a49b460ecf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494932
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70749}
This is a reland of b66993bcfb
Nothing changed in the reland, the original CL was not the
culprit for win32 failures. They started earlier, at
https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/29444
Original change's description:
> [code] Separate instruction and metadata areas
>
> In this CL, Code object layout changes s.t. the instruction
> area is distinct / non-overlapping from the metadata area.
>
> On-heap Code objects now have a variable-size `body` area,
> containing distinct-but-adjacent `instruction` and `metadata`
> areas.
>
> Off-heap code (= embedded builtins) currently have the same,
> but in the future the metadata area will move elsewhere and
> no longer be adjacent to instructions.
>
> To implement this, the main changes are:
>
> - The Code object header now contains instruction and metadata
> sizes, and no longer contains the safepoint table offset
> (it's implicitly the first table of the metadata section).
> - The embedded metadata table contains information about both
> instruction and metadata areas.
>
> I've also added assertions in spots that currently rely on a
> contiguous body area.
>
> Bug: v8:11036
> Change-Id: I940f0c70c07ad511dafd2d2c3e337de8c92cd4b9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491025
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70743}
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Tbr: leszeks@chromium.org, clemensb@chromium.org, dinfuehr@chromium.org
Bug: v8:11036
Change-Id: I238562d7e25cf28cc689856ee8b17f25627aaee7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497162
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70747}
Change-Id: I3d62b93d5a643c06626b34a8d69b09a7d50ec439
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491382
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70745}
This reverts commit b66993bcfb.
Reason for revert: Broke v8 win32 https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/29454?
Original change's description:
> [code] Separate instruction and metadata areas
>
> In this CL, Code object layout changes s.t. the instruction
> area is distinct / non-overlapping from the metadata area.
>
> On-heap Code objects now have a variable-size `body` area,
> containing distinct-but-adjacent `instruction` and `metadata`
> areas.
>
> Off-heap code (= embedded builtins) currently have the same,
> but in the future the metadata area will move elsewhere and
> no longer be adjacent to instructions.
>
> To implement this, the main changes are:
>
> - The Code object header now contains instruction and metadata
> sizes, and no longer contains the safepoint table offset
> (it's implicitly the first table of the metadata section).
> - The embedded metadata table contains information about both
> instruction and metadata areas.
>
> I've also added assertions in spots that currently rely on a
> contiguous body area.
>
> Bug: v8:11036
> Change-Id: I940f0c70c07ad511dafd2d2c3e337de8c92cd4b9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491025
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70743}
TBR=jgruber@chromium.org,leszeks@chromium.org,clemensb@chromium.org,dinfuehr@chromium.org
Change-Id: Ia52ac609a47b8a2038a2511f0af8526ebdfe4719
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:11036
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497381
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70744}
In this CL, Code object layout changes s.t. the instruction
area is distinct / non-overlapping from the metadata area.
On-heap Code objects now have a variable-size `body` area,
containing distinct-but-adjacent `instruction` and `metadata`
areas.
Off-heap code (= embedded builtins) currently have the same,
but in the future the metadata area will move elsewhere and
no longer be adjacent to instructions.
To implement this, the main changes are:
- The Code object header now contains instruction and metadata
sizes, and no longer contains the safepoint table offset
(it's implicitly the first table of the metadata section).
- The embedded metadata table contains information about both
instruction and metadata areas.
I've also added assertions in spots that currently rely on a
contiguous body area.
Bug: v8:11036
Change-Id: I940f0c70c07ad511dafd2d2c3e337de8c92cd4b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491025
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70743}
Rolling v8/build: 27ce505..66f5e37
Rolling v8/third_party/aemu-linux-x64: dfMpR8E7Ie1gS4Mf_DWloGOmZIegnZWNA0kcMr7jPlkC..KsPqcAfQNpcMneTUR-X2XLHNoNCcTLmqK-CIvqJ9zSMC
Rolling v8/third_party/android_platform: fc6c684..ef64306
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/982bf51..7874beb
Rolling v8/third_party/depot_tools: b3a1dba..6f9b1bf
Rolling v8/third_party/markupsafe: f2fb0f2..0944e71
Rolling v8/tools/clang: df55bc4..7371bffTBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I3c46706e042fcfe80aaee5ac6298e93c09dce8e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2496578
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#70742}
This is a reland of eb6b4ce1d8
Skip test that serializes Error which references a Script. All errors
created by ThrowAt store the current Script under the
error_script_symbol.
Original change's description:
> [runtime] Use Isolate::ThrowAt with MessageLocation
>
> Fix various missing source positions when reporting parse and compile
> errors. Namely this fixes missing source positions when having invalid
> module imports.
>
> - Use Isolate::ThrowAt with valid MessageLocation objects
> - Change public Isolate::Throw to no longer accept MessageLocation to
> avoid misues
> - Introduce private Isolate::ThrowInternal that accepts MessageLocation
>
> Bug: v8:6513
> Change-Id: I3ee633c9fff8c9d361bddb37f56e28a50c280ec1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467839
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70623}
Bug: v8:6513
Change-Id: Icba74f74178e28fbda0fd0c237eeb7bacbc33570
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487123
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70741}
