This reverts commit a1b431d7d3.
Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/22809
Original change's description:
> [serializer] share class positions tuple across contexts
>
> Class positions is a struct that stores the start and end positions of a class
> literal. It is stored both on class objects, and the template used to
> instantiate class objects.
>
> The template is reachable from the bytecode array and therefore serialized by
> the startup serializer. Class objects are context-dependent and therefore
> serialized by the partial serializer. Serializing class positions from both
> serializers violates the assumption that we don't serialize any object twice.
>
> R=gsathya@chromium.org
>
> Bug: v8:8761
> Change-Id: If22c554cc7396d63998a015454ce0c67a7d2e05c
> Reviewed-on: https://chromium-review.googlesource.com/c/1444956
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59292}
TBR=yangguo@chromium.org,mstarzinger@chromium.org,gsathya@chromium.org
Change-Id: I9f3fd1b29b5991b450223f8b27dfc7aa7e5a3171
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8761
Reviewed-on: https://chromium-review.googlesource.com/c/1450116
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59300}
This basically adjusts reality to match our expectations. Methods based
on Code::kConstantPoolOffset expected the constant pool to be located
immediately following the handler table and before the code comments
section, while it was actually emitted before the jump table. We did
not notice earlier since this is only relevant on ppc.
Bug: v8:8758
Change-Id: I189af491fe133a7dc480ff4056372ba7a27faa81
Reviewed-on: https://chromium-review.googlesource.com/c/1445880
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#59299}
Users should switch to TracedGlobal and the newly added methods of
v8::EmbedderHeapTracer.
Bug: chromium:923361, v8:8562
Change-Id: I3e5ed5785a0a49c0b65c7b1d1d103e568dd3e938
Reviewed-on: https://chromium-review.googlesource.com/c/1445752
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59297}
This CL revises some of our error messages, and removes unneeded parts
(like "AsyncCompilation: " or "(null): "). It also extends existing
tests to check for the precise error message more thoroughly to detect
changes or nondeterminism earlier.
R=titzer@chromium.org, ahaas@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: chromium:926311
Change-Id: I1ccfb307d4a61291f4582330152a53fbadd0848f
Reviewed-on: https://chromium-review.googlesource.com/c/1445897
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59296}
This adds support for integrity level transitions (preventExtensions,
seal and freeze) to MapUpdater and Map::TryUpdate.
In both cases, we first try to detect whether there were integrity
level transitions in the transition tree to the old map and make note
of the most restrictive integrity transition and the map just before
the transition (integrity-source-map). Then we find an appropriate root
(based on integrity-source-map's elements kind) and replay the
transitions based on the integrity-source-map's descriptor
array. Finally, if we saw an integrity level transition in
the beginning, we will find-or-create that transition (on the
updated version of integrity-source-map).
For the following micro-benchmark, we get about 10x speedup.
```
function C() {
this.x = 1;
Object.seal(this);
this.x = 0.1;
}
const start = Date.now();
for (let i = 0; i < 1e7; i++) {
new C();
}
console.log("Reconfigure sealed: " + (Date.now() - start));
```
Before:
> Reconfigure sealed: 5202
After:
> Reconfigure sealed: 479
Bug: v8:8538
Change-Id: If695be7469d8b6ccd44ac4528be8aa34b65b3e4d
Reviewed-on: https://chromium-review.googlesource.com/c/1442640
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59295}
Class positions is a struct that stores the start and end positions of a class
literal. It is stored both on class objects, and the template used to
instantiate class objects.
The template is reachable from the bytecode array and therefore serialized by
the startup serializer. Class objects are context-dependent and therefore
serialized by the partial serializer. Serializing class positions from both
serializers violates the assumption that we don't serialize any object twice.
R=gsathya@chromium.org
Bug: v8:8761
Change-Id: If22c554cc7396d63998a015454ce0c67a7d2e05c
Reviewed-on: https://chromium-review.googlesource.com/c/1444956
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59292}
This CL is mostly a mechanical change. Loading either the receiver,
the backing store or the temp array from the sort state is pushed down
into each respective Load/Store builtin. This eliminates the need
for reloading the elements pointer after each compare function call.
R=jgruber@chromium.org, tebbi@chromium.org
Bug: v8:8562
Change-Id: I453e98635f9d891da58cf7b2a86c5c58f4a4069c
Reviewed-on: https://chromium-review.googlesource.com/c/1449613
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59291}
This reverts commit b8c821f4e2.
Reason for revert: compile errors, e.g. https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20builder/39320
Original change's description:
> Extract JSObject class from objects.cc
>
> I extracted following class member functions to js-objects.cc
> * JSReceiver
> * JSObject
> * JSBoundFunction
> * JSFunction
> * JSGlobalObject
> * JSDate
> * JSMessageObject
>
> Declaration of all above class are in js-objects.h.
>
> I also moved AllocationSite::DigestTransitionFeedback used in JSObject::UpdateAllocationSite
> and ShouldConvertToSlowElements used in JSObject and JSArray
>
> This patch makes compile time of objects.cc from 17.6s to 14.1s on Z840 Linux.
> And js-objects.cc takes 8.69s for compile.
>
> Bug: v8:7629
> Change-Id: I989f22363667445dd28d7f8c06c81ff79d6ed45f
> Reviewed-on: https://chromium-review.googlesource.com/c/1447916
> Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59288}
TBR=marja@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,tikuta@chromium.org
Change-Id: I18a8af8a7970f96b2ec3e56b2b1871b4f080ab01
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7629
Reviewed-on: https://chromium-review.googlesource.com/c/1449635
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59289}
I extracted following class member functions to js-objects.cc
* JSReceiver
* JSObject
* JSBoundFunction
* JSFunction
* JSGlobalObject
* JSDate
* JSMessageObject
Declaration of all above class are in js-objects.h.
I also moved AllocationSite::DigestTransitionFeedback used in JSObject::UpdateAllocationSite
and ShouldConvertToSlowElements used in JSObject and JSArray
This patch makes compile time of objects.cc from 17.6s to 14.1s on Z840 Linux.
And js-objects.cc takes 8.69s for compile.
Bug: v8:7629
Change-Id: I989f22363667445dd28d7f8c06c81ff79d6ed45f
Reviewed-on: https://chromium-review.googlesource.com/c/1447916
Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59288}
This CL changes the usage pattern from
FOR_XXX_VALUES(i) { Use(*i); }
to
FOR_XXX_VALUES(i) { Use(i); }
which is way more intuitive.
Note that the replacement in the uses was done via regular expression,
so it's purely mechanical. In two locations I removed unneeded braces
around the macro, because they confused clang-format.
I plan to do more cleanups (remove redundant assignments within the
FOR_XXX_VALUES body) in a follow-up CL.
R=mstarzinger@chromium.org
Bug: v8:8562
Change-Id: I4329bfcf34e5b077d19b50f4204ceb3b4340fe61
Reviewed-on: https://chromium-review.googlesource.com/c/1449615
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59287}
If we need to allocate a DOUBLE_ELEMENTS backing store, it's important
to allow large object space allocation.
BUG: chromium:926856
Change-Id: I9dd94f7176891a6f8f11d5f579b67df8151a40b5
Reviewed-on: https://chromium-review.googlesource.com/c/1449531
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59285}
This reverts commit a9e93572d4.
Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/23956
Happened already 2 builds earlier, but the output is corrupted due to
an outage.
Original change's description:
> [test] Check for illegal uses of mjsunit methods
>
> The assertThrows and assertDoesNotThrow methods expect either a
> function to execute, or a string to eval. In several tests however we
> accidentally passed the *result* of the statement to be tested instead
> of the code.
> This CL adds check to catch such error early, and removes wrong uses.
> In most places, we do not need to use assertDoesNotThrow anyway,
> because exceptions are handled as test failures.
>
> Drive-by: Unify catch syntax in mjsunit.js and make sure to propagate
> MjsUnitAssertionErrors correctly.
>
> R=mathias@chromium.org
>
> Bug: v8:8562
> Change-Id: I88894a667cbe0570774f748a9a23e8a527887a49
> Reviewed-on: https://chromium-review.googlesource.com/c/1439238
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59277}
TBR=ahaas@chromium.org,clemensh@chromium.org,mathias@chromium.org
Change-Id: Iec06c95dd3223f27297e5c6e02835d26b5e753e7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8562
Reviewed-on: https://chromium-review.googlesource.com/c/1449634
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59284}
A JSFunction that is in the old space could move during a scavenge
between being marked and the ClearFlushedJSFunctions, therefore only add
candidates that are in the old generation.
BUG=v8:8755,v8:8395
Change-Id: I3850188e8a0f9f39de994e170b4cda4fe6961079
Reviewed-on: https://chromium-review.googlesource.com/c/1448277
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59281}
The assertThrows and assertDoesNotThrow methods expect either a
function to execute, or a string to eval. In several tests however we
accidentally passed the *result* of the statement to be tested instead
of the code.
This CL adds check to catch such error early, and removes wrong uses.
In most places, we do not need to use assertDoesNotThrow anyway,
because exceptions are handled as test failures.
Drive-by: Unify catch syntax in mjsunit.js and make sure to propagate
MjsUnitAssertionErrors correctly.
R=mathias@chromium.org
Bug: v8:8562
Change-Id: I88894a667cbe0570774f748a9a23e8a527887a49
Reviewed-on: https://chromium-review.googlesource.com/c/1439238
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59277}
Discovered when working on other stuff.
BUG=v8:7490,v8:8562
Change-Id: I9707c95c33e52b1565cca238494e3349a472f604
Reviewed-on: https://chromium-review.googlesource.com/c/1449532
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59276}
This fixes stack height management when a call to an external function
raises a type error trap. It also adds a test case that such exceptions
can be caught locally.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8729
Change-Id: I54b19ba86eb937695584229753d7f6cfa7e1a15d
Reviewed-on: https://chromium-review.googlesource.com/c/1447773
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59273}
This CL replaces the current TypedArray#sort with a simpler mergesort.
The fastpath when the user does not provide a comparison function
is still used.
In addition, TypedArray#sort now converts all elements in the
TypedArray to tagged values upfront, sorts them and writes them
back into the TypedArray as the final step.
R=jgruber@chromium.org, tebbi@chromium.org
Bug: v8:8567
Change-Id: Ib672c5cf510f7c0a2e722d1baa2704305a9ff235
Reviewed-on: https://chromium-review.googlesource.com/c/1445987
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59271}
I extracted following class member functions to map.cc
* Map
* NormalizedMapCache
Declaration of all above class are in map.h.
This patch makes compile time of objects.cc from 18.9s to 17.6s on Z840 Linux.
And map.cc takes 6.14s for compile.
Bug: v8:7629
Change-Id: Id1e45dff243ab3f5449c0a7e2a861fba0bc7abf6
Reviewed-on: https://chromium-review.googlesource.com/c/1447914
Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59270}
This way we can remove them correctly and avoid leaks.
R=mstarzinger@chromium.org, ulan@chromium.org
Bug: v8:8725
Change-Id: I52cbbf34a94171aaeb581b55aecb25311465544d
Reviewed-on: https://chromium-review.googlesource.com/c/1446453
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59266}
Since the improvement of overload resolution (https://crrev.com/c/1304294),
overload resolution of generics doesn't take into account existing
specializations anymore. This means that the issue of infinite recursion
when an overload of Cast for HeapObject is missing doesn't exist anymore.
Thus we can get rid of the CastHeapObject workaround.
Bug: v8:7793
Change-Id: I8442cfb81b78aaa8234bcee673647261c25f9a63
Reviewed-on: https://chromium-review.googlesource.com/c/1448324
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59263}
Multiplication, division, and toString can take a very long
time for large inputs. This patch adds stack checks to each
of these operations so embedders can interrupt them.
Bug: chromium:922032
Change-Id: Idae9d32d6f78a028de4d2ba3abdb79c624f0dca1
Reviewed-on: https://chromium-review.googlesource.com/c/1444913
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59262}
This factors out one part of the "Remove finisher task" CL
(https://crrev.com/c/1400781), which I would like to test in isolation.
R=ahaas@chromium.org
Bug: v8:8423
Change-Id: I7c598f60c4757df8e26508e68da4b3c300a511cb
Reviewed-on: https://chromium-review.googlesource.com/c/1448316
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59256}
(The bug didn't affect any functionality; we just left detached WeakCells in
inconsistent state.)
BUG=v8:8179
Change-Id: I28f6c27532383b94bdfd746db903096f1dc6f1cc
Reviewed-on: https://chromium-review.googlesource.com/c/1447651
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59255}
Previously AccessorAssembler::HandlePolymorphicCase() had 4 versions of
the inner loop unrolled, but we always had to check against the length
after 1 (POLYMORPHIC with name) or 2 (regular POLYMORPHIC) unrolled
iterations anyways, so there's not a lot of benefit to unrolling besides
the potentially better branch prediction in some cases. But that doesn't
seem to be beneficial even in extreme cases (in fact on ARM cores we
might get some benefit from having less code instead), and probably
doesn't justify the additional C++ / generated code.
I used the following extreme micro-benchmark to check the worst case
performance impact:
```js
function test(o, n) {
var result;
for (var i = 0; i < n; ++i) {
result = o.x;
}
return result;
}
const N = 1e8;
const objs = [{x: 0}, {x:1,a:1}, {x:2,b:2}, {x:3,c:3}];
for (var j = 0; j < objs.length; ++j) test(objs[j], N);
console.time('Time');
for (var j = 0; j < objs.length; ++j) test(objs[j], N);
console.timeEnd('Time');
```
Running this with --noopt shows a ~1% performance regression with this
patch on a beefy z840 gLinux workstation, which gives me some confidence
that overall this patch is going to be neutral and maybe beneficial in
case of less powerful ARM cores.
Note to performance sheriffs: This could potentially tank some
performance tests. In that case we may need to revisit the unrolling.
Bug: v8:8562
Change-Id: I731599a7778da1992d981d36022c407ef5c735eb
Reviewed-on: https://chromium-review.googlesource.com/c/1448275
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59252}
