This reverts commit 5b434929a3.
Changes after the original CL:
- Right-trimming registers the array as an object with invalidated
slots.
- Left-trimming moves the array start in the invalidated slots map.
Original change's description:
> Fix invalidation of old-to-old slots after object trimming.
>
> A recorded old-to-old slot may be overwritten with a pointer to a new
> space object. If the object containing the slot is trimmed later on,
> then the mark-compactor may crash on a stale pointer to new space.
>
> This patch ensures that:
> 1) On trimming of an object we add it to the invalidated_slots sets.
> 2) The InvalidatedSlotsFilter::IsValid returns false for slots outside
> the invalidated object unless the page was already swept.
>
> Array left-trimming is handled as a special case because object start
> moves and cannot be added to the invalidated set. Instead, we clear
> the freed memory so that the recorded slots contain Smi values.
>
> Bug: chromium:870226,chromium:816426
> Change-Id: Iffc05a58fcf52ece45fdb085b5d1fd4b3acb5d53
> Reviewed-on: https://chromium-review.googlesource.com/1163784
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54953}
Change-Id: I1f1080f680196c581f62aef8d3a00a595f9bb9b0
Reviewed-on: https://chromium-review.googlesource.com/1165555
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55066}
This is a reland of a4355b77b3
Original change's description:
> [test] Add files not pushed for test on Android
>
> TBR=neis@chromium.org
> NOTRY=true
>
> Bug: v8:8047
> Change-Id: I6d59cd9137f56a5061d836afb02b33f7b25d4aa0
> Reviewed-on: https://chromium-review.googlesource.com/1170772
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55047}
TBR=neis@chromium.org
NOTRY=true
Bug: v8:8047
Change-Id: If273d9407ed17f4de827b08039efe4d5cd34632e
Reviewed-on: https://chromium-review.googlesource.com/1171282
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55063}
Previously, we created a JSObject with a non null prototype for an
internal object which isn't what we want as it casues side effects.
Bug: chromium:872514
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I3318044a03318f3d7099f3ba889450c651cea9e1
Reviewed-on: https://chromium-review.googlesource.com/1171186
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55062}
|Shell::externalized_contents_| is guarded by |Shell::workers_mutex_|,
but wasn't being acquired when the serialize WriteValue call failed.
Bug: v8:8034
Change-Id: Idd0448e9f44d6b26c17987405d5d7394449e8bb3
Reviewed-on: https://chromium-review.googlesource.com/1170316
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55060}
This is a reland of 4c0943424c
Original change's description:
> [test] Add logic to run tests on Android
>
> This adds a new command abstraction for running commands on Android
> using dockered devices on swarming.
>
> The new abstraction handles pushing all required files to the device.
> The logic used for pushing and running is reused from the perf runner.
>
> This adds only the mjsunit test suite. Others will be handled in
> follow up CLs. The suite logic is enhanced with auto-detection of files
> to be pushed to devices, for e.g. load or import statements.
>
> Some test cases need an extra resource section for specifying required
> files.
>
> Remaining failing tests are marked in the status files for later
> triage.
>
> Bug: chromium:866862
> Change-Id: I2b957559f07fdcd8c1bd2f7034f5ba7754a31fb7
> Reviewed-on: https://chromium-review.googlesource.com/1150153
> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55041}
Bug: chromium:866862
Change-Id: Icf7e04c75d4abeab7254d10ba21240e46b0022ae
Reviewed-on: https://chromium-review.googlesource.com/1170643
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55059}
This reverts commit 4c0943424c.
Reason for revert: Unfortunately this broke all perf builders.
Original change's description:
> [test] Add logic to run tests on Android
>
> This adds a new command abstraction for running commands on Android
> using dockered devices on swarming.
>
> The new abstraction handles pushing all required files to the device.
> The logic used for pushing and running is reused from the perf runner.
>
> This adds only the mjsunit test suite. Others will be handled in
> follow up CLs. The suite logic is enhanced with auto-detection of files
> to be pushed to devices, for e.g. load or import statements.
>
> Some test cases need an extra resource section for specifying required
> files.
>
> Remaining failing tests are marked in the status files for later
> triage.
>
> Bug: chromium:866862
> Change-Id: I2b957559f07fdcd8c1bd2f7034f5ba7754a31fb7
> Reviewed-on: https://chromium-review.googlesource.com/1150153
> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55041}
TBR=machenbach@chromium.org,yangguo@chromium.org,sergiyb@chromium.org
Change-Id: If80129810586b709dab762c9b5724888e15daec2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:866862
Reviewed-on: https://chromium-review.googlesource.com/1170962
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55058}
This is an attempt to make builtin symbols visible in crash stack
traces. Can be reverted if unsuccessful.
TBR=yangguo@chromium.org
Bug: v8:6666, v8:7722
Change-Id: I74a44b23d1a39d8885992f73d7ed02baf43cfa30
Reviewed-on: https://chromium-review.googlesource.com/1170830
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55054}
Also skip slowest test on the slowest extra variant.
TBR=sigurds@chromium.org
Bug: v8:7783
Change-Id: I565fa8edd9c3f20fe15af84e1b9023450ef4593e
Reviewed-on: https://chromium-review.googlesource.com/1170832
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55053}
No need to create allocation site for literals in oneshot code since
they are executed only once. The interpreter emits a runtime call to
CreateObjectLiteralWithoutAllocationSite for creating literals in
oneshot code instead.
Change-Id: I224b3a30f10361cfe9ff63129b36da8230c5e403
Reviewed-on: https://chromium-review.googlesource.com/1163615
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55050}
In Trunc_ul_d and Trunc_ul_s, register result is optional and
this is signaled by setting its value to invalid.
AreAliased expects that all registers are valid. For this reason
the compilation fails in snapshot generation mode.
This CL fixes the issue by calling AreAliased macro only
with valid registers.
Change-Id: Iae931447887b94e64b19b50c53e605656b8c3906
Reviewed-on: https://chromium-review.googlesource.com/1170766
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#55049}
This reverts commit 60d1277f66.
Reason for revert: This is not sound as long as cast<FixedDoubleArray>() doesn't do the same.
Original change's description:
> [csa] CSA type checks: allow the empty FixedArray to be CAST() to FixedDoubleArray
>
> This should allow to re-land https://crrev.com/c/1039190
>
> Bug: chromium:871886
>
> Change-Id: If815537410b3fa09902026dc26205421f5c36ae5
> Reviewed-on: https://chromium-review.googlesource.com/1169019
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55015}
TBR=jarin@chromium.org,tebbi@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:871886
Change-Id: Ib81f3a069776f9e1aa01d16b9d4979de7c56fcde
Reviewed-on: https://chromium-review.googlesource.com/1170742
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55043}
This is a reland of f991465b42
Original change's description:
> [wasm] Publish new code from the background threads.
>
> R=clemensh@chromium.org
> BUG=v8:7921
>
> Change-Id: Ib86cb5f742907b6e54365827facfc765867ca22e
> Reviewed-on: https://chromium-review.googlesource.com/1156384
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54985}
Bug: v8:7921
Change-Id: I08c5eb689fe4f8ef2f7b576f0145eb0ae617fd9d
Reviewed-on: https://chromium-review.googlesource.com/1170603
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55042}
This adds a new command abstraction for running commands on Android
using dockered devices on swarming.
The new abstraction handles pushing all required files to the device.
The logic used for pushing and running is reused from the perf runner.
This adds only the mjsunit test suite. Others will be handled in
follow up CLs. The suite logic is enhanced with auto-detection of files
to be pushed to devices, for e.g. load or import statements.
Some test cases need an extra resource section for specifying required
files.
Remaining failing tests are marked in the status files for later
triage.
Bug: chromium:866862
Change-Id: I2b957559f07fdcd8c1bd2f7034f5ba7754a31fb7
Reviewed-on: https://chromium-review.googlesource.com/1150153
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55041}
This is a reland of c1226cea1ec11d5b766226c912c475647a731274
Original change's description:
> [scanner] Simplify TemplateSpan raw literal character handling
>
> Instead of adding and removing literal chars, only add raw literal characters when we have to and never remove them.
>
> Change-Id: Ib604c8c9fb69a96708eec3a03de102e0668c01d7
> Reviewed-on: https://chromium-review.googlesource.com/1167505
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Caitlin Potter <caitp@igalia.com>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Change-Id: Ia15501d75c3beaf336e90a80e0abb738f696ef9e
Reviewed-on: https://chromium-review.googlesource.com/1170604
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55040}
This CL adds a ToObject_Inline CSA macro that avoids the "ToObject"
builtin call if the passed argument is already a JSReceiver.
The CL also replaces all occurences of ToObject in Torque code with
ToObject_Inline.
R=jgruber@chromium.org
Change-Id: I1cd66d5d51dde5a93d9a0c55489b13a6f4ba9dc2
Reviewed-on: https://chromium-review.googlesource.com/1169819
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55039}
Log::MessageBuilder was already escaping most unsafe characters when
they were being logged, but plain backslashes were not. Merely updating
the existing escaping path was not sufficient, as recursion would cause
escape codes to be doubly escaped. This patches refactors the API to
ensure incoming text is escaped exactly once.
Bug: v8:8039
Change-Id: Id48aabf29fb6153189ae4a1ad7dfaaf4b41b62ad
Reviewed-on: https://chromium-review.googlesource.com/1169049
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Bret Sepulveda <bsep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55038}
This assigns dummy instance templates to all WebAssembly API functions
used as constructors. It hence avoids implicit receivers from having the
internal instance types. These objects would never be fully initialized
and causes heap iterations to stumble over these objects.
R=clemensh@chromium.org
BUG=v8:8003
Change-Id: I3c81d8dc3ae4a38e650b390a04170585cb31ec77
Reviewed-on: https://chromium-review.googlesource.com/1170685
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55037}
This CL changes the ArrayPrototypeShift builtin to a CSA macro which
is used in a newly created Torque builtin.
This is in preparation for removing the JavaScript fall-back, which
will be replaced by a baseline Torque implementation.
R=cbruni@chromium.org, jgruber@chromium.org
Bug: v8:7624
Change-Id: I9b7898beea2802cc02d394e040a1e500387cf108
Reviewed-on: https://chromium-review.googlesource.com/1169172
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55036}
Objects created through the API may be of different types then JS_API_* and
WASM types. E.g. a JsGlobalProxy may be created through an ObjectTemplate.
Bug: v8:8022
Change-Id: I393353cc89c82258d7ad3ba460b5bbd94af33090
Reviewed-on: https://chromium-review.googlesource.com/1169021
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55035}
This CL replaces 'let' with 'const' where applicable. This will
generate TNodes instead of TVARIABLEs in the resulting CSA code.
R=jgruber@chromium.org
Bug: v8:8015
Change-Id: I806702c1bfa141e4c934a83c34dd49c321e18ce7
Reviewed-on: https://chromium-review.googlesource.com/1169811
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55033}
Most platforms do not need these methods. Thus, make them private to
the mips headers.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I3fb1a2a3fd9a53dfc55b45763c150911db43b537
Reviewed-on: https://chromium-review.googlesource.com/1169203
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55032}
This CL replaces Delete/SetProperty runtime calls with calls to their
stub version. The stubs will bail to the runtime themselves if they
can't perform the action.
R=jgruber@chromium.org
Bug: v8:8015
Change-Id: I1f141296ee074e028c27a3682e2eb46d9f74c0d9
Reviewed-on: https://chromium-review.googlesource.com/1169810
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55031}
Some clients (see Node.js) use platform path as ScriptOrigin.
Reporting platform path in protocol makes using protocol much harder.
This CL introduced V8InspectorClient::resourceNameToUrl method that
is called for any reported using protocol url.
V8Inspector uses url internally as well so protocol client may generate
pattern for blackboxing with file urls only and does not need to build
complicated regexp that covers files urls and platform paths on
different platforms.
R=lushnikov@chromium.orgTBR=yangguo@chromium.org
Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iff302e7441df922fa5d689fe510f5a9bfd470b9b
Reviewed-on: https://chromium-review.googlesource.com/1164624
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55029}
Port 352e408b0e
Original Commit Message:
Add codegen support for up to 4GiB memories in Liftoff code.
This CL also adds three new mjsunit tests that stress large WASM
memories (1, 2, and 4 GiB) and checks that accesses near these
boundaries properly generate traps.
Note there is still some trickiness around the setting of:
1.) the flag --wasm-max-mem-pages
2.) wasm-limits.h kSpecMaxWasmMemoryPages = 65536
3.) wasm-limits.h kV8MaxWasmMemoryPages = 32767
In particular, the allocation of memories is still limited to
3.) and the runtime flag can only lower this limit.
The above means that the tests for 2GiB and 4GiB memories will silently
OOM by design until 3.) is changed (though they currently pass with
manual testing). I argue it is better to include these tests up front,
since they will immediately trigger if their memory allocation succeeds.
Therefore the plan is to lift the restriction on 3.) after removing
all other other internal V8 limitations including array buffers and views.
R=titzer@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:7881
LOG=N
Change-Id: Ice70a9ac5a9a26b08cc77acb7deec98305574d01
Reviewed-on: https://chromium-review.googlesource.com/1167914
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55026}
This CL changes the order of the parameters of HasProperty to be
more consistent with other CSA macros.
Drive-by-change: Use HasProperty stub directly in Torque.
R=jgruber@chromium.org
Bug: v8:8015
Change-Id: I73d1096afbb86d52e2af67c1969549f1158448a7
Reviewed-on: https://chromium-review.googlesource.com/1166831
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55025}
The HasProperty builtin differed in its expected argument order from
the HasProperty runtime function. Like all other related spec
primitives (e.g.: GetProperty, SetProperty, DeleteProperty), it should
take {object} as the first argument and {key} as the second.
This CL changes the builtin and all related spots to use the correct
order.
There was also a tricky bug in interpreter intrinsic rewriting, which
assumes (but does not verify) that the argument order between runtime
function and builtin is identical. Besides cctests, HasProperty
intrinsic rewriting seems to be dead code.
Bug: v8:8036
Change-Id: Ia669fd6f5c73a30df4e4607064603be759ced392
Reviewed-on: https://chromium-review.googlesource.com/1167297
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55022}
