Zircon VMOs are now created non-resizeable by default. This family of
flags is now a no-op and they will soon be removed.
Bug: chromium:973981
Change-Id: I99b5a18b9744e32ebb3f33f1a848ee9b5c51eb0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1659568
Commit-Queue: Fabrice de Gans-Riberi <fdegans@chromium.org>
Commit-Queue: Wez <wez@chromium.org>
Auto-Submit: Fabrice de Gans-Riberi <fdegans@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62159}
This is a reland of 811bfbbc56
Original change's description:
> [regexp] Move AST-to-Node code to a dedicated file
>
> Prior to this CL, jsregexp contains a bunch of things that are slightly
> related but would be cleaner in separate files, including: AST-to-Node
> transformations, the compiler implementation, and a debugging printer.
>
> This CL extracts AST-to-Node transformations.
>
> Bug: v8:9359
> Change-Id: I030cfca5c40cfd72e3a7abe2188e4654cfe2277c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655303
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62148}
Tbr: yangguo@chromium.org
Bug: v8:9359
Change-Id: I68a16086dc56c9a059547033ca8bc1e9de1080db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658568
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62154}
Include API-instantiated functions in the definition of Callable so
that PromiseReactionJobTask::handler can verify correctly. Also make
Callable verification stricter regarding JSProxy instances: they must
have the callable bit set.
Also update test-weak-references to use a different object type, since
FeedbackVector::optimized_code_weak_or_smi should never point to a
FixedArray.
Bug: v8:9311
Change-Id: I4242df993e381a75f5b53302fee8fd2b12e96d34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1650563
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62153}
The store element handlers don't check if the array length is writable
before updating the length. Since this is not expected to be a common
case no need of handling this in the element handlers. Just moving to
megamorphic would be sufficient.
Bug: chromium:967104
Change-Id: I7a7f9ea768266b9ffd6289328d61d2297d455619
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658154
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62152}
Since TurboAssembler::CallBuiltinPointer actually takes the
builtin_index as input, rename the function to CallBuiltinByIndex.
Bug: v8:9183
Change-Id: I4958d96f18a48a2ec91525d80d597a35e45d5989
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657915
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62151}
With this flag enabled, some statistics about the oldspace's freelists
(and free/used spaced in general) are printed before and after each
major garbage collection.
It is useful to get some intuition about fragmentation and debug
freelists. (This flag helped me track down the issues fixed by CLs
1647162 and 1648476)
Additionally, the verbose version (FLAG_trace_gc_freelists_verbose)
prints the freelists of each page of old_space.
Bug: v8:9329
Change-Id: Ifa80426bf9d97ac9950459154507a585b039326d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655302
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62150}
This reverts commit 811bfbbc56.
Reason for revert: Breaks noi18n build (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20noi18n%20-%20debug/27201)
Original change's description:
> [regexp] Move AST-to-Node code to a dedicated file
>
> Prior to this CL, jsregexp contains a bunch of things that are slightly
> related but would be cleaner in separate files, including: AST-to-Node
> transformations, the compiler implementation, and a debugging printer.
>
> This CL extracts AST-to-Node transformations.
>
> Bug: v8:9359
> Change-Id: I030cfca5c40cfd72e3a7abe2188e4654cfe2277c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655303
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62148}
TBR=yangguo@chromium.org,jgruber@chromium.org,petermarshall@chromium.org
Change-Id: I079e15b02d73d81aef806992f324f08d7008e367
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9359
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658160
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62149}
Prior to this CL, jsregexp contains a bunch of things that are slightly
related but would be cleaner in separate files, including: AST-to-Node
transformations, the compiler implementation, and a debugging printer.
This CL extracts AST-to-Node transformations.
Bug: v8:9359
Change-Id: I030cfca5c40cfd72e3a7abe2188e4654cfe2277c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655303
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62148}
This is a first step in eliminating heap access from a bevy of promise
reductions in js-call-reducer.cc. We begin by recognizing calls to
the affected builtins at serialization time, then serializing what
data is necessary.
Bug: v8:7790
Change-Id: Iaa1581eee730e8d3610a97c71eed635f77029455
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657921
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62146}
Previously, the handle's location was used as a proxy for the heap
object, i.e, we put the handle into the constant pool, to avoid the
need for GC visiting the constant pool entries during code generation.
The handle locations are replaced by the corresponding heap object
when the code is copied to the heap.
This CL changes the handling in the assembler: Instead of putting
in the handle location (which is a machine word) we put in a small
index number into a table. This will be useful for putting 32bit
constants into the constant pool.
This new approach also has the advantage that ordering the
constant pool entries by value produces a deterministic order
after this change.
Change-Id: Id47d56d487a0b64d1d1504a47937c8779ee02b13
Bug: v8:7703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648094
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62144}
Refactor-only, this moves interrupt scopes and stack guard code into
their own dedicated files.
Change-Id: I5723a04786a04bba31a0da54622f3cd0b926ef07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655288
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62141}
As shown in the commit description of https://crrev.com/c/1619763, the JSON
format was supposed to refer to a list of "spaces" and not "pages", this was a
typo.
Bug: v8:9186
Change-Id: I1a674dac8af4b27b7ee46041e8c7a533bad8e68b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657917
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#62139}
This check shouldn't have been there. Even with lazy feedback allocation
we still transition to pre-monomorphic from uninitialized. We could
remove pre-monomorphic states with lazy-feedback allocation but that
requires changes at several other places.
Change-Id: I8f878a83f0fe3200eb530a34a74811639dcdc153
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634920
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62138}
Swap bits between bitfield2 and bitfield3 so that bitfield2 doesn't change
across named property transitions. This will allow us to share bf1/bf2 through
the descriptor array.
Change-Id: I3579ae89189ae0729cd492db1afb29cf90981f6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657908
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62134}
This is a reland of 823795fc2b, the reason
for the revert was flushing out a bug that was now fixed independently in
https://chromium-review.googlesource.com/c/v8/v8/+/1655307
Drive-by-fix: Correct wrong offset in CloneObjectIC fast-path.
Original change's description:
> [ic] Fix typo in Runtime_CloneObjectIC_Miss.
>
> https://chromium-review.googlesource.com/1649554 introduced a typo into
> Runtime_CloneObjectIC_Miss, where it wouldn't update the IC state UNLESS
> the source map is deprecated, which is the wrong way around of course.
>
> Bug: chromium:973045, v8:7611, v8:9114, v8:9183, v8:9343
> Change-Id: I7d6e0709e66ce4aaaf4a628d64ab801b84c8993c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655291
> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62106}
Bug: chromium:973045, v8:7611, v8:9114, v8:9183, v8:9343
Change-Id: I763d9eeab95043bed3bc4849fc3ddcda7787169a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655651
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62133}
StackGuard::HandleInterrupts used to take a lock for testing and
clearing each individual interrupt bit. This CL changes that to a
single read up front.
Slight behavioral changes:
1. A TERMINATE_EXECUTION interrupt is now handled first; we
immediately exit and preserve all other interrupts (in case V8 is
later resumed).
2. Since interrupts are read once, it is no longer possible to request
an interrupt *within* HandleInterrupts that will later be processed
within the same HandleInterrupts call.
3. Stack limits are reset immediately after reading the interrupt
bits, and prior to actually processing the interrupts.
Bug: v8:9328
Change-Id: I3048bb413213d11307df49e0014b64a2b43444e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1653115
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62132}
ObjectPreventExtensions and ReflectPreventExtensions are now Torque builtins (previously CPP) and the Proxy path is implemented completely in Torque while everything else calls into runtime (and is thus a bit slower than previously).
Perf improvement in micro-benchmark JSTests/Proxies
Before:
PreventExtensionsWithoutTrap-Proxies(Score): 1978
PreventExtensionsWithTrap-Proxies(Score): 739
After:
PreventExtensionsWithoutTrap-Proxies(Score): 3017
PreventExtensionsWithTrap-Proxies(Score): 2044
Bug: v8:6664
Change-Id: I6505d730cea6b0d197f6f5d0540b39056c8b763d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1652688
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62130}
JSModuleNamespace does not have well defined CreationContext: current
implementation of JSReceiver::GetCreationContext crashes on CHECK.
R=lushnikov@chromium.org,yangguo@chromium.org
Bug: none
Change-Id: Ie2c0bfa39117d42d81f9709c21376c177b18e5ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1652559
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62128}
Port ea4206556e
Original Commit Message:
API calls made via the CallApiCallback builtin, which is used from the
ICs and optimized code, are currently misattributed to the wrong counter
InvokeFunctionCallback instead of FunctionCallback. In addition we don't
use the C trampoline when only runtime call stats are enabled, but the
Chrome DevTools profiler is not active, which means that these calls
will not be attrituted properly at all, and that had to be worked around
using all kinds of tricks (i.e. disabling fast-paths in ICs when RCS is
active and not inlining calls/property accesses into optimized code
depending on the state of RCS).
All of this was really brittle and only due to the fact that the central
builtin didn't properly check for RCS (in addition to checking for the
CDT profiler). With this fix it's now handled in a central place and
attributed to the correct category, so user code doesn't need to worry
about RCS anymore and can just call straight into the fast-path.
core hand-written native code with the API callback logic.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I2d200be4544cf62393330bb2891b6ba6f088db68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655343
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#62126}
This change adjusts object initialization order for a few classes so
that the GC can never see those objects in an invalid, partially-
initialized state.
AccessorInfo: Just zeros out a few fields upon construction. This is the
simplest case.
FunctionTemplateInfo: Slightly changes the order in which fields are
set, so that the Smi field is set ahead of the call to SetCallHandler,
which can GC. Also a pretty simple case.
JSListFormat, JSPluralRules, JSRelativeTimeFormat, JSSegmenter: The spec
requires that we start with OrdinaryCreateFromConstructor, which has
observable side effects (it fetches the prototype from the new.target).
So we split JSObject::New in half: the first half does all of the user-
visible things and returns a Map, which we can pass to the second half
when we're ready to actually allocate the object.
JSTypedArray: Extends the pattern from JSListFormat into Torque code:
start with a Map and don't allocate the object until we're ready to set
all of its properties.
Bug: v8:9311
Change-Id: Id7703e8a0727ec756c774cfbb56af787658a111a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1646844
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62123}
Make sure to use the callback passed to cleanupSome
Bug: v8:8179
Change-Id: Ia5d90b56edf80e05bdaf0dc520b555c29042b64c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655306
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62122}
I originally marked AllocationMemento::allocation_site as @noVerifier
out of an abundance of caution because AllocationMemento::IsValid checks
whether allocation_site is an AllocationSite. However, I can't find any
way for allocation_site to not be an AllocationSite.
Bug: v8:9311
Change-Id: I8b7ab51978c90d9baff42dace28d176a1cd2921a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1653520
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62120}
This adds regexp-macro-assembler-arch.h which contains the arch-specific
include dispatch.
Change-Id: Ibc2be8059d54b57afeed9b7ce244229ce1bd79bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655296
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62118}
Make sure that we pop the async function promise from the catch
prediction stack when `await`ing inside an async function, and
push it back onto the stack when we're resuming execution. This
is to ensure that we don't leak memory when there are suspended
async functions while navigating away to a new page.
Bug: chromium:968603
Change-Id: I004715bc95d426958f1a89ce76c4856da1d4ceee
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655652
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62117}
Previously the object cloning fast-path had a single loop which would
initialize the object _and_ at the same time clone MutableHeapNumbers.
But since that can trigger GCs, the heap verifier was a bit sad to see
double fields holding undefined values. This was flushed out by the CL
https://chromium-review.googlesource.com/1655291, which changed the GC
timing slightly and thus made the test crash in the verifier.
So instead of the one loop, we now have a second loop that takes care
of cloning any MutableHeapNumbers. This has the advantage that the first
loop can always run without write barriers.
Bug: chromium:964748, chromium:973045, v8:7611, v8:9114, v8:9183, v8:9343
Change-Id: I724a1c1e534243ce9ecde95bf0c07ca26363b515
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655307
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62114}
This is pre-work for a refactoring that changes how heap objects
are handled in the assembler: Currently, we put the handle location in
the constant pool, and replace these with the actual heap object when
we copy the code from the assembler's buffer to the heap.
In the future, we will put a small index in the constant pool, which
will ultimately enable 32bit constant pool slots for compressed heap
objects. This small index will be fixed up when we copy the code to
the heap.
This CL makes the assembler tests copy the code to the heap, which
ensures that the fix-up phase is actually run.
Change-Id: I80cd69dc57414a3bd0a27f8d558616aadcae05a2
Bug: v8:7703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647166
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62112}
As a component of the wider Turbofan logging scheme, it makes sense
for JSHeapBroker logging to come through flags specified in the
OptimizedCompilationInfo class, which uses --trace-turbo-filter
to control which functions are logged.
Bug: v8:7790
Change-Id: I3b068d8be78867ab0bd9607dda9eca4123b9d7b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655297
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62111}
API calls made via the CallApiCallback builtin, which is used from the
ICs and optimized code, are currently misattributed to the wrong counter
InvokeFunctionCallback instead of FunctionCallback. In addition we don't
use the C trampoline when only runtime call stats are enabled, but the
Chrome DevTools profiler is not active, which means that these calls
will not be attrituted properly at all, and that had to be worked around
using all kinds of tricks (i.e. disabling fast-paths in ICs when RCS is
active and not inlining calls/property accesses into optimized code
depending on the state of RCS).
All of this was really brittle and only due to the fact that the central
builtin didn't properly check for RCS (in addition to checking for the
CDT profiler). With this fix it's now handled in a central place and
attributed to the correct category, so user code doesn't need to worry
about RCS anymore and can just call straight into the fast-path.
Drive-by-fix: Do the same for AccessorInfo getter calls, which share the
core hand-written native code with the API callback logic.
Bug: v8:9183
Change-Id: Id0cd99d3dd676635fe3272b67cd76a19a9a9cea4
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1651470
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62109}
The C++ standard says that template functions should be parsed immediately,
and only type-dependent things should be deferred.
cl.exe (MSVC's compiler) instead deferred parsing of all template functions
until the end of the translation unit, and unreferenced template functions
are not parsed at all. clang-cl emulates cl.exe's behavior.
Recently, cl.exe (and clang-cl) grew a /Zc:twoPhase flag that opts in to the
standards-conforming behavior, and system headers are now clean enough
to build with this flag set.
This cleans up v8 to also build with this flag. There was just a single issue:
RecyclingZoneAllocator() is unused and contains invalid code: It calls
the superclass ctor using `ZoneAllocator(nullptr, nullptr)`, when it should
be doing `ZoneAllocator<T>(nullptr, nullptr)`. With /Zc:twoPhase, this is
now a parsing error. However, since the RecyclingZoneAllocator() default
constructor isn't used anywhere, just delete it.
Finally, improve the comment for ZoneAllocator's default constructor to
explain why it's needed on Windows.
Bug: chromium:969702
Change-Id: I7a516afde67fe090a512d7c7214a3c6932754aca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1652503
Auto-Submit: Nico Weber <thakis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62108}
... in favor of Isolate*. It seems that it's better to be uniform in
using Isolate* or isolate root value, so if we decide to pass isolate
root value instead of Isolate* it should better be done everywhere and
it will be a separate CL anyway.
Regarding the "optionality" of the isolate parameter - C++ compilers
are smart enough to optimize it away during inlining.
Bug: v8:9353
Change-Id: Idf86a792476f49393041ced1c54b8671f5b1794a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1653121
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62107}
https://chromium-review.googlesource.com/1649554 introduced a typo into
Runtime_CloneObjectIC_Miss, where it wouldn't update the IC state UNLESS
the source map is deprecated, which is the wrong way around of course.
Bug: chromium:973045, v8:7611, v8:9114, v8:9183, v8:9343
Change-Id: I7d6e0709e66ce4aaaf4a628d64ab801b84c8993c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655291
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62106}
Currently, in wasm-function stack traces, v8 displays the decimal offset
from the start of the function. However, the WebAssembly WebAPI
specification says that it should be a hex offset into the module.
This change makes the stack trace display with hex module offsets, as
well as fixing all the unit tests that depended on the old behaviour.
R=fgm@chromium.org, titzer@chromium.org, yangguo@chromium.org
Bug: v8:9172
Change-Id: I73737a319a42dd665521ab8a4b825199ae11c87f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1646846
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Guanzhong Chen <gzchen@google.com>
Cr-Commit-Position: refs/heads/master@{#62103}
It was a good flag, but it's time to say goodbye. Let us take a moment
to remember the good times we've had during its short time on earth.
It shipped in Chrome 74.
BUG=v8:8523
R=adamk@chromium.org, mathias@chromium.org, gsathya@chromium.org
Change-Id: I37e58360614c0bb3582b8bbfac795d5ed3e5a149
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1641205
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Auto-Submit: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#62099}
elements.cc invokes ApplyAttributesToDictionary using NumberDictionary as its template
parameter. But the declaration of the template method is in js-object.cc, so nobody
can actually compile the version for number dictionary. This is fixed requesting
explicit instantiation for NumberDictionary.
This was breaking GCC build.
Bug: chromium:819294
Change-Id: I685ddc5b97e129d1a534dbdb04025c0932bc5ecd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649565
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: José Dapena Paz <jose.dapena@lge.com>
Cr-Commit-Position: refs/heads/master@{#62097}
This helps debugging incorrect usage of the SnapshotCreator API in
debug mode.
Change-Id: Ibd9db76a5f460cdf7ea6d14e865592ebaf69aeef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648240
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62095}
Changes calls to conversion builtins in Wasm wrappers to use the builtin
address directly rather than going via the Code object which results in
the trampoline being unnecessarily executed.
Bug: v8:9338
Change-Id: I74593dbda3c8bd308be65bc98ce85213a98f78b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648274
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62094}
This CL adds lint errors for unused Torque macros. To prevent lots of
noisy warnings, the check is rather narrow. Macros declared as "extern"
or marked with "@export" are ignored. Also macros starting with "Convert",
"Cast" or "FromConstexpr" are not checked.
Drive-by: Removing some unused macros.
Bug: v8:7793
Change-Id: Ie0d2e445f8882a9b0ebbda45876b342abf341248
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645312
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62092}
This reverts commit 69fafb5fe3.
Reason for revert: V8 Linux64 GC Stress - custom snapshot
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/26291
Original change's description:
> Enable lazy source positions by default
>
> Also adds a compile time flag which allows the default to be configured
> so node can disable it since it hangs the node cpu profiler tests.
>
> Bug: v8:8510
> Change-Id: Idf4785036dc6242769410091518a67ac9179b718
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1491491
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62089}
TBR=rmcilroy@chromium.org,delphick@chromium.org
Change-Id: I92a64ddc63e36ec326e6d8ba1a5b68af38e3134b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8510
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1653112
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62091}
An error object's 'stack' property is lazily formatted once the
property is first read. It is thus possible that lazy formatting
happens in a different realm than where the error object was
constructed.
In this case, we should use the origin-realm's prepareStackTrace
function to format the stack trace.
This CL implements that behavior by fetching prepareStackTrace from
the given error object's context's error function.
Bug: v8:7848
Change-Id: Ibc383cf24f2c0dab2fd8bb7bc740f1488d9954a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1113438
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62090}
Also adds a compile time flag which allows the default to be configured
so node can disable it since it hangs the node cpu profiler tests.
Bug: v8:8510
Change-Id: Idf4785036dc6242769410091518a67ac9179b718
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1491491
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62089}
Add exception to possible type for the source position table.
Bug: v8:8510
Change-Id: Ia97bba2b88d80ca572be21f236ad85448b6dd6f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1653110
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62087}
This CL changes the types of some fields on StackFrameInfo and
StackTraceFrame from the generic 'tagged' value, to more specific
types. This improves the auto-generated object verifiers.
Bug: v8:8742
Change-Id: Ica7f34a61798fb7ab0655ffa269ba86afe8a52fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649788
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62086}
This CL adds a lint error for variables that are unnecessarily bound
with 'let' when they could be bound using 'const. This test is skipped
for struct types. For struct types, the "constness" also depends on
the struct methods called and whether these methods write to the struct
or not. This is not straight-forward to detect.
Drive-by: Fix all the newly introduced lint errors.
Bug: v8:7793
Change-Id: I0522ffcc4321350eef2e9573b8430bc78200ddce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645322
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62085}
This includes a bunch of individual changes:
- Refactor IC::OnFeedbackChanged() and remove the now unused
GetHostFunction().
- Remove constant_pool, pc and fp from the IC, since it was
only used for --trace-ic by now, and here we can now use the
JavaScriptFrameIterator instead.
- Use FLAG_max_polymorphic_map_count consistently instead of having a
separate kMaxKeyedPolymorphism constant in some cases.
- Remove dead IC::TraceHandlerCacheHitStats() method.
- Remove the unused maybe_handler_ field.
Bug: v8:9183
Change-Id: I29680519ab84b2790c73f50fca966a66918a7e31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649567
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62083}
This CL creates global-context.cc and moves the GlobalContext
constructor impl to this new file. Preparatory refactoring for import
syntax.
This CL also removes one unused static method from GlobalContext
and changes two use-sites where Get() was used together with a static
accessor.
Drive-by: "Include what you use" for global-context.h
Bug: v8:9183
Change-Id: Iafd877d03af9ad65b1c99ebd9743be64192f45c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649790
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62081}
This CL introduces an 'import' statement. It does not produce any AST
node. The AST contextual directly collects what source id imports what other
source id.
Currently the import map is unused. In the future, import syntax will be
used to implement partial compilation.
Bug: v8:7793
Change-Id: I5f09e6254d7ca2e7bc1a93d2e2d82e202cafc8ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649357
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62080}
This addresses a TODO and makes the CAST explicit at the use sites,
which in turn makes it easier to understand the implications there.
Bug: v8:9183
Change-Id: I5b285a5a0ba6b754b4de9d60ff6e18c2e807bf98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649569
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62079}
This reverts commit 02103b276b.
Reason for revert: Speculative revert for breakage on roll:
https://chromium-review.googlesource.com/c/chromium/src/+/1650264
Failing build in breakpad:
https://ci.chromium.org/p/chromium/builders/try/linux_chromium_asan_rel_ng/298512
Original change's description:
> Add Crash Keys support
>
> This adds crash keys containing the isolate address and addresses of
> the read_only, map, and code spaces to crash report minidumps.
> When not compiling V8 with Chrome, a noop implementation is used.
>
> Bug: v8:9323
> Change-Id: I8523630e7a4ff792855163c06bf76dab35b1b9e5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1641326
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#62059}
TBR=jkummerow@chromium.org,tmrts@chromium.org,irinayat@microsoft.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9323
Change-Id: I29138292dd474cf60e2bf3cc9b0629a085abd31c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649787
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62077}
This CL is the starting point to convert all FrameArray users to
use StackTraceFrame objects instead.
Bug: v8:8742
Change-Id: I7bd0081dfd428e9914dedebd5065ac262aacec0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627332
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62076}
This CL changes IncrementalStringBuilder to write short strings
directly to {current_part_} instead of shortening {current_part},
allocating a new part and concatenate everything using ConsString.
This optimization requires the IncrementalStringBuilder to either
use two byte encoding, or the incoming string is flat with one byte
representation.
This CL improves stack trace serialization micro benchmarks up to 10%.
Bug: v8:8742
Change-Id: I5cc8339be8035c42438381883544d108591fb945
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647696
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62075}
Quotes have been added around the token to make the message clearer.
Bug: chromium:943636
Change-Id: Ic38f3e6d307157af2c0146e69fb611a2cfb46564
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593307
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62074}
The path for sealed elements is handled by using the same path for SmiOrObjectElementKind, just need to extend a DCHECK in CodeStubAssembler::IsFixedArrayWithKind.
The only special case is when we write to a hole in holey sealed elements. Since we can not write in that case, just bail out.
Bug: chromium:967101
Change-Id: Ibf837ae053fe609bca83da432f298ef056f3aced
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632830
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62071}
This is reland of Ib1c3f78d1f1a44c6628d351fed3bcdc91ca08cb5
Just fix lint error for unused arguments in Torque.
> Original commit message:
> The fast path for IsExtensible proxy trap is already implemented, we just need to use this for ReflectIsExtensible.
Now, ReflectIsExtensible is now a Torque builtin (previously CPP). Other cases will fall back to runtime.
> Bug: v8:6664
> Change-Id: Ib1c3f78d1f1a44c6628d351fed3bcdc91ca08cb5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645438
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#62031}
Bug: v8:6664
Change-Id: If44ac321ce712a969b3f5076411573eb3968cc14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1646900
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62070}
The introduction of the FeedbackVector solved the problem of
inconsistent feedback between ICs in unoptimized and optimized
code.
Bug: v8:2029, v8:9183
Tbr: jkummerow@chromium.org
Change-Id: Id61033c1661e5a2efb740988552de76f7f148d0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649566
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62065}
The CloneObject bytecode was only able to handle objects, null and
undefined, and explicit bytecode had to be generated to perform the
ToObject outside the bytecode (unlike the other IC bytecodes that
just perform the ToObject implicitly). That means the simplest possible
object cloning would also generate a sequence of 5 bytecodes (at least):
```
Mov <register>, a0
JumpIfNull @1
JumpIfUndefined @1
ToObject <register>
1: CloneObject <register>
```
That is quite wasteful and unnecessary, since the core logic in the
runtime already does the ToObject properly anyways. This change
refactors the CloneObjectIC slightly to behave more like the other ICs
and do the ToObject implicitly when necessary.
Bug: v8:7611, v8:9114, v8:9183, v8:9343
Change-Id: I11973e90bf875f154a5a7739287bee17041e4a7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649554
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62064}
PrintWasmText is used for disassembling wasm code in DevTools, but many
instructions are not implemented. This test should make it easier to
remember to implement this when adding new instructions.
Change-Id: I6030a70113320f11a1ac0436bf0d220b5c41e6d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647475
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62063}
The DoubleToFloat32 helper takes care of everything, so use it
consistently.
Bug: chromium:969498
Change-Id: If71e5374684b89615006548cb0329f4d4cb7fd6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648253
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62062}
This adds crash keys containing the isolate address and addresses of
the read_only, map, and code spaces to crash report minidumps.
When not compiling V8 with Chrome, a noop implementation is used.
Bug: v8:9323
Change-Id: I8523630e7a4ff792855163c06bf76dab35b1b9e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1641326
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62059}
The linked lists of FreeLists could contain empty elements
(FreeListCategories whose `top()` is null). The code is carefuly
written so that this case won't break anything (probably just slow
things a little bit). When `FreeList::FindNodeIn` (the fast path of
`FreeList::Allocate`) found such an empty `FreeListCategory`, it
removed it by calling `FreeList::RemoveCategory`, and looked in the
next `FreeListCategory` of the same size. However, on the slow path of
`FreeList::Allocate`, the functions that iterates the
`FreeListCategory` are `FreeList::TryFindNodeIn` and
`FreeListCategory::PickNodeFromList`, none of which removed empty
elements. Therefore, it could happen that a `FreeListCategory` "real"
first element could be used, but was never considered due to the top of
the linked list being empty. The behavior for the slow path should be
the same as for the fast path on that regard.
The problem was actually deeper than that: FreeListCategories were not
always in a consistent state, since they could have empty members. The
removal of those empty elements should be done as soon as they are
created, ie when allocating the last element.
This CL ensures that empty FreeListCategories are removed as soon as
they become empty.
Bug: v8:9329
Change-Id: Idda8096dc5978745894854a0405da59f7e8691a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648476
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62058}
When trying to find a spot in the freelists for a tiniest object,
the tiny freelist was never searched.
This was fixed by modifying FreeList::Allocate in order to handle
that special case.
A test was added in cctest/heap/test-spaces.cc. It allocates a
Tiny object on a new page, then fills up the page, then frees the
first object, and finally tries to allocate a Tiniest
object. Before, this Tiniest object would go on a different page;
now it goes on the same one (which is what the test checks for).
Bug: v8:9329
Change-Id: Ia810726d1bfe1dae4ef2055a7f5b314b1514ee9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647162
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62055}
Currently, decompression elimination may reduce phis by pushing decompressions in the value inputs of the phi "down" and replacing it by a single decompression following the phi node. Because of the way that the replacement is currently done, other reducers in the same phase will not generally get a chance to revisit the modified phi.
In the specific case of v8:9335 this blocked an additional optimization in CommonOperatorReducer from being applied, causing the overall load elimination test to fail.
This CL fixes the replacement behavior in decompression elimination to also allow for revisitations of the modified phi node.
Bug: v8:9335 v8:9336
Change-Id: I3ca5686dacb41a525160b08456905ba77cf28b39
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Change-Id: I3ca5686dacb41a525160b08456905ba77cf28b39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648238
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Schmid <gsps@google.com>
Cr-Commit-Position: refs/heads/master@{#62054}
I realized that the parameter order of ValuesTypes::IsSubType is
inconsistent with the parameter of e.g. DCHECK_LT. DCHECK_LT(a, b) is
satisfied if a < b. For ValueTypes it was the other way around.
ValueTypes::IsSubType(a, b) returned true if b was a subtype of a.
R=mstarzinger@chromium.org
Bug: v8:9183
Change-Id: Ifb192bbecdcfe002ef8ca0887d1497393e16e11e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649358
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62050}
Implements the addition of BigInts as a Torque builtin, which performs necessary
checks and then calls into C++. The core logic of MutableBigInt::AbsoluteAdd,
MutableBigInt::AbsoluteSub and MutableBigInt::AbsoluteCompare is now used by both
the runtime and the Torque generated builtin for best performance.
Bug: v8:9213
Change-Id: I5f6af4dd226f11e6287bd04272ccae6ee5c26498
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640211
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@google.com>
Cr-Commit-Position: refs/heads/master@{#62049}
This way we walk the input string twice, but we reduce the number of branches
per ascii char in the long-ascii-sequence case from 2 per char to ~ 1 + 2 /
sizeof(intptr). Let's land and see what the bots say.
Change-Id: I574971c7df896237f3382be634a9bedc920fc827
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649356
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62046}
Registering shared wasm memory with the memory tracker was implemented to
track which instances need to be upated across threads on grow. As the
growing of memory when it is shared is behind a flag, the registering
should also be gated by the flag so as to not create global handles
that keep the memory alive.
Bug: v8:9075
Change-Id: I379a19413befa281cd384c9167fbc22ba52f4c2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1646882
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62043}
As per the new specs, when the exception is thrown by iterator's return method
while doing iterator close because it is not callable, the exception is
suppressed in the same way as if the return method is called and threw an exception.
https://github.com/tc39/ecma262/issues/1398
Bug: v8:9056
Change-Id: I21abd5fdd01d3a957c3c16d9d3aaab9091e43142
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648256
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com>
Cr-Commit-Position: refs/heads/master@{#62035}
This reverts commit 566233ae52.
Reason for revert: Breaks the build
Original change's description:
> Extend IsExtensible proxy trap fast path for Reflect.isExtensible
>
> The fast path for IsExtensible proxy trap is already implemented, we just need to use this for ReflectIsExtensible.
> Now, ReflectIsExtensible is now a Torque builtin (previously CPP). Other cases will fall back to runtime.
>
> Bug: v8:6664
> Change-Id: Ib1c3f78d1f1a44c6628d351fed3bcdc91ca08cb5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645438
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#62031}
TBR=jgruber@chromium.org,mslekova@chromium.org,tmrts@chromium.org,duongn@microsoft.com
Change-Id: I92f83d8c9cbdca1a33ddd0e875551deb62d7de89
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6664
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648241
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62033}
Port 4237fc378c
Port 71c66873d6
Original Commit Message:
We want to allocate feedback vectors lazily in lite mode. To do that,
we should create closures with the correct feedback cell. This cl
allocates feedback cell arrays to hold these feedback cells in lite mode.
This cl also modifies the compile lazy to builtin to expect these arrays
in the feedback cell.
Drive-by fix: InterpreterEntryTrampoline no longer has argument count in
a register. So updated comments and removed unnecessary push/pop of this
register.
R=mythria@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I2cca35cab2c0a1bc75619ff1565e453635f6b0e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1646891
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#62032}
The fast path for IsExtensible proxy trap is already implemented, we just need to use this for ReflectIsExtensible.
Now, ReflectIsExtensible is now a Torque builtin (previously CPP). Other cases will fall back to runtime.
Bug: v8:6664
Change-Id: Ib1c3f78d1f1a44c6628d351fed3bcdc91ca08cb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645438
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62031}
If the embedder specifies an initial heap size, then we can take it
as a hint to skip full GCs below that threshold.
Bug: v8:9306
Change-Id: I42a4c597bf75c6ba9845ed7a6bd9946012979005
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1646515
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62030}
This CL adds lint errors when 'let' bindings, arguments and labels
are not used. Note that errors for 'const' bindings will be added
later.
In cases where arguments are actually needed to match the signature,
the warning can be silenced by prefixing identifiers with "_". This
might be needed for generic specializations or builtins called from
TurboFan. Trying to use a variable or label that was marked with
"_" results in a compilation error.
Implicit arguments are not linted. They are implemented using exact
string matching. Prefixing an implicit argument with "_" in a callee
would break all callers as the names would no longer match.
Drive-by: Fix all new lint errors in the existing Torque code.
Bug: v8:7793
Change-Id: I68b3c59c76b956e9f88709e9388a40a19546ce52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645092
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62027}
The implementation is already quite trivial and in addition in case of
ptr-compr this implementation becomes even simpler and C++ compiler
gets the opportunity to hoist common computation of isolate root.
Tbr: yangguo@chromium.org
Bug: v8:7464, v8:7703
Change-Id: I6e59cd43253c9ade5a0e27025ea7fabecd5b7af7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647171
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62024}
Move the closure hints out of environment_hints_ so that they are
handled similar to return value hints. That makes things a little
cleaner overall.
Also make it clear in terms of SLOW_DCHECKs why we don't need to
merge closure hints and, in the case of a dead environment, return
value hints.
Also rename environment_hints_ to ephemeral_hints_. The old name was
weird because these are not the only hints in the environment.
Bug: v8:7790
Change-Id: I2cb5389632c4827b027799985b8320f39e1e2314
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643555
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62019}
The new API function is called ConfigureDefaultsFromHeapSize and
accepts two parameters: the initial and the maximum heap size.
Based on the given limits the function computes the default size
for the young and the old generation.
The patch also cleans up the existing functions to make them
consistent in terms of units and heap structure.
Bug: v8:9306
Change-Id: If2200a9cdb45b0b818a373207efe4e6426f7b688
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631593
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62017}
Ideally, in the common case the backtracking stack should be
stack-allocated (and thus cheap). We should only switch to dynamic
allocation if needed. SmallVector implements exactly this strategy, so
switch to that as a backing store.
This improves Octane/RegExp scores (--regexp-interpret-all) by 50%.
Bug: v8:7777,v8:9330
Change-Id: I0d1b07bd8fd94483128e021390d054f483076f8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645318
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62013}
This section potentially contains allocations and thus gc, all object
references should be handlified.
Bug: v8:9333
Change-Id: I5814e66e8b9b75a8bd952afecae7a3a27b42a642
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647695
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62012}
This CL adds the last fields needed to stringify all stack frames from
StackFrameInfo objects instead of accessing the FrameArray directly.
Drive-by-change: The factory method that creates StackFrameInfo is
refactored to:
1. collect all values for the fields
2. allocate a StackFrameInfo
3. set all the values on the allocated info object.
This fixes undefined evaluation order bugs that GCMole failed to spot,
as well as make one factory method unnecessary.
Note: More precise types on the fields that are currently "Object"
will happen in a follow up CL.
Bug: v8:8742
Change-Id: Ia8c55fc128434f27aadeba78e8483d90296abe3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1641242
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62010}
This reverts commit ce23fd6400.
Original change's description:
> [heap] Clean up Heap::ConfigureHeap
>
> This re-arranges the implementation of the function to make it more
> consistent. The only functional change is replacement of RoundUp with
> RoundDown, which makes more sense for the limits.
>
> Bug: v8:9306
> Change-Id: Id1d4bc6cc414e3618c3878de8cb87a9ed59711f5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643432
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61997}
TBR=mlippautz@chromium.org,jgruber@chromium.org
Change-Id: I2352c1305ea3e617b32951e4b1aa871271800478
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645330
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62008}
This is a reland of a04862021e.
It turns out that this gives ~2x speedup on highly parallel WebAssembly
compilation, so let's try again landing this in isolation.
Original change's description:
> [zone] Use 32kb instead of 1MB as high zone page size
>
> It seems that allocating smaller pages is actually quite a bit faster than
> larger pages, probably because they can be cached by malloc. Let's see what the
> bots say.
>
> In a follow-up I'll check whether the segment-pool is actually beneficial or
> whether we should just remove it.
>
> This also drops SegmentSize::kLarge as a way to make compilation deterministic.
> Turns out that by now we need >8mb anyway, and the previous 1mb wasn't enough.
> At the same time the compiler was fixed to not rely on virtual addresses of
> zone objects anymore, and there's a bot checking whether the snapshot is
> determistic.
>
> Change-Id: I38cbb0d209d68b3671fd38763b42714811f4223e
> Reviewed-on: https://chromium-review.googlesource.com/c/1346370
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57683}
Change-Id: I243ba741f0968879b4cfe9f366d81ddc53a9bf27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645326
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62007}
ObjectIsExtensible is now a Torque builtin (previously CPP) and the Proxy path is implemented completely in Torque while everything else calls into runtime (and is thus a bit slower than previously).
Improvement in micro-benchmark
Before:
IsExtensibleWithoutTrap-Proxies(Score): 2228
IsExtensibleWithTrap-Proxies(Score): 917
After:
IsExtensibleWithoutTrap-Proxies(Score): 3683
IsExtensibleWithTrap-Proxies(Score): 3310
Bug: v8:6664
Change-Id: I1fbe1c51cb724a23d7a59fc8231bb3d1461a6add
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637444
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62006}
This is a reland of 42fee61a97
The in-object fields of JSModuleNamespace has been excluded from torque.
It is restored back to its existing mechanism on the C++ side and rest
of the class is ported to torque.
Original change's description:
> [torque] Convert few class layout to torque.
>
> 1. Converted Module, JSModuleNameSpace, JSCollator, JSV8BreakIterator,
> TemplateList,
> JSStrictArgumentsObject to torque.
>
> Bug: v8:8952
> Change-Id: I01e88ac36acd7ba18791bec609e5ae737672c731
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619146
> Commit-Queue: Suraj Sharma <surshar@microsoft.com>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61671}
Bug: v8:8952
Change-Id: Ibd41000ad96ae57bd4f452f0c0c1b890e2c6fb5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632833
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62005}
During regexp execution we usually do not expect any interrupts to
exist. This optimization doubles Octane/RegExp scores with
--regexp-interpret-all.
Drive-by: Do the same for irregexp stack checks (only applicable when
called through the runtime).
Drive-by: Slightly more specific AllowHeapAllocation scopes.
Bug: v8:7777, v8:9328, v8:9330
Change-Id: I502d54d49a1267dee4b8a086dc6c2dca318a2d97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645313
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62000}
This reverts commit f2823886ba.
Reason for revert: Causes TSAN timeouts in RestoreHeapLimit, see https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/26812
Original change's description:
> [heap] Clean up Heap::ConfigureHeap
>
> This re-arranges the implementation of the function to make it more
> consistent. The only functional change is replacement of RoundUp with
> RoundDown, which makes more sense for the limits.
>
> Bug: v8:9306
> Change-Id: Id1d4bc6cc414e3618c3878de8cb87a9ed59711f5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643432
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61997}
TBR=ulan@chromium.org,mlippautz@chromium.org,jgruber@chromium.org
Change-Id: I635d60fdfb332cf62ab55eb32242937ebee2f6ad
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9306
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645323
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61999}
... as it uniquely idenifies object inside an Isolate.
This also allows comparisons between full tagged values ([Maybe]Object)
and potentially compressed tagged values ([Strong]TaggedValue).
As a side effect with this change we should generate a bit less code.
Bug: v8:7703
Change-Id: I822df24e03653fa73314e0a6f81f0fa7b5c61eba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643433
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61998}
This re-arranges the implementation of the function to make it more
consistent. The only functional change is replacement of RoundUp with
RoundDown, which makes more sense for the limits.
Bug: v8:9306
Change-Id: Id1d4bc6cc414e3618c3878de8cb87a9ed59711f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643432
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61997}
This CL changes the way stack trace serialization appends numbers.
Instead of converting plain int to Handle<String>, they are converted
to char*. The reason is that appending a Handle<String> causes the
IncrementalStringBuilder to shrink the current part and create two
ConsString instances to concatenate the accumulator, the current part and
the passed in Handle<String>.
This CL improves stack trace serialization micro benchmarks by ~12%.
Bug: v8:8742
Change-Id: I174667379084381245827cb979f91db3c59ce75e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643169
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61996}
Compile import wrappers during module compilation by introducing import
wrapper compilation units, the goal being to reduce instantiation time.
For each wrapper, we assume the imported function is going to be a
kJSFunctionArityMatchSloppy at instantiation time, which should be the
most common case. If the function turns out to have a different kind the
wrapper is going to be recompiled with the correct kind during instantiation.
R=ahaas@chromium.org, clemensh@chromium.orgCC=titzer@chromium.org
Bug: v8:9231
Change-Id: Ieb050b09d1c19f2a5a3e59132a1864dadb06775d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630685
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61993}
These were only used by test-log/EquivalenceOfLoggingAndTraversal,
which itself has been marked as failing since 2013. This CL removes
the test itself as well as the TEST natives kind.
Bug: v8:7624,v8:2857
Change-Id: Iedf2b1c94e31ccd1ea885d72bf1fac5d33defa90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643467
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61984}
Avoid the linear lookup of function literal id when getting the shared
function info TraceID, by optionally passing through a FunctionLiteral.
Additionally, use the FunctionLiteralId helper when a FunctionLiteral is
not available, since it can also fast-path in some cases.
As a drive-by, allow using a ScriptIterator without an Isolate pointer
(e.g. manually creating a handle) to allow calling FunctionLiteralId
without an Isolate pointer.
Bug: v8:9325
Change-Id: Ibfa053f300d6d5005485c67174a848264a5d1372
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643429
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61983}
Allow the embedder to decrement its allocated bytes count:
- The decrement will be applied to the used bytes value.
- The decrement is ignored for the total allocated bytes.
Bug: chromium:948807
Change-Id: I609ccf81017b693e0db13b499cbf8967f5f8a2c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631428
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61982}
As it stands most of ReadOnlySpace class's method are unusable once it
has been sealed, since all of its pages are read-only. Set owner_ to null
to ensure nothing unintentionally uses it.
This also helps with separating the ReadOnlySpace from the Heap class in
the future as ReadOnlySpace might not inherit from Space.
Bug: v8:7464
Change-Id: I3b24f20c644d6f5e23647bc1de4d256a20a0eb19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637800
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61979}
It's very helpful to know when they die.
Bug: v8:7790
Change-Id: I08a369da7eb19d46ecdc02b404b0085d6410ab4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643168
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61978}
- Changes functions that call OpenHandle multiple times to assign a
local and use it the second time.
Change-Id: Ibc7e881158dc6aec489e3f30690da8982014d52a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1636459
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61971}
Implemented verifiers for the following classes:
- ExternalString
- FixedArrayBase
- JSCollection
- JSCollectionIterator
- JSWeakCollection
- Name
- SeqString
- Struct
Removed the following class definitions from Torque, because they're
just JSObject instances with particular starting maps, as discussed in
https://crrev.com/c/v8/v8/+/1619146/6/src/builtins/base.tq#459 :
- JSAccessorPropertyDescriptor
- JSDataPropertyDescriptor
- JSIteratorResult
Following similar logic, removed the Torque definition of
WasmExceptionPackage because it's just an error object that happens to
have a couple of private-symbol properties.
The following classes should not be defined in Torque because they're
just a starting state for JSObject, but I'm leaving them for now because
existing Torque code requires them:
- JSArgumentsObjectWithLength
- JSProxyRevocableResult
Bug: v8:9311
Change-Id: I0336b6be7d02e48e4a8a0f660e24d2c2fa5f5e34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637448
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61970}
The missing forward declaration made include header checks fail on gcc:
https://crrev.com/c/1637464R=ishell@chromium.org
Bug: v8:9290, v8:7490, v8:9183
Change-Id: I7e513c04297982e403783e7ea7341b271c4fef72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640214
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61965}
This CL changes "MessageWriter" type to std::function instead of a
plain function pointer. This allows capturing lambdas, which in turn
are used to make unittests more robust.
R=sigurds@chromium.org
Bug: v8:8880
Change-Id: I9d71ddcac173af36e5b62852f2a9ec6dcfac9f78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640201
Commit-Queue: Simon Zünd <szuend@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61958}
Trap handler registration happens under a spin lock, which causes lots
of wasted cycles. With 48 background compilation threads, half of the
wall-clock time is being spent on that spin lock.
Moving this registration inside {PublishCodeLocked} avoids any lock
contention (if a single module is being compiled), since we already
sequentialize code publication. This speeds up background compilation
for large numbers of background tasks, and has no measurable effect for
small numbers.
R=ahaas@chromium.org
Bug: v8:8916
Change-Id: I572b53b9b581e4d5f6e441f6685350017d08d0be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634928
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61957}
This CL avoid lowering Switch to jumptable if the case count is small enough(4).
Change-Id: Ida632807558c7403171e803947e7484908e0e028
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605357
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61954}
CompressedHeapConstant is used in the DecompressionElimination Reducer to
create compressed HeapConstant values. It won't appear in the graph
up until that point.
This CL enables back the disabled tests in DecompressionElimination, as
well as generating the CompressedHeapConstant in that reducer.
The RelocInfo has already been added for x64 but not for arm64. Therefore,
the x64 version is now doing the mov on 32 bits. The support for ARM will
come in a following CL, and for now it is doing the mov in 64 bits.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703, v8:9298
Change-Id: If0ca4f937cfa60501679e66f6fd5ded2df38f605
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632236
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61950}
Array push / pop / shift were inlined if the elements kind of the
receiver maps is the same. This cl extends it by inlining these
builtins even when the receiver maps have different elements kinds.
It still limits it to only fast elements kinds. This is required to
prevent regressions in deltablue when lazy feedback allocation is
enabled. With lazy feedback allocation we may see polymorphic
feedback more often, since we don't have allocation site feedback
till the feedback vectors are allocated.
Bug: v8:9078
Change-Id: Id4a7b84be6305b125913b6ce0fb4f3eb3e3b15ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632239
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61949}
This fixes a problem where ICs for transitioning stores go MEGAMORPHIC
if the transition target map dies in between invocations of the IC,
which is totally possible, since we only hold on weakly to these
transition targets (both from the FeedbackVectors and also from the
TransitonArrays).
The root problem here was an inconsistency in how the maps and handlers
are being reported by the FeedbackVector. On the on hand side the method
FeedbackVector::ExtractMaps() will report all receiver maps that are
still present (i.e. which haven't died themselves), but then the other
method FeedbackVector::FindHandlers() will only report handlers that are
still alive (i.e. which in case of transition target maps being used as
handlers haven't died yet). If the length of these lists don't match the
IC chickens out and goes MEGAMORPHIC. But this is exactly the case with
the transitioning stores, where there's no handler anymore, i.e. as can
be seen in this simple example:
```
// Flags: --expose-gc
function C() { this.x = 1; }
new C();
new C();
gc(); // map with the `C.x` property dies
new C(); // now the STORE_IC in C goes MEGAMORPHIC
```
So the problem is that we have these two methods that don't agree with
each other. Now FeedbackVector::ExtractMaps() is also used by TurboFan
and it even reports receiver maps for PREMONOMORPHIC state, which is
different from the use case that the ICs need. So I replaced the
FeedbackVector::FindHandlers() with a completely new method
FeedbackVector::ExtractMapsAndHandlers(), which returns both the maps
and handlers, exactly as the ICs need it. And only returns pairs for
which both the receiver map and the handler are still alive.
This fixes the odd problem that sometimes STORE_ICs going MEGAMORPHIC
for no apparent reason. Due to the weakness of the transition target
maps, they can still die and cause deoptimizations, but at least
TurboFan will now be able to reoptimize again later with the new maps
and still generate proper code.
Bug: v8:9316
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Change-Id: I74c8b60f792f310dc813f997e69efe9ad434296a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637878
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61948}
The size is now computed as a fraction of the old space size:
- for low memory devices (<512MB) the fraction is 1 / 256.
- for all other devices the fraction is 1 / 128.
The values were chosen to minimize the difference between the new
and the old heuristics.
Bug: v8:9306
Change-Id: I3246fe2d6fc589af6220e2566e3f10fb13470b82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632158
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61947}
This makes the API more consistent and reduces the cognitive load of
switching between 'next' and 'Next'.
Bug: v8:9183
Change-Id: Ia81b874374626887d6af8c90f8ac185812f0573f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635689
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61946}
Port c354fb9cda
Original Commit Message:
This CL adds a new enum {LiftoffBailoutReason}, and tracks this reason
for each bailout. This will give us data to prioritize extensions of
Liftoff for new proposals or last missing instructions. Since we also
track the {kSuccess} case, we will also see what percentage of
functions can be compiled with Liftoff overall.
R=clemensh@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Iaf93d59780f62f03ccdcd5368ce4331e8b496f52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1638004
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#61945}
counter_ could never be RO_SPACE. Make sure RO_SPACE and OLD_SPACE are
marked as unreachable.
Added tests for PagedSpaces and SpaceIterator.
Bug: v8:9183
Change-Id: I97bc2b4e0e5af37363a1c628ca7d69d2790a97b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635696
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61943}
Without this, asan (rightfully) complains about read-only space leaking.
Because pages are manually allocated using mmap, a few objects within
them need to be explicitly ignored in addition to the read-only heap
itself.
This change re-adds lsan.h, with tweaks to make the type checking a bit
more lenient.
Bug: v8:7464
Change-Id: I0e2809930f3674e3f891e755b568ebb5194da461
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622121
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61942}
ReadOnlySpace::Contains uses owner() which will eventually be set to
nullptr. Use ReadOnlyHeap::Contains instead.
Bug: v8:7464
Change-Id: I2b33c40b937768ff06536fb17be8d57727a8dd22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635695
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61940}
This CL adds a new enum {LiftoffBailoutReason}, and tracks this reason
for each bailout. This will give us data to prioritize extensions of
Liftoff for new proposals or last missing instructions. Since we also
track the {kSuccess} case, we will also see what percentage of
functions can be compiled with Liftoff overall.
R=mstarzinger@chromium.orgCC=jwd@chromium.org
Change-Id: I42b6a14c5a298ddda7053c195e8b650dc1fe66dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634910
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61939}
The `FunctionTemplate::SetHiddenPrototype()` API was removed in a
previous CL, after being deprecated since beginning of the year. This
removes all the logic behind it, leaving us with just the special case
of the JSGlobalProxy which has the JSGlobalObject as its hidden prototype.
This gives us back one bit in `Map::bit_field2` and removes quite a bit
of complexity from the code base (especially due to previous work from
verwaest@ in this area).
Bug: v8:9267
Change-Id: Id04b59686212fe35a63c9451aa3e045f0766b9cc
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619752
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61938}
Truncation::Float64 is confusing; in reality, we mean that oddballs
and big-ints are identified with their ToNumber counterparts.
Bug: v8:9183
Change-Id: Ibcce990327ac7e01e36a2237ad39c374ac9922aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632224
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61937}
port https://crrev.com/c/1632235 (65f3861) to mips.
Original Commit Message:
So far, calls to Wasm C/C++ API functions reused the call descriptors
of WasmImportWrappers, and the stack frame type of regular Wasm
functions. This CL cleans that up by introducing separate implementations
for both. No change in functionality or performance is expected.
Change-Id: I1d068e9baab403d714ddb31c26f97fa4e5becb41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635275
Commit-Queue: Yu Yin <xwafish@gmail.com>
Auto-Submit: Yu Yin <xwafish@gmail.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61933}
This makes it so that v8 stops using the copy of the
endoding library in the template - that is,
third_party/inspector_protocol/lib/encoding_{h,cpp}.template -
and uses the C++ library directly instead. This is done
by having third_party/inspector_protocol/lib/Values_cpp.template
include it, which is configured in the
inspector_protocol_config.json.
Change-Id: I1f8f2541ac2ed588ca35249e383b4c569434022b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635598
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61930}
Fixes LookupNameOfBytecodeHandler so it actually returns non-nullptr
values with embedded builtins enabled. Also now correctly handles wide
and extra-wide bytecodes and always works regardless of whether
ENABLE_DISASSEMBLER is set.
Bug: v8:9215
Change-Id: I787134f2145d02daaf5b50ecb6c174dfc129a4fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635890
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61929}
Bug: v8:9247
Change-Id: Id6860e7b0f932990ac3cda39e369b0809e4f6a2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632072
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61928}
Currently, Number.prototype.toString(radix) often fails to produce the
least significant bit for doubles near zero. For example, for the
minimum double, 5e-324, toString(2) produces "0". This means that a
user cannot reliably get the exact binary or hexdecimal value of a
double from JavaScript using toString.
This patch makes a slight amendment to the DoubleToRadixCString
function, so that doubles where the gap to the next double is 5e-324
(i.e. doubles less than 2**-1021), are represented exactly in binary and
other power-of-two bases, and close to exactly otherwise. It results
in Number.prototype.toString producing the correct binary value for all
doubles.
R=jkummerow@chromium.org, mathias@chromium.org, yangguo@chromium.org
Bug: v8:9294
Change-Id: I71506149b7c4c0eac8c38675a1ee15fb4f36f9ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631601
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61925}
Port 157b9181f4
Original Commit Message:
Port 878ccb33bd
Original Commit Message:
This CL was generated by an automatic clang AST rewriter using this
matcher expression:
callExpr(
callee(
cxxMethodDecl(
hasName("operator->"),
ofClass(isSameOrDerivedFrom("v8::internal::Object"))
)
),
argumentCountIs(1)
)
The "->" at the expression location was then rewritten to ".".
R=miladfar@ca.ibm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I620c2104b649a75a01fd7a92dacadd652b23be7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634931
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#61921}
Port f5ab7d38be
Port 65f3861e3b
Original Commit Message:
In a new test suite: "wasm-api-tests", using a new binary "wasm_api_tests",
powered by gtest/gmock (like unittests).
Also fix a bunch of issues that these tests uncovered, mostly to ensure
that the stack is walkable.
R=jkummerow@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I9ec54193216d1b2024ee9c4f8f6dbda34bbf4586
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632354
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#61920}
AccessCheckInfo is a struct which is initialized with undefined values
as placeholders. Update the definiton so that the verifier that could
run between allocation and setting a field is happy.
Bug: chromium:967433
Change-Id: I21b99645c01e109d7ba0b61a5366e1f66a7f98d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634922
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61918}
According to the spec, in case where the property is non-configurable and
non-writable, the value passed to the set trap should be compared to the data.
Instead, the trap result was compared, because of the misleading name of the
CheckGetSetTrapResult parameter.
Regression was introduced in
https://chromium-review.googlesource.com/c/v8/v8/+/1604071
Bug: chromium:966450
Change-Id: I77501980475da3aeb4f6153321da39e6fc2e6bd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632238
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61916}
So far, calls to Wasm C/C++ API functions reused the call descriptors
of WasmImportWrappers, and the stack frame type of regular Wasm
functions. This CL cleans that up by introducing separate implementations
for both. No change in functionality or performance is expected.
Change-Id: I79301fa81da52283cc776ddf19d4712372f3a58b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632235
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61914}
The proposal is changing accordingly, see
https://github.com/WebAssembly/reference-types/issues/36.
In our tests we were already using the new format implicitly, because
bulk-memory-operations are enabled by default. I noticed the missing
implementation when I executed spec tests with
--no-experimental-wasm-bulk-memory.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I13aaba9a8d60e8542245aac7f0a072da1be357dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631591
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61913}
The backtracking stack (which is actually a generic stack) used to be
statically sized. At 10k elements, it was fairly large, but still easy
to overflow on large subject strings. This CL changes it to a
std::vector-based implementation instead which grows on-demand.
Drive-by: Add braces to the BYTECODE cases to make clang-format
produce a nicer output.
Bug: v8:8776
Change-Id: If41a444fe3d05f6d5be1be019129788a86e6118b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634914
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61912}
This removes two default switch cases for unsupported opcodes, and
replaces them by explicit lists. This makes it easy to see what is
currently not supported in Liftoff. In a follow-up CL, each bailout
will be associated with a category to track which features currently
cause Liftoff to bailout.
This change also makes Liftoff crash (in UNREACHABLE) if invoked with
asm.js code. Hence, change the asm.js tests to not test Liftoff. In
production, we do not invoke Liftoff for asm.js anyway.
R=mstarzinger@chromium.org
Change-Id: I971c6146ed325103d14008c0e67a973a47a35bc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634909
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61911}
This is a reland of 8092acbe41
Original change's description:
> [wasm] Store signature with {WebAssembly.Function} objects.
>
> This adds simple serialization and deserialization of the signature
> provided when a {WebAssembly.Function} object is constructed. For now
> this signature is only used by the {WebAssembly.Function.type} method,
> but will soon be used when importing such functions as well.
>
> R=jkummerow@chromium.org
> TEST=mjsunit/wasm/type-reflection
> BUG=v8:7742
>
> Change-Id: If4a687ea537d8c12f4f01a7d3ac5a795ceb999c6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632211
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61898}
Bug: v8:7742
Change-Id: I5d784165c460abd9d7b07f5cdafc746d5380ccd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632159
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61910}
see https://crrev.com/c/1630678
that patch modify this by mistake.
Change-Id: I7db0205a08beff3f7e6372d62dd810ef859c9fcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1633932
Auto-Submit: Yu Yin <xwafish@gmail.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61909}
Also generally cleanup the Copy* code in elements.cc a bit.
Bug: v8:9183
Change-Id: I4a56db1f0b382a4b9583cae3b47e4ce572393d9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634249
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61908}
There's a still a bug in the serializer related to resumables. I know
what the problem is but I may not have time to prepare a fix this week.
Given that --future is enabled on some canaries, let's exclude
--concurrent-inlining for now.
Bug: v8:7790
Change-Id: I78331ae423239ee7f0417a49e9eb58601a9a1590
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634189
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61907}
A given target offset may already have an environment associated with
it (there can be multiple jumps to the same target). In that case we
used to throw away the previous environment. With this CL we merge the
environments instead.
Bug: v8:7790
Change-Id: I0c22182436fc48e29675e49627729a33cbeaaf4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631603
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61905}
Kill the environment when encountering Throw, Rethrow or Abort, because
the following code may be dead.
Also add support for the SwitchOnSmi bytecode.
Bug: v8:7790
Change-Id: Ia925aec854fea031be1df88a6a924e4b0d0406e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631602
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61904}
If we need to build an icu::UnicodeString for a string that is currently
in one-byte representation, we first have to expand the string's content
into a two-byte representation. Doing so involves allocating an array,
which is slow. With this change, we can convert short strings on the
stack instead to save time. The cutoff length for what counts as "short"
is pretty arbitrary, but we believe many strings fit into an 80-column
line. This increases the score of cdjs in JetStream 2 by 35% on my
machine, because cdjs is basically a test of localeCompare throughput.
Bug: v8:9305
Change-Id: Iba081ac5a8fa7659edf06ac97ba8acf3f8328d59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630848
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61901}
These are unused and unmaintained, there are probably a lot of paths by
now which don't funnel through this, so remove them.
Bug: v8:9183
Change-Id: I4b48034e396b3ee481ae87283ab9a860f2f41d1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632155
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61900}
This reverts commit 8092acbe41.
Reason for revert: Causes UBSan warnings:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/6436
Original change's description:
> [wasm] Store signature with {WebAssembly.Function} objects.
>
> This adds simple serialization and deserialization of the signature
> provided when a {WebAssembly.Function} object is constructed. For now
> this signature is only used by the {WebAssembly.Function.type} method,
> but will soon be used when importing such functions as well.
>
> R=jkummerow@chromium.org
> TEST=mjsunit/wasm/type-reflection
> BUG=v8:7742
>
> Change-Id: If4a687ea537d8c12f4f01a7d3ac5a795ceb999c6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632211
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61898}
TBR=jkummerow@chromium.org,mstarzinger@chromium.org
Change-Id: I56ea9df5db3f95c05068186097e298cb73a3675d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7742
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632218
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61899}
This adds simple serialization and deserialization of the signature
provided when a {WebAssembly.Function} object is constructed. For now
this signature is only used by the {WebAssembly.Function.type} method,
but will soon be used when importing such functions as well.
R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: If4a687ea537d8c12f4f01a7d3ac5a795ceb999c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632211
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61898}
Feedback pollution can create situations in which we statically see stores to the same field with incompatible representations; dynamically this should be impossible for a single TurboFan compilation unit. Instead of failing an assertion we produce Unreachable nodes.
R=tebbi@chromium.org
Bug: chromium:967434 chromium:967506
Change-Id: Id549ec84f28b4fed2d2e5ef05b40b48bc5b30e97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632169
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61894}
