According to the wasm js-spec, the table index can be uint32. The
implementation in our implementation expected an int though. We did not
check for the int overflow.
I replaced the throwing of the exception in WasmTableObject::Get to use
the ErrorThrower instead of throwing the exception with Isolate::Throw
directly. The reason is that I see with other CL's that I have to throw
several errors, and I don't want to introduce a new message and
MessageId for every error. Moreover, the ErrorThrower is a standard way
in wasm to throw errors. It feels right to throw the error the same way
here.
R=mstarzinger@chromium.org
Bug: chromium:940296
Change-Id: Idb77c813506fe66a3192b66fe0e8e807b80580ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514496
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60181}
Type declaration may contain a parent type in an "extends" clause.
This CL changes the token type of the name after such a clause
from std::string to Identifier*. The resulting SourcePosition is then
used to implement the "goto-definition" link from that name to the
definition of the parent type.
R=mvstanton@chromium.org
Bug: v8:8880
Change-Id: I9ea6cd83e4d6ef535906e36626f64d458c7d0270
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511481
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60179}
This is a reland of beaca8cf8b
Original change's description:
> [presubmit] use the correct path for third party libraries
>
> This CL ensures that presubmit script checks Torque files in third_party
> dependencies.
>
> R=szuend@chromium.org
> TBR=machenbach@chromium.org,sergiyb@chromium.org
> CC=yangguo@chromium.org
>
> No-Try: true
> Change-Id: I9e2b193defbebe7ae85cfc5d14ce50c2ac367e9b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513674
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Commit-Queue: Tamer Tas <tmrts@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60152}
R=szuend@chromium.orgTBR=machenbach@chromium.org,sergiyb@chromium.org
CC=yangguo@chromium.org
No-Try: true
Change-Id: Id74408fbc69cd45bd48ec06c2e4da556d384d99c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1515753
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60178}
This CL adds two sets of benchmarks. The first measures the effort
needed to walk the stack and create the data structure stored in
Error.stack, while the second measures the serialization of that
Error.stack data structure into a string.
R=petermarshall@chromium.org, yangguo@chromium.org
Bug: v8:8742
Change-Id: Ie7b86da5621cb186a036a3ec99692ec4d2048fba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505614
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60176}
See: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/windbg-scripting-preview
The script can be loaded into WinDbg with:
.scriptload full_path\windbg.js
Help:
!help
Currently provided functionality:
!jlh("local_handle_var_name")
prints object held by the handle, e.g. !jlh("key") or !jlh("this->receiver_")
!job(address_or_taggedint)
prints object at the address, e.g. !job(0x235cb869f9)
!jobs(start_address, count)
prints 'count' objects from a continuous range of Object pointers, e.g. !jobs(0x5f7270, 42)
!jst() or !jst
prints javascript stack (output goes into the console)
!jsbp() or !jsbp
sets bp in v8::internal::Execution::Call (begin user's script)
To run any function from this script (live or postmortem):
dx @$scriptContents.function_name(args)
e.g. dx @$scriptContents.pointer_size() or e.g. dx @$scriptContents.module_name('chrome_child')
Change-Id: I958ff0544582c1ea0b12fd3349d460d28ac7ed56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1506450
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60175}
Since kTaggedSize got shrinked and we are actually compressing
the pointers (as oppposed to zeroing their upper bits),
we need to update the arm64 codebase to accommodate this change.
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:7703
Change-Id: I890f3ab8c046f47232e80f85830f9ae8f4dbced4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499498
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60172}
When given a sticky regexp s.t. lastIndex > subject.length, the
following should happen:
1. exec returns null (= no match)
2. lastIndex is reset to 0.
This is usually done by the RegExp.p.exec builtin; but in some cases
we take different paths and try to re-implement the parts of exec that
we need.
One of these cases was in %StringReplaceNonGlobalRegExpWithFunction.
Here, we set lastIndex to 0 but then incorrectly called into
RegExpImpl::Exec. REI::Exec started matching with lastIndex == 0,
which is just plain wrong. With this CL we now correctly omit the
REI::Exec call and return null.
Bug: chromium:937681, v8:5361
Change-Id: I6bb1114a6b92ed3c6e63ec7f6ec2df4b95a19b4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514679
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60169}
This removes three unneeded includes from wasm-code-manager.h, and adds
four that were missing.
R=ahaas@chromium.org
Bug: v8:7490, v8:8834
Change-Id: I0f0f367c0ff748cc1561689b7e2badf3a7a01ca5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513717
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60168}
In order to get a more complete picture about the code sizes of
compiled wasm modules, sample the code size of each module after
top-tier compilation finished. This happens via the {WasmEngine}
because that's where we know which isolates use a given {NativeModule}
and can schedule foreground tasks to sample the code size.
R=mstarzinger@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Bug: v8:8217
Change-Id: Id585db8a9ab8f3aa1060b08411afaa31c5414f87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508404
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60167}
We currently see >20% of modules overflow on this counter, i.e. having
more than 100k functions. Thus increase the histogram size to 1M, which
is the maximum number of functions supported in v8.
R=titzer@chromium.org
Bug: v8:8975
Change-Id: Ie709ec37cdea90b78637da63b48aea0f4775cee5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514736
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60165}
Currently the total allocated address space is collected twice per Wasm
memory: Once on allocation, once on release. Recording it once provides
the same data.
R=titzer@chromium.org
Bug: v8:8975
Change-Id: I99719ecb44b14ce5da1be4a74291377f91f4038a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514738
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60164}
The WasmCompileLazy runtime function used to return the start of the
instructions of the newly compiled function. With garbage collection of
wasm code, it would be tricky to keep this wasm code object alive until
it is being called. Thus make the runtime function not return anything,
and call via the jump table instead. The jump table was patched as part
of lazy compilation to point to the compiled code.
Drive-by: Merge {LazyCompileFunction} into single caller {CompileLazy}.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: Id3c02f4dfe2c536e335af2e7e1b9700203d48675
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1509472
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60163}
This CL changes the FieldAccessExpression to include a SourcePosition
for the field, allowing a jump from such an access to the definition
of a field inside a class or struct.
Drive-by: Change the source position of a field from the position
of its type to the position of its name. This will coincidentally
improve the accuracy of error messages.
R=danno@chromium.org
Bug: v8:8880
Change-Id: I7996e8a57a2ff90e8bdca6f40c1b298d48071e23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1512573
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60162}
It will soon be possible to throw arbitrary exceptions from within
interpreter execution (namely, in interrupts). We can thus no longer
assume that an EXCEPTION return code means we need to throw a stack
overflow exception.
Bug: v8:8724
Change-Id: I10e24aba4305dc7b39248ced9a52735c59ab662c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511474
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60161}
Fixing ThreadId according to the following changes:
656254b17b
Change-Id: I1e1943ac7e3ed03799c213e566816bfe5c21967d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1512718
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60159}
Our UMA data shows a lot of small modules, and I have the suspicion we
are loosing some numbers about the bigger ones. Thus sample the module
code size after baseline compilation finished. At that point the
majority of the code was generated.
Sampling after top-tier finished is not that easy since we do not spawn
a foreground task at that point.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: Icaa4a2efb201d24cbc8d2e1b8da516ae26574f01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508675
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60158}
It wasn't always guaranteed that they were serialized before taking the
dependency.
Bug: chromium:940361
Change-Id: Id5e5e14532809e7496546c2011176e33848506ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514495
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60156}
Similar to NativeRegExpMacroAssembler::Result, the regexp interpreter
will need a RETRY return code in case the subject string
representation changes during an interrupt. This CL adds a new
IrregexpInterpreter::Result type to decouple from RegExpImpl::Result.
Bug: v8:8724
Change-Id: I946fc0cbc4d7d8631312b72f13a45abeb9986905
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511472
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60154}
This reverts commit beaca8cf8b.
Reason for revert: Broke presubmit bot - https://ci.chromium.org/p/v8/builders/ci/V8%20Presubmit/2938
Note that the problem is not with this CL itself, but it uncovers some presubmit issue in Torque code. Until the latter is fixed, I'm reverting to unblock the tree.
Original change's description:
> [presubmit] use the correct path for third party libraries
>
> This CL ensures that presubmit script checks Torque files in third_party
> dependencies.
>
> R=szuend@chromium.org
> TBR=machenbach@chromium.org,sergiyb@chromium.org
> CC=yangguo@chromium.org
>
> No-Try: true
> Change-Id: I9e2b193defbebe7ae85cfc5d14ce50c2ac367e9b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513674
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Commit-Queue: Tamer Tas <tmrts@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60152}
TBR=tmrts@chromium.org,szuend@chromium.org
Change-Id: If8e2db0801f51ef737243ccfcc909d05fb42e3e6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514633
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60153}
With the recent changes to Array#sort, the main algorithm does not
need to bail out anymore. Only the initial copying into the workarray,
as well as the final copying back into the original backing store
might cause a switch from fast-path to the slow-path.
This CL changes the slow-path so sorting itself is not restarted and
the slow-path will continue copying where the fast-path left off.
R=jgruber@chromium.org
Bug: v8:7382
Change-Id: I4ab61daa62bb816f4f6e16e60bde1f948ad1e7db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507717
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60151}
With the recent changes to Array#sort, some bailout labels and
accessor checks became superfluous. This CL removes them along
with some other minor cleanup work.
R=jgruber@chromium.org
Bug: v8:8834
Change-Id: I7429482ceaccbe743e2b8190d83bfa2c34875b11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507678
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60150}
The table_object instance field is not needed anymore because its
purpose is fulfilled now by the tables field I introduced to support
multiple tables.
In addition I removed {table_instances_} from the {InstanceBuilder}.
This field existed because tables could exist without a WasmTableObject.
With recent changes, WasmTableObjects always exist.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I5e8e3d2910f7ed7ae74d61eff660f9451b3493ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1466641
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60149}
This is a pre-work for allocating feedback vectors lazily. Feedback cells
are required to share the feedback vectors across the different closures
of the same function. Currently, they are held in the CreateClosureSlot
in the feedback vector. With lazy feedback vector allocation, we may not
have a feedback vector. However, we still need a place to store the
feedback cells, so if feedback vector is allocated in future it can still
be shared across closures.
Here is the detailed design doc:
https://docs.google.com/document/d/1m2PTNChrlJqw9MiwK_xEJfqbFHAgEHmgGqmIN49PaBY/edit
BUG=v8:8394
Change-Id: Ib406d862b2809b1293bfecdcfcf8dea3127cb1c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503753
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60147}
The {id_} stored in {ThreadId} should not be atomic. Only getting a new
id for the current thread needs to be atomic. If any user of {ThreadId}
needs atomicity, that user should wrap {ThreadId} in a {std::atomic}
instead.
Drive-by: Remove {Equals} method, use {operator==} instead.
Drive-by: Move static methods after member methods.
R=ishell@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Bug: v8:8834
Change-Id: Id0470eb2fa907948843ac1153e2dc5dcd9a8fbc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1494006
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60146}
v8::EmbedderHeapTracer::TracePrologue may call back into V8 during
StartMarking. In this case we expect that the write barriers are set up and
consistent, i.e., global flag matches page flag.
Blink calls back into V8 in a corner case where sweeping is finalized on
incremental marking start which may trigger resettting a V8 Value which may
trigger DescriptorArray re-shuffling.
Bug: chromium:940003
Change-Id: Ia15c798d0faaab802df1c3b569b5b6a323a4fe59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514492
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60145}
Currently, if input types are not string or number, ToString builtin
will fall into runtime and a loop of ToPrimitive and type-checks is
done in runtime, which is slow.
This CL reimplements ToString to add support for that ToPrimitive and
type-checks loop in CSA instead of runtime to improve performance. This
will benefit Array.prototype.toString/join a lot when the array elements
are objects.
This Cl improves the performance of Speedometer2.0 EmberJS-Debug case
by ~14% on Atom.
Change-Id: I27c2669097be1e542e30119cdffcf79c0d16a0eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1498698
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60144}
If the branch associated with the condition is kDead, the current
node will be killed anyway, so let us just survive the lowering.
Bug: chromium:935092
Change-Id: If7b39e3b5452d6c9bc5199080eb38725e6c4eab5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1488769
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60143}
This should not be used anymore (and it definitely is not by Node.js
or Chromium).
Change-Id: I4a1ce1fda98efd197a64ce0969dae5c8b18f6e97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511484
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60139}
Integer splats should use an operand when a register is not allocated.
Bug: V8:8927
Change-Id: I14c80b7b073fae3754ec32f4fa8605af399ef341
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513102
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60138}
We want to compare two inputs so need to perform the same
operation(ExtractBits) on them.
Change-Id: I6c81884fdd34dfa125b842f010cd40f8a6816a0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511132
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60136}
This allows the devtools to preview the private fields that are
installed on an object.
Change-Id: I6d8aad7ad0e51cdf18f6139b4bb8665e4b606aa5
Bug: v8:8773, v8:8337
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1487914
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60134}
Call to ReduceKeyedLoadFromHeapConstant got lost in rebasing,
as did the kHas check in ReduceElementAccessOnString. Added
some tests to ensure both cases are covered.
Change-Id: I8d6992c33315436b6228471b9bc57e3b267ad09f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508837
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Matt Gardner <magardn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60132}
