Proposed behaviour:
- StepNext at return position go into next function call (no changes with current behavior, but implemented in v8::Debug instead of hack on inspector side);
- StepOut at return position go into next non-current function call.
We need this to have better stepping in cases with native functions, blackboxed functions and/or different embedder calls (e.g. event listeners).
New behavior could be illustrated with two examples (for more see stepping-with-natives-and-frameworks test):
- let's assume that we've blackboxed callAll function, this function just takes its arguments and call one after another:
var foo = () => 1;
callAll(foo, foo, () => 2);
If we break inside of first call of function foo. Then on..
..StepNext - we're able to reach second call of function foo,
..StepOut - we're able to reach () => 2 call.
- let's consider case with native function:
[1,2,3].map(x => x * 2)
If we break inside of first callback call, then with StepNext we can iterate through all calls of callback, with StepOut we go to next statement after .map call.
Implementation details:
- when we request break we schedule step-in function call for any step action at return position and for step-in at any position,
- when we request StepOut at return position - we mark current function as needed-to-be-ignored inside of PrepareStepIn(function) call,
- when we request StepOut at not return position - we set break at return position and ask debugger to just repeat last step action on next stepping-related break.
Design doc: https://docs.google.com/document/d/1ihXHOIhP_q-fJCA0e2EiXz_Zr3B08KMjaPifcaqZ60Q/edit
BUG=v8:6118,chromium:583193
R=dgozman@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2758483002
Cr-Commit-Position: refs/heads/master@{#44028}
Add a check to appendToTable to catch illegal input, and fix a test
case triggering this check.
Also removing unused variables and fix indentation.
R=ahaas@chromium.org
Change-Id: I0eaa48ab95ef710530a3cfbe94ed4dd419618cda
Reviewed-on: https://chromium-review.googlesource.com/458436
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44027}
Before, we carefully turned on fast array builtins only if flag
--enable-fast-array-builtins was true (though it was implied true
if --turbo was on). Now, the set of Array.prototype.{some, forEach,
every, reduce} is good enough to always turn them on. This means
we can remove the JavaScript implementations.
The flag is renamed to --experimental-fast-array-builtins, which is
off. In the next days we'll add more non-javascript implementations
here for testing.
BUG=
R=danno@chromium.org
Review-Url: https://codereview.chromium.org/2761783002
Cr-Commit-Position: refs/heads/master@{#44026}
Use MarkingState to abstract over the different sets of markbits.
BUG=chromium:651354
Change-Id: I1635eb0d441be2aeed19f0ed91999f0f0f1bbffc
Reviewed-on: https://chromium-review.googlesource.com/458398
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44024}
filter creates an output array with the Array species constructor for
storing values from the input array that pass the user-supplied
predicate function. Our new array builtins are implemented such that
if we fall out of the fast path, we'll pick up where we left off
in a continuation function. It's important to pass the index of
where we left off appending to the output array, because otherwise
we will read it at the start of the continuation function.
That would be observable, and a spec violation.
BUG=
Review-Url: https://codereview.chromium.org/2771483002
Cr-Commit-Position: refs/heads/master@{#44023}
... which is a TF_BUILTIN-like wrapper for defining code stubs.
BUG=v8:6116
Change-Id: Iad599dfc71a50c5082d9e3fba2a7b553b9912207
Reviewed-on: https://chromium-review.googlesource.com/458476
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44022}
This is a step towards the world where only leaf CSA classes have access
to parameters (via respective interface descriptor specified in builtin
definition macro).
BUG=v8:6116
Change-Id: I35dcd9a1c9d38ea394895ab339a07988a26070a0
Reviewed-on: https://chromium-review.googlesource.com/458198
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44021}
Some of the StrictEquality comparisons do not require feedback (for ex: in
try-finally, generators). This cl introduces StrictEqualityNoFeedback bytecode
to be used in such cases. With this change, we no longer have to check if the
type feedback slot is valid in compare bytecode handlers.
This is the first step in reworking the compare bytecode handler to avoid
duplicate checks when collecting feedback and when performing the operation.
BUG=v8:4280
Change-Id: Ia650fd43c0466b8625d3ce98c39ed1073ba42a6b
Reviewed-on: https://chromium-review.googlesource.com/455778
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44020}
Deletes unused crankshaft implementation and C++ implementation,
which have been replaced by a CSA implementation.
BUG=v8:5977
Change-Id: I3614561e45db48583ee886461f98abb14cd9cc4f
Reviewed-on: https://chromium-review.googlesource.com/458418
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44018}
... when we run without code flushing.
BUG=
Change-Id: I956c53732598d805581388453010238c029fc3ba
Reviewed-on: https://chromium-review.googlesource.com/458199
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44016}
Handle fall-off returns and returns inside try blocks.
Store the type-profile feedback slot on the FunctionLiteral
rather than on every return statement.
Next steps:
* Store entries in nexus that can be identified as 'return' (rather than parameter or assignment)
* Collect types for parameters and assignments
* Distinguish multiple parameters and assignments correctly
R=mstarzinger@chromium.org
BUG=v8:5935
Review-Url: https://codereview.chromium.org/2764113002
Cr-Commit-Position: refs/heads/master@{#44014}
The old method always returned a Handle<Object>, requiring an explicit
cast in the caller. This CL makes it return Handle<T> if called with a
T* as parameter.
Also, remove now redundant casts from callers.
R=bmeurer@chromium.org
Change-Id: I13cfb2f2e812e8582a9a1d9d6c8a5a24f40d0e79
Reviewed-on: https://chromium-review.googlesource.com/458376
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44012}
Third bulk of changes.
BUG=v8:6116
Change-Id: I26f5c03a44e55a998e71160a42f6e2c1509f41c7
Reviewed-on: https://chromium-review.googlesource.com/458197
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44011}
Currently there are a number of comment in src/v8.h which look like
this: TODO(dcarney): mark V8_WARN_UNUSED_RESULT.
This commit attempts to remove these comments and add the
V8_WARN_UNUSED_RESULT macro to the methods in question.
BUG=
Review-Url: https://codereview.chromium.org/2135973002
Cr-Commit-Position: refs/heads/master@{#44010}
This fixes a corner case where the "instance prototype" diverges from
the "non-instance prototype" that we store on the initial map of a
constructor function.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-703610
BUG=chromium:703610
Change-Id: I30a19ae621e10b512215ffb191ce00d030941440
Reviewed-on: https://chromium-review.googlesource.com/458396
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44008}
The regex was slightly off, meaning the results would not
display properly.
Change-Id: Ie3b2bf54a50bffde9b64663d7b8b8c0ad39a1212
Reviewed-on: https://chromium-review.googlesource.com/458416
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44007}
Add a test case as reminder for future work.
The return statement is in a try
finally and is never used when returning. The type should
not be collected.
R=mstarzinger@chromium.org
BUG=v8:5935
Review-Url: https://codereview.chromium.org/2765863002
Cr-Commit-Position: refs/heads/master@{#44006}
For instance, /\b\b\b\B\B\B/ is folded into the equivalent /\b\B/.
BUG=v8:6126
Review-Url: https://codereview.chromium.org/2768443003
Cr-Commit-Position: refs/heads/master@{#44004}
This saves 72 KiB (approximately 0.1%) of the Chrome APK size of for ARM/Android.
In Counters, each similar group of counters generates a compact data structure,
which a loop then iterates over, rather than having the full loop unrolled
(though the compiler will automatically unroll small ones).
In RuntimeCallStats, the compiler was not being clever enough to avoid
initializing count_ and time_ to zero individually, even after the initialization
of names was moved into a loop. As a result, RuntimeCallCounter was modified
to have a non-initializing constructor for exclusive use by RuntimeCallStats,
which explicitly initializes the counters in a loop. Since v8::base::TimeDelta
does not support an uninitialized state, time_ was changed to be stored as
int64_t microseconds internally, which generates the same code (it's the same
representation as TimeDelta).
BUG=v8:6119
Review-Url: https://codereview.chromium.org/2759033002
Cr-Commit-Position: refs/heads/master@{#43996}
Second bulk of changes.
BUG=v8:6116
Change-Id: I6297c4e3e1c0230a96dc6197691a54c07cc61c88
Reviewed-on: https://chromium-review.googlesource.com/457320
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43995}
Reason for revert:
Temporarily disabled tests on chromium side (https://codereview.chromium.org/2764933002)
Original issue's description:
> Revert of [wasm] Transferrable modules (patchset #13 id:280001 of https://codereview.chromium.org/2748473004/ )
>
> Reason for revert:
> Breaks layout tests:
> https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14312
>
> See https://github.com/v8/v8/wiki/Blink-layout-tests
>
> Original issue's description:
> > [wasm] Transferrable modules
> >
> > We want to restrict structured cloning in Chrome to:
> > - postMessage senders and receivers that are co-located
> > in the same process
> > - indexedDB (just https).
> >
> > For context, on the Chrome side, we will achieve the postMessage part
> > by using a mechanism similar to transferrables: the
> > SerializedScriptValue will have a list of wasm modules, separate from
> > the serialized data stream; and this list won't be copied cross
> > process boundaries. The IDB part is achieved by explicitly opting in
> > reading/writing to the serialization stream. To block attack vectors
> > in IPC cases, the default for deserialization will be to expect data
> > in the wasm transfers list.
> >
> > This change is the V8 side necessary to enabling this design. We
> > introduce TransferrableModule, an opaque datatype exposed to the
> > embedder. Internally, TransferrableModules are just serialized data,
> > because we don't have a better mechanism, at the moment, for
> > de-contextualizing/re-contextualizing wasm modules (wrt Isolate and
> > Context).
> >
> > The chrome defaults will be implemented in the
> > serialization/deserialization delegates on that side. For the v8 side
> > of things, in the absence of a serialization delegate, the V8
> > serializer will write to serialization stream. In the absence of a
> > deserialization delegate, the deserializer won't work. This asymmetry
> > is intentional - it communicates to the embedder the need to make a
> > policy decision, otherwise wasm serialization/deserialization won't
> > work "out of the box".
> >
> > BUG=v8:6079
> >
> > Review-Url: https://codereview.chromium.org/2748473004
> > Cr-Commit-Position: refs/heads/master@{#43955}
> > Committed: 99743ad460
>
> TBR=jbroman@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:6079
>
> Review-Url: https://codereview.chromium.org/2762163002
> Cr-Commit-Position: refs/heads/master@{#43981}
> Committed: e538b70e1aTBR=jbroman@chromium.org,bradnelson@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6079
Review-Url: https://codereview.chromium.org/2762273002
Cr-Commit-Position: refs/heads/master@{#43994}
The problem was that transitioning element stores had a similar shape to
the new StoreGlobal case.
The problem was fixed by https://chromium-review.googlesource.com/c/457341/
BUG=v8:5561
Change-Id: If996e9b37809ba8edf6dcb228b116b77021ce7bc
Reviewed-on: https://chromium-review.googlesource.com/457324
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43992}
- Adds a FinishCode method to CodeGenerator, and implements it for all
platforms. ARM and ARM64 flush constants, all other platforms do nothing.
- Remove old static free function.
LOG=N
BUG=none
Review-Url: https://codereview.chromium.org/2748383004
Cr-Commit-Position: refs/heads/master@{#43990}
This is just a very minor cleanup avoiding unnecessary slow stub usage.
BUG=v8:5561
Change-Id: Ib145606520b5b7019f1e55d3aec7caa956c7e090
Reviewed-on: https://chromium-review.googlesource.com/457337
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43989}
On S390, GCC seems to treat size_t as 'long_unsigned_int'. Which conflicts with the %d format specifier since that expects an 'int'. So changing the macro to PRIuS. This seems to fix the issue while retaining the expected behaviour for all other systems.
R=mlippautz@chromium.org, hpayer@chromium.org
BUG=none
Review-Url: https://codereview.chromium.org/2759963003
Cr-Commit-Position: refs/heads/master@{#43988}
Rebase of https://chromium-review.googlesource.com/446336 was broken.
Didn't fail any tests because the feature is behind a flag.
BUG=
Change-Id: I6009bfac27aa896e20446f002f5db707aab7e34c
Reviewed-on: https://chromium-review.googlesource.com/457040
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43984}
Inspired by bsuite/compare-baseline.py and tools/perf-to-html.py. The main difference
from the latter is that the new script does not require json files preprocessing and it
is able to compare multiple json files at once (just like bsuite/compare-baseline.py).
This CL also makes tools/run_perf.py relative path friendly.
BUG=
Change-Id: I7be796fa920f8360703806f32767b992eec0f9c2
Reviewed-on: https://chromium-review.googlesource.com/456286
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43982}
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14312
See https://github.com/v8/v8/wiki/Blink-layout-tests
Original issue's description:
> [wasm] Transferrable modules
>
> We want to restrict structured cloning in Chrome to:
> - postMessage senders and receivers that are co-located
> in the same process
> - indexedDB (just https).
>
> For context, on the Chrome side, we will achieve the postMessage part
> by using a mechanism similar to transferrables: the
> SerializedScriptValue will have a list of wasm modules, separate from
> the serialized data stream; and this list won't be copied cross
> process boundaries. The IDB part is achieved by explicitly opting in
> reading/writing to the serialization stream. To block attack vectors
> in IPC cases, the default for deserialization will be to expect data
> in the wasm transfers list.
>
> This change is the V8 side necessary to enabling this design. We
> introduce TransferrableModule, an opaque datatype exposed to the
> embedder. Internally, TransferrableModules are just serialized data,
> because we don't have a better mechanism, at the moment, for
> de-contextualizing/re-contextualizing wasm modules (wrt Isolate and
> Context).
>
> The chrome defaults will be implemented in the
> serialization/deserialization delegates on that side. For the v8 side
> of things, in the absence of a serialization delegate, the V8
> serializer will write to serialization stream. In the absence of a
> deserialization delegate, the deserializer won't work. This asymmetry
> is intentional - it communicates to the embedder the need to make a
> policy decision, otherwise wasm serialization/deserialization won't
> work "out of the box".
>
> BUG=v8:6079
>
> Review-Url: https://codereview.chromium.org/2748473004
> Cr-Commit-Position: refs/heads/master@{#43955}
> Committed: 99743ad460TBR=jbroman@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6079
Review-Url: https://codereview.chromium.org/2762163002
Cr-Commit-Position: refs/heads/master@{#43981}
This frees up the InterpreterAssembler for no longer being linked
into the main library.
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2759093004
Cr-Commit-Position: refs/heads/master@{#43979}
