This reverts commit a9e93572d4.
Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/23956
Happened already 2 builds earlier, but the output is corrupted due to
an outage.
Original change's description:
> [test] Check for illegal uses of mjsunit methods
>
> The assertThrows and assertDoesNotThrow methods expect either a
> function to execute, or a string to eval. In several tests however we
> accidentally passed the *result* of the statement to be tested instead
> of the code.
> This CL adds check to catch such error early, and removes wrong uses.
> In most places, we do not need to use assertDoesNotThrow anyway,
> because exceptions are handled as test failures.
>
> Drive-by: Unify catch syntax in mjsunit.js and make sure to propagate
> MjsUnitAssertionErrors correctly.
>
> R=mathias@chromium.org
>
> Bug: v8:8562
> Change-Id: I88894a667cbe0570774f748a9a23e8a527887a49
> Reviewed-on: https://chromium-review.googlesource.com/c/1439238
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59277}
TBR=ahaas@chromium.org,clemensh@chromium.org,mathias@chromium.org
Change-Id: Iec06c95dd3223f27297e5c6e02835d26b5e753e7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8562
Reviewed-on: https://chromium-review.googlesource.com/c/1449634
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59284}
A JSFunction that is in the old space could move during a scavenge
between being marked and the ClearFlushedJSFunctions, therefore only add
candidates that are in the old generation.
BUG=v8:8755,v8:8395
Change-Id: I3850188e8a0f9f39de994e170b4cda4fe6961079
Reviewed-on: https://chromium-review.googlesource.com/c/1448277
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59281}
The assertThrows and assertDoesNotThrow methods expect either a
function to execute, or a string to eval. In several tests however we
accidentally passed the *result* of the statement to be tested instead
of the code.
This CL adds check to catch such error early, and removes wrong uses.
In most places, we do not need to use assertDoesNotThrow anyway,
because exceptions are handled as test failures.
Drive-by: Unify catch syntax in mjsunit.js and make sure to propagate
MjsUnitAssertionErrors correctly.
R=mathias@chromium.org
Bug: v8:8562
Change-Id: I88894a667cbe0570774f748a9a23e8a527887a49
Reviewed-on: https://chromium-review.googlesource.com/c/1439238
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59277}
Discovered when working on other stuff.
BUG=v8:7490,v8:8562
Change-Id: I9707c95c33e52b1565cca238494e3349a472f604
Reviewed-on: https://chromium-review.googlesource.com/c/1449532
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59276}
This fixes stack height management when a call to an external function
raises a type error trap. It also adds a test case that such exceptions
can be caught locally.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8729
Change-Id: I54b19ba86eb937695584229753d7f6cfa7e1a15d
Reviewed-on: https://chromium-review.googlesource.com/c/1447773
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59273}
This CL replaces the current TypedArray#sort with a simpler mergesort.
The fastpath when the user does not provide a comparison function
is still used.
In addition, TypedArray#sort now converts all elements in the
TypedArray to tagged values upfront, sorts them and writes them
back into the TypedArray as the final step.
R=jgruber@chromium.org, tebbi@chromium.org
Bug: v8:8567
Change-Id: Ib672c5cf510f7c0a2e722d1baa2704305a9ff235
Reviewed-on: https://chromium-review.googlesource.com/c/1445987
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59271}
I extracted following class member functions to map.cc
* Map
* NormalizedMapCache
Declaration of all above class are in map.h.
This patch makes compile time of objects.cc from 18.9s to 17.6s on Z840 Linux.
And map.cc takes 6.14s for compile.
Bug: v8:7629
Change-Id: Id1e45dff243ab3f5449c0a7e2a861fba0bc7abf6
Reviewed-on: https://chromium-review.googlesource.com/c/1447914
Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59270}
This way we can remove them correctly and avoid leaks.
R=mstarzinger@chromium.org, ulan@chromium.org
Bug: v8:8725
Change-Id: I52cbbf34a94171aaeb581b55aecb25311465544d
Reviewed-on: https://chromium-review.googlesource.com/c/1446453
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59266}
Since the improvement of overload resolution (https://crrev.com/c/1304294),
overload resolution of generics doesn't take into account existing
specializations anymore. This means that the issue of infinite recursion
when an overload of Cast for HeapObject is missing doesn't exist anymore.
Thus we can get rid of the CastHeapObject workaround.
Bug: v8:7793
Change-Id: I8442cfb81b78aaa8234bcee673647261c25f9a63
Reviewed-on: https://chromium-review.googlesource.com/c/1448324
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59263}
Multiplication, division, and toString can take a very long
time for large inputs. This patch adds stack checks to each
of these operations so embedders can interrupt them.
Bug: chromium:922032
Change-Id: Idae9d32d6f78a028de4d2ba3abdb79c624f0dca1
Reviewed-on: https://chromium-review.googlesource.com/c/1444913
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59262}
This factors out one part of the "Remove finisher task" CL
(https://crrev.com/c/1400781), which I would like to test in isolation.
R=ahaas@chromium.org
Bug: v8:8423
Change-Id: I7c598f60c4757df8e26508e68da4b3c300a511cb
Reviewed-on: https://chromium-review.googlesource.com/c/1448316
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59256}
(The bug didn't affect any functionality; we just left detached WeakCells in
inconsistent state.)
BUG=v8:8179
Change-Id: I28f6c27532383b94bdfd746db903096f1dc6f1cc
Reviewed-on: https://chromium-review.googlesource.com/c/1447651
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59255}
Previously AccessorAssembler::HandlePolymorphicCase() had 4 versions of
the inner loop unrolled, but we always had to check against the length
after 1 (POLYMORPHIC with name) or 2 (regular POLYMORPHIC) unrolled
iterations anyways, so there's not a lot of benefit to unrolling besides
the potentially better branch prediction in some cases. But that doesn't
seem to be beneficial even in extreme cases (in fact on ARM cores we
might get some benefit from having less code instead), and probably
doesn't justify the additional C++ / generated code.
I used the following extreme micro-benchmark to check the worst case
performance impact:
```js
function test(o, n) {
var result;
for (var i = 0; i < n; ++i) {
result = o.x;
}
return result;
}
const N = 1e8;
const objs = [{x: 0}, {x:1,a:1}, {x:2,b:2}, {x:3,c:3}];
for (var j = 0; j < objs.length; ++j) test(objs[j], N);
console.time('Time');
for (var j = 0; j < objs.length; ++j) test(objs[j], N);
console.timeEnd('Time');
```
Running this with --noopt shows a ~1% performance regression with this
patch on a beefy z840 gLinux workstation, which gives me some confidence
that overall this patch is going to be neutral and maybe beneficial in
case of less powerful ARM cores.
Note to performance sheriffs: This could potentially tank some
performance tests. In that case we may need to revisit the unrolling.
Bug: v8:8562
Change-Id: I731599a7778da1992d981d36022c407ef5c735eb
Reviewed-on: https://chromium-review.googlesource.com/c/1448275
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59252}
This is a reland of c1bf25bb68
Node bot will turn green after github.com/v8/node/pull/89/
has landed.
Original change's description:
> Enable 31bit Smis everywhere
>
> This is a experiment to see how performance is impacted. If we tank
> too much, we can revert this change.
>
> Change-Id: I01be33f5dd78aee6a5beecdc62adbaa6c3850eb1
> Bug: v8:8344
> Reviewed-on: https://chromium-review.googlesource.com/c/1355279
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58157}
Bug: v8:8344
Change-Id: I85a6e5c479f1090f50df3df042571227279a0692
Reviewed-on: https://chromium-review.googlesource.com/c/1448314
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59251}
This is a reland of 1e3582b5ae
Original change's description:
> Reland "[builtins] Verify Isolate compatibility with the embedded blob"
>
> This is a reland of b022e825bd
>
> Original change's description:
> > [builtins] Verify Isolate compatibility with the embedded blob
> >
> > Embedded builtins (= the embedded blob) have a few dependencies on the
> > snapshot state. For instance, they require that metadata stored on
> > builtin Code objects as well as the builtins constant table remain
> > unchanged from mksnapshot-time. Embedders may violate these
> > assumptions by accident, e.g. by loading a snapshot generated with
> > different build flags, leading to seemingly unrelated failures later
> > on.
> >
> > This CL introduces an Isolate hash stored in the embedded blob which
> > hashes relevant parts of builtin Code objects and the builtins
> > constant table. It's verified in Isolate::Init in debug builds.
> >
> > Bug: v8:8723
> > Change-Id: Ifc9bdbe6f56ea67d8984f162afa73a3572cfbba8
> > Reviewed-on: https://chromium-review.googlesource.com/c/1442641
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#59177}
>
> Tbr: yangguo@chromium.org,sigurds@chromium.org
> Bug: v8:8723
> Change-Id: I1dd001783f0f1fae21a9809c8639e40f55b8f663
> Reviewed-on: https://chromium-review.googlesource.com/c/1445985
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59236}
Tbr: yangguo@chromium.org,sigurds@chromium.org
Bug: v8:8723
Change-Id: I8e4ae2f09d16b693c1fb814477d8487385046ee4
Reviewed-on: https://chromium-review.googlesource.com/c/1448312
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59250}
This CL revises some of our error messages to be more precise or more
aesthetically appealing.
R=titzer@chromium.org, ahaas@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: chromium:926311
Change-Id: I38eaee09fd37f9b67fdb08bc7b0df64a6eaf96f9
Reviewed-on: https://chromium-review.googlesource.com/c/1445980
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59249}
These allow to write a tagged uncompressed pointer even if pointer
compression is enabled. This is the least intrusive option; once
TurboFan supports pointer compression better, this CL likely
needs to be revised.
Bug: v8:8183
Change-Id: I56451c364b8620f687d8b9deb9553099ba95b928
Reviewed-on: https://chromium-review.googlesource.com/c/1445978
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59247}
In particular, print the reason for returning false (when
FLAG_trace_turbo_inlining is enabled).
Change-Id: I8924562b16612e5030d5870648ff4827d2a0ecc6
Reviewed-on: https://chromium-review.googlesource.com/c/1445981
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59246}
In noembed builds we serialize all builtins as full on-heap code
objects.
Bug: v8:8716
Cq-Include-Trybots: luci.v8.try:v8_linux_noembed_rel_ng
Change-Id: I48f25a12e05a6d8599e5f9c31f9f56f2ebb9f2d6
Reviewed-on: https://chromium-review.googlesource.com/c/1448272
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59244}
movXXXp are replaced with respective movXXXq.
Drive-by cleanup: unified the way we generate movq with other mov instructions.
Bug: v8:8621, v8:8562
Change-Id: I5c65dccf4e460cad5c3cee3dfabfd6ce39abc244
Reviewed-on: https://chromium-review.googlesource.com/c/1446096
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59243}
This reverts commit 1e3582b5ae.
Reason for revert: Still fails nosnap: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/22789
Original change's description:
> Reland "[builtins] Verify Isolate compatibility with the embedded blob"
>
> This is a reland of b022e825bd
>
> Original change's description:
> > [builtins] Verify Isolate compatibility with the embedded blob
> >
> > Embedded builtins (= the embedded blob) have a few dependencies on the
> > snapshot state. For instance, they require that metadata stored on
> > builtin Code objects as well as the builtins constant table remain
> > unchanged from mksnapshot-time. Embedders may violate these
> > assumptions by accident, e.g. by loading a snapshot generated with
> > different build flags, leading to seemingly unrelated failures later
> > on.
> >
> > This CL introduces an Isolate hash stored in the embedded blob which
> > hashes relevant parts of builtin Code objects and the builtins
> > constant table. It's verified in Isolate::Init in debug builds.
> >
> > Bug: v8:8723
> > Change-Id: Ifc9bdbe6f56ea67d8984f162afa73a3572cfbba8
> > Reviewed-on: https://chromium-review.googlesource.com/c/1442641
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#59177}
>
> Tbr: yangguo@chromium.org,sigurds@chromium.org
> Bug: v8:8723
> Change-Id: I1dd001783f0f1fae21a9809c8639e40f55b8f663
> Reviewed-on: https://chromium-review.googlesource.com/c/1445985
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59236}
TBR=yangguo@chromium.org,sigurds@chromium.org,jgruber@chromium.org
Change-Id: If6082452c739d4de44ed70d3c6355f5282684ac1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8723
Reviewed-on: https://chromium-review.googlesource.com/c/1448311
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59241}
This CL fixes a crash when Structs are used as builtin arguments.
R=tebbi@chromium.org
Bug: v8:7793
Change-Id: Ib9488cdd924894dd9a9aa9fe35f57d93894565e2
Reviewed-on: https://chromium-review.googlesource.com/c/1447774
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59238}
1) JSWeakRef and WeakCell targets are HeapObjects (SMIs are no longer used for
signalling cleared / dead JSWeakRefs / WeakCells.) Make this explicit.
2) There's no need to assert that the target of JSWeakRef cannot be undefined
when handled by MarkCompactCollector::ClearJSWeakRefs, since the code handles
undefined just fine. (The removed comment was true though, since this is the only place
which can set the target to undefined. But maybe in the future there's some
other way to clear a JSWeakRef, e.g., explicit API for it.)
BUG=v8:8179
Change-Id: I762c2b4487770712c7538be799dc188943c92587
Reviewed-on: https://chromium-review.googlesource.com/c/1445986
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59237}
This is a reland of b022e825bd
Original change's description:
> [builtins] Verify Isolate compatibility with the embedded blob
>
> Embedded builtins (= the embedded blob) have a few dependencies on the
> snapshot state. For instance, they require that metadata stored on
> builtin Code objects as well as the builtins constant table remain
> unchanged from mksnapshot-time. Embedders may violate these
> assumptions by accident, e.g. by loading a snapshot generated with
> different build flags, leading to seemingly unrelated failures later
> on.
>
> This CL introduces an Isolate hash stored in the embedded blob which
> hashes relevant parts of builtin Code objects and the builtins
> constant table. It's verified in Isolate::Init in debug builds.
>
> Bug: v8:8723
> Change-Id: Ifc9bdbe6f56ea67d8984f162afa73a3572cfbba8
> Reviewed-on: https://chromium-review.googlesource.com/c/1442641
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59177}
Tbr: yangguo@chromium.org,sigurds@chromium.org
Bug: v8:8723
Change-Id: I1dd001783f0f1fae21a9809c8639e40f55b8f663
Reviewed-on: https://chromium-review.googlesource.com/c/1445985
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59236}
I extracted following class member functions to string.cc
* String
* SeqString
* SeqOneByteString
* SeqTwoByteString
* ConsString
* ThinString
* SlicedString
* ExternalString
* FlatStringReader
* ConsStringIterator
Declaration of all above class are in string.h.
This patch makes compile time of objects.cc from 20.6s to 19.2s on Z840 Linux.
Bug: v8:7629
Change-Id: If74b868b3a3d9a1df2887f82e2557da43ad221f0
Reviewed-on: https://chromium-review.googlesource.com/c/1446342
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59235}