For technical reasons, we used to serialize off-heap trampolines with a
RelocInfo containing a single OFF_HEAP_TARGET entry. This RelocInfo was
never needed at runtime. It also ended up being somewhat misleading
because printing an embedded code object would show the OFF_HEAP_TARGET
entry (belonging to the trampoline) at the first 'real' instruction.
With this CL, we explicitly serialize an empty byte array as the reloc
info for each off-heap trampoline, i.e. the snapshot will never contain
such off-heap target reloc infos.
Bug: v8:6666, v8:7969
Change-Id: If6fa85a438d093ed5dcea07ce0de1db49a224d28
Reviewed-on: https://chromium-review.googlesource.com/1146643
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54786}
AdvanceUntil allows the Utf16CharacterStream to advance until a charater is found
that passes the check.
Bug: v8:7926
Change-Id: Iae39fb24194aa0ee2f544a55a7847956aa324b64
Reviewed-on: https://chromium-review.googlesource.com/1151303
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54783}
This CL introduces InstanceTypeChecker namespace with type checkers for
types used by the optimizing compiler. The type checkers are global
functions. Examples:
bool InstanceTypeChecker::IsJSFunction(InstanceType);
bool InstanceTypeChecker::IsAllocationSite(InstanceType);
The CL also uses these type checkers in the HeapObject::IsXXXX()
functions to ensure consistency.
Bug: v8:7790
Change-Id: I7eb9e79ca28da02fd489201f532e566d0d13243a
Reviewed-on: https://chromium-review.googlesource.com/1154529
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54782}
When disassembling code (in particular embedded builtins), try to
print better information about root-relative accesses. For example:
REX.W movq rdx,[r13+0x548]
REX.W movq rax,[r13+0x10a8]
turns into
REX.W movq rdx,[r13+0x548] (root (0x1ff420d0ccd9 <FixedArray[1672]>))
REX.W movq rax,[r13+0x10a8] (external reference (check_object_type))
This is a band-aid solution until we come up with something better. It
does not understand multi-instruction sequences (such as loads from
the builtins constants table), assumes every kRootRegister-relative
access is actually root-relative (i.e. the register is not initialized
to some other value), and is limited to a particular instruction
pattern.
Bug: v8:6666,v8:7969
Change-Id: I35af92e8233c9bb0f2ad6ba0e86bd0ab69177205
Reviewed-on: https://chromium-review.googlesource.com/1146806
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54777}
Now we can remove FixedArrayOfWeakCells (this was the last user).
BUG=v8:7308
Change-Id: I7b74f7833288b20d8f4d098a4afce640ea6db823
Reviewed-on: https://chromium-review.googlesource.com/1150170
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54776}
This is a reland of 51ad234ffe
With a manual layout rebaseline of js/fast/string-prototype-properties
[1], this CL can be relanded without breaking the layout test.
[1] https://chromium-review.googlesource.com/c/chromium/src/+/1154289
also marks the test for skipping until this fix is rolled to Chromium.
Original change's description:
> [Intl] move localeCompare to C++
>
>
> Bug: v8:7958
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I84a27dda5205c8581a7ffe37213d685cc49974fa
> Reviewed-on: https://chromium-review.googlesource.com/1144644
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54740}
TBR=ftang@chromium.org, gsathya@chromium.org
Bug: v8:7958
Test: layout test: js/fast/string-prototype-properties
Change-Id: Ic546349fcbc935917ded018801f7d942e50565d5
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1154247
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54772}
Functions/variables for some atomic memory operators use type,
representation interchangeably. Fix to make it consistent.
Bug: v8:7754, v8:6532
Change-Id: I16ae35b72728739aee4bc67287317c2fd4a9088a
Reviewed-on: https://chromium-review.googlesource.com/1152462
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54763}
The ToBigInt conversion can have side effects, so the check for
neutered-ness must happen afterwards.
Bug: chromium:867776
Change-Id: I6e550c77a284da4cf132c21a6c3b1ed8f34eedc9
Reviewed-on: https://chromium-review.googlesource.com/1153553
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54761}
An object with a deprecated Map which has already been cached in
CloneObjectIC feedback is still a valid Map for fast cloning --- but
to be consistent with other ICs, deprecated maps are ignored, and are
expected to be transitioned away from.
If the source object has a deprecated map, the instance is migrated.
BUG=v8:7611, chromium:867958
R=jkummerow@chromium.org, mvstanton@chromium.org
Change-Id: I9771b00400fb4dda45a62e874a31d9b50630d847
Reviewed-on: https://chromium-review.googlesource.com/1152414
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#54758}
Also removed an obsolete test that is covered by test262/intl402
Bug: v8:7954, v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I41113653cd27c165e6f0a52e4b63bb9ddc553cba
Reviewed-on: https://chromium-review.googlesource.com/1150453
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54757}
We currently only expose this to desugarings and not in the grammar
to keep 'const' and 'let' bindings consistent.
A side-effect of this change is that it is now possible to use a
shadowed name in the initializer of a const binding.
Bug: v8:7793
Change-Id: Ic2ca6af0735acf0e748d394f9039fe6612bd4a06
Reviewed-on: https://chromium-review.googlesource.com/1150534
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54755}
Add codegen support for up to 4GiB memories in Liftoff code.
This CL also adds three new mjsunit tests that stress large WASM
memories (1, 2, and 4 GiB) and checks that accesses near these
boundaries properly generate traps.
Note there is still some trickiness around the setting of:
1.) the flag --wasm-max-mem-pages
2.) wasm-limits.h kSpecMaxWasmMemoryPages = 65536
3.) wasm-limits.h kV8MaxWasmMemoryPages = 32767
In particular, the allocation of memories is still limited to
3.) and the runtime flag can only lower this limit.
The above means that the tests for 2GiB and 4GiB memories will silently
OOM by design until 3.) is changed (though they currently pass with
manual testing). I argue it is better to include these tests up front,
since they will immediately trigger if their memory allocation succeeds.
Therefore the plan is to lift the restriction on 3.) after removing
all other other internal V8 limitations including array buffers and views.
R=clemensh@chromium.orgCC=mstarzinger@chromium.org
BUG=v8:7881
Change-Id: I3205ac2daf5c9a84364c670a2c3ef2258e5649f6
Reviewed-on: https://chromium-review.googlesource.com/1151309
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54754}
The initial CL only re-wired the macro but did not convert the remaining
manual uses.
Change-Id: Ia4c6dea006d7c026d2376affee0b7027f5aa7895
Reviewed-on: https://chromium-review.googlesource.com/1152907
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54753}
This CL changes the for-loop so all parts are optional, allowing
loops like:
for (;;) {}
for (;; ++i) {}
...
R=danno@chromium.org, tebbi@chromium.org
Bug: v8:7793
Change-Id: I7bf9ef9e59d55eb9ae9f38904a1c1106ae50df5a
Reviewed-on: https://chromium-review.googlesource.com/1152727
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54752}
Until now, this test mode was only active in CI. Adding it to CQ should
help catching errors earlier.
TBR=sergiyb@chromium.org
Change-Id: I19a0971ecb318eb5bca3aee435700544d0ad2dcb
Reviewed-on: https://chromium-review.googlesource.com/1131946
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54750}
Previously we used the start address of the AbstractCode object. This
doesn't make sense for off-heap builtins, where the code isn't contained
in the object itself. It also hides other potential problems - sometimes
the sample.pc is inside the AbstractCode object header - this is
never valid.
There were a few changes necessary to make this happen:
- Change the interface of CodeMoveEvent. Now 'to' and 'from' are both
AbstractCode objects, which is nice because many users were taking
'to' and adding the header offset to it to try and find the
instruction start address. This isn't valid for off-heap builtins.
- Fix a bug in CodeMap::MoveCode where we didn't update the CodeEntry
object to reflect the new instruction_start.
- Rename the 'start' field in all of the CodeEventRecord sub-classes
to make it clear that this is the address of the first instruction.
- Fix the confusion in RecordTickSample between 'tos' and 'pc' which
caused pc_offset to be calculated incorrectly.
Bug: v8:7983
Change-Id: I3e9dddf74e4b2e96a5f031d216ef7008d6f184d1
Reviewed-on: https://chromium-review.googlesource.com/1148457
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54749}
This reverts commit 51ad234ffe.
Reason for revert: Speculative revert. Suspect for layout test change:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/25165
See also:
https://github.com/v8/v8/wiki/Blink-layout-tests
The bots currently have another problem with webkit_unit_tests and
don't run the layout tests on every revision. Hence the speculative
revert.
Original change's description:
> [Intl] move localeCompare to C++
>
>
> Bug: v8:7958
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I84a27dda5205c8581a7ffe37213d685cc49974fa
> Reviewed-on: https://chromium-review.googlesource.com/1144644
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54740}
TBR=jshin@chromium.org,gsathya@chromium.org,bstell.chromium.org@gmail.com,ftang@chromium.org
Change-Id: Iceab3316bd1eacfe449c8182cbb3027acb56047e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7958
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1152767
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54747}
The CSA fast path returned null for Proxy.prototype whereas runtime GetProperty
returned undefined. The CL fixes this discrepancy by returning undefined for
both cases and this makes it complaint with the spec.
Change-Id: I35b75c09dc99e8fd629671e30eacd2cabea8c1d4
Reviewed-on: https://chromium-review.googlesource.com/1145438
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#54745}
This places the hot part of SkipWhiteSpace in the header, allowing it to be
inlined, and leaves a slow path to handle the rest. This improves comment
scanning overall by ~10%.
Bug: v8:7926
Change-Id: I2e2ebbbae0d1af619b161397712fdf667d078884
Reviewed-on: https://chromium-review.googlesource.com/1150230
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54744}
This CL removes the last bit of Float64 math that was left, by
adding a TypeGuard node to help the typer figure out that stuff
actually fits in Int32 operations.
This should improve the inline performance a little bit more.
Change-Id: I35bf3445e6c73c9433d5ff5e177d6bb3c8b82071
Reviewed-on: https://chromium-review.googlesource.com/1151635
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#54743}
This also move the function body of Runtime_StringLocaleConvertCase
into IntlFunc::StringLocaleConvertCase
Bug: v8:7958
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ibc081150babdd7d50043383b0f7375d46cfcf4a5
Reviewed-on: https://chromium-review.googlesource.com/1144525
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54737}