Commit Graph

572 Commits

Author SHA1 Message Date
Benedikt Meurer
765ca6a0d3 [inspector] Capture stack trace only once for JSError objects.
When creating a new JSError object (or using the non-standard API
`Error.captureStackTrace`) V8 would previously capture the "simple stack
trace" (as FixedArray of CallSiteInfo instances) to be used for the non-
standard `error.stack` property, and if the inspector was active also
capture the "detailed stack trace" (as FixedArray of StackFrameInfo
instances). This turns out to be quite a lot of overhead, both in terms
of execution time as well as memory pressure, especially since the
information needed for the inspector is a proper subset of the
information needed by `error.stack`.

So this CL addresses the above issue by capturing only the "simple stack
trace" (in the common case) and computing the "detailed stack trace"
from the "simple stack trace" when on demand. This is accomplished by
introducing a new ErrorStackData container that is used to store the
stack trace information on JSErrors when the inspector is active. When
capturing stack trace for a JSError object while the inspector is
active, we take the maximum of the program controlled stack trace limit
and the inspector requested stack trace limit, and memorize the program
controlled stack trace limit for later formatting (to ensure that the
presence of the inspector is not observable by the program).

On the `standalone.js` benchmark from crbug.com/1283162 (with the
default max call stack size of 200) we reduce execution time by around
16% compared to ToT. And compared to V8 9.9.4 (the version prior to the
regression in crbug.com/1280831), we are 6% faster now.

Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Bug: chromium:1280831, chromium:1278650, chromium:1258599
Bug: chromium:1280803, chromium:1280832, chromium:1280818
Fixed: chromium:1283162
Change-Id: I57dac73e0ecf7d50ea57c3eb4981067deb28133e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366660
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78542}
2022-01-10 14:55:18 +00:00
Frank Tang
f811e89269 [Temporal] Part2 Add constructor and simple getters.
Bug: v8:11544

Change-Id: I3206ca3e0c505b14e4497ccb2af25a31940a1c1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2967755
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78518}
2022-01-07 19:18:33 +00:00
Benedikt Meurer
b8e2a423e0 [debug] Introduce a dedicated StackFrameInfo for v8::StackFrame.
This is the final change list in the list of refactorings to split off
the implementations of v8::StackFrame and CallSite objects (as used by
the V8 JavaScript stack API). See https://bit.ly/v8-stack-frame for the
whole story.

This CL adds the v8::internal::StackFrameInfo class as new backing
implementation of v8::StackFrame, and puts it into debug-objects.tq
to indicate that it's used for the debugger API only. This new class
is lightweight and only holds on to static information about the
stack frame, and is thus usable for the V8 inspector to implement
async stack traces in a cheaper manner going forward.

Doc: https://bit.ly/v8-stack-frame
Bug: chromium:1258599, chromium:1278650
Fixed: chromium:1278647
Change-Id: I4dbf2d850f47797263af225895129499169aad02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302794
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78382}
2021-12-15 06:16:46 +00:00
Benedikt Meurer
4ecf143801 [refactor] Rename StackFrameInfo to CallSiteInfo.
This is the second step in the refactoring to make v8::StackFrame
more lightweight and usable for (long time storage) by the V8
inspector (see https://bit.ly/v8-stack-frame for an overview).

This is a purely mechanical change without any functional aspects.
The intention is to make the use case for the CallSiteInfo objects
clear, namely to serve as the backing store for the CallSite objects
exposed via the Error.prepareStackTrace() API and used under the
hood to implement the error.stack accessor.

Doc: https://bit.ly/v8-stack-frame
Bug: chromium:1258599, chromium:1278647, chromium:1278650
Change-Id: I39dffd1f1a8e5158ddc56f2a0a2b1b28321f487a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300138
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78361}
2021-12-14 10:03:25 +00:00
Dominik Inführ
a0ed6096f3 [heap] Introduce CLIENT_TO_SHARED remembered set
During a shared GC we need to iterate the twice: for marking and later
when updating pointers after evacuation. This CL introduces a new
remembered set to avoid the second heap iteration, the remembered set
is created when iterating the client heaps for marking. When updating
pointers, the GC only needs to visit slots in the remembered set.
CLIENT_TO_SHARED is only used during GC atm.

Bug: v8:11708
Change-Id: Ie7482babb53b5f6ca2115daafe6f208acae98d6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315443
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78332}
2021-12-10 07:29:41 +00:00
Leszek Swirski
3b9091c827 [compiler-dispatcher] Move Job pointer to SFI
Reduce the enqueuing cost of compiler-dispatcher jobs by getting rid of
the sets and hashmaps, and instead:

  1. Turning the pending job set into a queue, and
  2. Making the SharedFunctionInfo's UncompiledData hold a pointer to
     the LazyCompilerDispatcher::Job, instead of maintaining an
     IdentityMap from one to the other.

To avoid bloating all UncompiledData, this adds two new UncompiledData
subclasses, making it four subclasses total, for with/without Preparse
data and with/without a Job pointer. "should_parallel_compile"
FunctionLiterals get allocated an UncompiledData with a job pointer by
default, otherwise enqueueing a SFI without a job pointer triggers a
reallocation of the UncompiledData to add a job pointer.

Since there is no longer a set of all Jobs (aside from one for
debug-only), we need to be careful to manually clear the Job pointer
from the UncompiledData whenever we finish a Job (whether successfully
or by aborting) and we have to make sure that we implicitly can reach
all Jobs via the pending/finalizable lists, or the set of currently
running jobs.

Change-Id: I3aae78e6dfbdc74f5f7c1411de398433907b2705
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314833
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78302}
2021-12-08 16:03:35 +00:00
Shu-yu Guo
b6030dbac5 [string] Make String::MakeThin threadsafe for shared strings
For shared strings, String::MakeThin is protected by using the map word
of the string being migrated as a spinlock.

Note that this CL does not make it safe yet to access character data
from multiple threads. The spinlock here only protects write-write races
in String::MakeThin.

For more information, see the following two design docs:

https://docs.google.com/document/d/1c5i8f2EfKIQygGZ23hNiGxouvRISjUMnJjNsOodj6z0/edit
https://docs.google.com/document/d/1Drzigf17t4ofy0evDmaIL5p0MDZuAl95c9fSeX-QjVg/edit

Bug: v8:12007
Change-Id: I9c47412c6ec7360a672b65a8576b4f6156ee5846
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313429
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78257}
2021-12-06 20:27:06 +00:00
Richard Stotz
286747bb97 [wasm] Remove CallRefData
This CL removes the CallRefData data structure and accesses a funcref's
target and instance through the funcref.

Bug: v8:7748
Change-Id: Ic46b127f7775052d5df13b03c447e3b15328ad74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306486
Commit-Queue: Richard Stotz <rstz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78194}
2021-12-01 18:46:59 +00:00
Frank Tang
2b352df062 [intl] Update Intl.Locale.weekInfo sync latest
Implement the changes in
https://github.com/tc39/proposal-intl-locale-info/pull/44
So weekInfo will return weekend as an array instead of weekendStart
and weekendEnd.

Bug: v8:11638
Change-Id: I775b003b36f67179943911faa7f77a323ad9f6f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3307685
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78172}
2021-11-30 23:17:28 +00:00
Manos Koukoutos
f60132e96a [wasm] Internal representation for function references
Design doc: bit.ly/3jEVgzz

We separate the internal representation of function references in Wasm
from their JSFunction-based (external) representation. This improves
performance of call_ref by requiring less indirections to load the
context and call target from a function reference. In the boundary
between wasm and JS/the C API, we add transformations between the two
representations.

Detailed changes:
- Introduce WasmInternalFunction, containing fields required by
  call_ref, as well as a reference to the corresponding
  WasmExternalFunction. Add a reference to the WasmInternalFunction in
  WasmFunctionData. The {WasmInternalFunction::FromExternal} helper
  extracts the internal out of an external function.
- Change {WasmInstanceObject::external_functions()} to internal
  functions.
- Change wasm function tables to contain internal functions.
- Change the following code to use internal functions:
  - call_ref in liftoff and Turbofan
  - function type checks in liftoff and Turbofan
  - CallRefIC and GenericJSToWasmWrapper builtins
  - {InitExprInterface::RefFunc}
  - module-compiler.cc in {ProcessTypeFeedback}
  - In module-instantiate.cc, in function-rtt creation.
- Add transformations between internal and external functions in:
  - WasmWrapperGraphBuilder::{ToJS, BuildUnpackObjectWrapper, FromJS,
    BuildJSToJSWrapper}.
  - debug-wasm-objects.cc in {FunctionProxy::Get},
    {WasmValueObject::New} and {AddWasmTableObjectInternalProperties}.
  - runtime-wasm.cc in ReplaceWrapper
  - the C and JS APIs
  - module-instantiate.cc, in import and export processing, as well as
    {InitializeIndirectFunctionTables}
  - WasmTableObject::{IsValidElement, SetFunctionTableEntry}
  - {WasmGlobalObject::SetFuncRef}
- Simplify body descriptors of WasmExternalFunction variants.
- Adjust tests.

Bug: v8:11510

Change-Id: I8377f46f55c3771391ae1c5c8201a83854ee7878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277878
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78068}
2021-11-24 13:07:28 +00:00
Jakob Gruber
f6f829b49f [compiler,code] Refactor code dependencies
Prior to this CL we regularly generated high counts of code
dependencies, and installation was not the most efficient.

This CL 1) implements early dependency deduplication and
2) simplifies the way dependencies are persisted on the heap
through DependentCode.

Re 1): we dedupe twice, once based on the CompilationDependency
contents, and again once we know the final target object.

Re 2): Instead of a linked list of weak fixed arrays per
dependency group, store deps in a flat array together with a
bitset of their dependency groups.

See also:
https://docs.google.com/document/d/1B34S1s3Iv6hbquZ93RugD0b-ZKfHEptJ8Fk_YyOvjDk/edit

Bug: v8:12195,v8:12397
Change-Id: I9ab47f6d87b10558194b5de30a36b1122f7e362a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3283074
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77969}
2021-11-18 13:22:57 +00:00
Shu-yu Guo
821c2c17d2 [string] Add a is_shared bit to strings and String::Share
The is_shared bit bumps the number of reserved bits for Strings'
InstanceType from 6 to 7. This has the side effect of shuffling the
InstanceType enum values.

There are no users of this bit yet. This is steps 1-2 from the following
design doc [1], in preparation for sharing internalized and
in-place-internalizable strings.

[1] https://docs.google.com/document/d/1c5i8f2EfKIQygGZ23hNiGxouvRISjUMnJjNsOodj6z0/edit?usp=sharing

Bug: v8:12007
Change-Id: Idf11a6035305f0375b4f824ffd32a64f6b5b043b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3266017
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77831}
2021-11-10 23:55:47 +00:00
Thibaud Michaud
0443eb2ef0 [wasm] Introduce stack-switching frame type
And make the GC visit spilled references in the frame.

R=ahaas@chromium.org
CC=​fgm@chromium.org

Bug: v8:12191
Change-Id: Ida430f12a6de7658972e7890542fb02f7f7ddbb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3226784
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77763}
2021-11-08 14:29:44 +00:00
Manos Koukoutos
02b73c9424 [wasm] Do not sandbox isolate root pointer
The isolate root pointer in a WasmApiFuncionRef cannot be sandboxed,
because we would need the isolate root in the first place to decode it.
Therefore we do not use Foreign as the parent class of
WasmApiFunctionRef.

Bug: v8:11510
Change-Id: Idcbe654274c543ee571a335cb8e212ca3492d973
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3262134
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77751}
2021-11-08 03:43:47 +00:00
Thibaud Michaud
cce7154d57 [wasm] Add WebAssembly.Suspender object
R=ahaas@chromium.org

Bug: v8:12191
Change-Id: I15a5507a7dd0f02a3bbe9d3ce200206adf4d4539
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3231075
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77734}
2021-11-05 14:42:23 +00:00
Tobias Tebbi
392078fb83 Reland "[turbofan] extend type asserts to cover all JS types"
This is a reland of 45227ffdb4
Differences:
- Handle one more flags conflict in variants.py.
- Disallow %VerifyType without --concurrent-recompilation.

Original change's description:
> [turbofan] extend type asserts to cover all JS types
>
> Extend type assertions to all types covering JavaScript values.
> This is achieved by allocating type representations on the heap using
> newly defined HeapObject subclasses. To allocate these in the compiler,
> we disable concurrent compilation for the --assert-types flag for now.
>
> Fix two type errors that came up with the existing tests:
> 1. JSCreateKeyValueArray has type Array (i.e., a JSArray) instead of
>    OtherObject.
> 2. OperationTyper::NumberToString(Type) can type the result as the
>    HeapConstant Factory::zero_string(). However, NumberToString does
>    not always produce this string. To avoid regressions, the CL keeps
>    the HeapConstant type and changes the runtime and builtin code to
>    always produce the canonical "0" string.
>
> A few tests were failing because they check for truncations to work
> and prevent deoptimization. However, AssertType nodes destroy all
> truncations (which is by design), so these tests are incompatible
> and now disabled for the assert_types variant.
>
> Drive-by fix: a few minor Torque issues that came up.
>
> Change-Id: If03b7851f7e6803a2f69edead4fa91231998f764
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234717
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77565}

Change-Id: I5b3c6745c6ad349ff8c2b199d9afdf0a9b5a7392
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247035
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77596}
2021-10-28 14:10:30 +00:00
Manos Koukoutos
cd0ca02aaf [wasm] Add WasmApiFunctionRef object
This object will be used for the 'ref' field of WasmCapiFunctionData and
WasmJSFunctionData, replacing the currently used pair.
Design doc: https://bit.ly/3jEVgzz

Bug: v8:11510
Change-Id: Ic5dec88458b562883d571b3463269b2308f489c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3236718
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77575}
2021-10-27 13:17:32 +00:00
Maya Lekova
54f90462ec Revert "[turbofan] extend type asserts to cover all JS types"
This reverts commit 45227ffdb4.

Reason for revert: Breaks on gc_stress mode, see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/35988/overview

Original change's description:
> [turbofan] extend type asserts to cover all JS types
>
> Extend type assertions to all types covering JavaScript values.
> This is achieved by allocating type representations on the heap using
> newly defined HeapObject subclasses. To allocate these in the compiler,
> we disable concurrent compilation for the --assert-types flag for now.
>
> Fix two type errors that came up with the existing tests:
> 1. JSCreateKeyValueArray has type Array (i.e., a JSArray) instead of
>    OtherObject.
> 2. OperationTyper::NumberToString(Type) can type the result as the
>    HeapConstant Factory::zero_string(). However, NumberToString does
>    not always produce this string. To avoid regressions, the CL keeps
>    the HeapConstant type and changes the runtime and builtin code to
>    always produce the canonical "0" string.
>
> A few tests were failing because they check for truncations to work
> and prevent deoptimization. However, AssertType nodes destroy all
> truncations (which is by design), so these tests are incompatible
> and now disabled for the assert_types variant.
>
> Drive-by fix: a few minor Torque issues that came up.
>
> Change-Id: If03b7851f7e6803a2f69edead4fa91231998f764
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234717
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77565}

Change-Id: Ia779a11fc811846194c7a8d1e40b372b265e7ea4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247034
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Owners-Override: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77566}
2021-10-27 09:38:32 +00:00
Tobias Tebbi
45227ffdb4 [turbofan] extend type asserts to cover all JS types
Extend type assertions to all types covering JavaScript values.
This is achieved by allocating type representations on the heap using
newly defined HeapObject subclasses. To allocate these in the compiler,
we disable concurrent compilation for the --assert-types flag for now.

Fix two type errors that came up with the existing tests:
1. JSCreateKeyValueArray has type Array (i.e., a JSArray) instead of
   OtherObject.
2. OperationTyper::NumberToString(Type) can type the result as the
   HeapConstant Factory::zero_string(). However, NumberToString does
   not always produce this string. To avoid regressions, the CL keeps
   the HeapConstant type and changes the runtime and builtin code to
   always produce the canonical "0" string.

A few tests were failing because they check for truncations to work
and prevent deoptimization. However, AssertType nodes destroy all
truncations (which is by design), so these tests are incompatible
and now disabled for the assert_types variant.

Drive-by fix: a few minor Torque issues that came up.

Change-Id: If03b7851f7e6803a2f69edead4fa91231998f764
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234717
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77565}
2021-10-27 08:37:31 +00:00
Thibaud Michaud
33634d76ec [wasm] Add initial stack switching data structures
Add initial stack memory, jump buffer and continuation objects.

R=ahaas@chromium.org
CC=fgm@chromium.org

Bug: v8:12191
Change-Id: I0c6bde4e5f15e9c539e5e8af1a3b84e5cb5bc9a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220342
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77400}
2021-10-14 15:26:47 +00:00
Shu-yu Guo
a7111acbf8 [snapshot] Keep fewer objects in the shared heap object cache
Tip of tree puts both internalized and in-place-internalizable strings
into the shared heap object cache. But only internalized strings need
to go in there, since we can't have duplicates of those. It's fine to
allocate in-place-internalizable strings in the shared heap each time
a new Isolate is initialized, it'll be deduplicated if it's
internalized eventually.

Bug: chromium:1258918, v8:12007
Change-Id: I0e46b73a5ac3be83d0eaa31915a3a24f47a8c2bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3219690
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77388}
2021-10-13 23:45:14 +00:00
Camillo Bruni
52bb3cae7a [modules] Change ScriptOrModule to custom Struct
Due to caching issues we will not be able to store host-defined options
directly on the Script anymore. ScriptOrModule can thus no longer be
a i::Script.

NodeJS keeps weak references from ScriptOrModule to their import meta
data. This CL changes ScriptOrModule to be a temporary struct which has
a different lifetime. As a temporary fix until the API is fully updated
we introduce the v8_scriptormodule_legacy_lifetime compile-time flag.
It keeps references to ScriptOrModule alive on the Script to restore the
previous behavior (at an additional memory cost).

Bug: chromium:1244145
Change-Id: I1dc42d25930d7bc4f22ee3c9bba93d89425be406
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3211575
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77382}
2021-10-13 13:31:03 +00:00
Toon Verwaest
177d09fc10 [parser] Allocate the receiver before parameters
This guarantees that if it's context-allocated, it'll be the first
slot in the context. That in turn allows us to drop a special index on
scope-info pointing at the receiver entry; once we update arguments
object handling to take the receiver possibly being there into
account.

Change-Id: Idfd06cf172e6905b02c8d17a962382e2a9ea0874
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3211999
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77360}
2021-10-12 15:32:34 +00:00
Shu-yu Guo
388a80bab7 [snapshots] Add a new snapshot for shared heap objects
This CL adds a new snapshot to hold objects that are in the shared heap
or may need to be in the shared heap depending on runtime flags.
Currently this is to support --shared-string-table, which puts all
in-place-internalizable strings, internalized strings, and the
string table into the shared heap.

The shared heap snapshot is never deserialized into client Isolates.
This means when V8 is started without a shared Isolate, the shared heap
snapshot is deserialized into all Isolates.

Bug: v8:12007
Change-Id: I7eeab73080cda2e8250a5a49747f25b2440a349d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3173905
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77309}
2021-10-08 23:24:58 +00:00
Frank Tang
77e713f533 Reland "[Temporal] Part 1 - Skeleton"
This is a reland of 0adc1410b1

1. Fork out test/mjsunit/temporal/function-exist.js test
to test/mjsunit/temporal/function-exist-no-i18n.js and mark
 function-exist FAIL in no_i18n build.

Original change's description:
> [Temporal] Part 1 - Skeleton
>
> 1. Expose all the functions to empty buildins.
> 2. Wire up basic structure of classes and internal slots.
>
> Design Doc: https://docs.google.com/document/d/1Huu2OUlmveBh4wjgx0D7ouC9O9vSdiZWaRK3OwkQZU0/
>
> This is just a CL to establish a skeleton for Temporal.
> The Temporal is very big. The prototype CL is in
> https://chromium-review.googlesource.com/c/v8/v8/+/2967755
> but too big to be reviewed so I break up the basic structure here first.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel
> Bug: v8:11544
> Change-Id: I10d09e3c2530e5b1a6ba60014a2294e138879ff3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092561
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76819}

Bug: v8:11544
Change-Id: I60eaface94ba9b3408cb235cd1ae425151a36732
Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160324
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77303}
2021-10-08 15:50:13 +00:00
Jakob Kummerow
5d75bd1fdb [wasm-gc] Speculative inlining for call_ref (off by default)
This patch adds infrastructure for collecting feedback about call_ref
call targets in Liftoff code, and using that feedback for turning
such calls into inlineable direct calls when building Turbofan graphs.
The feature is considered experimental quality and hence off by default,
--wasm-speculative-inlining turns it on.

Bug: v8:7748
Change-Id: I0d0d776f8a71c3dd2c9124d3731f3cb06d4f5821
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3205902
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77287}
2021-10-07 14:56:39 +00:00
Patrick Thier
1cd7a58223 Create Instance Type for Class Constructors
Class Constructors are special, because they are callable but [[Call]]
raises an exception. Instead of checking if a JS function is a class
constructor for every JS function call, this CL adds a new instance
type for class constructors.
This way we can use a fast instance type range check for the common
case, and only check for class constructors in the uncommon case were
a class constructor is called and when we need to raise an exception.

Change-Id: Ic6fdd9829722d05559fdfd01f6100c61873a0872
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3186434
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77140}
2021-09-29 13:49:05 +00:00
Deepti Gandluri
f1a5b680db Revert "[Temporal] Part 1 - Skeleton"
This reverts commit 0adc1410b1.

Reason for revert: Reverting due to fail on  V8 Linux - noi18n - debug https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8836095186331011153/+/u/Check_-_default/function-exist

Original change's description:
> [Temporal] Part 1 - Skeleton
>
> 1. Expose all the functions to empty buildins.
> 2. Wire up basic structure of classes and internal slots.
>
> Design Doc: https://docs.google.com/document/d/1Huu2OUlmveBh4wjgx0D7ouC9O9vSdiZWaRK3OwkQZU0/
>
> This is just a CL to establish a skeleton for Temporal.
> The Temporal is very big. The prototype CL is in
> https://chromium-review.googlesource.com/c/v8/v8/+/2967755
> but too big to be reviewed so I break up the basic structure here first.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel
> Bug: v8:11544
> Change-Id: I10d09e3c2530e5b1a6ba60014a2294e138879ff3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092561
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76819}

Bug: v8:11544
Change-Id: I358f671452a986c8e87d1f831ab5eb1550a38441
Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160467
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76821}
2021-09-14 18:17:38 +00:00
Frank Tang
0adc1410b1 [Temporal] Part 1 - Skeleton
1. Expose all the functions to empty buildins.
2. Wire up basic structure of classes and internal slots.

Design Doc: https://docs.google.com/document/d/1Huu2OUlmveBh4wjgx0D7ouC9O9vSdiZWaRK3OwkQZU0/

This is just a CL to establish a skeleton for Temporal.
The Temporal is very big. The prototype CL is in
https://chromium-review.googlesource.com/c/v8/v8/+/2967755
but too big to be reviewed so I break up the basic structure here first.

Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel
Bug: v8:11544
Change-Id: I10d09e3c2530e5b1a6ba60014a2294e138879ff3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092561
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76819}
2021-09-14 17:14:05 +00:00
legendecas
89f36a1576 [builtins] DataView should throws on detached buffer
DataView constructor, DataView.prototype.byteLength
and DataView.prototype.byteOffset should throw
TypeError when the buffer was detached.

Both SpiderMonkey and JSC passed the test262 suites.

Bug: v8:12162
Change-Id: I126d24213c00e4d26540519bce9b5388862eb32c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3140015
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76818}
2021-09-14 16:49:36 +00:00
Leszek Swirski
787bec0964 [sparkplug] Remove BaselineData, use Code directly
Remove the BaselineData intermediate structure for baseline code, and
write the baseline Code object into the SharedFunctionInfo directly. We
still need a pointer to the BytecodeArray/InterpreterData, so re-use the
Code object's deoptimization data slot for this (baseline code doesn't
have deoptimization data).

A consequence of this is that the BytecodeArray pointer becomes
immutable when there is baseline code. This means that we cannot install
a debug BytecodeArray while baseline code is active (we have to flush it
first), and we can't tier-up code with debug BytecodeArray to baseline.

Change-Id: I53b93ec4d4c64b833603d7992f246982fcd97596
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3118548
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76675}
2021-09-06 11:52:21 +00:00
Sathya Gunasekaran
7df6678c32 [api] Implement signature checks using instance types
Rather than depending on slow signature checks, receiver type checks are
performed using fast numeric instance type checks.

This CL adds a instance type range for embedders to assign values and
uses these to perform type checks.

Bug: v8:11476
Change-Id: Ie8236ae47ca0ba93ae76a7e690b81aa0a2b0f3e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883623
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76162}
2021-08-09 11:01:15 +00:00
Thibaud Michaud
27a517b892 [wasm][eh] Add WebAssembly.Exception.getArg()
Also introduce a separate error type for WebAssembly.Exception,
since the properties should not be added to RuntimeError.

R=jkummerow@chromium.org

Bug: v8:11992
Change-Id: I8f4ae0da9a95184366e07dc43e58a5a9ff4382ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055304
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76061}
2021-08-03 14:25:50 +00:00
legendecas
d63ca69c22 [builtins] Implement Array#findFromLast and friends
This proposal reached Stage 3 at the July 2021 TC39.

https://github.com/tc39/proposal-array-find-from-last

Bug: v8:11990
Change-Id: I1364b46b7ed4bc56e4b3024d14bde799f9878b5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3037160
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76007}
2021-07-29 19:37:15 +00:00
Thibaud Michaud
d66cc11c2f [wasm][eh] Rename exception to tag
The JS API constructor was renamed to "WebAssembly.Tag" to match the
spec:
https://github.com/WebAssembly/exception-handling/issues/159

Rename "exception" to "tag" throughout the codebase for consistency with
the JS API, and to match the spec terminology (e.g. "tag section").

R=clemensb@chromium.org,nicohartmann@chromium.org

Bug: v8:11992
Change-Id: I63f9f3101abfeefd49117461bd59c594ca5dab70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053583
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75994}
2021-07-29 12:09:02 +00:00
Marja Hölttä
607f1fdb06 Reland "[rab/gsab] Update to the new spec"
- Remove ResizableArrayBuffer / GrowableSharedArrayBuffer constructors,
use options bags
- Add AB.prototype.resizable and SAB.prototype.growable
- Update receiver checks in (S?)AB.prototype methods

Previous try: https://chromium-review.googlesource.com/c/v8/v8/+/3021174

Bug: v8:11111
Change-Id: Ib4e98aa987826fd01bfdcf7688310ec0665f33ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035770
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75803}
2021-07-20 08:02:29 +00:00
Marja Hölttä
00d556f026 Revert "[rab/gsab] Update to the new spec"
This reverts commit 6207d61ff8.

Reason for revert: Incorrect implementation of the flag-not-on case.

Original change's description:
> [rab/gsab] Update to the new spec
>
> - Remove ResizableArrayBuffer / GrowableSharedArrayBuffer constructors,
> use options bags
> - Add AB.prototype.resizable and SAB.prototype.growable
> - Update receiver checks in (S?)AB.prototype methods
>
> Bug: v8:11111
> Change-Id: I4f8cb71a4c8e07483a3ffad83d98129da162b839
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021174
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75761}

Bug: v8:11111, chromium:1230129, chromium:1230408
No-Try: True
Tbr: mlippautz@chromium.org
Change-Id: I25aa10cb3dc20fdaeb45e6169fc01eec9a89f72c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038061
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75778}
2021-07-19 08:12:24 +00:00
Marja Hölttä
6207d61ff8 [rab/gsab] Update to the new spec
- Remove ResizableArrayBuffer / GrowableSharedArrayBuffer constructors,
use options bags
- Add AB.prototype.resizable and SAB.prototype.growable
- Update receiver checks in (S?)AB.prototype methods

Bug: v8:11111
Change-Id: I4f8cb71a4c8e07483a3ffad83d98129da162b839
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021174
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75761}
2021-07-16 13:41:31 +00:00
Frank Tang
c0f90e5923 Implement DisplayNames v2
Add "calendar", and "dateTimeField"
Add option for languageDisplay

https://tc39.es/intl-displaynames-v2/
https://chromestatus.com/feature/5082027281874944
Design Doc:
https://docs.google.com/document/d/17hQz4nOC7PJYhxc_MU-BRoT6BnYGZv66XlU1iGX0ywQ/edit#

Bug: v8:11637
Change-Id: Ie7dc80d16956f0e668b11e600e47f5bafb081ff7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2924523
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75027}
2021-06-08 17:49:36 +00:00
Igor Sheludko
ddc43d9cad [wasm-gc][ic] Support WasmObjects in LoadIC
Bug: v8:11804
Change-Id: I6eddf2d836c3916622768ef2a7d878157e89e4c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772980
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74796}
2021-05-26 17:49:49 +00:00
Igor Sheludko
f051293f5e [wasm-gc] Make WasmObject a subclass of JSReceiver
This is a first step towards supporting unwrapped WasmObject objects on
JavaScript side.

In addition this CL
1) introduces Representation::WasmValue which is used for all WasmObject
   fields exposed to JavaScript side.
2) adds creation of meaningful DescriptorArrays for WasmObject's Maps.

Bug: v8:11804
Change-Id: I4afcd39da5cb77b659943da54a2ca34d13bcc9bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912776
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74744}
2021-05-25 12:11:42 +00:00
Igor Sheludko
658c0ae3d3 [wasm-gc] Introduce WasmObject - a superclass for data ref types
... and use the generated WasmObject instance type range for data refs
checks.

Bug: v8:11804
Change-Id: I855ff76404ff7e3ca919dabec238d35cb39c0baf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2910784
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74713}
2021-05-21 13:17:38 +00:00
Jakob Kummerow
54d84cf385 [wasm-c-api] Cache CapiCallWrappers in the NativeModule
We used to recompile WasmCapiCallWrappers whenever they were
needed, but never garbage-collected them, which caused a memory
leak when many short-lived instances of the same module were
created. This patch makes the wrappers cacheable and caches them,
which avoids both repeated compilation effort and the unbounded
memory growth.
Drive-by cleanup: unify WasmCapiFunctionData with the other
Wasm*FunctionData classes by making it inherit from WasmFunctionData.

Bug: v8:11774
Change-Id: Ia0c0d76be2938dc7bebfdc845f4a1cfeafef4a70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905605
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74682}
2021-05-19 16:36:41 +00:00
Shu-yu Guo
baa4ba3f7d Reland^4 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64"
This is a reland of 8b74fd4590

Changes since revert:

- Reverted a61aa4919f for not fixing the
  jitless toggling issue on Chromium Win64

- Fix jitless toggling on Win64 by checking FLAG_jitless in
  EmbeddedDataWithMaybeRemappedEmbeddedBuiltins

Original change's description:
> Reland^3 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64""
>
> This is a reland of 054ff044bc
>
> Change since revert:
>
> - Remove assignment to FLAG_enable_short_builtins in test since
>   it's write-once in CFI.
>
> Original change's description:
> > Reland^2 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64"
> >
> > This is a reland of 1f504c36da
> >
> > Changes since revert:
> >
> > - Removed disabling of RO heap sharing when --stress-snapshot is passed;
> >   was fixed by f4a6c628c9
> > - Fixed crashing tests that caused revert separately in
> >   a61aa4919f
> >
> > Original change's description:
> > > > [ptr-cage] Turn on shared pointer cage by default for arm64 and x64
> > > >
> > > > Reviewed-on:
> > > https://chromium-review.googlesource.com/c/v8/v8/+/2873226
> > > > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > > > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#74422}
> > >
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878855
> > > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > > Reviewed-by: Adam Klein <adamk@chromium.org>
> > > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > > Reviewed-by: Dan Elphick <delphick@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#74448}
> >
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891460
> > Reviewed-by: Adam Klein <adamk@chromium.org>
> > Commit-Queue: Shu-yu Guo <syg@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74546}
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2893567
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74548}

TBR=ishell@chromium.org

Bug: v8:11460
Change-Id: Ied925de5f886a906b1ca178365aee73155e679cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891697
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74560}
2021-05-14 03:41:09 +00:00
Bill Budge
9ee5bdc975 Revert "Reland^3 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64"""
This reverts commit 8b74fd4590.

Reason for revert: Blocking the roll into Chromium, example failure on Windows 64 bot:

https://ci.chromium.org/p/chromium/builders/try/win10_chromium_x64_rel_ng/863189?

Original change's description:
> Reland^3 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64""
>
> This is a reland of 054ff044bc
>
> Change since revert:
>
> - Remove assignment to FLAG_enable_short_builtins in test since
>   it's write-once in CFI.
>
> Original change's description:
> > Reland^2 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64"
> >
> > This is a reland of 1f504c36da
> >
> > Changes since revert:
> >
> > - Removed disabling of RO heap sharing when --stress-snapshot is passed;
> >   was fixed by f4a6c628c9
> > - Fixed crashing tests that caused revert separately in
> >   a61aa4919f
> >
> > Original change's description:
> > > > [ptr-cage] Turn on shared pointer cage by default for arm64 and x64
> > > >
> > > > Reviewed-on:
> > > https://chromium-review.googlesource.com/c/v8/v8/+/2873226
> > > > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > > > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#74422}
> > >
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878855
> > > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > > Reviewed-by: Adam Klein <adamk@chromium.org>
> > > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > > Reviewed-by: Dan Elphick <delphick@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#74448}
> >
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891460
> > Reviewed-by: Adam Klein <adamk@chromium.org>
> > Commit-Queue: Shu-yu Guo <syg@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74546}
>
> TBR=adamk@chromium.org
>
> Bug: v8:11460
> Change-Id: Ib7526270d421a562cb00aec9a28b4fc2296e4a86
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2893567
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74548}

Bug: v8:11460
Change-Id: Ie1a6a5d7e7928f6b90571a33dc743ca5d1d082b4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2893823
Auto-Submit: Bill Budge <bbudge@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74557}
2021-05-13 19:21:08 +00:00
Shu-yu Guo
8b74fd4590 Reland^3 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64""
This is a reland of 054ff044bc

Change since revert:

- Remove assignment to FLAG_enable_short_builtins in test since
  it's write-once in CFI.

Original change's description:
> Reland^2 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64"
>
> This is a reland of 1f504c36da
>
> Changes since revert:
>
> - Removed disabling of RO heap sharing when --stress-snapshot is passed;
>   was fixed by f4a6c628c9
> - Fixed crashing tests that caused revert separately in
>   a61aa4919f
>
> Original change's description:
> > > [ptr-cage] Turn on shared pointer cage by default for arm64 and x64
> > >
> > > Reviewed-on:
> > https://chromium-review.googlesource.com/c/v8/v8/+/2873226
> > > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#74422}
> >
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878855
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Adam Klein <adamk@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Dan Elphick <delphick@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74448}
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891460
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74546}

TBR=adamk@chromium.org

Bug: v8:11460
Change-Id: Ib7526270d421a562cb00aec9a28b4fc2296e4a86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2893567
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74548}
2021-05-13 01:36:36 +00:00
Bill Budge
01f9e1f7a0 Revert "Reland^2 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64""
This reverts commit 054ff044bc.

Reason for revert: Breaks Arm64 build:

https://ci.chromium.org/p/v8/builders/ci/V8%20Android%20Arm64%20-%20debug%20builder/18683

Original change's description:
> Reland^2 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64"
>
> This is a reland of 1f504c36da
>
> Changes since revert:
>
> - Removed disabling of RO heap sharing when --stress-snapshot is passed;
>   was fixed by f4a6c628c9
> - Fixed crashing tests that caused revert separately in
>   a61aa4919f
>
> Original change's description:
> > > [ptr-cage] Turn on shared pointer cage by default for arm64 and x64
> > >
> > > Reviewed-on:
> > https://chromium-review.googlesource.com/c/v8/v8/+/2873226
> > > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#74422}
> >
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878855
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Adam Klein <adamk@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Dan Elphick <delphick@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74448}
>
> Bug: v8:11460
> Change-Id: I4e491574437f4c832e24b29815de6bdfd8975511
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891460
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74546}

Bug: v8:11460
Change-Id: I772afcd100d3d92b7e3f5f060c670a5686c9a338
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892843
Auto-Submit: Bill Budge <bbudge@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74547}
2021-05-13 00:04:07 +00:00
Shu-yu Guo
054ff044bc Reland^2 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64"
This is a reland of 1f504c36da

Changes since revert:

- Removed disabling of RO heap sharing when --stress-snapshot is passed;
  was fixed by f4a6c628c9
- Fixed crashing tests that caused revert separately in
  a61aa4919f

Original change's description:
> > [ptr-cage] Turn on shared pointer cage by default for arm64 and x64
> >
> > Reviewed-on:
> https://chromium-review.googlesource.com/c/v8/v8/+/2873226
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74422}
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878855
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74448}

Bug: v8:11460
Change-Id: I4e491574437f4c832e24b29815de6bdfd8975511
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891460
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74546}
2021-05-12 23:52:36 +00:00
Maya Lekova
5848315425 Revert "Reland "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64""
This reverts commit 1f504c36da.

Reason for revert: Failures in Chromium tests causing a blocked roll - https://ci.chromium.org/ui/p/chromium/builders/try/linux_chromium_tsan_rel_ng/848645/overview

Original change's description:
> Reland "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64"
>
> This is a reland of 6c65e858a6
>
> Changes since revert:
>
> - Add --disable-shared-ro-heap-for-testing flag that is implied by
>   d8's --stress-snapshot, since RO heap sharing currently
>   does not support deserializing/serializing while original Isolate
>   is still running
> - Add BUILD.gn assert that v8_enable_pointer_compression_shared_cage
>   requires x64 or arm64
>
> Original change's description:
> > [ptr-cage] Turn on shared pointer cage by default for arm64 and x64
> >
> > Bug: v8:11460
> > Change-Id: I9ab419b5e90fbe677e1d63b41699d90552839e98
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2873226
> > Commit-Queue: Shu-yu Guo <syg@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74422}
>
> Bug: v8:11460
> Change-Id: I7eb189b7f8ac3e30da96b0dadd2c085f08a1a0b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878855
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74448}

Bug: v8:11460
Change-Id: Ice601be4826adbae1288f3314192bdf6566a366c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883660
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74473}
2021-05-10 13:28:39 +00:00
Marja Hölttä
3160edf011 [rab/gsab] ResizableArrayBuffer / GrowableSharedArrayBuffer part 1
Detailed list of changes:
https://docs.google.com/document/d/15i4-SZDzFDW7FfclIYuZEhFn-q-KpobCBy23x9zZZLc/edit?usp=sharing

Bug: v8:11111
Change-Id: I931003bd4552cf91d57de95af04a427a9e6d6ac9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814259
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74459}
2021-05-10 08:29:41 +00:00