The SFI's flags can be changed by the mutator while the concurrent marker is checking
the flags for bytecode flushing. None of the flag bits checked for bytecode flushing
are changed, however since they are in an int32 field TSAN will complain if any of the
other flags are changed while reading from another flag. Fix this by making the flags
use the RELAXED_INT32_ACCESSORS.
BUG=v8:8592,v8:8395
Change-Id: I5fbb4fd381c2b288abf0cd36eb0b8256e1929af6
Reviewed-on: https://chromium-review.googlesource.com/c/1382458
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58325}
This skips one level of indirection by calling the off-heap entry
point directly instead of going through the on-heap Code trampoline.
Bug: v8:7777
Change-Id: If667ea6cd6138ab1c12aa861ef441109008e4fba
Reviewed-on: https://chromium-review.googlesource.com/c/1382459
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58324}
This CL introduces our own minimal SmallVector implementation and uses
it in several places (more might follow).
I measured that in the majority of cases, these vectors are quite small
(<= 8 elements), so we will avoid any heap allocation in those cases.
R=mstarzinger@chromium.orgCC=titzer@chromium.org
Bug: v8:8423
Change-Id: I93a26b3303a10fe1dc93186430e20333ea4970a8
Reviewed-on: https://chromium-review.googlesource.com/c/1378178
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58323}
The operation will be used for marking of descriptor arrays.
Bug: v8:8486
Change-Id: If73be030614e2c84c77eaeeff419c08ef34a76e9
Reviewed-on: https://chromium-review.googlesource.com/c/1382456
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58322}
This CL implements the global.get and global.set instruction for anyref
globals. This includes:
* Properly decode anyref globals.
* Add a FixedArray to WasmInstanceObject to store anyref globals.
* Initialize the FixedArray.
* Generate code for global.get and global set.
This CL does not allow to import globals yet.
R=clemensh@chromium.org
Bug: v8:7581
Change-Id: I62617409271d9b6f2253a191681189865aa1f459
Reviewed-on: https://chromium-review.googlesource.com/c/1380112
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58318}
The parser object can now be created on a worker thread, therefore we shouldn't access
global FLAGs during the constructor. Instead move them to the ParseInfo constructor
and set the parser fields based on these. Also avoid accessing always_opt flags in
bytecode-flags - instead accessing it in ParseInfo and propagating to the bytecode
generator.
Also gets rid of unused kUntrustedCodeMitigations flag in UnoptimizedCompilationInfo
BUG=v8:8582
Change-Id: I6e6fdc8cc7865803cb5f334f652abc0e3e4cb3ce
Reviewed-on: https://chromium-review.googlesource.com/c/1375918
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58316}
Dropping the temporary StructPtr in the process.
Bug: v8:3770
Change-Id: I70784ede7b66b432d8438536ff0c70a51dfb7f83
Reviewed-on: https://chromium-review.googlesource.com/c/1377461
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58315}
During bootstrapping, both the kFreeSpaceMap root and the map of
actual FreeSpace objects can be nullptr, so the respective DCHECK
must be robust towards this.
Change-Id: Ic7b66b5ab40d7b1bf77c2de936e611e0836cd51f
Reviewed-on: https://chromium-review.googlesource.com/c/1382094
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58314}
Since we always flatten the string upfront, we don't need to
implement the the UTF8 conversion as a string visitor anymore.
R=petermarshall@chromium.org
Bug: v8:6780, v8:8605
Change-Id: I27946551d7c3742f47ac36d5c909c19a7f2b0371
Reviewed-on: https://chromium-review.googlesource.com/c/1371828
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58312}
We don't need that complexity for initializing a static array.
R=cbruni@chromium.org
Bug: v8:8562, v8:8600
Change-Id: I35ba00dc7a11eeff6c6eadbcb8899a697ccfb415
Reviewed-on: https://chromium-review.googlesource.com/c/1380113
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58310}
Since it's explicit what we're tracking, we can immediately throw errors in
certain cases, and ignore irrelevant errors. We don't need to use the
classifier itself to track "let let", since we know whether we're parsing a
"let". Errors that were previously (almost) always accumulated are now
immediately pushed to the scopes that care (parameter initialization errors).
This CL drops avoiding allocation of classified errors, at least for now, but
that doesn't affect performance anymore since we don't aggressively blacklist
anymore. Classified errors are even less likely with the more precise approach.
ParseAssignmentExpression doesn't introduce its own scope immediately, but
reuses the outer scope.
Rather than using full ExpressionClassifiers + Accumulate to separate
expressions/patterns from each other while keeping track of the overall error
state, this now uses an explicit AccumulationScope.
When we parse (async) arrow functions we introduce new scopes
that track that they may be (async) arrow functions.
We track StrictModeFormal parameters in 2 different ways if it isn't
immediately certain that it is a strict-mode formal error: Either directly on
the (Pre)ParserFormalParameters, or on the NextArrowFunctionInfo in the case
we're not yet certain that we'll have an arrow function. In the latter case we
don't have a FormalParameter object yet, and we'll copy it over once we know
we're parsing an arrow function. The latter works because it's not allowed to
change strictness of a function with non-simple parameters.
Design doc:
https://docs.google.com/document/d/1FAvEp9EUK-G8kHfDIEo_385Hs2SUBCYbJ5H-NnLvq8M/
Change-Id: If4ecd717c9780095c7ddc859c8945b3d7d268a9d
Reviewed-on: https://chromium-review.googlesource.com/c/1367809
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58307}
This adds a MicrotaskQueue parameter to Execution::RunMicrotasks, and
propagate it to Invoke(). Also, reorganizes the existing and newly added
parameters into a struct.
Change-Id: Ib98009b97681fdb554c0a8d469be962aea4138bd
Reviewed-on: https://chromium-review.googlesource.com/c/1373210
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58299}
Change the initial value of breakType to undefined
Store break type into bits
Change the algorithm
Bug: v8:6891
Change-Id: Id2cc1e90c28d92364318928fc8a377f172ebb339
Reviewed-on: https://chromium-review.googlesource.com/c/1374996
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58298}
This is a reland of 7b744e3ae8
I cannot reproduce the problem in this reland CL. I think
the origin breakage is just due to test flakiness.
Try to reland it without changes
TBR=jshin@chromium.org
Original change's description:
> [Intl] Replace uloc_(to|for)Language w/ Locale API
>
> Bug: v8:8468
> Change-Id: Id2f8d165e5f29f429821b44def2512fe760c0a51
> Reviewed-on: https://chromium-review.googlesource.com/c/1377989
> Reviewed-by: Jungshik Shin <jshin@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58260}
Bug: v8:8468
Change-Id: I5f34d061d630d07f5c9da07f9adb1efa040d66d5
Reviewed-on: https://chromium-review.googlesource.com/c/1378658
Reviewed-by: Frank Tang <ftang@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58297}
C++ introduces the {alignof} keyword, which evaluates to an integral
constant defining the alignment of the given type. This makes
{V8_ALIGNOF} redundant.
R=ulan@chromium.org
Bug: v8:8562
Change-Id: I15a4022c2c396afba96360f218d8a04b17a9a448
Reviewed-on: https://chromium-review.googlesource.com/c/1379938
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58292}
The kCallOnHeapBuiltin name has gotten very confusing now
that builtins are actually off the heap (and the generated code will
directly call off-heap).
Bug: v8:7777
Change-Id: Ie14069eee2fc11ef9aec64868c50832f6138ae8f
Reviewed-on: https://chromium-review.googlesource.com/c/1379883
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58291}
C++ introduces the {alignas} keyword, which can be used with types or
integral constant expressions. Use this instead of the V8_ALIGNAS (for
types) or V8_ALIGNED (for integral constants) macros.
R=ulan@chromium.org
Bug: v8:8562
Change-Id: I54999b56a5715237f88c63d8543ef728a5b2eff5
Reviewed-on: https://chromium-review.googlesource.com/c/1379935
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58290}
Parser::MaybeResetCharacterStream calls Scope::ContainsAsmModule which
recursively checks whether a Scope is an asm module or any of its
sub-scopes. This is sub-optimal for deeply nested scopes and many
functions which do not contain any asm modules.
Drive-by-fix:
- rename Scope::asm_module to Scope::is_asm_module
Change-Id: I922270c608b54c6525f0672ead4aca90f57a6551
Reviewed-on: https://chromium-review.googlesource.com/c/1360636
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58288}
This changes Torque's builtin pointers to use a Smi representation
underneath instead of storing the Code target object. Callsites look
up the target entry point through IsolateData::builtin_entry_table.
The notable effect of this CL is that builtin pointer calls no longer
call any on-heap Code.
Bug: v8:7777
Change-Id: Ibf6c749dd46cae7aba51494b09921229dd436f63
Reviewed-on: https://chromium-review.googlesource.com/c/1379880
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58286}
Either Address* or Handle<Object> or ObjectSlot, depending on
circumstances.
Bug: v8:3770
Change-Id: Id00dfede6eb92ec30b658c0090b5310548ba5162
Reviewed-on: https://chromium-review.googlesource.com/c/1379228
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58282}
Currently, Torque's builtin pointers store a Code target underneath and
callsites generate a kArchCallCodeObject opcode. When embedded builtins
are enabled, the call thus first calls the on-heap trampoline, which
finally jumps to the target off-heap builtin code.
This will no longer be possible in jitless mode, since on-heap code must
not be executable.
As a step towards changing the way builtin pointers are called
(function pointers will hold the builtin index as a Smi, and callsites
look up the off-heap target address and jump there), this CL adds a
dedicated opcode for builtin pointer calls to the compiler pipeline.
The calling mechanism itself is unchanged, changes there will happen
in a follow-up.
Drive-by: rename 'FunctionPointer' in torque/ to 'BuiltinPointer'.
Bug: v8:7777
Change-Id: Ic999a1cd7c3172425dd4a1513ae2f50c774faddb
Reviewed-on: https://chromium-review.googlesource.com/c/1378175
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58281}
New API is here: https://github.com/tc39/proposal-weakrefs/issues/55
The WeakCell parts stay in the old API, resulting in temporary code duplication
in some parts. Those parts will go away once the WeakCell-related parts are
migrated to the new API (but the spec needs some work first).
BUG=v8:8179
Change-Id: I81ca824a14d830e3c5fa515d5ad7e5f78c10e19d
Reviewed-on: https://chromium-review.googlesource.com/c/1378171
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58264}
Enable --harmony-object-from-entries by default.
Object.fromEntries is a new standard library method, whose proposal
(https://tc39.github.io/proposal-object-from-entries/) is currently
at stage 3.
It simply creates a JSObject from an iterable collection of key/value
pairs, such that `Object.fromEntries([ [ "a", "b" ] ]) -> { a: "b" }`
BUG=v8:8021
R=gsathya@chromium.org, adamk@chromium.org
Change-Id: Ib55bb6ca43727d66b471c0fd14845735c1ca2894
Reviewed-on: https://chromium-review.googlesource.com/c/1373918
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58262}
In the process, add the bint type (which stands for Best-INTeger),
which implements Torque's idea of CSA's ParameterMode. It maps to
a different type on 32-bit (Smi) and 64-bit (intptr). There are
convert operators that are either no-ops or conversions
to-and-from Smi and intptrs on the each platform, depending on
the underlying type for bint. This allows Torque code to git most
of the benefits of ParameterMode without having to explicitly
pass around the mode, since it is almost always OptimalMode anyways.
Change-Id: I92e08adc1d79cb3e24576c96f9734aec1af54162
Reviewed-on: https://chromium-review.googlesource.com/c/1361160
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58253}
in preparation for incrementally transitioning their subclasses.
Bug: v8:3770
Change-Id: I5ed6adb1969bc1ec7125571fea443834ca255c22
Reviewed-on: https://chromium-review.googlesource.com/c/1377453
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58252}
along with subclasses: Tuple2, Tuple3, FeedbackCell, AccessorPair.
The latter two can be separated out later if desired.
Bug: v8:5402
Change-Id: I4e1a6d2621cc6f96b5da208cff0da7cd5de91672
Reviewed-on: https://chromium-review.googlesource.com/c/1371038
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58251}
Enable --harmony-string-matchall by default.
String.prototype.matchAll behaves similarly to
String.prototype.match, but returns a full regexp
result object for each match in a global or sticky
regexp. This offers a simple way to iterate over
matches when access to e.g. capture groups is
needed.
const string = 'a b c';
const regex = /[ac]/g;
for (const match of string.matchAll(regex)) {
console.log(`${match[0]} at ${match.index}`);
}
// a at 0
// c at 4
More information can be found here:
https://github.com/tc39/proposal-string-matchall
Drive-by: Update debug evaluate side effect
expectations to handle String.p.matchAll and
RegExp.p[@@matchAll]
Bug: v8:6890
Change-Id: Ie3e712af66689936b7d2a15df705b792ccf06bd3
Reviewed-on: https://chromium-review.googlesource.com/c/1377774
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#58250}
For builtins-mips64.cc, add a static cast to resolve the ambiguity of "0"
around Operand(int64_t) and Operand(const char*).
For mips{,64}/macro-assembler-mips{,64}.cc, remove extra references to masm.
Change-Id: I9ce94c682c64b48501386029a912b0f5e32e268d
Reviewed-on: https://chromium-review.googlesource.com/c/1378365
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58249}
Also fail early if we detect that we've previously run out of memory and thus
corrupted the buffer.
Add a unit test for this kind of case.
Bug: chromium:914731
Change-Id: Iaaf3927209bffeab6fe8ba462d9dd9dad8cbbe2f
Reviewed-on: https://chromium-review.googlesource.com/c/1377449
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jeremy Roman <jbroman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58248}
In preparation for upcoming work on Torque function pointers.
This table will be used to look up the entry address in order to call
there directly without going through the (on-heap) trampoline.
Bug: v8:7777
Change-Id: If713430c843e85371a5aaef8a3bfb5da9e0ea903
Reviewed-on: https://chromium-review.googlesource.com/c/1378172
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58245}
The vector of callbacks can only be accessed from main threads.
Otherwise we get flaky data races. Those showed up after removing the
finisher task (https://crrev.com/c/1335553/2).
R=mstarzinger@chromium.org
Bug: v8:7921
Change-Id: I0429ae87427601952723f6e3ad1e02eb0e59a6e1
Reviewed-on: https://chromium-review.googlesource.com/c/1378174
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58244}
Avoid the indirection via the signature, instead specialize per
signature. On a microbenchmark run locally, this speeds up Liftoff by
~5% and validation by ~15%.
R=titzer@chromium.org
Bug: v8:8423
Change-Id: Ia0e9ab0dcaa759e4ed4dcd46d2e6f16e65790915
Reviewed-on: https://chromium-review.googlesource.com/c/1373778
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58241}
Incremental step towards the removal of JS Natives. This CL Moves
the initialization of InternalPackedArray functions and prototype out
of prologue.js and into bootstrapper.
Bug: v8:7624
Change-Id: I7a2a1afbd1721ddc9bc9ac677c03f0817e4f1418
Reviewed-on: https://chromium-review.googlesource.com/c/1374995
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#58240}
Do not set the name property on any function or classes. This is not
required as per spec #sec-__proto__-property-names-in-object-initializers.
Bug: v8:7773
Change-Id: Iade96573690e5b14b60434c37683f782cf9cb2cb
Reviewed-on: https://chromium-review.googlesource.com/c/1375912
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58239}
ProtectedLoad/ProtectedStore opcodes are used in WebAssembly to represent memory
accesses. Since they are not part of the allowed opcodes in OwnedByAddressingOperand
it is not possible to take advantage of addressing modes to encode common patterns
for the pointer input value.
R=jarin@chromium.org
Bug: v8:8508
Change-Id: Ic62bf13fed7b1d86afb112d9aa59cd7073a28e72
Reviewed-on: https://chromium-review.googlesource.com/c/1354458
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58237}
Remove a DCHECK that got triggered in the rare condition that GC kicks in
during CompilationDependencies::Commit, changing the pretenuring decision,
thus leading to deoptimization. To make sure this rare case is properly
handled, add a new FLAG_pretenure_during_compilation and a cctest that
simulates it predictably.
R=jarin@chromium.org,mvstanton@chromium.org
Bug: v8:8520
Change-Id: If83f8a3d4659a694357b3869c931c7d7c164fd1a
Reviewed-on: https://chromium-review.googlesource.com/c/1363143
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58236}
Now, we also print the fixed ranges, which are used to model fixed
register constraints.
Change-Id: Ife25529c911eaf950a33a4c099636a8f8925308e
Reviewed-on: https://chromium-review.googlesource.com/c/1375913
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58235}
The new ObjectPtr design makes non-inlined helper functions a little
more expensive because "this" is always a pointer where pass-by-value
would be more efficient, which is an issue for functions whose size puts
them right at the threshold of getting inlined or not. String::Get falls
into this category when called from RegExpFlagsFromString. In this case,
we can do even better than restoring inlineability by fine-tuning
the control flow a bit.
This should repair the regression in crbug.com/910573
Bug: chromium:910573
Change-Id: Ie6b68ef01cd978ec502d8d6c1da788c77422dce7
Reviewed-on: https://chromium-review.googlesource.com/c/1369087
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58234}
This is a reland of 9c0a48580b
Original change's description:
> Reland "Reland "[code-comments] Put code comments into the code object""
>
> This is a reland of ed3d647284
>
> This reland fixes that padding at the end of Wasm instruction streams
> triggered asserts in the code printer.
>
> Original change's description:
> > Reland "[code-comments] Put code comments into the code object"
> >
> > This is a reland of e774cffe2b
> >
> > This reland disables a test as v8:8548 is blocking it, which was
> > broken by a recent CL. CQ did not catch this because the merge-base
> > CQ used did not yet contain the CL that caused v8:8548.
> >
> > Original change's description:
> > > [code-comments] Put code comments into the code object
> > >
> > > Code comments in the snapshot can now be enabled with gn
> > > arg 'v8_enable_snapshot_code_comments'
> > >
> > > Bug: v8:7989
> > > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
> > > Reviewed-on: https://chromium-review.googlesource.com/c/1329173
> > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > > Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#58020}
> >
> > TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org
> >
> > Bug: v8:7989, v8:8548
> > Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9
> > Reviewed-on: https://chromium-review.googlesource.com/c/1361166
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58028}
>
> Bug: v8:7989, v8:8548
> Change-Id: I254f55ff687ad049f8d92b09331ed26a2bd05d7d
> Reviewed-on: https://chromium-review.googlesource.com/c/1371784
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58221}
TBR=jgruber@chromium.org,mstarzinger@chromium.org
Bug: v8:7989, v8:8548, v8:8593
Change-Id: I4f7ffc98e0281c7b744eb4a04ba0763896c7b59b
Reviewed-on: https://chromium-review.googlesource.com/c/1375919
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58232}
This change adds labels to the various global handles used by the wasm
compilation. Labels show up in retaining path information when
debugging lifetime issues.
Change-Id: I9aee20647868b5b758412d231c817909e4130d8c
Reviewed-on: https://chromium-review.googlesource.com/c/1372124
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58229}
This reverts commit 9c0a48580b.
Reason for revert: Seems to break nosnap debug: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/22228
Original change's description:
> Reland "Reland "[code-comments] Put code comments into the code object""
>
> This is a reland of ed3d647284
>
> This reland fixes that padding at the end of Wasm instruction streams
> triggered asserts in the code printer.
>
> Original change's description:
> > Reland "[code-comments] Put code comments into the code object"
> >
> > This is a reland of e774cffe2b
> >
> > This reland disables a test as v8:8548 is blocking it, which was
> > broken by a recent CL. CQ did not catch this because the merge-base
> > CQ used did not yet contain the CL that caused v8:8548.
> >
> > Original change's description:
> > > [code-comments] Put code comments into the code object
> > >
> > > Code comments in the snapshot can now be enabled with gn
> > > arg 'v8_enable_snapshot_code_comments'
> > >
> > > Bug: v8:7989
> > > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
> > > Reviewed-on: https://chromium-review.googlesource.com/c/1329173
> > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > > Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#58020}
> >
> > TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org
> >
> > Bug: v8:7989, v8:8548
> > Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9
> > Reviewed-on: https://chromium-review.googlesource.com/c/1361166
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58028}
>
> Bug: v8:7989, v8:8548
> Change-Id: I254f55ff687ad049f8d92b09331ed26a2bd05d7d
> Reviewed-on: https://chromium-review.googlesource.com/c/1371784
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58221}
TBR=mvstanton@chromium.org,mstarzinger@chromium.org,sigurds@chromium.org,jgruber@chromium.org
Change-Id: I681a3c63120c6ab953bfe9cd2b07bcf560ebfdee
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7989, v8:8548
Reviewed-on: https://chromium-review.googlesource.com/c/1375916
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58228}
This overlays the "arguments count" and the "deoptimization index"
fields within a safepoint entry. It allows for a larger value of
arguments count to be stored in entries that do not contain a
deoptimization index. Currently the arguments count is unused in
TurboFan, but it will be used to handle reference type arguments in
WebAssembly code.
R=ahaas@chromium.org
BUG=v8:7581
Change-Id: I1e1d5af7e69288f046dc327de5d6e0466fc9ceaf
Reviewed-on: https://chromium-review.googlesource.com/c/1371829
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58224}
When finishing a one-armed if, the else state has to be merged into the
end state. We did this before by switching to the else state, then
doing the merge. This CL changes this to avoid the switch.
Drive-by: Add a few missing "const" qualifiers. The style guide forbids
non-const l-value references.
R=titzer@chromium.org
Bug: v8:8423, v8:6600
Change-Id: Iab2aeca393147fba55493bebabd27bc4d77baa0f
Reviewed-on: https://chromium-review.googlesource.com/c/1375656
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58222}
This is a reland of ed3d647284
This reland fixes that padding at the end of Wasm instruction streams
triggered asserts in the code printer.
Original change's description:
> Reland "[code-comments] Put code comments into the code object"
>
> This is a reland of e774cffe2b
>
> This reland disables a test as v8:8548 is blocking it, which was
> broken by a recent CL. CQ did not catch this because the merge-base
> CQ used did not yet contain the CL that caused v8:8548.
>
> Original change's description:
> > [code-comments] Put code comments into the code object
> >
> > Code comments in the snapshot can now be enabled with gn
> > arg 'v8_enable_snapshot_code_comments'
> >
> > Bug: v8:7989
> > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
> > Reviewed-on: https://chromium-review.googlesource.com/c/1329173
> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58020}
>
> TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org
>
> Bug: v8:7989, v8:8548
> Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9
> Reviewed-on: https://chromium-review.googlesource.com/c/1361166
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58028}
Bug: v8:7989, v8:8548
Change-Id: I254f55ff687ad049f8d92b09331ed26a2bd05d7d
Reviewed-on: https://chromium-review.googlesource.com/c/1371784
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58221}
Different threads check this flag multiple times per function, and
currently all of them synchronize on a single mutex. It's not even a
reader-writer-lock, hence they might block each other just for checking
whether an error has been set.
Threads don't rely on precise information here, this is just a check to
abort early if compilation failed anyway. Also in the current
implementation, no ordering is guaranteed on this error field.
We can avoid taking the mutex by turning the field into an atomic
pointer. It will be updated at most once, from nullptr to the first
error detected. To check whether an error is set, we can even use
relaxed memory order, since we won't look into the object behind the
pointer.
R=titzer@chromium.org
Bug: v8:8423
Change-Id: I71354c8d463a57c219eb21e53136556ae787ebd4
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1375661
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58220}
Post-stub-to-builtin migration, all explicit connection between
descriptors and their associated ASM code has been lost. This restores
the connection where possible. Builtins without an associated
descriptor are marked with the DummyDescriptor.
Drive-by: alpha-sort the descriptor list.
Drive-by: use Builtins::CallableFor in code factory.
Bug: v8:8562, v8:8553
Change-Id: If1f13bbaf7e42453b3235cc97c58ada91b5fa7b8
Reviewed-on: https://chromium-review.googlesource.com/c/1373552
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58212}
With V8 lite mode we don't allocate feedback vectors always. This cl
adds a new NO_FFEDBACK IC state and uses it use/update feedback only
when there is a valid feedback vector.
Bug: v8:8394
Change-Id: I9b66ac38c69876e5c1e6eb01ba328a49678c8738
Reviewed-on: https://chromium-review.googlesource.com/c/1365278
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58210}
This is a reland of 2e36e9ea1e
Was reverted because of v8_presubmit.py issue in
https://chromium-review.googlesource.com/c/v8/v8/+/1374292
Original change's description:
> Don't use |v8_initializers| code in |v8_base|
>
> Removing |CodeStubAssembler| from |v8_base| source list (see
> https://chromium-review.googlesource.com/c/v8/v8/+/1346329) leads to
> linkage problems with some build configurations because it was explicitly
> and implicitly included in |v8_base| code.
>
> This CL decouple this code and fixes problems.
>
> Bug: v8:7777
> Change-Id: I58de5c62914bc77645ed6cc9114409890bc13189
> Reviewed-on: https://chromium-review.googlesource.com/c/1372067
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58200}
Bug: v8:7777
Change-Id: Iaa00e73c7dbd8c413fbf15a17709aa12eda9a706
Reviewed-on: https://chromium-review.googlesource.com/c/1375654
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58209}
The disassembler expects the actual instruction area of a code object
(i.e. from InstructionStart() to the first embedded metadata section
such as the handler table) to contain only valid instructions.
This changes asm::DataAlign() to pad with 0xcc bytes, which are int3
instructions on x64 and ia32.
Bug: v8:8559
Change-Id: I8a0920a85d4de89194e5c8d3d1a541d8b36fef92
Reviewed-on: https://chromium-review.googlesource.com/c/1375652
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58207}
Currently v8::Promise::Then takes only one handler. It should take two handlers,
on_fulfilled and on_rejected like ECMAScript Promise.
Bug: chromium:912848
Change-Id: I08a20990a27b3f8621225fad42a8de1dad67796f
Reviewed-on: https://chromium-review.googlesource.com/c/1375509
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58204}
This reverts commit 2e36e9ea1e.
Reason for revert: Missing explicit include in cc file:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Presubmit/986
Original change's description:
> Don't use |v8_initializers| code in |v8_base|
>
> Removing |CodeStubAssembler| from |v8_base| source list (see
> https://chromium-review.googlesource.com/c/v8/v8/+/1346329) leads to
> linkage problems with some build configurations because it was explicitly
> and implicitly included in |v8_base| code.
>
> This CL decouple this code and fixes problems.
>
> Bug: v8:7777
> Change-Id: I58de5c62914bc77645ed6cc9114409890bc13189
> Reviewed-on: https://chromium-review.googlesource.com/c/1372067
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58200}
TBR=jkummerow@chromium.org,jgruber@chromium.org,bmeurer@chromium.org,atimoxin@yandex-team.ru
Change-Id: I3e41fb5f8a9db6a78c56546a08e55610885d312b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7777
Reviewed-on: https://chromium-review.googlesource.com/c/1374292
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58201}
Removing |CodeStubAssembler| from |v8_base| source list (see
https://chromium-review.googlesource.com/c/v8/v8/+/1346329) leads to
linkage problems with some build configurations because it was explicitly
and implicitly included in |v8_base| code.
This CL decouple this code and fixes problems.
Bug: v8:7777
Change-Id: I58de5c62914bc77645ed6cc9114409890bc13189
Reviewed-on: https://chromium-review.googlesource.com/c/1372067
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58200}
This information is already stored in ControlBase::stack_depth.
R=titzer@chromium.org
Bug: v8:8423
Change-Id: Ie707878b5d7ee5180e44881086d05a590c0dea21
Reviewed-on: https://chromium-review.googlesource.com/c/1373786
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58199}
The {last_end_found_} field is redundant. If it's false, there will be
a control struct left on the stack.
Thus remove that field, and simplify the error detection condition.
R=titzer@chromium.org
Bug: v8:8423
Change-Id: I16ac4597f229c5e3abd923f8eb504f93afb82eb4
Reviewed-on: https://chromium-review.googlesource.com/c/1373788
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58198}
Should be num_locals, and const.
R=titzer@chromium.org
Bug: v8:8562
Change-Id: I60889c9912ef95d344ede4d7755028116feee47e
Reviewed-on: https://chromium-review.googlesource.com/c/1373784
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58197}
`memory.init` copies bytes from a passive data segment to linear memory.
`memory.drop` is an instruction that informs the wasm VM that the instance no
longer needs access to the passive data segment.
Information about the passive data segments, including their contents, length,
and whether they are dropped, is stored in the `WasmInstanceObject` as primitive
arrays.
Bug: v8:7747
Change-Id: I1515c8868c9be227743456a539126c15280b5365
Reviewed-on: https://chromium-review.googlesource.com/c/1370691
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58196}
Compilation failures are already stored in the {CompilationState}. We
never use the information which individual compilation unit failed.
Hence remove that getter, and only check for failure of the overall
compilation.
R=ahaas@chromium.org
Bug: v8:7921, v8:8343
Change-Id: Ibf90be233c9ff576ec8a3413ba5abefe2fdb645e
Reviewed-on: https://chromium-review.googlesource.com/c/1373783
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58195}
There's no reason to restrict off-heap targets to builtin host Code
objects during serialization. They can also occur e.g. in irregexp
code created by embedded scripts.
Drive-by: unify the list of reloc modes that have a
target_address_address.
Bug: v8:8572,v8:6666
Change-Id: I26dce735463b79677a7b7dcfdb604c5234b5f10b
Reviewed-on: https://chromium-review.googlesource.com/c/1371568
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58194}
InternalPackedArray now only has one constructor variant that expects no
arguments (Chrome's only usage of InternalPackedArray). As such, these TFC
builtins are no longer used and were removed:
- InternalArrayNoArgumentConstructor_Holey
- InternalArraySingleArgumentConstructor_Packed
- InternalArraySingleArgumentConstructor_Holey
On x64.release, this reduces builtins size by ~1.2KB.
Bug: v8:7624
Change-Id: I7316608dc02b1e09e9e414ee1aeb1fb08410c6f6
Reviewed-on: https://chromium-review.googlesource.com/c/1372772
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58193}
Currently, the runtime IC functions deduce the IC kind and the language
mode from the feedback slot kind. To support feedback free execution
(for V8 lite mode and lazy allocation of feedback vectors) we need to
infer the IC kind even when feedback vectors are not present.
To be able to infer the language mode without feedback vectors, this cl
forces context allocation in cases where we raise the language mode in
the middle of a function. The language mode is the stricter of the
language mode on the SFI and the language mode of the current context.
This cl updates the bytecode handlers to check for valid feedback vectors
and to call into runtime if the feedback vector is not allocated. It also
adds new runtime functions to be able to infer the IC kind when there is no
feedback vector. Most of the builtins and handlers remain unchanged because
they are only used when feedback vector is present.
Bug: v8:8394
Change-Id: I1f77740c0d68ddaa0de076597f5f6bcb2e966d70
Reviewed-on: https://chromium-review.googlesource.com/c/1358516
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58191}
Neither the TF backend nor Liftoff use the signature, thus remove it.
R=titzer@chromium.org
Bug: v8:8423
Change-Id: I909e9a0095cac67aaefaebcb4240f7d9829e4c87
Reviewed-on: https://chromium-review.googlesource.com/c/1373777
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58190}
This makes sure we properly recognize a newline character as part of
semicolon insertion, even if the newline appears after a CPP-style
single line comment. The same applies for newlines within C-style multi
line comments.
R=clemensh@chromium.org
TEST=mjsunit/asm/regress-913822
BUG=chromium:913822
Change-Id: I64f098d7e386dea7b7fb6c233c1625425e36bde0
Reviewed-on: https://chromium-review.googlesource.com/c/1373551
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58189}
Bytecode flushing can overwrite a bytecode array with an UncompiledDataWithoutPreParsedScope.
Since the bytecode array could be in the LO space, then we also need to allow
UncompiledDataWithoutPreParsedScope in the LO space if it has overwritten a large
bytecode array.
BUG=v8:8395
Change-Id: I1b83b5c7a61830f5576260a4f4f4c0b689818acc
Reviewed-on: https://chromium-review.googlesource.com/c/1373775
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58186}
and update visitors to not look at raw part. This will allow to have effecient
access to embedder data once kTaggedSize is switched to 32-bit value.
Bug: v8:8518
Change-Id: Ia1875a5ac5f3fb85df5c5555b970fd88d9e8d7a4
Reviewed-on: https://chromium-review.googlesource.com/c/1369957
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58185}
To allow any-ref parameters, we have to make sure that any-ref stack
parameters get seen by the GC. This CL is a first step into that
direction. The goal of this CL is to group any-ref parameters at the
stack side of the parameters. This means that in the stack frame
iterator we do not need information about where anyref parameters are
in the stack frame. We only need information about how many anyref
parameters there are at the bottom of the stack frame.
R=mstarzinger@chromium.org
Also-By: mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I3ff7cc38fabed5f8e51b5b990190e35f3ea29803
Reviewed-on: https://chromium-review.googlesource.com/c/1371827
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58184}
Also declare an implication between --stress-flush-bytecode and --flush-bytecode
BUG=v8:8395
Change-Id: Ide60e17b283325c1142b07c4eb6f5c7af22d33e9
Reviewed-on: https://chromium-review.googlesource.com/c/1372070
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58179}
As per (https://github.com/tc39/proposal-string-matchall/pull/41), String.p.matchAll's fallback was removed.
Additionally, removed a IsNullOrUndefined check that was already covered by MaybeCallFunctionAtSymbol.
Updates to Test262 has been submitted: https://github.com/tc39/test262/pull/1990
Bug: v8:6890
Change-Id: I246cbbcb4641ebded704c5f772809f182deaa30e
Reviewed-on: https://chromium-review.googlesource.com/c/1369091
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58172}
and non-recursive in order to let Clang inline it.
Bonus: Drop IsTwoByteRepresentationUnderneath, which was dead code
except for one test, and is semantically redundant.
Bug: chromium:910573
Change-Id: I86f1c312e93ab875b4b42101ac65ddc94b1c9518
Reviewed-on: https://chromium-review.googlesource.com/c/1369086
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58171}
when applicable.
This CL also renames BodyDescriptorBase helpers
IsValidSlotImpl() -> IsValidJSObjectSlotImpl()
IterateBodyImpl() -> IterateJSObjectBodyImpl()
to make it clear that these methods are only applicable to JSObject subclasses
and fixes SmallOrderedHashTable::BodyDescriptor which used IsValidSlotImpl().
Bug: v8:8518
Change-Id: I11565bed6ebf56c6830ac0e21f866846e65025e6
Reviewed-on: https://chromium-review.googlesource.com/c/1372068
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58170}
Callbacks can keep embedder objects alive, hence clear them after
delivering the final event.
R=ahaas@chromium.org
Bug: chromium:912764
Change-Id: I9ac739bbce32cb1026991610e0720210717c333e
Reviewed-on: https://chromium-review.googlesource.com/c/1371565
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58168}
The vast majority of places puts a semicolon after these macros
(DISALLOW_ASSIGN, DISALLOW_COPY_AND_ASSIGN). Thus remove the semicolon
from the definition and fix the few places that omitted the semicolon
at the use.
R=mlippautz@chromium.org
Bug: v8:8562
Change-Id: Id730576f3061b86d8a5cee0e0b9b762f693f16ec
Reviewed-on: https://chromium-review.googlesource.com/c/1371824
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58166}
The AsyncCompileJob should be decoupled from tiering, hence the
top-tier-finished callback should not be delivered via the
AsyncCompileJob. Instead, store it directly on the CompilationState.
R=ahaas@chromium.org
Bug: v8:8050, v8:7921, chromium:912031
Change-Id: Iebd64655667a8078c34caea4edeb6cf5f40833fd
Reviewed-on: https://chromium-review.googlesource.com/c/1371604
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58165}
This makes the deoptimizer happy, and is more consistent with other
Torque JS functions.
BUG=chromium:912504, v8:8021
R=tebbi@chromium.org, danno@chromium.org, mvstanton@chromium.org, gsathya@chromium.org
Change-Id: I4c86db9549c367dfab7f76b49a0cf3c69d3ec50b
Reviewed-on: https://chromium-review.googlesource.com/c/1366397
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58161}
We assert that loops always have effect phis because there must be
a stack check in every loop. However, with generators, the stack check
may end up outside of loop because the dispatch switch is built first
(while the dispatch switch will also keep the loop backedge alive).
The logic for creating effect phis is already in the code, so
removing the dcheck should be fine.
Bug: chromium:913232
Change-Id: Icf4df831e8b47350543c2b82a34bd3af98782a16
Reviewed-on: https://chromium-review.googlesource.com/c/1372065
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58160}
This change makes the SFI to bytecode link pseudo-weak. The marking visitors
check whether the bytecode is old, and if so, don't mark it and instead
push the SFI onto a bytecode_flushing_candidates worklist. Once marking
is complete, this list is walked, and for any of the candidates who's bytecode
has not been marked (i.e., is only referenced by the shared function info),
the bytecode is flushed and the SFI has the function data replaced with
an UncompiledData (which overwrites the flushed bytecode array).
Since we don't track JSFunctions, these can still think the underlying
function is compiled, and so calling them will invoke
InterpreterEntryTrampoline. As such, logic is added to
InterpreterEntryTrampoline to detect flushed functions, and enter
CompileLazy instead.
BUG=v8:8395
Change-Id: I4afba79f814ca9a92dec45d59485935845a6669d
Reviewed-on: https://chromium-review.googlesource.com/c/1348433
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58158}
This was done via {managed_native_module()->get()}. Add a simple getter
for that.
R=ahaas@chromium.org
Bug: v8:8562
Change-Id: I8e461a8e16b618abdb772098fad3a6b721d54902
Reviewed-on: https://chromium-review.googlesource.com/c/1371564
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58156}
Since implicit returns are gone, this environment is never being used.
R=titzer@chromium.org
Bug: v8:8423
Change-Id: I24d61a1316433fde6835fd608c3d308592721a5c
Reviewed-on: https://chromium-review.googlesource.com/c/1371569
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58155}
In most places we already call them "branches", and the spec also only
uses this name. Hence remove the remaining mentions of "break".
R=titzer@chromium.org
Bug: v8:8562
Change-Id: I64ac39324681b8214cd2e68315eb86a69d85cba8
Reviewed-on: https://chromium-review.googlesource.com/c/1371567
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58153}
Uses the JavaScript BigInt Object to represent Wasm's 64bits integers.
Attention, 32 bits architectures are not supported yet.
Bug: v8:7741
Change-Id: I28b718fa567bca5103b2f38a879049cd20a46f12
Reviewed-on: https://chromium-review.googlesource.com/c/1355144
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58152}
Instead, return directly when branching to the outermost block. When
falling through the end of the function block, generate a standard
return, otherwise do not generate a return at the end of the function
block.
R=titzer@chromium.org
Bug: v8:8423
Change-Id: I3c5ffacfa4ef7a960d41bea62920bd98e63d78df
Reviewed-on: https://chromium-review.googlesource.com/c/1369958
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58151}
We hit a DCHECK in the wasm graph builder because the current SSA
environment is unreachable. We were using the wrong block (the target
block) to do the reachability check.
R=titzer@chromium.org
Bug: chromium:913804
Change-Id: I4cfd3a0c696fb63903a47e4448362626a524340d
Reviewed-on: https://chromium-review.googlesource.com/c/1371566
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58150}
This is purely a renaming change. The ES spec uses the term 'detach'
for the process of removing the backing store of a typed array, while
V8 uses the historical term 'neuter'. Update our internal implementation,
including method names and flag names, to match the spec.
Note that some error messages still use the term 'neuter' since error
messages are asserted by some embedder tests, like layout tests.
R=bmeurer@chromium.org, yangguo@chromium.org, mstarzinger@chromium.org, mlippautz@chromium.org
BUG=chromium:913887
Change-Id: I62f1c3ac9ae67ba01d612a5221afa3d92deae272
Reviewed-on: https://chromium-review.googlesource.com/c/1370036
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58149}
Update is_compiled() and has_feedback_vector() to return false in the case
where the SFI's bytecode has been flushed, but the JSFunction hasn't yet been
reset to uncompiled. Also add code to reset the JSFunction when it is recompiled
lazily.
BUG=v8:8394
Change-Id: I7c5f79066603ac1ae097a0a62c625b1a8e39431c
Reviewed-on: https://chromium-review.googlesource.com/c/1363138
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58148}
The typing of SpeculativeSafeIntegerSubtract didn't include -0, and the
SimplifiedLowering rules for SpeculativeSafeIntegerSubtract didn't
properly handle the case of `-0 - 0`, but would always pass Word32
truncations.
Bug: chromium:913296
Change-Id: I0e5a401f075db8b349a5579e1e294df97378ea49
Reviewed-on: https://chromium-review.googlesource.com/c/1370042
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58147}
Temporary additional verbosity to investigate crashes.
This change has a small runtime overhead to remember the input types
of NumberAdd. It should be reverted once chromiun:906567 is resolved.
Bug: chromiun:906567
Change-Id: If86124d4dd96bc3c3266cd019119906a18b8558d
Reviewed-on: https://chromium-review.googlesource.com/c/1369946
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58146}
The class declaration regexp in cpplint did not catch classes decorated
by V8_EXPORT, V8_EXPORT_PRIVATE or any other decorator containing
digits.
This will be fixed in https://github.com/google/styleguide/pull/422.
This CL already prepares the code base by fixing all errors that will
be found after that change.
Some follow-up changes were needed to fix implicit conversion that are
not taken any more now.
R=mstarzinger@chromium.org
Bug: v8:8562
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I03713bd04dbc3f54b89a6c857a93463139aa5efd
Reviewed-on: https://chromium-review.googlesource.com/c/1367751
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58143}
This callback is not being used by now, so we can just change it
without the deprecation dance.
Instead of the WasmModuleObject, it now receives the new
CompiledWasmModule wrapper which contains a shared pointer to the
NativeModule. This is all that's needed for serialization.
Some classes are pulled out of WasmModuleObject to allow reuse.
R=adamk@chromium.org, mstarzinger@chromium.org
CC=bbudge@chromium.org
Bug: chromium:912031
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Icedb64efa92e66bec45cf8742942a07ae22f59c8
Reviewed-on: https://chromium-review.googlesource.com/c/1363140
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58142}
We no longer implement part of the debugger in JS. Therefore we can
remove the infrastructure to support this in the bootstrapper.
Also includes some drive-by cleanups.
Bug: v8:5530
R=petermarshall@chromium.org
Change-Id: I06628a559c17f99c70029fcc94848b0c78f1d3e9
Reviewed-on: https://chromium-review.googlesource.com/c/1369945
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58140}
Fix and re-enable tests for WebAssembly's memory/constructor and
table/constructor js-api.
It introduces the '[EnforceRange] unsigned long' algorithm used
to validate initial and maximum properties.
The initial property is now required, by the switch to the Web IDL
specification. Most of the input validations errors are now considered
TypeError instead of RangeError.
The WasmTableObject and WasmMemoryObject APIs use more consistently uint32_t
to ensure integer range and remove the need for bounds checks.
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: v8:8319
Change-Id: Iedd3ee6484ef688a5e96f93006eb6ca66d805a48
Reviewed-on: https://chromium-review.googlesource.com/c/1354043
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58138}
This implementation currently only supports the optimized tier.
Bug: v8:7747
Change-Id: Ia1af29b11a5d3e8a48b122f6cf3240c9f5948bfb
Reviewed-on: https://chromium-review.googlesource.com/c/1364710
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58137}
because RelocInfo does not need host Code object for updating pointers to heap
objects embedded into code.
This CL also simplifies typed slot iteration callback signature.
Bug: v8:8518, v8:8262
Change-Id: I59fe9e3b4e9b69e3d87b5449c80bed14e311516f
Reviewed-on: https://chromium-review.googlesource.com/c/1370037
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58136}
Just pass a pointer to the current stack. This makes it easier to reuse
the {DoReturn} method for breaks to the outermost block.
R=titzer@chromium.org
Bug: v8:8423
Change-Id: Ide8533b154daa227e044820bb9c181f836ba654a
Reviewed-on: https://chromium-review.googlesource.com/c/1370028
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58132}
This loop is redundant in {GetNodes}.
R=titzer@chromium.org
Bug: v8:8423
Change-Id: Ia624fbe145ae2cd77ea099c3f109899ea6fac9c0
Reviewed-on: https://chromium-review.googlesource.com/c/1370031
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58131}
and a bit of drive-by cleanup.
Bug: v8:8518
Change-Id: I46873f0a5e56509d75f2d169dc7a4372cc94efbc
Reviewed-on: https://chromium-review.googlesource.com/c/1370027
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58130}
Instead of branching to the end merge of the outermost block, we should
return directly. This often generates shorter and faster code, since
the merge is omitted.
R=titzer@chromium.org
Bug: v8:6600, v8:8423
Change-Id: Id5e92b05d3fbbcdb69e4a8bf48629d6031d85291
Reviewed-on: https://chromium-review.googlesource.com/c/1358411
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58129}
Names of external references are statically known, so there is no need
to store them in the dynamically generated ExternalReferenceTable.
This saves 7.4kB per Isolate, plus ~46.4kB binary size.
R=mstarzinger@chromium.org
Bug: v8:8562
Change-Id: Ia494de38474e0a7308563ab6d1797ff488b0a072
Reviewed-on: https://chromium-review.googlesource.com/c/1369947
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58128}
When the --debug-code flag is turned on, we create code now which checks
if the thread-in-wasm flag has the expected value. If not, we abort
execution.
R=clemensh@chromium.org
Bug: v8:5277, v8:8554
Change-Id: I74c4e6a60b874b48f13ded9b5cee81f602e4c9fd
Reviewed-on: https://chromium-review.googlesource.com/c/1370025
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58127}
which used to treat off-heap slots as on-heap ones and implement embedded objects
visitation in derived visitor classes.
Bug: v8:8518
Change-Id: Ia40d8135078379cca990e9167d3f1bebb3b5be0a
Reviewed-on: https://chromium-review.googlesource.com/c/1367747
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58123}
This is a reland of 9c2c8f15f8
Original change's description:
> [wasm] Support encoding s128 simd types in exceptions.
>
> This adds support for having simd type values (i.e. s128) stored in an
> exception. It is the natural combination of the simd propsal and the
> exception handling proposal.
>
> R=clemensh@chromium.org
> TEST=mjsunit/wasm/exceptions-simd
> BUG=v8:8390
>
> Change-Id: I01079f82a6ba4d9152de4dae63e3db1584ca7cd8
> Reviewed-on: https://chromium-review.googlesource.com/c/1363141
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58098}
Bug: v8:8390
Change-Id: I333c50cd766055f74b023df626d0fd90fdef3bac
Reviewed-on: https://chromium-review.googlesource.com/c/1370024
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58122}
which used to treat off-heap slots as on-heap ones and implement code target
visitation in derived visitor classes.
Bug: v8:8518
Change-Id: I477bf3a4a8a3de0c67bc15e2e20d8ecee6493da8
Reviewed-on: https://chromium-review.googlesource.com/c/1367745
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58121}
CompileJsToWasmWrappers only needs a WasmModule, so we should not pass
in a NativeModule.
R=clemensh@chromium.org
Bug: v8:8562
Change-Id: Ic38f1bee2eab3a06921c27f56fd175b51688ad5f
Reviewed-on: https://chromium-review.googlesource.com/c/1367748
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58120}
Right now, this is the limit implicitly imposed for spread/apply calls
as to actually do a spread/apply call through CallVarargs, you need to
pass a FixedArray with the args to be pushed.
Likewise, turbofan can only materialize an arguments object with a
backing store of length FixedArray::kMaxLength.
The practical limit that users will actually hit is the stack - this
change doesn't change that, it just documents what the actual limit is.
This would actually allow an embedder/custom fork to increase stack
size and still be able to make spread/apply calls with a large number
of args.
Change-Id: If5e66a61ed3f9df36031eb098646d48fc2ca2507
Reviewed-on: https://chromium-review.googlesource.com/c/1367451
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58119}
This patch changes the output from:
function fn() {
^
SyntaxError: Unexpected end of input
to:
function fn() {
^
SyntaxError: missing '}' after function body
Bug: v8:6513, v8:7321
Change-Id: I4ca8a40fa0be246da2a3ff776b3fb3c87b4ba4e0
Also-By: gsathya@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/1367448
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58116}
That should prevent leak of objects when page is reloaded.
BUG=chromium:906847
Change-Id: I90928a5c4979c0ddc01c201bf60a693e2b03863a
Reviewed-on: https://chromium-review.googlesource.com/c/1366449
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58110}
If we create a second foreground task, only the second one will be
registered with the AsyncCompileJob, so the first one will not be
cancelled, which can lead to use-after-free of the AsyncCompileJob.
In a debug build, a DCHECK will fail when creating the second
foreground task.
R=ahaas@chromium.org
Bug: chromium:907937, chromium:910920
Change-Id: Iefefc4a85e7b35b32051cfe8cd5cbbfc4e95b843
Reviewed-on: https://chromium-review.googlesource.com/c/1367684
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58108}
Updates the following bytecode handlers to handle cases when feedback
vector is not allocated:
StaDataPropertyLiteral
CreateRegExpLiteral
CreateArrayLiteral
EmptyArrayLiteral
CreateObjectLiteral
GetTemplateObject
ForInPrepare
ForInNext
Bug: v8:8394
Change-Id: I854cca8dd69539f7e8a17dd8eddb0f9f6d42f762
Reviewed-on: https://chromium-review.googlesource.com/c/1362992
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58107}
Moving Frame-inspection functionality to Torque is a prerequisite
for porting the CSA-based arguments code, which is a great candidate
to simplify/cleanup with Torque.
Change-Id: I1f4cb94cb357aae5864c2e84f3bf5a07549b27f8
Reviewed-on: https://chromium-review.googlesource.com/c/1357050
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58106}
in order to make it also work with optional registers.
Bug: v8:8562
Change-Id: Iaea905913cc9fd1637026b83e9356c740965e128
Reviewed-on: https://chromium-review.googlesource.com/c/1367807
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58105}
This reverts commit 9c2c8f15f8.
Reason for revert: New test crashes: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux/28948
Original change's description:
> [wasm] Support encoding s128 simd types in exceptions.
>
> This adds support for having simd type values (i.e. s128) stored in an
> exception. It is the natural combination of the simd propsal and the
> exception handling proposal.
>
> R=clemensh@chromium.org
> TEST=mjsunit/wasm/exceptions-simd
> BUG=v8:8390
>
> Change-Id: I01079f82a6ba4d9152de4dae63e3db1584ca7cd8
> Reviewed-on: https://chromium-review.googlesource.com/c/1363141
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58098}
TBR=mstarzinger@chromium.org,gdeepti@chromium.org,clemensh@chromium.org
Change-Id: Iedcfba36af925249131a2b0e9aebd92321ae72f5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8390
Reviewed-on: https://chromium-review.googlesource.com/c/1367808
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58102}
This is a reland of f849396c3a
Original change's description:
> [nojit] Remove code stubs
>
> All stubs have been migrated to builtins. This CL removes most related
> code.
>
> Bug: v8:7777, v8:5784
> Change-Id: I4470cfef34788e6c8e0fd5fd09e40e250d088dad
> Reviewed-on: https://chromium-review.googlesource.com/c/1365284
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58093}
Tbr: mstarzinger@chromium.org,yangguo@chromium.org,jkummerow@chromium.org,bmeurer@chromium.org
Bug: v8:7777, v8:5784
Change-Id: I005ee2a820d49a75a90481d262a310e4ccfd1391
Reviewed-on: https://chromium-review.googlesource.com/c/1367746
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58101}
We need to be able to serialize a NativeModule, which is not bound to
any Isolate. Hence we should not want to pass any Isolate to the
serializer. This CL removes the dependence by not using the
ExternalReferenceTable from the Isolate, but instead using its own
ExternalReferenceList for serialization and deserialization. This
ExternalReferenceList only contains isolate-independent external
references.
R=mstarzinger@chromium.org
Bug: chromium:912043, chromium:912031
Change-Id: Iea5abd95dce9c54e618255cc577b6b43f002ac5d
Reviewed-on: https://chromium-review.googlesource.com/c/1363135
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58099}
This adds support for having simd type values (i.e. s128) stored in an
exception. It is the natural combination of the simd propsal and the
exception handling proposal.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-simd
BUG=v8:8390
Change-Id: I01079f82a6ba4d9152de4dae63e3db1584ca7cd8
Reviewed-on: https://chromium-review.googlesource.com/c/1363141
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58098}
https://crrev.com/c/1343709 fixed GetIncumbentContext to work
with ASan, however, GetIncumbentContext didn't work well with
MSan because MSan uses a simulator which supports yet another
separate stack frame.
This patch fixes GetIncumbentContext so that it works well
with not only ASan but also MSan simply following the same way
as v8::TryCatch does.
i::GetCurrentStackPosition() solves the issue of ASan and
SafeStack (native but separate stack frame), and
i::SimulatorStack solves the issue of MSan (simulator stack
frame).
Bug: chromium:888867, chromium:866610
Change-Id: Id803cbfd17fb1b1d9b8ee34c4802768f3a2f8e79
Reviewed-on: https://chromium-review.googlesource.com/c/1356691
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58096}
Allow a V8 step after doing an embedder step if there's time left. This
will speed up marking in certain situations.
Bug: chromium:909788, chromium:911053, chromium:843903
Change-Id: Ie15c30d5ce8443caf7217a834a120a19d0bb292b
Reviewed-on: https://chromium-review.googlesource.com/c/1367455
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58094}
All stubs have been migrated to builtins. This CL removes most related
code.
Bug: v8:7777, v8:5784
Change-Id: I4470cfef34788e6c8e0fd5fd09e40e250d088dad
Reviewed-on: https://chromium-review.googlesource.com/c/1365284
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58093}
(mostly for roots, handles and stack locations).
Thi CL also changes RootVisitor interface to use FullObjectSlots instead of
ObjectSlots.
Bug: v8:8518
Change-Id: I217c7ae176387a8c64f4754e62339727bdb36018
Reviewed-on: https://chromium-review.googlesource.com/c/1366035
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58091}
Should help the case where the single existing transition matches.
BUG=v8:8547
Change-Id: Ic459357a10311346499ea054447d6cc42352fc0d
Reviewed-on: https://chromium-review.googlesource.com/c/1363133
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58090}
This migrates the JSEntryStub to three dedicated builtins:
JSEntry
JSConstructEntry
JSRunMicrotasksEntry
Drive-by: Tweaks to make the code isolate-independent (e.g. using the
correct macro assembler method to load and store external references
through the kRootRegister).
Drive-by: The context slot on x64/ia32 must be set up after
kRootRegister is initialized, so we first reserve the slot and later
load its value.
Drive-by: Update all remaining comments referencing JSEntryStub.
Bug: v8:7777
Change-Id: Ie3ba17ffb3bde6f18ec1d26d778b258719b2d4ef
Reviewed-on: https://chromium-review.googlesource.com/c/1365275
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58088}
Simplified test for default locale under test/intl
Remove GetDefaultLocale from runtime
Move Intl::DefaultLocale from intl-object.h to
internal function inside intl-object.cc
Bug: v8:5751
Change-Id: I885abf30ff33d5213ee99c07ac1e92d3c5065d8b
Reviewed-on: https://chromium-review.googlesource.com/c/1358022
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58081}
because attempt to decompress the off-heap map slot will fail.
Bug: v8:7703
Change-Id: Iad3884fb95ccb17b2992d190acb5914062a0e8f4
Reviewed-on: https://chromium-review.googlesource.com/c/1365286
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58076}
Since RO_SPACE strings cannot be written to after creation, they cannot
be internalized later. This adds checks to normal string construction
methods that they are not created with TENURED_READ_ONLY.
Also changes the Symbol construction in setup-heap-internal.cc to use
internalized strings, which increases the number of internalized
RO_SPACE strings from 490 to 514 (915 including OLD_SPACE).
Bug: chromium:911416
Change-Id: I222ff883e98f3a2f4ce70d369f22273f5c9edb0b
Reviewed-on: https://chromium-review.googlesource.com/c/1365279
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58074}
which will require different handling for compressed pointers case.
Bug: v8:8518
Change-Id: I99cb103bad57b134ecb8d7dd7018cf16ed3d8f25
Reviewed-on: https://chromium-review.googlesource.com/c/1365272
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58073}
The main change is about tracking typed slots locally in
each concurrent marking thread.
This generalizes the old LiveBytesMap to MemoryChunkData, which
now contains the live bytes and the typed slots.
With that in place it is straightforward to mark code concurrently.
Bug: v8:8459
Change-Id: I103fff0ad39beadea5151a1d8519f5d3c6602e58
Reviewed-on: https://chromium-review.googlesource.com/c/1337747
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58072}
There is no fast path for 0-length substrings, which implied runtime
calls for some of the trickier types of strings (such as non-flat
cons-strings). This made for a big performance gap between
String.p.slice and String.p.substring for those inputs.
This CL just adds the 0-length shortcut in CSA implementation
of SubString.
Here is an example where it makes difference:
let s = "abcdefghijkalmnopqrst";
let a = "";
console.time("Substring");
for (let i = 0; i < 100000; i++) {
s += "0";
a += s.substring(0, 0);
}
console.timeEnd("Substring");
Before this change:
> console.timeEnd: Substring, 640.308000
After this change:
> console.timeEnd: Substring, 13.242000
For completeness, here is the time for slice:
> console.timeEnd: Slice, 13.142000
This also recovers performance in the jsdom library, as
observed in https://github.com/jsdom/jsdom/issues/2350.
Bug: v8:6730
Change-Id: I7d2127e4506a86ec2a7ed378293476c3699dc47a
Reviewed-on: https://chromium-review.googlesource.com/c/1365282
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58071}
This replaces Runtime_RunMicrotasks with Runtime_PerformMicrotaskCheckpoint.
RunMicrotasks forcibly runs Microtasks even when the microtasks are suppressed,
and may causes nested Microtasks in a problematic way. E.g. that confuses
v8::MicrotasksScope::IsRunningMicrotasks() and GetEnteredOrMicrotaskContext().
OTOH, PerformMicrotaskCheckpoint() doesn't run cause the failure as it
respects the microtask suppressions.
As all existing tests don't call RunMicrotasks() in the suppressed situation
(like Promise.resolve().then(()=>{%RunMicrotasks();})), this change should
not affect to these tests.
Change-Id: Ib043a0cc8e482e022d375084d65ea98a6f54ef3d
Reviewed-on: https://chromium-review.googlesource.com/c/1360095
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58068}
Currently, if we lower to a pure computation that is unreachable because
of some runtime check, we just rename it with DeadValue. This is
problematic if the pure computation gets later eliminated - that allows
the DeadValue node float above the check that makes it dead. As we
conservatively lower DeadValues to debug-break (i.e., crash), we
might induce crash where we should not.
With this CL, whenever we lower an impossible effectful node (i.e., with
Type::None) to a pure node in simplified lowering, we insert an
Unreachable node there (pinned to the effect chain) and mark the
impossible node dead (and make it depend on the Unreachable node).
Bug: chromium:910838
Change-Id: I218991c79b9e283a9dd5beb4d3f0c4664be76cb2
Reviewed-on: https://chromium-review.googlesource.com/c/1365274
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58066}
In preparation for converting JSEntry into a builtin. The root register
used to be initialized by an embedded external reference, which is not
isolate-independent. Pass in its value explicitly instead.
Tbr: clemensh@chromium.org
Bug: v8:7777
Change-Id: If9d20cb193af175bd1cf58e5826bdf6f397869ad
Reviewed-on: https://chromium-review.googlesource.com/c/1363139
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58065}
A spec change to simplify IsRegExp has been proposed:
https://github.com/tc39/ecma262/pull/1318
This CL adds use counters for cases in which the spec change would
alter behavior:
1. o[@@match] is trueish but o is not a JSRegExp
2. o[@@match] is falseish (but not undefined) and o is a JSRegExp
This is the V8 side of required changes.
The Chromium-side CL: https://crrev.com/c/1360730
Drive-by: TNodeify IsRegExp.
Tbr: yangguo@chromium.org
Bug: v8:8522
Change-Id: I3766e02977f256a80d0e59472d3bafa9c692af9e
Reviewed-on: https://chromium-review.googlesource.com/c/1360630
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58064}
This addresses follow-up comments to https://crrev.com/c/1354887/.
Use DCHECKs instead of CHECKs and make the branch order consistent
across architectures.
Bug: v8:7777
Change-Id: I5c3f8f5ac97b55fa80662bc211aff7833ff12bfa
Reviewed-on: https://chromium-review.googlesource.com/c/1362912
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58063}
The prefix size is read from the Derived class.
The hash code of the object will be stored in this prefix.
Change-Id: I15646701c9bab99b8aed39ea9ad8ae03f6d605ed
Bug: v8:6443, v8:7569
Reviewed-on: https://chromium-review.googlesource.com/c/1337586
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58058}
and
1) make them represent kSystemPointerSize-sized off-heap slots,
2) reintroduce XxxSlots as an on-heap kTaggedSize-sized slots (for now they
are just aliases to respective FullXxxSlots).
Bug: v8:8518
Change-Id: I8a9177562308bd9420b1eebca959cc52ceaa628e
Reviewed-on: https://chromium-review.googlesource.com/c/1363144
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58056}
A WasmModuleObject represents an instance of WebAssembly.Module. It is
called WasmModuleObject internally, so also use that name externally.
We still have a typedef for WasmCompiledModule which will be deprecated
once chromium has been updated to use WasmModuleObject.
R=titzer@chromium.org, adamk@chromium.org
Bug: v8:8238, chromium:912031
Change-Id: I2d7708d4dc183cb4f4714f741b1ea0c153014430
Reviewed-on: https://chromium-review.googlesource.com/c/1362048
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58055}
Make sure WebAssembly's js-api exposes the correct attributes: writable,
enumerable and configurable.
Bug: v8:8319
Change-Id: I427533159d7975a42c0c5cb1babdc8a61f8198b5
Reviewed-on: https://chromium-review.googlesource.com/c/1351002
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58053}
A fancy new stdlib addition for creating JSObjects from a collection of
key/value pairs, coming soon to a javascript runtime near you.
BUG=v8:8021
R=gsathya@chromium.org, adamk@chromium.org
Change-Id: I5eb1dea75bfef009281eef9864c8c0226af4f1fc
Reviewed-on: https://chromium-review.googlesource.com/c/1363293
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#58051}
Even though descriptor arrays are references by maps in the old
generation, they seems to be short living in benchmarks.
This fixes perf regressions introduced in 1ad0cd5.
Bug:chromium:911073,chromium:910567,chromium:910443,
Change-Id: Iaf933d409e72c6c26df48f6435f9543224ea7d67
Reviewed-on: https://chromium-review.googlesource.com/c/1363146
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58050}
Intrinsic changes:
- Rename %RawCast to %RawObjectCast and add error checking so that it
only applies to subtypes of Objects.
- Add %RawPointerCast, which is similar to %RawObjectCast but must be
used for all subtypes of RawPtr.
- Add %RawConstexprCast, which allows one constexpr to be be cast to
another at compile time. It translate to an appropriate static_cast
in the generated code
- Add %FromConstexpr, which handles most of the standard cases of
generating XXXConstant CSA nodes from constexpr constants. It uses
either SmiConstant, NumberConstant, StringConstant, IntPtrConstant
or Int32Constant, depending on the cast-to type generic <To> type.
- Add support for intrinsics that return constexpr results.
Cleanup:
- Turn FromConstexpr into a generic with two generic types, a <To> and
a <From> type. Most FromConstexpr can use the new %FromConstexpr
intrinsic rather than provide an explicit implementation.
Bug: v8:7793
Change-Id: Icab5db16d203034ec157fa3ad5157d10c7dc8464
Reviewed-on: https://chromium-review.googlesource.com/c/1357049
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58049}
This implementation uses mutex to implement those instructions.
I will add 32-bit version LL/SC after review.
Change-Id: I7b0e2b42527bc21060a84eb5e27099e129f2858f
Reviewed-on: https://chromium-review.googlesource.com/c/1354462
Reviewed-by: Sreten Kovacevic <skovacevic@wavecomp.com>
Commit-Queue: Predrag Rudic <prudic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#58048}
If the size of a large code object is larger than
kMaxRegularHeapObjectSize, then it should be allocated in the large code
space. Currently if the size is > kMaxRegularHeapObjectSize but <
512000, then it can still be allocated in the normal code space.
Change-Id: I72dbd38803c3d5d414bae85e9e0b15482e50e1c2
Reviewed-on: https://chromium-review.googlesource.com/c/1363137
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58046}
We currently compute this value from the size of the external table,
which we get from the Isolate. This size is isolate-independent though,
so it can just be a constant.
R=mstarzinger@chromium.org
Bug: chromium:912043
Change-Id: If1c09a56b1a985b855f5b65818322979c194d772
Reviewed-on: https://chromium-review.googlesource.com/c/1362954
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58045}
The existing implementation embedded an isolate-specific pointer to the
thread-in-wasm flag in the wrapper code. However, when the module code
is shared among multiple workers, this can mean that the workers
share the same thread-in-wasm flag.
With this change we load the pointer to the flag at runtime from the
current isolate. Thereby the correct flag is used even when the same
code is executed on different workers.
Note that we could access the right flag address by going through the
root register. However, changing the code generation to use the root
register requires some inconvenient steps:
* Pass the isolate to the pipeline again, which we don't want.
* Change the WasmCallDescriptor to allow the use of the root register
for wrappers but not for other code.
To avoid these issues, and allow the CL to be easy to merge back, we
got for the changes proposed here.
R=mstarzinger@chromium.org, ishell@chromium.org
Bug: v8:8533
Change-Id: If15565a7ad7cba835cfc1628e7a4d3fdef90a5c0
Reviewed-on: https://chromium-review.googlesource.com/c/1358518
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58044}
If the input memory index into an atomic operation is a constant, we can
statically check if the {index+offset} is aligned.
R=herhut@chromium.org
Change-Id: Ia830d7c7df10d50ed4ee3382acfef776306f249c
Reviewed-on: https://chromium-review.googlesource.com/c/1362872
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58043}
We checked against kNotFound twice; once in
TransitionsAccessor::SearchTransitions and once in TransitionArray::Search. It's
unnecessary to check twice.
In local tests, this speeds up searching for a non-existent transition in a
2-element TransitionArray by ~20%.
BUG=v8:8547
Change-Id: Ic220c4c0bfeeacd9b81953efad212ed15168437e
Reviewed-on: https://chromium-review.googlesource.com/c/1361167
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58038}
Drive-by: Replace uses in CallApi* with a direct call now that they've
been converted to builtins themselves and are thus immovable.
Bug: v8:7777
Change-Id: I660b5788bdac4f5e45cc5c5677b86be17474cd83
Reviewed-on: https://chromium-review.googlesource.com/c/1361161
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58037}
This reverts commit a6669bdce7.
Reason for revert: Regresses Speedometer 2 (EmberJS-Debug-TodoMVC)
Original change's description:
> [constant-tracking] Track constants by default.
>
> It is possible this CL results in various regressions, the idea
> is to get some data on where constant tracking helps and where
> it regresses.
>
> Bug: v8:8361
> Change-Id: I2f291788a8bea03e6eaac9f51564c1da02734d1a
> Reviewed-on: https://chromium-review.googlesource.com/c/1347474
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58008}
TBR=jarin@chromium.org,ishell@chromium.org
Change-Id: I1e2b18c34829e1f53ea287aae0ef7fcf88980341
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8361
Reviewed-on: https://chromium-review.googlesource.com/c/1362047
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58035}
The memory.init and memory.drop instructions have a data segment index
that can only be validated by knowing the number of data segments. This
information is provided by the new DataCount section.
Bug: v8:7747
Change-Id: Ie04d57584fe028637f6e931ab53d00abc5b998a4
Reviewed-on: https://chromium-review.googlesource.com/c/1355624
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58031}
Port c6b0e12e4e
Original Commit Message:
This is the first (and major) step towards converting CallApiCallback
and CallApiGetter stubs into builtins.
The CallApiCallbackStub was parameterized with the number of arguments
passed on the stack. This CL converts the compile-time parameter into
an explicit runtime parameter, and removes all uses of the stub
parameter.
(kCallData and kHolder are now passed on the stack).
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I171fbb7d37525c2087e5dd9d7ff8fb5f959f2a7a
Reviewed-on: https://chromium-review.googlesource.com/c/1362163
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58030}
This reverts commit ed3d647284.
Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20noi18n%20-%20debug/24178
Original change's description:
> Reland "[code-comments] Put code comments into the code object"
>
> This is a reland of e774cffe2b
>
> This reland disables a test as v8:8548 is blocking it, which was
> broken by a recent CL. CQ did not catch this because the merge-base
> CQ used did not yet contain the CL that caused v8:8548.
>
> Original change's description:
> > [code-comments] Put code comments into the code object
> >
> > Code comments in the snapshot can now be enabled with gn
> > arg 'v8_enable_snapshot_code_comments'
> >
> > Bug: v8:7989
> > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
> > Reviewed-on: https://chromium-review.googlesource.com/c/1329173
> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58020}
>
> TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org
>
> Bug: v8:7989, v8:8548
> Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9
> Reviewed-on: https://chromium-review.googlesource.com/c/1361166
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58028}
TBR=mvstanton@chromium.org,mstarzinger@chromium.org,sigurds@chromium.org,jgruber@chromium.org
Change-Id: I1075bb09de7cb8dad71e31ff51a4e7bb6a200a8b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7989, v8:8548
Reviewed-on: https://chromium-review.googlesource.com/c/1362043
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58029}
This is a reland of e774cffe2b
This reland disables a test as v8:8548 is blocking it, which was
broken by a recent CL. CQ did not catch this because the merge-base
CQ used did not yet contain the CL that caused v8:8548.
Original change's description:
> [code-comments] Put code comments into the code object
>
> Code comments in the snapshot can now be enabled with gn
> arg 'v8_enable_snapshot_code_comments'
>
> Bug: v8:7989
> Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
> Reviewed-on: https://chromium-review.googlesource.com/c/1329173
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58020}
TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org
Bug: v8:7989, v8:8548
Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9
Reviewed-on: https://chromium-review.googlesource.com/c/1361166
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58028}
%RunMicrotasks() call used to cause a nested RunMicrotasks if it's
called from a microtask, and that breaks its invariants.
This CL fixes it by disabling the nested loop.
Change-Id: I2f4a81be0dbf0554abf6eb41b62c25465338f29a
Reviewed-on: https://chromium-review.googlesource.com/c/1358036
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58026}
Port 6c8b410261
Original Commit Message:
This is a reland of d5f4a33eb8
Landing with test disabled for now.
Original change's description:
> [cpu-profiler] Fix stack iterability for fast C calls with no exit frame
>
> Before fast C calls, store the current FP and PC on the isolate. When
> iterating frames in SafeStackFrameIterator, check if these fields are
> set and start iterating at the calling frame's FP instead of the current
> FP, which will be in C++ code. We need to do this because c_entry_fp is
> not set on the Isolate for Fast-C-Calls because we don't build an exit
> frame.
>
> This change makes stack samples that occur within 'Fast-C-Calls'
> iterable, meaning we can properly attribute ticks within the JS caller.
>
> Fast-C-Calls can't call back into JS code, so we can only ever have one
> such call on the stack at a time, allowing us to store the FP on the
> isolate rather than the stack.
>
> TBR=v8-mips-ports@googlegroups.com
>
> Bug: v8:8464, v8:7202
> Change-Id: I7bf39eba779dad34754d5759d741c421b362a406
> Reviewed-on: https://chromium-review.googlesource.com/c/1340241
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
> Reviewed-by: Alexei Filippov <alph@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57896}
R=petermarshall@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ie82eaa08ba6ceeb0c0a5bb4de251540becf1f05e
Reviewed-on: https://chromium-review.googlesource.com/c/1361422
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58025}
This is a reland of c2aaf0a6fa
Original change's description:
> [wasm][liftoff] Optimize one-armed ifs
>
> Do not implement one-armed ifs by emulating an empty else branch. In
> Liftoff, we can generate better code and save compile time by handling
> this specially. If the merge point at the end of the if is not reached
> by the if-branch, we do not need to generate any merge code.
>
> R=titzer@chromium.org
>
> Bug: v8:6600, v8:8423
> Change-Id: Ie8ea69dd7491f225605a8e1b986d275d869aa90b
> Reviewed-on: https://chromium-review.googlesource.com/c/1356508
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57968}
Bug: v8:6600, v8:8423
Change-Id: I6d5eea9f860486768779a33bf6bd7b87cbfc2af0
Reviewed-on: https://chromium-review.googlesource.com/c/1361040
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58024}
Improve readability by avoiding a helper method. Just read from the
stack directly.
R=titzer@chromium.org
Change-Id: I38c944fac45c721f328a2b7bec3a3f4602f05c05
Reviewed-on: https://chromium-review.googlesource.com/c/1360572
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58023}
Building on https://chromium-review.googlesource.com/c/v8/v8/+/1349243,
which asserted on calls to GetChars() that weren't in a
DisallowHeapAllocation scope, this CL takes a reference to the scope
in order to provide static protection in all builds.
Bug: v8:8238
Change-Id: I481a1dbbd3ae57eb35c5f828c5e242691635be27
Reviewed-on: https://chromium-review.googlesource.com/c/1354038
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58022}
Code comments in the snapshot can now be enabled with gn
arg 'v8_enable_snapshot_code_comments'
Bug: v8:7989
Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
Reviewed-on: https://chromium-review.googlesource.com/c/1329173
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58020}
It's possible that we encounter incorrect SP or FP values while
unwinding the stack. One reason is that third-party code like virus
protection may change the stack. If we encounter values for SP or FP
that don't make sense, we should bail out of unwinding and return false.
Bug: v8:8116, chromium:909957
Change-Id: I630fef3f619382c7035be50b86072be349ed185c
Reviewed-on: https://chromium-review.googlesource.com/c/1358514
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58018}
This reverts commit c2aaf0a6fa.
Reason for revert: Benchmarks fail, and ClusterFuzz is not happy (issue 911406, issue 911271)
Original change's description:
> [wasm][liftoff] Optimize one-armed ifs
>
> Do not implement one-armed ifs by emulating an empty else branch. In
> Liftoff, we can generate better code and save compile time by handling
> this specially. If the merge point at the end of the if is not reached
> by the if-branch, we do not need to generate any merge code.
>
> R=titzer@chromium.org
>
> Bug: v8:6600, v8:8423
> Change-Id: Ie8ea69dd7491f225605a8e1b986d275d869aa90b
> Reviewed-on: https://chromium-review.googlesource.com/c/1356508
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57968}
TBR=titzer@chromium.org,clemensh@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:6600, v8:8423
Change-Id: I5cb3b069f40e34f34da4013e666f6ff293752567
Reviewed-on: https://chromium-review.googlesource.com/c/1360633
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58012}
This CL improves typed optimization more:
ChangePlainPrimitiveToNumber is only omitted if it is not required.
Change-Id: I5d81537a046c5a5a0c730fcd1e17bbdfda887687
Bug: v8:910562
Reviewed-on: https://chromium-review.googlesource.com/c/1357058
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58009}
It is possible this CL results in various regressions, the idea
is to get some data on where constant tracking helps and where
it regresses.
Bug: v8:8361
Change-Id: I2f291788a8bea03e6eaac9f51564c1da02734d1a
Reviewed-on: https://chromium-review.googlesource.com/c/1347474
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58008}
This is the first (and major) step towards converting CallApiCallback
and CallApiGetter stubs into builtins.
The CallApiCallbackStub was parameterized with the number of arguments
passed on the stack. This CL converts the compile-time parameter into
an explicit runtime parameter, and removes all uses of the stub
parameter.
Drive-by: The implementation is now mostly consistent across platforms.
Drive-by: Refactor the calling convention to free up two registers
(kCallData and kHolder are now passed on the stack).
Bug: v8:7777
Change-Id: I212dccc2930de89c264a13755918c9fae7842f1f
Reviewed-on: https://chromium-review.googlesource.com/c/1354887
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58005}
For this to work, I had to move PropertyCell out of objects.h too, since
otherwise there would be an inl include cycle which makes the code not compile.
BUG=v8:5402,v8:8238
Change-Id: I3233f86b68c1e2fd32d135fcf0bbba8101af8cb2
Reviewed-on: https://chromium-review.googlesource.com/c/1356510
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58004}
and also its pure-static subclass PrototypeUsers, whose porting
is a no-op.
Bug: v8:3770
Change-Id: I075806f784a0631058692149e71c45e455e90f73
Reviewed-on: https://chromium-review.googlesource.com/c/1355631
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58003}
to the new design.
Bug: v8:3770
Change-Id: I8483d47ac77e756395656628a80257e6462de22c
Reviewed-on: https://chromium-review.googlesource.com/c/1355630
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58002}
This is to address the first issue reported on v8:8453
Page::kPageSize is 524288
MemoryAllocator::GetCommitPageSize() returns 65536 on ppc
ObjectEndOffsetInCodePage() returns 458752
ObjectStartOffsetInCodePage() returns (65536 + 65536) => 131072
Therefore, memory = 327680, which is less than
kMaxRegularHeapObjectSize(507136), which causes the DCHECK to fail.
Bug: v8:8453
Change-Id: I6048192ded4234a6987371ec4d4b2a8553756c25
Reviewed-on: https://chromium-review.googlesource.com/c/1355422
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58001}
CPU features printout needs to use PrintF macro, in
order for the output to be in correct native encoding.
R=michael_dawson@ca.ibm.com, jyan@ca.ibm.com
Change-Id: If1762e452cdfe8c0ca954676acb20c1e60df8d2f
Reviewed-on: https://chromium-review.googlesource.com/c/1357160
Commit-Queue: Joran Siu <joransiu@ca.ibm.com>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#57998}
Since all other values are not used any more if we return, we don't
need to spill anything (as might happen during {PopToRegister}).
Instead, just load the top stack value into the return register(s).
R=titzer@chromium.org
Bug: v8:6600, v8:8423
Change-Id: Ibfd02d20191459c7b136ab9a48f0cf1a53b3385d
Reviewed-on: https://chromium-review.googlesource.com/c/1358391
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57995}
Rename ParseIdentifierOrStrictReservedWord to simply ParseIdentifier and
replace the old ParseIdentifier with ParseNonRestrictedIdentifier for the
disallow_restricted_identifier case. It reuses the new ParseIdentifier.
Clients that relied on the is_strict_reserved output parameter can simply check
the token themselves.
Change-Id: I49b096d7ffbfff391483e9c18c9504e5d353e97b
Reviewed-on: https://chromium-review.googlesource.com/c/1357057
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57994}
- Rename methods,
- Introduce flags for tokens to lookup IsKeyword and IsPropertyName
- Remove "contextual keyword" leftover code.
- Inline ParsePropertyName into ParsePropertyNameOrPrivatePropertyName
since public is more likely than private.
Change-Id: Ib7633ef3c46889ecafc7a6c929029845bb8ef15c
Reviewed-on: https://chromium-review.googlesource.com/c/1357052
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57993}
If they are part of a keyed store they are pushed later using
impl()->PushPropertyName.
Change-Id: I9c104d15722dd59556c04fe3d4b0018c37d0f553
Reviewed-on: https://chromium-review.googlesource.com/c/1357055
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57991}
The register allocator spends significant amounts of time on updating
the state of active and inactive live range sets. In many cases, no
update is needed. By precomputing when the next update is due during
state management, we can avoid unnecessary checks. This cuts the time
spent for managing queues in half.
Change-Id: I44074266bed2f09171872a829f115e61608b76c8
Reviewed-on: https://chromium-review.googlesource.com/c/1352308
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57990}
While strictly speaking it is legal (though useless) to dynamically
create zero-length arrays with "new T[0]", UBSan does not like it,
so this CL avoids doing it. It fixes the error:
../../src/allocation.h:41:34: runtime error: constructor call on
address 0x... with insufficient space for an object of type 'unsigned char'
Bug: v8:3770
Change-Id: I5017767c59df0d8928f7493f92d2d04519083964
Reviewed-on: https://chromium-review.googlesource.com/c/1356902
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57984}
Taking kSystemPointerSize into account when determining the maximum
allowed BigInt size accidentally made the limit platform-specific.
This patch chooses a platform-independent constant (1<<30) instead.
Bug: chromium:909614
Change-Id: I4717969bc56e6dd5f1eed70b7e60e621989d0719
Reviewed-on: https://chromium-review.googlesource.com/c/1355625
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57983}
This is a reland of 10ea3f8a1d
Original change's description:
> [Compiler] Introduce IsCompiledScope which prevents flushing of compiled code
>
> Introduces a IsCompiledScope object which can be used to check whether a
> function is compiled, and ensure it remains compiled for the lifetime
> of the scope without being uncompiled by bytecode flushing. The Compile
> functions are modified to take a scope so that calling code can ensure
> the function remains compiled for the lifetime they require.
>
> Also, don't allocate a feedback vector for asm-wasm code as this
> is never used, and will be reallocated if the asm-wasm code fails to
> instantiate the module and we fallback to regular JavaScript.
>
> Also restructure Compiler::PostInstantiation() to allocate the feedback
> vector once, and do the optimized code check before optimizing for
> always opt.
>
> BUG=v8:8395
>
> Change-Id: I3f1a71143fcae3d1a0c01eefe91ebb4b8594221a
> Reviewed-on: https://chromium-review.googlesource.com/c/1352295
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57971}
TBR=jgruber@chromium.org,mstarzinger@chromium.org
Bug: v8:8395
Change-Id: I8dc00798a5680997990c879c3380fe4febd47297
Reviewed-on: https://chromium-review.googlesource.com/c/1357045
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57982}
to the new design.
Bug: v8:3770
Change-Id: I63291cc8eccfa1da20e84c6d3e9f48f253409396
Reviewed-on: https://chromium-review.googlesource.com/c/1355627
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57981}
This reverts commit 10ea3f8a1d.
Reason for revert: Causing failure on gc_stress bot:
https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8928421099411850688/+/steps/Bisect_10ea3f8a/0/steps/Retry/0/logs/collections-construct../0
Original change's description:
> [Compiler] Introduce IsCompiledScope which prevents flushing of compiled code
>
> Introduces a IsCompiledScope object which can be used to check whether a
> function is compiled, and ensure it remains compiled for the lifetime
> of the scope without being uncompiled by bytecode flushing. The Compile
> functions are modified to take a scope so that calling code can ensure
> the function remains compiled for the lifetime they require.
>
> Also, don't allocate a feedback vector for asm-wasm code as this
> is never used, and will be reallocated if the asm-wasm code fails to
> instantiate the module and we fallback to regular JavaScript.
>
> Also restructure Compiler::PostInstantiation() to allocate the feedback
> vector once, and do the optimized code check before optimizing for
> always opt.
>
> BUG=v8:8395
>
> Change-Id: I3f1a71143fcae3d1a0c01eefe91ebb4b8594221a
> Reviewed-on: https://chromium-review.googlesource.com/c/1352295
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57971}
TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org
Change-Id: I1449a02a0aceb9757440757628e586df33972a40
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8395
Reviewed-on: https://chromium-review.googlesource.com/c/1357042
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57974}
This has significant impact on validation time (11% regression, see
linked bug). These annotations bring us back to the old performance
(according to local measurements it even makes us better than before).
R=mstarzinger@chromium.org
Bug: chromium:910432
Change-Id: I8e701f9577d53115b3db22be2a09487414c965df
Reviewed-on: https://chromium-review.googlesource.com/c/1356511
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57973}
Introduces a IsCompiledScope object which can be used to check whether a
function is compiled, and ensure it remains compiled for the lifetime
of the scope without being uncompiled by bytecode flushing. The Compile
functions are modified to take a scope so that calling code can ensure
the function remains compiled for the lifetime they require.
Also, don't allocate a feedback vector for asm-wasm code as this
is never used, and will be reallocated if the asm-wasm code fails to
instantiate the module and we fallback to regular JavaScript.
Also restructure Compiler::PostInstantiation() to allocate the feedback
vector once, and do the optimized code check before optimizing for
always opt.
BUG=v8:8395
Change-Id: I3f1a71143fcae3d1a0c01eefe91ebb4b8594221a
Reviewed-on: https://chromium-review.googlesource.com/c/1352295
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57971}
Do not implement one-armed ifs by emulating an empty else branch. In
Liftoff, we can generate better code and save compile time by handling
this specially. If the merge point at the end of the if is not reached
by the if-branch, we do not need to generate any merge code.
R=titzer@chromium.org
Bug: v8:6600, v8:8423
Change-Id: Ie8ea69dd7491f225605a8e1b986d275d869aa90b
Reviewed-on: https://chromium-review.googlesource.com/c/1356508
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57968}
Termination exceptions tear down V8 to the bottom-most V8 call. If there is a
v8::TryCatch scope around that call, it returns true for HasTerminated() and
HasCaught(). However, Isolate::IsExecutionTerminating() returns false and we
can call into V8 from still inside the v8::TryCatch scope.
Changes that this patch introduces:
- You need to leave the v8::TryCatch scope around the bottom-most call to
reset the termination state, in order to resume.
- Explicitly check for termination exception and reporting it through the
DevTools protocol after Runtime.evaluate and Debugger.evaluateOnCallFrame.
Bug: v8:8455
Change-Id: I1f36f7a365985469813c2619bf16f18ee69aa4b8
Reviewed-on: https://chromium-review.googlesource.com/c/1337582
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57963}
The placement of the exceptipon section is by now restricted to be in
between the Global and the Import section. This changes our validation
to check this stricter requirement now.
R=clemensh@chromium.org
TEST=unittests/WasmModuleVerifyTest
BUG=v8:8091
Change-Id: Ib3ea625fd4df93bffda47ced09e6969159f7ac70
Reviewed-on: https://chromium-review.googlesource.com/c/1356504
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57962}
64-bit implementations of ExtractBits and InsertBits were using 32-bit
instructions. Masking when representation of instruction is 64 is now
correct.
Also added optimization for 32-bit InsertBits.
Change-Id: I3d5117835daa67708e544d01d1d9058dcc0cc64e
Reviewed-on: https://chromium-review.googlesource.com/c/1355141
Reviewed-by: Sreten Kovacevic <skovacevic@wavecomp.com>
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#57961}
Building on linux x64 with "is_component_build = true" currently fails
with linker errors (undefined references). This CL fixes that.
R=ahaas@chromium.orgTBR=mseaborn@chromium.org,mark@chromium.org
Bug: v8:8532
Change-Id: I6b32c00bd974a22268ad1f161ce06a9ebe47c805
Reviewed-on: https://chromium-review.googlesource.com/c/1356505
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57960}
Move from ParseAndClassifyIdentifier to places where we either know that what
we're parsing are parameters, or where they could become (async) arrow formals.
Change-Id: Ic69bb586ed29ba9ac7b4dbef5d11a2e1954e7332
Reviewed-on: https://chromium-review.googlesource.com/c/1356503
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57957}
In the case of using start and size to manage range, the range is start
~ start + size - 1, start + size is out of the range.
The template function IsInRange(T value, U lower_limit, U higher_limit)
judge whether value is in the range lower_limit ~ higher_limit.
IsInRange(pc, start, start + isolate->embedded_blob_size()) misjudge
the case pc == start + isolate->embedded_blob_size()
Signed-off-by: Tao Pan <tao.pan@intel.com>
Change-Id: Iad172454bacb27a1328bbdda5863d28c9853a6db
Bug: v8:8530
Change-Id: Iad172454bacb27a1328bbdda5863d28c9853a6db
Reviewed-on: https://chromium-review.googlesource.com/c/1355633
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tao Pan <tao.pan@intel.com>
Cr-Commit-Position: refs/heads/master@{#57955}
This is a reland of 9436e8a817
This CL simplifies the wasm/futex.js test so that it doesn't push the
limits of d8.
Original change's description:
> [wasm] Add I64AtomicWait implementation
>
> Bug=v8:8075
> R=adamk@chromium.org,binji@chromium.org
>
> Change-Id: I11ef5daccd043123b23e60c93ee0df79cabe9ccd
> Reviewed-on: https://chromium-review.googlesource.com/c/1342948
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Ben Smith <binji@chromium.org>
> Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57917}
Change-Id: Ifd26f1ecdb9fe24a1896162bb4d4285f9188a9ba
Reviewed-on: https://chromium-review.googlesource.com/c/1351304
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57953}
Bug: v8:3770
Change-Id: I6ad84a663926fffc9e1acc590c13780c39461274
Reviewed-on: https://chromium-review.googlesource.com/c/1351248
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57952}
The bulk-memory proposal adds a new DataCount section that declares the
number of data segments that are expected to be seen in the Data
section. This is similar to the way the number of functions is split
between the Function and Code sections.
The DataCount section occurs before the Code section, so we can do
single-pass validation of the new `memory.init` and `memory.drop`
instructions, which have data segment indices as immediates.
Bug: v8:7747
Change-Id: Ibc5a7ee9336dbc5d0fd667572c42cb065c048e00
Reviewed-on: https://chromium-review.googlesource.com/c/1352792
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57951}
This should reduce the likelyhood of getting indistinguishable map log
events with --trace-maps.
Bug: v8:8524
Change-Id: I5dad7a026ec9384960177298afadc1f9fa710eda
Reviewed-on: https://chromium-review.googlesource.com/c/1354890
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57950}
Make sure to check that the number of declared functions (specified in the
function section) matches the number of function bodies, even if the code
section is omitted.
Note that it is valid to have a function section with zero declared functions
and an omitted code section, and vice versa.
Bug: v8:8514
Change-Id: I4effa5abe2ed6d71146a665d2df6a2f48b5a84be
Reviewed-on: https://chromium-review.googlesource.com/c/1351306
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57949}
This CL moves a number of memory-related methods out of utils into its
own header, since utils.h is included in many places that do not need
these methods.
R=clemensh@chromium.org,mstarzinger@chromium.org
Change-Id: I5155baf329844784286413408c05c7108b789020
Reviewed-on: https://chromium-review.googlesource.com/c/1354889
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57948}
The problem were missing V8_EXPORT_PRIVATE and V8_EXPORT.
The unittests test if the trap handler only handles those traps it
is supposed to handle:
* Only handle traps when the thread-in-wasm flag is set.
* Only handle traps of the right type, i.e. memory access violations.
* Only handle traps at recorded instructions.
The tests also test the consistency of the thread-in-wasm flag. I made
one change in the trap handler where that consistency could be
violated.
All tests are executed with the default trap handler provided by V8,
and with the trap handler callback installed in a test signal/exception
handler.
Patchset 1 is the original CL.
R=mstarzinger@chromium.org
Change-Id: I172d94f24cdba4c3a1f7f344825b059dbb59da79
Reviewed-on: https://chromium-review.googlesource.com/c/1351024
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57947}
Fix two bugs:
- Initial configuration of limit allowed to go below the size of already
allocated objects.
- Context disposal without dependend context reset the heap state to not
configured without actually increasing the limit again.
Bug: chromium:843903
Change-Id: Ibdcf69b0b92b800f8919d5cc98186334945d811f
Reviewed-on: https://chromium-review.googlesource.com/c/1355143
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57946}
This adds error functions that receive offsets instead of pc, since the
streaming compiler stores different sections in different buffers, so
computing pointer differences between different sections does not work.
We keep the pc-based methods for now to reduce code-churn and
complexity at the different call sites.
R=ahaas@chromium.orgCC=binji@chromium.org
Bug: v8:8238
Change-Id: I1aa68740bdda93c3341431aa7a81ac01ecfb71bb
Reviewed-on: https://chromium-review.googlesource.com/c/1354463
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57944}
This introduces a dedicated instance type for exception tags. The main
motivation is to reduce their footprint and getting rid of a temporary
workaround that used the {JSObject} type for this purpose.
R=clemensh@chromium.org
BUG=v8:8091
Change-Id: Id5678bce513f2ac086c7380bd803011b11d5050e
Reviewed-on: https://chromium-review.googlesource.com/c/1354464
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57943}
This adds a new target :generated_cc_files which generates all
generated .cc files and is quick to build (~5sec on my machine).
TBR=yangguo@chromium.org
Change-Id: I51485635671b55302b06f1ea300e86ef1745931e
Bug: v8:8526
Reviewed-on: https://chromium-review.googlesource.com/c/1354881
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57941}
This reverts commit 291a602973.
Reason for revert: Unnecessary following f32 support for Liftoff
on arm32.
Original change's description:
> [liftoff][arm] Fix overlapping of F32 and F64 registers in Liftoff
>
> Add a check to bailout in the case when F32 parameters are used for Arm.
>
> Bug: v8:6600, chromium:904026, chromium:904606
> Change-Id: I7f70c0806994a89dca31ef7e0b68f91d68484936
> Reviewed-on: https://chromium-review.googlesource.com/c/1346492
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57741}
TBR=titzer@chromium.org,clemensh@chromium.org,george.wort@arm.com
Change-Id: I98ba43017f521c83b96bbb15e9dc803954dc1eec
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6600, chromium:904026, chromium:904606
Reviewed-on: https://chromium-review.googlesource.com/c/1354467
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57939}
|scope_snapshot_| might not have been cleared if there was a parser error between setting
the snapshot and consuming it. Explicitly clear it at the end of parsing for that case.
Otherwise Scope::Snapshot's destructor will possibly write into the already freed zone.
Bug: chromium:909976
Change-Id: I8469d11f04e7f71528be5cba5663c652cd7eacb2
Reviewed-on: https://chromium-review.googlesource.com/c/1354880
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57938}
This is a reland of d5f4a33eb8
Landing with test disabled for now.
Original change's description:
> [cpu-profiler] Fix stack iterability for fast C calls with no exit frame
>
> Before fast C calls, store the current FP and PC on the isolate. When
> iterating frames in SafeStackFrameIterator, check if these fields are
> set and start iterating at the calling frame's FP instead of the current
> FP, which will be in C++ code. We need to do this because c_entry_fp is
> not set on the Isolate for Fast-C-Calls because we don't build an exit
> frame.
>
> This change makes stack samples that occur within 'Fast-C-Calls'
> iterable, meaning we can properly attribute ticks within the JS caller.
>
> Fast-C-Calls can't call back into JS code, so we can only ever have one
> such call on the stack at a time, allowing us to store the FP on the
> isolate rather than the stack.
>
> TBR=v8-mips-ports@googlegroups.com
>
> Bug: v8:8464, v8:7202
> Change-Id: I7bf39eba779dad34754d5759d741c421b362a406
> Reviewed-on: https://chromium-review.googlesource.com/c/1340241
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
> Reviewed-by: Alexei Filippov <alph@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57896}
TBR=v8-mips-ports@googlegroups.comTBR=jgruber@chromium.org
Bug: v8:8464, v8:7202
Change-Id: I260d5ab3bc12c9c4529fb52a297a1040dcaa8ebf
Reviewed-on: https://chromium-review.googlesource.com/c/1354466
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57935}
This refactors Map operations to update the instance descriptors and
the number of own descriptors via the SetInstanceDescriptors bottleneck.
This will allow us to add a special marking barrier for these updates.
Bug: v8:8486
Change-Id: Ie9c746d4bcdd6166d38402622734693fa59faf21
Reviewed-on: https://chromium-review.googlesource.com/c/1354883
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57934}
This CL unifies performance-critical slot processing code that was manually
specifaized for ObjectSlot. Now one templated implementation can be used
for processing both ObjectSlot and MaybeObjectSlot.
Bug: v8:8518
Change-Id: Ia4346a817911f8042459ce579741fe2308ef5e4d
Reviewed-on: https://chromium-review.googlesource.com/c/1354459
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57933}
