This reverts commit 758700a708.
Reason for revert: Broken
Original change's description:
> [compiler] Don't collect source positions for the top frame
>
> While most source positions were not collected even throwing exceptions,
> the top frame still was always collected as it was used to initialize
> the JSMessageObject. This skips even that frame, by storing the
> SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
> it to lazily evaluate the actual source position.
>
> Also adds tests to test-api.cc that test each of the source position
> functions in isolation to ensure that they don't rely on previous
> invocations to call the source collection function.
>
> Since no source positions are now collected at the point when an
> exception is thrown, the mjsunit/stack-traces-overflow now passes again
> with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
> only failure).
>
> Bug: v8:8510
> Change-Id: Ic5382bdbab65cd8838f0c84b544fabb1a9109d13
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587385
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61271}
TBR=ulan@chromium.org,rmcilroy@chromium.org,delphick@chromium.org
Change-Id: I3ee0b5db5f8a1b3255f68070dc10d27d0e013048
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8510
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598758
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61273}
While most source positions were not collected even throwing exceptions,
the top frame still was always collected as it was used to initialize
the JSMessageObject. This skips even that frame, by storing the
SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
it to lazily evaluate the actual source position.
Also adds tests to test-api.cc that test each of the source position
functions in isolation to ensure that they don't rely on previous
invocations to call the source collection function.
Since no source positions are now collected at the point when an
exception is thrown, the mjsunit/stack-traces-overflow now passes again
with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
only failure).
Bug: v8:8510
Change-Id: Ic5382bdbab65cd8838f0c84b544fabb1a9109d13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587385
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61271}
Increase length of packed sealed array will create holes in packed array so transition to dictionary elements for now.
Later we can consider transitioning to holey sealed array.
Bug: chromium:952382
Change-Id: Ibe26ce56918859a114fccc1933f9c966c47c4112
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566968
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60884}
Previously we'd need to eagerly compile upon access to function.length for a
lazy function. The preparser already computes function.length, however, so we
can store that information in the already available preparse data.
Change-Id: I19007c9db5839e8038291fb4433866303935f089
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564190
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60767}
Design docs: bit.ly/fast-frozen-sealed-elements-in-v8
This change is only support the transition from packed elements to packed sealed elements (via object.seal) or to packed frozen elements (via object.freeze).
Added tests for non-extensible, sealed, frozen packed elements in https://chromium-review.googlesource.com/c/v8/v8/+/1474559
Added tests for non-extensible array in optimized code in https://chromium-review.googlesource.com/c/v8/v8/+/1531030 and https://chromium-review.googlesource.com/c/v8/v8/+/1544274
Using JSTests/ObjectFreeze micro-benchmarks for release build
Before:
TaggedTemplate-Numbers(Score): 0.967
TaggedTemplateLoose-Numbers(Score): 8.82
After:
TaggedTemplate-Numbers(Score): 1.51
TaggedTemplateLoose-Numbers(Score): 8.89
Bug: v8:6831
Change-Id: Ib1089f1bc02eafb8d76ffe617f8fa3e406abd5a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1474559
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60723}
Drive-by fix: In ProcessFeedbackForGlobalAccess, we had forgotten to
return the feedback when it already existed.
Bug: v8:7790, v8:9094
Change-Id: Ie4be6cef5755bbdd9d8ed472caaa2e32d243893d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554680
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60705}
... from Object to HeapObject, as they are never Smis.
Change-Id: I4cbe12985091ed1b1e94dab2803a977ae3e25224
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1541104
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60543}
Even though both are allowed in the style guide, it recommends to use
'using', as its syntax is more consistent with the rest of C++.
This CL turns all typedefs in src/objects to 'using' declarations.
R=mstarzinger@chromium.org
Bug: v8:8834
Change-Id: Iec455b40e9256ee3aae867a42c0e949a338d417c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545893
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60531}
Allocate feedback vectors lazily when the function's interrupt budget has
reached a specified threshold. This cl introduces a new field in the
ClosureFeedbackCellArray to track the interrupt budget for allocating
feedback vectors. Using the interrupt budget on the bytecode array could
cause problems when there are closures across native contexts and we may
delay allocating feedback vectors in one of them causing unexpected
performance cliffs. In the long term we may want to remove interrupt budget
from bytecode array and use context specific budget for tiering up decisions
as well.
Bug: v8:8394
Change-Id: Ia8fbb71f5e8543a92f14c44aa762973da82d445c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520719
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60450}
We want to allocate feedback vectors lazily in lite mode. To do that,
we should create closures with the correct feedback cell. This cl
allocates feedback cell arrays to hold these feedback cells in lite mode.
This cl also modifies the compile lazy to builtin to expect these arrays
in the feedback cell.
Drive-by fix: InterpreterEntryTrampoline no longer has argument count in
a register. So updated comments and removed unnecessary push/pop of this
register.
Bug: v8:8394
Change-Id: I10d8ca67cebce61a284f0c80b200e1f0c24577a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511274
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60189}
...mainly by giving a more precise type to global_proxy getters.
Change-Id: If4aef6b25baa2c641a45b177c59690e3ebfc3985
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505578
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60072}
This CL also gives up trying to maintain double and system word
fields at aligned addresses because currently it's not always
maintained (v8:8875) and Torque object definitions do not support
padding fields (v8:8863).
Given that both platforms where pointer compression is going to be
enabled (x64 and arm64) support loading of doubles and full words
from 4-byte aligned addresses we are fine.
Bug: v8:7703
Change-Id: I99fc6da5a0927f4db9b8fb24c7cc0bfc416523bc
Reviewed-on: https://chromium-review.googlesource.com/c/1496974
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60013}
To make it obvious these are not defined in C++.
Bug: v8:7793
Change-Id: Ib846023992e32ddd10dadc3834ce42b7604a1f48
Reviewed-on: https://chromium-review.googlesource.com/c/1495993
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59978}
This will allow the devtools UI to display private fields on the scope
panel.
Instead of extending GetInternalProperties, we expose a separate
GetPrivateFields method on the debug interface. This allows us to do
better type checking, for example, we can directly cast to a
v8::Private as this can only contain private fields.
This also allows us to have better constraints on the input type --
v8::Object, as opposed to a v8::Value.
The KeyAccumulator is extended to collect private names for the
PRIVATE_NAMES_ONLY PropertyFilter.
Bug: v8:8773
Change-Id: Id47c551186c59dae9a06721074ef78144f25892f
Reviewed-on: https://chromium-review.googlesource.com/c/1475664
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59920}
This is a reland of 734a657522
Original change's description:
> Do not enqueue or run a microtask on detached contexts
>
> This CL disables EnqueueMicrotask and RunMicrotasks on detached
> contexts. That is, if an embedder call DetachGlobal() on a v8::Context,
> EnqueueMicrotask on that context will not take effect, and all Microtask
> that is enqueued before DetachGlobal will be cancelled.
>
> On Blink, this implies that a frame will no longer run a microtask after
> it's navigated away. OTOH, detached frames in Blink are not affected.
>
> Bug: v8:8124
> Change-Id: I5b00ceef5ea2afb87cf067a65eb95c29bf91176d
> Reviewed-on: https://chromium-review.googlesource.com/c/1416071
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59445}
Tbr: adamk@chromium.org, yangguo@chromium.org, verwaest@chromium.org
Bug: v8:8124
Change-Id: I959a18ae214f1385d5f453b3ed94772e60f71e0f
Reviewed-on: https://chromium-review.googlesource.com/c/1469544
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59884}
For macros expanding to function definitions, I removed the spurious ; after
macro invocations. For macros expandign to function declarations, I made the ;
required and consistently inserted it.
No behavior change.
Bug: chromium:926235
Change-Id: Ib8085d85d913d74307e3481f7fee4b7dc78c7549
Reviewed-on: https://chromium-review.googlesource.com/c/1467545
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59558}
This updates the type of contexts to NativeContext instead of Context,
namely on GetFunctionRealm(), GetCreationContext(), and
JSGlobalObject::native_context.
They should be semantically NativeContexts, but the return type hides
the underlying NativeContext, and causes its user to cast the context
to native.
Change-Id: I2f234b0df8c2dcaeab25cb543e09d80d12ca7369
Reviewed-on: https://chromium-review.googlesource.com/c/1469541
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59543}
For instances created via constructors and `new` we try to pre-size
the instances such that ideally all the data properties can be
allocated as in-object properties (and we don't need to allocate the
out-of-object PropertyArray backing store). This is accomplished with
the helper of the Parser, which counts the property assignments to
`this` in the constructor, and we use that as the starting point for
pre-sizing logic (a mechanism called *slack tracking* is used to
dynamically shrink the objects based on the real memory usage, and
eventually compute the final starting size for instances of the
individual constructors).
This works well even with class hierarchies, since for a derived class
constructor we just include the current constructor plus all the base
constructors. I.e. with
```js
class A {
constructor() {
this.x00 = null;
this.x01 = null;
this.x02 = null;
this.x03 = null;
this.x04 = null;
this.x05 = null;
this.x06 = null;
this.x07 = null;
this.x08 = null;
this.x09 = null;
this.x10 = null;
this.x11 = null;
this.x12 = null;
this.x13 = null;
this.x14 = null;
this.x15 = null;
this.x16 = null;
this.x17 = null;
this.x18 = null;
this.x19 = null;
}
}
class B extends A {
constructor() {
super();
}
}
```
we will eventually learn that instances of `B` need 20 in-object
properties. However this breaks with transpiled code (i.e. as
generated via TypeScript or Babel), even when the constructors are
properly chained.
```js
function A() {
this.x00 = null;
this.x01 = null;
this.x02 = null;
this.x03 = null;
this.x04 = null;
this.x05 = null;
this.x06 = null;
this.x07 = null;
this.x08 = null;
this.x09 = null;
this.x10 = null;
this.x11 = null;
this.x12 = null;
this.x13 = null;
this.x14 = null;
this.x15 = null;
this.x16 = null;
this.x17 = null;
this.x18 = null;
this.x19 = null;
}
function B() {
A.call(this);
}
Object.setPrototypeOf(B, A);
```
Here we will always have 10 in-object properties for instances of
`B` (due to the generic over-allocation logic), and the other 10
properties have to be allocated in the out-of-object PropertyArray.
This is unfortunate and actually not necessary. Instead we could just
do the same [[Prototype]] walk on the constructor for regular function
constructors that we perform for derived (native) class constructors.
This CL changes that, such that we give the same treatment to transpiled
class that we have for native classes.
R=verwaest@chromium.org
Bug: v8:8764, v8:8765
Doc: https://bit.ly/v8-instance-presizing-with-transpiled-classes
Change-Id: Iac54391e41c9a39101751a678b3a647269fb009d
Reviewed-on: https://chromium-review.googlesource.com/c/1442643
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59214}
Inferring the language mode involves iterating the stack to find the
closure. This is an expensive operation and should be done only when
required. This cl changes the implementation to infer the language
mode only when we can't defer it any further. Currently, we infer the
language mode when throwing an exception or when passing this
information to PropertyCallbackArguments.
This cl also changes the language mode parameter to SetProperty
related methods to Maybe<ShouldThrow>. We only use the language mode to
decide if we need to throw and using ShouldThrow instead of language
mode simplifies the code by avoiding conversions from Maybe<ShouldThrow>
to Maybe<LanguageMode> and vice-versa.
Bug: v8:8580, chromium:923820, chromium:925289
Change-Id: I72497497f62fe0d86fcecd57b06b3183b7531f7b
Reviewed-on: https://chromium-review.googlesource.com/c/1425912
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59094}
This is a reland of f5729f1cdaTBR=ulan@chromium.org
Original change's description:
> [GC] Ensure JSFunctions with flushed bytecode are flushed during GC.
>
> When bytecode is flushed from a SFI, the JSFunctions still retain their
> FeedbackVector's and point to the interpreter entry trampoline. They are
> reset if re-executed, however if not they could hold onto the feedback
> vector indefinetly. This CL adds a pass the GC to detect JSFunctions that
> need to be reset, and performs the reset at the end of GC.
>
> BUG=v8:8395
>
> Change-Id: I3de8655aff9ff80f912b4fd51dee43eb98cfd519
> Reviewed-on: https://chromium-review.googlesource.com/c/1393292
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58775}
Bug: v8:8395
Change-Id: If9580b25ba32e4065e20d86cb8ed22a3280d59e9
Reviewed-on: https://chromium-review.googlesource.com/c/1424860
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59001}
This reverts commit d5e63b03bf.
Reason for revert: Fails gc-stress: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Mac64%20GC%20Stress/5312
Original change's description:
> Reland "[GC] Ensure JSFunctions with flushed bytecode are flushed during GC."
>
> This is a reland of f5729f1cda
>
> TBR=ulan@chromium.org
>
> Original change's description:
> > [GC] Ensure JSFunctions with flushed bytecode are flushed during GC.
> >
> > When bytecode is flushed from a SFI, the JSFunctions still retain their
> > FeedbackVector's and point to the interpreter entry trampoline. They are
> > reset if re-executed, however if not they could hold onto the feedback
> > vector indefinetly. This CL adds a pass the GC to detect JSFunctions that
> > need to be reset, and performs the reset at the end of GC.
> >
> > BUG=v8:8395
> >
> > Change-Id: I3de8655aff9ff80f912b4fd51dee43eb98cfd519
> > Reviewed-on: https://chromium-review.googlesource.com/c/1393292
> > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58775}
>
> Bug: v8:8395
> Change-Id: I9bc84b62332575a080561c51f08b699b91e41e4a
> Reviewed-on: https://chromium-review.googlesource.com/c/1414859
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58924}
TBR=ulan@chromium.org,rmcilroy@chromium.org
Change-Id: I5d3012d4c7277ae792b0488780ff426d51dd602f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8395
Reviewed-on: https://chromium-review.googlesource.com/c/1421838
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58925}
This is a reland of f5729f1cdaTBR=ulan@chromium.org
Original change's description:
> [GC] Ensure JSFunctions with flushed bytecode are flushed during GC.
>
> When bytecode is flushed from a SFI, the JSFunctions still retain their
> FeedbackVector's and point to the interpreter entry trampoline. They are
> reset if re-executed, however if not they could hold onto the feedback
> vector indefinetly. This CL adds a pass the GC to detect JSFunctions that
> need to be reset, and performs the reset at the end of GC.
>
> BUG=v8:8395
>
> Change-Id: I3de8655aff9ff80f912b4fd51dee43eb98cfd519
> Reviewed-on: https://chromium-review.googlesource.com/c/1393292
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58775}
Bug: v8:8395
Change-Id: I9bc84b62332575a080561c51f08b699b91e41e4a
Reviewed-on: https://chromium-review.googlesource.com/c/1414859
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58924}
This reverts commit f5729f1cda.
Reason for revert: GC Stress failures, e.g. https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/23549
Original change's description:
> [GC] Ensure JSFunctions with flushed bytecode are flushed during GC.
>
> When bytecode is flushed from a SFI, the JSFunctions still retain their
> FeedbackVector's and point to the interpreter entry trampoline. They are
> reset if re-executed, however if not they could hold onto the feedback
> vector indefinetly. This CL adds a pass the GC to detect JSFunctions that
> need to be reset, and performs the reset at the end of GC.
>
> BUG=v8:8395
>
> Change-Id: I3de8655aff9ff80f912b4fd51dee43eb98cfd519
> Reviewed-on: https://chromium-review.googlesource.com/c/1393292
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58775}
TBR=ulan@chromium.org,rmcilroy@chromium.org
Change-Id: I1ba0a190e54bb84b9e2c52ae73d19eb5afc02a4b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8395
Reviewed-on: https://chromium-review.googlesource.com/c/1408993
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58778}
When bytecode is flushed from a SFI, the JSFunctions still retain their
FeedbackVector's and point to the interpreter entry trampoline. They are
reset if re-executed, however if not they could hold onto the feedback
vector indefinetly. This CL adds a pass the GC to detect JSFunctions that
need to be reset, and performs the reset at the end of GC.
BUG=v8:8395
Change-Id: I3de8655aff9ff80f912b4fd51dee43eb98cfd519
Reviewed-on: https://chromium-review.googlesource.com/c/1393292
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58775}
Class declarations support structured heap data that is a subtype of
HeapObject. Only fields of Object subtypes (both strong and weak)
are currently supported (no scalar fields yet).
With this CL, both the field list macro used with the C++
DEFINE_FIELD_OFFSET_CONSTANTS macro (to make field offset constants) as
well as the Torque "operator '.field'" macros are generated for the
classes declared in Torque. This is a first step to removing the
substantial amount of duplication and boilerplate code
needed to declare heap object classes.
As a proof of concept, and handful of class field definitions,
including those for non trivial classes like JSFunction, have been
moved to Torque.
Bug: v8:7793
Change-Id: I2fa0b53db65fa6f5fe078fb94e1db3418f908753
Reviewed-on: https://chromium-review.googlesource.com/c/1373971
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58704}
The incremental migration required several pairs of functionally
equivalent macros. This patch consolidates everything onto the
respective new version and drops the obsolete versions.
Bug: v8:3770
Change-Id: I4fb05ff223e8250c83a13f46840810b0893f410b
Reviewed-on: https://chromium-review.googlesource.com/c/1398223
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58659}
This CL makes several changes to bootstrapper to reduce
code verbosity:
- Adds an InstallToStringTag helper and uses it everywhere (while
removing now-redundant comments).
- Reduces explicit calls to Factory::InternalizeUtf8String
by adding some overloads of helpers and of JSObject::AddProperty.
- Uses InstallConstant in all applicable cases.
- Removes attributes arguments when all callers pass DONT_ENUM.
Change-Id: Ifb5f5102f5fbf89d475045270eeda78a2ee99248
Reviewed-on: https://chromium-review.googlesource.com/c/1385526
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58413}
Merging the temporary HeapObjectPtr back into HeapObject.
Bug: v8:3770
Change-Id: I5bcd23ca2f5ba862cf5b52955dca143e531c637b
Reviewed-on: https://chromium-review.googlesource.com/c/1386492
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58410}
and update visitors to not look at raw part. This will allow to have effecient
access to embedder data once kTaggedSize is switched to 32-bit value.
Bug: v8:8518
Change-Id: Ia1875a5ac5f3fb85df5c5555b970fd88d9e8d7a4
Reviewed-on: https://chromium-review.googlesource.com/c/1369957
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58185}
Update is_compiled() and has_feedback_vector() to return false in the case
where the SFI's bytecode has been flushed, but the JSFunction hasn't yet been
reset to uncompiled. Also add code to reset the JSFunction when it is recompiled
lazily.
BUG=v8:8394
Change-Id: I7c5f79066603ac1ae097a0a62c625b1a8e39431c
Reviewed-on: https://chromium-review.googlesource.com/c/1363138
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58148}
(mostly for roots, handles and stack locations).
Thi CL also changes RootVisitor interface to use FullObjectSlots instead of
ObjectSlots.
Bug: v8:8518
Change-Id: I217c7ae176387a8c64f4754e62339727bdb36018
Reviewed-on: https://chromium-review.googlesource.com/c/1366035
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58091}
to the new design.
Bug: v8:3770
Change-Id: I63291cc8eccfa1da20e84c6d3e9f48f253409396
Reviewed-on: https://chromium-review.googlesource.com/c/1355627
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57981}
