see https://crrev.com/c/1630678
that patch modify this by mistake.
Change-Id: I7db0205a08beff3f7e6372d62dd810ef859c9fcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1633932
Auto-Submit: Yu Yin <xwafish@gmail.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61909}
Also generally cleanup the Copy* code in elements.cc a bit.
Bug: v8:9183
Change-Id: I4a56db1f0b382a4b9583cae3b47e4ce572393d9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634249
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61908}
There's a still a bug in the serializer related to resumables. I know
what the problem is but I may not have time to prepare a fix this week.
Given that --future is enabled on some canaries, let's exclude
--concurrent-inlining for now.
Bug: v8:7790
Change-Id: I78331ae423239ee7f0417a49e9eb58601a9a1590
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634189
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61907}
A given target offset may already have an environment associated with
it (there can be multiple jumps to the same target). In that case we
used to throw away the previous environment. With this CL we merge the
environments instead.
Bug: v8:7790
Change-Id: I0c22182436fc48e29675e49627729a33cbeaaf4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631603
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61905}
Kill the environment when encountering Throw, Rethrow or Abort, because
the following code may be dead.
Also add support for the SwitchOnSmi bytecode.
Bug: v8:7790
Change-Id: Ia925aec854fea031be1df88a6a924e4b0d0406e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631602
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61904}
On Android libraries there are zero length entries within the ranged
symbols which break our range processing. This updates the logic to
only add entries for zero-length entries if they aren't within the range
of the previously added entry.
Change-Id: I511a6221817c535d967a50413948a29d9deb1e85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627985
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61903}
On Android we load the native library directly from the APK. As such,
we need to convert symbols from the mapped APK to the underlying .so
when symbolizing the ticks.
This CL adds a --apk-embedded-library argument to tick processor to enable
specifying which unstripped library file was embeded in the APK and enable
symbolizing.
Change-Id: Ic992825b831f984a1217eed71847bdb158eb992b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627546
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61902}
If we need to build an icu::UnicodeString for a string that is currently
in one-byte representation, we first have to expand the string's content
into a two-byte representation. Doing so involves allocating an array,
which is slow. With this change, we can convert short strings on the
stack instead to save time. The cutoff length for what counts as "short"
is pretty arbitrary, but we believe many strings fit into an 80-column
line. This increases the score of cdjs in JetStream 2 by 35% on my
machine, because cdjs is basically a test of localeCompare throughput.
Bug: v8:9305
Change-Id: Iba081ac5a8fa7659edf06ac97ba8acf3f8328d59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630848
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61901}
These are unused and unmaintained, there are probably a lot of paths by
now which don't funnel through this, so remove them.
Bug: v8:9183
Change-Id: I4b48034e396b3ee481ae87283ab9a860f2f41d1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632155
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61900}
This reverts commit 8092acbe41.
Reason for revert: Causes UBSan warnings:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/6436
Original change's description:
> [wasm] Store signature with {WebAssembly.Function} objects.
>
> This adds simple serialization and deserialization of the signature
> provided when a {WebAssembly.Function} object is constructed. For now
> this signature is only used by the {WebAssembly.Function.type} method,
> but will soon be used when importing such functions as well.
>
> R=jkummerow@chromium.org
> TEST=mjsunit/wasm/type-reflection
> BUG=v8:7742
>
> Change-Id: If4a687ea537d8c12f4f01a7d3ac5a795ceb999c6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632211
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61898}
TBR=jkummerow@chromium.org,mstarzinger@chromium.org
Change-Id: I56ea9df5db3f95c05068186097e298cb73a3675d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7742
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632218
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61899}
This adds simple serialization and deserialization of the signature
provided when a {WebAssembly.Function} object is constructed. For now
this signature is only used by the {WebAssembly.Function.type} method,
but will soon be used when importing such functions as well.
R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: If4a687ea537d8c12f4f01a7d3ac5a795ceb999c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632211
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61898}
Feedback pollution can create situations in which we statically see stores to the same field with incompatible representations; dynamically this should be impossible for a single TurboFan compilation unit. Instead of failing an assertion we produce Unreachable nodes.
R=tebbi@chromium.org
Bug: chromium:967434 chromium:967506
Change-Id: Id549ec84f28b4fed2d2e5ef05b40b48bc5b30e97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632169
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61894}
Add .exe to the produced executable for the protoc compiler.
Use include_dirs instead of -isystem. Remove some more warnings that
that causes.
Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: Ia6b0df63107470ec78f8038834205a0e4fe34b21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632069
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61893}
There were some cases that were not yet contemplated on machine graph
verifier.
Also, there is some work to be done to create a Compressed HeapConstant.
Until that happens, we have to ignore HeapConstants for
DecompressionElimination's reductions.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703, v8:9298
Change-Id: I9de8dd4272866830807a8d88e625e863fb5f1d0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632209
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61892}
Due to bug chromium:893437, Torque has ASAN disabled on Windows, which
makes it impossible to run unittests for Torque with ASAN being enabled
in the unittests. To fix this, this skips Torque unittests in the
unsupported configuration.
Bug: chromium:893437
Change-Id: I6c8eee1448c63223af4d7336954190e649d125e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632214
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61891}
Just use standard C++ syntax to define structs and enums instead.
R=ahaas@chromium.org
Bug: v8:9183
Change-Id: Ibae1643bd1dc74267cdd14ec45a36fc65bf0ab4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631410
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61889}
Reduces compressions of constants, going from
Constant <- Compress <- Child
to
Compressed_Constant <- Child
This pattern commonly appeared when the Constant was being used as a
Store value (e.g StoreElement's value).
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I2e71f79ddd2a6fba42cdfe782cc89fff3a8d5ac1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627988
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61887}
The instruction is the same as the existing {select} instruction with
type. Both inputs must be in a sub-type relationship with the type
specified in the type instruction.
R=clemensh@chromium.org
Bug: v8:7581
Change-Id: Ibead6cd0253210828c8114336ea0942e6cbd6126
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631413
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61886}
In a new test suite: "wasm-api-tests", using a new binary "wasm_api_tests",
powered by gtest/gmock (like unittests).
Also fix a bunch of issues that these tests uncovered, mostly to ensure
that the stack is walkable.
Change-Id: I1d5604eea85da078ebecd4ebb7383647595f16ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627539
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61885}
see https://crrev.com/c/1627548
that CL remove this functions declaration in the header file, but did not
drop function definition in the cpp file.
Bug: v8:9183
Change-Id: I98bba3664510c0a6a6a047a8b9c7c43bcc4c3962
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631812
Auto-Submit: Yu Yin <xwafish@gmail.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61884}
The DecompressionElimination reducer can handle that case with the
comparison of Decompress vs HeapConstant. There is no need to do extra
work.
Reverts parts of https://chromium-review.googlesource.com/c/v8/v8/+/1518182.
The rest of that CL was reverted in a previous CL where the AccessBuilders
were updated.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I871577e49f9ccd95864af54bdd61884d34b7f223
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628792
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61883}
We currently have three different compresses that we thought it could be
a good idea to merge into only one. Merging them would make sense since
they all end up with the same code being generated. However, we would be
losing knowing the MachineRepresentation in the cases of CompressSigned
and Pointer.
For example, in machine-graph-verifier everything will have to be
MachineRepresentation::kCompressed
https://cs.chromium.org/chromium/src/v8/src/compiler/machine-graph-verifier.cc?l=226
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I244e2e61cab2bb87830bc0aabdbe5e43f243b424
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624798
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61882}
Change-Id: I94ad60d487e64fa72cd3123c85a1b8460ea1007b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630671
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61881}
- Fix a non-observable bug in the typer.
- Add some CHECKs where we rely on not receiving None types.
- Remove an explicit handling of None types where it's redundant and
misleading (later ToNumeric conversions can again introduce None).
Bug: chromium:965911
Change-Id: I4bb84422de3f9297131e7304216b86884f04ed49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630679
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61880}
This removes a special case from JSObject::WriteToField() where we
didn't store anything in case of initializing a double field with
the uninitialized sentinel. Instead we now store the hole NaN pattern
there, as in other places. This makes it possible to do stricter
checking in the TurboFan frontend when it comes to detecting bit
patterns.
Drive-by-fix: Refactor the related code in MigrateFastToFast() to
make it easier to follow the control flow.
Bug: v8:9299
Change-Id: Ic35d05c69fbbb136d422d29ce6abf2b09ebe22a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631606
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61879}
These two calls used Tagged, which may not match the field in question
and thus might leak a MutableHeapNumber. Since the result was used in a
very limited way, this was not a correctness bug but it should be fixed
anyways.
Bug: chromium:966229
Change-Id: Id237729b60d980ded154f70d03e98375f5edc4cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630681
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61878}
This is a quick fix for the recent bailout-on-uninitialized feature of
the serializer, which does not work with resumables. For now, simply
treat the ResumeGenerator bytecode as if it was an exception handler
entry point. I want to revisit this later because the proper fix might
be to teach the serializer about the SwitchOnGeneratorState bytecode.
Bug: chromium:966560, v8:7790
Change-Id: I48bc6ba7299faa29802159cc7c36f4629667b5d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630670
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61877}
..to the case where the intermediary add is unused.
Bug: chromium:967186
Change-Id: I8ff95e71fbad88b9b1544f375303eb5400377631
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632071
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61875}
Otherwise, we may execute the checkpoint more often which may change
timing on GCs unnecessarily as this code path is dependen on global
memory scheduling.
Bug: chromium:967573, chromium:948807
Change-Id: I8d5812dc752638801c6729b9b0c5640c3da945d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631608
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61874}
Especially for function types, this increases readability significantly.
Also the style guide recommends for 'using' over 'typedef'.
R=mstarzinger@chromium.org
Bug: v8:9183
Change-Id: If2d17863de39383f5a35e089298d37408791ce4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631415
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61872}
In BuildLoadNativeContextField(), we have access to the native context
as a constant. Use it directly, rather than loading from the current
context.
Change-Id: I60cd97586bbe5f8336f809967a3df556d0d43049
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630682
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61871}
Now heap checks for the --inline-new flag immediately after setup
before creating the initial objects.
Disabled inline allocation also disables allocation folding.
Additionally, the memory optimizer is changed to not update the
linear allocation area if allocation folding is disabled.
Change-Id: Ie43fe2d1b92c8e86204ee72a273dcf42ac89da59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624803
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61870}
Drive-by fix: For JSON, it's illegal to have an \' escape sequence in a
double quote (") string literal.
Bug: v8:8880
Change-Id: I16de0ee731e93f5ea0db8f743c9b363a6bf50a43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631599
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61868}
Win64 unwind data can specify a language-specific handler function which is
called as part of the search for an exception handler, as described in
https://docs.microsoft.com/en-us/cpp/build/exception-handling-x64?view=vs-2019.
This is used for example by Crashpad to register its own exception handler for
exceptions in V8-generated code.
There is a problem in the code that may cause a freeze on abort: in file
\deps\v8\src\unwinding-info-win64.cc in function CRASH_HANDLER_FUNCTION_NAME the
line:
return EXCEPTION_CONTINUE_SEARCH;
should be
return ExceptionContinueSearch;
These constants are both used in the context of Win32 exception handlers, but
they have different semantics and unfortunately different values:
EXCEPTION_CONTINUE_SEARCH (=0) should be returned by an exception filter
while a language-specific handler should return an EXCEPTION_DISPOSITION value,
and more precisely ExceptionContinueSearch (=1) in this case.
Bug: v8:9295
Change-Id: I1a3aaabf357e52a909611814f1ea013cf652ae06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1629795
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61867}
Instead of generating one CodeStubAssembler-like class per namespace,
Torque-generated macros are now free-standing functions not included
from CSA code, and explicitly exported macros become part of the new
TorqueGeneratedExportedMacrosAssembler, which CodeStubAssembler
inherits from, thus making them available to all CSA code.
Structs are now defined in a new header csa-types-tq.h as free-standing
types with the prefix "TorqueStruct".
This is a preparation for generating per Torque-file instead of per
namespace.
Change-Id: I60fadc493a63f85d1d340768ec6f11ae47be0cb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628787
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61865}
This is a reland of 4b86fea530 with
copy&paste typo in CodeStubAssembler::AllocateByteArray() fixed
(bug led to holes in new space, which was crashing reproducibly
on the ia32 bot).
Original change's description:
> [typedarray] Move external/data pointer to JSTypedArray.
>
> As the next step in supporting huge typed arrays in V8, this moves the
> external/data pointer from the FixedTypedArrayBase backing store to the
> JSTypedArray instance itself, and replaces the special backing stores
> with a plain ByteArray (removing all the code for the FixedTypedArrayBase
> class hierarchy). By doing so, we can drastically simplify the system
> around typed arrays.
>
> Note: Several places in the code base used to check the instance type
> of the elements backing store of a JSTypedArray instead of checking the
> elements kind on the JSTypedArray map directly. Those had to be fixed,
> since the backing store is now always a ByteArray.
>
> Drive-by-fix: Move all the typed elements access related code into the
> elements.cc file to properly encapsulate the accesses.
>
> Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
> Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183
> Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646
> Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61855}
Tbr: petermarshall@chromium.org
Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183
Change-Id: I87fcdb28532c5f08cc227332a4d59546cb423810
Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel
Cq-Include-Trybots: luci.v8.try:v8_linux_shared_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631592
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61864}
The code that copies code bytes from a MacroAssembler into a buffer in a
CodeRangeUnwindingRecord struct (used to store stack unwinding data) has an
error: it copies the whole MacroAssembler buffer size, not just the size of the
compiled instructions into an "exception thunk" array.
This has no real bad effects, because a CodeRangeUnwindingRecord is stored at
the beginning of a page reserved at the beginning of an isolate code range, but
it is quite bad and we need to fix it.
Bug: v8:3598
Change-Id: I0df0cf0173561cc939e6431bc0f01ef040fc189e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1629310
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61863}
