when applicable.
This CL also renames BodyDescriptorBase helpers
IsValidSlotImpl() -> IsValidJSObjectSlotImpl()
IterateBodyImpl() -> IterateJSObjectBodyImpl()
to make it clear that these methods are only applicable to JSObject subclasses
and fixes SmallOrderedHashTable::BodyDescriptor which used IsValidSlotImpl().
Bug: v8:8518
Change-Id: I11565bed6ebf56c6830ac0e21f866846e65025e6
Reviewed-on: https://chromium-review.googlesource.com/c/1372068
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58170}
Callbacks can keep embedder objects alive, hence clear them after
delivering the final event.
R=ahaas@chromium.org
Bug: chromium:912764
Change-Id: I9ac739bbce32cb1026991610e0720210717c333e
Reviewed-on: https://chromium-review.googlesource.com/c/1371565
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58168}
The vast majority of places puts a semicolon after these macros
(DISALLOW_ASSIGN, DISALLOW_COPY_AND_ASSIGN). Thus remove the semicolon
from the definition and fix the few places that omitted the semicolon
at the use.
R=mlippautz@chromium.org
Bug: v8:8562
Change-Id: Id730576f3061b86d8a5cee0e0b9b762f693f16ec
Reviewed-on: https://chromium-review.googlesource.com/c/1371824
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58166}
The AsyncCompileJob should be decoupled from tiering, hence the
top-tier-finished callback should not be delivered via the
AsyncCompileJob. Instead, store it directly on the CompilationState.
R=ahaas@chromium.org
Bug: v8:8050, v8:7921, chromium:912031
Change-Id: Iebd64655667a8078c34caea4edeb6cf5f40833fd
Reviewed-on: https://chromium-review.googlesource.com/c/1371604
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58165}
This patch adds micro-benchmarks for TypedArray#join with and without a separator.
The benchmark can be used to measure any TypedArray#join optimizations we implement in the future.
Test:
tools/run_perf.py --binary-override-path=out/x64.release/d8 \
--filter JSTests/TypedArrays/Join \
test/js-perf-test/JSTests.json
Bug: v8:7624
Change-Id: I526af50da0eff400d21b807ba30a9de2c3d87476
Reviewed-on: https://chromium-review.googlesource.com/c/1369333
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#58163}
This makes the deoptimizer happy, and is more consistent with other
Torque JS functions.
BUG=chromium:912504, v8:8021
R=tebbi@chromium.org, danno@chromium.org, mvstanton@chromium.org, gsathya@chromium.org
Change-Id: I4c86db9549c367dfab7f76b49a0cf3c69d3ec50b
Reviewed-on: https://chromium-review.googlesource.com/c/1366397
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58161}
We assert that loops always have effect phis because there must be
a stack check in every loop. However, with generators, the stack check
may end up outside of loop because the dispatch switch is built first
(while the dispatch switch will also keep the loop backedge alive).
The logic for creating effect phis is already in the code, so
removing the dcheck should be fine.
Bug: chromium:913232
Change-Id: Icf4df831e8b47350543c2b82a34bd3af98782a16
Reviewed-on: https://chromium-review.googlesource.com/c/1372065
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58160}
These are some tests I thought were missing. I wrote another test which
crashes because of missing safepoint maps. I will add it in a separate
CL which includes also the implementation.
R=herhut@chromium.org
Bug: v8:7581
Change-Id: Ibcc3b9ddab0f95580eb31fe78c84a26186a74db5
Reviewed-on: https://chromium-review.googlesource.com/c/1370039
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58159}
This change makes the SFI to bytecode link pseudo-weak. The marking visitors
check whether the bytecode is old, and if so, don't mark it and instead
push the SFI onto a bytecode_flushing_candidates worklist. Once marking
is complete, this list is walked, and for any of the candidates who's bytecode
has not been marked (i.e., is only referenced by the shared function info),
the bytecode is flushed and the SFI has the function data replaced with
an UncompiledData (which overwrites the flushed bytecode array).
Since we don't track JSFunctions, these can still think the underlying
function is compiled, and so calling them will invoke
InterpreterEntryTrampoline. As such, logic is added to
InterpreterEntryTrampoline to detect flushed functions, and enter
CompileLazy instead.
BUG=v8:8395
Change-Id: I4afba79f814ca9a92dec45d59485935845a6669d
Reviewed-on: https://chromium-review.googlesource.com/c/1348433
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58158}
This is a experiment to see how performance is impacted. If we tank
too much, we can revert this change.
Change-Id: I01be33f5dd78aee6a5beecdc62adbaa6c3850eb1
Bug: v8:8344
Reviewed-on: https://chromium-review.googlesource.com/c/1355279
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58157}
This was done via {managed_native_module()->get()}. Add a simple getter
for that.
R=ahaas@chromium.org
Bug: v8:8562
Change-Id: I8e461a8e16b618abdb772098fad3a6b721d54902
Reviewed-on: https://chromium-review.googlesource.com/c/1371564
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58156}
Since implicit returns are gone, this environment is never being used.
R=titzer@chromium.org
Bug: v8:8423
Change-Id: I24d61a1316433fde6835fd608c3d308592721a5c
Reviewed-on: https://chromium-review.googlesource.com/c/1371569
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58155}
These functions have been marked V8_DEPRECATE_SOON for a long time,
now all uses have been removed from Chrome, mark them as deprecated.
BUG=v8:7287,v8:8238
Change-Id: I47b23588231ca510ec2475cb476e4134c05e162a
Reviewed-on: https://chromium-review.googlesource.com/c/1356517
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58154}
In most places we already call them "branches", and the spec also only
uses this name. Hence remove the remaining mentions of "break".
R=titzer@chromium.org
Bug: v8:8562
Change-Id: I64ac39324681b8214cd2e68315eb86a69d85cba8
Reviewed-on: https://chromium-review.googlesource.com/c/1371567
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58153}
Uses the JavaScript BigInt Object to represent Wasm's 64bits integers.
Attention, 32 bits architectures are not supported yet.
Bug: v8:7741
Change-Id: I28b718fa567bca5103b2f38a879049cd20a46f12
Reviewed-on: https://chromium-review.googlesource.com/c/1355144
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58152}
Instead, return directly when branching to the outermost block. When
falling through the end of the function block, generate a standard
return, otherwise do not generate a return at the end of the function
block.
R=titzer@chromium.org
Bug: v8:8423
Change-Id: I3c5ffacfa4ef7a960d41bea62920bd98e63d78df
Reviewed-on: https://chromium-review.googlesource.com/c/1369958
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58151}
We hit a DCHECK in the wasm graph builder because the current SSA
environment is unreachable. We were using the wrong block (the target
block) to do the reachability check.
R=titzer@chromium.org
Bug: chromium:913804
Change-Id: I4cfd3a0c696fb63903a47e4448362626a524340d
Reviewed-on: https://chromium-review.googlesource.com/c/1371566
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58150}
This is purely a renaming change. The ES spec uses the term 'detach'
for the process of removing the backing store of a typed array, while
V8 uses the historical term 'neuter'. Update our internal implementation,
including method names and flag names, to match the spec.
Note that some error messages still use the term 'neuter' since error
messages are asserted by some embedder tests, like layout tests.
R=bmeurer@chromium.org, yangguo@chromium.org, mstarzinger@chromium.org, mlippautz@chromium.org
BUG=chromium:913887
Change-Id: I62f1c3ac9ae67ba01d612a5221afa3d92deae272
Reviewed-on: https://chromium-review.googlesource.com/c/1370036
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58149}
Update is_compiled() and has_feedback_vector() to return false in the case
where the SFI's bytecode has been flushed, but the JSFunction hasn't yet been
reset to uncompiled. Also add code to reset the JSFunction when it is recompiled
lazily.
BUG=v8:8394
Change-Id: I7c5f79066603ac1ae097a0a62c625b1a8e39431c
Reviewed-on: https://chromium-review.googlesource.com/c/1363138
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58148}
The typing of SpeculativeSafeIntegerSubtract didn't include -0, and the
SimplifiedLowering rules for SpeculativeSafeIntegerSubtract didn't
properly handle the case of `-0 - 0`, but would always pass Word32
truncations.
Bug: chromium:913296
Change-Id: I0e5a401f075db8b349a5579e1e294df97378ea49
Reviewed-on: https://chromium-review.googlesource.com/c/1370042
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58147}
Temporary additional verbosity to investigate crashes.
This change has a small runtime overhead to remember the input types
of NumberAdd. It should be reverted once chromiun:906567 is resolved.
Bug: chromiun:906567
Change-Id: If86124d4dd96bc3c3266cd019119906a18b8558d
Reviewed-on: https://chromium-review.googlesource.com/c/1369946
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58146}
When using correctness fuzzing, this makes sure all non-object
arguments to typed array constructors are bound by 1MiB when
interpreted as numbers.
NOTRY=true
Bug: chromium:910962
Change-Id: I66e87ece27aae7c5fa88429c5d1f1f478de702ae
Reviewed-on: https://chromium-review.googlesource.com/c/1369959
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58144}
The class declaration regexp in cpplint did not catch classes decorated
by V8_EXPORT, V8_EXPORT_PRIVATE or any other decorator containing
digits.
This will be fixed in https://github.com/google/styleguide/pull/422.
This CL already prepares the code base by fixing all errors that will
be found after that change.
Some follow-up changes were needed to fix implicit conversion that are
not taken any more now.
R=mstarzinger@chromium.org
Bug: v8:8562
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I03713bd04dbc3f54b89a6c857a93463139aa5efd
Reviewed-on: https://chromium-review.googlesource.com/c/1367751
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58143}
This callback is not being used by now, so we can just change it
without the deprecation dance.
Instead of the WasmModuleObject, it now receives the new
CompiledWasmModule wrapper which contains a shared pointer to the
NativeModule. This is all that's needed for serialization.
Some classes are pulled out of WasmModuleObject to allow reuse.
R=adamk@chromium.org, mstarzinger@chromium.org
CC=bbudge@chromium.org
Bug: chromium:912031
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Icedb64efa92e66bec45cf8742942a07ae22f59c8
Reviewed-on: https://chromium-review.googlesource.com/c/1363140
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58142}
This was deleted source side in https://crrev.com/c/1308912 with
seemingly no ill effects.
Bug: chromium:718157
Change-Id: Ic2516b391b76a8fb72df97f6f090af3c24f35766
Reviewed-on: https://chromium-review.googlesource.com/c/1371035
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58141}
We no longer implement part of the debugger in JS. Therefore we can
remove the infrastructure to support this in the bootstrapper.
Also includes some drive-by cleanups.
Bug: v8:5530
R=petermarshall@chromium.org
Change-Id: I06628a559c17f99c70029fcc94848b0c78f1d3e9
Reviewed-on: https://chromium-review.googlesource.com/c/1369945
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58140}
Fix and re-enable tests for WebAssembly's memory/constructor and
table/constructor js-api.
It introduces the '[EnforceRange] unsigned long' algorithm used
to validate initial and maximum properties.
The initial property is now required, by the switch to the Web IDL
specification. Most of the input validations errors are now considered
TypeError instead of RangeError.
The WasmTableObject and WasmMemoryObject APIs use more consistently uint32_t
to ensure integer range and remove the need for bounds checks.
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: v8:8319
Change-Id: Iedd3ee6484ef688a5e96f93006eb6ca66d805a48
Reviewed-on: https://chromium-review.googlesource.com/c/1354043
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58138}
This implementation currently only supports the optimized tier.
Bug: v8:7747
Change-Id: Ia1af29b11a5d3e8a48b122f6cf3240c9f5948bfb
Reviewed-on: https://chromium-review.googlesource.com/c/1364710
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58137}
because RelocInfo does not need host Code object for updating pointers to heap
objects embedded into code.
This CL also simplifies typed slot iteration callback signature.
Bug: v8:8518, v8:8262
Change-Id: I59fe9e3b4e9b69e3d87b5449c80bed14e311516f
Reviewed-on: https://chromium-review.googlesource.com/c/1370037
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58136}
Just pass a pointer to the current stack. This makes it easier to reuse
the {DoReturn} method for breaks to the outermost block.
R=titzer@chromium.org
Bug: v8:8423
Change-Id: Ide8533b154daa227e044820bb9c181f836ba654a
Reviewed-on: https://chromium-review.googlesource.com/c/1370028
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58132}
This loop is redundant in {GetNodes}.
R=titzer@chromium.org
Bug: v8:8423
Change-Id: Ia624fbe145ae2cd77ea099c3f109899ea6fac9c0
Reviewed-on: https://chromium-review.googlesource.com/c/1370031
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58131}
and a bit of drive-by cleanup.
Bug: v8:8518
Change-Id: I46873f0a5e56509d75f2d169dc7a4372cc94efbc
Reviewed-on: https://chromium-review.googlesource.com/c/1370027
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58130}
Instead of branching to the end merge of the outermost block, we should
return directly. This often generates shorter and faster code, since
the merge is omitted.
R=titzer@chromium.org
Bug: v8:6600, v8:8423
Change-Id: Id5e92b05d3fbbcdb69e4a8bf48629d6031d85291
Reviewed-on: https://chromium-review.googlesource.com/c/1358411
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58129}
Names of external references are statically known, so there is no need
to store them in the dynamically generated ExternalReferenceTable.
This saves 7.4kB per Isolate, plus ~46.4kB binary size.
R=mstarzinger@chromium.org
Bug: v8:8562
Change-Id: Ia494de38474e0a7308563ab6d1797ff488b0a072
Reviewed-on: https://chromium-review.googlesource.com/c/1369947
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58128}
When the --debug-code flag is turned on, we create code now which checks
if the thread-in-wasm flag has the expected value. If not, we abort
execution.
R=clemensh@chromium.org
Bug: v8:5277, v8:8554
Change-Id: I74c4e6a60b874b48f13ded9b5cee81f602e4c9fd
Reviewed-on: https://chromium-review.googlesource.com/c/1370025
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58127}
MIPS32 doesn't have instructions to properly handle 64-bit atomic
instructions.
Skipping those test on MIPS64 simulator because they have flaky
TIMEOUT on buildbots.
Change-Id: I31511dfce70a933b9326a7c270509c5f31af743a
Reviewed-on: https://chromium-review.googlesource.com/c/1367450
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Predrag Rudic <prudic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#58125}
which used to treat off-heap slots as on-heap ones and implement embedded objects
visitation in derived visitor classes.
Bug: v8:8518
Change-Id: Ia40d8135078379cca990e9167d3f1bebb3b5be0a
Reviewed-on: https://chromium-review.googlesource.com/c/1367747
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58123}
This is a reland of 9c2c8f15f8
Original change's description:
> [wasm] Support encoding s128 simd types in exceptions.
>
> This adds support for having simd type values (i.e. s128) stored in an
> exception. It is the natural combination of the simd propsal and the
> exception handling proposal.
>
> R=clemensh@chromium.org
> TEST=mjsunit/wasm/exceptions-simd
> BUG=v8:8390
>
> Change-Id: I01079f82a6ba4d9152de4dae63e3db1584ca7cd8
> Reviewed-on: https://chromium-review.googlesource.com/c/1363141
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58098}
Bug: v8:8390
Change-Id: I333c50cd766055f74b023df626d0fd90fdef3bac
Reviewed-on: https://chromium-review.googlesource.com/c/1370024
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58122}
which used to treat off-heap slots as on-heap ones and implement code target
visitation in derived visitor classes.
Bug: v8:8518
Change-Id: I477bf3a4a8a3de0c67bc15e2e20d8ecee6493da8
Reviewed-on: https://chromium-review.googlesource.com/c/1367745
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58121}
