- 09 Feb, 2021 1 commit
-
-
Frank Emrich authored
This CL is part of a series that adds the C++ implementation of SwissNameDictionary, a deterministic property backing store based on Swiss Tables. This CL contains most of the boilerplate code for introducing a new instance type. Bug: v8:11388 Change-Id: Id263b8138a8ce4b465fb28d968223d2e1aaf05a4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2672030Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Commit-Queue: Frank Emrich <emrich@google.com> Cr-Commit-Position: refs/heads/master@{#72582}
-
- 21 Jan, 2021 1 commit
-
-
Jakob Gruber authored
OWNERS files: removed tebbi's entry. TODOs: replaced with 'turbofan'. Change-Id: Ib7a90418b394f123b82051379f120f0323d04097 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639757Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Michael Hablich <hablich@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#72223}
-
- 16 Dec, 2020 3 commits
-
-
Sathya Gunasekaran authored
Previously, we were looking up the prototype of the receiver and checking that against %TypedArrayPrototype% before invalidating the protector cell. This is incorrect as it's possible to patch the prototype and then change the constructor property, bypassing this check. This CL adds a new instance type to prototype of all TypedArray constructors and checks the receiver against this instance type. TBR: tebbi@chromium.org Bug: v8:11274, v8:11256 Change-Id: I2ff6280e4cf820b06c5593fe4addd36f7ac656c4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2594776 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#71799}
-
Jakob Kummerow authored
This is useful in particular as preparation for calling this builtin from Liftoff code (where we don't have access to a Context). Bug: v8:7748 Change-Id: Ie1a10a0487a99a1e6b75693da1554d7af28e7924 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593256Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#71792}
-
Sathya Gunasekaran authored
In the future, these instance types will be used for fast range checks rather than the current slow individual map checks. Bug: v8:11256 Change-Id: I4ad7d5259fbd46c3272a80996a5ac45a400d1f5e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2590040 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#71791}
-
- 04 Dec, 2020 2 commits
-
-
Shu-yu Guo authored
Bug: v8:7367 Change-Id: I4240f6683945c0f60b30afe563f8f735563e4367 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2568230Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#71622}
-
Tobias Tebbi authored
Port String::Flatten to Torque (using a fast C call for the non-allocating part) and provide fast and easy access to sequential string data in Torque: GetStringData() flattens if necessary and computes slices that allow direct access. Applications: String.prototype.replaceAll, String.prototype.endsWith, and String.prototype.beginsWith now use GetStringData() and direct slice access instead of the slow StringCharCodeAt and they no longer bail out to the runtime for flattening. Drive-by changes: - Expose String instance type bits as bitfields and enums in Torque. - Fix method lookup in Torque to include superclass methods. - Use char8 and char16 types in more places. - Allow fast C calls with void return type. - Add Torque macros to create subslices. - Add no-GC scopes to runtime functions loading external string data. Bug: v8:7793 Change-Id: I763b9b24212770307c9b2fe9f070f21f65d68d58 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565515 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71611}
-
- 03 Dec, 2020 1 commit
-
-
Thibaud Michaud authored
First step towards the new exception handling proposal: https://github.com/WebAssembly/exception-handling/issues/125 This is essentially a revert of: "[wasm] Switch to new 'catch' and 'br_on_exn' proposal." The changes are: - "catch" instruction takes a tag immediate, - "rethrow" instruction takes a label immediate, - Add "catch_all" instruction, - Remove "br_on_exn" instruction, - Do not push exceptions on the stack, only the encoded values R=clemensb@chromium.org CC=aheejin@chromium.org Bug: v8:8091 Change-Id: Iea4d8d5a5d3ad50693f645e93c13e8de117aa884 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484514 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71602}
-
- 20 Nov, 2020 1 commit
-
-
Frank Emrich authored
This CL adds partial support for objects whose slow mode dictionaries are OrderedNameDictionaries. This is the case for all slow mode objects if V8_DICT_MODE_PROTOTYPES is enabled. Specifically, this CL contains minor changes to CSA code, short of actually performing ordered dictionary lookups using CSA implementations of these lookups. Bug: v8:7569 Change-Id: I0dab0f21000ca3b9b170ace58787ec639d587e64 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2540590 Commit-Queue: Frank Emrich <emrich@google.com> Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#71304}
-
- 19 Nov, 2020 1 commit
-
-
Tobias Tebbi authored
This uses the old trick from TypedArrays: a Smi-like all zero pattern plus an offset that actually contains a raw address to access off-heap data. Bug: v8:7793 Change-Id: Ia44448d4ff7e2dcaa02a2c5653f622fb93c3dd09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2534817Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#71287}
-
- 12 Nov, 2020 1 commit
-
-
Sathya Gunasekaran authored
Instead of just comparing the first 4 elements, load and loop over the entire array so that we don't miss out on deprecate maps. Bug: v8:10582 Change-Id: I67542e2ab24367a11a4bb84b6745a4fa80c42772 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2524441 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71141}
-
- 05 Nov, 2020 1 commit
-
-
Z Nguyen-Huu authored
StringPrototypeTrim, StringPrototypeTrimStart, StringPrototypeTrimEnd Bug: v8:8996 Change-Id: Ic1155b072d7de888f81a739236d224d00ae46c79 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2511529 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#70995}
-
- 02 Nov, 2020 1 commit
-
-
Tobias Tebbi authored
Drive-by fixes: - Use constexpr types to determine C++ type names. - Fix factory constructors to not skip write barriers in old generation. Change-Id: I0ebbfd56c06ad41d02836fb48531ae7eded166bf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400994Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#70921}
-
- 23 Oct, 2020 1 commit
-
-
Ross McIlroy authored
The TryMigrateInstance should be passed the instance object to migrate, not the map of the object. Also make the runtime function explicitly check for JSObjects. BUG=v8:9684 Change-Id: I03605d9f3103b618243c12ad0b63035484ef4134 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487270 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#70731}
-
- 22 Oct, 2020 2 commits
-
-
Manos Koukoutos authored
This is a reland of 6227c95e Fixes compared to original landing: - Decode a WASM_TO_JS_FUNCTION Code object as a WASM_TO_JS frame. - Enable call_ref on WasmJSFunctions with arity mismatch. - Use builtin pointer in BuildWasmToJSWrapper, to avoid having to resolve the relocatable constant. Original change's description: > [wasm-gc] Implement call_ref on WasmJSFunction > > Changes: > - Introduce turbofan builtin WasmAllocatePair. > - Implement call_ref for WasmJSFunction in wasm-compiler.cc. > - Remove WasmJSFunction trap. > - Improve and extend call-ref.js test. > > Bug: v8:9495 > Change-Id: I8b4d1ab70cbbe9ae37887a6241d409eec638fd28 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463226 > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70535} Bug: v8:9495 Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng Change-Id: I294947059e612d417d92614a43cb7383cd5f3b92 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476314 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70719}
-
Seth Brenith authored
Originally, the Torque-generated verifier for a field with type Undefined|Zero|NonNullForeign would check `f.IsUndefined() || f.IsZero() || f.IsNonNullForeign()`. At some point, we changed Torque so that it now generates the much weaker `f.IsOddball() || f.IsSmi() || f.IsForeign()`. This change returns the verifiers to their initial precision. Mostly we can use the names of abstract types to build up the correct type check expression, but a few abstract types like PodArrayOfWasmValueType have no way that we can tell them apart from their parent type at runtime. It would be confusing to have a function Object::IsPodArrayOfWasmValueType which actually just checks whether the object is a ByteArray, so this change introduces a new annotation which allows abstract type declarations to state that they should use their parent type during verification. This change also adds new test cases to help avoid future regressions of this logic. Bug: v8:7793 Change-Id: Ie5046d742fd45e0e0f6c2ba387d909e9f2ac6df1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2469960Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#70698}
-
- 15 Oct, 2020 2 commits
-
-
Maya Lekova authored
This reverts commit 6227c95e. Reason for revert: Breaks Mac64 GC stress - https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8866365194967638384/+/steps/Check_-_d8/0/logs/call-ref/0 Original change's description: > [wasm-gc] Implement call_ref on WasmJSFunction > > Changes: > - Introduce turbofan builtin WasmAllocatePair. > - Implement call_ref for WasmJSFunction in wasm-compiler.cc. > - Remove WasmJSFunction trap. > - Improve and extend call-ref.js test. > > Bug: v8:9495 > Change-Id: I8b4d1ab70cbbe9ae37887a6241d409eec638fd28 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463226 > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70535} TBR=clemensb@chromium.org,manoskouk@chromium.org Change-Id: Ifad2cd8185df5e8d6766cefbcd3f28234a157dfb No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9495 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2475735Reviewed-by:
Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#70539}
-
Manos Koukoutos authored
Changes: - Introduce turbofan builtin WasmAllocatePair. - Implement call_ref for WasmJSFunction in wasm-compiler.cc. - Remove WasmJSFunction trap. - Improve and extend call-ref.js test. Bug: v8:9495 Change-Id: I8b4d1ab70cbbe9ae37887a6241d409eec638fd28 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463226 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70535}
-
- 05 Oct, 2020 2 commits
-
-
Manos Koukoutos authored
This was not happening when there was no need to typecheck the entry. Additional changes: - Add tests with null table entries for typed and untyped function tables. - Allow AddIndirectFunctionTable in wasm-run-utils to specify table type. - Add possibility to define tables in test-gc.cc. - Merge trapTableOutOfBounds with trapInvalidFunc. - Use trapTableOutOfBounds in call_indirect as appropriate. - Fix emission of table types in wasm-module-builder.cc. Bug: v8:9495 Change-Id: I4a857ff4378e5a87dc0646d94b4c75635a43c55b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442622Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#70311}
-
Sathya Gunasekaran authored
Instead of loading the map from the feedback vector for monomorphic access, this CL directly inlines the expected map constant as a static check. In case this static check fails, we call out to a builtin which performs additional dynamic map checks. There are several dynamic map checks performed by the builtin for various cases such as: (a) IC is monomorphic with a map that's different from the initial static map that we checked, in which case we perform another dynamic map check. (b) IC is monomorphic but incoming map is a deprecated map in which case we call out the runtime to migrate this incoming object to a new map and then try to handle it. (c) IC has now transitioned to polymorphic in which we use the old dynamic polymorphic checks to validate the map and handler. Bug: v8:10582, v8:9684 Change-Id: Id87265ed513e4aef87b8e66c826afbf10f50a1d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2429034 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#70304}
-
- 30 Sep, 2020 1 commit
-
-
Jakob Kummerow authored
Sorting a TypedArray with a custom compare function requires us to copy the array's contents to a FixedArray. When the TypedArray is larger than FixedArray::kMaxLength, we should throw a RangeError rather than crashing with an OOM message. Fixed: v8:10931 Change-Id: I8a27cc0ac80a9172bc5e8e154fdf4ccce5974317 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440575 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#70232}
-
- 29 Sep, 2020 1 commit
-
-
Sathya Gunasekaran authored
Instead of always inlining the polymorphic map checks, this CL introduces a builtin to perform these polymorphic map checks when the IC is monomorphic at compile time. This reduces the time we spend compiling and code bloat while trading it for performance. Bug: v8:10582, v8:9684 Change-Id: I7aea698988f8ead3cbf3f4a836218f53223f0f98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2398525 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70200}
-
- 24 Sep, 2020 1 commit
-
-
Manos Koukoutos authored
Changes: - Add dedicated exception for call_ref invoking a WasmJSFunction. - Small restructuring of read_value_type. - Change HeapType::kLastSentinel to point to the last valid type, update is_valid(). - Remove redundant DCHECK from ValueType constructors. - Rename a few section-related macros in module-decoder-unittest.cc, add a small test. - Rename "Simd128" -> "s128" in error message. - Write some documentation, mostly in value-type.h and wasm-subtyping.h. Bug: v8:7748 Change-Id: I4fc4826fbdeac50e21ef524787c2024d7aa1b3b2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2424139 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#70118}
-
- 14 Sep, 2020 1 commit
-
-
Daniel Clifford authored
Specifically, all the EmitKeyedSloppyArgumentsXXX methods. Change-Id: I5d98c0f031b858e1e5342020f5ad68526c57c42a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235694 Commit-Queue: Daniel Clifford <danno@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#69886}
-
- 11 Sep, 2020 2 commits
-
-
Victor Gomes authored
Only for the interpreter. Change-Id: I2456a7d6b385b3b8ebcb3ff8782ea5586289bea6 Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400343 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#69851}
-
Georg Neis authored
Change-Id: Idb5ac9b0d3703e94f33d74318080790d00c4ec45 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2401428 Auto-Submit: Georg Neis <neis@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#69836}
-
- 07 Sep, 2020 1 commit
-
-
Victor Gomes authored
When the interface descriptor of a builtin uses DEFINE_JS_PARAMETERS, the extra stack arguments must be positioned just above the return address, otherwise we would need to calculate its offset depending on the actual number of the arguments, we currently use a fixed offset to access them in CSA. Therefore, these extra arguments are either the first arguments when V8_REVERSE_JSARGS is enabled or otherwise the last arguments. Change-Id: If38ac7fd7f0079fc0e4fdccdb6cfb26e0425eb84 Bug: v8:10825 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379854Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69714}
-
- 06 Aug, 2020 5 commits
-
-
Bill Budge authored
This is a reland of ce249dbb As it's unchanged, TBR=leszeks@chromium.org,tebbi@chromium.org Original change's description: > [torque] Port some constructor builtins to Torque. > > - FastNewFunctionContextEval > - FastNewFunctionContextFunction > - CreateEmptyLiteralObject > - CreateRegExpLiteral > - CreateEmptyArrayLiteral > - CreateShallowArrayLiteral > - CreateShallowObjectLiteral > - NumberConstructor > - ObjectConstructor > - GenericLazyDeoptContinuation > > Bug: v8:9891 > > Change-Id: Idd4bf035d8dbeec03b9ef727e1bfb80eab4bc43c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2311411 > Commit-Queue: Bill Budge <bbudge@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69082} Bug: v8:9891 Change-Id: I566d4167c02488ef6a9a1c73015af5e2f484a31d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330382 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69281}
-
Z Nguyen-Huu authored
Just a fast iteration over bytes written in Torque for Smi number and non-decimal radix, also only for more than one string character result. Improve following micro-benchmark by ~75% Before toHexString toHexString-Numbers(Score): 7905000 After toHexString toHexString-Numbers(Score): 14419000 Bug: v8:10477 Change-Id: I366092d4d70156ad33830352c1122af8794bea76 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330221 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69272}
-
Leszek Swirski authored
Changes the isolate's string table into an off-heap structure. This allows the string table to be resized without allocating on the V8 heap, and potentially triggering a GC. This allows existing strings to be inserted into the string table without requiring allocation. This has two important benefits: 1) It allows the deserializer to insert strings directly into the string table, rather than having to defer string insertion until deserialization completes. 2) It simplifies the concurrent string table lookup to allow resizing the table inside the write lock, therefore eliminating the race where two concurrent lookups could both resize the table. The off-heap string table has the following properties: 1) The general hashmap behaviour matches the HashTable, i.e. open addressing, power-of-two sized, quadratic probing. This could, of course, now be changed. 2) The empty and deleted sentinels are changed to Smi 0 and 1, respectively, to make those comparisons a bit cheaper and not require roots access. 3) When the HashTable is resized, the old elements array is kept alive in a linked list of previous arrays, so that concurrent lookups don't lose the data they're accessing. This linked list is cleared by the GC, as then we know that all threads are in a safepoint. 4) The GC treats the hash table entries as weak roots, and only walks them for non-live reference clearing and for evacuation. 5) Since there is no longer a FixedArray to serialize for the startup snapshot, there is now a custom serialization of the string table, and the string table root is considered unserializable during weak root iteration. As a bonus, the custom serialization is more efficient, as it skips non-string entries. As a drive-by, rename LookupStringExists_NoAllocate to TryStringToIndexOrLookupExisting, to make it clearer that it returns a non-string for the case when the string is an array index. As another drive-by, extract StringSet into a separate header. Bug: v8:10729 Change-Id: I9c990fb2d74d1fe222920408670974a70e969bca Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339104 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#69270}
-
Tobias Tebbi authored
This is a reland of 408e7240 Change: Allow CSA load elimination accross code comments Original change's description: > [torque] typed context slot access > > This introduces a new type Slot<ContextType, SlotType> that is used > for enum values used to access context slots. > Together with new types for the various custom contexts used in > Torque, this results in fairly type-safe access to context slots, > including the NativeContext's slots. > > Drive-by changes: > - Introduce a new header file to specify headers needed for > generated CSA headers, to reduce the amount of includes specified > in implementation-visitor.cc > - Port AllocateSyntheticFunctionContext to Torque. > > Bug: v8:7793 > Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Seth Brenith <seth.brenith@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#69249} Bug: v8:7793 Change-Id: I1fe100d8d62e8220524eddb8ecc4faa85219748d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339462Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#69264}
-
Jakob Gruber authored
This reverts commit 408e7240. Reason for revert: debug builds fail is_component_build = true is_debug = true use_goma = true v8_enable_backtrace = true v8_enable_debugging_features = true v8_enable_fast_mksnapshot = true v8_enable_slow_dchecks = true v8_enable_snapshot_code_comments = true v8_enable_verify_csa = true v8_optimized_debug = false v8_use_multi_snapshots = false # Fatal error in ../../src/compiler/backend/instruction-selector.cc, line 3088 # Expected Turbofan static assert to hold, but got non-true input: static_assert(nativeContext == LoadNativeContext(context)) at src/builtins/promise-resolve.tq:45:5 Original change's description: > [torque] typed context slot access > > This introduces a new type Slot<ContextType, SlotType> that is used > for enum values used to access context slots. > Together with new types for the various custom contexts used in > Torque, this results in fairly type-safe access to context slots, > including the NativeContext's slots. > > Drive-by changes: > - Introduce a new header file to specify headers needed for > generated CSA headers, to reduce the amount of includes specified > in implementation-visitor.cc > - Port AllocateSyntheticFunctionContext to Torque. > > Bug: v8:7793 > Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Seth Brenith <seth.brenith@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#69249} TBR=tebbi@chromium.org,seth.brenith@microsoft.com Change-Id: I90c014022a808449aca4a9b9b3c3b8e036beb28e No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7793 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340903Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69256}
-
- 05 Aug, 2020 2 commits
-
-
Tobias Tebbi authored
Make sure that Torque/CSA generated phi's get kRepWord32 instead of kRepWord8 or kRepWord16, since that's how we handle small integer values in Turbofan. Bug: v8:7793 Change-Id: I992b43287552b6117e90fbd0e11576470bc91509 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339096 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69253}
-
Tobias Tebbi authored
This introduces a new type Slot<ContextType, SlotType> that is used for enum values used to access context slots. Together with new types for the various custom contexts used in Torque, this results in fairly type-safe access to context slots, including the NativeContext's slots. Drive-by changes: - Introduce a new header file to specify headers needed for generated CSA headers, to reduce the amount of includes specified in implementation-visitor.cc - Port AllocateSyntheticFunctionContext to Torque. Bug: v8:7793 Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#69249}
-
- 03 Aug, 2020 1 commit
-
-
Jakob Kummerow authored
This is a stop-gap solution (while we wait for a proper spec) that lets managed WasmGC objects perform round-trips through JavaScript. On the JavaScript side, they appear as empty/opaque. Bug: v8:7748 Change-Id: I0dd368bc14d622f3ef41871484228267359e9b5b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316306 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#69207}
-
- 30 Jul, 2020 1 commit
-
-
Gus Caplan authored
Bug: v8:9891 Change-Id: Ief289a9990ac545aa479f564094e3bbde4144aae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2293709 Commit-Queue: Gus Caplan <snek@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69145}
-
- 27 Jul, 2020 3 commits
-
-
Shu-yu Guo authored
This reverts commit ce249dbb. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/32375 Original change's description: > [torque] Port some constructor builtins to Torque. > > - FastNewFunctionContextEval > - FastNewFunctionContextFunction > - CreateEmptyLiteralObject > - CreateRegExpLiteral > - CreateEmptyArrayLiteral > - CreateShallowArrayLiteral > - CreateShallowObjectLiteral > - NumberConstructor > - ObjectConstructor > - GenericLazyDeoptContinuation > > Bug: v8:9891 > > Change-Id: Idd4bf035d8dbeec03b9ef727e1bfb80eab4bc43c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2311411 > Commit-Queue: Bill Budge <bbudge@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69082} TBR=bbudge@chromium.org,jgruber@chromium.org,leszeks@chromium.org,tebbi@chromium.org Change-Id: I76272a4d439ef95213fdfb659bdbcb71e16daec6 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9891 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2321111Reviewed-by:
Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#69084}
-
Bill Budge authored
- FastNewFunctionContextEval - FastNewFunctionContextFunction - CreateEmptyLiteralObject - CreateRegExpLiteral - CreateEmptyArrayLiteral - CreateShallowArrayLiteral - CreateShallowObjectLiteral - NumberConstructor - ObjectConstructor - GenericLazyDeoptContinuation Bug: v8:9891 Change-Id: Idd4bf035d8dbeec03b9ef727e1bfb80eab4bc43c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2311411 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69082}
-
Tobias Tebbi authored
When mksnapshot fails on a static assert in Torque, print the statement and position from the Torque source. To enable special treatment, change the syntax of static asserts in Torque from StaticAssert() to static_assert() to align with assert() and check() statements. Bug: v8:7793 Change-Id: Idda8e3c342bdcefc893ff297f8d7727d2734c221 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2317314 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#69069}
-
- 23 Jul, 2020 1 commit
-
-
Jakob Gruber authored
A small step for a JSFunction, one giant leap for V8. Tbr: clemensb@chromium.org Bug: v8:8888 Change-Id: I968bb819763994ec611cde7e502adea30339a387 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2315979 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69018}
-