1. 13 May, 2022 1 commit
  2. 26 Apr, 2022 1 commit
  3. 19 Apr, 2022 2 commits
  4. 27 Jan, 2022 1 commit
  5. 27 Dec, 2021 1 commit
    • Patrick Thier's avatar
      [turbofan] Introduce Type for Class Constructors · b014d0ba
      Patrick Thier authored
      This CL splits the TF type for JSFunction into CallableFunction and
      ClassConstructor. This differentiation allows us to lower calls to the
      CallFunction Builtin only for functions that we can actually call.
      Class Constructors are special, as they are callable but should raise
      an exception if called.
      By not lowering class constructors to calls to CallFunction (but the
      more generall Call) builtin, we can remove the checks for class
      constructors from CallFunction (in a follow-up CL).
      
      Bug: chromium:1262750
      Change-Id: I399967eb03b2f20d2dcb67aef2243b32c9d3174e
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3350457Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Commit-Queue: Patrick Thier <pthier@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#78445}
      b014d0ba
  6. 15 Dec, 2021 1 commit
    • Samuel Groß's avatar
      V8 Sandbox rebranding · 277fdd1d
      Samuel Groß authored
      This CL renames a number of things related to the V8 sandbox.
      Mainly, what used to be under V8_HEAP_SANDBOX is now under
      V8_SANDBOXED_EXTERNAL_POINTERS, while the previous V8 VirtualMemoryCage
      is now simply the V8 Sandbox:
      
      V8_VIRTUAL_MEMORY_CAGE => V8_SANDBOX
      V8_HEAP_SANDBOX => V8_SANDBOXED_EXTERNAL_POINTERS
      V8_CAGED_POINTERS => V8_SANDBOXED_POINTERS
      V8VirtualMemoryCage => Sandbox
      CagedPointer => SandboxedPointer
      fake cage => partially reserved sandbox
      src/security => src/sandbox
      
      This naming scheme should simplify things: the sandbox is now the large
      region of virtual address space inside which V8 mainly operates and
      which should be considered untrusted. Mechanisms like sandboxed pointers
      are then used to attempt to prevent escapes from the sandbox (i.e.
      corruption of memory outside of it). Furthermore, the new naming scheme
      avoids the confusion with the various other "cages" in V8, in
      particular, the VirtualMemoryCage class, by dropping that name entirely.
      
      Future sandbox features are developed under their own V8_SANDBOX_X flag,
      and will, once final, be merged into V8_SANDBOX. Current future features
      are sandboxed external pointers (using the external pointer table), and
      sandboxed pointers (pointers guaranteed to point into the sandbox, e.g.
      because they are encoded as offsets). This CL then also introduces a new
      build flag, v8_enable_sandbox_future, which enables all future features.
      
      Bug: v8:10391
      Change-Id: I5174ea8f5ab40fb96a04af10853da735ad775c96
      Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322981Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Commit-Queue: Samuel Groß <saelo@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#78384}
      277fdd1d
  7. 02 Dec, 2021 1 commit
    • Samuel Groß's avatar
      Use CagedPointers for ArrayBuffer backing stores · 42ed4928
      Samuel Groß authored
      This CL turns references to ArrayBuffer backing stores from
      JSArrayBuffers, JSTypedArrays, and JSDataViews into CagedPointers
      when those are enabled.
      
      CagedPointers cannot generally represent nullptr, as NULL usually lies
      outside the cage. As such, nullptr backing stores are replaced with a
      special empty backing store value, which, in the current implementation,
      points to the end of the cage, right in front of the trailing guard
      regions. Due to this, it is no longer correct to compare a backing store
      pointer against nullptr.
      
      Bug: chromium:1218005
      Change-Id: I4a6c7a82aabb4debcb6bb2babe4035ba2da8e79f
      Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3244419
      Commit-Queue: Samuel Groß <saelo@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#78218}
      42ed4928
  8. 09 Sep, 2021 1 commit
  9. 17 Aug, 2021 1 commit
  10. 12 Aug, 2021 1 commit
  11. 10 May, 2021 1 commit
  12. 12 Apr, 2021 1 commit
    • Wenyu Zhao's avatar
      Allowing map word to be used for other state in GC header. · 5e0b94c4
      Wenyu Zhao authored
      This CL adds features to pack/unpack map words.
      
      Currently V8 cannot store extra metadata in object headers -- because V8
      objects do not have a proper header, but only a map pointer at the start
      of the object. To store per-object metadata like marking data, a side
      table is required as the per-object metadata storage.
      
      This CL enables V8 to use higher unused bits in a 64-bit map word as
      per-object metadata storage. Map pointer stores come with an extra step
      to encode the metadata into the pointer (we call it "map packing").
      Map pointer loads will also remove the metadata bits as well (we call it
      "map packing").
      
      Since the map word is no longer a valid pointer after packing, we also
      change the tag of the packed map word to make it looks like a Smi. This
      helps various GC and barrier code to correctly skip them instead of
      blindly dereferencing this invalid pointer.
      
      A ninja flag `v8_enable_map_packing` is provided to turn this
      map-packing feature on and off. It is disabled by default.
      
      * Only works on x64 platform, with `v8_enable_pointer_compression`
        set to `false`
      
      Bug: v8:11624
      Change-Id: Ia2bdf79553945e5fc0b0874c87803d2cc733e073
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247561Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#73915}
      5e0b94c4
  13. 11 Nov, 2020 1 commit
  14. 28 Oct, 2020 2 commits
    • Tobias Tebbi's avatar
      [torque] generate C++ class definitions per Torque file · 03f60296
      Tobias Tebbi authored
      This CL splits the class definitions per .tq file, to realize the
      following relationship:
      A class defined in src/objects/foo.tq has a C++ definition in
      src/objects/foo.h. Torque then generates:
      
      - torque-generated/src/objects/foo-tq.inc
        An include file (no proper header) to be included in src/objects/foo.h
        containing the Torque-generated C++ class definition.
      
      - torque-generated/src/objects/foo-tq-inl.inc
        An include file (no proper header) to be included in
        src/objects/foo-inl.h containing inline function definitions.
      
      - torque-generated/src/objects/foo-tq.cc
        A source file including src/objects/foo-inl.h that contains non-inline
        function definitions.
      
      Advantages of this approach:
      - Avoid big monolithic headers and preserve the work that went into
        splitting objects.h
      - Moving a definition to Torque keeps everything in the same place
        from a C++ viewpoint, including a fully Torque-generated C++ class
        definition.
      - The Torque-generated include files do not need to be independent
        headers, necessary includes or forward declarations can just be added
        to the headers that include them.
      
      Drive-by changes:
      A bunch of definitions and files had to be moved or created to realize
      a consistent 1:1 relationship between .tq files and C++ headers.
      
      
      Bug: v8:7793
      TBR: hpayer@chromium.org
      Change-Id: I239a89a16d0bc856a8669d7c92aeafe24a7c7663
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2470571
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Reviewed-by: 's avatarSeth Brenith <seth.brenith@microsoft.com>
      Cr-Commit-Position: refs/heads/master@{#70853}
      03f60296
    • Mythri A's avatar
      Reland "[turboprop] Add a slot for optimization marker in feedback vector" · c01a36d5
      Mythri A authored
      This is a reland of d7ece57e with
      a fix to failures on NumFuzz.
      
      Original change's description:
      > [turboprop] Add a slot for optimization marker in feedback vector
      >
      > Optimization marker and the optimized code used to share the same slot
      > in the feedback vector as they were mutually exclusive. With turboprop
      > we would want to mark the function for tier up to Turbofan while holding
      > the optimized code for Turboprop. So this cl uses the existing padding
      > field to hold the optimization marker instead.
      >
      > As a driveby, removes unused JSFunction::ClearOptimizedCodeSlot function
      > and fixes a minor bug in Runtime_GetOptimizationStatus.
      >
      > Bug: v8:9684
      > Change-Id: I18c551a69648a0837d16c5453d023c0b295b1521
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467836
      > Commit-Queue: Mythri Alle <mythria@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70789}
      
      Bug: v8:9684
      Change-Id: Ie6aa3c061a852bb047b5921e4e747d43505568e3
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502871
      Commit-Queue: Mythri Alle <mythria@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70834}
      c01a36d5
  15. 27 Oct, 2020 2 commits
  16. 09 Oct, 2020 1 commit
  17. 30 Sep, 2020 1 commit
    • Jakob Gruber's avatar
      [nci] Update invocation count in the NCI prologue · c11a054e
      Jakob Gruber authored
      The invocation count is part of call feedback, and is used during
      tier-up to determine inlining candidates. For bytecode, it is updated
      by the InterpreterEntryTrampoline, which can be seen as a global
      prologue for all bytecode functions.
      
      Since NCI tiers up, it must also track the invocation count. This CL
      adds it to the NCI prologue sequence (emitted as part of every NCI
      code object).
      
      Bug: v8:8888
      Change-Id: I04b33c9c8b0bdd975aceb97145f159798e18b97b
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436340
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70221}
      c11a054e
  18. 25 Sep, 2020 1 commit
    • Tobias Tebbi's avatar
      Reland "[torque] refactor: use -tq only in filenames derived from .tq files" · 21b58516
      Tobias Tebbi authored
      This is a reland of 64caf2b0
      
      Original change's description:
      > [torque] refactor: use -tq only in filenames derived from .tq files
      >
      > This is to establish a naming rule for Torque-generated files:
      > - If the file is called foo/bar-tq..., then it is derived from a
      >   file foo/bar.tq
      > - Otherwise it doesn't belong to a specific .tq file.
      >
      > So far, we attached -tq to all Torque-generated file names, where it
      > sometimes corresponded to a .tq file name and sometimes not.
      > It is not necessary to add -tq to file names to indicate that they are
      > Torque-generated, since they are already in a directory called
      > torque-generated, and we always refer to them as
      > "torque-generated/filename", so there is no confusion even though some
      > files now have the same name as a corresponding hand-written file, for
      > example factory.cc.
      >
      > TBR: hpayer@chromium.org
      > Bug: v8:7793
      > Change-Id: Ie172babad1fc7422fd1059c48f5dafaa53e50c8b
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2414218
      > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70060}
      
      Bug: v8:7793
      TBR: hpayer@chromium.org jgruber@chromium.org
      Change-Id: I6c492bc64aee1ff167e7ef401825eca9097a7f38
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2431565
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70137}
      21b58516
  19. 22 Sep, 2020 2 commits
    • Francis McCabe's avatar
      Revert "[torque] refactor: use -tq only in filenames derived from .tq files" · 92aaace1
      Francis McCabe authored
      This reverts commit 64caf2b0.
      
      Reason for revert: Seems to be causing a failure:
      https://ci.chromium.org/p/v8/builders/ci/V8%20Linux/38809?
      
      Original change's description:
      > [torque] refactor: use -tq only in filenames derived from .tq files
      > 
      > This is to establish a naming rule for Torque-generated files:
      > - If the file is called foo/bar-tq..., then it is derived from a
      >   file foo/bar.tq
      > - Otherwise it doesn't belong to a specific .tq file.
      > 
      > So far, we attached -tq to all Torque-generated file names, where it
      > sometimes corresponded to a .tq file name and sometimes not.
      > It is not necessary to add -tq to file names to indicate that they are
      > Torque-generated, since they are already in a directory called
      > torque-generated, and we always refer to them as
      > "torque-generated/filename", so there is no confusion even though some
      > files now have the same name as a corresponding hand-written file, for
      > example factory.cc.
      > 
      > TBR: hpayer@chromium.org
      > Bug: v8:7793
      > Change-Id: Ie172babad1fc7422fd1059c48f5dafaa53e50c8b
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2414218
      > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70060}
      
      TBR=jgruber@chromium.org,tebbi@chromium.org
      
      Change-Id: I6960fe540861947536c6ddfc0f4887ea80899fae
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:7793
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2424486Reviewed-by: 's avatarFrancis McCabe <fgm@chromium.org>
      Commit-Queue: Francis McCabe <fgm@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70065}
      92aaace1
    • Tobias Tebbi's avatar
      [torque] refactor: use -tq only in filenames derived from .tq files · 64caf2b0
      Tobias Tebbi authored
      This is to establish a naming rule for Torque-generated files:
      - If the file is called foo/bar-tq..., then it is derived from a
        file foo/bar.tq
      - Otherwise it doesn't belong to a specific .tq file.
      
      So far, we attached -tq to all Torque-generated file names, where it
      sometimes corresponded to a .tq file name and sometimes not.
      It is not necessary to add -tq to file names to indicate that they are
      Torque-generated, since they are already in a directory called
      torque-generated, and we always refer to them as
      "torque-generated/filename", so there is no confusion even though some
      files now have the same name as a corresponding hand-written file, for
      example factory.cc.
      
      TBR: hpayer@chromium.org
      Bug: v8:7793
      Change-Id: Ie172babad1fc7422fd1059c48f5dafaa53e50c8b
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2414218
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70060}
      64caf2b0
  20. 10 Sep, 2020 2 commits
    • Jakob Gruber's avatar
      [nci] Implement tier-up (part 3, spawn task & install) · 608018e5
      Jakob Gruber authored
      This is the final part of the tier-up commit series. It implements:
      
      - A prologue in NCI code objects that checks and acts upon the
      optimization marker.
      - Currently, handling is deferred to the InterpreterEntryTrampoline
      but this will change in the future.
      - The lifecycle is otherwise like Ignition-to-Turbofan; the runtime
      profiler marks a function for optimization, the next call to that
      function triggers optimization by calling into runtime, and the
      finished code object is installed both on the JSFunction and the
      optimized code cache.
      - The feedback vector's kOptimizedCodeWeakOrSmiOffset slot is
      currently reused for the mid-to-top tier up.
      
      Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
      Bug: v8:8888
      Change-Id: Iff50b05ddcc68b25d7ed0f1e0d20af076a1522a0
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2361466Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarMythri Alle <mythria@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69808}
      608018e5
    • Sathya Gunasekaran's avatar
      [turboprop] Unroll loop in the dynamic map checks operator · 9c67790b
      Sathya Gunasekaran authored
      The dynamic map checks operator loads the feedback vector and performs
      map checks against each map and handler entry in the feedback against
      the incoming map and handler.
      
      Instead of emitting code to iterate over this feedback vector at
      runtime, we unroll this loop at compile time.
      
      The generated code is similar to this pseudocode:
      
        length = feedback_slot.length
        if length >= 4: goto labels[3]
        if length == 3: goto labels[2]
        if length == 2: goto labels[1]
        if length == 1: goto labels[0]
      
        labels[3]:
          map = load(feedback_slot, 6)
          if incoming_map == map goto handler_check(7)
          goto labels[2]
        labels[2]:
          map = load(feedback_slot, 4)
          if incoming_map == map goto handler_check(5)
          goto labels[1]
        labels[1]:
          map = load(feedback_slot, 2)
          if incoming_map == map goto handler_check(3)
          goto labels[0]
        labels[0]:
          map = load(feedback_slot, 0)
          if incoming_map == map goto handler_check(1)
          bailout
      
        handler_check (index):
          handler = load(feedback_slot, index)
          if incoming_handler ==  handler goto done
          deoptimize
      
      Bug: v8:10582, v8:9684
      Change-Id: I64d64ff8eda664e4d476bf1b2612e26a344e98a6
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339960
      Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
      Reviewed-by: 's avatarMythri Alle <mythria@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69797}
      9c67790b
  21. 29 Jul, 2020 1 commit
    • Jakob Gruber's avatar
      [nci] Update interrupt budget from NCI code · 980e224a
      Jakob Gruber authored
      This is the first step towards implementing a tier-up mechanism from
      NCI code to TF. We will follow the existing Ignition-to-Turbofan
      mechanics, which are, roughly:
      
      1. Track a bytecode interrupt budget.
      2. When exhausted, call the runtime profiler, which increments
         profiler ticks for the top frame's function.
      3. When a function should tier up, it is marked as such using the
         FeedbackVector::optimized_code_weak_or_smi slot / the
         OptimizationMarker mechanism.
      4. The InterpreterEntryTrampoline checks this slot and calls into
         runtime to compile if needed.
      5. The finished code is also placed into this slot, as well as
         installed on the JSFunction.
      6. Again, the IET checks the slot and tail-calls the code object if it
         exists.
      
      This CL implements step 1 for NCI code by inserting the new simplified
      UpdateInterruptBudget operator at the same spots (and using the same
      offsets) as Ignition. When the budget is exhausted, we call a runtime
      function that currently does nothing and will be implemented in the
      next CL.
      
      Bug: v8:8888
      Change-Id: I98c0f8d96f32d515218dc2a76f961d44fe281c86
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2312778
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Reviewed-by: 's avatarMythri Alle <mythria@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69124}
      980e224a
  22. 20 Jul, 2020 1 commit
  23. 07 Jul, 2020 2 commits
  24. 22 Jun, 2020 1 commit
  25. 25 May, 2020 1 commit
  26. 08 May, 2020 1 commit
  27. 06 May, 2020 1 commit
  28. 01 May, 2020 1 commit
  29. 21 Nov, 2019 1 commit
    • Tobias Tebbi's avatar
      [torque] shape: define in-object properties properly · cfab6505
      Tobias Tebbi authored
      This introduces a new keyword "shape" in addition to "class",
      which allows the definition of a type that extends a JSObject
      subclass and specifies one or several maps with statically
      known in-object properties.
      Differences compared to normal classes:
      - Shapes are transient since they specify maps instead of
        instance types.
      - Shapes have a known size.
      - Fields of shapes are always in-object properties. In particular,
        this means that their offset is after kHeaderSize.
      - It's forbidden to inherited from shapes.
      - Since shapes usually specify NativeContext-dependent maps, it's
        not possible to write runtime type-checks for them. Thus this CL
        avoids mapping them to their own TNode type, as the CAST macro
        won't work properly. We had runtime-checks for some of them
        nevertheless, some of them scarily confusing like
        IsJSSloppyArgumentsObject, that actually just checked the instance
        type.
      
      Drive-by cleanups and simplifications:
      - Allow subclassing from non-abstract classes and remove
        @dirtyInstantiatedAbstractClass. This attribute stems from a mis-
        conception of how instance types work, and with this change it
        ceases to have semantic influence.
      - Replace the existing JSArgumentsObject subclasses into two shapes.
        JSArgumentsObjectWithLength had to be removed since shapes don't
        support subclassing.
      - Place kHeaderSize correctly for objects with indexed fields.
      
      Design doc:
      https://docs.google.com/document/d/1zPy2ZYfNFjeEuw6Mz3YJA-GaPGbdcSYam3SrS7ETzRU
      
      Bug: v8:8944
      
      Change-Id: Iabf185ccd27d0900e0890539a7fe9eaa8bf2d50e
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917140
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#65108}
      cfab6505
  30. 07 Nov, 2019 1 commit
  31. 22 Oct, 2019 3 commits
    • Victor Gomes's avatar
      Reland x3 "[runtime] Remove extension slots from context objects" · dbbdd0ec
      Victor Gomes authored
      Original change's description:
      > [runtime] Remove extension slots from context objects
      >
      > Context objects have an extension slot, which contains further
      > additional data that depends on the type of the context.
      >
      > This CL removes the extension slot from contexts that don't need
      > them, hence reducing memory.
      >
      > The following contexts will still have an extension slot: native,
      > module, await, block and with contexts. See objects/contexts.h for
      > what the slot is used for.
      > The following contexts will not have an extension slot anymore (they
      > were not used before): script, catch and builtin contexts.
      > Eval and function contexts only have the extension slot if they
      > contain a sloppy eval.
      >
      > Bug: v8:9744
      > Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
      > Commit-Queue: Victor Gomes <victorgomes@google.com>
      > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
      > Auto-Submit: Victor Gomes <victorgomes@google.com>
      > Cr-Commit-Position: refs/heads/master@{#64372}
      
      TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
      
      Bug: v8:9744
      Change-Id: I8700ed2fa62c89e86c39bb16ac3167f38ea8d63f
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873695
      Commit-Queue: Victor Gomes <victorgomes@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#64477}
      dbbdd0ec
    • Clemens Backes's avatar
      Revert "Reland "Reland "[runtime] Remove extension slots from context objects""" · 725e7dd7
      Clemens Backes authored
      This reverts commit 392a1217.
      
      Reason for revert: Several failures on mac64 gc stress: https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64%20GC%20Stress/9747
      
      Original change's description:
      > Reland "Reland "[runtime] Remove extension slots from context objects""
      > 
      > This is a reland of c48096d4
      > 
      > Original change's description:
      > > Reland "[runtime] Remove extension slots from context objects"
      > >
      > > This is a reland of c07c02e1
      > >
      > > Original change's description:
      > > > [runtime] Remove extension slots from context objects
      > > >
      > > > Context objects have an extension slot, which contains further
      > > > additional data that depends on the type of the context.
      > > >
      > > > This CL removes the extension slot from contexts that don't need
      > > > them, hence reducing memory.
      > > >
      > > > The following contexts will still have an extension slot: native,
      > > > module, await, block and with contexts. See objects/contexts.h for
      > > > what the slot is used for.
      > > > The following contexts will not have an extension slot anymore (they
      > > > were not used before): script, catch and builtin contexts.
      > > > Eval and function contexts only have the extension slot if they
      > > > contain a sloppy eval.
      > > >
      > > > Bug: v8:9744
      > > > Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
      > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
      > > > Commit-Queue: Victor Gomes <victorgomes@google.com>
      > > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > > > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
      > > > Auto-Submit: Victor Gomes <victorgomes@google.com>
      > > > Cr-Commit-Position: refs/heads/master@{#64372}
      > >
      > > TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
      > >
      > > Bug: v8:9744
      > > Change-Id: I0749cc2d8f59940c25841736634a70047116d647
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192
      > > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
      > > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > > Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      > > Auto-Submit: Victor Gomes <victorgomes@google.com>
      > > Cr-Commit-Position: refs/heads/master@{#64380}
      > 
      > TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
      > 
      > Bug: v8:9744
      > Change-Id: I621ffe98722f8c4defaf277b8d1666484ba2963f
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1872400
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
      > Commit-Queue: Victor Gomes <victorgomes@google.com>
      > Cr-Commit-Position: refs/heads/master@{#64451}
      
      TBR=ulan@chromium.org,jgruber@chromium.org,petermarshall@chromium.org,leszeks@chromium.org,verwaest@chromium.org,victorgomes@google.com
      
      Change-Id: I99a71180c6a00a87478867a8210ff9ceb46cb3ee
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:9744
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1872405Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#64453}
      725e7dd7
    • Victor Gomes's avatar
      Reland "Reland "[runtime] Remove extension slots from context objects"" · 392a1217
      Victor Gomes authored
      This is a reland of c48096d4
      
      Original change's description:
      > Reland "[runtime] Remove extension slots from context objects"
      >
      > This is a reland of c07c02e1
      >
      > Original change's description:
      > > [runtime] Remove extension slots from context objects
      > >
      > > Context objects have an extension slot, which contains further
      > > additional data that depends on the type of the context.
      > >
      > > This CL removes the extension slot from contexts that don't need
      > > them, hence reducing memory.
      > >
      > > The following contexts will still have an extension slot: native,
      > > module, await, block and with contexts. See objects/contexts.h for
      > > what the slot is used for.
      > > The following contexts will not have an extension slot anymore (they
      > > were not used before): script, catch and builtin contexts.
      > > Eval and function contexts only have the extension slot if they
      > > contain a sloppy eval.
      > >
      > > Bug: v8:9744
      > > Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
      > > Commit-Queue: Victor Gomes <victorgomes@google.com>
      > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
      > > Auto-Submit: Victor Gomes <victorgomes@google.com>
      > > Cr-Commit-Position: refs/heads/master@{#64372}
      >
      > TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
      >
      > Bug: v8:9744
      > Change-Id: I0749cc2d8f59940c25841736634a70047116d647
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
      > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      > Auto-Submit: Victor Gomes <victorgomes@google.com>
      > Cr-Commit-Position: refs/heads/master@{#64380}
      
      TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
      
      Bug: v8:9744
      Change-Id: I621ffe98722f8c4defaf277b8d1666484ba2963f
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1872400Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
      Commit-Queue: Victor Gomes <victorgomes@google.com>
      Cr-Commit-Position: refs/heads/master@{#64451}
      392a1217
  32. 21 Oct, 2019 1 commit
    • Leszek Swirski's avatar
      Revert "Reland "[runtime] Remove extension slots from context objects"" · 08955bb2
      Leszek Swirski authored
      This reverts commit c48096d4.
      
      Reason for revert: Flaky bot failures (https://bugs.chromium.org/p/v8/issues/detail?id=9744#c9)
      
      Original change's description:
      > Reland "[runtime] Remove extension slots from context objects"
      > 
      > This is a reland of c07c02e1
      > 
      > Original change's description:
      > > [runtime] Remove extension slots from context objects
      > >
      > > Context objects have an extension slot, which contains further
      > > additional data that depends on the type of the context.
      > >
      > > This CL removes the extension slot from contexts that don't need
      > > them, hence reducing memory.
      > >
      > > The following contexts will still have an extension slot: native,
      > > module, await, block and with contexts. See objects/contexts.h for
      > > what the slot is used for.
      > > The following contexts will not have an extension slot anymore (they
      > > were not used before): script, catch and builtin contexts.
      > > Eval and function contexts only have the extension slot if they
      > > contain a sloppy eval.
      > >
      > > Bug: v8:9744
      > > Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
      > > Commit-Queue: Victor Gomes <victorgomes@google.com>
      > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
      > > Auto-Submit: Victor Gomes <victorgomes@google.com>
      > > Cr-Commit-Position: refs/heads/master@{#64372}
      > 
      > TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
      > 
      > Bug: v8:9744
      > Change-Id: I0749cc2d8f59940c25841736634a70047116d647
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
      > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      > Auto-Submit: Victor Gomes <victorgomes@google.com>
      > Cr-Commit-Position: refs/heads/master@{#64380}
      
      TBR=ulan@chromium.org,jgruber@chromium.org,petermarshall@chromium.org,leszeks@chromium.org,verwaest@chromium.org,victorgomes@google.com
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:9744
      Change-Id: Ia58067b41f1eb5880a52b36ead754d7190ff7f6f
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871922Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#64424}
      08955bb2