Skip to content

V
V8
Switch branch/tag
  1. 02 Aug, 2017 7 commits
  3. 01 Aug, 2017 16 commits
    • Alexey Kozyatinskiy's avatar
      [inspector] support for cases when embedder doesn't call contextDestroyed · f19b889b
      Alexey Kozyatinskiy authored 
      Node.js doesn't have good place to call contextDestroyed.
We need to cleanup everything on our side to allow clients to not call
contextDestroyed method.

R=dgozman@chromium.org,eostroukhov@chromium.com

Bug: none
Change-Id: Ibe3f01fd18afbfa579e5db66ab6f174d5fad7c82
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/575519Reviewed-by: 's avatarDmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#46849}
Reviewed-on: https://chromium-review.googlesource.com/596549
Cr-Commit-Position: refs/heads/master@{#47060}
      f19b889b
    • Annie Sullivan's avatar
      Revert "[wasm] redirect wasm calls to js functions through a GCed table" · 25f03308
      Annie Sullivan authored 
      This reverts commit eb65f35e.

Reason for revert: Broke jetstream benchmark on android.

BUG=chromium:750828

Original change's description:
> [wasm] redirect wasm calls to js functions through a GCed table
> 
> With this patch, rather than embedding the JSReceiver address directly
> in the WasmToJS wrappers, we put that in a fixed array with global handle
> scope and instead embed the location of the handle and the index in the
> wrapper. This ensures that the wrapper doesn't need to be patched if the
> GC kicks in. This is needed to get the WASM code off the GCed heap.
> 
> R=​mtrofin@chromium.org
> 
> Bug: 
> Change-Id: Ie5a77a78cdecec51b04f702c63b8e4285e6a2d8d
> Reviewed-on: https://chromium-review.googlesource.com/581682
> Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46884}

TBR=mtrofin@chromium.org,aseemgarg@google.com,aseemgarg@chromium.org,clemensh@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: I26f49ee0a1fe73cc5d8852ded87b56638be39ebf
Reviewed-on: https://chromium-review.googlesource.com/596268
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47059}
      25f03308
    • Caitlin Potter's avatar
      Reland "[async-iteration] implement spec-change to `yield` in async generators" · ac6ed35a
      Caitlin Potter authored 
      Per https://github.com/tc39/proposal-async-iteration/pull/102/files:

AsyncGeneratorResolve no longer unwraps a value component. Instead, the value is
unwrapped before the builtin call via Await, allowing Promise rejections to
affect the generator control flow.

Thus, all `yield <expr>` implicitly become `yield await <expr>`.

Additionally, `return <expr>` becomes `return await <expr>`. Finally, when the
generator is resumed with `.return()`, the parameter passed to .return() is
awaited before generator execution properly continues).

BUG=v8:6187, v8:5855
R=littledan@chromium.org, neis@chromium.org, adamk@chromium.org
TBR=rmcilroy@chromium.org, neis@chromium.org

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Id7718028fd555481f9f4ca0dbecfa788e3057c48
Reviewed-on: https://chromium-review.googlesource.com/594500Reviewed-by: 's avatarCaitlin Potter <caitp@igalia.com>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#47058}
      ac6ed35a
    • Ulan Degenbaev's avatar
      Revert "[heap] Add mechanism for tracking invalidated slots per memory chunk." · c59b81d7
      Ulan Degenbaev authored 
      This reverts commit 7a5a777c.

Reason for revert: crashing in test-api

Original change's description:
> [heap] Add mechanism for tracking invalidated slots per memory chunk.
> 
> For correct slots recording in concurrent marker, we need to resolve
> the race that happens when
> 1) the mutator is invalidating slots for double unboxing or string
> conversions
> 2) and the concurrent marker is recording these slots.
> 
> This patch adds a data-structure for tracking the invalidated objects.
> Thus we can allow the concurrent marker to record slots without
> worrying about clearing them. During old-to-old pointer updating phase
> we re-check all slots that belong to the invalidated objects.
> 
> BUG=chromium:694255
> 
> Change-Id: Ifc3d82918cd3b96e5a5fb7125691626a56f4ab83
> Reviewed-on: https://chromium-review.googlesource.com/591810
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47049}

TBR=ulan@chromium.org,mlippautz@chromium.org

Change-Id: I7f4f8e8cb027b921a82e9c0a0623536af02581fb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:694255
Reviewed-on: https://chromium-review.googlesource.com/595994Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47052}
      c59b81d7
    • Bill Budge's avatar
      [cctest] Simplify tests that mock v8::Platform. · 0eb28cd5
      Bill Budge authored 
      Adds a base class TestPlatform which implements the most common defaults
for v8::Platform methods.

Reworks existing cctests and unittests to use TestPlatform.

Bug: 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ifeb28a5a190529697d5bcac227e80b10d454d9bd
Reviewed-on: https://chromium-review.googlesource.com/590194Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47050}
      0eb28cd5
    • Ulan Degenbaev's avatar
      [heap] Add mechanism for tracking invalidated slots per memory chunk. · 7a5a777c
      Ulan Degenbaev authored 
      For correct slots recording in concurrent marker, we need to resolve
the race that happens when
1) the mutator is invalidating slots for double unboxing or string
conversions
2) and the concurrent marker is recording these slots.

This patch adds a data-structure for tracking the invalidated objects.
Thus we can allow the concurrent marker to record slots without
worrying about clearing them. During old-to-old pointer updating phase
we re-check all slots that belong to the invalidated objects.

BUG=chromium:694255

Change-Id: Ifc3d82918cd3b96e5a5fb7125691626a56f4ab83
Reviewed-on: https://chromium-review.googlesource.com/591810Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47049}
      7a5a777c
    • Alexey Kozyatinskiy's avatar
      [inspector] rewritten test/inspector/let-const-with-api.js · 896afdde
      Alexey Kozyatinskiy authored 
      - rewritten test using new harness,
- removed command line API part since we check it separatelu in inspector/runtime/command-line-api.js

R=jgruber@chromium.org

Bug: none
Change-Id: Ia12cab10a8e299bb17688c9c5f36e7f712aa70ee
Reviewed-on: https://chromium-review.googlesource.com/595032
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47048}
      896afdde
    • Adam Klein's avatar
      [ignition] Add a DCHECK that scopes are visited in nesting order · 5ff10f20
      Adam Klein authored 
      Also fix one apparently-harmless bug in the Parser where we failed
to Finalize an empty scope. Without this fix, the DCHECK fails
on any C-style for-loop with a lexical binding that hits the
fast path (this is well-covered by many existing tests in mjsunit).

Thanks to Georg Neis for the suggestion of this DCHECK.

Change-Id: Ie1a8f8809f4d152c87f2da08209c610514645827
Reviewed-on: https://chromium-review.googlesource.com/587750Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47046}
      5ff10f20
    • Leszek Swirski's avatar
      [heap] Remove IC age · 77cd8416
      Leszek Swirski authored 
      Remove the concept of IC age from the heap and SFI, since it no
longer does anything useful.

Change-Id: I4ce466efc77c007c09c0889bae09ec6a0c907e33
Reviewed-on: https://chromium-review.googlesource.com/593623
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47041}
      77cd8416
    • Yang Guo's avatar
      Remove cell visiting in object visitor. · 809c3d45
      Yang Guo authored 
      Change-Id: Ida5c537fa94a376a134e60edce889b96b676a8f9
Reviewed-on: https://chromium-review.googlesource.com/584874Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47039}
      809c3d45
    • jgruber's avatar
      Reland "[builtins] Remove Builtins::Name() accessors" · fcaa2c2e
      jgruber authored 
      This is a reland of 2f79e035
Original change's description:
> [builtins] Remove Builtins::Name() accessors
> 
> Instead of auto-generating the Name() convenience accessor, use a macro to
> avoid wasting code space.
> 
>   BUILTIN_CODE(isolate, Name)
> 
> expands to
> 
>   isolate->builtins()->builtin_handle(Builtins::kName);
> 
> This reduces the size of libv8.so by 134,752 bytes on a x64 release build.
> 
> Bug: v8:6624
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: Idff7ee5c45e344e73412c0f47e92553c7c7ff75f
> Reviewed-on: https://chromium-review.googlesource.com/593607
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47010}

TBR=bmeurer@chromium.org,ahaas@chromium.org

Bug: v8:6624
Change-Id: I4733731e56dc8873ee06c2b36cac1918c0a658b2
Reviewed-on: https://chromium-review.googlesource.com/594087
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47037}
      fcaa2c2e
    • Benedikt Meurer's avatar
      [builtins] Speed-up Object.prototype.toString. · 31800120
      Benedikt Meurer authored 
      The @@toStringTag lookup in Object.prototype.toString causes quite a
lot of overhead and oftentimes dominates the builtin performance. These
lookups are almost always negative, especially for primitive values,
and Object.prototype.toString is often used to implement predicates
(like in Node core or in AngularJS), so having a way to skip the
negative lookup yields big performance gains.

This CL introduces a "MayHaveInterestingSymbols" bit on every map,
which says whether instances with this map may have an interesting
symbol. Currently only @@toStringTag is considered an interesting
symbol, but we can extend that in the future.

In the Object.prototype.toString we can use the interesting symbols
bit to do a quick check on the prototype chain to see if there are
any maps that might have the @@toStringTag, and if not, we can just
immediately return the result, which is very fast because it's derived
from the instance type. This also avoids the ToObject conversions for
primitive values, which is important, since this causes unnecessary
GC traffic and in for example AngularJS, strings are also often probed
via the Object.prototype.toString based predicates.

This boosts Speedometer/AngularJS by over 3% and Speedometer overall
by up to 1%. On the microbenchmark from the similar SpiderMonkey bug
(https://bugzilla.mozilla.org/show_bug.cgi?id=1369042), we go from
roughly 450ms to 70ms, which corresponds to a 6.5x improvement.

```
function f() {
    var res = "";
    var a = [1, 2, 3];
    var toString = Object.prototype.toString;
    var t = new Date;
    for (var i = 0; i < 5000000; i++)
	res = toString.call(a);
    print(new Date - t);
    return res;
}
f();
```

The design document at https://goo.gl/e8CruQ has some additional
data points.

TBR=ulan@chromium.org

Bug: v8:6654
Change-Id: I31932cf41ecddad079d294e2c322a852af0ed244
Reviewed-on: https://chromium-review.googlesource.com/593620
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47034}
      31800120
    • Andreas Haas's avatar
      [x64] Do not encode RelocatableInt32Constant(0) with xor · a4d914c9
      Andreas Haas authored 
      R=titzer@chromium.org

Bug: v8:6640
Change-Id: I08bed124f7c6f6607b28844ea91bee90c1c1ab22
Reviewed-on: https://chromium-review.googlesource.com/586603Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47033}
      a4d914c9
    • Enrico Bacis's avatar
      [wasm] Add test for growing exported memory past maximum · 9a3b2a76
      Enrico Bacis authored 
      The test TestExportImportedMemoryGrowMultipleInstances in
test/mjsunit/wasm/import-memory.js had a TODO about not taking into
account the maximum size for exported memory objects, thus permitting to
grow past thhe maximum specified in the exported memory object.

The check is already in place at wasm-objects.cc:266
(https://cs.chromium.org/chromium/src/v8/src/wasm/wasm-objects.cc?rcl=a01b55b548add5aec1d3d4d8fcdadfa01555c6ea&l=266).

This CL removes the TODO and asserts that growing past maximum for
exported objects fails.

R=ahaas@chromium.org, gdeepti@chromium.org

Change-Id: Ifa69e4e85e04bc2280b629cebb30d400cca9420f
Reviewed-on: https://chromium-review.googlesource.com/593948Reviewed-by: 's avatarDeepti Gandluri <gdeepti@chromium.org>
Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Commit-Queue: Enrico Bacis <enricobacis@google.com>
Cr-Commit-Position: refs/heads/master@{#47029}
      9a3b2a76
    • Bill Budge's avatar
      Reland "[Memory] Add an OnCriticalMemoryPressure method to V8::Platform." · f8db3e8f
      Bill Budge authored 
      This is a reland of 3f90d9f9
Original change's description:
> [Memory] Add an OnCriticalMemoryPressure method to V8::Platform.
> 
> Adds virtual V8::Platform::OnCriticalMemoryPressure method, default
> implementation does nothing.
> 
> Calls this method on first allocation failures in NewArray, Malloced,
> and zone AccountingAllocator and adds retry logic.
> 
> Adds utility functions for allocating base::VirtualMemory to functions
> in allocation.h, which call this method and add retry logic.
> 
> Calls these utility functions in heap CodeRange, Spaces, StoreBuffer
> and SequentialMarkingDeque.
> 
> Bug: v8:6635
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I38afd394f3be556aca037d16675e9884658158cb
> Reviewed-on: https://chromium-review.googlesource.com/583543
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46988}

Bug: v8:6635
Change-Id: I0d70c5796f407f0ed42cfddf581d26f533f9bea8
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/593090Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47027}
      f8db3e8f
    • Sathya Gunasekaran's avatar
      [parser] Provide better error when destructuring callable · c805d5e3
      Sathya Gunasekaran authored 
      The patch changes CallPrinter's AST traversal to continue even after
the first positive match for an AST node. This helps us check for the
subsequent GetIterator AST node in case of destructuring.

We can not differentiate between the function call failing and the
GetIterator failing based on source position info. This would involve
runtime checks costing performance.

Instead of providing an incorrect error, we provide both the
possiblities to user and allow them to disambiguate.

Previously,
  d8> function f() { return 5; }
  undefined
  d8> var [a] = f();
  (d8):1: TypeError: f is not a function
  var [a] = f();
            ^
  TypeError: f is not a function
      at (d8):1:11


Now,
  d8> function f() { return 5; }
  undefined
  d8> var [a] = f();
  (d8):1: TypeError: f is not a function or its return value is not iterable
  var [a] = f();
            ^
  TypeError: f is not a function or its return value is not iterable
      at (d8):1:11

Bug: v8:6616, v8:6513
Change-Id: I3d6427f10cae54951b0ad0e5ddcbe802bb7191c1
Reviewed-on: https://chromium-review.googlesource.com/594894
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47025}
      c805d5e3
  5. 31 Jul, 2017 16 commits
  7. 29 Jul, 2017 1 commit
    • Georg Neis's avatar
      Revert "[Memory] Add an OnCriticalMemoryPressure method to V8::Platform." · 53db0584
      Georg Neis authored 
      This reverts commit 3f90d9f9.

Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/16510

Original change's description:
> [Memory] Add an OnCriticalMemoryPressure method to V8::Platform.
> 
> Adds virtual V8::Platform::OnCriticalMemoryPressure method, default
> implementation does nothing.
> 
> Calls this method on first allocation failures in NewArray, Malloced,
> and zone AccountingAllocator and adds retry logic.
> 
> Adds utility functions for allocating base::VirtualMemory to functions
> in allocation.h, which call this method and add retry logic.
> 
> Calls these utility functions in heap CodeRange, Spaces, StoreBuffer
> and SequentialMarkingDeque.
> 
> Bug: v8:6635
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I38afd394f3be556aca037d16675e9884658158cb
> Reviewed-on: https://chromium-review.googlesource.com/583543
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46988}

TBR=bbudge@chromium.org,ulan@chromium.org,mlippautz@chromium.org

Change-Id: I79afea5982e62db1462cc5a5585a226f0ddbe752
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6635
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/592887Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46989}
      53db0584