- 07 Feb, 2020 1 commit
-
-
Igor Sheludko authored
... a Smi-looking type containing properly sign-extended int31 integer. The idea is to use this kind of tagged integers for the cases where the value is guaranteed to fit into int31. For example, feedback vector slots is one of the candidates for using TaggedIndex representation. Bug: v8:10047 Change-Id: Ifaa2978a5d42467578ff243dc44d327536efbe93 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1960292Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#66170}
-
- 06 Feb, 2020 1 commit
-
-
Leszek Swirski authored
Add off-thread support for literals, including object/array boilerplates. Notably, this includes adding FixedArray and HeapNumber support to OffThreadFactory. As a drive-by, OffThreadHandle is redefined to store an Address rather than an Object, similar to Handle, so that it still works with forward definitions of types. Bug: chromium:1011762 Change-Id: I7c8452f450d8c57fe683a9e44532ce5647c84a11 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2036084 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#66156}
-
- 29 Jan, 2020 1 commit
-
-
Ulan Degenbaev authored
The existing legacy performance.memory API accounts external string and array buffer backing store bytes. This CL adds per-context tracking of external bytes Bug: chromium:973627 Change-Id: I2b308dc540454e7b0b66406b83a18bf8f8d55d8e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2025369Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66018}
-
- 09 Jan, 2020 1 commit
-
-
Jakob Kummerow authored
This CL factors out the decision-making logic whether a property key should be treated as a "property" or "element" into LookupIterator::Key, which can be constructed on its own, allowing use sites to take this distinction into account before constructing a LookupIterator from the Key, without needing to duplicate the logic. This also makes the assortment of LookupIterator constructors more uniform. Bug: chromium:1031175 Change-Id: I81d7b11ab7e4915f5c05668138e6e0c51ae11821 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962272 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#65672}
-
- 27 Dec, 2019 1 commit
-
-
Daniel Clifford authored
In the process: * Rework the Torque definition of ScopeInfo to enable direct field-style access of ScopeFlags, removing some dead code in the process. * Allow implicit FromConstexpr conversion from subtypes of 'constexpr A' to other types. This makes it possible/easy to convert constexpr versions of enums to other types, since the constexpr version of the enum isn't addressable. It's namespace isn't a valid namespace and is an implementation detail anyway. * Cleanup LanguageMode: Language mode is now an enum and directly mirrors the C++-side definition rather than being a Smi. With the changes above, a new type LanguageModeSmi is introduced that is the Smi representation of LanguageMode that can be implicitly casted from constexpr LanguageMode values. Change-Id: I190412f95e02905f445d149883fbf1f2b8ed757b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977159 Commit-Queue: Daniel Clifford <danno@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65561}
-
- 04 Dec, 2019 1 commit
-
-
Leszek Swirski authored
Looks like even the small amount of logic needed to extract ReadOnlyRoots from a const Isolate* (e.g. a HeapObject check) is enough to cause regressions. Revert these predicates to take non-const Isolate*, while keeping const Isolate* elsewhere. If we ever need const Isolate* for the oddball predicates, we can add it in addition to the non-const one. Bug: chromium:1029457 Bug: chromium:1030001 Bug: chromium:1030003 Bug: chromium:1030102 Change-Id: Ia6fa45f282a1a1961c0afa8ed973baebf6fbafd3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948721Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#65331}
-
- 27 Nov, 2019 1 commit
-
-
Leszek Swirski authored
To indicate that the Isolate* in getters might not be a "real" isolate, but rather a calculated one from GetIsolateForPtrCompr only used for calculating the isolate root, make that function return a const Isolate* and change field getters, Object::IsFoo predicates, and related functions to all take a const Isolate* instead of an Isolate* With this change, we can slightly more confidently use Objects that are in OffThreadSpace, without having to worry too much about having an Isolate* floating around that could accidentally be used. This is a slight abuse of const semantics, but it allows implicit conversion from Isolate* arguments to the const Isolate* parameter. Bug: v8:7703 Bug: chromium:1011762 Change-Id: I54d4a65d2299477195f4d754cabe64ce34fdaa4c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939455 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65199}
-
- 26 Nov, 2019 1 commit
-
-
Jakob Kummerow authored
Bug: v8:4153 Change-Id: I036b3f464a635414e050972cee2dffbf3b44cafd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918250 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#65164}
-
- 25 Nov, 2019 3 commits
-
-
Jakob Kummerow authored
This is a reland of e1ad9b89 Original change's description: > Fixes for size_t LookupIterator > > Fixing some fallout from c968607e > aka r65078 > > Bug: chromium:1026729,chromium:1026856,chromium:1026909,chromium:1026974 > Change-Id: I98a4466595fbf1635af403ab58842977882c0453 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930907 > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65158} Tbr: verwaest@chromium.org,mstarzinger@chromium.org Bug: chromium:1026729, chromium:1026856, chromium:1026909, chromium:1026974 Change-Id: I66695f05c4910c46f3c75209e14135075721f2cf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932839Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65162}
-
Shu-yu Guo authored
This reverts commit e1ad9b89. Reason for revert: Landed test that fails with GC stress Original change's description: > Fixes for size_t LookupIterator > > Fixing some fallout from c968607e > aka r65078 > > Bug: chromium:1026729,chromium:1026856,chromium:1026909,chromium:1026974 > Change-Id: I98a4466595fbf1635af403ab58842977882c0453 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930907 > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65158} TBR=jkummerow@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org Change-Id: I1f1e95d37b033e53330adae08071cbe34e1d9488 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1026729, chromium:1026856, chromium:1026909, chromium:1026974 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1933599Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#65159}
-
Jakob Kummerow authored
Fixing some fallout from c968607e aka r65078 Bug: chromium:1026729,chromium:1026856,chromium:1026909,chromium:1026974 Change-Id: I98a4466595fbf1635af403ab58842977882c0453 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930907 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#65158}
-
- 21 Nov, 2019 1 commit
-
-
Tobias Tebbi authored
This introduces a new keyword "shape" in addition to "class", which allows the definition of a type that extends a JSObject subclass and specifies one or several maps with statically known in-object properties. Differences compared to normal classes: - Shapes are transient since they specify maps instead of instance types. - Shapes have a known size. - Fields of shapes are always in-object properties. In particular, this means that their offset is after kHeaderSize. - It's forbidden to inherited from shapes. - Since shapes usually specify NativeContext-dependent maps, it's not possible to write runtime type-checks for them. Thus this CL avoids mapping them to their own TNode type, as the CAST macro won't work properly. We had runtime-checks for some of them nevertheless, some of them scarily confusing like IsJSSloppyArgumentsObject, that actually just checked the instance type. Drive-by cleanups and simplifications: - Allow subclassing from non-abstract classes and remove @dirtyInstantiatedAbstractClass. This attribute stems from a mis- conception of how instance types work, and with this change it ceases to have semantic influence. - Replace the existing JSArgumentsObject subclasses into two shapes. JSArgumentsObjectWithLength had to be removed since shapes don't support subclassing. - Place kHeaderSize correctly for objects with indexed fields. Design doc: https://docs.google.com/document/d/1zPy2ZYfNFjeEuw6Mz3YJA-GaPGbdcSYam3SrS7ETzRU Bug: v8:8944 Change-Id: Iabf185ccd27d0900e0890539a7fe9eaa8bf2d50e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917140 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#65108}
-
- 20 Nov, 2019 1 commit
-
-
Jakob Kummerow authored
They have to be in sync, so this patch updates both systems. Bug: v8:4153 Change-Id: I09252e41a710e79f823fe6818c1c6c0038faeb31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903434Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65078}
-
- 28 Oct, 2019 1 commit
-
-
Seth Brenith authored
This change begins making use of the fact that Torque now knows about the relationship between classes and instance types, to replace a few repetitive lists: - Instance type checkers (single and range), defined in src/objects/instance-type.h - Verification dispatch in src/diagnostics/objects-debug.cc - Printer dispatch in src/diagnostics/objects-printer.cc - Postmortem object type detection in tools/debug_helper/get-object-properties.cc Torque is updated to generate four macro lists for the instance types, representing all of the classes separated in two dimensions: classes that correspond to a single instance type versus those that have a range, and classes that are fully defined in Torque (with fields and methods inside '{}') versus those that are only declared. The latter distinction is useful because fully-defined classes are guaranteed to correspond to real C++ classes, whereas only-declared classes are not. A few other changes were required to make the lists above work: - Renamed IsFiller to IsFreeSpaceOrFiller to better reflect what it does and avoid conflicts with the new macro-generated IsFiller method. This is the part I'm most worried about: I think the new name is an improvement for clarity and consistency, but I could imagine someone typing IsFiller out of habit and introducing a bug. If we'd prefer to keep the name IsFiller, my other idea is to rename FreeSpace to VariableSizeFiller and Filler to FixedSizeFiller. - Made Tuple3 extend from Struct, not Tuple2, because IsTuple2 is expected to check for only TUPLE2_TYPE and not include TUPLE3_TYPE. - Normalized the dispatched behavior for BigIntBase and HeapNumber. - Added a few new object printers. Bug: v8:7793 Change-Id: I5462bb105f8a314baa59bd6ab6ab6215df6f313c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1860314 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#64597}
-
- 11 Oct, 2019 1 commit
-
-
Seth Brenith authored
Design doc: https://docs.google.com/document/d/1ZU6rCvF2YHBGMLujWqqaxlPsjFfjKDE9C3-EugfdlAE/edit Changes from the design doc: - Changed to use 'class' declarations rather than 'type' declarations for things that need instance types but whose layout is not known to Torque. These declarations end with a semicolon rather than having a full set of methods and fields surrounded by {}. If the class's name should not be treated as a class name in generated output (because it's actually a template, or doesn't exist at all), we use the standard 'generates' clause to declare the most appropriate C++ class. - Removed @instanceTypeName. - @highestInstanceType became @highestInstanceTypeWithinParentClassRange to indicate a semantic change: it no longer denotes the highest instance type globally, but only within the range of values for its immediate parent class. This lets us use it for Oddball, which is expected to be the highest primitive type. - Added new abstract classes JSCustomElementsObject and JSSpecialObject to help with some range checks. - Added @lowestInstanceTypeWithinParentClassRange so we can move the new classes JSCustomElementsObject and JSSpecialObject to the beginning of the JSObject range. This seems like the least-brittle way to establish ranges that also include JSProxy (and these ranges are verified with static assertions in instance-type.h). - Renamed @instanceTypeValue to @apiExposedInstanceTypeValue. - Renamed @instanceTypeFlags to @reserveBitsInInstanceType. This change introduces the new annotations and adds the ability for Torque to assign instance types that satisfy those annotations. Torque now emits two new macros: - TORQUE_ASSIGNED_INSTANCE_TYPES, which is used to define the InstanceType enumeration - TORQUE_ASSIGNED_INSTANCE_TYPE_LIST, which replaces the non-String parts of INSTANCE_TYPE_LIST The design document mentions a couple of other macro lists that could easily be replaced, but I'd like to defer those to a subsequent checkin because this one is already pretty large. Bug: v8:7793 Change-Id: Ie71d93a9d5b610e62be0ffa3bb36180c3357a6e8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757094 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#64258}
-
- 27 Sep, 2019 3 commits
-
-
Mythri A authored
This is a reland of cfb10028 with a fix for failures in lite mode. Original change's description: > [compiler] Cache OSR optimized code > > With lazy feedback allocation, for functions that get OSRed we may > not have feedback for the initial part of the functions since feedback > vectors might be allocated after the function started executing. Hence > we would not be able to optimize the function on the next call. This > means we may have to OSR twice before we actually optimize function. > This cl introduces OSR cache, so we could reuse the optimized code. One > side effect of this cl is that the OSRed code won't be function context > specialized anymore. > > Bug: chromium:987523 > Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329 > Commit-Queue: Mythri Alle <mythria@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64014} Bug: chromium:987523 Change-Id: I9c782242b07b24d15247533ab4ee044334b429ff TBR: rmcilroy@chromium.org Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826898 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#64023}
-
Michael Achenbach authored
This reverts commit cfb10028. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/6483 Original change's description: > [compiler] Cache OSR optimized code > > With lazy feedback allocation, for functions that get OSRed we may > not have feedback for the initial part of the functions since feedback > vectors might be allocated after the function started executing. Hence > we would not be able to optimize the function on the next call. This > means we may have to OSR twice before we actually optimize function. > This cl introduces OSR cache, so we could reuse the optimized code. One > side effect of this cl is that the OSRed code won't be function context > specialized anymore. > > Bug: chromium:987523 > Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329 > Commit-Queue: Mythri Alle <mythria@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64014} TBR=rmcilroy@chromium.org,neis@chromium.org,mythria@chromium.org Change-Id: Ib3692e7570bed5d3e88ca8a0247b185d70497a04 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:987523 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826668Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#64015}
-
Mythri A authored
With lazy feedback allocation, for functions that get OSRed we may not have feedback for the initial part of the functions since feedback vectors might be allocated after the function started executing. Hence we would not be able to optimize the function on the next call. This means we may have to OSR twice before we actually optimize function. This cl introduces OSR cache, so we could reuse the optimized code. One side effect of this cl is that the OSRed code won't be function context specialized anymore. Bug: chromium:987523 Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#64014}
-
- 26 Sep, 2019 1 commit
-
-
Michael Starzinger authored
This uses Handle<WasmExceptionPackage> where applicable to increase type safety. Note that {WasmExceptionPackage} is not a full-fledged instance type though. The {HeapObject::IsWasmExceptionPackage} predicate is an approximation because a precise version could only be implemented using handlified code performing a property lookup. R=clemensb@chromium.org Change-Id: I061e3eea201a0e9909ba67ae33db81d14aaefe4b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477673 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Backes [né Hammacher] <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#63987}
-
- 10 Sep, 2019 1 commit
-
-
Rong Wang authored
This CL is necessary for disabling write-barriers that involoves referencing pages via address arithmetic, which is required from third-party heap implementation. Change-Id: I1d3f572d48015e5c8cf691b2dc71a32834621c2f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781008Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63644}
-
- 26 Aug, 2019 1 commit
-
-
Tobias Tebbi authored
Changes in the reland: Rebased and added a check that JavaScript-linkage builtins use JSAny in parameters and return type, plus the necessary cleanups for this test to pass. Design Doc: https://docs.google.com/document/d/1z6j0pWHnNIfId0v00uWN2HBrGRDJxJfYuCr5K7Kr1xA This reverts commit 4418a7b9. Original change's description: > Revert "[torque] introduce JSAny type for user-accessible JavaScript values" > > This reverts commit 79b00555. > > Reason for revert: needs more discussion > > Original change's description: > > [torque] introduce JSAny type for user-accessible JavaScript values > > > > This CL introduces a JSAny type for user-exposed JavaScript values and > > a few new types to define it. Especially, it splits Symbol into > > PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed > > symbols). > > > > The change is mostly mechanical, but a few things are interesting: > > - PropertyKey and JSPrimitive were designed to coincide with the spec > > notions of IsPropertyKey() and primitive value, respectively. > > - Since Name is an open type, we define AnyName to be the known > > subtypes of Name. This is not too elegant, but by using AnyName > > instead of Name, typeswitch can properly conclude something if a > > subtype of Name is excluded. > > > > Small drive-by changes, which were necessary: > > - Allow subtyping on label parameters. > > - Fix the formatting of typeswitch, it was broken with union types > > in case types. > > > > Bug: v8:7793 > > Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322 > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#63114} > > TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org > > Change-Id: Ifde7881d74afe407628f40047997339d54cb2424 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: v8:7793 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741652 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63115} TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:7793 Change-Id: Icca34e3824f55009b984d9348fd21884400f0081 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1769316 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63395}
-
- 20 Aug, 2019 1 commit
-
-
Leszek Swirski authored
Since the mutability of HeapNumbers is determined by their owning object's descriptor array, we can remove the MutableHeapNumber type entirely, at the cost of a few fewer DCHECKs and a couple of TODOs to use the descriptor array information. This is a necessary step towards a follow-up which allows in-place Double -> Tagged transitions Design doc: https://docs.google.com/document/d/1VeKIskAakxQFnUBNkhBmVswgR7Vk6T1kAyKRLhqerb4/ Bug: v8:9606 Change-Id: I13209f9c86f1f204088f6fd80089e17d956b4a50 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743972 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#63294}
-
- 07 Aug, 2019 2 commits
-
-
Tobias Tebbi authored
This reverts commit 79b00555. Reason for revert: needs more discussion Original change's description: > [torque] introduce JSAny type for user-accessible JavaScript values > > This CL introduces a JSAny type for user-exposed JavaScript values and > a few new types to define it. Especially, it splits Symbol into > PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed > symbols). > > The change is mostly mechanical, but a few things are interesting: > - PropertyKey and JSPrimitive were designed to coincide with the spec > notions of IsPropertyKey() and primitive value, respectively. > - Since Name is an open type, we define AnyName to be the known > subtypes of Name. This is not too elegant, but by using AnyName > instead of Name, typeswitch can properly conclude something if a > subtype of Name is excluded. > > Small drive-by changes, which were necessary: > - Allow subtyping on label parameters. > - Fix the formatting of typeswitch, it was broken with union types > in case types. > > Bug: v8:7793 > Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63114} TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org Change-Id: Ifde7881d74afe407628f40047997339d54cb2424 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7793 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741652Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#63115}
-
Tobias Tebbi authored
This CL introduces a JSAny type for user-exposed JavaScript values and a few new types to define it. Especially, it splits Symbol into PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed symbols). The change is mostly mechanical, but a few things are interesting: - PropertyKey and JSPrimitive were designed to coincide with the spec notions of IsPropertyKey() and primitive value, respectively. - Since Name is an open type, we define AnyName to be the known subtypes of Name. This is not too elegant, but by using AnyName instead of Name, typeswitch can properly conclude something if a subtype of Name is excluded. Small drive-by changes, which were necessary: - Allow subtyping on label parameters. - Fix the formatting of typeswitch, it was broken with union types in case types. Bug: v8:7793 Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63114}
-
- 09 Jul, 2019 1 commit
-
-
Igor Sheludko authored
Tbr: verwaest@chromium.org Bug: v8:9353 Change-Id: I8164e2235ca43e203410277b86e6f166010c11d6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687673Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62597}
-
- 28 Jun, 2019 1 commit
-
-
Igor Sheludko authored
The latter is better because it takes field type into account when decompressing field value. Drive-by: use [DECL_]ACCESSOR macros for some fields. Bug: v8:9353 Change-Id: I3d7f07d11b1e379e3e6cf0310d836af6b48c1338 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1680539 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#62444}
-
- 26 Jun, 2019 1 commit
-
-
Igor Sheludko authored
... instead of ISOLATELESS_GETTER for declaring and defining getters and predicates that have to deal with decompression of tagged fields. The new macro eases introduction of isolate-full getters. Bug: v8:9353 Change-Id: Ic63baea819a9320c5677f5bd7dda123d7334d80f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1676285 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#62373}
-
- 24 Jun, 2019 2 commits
-
-
Mathias Bynens authored
We currently use the class name “JSValue” for JSObjects that wrap primitive values. This name is a common source of confusion. This patch switches to a name that’s more clear. In addition to manual tweaks, the patch applies the following mechanical global replacements: before | after --------------------------------|-------------------------------------- if_valueisnotvalue | if_valueisnotwrapper if_valueisvalue | if_valueiswrapper js_value | js_primitive_wrapper JS_VALUE_TYPE | JS_PRIMITIVE_WRAPPER_TYPE JSPrimitiveWrapperType | JSPrimitiveWrapper type jsvalue | js_primitive_wrapper JSValue | JSPrimitiveWrapper _GENERATED_JSVALUE_FIELDS | _GENERATED_JSPRIMITIVE_WRAPPER_FIELDS Change-Id: I9d9edea784eab6067b013e1f781e4db2070f807c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672942Reviewed-by: Tamer Tas <tmrts@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#62337}
-
Igor Sheludko authored
... in addition to existing [Heap]Object::IsXXX(). The idea is to use these getters in hot C++ code since passing isolate explicitly makes it trivial to compute isolate root value and reduces the C++ code size. For full-pointer mode the unused isolate argument will be optimized away by the compiler, so full-pointer mode should not be affected in any sense. Bug: v8:9353 Change-Id: I405cd54e8895b58f60f797fdb1c1b5654acb56f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664337 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#62335}
-
- 21 Jun, 2019 1 commit
-
-
Sigurd Schneider authored
v8memory.h does not have V8 specific definitions, and having it in base makes it clear that every component may include the file. It also ensures that including it does not create spurious dependencies on v8_base. Change-Id: I565f63b25f33a9ada19d7b2ac5990863ab17f4a7 Bug: v8:9183, v8:8855 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657923 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#62309}
-
- 19 Jun, 2019 1 commit
-
-
Daniel Clark authored
Introduce SourceTextModule as a subclass of Module. Move all the JavaScript-module-specific code down from Module to SourceTextModule, with all code applicable to other future module types remaining in Module. With this change, Module is roughly equivalent to the spec's Abstract Module Record and SourceTextModule is roughly equivalent to Source Text Module Record. Bug: v8:9292 Change-Id: I6e9cd3ece9d0c1da57e52f8af8ed5848d87dd22d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1633154 Commit-Queue: Dan Clark <daniec@microsoft.com> Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62296}
-
- 18 Jun, 2019 1 commit
-
-
Seth Brenith authored
For every @noVerifier in base.tq, this change either removes it or ensures that it has some annotation explaining why it can't be removed. The @noVerifier usages that can't be removed fall into the following categories: 1. Classes that don't have their own instance types and therefore have no meaningful way to do an Is...() check 2. Fields that might not exist 3. Fields that are waiting for MaybeObject support in Torque Bug: v8:9311 Change-Id: Id452d4151ec07347ae96a9b5f3b26e2ac8065d31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1659134Reviewed-by: Daniel Clifford <danno@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#62263}
-
- 14 Jun, 2019 2 commits
-
-
Igor Sheludko authored
... since decompression customization for MapWord is already handled by HeapObject::MapField. Bug: v8:9353, v8:9183 Change-Id: I009cdbbf8fc7e72029e1b9be54a0f0b73050e738 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660475 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#62188}
-
Igor Sheludko authored
It will allow us to use knowledge about the type of field during value decompression upon field read. Use the new class for HeapObject::MapField. Bug: v8:9353 Change-Id: I1368426ec2e25fcec3af8d5cccd7a78d80423e72 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658150 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#62184}
-
- 13 Jun, 2019 1 commit
-
-
Seth Brenith authored
Include API-instantiated functions in the definition of Callable so that PromiseReactionJobTask::handler can verify correctly. Also make Callable verification stricter regarding JSProxy instances: they must have the callable bit set. Also update test-weak-references to use a different object type, since FeedbackVector::optimized_code_weak_or_smi should never point to a FixedArray. Bug: v8:9311 Change-Id: I4242df993e381a75f5b53302fee8fd2b12e96d34 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1650563 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#62153}
-
- 06 Jun, 2019 1 commit
-
-
Igor Sheludko authored
The implementation is already quite trivial and in addition in case of ptr-compr this implementation becomes even simpler and C++ compiler gets the opportunity to hoist common computation of isolate root. Tbr: yangguo@chromium.org Bug: v8:7464, v8:7703 Change-Id: I6e59cd43253c9ade5a0e27025ea7fabecd5b7af7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647171 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#62024}
-
- 03 Jun, 2019 1 commit
-
-
Seth Brenith authored
Implemented verifiers for the following classes: - ExternalString - FixedArrayBase - JSCollection - JSCollectionIterator - JSWeakCollection - Name - SeqString - Struct Removed the following class definitions from Torque, because they're just JSObject instances with particular starting maps, as discussed in https://crrev.com/c/v8/v8/+/1619146/6/src/builtins/base.tq#459 : - JSAccessorPropertyDescriptor - JSDataPropertyDescriptor - JSIteratorResult Following similar logic, removed the Torque definition of WasmExceptionPackage because it's just an error object that happens to have a couple of private-symbol properties. The following classes should not be defined in Torque because they're just a starting state for JSObject, but I'm leaving them for now because existing Torque code requires them: - JSArgumentsObjectWithLength - JSProxyRevocableResult Bug: v8:9311 Change-Id: I0336b6be7d02e48e4a8a0f660e24d2c2fa5f5e34 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637448 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#61970}
-
- 27 May, 2019 3 commits
-
-
Benedikt Meurer authored
This is a reland of 4b86fea5 with copy&paste typo in CodeStubAssembler::AllocateByteArray() fixed (bug led to holes in new space, which was crashing reproducibly on the ia32 bot). Original change's description: > [typedarray] Move external/data pointer to JSTypedArray. > > As the next step in supporting huge typed arrays in V8, this moves the > external/data pointer from the FixedTypedArrayBase backing store to the > JSTypedArray instance itself, and replaces the special backing stores > with a plain ByteArray (removing all the code for the FixedTypedArrayBase > class hierarchy). By doing so, we can drastically simplify the system > around typed arrays. > > Note: Several places in the code base used to check the instance type > of the elements backing store of a JSTypedArray instead of checking the > elements kind on the JSTypedArray map directly. Those had to be fixed, > since the backing store is now always a ByteArray. > > Drive-by-fix: Move all the typed elements access related code into the > elements.cc file to properly encapsulate the accesses. > > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 > Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 > Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61855} Tbr: petermarshall@chromium.org Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Change-Id: I87fcdb28532c5f08cc227332a4d59546cb423810 Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel Cq-Include-Trybots: luci.v8.try:v8_linux_shared_compile_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631592Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61864}
-
Clemens Hammacher authored
This reverts commit 4b86fea5. Reason for revert: Fails on linux shared: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/31045 Original change's description: > [typedarray] Move external/data pointer to JSTypedArray. > > As the next step in supporting huge typed arrays in V8, this moves the > external/data pointer from the FixedTypedArrayBase backing store to the > JSTypedArray instance itself, and replaces the special backing stores > with a plain ByteArray (removing all the code for the FixedTypedArrayBase > class hierarchy). By doing so, we can drastically simplify the system > around typed arrays. > > Note: Several places in the code base used to check the instance type > of the elements backing store of a JSTypedArray instead of checking the > elements kind on the JSTypedArray map directly. Those had to be fixed, > since the backing store is now always a ByteArray. > > Drive-by-fix: Move all the typed elements access related code into the > elements.cc file to properly encapsulate the accesses. > > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 > Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 > Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61855} TBR=ulan@chromium.org,yangguo@chromium.org,titzer@chromium.org,sigurds@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org,szuend@chromium.org Change-Id: I0bc1f935de6063acf75a0f4bb8c0ba67428603fd No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631427Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61856}
-
Benedikt Meurer authored
As the next step in supporting huge typed arrays in V8, this moves the external/data pointer from the FixedTypedArrayBase backing store to the JSTypedArray instance itself, and replaces the special backing stores with a plain ByteArray (removing all the code for the FixedTypedArrayBase class hierarchy). By doing so, we can drastically simplify the system around typed arrays. Note: Several places in the code base used to check the instance type of the elements backing store of a JSTypedArray instead of checking the elements kind on the JSTypedArray map directly. Those had to be fixed, since the backing store is now always a ByteArray. Drive-by-fix: Move all the typed elements access related code into the elements.cc file to properly encapsulate the accesses. Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61855}
-