1. 29 Jan, 2021 1 commit
  2. 28 Jan, 2021 2 commits
  3. 27 Jan, 2021 1 commit
    • Manos Koukoutos's avatar
      Reland "[wasm-gc] Remove abstract rtts" · d3b41d07
      Manos Koukoutos authored
      This is a reland of b77deeca
      
      Changes compared to original: Add explicit narrowing casts in tests
      for MSVC.
      
      Original change's description:
      > [wasm-gc] Remove abstract rtts
      >
      > In the latest wasm-gc spec, rtts of abstract types are no longer
      > allowed. Consequently, canonical rtts of concrete types always have
      > a depth of 0.
      >
      > Changes:
      > - Change the immediate argument of rtts to a type index over a heap
      >   type. Abstract it with TypeIndexImmediate in function body decoding.
      >   This affects:
      >   value_type.h, read_value_type(), decoding of relevant opcodes,
      >   wasm subtyping, WasmInitExpr, consume_init_expr(), and
      >   wasm-module-builder.cc.
      > - In function-body-decoder-impl.h, update rtt.canon to always produce
      >   an rtt of depth 0.
      > - Pass a unit32_t type index over a HeapType to all rtt-related
      >   utilities.
      > - Remove infrastructure for abstract-type rtts from the wasm compilers,
      >   setup-heap-internal.cc, roots.h, and module-instantiate.cc.
      > - Remove ObjectReferenceKnowledge::rtt_is_i31. Remove related branches
      >   from ref.test, ref.cast and br_on_cast implementations in the wasm
      >   compilers.
      > - Remove unused 'parent' field from WasmTypeInfo.
      > - Make the parent argument optional in NewWasmTypeInfo, CreateStructMap,
      >   and CreateArrayMap.
      > - Use more convenient arguments in IsHeapSubtypeOf.
      > - Update tests.
      >
      > Bug: v8:7748
      > Change-Id: Ib45efe0741e6558c9b291fc8b4a75ae303146bdc
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642248
      > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#72321}
      
      Bug: v8:7748
      Change-Id: I22b204b486fd185077cd6c7f15d492f5143f48fe
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650207
      Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72355}
      d3b41d07
  4. 26 Jan, 2021 5 commits
    • Benedikt Meurer's avatar
      [inspector] Fix crash due to misuse of embedder fields. · 7e2f1108
      Benedikt Meurer authored
      The contract between V8 and Blink is that embedder fields belong to
      Blink, at least when the object has two or more of them. Now we had 2-3
      embedder fields used by the debug proxies and that was confusing Blink,
      since it expects the first slot to hold an aligned pointer in that case
      and we had a HeapObject reference stored there.
      
      This is a quickfix, which avoids internal fields completely for the
      context extension proxy (using interceptors on the prototype instead)
      and changes the named proxies to store the name table under a private
      symbol instead of using a second internal field.
      
      A proper but way more involved fix is to introduce a proper instance
      type here and use space in the header instead of misusing embedder
      fields.
      
      Fixed: chromium:1170283
      Bug: chromium:1159402
      Change-Id: I6c4bbe2fe88fef29a6b9946708588245efbbe72b
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649033
      Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
      Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72323}
      7e2f1108
    • Clemens Backes's avatar
      Revert "[wasm-gc] Remove abstract rtts" · f30c2681
      Clemens Backes authored
      This reverts commit b77deeca.
      
      Reason for revert: MSVC compile fails: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20msvc/16535/overview
      
      Original change's description:
      > [wasm-gc] Remove abstract rtts
      >
      > In the latest wasm-gc spec, rtts of abstract types are no longer
      > allowed. Consequently, canonical rtts of concrete types always have
      > a depth of 0.
      >
      > Changes:
      > - Change the immediate argument of rtts to a type index over a heap
      >   type. Abstract it with TypeIndexImmediate in function body decoding.
      >   This affects:
      >   value_type.h, read_value_type(), decoding of relevant opcodes,
      >   wasm subtyping, WasmInitExpr, consume_init_expr(), and
      >   wasm-module-builder.cc.
      > - In function-body-decoder-impl.h, update rtt.canon to always produce
      >   an rtt of depth 0.
      > - Pass a unit32_t type index over a HeapType to all rtt-related
      >   utilities.
      > - Remove infrastructure for abstract-type rtts from the wasm compilers,
      >   setup-heap-internal.cc, roots.h, and module-instantiate.cc.
      > - Remove ObjectReferenceKnowledge::rtt_is_i31. Remove related branches
      >   from ref.test, ref.cast and br_on_cast implementations in the wasm
      >   compilers.
      > - Remove unused 'parent' field from WasmTypeInfo.
      > - Make the parent argument optional in NewWasmTypeInfo, CreateStructMap,
      >   and CreateArrayMap.
      > - Use more convenient arguments in IsHeapSubtypeOf.
      > - Update tests.
      >
      > Bug: v8:7748
      > Change-Id: Ib45efe0741e6558c9b291fc8b4a75ae303146bdc
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642248
      > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#72321}
      
      TBR=ulan@chromium.org,jkummerow@chromium.org,manoskouk@chromium.org
      
      Change-Id: I2f0d97f1a34f7c81c5a97d7c37925cb84c66eea3
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:7748
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650206Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72322}
      f30c2681
    • Manos Koukoutos's avatar
      [wasm-gc] Remove abstract rtts · b77deeca
      Manos Koukoutos authored
      In the latest wasm-gc spec, rtts of abstract types are no longer
      allowed. Consequently, canonical rtts of concrete types always have
      a depth of 0.
      
      Changes:
      - Change the immediate argument of rtts to a type index over a heap
        type. Abstract it with TypeIndexImmediate in function body decoding.
        This affects:
        value_type.h, read_value_type(), decoding of relevant opcodes,
        wasm subtyping, WasmInitExpr, consume_init_expr(), and
        wasm-module-builder.cc.
      - In function-body-decoder-impl.h, update rtt.canon to always produce
        an rtt of depth 0.
      - Pass a unit32_t type index over a HeapType to all rtt-related
        utilities.
      - Remove infrastructure for abstract-type rtts from the wasm compilers,
        setup-heap-internal.cc, roots.h, and module-instantiate.cc.
      - Remove ObjectReferenceKnowledge::rtt_is_i31. Remove related branches
        from ref.test, ref.cast and br_on_cast implementations in the wasm
        compilers.
      - Remove unused 'parent' field from WasmTypeInfo.
      - Make the parent argument optional in NewWasmTypeInfo, CreateStructMap,
        and CreateArrayMap.
      - Use more convenient arguments in IsHeapSubtypeOf.
      - Update tests.
      
      Bug: v8:7748
      Change-Id: Ib45efe0741e6558c9b291fc8b4a75ae303146bdc
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642248
      Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72321}
      b77deeca
    • Georg Neis's avatar
      [cleanup] Remove unused root empty_property_cell · ca5da5b9
      Georg Neis authored
      Change-Id: I702f8c021490f0538a98cad9a61b1dbae60fb881
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649027Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Georg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72314}
      ca5da5b9
    • Shu-yu Guo's avatar
      [regexp] Implement the /d flag for RegExp indices · 81e7e2f4
      Shu-yu Guo authored
      This CL implements the upcoming spec change:
      https://github.com/tc39/proposal-regexp-match-indices/pull/49
      
      A new JSRegExpResultWithIndices subclass is introduced with a separate map and
      an extra slot for storing the indices. If /d is passed, exec() constructs a
      JSRegExpResultWithIndices and eagerly builds indices.
      
      The existing re-execution logic is removed.
      
      Bug: v8:9548
      Change-Id: Ic11853e7521017af5e8bd583c7b82bb672821132
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2616873
      Commit-Queue: Shu-yu Guo <syg@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72306}
      81e7e2f4
  5. 22 Jan, 2021 1 commit
  6. 20 Jan, 2021 1 commit
    • Seth Brenith's avatar
      [torque] Begin porting ScopeInfo to Torque · ecaac329
      Seth Brenith authored
      This change adds Torque field definitions for ScopeInfo and begins to
      use the Torque-generated accessors in some places. It does not change
      the in-memory layout of ScopeInfo.
      
      Torque compiler changes:
      
      - Fix an issue where the parser created constexpr types for classes
        based on the class name rather than the `generates` clause. This meant
        that generated accessors referred to the imaginary type HashTable
        rather than the real C++ type FixedArray.
      - Don't pass Isolate* through the generated runtime functions that
        implement Torque macros. Maybe we'll need it eventually, but we don't
        right now and it complicates a lot of things.
      - Don't emit `kSomeFieldOffset` if some_field has an unknown offset.
        Instead, emit a member function `SomeFieldOffset()` which fetches the
        slice for some_field and returns its offset.
      - Emit an `AllocatedSize()` member function for classes which have
        complex length expressions. It fetches the slice for the last field
        and performs the multiply&add to compute the total object size.
      - Emit field accessors for fields with complex length expressions, using
        the new offset functions.
      - Fix a few minor bugs where Torque can write uncompilable code.
      
      With this change, most code still treats ScopeInfo like a FixedArray, so
      I would like to follow up with some additional changes:
      
      1. Generate a GC visitor for ScopeInfo and use it
      2. Generate accessors for struct-typed fields (indexed or otherwise),
         and use them
      3. Get rid of the FixedArray-style get and set accessors; use
         TaggedField::load and similar instead
      4. Inherit from HeapObject rather than FixedArrayBase to remove the
         unnecessary `length` field
      
      After that, there will only be one ugly part left: initialization. I
      think it's possible to generate a factory function that takes a bunch of
      iterator parameters and returns a fully-formed, verifiably correct
      ScopeInfo instance, but doing so is more complicated than the four
      mostly-mechanical changes listed above.
      
      Bug: v8:7793
      Change-Id: I55fcfe9189e4d1613c68d49e378da5dc02597b36
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2357758Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
      Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
      Cr-Commit-Position: refs/heads/master@{#72187}
      ecaac329
  7. 19 Jan, 2021 4 commits
  8. 18 Jan, 2021 2 commits
  9. 15 Jan, 2021 1 commit
  10. 11 Jan, 2021 1 commit
  11. 08 Jan, 2021 1 commit
    • Benedikt Meurer's avatar
      [inspector] Remove special wasm RemoteObject type. · cde7a77e
      Benedikt Meurer authored
      Previously we had introduced a special `v8::internal::WasmValue` type
      which we used to expose Wasm values to the Scope view in Chromium
      DevTools. The problem however is that these values cannot be exposed to
      JavaScript (and in particular not to Debug Evaluate), which means that
      particularly for v128 and i64 we have inconsistent representations
      across the various parts of DevTools.
      
      This change removes the `wasm` type from the RemoteObject and all the
      adjacent logic, and paves the way for a uniform representation of Wasm
      values throughout DevTools. For i64 we will simply use BigInt
      consistently everywhere, and for i32, f32 and f64 we'll just use Number.
      For externref we will represent the values as-is directly. For v128
      values we currently use a Uint8Array, but will introduce a dedicated
      WasmSimd128 class in a follow-up CL.
      
      Bug: chromium:1071432
      Fixed: chromium:1159402
      Change-Id: I0671e5736c9c27d7ca376e23ed74f16d36e03c80
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2614428Reviewed-by: 's avatarZhi An Ng <zhin@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Commit-Queue: Zhi An Ng <zhin@chromium.org>
      Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#71962}
      cde7a77e
  12. 17 Dec, 2020 1 commit
  13. 16 Dec, 2020 2 commits
  14. 03 Dec, 2020 1 commit
  15. 30 Nov, 2020 1 commit
    • Seth Brenith's avatar
      Require the first three fields of ScopeInfo to be present · 2bbf3333
      Seth Brenith authored
      ScopeInfo objects generally start with three fields: flags, parameter
      count, and local variable count. But a single read-only ScopeInfo
      instance has none of those fields. This is the empty ScopeInfo, which is
      used for contexts that don't correspond to any scope (the native context
      and contexts for builtin functions). Since there is only ever a single
      instance of the empty ScopeInfo, the memory savings of omitting these
      fields is trivial, and we can simplify logic somewhat by including them.
      Rather than checking for length to be zero, this change introduces a new
      flag indicating that a ScopeInfo instance is the empty one.
      
      On its own, this change doesn't provide a whole lot of value. However,
      it sets us up for two further improvements, which are consistent with
      the goals outlined in [1]:
      
      1. We should fully describe ScopeInfo fields in Torque. Getting rid of
      the requirement to check for emptiness would substantially simplify the
      indexed field expressions.
      
      2. ScopeInfo shouldn't inherit from FixedArray, and shouldn't begin with
      a `length` field when the length can be computed from the other fields.
      This would save a small amount of heap memory and avoid any possibility
      of a mismatch between the two ways of computing the length.
      
      [1] https://docs.google.com/document/d/1tiGK7_lubxPHnInI2vscUwMHfadn8gIEa1apmI8HxR4/edit#heading=h.n63k76b3zfwa
      
      Bug: v8:8952
      Change-Id: I018127698a5d91fb2a91684bc3aec2e27ee27c41
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2561598Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
      Cr-Commit-Position: refs/heads/master@{#71500}
      2bbf3333
  16. 24 Nov, 2020 2 commits
  17. 19 Nov, 2020 2 commits
  18. 17 Nov, 2020 1 commit
  19. 11 Nov, 2020 1 commit
  20. 10 Nov, 2020 1 commit
    • Daniel Clark's avatar
      Plumb import assertions through SourceTextModuleDescriptor's ModuleRequestMap · ea0ccc7e
      Daniel Clark authored
      This change plumbs import assertions from SourceTextModuleDescriptor's
      ModuleRequestMap into SourceTextModuleInfo via a new ModuleRequest
      type, where previously there had been only the specifier.
      
      SourceTextModuleDescriptor::module_map now deduplicates module requests
      using the specifier and the import assertions.  Continuing to use the
      specifier alone would cause a loss of information in the event that
      a module imports from the same specifier multiple times using different
      sets of assertions.  Failing to deduplicate at all would result in
      multiple requests for statements like `import {a,b,c} from "foo.js"`,
      which would be a potential performance issue.  See design doc at
      https://docs.google.com/document/d/1yuXgNHSbTAPubT1Mg0JXp5uTrfirkvO1g5cHHCe-LmY
      for more detail on this decision.
      
      v8::internal::ModuleRequest holds the assertions as an array of the form
      [key1, value1, position1, key2, value2, assertion2, ...].  However the
      parser still needs to use a map, since duplicate assertion keys need to
      be detected at parse time.  A follow-up  change will ensure that
      assertions are sorted using a proper lexicographic sort.
      
      Bug: v8:10958
      Change-Id: Iff13fb9a37d58fc1622cd3cce78925ad2b7a14bb
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2493060
      Commit-Queue: Dan Clark <daniec@microsoft.com>
      Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
      Reviewed-by: 's avatarMarja Hölttä <marja@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#71066}
      ea0ccc7e
  21. 09 Nov, 2020 1 commit
    • Tobias Tebbi's avatar
      Reland "[torque] allow exported classes with custom C++ class" · bd75b0ba
      Tobias Tebbi authored
      This is a reland of 26f10ecd
      
      Change compared to original CL:
      The deserializer changes StrongDescriptorArray to DescriptorArray.
      Since this CL uses separate BodyDescriptors for the two kinds of
      descriptor arrays, this caused a DCHECK failure when the deserializer
      changes the map while the object is visited from the concurrent marking
      thread. Fix this by disabling the corresponding checks.
      
      
      Original change's description:
      > [torque] allow exported classes with custom C++ class
      >
      > Introduce a new annotation @customCppClass that can be used for
      > non-extern @export classes, that is, generate everything, remove
      > boilerplate from all the internal lists and switches, but allow
      > a custom C++ class, which in turn also allows overwriting the generated
      > print and verify functions.
      >
      > Port DescriptorArray and StrongDescriptorArray as an example.
      >
      > Bug: v8:7793
      > Change-Id: I744e52fb4102ac49c0097f1c95bb17d301975bf0
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489687
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
      > Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
      > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70989}
      
      Bug: v8:7793
      Change-Id: I7505fb111896991d16d7d113704c8c3676669f34
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526383Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#71048}
      bd75b0ba
  22. 05 Nov, 2020 2 commits
  23. 02 Nov, 2020 1 commit
  24. 30 Oct, 2020 1 commit
    • Martin Bidlingmaier's avatar
      [regexp] Add 'l' flag to force experimental engine · 5720d205
      Martin Bidlingmaier authored
      This commit adds the 'l' (linear) RegExp flag (as in e.g. /asdf|123/l)
      that forces execution in linear time.  These regexps are handled by the
      experimental engine.  If the experimental engine cannot handle the
      pattern, an exception is thrown on creation of the regexp.
      
      The commit also adds a new global V8 flag and changes an existing one:
      * --enable-experimental-engine, which turns on recognition of the RegExp
        'l' flag.  Previously this flag also caused all supported regexps to
        be executed by the experimental engine; this is not the case anymore.
      * --default-to-experimental-regexp-engine takes over the previous
        semantics of --enable-experimental-regexp-engine:  We execute all
        supported regexps with the experimental engine.
      
      Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
      Bug: v8:10765
      Change-Id: I5622a89b19404105e8be280d454e9fdd63c003b3
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461244Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Reviewed-by: 's avatarSimon Zünd <szuend@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Martin Bidlingmaier <mbid@google.com>
      Cr-Commit-Position: refs/heads/master@{#70892}
      5720d205
  25. 27 Oct, 2020 1 commit
    • Mike Stanton's avatar
      [TurboFan] Provide concurrent access to feedback vector · 2288b1f6
      Mike Stanton authored
      This CL provides synchronized get/set to feedback vector slots.
      The FeedbackNexus is set up to use order preserving reads when used
      on the background thread, and a lock to ensure coherent read
      of information for ICKinds with two slots. The main thread takes
      the lock on sets.
      
      This test provides patterns to be followed by concurrent TurboFan.
      
      We don't yet access the FeedbackVector on the background thread.
      This CL only makes it safe to do so. The next step will come when
      the optimizing compiler begins to query the the vector from the
      background thread. Currently, with --concurrent-inlining turned on
      this is done in bytecode serialization on the main thread. Without
      concurrent inlining, it's also done on the main thread, in both
      cases using the FeedbackNexus.
      
      Bug: v8:7790
      Change-Id: I49d8b8031190f91a0da1c24f375b6b6d8a9fe038
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2276210
      Commit-Queue: Michael Stanton <mvstanton@chromium.org>
      Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Reviewed-by: 's avatarSantiago Aboy Solanes <solanes@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70797}
      2288b1f6
  26. 19 Oct, 2020 1 commit
  27. 15 Oct, 2020 1 commit