Skip to content

V
V8
Switch branch/tag
  1. 02 Jun, 2022 1 commit
  3. 27 May, 2022 3 commits
  5. 25 May, 2022 1 commit
  7. 24 May, 2022 2 commits
  9. 23 May, 2022 1 commit
  11. 19 May, 2022 1 commit
  13. 13 May, 2022 1 commit
  15. 12 May, 2022 1 commit
  17. 27 Apr, 2022 1 commit
  19. 26 Apr, 2022 1 commit
    • Patrick Thier's avatar
      Reland "[string] Non-transitioning shared strings" · fa1caae9
      Patrick Thier authored 
      This is a reland of commit 8ba60b7a

Changes to original:
- Weaken DCHECK in MakeThin to allow direct transitions of shared
  strings during deserialization. This is safe as the string to be
  transitioned is freshly created and hasn't escaped the thread yet.
  - To enable this, add has_active_deserializer() to LocalIsolate

- Shared thin string transitions are subject to the same layout changes
  as non-shared thin string transitions, thus treat them equally when
  checking if a map transition is safe.

Original change's description:
> [string] Non-transitioning shared strings
>
> Instead of transitioning shared strings to ThinString on
> internalization, use a forwarding table to the internalized string and
> store the index into the forwarding table in the string's hash field.
>
> This way we don't need to handle concurrent string transitions that
> modify the underlying string data.
>
> During stop-the-world GC, live strings in the forwarding table are
> migrated to regular ThinStrings.
>
> Bug: v8:12007
> Change-Id: I6c6f3d41c6f644e0aaeafbf25ecec5ce0aa0d2d8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3536647
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79801}

Bug: v8:12007
Change-Id: I022e5c4768b763a86bb28c9c82218c3b807371a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571817Reviewed-by: 's avatarShu-yu Guo <syg@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
Reviewed-by: 's avatarJakob Linke <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80183}
      fa1caae9
  21. 06 Apr, 2022 3 commits
  23. 31 Mar, 2022 1 commit
    • Joyee Cheung's avatar
      [ic] name Set/Define/Store property operations more consistently pt.2 · cf5ce194
      Joyee Cheung authored 
      As a follow-up of
https://chromium-review.googlesource.com/c/v8/v8/+/3481475,
this renames a few more operations related to property stores to keep
them consistent and adds comments to explain about what they do.

Summary of the renamed identifiers:

- SetPropertyInLiteral -> CreateDataProperty: this implements
  [[CreateDataProperty]] in the spec which does [[DefineOwnProperty]]
  instead of [[Set]], so rename for clarity.
- IsStoreIC(), IsStoreICKind() -> IsSetNamedIC(), IsSetNamedICKind():
  these only check whether the feedback kind is kSetNamedSloppy or
  kSetNamedStrict, so the scope can be narrowed.
- StoreMode::kOrdinary -> StoreMode::kSet: this implements [[Set]]
  in the spec and is used by both KeyedStoreIC and
  StoreIC to set the properties when there is no feedback.
- StoreMode::kInLiteral -> StoreMode::kDefineKeyedOwnInLiteral:
  this implements [[CreateDataProperty]] while expecting the receiver
  to be a JSObject created by us (the `InLiteral` part). Prepend
  `DefineKeyedOwn` to it so that it's more aligned with other
  StoreModes - it should be possible to just merge this into the
  more generic StoreMode::kDefineKeyedOwn later.
- KeyedStoreGenericAssembler::SetProperty ->
  KeyedStoreGenericAssembler::StoreProperty: these helpers are used by
  both define and set operations, distinguished with the StoreMode,
  so rename it to the more generic StoreProperty.

Bug: v8:12548
Change-Id: Iccef673c1dc707bbdbf010f02f7db1e9ec32b3e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557690Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#79694}
      cf5ce194
  25. 30 Mar, 2022 3 commits
  27. 24 Mar, 2022 2 commits
    • Marja Hölttä's avatar
      Revert "[super IC] Fix receiver vs lookup start object confusion" · 96c5daae
      Marja Hölttä authored 
      This reverts commit 9c3d4b35.

Reason for revert: This is not the right fix (see bug).

Original change's description:
> [super IC] Fix receiver vs lookup start object confusion
>
> Bug: v8:9237,chromium:1308360
> Change-Id: I11e3c14a6cecb9d88a834711fb6252191494d5f7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545172
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79571}

Bug: v8:9237,chromium:1308360
Change-Id: I0efa6ab561482ffc323b63500acfeb80598f3e7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548896
Auto-Submit: Marja Hölttä <marja@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79604}
      96c5daae
    • Joyee Cheung's avatar
      [ic] fix handling of existing properties in Define{Keyed|Named}OwnIC · 4ee68d81
      Joyee Cheung authored 
      - When the property being defined with DefineKeyedOwnIC or
  DefineNamedOwnIC already exists, we should use the slow path to
  check if the operation is allowed in case the property is
  non-configurable or Object.preventExtensions() has been called on
  the property.
- Since KeyedStoreIC:Store() reuses StoreIC::Store() when the key is a
  name, we should use Runtime::DefineObjectOwnProperty() for
  DefineKeyedOwnIC too.
- When dealing with public fields, Runtime::DefineObjectOwnProperty()
  should use JSReceiver::CreateDataProperty() instead of
  Object::SetProperty() for the specified semantics. This patch also
  adds JSReceiver::AddPrivateField() for it and StoreIC::Store to
  define private fields without triggering traps or checking
  extensibility.
- To emit a more specific error message when redefining properties
  on non-extensible objects, Object::AddDataProperty() now also takes
  a EnforceDefineSemantics enum to distinguish between set and define.
- Drive-by: fix JSReceiver::CheckIfCanDefine() which should check for
  extensibility even if the configurability check passes.

Bug: chromium:1259950, v8:9888
Change-Id: Ib1bc851ffd4b9c3a0e98cac96dafe743c08ee37e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3517934Reviewed-by: 's avatarShu-yu Guo <syg@chromium.org>
Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#79603}
      4ee68d81
  29. 23 Mar, 2022 1 commit
  31. 14 Mar, 2022 1 commit
  33. 09 Mar, 2022 1 commit
    • Camillo Bruni's avatar
      [runtime] Clean up runtime function Arguments accesses · cead6573
      Camillo Bruni authored 
      Replace all CONVERT_XXX_ARG_XXX() macros from runtime-util.h with direct
calls to Arguments or the fully expanded equivalent.

- This replaces many of the hard CHECKs with DCHECK (as is common
  practice in most V8 code)
- Instead of relying on verbose comments we now have readable code
- Rename Arguments.::xxx_at with Arguments::xxx_value_at since these
  methods don't return the Object but rather their double/int value

- Add Oddball::ToBool helper
- Add and use v8::internal::PropertyAttributesFromInt helper
- Add stronger DCHECK for PropertyAttributes returned in
  GetPropertyAttributesWithInterceptorInternal



Bug: v8:11263
Change-Id: I8d531857e05d19f3198753b05af28d993a391854
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497768Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79418}
      cead6573
  35. 08 Mar, 2022 1 commit
    • Joyee Cheung's avatar
      [ic] name Set/Define/Store property operations more consistently · 0d1ffe30
      Joyee Cheung authored 
      For background and reasoning, see
https://docs.google.com/document/d/1jvSEvXFHRkxg4JX-j6ho3nRqAF8vZI2Ai7RI8AY54gM/edit
This is the first step towards pulling the DefineNamedOwn operation out
of StoreIC.

Summary of the renamed identifiers:

Bytecodes:

- StaNamedProperty -> SetNamedProperty: calls StoreIC and emitted for
  normal named property sets like obj.x = 1.
- StaNamedOwnProperty -> DefineNamedOwnProperty: calls
  DefineNamedOwnIC (previously StoreOwnIC), and emitted for
  initialization of named properties in object literals and named
  public class fields.
- StaKeyedProperty -> SetKeyedProperty: calls KeyedStoreIC and emitted
  for keyed property sets like obj[x] = 1.
- StaKeyedPropertyAsDefine -> DefineKeyedOwnProperty: calls
  DefineKeyedOwnIC (previously KeyedDefineOwnIC) and emitted for
  initialization of private class fields and computed public class
  fields.
- StaDataPropertyInLiteral -> DefineKeyedOwnPropertyInLiteral: calls
  DefineKeyedOwnPropertyInLiteral runtime function (previously
  DefineDataPropertyInLiteral) and emitted for initialization of keyed
  properties in object literals and static class initializers. (note
  that previously the StoreDataPropertyInLiteral runtime function name
  was taken by object spreads and array literal creation instead)
- LdaKeyedProperty -> GetKeyedProperty, LdaNamedProperty ->
  GetNamedProperty, LdaNamedPropertyFromSuper ->
  GetNamedPropertyFromSuper: we drop the Sta prefix for the property
  store operations since the accumulator use is implicit and to make
  the wording more natural, for symmetry the Lda prefix for the
  property load operations is also dropped.

opcodes:

- (JS)StoreNamed -> (JS)SetNamedProperty: implements set semantics for
  named properties, compiled from SetNamedProperty (previously
  StaNamedProperty) and lowers to StoreIC or Runtime::kSetNamedProperty
- (JS)StoreNamedOwn -> (JS)DefineNamedOwnProperty: implements define
  semantics for initializing named own properties in object literal and
  public class fields, compiled from DefineNamedOwnProperty (previously
  StaNamedOwnProperty) and lowers to DefineNamedOwnIC
  (previously StoreOwnIC)
- (JS)StoreProperty -> (JS)SetKeyedProperty: implements set semantics
  for keyed properties, only compiled from SetKeyedProperty(previously
  StaKeyedProperty) and lowers to KeyedStoreIC
- (JS)DefineProperty -> (JS)DefineKeyedOwnProperty: implements define
  semantics for initialization of private class fields and computed
  public class fields, compiled from DefineKeyedOwnProperty (previously
  StaKeyedPropertyAsDefine) and calls DefineKeyedOwnIC (previously
  KeyedDefineOwnIC).
- (JS)StoreDataPropertyInLiteral ->
  (JS)DefineKeyedOwnPropertyInLiteral: implements define semantics for
  initialization of keyed properties in object literals and static
  class initializers, compiled from DefineKeyedOwnPropertyInLiteral
  (previously StaDataPropertyInLiteral) and calls the
  DefineKeyedOwnPropertyInLiteral runtime function (previously
  DefineDataPropertyInLiteral).

Runtime:
- DefineDataPropertyInLiteral -> DefineKeyedOwnPropertyInLiteral:
  following the bytecode/opcodes change, this is used by
  DefineKeyedOwnPropertyInLiteral (previously StaDataPropertyInLiteral)
  for object and class literal initialization.
- StoreDataPropertyInLiteral -> DefineKeyedOwnPropertyInLiteral_Simple:
  it's just a simplified version of DefineDataPropertyInLiteral that
  does not update feedback or perform function name configuration.
  This is used by object spread and array literal creation. Since we
  are renaming DefineDataPropertyInLiteral to
  DefineKeyedOwnPropertyInLiteral, rename this simplified version with
  a `_Simple` suffix. We can consider merging it into
  DefineKeyedOwnPropertyInLiteral in the future. See
  https://docs.google.com/document/d/1jvSEvXFHRkxg4JX-j6ho3nRqAF8vZI2Ai7RI8AY54gM/edit?disco=AAAAQQIz6mU
- Other changes following the bytecode/IR changes

IC:

- StoreOwn -> DefineNamedOwn: used for initialization of named
  properties in object literals and named public class fields.
  - StoreOwnIC -> DefineNamedOwnIC
  - StoreMode::kStoreOwn -> StoreMode::kDefineNamedOwn
  - StoreICMode::kStoreOwn -> StoreICMode::kDefineNamedOwn
  - IsStoreOwn() -> IsDefineNamedOwn()
- DefineOwn -> DefineKeyedOwn: IsDefineOwnIC() was already just
  IsDefineKeyedOwnIC(), and IsAnyDefineOwn() includes both named and
  keyed defines so we don't need an extra generic predicate.
  - StoreMode::kDefineOwn -> StoreMode::kDefineKeyedOwn
  - StoreICMode::kDefineOwn -> StoreICMode::kDefineKeyedOwn
  - IsDefineOwn() -> IsDefineKeyedOwn()
  - IsDefineOwnIC() -> IsDefineKeyedOwnIC()
  - Removing IsKeyedDefineOwnIC() as its now a duplicate of
    IsDefineKeyedOwnIC()
- KeyedDefineOwnIC -> DefineKeyedOwnIC,
  KeyedDefineOwnGenericGenerator() -> DefineKeyedOwnGenericGenerator:
  make the ordering of terms more consistent
- IsAnyStoreOwn() -> IsAnyDefineOwn(): this includes the renamed and
  DefineNamedOwn and DefineKeyedOwn. Also is_any_store_own() is
  removed since it's just a duplicate of this.
- IsKeyedStoreOwn() -> IsDefineNamedOwn(): it's unclear where the
  "keyed" part came from, but it's only used when DefineNamedOwnIC
  (previously StoreOwnIC) reuses KeyedStoreIC, so rename it accordingly

Interpreter & compiler:
- BytecodeArrayBuilder: following bytecode changes
    - StoreNamedProperty -> SetNamedProperty
  - StoreNamedOwnProperty -> DefineNamedOwnProperty
  - StoreKeyedProperty -> SetKeyedProperty
  - DefineKeyedProperty -> DefineKeyedOwnProperty
  - StoreDataPropertyInLiteral -> DefineKeyedOwnPropertyInLiteral
- FeedbackSlotKind:
  - kDefineOwnKeyed -> kDefineKeyedOwn: make the ordering of terms more
    consistent
  - kStoreOwnNamed -> kDefineNamedOwn: following the IC change
  - kStoreNamed{Sloppy|Strict} -> kSetNamed{Sloppy|Strict}: only
    used in StoreIC for set semantics
  - kStoreKeyed{Sloppy|Strict} -> kSetKeyed{Sloppy|Strict}: only used
    in KeyedStoreIC for set semantics
  - kStoreDataPropertyInLiteral -> kDefineKeyedOwnPropertyInLiteral:
    following the IC change
- BytecodeGraphBuilder
  - StoreMode::kNormal, kOwn -> NamedStoreMode::kSet, kDefineOwn: this
    is only used by BytecodeGraphBuilder::BuildNamedStore() to tell the
    difference between SetNamedProperty and DefineNamedOwnProperty
    operations.

Not changed:

- StoreIC and KeyedStoreIC currently contain mixed logic for both Set
  and Define operations, and the paths are controlled by feedback. The
  plan is to refactor the hierarchy like this:
  ```
  - StoreIC
    - DefineNamedOwnIC
    - SetNamedIC (there could also be a NamedStoreIC if that's helpful)
    - KeyedStoreIC
      - SetKeyedIC
      - DefineKeyedOwnIC
      - DefineKeyedOwnICLiteral (could be merged into DefineKeyedOwnIC)
      - StoreInArrayLiteralIC
    - ...
  ```
  StoreIC and KeyedStoreIC would then contain helpers shared by their
  subclasses, therefore it still makes sense to keep the word "Store"
  in their names since they would be generic base classes for both set
  and define operations.
- The Lda and Sta prefixes of bytecodes not involving object properties
  (e.g. Ldar, Star, LdaZero) are kept, since this patch focuses on
  property operations, and distinction between Set and Define might be
  less relevant or nonexistent for bytecodes not involving object
  properties. We could consider rename some of them in future patches
  if that's helpful though.

Bug: v8:12548
Change-Id: Ia36997b02f59a87da3247f20e0560a7eb13077f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3481475Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
Reviewed-by: 's avatarShu-yu Guo <syg@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#79409}
      0d1ffe30
  37. 04 Mar, 2022 1 commit
  39. 23 Feb, 2022 1 commit
  41. 18 Feb, 2022 1 commit
    • Michael Achenbach's avatar
      Revert "[shared-struct] Prototype JS shared structs" · c1078b5e
      Michael Achenbach authored 
      This reverts commit 1025bf26.

Reason for revert: https://crbug.com/v8/12645

Original change's description:
> [shared-struct] Prototype JS shared structs
>
> Unlike the Stage 1 proposal, for simplicity the prototype does not add
> any new syntax, instead opting for exposing a SharedStructType
> constructor which takes an array of field names. This type constructor
> returns constructors for shared structs.
>
> Shared structs can be shared across Isolates, are fixed layout, have no
> prototype, have no .constructor, and can only store primitives and
> other shared structs.
>
> The initial prototype does not have TurboFan support.
>
> Bug: v8:12547
> Change-Id: I23bdd819940b42139692bcdb53d372099b0d4426
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3390643
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79156}

Bug: v8:12547
Change-Id: I44f2b8bb7487b4d39ba1282585e0b2282501230f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474676
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79170}
      c1078b5e
  43. 17 Feb, 2022 1 commit
  45. 16 Feb, 2022 1 commit
  47. 15 Feb, 2022 1 commit
  49. 07 Feb, 2022 1 commit
  51. 31 Jan, 2022 1 commit
  53. 27 Jan, 2022 1 commit
  55. 26 Jan, 2022 1 commit
  57. 18 Jan, 2022 1 commit
    • Joyee Cheung's avatar
      [class] handle existing readonly properties in StoreOwnIC · 80bbbb14
      Joyee Cheung authored 
      Previously, StoreOwnIC incorrectly reuses the [[Set]] semantics
when initializing public literal class fields and object literals in
certain cases (e.g. when there's no feedback).
This was less of an issue for object literals, but with public class
fields it's possible to define property attributes while the
instance is still being initialized, or to encounter existing static
"name" or "length" properties that should be readonly. This patch
fixes it by

1) Emitting code that calls into the slow stub when
   handling StoreOwnIC with existing read-only properties.
2) Adding extra steps in StoreIC::Store to handle such stores
   properly with [[DefineOwnProperty]] semantics.

Bug: v8:12421, v8:9888
Change-Id: I6547320a1caba58c66ee1043cd3183a2de7cefef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300092Reviewed-by: 's avatarShu-yu Guo <syg@chromium.org>
Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#78659}
      80bbbb14
  59. 11 Jan, 2022 1 commit
  61. 16 Dec, 2021 2 commits