- 29 Sep, 2020 1 commit
-
-
Samuel Groß authored
This change moves external pointers into a separate table and turns external pointers in heap objects into indices into that table. This CL implements one of two possible ownership models for the table entries. With this one, every heap object owns its table entries, and they are allocated when the owning object is allocated. As such, setting external pointer fields does not require allocation of table entries. On the other hand, table indices cannot be shared between multiple objects. This CL does not yet implement freeing of external pointer table entires. This will later happen by a table garbage collector. Bug: v8:10391 Change-Id: I4d37785295c25a7d1dcbc9871dd5887b9d788a4f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235700Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Samuel Groß <saelo@google.com> Cr-Commit-Position: refs/heads/master@{#70204}
-
- 12 May, 2020 1 commit
-
-
Tobias Tebbi authored
Bug: v8:7793 Change-Id: Id2a93f8ac8c512dbc5cdeb43a97e04d8d6684954 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196130 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#67748}
-
- 06 May, 2020 1 commit
-
-
Tobias Tebbi authored
Bug: v8:10421, v8:7793 Change-Id: If11fc7666f04ed0914f5fdfcdaa87acb8655d956 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169100 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#67591}
-
- 04 May, 2020 1 commit
-
-
Igor Sheludko authored
Bug: v8:10391 Change-Id: I316a3c5cd986a74d7f46da6d0b85cb3d549be497 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2153209 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#67533}
-
- 28 Feb, 2020 1 commit
-
-
Seth Brenith authored
Previously, our Torque definition of JSArrayBuffer included only the first two fields. This allowed access to those two fields, but was somewhat confusing and obviously didn't let Torque code access the other fields. This change: - Completes the JSArrayBuffer layout definition; - Moves the associated bitfield struct definition to Torque; - Moves a couple of JSArrayBuffer macros to Torque; - Adds a reducer case so that the code generated using these new macros is not worse than what was generated previously. Change-Id: Ib19c3ba789a33801fa9d0d064cd21d62a1e03e30 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2053769 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66503}
-
- 18 Dec, 2019 1 commit
-
-
Nico Hartmann authored
This CL implements enums in Torque in three steps: 1.) It implements necessary changes to Torque's type system. In particular, the constraints on constexpr types are relaxed such that constexpr types can exist without a corresponding non-constexpr version. Furthermore, constexpr and their non-constexpr counterpart need not be of the same kind of type. This allows an AbstractType to have a UnionType as its non-constexpr counterpart. 2.) The enum feature itself is realized as a pure desugaring in the parser, where all required types, constants and macro specializations (like FromConstexpr<>) are generated from a simple enum declaration, such that enum entries are not just constants, but are namespace scoped and have distinct types so that they can be used within typeswitch constructs. 3.) Almost all of the existing constants defined in torque (.tq files) are ported to new enum definitions. Bug: v8:10053 Change-Id: I72426d3b1434f301fd690847e15603de0dc1021b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1964392 Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65503}
-
- 13 Nov, 2019 1 commit
-
-
Mike Stanton authored
This is part of a general move of math builtins away from builtins-math-gen.cc. Change-Id: Ifb6e5d4779bb9e6f69ff7c58d09ca8fc94f4cc66 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914210 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#64943}
-
- 06 Nov, 2019 1 commit
-
-
Igor Sheludko authored
... in an uintptr friendly way. Drive-by-fix: 1) IsForceSlowPath() check is integrated into Cast<FastJSArray> 2) disable tests incompatible with --force-slow-path in "slow_path" variant Bug: v8:8906, v8:4153 Change-Id: I427f117073bc295120aa52fb3fe023ee04d58302 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1899988 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#64799}
-
- 04 Nov, 2019 1 commit
-
-
Igor Sheludko authored
... in an uintptr index friendly way. Bug: v8:8906, v8:4153 Change-Id: Ib06ac205453fe3ff653b4fb73194e1ab53ca0d00 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1891610 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#64731}
-
- 31 Oct, 2019 1 commit
-
-
Igor Sheludko authored
This is a cleanup before we introduce StoreTypedElementJSAny<T: type>() which are necessary for porting %TypedArray%.from to Torque. Drive-by-fix: formatted third_party/v8/builtins/array-sort.tq Bug: v8:8906 Change-Id: Ic84cb763ae7e5d400b5d7f7b102baa497fe9fe91 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893331 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#64690}
-
- 25 Oct, 2019 1 commit
-
-
Igor Sheludko authored
... and reimplement TryNumberToUintPtr. Bug: v8:4153 Change-Id: I3b683b6a41ebf49229aee4ceea4910e94d35ccca Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876817 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#64566}
-
- 23 Oct, 2019 2 commits
-
-
Igor Sheludko authored
The size/length limits are still at kSmiMaxValue. Bug: v8:4153 Change-Id: I6ffda50a3b9f235b97a3718e86df7deadce9f6f8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1874346 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#64514}
-
Igor Sheludko authored
The new ToIndex() must eventually replace ToSmiIndex(). The CL fixes the following abstract operations: GetViewValue(view, requestIndex, isLittleEndian, type) SetViewValue(view, requestIndex, isLittleEndian, type, value) and the following builtins: DataView.prototype.getXXX DataView.prototype.setXXX where XXX are all typed elements. Bug: v8:4153 Change-Id: Ic2f33e91b59426deb0efa28bb4c15253e80a299c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1874345 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#64506}
-
- 18 Oct, 2019 2 commits
-
-
Igor Sheludko authored
The CL fixes the following builtins: %TypedArray%.prototype.filter Bug: v8:4153 Change-Id: Ifb4a464c91c38c586598359ffcded9cc4e7d8f4a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864943 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#64375}
-
Mike Stanton authored
also TypedArrays. Change-Id: I542a09a979c7fe9a3893ad4ae7cea4e057b17359 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864944 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#64371}
-
- 23 Sep, 2019 1 commit
-
-
Dan Elphick authored
Move CodeStubAssembler::StoreJSTypedArrayElementFromTagged, SetJSTypedArrayOnHeapDataPtr and SetJSTypedArrayOffHeapDataPtr into TypedArrayBuiltinsAssembler. Bug: v8:9396 Change-Id: I16e6aa82d0de9bd1d29a9e2c095032f2c6dd5e29 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1817611Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#63930}
-
- 19 Sep, 2019 2 commits
-
-
Igor Sheludko authored
This is a reland of 6f9b2bd4 We must load JSTypedArray::base_pointer in TurboFan as tagged value otherwise this value may become stale pointer after GC. Original change's description: > [ptr-compr] Make on-heap JSTypedArrays smi-corrupting friendly > > On-heap typed arrays contain HeapObject value in |base_pointer| field > and an offset in |external_pointer| field. When pointer compression is > enabled we want to combine decompression with the offset addition. > In order to do that we add an isolate root to the external_pointer value > and therefore the data pointer computation can is a simple addition of > a (potentially sign-extended) |base_pointer| loaded as Tagged_t value > and an |external_pointer| value. > > Bug: v8:9706 > Change-Id: Id5c546c353c81fb25e3598921bc78165d10a9c44 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807369 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63874} Bug: v8:9706, chromium:1005599 Cq-Include-Trybots: luci.chromium.try:gpu-fyi-try-win10-nvidia-rel-64 Change-Id: I7bbd2a439306cdd11f2bb0dab5863498624d9740 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813744Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#63898}
-
Clemens Hammacher authored
This reverts commit 6f9b2bd4. Reason for revert: Fails on nvidia bots, blocking LKGR: https://ci.chromium.org/p/v8/builders/ci/Win%20V8%20FYI%20Release%20(NVIDIA)/5005 Original change's description: > [ptr-compr] Make on-heap JSTypedArrays smi-corrupting friendly > > On-heap typed arrays contain HeapObject value in |base_pointer| field > and an offset in |external_pointer| field. When pointer compression is > enabled we want to combine decompression with the offset addition. > In order to do that we add an isolate root to the external_pointer value > and therefore the data pointer computation can is a simple addition of > a (potentially sign-extended) |base_pointer| loaded as Tagged_t value > and an |external_pointer| value. > > Bug: v8:9706 > Change-Id: Id5c546c353c81fb25e3598921bc78165d10a9c44 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807369 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63874} TBR=ulan@chromium.org,neis@chromium.org,jgruber@chromium.org,ishell@chromium.org,verwaest@chromium.org Change-Id: I901280dd191e78d02969600f775c4f0da796921f No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9706 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813027Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#63886}
-
- 18 Sep, 2019 1 commit
-
-
Igor Sheludko authored
On-heap typed arrays contain HeapObject value in |base_pointer| field and an offset in |external_pointer| field. When pointer compression is enabled we want to combine decompression with the offset addition. In order to do that we add an isolate root to the external_pointer value and therefore the data pointer computation can is a simple addition of a (potentially sign-extended) |base_pointer| loaded as Tagged_t value and an |external_pointer| value. Bug: v8:9706 Change-Id: Id5c546c353c81fb25e3598921bc78165d10a9c44 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807369Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#63874}
-
- 26 Aug, 2019 1 commit
-
-
Tobias Tebbi authored
Changes in the reland: Rebased and added a check that JavaScript-linkage builtins use JSAny in parameters and return type, plus the necessary cleanups for this test to pass. Design Doc: https://docs.google.com/document/d/1z6j0pWHnNIfId0v00uWN2HBrGRDJxJfYuCr5K7Kr1xA This reverts commit 4418a7b9. Original change's description: > Revert "[torque] introduce JSAny type for user-accessible JavaScript values" > > This reverts commit 79b00555. > > Reason for revert: needs more discussion > > Original change's description: > > [torque] introduce JSAny type for user-accessible JavaScript values > > > > This CL introduces a JSAny type for user-exposed JavaScript values and > > a few new types to define it. Especially, it splits Symbol into > > PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed > > symbols). > > > > The change is mostly mechanical, but a few things are interesting: > > - PropertyKey and JSPrimitive were designed to coincide with the spec > > notions of IsPropertyKey() and primitive value, respectively. > > - Since Name is an open type, we define AnyName to be the known > > subtypes of Name. This is not too elegant, but by using AnyName > > instead of Name, typeswitch can properly conclude something if a > > subtype of Name is excluded. > > > > Small drive-by changes, which were necessary: > > - Allow subtyping on label parameters. > > - Fix the formatting of typeswitch, it was broken with union types > > in case types. > > > > Bug: v8:7793 > > Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322 > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#63114} > > TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org > > Change-Id: Ifde7881d74afe407628f40047997339d54cb2424 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: v8:7793 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741652 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63115} TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:7793 Change-Id: Icca34e3824f55009b984d9348fd21884400f0081 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1769316 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63395}
-
- 07 Aug, 2019 2 commits
-
-
Tobias Tebbi authored
This reverts commit 79b00555. Reason for revert: needs more discussion Original change's description: > [torque] introduce JSAny type for user-accessible JavaScript values > > This CL introduces a JSAny type for user-exposed JavaScript values and > a few new types to define it. Especially, it splits Symbol into > PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed > symbols). > > The change is mostly mechanical, but a few things are interesting: > - PropertyKey and JSPrimitive were designed to coincide with the spec > notions of IsPropertyKey() and primitive value, respectively. > - Since Name is an open type, we define AnyName to be the known > subtypes of Name. This is not too elegant, but by using AnyName > instead of Name, typeswitch can properly conclude something if a > subtype of Name is excluded. > > Small drive-by changes, which were necessary: > - Allow subtyping on label parameters. > - Fix the formatting of typeswitch, it was broken with union types > in case types. > > Bug: v8:7793 > Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63114} TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org Change-Id: Ifde7881d74afe407628f40047997339d54cb2424 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7793 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741652Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#63115}
-
Tobias Tebbi authored
This CL introduces a JSAny type for user-exposed JavaScript values and a few new types to define it. Especially, it splits Symbol into PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed symbols). The change is mostly mechanical, but a few things are interesting: - PropertyKey and JSPrimitive were designed to coincide with the spec notions of IsPropertyKey() and primitive value, respectively. - Since Name is an open type, we define AnyName to be the known subtypes of Name. This is not too elegant, but by using AnyName instead of Name, typeswitch can properly conclude something if a subtype of Name is excluded. Small drive-by changes, which were necessary: - Allow subtyping on label parameters. - Fix the formatting of typeswitch, it was broken with union types in case types. Bug: v8:7793 Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63114}
-
- 18 Jun, 2019 1 commit
-
-
Ben L. Titzer authored
Extract the maximum on-heap typed array size to a constant in the JSTypedArray class. Add tests for allocating typed arrays of various sizes and validate through the API whether they are allocated on heap. It is not possible to observe from JavaScript. R=mstarzinger@chromium.org Change-Id: I1298e0a49010de829edaad32b7d6c6c9c52704fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662572 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#62257}
-
- 12 Jun, 2019 1 commit
-
-
Seth Brenith authored
This change adjusts object initialization order for a few classes so that the GC can never see those objects in an invalid, partially- initialized state. AccessorInfo: Just zeros out a few fields upon construction. This is the simplest case. FunctionTemplateInfo: Slightly changes the order in which fields are set, so that the Smi field is set ahead of the call to SetCallHandler, which can GC. Also a pretty simple case. JSListFormat, JSPluralRules, JSRelativeTimeFormat, JSSegmenter: The spec requires that we start with OrdinaryCreateFromConstructor, which has observable side effects (it fetches the prototype from the new.target). So we split JSObject::New in half: the first half does all of the user- visible things and returns a Map, which we can pass to the second half when we're ready to actually allocate the object. JSTypedArray: Extends the pattern from JSListFormat into Torque code: start with a Map and don't allocate the object until we're ready to set all of its properties. Bug: v8:9311 Change-Id: Id7703e8a0727ec756c774cfbb56af787658a111a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1646844 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#62123}
-
- 06 Jun, 2019 1 commit
-
-
Simon Zünd authored
This CL adds lint errors when 'let' bindings, arguments and labels are not used. Note that errors for 'const' bindings will be added later. In cases where arguments are actually needed to match the signature, the warning can be silenced by prefixing identifiers with "_". This might be needed for generic specializations or builtins called from TurboFan. Trying to use a variable or label that was marked with "_" results in a compilation error. Implicit arguments are not linted. They are implemented using exact string matching. Prefixing an implicit argument with "_" in a callee would break all callers as the names would no longer match. Drive-by: Fix all new lint errors in the existing Torque code. Bug: v8:7793 Change-Id: I68b3c59c76b956e9f88709e9388a40a19546ce52 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645092 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#62027}
-
- 27 May, 2019 3 commits
-
-
Benedikt Meurer authored
This is a reland of 4b86fea5 with copy&paste typo in CodeStubAssembler::AllocateByteArray() fixed (bug led to holes in new space, which was crashing reproducibly on the ia32 bot). Original change's description: > [typedarray] Move external/data pointer to JSTypedArray. > > As the next step in supporting huge typed arrays in V8, this moves the > external/data pointer from the FixedTypedArrayBase backing store to the > JSTypedArray instance itself, and replaces the special backing stores > with a plain ByteArray (removing all the code for the FixedTypedArrayBase > class hierarchy). By doing so, we can drastically simplify the system > around typed arrays. > > Note: Several places in the code base used to check the instance type > of the elements backing store of a JSTypedArray instead of checking the > elements kind on the JSTypedArray map directly. Those had to be fixed, > since the backing store is now always a ByteArray. > > Drive-by-fix: Move all the typed elements access related code into the > elements.cc file to properly encapsulate the accesses. > > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 > Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 > Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61855} Tbr: petermarshall@chromium.org Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Change-Id: I87fcdb28532c5f08cc227332a4d59546cb423810 Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel Cq-Include-Trybots: luci.v8.try:v8_linux_shared_compile_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631592Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61864}
-
Clemens Hammacher authored
This reverts commit 4b86fea5. Reason for revert: Fails on linux shared: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/31045 Original change's description: > [typedarray] Move external/data pointer to JSTypedArray. > > As the next step in supporting huge typed arrays in V8, this moves the > external/data pointer from the FixedTypedArrayBase backing store to the > JSTypedArray instance itself, and replaces the special backing stores > with a plain ByteArray (removing all the code for the FixedTypedArrayBase > class hierarchy). By doing so, we can drastically simplify the system > around typed arrays. > > Note: Several places in the code base used to check the instance type > of the elements backing store of a JSTypedArray instead of checking the > elements kind on the JSTypedArray map directly. Those had to be fixed, > since the backing store is now always a ByteArray. > > Drive-by-fix: Move all the typed elements access related code into the > elements.cc file to properly encapsulate the accesses. > > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 > Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 > Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61855} TBR=ulan@chromium.org,yangguo@chromium.org,titzer@chromium.org,sigurds@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org,szuend@chromium.org Change-Id: I0bc1f935de6063acf75a0f4bb8c0ba67428603fd No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631427Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61856}
-
Benedikt Meurer authored
As the next step in supporting huge typed arrays in V8, this moves the external/data pointer from the FixedTypedArrayBase backing store to the JSTypedArray instance itself, and replaces the special backing stores with a plain ByteArray (removing all the code for the FixedTypedArrayBase class hierarchy). By doing so, we can drastically simplify the system around typed arrays. Note: Several places in the code base used to check the instance type of the elements backing store of a JSTypedArray instead of checking the elements kind on the JSTypedArray map directly. Those had to be fixed, since the backing store is now always a ByteArray. Drive-by-fix: Move all the typed elements access related code into the elements.cc file to properly encapsulate the accesses. Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61855}
-
- 20 May, 2019 1 commit
-
-
Tobias Tebbi authored
Macros are now inaccessible from CSA except if their declaration is marked with the "export" keyword. The implicit field accessors for class fields are always exported. In this CL, unwarranted access from CSA is prevented by appending a pseudo-random suffix to non-exported names. This is to be replaced by something more principled, namely by not including these macros at all in the headers included from CSA. Bug: v8:7793 Change-Id: I3ffb2e91a616623f81b4b4508e001ad0cf65d2c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615258 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Simon Zünd <szuend@chromium.org> Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#61672}
-
- 14 May, 2019 1 commit
-
-
Benedikt Meurer authored
This is a mostly mechanical change that updates the JSTypedArray::length field to have uintptr_t storage. It doesn't change the allowed ranges for this field yet, that will be done separately later on. Bug: v8:4153, v8:7881 Change-Id: Ia4b6f5455bd97b82a4b980d77bda0b09cfa845f5 Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607647 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#61485}
-
- 07 May, 2019 1 commit
-
-
Peter Marshall authored
This is a reland of ad44c258 Patchset 2 is the original CL Patchset 3 fixes some misuses of FixedArrayBase::length() and adds some DCHECKS to flush out any more misuses. Patchset 4 adds the PPC/S390 port by miladfar@ca.ibm.com. Original change's description: > [typedarray] Make JSTypedArray::length authoritative. > > This is the first step towards full huge typed array support in V8. > Before this change, the JSTypedArray::length and the elements backing > store length (FixedTypedArrayBase::length) were used more or less > interchangeably to determine the number of elements in a JSTypedArray. > > With this change we disentangle these two lengths, and instead make > JSTypedArray::length authoritative. For on-heap typed arrays, the > FixedTypedArrayBase::length will remain the number of elements in the > backing store, but for the off-heap typed arrays, this length will be > set to 0 (matching the fact that the FixedTypedArrayBase instance does > not contain any elements itself). > > This also unifies the JSTypedArray::set_/length() and length_value() > methods to only have JSTypedArray::set_/length() which returns/takes > size_t values. Currently this still requires the values to be in Smi > range, but later we will extend this to allow arbitrary size_t values > (in the safe integer range). > > Bug: v8:4153, v8:7881 > Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107 > Cq-Include-Trybots: luci.chromium.try:linux-blink-rel > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#60648} Bug: v8:4153, v8:7881, v8:9105 Change-Id: Ic38f833071a723642ebc6f82a4012dbc0878ef98 Cq-Include-Trybots: luci.chromium.try:linux-blink-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594435Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#61275}
-
- 02 May, 2019 1 commit
-
-
Peter Marshall authored
This reverts commit ad44c258. Reason for revert: Missed some users: crbug.com/v8/9105 Original change's description: > [typedarray] Make JSTypedArray::length authoritative. > > This is the first step towards full huge typed array support in V8. > Before this change, the JSTypedArray::length and the elements backing > store length (FixedTypedArrayBase::length) were used more or less > interchangeably to determine the number of elements in a JSTypedArray. > > With this change we disentangle these two lengths, and instead make > JSTypedArray::length authoritative. For on-heap typed arrays, the > FixedTypedArrayBase::length will remain the number of elements in the > backing store, but for the off-heap typed arrays, this length will be > set to 0 (matching the fact that the FixedTypedArrayBase instance does > not contain any elements itself). > > This also unifies the JSTypedArray::set_/length() and length_value() > methods to only have JSTypedArray::set_/length() which returns/takes > size_t values. Currently this still requires the values to be in Smi > range, but later we will extend this to allow arbitrary size_t values > (in the safe integer range). > > Bug: v8:4153, v8:7881 > Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107 > Cq-Include-Trybots: luci.chromium.try:linux-blink-rel > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#60648} TBR=jarin@chromium.org,titzer@chromium.org,hpayer@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. TBR=jarin@chromium.org, szuend@chromium.org Bug: v8:4153, v8:7881 Change-Id: I96992bff15b4a2765ae4a557d2c37e78269c927d Cq-Include-Trybots: luci.chromium.try:linux-blink-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593294 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#61172}
-
- 11 Apr, 2019 1 commit
-
-
peterwmwong authored
Change-Id: Ic31b33ef4c290aee31be2d66295978908f568775 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1563410Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Simon Zünd <szuend@chromium.org> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Cr-Commit-Position: refs/heads/master@{#60775}
-
- 05 Apr, 2019 1 commit
-
-
Benedikt Meurer authored
This is the first step towards full huge typed array support in V8. Before this change, the JSTypedArray::length and the elements backing store length (FixedTypedArrayBase::length) were used more or less interchangeably to determine the number of elements in a JSTypedArray. With this change we disentangle these two lengths, and instead make JSTypedArray::length authoritative. For on-heap typed arrays, the FixedTypedArrayBase::length will remain the number of elements in the backing store, but for the off-heap typed arrays, this length will be set to 0 (matching the fact that the FixedTypedArrayBase instance does not contain any elements itself). This also unifies the JSTypedArray::set_/length() and length_value() methods to only have JSTypedArray::set_/length() which returns/takes size_t values. Currently this still requires the values to be in Smi range, but later we will extend this to allow arbitrary size_t values (in the safe integer range). Bug: v8:4153, v8:7881 Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107 Cq-Include-Trybots: luci.chromium.try:linux-blink-rel Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Ben Titzer <titzer@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#60648}
-
- 04 Mar, 2019 1 commit
-
-
peterwmwong authored
Bug: v8:8906 Change-Id: I7a07482d2d5de13de11fa2611e3c6ae18439e820 Reviewed-on: https://chromium-review.googlesource.com/c/1493136 Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Reviewed-by:
Simon Zünd <szuend@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#60007}
-
- 27 Feb, 2019 4 commits
-
-
peterwmwong authored
This is a reland of 19291bfc Same as original, but with ThrowTypeError/ThrowRange updated to use an implicit context. Original change's description: > [typedarray] Port TA#subarray and TypedArraySpeciesCreate to Torque > > Reduces TypedArrayPrototypeSubArray builtin size by 392 bytes: > - TFJ Builtin, TypedArrayPrototypeSubArray, 2448 -> 2056 > > Small 3-4% perf increase on JSTests/TypedArrays/SubarrayNoSpecies benchmark > > Bug: v8:7161, v8:8906 > Change-Id: Ia2b906a93db7199ca4592c46c40638cca0a33eec > Reviewed-on: https://chromium-review.googlesource.com/c/1485241 > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> > Cr-Commit-Position: refs/heads/master@{#59894} Bug: v8:7161, v8:8906 Change-Id: Ic3784e2d4db262b1968ba467b7b46b98203f11d4 Reviewed-on: https://chromium-review.googlesource.com/c/1491533Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Cr-Commit-Position: refs/heads/master@{#59901}
-
Peter Wong authored
This reverts commit 19291bfc. Reason for revert: https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8920369361383698384/+/steps/build/0/steps/compile/0/stdout ThrowTypeError's method signature changed this morning Original change's description: > [typedarray] Port TA#subarray and TypedArraySpeciesCreate to Torque > > Reduces TypedArrayPrototypeSubArray builtin size by 392 bytes: > - TFJ Builtin, TypedArrayPrototypeSubArray, 2448 -> 2056 > > Small 3-4% perf increase on JSTests/TypedArrays/SubarrayNoSpecies benchmark > > Bug: v8:7161, v8:8906 > Change-Id: Ia2b906a93db7199ca4592c46c40638cca0a33eec > Reviewed-on: https://chromium-review.googlesource.com/c/1485241 > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> > Cr-Commit-Position: refs/heads/master@{#59894} TBR=peter.wm.wong@gmail.com,jgruber@chromium.org,petermarshall@chromium.org,szuend@chromium.org Change-Id: Ic0eaa07e57df3c365b52fb3c5de8eb7c3d9f71e9 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7161, v8:8906 Reviewed-on: https://chromium-review.googlesource.com/c/1491532Reviewed-by:
Peter Wong <peter.wm.wong@gmail.com> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Cr-Commit-Position: refs/heads/master@{#59896}
-
peterwmwong authored
Reduces TypedArrayPrototypeSubArray builtin size by 392 bytes: - TFJ Builtin, TypedArrayPrototypeSubArray, 2448 -> 2056 Small 3-4% perf increase on JSTests/TypedArrays/SubarrayNoSpecies benchmark Bug: v8:7161, v8:8906 Change-Id: Ia2b906a93db7199ca4592c46c40638cca0a33eec Reviewed-on: https://chromium-review.googlesource.com/c/1485241Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Simon Zünd <szuend@chromium.org> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Cr-Commit-Position: refs/heads/master@{#59894}
-
Mike Stanton authored
Change-Id: I5f0d915351c24b9a2916b8ab1d4bafb4d7eb21c7 Reviewed-on: https://chromium-review.googlesource.com/c/1491217Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#59889}
-
- 24 Feb, 2019 1 commit
-
-
peterwmwong authored
Change-Id: I96935cd8e16715ce729a9830c00357c740696b3b Reviewed-on: https://chromium-review.googlesource.com/c/1470445 Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#59808}
-