Skip to content

V
V8
Switch branch/tag
  1. 07 Feb, 2020 1 commit
    • Seth Brenith's avatar
      [torque] Support bitfield structs stored within Smis · e5e4ea96
      Seth Brenith authored 
      This change moves the definition of the bits stored in DebugInfo::flags
to Torque, and updates the only Torque usage of that field to use more
natural syntax. This is intended as an example of common patterns found
in various other classes. Several supporting changes are required:

1. Add a new type representing a bitfield struct stored within a Smi. It
   is currently called SmiTagged, but I'm open to suggestions.
2. Add an enum-style output for Torque bitfield structs whose bitfields
   occupy only one bit each.
3. Add a new case to MachineOperatorReducer that makes the generated
   code for IncBlockCounter match with what was generated before this
   change.
4. Add support for reporting these bitfields in the postmortem debugging
   API. The format matches existing bitfields but with an offset value
   that includes the SMI shift size.

Bug: v8:7793
Change-Id: Icaecbe4a162da55d2d9a3a35a8ea85b285b2f1b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2028832
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66182}
      e5e4ea96
  3. 23 Jan, 2020 1 commit
  5. 20 Jan, 2020 1 commit
  7. 16 Jan, 2020 3 commits
  9. 15 Jan, 2020 1 commit
  11. 14 Jan, 2020 1 commit
  13. 10 Jan, 2020 1 commit
    • Seth Brenith's avatar
      [torque] move more bitfield definitions to Torque · 87c16da5
      Seth Brenith authored 
      This change moves the definitions of the bitfield flags used by Symbol
and Map to Torque. Symbol could directly follow the pattern established
by SharedFunctionInfo, but Map required some other changes:
- Until now, Torque bitfield definitions have required unsigned types. I
  thought that this would be the least-surprising behavior, since we
  never sign-extend when decoding bitfield values. However, I believe
  that the amount of churn involved in making ElementsKind be unsigned
  outweighs the benefit we were getting from this restriction (and
  similar difficulties are likely to arise in converting other bitfield
  structs to Torque), so this CL updates Torque to allow signed bitfield
  values.
- If we try to make Map extend from all of the generated classes that
  define its flags, we end up with class sizing problems because some
  compilers only apply empty base class optimization to the first in a
  row of empty base classes. We could work around this issue by
  generating macros instead of classes, but I took this as an
  opportunity for a minor clean-up instead: rather than having bitfield
  definitions for several different bitfield structs all jumbled
  together in Map, they can be split up. I think this makes the code a
  little easier to follow, but if others disagree I'm happy to implement
  macro generation instead.

Change-Id: Ibf339b0be97f72d740bf1daa8300b471912faeba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1988934Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65701}
      87c16da5
  15. 07 Jan, 2020 1 commit
  17. 02 Jan, 2020 1 commit
  19. 27 Dec, 2019 1 commit
    • Daniel Clifford's avatar
      Port bitfield ScopeFlags to Torque · 7e8a197c
      Daniel Clifford authored 
      In the process:

* Rework the Torque definition of ScopeInfo to enable direct
  field-style access of ScopeFlags, removing some dead code in
  the process.
* Allow implicit FromConstexpr conversion from subtypes of
  'constexpr A' to other types. This makes it possible/easy to
  convert constexpr versions of enums to other types, since the
  constexpr version of the enum isn't addressable. It's namespace
  isn't a valid namespace and is an implementation detail anyway.
* Cleanup LanguageMode: Language mode is now an enum and directly
  mirrors the C++-side definition rather than being a Smi. With
  the changes above, a new type LanguageModeSmi is introduced
  that is the Smi representation of LanguageMode that can be
  implicitly casted from constexpr LanguageMode values.

Change-Id: I190412f95e02905f445d149883fbf1f2b8ed757b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977159
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65561}
      7e8a197c
  21. 23 Dec, 2019 1 commit
  23. 20 Dec, 2019 1 commit
    • Tobias Tebbi's avatar
      [torque] multiple arrays in one object · 59e8d45a
      Tobias Tebbi authored 
      This allows the definition of classes with several arrays and ports
SmallOrderedHashTable subclasses to Torque as an example, including
the existing CSA allocation functions for them.

Overview of changes:
- Introduce ResidueClass to encapsulate the modulo-arithmetic
  necessary to do alignment checks.
- Add MachineOperatorReducer to the CSA pipeline to address now
  missing CSA ad-hoc constant folding that got blocked by a
  temporary phi.
- Allow assignments to references to structs. This is needed to
  initialize the data_table part of SmallOrderedHashMap.
- Make the NumberLiteralExpression AST-node store a double instead
  of a string. This is necessary to detect arrays with constant size
  used for padding.
- Turn offsets into base::Optional<size_t> to ensure we don't use
  an invalid or statically unknown offset.
- Remove CreateFieldReferenceInstruction since it doesn't work for
  complex offset computations and the logic can be expressed better
  in ImplementationVisitor.
- Validate alignment of structs embedded in classes.

Bug: v8:10004 v8:7793
Change-Id: Ifa414b42278e572a0c577bf9da3d37f80771a258
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958011
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65538}
      59e8d45a
  25. 19 Dec, 2019 1 commit
  27. 18 Dec, 2019 2 commits
    • Joshua Litt's avatar
      [torque] Update torque js linkage to allow any supertype of JSAny. · 652108e8
      Joshua Litt authored 
      Change-Id: I9fa2276b9e27fe51d15be3c1afb34633b53d1230
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1973969Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65506}
      652108e8
    • Nico Hartmann's avatar
      [torque] Enum language feature · fdc9fade
      Nico Hartmann authored 
      This CL implements enums in Torque in three steps:

1.) It implements necessary changes to Torque's type system. In
particular, the constraints on constexpr types are relaxed such that
constexpr types can exist without a corresponding non-constexpr
version. Furthermore, constexpr and their non-constexpr counterpart
need not be of the same kind of type. This allows an AbstractType to
have a UnionType as its non-constexpr counterpart.

2.) The enum feature itself is realized as a pure desugaring in the
parser, where all required types, constants and macro specializations
(like FromConstexpr<>) are generated from a simple enum declaration,
such that enum entries are not just constants, but are namespace
scoped and have distinct types so that they can be used within
typeswitch constructs.

3.) Almost all of the existing constants defined in torque
(.tq files) are ported to new enum definitions.

Bug: v8:10053
Change-Id: I72426d3b1434f301fd690847e15603de0dc1021b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1964392
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65503}
      fdc9fade
  29. 17 Dec, 2019 1 commit
    • Seth Brenith's avatar
      [torque] Load and store bitfields · d5f180b7
      Seth Brenith authored 
      This change implements support for reading and writing bitfields from
Torque code, and adds a couple of unit tests for this functionality. As
Tobias suggested, the LocationReference for a bitfield access contains
a nested LocationReference to where the bitfield struct is stored, so
that store operations can read the original value, update part of it,
and write it back.

Bug: v8:7793
Change-Id: I1004a5c7fcb6cf58df5ad50109b114bf89c80efc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1957841
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65487}
      d5f180b7
  31. 16 Dec, 2019 1 commit
  33. 13 Dec, 2019 1 commit
  35. 12 Dec, 2019 1 commit
    • Tobias Tebbi's avatar
      [torque] allow expressions for array lengths · 6b663123
      Tobias Tebbi authored 
      This allows arbitrary expressions to specify the length of an array.
These expressions get access to globally declared things and the
preceding fields of the current object.
Unfortunately, this breaks generated C++ runtime code, so as a
workaround, I special-case expressions that are just an identifier
and handle them as before. We might want to support more cases there
in the future, probably also with special-casing since having a full
C++ back-end for Torque is infeasible.

Bug: v8:10004 v8:7793

Change-Id: I0d5d1200c0e727766beed7bfb2d43a8abb9cacf0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1942610
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65427}
      6b663123
  37. 10 Dec, 2019 1 commit
    • Tobias Tebbi's avatar
      [torque] allow allocation of strings · 8ed9be48
      Tobias Tebbi authored 
      This CL generalizes and improves how we handle allocations in Torque.

Overview of the changes:
- Remove obsolete special handling for JSObject classes, since it was
  incomplete: It breaks as soon as slack tracking is active.
- Handle array initialization using slices.
- Properly align allocation sizes. This enabled allocating strings.
- Port AllocateSeq{One,Two}ByteString to Torque, which is much easier
  now than the old CSA code since allocation size alignment and
  large-object space allocation just happen out-of-the-box.
- Remove obsolete or unnecessary intrinsics, some of them turn into
  macros in the torque_internal namespace.
- Distinguish between header size and overall size for ClassType,
  make size optional and only defined when it is statically known.


Bug: v8:10004 v8:7793
Change-Id: I623db233e7fb4deed54e8039ae0c24705e9a44e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932356Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65397}
      8ed9be48
  39. 06 Dec, 2019 1 commit
    • Seth Brenith's avatar
      [torque] Add bitfield declarations · 57074692
      Seth Brenith authored 
      This change is the first part of adding Torque support for a "bitfield
struct", which represents a set of bitfields packed together into an
integer value. With this change, Torque can generate the list of
BitField template specializations that allow runtime code to use the
bitfield values. The flags used in SharedFunctionInfo are converted to
Torque to exercise this functionality. Bitfield values are not yet
accessible directly from Torque code.

Bug: v8:7793
Change-Id: I9e4a3df7c847111b6e02e513f175dbf938b0be35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1949047
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65371}
      57074692
  41. 27 Nov, 2019 2 commits
  43. 26 Nov, 2019 1 commit
  45. 22 Nov, 2019 1 commit
    • Tobias Tebbi's avatar
      [torque] use LocationReference for local bindings · 1a639cf0
      Tobias Tebbi authored 
      This is a first step towards allowing expressions for array sizes.

So far, local variable bindings used a VisitResult and a const flag.
This doesn't allow for local bindings to alias other things, like
heap references. While this is not generally a feature we need,
it will be helpful to create bindings when evaluating array sizes,
since we want to grant access to the preceding already initialized
object fields, but not to the whole object, which is not completely
initialized yet.

LocationReference already captures the notion of any readable and
assignable location, so it is a good fit to be used for local bindings.
The const attribute is no longer needed, since LocationReference already
has a notion of constness for stack ranges (that is,
LocationReference::Temporary vs LocationReference::VariableAccess).

Bug: v8:10004 v8:7793
Change-Id: Ibe0a43e898e5c2c10d6739e2496d92dda542e6cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928852Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65117}
      1a639cf0
  47. 21 Nov, 2019 2 commits
    • Tobias Tebbi's avatar
      [torque] shape: define in-object properties properly · cfab6505
      Tobias Tebbi authored 
      This introduces a new keyword "shape" in addition to "class",
which allows the definition of a type that extends a JSObject
subclass and specifies one or several maps with statically
known in-object properties.
Differences compared to normal classes:
- Shapes are transient since they specify maps instead of
  instance types.
- Shapes have a known size.
- Fields of shapes are always in-object properties. In particular,
  this means that their offset is after kHeaderSize.
- It's forbidden to inherited from shapes.
- Since shapes usually specify NativeContext-dependent maps, it's
  not possible to write runtime type-checks for them. Thus this CL
  avoids mapping them to their own TNode type, as the CAST macro
  won't work properly. We had runtime-checks for some of them
  nevertheless, some of them scarily confusing like
  IsJSSloppyArgumentsObject, that actually just checked the instance
  type.

Drive-by cleanups and simplifications:
- Allow subclassing from non-abstract classes and remove
  @dirtyInstantiatedAbstractClass. This attribute stems from a mis-
  conception of how instance types work, and with this change it
  ceases to have semantic influence.
- Replace the existing JSArgumentsObject subclasses into two shapes.
  JSArgumentsObjectWithLength had to be removed since shapes don't
  support subclassing.
- Place kHeaderSize correctly for objects with indexed fields.

Design doc:
https://docs.google.com/document/d/1zPy2ZYfNFjeEuw6Mz3YJA-GaPGbdcSYam3SrS7ETzRU

Bug: v8:8944

Change-Id: Iabf185ccd27d0900e0890539a7fe9eaa8bf2d50e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917140
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65108}
      cfab6505
    • Tobias Tebbi's avatar
      [torque] add %SizeOf intrinsic · dddc6a90
      Tobias Tebbi authored 
      This replaces the fragile hand-coded SizeOf function.

Bug: v8:7793
Change-Id: I6bd84f367182b947486192f8968c56723f29efaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924265Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65089}
      dddc6a90
  49. 20 Nov, 2019 2 commits
  51. 19 Nov, 2019 2 commits
  53. 18 Nov, 2019 2 commits
    • Seth Brenith's avatar
      [torque] Verify nested struct fields in classes · 88a2d011
      Seth Brenith authored 
      As one of several steps involved in supporting struct-valued fields
within classes, this CL generates type verification code for the data
contained in those structs.

In order to generate verification code, Torque needs to know about
struct field offsets and the total size of structs. Those calculations
are added to StructType itself and the function TypeVisitor::ComputeType
which initializes the StructType. I repurposed the Field::offset value
to behave in structs more like it does in classes (it had previously
indicated the index of a field within a struct, but nobody used that
value). Overall this works okay, and I think it's less confusing to have
Field::offset mean the same thing everywhere. However, some struct
fields have types with unknown size (Field::GetFieldSizeInformation
fails), so those fields are now marked with offset Field::kInvalidOffset
to indicate that the structs containing them should not be used within
class fields or anywhere else that requires packed layout.

Bug: v8:7793
Change-Id: If2677c8c81efc85e63b4bfb831d818a748427e18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1897247
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65016}
      88a2d011
    • Tobias Tebbi's avatar
      [objects] rename kSize to kHeaderSize for JSObject subclasses · 2ad37be2
      Tobias Tebbi authored 
      For many subclasses of JSObject, we used kSize instead of kHeaderSize
even though they can contain in-object properties. In fact, kSize
was very much used as the header size, as can be seen in many examples
in this CL.

This change is a preparation for a for a cleanup of how Torque
generates field offsets.

TBR=hpayer@chromium.org

Change-Id: I350e996057cd66c427381334080f8ac93de88597
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917141
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65013}
      2ad37be2
  55. 15 Nov, 2019 1 commit
    • Seth Brenith's avatar
      [torque] Generate more detailed errors when instantiating generics · 332290e4
      Seth Brenith authored 
      Currently it's pretty easy to write Torque code that generates an error
in some common generic function such as Convert<To: type, From: type>,
and unless your change is very small, it can be hard to figure out what
part of it caused that macro specialization. This CL updates the Torque
compiler to emit some extra information about the stack of code
positions that caused a specialization of a macro or builtin, similar to
what Clang does for C++ templates. Obviously there might be multiple
places that require a particular specialization, but we only report the
first one that caused the specialization to be created.

Bug: v8:7793
Change-Id: I4c0fbf1fd437d0eb0d7d5002baef7a5361aea5ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1911019
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64987}
      332290e4
  57. 14 Nov, 2019 1 commit
    • Seth Brenith's avatar
      [torque] Strict verification of weak fields · 72d440d9
      Seth Brenith authored 
      Now that we can represent specific weak types with Weak<T>, this CL
updates the generated verifier functions so that they permit weak
references only to the specified type. As an example, consider the
verifier emitted for the following field in PrototypeInfo:

  object_create_map: Weak<Map>|Undefined;

We used to emit the following, which allowed any weak reference:

  CHECK(object_create_map__value.IsWeakOrCleared()
      || object_create_map__value.GetHeapObjectOrSmi().IsOddball());

With this change, we emit a stricter check:

  CHECK(object_create_map__value.IsCleared()
      || (!object_create_map__value.IsWeak()
          && object_create_map__value.GetHeapObjectOrSmi().IsOddball())
      || (object_create_map__value.IsWeak()
          && object_create_map__value.GetHeapObjectOrSmi().IsMap()));

Bug: v8:7793
Change-Id: I4be236d97dedbcdd6c98207928aee8bda2a77f00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914613
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64965}
      72d440d9
  59. 11 Nov, 2019 1 commit
  61. 31 Oct, 2019 2 commits