diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-08-24 12:15:48 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-08-28 13:30:04 +0000 |
| commit | b014812705fc80bff0a5c120dfcef88f349816dc (patch) | |
| tree | 25a2e2d9fa285f1add86aa333389a839f81a39ae /chromium/v8/src/runtime | |
| parent | 9f4560b1027ae06fdb497023cdcaf91b8511fa74 (diff) | |
| download | qtwebengine-chromium-b014812705fc80bff0a5c120dfcef88f349816dc.tar.gz | |
BASELINE: Update Chromium to 68.0.3440.125
Change-Id: I23f19369e01f688e496f5bf179abb521ad73874f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/v8/src/runtime')
| -rw-r--r-- | chromium/v8/src/runtime/runtime-array.cc | 308 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-bigint.cc | 11 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-classes.cc | 1 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-collections.cc | 1 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-debug.cc | 22 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-generator.cc | 24 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-internal.cc | 14 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-interpreter.cc | 3 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-intl.cc | 146 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-literals.cc | 5 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-numbers.cc | 20 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-object.cc | 24 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-promise.cc | 30 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-scopes.cc | 100 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-test.cc | 122 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-wasm.cc | 52 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime.cc | 40 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime.h | 28 |
18 files changed, 469 insertions, 482 deletions
diff --git a/chromium/v8/src/runtime/runtime-array.cc b/chromium/v8/src/runtime/runtime-array.cc index f85eea8aee4..10ae84d05d9 100644 --- a/chromium/v8/src/runtime/runtime-array.cc +++ b/chromium/v8/src/runtime/runtime-array.cc @@ -7,11 +7,13 @@ #include "src/arguments.h" #include "src/code-stubs.h" #include "src/conversions-inl.h" +#include "src/debug/debug.h" #include "src/elements.h" #include "src/heap/factory.h" #include "src/isolate-inl.h" #include "src/keys.h" #include "src/messages.h" +#include "src/objects/hash-table-inl.h" #include "src/prototype.h" namespace v8 { @@ -28,86 +30,125 @@ RUNTIME_FUNCTION(Runtime_TransitionElementsKind) { } namespace { -// As PrepareElementsForSort, but only on objects where elements is -// a dictionary, and it will stay a dictionary. Collates undefined and -// unexisting elements below limit from position zero of the elements. -Object* PrepareSlowElementsForSort(Handle<JSObject> object, uint32_t limit) { - DCHECK(object->HasDictionaryElements()); - Isolate* isolate = object->GetIsolate(); - // Must stay in dictionary mode, either because of requires_slow_elements, - // or because we are not going to sort (and therefore compact) all of the - // elements. - Handle<NumberDictionary> dict(object->element_dictionary(), isolate); - Handle<NumberDictionary> new_dict = - NumberDictionary::New(isolate, dict->NumberOfElements()); - - uint32_t pos = 0; - uint32_t undefs = 0; - uint32_t max_key = 0; - int capacity = dict->Capacity(); - Smi* bailout = Smi::FromInt(-1); - // Entry to the new dictionary does not cause it to grow, as we have - // allocated one that is large enough for all entries. - for (int i = 0; i < capacity; i++) { - Object* k; - if (!dict->ToKey(isolate, i, &k)) continue; - - DCHECK_LE(0, k->Number()); - DCHECK_LE(k->Number(), kMaxUInt32); - - HandleScope scope(isolate); - Handle<Object> value(dict->ValueAt(i), isolate); - PropertyDetails details = dict->DetailsAt(i); - if (details.kind() == kAccessor || details.IsReadOnly()) { - // Bail out and do the sorting of undefineds and array holes in JS. - // Also bail out if the element is not supposed to be moved. - return bailout; +// Find the next free position. undefined and holes are both considered +// free spots. Returns "Nothing" if an exception occurred. +V8_WARN_UNUSED_RESULT +Maybe<uint32_t> FindNextFreePosition(Isolate* isolate, + Handle<JSReceiver> receiver, + uint32_t current_pos) { + for (uint32_t position = current_pos;; ++position) { + Maybe<bool> has_element = JSReceiver::HasElement(receiver, position); + MAYBE_RETURN(has_element, Nothing<uint32_t>()); + if (!has_element.FromJust()) return Just(position); + + Handle<Object> element; + ASSIGN_RETURN_ON_EXCEPTION_VALUE( + isolate, element, JSReceiver::GetElement(isolate, receiver, position), + Nothing<uint32_t>()); + if (element->IsUndefined(isolate)) return Just(position); + } +} + +// As RemoveArrayHoles, but also handles Dictionary elements that stay +// Dictionary (requires_slow_elements() is true), proxies and objects that +// might have accessors. +V8_WARN_UNUSED_RESULT +Object* RemoveArrayHolesGeneric(Isolate* isolate, Handle<JSReceiver> receiver, + uint32_t limit) { + HandleScope scope(isolate); + + // For proxies, we do not collect the keys, instead we use all indices in + // the full range of [0, limit). + Handle<FixedArray> keys; + if (receiver->IsJSProxy()) { + CHECK(Smi::IsValid(limit)); + keys = isolate->factory()->NewFixedArray(limit); + for (uint32_t i = 0; i < limit; ++i) { + keys->set(i, Smi::FromInt(i)); + } + } else { + keys = JSReceiver::GetOwnElementIndices(isolate, receiver, + Handle<JSObject>::cast(receiver)); + } + + uint32_t num_undefined = 0; + uint32_t current_pos = 0; + int num_indices = keys->length(); + + // Compact keys with undefined values and moves non-undefined + // values to the front. + // The loop does two things simultaneously: + // (1) Count the number of 'undefined', i.e. + // i.e.: HasProperty(receiver, key) && Get(receiver, key) == undefined + // (2) Move all non-undefined values to the front. The variable current_pos + // is used to track free spots in the array starting at the beginning. + // Holes and 'undefined' are considered free spots. + // A hole is when HasElement(receiver, key) is false. + for (int i = 0; i < num_indices; ++i) { + uint32_t key = NumberToUint32(keys->get(i)); + + // We only care about array indices that are smaller than the limit. + // The keys are sorted, so we can break as soon as we encounter the first. + if (key >= limit) break; + + Maybe<bool> has_element = JSReceiver::HasElement(receiver, key); + MAYBE_RETURN(has_element, isolate->heap()->exception()); + if (!has_element.FromJust()) { + continue; } - uint32_t key = NumberToUint32(k); - if (key < limit) { - if (value->IsUndefined(isolate)) { - undefs++; - } else { - Handle<Object> result = - NumberDictionary::Add(new_dict, pos, value, details); - // Add should not grow the dictionary since we allocated the right size. - DCHECK(result.is_identical_to(new_dict)); - USE(result); - pos++; - } + Handle<Object> element; + ASSIGN_RETURN_FAILURE_ON_EXCEPTION( + isolate, element, JSReceiver::GetElement(isolate, receiver, key)); + + if (element->IsUndefined(isolate)) { + ++num_undefined; } else { - Handle<Object> result = - NumberDictionary::Add(new_dict, key, value, details); - // Add should not grow the dictionary since we allocated the right size. - DCHECK(result.is_identical_to(new_dict)); - USE(result); - max_key = Max(max_key, key); + // Find next free position to move elements to. + Maybe<uint32_t> free_position = + FindNextFreePosition(isolate, receiver, current_pos); + MAYBE_RETURN(free_position, isolate->heap()->exception()); + current_pos = free_position.FromJust(); + + // Do not move elements that are already in the "packed" area. + if (key <= current_pos) continue; + + // array[current_pos] = array[key]. + // Deleting array[key] is done later. This is to preserve the same + // semantics as the old JS implementation when working with non-extensible + // objects: + // If the array contains undefineds, the position at 'key' might later + // bet set to 'undefined'. If we delete the element now and later set it + // to undefined, the set operation would throw an exception. + RETURN_FAILURE_ON_EXCEPTION( + isolate, JSReceiver::SetElement(isolate, receiver, current_pos, + element, LanguageMode::kStrict)); + ++current_pos; } } - uint32_t result = pos; - PropertyDetails no_details = PropertyDetails::Empty(); - while (undefs > 0) { - if (pos > static_cast<uint32_t>(Smi::kMaxValue)) { - // Adding an entry with the key beyond smi-range requires - // allocation. Bailout. - return bailout; - } - HandleScope scope(isolate); - Handle<Object> result = NumberDictionary::Add( - new_dict, pos, isolate->factory()->undefined_value(), no_details); - // Add should not grow the dictionary since we allocated the right size. - DCHECK(result.is_identical_to(new_dict)); - USE(result); - pos++; - undefs--; - } - max_key = Max(max_key, pos - 1); - - object->set_elements(*new_dict); - new_dict->UpdateMaxNumberKey(max_key, object); - JSObject::ValidateElements(*object); + // Set [current_pos, current_pos + num_undefined) to undefined. + uint32_t result = current_pos; + for (uint32_t i = 0; i < num_undefined; ++i) { + RETURN_FAILURE_ON_EXCEPTION( + isolate, JSReceiver::SetElement(isolate, receiver, current_pos++, + isolate->factory()->undefined_value(), + LanguageMode::kStrict)); + } + // TODO(szuend): Re-enable when we also copy from the prototype chain for + // JSArrays. Then we can use HasOwnProperty instead of + // HasElement and this condition will hold. + // DCHECK_LE(current_pos, num_indices); + + // Deleting everything after the undefineds up unto the limit. + for (int i = num_indices - 1; i >= 0; --i) { + uint32_t key = NumberToUint32(keys->get(i)); + if (key < current_pos) break; + if (key >= limit) continue; + + Maybe<bool> delete_result = JSReceiver::DeleteElement(receiver, key); + MAYBE_RETURN(delete_result, isolate->heap()->exception()); + } return *isolate->factory()->NewNumberFromUint(result); } @@ -116,16 +157,23 @@ Object* PrepareSlowElementsForSort(Handle<JSObject> object, uint32_t limit) { // start of the elements array. If the object is in dictionary mode, it is // converted to fast elements mode. Undefined values are placed after // non-undefined values. Returns the number of non-undefined values. -Object* PrepareElementsForSort(Handle<JSObject> object, uint32_t limit) { - Isolate* isolate = object->GetIsolate(); - if (object->HasSloppyArgumentsElements() || !object->map()->is_extensible()) { - return Smi::FromInt(-1); +V8_WARN_UNUSED_RESULT +Object* RemoveArrayHoles(Isolate* isolate, Handle<JSReceiver> receiver, + uint32_t limit) { + if (receiver->IsJSProxy()) { + return RemoveArrayHolesGeneric(isolate, receiver, limit); } + + Handle<JSObject> object = Handle<JSObject>::cast(receiver); if (object->HasStringWrapperElements()) { int len = String::cast(Handle<JSValue>::cast(object)->value())->length(); return Smi::FromInt(len); } + if (object->HasSloppyArgumentsElements() || !object->map()->is_extensible()) { + return RemoveArrayHolesGeneric(isolate, receiver, limit); + } + JSObject::ValidateElements(*object); if (object->HasDictionaryElements()) { // Convert to fast elements containing only the existing properties. @@ -133,7 +181,7 @@ Object* PrepareElementsForSort(Handle<JSObject> object, uint32_t limit) { Handle<NumberDictionary> dict(object->element_dictionary()); if (object->IsJSArray() || dict->requires_slow_elements() || dict->max_number_key() >= limit) { - return PrepareSlowElementsForSort(object, limit); + return RemoveArrayHolesGeneric(isolate, receiver, limit); } // Convert to fast elements. Handle<Map> new_map = @@ -245,23 +293,103 @@ Object* PrepareElementsForSort(Handle<JSObject> object, uint32_t limit) { return *isolate->factory()->NewNumberFromUint(result); } +// Copy element at index from source to target only if target does not have the +// element on its own. Returns true if a copy occurred, false if not +// and Nothing if an exception occurred. +V8_WARN_UNUSED_RESULT +Maybe<bool> ConditionalCopy(Isolate* isolate, Handle<JSReceiver> source, + Handle<JSReceiver> target, uint32_t index) { + Maybe<bool> source_has_prop = JSReceiver::HasOwnProperty(source, index); + MAYBE_RETURN(source_has_prop, Nothing<bool>()); + if (!source_has_prop.FromJust()) return Just(false); + + Maybe<bool> target_has_prop = JSReceiver::HasOwnProperty(target, index); + MAYBE_RETURN(target_has_prop, Nothing<bool>()); + if (target_has_prop.FromJust()) return Just(false); + + Handle<Object> source_element; + ASSIGN_RETURN_ON_EXCEPTION_VALUE( + isolate, source_element, JSReceiver::GetElement(isolate, source, index), + Nothing<bool>()); + + Handle<Object> set_result; + ASSIGN_RETURN_ON_EXCEPTION_VALUE( + isolate, set_result, + JSReceiver::SetElement(isolate, target, index, source_element, + LanguageMode::kStrict), + Nothing<bool>()); + + return Just(true); +} + +// Copy elements in the range 0..length from objects prototype chain +// to object itself, if object has holes. Returns null on error and undefined on +// success. +V8_WARN_UNUSED_RESULT +MaybeHandle<Object> CopyFromPrototype(Isolate* isolate, + Handle<JSReceiver> object, + uint32_t length) { + for (PrototypeIterator iter(isolate, object, kStartAtPrototype); + !iter.IsAtEnd(); iter.Advance()) { + Handle<JSReceiver> current(PrototypeIterator::GetCurrent<JSReceiver>(iter)); + + if (current->IsJSProxy()) { + for (uint32_t i = 0; i < length; ++i) { + MAYBE_RETURN_NULL(ConditionalCopy(isolate, current, object, i)); + } + } else { + Handle<FixedArray> keys = JSReceiver::GetOwnElementIndices( + isolate, object, Handle<JSObject>::cast(current)); + + uint32_t num_indices = keys->length(); + for (uint32_t i = 0; i < num_indices; ++i) { + uint32_t idx = NumberToUint32(keys->get(i)); + + // Prototype might have indices that go past length, but we are only + // interested in the range [0, length). + if (idx >= length) break; + + MAYBE_RETURN_NULL(ConditionalCopy(isolate, current, object, idx)); + } + } + } + return isolate->factory()->undefined_value(); +} + } // namespace -// Moves all own elements of an object, that are below a limit, to positions -// starting at zero. All undefined values are placed after non-undefined values, -// and are followed by non-existing element. Does not change the length -// property. -// Returns the number of non-undefined elements collected. -// Returns -1 if hole removal is not supported by this method. -RUNTIME_FUNCTION(Runtime_RemoveArrayHoles) { +RUNTIME_FUNCTION(Runtime_PrepareElementsForSort) { HandleScope scope(isolate); DCHECK_EQ(2, args.length()); CONVERT_ARG_HANDLE_CHECKED(JSReceiver, object, 0); - CONVERT_NUMBER_CHECKED(uint32_t, limit, Uint32, args[1]); - if (object->IsJSProxy()) return Smi::FromInt(-1); - return PrepareElementsForSort(Handle<JSObject>::cast(object), limit); -} + CONVERT_NUMBER_CHECKED(uint32_t, length, Uint32, args[1]); + + if (isolate->debug_execution_mode() == DebugInfo::kSideEffects) { + if (!isolate->debug()->PerformSideEffectCheckForObject(object)) { + return isolate->heap()->exception(); + } + } + // Counter for sorting arrays that have non-packed elements and where either + // the ElementsProtector is invalid or the prototype does not match + // Array.prototype. + if (object->IsJSArray() && + !Handle<JSArray>::cast(object)->HasFastPackedElements()) { + JSObject* initial_array_proto = JSObject::cast( + isolate->native_context()->get(Context::INITIAL_ARRAY_PROTOTYPE_INDEX)); + if (!isolate->IsNoElementsProtectorIntact() || + object->map()->prototype() != initial_array_proto) { + isolate->CountUsage( + v8::Isolate::kArrayPrototypeSortJSArrayModifiedPrototype); + } + } + + if (!object->IsJSArray()) { + RETURN_FAILURE_ON_EXCEPTION(isolate, + CopyFromPrototype(isolate, object, length)); + } + return RemoveArrayHoles(isolate, object, length); +} // Move contents of argument 0 (an array) to argument 1 (an array) RUNTIME_FUNCTION(Runtime_MoveArrayContents) { diff --git a/chromium/v8/src/runtime/runtime-bigint.cc b/chromium/v8/src/runtime/runtime-bigint.cc index ce0d8990a18..1f054a232ed 100644 --- a/chromium/v8/src/runtime/runtime-bigint.cc +++ b/chromium/v8/src/runtime/runtime-bigint.cc @@ -34,6 +34,17 @@ RUNTIME_FUNCTION(Runtime_BigIntCompareToNumber) { return *isolate->factory()->ToBoolean(result); } +RUNTIME_FUNCTION(Runtime_BigIntCompareToString) { + HandleScope scope(isolate); + DCHECK_EQ(3, args.length()); + CONVERT_ARG_HANDLE_CHECKED(Smi, mode, 0); + CONVERT_ARG_HANDLE_CHECKED(BigInt, lhs, 1); + CONVERT_ARG_HANDLE_CHECKED(String, rhs, 2); + bool result = ComparisonResultToBool(static_cast<Operation>(mode->value()), + BigInt::CompareToString(lhs, rhs)); + return *isolate->factory()->ToBoolean(result); +} + RUNTIME_FUNCTION(Runtime_BigIntEqualToBigInt) { SealHandleScope shs(isolate); DCHECK_EQ(2, args.length()); diff --git a/chromium/v8/src/runtime/runtime-classes.cc b/chromium/v8/src/runtime/runtime-classes.cc index 7b1379cf32a..2978cad72ac 100644 --- a/chromium/v8/src/runtime/runtime-classes.cc +++ b/chromium/v8/src/runtime/runtime-classes.cc @@ -13,6 +13,7 @@ #include "src/elements.h" #include "src/isolate-inl.h" #include "src/messages.h" +#include "src/objects/hash-table-inl.h" #include "src/objects/literal-objects-inl.h" #include "src/runtime/runtime.h" diff --git a/chromium/v8/src/runtime/runtime-collections.cc b/chromium/v8/src/runtime/runtime-collections.cc index 7b2cae3337c..92ee8807195 100644 --- a/chromium/v8/src/runtime/runtime-collections.cc +++ b/chromium/v8/src/runtime/runtime-collections.cc @@ -7,6 +7,7 @@ #include "src/arguments.h" #include "src/conversions-inl.h" #include "src/heap/factory.h" +#include "src/objects/hash-table-inl.h" namespace v8 { namespace internal { diff --git a/chromium/v8/src/runtime/runtime-debug.cc b/chromium/v8/src/runtime/runtime-debug.cc index a47ea2caaf1..fabb1a80dae 100644 --- a/chromium/v8/src/runtime/runtime-debug.cc +++ b/chromium/v8/src/runtime/runtime-debug.cc @@ -80,8 +80,16 @@ RUNTIME_FUNCTION_RETURN_PAIR(Runtime_DebugBreakOnBytecode) { isolate->interpreter()->GetAndMaybeDeserializeBytecodeHandler(bytecode, operand_scale); - return MakePair(side_effect_check_failed ? isolate->heap()->exception() - : isolate->debug()->return_value(), + if (side_effect_check_failed) { + return MakePair(isolate->heap()->exception(), + Smi::FromInt(static_cast<uint8_t>(bytecode))); + } + Object* interrupt_object = isolate->stack_guard()->HandleInterrupts(); + if (interrupt_object->IsException(isolate)) { + return MakePair(interrupt_object, + Smi::FromInt(static_cast<uint8_t>(bytecode))); + } + return MakePair(isolate->debug()->return_value(), Smi::FromInt(static_cast<uint8_t>(bytecode))); } @@ -116,7 +124,7 @@ RUNTIME_FUNCTION(Runtime_HandleDebuggerStatement) { if (isolate->debug()->break_points_active()) { isolate->debug()->HandleDebugBreak(kIgnoreIfTopFrameBlackboxed); } - return isolate->heap()->undefined_value(); + return isolate->stack_guard()->HandleInterrupts(); } @@ -1479,7 +1487,7 @@ int ScriptLinePosition(Handle<Script> script, int line) { if (line < 0) return -1; if (script->type() == Script::TYPE_WASM) { - return WasmCompiledModule::cast(script->wasm_compiled_module()) + return WasmModuleObject::cast(script->wasm_module_object()) ->shared() ->GetFunctionOffset(line); } @@ -1664,16 +1672,18 @@ RUNTIME_FUNCTION(Runtime_ScriptPositionInfo2) { // or perform a side effect check. RUNTIME_FUNCTION(Runtime_DebugOnFunctionCall) { HandleScope scope(isolate); - DCHECK_EQ(1, args.length()); + DCHECK_EQ(2, args.length()); CONVERT_ARG_HANDLE_CHECKED(JSFunction, fun, 0); + CONVERT_ARG_HANDLE_CHECKED(Object, receiver, 1); if (isolate->debug()->needs_check_on_function_call()) { // Ensure that the callee will perform debug check on function call too. Deoptimizer::DeoptimizeFunction(*fun); if (isolate->debug()->last_step_action() >= StepIn) { + DCHECK_EQ(isolate->debug_execution_mode(), DebugInfo::kBreakpoints); isolate->debug()->PrepareStepIn(fun); } if (isolate->debug_execution_mode() == DebugInfo::kSideEffects && - !isolate->debug()->PerformSideEffectCheck(fun)) { + !isolate->debug()->PerformSideEffectCheck(fun, receiver)) { return isolate->heap()->exception(); } } diff --git a/chromium/v8/src/runtime/runtime-generator.cc b/chromium/v8/src/runtime/runtime-generator.cc index e69d3340426..3c7c808c30b 100644 --- a/chromium/v8/src/runtime/runtime-generator.cc +++ b/chromium/v8/src/runtime/runtime-generator.cc @@ -70,30 +70,6 @@ RUNTIME_FUNCTION(Runtime_GeneratorGetInputOrDebugPos) { UNREACHABLE(); } -RUNTIME_FUNCTION(Runtime_AsyncFunctionAwaitCaught) { - // Runtime call is implemented in InterpreterIntrinsics and lowered in - // JSIntrinsicLowering - UNREACHABLE(); -} - -RUNTIME_FUNCTION(Runtime_AsyncFunctionAwaitUncaught) { - // Runtime call is implemented in InterpreterIntrinsics and lowered in - // JSIntrinsicLowering - UNREACHABLE(); -} - -RUNTIME_FUNCTION(Runtime_AsyncGeneratorAwaitCaught) { - // Runtime call is implemented in InterpreterIntrinsics and lowered in - // JSIntrinsicLowering - UNREACHABLE(); -} - -RUNTIME_FUNCTION(Runtime_AsyncGeneratorAwaitUncaught) { - // Runtime call is implemented in InterpreterIntrinsics and lowered in - // JSIntrinsicLowering - UNREACHABLE(); -} - RUNTIME_FUNCTION(Runtime_AsyncGeneratorResolve) { // Runtime call is implemented in InterpreterIntrinsics and lowered in // JSIntrinsicLowering diff --git a/chromium/v8/src/runtime/runtime-internal.cc b/chromium/v8/src/runtime/runtime-internal.cc index c5a693448b6..0c4ddc3c0b4 100644 --- a/chromium/v8/src/runtime/runtime-internal.cc +++ b/chromium/v8/src/runtime/runtime-internal.cc @@ -430,11 +430,6 @@ RUNTIME_FUNCTION(Runtime_ThrowConstructedNonConstructable) { RUNTIME_FUNCTION(Runtime_ThrowConstructorReturnedNonObject) { HandleScope scope(isolate); DCHECK_EQ(0, args.length()); - if (FLAG_harmony_restrict_constructor_return) { - THROW_NEW_ERROR_RETURN_FAILURE( - isolate, - NewTypeError(MessageTemplate::kClassConstructorReturnedNonObject)); - } THROW_NEW_ERROR_RETURN_FAILURE( isolate, @@ -485,15 +480,6 @@ RUNTIME_FUNCTION(Runtime_IncrementUseCounter) { return isolate->heap()->undefined_value(); } -RUNTIME_FUNCTION( - Runtime_IncrementUseCounterConstructorReturnNonUndefinedPrimitive) { - HandleScope scope(isolate); - DCHECK_EQ(0, args.length()); - isolate->CountUsage( - v8::Isolate::UseCounterFeature::kConstructorNonUndefinedPrimitiveReturn); - return isolate->heap()->undefined_value(); -} - RUNTIME_FUNCTION(Runtime_GetAndResetRuntimeCallStats) { HandleScope scope(isolate); if (args.length() == 0) { diff --git a/chromium/v8/src/runtime/runtime-interpreter.cc b/chromium/v8/src/runtime/runtime-interpreter.cc index 836bf4d5f6b..30458c0acc3 100644 --- a/chromium/v8/src/runtime/runtime-interpreter.cc +++ b/chromium/v8/src/runtime/runtime-interpreter.cc @@ -135,7 +135,8 @@ RUNTIME_FUNCTION(Runtime_InterpreterTraceBytecodeEntry) { OFStream os(stdout); // Print bytecode. - const uint8_t* base_address = bytecode_array->GetFirstBytecodeAddress(); + const uint8_t* base_address = reinterpret_cast<const uint8_t*>( + bytecode_array->GetFirstBytecodeAddress()); const uint8_t* bytecode_address = base_address + offset; os << " -> " << static_cast<const void*>(bytecode_address) << " @ " << std::setw(4) << offset << " : "; diff --git a/chromium/v8/src/runtime/runtime-intl.cc b/chromium/v8/src/runtime/runtime-intl.cc index a49a4423cfc..fced753c263 100644 --- a/chromium/v8/src/runtime/runtime-intl.cc +++ b/chromium/v8/src/runtime/runtime-intl.cc @@ -14,6 +14,7 @@ #include "src/api-natives.h" #include "src/api.h" #include "src/arguments.h" +#include "src/date.h" #include "src/global-handles.h" #include "src/heap/factory.h" #include "src/intl.h" @@ -31,8 +32,6 @@ #include "unicode/decimfmt.h" #include "unicode/dtfmtsym.h" #include "unicode/dtptngen.h" -#include "unicode/fieldpos.h" -#include "unicode/fpositer.h" #include "unicode/locid.h" #include "unicode/numfmt.h" #include "unicode/numsys.h" @@ -40,7 +39,6 @@ #include "unicode/rbbi.h" #include "unicode/smpdtfmt.h" #include "unicode/timezone.h" -#include "unicode/translit.h" #include "unicode/uchar.h" #include "unicode/ucol.h" #include "unicode/ucurr.h" @@ -260,9 +258,8 @@ RUNTIME_FUNCTION(Runtime_InternalDateFormat) { CONVERT_ARG_HANDLE_CHECKED(JSObject, date_format_holder, 0); CONVERT_NUMBER_ARG_HANDLE_CHECKED(date, 1); - double date_value = date->Number(); - // Check for +-Infinity and Nan - if (!std::isfinite(date_value)) { + double date_value = DateCache::TimeClip(date->Number()); + if (std::isnan(date_value)) { THROW_NEW_ERROR_RETURN_FAILURE( isolate, NewRangeError(MessageTemplate::kInvalidTimeValue)); } @@ -280,143 +277,6 @@ RUNTIME_FUNCTION(Runtime_InternalDateFormat) { result.length()))); } -namespace { -// The list comes from third_party/icu/source/i18n/unicode/udat.h. -// They're mapped to DateTimeFormat components listed at -// https://tc39.github.io/ecma402/#sec-datetimeformat-abstracts . - -Handle<String> IcuDateFieldIdToDateType(int32_t field_id, Isolate* isolate) { - switch (field_id) { - case -1: - return isolate->factory()->literal_string(); - case UDAT_YEAR_FIELD: - case UDAT_EXTENDED_YEAR_FIELD: - case UDAT_YEAR_NAME_FIELD: - return isolate->factory()->year_string(); - case UDAT_MONTH_FIELD: - case UDAT_STANDALONE_MONTH_FIELD: - return isolate->factory()->month_string(); - case UDAT_DATE_FIELD: - return isolate->factory()->day_string(); - case UDAT_HOUR_OF_DAY1_FIELD: - case UDAT_HOUR_OF_DAY0_FIELD: - case UDAT_HOUR1_FIELD: - case UDAT_HOUR0_FIELD: - return isolate->factory()->hour_string(); - case UDAT_MINUTE_FIELD: - return isolate->factory()->minute_string(); - case UDAT_SECOND_FIELD: - return isolate->factory()->second_string(); - case UDAT_DAY_OF_WEEK_FIELD: - case UDAT_DOW_LOCAL_FIELD: - case UDAT_STANDALONE_DAY_FIELD: - return isolate->factory()->weekday_string(); - case UDAT_AM_PM_FIELD: - return isolate->factory()->dayperiod_string(); - case UDAT_TIMEZONE_FIELD: - case UDAT_TIMEZONE_RFC_FIELD: - case UDAT_TIMEZONE_GENERIC_FIELD: - case UDAT_TIMEZONE_SPECIAL_FIELD: - case UDAT_TIMEZONE_LOCALIZED_GMT_OFFSET_FIELD: - case UDAT_TIMEZONE_ISO_FIELD: - case UDAT_TIMEZONE_ISO_LOCAL_FIELD: - return isolate->factory()->timeZoneName_string(); - case UDAT_ERA_FIELD: - return isolate->factory()->era_string(); - default: - // Other UDAT_*_FIELD's cannot show up because there is no way to specify - // them via options of Intl.DateTimeFormat. - UNREACHABLE(); - // To prevent MSVC from issuing C4715 warning. - return Handle<String>(); - } -} - -bool AddElement(Handle<JSArray> array, int index, int32_t field_id, - const icu::UnicodeString& formatted, int32_t begin, int32_t end, - Isolate* isolate) { - HandleScope scope(isolate); - Factory* factory = isolate->factory(); - Handle<JSObject> element = factory->NewJSObject(isolate->object_function()); - Handle<String> value = IcuDateFieldIdToDateType(field_id, isolate); - JSObject::AddProperty(element, factory->type_string(), value, NONE); - - icu::UnicodeString field(formatted.tempSubStringBetween(begin, end)); - ASSIGN_RETURN_ON_EXCEPTION_VALUE( - isolate, value, - factory->NewStringFromTwoByte(Vector<const uint16_t>( - reinterpret_cast<const uint16_t*>(field.getBuffer()), - field.length())), - false); - - JSObject::AddProperty(element, factory->value_string(), value, NONE); - RETURN_ON_EXCEPTION_VALUE( - isolate, JSObject::AddDataElement(array, index, element, NONE), false); - return true; -} - -} // namespace - -RUNTIME_FUNCTION(Runtime_InternalDateFormatToParts) { - HandleScope scope(isolate); - Factory* factory = isolate->factory(); - - DCHECK_EQ(2, args.length()); - - CONVERT_ARG_HANDLE_CHECKED(JSObject, date_format_holder, 0); - CONVERT_NUMBER_ARG_HANDLE_CHECKED(date, 1); - - double date_value = date->Number(); - if (!std::isfinite(date_value)) { - THROW_NEW_ERROR_RETURN_FAILURE( - isolate, NewRangeError(MessageTemplate::kInvalidTimeValue)); - } - - icu::SimpleDateFormat* date_format = - DateFormat::UnpackDateFormat(isolate, date_format_holder); - CHECK_NOT_NULL(date_format); - - icu::UnicodeString formatted; - icu::FieldPositionIterator fp_iter; - icu::FieldPosition fp; - UErrorCode status = U_ZERO_ERROR; - date_format->format(date_value, formatted, &fp_iter, status); - if (U_FAILURE(status)) return isolate->heap()->undefined_value(); - - Handle<JSArray> result = factory->NewJSArray(0); - int32_t length = formatted.length(); - if (length == 0) return *result; - - int index = 0; - int32_t previous_end_pos = 0; - while (fp_iter.next(fp)) { - int32_t begin_pos = fp.getBeginIndex(); - int32_t end_pos = fp.getEndIndex(); - - if (previous_end_pos < begin_pos) { - if (!AddElement(result, index, -1, formatted, previous_end_pos, begin_pos, - isolate)) { - return isolate->heap()->undefined_value(); - } - ++index; - } - if (!AddElement(result, index, fp.getField(), formatted, begin_pos, end_pos, - isolate)) { - return isolate->heap()->undefined_value(); - } - previous_end_pos = end_pos; - ++index; - } - if (previous_end_pos < length) { - if (!AddElement(result, index, -1, formatted, previous_end_pos, length, - isolate)) { - return isolate->heap()->undefined_value(); - } - } - JSObject::ValidateElements(*result); - return *result; -} - RUNTIME_FUNCTION(Runtime_CreateNumberFormat) { HandleScope scope(isolate); diff --git a/chromium/v8/src/runtime/runtime-literals.cc b/chromium/v8/src/runtime/runtime-literals.cc index 568849b3d9d..71e91bab357 100644 --- a/chromium/v8/src/runtime/runtime-literals.cc +++ b/chromium/v8/src/runtime/runtime-literals.cc @@ -9,6 +9,7 @@ #include "src/ast/ast.h" #include "src/ast/compile-time-value.h" #include "src/isolate-inl.h" +#include "src/objects/hash-table-inl.h" #include "src/runtime/runtime.h" namespace v8 { @@ -456,7 +457,7 @@ MaybeHandle<JSObject> CreateLiteral(Isolate* isolate, Handle<HeapObject> description, int flags) { FeedbackSlot literals_slot(FeedbackVector::ToSlot(literals_index)); CHECK(literals_slot.ToInt() < vector->length()); - Handle<Object> literal_site(vector->Get(literals_slot), isolate); + Handle<Object> literal_site(vector->Get(literals_slot)->ToObject(), isolate); DeepCopyHints copy_hints = (flags & AggregateLiteral::kIsShallow) ? kObjectIsShallow : kNoHints; if (FLAG_track_double_fields && !FLAG_unbox_double_fields) { @@ -552,7 +553,7 @@ RUNTIME_FUNCTION(Runtime_CreateRegExpLiteral) { FeedbackSlot literal_slot(FeedbackVector::ToSlot(index)); // Check if boilerplate exists. If not, create it first. - Handle<Object> literal_site(vector->Get(literal_slot), isolate); + Handle<Object> literal_site(vector->Get(literal_slot)->ToObject(), isolate); Handle<Object> boilerplate; if (!HasBoilerplate(isolate, literal_site)) { ASSIGN_RETURN_FAILURE_ON_EXCEPTION( diff --git a/chromium/v8/src/runtime/runtime-numbers.cc b/chromium/v8/src/runtime/runtime-numbers.cc index 260e6be45b4..643e1b7edb0 100644 --- a/chromium/v8/src/runtime/runtime-numbers.cc +++ b/chromium/v8/src/runtime/runtime-numbers.cc @@ -77,26 +77,6 @@ RUNTIME_FUNCTION(Runtime_NumberToStringSkipCache) { return *isolate->factory()->NumberToString(number, false); } - -// Converts a Number to a Smi, if possible. Returns NaN if the number is not -// a small integer. -RUNTIME_FUNCTION(Runtime_NumberToSmi) { - SealHandleScope shs(isolate); - DCHECK_EQ(1, args.length()); - CONVERT_ARG_CHECKED(Object, obj, 0); - if (obj->IsSmi()) { - return obj; - } - if (obj->IsHeapNumber()) { - double value = HeapNumber::cast(obj)->value(); - int int_value = FastD2I(value); - if (value == FastI2D(int_value) && Smi::IsValid(int_value)) { - return Smi::FromInt(int_value); - } - } - return isolate->heap()->nan_value(); -} - // Compare two Smis x, y as if they were converted to strings and then // compared lexicographically. Returns: // -1 if x < y diff --git a/chromium/v8/src/runtime/runtime-object.cc b/chromium/v8/src/runtime/runtime-object.cc index b68315f2863..1e1eb77b741 100644 --- a/chromium/v8/src/runtime/runtime-object.cc +++ b/chromium/v8/src/runtime/runtime-object.cc @@ -9,6 +9,7 @@ #include "src/debug/debug.h" #include "src/isolate-inl.h" #include "src/messages.h" +#include "src/objects/hash-table-inl.h" #include "src/objects/property-descriptor-object.h" #include "src/property-descriptor.h" #include "src/runtime/runtime.h" @@ -21,6 +22,9 @@ MaybeHandle<Object> Runtime::GetObjectProperty(Isolate* isolate, Handle<Object> key, bool* is_found_out) { if (object->IsNullOrUndefined(isolate)) { + if (*key == isolate->heap()->iterator_symbol()) { + return Runtime::ThrowIteratorError(isolate, object); + } THROW_NEW_ERROR( isolate, NewTypeError(MessageTemplate::kNonObjectPropertyLoad, key, object), @@ -800,13 +804,13 @@ RUNTIME_FUNCTION(Runtime_DefineDataPropertyInLiteral) { if (nexus.ic_state() == UNINITIALIZED) { if (name->IsUniqueName()) { nexus.ConfigureMonomorphic(name, handle(object->map()), - Handle<Code>::null()); + MaybeObjectHandle()); } else { nexus.ConfigureMegamorphic(PROPERTY); } } else if (nexus.ic_state() == MONOMORPHIC) { if (nexus.FindFirstMap() != object->map() || - nexus.GetFeedbackExtra() != *name) { + nexus.GetFeedbackExtra() != MaybeObject::FromObject(*name)) { nexus.ConfigureMegamorphic(PROPERTY); } } @@ -930,6 +934,22 @@ RUNTIME_FUNCTION(Runtime_DefineGetterPropertyUnchecked) { return isolate->heap()->undefined_value(); } +RUNTIME_FUNCTION(Runtime_SetDataProperties) { + HandleScope scope(isolate); + DCHECK_EQ(2, args.length()); + CONVERT_ARG_HANDLE_CHECKED(JSReceiver, target, 0); + CONVERT_ARG_HANDLE_CHECKED(Object, source, 1); + + // 2. If source is undefined or null, let keys be an empty List. + if (source->IsUndefined(isolate) || source->IsNull(isolate)) { + return isolate->heap()->undefined_value(); + } + + MAYBE_RETURN(JSReceiver::SetOrCopyDataProperties(isolate, target, source), + isolate->heap()->exception()); + return isolate->heap()->undefined_value(); +} + RUNTIME_FUNCTION(Runtime_CopyDataProperties) { HandleScope scope(isolate); DCHECK_EQ(2, args.length()); diff --git a/chromium/v8/src/runtime/runtime-promise.cc b/chromium/v8/src/runtime/runtime-promise.cc index b2a7e8bae1b..f5b9db3c028 100644 --- a/chromium/v8/src/runtime/runtime-promise.cc +++ b/chromium/v8/src/runtime/runtime-promise.cc @@ -114,14 +114,13 @@ RUNTIME_FUNCTION(Runtime_PromiseHookInit) { RUNTIME_FUNCTION(Runtime_PromiseHookBefore) { HandleScope scope(isolate); DCHECK_EQ(1, args.length()); - CONVERT_ARG_HANDLE_CHECKED(HeapObject, payload, 0); - Handle<JSPromise> promise; - if (JSPromise::From(payload).ToHandle(&promise)) { - if (isolate->debug()->is_active()) isolate->PushPromise(promise); - if (promise->IsJSPromise()) { - isolate->RunPromiseHook(PromiseHookType::kBefore, promise, - isolate->factory()->undefined_value()); - } + CONVERT_ARG_HANDLE_CHECKED(JSReceiver, maybe_promise, 0); + if (!maybe_promise->IsJSPromise()) return isolate->heap()->undefined_value(); + Handle<JSPromise> promise = Handle<JSPromise>::cast(maybe_promise); + if (isolate->debug()->is_active()) isolate->PushPromise(promise); + if (promise->IsJSPromise()) { + isolate->RunPromiseHook(PromiseHookType::kBefore, promise, + isolate->factory()->undefined_value()); } return isolate->heap()->undefined_value(); } @@ -129,14 +128,13 @@ RUNTIME_FUNCTION(Runtime_PromiseHookBefore) { RUNTIME_FUNCTION(Runtime_PromiseHookAfter) { HandleScope scope(isolate); DCHECK_EQ(1, args.length()); - CONVERT_ARG_HANDLE_CHECKED(HeapObject, payload, 0); - Handle<JSPromise> promise; - if (JSPromise::From(payload).ToHandle(&promise)) { - if (isolate->debug()->is_active()) isolate->PopPromise(); - if (promise->IsJSPromise()) { - isolate->RunPromiseHook(PromiseHookType::kAfter, promise, - isolate->factory()->undefined_value()); - } + CONVERT_ARG_HANDLE_CHECKED(JSReceiver, maybe_promise, 0); + if (!maybe_promise->IsJSPromise()) return isolate->heap()->undefined_value(); + Handle<JSPromise> promise = Handle<JSPromise>::cast(maybe_promise); + if (isolate->debug()->is_active()) isolate->PopPromise(); + if (promise->IsJSPromise()) { + isolate->RunPromiseHook(PromiseHookType::kAfter, promise, + isolate->factory()->undefined_value()); } return isolate->heap()->undefined_value(); } diff --git a/chromium/v8/src/runtime/runtime-scopes.cc b/chromium/v8/src/runtime/runtime-scopes.cc index 9483949674b..b13d52bceb8 100644 --- a/chromium/v8/src/runtime/runtime-scopes.cc +++ b/chromium/v8/src/runtime/runtime-scopes.cc @@ -158,7 +158,8 @@ Object* DeclareGlobals(Isolate* isolate, Handle<FixedArray> declarations, FeedbackSlot feedback_cells_slot( Smi::ToInt(*possibly_feedback_cell_slot)); Handle<FeedbackCell> feedback_cell( - FeedbackCell::cast(feedback_vector->Get(feedback_cells_slot)), + FeedbackCell::cast( + feedback_vector->Get(feedback_cells_slot)->ToStrongHeapObject()), isolate); Handle<JSFunction> function = isolate->factory()->NewFunctionFromSharedFunctionInfo( @@ -215,7 +216,8 @@ Object* DeclareEvalHelper(Isolate* isolate, Handle<String> name, DCHECK(context->IsFunctionContext() || context->IsNativeContext() || context->IsScriptContext() || context->IsEvalContext() || - (context->IsBlockContext() && context->has_extension())); + (context->IsBlockContext() && + context->scope_info()->is_declaration_scope())); bool is_function = value->IsJSFunction(); bool is_var = !is_function; @@ -284,25 +286,18 @@ Object* DeclareEvalHelper(Isolate* isolate, Handle<String> name, object = Handle<JSObject>::cast(holder); } else if (context->has_extension()) { - // Sloppy varblock contexts might not have an extension object yet, - // in which case their extension is a ScopeInfo. - if (context->extension()->IsScopeInfo()) { - DCHECK(context->IsBlockContext()); - object = isolate->factory()->NewJSObject( - isolate->context_extension_function()); - Handle<HeapObject> extension = isolate->factory()->NewContextExtension( - handle(context->scope_info()), object); - context->set_extension(*extension); - } else { - object = handle(context->extension_object(), isolate); - } + object = handle(context->extension_object(), isolate); DCHECK(object->IsJSContextExtensionObject() || object->IsJSGlobalObject()); } else { - // Sloppy eval will never have an extension object, as vars are hoisted out, - // and lets are known statically. - DCHECK(context->IsFunctionContext()); + // Sloppy varblock and function contexts might not have an extension object + // yet. Sloppy eval will never have an extension object, as vars are hoisted + // out, and lets are known statically. + DCHECK((context->IsBlockContext() && + context->scope_info()->is_declaration_scope()) || + context->IsFunctionContext()); object = isolate->factory()->NewJSObject(isolate->context_extension_function()); + context->set_extension(*object); } @@ -691,12 +686,12 @@ static Object* FindNameClash(Handle<ScopeInfo> scope_info, RUNTIME_FUNCTION(Runtime_NewScriptContext) { HandleScope scope(isolate); - DCHECK_EQ(2, args.length()); + DCHECK_EQ(1, args.length()); - CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0); - CONVERT_ARG_HANDLE_CHECKED(ScopeInfo, scope_info, 1); - Handle<JSGlobalObject> global_object(function->context()->global_object()); - Handle<Context> native_context(global_object->native_context()); + CONVERT_ARG_HANDLE_CHECKED(ScopeInfo, scope_info, 0); + Handle<Context> native_context(isolate->context(), isolate); + DCHECK(native_context->IsNativeContext()); + Handle<JSGlobalObject> global_object(native_context->global_object()); Handle<ScriptContextTable> script_context_table( native_context->script_context_table()); @@ -704,20 +699,11 @@ RUNTIME_FUNCTION(Runtime_NewScriptContext) { FindNameClash(scope_info, global_object, script_context_table); if (isolate->has_pending_exception()) return name_clash_result; - // Script contexts have a canonical empty function as their closure, not the - // anonymous closure containing the global code. See - // FullCodeGenerator::PushFunctionArgumentForContextAllocation. - Handle<JSFunction> closure(function->shared()->IsUserJavaScript() - ? native_context->closure() - : *function); - // We do not need script contexts here during bootstrap. DCHECK(!isolate->bootstrapper()->IsActive()); - Handle<Context> result = - isolate->factory()->NewScriptContext(closure, scope_info); - DCHECK(function->context() == isolate->context()); - DCHECK(*global_object == result->global_object()); + Handle<Context> result = + isolate->factory()->NewScriptContext(native_context, scope_info); Handle<ScriptContextTable> new_script_context_table = ScriptContextTable::Extend(script_context_table, result); @@ -727,54 +713,47 @@ RUNTIME_FUNCTION(Runtime_NewScriptContext) { RUNTIME_FUNCTION(Runtime_NewFunctionContext) { HandleScope scope(isolate); - DCHECK_EQ(2, args.length()); + DCHECK_EQ(1, args.length()); - CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0); - CONVERT_SMI_ARG_CHECKED(scope_type, 1); + CONVERT_ARG_HANDLE_CHECKED(ScopeInfo, scope_info, 0); - DCHECK(function->context() == isolate->context()); - int length = function->shared()->scope_info()->ContextLength(); - return *isolate->factory()->NewFunctionContext( - length, function, static_cast<ScopeType>(scope_type)); + Handle<Context> outer(isolate->context(), isolate); + return *isolate->factory()->NewFunctionContext(outer, scope_info); } RUNTIME_FUNCTION(Runtime_PushWithContext) { HandleScope scope(isolate); - DCHECK_EQ(3, args.length()); + DCHECK_EQ(2, args.length()); CONVERT_ARG_HANDLE_CHECKED(JSReceiver, extension_object, 0); CONVERT_ARG_HANDLE_CHECKED(ScopeInfo, scope_info, 1); - CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 2); Handle<Context> current(isolate->context()); - Handle<Context> context = isolate->factory()->NewWithContext( - function, current, scope_info, extension_object); + Handle<Context> context = + isolate->factory()->NewWithContext(current, scope_info, extension_object); isolate->set_context(*context); return *context; } RUNTIME_FUNCTION(Runtime_PushModuleContext) { HandleScope scope(isolate); - DCHECK_EQ(3, args.length()); + DCHECK_EQ(2, args.length()); CONVERT_ARG_HANDLE_CHECKED(Module, module, 0); - CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 1); - CONVERT_ARG_HANDLE_CHECKED(ScopeInfo, scope_info, 2); - DCHECK(function->context() == isolate->context()); + CONVERT_ARG_HANDLE_CHECKED(ScopeInfo, scope_info, 1); + Handle<Context> outer(isolate->context(), isolate); Handle<Context> context = - isolate->factory()->NewModuleContext(module, function, scope_info); + isolate->factory()->NewModuleContext(module, outer, scope_info); isolate->set_context(*context); return *context; } RUNTIME_FUNCTION(Runtime_PushCatchContext) { HandleScope scope(isolate); - DCHECK_EQ(4, args.length()); - CONVERT_ARG_HANDLE_CHECKED(String, name, 0); - CONVERT_ARG_HANDLE_CHECKED(Object, thrown_object, 1); - CONVERT_ARG_HANDLE_CHECKED(ScopeInfo, scope_info, 2); - CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 3); - Handle<Context> current(isolate->context()); - Handle<Context> context = isolate->factory()->NewCatchContext( - function, current, scope_info, name, thrown_object); + DCHECK_EQ(2, args.length()); + CONVERT_ARG_HANDLE_CHECKED(Object, thrown_object, 0); + CONVERT_ARG_HANDLE_CHECKED(ScopeInfo, scope_info, 1); + Handle<Context> current(isolate->context(), isolate); + Handle<Context> context = + isolate->factory()->NewCatchContext(current, scope_info, thrown_object); isolate->set_context(*context); return *context; } @@ -782,12 +761,11 @@ RUNTIME_FUNCTION(Runtime_PushCatchContext) { RUNTIME_FUNCTION(Runtime_PushBlockContext) { HandleScope scope(isolate); - DCHECK_EQ(2, args.length()); + DCHECK_EQ(1, args.length()); CONVERT_ARG_HANDLE_CHECKED(ScopeInfo, scope_info, 0); - CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 1); - Handle<Context> current(isolate->context()); + Handle<Context> current(isolate->context(), isolate); Handle<Context> context = - isolate->factory()->NewBlockContext(function, current, scope_info); + isolate->factory()->NewBlockContext(current, scope_info); isolate->set_context(*context); return *context; } diff --git a/chromium/v8/src/runtime/runtime-test.cc b/chromium/v8/src/runtime/runtime-test.cc index 78de914b72f..8cec33c23df 100644 --- a/chromium/v8/src/runtime/runtime-test.cc +++ b/chromium/v8/src/runtime/runtime-test.cc @@ -116,6 +116,21 @@ RUNTIME_FUNCTION(Runtime_ConstructConsString) { return *isolate->factory()->NewConsString(left, right, length, kIsOneByte); } +RUNTIME_FUNCTION(Runtime_ConstructSlicedString) { + HandleScope scope(isolate); + DCHECK_EQ(2, args.length()); + CONVERT_ARG_HANDLE_CHECKED(String, string, 0); + CONVERT_ARG_HANDLE_CHECKED(Smi, index, 1); + + CHECK(string->IsOneByteRepresentation()); + CHECK_LT(index->value(), string->length()); + + Handle<String> sliced_string = isolate->factory()->NewSubString( + string, index->value(), string->length()); + CHECK(sliced_string->IsSlicedString()); + return *sliced_string; +} + RUNTIME_FUNCTION(Runtime_DeoptimizeFunction) { HandleScope scope(isolate); DCHECK_EQ(1, args.length()); @@ -511,28 +526,54 @@ RUNTIME_FUNCTION(Runtime_DebugPrint) { SealHandleScope shs(isolate); DCHECK_EQ(1, args.length()); + // Hack: The argument is passed as Object* but here it's really a + // MaybeObject*. + MaybeObject* maybe_object = reinterpret_cast<MaybeObject*>(args[0]); + OFStream os(stdout); -#ifdef DEBUG - if (args[0]->IsString() && isolate->context() != nullptr) { - // If we have a string, assume it's a code "marker" - // and print some interesting cpu debugging info. - args[0]->Print(os); - JavaScriptFrameIterator it(isolate); - JavaScriptFrame* frame = it.frame(); - os << "fp = " << static_cast<void*>(frame->fp()) - << ", sp = " << static_cast<void*>(frame->sp()) - << ", caller_sp = " << static_cast<void*>(frame->caller_sp()) << ": "; + if (maybe_object->IsClearedWeakHeapObject()) { + os << "[weak cleared]"; } else { - os << "DebugPrint: "; - args[0]->Print(os); - } - if (args[0]->IsHeapObject()) { - HeapObject::cast(args[0])->map()->Print(os); - } + Object* object; + bool weak = false; + if (maybe_object->IsWeakHeapObject()) { + weak = true; + object = maybe_object->ToWeakHeapObject(); + } else { + // Strong reference or SMI. + object = maybe_object->ToObject(); + } + +#ifdef DEBUG + if (object->IsString() && isolate->context() != nullptr) { + DCHECK(!weak); + // If we have a string, assume it's a code "marker" + // and print some interesting cpu debugging info. + object->Print(os); + JavaScriptFrameIterator it(isolate); + JavaScriptFrame* frame = it.frame(); + os << "fp = " << reinterpret_cast<void*>(frame->fp()) + << ", sp = " << reinterpret_cast<void*>(frame->sp()) + << ", caller_sp = " << reinterpret_cast<void*>(frame->caller_sp()) + << ": "; + } else { + os << "DebugPrint: "; + if (weak) { + os << "[weak] "; + } + object->Print(os); + } + if (object->IsHeapObject()) { + HeapObject::cast(object)->map()->Print(os); + } #else - // ShortPrint is available in release mode. Print is not. - os << Brief(args[0]); + if (weak) { + os << "[weak] "; + } + // ShortPrint is available in release mode. Print is not. + os << Brief(object); #endif + } os << std::endl; return args[0]; // return TOS @@ -860,22 +901,27 @@ RUNTIME_FUNCTION(Runtime_PromiseSpeciesProtector) { isolate->IsPromiseSpeciesLookupChainIntact()); } -// Take a compiled wasm module, serialize it and copy the buffer into an array -// buffer, which is then returned. +// Take a compiled wasm module and serialize it into an array buffer, which is +// then returned. RUNTIME_FUNCTION(Runtime_SerializeWasmModule) { HandleScope shs(isolate); DCHECK_EQ(1, args.length()); CONVERT_ARG_HANDLE_CHECKED(WasmModuleObject, module_obj, 0); - Handle<WasmCompiledModule> orig(module_obj->compiled_module()); - std::pair<std::unique_ptr<const byte[]>, size_t> serialized_module = - wasm::SerializeNativeModule(isolate, orig); - int data_size = static_cast<int>(serialized_module.second); - void* buff = isolate->array_buffer_allocator()->Allocate(data_size); - Handle<JSArrayBuffer> ret = isolate->factory()->NewJSArrayBuffer(); - JSArrayBuffer::Setup(ret, isolate, false, buff, data_size); - memcpy(buff, serialized_module.first.get(), data_size); - return *ret; + Handle<WasmCompiledModule> compiled_module(module_obj->compiled_module(), + isolate); + size_t compiled_size = + wasm::GetSerializedNativeModuleSize(isolate, compiled_module); + void* array_data = isolate->array_buffer_allocator()->Allocate(compiled_size); + Handle<JSArrayBuffer> array_buffer = isolate->factory()->NewJSArrayBuffer(); + JSArrayBuffer::Setup(array_buffer, isolate, false, array_data, compiled_size); + if (!array_data || + !wasm::SerializeNativeModule( + isolate, compiled_module, + {reinterpret_cast<uint8_t*>(array_data), compiled_size})) { + return isolate->heap()->undefined_value(); + } + return *array_buffer; } // Take an array buffer and attempt to reconstruct a compiled wasm module. @@ -886,7 +932,7 @@ RUNTIME_FUNCTION(Runtime_DeserializeWasmModule) { CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, buffer, 0); CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, wire_bytes, 1); - Address mem_start = static_cast<Address>(buffer->backing_store()); + uint8_t* mem_start = reinterpret_cast<uint8_t*>(buffer->backing_store()); size_t mem_size = static_cast<size_t>(buffer->byte_length()->Number()); // Note that {wasm::DeserializeNativeModule} will allocate. We assume the @@ -896,7 +942,7 @@ RUNTIME_FUNCTION(Runtime_DeserializeWasmModule) { wire_bytes->set_is_external(true); isolate->heap()->UnregisterArrayBuffer(*wire_bytes); } - MaybeHandle<WasmCompiledModule> maybe_compiled_module = + MaybeHandle<WasmModuleObject> maybe_module_object = wasm::DeserializeNativeModule( isolate, {mem_start, mem_size}, Vector<const uint8_t>( @@ -906,11 +952,11 @@ RUNTIME_FUNCTION(Runtime_DeserializeWasmModule) { wire_bytes->set_is_external(false); isolate->heap()->RegisterNewArrayBuffer(*wire_bytes); } - Handle<WasmCompiledModule> compiled_module; - if (!maybe_compiled_module.ToHandle(&compiled_module)) { + Handle<WasmModuleObject> module_object; + if (!maybe_module_object.ToHandle(&module_object)) { return isolate->heap()->undefined_value(); } - return *WasmModuleObject::New(isolate, compiled_module); + return *module_object; } RUNTIME_FUNCTION(Runtime_ValidateWasmInstancesChain) { @@ -931,14 +977,6 @@ RUNTIME_FUNCTION(Runtime_ValidateWasmModuleState) { return isolate->heap()->ToBoolean(true); } -RUNTIME_FUNCTION(Runtime_ValidateWasmOrphanedInstance) { - HandleScope shs(isolate); - DCHECK_EQ(1, args.length()); - CONVERT_ARG_HANDLE_CHECKED(WasmInstanceObject, instance, 0); - WasmInstanceObject::ValidateOrphanedInstanceForTesting(isolate, instance); - return isolate->heap()->ToBoolean(true); -} - RUNTIME_FUNCTION(Runtime_HeapObjectVerify) { HandleScope shs(isolate); DCHECK_EQ(1, args.length()); diff --git a/chromium/v8/src/runtime/runtime-wasm.cc b/chromium/v8/src/runtime/runtime-wasm.cc index 9f17d0a78dc..a6f55f32abc 100644 --- a/chromium/v8/src/runtime/runtime-wasm.cc +++ b/chromium/v8/src/runtime/runtime-wasm.cc @@ -27,21 +27,23 @@ namespace internal { namespace { WasmInstanceObject* GetWasmInstanceOnStackTop(Isolate* isolate) { - DisallowHeapAllocation no_allocation; - const Address entry = Isolate::c_entry_fp(isolate->thread_local_top()); - Address pc = - Memory::Address_at(entry + StandardFrameConstants::kCallerPCOffset); - WasmInstanceObject* owning_instance = WasmInstanceObject::GetOwningInstance( - isolate->wasm_engine()->code_manager()->LookupCode(pc)); - CHECK_NOT_NULL(owning_instance); - return owning_instance; + StackFrameIterator it(isolate, isolate->thread_local_top()); + // On top: C entry stub. + DCHECK_EQ(StackFrame::EXIT, it.frame()->type()); + it.Advance(); + // Next: the wasm (compiled or interpreted) frame. + WasmInstanceObject* result = nullptr; + if (it.frame()->is_wasm_compiled()) { + result = WasmCompiledFrame::cast(it.frame())->wasm_instance(); + } else { + DCHECK(it.frame()->is_wasm_interpreter_entry()); + result = WasmInterpreterEntryFrame::cast(it.frame())->wasm_instance(); + } + return result; } -// TODO(titzer): rename to GetNativeContextFromWasmInstanceOnStackTop() -Context* GetWasmContextOnStackTop(Isolate* isolate) { - return GetWasmInstanceOnStackTop(isolate) - ->compiled_module() - ->native_context(); +Context* GetNativeContextFromWasmInstanceOnStackTop(Isolate* isolate) { + return GetWasmInstanceOnStackTop(isolate)->native_context(); } class ClearThreadInWasmScope { @@ -75,7 +77,7 @@ RUNTIME_FUNCTION(Runtime_WasmGrowMemory) { // Set the current isolate's context. DCHECK_NULL(isolate->context()); - isolate->set_context(instance->compiled_module()->native_context()); + isolate->set_context(instance->native_context()); return *isolate->factory()->NewNumberFromInt(WasmMemoryObject::Grow( isolate, handle(instance->memory_object(), isolate), delta_pages)); @@ -88,7 +90,7 @@ RUNTIME_FUNCTION(Runtime_ThrowWasmError) { HandleScope scope(isolate); DCHECK_NULL(isolate->context()); - isolate->set_context(GetWasmContextOnStackTop(isolate)); + isolate->set_context(GetNativeContextFromWasmInstanceOnStackTop(isolate)); Handle<Object> error_obj = isolate->factory()->NewWasmRuntimeError( static_cast<MessageTemplate::Template>(message_id)); return isolate->Throw(*error_obj); @@ -98,7 +100,7 @@ RUNTIME_FUNCTION(Runtime_ThrowWasmStackOverflow) { SealHandleScope shs(isolate); DCHECK_LE(0, args.length()); DCHECK_NULL(isolate->context()); - isolate->set_context(GetWasmContextOnStackTop(isolate)); + isolate->set_context(GetNativeContextFromWasmInstanceOnStackTop(isolate)); return isolate->StackOverflow(); } @@ -113,7 +115,7 @@ RUNTIME_FUNCTION(Runtime_WasmThrowCreate) { // TODO(kschimpf): Can this be replaced with equivalent TurboFan code/calls. HandleScope scope(isolate); DCHECK_NULL(isolate->context()); - isolate->set_context(GetWasmContextOnStackTop(isolate)); + isolate->set_context(GetNativeContextFromWasmInstanceOnStackTop(isolate)); DCHECK_EQ(2, args.length()); Handle<Object> exception = isolate->factory()->NewWasmRuntimeError( static_cast<MessageTemplate::Template>( @@ -140,7 +142,7 @@ RUNTIME_FUNCTION(Runtime_WasmThrow) { // TODO(kschimpf): Can this be replaced with equivalent TurboFan code/calls. HandleScope scope(isolate); DCHECK_NULL(isolate->context()); - isolate->set_context(GetWasmContextOnStackTop(isolate)); + isolate->set_context(GetNativeContextFromWasmInstanceOnStackTop(isolate)); DCHECK_EQ(0, args.length()); Handle<Object> exception(isolate->get_wasm_caught_exception(), isolate); CHECK(!exception.is_null()); @@ -152,7 +154,7 @@ RUNTIME_FUNCTION(Runtime_WasmGetExceptionRuntimeId) { // TODO(kschimpf): Can this be replaced with equivalent TurboFan code/calls. HandleScope scope(isolate); DCHECK_NULL(isolate->context()); - isolate->set_context(GetWasmContextOnStackTop(isolate)); + isolate->set_context(GetNativeContextFromWasmInstanceOnStackTop(isolate)); Handle<Object> except_obj(isolate->get_wasm_caught_exception(), isolate); if (!except_obj.is_null() && except_obj->IsJSReceiver()) { Handle<JSReceiver> exception(JSReceiver::cast(*except_obj)); @@ -173,7 +175,7 @@ RUNTIME_FUNCTION(Runtime_WasmExceptionGetElement) { // TODO(kschimpf): Can this be replaced with equivalent TurboFan code/calls. HandleScope scope(isolate); DCHECK_NULL(isolate->context()); - isolate->set_context(GetWasmContextOnStackTop(isolate)); + isolate->set_context(GetNativeContextFromWasmInstanceOnStackTop(isolate)); DCHECK_EQ(1, args.length()); Handle<Object> except_obj(isolate->get_wasm_caught_exception(), isolate); if (!except_obj.is_null() && except_obj->IsJSReceiver()) { @@ -202,7 +204,7 @@ RUNTIME_FUNCTION(Runtime_WasmExceptionSetElement) { HandleScope scope(isolate); DCHECK_EQ(2, args.length()); DCHECK_NULL(isolate->context()); - isolate->set_context(GetWasmContextOnStackTop(isolate)); + isolate->set_context(GetNativeContextFromWasmInstanceOnStackTop(isolate)); Handle<Object> except_obj(isolate->get_wasm_caught_exception(), isolate); if (!except_obj.is_null() && except_obj->IsJSReceiver()) { Handle<JSReceiver> exception(JSReceiver::cast(*except_obj)); @@ -238,13 +240,13 @@ RUNTIME_FUNCTION(Runtime_WasmRunInterpreter) { // cast it back to the raw pointer. CHECK(!arg_buffer_obj->IsHeapObject()); CHECK(arg_buffer_obj->IsSmi()); - uint8_t* arg_buffer = reinterpret_cast<uint8_t*>(*arg_buffer_obj); + Address arg_buffer = reinterpret_cast<Address>(*arg_buffer_obj); ClearThreadInWasmScope wasm_flag(true); // Set the current isolate's context. DCHECK_NULL(isolate->context()); - isolate->set_context(instance->compiled_module()->native_context()); + isolate->set_context(instance->native_context()); // Find the frame pointer of the interpreter entry. Address frame_pointer = 0; @@ -278,7 +280,7 @@ RUNTIME_FUNCTION(Runtime_WasmStackGuard) { // Set the current isolate's context. DCHECK_NULL(isolate->context()); - isolate->set_context(GetWasmContextOnStackTop(isolate)); + isolate->set_context(GetNativeContextFromWasmInstanceOnStackTop(isolate)); // Check if this is a real stack overflow. StackLimitCheck check(isolate); @@ -296,6 +298,8 @@ RUNTIME_FUNCTION_RETURN_PAIR(Runtime_WasmCompileLazy) { HandleScope scope(isolate); Handle<WasmInstanceObject> instance(*instance_on_stack, isolate); + ClearThreadInWasmScope wasm_flag(true); + Address entrypoint = wasm::CompileLazy(isolate, instance); return MakePair(reinterpret_cast<Object*>(entrypoint), *instance); } diff --git a/chromium/v8/src/runtime/runtime.cc b/chromium/v8/src/runtime/runtime.cc index 3ae82d41c53..64f487398fd 100644 --- a/chromium/v8/src/runtime/runtime.cc +++ b/chromium/v8/src/runtime/runtime.cc @@ -159,31 +159,29 @@ const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) { return &(kIntrinsicFunctions[static_cast<int>(id)]); } - const Runtime::Function* Runtime::RuntimeFunctionTable(Isolate* isolate) { - if (isolate->external_reference_redirector()) { - // When running with the simulator we need to provide a table which has - // redirected runtime entry addresses. - if (!isolate->runtime_state()->redirected_intrinsic_functions()) { - size_t function_count = arraysize(kIntrinsicFunctions); - Function* redirected_functions = new Function[function_count]; - memcpy(redirected_functions, kIntrinsicFunctions, - sizeof(kIntrinsicFunctions)); - for (size_t i = 0; i < function_count; i++) { - ExternalReference redirected_entry(static_cast<Runtime::FunctionId>(i), - isolate); - redirected_functions[i].entry = redirected_entry.address(); - } - isolate->runtime_state()->set_redirected_intrinsic_functions( - redirected_functions); +#ifdef USE_SIMULATOR + // When running with the simulator we need to provide a table which has + // redirected runtime entry addresses. + if (!isolate->runtime_state()->redirected_intrinsic_functions()) { + size_t function_count = arraysize(kIntrinsicFunctions); + Function* redirected_functions = new Function[function_count]; + memcpy(redirected_functions, kIntrinsicFunctions, + sizeof(kIntrinsicFunctions)); + for (size_t i = 0; i < function_count; i++) { + ExternalReference redirected_entry = + ExternalReference::Create(static_cast<Runtime::FunctionId>(i)); + redirected_functions[i].entry = redirected_entry.address(); } - - return isolate->runtime_state()->redirected_intrinsic_functions(); - } else { - return kIntrinsicFunctions; + isolate->runtime_state()->set_redirected_intrinsic_functions( + redirected_functions); } -} + return isolate->runtime_state()->redirected_intrinsic_functions(); +#else + return kIntrinsicFunctions; +#endif +} std::ostream& operator<<(std::ostream& os, Runtime::FunctionId id) { return os << Runtime::FunctionForId(id)->name; diff --git a/chromium/v8/src/runtime/runtime.h b/chromium/v8/src/runtime/runtime.h index 48a63d500da..f8997c50ad3 100644 --- a/chromium/v8/src/runtime/runtime.h +++ b/chromium/v8/src/runtime/runtime.h @@ -49,7 +49,7 @@ namespace internal { F(MoveArrayContents, 2, 1) \ F(NewArray, -1 /* >= 3 */, 1) \ F(NormalizeElements, 1, 1) \ - F(RemoveArrayHoles, 2, 1) \ + F(PrepareElementsForSort, 2, 1) \ F(TransitionElementsKind, 2, 1) \ F(TrySliceSimpleNonFastElements, 3, 1) @@ -68,6 +68,7 @@ namespace internal { F(BigIntBinaryOp, 3, 1) \ F(BigIntCompareToBigInt, 3, 1) \ F(BigIntCompareToNumber, 3, 1) \ + F(BigIntCompareToString, 3, 1) \ F(BigIntEqualToBigInt, 2, 1) \ F(BigIntEqualToNumber, 2, 1) \ F(BigIntEqualToString, 2, 1) \ @@ -143,7 +144,7 @@ namespace internal { F(DebugGetPropertyDetails, 2, 1) \ F(DebugGetPrototype, 1, 1) \ F(DebugIsActive, 0, 1) \ - F(DebugOnFunctionCall, 1, 1) \ + F(DebugOnFunctionCall, 2, 1) \ F(DebugPopPromise, 0, 1) \ F(DebugPrepareStepInSuspendedGenerator, 0, 1) \ F(DebugPropertyAttributesFromDetails, 1, 1) \ @@ -222,10 +223,6 @@ namespace internal { F(SetNativeFlag, 1, 1) #define FOR_EACH_INTRINSIC_GENERATOR(F) \ - F(AsyncFunctionAwaitCaught, 3, 1) \ - F(AsyncFunctionAwaitUncaught, 3, 1) \ - F(AsyncGeneratorAwaitCaught, 2, 1) \ - F(AsyncGeneratorAwaitUncaught, 2, 1) \ F(AsyncGeneratorHasCatchHandlerForPC, 1, 1) \ F(AsyncGeneratorReject, 2, 1) \ F(AsyncGeneratorResolve, 3, 1) \ @@ -258,7 +255,6 @@ namespace internal { F(GetDefaultICULocale, 0, 1) \ F(InternalCompare, 3, 1) \ F(InternalDateFormat, 2, 1) \ - F(InternalDateFormatToParts, 2, 1) \ F(InternalNumberFormat, 2, 1) \ F(IsInitializedIntlObject, 1, 1) \ F(IsInitializedIntlObjectOfType, 2, 1) \ @@ -285,7 +281,6 @@ namespace internal { F(ExportFromRuntime, 1, 1) \ F(GetAndResetRuntimeCallStats, -1 /* <= 2 */, 1) \ F(IncrementUseCounter, 1, 1) \ - F(IncrementUseCounterConstructorReturnNonUndefinedPrimitive, 0, 1) \ F(InstallToContext, 1, 1) \ F(Interrupt, 0, 1) \ F(IS_VAR, 1, 1) \ @@ -350,7 +345,6 @@ namespace internal { F(IsSmi, 1, 1) \ F(IsValidSmi, 1, 1) \ F(MaxSmi, 0, 1) \ - F(NumberToSmi, 1, 1) \ F(NumberToStringSkipCache, 1, 1) \ F(SmiLexicographicCompare, 2, 1) \ F(StringParseFloat, 1, 1) \ @@ -400,6 +394,7 @@ namespace internal { F(OptimizeObjectForAddingMultipleProperties, 2, 1) \ F(SameValue, 2, 1) \ F(SameValueZero, 2, 1) \ + F(SetDataProperties, 2, 1) \ F(SetProperty, 4, 1) \ F(ShrinkPropertyDictionary, 1, 1) \ F(ToFastProperties, 1, 1) \ @@ -467,18 +462,19 @@ namespace internal { F(LoadLookupSlot, 1, 1) \ F(LoadLookupSlotInsideTypeof, 1, 1) \ F(NewArgumentsElements, 3, 1) \ + \ F(NewClosure, 2, 1) \ F(NewClosure_Tenured, 2, 1) \ - F(NewFunctionContext, 2, 1) \ + F(NewFunctionContext, 1, 1) \ F(NewRestParameter, 1, 1) \ - F(NewScriptContext, 2, 1) \ + F(NewScriptContext, 1, 1) \ F(NewSloppyArguments, 3, 1) \ F(NewSloppyArguments_Generic, 1, 1) \ F(NewStrictArguments, 1, 1) \ - F(PushBlockContext, 2, 1) \ - F(PushCatchContext, 4, 1) \ - F(PushModuleContext, 3, 1) \ - F(PushWithContext, 3, 1) \ + F(PushBlockContext, 1, 1) \ + F(PushCatchContext, 2, 1) \ + F(PushModuleContext, 2, 1) \ + F(PushWithContext, 2, 1) \ F(StoreLookupSlot_Sloppy, 2, 1) \ F(StoreLookupSlot_SloppyHoisting, 2, 1) \ F(StoreLookupSlot_Strict, 2, 1) \ @@ -523,6 +519,7 @@ namespace internal { F(ClearFunctionFeedback, 1, 1) \ F(CompleteInobjectSlackTracking, 1, 1) \ F(ConstructConsString, 2, 1) \ + F(ConstructSlicedString, 2, 1) \ F(ConstructDouble, 2, 1) \ F(DebugPrint, 1, 1) \ F(DebugTrace, 0, 1) \ @@ -596,7 +593,6 @@ namespace internal { F(UnblockConcurrentRecompilation, 0, 1) \ F(ValidateWasmInstancesChain, 2, 1) \ F(ValidateWasmModuleState, 1, 1) \ - F(ValidateWasmOrphanedInstance, 1, 1) \ F(WasmNumInterpretedCalls, 1, 1) \ F(WasmTraceMemory, 1, 1) |