diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-04-23 10:34:49 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-05-04 20:05:08 +0000 |
| commit | 830c9e163d31a9180fadca926b3e1d7dfffb5021 (patch) | |
| tree | 1b96d45c67492b297e725932935d96d6efc91f37 /chromium/v8 | |
| parent | 818d9aed569afd192f6d4f6d9b28b72912df8b93 (diff) | |
| download | qtwebengine-chromium-830c9e163d31a9180fadca926b3e1d7dfffb5021.tar.gz | |
BASELINE: Update Chromium to 65.0.3325.230
Change-Id: Ied18ccfc9872b6a5c441218dec17debf93732ea1
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Diffstat (limited to 'chromium/v8')
| -rw-r--r-- | chromium/v8/AUTHORS | 1 | ||||
| -rw-r--r-- | chromium/v8/include/v8-version.h | 2 | ||||
| -rw-r--r-- | chromium/v8/src/bootstrapper.cc | 4 | ||||
| -rw-r--r-- | chromium/v8/src/builtins/builtins-definitions.h | 4 | ||||
| -rw-r--r-- | chromium/v8/src/builtins/builtins-object-gen.cc | 301 | ||||
| -rw-r--r-- | chromium/v8/src/builtins/builtins-object.cc | 25 | ||||
| -rw-r--r-- | chromium/v8/src/code-stub-assembler.cc | 59 | ||||
| -rw-r--r-- | chromium/v8/src/code-stub-assembler.h | 9 | ||||
| -rw-r--r-- | chromium/v8/src/compiler/escape-analysis.cc | 4 | ||||
| -rw-r--r-- | chromium/v8/src/debug/debug-evaluate.cc | 4 | ||||
| -rw-r--r-- | chromium/v8/src/field-index.h | 3 | ||||
| -rw-r--r-- | chromium/v8/src/objects-inl.h | 1 | ||||
| -rw-r--r-- | chromium/v8/src/objects.cc | 25 | ||||
| -rw-r--r-- | chromium/v8/src/objects.h | 11 | ||||
| -rw-r--r-- | chromium/v8/src/profiler/cpu-profiler.cc | 15 | ||||
| -rw-r--r-- | chromium/v8/src/property-details.h | 1 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-object.cc | 55 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime.h | 4 | ||||
| -rw-r--r-- | chromium/v8/src/simulator-base.h | 40 | ||||
| -rw-r--r-- | chromium/v8/src/wasm/wasm-code-manager.cc | 2 | ||||
| -rw-r--r-- | chromium/v8/tools/whitespace.txt | 2 |
21 files changed, 117 insertions, 455 deletions
diff --git a/chromium/v8/AUTHORS b/chromium/v8/AUTHORS index b2b01df8882..dfd3eef878c 100644 --- a/chromium/v8/AUTHORS +++ b/chromium/v8/AUTHORS @@ -136,7 +136,6 @@ Sanjoy Das <sanjoy@playingwithpointers.com> Seo Sanghyeon <sanxiyn@gmail.com> Stefan Penner <stefan.penner@gmail.com> Sylvestre Ledru <sledru@mozilla.com> -Taketoshi Aono <brn@b6n.ch> Tiancheng "Timothy" Gu <timothygu99@gmail.com> Tobias Burnus <burnus@net-b.de> Victor Costan <costan@gmail.com> diff --git a/chromium/v8/include/v8-version.h b/chromium/v8/include/v8-version.h index 6cc98294ec5..71f3b774a33 100644 --- a/chromium/v8/include/v8-version.h +++ b/chromium/v8/include/v8-version.h @@ -11,7 +11,7 @@ #define V8_MAJOR_VERSION 6 #define V8_MINOR_VERSION 5 #define V8_BUILD_NUMBER 254 -#define V8_PATCH_LEVEL 31 +#define V8_PATCH_LEVEL 43 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) diff --git a/chromium/v8/src/bootstrapper.cc b/chromium/v8/src/bootstrapper.cc index 399b705f008..2bc833fe296 100644 --- a/chromium/v8/src/bootstrapper.cc +++ b/chromium/v8/src/bootstrapper.cc @@ -1508,9 +1508,9 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object, object_function, "keys", Builtins::kObjectKeys, 1, true); native_context()->set_object_keys(*object_keys); SimpleInstallFunction(object_function, factory->entries_string(), - Builtins::kObjectEntries, 1, true); + Builtins::kObjectEntries, 1, false); SimpleInstallFunction(object_function, factory->values_string(), - Builtins::kObjectValues, 1, true); + Builtins::kObjectValues, 1, false); SimpleInstallFunction(isolate->initial_object_prototype(), "__defineGetter__", Builtins::kObjectDefineGetter, 2, diff --git a/chromium/v8/src/builtins/builtins-definitions.h b/chromium/v8/src/builtins/builtins-definitions.h index 0ffd15df7c0..a4a0bb9e2cb 100644 --- a/chromium/v8/src/builtins/builtins-definitions.h +++ b/chromium/v8/src/builtins/builtins-definitions.h @@ -755,7 +755,7 @@ namespace internal { CPP(ObjectDefineProperties) \ CPP(ObjectDefineProperty) \ CPP(ObjectDefineSetter) \ - TFJ(ObjectEntries, 1, kObject) \ + CPP(ObjectEntries) \ CPP(ObjectFreeze) \ TFJ(ObjectGetOwnPropertyDescriptor, \ SharedFunctionInfo::kDontAdaptArgumentsSentinel) \ @@ -785,7 +785,7 @@ namespace internal { /* ES #sec-object.prototype.tolocalestring */ \ TFJ(ObjectPrototypeToLocaleString, 0) \ CPP(ObjectSeal) \ - TFJ(ObjectValues, 1, kObject) \ + CPP(ObjectValues) \ \ /* instanceof */ \ TFC(OrdinaryHasInstance, Compare, 1) \ diff --git a/chromium/v8/src/builtins/builtins-object-gen.cc b/chromium/v8/src/builtins/builtins-object-gen.cc index 9e344820dcc..4cd012e6f01 100644 --- a/chromium/v8/src/builtins/builtins-object-gen.cc +++ b/chromium/v8/src/builtins/builtins-object-gen.cc @@ -16,8 +16,6 @@ namespace internal { // ES6 section 19.1 Object Objects typedef compiler::Node Node; -template <class T> -using TNode = CodeStubAssembler::TNode<T>; class ObjectBuiltinsAssembler : public CodeStubAssembler { public: @@ -36,46 +34,6 @@ class ObjectBuiltinsAssembler : public CodeStubAssembler { Node* ConstructDataDescriptor(Node* context, Node* value, Node* writable, Node* enumerable, Node* configurable); Node* GetAccessorOrUndefined(Node* accessor, Label* if_bailout); - - Node* IsSpecialReceiverMap(SloppyTNode<Map> map); -}; - -class ObjectEntriesValuesBuiltinsAssembler : public ObjectBuiltinsAssembler { - public: - explicit ObjectEntriesValuesBuiltinsAssembler( - compiler::CodeAssemblerState* state) - : ObjectBuiltinsAssembler(state) {} - - protected: - enum CollectType { kEntries, kValues }; - - TNode<Word32T> IsStringWrapperElementsKind(TNode<Map> map); - - TNode<BoolT> IsPropertyEnumerable(TNode<Uint32T> details); - - TNode<BoolT> IsPropertyKindAccessor(TNode<Uint32T> kind); - - TNode<BoolT> IsPropertyKindData(TNode<Uint32T> kind); - - TNode<Uint32T> HasHiddenPrototype(TNode<Map> map); - - TNode<Uint32T> LoadPropertyKind(TNode<Uint32T> details) { - return DecodeWord32<PropertyDetails::KindField>(details); - } - - void GetOwnValuesOrEntries(TNode<Context> context, TNode<Object> maybe_object, - CollectType collect_type); - - void GotoIfMapHasSlowProperties(TNode<Map> map, Label* if_slow); - - TNode<JSArray> FastGetOwnValuesOrEntries( - TNode<Context> context, TNode<JSObject> object, - Label* if_call_runtime_with_fast_path, Label* if_no_properties, - CollectType collect_type); - - TNode<JSArray> FinalizeValuesOrEntriesJSArray( - TNode<Context> context, TNode<FixedArray> values_or_entries, - TNode<IntPtrT> size, TNode<Map> array_map, Label* if_empty); }; void ObjectBuiltinsAssembler::ReturnToStringFormat(Node* context, @@ -139,249 +97,6 @@ Node* ObjectBuiltinsAssembler::ConstructDataDescriptor(Node* context, return js_desc; } -Node* ObjectBuiltinsAssembler::IsSpecialReceiverMap(SloppyTNode<Map> map) { - CSA_SLOW_ASSERT(this, IsMap(map)); - Node* is_special = IsSpecialReceiverInstanceType(LoadMapInstanceType(map)); - uint32_t mask = - Map::HasNamedInterceptorBit::kMask | Map::IsAccessCheckNeededBit::kMask; - USE(mask); - // Interceptors or access checks imply special receiver. - CSA_ASSERT(this, - SelectConstant(IsSetWord32(LoadMapBitField(map), mask), is_special, - Int32Constant(1), MachineRepresentation::kWord32)); - return is_special; -} - -TNode<Word32T> -ObjectEntriesValuesBuiltinsAssembler::IsStringWrapperElementsKind( - TNode<Map> map) { - Node* kind = LoadMapElementsKind(map); - return Word32Or( - Word32Equal(kind, Int32Constant(FAST_STRING_WRAPPER_ELEMENTS)), - Word32Equal(kind, Int32Constant(SLOW_STRING_WRAPPER_ELEMENTS))); -} - -TNode<BoolT> ObjectEntriesValuesBuiltinsAssembler::IsPropertyEnumerable( - TNode<Uint32T> details) { - TNode<Uint32T> attributes = - DecodeWord32<PropertyDetails::AttributesField>(details); - return IsNotSetWord32(attributes, PropertyAttributes::DONT_ENUM); -} - -TNode<BoolT> ObjectEntriesValuesBuiltinsAssembler::IsPropertyKindAccessor( - TNode<Uint32T> kind) { - return Word32Equal(kind, Int32Constant(PropertyKind::kAccessor)); -} - -TNode<BoolT> ObjectEntriesValuesBuiltinsAssembler::IsPropertyKindData( - TNode<Uint32T> kind) { - return Word32Equal(kind, Int32Constant(PropertyKind::kData)); -} - -TNode<Uint32T> ObjectEntriesValuesBuiltinsAssembler::HasHiddenPrototype( - TNode<Map> map) { - TNode<Uint32T> bit_field3 = LoadMapBitField3(map); - return DecodeWord32<Map::HasHiddenPrototypeBit>(bit_field3); -} - -void ObjectEntriesValuesBuiltinsAssembler::GetOwnValuesOrEntries( - TNode<Context> context, TNode<Object> maybe_object, - CollectType collect_type) { - TNode<JSObject> object = TNode<JSObject>::UncheckedCast( - CallBuiltin(Builtins::kToObject, context, maybe_object)); - - Label if_call_runtime_with_fast_path(this, Label::kDeferred), - if_call_runtime(this, Label::kDeferred), - if_no_properties(this, Label::kDeferred); - - TNode<Map> map = LoadMap(object); - GotoIfNot(IsJSObjectMap(map), &if_call_runtime); - GotoIfMapHasSlowProperties(map, &if_call_runtime); - - TNode<FixedArrayBase> elements = LoadElements(object); - // If the object has elements, we treat it as slow case. - // So, we go to runtime call. - GotoIfNot(IsEmptyFixedArray(elements), &if_call_runtime_with_fast_path); - - TNode<JSArray> result = FastGetOwnValuesOrEntries( - context, object, &if_call_runtime_with_fast_path, &if_no_properties, - collect_type); - Return(result); - - BIND(&if_no_properties); - { - Node* native_context = LoadNativeContext(context); - Node* array_map = LoadJSArrayElementsMap(PACKED_ELEMENTS, native_context); - Node* empty_array = AllocateJSArray(PACKED_ELEMENTS, array_map, - IntPtrConstant(0), SmiConstant(0)); - Return(empty_array); - } - - BIND(&if_call_runtime_with_fast_path); - { - // In slow case, we simply call runtime. - if (collect_type == CollectType::kEntries) { - Return(CallRuntime(Runtime::kObjectEntries, context, object)); - } else { - DCHECK(collect_type == CollectType::kValues); - Return(CallRuntime(Runtime::kObjectValues, context, object)); - } - } - - BIND(&if_call_runtime); - { - // In slow case, we simply call runtime. - if (collect_type == CollectType::kEntries) { - Return(CallRuntime(Runtime::kObjectEntriesSkipFastPath, context, object)); - } else { - DCHECK(collect_type == CollectType::kValues); - Return(CallRuntime(Runtime::kObjectValuesSkipFastPath, context, object)); - } - } -} - -void ObjectEntriesValuesBuiltinsAssembler::GotoIfMapHasSlowProperties( - TNode<Map> map, Label* if_slow) { - GotoIf(IsStringWrapperElementsKind(map), if_slow); - GotoIf(IsSpecialReceiverMap(map), if_slow); - GotoIf(HasHiddenPrototype(map), if_slow); - GotoIf(IsDictionaryMap(map), if_slow); -} - -TNode<JSArray> ObjectEntriesValuesBuiltinsAssembler::FastGetOwnValuesOrEntries( - TNode<Context> context, TNode<JSObject> object, - Label* if_call_runtime_with_fast_path, Label* if_no_properties, - CollectType collect_type) { - Node* native_context = LoadNativeContext(context); - TNode<Map> array_map = - LoadJSArrayElementsMap(PACKED_ELEMENTS, native_context); - TNode<Map> map = LoadMap(object); - TNode<Uint32T> bit_field3 = LoadMapBitField3(map); - - Label if_has_enum_cache(this), if_not_has_enum_cache(this), - collect_entries(this); - Node* object_enum_length = - DecodeWordFromWord32<Map::EnumLengthBits>(bit_field3); - Node* has_enum_cache = WordNotEqual( - object_enum_length, IntPtrConstant(kInvalidEnumCacheSentinel)); - - // In case, we found enum_cache in object, - // we use it as array_length becuase it has same size for - // Object.(entries/values) result array object length. - // So object_enum_length use less memory space than - // NumberOfOwnDescriptorsBits value. - // And in case, if enum_cache_not_found, - // we call runtime and initialize enum_cache for subsequent call of - // CSA fast path. - Branch(has_enum_cache, &if_has_enum_cache, if_call_runtime_with_fast_path); - - BIND(&if_has_enum_cache); - { - GotoIf(WordEqual(object_enum_length, IntPtrConstant(0)), if_no_properties); - TNode<FixedArray> values_or_entries = TNode<FixedArray>::UncheckedCast( - AllocateFixedArray(PACKED_ELEMENTS, object_enum_length, - INTPTR_PARAMETERS, kAllowLargeObjectAllocation)); - - // If in case we have enum_cache, - // we can't detect accessor of object until loop through descritpros. - // So if object might have accessor, - // we will remain invalid addresses of FixedArray. - // Because in that case, we need to jump to runtime call. - // So the array filled by the-hole even if enum_cache exists. - FillFixedArrayWithValue(PACKED_ELEMENTS, values_or_entries, - IntPtrConstant(0), object_enum_length, - Heap::kTheHoleValueRootIndex); - - TVARIABLE(IntPtrT, var_result_index, IntPtrConstant(0)); - TVARIABLE(IntPtrT, var_descriptor_index, IntPtrConstant(0)); - Variable* vars[] = {&var_descriptor_index, &var_result_index}; - // Let desc be ? O.[[GetOwnProperty]](key). - TNode<DescriptorArray> descriptors = LoadMapDescriptors(map); - Label loop(this, 2, vars), after_loop(this), loop_condition(this); - Branch(IntPtrEqual(var_descriptor_index, object_enum_length), &after_loop, - &loop); - - // We dont use BuildFastLoop. - // Instead, we use hand-written loop - // because of we need to use 'continue' functionality. - BIND(&loop); - { - // Currently, we will not invoke getters, - // so, map will not be changed. - CSA_ASSERT(this, WordEqual(map, LoadMap(object))); - TNode<Uint32T> descriptor_index = TNode<Uint32T>::UncheckedCast( - TruncateWordToWord32(var_descriptor_index)); - Node* next_key = DescriptorArrayGetKey(descriptors, descriptor_index); - - // Skip Symbols. - GotoIf(IsSymbol(next_key), &loop_condition); - - TNode<Uint32T> details = TNode<Uint32T>::UncheckedCast( - DescriptorArrayGetDetails(descriptors, descriptor_index)); - TNode<Uint32T> kind = LoadPropertyKind(details); - - // If property is accessor, we escape fast path and call runtime. - GotoIf(IsPropertyKindAccessor(kind), if_call_runtime_with_fast_path); - CSA_ASSERT(this, IsPropertyKindData(kind)); - - // If desc is not undefined and desc.[[Enumerable]] is true, then - GotoIfNot(IsPropertyEnumerable(details), &loop_condition); - - VARIABLE(var_property_value, MachineRepresentation::kTagged, - UndefinedConstant()); - Node* descriptor_name_index = DescriptorNumberToIndex(descriptor_index); - - // Let value be ? Get(O, key). - LoadPropertyFromFastObject(object, map, descriptors, - descriptor_name_index, details, - &var_property_value); - - // If kind is "value", append value to properties. - Node* value = var_property_value.value(); - - if (collect_type == CollectType::kEntries) { - // Let entry be CreateArrayFromList(« key, value »). - Node* array = nullptr; - Node* elements = nullptr; - std::tie(array, elements) = AllocateUninitializedJSArrayWithElements( - PACKED_ELEMENTS, array_map, SmiConstant(2), nullptr, - IntPtrConstant(2)); - StoreFixedArrayElement(elements, 0, next_key, SKIP_WRITE_BARRIER); - StoreFixedArrayElement(elements, 1, value, SKIP_WRITE_BARRIER); - value = array; - } - - StoreFixedArrayElement(values_or_entries, var_result_index, value); - Increment(&var_result_index, 1); - Goto(&loop_condition); - - BIND(&loop_condition); - { - Increment(&var_descriptor_index, 1); - Branch(IntPtrEqual(var_descriptor_index, object_enum_length), - &after_loop, &loop); - } - } - BIND(&after_loop); - return FinalizeValuesOrEntriesJSArray(context, values_or_entries, - var_result_index, array_map, - if_no_properties); - } -} - -TNode<JSArray> -ObjectEntriesValuesBuiltinsAssembler::FinalizeValuesOrEntriesJSArray( - TNode<Context> context, TNode<FixedArray> result, TNode<IntPtrT> size, - TNode<Map> array_map, Label* if_empty) { - CSA_ASSERT(this, IsJSArrayMap(array_map)); - - GotoIf(IntPtrEqual(size, IntPtrConstant(0)), if_empty); - Node* array = AllocateUninitializedJSArrayWithoutElements( - array_map, SmiTag(size), nullptr); - StoreObjectField(array, JSArray::kElementsOffset, result); - return TNode<JSArray>::UncheckedCast(array); -} - TF_BUILTIN(ObjectPrototypeToLocaleString, CodeStubAssembler) { TNode<Context> context = CAST(Parameter(Descriptor::kContext)); TNode<Object> receiver = CAST(Parameter(Descriptor::kReceiver)); @@ -551,22 +266,6 @@ TF_BUILTIN(ObjectKeys, ObjectBuiltinsAssembler) { } } -TF_BUILTIN(ObjectValues, ObjectEntriesValuesBuiltinsAssembler) { - TNode<JSObject> object = - TNode<JSObject>::UncheckedCast(Parameter(Descriptor::kObject)); - TNode<Context> context = - TNode<Context>::UncheckedCast(Parameter(Descriptor::kContext)); - GetOwnValuesOrEntries(context, object, CollectType::kValues); -} - -TF_BUILTIN(ObjectEntries, ObjectEntriesValuesBuiltinsAssembler) { - TNode<JSObject> object = - TNode<JSObject>::UncheckedCast(Parameter(Descriptor::kObject)); - TNode<Context> context = - TNode<Context>::UncheckedCast(Parameter(Descriptor::kContext)); - GetOwnValuesOrEntries(context, object, CollectType::kEntries); -} - // ES #sec-object.prototype.isprototypeof TF_BUILTIN(ObjectPrototypeIsPrototypeOf, ObjectBuiltinsAssembler) { Node* receiver = Parameter(Descriptor::kReceiver); diff --git a/chromium/v8/src/builtins/builtins-object.cc b/chromium/v8/src/builtins/builtins-object.cc index 4e353b92600..36f7ebfc0a8 100644 --- a/chromium/v8/src/builtins/builtins-object.cc +++ b/chromium/v8/src/builtins/builtins-object.cc @@ -395,6 +395,31 @@ BUILTIN(ObjectIsSealed) { return isolate->heap()->ToBoolean(result.FromJust()); } +BUILTIN(ObjectValues) { + HandleScope scope(isolate); + Handle<Object> object = args.atOrUndefined(isolate, 1); + Handle<JSReceiver> receiver; + ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, receiver, + Object::ToObject(isolate, object)); + Handle<FixedArray> values; + ASSIGN_RETURN_FAILURE_ON_EXCEPTION( + isolate, values, JSReceiver::GetOwnValues(receiver, ENUMERABLE_STRINGS)); + return *isolate->factory()->NewJSArrayWithElements(values); +} + +BUILTIN(ObjectEntries) { + HandleScope scope(isolate); + Handle<Object> object = args.atOrUndefined(isolate, 1); + Handle<JSReceiver> receiver; + ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, receiver, + Object::ToObject(isolate, object)); + Handle<FixedArray> entries; + ASSIGN_RETURN_FAILURE_ON_EXCEPTION( + isolate, entries, + JSReceiver::GetOwnEntries(receiver, ENUMERABLE_STRINGS)); + return *isolate->factory()->NewJSArrayWithElements(entries); +} + BUILTIN(ObjectGetOwnPropertyDescriptors) { HandleScope scope(isolate); Handle<Object> object = args.atOrUndefined(isolate, 1); diff --git a/chromium/v8/src/code-stub-assembler.cc b/chromium/v8/src/code-stub-assembler.cc index f98e7fe5192..2027d208abc 100644 --- a/chromium/v8/src/code-stub-assembler.cc +++ b/chromium/v8/src/code-stub-assembler.cc @@ -4019,6 +4019,19 @@ Node* CodeStubAssembler::InstanceTypeEqual(Node* instance_type, int type) { return Word32Equal(instance_type, Int32Constant(type)); } +Node* CodeStubAssembler::IsSpecialReceiverMap(Node* map) { + CSA_SLOW_ASSERT(this, IsMap(map)); + Node* is_special = IsSpecialReceiverInstanceType(LoadMapInstanceType(map)); + uint32_t mask = + Map::HasNamedInterceptorBit::kMask | Map::IsAccessCheckNeededBit::kMask; + USE(mask); + // Interceptors or access checks imply special receiver. + CSA_ASSERT(this, + SelectConstant(IsSetWord32(LoadMapBitField(map), mask), is_special, + Int32Constant(1), MachineRepresentation::kWord32)); + return is_special; +} + TNode<BoolT> CodeStubAssembler::IsDictionaryMap(SloppyTNode<Map> map) { CSA_SLOW_ASSERT(this, IsMap(map)); Node* bit_field3 = LoadMapBitField3(map); @@ -6369,38 +6382,36 @@ Node* CodeStubAssembler::DescriptorArrayNumberOfEntries(Node* descriptors) { descriptors, IntPtrConstant(DescriptorArray::kDescriptorLengthIndex)); } -Node* CodeStubAssembler::DescriptorNumberToIndex( - SloppyTNode<Uint32T> descriptor_number) { - Node* descriptor_size = Int32Constant(DescriptorArray::kEntrySize); - Node* index = Int32Mul(descriptor_number, descriptor_size); - return ChangeInt32ToIntPtr(index); +namespace { + +Node* DescriptorNumberToIndex(CodeStubAssembler* a, Node* descriptor_number) { + Node* descriptor_size = a->Int32Constant(DescriptorArray::kEntrySize); + Node* index = a->Int32Mul(descriptor_number, descriptor_size); + return a->ChangeInt32ToIntPtr(index); } +} // namespace + Node* CodeStubAssembler::DescriptorArrayToKeyIndex(Node* descriptor_number) { return IntPtrAdd(IntPtrConstant(DescriptorArray::ToKeyIndex(0)), - DescriptorNumberToIndex(descriptor_number)); + DescriptorNumberToIndex(this, descriptor_number)); } Node* CodeStubAssembler::DescriptorArrayGetSortedKeyIndex( Node* descriptors, Node* descriptor_number) { - Node* details = DescriptorArrayGetDetails( - TNode<DescriptorArray>::UncheckedCast(descriptors), - TNode<Uint32T>::UncheckedCast(descriptor_number)); + const int details_offset = DescriptorArray::ToDetailsIndex(0) * kPointerSize; + Node* details = LoadAndUntagToWord32FixedArrayElement( + descriptors, DescriptorNumberToIndex(this, descriptor_number), + details_offset); return DecodeWord32<PropertyDetails::DescriptorPointer>(details); } Node* CodeStubAssembler::DescriptorArrayGetKey(Node* descriptors, Node* descriptor_number) { const int key_offset = DescriptorArray::ToKeyIndex(0) * kPointerSize; - return LoadFixedArrayElement( - descriptors, DescriptorNumberToIndex(descriptor_number), key_offset); -} - -TNode<Uint32T> CodeStubAssembler::DescriptorArrayGetDetails( - TNode<DescriptorArray> descriptors, TNode<Uint32T> descriptor_number) { - const int details_offset = DescriptorArray::ToDetailsIndex(0) * kPointerSize; - return TNode<Uint32T>::UncheckedCast(LoadAndUntagToWord32FixedArrayElement( - descriptors, DescriptorNumberToIndex(descriptor_number), details_offset)); + return LoadFixedArrayElement(descriptors, + DescriptorNumberToIndex(this, descriptor_number), + key_offset); } void CodeStubAssembler::DescriptorLookupBinary(Node* unique_name, @@ -6599,22 +6610,12 @@ void CodeStubAssembler::LoadPropertyFromFastObject(Node* object, Node* map, Variable* var_value) { DCHECK_EQ(MachineRepresentation::kWord32, var_details->rep()); DCHECK_EQ(MachineRepresentation::kTagged, var_value->rep()); + Comment("[ LoadPropertyFromFastObject"); Node* details = LoadDetailsByKeyIndex<DescriptorArray>(descriptors, name_index); var_details->Bind(details); - LoadPropertyFromFastObject(object, map, descriptors, name_index, details, - var_value); -} - -void CodeStubAssembler::LoadPropertyFromFastObject(Node* object, Node* map, - Node* descriptors, - Node* name_index, - Node* details, - Variable* var_value) { - Comment("[ LoadPropertyFromFastObject"); - Node* location = DecodeWord32<PropertyDetails::LocationField>(details); Label if_in_field(this), if_in_descriptor(this), done(this); diff --git a/chromium/v8/src/code-stub-assembler.h b/chromium/v8/src/code-stub-assembler.h index 4a72b203a78..0dd7a35c4a0 100644 --- a/chromium/v8/src/code-stub-assembler.h +++ b/chromium/v8/src/code-stub-assembler.h @@ -1125,6 +1125,7 @@ class V8_EXPORT_PRIVATE CodeStubAssembler : public compiler::CodeAssembler { Node* IsSequentialStringInstanceType(Node* instance_type); Node* IsShortExternalStringInstanceType(Node* instance_type); Node* IsSpecialReceiverInstanceType(Node* instance_type); + Node* IsSpecialReceiverMap(Node* map); Node* IsSpeciesProtectorCellInvalid(); Node* IsStringInstanceType(Node* instance_type); Node* IsString(Node* object); @@ -1583,10 +1584,6 @@ class V8_EXPORT_PRIVATE CodeStubAssembler : public compiler::CodeAssembler { Node* name_index, Variable* var_details, Variable* var_value); - void LoadPropertyFromFastObject(Node* object, Node* map, Node* descriptors, - Node* name_index, Node* details, - Variable* var_value); - void LoadPropertyFromNameDictionary(Node* dictionary, Node* entry, Variable* var_details, Variable* var_value); @@ -1909,15 +1906,11 @@ class V8_EXPORT_PRIVATE CodeStubAssembler : public compiler::CodeAssembler { void DescriptorLookupBinary(Node* unique_name, Node* descriptors, Node* nof, Label* if_found, Variable* var_name_index, Label* if_not_found); - Node* DescriptorNumberToIndex(SloppyTNode<Uint32T> descriptor_number); // Implements DescriptorArray::ToKeyIndex. // Returns an untagged IntPtr. Node* DescriptorArrayToKeyIndex(Node* descriptor_number); // Implements DescriptorArray::GetKey. Node* DescriptorArrayGetKey(Node* descriptors, Node* descriptor_number); - // Implements DescriptorArray::GetKey. - TNode<Uint32T> DescriptorArrayGetDetails(TNode<DescriptorArray> descriptors, - TNode<Uint32T> descriptor_number); Node* CallGetterIfAccessor(Node* value, Node* details, Node* context, Node* receiver, Label* if_bailout, diff --git a/chromium/v8/src/compiler/escape-analysis.cc b/chromium/v8/src/compiler/escape-analysis.cc index 4b773136a92..984c5133968 100644 --- a/chromium/v8/src/compiler/escape-analysis.cc +++ b/chromium/v8/src/compiler/escape-analysis.cc @@ -623,9 +623,7 @@ void ReduceNode(const Operator* op, EscapeAnalysisTracker::Scope* current, break; } case IrOpcode::kTypeGuard: { - // The type-guard is re-introduced in the final reducer if the types - // don't match. - current->SetReplacement(current->ValueInput(0)); + current->SetVirtualObject(current->ValueInput(0)); break; } case IrOpcode::kReferenceEqual: { diff --git a/chromium/v8/src/debug/debug-evaluate.cc b/chromium/v8/src/debug/debug-evaluate.cc index 33bc81e5f74..e5865e639c3 100644 --- a/chromium/v8/src/debug/debug-evaluate.cc +++ b/chromium/v8/src/debug/debug-evaluate.cc @@ -343,11 +343,7 @@ bool IntrinsicHasNoSideEffect(Runtime::FunctionId id) { V(AllocateSeqOneByteString) \ V(AllocateSeqTwoByteString) \ V(ObjectCreate) \ - V(ObjectEntries) \ - V(ObjectEntriesSkipFastPath) \ V(ObjectHasOwnProperty) \ - V(ObjectValues) \ - V(ObjectValuesSkipFastPath) \ V(ArrayIndexOf) \ V(ArrayIncludes_Slow) \ V(ArrayIsArray) \ diff --git a/chromium/v8/src/field-index.h b/chromium/v8/src/field-index.h index 428ad52cc2d..9e390e3d465 100644 --- a/chromium/v8/src/field-index.h +++ b/chromium/v8/src/field-index.h @@ -123,7 +123,8 @@ class FieldIndex final { }; // Offset of first inobject property from beginning of object. class FirstInobjectPropertyOffsetBits - : public BitField64<int, InObjectPropertyBits::kNext, 7> {}; + : public BitField64<int, InObjectPropertyBits::kNext, + kFirstInobjectPropertyOffsetBitCount> {}; class IsHiddenField : public BitField64<bool, FirstInobjectPropertyOffsetBits::kNext, 1> {}; STATIC_ASSERT(IsHiddenField::kNext <= 64); diff --git a/chromium/v8/src/objects-inl.h b/chromium/v8/src/objects-inl.h index c3841aa63e7..1cbc2ca418e 100644 --- a/chromium/v8/src/objects-inl.h +++ b/chromium/v8/src/objects-inl.h @@ -2431,6 +2431,7 @@ int ObjectTemplateInfo::embedder_field_count() const { } void ObjectTemplateInfo::set_embedder_field_count(int count) { + DCHECK_LE(count, JSObject::kMaxEmbedderFields); return set_data( Smi::FromInt(EmbedderFieldCount::update(Smi::ToInt(data()), count))); } diff --git a/chromium/v8/src/objects.cc b/chromium/v8/src/objects.cc index f8c55e57a63..af2e3eccb37 100644 --- a/chromium/v8/src/objects.cc +++ b/chromium/v8/src/objects.cc @@ -8791,10 +8791,9 @@ MUST_USE_RESULT Maybe<bool> FastGetOwnValuesOrEntries( MaybeHandle<FixedArray> GetOwnValuesOrEntries(Isolate* isolate, Handle<JSReceiver> object, PropertyFilter filter, - bool try_fast_path, bool get_entries) { Handle<FixedArray> values_or_entries; - if (try_fast_path && filter == ENUMERABLE_STRINGS) { + if (filter == ENUMERABLE_STRINGS) { Maybe<bool> fast_values_or_entries = FastGetOwnValuesOrEntries( isolate, object, get_entries, &values_or_entries); if (fast_values_or_entries.IsNothing()) return MaybeHandle<FixedArray>(); @@ -8847,17 +8846,13 @@ MaybeHandle<FixedArray> GetOwnValuesOrEntries(Isolate* isolate, } MaybeHandle<FixedArray> JSReceiver::GetOwnValues(Handle<JSReceiver> object, - PropertyFilter filter, - bool try_fast_path) { - return GetOwnValuesOrEntries(object->GetIsolate(), object, filter, - try_fast_path, false); + PropertyFilter filter) { + return GetOwnValuesOrEntries(object->GetIsolate(), object, filter, false); } MaybeHandle<FixedArray> JSReceiver::GetOwnEntries(Handle<JSReceiver> object, - PropertyFilter filter, - bool try_fast_path) { - return GetOwnValuesOrEntries(object->GetIsolate(), object, filter, - try_fast_path, true); + PropertyFilter filter) { + return GetOwnValuesOrEntries(object->GetIsolate(), object, filter, true); } bool Map::DictionaryElementsInPrototypeChainOnly() { @@ -13783,18 +13778,24 @@ void JSFunction::CalculateInstanceSizeHelper(InstanceType instance_type, int requested_in_object_properties, int* instance_size, int* in_object_properties) { + DCHECK_LE(static_cast<unsigned>(requested_embedder_fields), + JSObject::kMaxEmbedderFields); int header_size = JSObject::GetHeaderSize(instance_type, has_prototype_slot); int max_nof_fields = (JSObject::kMaxInstanceSize - header_size) >> kPointerSizeLog2; CHECK_LE(max_nof_fields, JSObject::kMaxInObjectProperties); - *in_object_properties = Min(requested_in_object_properties, max_nof_fields); - CHECK_LE(requested_embedder_fields, max_nof_fields - *in_object_properties); + CHECK_LE(static_cast<unsigned>(requested_embedder_fields), + static_cast<unsigned>(max_nof_fields)); + *in_object_properties = Min(requested_in_object_properties, + max_nof_fields - requested_embedder_fields); *instance_size = header_size + ((requested_embedder_fields + *in_object_properties) << kPointerSizeLog2); CHECK_EQ(*in_object_properties, ((*instance_size - header_size) >> kPointerSizeLog2) - requested_embedder_fields); + CHECK_LE(static_cast<unsigned>(*instance_size), + static_cast<unsigned>(JSObject::kMaxInstanceSize)); } // static diff --git a/chromium/v8/src/objects.h b/chromium/v8/src/objects.h index 93f4a4eb95b..c4e3d972e11 100644 --- a/chromium/v8/src/objects.h +++ b/chromium/v8/src/objects.h @@ -2182,12 +2182,10 @@ class JSReceiver: public HeapObject { Handle<JSReceiver> object); MUST_USE_RESULT static MaybeHandle<FixedArray> GetOwnValues( - Handle<JSReceiver> object, PropertyFilter filter, - bool try_fast_path = true); + Handle<JSReceiver> object, PropertyFilter filter); MUST_USE_RESULT static MaybeHandle<FixedArray> GetOwnEntries( - Handle<JSReceiver> object, PropertyFilter filter, - bool try_fast_path = true); + Handle<JSReceiver> object, PropertyFilter filter); static const int kHashMask = PropertyArray::HashField::kMask; @@ -2673,6 +2671,11 @@ class JSObject: public JSReceiver { static const int kMaxInObjectProperties = (kMaxInstanceSize - kHeaderSize) >> kPointerSizeLog2; STATIC_ASSERT(kMaxInObjectProperties <= kMaxNumberOfDescriptors); + // TODO(cbruni): Revisit calculation of the max supported embedder fields. + static const int kMaxEmbedderFields = + ((1 << kFirstInobjectPropertyOffsetBitCount) - 1 - kHeaderSize) >> + kPointerSizeLog2; + STATIC_ASSERT(kMaxEmbedderFields <= kMaxInObjectProperties); class BodyDescriptor; // No weak fields. diff --git a/chromium/v8/src/profiler/cpu-profiler.cc b/chromium/v8/src/profiler/cpu-profiler.cc index ac8f55a89b5..a915ebd5119 100644 --- a/chromium/v8/src/profiler/cpu-profiler.cc +++ b/chromium/v8/src/profiler/cpu-profiler.cc @@ -165,13 +165,16 @@ void ProfilerEventsProcessor::Run() { if (nextSampleTime > now) { #if V8_OS_WIN - // Do not use Sleep on Windows as it is very imprecise. - // Could be up to 16ms jitter, which is unacceptable for the purpose. - while (base::TimeTicks::HighResolutionNow() < nextSampleTime) { - } -#else - base::OS::Sleep(nextSampleTime - now); + if (nextSampleTime - now < base::TimeDelta::FromMilliseconds(100)) { + // Do not use Sleep on Windows as it is very imprecise, with up to 16ms + // jitter, which is unacceptable for short profile intervals. + while (base::TimeTicks::HighResolutionNow() < nextSampleTime) { + } + } else // NOLINT #endif + { + base::OS::Sleep(nextSampleTime - now); + } } // Schedule next sample. sampler_ is nullptr in tests. diff --git a/chromium/v8/src/property-details.h b/chromium/v8/src/property-details.h index 34c43047f84..dbd4f93acd2 100644 --- a/chromium/v8/src/property-details.h +++ b/chromium/v8/src/property-details.h @@ -197,6 +197,7 @@ class Representation { static const int kDescriptorIndexBitCount = 10; +static const int kFirstInobjectPropertyOffsetBitCount = 7; // The maximum number of descriptors we want in a descriptor array. It should // fit in a page and also the following should hold: // kMaxNumberOfDescriptors + kFieldsAdded <= PropertyArray::kMaxLength. diff --git a/chromium/v8/src/runtime/runtime-object.cc b/chromium/v8/src/runtime/runtime-object.cc index 379472bdbea..057ead94078 100644 --- a/chromium/v8/src/runtime/runtime-object.cc +++ b/chromium/v8/src/runtime/runtime-object.cc @@ -439,61 +439,6 @@ RUNTIME_FUNCTION(Runtime_OptimizeObjectForAddingMultipleProperties) { return *object; } -RUNTIME_FUNCTION(Runtime_ObjectValues) { - HandleScope scope(isolate); - DCHECK_EQ(1, args.length()); - - CONVERT_ARG_HANDLE_CHECKED(JSReceiver, receiver, 0); - - Handle<FixedArray> values; - ASSIGN_RETURN_FAILURE_ON_EXCEPTION( - isolate, values, - JSReceiver::GetOwnValues(receiver, PropertyFilter::ENUMERABLE_STRINGS, - true)); - return *isolate->factory()->NewJSArrayWithElements(values); -} - -RUNTIME_FUNCTION(Runtime_ObjectValuesSkipFastPath) { - HandleScope scope(isolate); - DCHECK_EQ(1, args.length()); - - CONVERT_ARG_HANDLE_CHECKED(JSReceiver, receiver, 0); - - Handle<FixedArray> value; - ASSIGN_RETURN_FAILURE_ON_EXCEPTION( - isolate, value, - JSReceiver::GetOwnValues(receiver, PropertyFilter::ENUMERABLE_STRINGS, - false)); - return *isolate->factory()->NewJSArrayWithElements(value); -} - -RUNTIME_FUNCTION(Runtime_ObjectEntries) { - HandleScope scope(isolate); - DCHECK_EQ(1, args.length()); - - CONVERT_ARG_HANDLE_CHECKED(JSReceiver, receiver, 0); - - Handle<FixedArray> entries; - ASSIGN_RETURN_FAILURE_ON_EXCEPTION( - isolate, entries, - JSReceiver::GetOwnEntries(receiver, PropertyFilter::ENUMERABLE_STRINGS, - true)); - return *isolate->factory()->NewJSArrayWithElements(entries); -} - -RUNTIME_FUNCTION(Runtime_ObjectEntriesSkipFastPath) { - HandleScope scope(isolate); - DCHECK_EQ(1, args.length()); - - CONVERT_ARG_HANDLE_CHECKED(JSReceiver, receiver, 0); - - Handle<FixedArray> entries; - ASSIGN_RETURN_FAILURE_ON_EXCEPTION( - isolate, entries, - JSReceiver::GetOwnEntries(receiver, PropertyFilter::ENUMERABLE_STRINGS, - false)); - return *isolate->factory()->NewJSArrayWithElements(entries); -} RUNTIME_FUNCTION(Runtime_GetProperty) { HandleScope scope(isolate); diff --git a/chromium/v8/src/runtime/runtime.h b/chromium/v8/src/runtime/runtime.h index 487ee675ad3..d05f4984c6a 100644 --- a/chromium/v8/src/runtime/runtime.h +++ b/chromium/v8/src/runtime/runtime.h @@ -391,10 +391,6 @@ namespace internal { F(ObjectCreate, 2, 1) \ F(InternalSetPrototype, 2, 1) \ F(OptimizeObjectForAddingMultipleProperties, 2, 1) \ - F(ObjectValues, 1, 1) \ - F(ObjectValuesSkipFastPath, 1, 1) \ - F(ObjectEntries, 1, 1) \ - F(ObjectEntriesSkipFastPath, 1, 1) \ F(GetProperty, 2, 1) \ F(KeyedGetProperty, 2, 1) \ F(AddNamedProperty, 4, 1) \ diff --git a/chromium/v8/src/simulator-base.h b/chromium/v8/src/simulator-base.h index 27dc87d0503..84c1f2fd5b8 100644 --- a/chromium/v8/src/simulator-base.h +++ b/chromium/v8/src/simulator-base.h @@ -43,6 +43,26 @@ class SimulatorBase { return ConvertReturn<Return>(ret); } + // Convert back integral return types. + template <typename T> + static typename std::enable_if<std::is_integral<T>::value, T>::type + ConvertReturn(intptr_t ret) { + static_assert(sizeof(T) <= sizeof(intptr_t), "type bigger than ptrsize"); + return static_cast<T>(ret); + } + + // Convert back pointer-typed return types. + template <typename T> + static typename std::enable_if<std::is_pointer<T>::value, T>::type + ConvertReturn(intptr_t ret) { + return reinterpret_cast<T>(ret); + } + + // Convert back void return type (i.e. no return). + template <typename T> + static typename std::enable_if<std::is_void<T>::value, T>::type ConvertReturn( + intptr_t ret) {} + private: // Runtime call support. Uses the isolate in a thread-safe way. static void* RedirectExternalReference(Isolate* isolate, @@ -69,26 +89,6 @@ class SimulatorBase { ConvertArg(T arg) { return reinterpret_cast<intptr_t>(arg); } - - // Convert back integral return types. - template <typename T> - static typename std::enable_if<std::is_integral<T>::value, T>::type - ConvertReturn(intptr_t ret) { - static_assert(sizeof(T) <= sizeof(intptr_t), "type bigger than ptrsize"); - return static_cast<T>(ret); - } - - // Convert back pointer-typed return types. - template <typename T> - static typename std::enable_if<std::is_pointer<T>::value, T>::type - ConvertReturn(intptr_t ret) { - return reinterpret_cast<T>(ret); - } - - // Convert back void return type (i.e. no return). - template <typename T> - static typename std::enable_if<std::is_void<T>::value, T>::type ConvertReturn( - intptr_t ret) {} }; // When the generated code calls an external reference we need to catch that in diff --git a/chromium/v8/src/wasm/wasm-code-manager.cc b/chromium/v8/src/wasm/wasm-code-manager.cc index 8e46f33b012..2b8f3097339 100644 --- a/chromium/v8/src/wasm/wasm-code-manager.cc +++ b/chromium/v8/src/wasm/wasm-code-manager.cc @@ -954,6 +954,8 @@ void WasmCodeManager::FreeNativeModuleMemories(NativeModule* native_module) { Free(&vmem); DCHECK(!vmem.IsReserved()); } + native_module->owned_memory_.clear(); + // No need to tell the GC anything if we're destroying the heap, // which we currently indicate by having the isolate_ as null if (isolate_ == nullptr) return; diff --git a/chromium/v8/tools/whitespace.txt b/chromium/v8/tools/whitespace.txt index ed5e51f96a6..83f006688cd 100644 --- a/chromium/v8/tools/whitespace.txt +++ b/chromium/v8/tools/whitespace.txt @@ -8,5 +8,3 @@ The doubles heard this and started to unbox. The Smi looked at them when a crazy v8-autoroll account showed up... The autoroller bought a round of Himbeerbrause. Suddenly... The bartender starts to shake the bottles....................... -. -. |