[v8-users] Re: Intent to Ship: Async Iteration / Async Generators

[caitp]

Thanks, I've updated the chromestatus entry.

On Monday, September 18, 2017 at 8:47:12 PM UTC-4, Brian Birtles wrote:
>
> 2017年9月13日水曜日 1時48分54秒 UTC+9 Caitlin Potter:
>>
>> *Interoperability risk*
>>
>> * Firefox: In development
>>
>
> This is already scheduled to ship in Firefox 57 (Intent to ship 
> 
> ).
>

-- 
-- 
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
--- 
You received this message because you are subscribed to the Google Groups 
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [v8-users] Re: View assembly code for built in functions

[Jakob Kummerow]

ArrayPush is implemented in C++, see src/builtins/builtins-array.cc. The
code object you've disassembled is a small wrapper/trampoline stub, the
first step in the C++ entry sequence.

In general, there is no single way to inspect "built-in functions", because
there are several ways to implement them (a few are still in handwritten
assembly; many are in C++ [exposed as "runtime functions" or "builtins"]
and CodeStubAssembler; some are in JavaScript), and that implies different
ways to dump their code. Many functions also have several implementations,
e.g. a fast path in a generated stub (FastArrayPush is an example), with a
C++ fallback for non-fast cases.

On Mon, Sep 18, 2017 at 5:40 AM, Rong Jie  wrote:

> You need to build V8 with v8_enable_disassembler enabled (disabled by
> default in release build). See https://cs.chromium.org/
> chromium/src/v8/BUILD.gn?type=cs=v8_enable_disassembler
>
>
> On Monday, September 18, 2017 at 5:23:09 PM UTC+8, Marija wrote:
>>
>> Hi,
>>
>> Is it possible to see generated assembly code for built-in functions? If
>> I use just print_code with a simple program, like [].push(1), nothing is
>> generated.
>> Is --print_builtin_code flag the right thing to use? For array push the
>> output looks like:
>>
>> kind = BUILTIN
>> name = ArrayPush
>> compiler = unknown
>> Instructions (size = 10)
>> 0x246f7340 0  bb20c45908 mov ebx,0x859c420   ;; external
>> reference (Builtin_ArrayPush)
>> 0x246f7345 5  e9f682feff jmp 0x246df640
>>  (AdaptorWithBuiltinExitFrame);; code: BUILTIN
>>
>>
>> RelocInfo (size = 3)
>> 0x246f7341  external reference (Builtin_ArrayPush)  (0x859c420)
>> 0x246f7346  code target (BUILTIN)  (0x246df640)
>>
>> There is another code for FastArrayPush.
>>
>> Can you also help me to understand the output if the flag
>> --print_builtin_code is the right thing to use?
>>
>> Thanks!
>>
> --
> --
> v8-users mailing list
> v8-users@googlegroups.com
> http://groups.google.com/group/v8-users
> ---
> You received this message because you are subscribed to the Google Groups
> "v8-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to v8-users+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
-- 
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
--- 
You received this message because you are subscribed to the Google Groups 
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[v8-users] When enabling gdbjit, chromium renderer gets stuck in an infinite loop

[Thiago Arruda]

I'm trying to debug an electron app that is getting stuck in C++ code being 
called by javascript, so I've decided to use v8 gdbjit integration to get 
javascript stack trace from gdb. I've set `v8_enable_gdbjit` gn build 
argument to `true` and also passed `--gdbjit` argument to v8, but the 
renderer seems to be getting stuck in a call to `RemoveJITCodeEntries`. 
Here's part of the stack:

#0  0x76850d24 in (anonymous namespace)::(anonymous 
namespace)::(anonymous namespace)::RemoveJITCodeEntries (
map=, range=...)
at ../../v8/src/gdb-jit.cc:2090
#1  (anonymous namespace)::(anonymous namespace)::(anonymous 
namespace)::AddCode (name=,
code=, shared=,
lineinfo=)
at ../../v8/src/gdb-jit.cc:2148
#2  (anonymous namespace)::(anonymous namespace)::(anonymous 
namespace)::EventHandler (event=)
at ../../v8/src/gdb-jit.cc:2192
#3  0x769607b2 in (anonymous namespace)::(anonymous 
namespace)::JitLogger::LogRecordedBuffer (
this=, code=,
shared=, name=,
length=) at ../../v8/src/log.cc:462
#4  0x7655f7f0 in (anonymous namespace)::(anonymous 
namespace)::CodeEventDispatcher::CodeCreateEvent (
this=, tag=,
code=, shared=,
name=)
at ../../v8/src/code-events.h:142
#5  0x7655a480 in (anonymous namespace)::(anonymous 
namespace)::(anonymous namespace)::CompileToplevel (
info=) at ../../v8/src/compiler.cc:1175

More specifically, it gets stuck in the following loop at the beginning of 
the function:

static void RemoveJITCodeEntries(CodeMap* map, const AddressRange& range) {
  DCHECK(range.start < range.end);
  CodeMap::Locator cur;
  if (map->FindGreatestLessThan(range, ) || map->FindLeast()) {
// Skip entries that are entirely less than the range of interest.
while (cur.key().end <= range.start) {
  // CodeMap::FindLeastGreaterThan succeeds for entries whose key is 
greater
  // than _or equal to_ the given key, so we have to advance our key to 
get
  // the next one.
  AddressRange new_key;
  new_key.start = cur.key().end;
  new_key.end = 0;
  if (!map->FindLeastGreaterThan(new_key, )) return;
}

Is there anything I can do to work around this, or is there an alternative 
to gdbjit that would allow me to get javascript stack from C++?

-- 
-- 
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
--- 
You received this message because you are subscribed to the Google Groups 
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [v8-users] Storing a weak reference to a function, or otherwise avoiding a memory leak

[Ben Noordhuis]

On Mon, Sep 18, 2017 at 6:13 PM, Zach Bjornson  wrote:
>> `myObj.onevent()` invokes `onevent()` with `this === myObj`.  Unless
>> you want to deviate significantly from normal JS semantics, you would
>> need to maintain a reference to `myObj` anyway.
>
>
> (The spec I'm emulating actually states that `onevent()` is invoked with the
> global context.) Sorry, I don't think I described the issue well.
>
> The issue is not `onevent` needing to maintain a contextual ref to `myObj`,
> but rather that if `onevent` references `myObj` in its JS function body,
> then `myObj` will not get GC'ed because `onevent`'s function is stored in a
> Persistent handle.
>
> JS:
>
> var myObj = new MyObj();
> myObj.onevent = function () { // (a C++ setter)
>   console.log(myObj); // reference to myObj here
> }
> myObj.doSomethingAsync(); // causes `onevent` to fire eventually
>
> C++ (pseudo)
>
> class MyObj : ObjectWrap {
>   Persistent _onevent;
>   void setOnEvent(Local prop, const PropertyCallbackInfo&
> info); // stores fn arg in _onevent
> }
>
> A work-around is to not use C++ for the `onevent` setter, but I'm still
> curious how this would be done in C++. Would the class member be instead a
> Local, and have to be set with `EscapeableHandleScope
> scope(isolate); _onevent = scope.Escape(functionArg);` (ish)?
>
> Thanks,
> Zach

myObj.onevent is always going to be a strong reference but what you
can do is make myObj strong when myObj.doSomethingAsync() is called,
and weak again when myObj.onevent() is invoked.

Once it's weak again (or when you reset the persistent handle), the
myObj.onevent -> myObj cycle no longer matters, the object will be
eligible for reclamation.

-- 
-- 
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
--- 
You received this message because you are subscribed to the Google Groups 
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [v8-users] Storing a weak reference to a function, or otherwise avoiding a memory leak

[Zach Bjornson]

>
> `myObj.onevent()` invokes `onevent()` with `this === myObj`.  Unless 
> you want to deviate significantly from normal JS semantics, you would 
> need to maintain a reference to `myObj` anyway. 
>

(The spec I'm emulating actually states that `onevent()` is invoked with 
the global context.) Sorry, I don't think I described the issue well.

The issue is not `onevent` needing to maintain a contextual ref to `myObj`, 
but rather that if `onevent` references `myObj` in its JS function body, 
then `myObj` will not get GC'ed because `onevent`'s function is stored in a 
Persistent handle.

JS:

var myObj = new MyObj();
myObj.onevent = function () { // (a C++ setter)
  console.log(myObj); // reference to myObj here
}
myObj.doSomethingAsync(); // causes `onevent` to fire eventually

C++ (pseudo)

class MyObj : ObjectWrap {
  Persistent _onevent;
  void setOnEvent(Local prop, const PropertyCallbackInfo& 
info); // stores fn arg in _onevent
}

A work-around is to not use C++ for the `onevent` setter, but I'm still 
curious how this would be done in C++. Would the class member be instead a 
Local, and have to be set with `EscapeableHandleScope 
scope(isolate); _onevent = scope.Escape(functionArg);` (ish)?

Thanks,
Zach

-- 
-- 
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
--- 
You received this message because you are subscribed to the Google Groups 
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[v8-users] Re: View assembly code for built in functions

[Rong Jie]

You need to build V8 with v8_enable_disassembler enabled (disabled by 
default in release build). See 
https://cs.chromium.org/chromium/src/v8/BUILD.gn?type=cs=v8_enable_disassembler

On Monday, September 18, 2017 at 5:23:09 PM UTC+8, Marija wrote:
>
> Hi,
>
> Is it possible to see generated assembly code for built-in functions? If I 
> use just print_code with a simple program, like [].push(1), nothing is 
> generated.
> Is --print_builtin_code flag the right thing to use? For array push the 
> output looks like:
>
> kind = BUILTIN
> name = ArrayPush
> compiler = unknown
> Instructions (size = 10)
> 0x246f7340 0  bb20c45908 mov ebx,0x859c420   ;; external 
> reference (Builtin_ArrayPush)
> 0x246f7345 5  e9f682feff jmp 0x246df640 
>  (AdaptorWithBuiltinExitFrame);; code: BUILTIN
>
>
> RelocInfo (size = 3)
> 0x246f7341  external reference (Builtin_ArrayPush)  (0x859c420)
> 0x246f7346  code target (BUILTIN)  (0x246df640)
>
> There is another code for FastArrayPush. 
>
> Can you also help me to understand the output if the flag 
> --print_builtin_code is the right thing to use?
>
> Thanks!
>

-- 
-- 
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
--- 
You received this message because you are subscribed to the Google Groups 
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[v8-users] View assembly code for built in functions

[Marija]

Hi,

Is it possible to see generated assembly code for built-in functions? If I 
use just print_code with a simple program, like [].push(1), nothing is 
generated.
Is --print_builtin_code flag the right thing to use? For array push the 
output looks like:

kind = BUILTIN
name = ArrayPush
compiler = unknown
Instructions (size = 10)
0x246f7340 0  bb20c45908 mov ebx,0x859c420   ;; external 
reference (Builtin_ArrayPush)
0x246f7345 5  e9f682feff jmp 0x246df640 
 (AdaptorWithBuiltinExitFrame);; code: BUILTIN


RelocInfo (size = 3)
0x246f7341  external reference (Builtin_ArrayPush)  (0x859c420)
0x246f7346  code target (BUILTIN)  (0x246df640)

There is another code for FastArrayPush. 

Can you also help me to understand the output if the flag 
--print_builtin_code is the right thing to use?

Thanks!

-- 
-- 
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
--- 
You received this message because you are subscribed to the Google Groups 
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [v8-users] Storing a weak reference to a function, or otherwise avoiding a memory leak

[Ben Noordhuis]

On Sat, Sep 16, 2017 at 3:17 AM, Zach Bjornson  wrote:
> Hello,
>
> I'm trying to implement this type of interface:
>
> var myObj = new MyObj();
> myObj.onevent = function () {
>   // might be a reference to myObj here
> }
> myObj.doSomethingAsync(); // causes `onevent` to fire; can be called more
> than once
>
> `onevent` (a C++ setter) currently stores the callback function in a
> Persistent. However, if the callback has a reference to `myObj`,
> then `myObj` will never be GC'ed.
>
> What's the correct way to implement this?
>
> I thought of (1) storing a weak reference to the function when it's set, (b)
> creating a Persistent handle to the function when `doSomethingAsync()` is
> called, (c) resetting that Persistent when the event is fired. However, I'm
> not sure how to store a weak reference to the function in the first place.
>
> Thanks,
> Zach

`myObj.onevent()` invokes `onevent()` with `this === myObj`.  Unless
you want to deviate significantly from normal JS semantics, you would
need to maintain a reference to `myObj` anyway.

In other words, don't worry about it!

-- 
-- 
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
--- 
You received this message because you are subscribed to the Google Groups 
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.