Fixes incorrect checks for handle validity when checking the compiled
code, as well as incorrect uses of tst in arm and ppc flag checking
code. Also adds a test that the tier-up works correctly.
Reland of https://codereview.chromium.org/2448933002
BUG=v8:5512
Review-Url: https://codereview.chromium.org/2497573003
Cr-Commit-Position: refs/heads/master@{#40930}
ToName conversion, i.e., ToPropertykey() is the
identify for strings and symbols.
BUG=v8:5623
Review-Url: https://codereview.chromium.org/2494073002
Cr-Commit-Position: refs/heads/master@{#40924}
This adds a new ExternalPointer type, which is an Internal type that is
used for ExternalReferences and other pointer values, like the pointers
into the asm.js heap. It also adds a PointerConstant operator, which we
use to represents these raw constants (we can probably remove that
particular operator again once WebAssembly ships with the validator).
R=mvstanton@chromium.org
BUG=v8:5267,v8:5270
Review-Url: https://codereview.chromium.org/2494753003
Cr-Commit-Position: refs/heads/master@{#40923}
According to the spec data segments are allowed even if the memory size
is zero. However, if one of the data segments has a length greater than
0, then module instantiation should fail.
I also changed the exception type in LoadDataSegments to TypeError,
because that's the exception type for all exceptions which can happen
during instantiation.
R=titzer@chromium.org, rossberg@chromium.org
TEST=cctest/test-run-wasm-module/EmptyMemoryEmptyDataSegment, cctest/test-run-wasm-module/EmptyMemoryNonEmptyDataSegment
Review-Url: https://codereview.chromium.org/2483053005
Cr-Commit-Position: refs/heads/master@{#40922}
A SmiUntag() was missing when loading the old backing store's length.
BUG=chromium:664469
Review-Url: https://codereview.chromium.org/2492783004
Cr-Commit-Position: refs/heads/master@{#40921}
This CL adds support for:
* conditional breaks in setBreakpoint,
* locals in frame.local{Count,Name,Value},
* evaluation on a frame in frame.evaluate,
* and more detailed scope information in scopeObject.
Uses of several functions that are not covered by the
inspector protocol and are only used in tests have been removed.
Local handling has been modified to also include arguments as locals.
Inspector differs in this regard from our FrameDetails in that
arguments are always shown as locals. Argument-related functions
were removed.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2491543002
Cr-Commit-Position: refs/heads/master@{#40917}
Fixes incorrect checks for handle validity when checking the compiled
code, as well as incorrect uses of tst in arm and ppc flag checking
code. Also adds a test that the tier-up works correctly.
Review-Url: https://codereview.chromium.org/2478323002
Cr-Commit-Position: refs/heads/master@{#40915}
This CL moves all heap-allocated WASM data structures, both ones
that are bonafide JSObjects and ones that are FixedArrays only, into a
consistent place with consistent layout. Note that not all accessors are complete, and I haven't fully spread the new static typing goodness
to all places in the code.
R=ahaas@chromium.org,rossberg@chromium.org
CC=gdeepti@chromium.org,mtrofin@chromium.org,clemensh@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2490663002
Cr-Commit-Position: refs/heads/master@{#40913}
- A new runtime function (%create_resolving_functions) is installed to
call the CreateResolvingFunctions builtin from JS.
- Three new builtins are created - resolve and reject functions and a
third function that creates a new JSFunctions from these
resolve/reject builtins.
- The promise reject function is installed on the context temporarily
as internal_promise_reject. This should go away once we remove
PromiseSet.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2459283004
Cr-Commit-Position: refs/heads/master@{#40903}
According to the spec, import wrappers are only generated for JavaScript
functions, not for WebAssembly function. If an imported WebAssembly
function does not have the expected type, then a type error is thrown.
R=titzer@chromium.org, rossberg@chromium.org
TEST=mjsunit/wasm/test-import-export-wrapper
Review-Url: https://codereview.chromium.org/2486943005
Cr-Commit-Position: refs/heads/master@{#40901}
This is mostly a performance experiment. If it provides no speedup,
it can be reverted to keep IC miss events in timeline plots.
Otherwise, the RuntimeCallStats system is the replacement tool for
investigating performance issues related to IC misses.
This effectively reverts 1f8adc15 / r21736.
Review-Url: https://codereview.chromium.org/2480343002
Cr-Commit-Position: refs/heads/master@{#40893}
This changes {FrameState} nodes modeling "after" states to use bytecode
offsets pointing to the deoptimizing bytecode. This is in sync with the
normal execution, as the bytecode offset is advanced after operations
complete in regular bytecode handlers.
The change is necessary to ensure lazy deoptimized frames contain an
accurate bytecode offset while they are on the stack. Such frames can be
inspected by various stack walks. The continuation builtin will advance
the bytecode offset upon return.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-660379
BUG=chromium:660379
Review-Url: https://codereview.chromium.org/2487173002
Cr-Commit-Position: refs/heads/master@{#40887}
TurboFan can create ConsStrings with empty first parts (for history on
this decision, see da27e0c886). Add a
fast-path for such cases in String::SlowFlatten.
BUG=
Review-Url: https://codereview.chromium.org/2489273002
Cr-Commit-Position: refs/heads/master@{#40885}
We are removing use of the debugger context. When the debugger triggers
compilation, we may not have a context from which to create a JSArray.
R=ishell@chromium.org
Review-Url: https://codereview.chromium.org/2479123002
Cr-Commit-Position: refs/heads/master@{#40884}
We seem to get some small wins from avoiding the Ldr bytecodes, probably due
to reduced icache pressure since there are less bytecode handlers. Replace
the Ldr bytecodes with Star lookahead inlined into the Lda versions.
Also fixes IsAccumulatorLoadWithoutEffects to include LdaContextSlot and
LdaCurrentContextSlot
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2489513005
Cr-Commit-Position: refs/heads/master@{#40883}
This adds information about an exception's caught/uncaught status to the
Runtime.paused event in the data parameter:
{
"method": "Debugger.paused",
"params": {
"callFrames": [
[...]
],
"data": {
"description": "666",
"type": "number",
"uncaught": true, <---
"value": 666
},
"hitBreakpoints": [],
"reason": "exception"
}
}
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2488733003
Cr-Commit-Position: refs/heads/master@{#40875}
... and make them applicable outside of CSA.
Nice bonus is that the assert condition instructions will now appear inside [Assert / ]Assert brackets.
BUG=
Review-Url: https://codereview.chromium.org/2489743002
Cr-Commit-Position: refs/heads/master@{#40869}
Adds an IsInterpreted() function to both SharedFunctionInfo and JSFunction.
This is used to fix the test-heap code-aging tests since Ignition doesn't
age code.
BUG=v8:4680
Review-Url: https://codereview.chromium.org/2481433002
Cr-Commit-Position: refs/heads/master@{#40868}
Currently function like "() => 239" contains offset 3 as begin of function and 8 as end of function.
This CL changes this to 6 and 9 respectively.
BUG=chromium:566801
R=yangguo@chromium.org,dgozman@chromium.org
TBR=adamk@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
Review-Url: https://codereview.chromium.org/2488493003
Cr-Commit-Position: refs/heads/master@{#40864}
Test InstructionSequenceTest has been initialized with a testing RegisterConfiguration
instance defined in instruction-sequence-unittest.h, whereas class ExplicitOperand which
is being tested used RegisterConfiguration from instruction.cc. In case these two
instances are different, the tests would fail. The issue is fixed by using the same
instance of RegisterConfiguration both for test code and code under test.
Additionally, the tests in register-allocator-unittest.cc use hardcoded values
for register and begin failing is the hardcoded register is not available for
allocation. Fix by forcing the use of allocatable registers only.
TEST=unittests.MoveOptimizerTest.RemovesRedundantExplicit,unittests.RegisterAllocatorTest.SpillPhi
BUG=
Review-Url: https://codereview.chromium.org/2433093002
Cr-Commit-Position: refs/heads/master@{#40862}
This adds a new NumberToUint8Clamped simplified operator that does the
round ties to even + clamping necessary to store to Uint8ClampedArrays.
BUG=v8:4470,v8:5267,v8:5615
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2489563004
Cr-Commit-Position: refs/heads/master@{#40861}
The Ldr[Named/Keyed]Property bytecodes are problematic for the deoptimizer when
inlining accessors in TurboFan. Remove them and replace with a Star lookahead
in the bytecode handlers for Lda[Named/Keyed]Property.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2485383002
Cr-Commit-Position: refs/heads/master@{#40860}
This stages escape analysis by implying --turbo-escape by the --turbo
flag. It broadens the exposure of the optimization in question.
R=jarin@chromium.org
BUG=v8:4586,v8:5267
Review-Url: https://codereview.chromium.org/1992913005
Cr-Commit-Position: refs/heads/master@{#40859}
We cannot generate debug events if JS execution is disallowed since
vital debugging logic is still implemented in JS. Return early from
Debug::OnException if that is the case.
BUG=chromium:662674
Review-Url: https://codereview.chromium.org/2491443002
Cr-Commit-Position: refs/heads/master@{#40858}
The bounds check in LoadDataSegment was off by one. I also improved the
error message, and fixed an issue where data was initialized even if
the bounds check failed.
In InstantiateModuleForTesting I allow instantiation of modules without
exports. This check was legacy code from the time where instantiation
and execution was still combined in a single function.
R=titzer@chromium.org, rossberg@chromium.org
TEST=cctest/test-run-wasm-module/InitDataAtTheUpperLimit
Review-Url: https://codereview.chromium.org/2486183002
Cr-Commit-Position: refs/heads/master@{#40856}
The spec defines that indirect calls in WebAssembly code should cause a
validation error if no function table exists.
The CL contains the following changes:
1) Throw a validation error for indirect calls if the function table
not exist.
2) Do not create TF nodes to throw a runtime error for indirect calls
if the function table does not exist.
3) Fix existing unit tests by creating a dummy function table.
4) Add new a new test which tests that indirect calls without function
table cause a validation error.
R=rossberg@chromium.orgCC=titzer@chromium.org
TEST=unittests/AstDecoderTest.IndirectCallsWithoutTableCrash
Review-Url: https://codereview.chromium.org/2484623002
Cr-Commit-Position: refs/heads/master@{#40852}
If an exception is thrown when there is a Promise being created, the Promise
catch prediction code would call into a part implemented in JavaScript to see if
the Promise has a catch handler. If it is not possible to call back into JS,
e.g., due to a stack overflow, then this would lead to a crash. This patch
"speculates" that, if it's impossible to call back into JavaScript, then the
error is unhandled, avoding the issue. In a future patch, the catch prediction
logic should be entirely written in C++, but this patch adds a minimal fix to
be more friendly to backports.
BUG=chromium:662935
R=jgruber
Review-Url: https://codereview.chromium.org/2487833002
Cr-Commit-Position: refs/heads/master@{#40851}
We recently allowed global constants in asm.js validated code.
When used in a return statement, these need to be of an allowed type.
BUG=660813
R=jpp@chromium.org,aseemgarg@chromium.org
Review-Url: https://codereview.chromium.org/2481103002
Cr-Commit-Position: refs/heads/master@{#40850}
Don't rely on carry flags you didn't set yourself.
BUG=chromium:663402
Review-Url: https://codereview.chromium.org/2484283002
Cr-Commit-Position: refs/heads/master@{#40848}
We handle this case specially because otherwise we would have to do
complicated overflow detection.
R=titzer@chromium.org
TEST=cctest/test-run-wasm/RunWasmCompiled_LoadMaxUint32Offset
Review-Url: https://codereview.chromium.org/2490533003
Cr-Commit-Position: refs/heads/master@{#40844}
With this CL, we set the is_source_positions_enabled flag on CompilationInfo when
- a command line flag is enabled that requires Turbofan to preserve source position
information (e.g. --trace-deopt), and
- when profiling is enabled.
This also removes the --turbo-source-positions flag.
The goal is to eventually only track source position information when needed.
R=mstarzinger@chromium.org
BUG=v8:5439
Review-Url: https://codereview.chromium.org/2484163003
Cr-Commit-Position: refs/heads/master@{#40836}
This adds clearStepping plus the family of
{set,clear}BreakOn{,Uncaught}Exception functions.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2482903002
Cr-Commit-Position: refs/heads/master@{#40834}
This is an experiment to check whether the heuristics is still useful.
BUG=
Review-Url: https://codereview.chromium.org/2482163002
Cr-Commit-Position: refs/heads/master@{#40833}
The access check is generated as a:
- Equality check of an execution-time and a compile-time native contexts
for primitive receivers.
- Equality check of an execution-time and a compile-time native contexts
or equality check of a respective security tokens for global proxy receivers.
- No-op for other kinds of receivers.
BUG=v8:5561
Review-Url: https://codereview.chromium.org/2482913002
Cr-Commit-Position: refs/heads/master@{#40829}
We really should deopt before the for-in index increment.
BUG=chromium:662904
Review-Url: https://codereview.chromium.org/2476423003
Cr-Commit-Position: refs/heads/master@{#40828}
This introduces two new bytecodes LdaModuleVariable and StaModuleVariable,
replacing the corresponding runtime calls.
Support in the bytecode graph builder exists only in the form of runtime calls.
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2471033004
Cr-Commit-Position: refs/heads/master@{#40825}
This moves all tests currently working with the inspector debugger wrapper to
test/debugger.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2480223002
Cr-Commit-Position: refs/heads/master@{#40824}
The memory leak is fixed by calling the GC at the end of the tests. The GC collects the WasmModuleWrapper objects, which deallocates WasmModule c++ object. For the mjsunit tests the GC is already called because of the --invoke_weak_callbacks flag.
BUG=chromium:662388
Review-Url: https://codereview.chromium.org/2476643003
Cr-Commit-Position: refs/heads/master@{#40822}
- When module bytes have a memory maximum defined, compiled module object should set maximum memory
- Exported memory objects should set maximum value on the memory objects
- Update tests to use declared maximum values.
R=ahaas@chromium.org
Review-Url: https://codereview.chromium.org/2474333003
Cr-Commit-Position: refs/heads/master@{#40820}
Previously, tests in the newly added test/debugger/debug directory were
not executed on CQ.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2484713002
Cr-Commit-Position: refs/heads/master@{#40819}
Note: This CL might regress code that relies on such arguments access.
In that case, we could still optimize the access if it accesses at
constant index (and the argument at that index is not context-allocated).
If any code relies on a general access to context-allocated arguments,
we would need to analyze the function for assignment to the arguments - this
might be quite tricky.
BUG=chromium:662845
Review-Url: https://codereview.chromium.org/2484723002
Cr-Commit-Position: refs/heads/master@{#40813}
Reason for revert:
Speculative revert for blocking roll:
https://codereview.chromium.org/2479233002/
Original issue's description:
> [wasm] Indirect calls without function table cause validation errors.
>
> The spec defines that indirect calls in WebAssembly code should cause a
> validation error if no function table exists.
>
> The CL contains the following changes:
> 1) Throw a validation error for indirect calls if the function table
> not exist.
> 2) Do not create TF nodes to throw a runtime error for indirect calls
> if the function table does not exist.
> 3) Fix existing unit tests by creating a dummy function table.
> 4) Add new a new test which tests that indirect calls without function
> table cause a validation error.
>
> R=rossberg@chromium.org
> CC=titzer@chromium.org
>
> TEST=unittests/AstDecoderTest.IndirectCallsWithoutTableCrash
TBR=rossberg@chromium.org,titzer@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2479283002
Cr-Commit-Position: refs/heads/master@{#40811}
The existing Load/StoreContextElement operations take the index as an int. This
CL adds versions that take the index as a Node. These already existed in the
interpreter-assembler, from which they are now removed.
R=mstarzinger@chromium.org, rmcilroy@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2473003004
Cr-Commit-Position: refs/heads/master@{#40810}
This makes use of the newly introduced cell indices to speed up variable
accesses. Imports and local exports are now directly stored in (separate)
arrays. In the future, we may merge the two arrays into a single one, or
even into the module context.
This CL also replaces the LoadImport and LoadExport runtime functions with
a single LoadVariable taking a variable index as argument (rather than a
name).
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2465283004
Cr-Commit-Position: refs/heads/master@{#40808}
The revert somehow lost the contents of regress-2825.js.
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
BUG=chromium:662928
Review URL: https://codereview.chromium.org/2483863002 .
Cr-Commit-Position: refs/heads/master@{#40806}
This moves all tests currently working with the inspector debugger wrapper to
test/debugger.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2480223002
Cr-Commit-Position: refs/heads/master@{#40804}
This
- removes the ParserRecorder base class,
- devirtualizes the LogFunction and LogMessage functions,
- reuses the SingletonLogger for all preparser calls
In a subsequent step the preparser should probably log directly to the CompleteParserRecorder rather than indirectly through the singleton logger...
BUG=
Review-Url: https://codereview.chromium.org/2474393003
Cr-Commit-Position: refs/heads/master@{#40803}
The spec defines that indirect calls in WebAssembly code should cause a
validation error if no function table exists.
The CL contains the following changes:
1) Throw a validation error for indirect calls if the function table
not exist.
2) Do not create TF nodes to throw a runtime error for indirect calls
if the function table does not exist.
3) Fix existing unit tests by creating a dummy function table.
4) Add new a new test which tests that indirect calls without function
table cause a validation error.
R=rossberg@chromium.orgCC=titzer@chromium.org
TEST=unittests/AstDecoderTest.IndirectCallsWithoutTableCrash
Review-Url: https://codereview.chromium.org/2484623002
Cr-Commit-Position: refs/heads/master@{#40802}
The maximum memory size is a user-defined upper limit for the size of
the memory of a WebAssembly instance. The actual limit is the minimum of
the user-defined limit and the V8 limit. With this CL we allow the
user-defined limit to be greater than the V8 limit, which is required by
the spec.
R=titzer@chromium.orgCC=gdeepti@chromium.org
TEST=unittests/WasmModuleVerifyTest.MaxMaximumMemorySize
Review-Url: https://codereview.chromium.org/2484643002
Cr-Commit-Position: refs/heads/master@{#40801}
This CL adds further support to the test wrapper. We are now able to
run almost all mjsunit/debug-step-* tests using the inspector backend.
debug-stepframe-* tests are not yet supported since inspector does not
know a 'frame' step type.
The interface has also been improved to be able to move these tests to
inspector mostly without modification.
BUG=v8:5330
Review-Url: https://codereview.chromium.org/2466273005
Cr-Commit-Position: refs/heads/master@{#40800}
Drive-by-fix 1: be more precise in machine representations for
AllocateNameDictionary to make --turbo_verify_machine_graph happy.
Drive-by-fix 2: Improve graph verifier output by printing input
representation.
BUG=
Review-Url: https://codereview.chromium.org/2475913002
Cr-Commit-Position: refs/heads/master@{#40797}
The test case did not test anything in its original form. Fix it and add
documentation.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2481733002
Cr-Commit-Position: refs/heads/master@{#40794}
We need to rename the receiver on CheckHeapObject, because we
don't canonicalize numbers in SignedSmall range, and thus we
the representation selection can hand out TaggedSigned values
for receiver uses, even though we checked for TaggedPointerness
first.
Note that this is rather hacky and just intended to fix the bug
ASAP. We need to think about how to deal with representations in
earlier compilation stages.
BUG=chromium:662410
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2485563002
Cr-Commit-Position: refs/heads/master@{#40792}
In Crankshaft we unconditionally assume that accesses to arguments[i] will
be in-bounds and don't take into account IC feedback that would eventually
teach us about out-of-bounds accesses that have happened in the past, so
there's no real guard to protect the bounds check in optimized code.
TEST=mjsunit/compiler/deopt-arguments-oob
R=jarin@chromium.org
BUG=v8:5606
Review-Url: https://codereview.chromium.org/2481053002
Cr-Commit-Position: refs/heads/master@{#40787}
This method iterates through all shared function info which are related to passed script, compiles debug code for SFI in range if needed and returns possible break locations.
BUG=chromium:566801
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
Review-Url: https://codereview.chromium.org/2465553003
Cr-Commit-Position: refs/heads/master@{#40783}
This patch fixes two bugs in V8 to allow the global object to have a frozen proto:
- The immutable prototype map check is done on the map of the "real receiver",
the one that's found after the hidden prototype traversal, rather than
the object that SetPrototype is called on.
- The immutable prototype bit from the ObjectTemplate used to instantiate
the global object, as passed to Context::New, is respected when instantiating
the global object.
R=adamk
BUG=v8:5149
Review-Url: https://codereview.chromium.org/2474843003
Cr-Commit-Position: refs/heads/master@{#40778}
This removes the deprecated flag in question which has been enabled by
default a while ago. All components can by now deal with activations of
a single function being mixed between Ignition and other compilers. The
maintenance overhead to support a mode that clears bytecode is no longer
warranted.
R=rmcilroy@chromium.org
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2475203003
Cr-Commit-Position: refs/heads/master@{#40776}
Compatible with the current (unshipped) Blink implementation.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2471923002
Cr-Commit-Position: refs/heads/master@{#40775}
Parameters of a lazily parsed function used to be parsed eagerly, and parameter
handling was split between Parser::ParseFunctionLiteral and
ParseEagerFunctionBody, leading to inconsistencies.
After this CL, we preparse (lazy parse) the parameters of lazily parsed
functions.
(For arrow functions, we cannot do that ofc.)
This is needed for later features (PreParser with scope analysis).
-- CL adapted from marja's https://codereview.chromium.org/2411793003/
BUG=
Review-Url: https://codereview.chromium.org/2472063002
Cr-Commit-Position: refs/heads/master@{#40771}
