Now that tables and stack frames properly root instances, there is no
longer any need to disallow mutations that could unroot instances
while their code is on the stack.
Bug: v8:7232
Change-Id: I907b9522ac12ad7a67fb4124774713b6b3b40bb7
Reviewed-on: https://chromium-review.googlesource.com/1007004
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52629}
This removes the support to serialize copies of {CodeStub} codes during
native module serialization. It is still possible to serialize builtins
and all code objects copied from the GC heap are builtins by now.
R=ahaas@chromium.org
Change-Id: If009a82a9d7c7080f70f344040ebb91f20b8cc1a
Reviewed-on: https://chromium-review.googlesource.com/1012081
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52628}
This will give us much better testing coverage for trap-based bounds
checks.
Note that this will not enable the trap handler by default in Chrome.
Instead, Chrome will need to explicitly enable the feature using
V8::EnableWebAssemblyTrapHandler.
Bug: v8:5277
Change-Id: I7d81f40c6f831c6fe7926375c677908952b78fa2
Reviewed-on: https://chromium-review.googlesource.com/964711
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52627}
This adds another fixed spill slot to the {WasmCompiledFrame} layout,
holding a reference to the current {WasmInstanceObject}. This slot
allows the stack walker to retrieve instances for WebAssembly frames
without having each code object be coupled to an instance. Hence it
enables sharing code across instances in the future.
R=titzer@chromium.org
BUG=v8:7424
Change-Id: I7fa095c6255754caf564edce4ee7e84dea666783
Reviewed-on: https://chromium-review.googlesource.com/1005516
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52626}
The Cvtui2ss method did overwrite the {src} register, and the given
{tmp} register. Because of this, the Turbofan code generator passed two
temporary registers.
This CL fixes this to avoid the overwrite of the {src} register (which
is now an Operand).
R=neis@chromium.org
Change-Id: I33e523ac3d7bb377899739e95058b87adefa6b65
Reviewed-on: https://chromium-review.googlesource.com/1014082
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52625}
If the new length is too large, we must throw a TypeError.
Bug: v8:7652
Change-Id: I47268c04405f7a5f5bbc971cd434f2d786af9ca1
Reviewed-on: https://chromium-review.googlesource.com/1013563
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52624}
At is used in Macro Assembler, so we need other registers to hold temporary values.
Change-Id: Iffeddba7b3319666a605eea62ecc3cd01b065ad7
Reviewed-on: https://chromium-review.googlesource.com/1013978
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52623}
First version which can compile a very basic code.
Change-Id: I3b98412a5ca39a28f8fe5b60516b82c6981dd187
Reviewed-on: https://chromium-review.googlesource.com/993232
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52622}
Name type conversions from int to float and vice versa consistently,
and move them to the TurboAssembler, such that we can reuse them for
Liftoff.
R=jarin@chromium.org
Bug: v8:6600
Change-Id: Idced658a228eeb611dd4785aa277bd758c201eea
Reviewed-on: https://chromium-review.googlesource.com/1014037
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52620}
An overview of motivation behind Torque and some of its principles
can be found here: https://bit.ly/2qAI5Ep
Note that there is quite a bit of work left to do in order to get
Torque production-ready for any non-trivial amount of code, but
landing the prototype as-is will allow for much faster iteration.
Bugs will be filed for all of the big-ticket items that are not
landing blockers but called out in this patch as important to fix.
Cq-Include-Trybots: luci.v8.try:v8_linux_nosnap_rel;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ib07af70966d5133dc57344928885478b9c6b8b73
Reviewed-on: https://chromium-review.googlesource.com/845682
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52618}
The recent changes related to the Address type broke this.
R=bmeurer@chromium.org
Change-Id: I404930435e9f48750a735beed7d79108b9cc96ee
Reviewed-on: https://chromium-review.googlesource.com/1014081
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52616}
Previously Isolate and Factory relied on the undefined behavior of
reinterpret_cast to switch between the two unrelated classes (which worked
because Factory had no data members).
With Isolate inheriting from Factory, it's now possible to switch between the
two classes using c-style casts. These are allowed under the C++ standard.
The inheritance is private which allows the continuing separation of the
Factory and Isolate namespaces.
This is a defensive clean-up, since ubsan does not yet detect the previous
undefined behavior.
Bug: v8:3770
Change-Id: I0ccf09f1d34f747550812ce698ab7e182812409e
Reviewed-on: https://chromium-review.googlesource.com/1010122
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52615}
The embedder should not need to keep track of the source string.
R=jgruber@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ie27df755a22fbcae7b6e87a435419d2d8f545558
Reviewed-on: https://chromium-review.googlesource.com/1013482
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52614}
This adds tests for 'oddly' behaving comparison functions.
I.e. functions that cause an element kind change and/or
modify the array. The tests check that sort does not crash in these
instances.
R=jgruber@chromium.org
Bug: v8:7382
Change-Id: I4ac9aa081fda9088d1848a960dc66aba671872e5
Reviewed-on: https://chromium-review.googlesource.com/1010062
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52612}
Per the spec change at [1], Abstract Relational Comparison between a
BigInt and a String converts the String to BigInt via StringToBigInt
before performing the comparison. Before this change, the String was
converted to a Number, and a BigInt/Number comparison was performed.
[1] https://github.com/tc39/proposal-bigint/pull/139
Bug: v8:6791
Change-Id: I40b4f4ddc78977adb0d44180eb58e0f9a8a70cb6
Reviewed-on: https://chromium-review.googlesource.com/1004117
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52609}
Port 2459046c1d
Original Commit Message:
The "Address" type is V8's general-purpose type for manipulating memory
addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
are undefined behavior except within the same array; since we generally
don't operate within a C++ array, our general-purpose type shouldn't be
a pointer type.
R=jkummerow@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ic30ef19019e5b39b01f90587011c6a1b06c4b7a1
Reviewed-on: https://chromium-review.googlesource.com/1012461
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52607}
Port a3b6067525
Original Commit Message:
This is mostly a simple copy & paste of the stub implementation from
code-stubs-arch.cc to builtins-arch.cc.
The conversion allows removal of a special case for the DoubleToIStub
within the compiler & wasm pipelines, and also makes the following
builtins isolate-independent (in conjunction with
https://crrev.com/c/1006581):
TFC BitwiseAnd
TFC BitwiseOr
TFC BitwiseXor
TFC Exponentiate
TFC ShiftLeft
TFC ShiftRight
TFC ShiftRightLogical
TFJ AtomicsAdd
TFJ AtomicsAnd
TFJ AtomicsCompareExchange
TFJ AtomicsExchange
TFJ AtomicsLoad
TFJ AtomicsOr
TFJ AtomicsStore
TFJ AtomicsSub
TFJ AtomicsXor
TFJ MathClz32
TFJ MathImul
TFJ MathPow
TFJ NumberParseInt
TFJ StringFromCharCode
TFJ TypedArrayFrom
TFJ TypedArrayOf
TFJ TypedArrayPrototypeMap
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Iee9fc5671646772625556717db052b78089c5c66
Reviewed-on: https://chromium-review.googlesource.com/1013247
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52606}
Port 87557649e4
Original Commit Message:
This changes DoubleToIStub to return its result on the stack instead
of a specific return register.
In a follow-up, the DoubleToIStub could be converted into a builtin.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I952fec4fbe004e2734a84ba853f4f5a33c8dd8ce
Reviewed-on: https://chromium-review.googlesource.com/1013418
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52605}
The "Address" type is V8's general-purpose type for manipulating memory
addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
are undefined behavior except within the same array; since we generally
don't operate within a C++ array, our general-purpose type shouldn't be
a pointer type.
Bug: v8:3770
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
Reviewed-on: https://chromium-review.googlesource.com/988657
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52601}
This was missed in the original CL switching |is_posix| to false for
Fuchsia.
Bug: chromium:812974
Change-Id: I532516296c6b6ece9805c2f986c8dded00a798df
Reviewed-on: https://chromium-review.googlesource.com/1011251
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Fabrice de Gans-Riberi <fdegans@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52599}
This allows an embedder to check if a Value is a module namespace object.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idffceff451dd5f5c6a53d4cb3ce02c1c2c5b653c
Reviewed-on: https://chromium-review.googlesource.com/1011762
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52597}
This patch moves the desugaring from the parser to the bytecode
generator for super calls that have a spread at a non last position.
This allows us to have the post super() call behavior, such as
initializing instance fields in one place in VisitCallSuper.
Bug: v8:7642
Change-Id: I00a693beb7078a63282359c1121b66bb62c157c8
Reviewed-on: https://chromium-review.googlesource.com/1009907
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52596}
This factors out the element insertion code, so that it can be reused
elsewhere in a follow-up CL.
Change-Id: Ic085c8359b3024f381803ce64b49e976018277f9
Reviewed-on: https://chromium-review.googlesource.com/1010068
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52592}
This is mostly a simple copy & paste of the stub implementation from
code-stubs-arch.cc to builtins-arch.cc.
The conversion allows removal of a special case for the DoubleToIStub
within the compiler & wasm pipelines, and also makes the following
builtins isolate-independent (in conjunction with
https://crrev.com/c/1006581):
TFC BitwiseAnd
TFC BitwiseOr
TFC BitwiseXor
TFC Exponentiate
TFC ShiftLeft
TFC ShiftRight
TFC ShiftRightLogical
TFJ AtomicsAdd
TFJ AtomicsAnd
TFJ AtomicsCompareExchange
TFJ AtomicsExchange
TFJ AtomicsLoad
TFJ AtomicsOr
TFJ AtomicsStore
TFJ AtomicsSub
TFJ AtomicsXor
TFJ MathClz32
TFJ MathImul
TFJ MathPow
TFJ NumberParseInt
TFJ StringFromCharCode
TFJ TypedArrayFrom
TFJ TypedArrayOf
TFJ TypedArrayPrototypeMap
Drive-by: dead code removal & TODOs in code-stubs.h.
Bug: v8:6666
Change-Id: I763cba2242bcadc2d130b0aaa16a9787212b466a
Reviewed-on: https://chromium-review.googlesource.com/1012024
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52591}
Prior to this, ToInt32Constant only matched Int64Constant nodes within
the int32_t range, but did not match actual Int32Constant nodes.
Change-Id: I4e67ea57f53f3b1d4b1f2b27f11ebdeffb2bf357
Reviewed-on: https://chromium-review.googlesource.com/1012022
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52590}
This patch adds a micro-benchmark comparing
`string.startsWith(singleCodeUnit)`, `string[0]`,
`string.endsWith(singleCodeUnit)`, and `string[string.length - 1]`.
The benchmark can be used to measure any String#{starts,ends}With
optimizations we implement in the future.
Test:
tools/run_perf.py --binary-override-path=out/x64.release/d8 \
--filter=JSTests/Strings/StringStartsEndsWithComparison \
--extra-flags=--trace-turbo test/js-perf-test/JSTests.json
Bug: v8:7453
Change-Id: I68cad197fbcbfc6b1938fc437776c319ee9f81df
Reviewed-on: https://chromium-review.googlesource.com/1011619
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52589}
This changes DoubleToIStub to return its result on the stack instead
of a specific return register.
In a follow-up, the DoubleToIStub could be converted into a builtin.
Bug: v8:6666
Change-Id: I7852e1586c8f7b56bc5d2545a7bf6238dd2ad650
Reviewed-on: https://chromium-review.googlesource.com/1009702
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52587}
This reverts commit 4d7ad46db4.
Reason for revert: Makes i18n bot red
https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Linux_-_noi18n_-_debug%2F20162%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2FAssemblerIa32JumpTabl..%2F0
Original change's description:
> Introduce CodeReference
>
> Add a struct CodeReference that can be stack allocated to pass a
> reference to either an on-heap code object or off-heap WasmCode object
> in a gc safe manner. The struct also provides a common interface such
> that code can be written independently of the kind of code object it
> references.
>
> Change-Id: I5a6f74462e6e141d167c7fd9bac8c21941fd83b1
> Reviewed-on: https://chromium-review.googlesource.com/977905
> Commit-Queue: Stephan Herhut <herhut@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52580}
TBR=mstarzinger@chromium.org,herhut@chromium.org
Change-Id: I9c49da9ee97e7423284e58bec3fdc1d212ff1af0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1010544
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52582}
Add a struct CodeReference that can be stack allocated to pass a
reference to either an on-heap code object or off-heap WasmCode object
in a gc safe manner. The struct also provides a common interface such
that code can be written independently of the kind of code object it
references.
Change-Id: I5a6f74462e6e141d167c7fd9bac8c21941fd83b1
Reviewed-on: https://chromium-review.googlesource.com/977905
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52580}
