This patch updates internal data structures used by V8 to support
multiple indirect function tables (WebAssembly/design#682). But, since
this feature is post-MVP, the functionality is not directly exposed and
parsing/generation of WebAssembly is left unchanged. Nevertheless, it
is being used in an experiment to implement fine-grained control flow
integrity based on C/C++ types.
BUG=
Review-Url: https://codereview.chromium.org/2174123002
Cr-Commit-Position: refs/heads/master@{#38110}
Rolling v8/build to 0a8d7715646009e2d0935f72462c481be22c6de4
Rolling v8/tools/mb to 1d3f4544cadd78d89c8c71c37ef5474ac2b1e297
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2191643003
Cr-Commit-Position: refs/heads/master@{#38109}
Reason for revert:
Blocks the roll:
https://codereview.chromium.org/2189443003/
Doesn't work with the last chromium gyp bot.
Original issue's description:
> MIPS: Fix mksnapshot on big-endian.
>
> Paritally revert standalone.gypi changes in a451bd1a68 and introduce a new separate variable for the mkpeephole.
>
> On big-endian MIPS, qemu is used to build the snapshot,
> because there's no simulator support for big-endian MIPS.
>
> BUG=
>
> Committed: https://crrev.com/928d2395c3fdf836cf9961cde96e6b274a6b1e20
> Cr-Commit-Position: refs/heads/master@{#38103}
TBR=oth@chromium.org,machenbach@google.com,akos.palfi@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2182633010
Cr-Commit-Position: refs/heads/master@{#38108}
This removes the ability to directly access the {FunctionType} stored
within a {CallInterfaceDescriptor}. The field is in the process of being
deprecated and should no longer be accessed.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2191533002
Cr-Commit-Position: refs/heads/master@{#38107}
Introduce an appropriate StringCharCodeAt simplified operator and use
that to optimize the String.prototype.charCodeAt/.charAt builtins.
R=epertoso@chromium.org
Review-Url: https://codereview.chromium.org/2180373005
Cr-Commit-Position: refs/heads/master@{#38106}
Paritally revert standalone.gypi changes in a451bd1a68 and introduce a new separate variable for the mkpeephole.
On big-endian MIPS, qemu is used to build the snapshot,
because there's no simulator support for big-endian MIPS.
BUG=
Review-Url: https://codereview.chromium.org/2172653002
Cr-Commit-Position: refs/heads/master@{#38103}
Default icu data file for all architectures was set to icudtl.dat, for
big endian this should be icudtb.dat. This will fix intl tests for big
endian once v8 rolls to a newer version of icu that supports big endian.
BUG=
TEST=intl/*
Review-Url: https://codereview.chromium.org/2182043002
Cr-Commit-Position: refs/heads/master@{#38102}
Remove TODO to perform same optimization as AstGraphBuilder.
When visiting for effect in a postfix count operation, don't
keep the intermediate result of ToNumber.
BUG=v4:4280
LOG=n
Review-Url: https://codereview.chromium.org/2187823002
Cr-Commit-Position: refs/heads/master@{#38101}
All supported ARM targets support unaligned accesses for integer
accesses. This patch removes the remnants of support for older targets.
BUG=v8:5077
Review-Url: https://codereview.chromium.org/2184823002
Cr-Commit-Position: refs/heads/master@{#38099}
Objects that reside below the age mark could be on pages that have been moved
within new space. In this case mementos survived which can actually point to
already-collected allocation sites.
BUG=chromium:631050,chromium:581412
R=hpayer@chromium.org
Review-Url: https://codereview.chromium.org/2179033005
Cr-Commit-Position: refs/heads/master@{#38094}
Inline XxxIC::initialize_stub_in_optimized_code() methods to CodeFactory and use stub's call interface descriptor instead of hard-coded one.
BUG=v8:5236
Review-Url: https://codereview.chromium.org/2184063002
Cr-Commit-Position: refs/heads/master@{#38093}
Reason for revert:
Breaks roll: https://codereview.chromium.org/2182043004/
Original issue's description:
> [gn] Don't use PIE for host executables
>
> Using PIE switches on ASLR. With mksnapshot, this can lead
> to non-deterministic snapshots.
>
> BUG=v8:5233
>
> Committed: https://crrev.com/4ca39b53245619d94a80a93939613774e68e4649
> Cr-Commit-Position: refs/heads/master@{#38084}
TBR=jochen@chromium.org,vogelheim@chromium.org,yangguo@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5233
Review-Url: https://codereview.chromium.org/2187613003
Cr-Commit-Position: refs/heads/master@{#38092}
This leads to a better handling of the Smi case when we introduce a checked truncation from a number or oddbal to a 32 bit word, which we were previously doing by concatenating a Smi to float64 conversion with a float64 to word32 truncation.
BUG=
Review-Url: https://codereview.chromium.org/2191503002
Cr-Commit-Position: refs/heads/master@{#38091}
Port 52f2ceb052
Original commit message:
On MIPS different signaling NaN values must be used for hardware and simulator targets, even at snapshot generation when always simulator is used.
This introduces SilenceNaN operator, which makes sure that we only
store quiet NaNs into holey arrays. We omit the NaN silencing code
at instruction selection time if the input is an operation that
cannot possibly produce signalling NaNs.
BUG=
TEST=mjsunit/compiler/regress-store-holey-double-array
Review-Url: https://codereview.chromium.org/2188433002
Cr-Commit-Position: refs/heads/master@{#38090}
Also run the BranchElimination (plus CommonOperatorReducer and the
DeadCodeElimination) during the load elimination phase, so we can
elminate some Phi nodes early on that would otherwise confuse the
truncation analysis and/or representation selection, i.e. if there's a
branch that is never taken, that would yield undefined, we'd have to
choose tagged representation for the Phi, even if the always taken
branch yields an integer.
R=epertoso@chromium.org
BUG=v8:4930,v8:5141
Review-Url: https://codereview.chromium.org/2190543002
Cr-Commit-Position: refs/heads/master@{#38088}
This required the introduction of the CheckedNumberOrOddballAsWord32 use info, and a change in the RepresentationChanger to handle it.
BUG=
Review-Url: https://codereview.chromium.org/2184513003
Cr-Commit-Position: refs/heads/master@{#38086}
Using PIE switches on ASLR. With mksnapshot, this can lead
to non-deterministic snapshots.
BUG=v8:5233
Review-Url: https://codereview.chromium.org/2179303003
Cr-Commit-Position: refs/heads/master@{#38084}
This implements graph construction for entry via on-stack replacement
within the {BytecodeGraphBuilder}. Entry points are at loop headers
similar to previous OSR implementations. All interpreter registers are
addressable via {OsrValue} nodes in the graph. Currently we rely on
{OsrPoll} bytecodes to be placed right after loop headers (i.e. at the
targets of back edges).
R=jarin@chromium.org
BUG=v8:4764
Review-Url: https://codereview.chromium.org/2171083004
Cr-Commit-Position: refs/heads/master@{#38083}
This CL fixed one bug in crankshaft compiler for Math.max(-0, 0).
BUG=
Review-Url: https://codereview.chromium.org/2175243002
Cr-Commit-Position: refs/heads/master@{#38079}
The new phase will detect loop variable, infer bounds and bake them into
the type.
Review-Url: https://codereview.chromium.org/2164263003
Cr-Commit-Position: refs/heads/master@{#38077}
Introduce the CheckString during native context specialization when we
have string map feedback on a LOAD_IC/STORE_IC. The CheckString
operator, just like its CheckNumber pendant, renames the input and
assigns a proper type, which we will use soon to lower access operations
on Strings, i.e. charCodeAt calls or keyed accesses.
R=jarin@chromium.org
BUG=v8:4930,v8:5141
Review-Url: https://codereview.chromium.org/2181943003
Cr-Commit-Position: refs/heads/master@{#38076}
Rolling v8/build to 603acacfd82e28d442da5e24bf22bbacbeefa589
Rolling v8/buildtools to 67bf0653b2eb9eabd4fc17c4bf2df828e904a558
Rolling v8/third_party/android_tools to af1c5a4cd6329ccdcf8c2bc93d9eea02f9d74869
Rolling v8/tools/clang to a98f7fa326ac2b7e1710e923c1287cde7f901d86
Rolling v8/tools/mb to 93a755bd710560a2db62300d69db0d8876c01442
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2191433002
Cr-Commit-Position: refs/heads/master@{#38075}
Reason for revert:
Revert this CL due to V8 Arm Builder failure and V8 Mips Builder failure.
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20builder/builds/2456https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/2506
Original issue's description:
> [Tracing] V8 Tracing Controller
>
> V8 has had a trace event macro interface for while, but without a tracing
> controller a standalone V8 would be unable to collect traces.
>
> This CL introduces a complete Tracing Controller system for V8.
> It is fully function except that it does not yet store trace event args.
>
> This CL has a few components,
> The tracing controller itself, contributed by the author of this CL
> The Trace config (including the parser), contributed by lpy@
> The Trace Object, Trace Writer, and Trace Buffer are all contributed by rksang@
>
> BUG=v8:4561
> LOG=N
>
> Committed: https://crrev.com/3d598452679ce208ad9b2f48e0fb3fae352ce375
> Cr-Commit-Position: refs/heads/master@{#38073}
TBR=jochen@chromium.org,mattloring@google.com,rskang@google.com,yangguo@chromium.org,fmeawad@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4561
Review-Url: https://codereview.chromium.org/2183943002
Cr-Commit-Position: refs/heads/master@{#38074}
V8 has had a trace event macro interface for while, but without a tracing
controller a standalone V8 would be unable to collect traces.
This CL introduces a complete Tracing Controller system for V8.
It is fully function except that it does not yet store trace event args.
This CL has a few components,
The tracing controller itself, contributed by the author of this CL
The Trace config (including the parser), contributed by lpy@
The Trace Object, Trace Writer, and Trace Buffer are all contributed by rksang@
BUG=v8:4561
LOG=N
Review-Url: https://codereview.chromium.org/2137013006
Cr-Commit-Position: refs/heads/master@{#38073}
Reason for revert:
breaks android build due to uninitialized variable.
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug%20builder/builds/2034
Original issue's description:
> [debugging] print ranges for consecutive values with %DebugPrint
>
> With this CL repeated values in elements are combined into a single printout with a range.
>
> BEFORE:
> - elements = {
> 0: <undefined>
> 1: <undefined>
> 2: <the_hole>
> }
>
> AFTER:
> - elements = {
> 0-1: <undefined>
> 2: <the_hole>
> }
>
> BUG=
>
> Committed: https://crrev.com/ec4165742088043d8fede38db21a281e16682adb
> Cr-Commit-Position: refs/heads/master@{#38069}
TBR=yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2181093003
Cr-Commit-Position: refs/heads/master@{#38071}
With this CL repeated values in elements are combined into a single printout with a range.
BEFORE:
- elements = {
0: <undefined>
1: <undefined>
2: <the_hole>
}
AFTER:
- elements = {
0-1: <undefined>
2: <the_hole>
}
BUG=
Review-Url: https://codereview.chromium.org/2169143003
Cr-Commit-Position: refs/heads/master@{#38069}
The showed up unnaturally high while profiling DOM node creation.
BUG=chromium:630217
Review-Url: https://codereview.chromium.org/2181323002
Cr-Commit-Position: refs/heads/master@{#38068}
Port 580fdf3c05
This also reverses the MachineType stored for partial unaligned access support
such that it records the unsupported types, rather than supported types.
BUG=
Review-Url: https://codereview.chromium.org/2182493003
Cr-Commit-Position: refs/heads/master@{#38065}
This adds tracking of the loop depth to the {BytecodeGenerator} in order
to statically determine the loop nesting level for {OsrPoll} bytecodes.
R=rmcilroy@chromium.org
BUG=v8:4764
Review-Url: https://codereview.chromium.org/2176183002
Cr-Commit-Position: refs/heads/master@{#38064}
Reason for revert:
Revert, because blink tryserver bot rename is reverted.
BUG=chromium:631448
Original issue's description:
> [release] Change blink trybot name on v8 roll CLs
>
> BUG=chromium:590036
> NOTRY=true
>
> Committed: https://crrev.com/a5fae1039409864295b42a6f33cef85ca9396bda
> Cr-Commit-Position: refs/heads/master@{#38041}
TBR=hablich@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:590036
Review-Url: https://codereview.chromium.org/2186593003
Cr-Commit-Position: refs/heads/master@{#38062}
