Add newline at the start of the function body.
BUG=v8:6190, v8:4958
R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com
Change-Id: I10db088ac9807a503382fd5080ad955e418d8b45
Reviewed-on: https://chromium-review.googlesource.com/466566
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Cr-Commit-Position: refs/heads/master@{#44352}
Minor fix: Provide a string for "%s".
R=hablich@chromium.org
Change-Id: Ibae24688c5f69e0fee5108701aa7f483117aea8c
Reviewed-on: https://chromium-review.googlesource.com/457998
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44350}
Seems to have been missed in this cleanup: crrev.com/2741683004.
Also updates a comment referring to internal fields.
Change-Id: I44b5fd49f5fb4b67b5288a6af959e4e963544368
Reviewed-on: https://chromium-review.googlesource.com/466147
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44349}
This adds test coverage for the source position tracking of function
table calls in asm.js and fixes the discovered issues. It also fixes
function start positions (used by errors thrown at stack checks).
R=clemensh@chromium.org
TEST=mjsunit/wasm/asm-wasm-stack
BUG=v8:6127,v8:6166
Change-Id: Id6ab6dc72bcedb0d838eed315e2a05fbc59039f4
Reviewed-on: https://chromium-review.googlesource.com/465949
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44348}
Since byteOffset is configurable, we need to access byteOffset by
%_ArrayBufferViewGetByteOffset, instead of accessing .byteOffset
property.
BUG=v8:6120
Review-Url: https://codereview.chromium.org/2761673003
Cr-Commit-Position: refs/heads/master@{#44347}
When calling imported functions, we were always using the global object
as receiver. This is incorrect for strict functions, which should have
undefined as receiver.
This CL fixes this also for the interpreter, making us pass
test/mjsunit/wasm/receiver.js with --wasm-interpret-all.
R=ahaas@chromium.org
BUG=v8:5822
TEST=test/mjsunit/wasm/receiver
Change-Id: Ib7d637083245f67b668c11540e3c3473bc167129
Reviewed-on: https://chromium-review.googlesource.com/465986
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44346}
For OOB checks on memory accesses, we first subtracted the size of the
type to load/store from the memory size, and then compared against this
effective_size. If the memory size is smaller than the size of the type,
this would lead to an integer underflow, and we would try to load the
value.
This CL fixes this, and adds a test case for this.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: I26fcba0be7343c88b8459d029b0c0af095d2466a
Reviewed-on: https://chromium-review.googlesource.com/465946
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44345}
JSObject is slow: creating strings for keys and storing values by these keys after takes significant amount of time.
With this CL console methods (most of them collect top stack frame to calculate source location) are ~33% faster.
V8Debugger::captureStackTrace is ~50% faster.
BUG=v8:6189
R=yangguo@chromium.orgTBR=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2789073002
Cr-Commit-Position: refs/heads/master@{#44344}
Bool flags can be as small as one byte, so testing an IntPtr-sized value
is incorrect.
BUG=v8:6172
Review-Url: https://codereview.chromium.org/2792963002
Cr-Commit-Position: refs/heads/master@{#44343}
Translates code of the form 'if (x === undefined)' into the JumpIfUndefined
bytecode, and similarly for comparisons with null. Also adds bytecodes for
JumpIfNotUndefined / Null.
Moves the peephole optimization for CompareUndefined out of the peephole
optimizer and into the BytecodeGenerator, having the side-effect of enabling
it for comparisons with undefined on both side of the compare operation.
BUG=v8:6107
Review-Url: https://codereview.chromium.org/2793923002
Cr-Commit-Position: refs/heads/master@{#44341}
With --harmony-function-tostring enabled (now enabled by --harmony),
CompileFunctionInContext would produce incorrect results whenever called
with 1 or more argument parameters, due to specifying an incorrect end
position for the parameters.
BUG=v8:6190, v8:4958
R=littledan@chromium.org, adamk@chromium.org, jwolfe@igalia.com
Change-Id: Ied2bcba44116311ebcae3967963472b4e1058fd3
Reviewed-on: https://chromium-review.googlesource.com/465515
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44340}
This CL adds support to parse a PushStackTraceAndDie dump on a windows
minidump:
Stack Message:
magic1: 00000000bbbbbbbb
magic2: 00000000bbbbbbbb
ptr1: 00000015f9ca78d1 T
ptr2: 0000000000000000
message start: 00000000002c58f0 S
stack_start: 00000000002cd8f0 S
All addresses within the message are annotated with the address marker to
make it easier to spot objects that are contained in the minidump.
Currently this doesn't work on OSX yet as we do not correctly push the two
magic markers on the stack.
Change-Id: I8385bb66a76bd253c4014bc7e25971d03830dd4d
Reviewed-on: https://chromium-review.googlesource.com/466007
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44339}
The byte_length field of the TypedArray is not set to 0 on neutering,
but JSArrayBufferView::byte_length() returns 0 if WasNeutered() is
true. We should use the length property here instead.
We can just short-circuit if the length is 0. Added checks to the
memcpy path that assert length and neutered status are sane.
Bug:chromium:707472,chromium:707595,chromium:707364,chromium:707410
Change-Id: Ia1dec53f175357673012cbbc5e2fc40207e03623
Reviewed-on: https://chromium-review.googlesource.com/465987
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44336}
This adds support for tracking token positions in the asm.js scanner and
uses these positions to emit a mapping from WASM to asm.js positions.
Note that the mapping is still incomplete (some call sites are not yet
covered).
R=clemensh@chromium.org
TEST=debugger/debug/wasm/asm-debug
BUG=v8:6127
Change-Id: Ic8aad1a85e7d9e19da2eec523fcc73d4984afcc8
Reviewed-on: https://chromium-review.googlesource.com/466046
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44335}
A DCHECK was failing if we unwind an activation which is not the
bottom-most. This CL fixes this and adds a test for this.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: Ib69116b4c45a7b2a0d6cab97ad984dfdcda55918
Reviewed-on: https://chromium-review.googlesource.com/464788
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44332}
For speculative number comparisons with SignedSmall feedback, we always
enforce either TaggedSigned or Word32 comparisons. But this is not
really beneficial if one of the inputs is already in Float64
representation; in that case it's cheaper to just convert the other
input to a Float64.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2790833004
Cr-Commit-Position: refs/heads/master@{#44327}
The "perf inject" command will place the generated function into a .text
section, placed directly after the ELF header. As a result, source position
addresses need to be adjusted according to the size of the ELF header, which is
0x40 for 64 bit architectures and 0x34 on 32 bit architectures.
We would previously adjust the addresses with 0x40 regardless of the
architecture.
BUG=
Review-Url: https://codereview.chromium.org/2783203005
Cr-Commit-Position: refs/heads/master@{#44325}
Previously, named captures (and related functionality) were restricted to
unicode-mode regexps.
This CL extends that support to non-unicode patterns. Named groups are
supported regardless of the mode, and named back-references are supported if
the regexp is in unicode mode or if it contains a named capture (otherwise '\k'
is treated as an identity escape).
BUG=v8:5437,v8:6192
Review-Url: https://codereview.chromium.org/2788873002
Cr-Commit-Position: refs/heads/master@{#44324}
This was missed when Latin-1 encoding replaced UTF-8 encoding when one-byte
strings (like most keys) are serialized.
BUG=chromium:686159
Review-Url: https://codereview.chromium.org/2784423002
Cr-Commit-Position: refs/heads/master@{#44320}
Records histogram of ArrayBuffer/SharedArrayBuffer new allocations
that failed because it couldn't allocate space for the
buffer. Histogram is based on the buffer size requested.
This counter is intended to give some clue as to how often, and what sizes are being requested. Unfortunately, the how often can't be answered with the current counter. The problem is that V8 doesn't currently support this possibility yet. Hence, for now, introducing a counter that at least counts the number/size of failing requests.
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
Review-Url: https://codereview.chromium.org/2786913004
Cr-Commit-Position: refs/heads/master@{#44318}
Adds a counter for large array buffers. Used to give an indication of
how common large array buffers are allocated in V8.
For the moment, we assume a 1Mb cutoff for the notion of large array
buffers. We also use log2(length) to cleanly bucket sizes into a
histogram.
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
Review-Url: https://codereview.chromium.org/2792623002
Cr-Commit-Position: refs/heads/master@{#44317}
Currently x instanceof RegExp checks cannot take the fast path, since
the RegExp constructor has dictionary properties. To avoid that, just
forcibly migrate the RegExp constructor to fast properties again once
it's fully setup in the bootstrapper. This yields a 10x improvement for
x instanceof RegExp checks.
R=yangguo@chromium.org
BUG=v8:5902
Review-Url: https://codereview.chromium.org/2786143004
Cr-Commit-Position: refs/heads/master@{#44316}
Looking at UMA results, we are getting a fair number of modules with
more than 10,000 functions (5.2%) that are being lumped into the
maximal entry. To get more visibility into what values are being
lumped, this CL lifts the maximum to 100,000.
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2787163002
Cr-Commit-Position: refs/heads/master@{#44314}
Looking at UMA results, we are geting a number of instantiations (4%)
that are being lumped into the 1 second (plus) maximum entry. To get
more visibility into the values in this bucket, this CL lift the
maximun to 10 seconds.
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2780353004
Cr-Commit-Position: refs/heads/master@{#44313}
Looking at UMA results, we are getting a lot of compilations (over 5%)
that are being lumped into the 1 second (plus) maximum entry. To get
more visibility into this, this CL lifts the maxiumum to 10 seconds.
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2785313002
Cr-Commit-Position: refs/heads/master@{#44312}
Fixes a crash found by clusterfuzz caused by a call to
std::vector::reserve with a huge capacity, and reverts to ZoneList
handling as a tentative fix for performance regressions on the slow
@@replace path.
BUG=chromium:707187,chromium:706748,v8:5437
Review-Url: https://codereview.chromium.org/2787343002
Cr-Commit-Position: refs/heads/master@{#44311}
some arch like s390 has native instr can benefit from this.
see ~10% improvement on MathAbs on s390
Review-Url: https://codereview.chromium.org/2785773002
Cr-Commit-Position: refs/heads/master@{#44310}
Check that a register used as a local is within the bytecode array's
local count.
BUG=chromium:706234
Change-Id: I51f6a0a8be065b93b9a4e1dca623e98c51685b51
Reviewed-on: https://chromium-review.googlesource.com/464768
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44308}
This reverts commit 4506382dce.
We don't allow DEPS'ing things outside googlesource. This requires a
mirror. Also .gitignore entry is missing.
NOTRY=true
NOTREECHECKS=true
NOPRESUBMIT=true
TBR=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2785183005
Cr-Commit-Position: refs/heads/master@{#44307}
Add assembler, disassembler and simulator support for NEON in the ARM64 backend.
BUG=
Review-Url: https://codereview.chromium.org/2622643005
Cr-Commit-Position: refs/heads/master@{#44306}
This CL uses the same logic as spread calls to check whether the
iteration over an array would produce different results to simply
accessing the backing store directly. Skipping the full iteration
protocol for normal arrays gives us a ~10x speedup on the
construct-typedarray benchmark.
BUG=v8:5977,v8:5699,v8:4782,chromium:698173
Change-Id: Ib878d39691e99b739afef0dd05a6a6efc5b6b5d4
Reviewed-on: https://chromium-review.googlesource.com/463367
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44304}
Numbered back-references that occur before the referenced capture
trigger an internal mini-parser that looks ahead in the pattern and
counts capturing groups.
This updates the mini-parser to correctly handle named captures.
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2792523002
Cr-Commit-Position: refs/heads/master@{#44303}
