1. --total-timeout-sec now available for ./run-tests.py. It can be
useful with infinite seed stressing
2. random seed dropped from the context. Now JSON progress indicator
gets it from the list of command args.
Bug: v8:6917
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I73e535bc8face9b913c696b8d5e3a246fa231004
Reviewed-on: https://chromium-review.googlesource.com/888524
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50964}
Some tests need to ensure all builtins are deserialized. This adds a
helper to make that easier.
Drive-by-refactoring: Centralize lazy-deserialization tracing.
TBR=rmcilroy@chromium.org
Bug: v8:6624
Change-Id: I1f7caa6c539b12aabcba5b7b28c50ad40355848b
Reviewed-on: https://chromium-review.googlesource.com/891822
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50959}
The test inspects each builtin's RelocInfo. It's isolate-independent, iff there
are no entries for embedded objects, runtime calls, external references (which
could point to addresses on the isolate), or code targets.
Bug: v8:6666
Change-Id: Ie32353db445a9e81e1c9a0a8f1b5ffe1566a0404
Reviewed-on: https://chromium-review.googlesource.com/888639
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50949}
This only affects document.all, which is the only user of
|ObjectTemplate::SetCallAsFunctionHandler|, and will mean that
new document.all() will throw TypeError. There are tests for this:
//src/third_party/WebKit/LayoutTests/external/wpt/html/infrastructure/common-dom-interfaces/collections/htmlallcollection.html
(cherry picked from commit 7233447e4ac4587c81e91077857f8a30c4a6d2df)
Change-Id: Ibb39b3c61b688591c781158cf4abc0c2d74c908e
Reviewed-on: https://chromium-review.googlesource.com/882642
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Philip Jägenstedt <foolip@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/890496
Cr-Commit-Position: refs/heads/master@{#50943}
This adds back an option for interrupt budget available in no-snap
builds. This also adds a fuzzer configuration for numfuzz that enables
fuzzing the interrupt budget option. A new flag --disable-analysis
allows to generally skip the fuzzer's analysis phase, which can be
chosen for interrupt budget, which doesn't support an analysis phase.
Bug: v8:6917
Change-Id: I546dd9ee41c3e0fb027108ef4606a34514f230d4
Reviewed-on: https://chromium-review.googlesource.com/885805
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50929}
This reverts commit 7ac6edf9f0.
Reason for revert: Fails on gcc (https://build.chromium.org/p/client.v8/builders/V8%20Linux%20gcc%204.8/builds/17623)
Original change's description:
> [builtins] Add .incbin cctest
>
> Just to ensure this is portable across all platforms.
>
> Credits go to https://github.com/graphitemaster/incbin, bits of the
> .incbin code were taken from there. Thanks!
>
> Bug: v8:6666
> Change-Id: Id068f70fb4ac925b574a14dec40cf80627a22073
> Reviewed-on: https://chromium-review.googlesource.com/881181
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50883}
TBR=yangguo@chromium.org,jgruber@chromium.org
Change-Id: Ibf4527e068afffb5380839a0936992087903135e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/888620
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50884}
Just to ensure this is portable across all platforms.
Credits go to https://github.com/graphitemaster/incbin, bits of the
.incbin code were taken from there. Thanks!
Bug: v8:6666
Change-Id: Id068f70fb4ac925b574a14dec40cf80627a22073
Reviewed-on: https://chromium-review.googlesource.com/881181
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50883}
This adds a new operator JSCreatePromise, which currently allocates
a native JSPromise instance and initializes it to pending state.
In addition to that we introduce a new PromiseHookProtector, which
get's invalidated the first time someone enables the debugger or
installs a PromiseHook (via async_hooks for example). As long as
the protector is intact we lower AsyncFunctionPromiseCreate to
JSCreatePromise and AsyncFunctionPromiseRelease to a no-op in
optimized code.
This yields a speedup of roughly 33% on the benchmark mentioned
in the bug.
Bug: v8:7271, v8:7253
Change-Id: Ib5d219f2b6e052a7cc5e6ed5aa66dd3c8885a859
Reviewed-on: https://chromium-review.googlesource.com/883124
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50849}
The SwitchOnGeneratorState bytecode now also falls through if the
generator object is undefined (so that we don't need that jump) and
restores generator context (so that we don't need that PushContext).
This saves 10 bytes per generator.
Change-Id: Ie0872c827119b9f1d1e9244d3be6496a30cd9620
Reviewed-on: https://chromium-review.googlesource.com/867051
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50845}
The CompilationUnitBuilder of the StreamingProcessor is cleared when an
error occurs in the streaming decoder. The clearing of the
CompilationUnitBuilder was guarded by the existence of the
ModuleCompiler, because this ModuleCompiler and the
CompilationUnitBuilder are created together. However, the
CompilationUnitBuilder is reset when the next section after the code
section is processed, whereas the ModuleCompiler exists until the end of
the AsyncCompileJob. With this CL the clearing of the
CompilationUnitBuilder is also guarded by its own existence.
R=clemensh@chromium.org
Bug: chromium:805346
Change-Id: I0e9e9eaff9239fadb21c0f17990da61cbfaa6856
Reviewed-on: https://chromium-review.googlesource.com/883527
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50844}
It is analogous to Template::SetLazyDataProperty, but for a single
existing object. Similar to how SetNativeDataProperty exists on both.
Bug: v8:7303
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I634358ee455e28150198bd87a2bd79dc59e3e449
Reviewed-on: https://chromium-review.googlesource.com/867474
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jeremy Roman <jbroman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50841}
This reverts commit bf19e60cc5.
Reason for revert: Two issues discovered with W^X in V8's 6.5 branch (see v8:7272 and chromium:793428). Still need a way to disable the feature.
Original change's description:
> [platform] Remove {PageAllocator::kReadWriteExecute}.
>
> Now that write-protection of code memory is enabled everywhere and V8 is
> fully W^X compliant, we can remove the permission mode in question.
>
> R=hpayer@chromium.org
> BUG=v8:6792
>
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I80fe95ac6bb0e2d1ad6d993154ce45d492d941be
> Reviewed-on: https://chromium-review.googlesource.com/866855
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50770}
TBR=bbudge@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:6792
Change-Id: If4a205497ac83084a4092560363affb13b391462
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/883461
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50834}
- Remove TypedArray.prototype.subarray in js/typedarray.js
- Implement TypedArray.prototype.subarray as a CSA
- Implement TypedArraySpeciesCreateByArrayBuffer as a CSA
- Move a helper function for relative index from builtins-string-gec.cc
to code-stub-assembler.cc
- Move SpeciesConstructor from builtins-promise-gen.cc to
code-stub-assembler.cc
Bug: v8:7161, v8:5929
Change-Id: If3340476e16aa21659540eb4b24e3ead54e6a313
Reviewed-on: https://chromium-review.googlesource.com/830992
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50831}
Instead of building suspend_ids in the AST numbering, collect suspend
counts in the parser and assigning suspend ids during bytecode
generation.
Bug: v8:7178
Change-Id: I53421442afddc894db789fb9d0d3e3cc10e32ff0
Reviewed-on: https://chromium-review.googlesource.com/817598
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50830}
Currently, yields and awaits inside loops compile to bytecode which
switches to the top of the loop header, and switch again once inside the
loop. This is to make loops reducible.
This replaces this switching logic with a single switch bytecode that
directly jumps to the bytecode being resumed. Among other things, this
allows us to no longer maintain the generator state after the switch at
the top of the function, and avoid having to track loop suspend counts.
TurboFan still needs to have reducible loops, so we now insert loop
header switches during bytecode graph building, for suspends that are
discovered to be inside loops during bytecode analysis. We do, however,
do some environment magic across loop headers since we know that we will
continue switching if and only if we reached that loop header via a
generator resume. This allows us to generate fewer phis and tighten
liveness.
Change-Id: Id2720ce1d6955be9a48178322cc209b3a4b8d385
Reviewed-on: https://chromium-review.googlesource.com/866734
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50804}
Use this in the PromiseThen operation to skip the (expensive) lookup in
the SpeciesConstructor operation. This yields in a nice 3-5% improvement
on the bluebird and wikipedia benchmarks, and paves the way for inlining
certain Promise operations into TurboFan optimized code later.
On the micro-benchmark mentioned in the bug (from the findings doc), we
reduce the overall execution time by 25%, which makes sense given that
Promise.prototype.then spends a significant portion of it's time just
figuring out the appropriate constructor.
Bug: v8:7253, v8:7349
Change-Id: Ia1577b59d1b7e4b8dbda83e2186583edab76695a
Reviewed-on: https://chromium-review.googlesource.com/880681
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50794}
Simplified lowering may loose feedback by inserting Checked
conversions for BoundsChecks in case the bounds check gets
optimized away later on.
Bug: v8:7127
Change-Id: I254a29ba4e578d653d1dee2d70582ce0a4b57789
Reviewed-on: https://chromium-review.googlesource.com/878743
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50783}
Deoptimization may materialize values on the heap, which may get sampled
by the heap profiler. Such samples have imprecise stack. Indicate this.
BUG=v8:7314
Change-Id: I21ab079c36fc0492b05b546cc1d6a8e6c042aeb8
Reviewed-on: https://chromium-review.googlesource.com/877119
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50775}
Now that write-protection of code memory is enabled everywhere and V8 is
fully W^X compliant, we can remove the permission mode in question.
R=hpayer@chromium.org
BUG=v8:6792
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I80fe95ac6bb0e2d1ad6d993154ce45d492d941be
Reviewed-on: https://chromium-review.googlesource.com/866855
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50770}
This reloc mode is never encoded, so there is no reason to
differentiate between 32 and 64 bit.
Both are now replaced by RelocInfo::NONE.
R=mstarzinger@chromium.org
Change-Id: I054d99c7dc41f99729fa33617a6f47301b4a31e7
Reviewed-on: https://chromium-review.googlesource.com/878401
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50763}
Instead of requiring the pattern that a SuspendGenerator must be
followed by a Return, make SuspendGenerator return directly. This can,
in the future, simplify some of the reasoning around generator suspends.
Change-Id: I94c0156a89dc0e1c0bc306bc57acf766f3b4deb5
Reviewed-on: https://chromium-review.googlesource.com/857463
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50748}
A map’s `constructor_or_backpointer` can be any kind of value,
because `fn.prototype = foo` sets that field to `foo` if the
latter is not a `JSReceiver`; so the `DCHECK` that is being
removed here was invalid.
Refs: https://github.com/nodejs/node/issues/18223
Bug: node:18223
Change-Id: Ia6449c07bb724e515d73b162369ab36ab1d89c6b
Reviewed-on: https://chromium-review.googlesource.com/874472
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50735}
This is the implementation of crrev.com/c/866721 for mips and mips64.
Drive-by change: I made the slot index calculation on mips the same as
on mips64.
Original description:
At the moment the slot index is encoded in the opcode. This, however,
sets an upper limit the slot index which is lower than what we want to
have (i.e. < 512). With this change we pass the slot index as an
immediate operand, which does not impose limits on the value it
contains.
R=v8-mips-ports@googlegroups.com
Change-Id: I46219b07962eadd174f418cba1ea38b07f9b5e96
Reviewed-on: https://chromium-review.googlesource.com/866723
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#50719}
Remove final csp instances, missed in the earlier patch due to being outside
the arm64 tree.
Bug: v8:6644
Change-Id: I2b5a2716568949740991c368b64c0a06105e4ff2
Reviewed-on: https://chromium-review.googlesource.com/874310
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50698}
This adds a test-preparser cctest corresponding to the regression test added in
https://chromium-review.googlesource.com/865900
BUG=chromium:801772
Change-Id: I33d74e242fd765b91b7c148b9a0af4960a7b05ea
Reviewed-on: https://chromium-review.googlesource.com/870311
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50688}
This is a further step to separate the implementation of the JavaScript
API from the internals of the WASM implementation. Now, wasm-js.cc
only needs to interact with the WASM engine and is (almost) independent
of module-decoder.h and module-compiler.h.
Also, move SyncCompileAndInstantiate() into wasm-module-runner.cc.
Bug: v8:7316
R=clemensh@chromium.org, mstarzinger@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I7765af54ac16f53a5ff88c17a22c5d36bacaf926
Reviewed-on: https://chromium-review.googlesource.com/870871
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50679}
This patch does not add any functionality, it just parses the private
fields. Adds a new harmony flag as well.
Bug: v8:5368
Change-Id: I71ce11868f458571eb57a4bc922223931ce5baa8
Reviewed-on: https://chromium-review.googlesource.com/862526
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50662}
Assembler::PopAndReturn expects an Integral type so convert argc from a
SMI if necessary.
On 64-bit architectures, convert 64-bit immediate pop values into
32-bit values. This is safe since the conversion checks that nothing
was truncated.
Also change CodeStubArguments unit tests to use PopAndReturn rather
than Return.
Change-Id: I91b47d2e81dc0504d185ad59752d638b1c3135a7
Reviewed-on: https://chromium-review.googlesource.com/867052
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50645}
This is the implementation of crrev.com/c/866721 for ia32.
Drive-by change: Clean up the slot index calculation.
At the moment the slot index is encoded in the opcode. This, however,
sets an upper limit the slot index which is lower than what we want to
have (i.e. < 512). With this change we pass the slot index as an
immediate operand, which does not impose limits on the value it
contains.
R=titzer@chromium.org
Change-Id: I40adf8c6e62de28f8428492db6c5297252c1e2d1
Reviewed-on: https://chromium-review.googlesource.com/864642
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50643}
This adds a new simplified operator NumberToString, which just lowers to
a call to the NumberToString builtin, and hooks that up to the typed
lowering (addressing a long-standing TODO).
Drive-by-fix: Also remove the %NumberToString runtime entry, and just
always use the %NumberToStringSkipCache entry from CSA, since we only
go there if the cache lookup already failed.
Bug: v8:5267, v8:7109
Change-Id: I5ca698c98679653813088a404f1fd38903a73c0e
Reviewed-on: https://chromium-review.googlesource.com/779099
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50636}
Adds I32UConvertF32, I32SConvertF64, and I32UConvertF64 instructions.
Refactors code to use templates where appropriate, and to use
previously committed template function is_inbounds() when appropriate
in tests.
Bug: v8:7226
Change-Id: I2701e5fd0b21cefa1f285677f20616cfde29ab0d
Reviewed-on: https://chromium-review.googlesource.com/862609
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50632}
The WebAssembly JS API specification [1] covers the JS-visible side-effects
of executing a grow_memory operation and states that a successful
grow operation should always detach any prior array buffer.
[1] https://github.com/WebAssembly/spec/blob/master/document/js-api/index.bsR=mstarzinger@chromium.org,gdeepti@chromium.org
Bug:
Change-Id: Ib9232e01209ba546c0bba1c9408c92da60ff6d92
Reviewed-on: https://chromium-review.googlesource.com/860011
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50627}
Both tables are always updated together and are always accessed
together. Thus merge them, reducing code complexity, but also code
space and overhead for accessing them during runtime. Instead of two
weak global handles, we only need one, which also means one less load
for each indirect call.
Merging them also improves cache locality, since signature and code
address are not stored next to each other in memory, so they will very
likely end up in the same cache line.
R=titzer@chromium.org
Change-Id: I862df7de93a98aa602a3895796610c2c520d6f21
Reviewed-on: https://chromium-review.googlesource.com/866868
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50623}
If there is no constructor or species updates on Array or TypedArrays,
then skip lookups of constructor and species so that we can create a new
typed array quickly. This path makes TA.p.slice() 2x faster in fast
cases.
Bug: chromium:800356, v8:7161
Change-Id: Ied8c90e23ca6708f4a3cec077c1fd733e4a6609e
Reviewed-on: https://chromium-review.googlesource.com/859397
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50617}
