Fix WebAssembly's global/value-get-set. The argument must not be
undefined.
mjsunit tests were updated.
Bug: v8:8319
Change-Id: Id3d3c9b18cbc8854e589481dfc7c52f35cfb7bf7
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/1411886
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Cr-Commit-Position: refs/heads/master@{#58863}
The table.copy bytecode copies a range of table entries in a similar
way to memcopy. This CL implements the behavior in a runtime call
that calls into the wasm engine.
R=mstarzinger@chromium.org,binji@chromium.org
BUG=v8:7747
Change-Id: I420451202b1b78ea92cbd10387a644ed57e111c8
Reviewed-on: https://chromium-review.googlesource.com/c/1414919
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58858}
That makes the declaration in sync with how dynamic references are resolved,
avoiding duplicate variable creation in the likely case that the variable is
also referenced within the eval.
Bug: v8:5112, v8:5135, v8:8693
Change-Id: I0c55495f573fe8b5076b1627c139ff72d1adda74
Also-by: leszeks@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/1408890
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58850}
This switches the experimental exception handling implementation to the
new proposal where 'catch' blocks behave in a catch-all fashion and a
new 'br_on_exn' operation is used to check for a certain exception type
and extract the exception values on a match.
R=clemensh@chromium.org
TEST=unittests/FunctionBodyDecoderTest,mjsunit/wasm/exceptions
BUG=v8:8091
Change-Id: Ib12ba28b3aa2a7d831312a83abcb00bf56d0adc3
Reviewed-on: https://chromium-review.googlesource.com/c/1409431
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58832}
The parenthesized flag guarantees that the contents was validated as a possible
arrow head. By collapsing a parenthesized expression with an outer binary
expression we invalidly kept the flag and invalidly assumed that the collapsed
expression was validated.
Bug: chromium:921382
Change-Id: I207dcbfd228a1ed216130226fdb7ea045b89b85a
Reviewed-on: https://chromium-review.googlesource.com/c/1412172
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58829}
A sloppy function in a block scope implicitily creates a var in the outer
declaration scope if it's not blocked. The assignment created reads the local
lexical declaration for the function. The reference introduced automatically
takes part in NeedsHoleCheck, requiring the reference to have a valid position.
Since the assignment will happen after the local declaration, we give the
end_position() of the closure as the position of the reference, so hole checks
can be omitted.
Bug: chromium:917755
Change-Id: Iee0e042b2463f97f05075f9eec09dac8c6eaf539
Reviewed-on: https://chromium-review.googlesource.com/c/1408991
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58823}
With this CL we support importing mutable anyref globals. The CL
contains the following changes:
* We store a reference to the buffer of the imported global in
`WasmInstance::imported_mutable_globals_buffer`. This FixedArray is
already used to keep the ArrayBuffers of value-typed imported
mutable globals alive but was not accessed otherwise.
* We store the offset in the buffer of the imported global in
`WasmInstance::imported_mutable_globals`. This `Address`-array is
used for value-typed imported mutalbe globals to store direct
pointers into the backing store of the ArrayBuffer of the imported
global.
* In wasm-compiler.cc we generate code to load these fields and then
load or store globals.
* in module-compiler.cc I removed the counter variable
`next_imported_mutable_global_index`. The variable was only used for
a DCHECK. I replaced the DCHECK with a slightly weaker DCHECK now.
* Tests.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I11f0f4d8637c98eded5fb2eec44bc8ead8ed5c7b
Reviewed-on: https://chromium-review.googlesource.com/c/1409169
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58822}
--jitless -> --no-opt
-> --no-validate-asm
-> --wasm-interpret-all -> --no-asm-wasm-lazy-compilation
-> --no-wasm-lazy-compilation
Note that wasm still isn't supported in jitless mode since it generates
code at runtime even with --wasm-interpret-all.
Drive-by: Fail early when trying to compile irregexp code in jitless
mode.
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Bug: v8:7777
Change-Id: I7f0421f71efeaaeb030ed9ec268d12a659667acf
Reviewed-on: https://chromium-review.googlesource.com/c/1406677
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58820}
The table.drop bytecode "drops" the backing storage for an element
initializer. In the V8 implementation, this is a nop, other than
updating a per-instance boolean array so that two drops of the same
segment or a drop of an active segment will trap.
This is implemented with inline code in TurboFan in order to be symmetric
to memory.drop, but could as easily be a runtime call to be supported in
Liftoff.
R=mstarzinger@chromium.org
CC=binji@chromium.org
BUG=v8:7747
Change-Id: Ic017398eaa764dd3a9ff19523453ff7142c9abf6
Reviewed-on: https://chromium-review.googlesource.com/c/1408996
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58817}
The --perf-prof flag generates unwanted .dump files, while the
--perf-prof-unwinding-info flag enables the functionality under test here.
R=jgruber@chromium.org
BUG=chromium:913844
Change-Id: Ie5ee374977d6105854f42065600dac1bc5ba6df7
Reviewed-on: https://chromium-review.googlesource.com/c/1409363
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58791}
This CL adds two new runtime calls for table operations:
- Runtime_WasmTableInit
- Runtime_WasmTableCopy
These runtime calls (will) implement the semantics for the corresponding
bytecodes from the bulk memory proposal. The actual implementation
of these runtime calls will be done in further CLs.
The third table operation, table.drop, will be implemented with inline
code, similar to memory.drop. This is also be done in a further CL.
R=mstarzinger@chromium.org
CC=binji@chromium.org
BUG=v8:7747
Change-Id: I498aa054329baf9f72ae55d245b12c3ccd4157b7
Reviewed-on: https://chromium-review.googlesource.com/c/1408994
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58786}
It removes the assertion that caused the bug report by introducing a new
trampoline (WasmBigIntToI64) for the conversion code stub between a Bigint
object and a Wasm i64 BigIntToI64).
The tests were updated to cover calling the stub from a Wasm callsite.
Bug: v8:8625
Change-Id: I55891001cfa72f6f2849792293b43bbb54147f1a
Reviewed-on: https://chromium-review.googlesource.com/c/1405028
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58767}
Bug: chromium:917215
Change-Id: Ie2127953a8ce3d6da4feb3478039ba318774e21d
Reviewed-on: https://chromium-review.googlesource.com/c/1404176
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58755}
It is not legal for destructuring patterns and identifiers in declarations
to be in parentheses. This includes nested patterns/identifiers inside
another pattern.
We were checking sub-patterns for parentheses when parsing possible
sub-patterns, but this check missed sub-patterns with a default
initialiser (e.g. [({x:y})=1] = {}), as the AssignmentExpression hid
the pattern.
So, we now additionally record declaration/pattern errors of an assignment
LHS when parsing the assignment cover grammar.
Bug: v8:8630
Change-Id: Ia5a97003671fc1da7f68d7fb15943928ce9496e3
Reviewed-on: https://chromium-review.googlesource.com/c/1404452
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58743}
In the degenerate case where we wanted to emit {x = x - x} (where {x}
is any register), ia32 and x64 generated wrong code (producing {-x + -x}
instead). Fix this by special casing this case.
R=ahaas@chromium.org
Bug: chromium:919308
Change-Id: I9cd9818d2a678450ac6530107e7a5cbb625ddb8d
Reviewed-on: https://chromium-review.googlesource.com/c/1405029
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58731}
In {Assembler::and_} we might need to use the scratch register. Thus use
a free LiftoffRegister instead to emit i32 popcnt.
R=ahaas@chromium.orgCC=george.wort@arm.com
Bug: chromium:918284
Change-Id: Ia814899bf6e33dd4989fd09329542b4bc09b48df
Reviewed-on: https://chromium-review.googlesource.com/c/1405036
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58723}
If feedback for call site frequency is 0, then the combined frequency
is still 0, even if the current function invocation count is infinity.
Bug: chromium:919754
Change-Id: I97be096b6b38f934fb13f01b2b22e148c539e1c0
Reviewed-on: https://chromium-review.googlesource.com/c/1404445
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58714}
If a species constructor is installed, filter() needs to loop over
the elements of the array in the "slow" way, because it doesn't
know the ElementsKind of the output array. The code failed to
bail out to the slow case for the loop right away on discovering this.
Bug: chromium:920184, chromium:920491
Change-Id: I74496db20a90807b631c1bebe7604d85b199df67
Reviewed-on: https://chromium-review.googlesource.com/c/1405035
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58713}
Use the right register type for the temporary register.
R=titzer@chromium.org
Bug: v8:6600, chromium:917588
Change-Id: Ia2617f6b406924ca7f496608fd495faf04dff25b
Reviewed-on: https://chromium-review.googlesource.com/c/1403127
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58711}
Keep track of loop nesting depth on FunctionState and use that to decide
whether to mark var as assigned. That also fixes the weird cornercase where a
loop body can have multiple expressions due to multiple declarations with
independent initializers in a single var-statement.
Change-Id: Ia24affde29e22e9464448fd390062f6dd983faf2
Reviewed-on: https://chromium-review.googlesource.com/c/1405037
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58707}
The IteratorClose spec specifies that exceptions in
%GetMethod(iterator.return) are not suppressed by exceptions in the
given continuation (body of a loop, assignments in destructuring),
while exceptions in the execution of iterator.return() are.
This means that we have to split out the property access + a typeof
check to be outside the try-catch, and keep the call inside of it.
The non-split version is only for cases when there is no 'throws'
continuation (as is the case for yield* calling IteratorClose), so
the existing BuildIteratorClose can be renamed to reflect this.
Change-Id: Id71aea4fddd6ffb986bd9aaa09d29615a8800f71
Reviewed-on: https://chromium-review.googlesource.com/c/1402789
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58694}
This CL disables RX (read and execute) permissions for Code memory
when in jitless mode. All memory that was previously allocated RX
is now read-only.
Bug: v8:7777
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Change-Id: I52d6ed785d244ec33168a02293c5506d26f36fe8
Reviewed-on: https://chromium-review.googlesource.com/c/1390122
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58692}
Since register can be used multiple times on the stack, they can also
be spilled into multiple stack slots. At merge points, we then might
have to reload the spilled slots. A DCHECK currently checks that each
register is only loaded once. Instead of failing, just load the first
stack slot, the others are statically known to contain the same value
anyways.
R=ahaas@chromium.org
Bug: v8:6600, chromium:919533
Change-Id: Ic0c806238b2997f006829b4b509a50468a55befa
Reviewed-on: https://chromium-review.googlesource.com/c/1403124
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58676}
The unwinding info writer was assuming that a block that had no initial
state must be the start or end block. It was trying to check if the
block was the start or end by asserting that the block had either
no predecessors or no successors. Loop rotation breaks this assumption,
since it can move a block from inside a loop to before the loop
header, and the block can then be the "start" block. But since
such a block has both predecessor(s) and a successor, the check was
wrong.
R=clemensh@chromium.org
BUG=chromium:913844
Change-Id: Ic24c67a822d510cb082f25608089d313c3459be8
Reviewed-on: https://chromium-review.googlesource.com/c/1373770
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58675}
This CL adds support for anyref in WebAssembly.Global objects. Note
that the specification is not complete yet in this area.
I did the following changes:
- I renamed the `array_buffer` field of WasmGlobalObject to
`untagged_buffer`
- I added an additional field of type FixedArray, `tagged_buffer`.
- In the constructor of WasmGlobalObject I allocate either the former
or the latter, but not both.
- In the WebAssembly.Global constructor I added special handling for
the case where no initial value is provided. In that case I set the
inital value to `null` and not to `undefined`.
R=titzer@chromium.org
Bug: v8:7581
Change-Id: I7e4855d7e6c04a9bcdc7ebd450caca5819d060e2
Reviewed-on: https://chromium-review.googlesource.com/c/1398226
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58625}
If we have both f32 and f64 locals, we use the same register to hold
their zero value. On stack transfers, we might thus encounter the same
fp register with both the f32 and f64 type. Explicitly allow that case
to happen.
R=ahaas@chromium.org
Bug: chromium:918917, v8:6600
Change-Id: I6937008d38853fe2bdccd9715e1a2499cf6bf7c6
Reviewed-on: https://chromium-review.googlesource.com/c/1398225
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58623}
This CL prevents redundancy elimination from widening types, which
can cause problems if the input of a DeadValue (which has type None)
is replaced by an equivalent node that does not have type None. This
can happen because load elimination does not re-type nodes, for
example.
Bug: chromium:919340
Change-Id: I89e872412edbcdc610e70ae160cde56cd045006c
Reviewed-on: https://chromium-review.googlesource.com/c/1397709
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58617}
This is a reland of part of
https://chromium-review.googlesource.com/c/v8/v8/+/1397664.
It drops the explicit fni_.Infer() call after parsing arrow functions. We'll
want to avoid inferring if the arrow function is an argument to a function
call.
It also avoids adding the single argument of "name => " to the inferred name.
Bug: chromium:916975
Change-Id: I96a934408113483d73eba14073fe21e8cfe2ada6
Reviewed-on: https://chromium-review.googlesource.com/c/1397665
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58613}
Fix WebAssembly's global/constructor js-api. Globals with a value
of i64 is now valid even if Wasm BigInt feature isn't activated.
Bug: v8:8319
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Change-Id: Ia41ad69efa5253064ecdb8f59b149393cd672b68
Reviewed-on: https://chromium-review.googlesource.com/c/1382747
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58603}
- Removes the last `CORE` JS native script: `prologue.js`.
- Removes build step and bootstrapping associated with building/loading `CORE` JS natives.
- Removes `natives_utils_object` from context.
- Deprecates `--expose-natives-as` flag.
- Ports extra utils functions to C++ (`uncurryThis`) or Torque
(`createPrivateSymbol`, `markPromiseAsHandled`, and `promiseState`).
- Move extra utils constants initialization into bootstrapper
(`kPROMISE_PENDING`, `kPROMISE_FULFILLED`, `kPROMISE_REJECTED`).
- Removes unused extra utils functions `log` and `logStackTrace`.
Drive-by: Added test coverage for Array#includes being an unscopeable.
Bug: v8:7624
Change-Id: I5d983f8d11b76cb4dd3c2c67592ce1dc88364cd9
Reviewed-on: https://chromium-review.googlesource.com/c/1381672
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#58577}
We cannot take the fast-path if the user messed with the Symbol.species
property on the Promise.prototype, as that makes the internal promises
observable.
Bug: chromium:917076
Change-Id: I928e0bd17836ca78cf88591610526aa7bc1d293c
Reviewed-on: https://chromium-review.googlesource.com/c/1396426
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58563}
With this CL it is possible to import any JavaScript object as an anyref
global. The exception is WasmGlobalObject, which cannot hold anyref
globals yet.
R=clemensh@chromium.org
Bug: v8:7581
Change-Id: I5b0fc686a4ec5c579d1d635b53be5ccdf0a78f27
Reviewed-on: https://chromium-review.googlesource.com/c/1382452
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58557}
The {movsx_b} instruction can only take byte registers (or operands) as
source. Ensure that for i8 sign extensions to i64, the src register is
moved to a temporary byte register first, similar to the same operation
on i32 a few lines above.
R=ahaas@chromium.org
Bug: chromium:918149, v8:6600
Change-Id: I17bc942127baee57279a7fc0caac9d82bd7c6bfb
Reviewed-on: https://chromium-review.googlesource.com/c/1394555
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58542}
regress-6989 uses assertOptimized and will hence fail randomly depending
on GC timing. This means we should not run it under GC stress.
This can be verified by running the test under GC stress and changing the
--gc-interval. It is easy to find values for which the test fails, and
values for which the test passes.
Change-Id: Ibd8bfbc1712ad60830255e4d89ea795023134891
Reviewed-on: https://chromium-review.googlesource.com/c/1396078
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58540}
We currently trigger a GC when creating a module while the remaining
uncommitted code space is below 32MB. For bigger modules, this is not
enough. Instead, make this limit relative: Trigger GC if we fall below
50% of the available code space, and re-adjust this limit after each GC
to avoid repeated GCs that do not free anything.
R=ahaas@chromium.org
Bug: v8:8624
Change-Id: I7abfad3b57663d528a26d29232ad6bc2dc63cef4
Reviewed-on: https://chromium-review.googlesource.com/c/1391753
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58527}
We currently de-duplicate used registers also in regions which do not
need merging. In those regions though it can never happen that we need
to pass different values from any merge input. Apart from introducing
unnecessary register moves, this also causes a DCHECK to fail, because
we might later want to merge back different registers into one.
Assume this initial stack state (where each letter is a register):
[A B B C]
If in any child block the two Bs get de-duplicated so something like
[A B D C]
then we run into trouble when merging back this state into the parent
state, because both B and D would need to be put into B.
In this case we can statically infer that B and D must hold the same
value anyway, but having this situation does not make much sense in the
first place, so the DCHECK fires correctly.
R=titzer@chromium.org
Bug: v8:8423, chromium:917412
Change-Id: I24c36b062e04a134cf7051725afab98126753f31
Reviewed-on: https://chromium-review.googlesource.com/c/1392190
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58522}
On x64 the {kScratchRegister} cannot be held in a {LiftoffRegister},
since it is not a valid cache register. Also, the code unnecessarily
checked whether there is an unused cache register, but then didn't use
it. Simplify the logic to always use the scratch register, just
distinguish between 4-byte and 8-byte moves.
On ia32 we did not move 64-bit values correctly if we didn't have
unused registers and needed to move via the stack.
R=titzer@chromium.org
Bug: v8:6600, chromium:917588, chromium:917450
Change-Id: I0bbe946c6ac8fca62f85711ae47afdac9c02ae6b
Reviewed-on: https://chromium-review.googlesource.com/c/1391755
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58521}
If the parameter list contains class declarations we should use the
block scope corresponding to the class when rewriting the initializers.
Bug: chromium:917988
Change-Id: I7fcd44a264b7c0113cbd821b759e0bee6c9345a0
Reviewed-on: https://chromium-review.googlesource.com/c/1392240
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58515}
Identify validation fails to read the index of prefixed opcodes, and not
continue to decode the next bytes.
Change-Id: I2c737af55615ba69ba0c5f5adf18a06c6cdb951a
Bug: chromium:905815
Reviewed-on: https://chromium-review.googlesource.com/c/1390927
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58485}
%AddNamedProperty was only used by regression tests, and is easily
replaced by Object.defineProperty (or deleted, in the case of a
cctest that was designed to test it directly).
%AddElement was unused (probably due to the death of array.js).
Bug: v8:7624
Change-Id: Icc17fd7a7419aa649275414a351f176f104040e2
Reviewed-on: https://chromium-review.googlesource.com/c/1387990
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58448}
This reverts commit 3411e7c3e8.
Reason for revert: Breaks test expecations - https://ci.chromium.org/p/chromium/builders/luci.chromium.try/linux_chromium_rel_ng/260731
Original change's description:
> [parser] Create arrow function scopes while parsing the head
>
> This simplifies NextArrowFunctionInfo, allows us to Scope::Snapshot::Reparent
> directly rather than moving it, and allows us to skip reparenting in the simple
> parameter arrow function cases.
>
> This CL additionally fixes arrow function name inferring.
>
> Change-Id: Ie3e5ea778f3d7b84b2a10d4f4ff73931cfc9384a
> Reviewed-on: https://chromium-review.googlesource.com/c/1386147
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58405}
TBR=ishell@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I8f31b96f844f0673364bf435fa6c809e40d62fa3
Reviewed-on: https://chromium-review.googlesource.com/c/1388541
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58446}
This changes a few bits about how continuation counters are handled.
It introduces a new mechanism that allows removal of a continuation
range after it has been created. If coverage is enabled, we run a first
post-processing pass on the AST immediately after parsing, which
removes problematic continuation ranges in two situations:
1. nested continuation counters - only the outermost stays alive.
2. trailing continuation counters within a block-like structure are
removed if the containing structure itself has a continuation.
R=bmeurer@chromium.org, jgruber@chromium.org, yangguo@chromium.org
Bug: v8:8381, v8:8539
Change-Id: I6bcaea5060d8c481d7bae099f6db9f993cc30ee3
Reviewed-on: https://chromium-review.googlesource.com/c/1339119
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58443}
Ensure that GetUnusedRegister is always called before
acquiring the scratch register in case it is needed
for spilling the value of the used register.
Bug: v8:6600, chromium:910824
Change-Id: I93ae684ad504584807dfa6227b6af14609c6bcf5
Reviewed-on: https://chromium-review.googlesource.com/c/1387498
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58442}
This is a reland of 0e22ec737b
Original change's description:
> [regexp] Escape newlines when setting [[OriginalSource]]
>
> This escapes LineTerminator characters in a regexp pattern when
> creating the string that will be stored in the [[OriginalSource]] slot.
>
> As an example, the source property for all following objects will equal
> "\n" (a '\' character followed by 'n'):
>
> /\n/
> new RegExp("\n")
> new RegExp("\\n")
>
> Bug: v8:1982, chromium:855009
> Change-Id: I3b539497a0697e3d51ec969cae49308b0b312a19
> Reviewed-on: https://chromium-review.googlesource.com/c/1384316
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58387}
Bug: v8:1982, chromium:855009
Change-Id: I1ba22395477ec37e8e8c944000f9beade1e3250b
Reviewed-on: https://chromium-review.googlesource.com/c/1386495
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58419}
This simplifies NextArrowFunctionInfo, allows us to Scope::Snapshot::Reparent
directly rather than moving it, and allows us to skip reparenting in the simple
parameter arrow function cases.
This CL additionally fixes arrow function name inferring.
Change-Id: Ie3e5ea778f3d7b84b2a10d4f4ff73931cfc9384a
Reviewed-on: https://chromium-review.googlesource.com/c/1386147
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58405}
This reverts commit 0e22ec737b.
Reason for revert: Breaks layout tests:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/28814
Original change's description:
> [regexp] Escape newlines when setting [[OriginalSource]]
>
> This escapes LineTerminator characters in a regexp pattern when
> creating the string that will be stored in the [[OriginalSource]] slot.
>
> As an example, the source property for all following objects will equal
> "\n" (a '\' character followed by 'n'):
>
> /\n/
> new RegExp("\n")
> new RegExp("\\n")
>
> Bug: v8:1982, chromium:855009
> Change-Id: I3b539497a0697e3d51ec969cae49308b0b312a19
> Reviewed-on: https://chromium-review.googlesource.com/c/1384316
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58387}
TBR=yangguo@chromium.org,jgruber@chromium.org,mathias@chromium.org
Change-Id: I1db7e6a0c6cd1cd995fe9f499458108e88dc8cb9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:1982, chromium:855009
Reviewed-on: https://chromium-review.googlesource.com/c/1386493
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58396}
The source register of {movsx_b} must be a byte register.
Drive-by: Add missing sign extension opcodes to wasm-constants.js.
R=herhut@chromium.org
Bug: chromium:916869
Change-Id: I571c1ea2a0e197afefc810f306eed238250cd5e0
Reviewed-on: https://chromium-review.googlesource.com/c/1386110
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58394}
Disable mjsunit/spread-large-array and mjsunit/spread-large-string in
lite mode.
Bug: v8:8394
Change-Id: I630efc1e2b397189b0ea1e602fbfa472851abe1f
Reviewed-on: https://chromium-review.googlesource.com/c/1386484
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58391}
This escapes LineTerminator characters in a regexp pattern when
creating the string that will be stored in the [[OriginalSource]] slot.
As an example, the source property for all following objects will equal
"\n" (a '\' character followed by 'n'):
/\n/
new RegExp("\n")
new RegExp("\\n")
Bug: v8:1982, chromium:855009
Change-Id: I3b539497a0697e3d51ec969cae49308b0b312a19
Reviewed-on: https://chromium-review.googlesource.com/c/1384316
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58387}
It's been enabled for several releases now.
R=gsathya@chromium.org
Change-Id: Ib1806a1373821ee542dae2fd80f639b56bd99ed9
Reviewed-on: https://chromium-review.googlesource.com/c/1384796
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58381}
Don't allocate feedback vectors and feedback metadata in lite mode.
Also updates to skip tests that require feedback vectors.
This is a reland of
https://chromium-review.googlesource.com/c/v8/v8/+/1384087 after skipping
the failing tests.
Bug: v8:8394
Change-Id: I7766533b85a144e62996ceed8d542cdc534feeb5
Reviewed-on: https://chromium-review.googlesource.com/c/1384307
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58363}
We don't eagerly throw for assignments to calls; see v8:4480. They are simply
turned into assignments to Property instead. We need to record a declaration
error, however. Otherwise we'll end up with a Property in a declaration
context.
To reduce the scope of the lazy throwing, in this fix I record a pattern error
instead, making calls as assignment target in a destructuring assignment
context throw eagerly.
Bug: chromium:916288
Change-Id: If94a46b5d2b65c3549c641e0e19135c6c8af7a9a
Reviewed-on: https://chromium-review.googlesource.com/c/1384084
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58357}
This reverts commit 62e86b88e5.
Reason for revert: Fails on arm sim lite debug: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite%20-%20debug/1075
Original change's description:
> Do not allocate feedback vectors and feedback metadata in lite mode
>
> Don't allocate feedback vectors and feedback metadata in lite mode.
> Also updates to skip tests that require feedback vectors.
>
> Bug: v8:8394
> Change-Id: I22c64a32c44bb8f25fb09003d6e9fc5a04e84f8a
> Reviewed-on: https://chromium-review.googlesource.com/c/1378173
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58351}
TBR=rmcilroy@chromium.org,yangguo@chromium.org,mlippautz@chromium.org,mythria@chromium.org
Change-Id: I88fd37ea4e21aa2cc81eceb87ddb35c23224beae
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8394
Reviewed-on: https://chromium-review.googlesource.com/c/1384087
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58355}
- Directly declares the special catch variable from the parser-base.
- Tracks Scope on PreParserBlock and finds conflicting lexical declarations by
simply walking the VariableMap of the block inserted for the pattern; or the
catch variable in case of identifier.
- This also enables throwing errors for duplicate let in the preparser. We may
have to back that out if it breaks something.
Bug: v8:2728, v8:7828
Change-Id: Id2eea62062533eb99cd6670c42a4b1da87139008
Reviewed-on: https://chromium-review.googlesource.com/c/1382095
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58353}
Don't allocate feedback vectors and feedback metadata in lite mode.
Also updates to skip tests that require feedback vectors.
Bug: v8:8394
Change-Id: I22c64a32c44bb8f25fb09003d6e9fc5a04e84f8a
Reviewed-on: https://chromium-review.googlesource.com/c/1378173
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58351}
Now just accumulate right before we might validate a property and once we're
done, so we're guaranteed to catch all PatternErrors.
Bug: v8:8607
Change-Id: Ibc5bc7773756f4827868ca01d0f9fb0c5545e59b
Reviewed-on: https://chromium-review.googlesource.com/c/1382749
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58343}
Otherwise the error would have been dropped between the previous
accumulate and the subsequent ValidateExpression.
Bug: v8:8607
Change-Id: I29f5d5b6887b57f4b70369ba370fe0b44b1d6798
Reviewed-on: https://chromium-review.googlesource.com/c/1382744
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58339}
When we call ObjectToString on JSValues we only looked at string tags
on the prototype map of the JSValue's value type and do not check the
tags on the JSValue's prototype chain which may be non-trivial if
subclassing is involved. For ex: if we have a class Test extend Number,
we only looked for tags on the Number prototype and not on the Test
prototype. This cl fixes the builtin to also check for these cases.
Bug: v8:7706
Change-Id: I9f0e3bb6499646bf27b92bf4fb4e9014f6efa56b
Reviewed-on: https://chromium-review.googlesource.com/c/1378176
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58338}
This is a reland of fac6f63eb8, after
adding initialization of unused element slots.
Original change's description:
> Use CopyElements (which uses memcpy) to copy FixedDoubleArray.
>
> This improves the performance of ExtractFixedArray and
> CloneFastJSArray for double arrays, which in turn improve the
> performance of cloning double arrays with slice() or spreading.
>
> This, however, does not improve performance of spreading holey
> double arrays, because spreading needs extra work to convert
> holes to undefined.
>
> Bug: v8:7980
> Change-Id: Ib8aed74abbb0b06982a3b754e134fa415cb7de2d
> Reviewed-on: https://chromium-review.googlesource.com/c/1280308
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Hai Dang <dhai@google.com>
> Cr-Commit-Position: refs/heads/master@{#56680}
Bug: v8:7980
Change-Id: I899af60c061b9cd6eb619c247c5fc515b92e9fd7
Reviewed-on: https://chromium-review.googlesource.com/c/1382735
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58333}
This changes how rewind upon preparser abort works. It now rewinds to the start
of the parameter scope. In the case of "function X(" it is before the "(". In
the case of arrow functions it's before the start of the arrow function. This
allows us to reparse the arrow function from the start so all parameters are
declared properly.
Bug: v8:2728, v8:7390
Change-Id: I1c40056a49ec198560e63cd73949a59221ee0401
Reviewed-on: https://chromium-review.googlesource.com/c/1382736
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58332}
This CL implements the global.get and global.set instruction for anyref
globals. This includes:
* Properly decode anyref globals.
* Add a FixedArray to WasmInstanceObject to store anyref globals.
* Initialize the FixedArray.
* Generate code for global.get and global set.
This CL does not allow to import globals yet.
R=clemensh@chromium.org
Bug: v8:7581
Change-Id: I62617409271d9b6f2253a191681189865aa1f459
Reviewed-on: https://chromium-review.googlesource.com/c/1380112
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58318}
Since it's explicit what we're tracking, we can immediately throw errors in
certain cases, and ignore irrelevant errors. We don't need to use the
classifier itself to track "let let", since we know whether we're parsing a
"let". Errors that were previously (almost) always accumulated are now
immediately pushed to the scopes that care (parameter initialization errors).
This CL drops avoiding allocation of classified errors, at least for now, but
that doesn't affect performance anymore since we don't aggressively blacklist
anymore. Classified errors are even less likely with the more precise approach.
ParseAssignmentExpression doesn't introduce its own scope immediately, but
reuses the outer scope.
Rather than using full ExpressionClassifiers + Accumulate to separate
expressions/patterns from each other while keeping track of the overall error
state, this now uses an explicit AccumulationScope.
When we parse (async) arrow functions we introduce new scopes
that track that they may be (async) arrow functions.
We track StrictModeFormal parameters in 2 different ways if it isn't
immediately certain that it is a strict-mode formal error: Either directly on
the (Pre)ParserFormalParameters, or on the NextArrowFunctionInfo in the case
we're not yet certain that we'll have an arrow function. In the latter case we
don't have a FormalParameter object yet, and we'll copy it over once we know
we're parsing an arrow function. The latter works because it's not allowed to
change strictness of a function with non-simple parameters.
Design doc:
https://docs.google.com/document/d/1FAvEp9EUK-G8kHfDIEo_385Hs2SUBCYbJ5H-NnLvq8M/
Change-Id: If4ecd717c9780095c7ddc859c8945b3d7d268a9d
Reviewed-on: https://chromium-review.googlesource.com/c/1367809
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58307}
New API is here: https://github.com/tc39/proposal-weakrefs/issues/55
The WeakCell parts stay in the old API, resulting in temporary code duplication
in some parts. Those parts will go away once the WeakCell-related parts are
migrated to the new API (but the spec needs some work first).
BUG=v8:8179
Change-Id: I81ca824a14d830e3c5fa515d5ad7e5f78c10e19d
Reviewed-on: https://chromium-review.googlesource.com/c/1378171
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58264}
Do not set the name property on any function or classes. This is not
required as per spec #sec-__proto__-property-names-in-object-initializers.
Bug: v8:7773
Change-Id: Iade96573690e5b14b60434c37683f782cf9cb2cb
Reviewed-on: https://chromium-review.googlesource.com/c/1375912
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58239}
ProtectedLoad/ProtectedStore opcodes are used in WebAssembly to represent memory
accesses. Since they are not part of the allowed opcodes in OwnedByAddressingOperand
it is not possible to take advantage of addressing modes to encode common patterns
for the pointer input value.
R=jarin@chromium.org
Bug: v8:8508
Change-Id: Ic62bf13fed7b1d86afb112d9aa59cd7073a28e72
Reviewed-on: https://chromium-review.googlesource.com/c/1354458
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58237}
Also disables --stress-flush-bytecode on some mjsunit tests which fail
when bytecode flushing is stressed due to test invariants.
Bug=v8:8395
Change-Id: If627910214b3c266e7776340ba182829148e8289
Reviewed-on: https://chromium-review.googlesource.com/c/1372071
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58230}
`memory.init` copies bytes from a passive data segment to linear memory.
`memory.drop` is an instruction that informs the wasm VM that the instance no
longer needs access to the passive data segment.
Information about the passive data segments, including their contents, length,
and whether they are dropped, is stored in the `WasmInstanceObject` as primitive
arrays.
Bug: v8:7747
Change-Id: I1515c8868c9be227743456a539126c15280b5365
Reviewed-on: https://chromium-review.googlesource.com/c/1370691
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58196}
This makes sure we properly recognize a newline character as part of
semicolon insertion, even if the newline appears after a CPP-style
single line comment. The same applies for newlines within C-style multi
line comments.
R=clemensh@chromium.org
TEST=mjsunit/asm/regress-913822
BUG=chromium:913822
Change-Id: I64f098d7e386dea7b7fb6c233c1625425e36bde0
Reviewed-on: https://chromium-review.googlesource.com/c/1373551
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58189}
As per (https://github.com/tc39/proposal-string-matchall/pull/41), String.p.matchAll's fallback was removed.
Additionally, removed a IsNullOrUndefined check that was already covered by MaybeCallFunctionAtSymbol.
Updates to Test262 has been submitted: https://github.com/tc39/test262/pull/1990
Bug: v8:6890
Change-Id: I246cbbcb4641ebded704c5f772809f182deaa30e
Reviewed-on: https://chromium-review.googlesource.com/c/1369091
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58172}
This makes the deoptimizer happy, and is more consistent with other
Torque JS functions.
BUG=chromium:912504, v8:8021
R=tebbi@chromium.org, danno@chromium.org, mvstanton@chromium.org, gsathya@chromium.org
Change-Id: I4c86db9549c367dfab7f76b49a0cf3c69d3ec50b
Reviewed-on: https://chromium-review.googlesource.com/c/1366397
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58161}
We assert that loops always have effect phis because there must be
a stack check in every loop. However, with generators, the stack check
may end up outside of loop because the dispatch switch is built first
(while the dispatch switch will also keep the loop backedge alive).
The logic for creating effect phis is already in the code, so
removing the dcheck should be fine.
Bug: chromium:913232
Change-Id: Icf4df831e8b47350543c2b82a34bd3af98782a16
Reviewed-on: https://chromium-review.googlesource.com/c/1372065
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58160}
These are some tests I thought were missing. I wrote another test which
crashes because of missing safepoint maps. I will add it in a separate
CL which includes also the implementation.
R=herhut@chromium.org
Bug: v8:7581
Change-Id: Ibcc3b9ddab0f95580eb31fe78c84a26186a74db5
Reviewed-on: https://chromium-review.googlesource.com/c/1370039
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58159}
Uses the JavaScript BigInt Object to represent Wasm's 64bits integers.
Attention, 32 bits architectures are not supported yet.
Bug: v8:7741
Change-Id: I28b718fa567bca5103b2f38a879049cd20a46f12
Reviewed-on: https://chromium-review.googlesource.com/c/1355144
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58152}
We hit a DCHECK in the wasm graph builder because the current SSA
environment is unreachable. We were using the wrong block (the target
block) to do the reachability check.
R=titzer@chromium.org
Bug: chromium:913804
Change-Id: I4cfd3a0c696fb63903a47e4448362626a524340d
Reviewed-on: https://chromium-review.googlesource.com/c/1371566
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58150}
This is purely a renaming change. The ES spec uses the term 'detach'
for the process of removing the backing store of a typed array, while
V8 uses the historical term 'neuter'. Update our internal implementation,
including method names and flag names, to match the spec.
Note that some error messages still use the term 'neuter' since error
messages are asserted by some embedder tests, like layout tests.
R=bmeurer@chromium.org, yangguo@chromium.org, mstarzinger@chromium.org, mlippautz@chromium.org
BUG=chromium:913887
Change-Id: I62f1c3ac9ae67ba01d612a5221afa3d92deae272
Reviewed-on: https://chromium-review.googlesource.com/c/1370036
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58149}
The typing of SpeculativeSafeIntegerSubtract didn't include -0, and the
SimplifiedLowering rules for SpeculativeSafeIntegerSubtract didn't
properly handle the case of `-0 - 0`, but would always pass Word32
truncations.
Bug: chromium:913296
Change-Id: I0e5a401f075db8b349a5579e1e294df97378ea49
Reviewed-on: https://chromium-review.googlesource.com/c/1370042
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58147}
We no longer implement part of the debugger in JS. Therefore we can
remove the infrastructure to support this in the bootstrapper.
Also includes some drive-by cleanups.
Bug: v8:5530
R=petermarshall@chromium.org
Change-Id: I06628a559c17f99c70029fcc94848b0c78f1d3e9
Reviewed-on: https://chromium-review.googlesource.com/c/1369945
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58140}
Fix and re-enable tests for WebAssembly's memory/constructor and
table/constructor js-api.
It introduces the '[EnforceRange] unsigned long' algorithm used
to validate initial and maximum properties.
The initial property is now required, by the switch to the Web IDL
specification. Most of the input validations errors are now considered
TypeError instead of RangeError.
The WasmTableObject and WasmMemoryObject APIs use more consistently uint32_t
to ensure integer range and remove the need for bounds checks.
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: v8:8319
Change-Id: Iedd3ee6484ef688a5e96f93006eb6ca66d805a48
Reviewed-on: https://chromium-review.googlesource.com/c/1354043
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58138}
This implementation currently only supports the optimized tier.
Bug: v8:7747
Change-Id: Ia1af29b11a5d3e8a48b122f6cf3240c9f5948bfb
Reviewed-on: https://chromium-review.googlesource.com/c/1364710
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58137}
Just pass a pointer to the current stack. This makes it easier to reuse
the {DoReturn} method for breaks to the outermost block.
R=titzer@chromium.org
Bug: v8:8423
Change-Id: Ide8533b154daa227e044820bb9c181f836ba654a
Reviewed-on: https://chromium-review.googlesource.com/c/1370028
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58132}
MIPS32 doesn't have instructions to properly handle 64-bit atomic
instructions.
Skipping those test on MIPS64 simulator because they have flaky
TIMEOUT on buildbots.
Change-Id: I31511dfce70a933b9326a7c270509c5f31af743a
Reviewed-on: https://chromium-review.googlesource.com/c/1367450
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Predrag Rudic <prudic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#58125}
This is a reland of 9c2c8f15f8
Original change's description:
> [wasm] Support encoding s128 simd types in exceptions.
>
> This adds support for having simd type values (i.e. s128) stored in an
> exception. It is the natural combination of the simd propsal and the
> exception handling proposal.
>
> R=clemensh@chromium.org
> TEST=mjsunit/wasm/exceptions-simd
> BUG=v8:8390
>
> Change-Id: I01079f82a6ba4d9152de4dae63e3db1584ca7cd8
> Reviewed-on: https://chromium-review.googlesource.com/c/1363141
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58098}
Bug: v8:8390
Change-Id: I333c50cd766055f74b023df626d0fd90fdef3bac
Reviewed-on: https://chromium-review.googlesource.com/c/1370024
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58122}
This reverts commit 9c2c8f15f8.
Reason for revert: New test crashes: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux/28948
Original change's description:
> [wasm] Support encoding s128 simd types in exceptions.
>
> This adds support for having simd type values (i.e. s128) stored in an
> exception. It is the natural combination of the simd propsal and the
> exception handling proposal.
>
> R=clemensh@chromium.org
> TEST=mjsunit/wasm/exceptions-simd
> BUG=v8:8390
>
> Change-Id: I01079f82a6ba4d9152de4dae63e3db1584ca7cd8
> Reviewed-on: https://chromium-review.googlesource.com/c/1363141
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58098}
TBR=mstarzinger@chromium.org,gdeepti@chromium.org,clemensh@chromium.org
Change-Id: Iedcfba36af925249131a2b0e9aebd92321ae72f5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8390
Reviewed-on: https://chromium-review.googlesource.com/c/1367808
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58102}
This adds support for having simd type values (i.e. s128) stored in an
exception. It is the natural combination of the simd propsal and the
exception handling proposal.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-simd
BUG=v8:8390
Change-Id: I01079f82a6ba4d9152de4dae63e3db1584ca7cd8
Reviewed-on: https://chromium-review.googlesource.com/c/1363141
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58098}
This replaces Runtime_RunMicrotasks with Runtime_PerformMicrotaskCheckpoint.
RunMicrotasks forcibly runs Microtasks even when the microtasks are suppressed,
and may causes nested Microtasks in a problematic way. E.g. that confuses
v8::MicrotasksScope::IsRunningMicrotasks() and GetEnteredOrMicrotaskContext().
OTOH, PerformMicrotaskCheckpoint() doesn't run cause the failure as it
respects the microtask suppressions.
As all existing tests don't call RunMicrotasks() in the suppressed situation
(like Promise.resolve().then(()=>{%RunMicrotasks();})), this change should
not affect to these tests.
Change-Id: Ib043a0cc8e482e022d375084d65ea98a6f54ef3d
Reviewed-on: https://chromium-review.googlesource.com/c/1360095
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58068}
Currently, if we lower to a pure computation that is unreachable because
of some runtime check, we just rename it with DeadValue. This is
problematic if the pure computation gets later eliminated - that allows
the DeadValue node float above the check that makes it dead. As we
conservatively lower DeadValues to debug-break (i.e., crash), we
might induce crash where we should not.
With this CL, whenever we lower an impossible effectful node (i.e., with
Type::None) to a pure node in simplified lowering, we insert an
Unreachable node there (pinned to the effect chain) and mark the
impossible node dead (and make it depend on the Unreachable node).
Bug: chromium:910838
Change-Id: I218991c79b9e283a9dd5beb4d3f0c4664be76cb2
Reviewed-on: https://chromium-review.googlesource.com/c/1365274
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58066}
Make sure WebAssembly's js-api exposes the correct attributes: writable,
enumerable and configurable.
Bug: v8:8319
Change-Id: I427533159d7975a42c0c5cb1babdc8a61f8198b5
Reviewed-on: https://chromium-review.googlesource.com/c/1351002
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58053}
The existing implementation embedded an isolate-specific pointer to the
thread-in-wasm flag in the wrapper code. However, when the module code
is shared among multiple workers, this can mean that the workers
share the same thread-in-wasm flag.
With this change we load the pointer to the flag at runtime from the
current isolate. Thereby the correct flag is used even when the same
code is executed on different workers.
Note that we could access the right flag address by going through the
root register. However, changing the code generation to use the root
register requires some inconvenient steps:
* Pass the isolate to the pipeline again, which we don't want.
* Change the WasmCallDescriptor to allow the use of the root register
for wrappers but not for other code.
To avoid these issues, and allow the CL to be easy to merge back, we
got for the changes proposed here.
R=mstarzinger@chromium.org, ishell@chromium.org
Bug: v8:8533
Change-Id: If15565a7ad7cba835cfc1628e7a4d3fdef90a5c0
Reviewed-on: https://chromium-review.googlesource.com/c/1358518
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58044}
Taking kSystemPointerSize into account when determining the maximum
allowed BigInt size accidentally made the limit platform-specific.
This patch chooses a platform-independent constant (1<<30) instead.
Bug: chromium:909614
Change-Id: I4717969bc56e6dd5f1eed70b7e60e621989d0719
Reviewed-on: https://chromium-review.googlesource.com/c/1355625
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57983}
The optimized code for TestSetWithCustomIterator holds a weak reference to the map
for the entries object. If this is collected by the GC then the optimized code deopts
which causes the test to fail. To prevent this, hold onto an entires object to keep
it's map alive.
Change-Id: I5796e74fc1d7c5061bf8c98f7a82fe582d6be76a
Reviewed-on: https://chromium-review.googlesource.com/c/1357043
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57978}
Add the arm architecture to the list of archs that support
Liftoff in mjsunit and so run the Liftoff tests for it.
Bug: v8:6600
Change-Id: I4896f0727f6ccc3343f5d517e100840f76dd901d
Reviewed-on: https://chromium-review.googlesource.com/c/1357040
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57976}
The placement of the exceptipon section is by now restricted to be in
between the Global and the Import section. This changes our validation
to check this stricter requirement now.
R=clemensh@chromium.org
TEST=unittests/WasmModuleVerifyTest
BUG=v8:8091
Change-Id: Ib3ea625fd4df93bffda47ced09e6969159f7ac70
Reviewed-on: https://chromium-review.googlesource.com/c/1356504
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57962}
This is a reland of 9436e8a817
This CL simplifies the wasm/futex.js test so that it doesn't push the
limits of d8.
Original change's description:
> [wasm] Add I64AtomicWait implementation
>
> Bug=v8:8075
> R=adamk@chromium.org,binji@chromium.org
>
> Change-Id: I11ef5daccd043123b23e60c93ee0df79cabe9ccd
> Reviewed-on: https://chromium-review.googlesource.com/c/1342948
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Ben Smith <binji@chromium.org>
> Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57917}
Change-Id: Ifd26f1ecdb9fe24a1896162bb4d4285f9188a9ba
Reviewed-on: https://chromium-review.googlesource.com/c/1351304
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57953}
Bug=v8:8075
R=adamk@chromium.org,binji@chromium.org
Change-Id: I11ef5daccd043123b23e60c93ee0df79cabe9ccd
Reviewed-on: https://chromium-review.googlesource.com/c/1342948
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57917}
This constant is unused, and should never be used, since name sections
are encoded as an unknown section with the special name "name".
R=ahaas@chromium.org
Change-Id: I2fa1a21506dbe30033aecb3c1bf9ad84b6b872bc
Reviewed-on: https://chromium-review.googlesource.com/c/1352305
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57905}
This avoids leaving the heap in an invalid state if a GC occurs during
population of the cloned property array, as is done in other IC
builtins.
BUG=chromium:904167, v8:7611
R=jkummerow@chromium.org, ishell@chromium.org
Change-Id: I0350ed2d65b72e299f7109b7d5aa86331f60e940
Reviewed-on: https://chromium-review.googlesource.com/c/1350282
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57879}
The {setTableLength} method is redundant and has a single user. Remove
it, use {setTableBounds} instead.
Drive-by: Add default to the table max, to document that this can
actually be {undefined}, in which case the table has no maximum.
R=binji@chromium.org
Bug: v8:8238
Change-Id: I0d7a2f4d49d083f7adadbb4b6cd4933bcb1dc174
Reviewed-on: https://chromium-review.googlesource.com/c/1350126
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57860}
This CL adds new Wasm import call kinds that correspond to various
math functions that can be imported from JavaScript, such as trigonometry.
Instead of calling a special import wrapper that converts arguments
to tagged values by boxing, we can now generate calls to little WASM
stubs that contain a single WASM bytecode each.
R=mstarzinger@chromium.org
BUG=v8:8423
Change-Id: I59b1be2dd36d190a8b6c98b88c86cecc0ca7f4a2
Reviewed-on: https://chromium-review.googlesource.com/c/1349279
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57835}
We cannot assign a meaningful type to Promise#catch() or
Promise#finally(), since they both return whatever the invocation of
'then' on the receiver returns, and that is monkeypatchable by arbitrary
user JavaScript.
Bug: chromium:908309, v8:7253
Change-Id: Ib15f81c366938a1b1f10be6c6af85c1f3374b898
Reviewed-on: https://chromium-review.googlesource.com/c/1350789
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57828}
This is a reland of a5336471f2
Original change's description:
> [builtins] Implement Object.fromEntries
>
> Adds the Object.fromEntries() method behind
> --harmony-object-from-entries.
>
> > Includes an initial implementation of the new experimental builtin
> Object.fromEntries implemented by Daniel Clifford, and
> has been modified by Caitlin Potter to support a fast case to skip
> the iterator protocol when it can be done unobservably in common cases.
>
> There are some incidental changes: A number of CSA macros have been
> updated to use TNodes, and some Context arguments have been
> re-arranged to be implicit in Torque. >
>
> There are also a number of mjsunit tests written mirroring and
> expanding on the test262 tests.
>
> BUG=v8:8021
>
> Change-Id: I1c12bee8a2f98c6297b77d5d723910a5e3b630cc
> Co-authored-by: Daniel Clifford <danno@chromium.org>
> Co-authored-by: Caitlin Potter <caitp@igalia.com>
> Reviewed-on: https://chromium-review.googlesource.com/c/1337585
> Commit-Queue: Daniel Clifford <danno@chromium.org>
> Reviewed-by: Daniel Clifford <danno@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57667}
Bug: v8:8021
Change-Id: I706e2d87bfc2f688e833c1b7d40ca82f5d80f5a2
Reviewed-on: https://chromium-review.googlesource.com/c/1346630
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#57798}
Rather check expressions used as patterns directly. Check parentheses by
tagging parenthesized expressions as parenthesized.
This allows us to drop UnexpectedPatternToken and makes it clear why a specific
token is unexpected (because it's invalid in a binding pattern).
This also more uniformly restores messages like "Invalid destructuring
assignment target".
Change-Id: Idd98e9116c85de4c2304cf1fef1baa097b67149d
Reviewed-on: https://chromium-review.googlesource.com/c/1349572
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57792}
Instead, simply track it as a valid binding pattern. To do this in the case of
parenthesized formals, we delay throwing the binding pattern error for
parenthesized (and async "calls") until we know it's not an arrow function head
by itself.
This guarantees that if an arrow head is a valid binding pattern, it's either a
valid parenthesized head or a valid identifier, or invalid pattern ("array" or
"object" literal style). We can detect the latter case by checking that the
current token is not a RPAREN and the expression isn't an identifier.
(Alternatively we could check that the curren token is RBRACE or RBRACK...)
Bug: chromium:907575
Change-Id: Ie40cc3235d3188f2620b6c089a0f49d93604dda6
Reviewed-on: https://chromium-review.googlesource.com/c/1348078
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57743}
Many tests were already skipped in debug mode, but they kept running on CQ
which sets dcheck_always_on, probably equally slow.
Some other tests are marked as slow based on a recent run of the arm64 sim
trybot.
NOTRY=true
Bug: v8:7783
Change-Id: Ic022518edfa112ea6d228ae9a68653c99651dbb4
Reviewed-on: https://chromium-review.googlesource.com/c/1347479
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57724}
This CL moves optimization capabilities from typed lowering to typed
optimization. In particular, this allows retyping of Speculative to
number optimizations depending on their input types. This can save type
checks if we know that inputs are already in SafeIntegerRange and uses
are truncating to 32bit integers.
This change recovers the performance lost to 31bit Smis on
Octane/crypto on x64:
32bit nosmis avg 30,984.84 stddev 180.52
31bit smis (w/o patch) avg 29,438.52 stddev 120.30 -4.99%
31bit smis avg 31,274.52 stddev 176.26 +0.93% +6.24%
Change-Id: I86d6e37305262336f4f7bd46aac0d2cbca11e8c1
Bug: v8:8344
Reviewed-on: https://chromium-review.googlesource.com/c/1323729
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57717}
Moves allocation of the WasmModuleObject for asm.js code out of SyncCompileTranslatedAsmJS
since that is called when we are compiling the native context independent SharedFunctionInfo
and the WasmModuleObject requires a native context. Instead save the members required to
create the object in the AsmWasmData and create it during module instantiation. Note:
since the Wasm module is an implementation detail for asm_wasm code and isn't exposed,
this doeesn't have semantic change for asm.js code.
As part of this change, the AsmWasmData is changed from a FixedArray to a dedicated
struct. Some logic is also moved from module-compiler to wasm-engine to make the
seperation between Wasm SyncCompile and AsmJS SyncCompile more clear.
BUG=chromium:900535,v8:8395
Change-Id: Ia48469c095b0688f210aa86e7430c9ab4ea4b26b
Reviewed-on: https://chromium-review.googlesource.com/c/1345509
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57704}
