Commit Graph

11200 Commits

Author SHA1 Message Date
Maya Lekova
a19f41db62 [compiler] Make fast API test functions more robust
This CL adds handling of unexpected argument types to the functions
provided by d8.test.fast_c_api.

Bug: chromium:1196598
Change-Id: I7c62280f168817b73e89fdb7457ee9054b51a318
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808948
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73852}
2021-04-08 07:09:37 +00:00
Jakob Gruber
59e218c840 [regexp] Don't propagate lookaround eats_at_least to surroundings
Lookarounds rewind the position after matching, and thus don't play
well with eats_at_least (EAL). This CL disables EAL propagation from
lookarounds.

In the future we could be a bit smarter by skipping over lookarounds
instead of resetting to 0.

Bug: v8:11290
Change-Id: I935400a7f9cda96d9c5a80e412ba7d04de70a84f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808944
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73849}
2021-04-08 06:10:12 +00:00
Jakob Gruber
c977b65bb9 [regexp] Don't use eats_at_least for backwards loops
The eats_at_least (EAL) value is applied in forward-directions only.
Two reasons for that which are relevant to this CL:

- EAL's of neighboring nodes are combined additively, irrespective of
  their read_backward value.
- EatsAtLeastPropagator::VisitText uses the successor's
  eats_at_least_from_not_start value, which doesn't work properly for
  read_backwards successors (which may end at the start).

A symptom of this bug was that we applied an incorrect EAL of 255
starting at the initial 'x' of /x(?<=^x{4})/); for subject strings
shorter than 255 chars, this would result in an incorrect failure
result.

Bug: v8:11616
Change-Id: I4b2b1b78f0cea8f59e4beb1037ee46035d83c927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807596
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73848}
2021-04-08 06:09:07 +00:00
Maya Lekova
0c3b422051 [compiler] Fix fast_c_api test object constructor
This CL fixes the behaviour of the d8.test.fast_c_api constructor when
the global object has been modified by not allowing calls to it without
the `new` keyword.

Bug: chromium:1196597
Change-Id: I49b4a412d501f5c9adaa72b63beec1483ab4c449
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808943
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73831}
2021-04-07 13:51:06 +00:00
Patrick Thier
59807ec552 Fix d8.test.verifySourcePositions
Add check, that passed argument is a HeapObject.

Bug: chromium:1196503
Change-Id: I23d951b5581781ad3c6867d81c765d13c329d3a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808936
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73820}
2021-04-07 08:59:13 +00:00
Maya Lekova
6fda802284 [test] Skip incompatible test under deopt_fuzzer
This CL skips the fast-api-calls mjsunit test, as it relies
on particular optimization/deoptimization patterns.

Bug: v8:11620
Change-Id: I4c2fd3b1db8aff73935dd6525fd0ad3edc307dd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808935
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73819}
2021-04-07 08:12:13 +00:00
Patrick Thier
69d706dc5f Allow only JSFunction/JSBoundFunction in d8.test.verifySourcePositions
Explicitly check for JSFunction or JSBoundFunction and throw if any other
JS type is passed to d8.test.verifySourcePositions.

Bug: chromium:1195717
Change-Id: Id65875526d5d6b3f720850d41d0a8192ec407035
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807607
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73811}
2021-04-06 16:23:42 +00:00
Igor Sheludko
db2acd7a04 [const-tracking] Ensure map is updated before generalizing constness
... when reconfiguring property attributes.

Bug: chromium:1195331
Change-Id: I65a29f0ad303a603207376a283e943480c4b18d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807608
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73810}
2021-04-06 16:13:32 +00:00
Maya Lekova
7a17ddf4c0 Reland "[fastcall] Add fast API testing facilities to d8"
This is a reland of 9eba2d85f4.
The reland fixes a global state variable which was incompatible
with the --isolate flag in d8, which runs the same script in a
different isolate.

Original change's description:
> [fastcall] Add fast API testing facilities to d8
>
> This CL provides the minimum necessary functionality to expose fast API
> for testing in mjsunit, exposing the fast path for fuzzing. It exposes
> a d8.test.fast_c_api with an `add_all` method, which exercises primitive
> types. On x64, all integer and floating point types are supported. On
> other platforms currently only 32-bit integers are included in the test.
>
> Design doc:
> https://docs.google.com/document/d/1KUKPfXkSRZTA2gMwaWbpQKlYfw0C-T6AE3XzC4viHbo/
>
> Bug: chromium:1052746
> Change-Id: Icc824199a26dd2abd2b869f5483a39d38e4dce3e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749154
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73670}

Bug: chromium:1052746
Change-Id: I33b265b97bf7c797eee7d4cce5066999358a8c66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2790174
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73801}
2021-04-06 11:26:09 +00:00
Michael Achenbach
b19385f555 [foozzie] Suppress .caller access with correctness fuzzing
Bug: chromium:1042556, chromium:1186279
Change-Id: I77e9967891efad4ce151e231f7f6461be2922ba7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2802291
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73798}
2021-04-06 08:49:38 +00:00
Ng Zhi An
7514db4b60 [wasm-simd][liftoff][x64][ia32] Fix i64x2.mul codegen
We are overwriting rhs when dst == rhs && dst != lhs. This is not a
problem on TurboFan because we specify unique registers and dst == lhs
in the instruction-selector.

The fix is to use the helper EmitSimdCommutativeBinOp, which will check
for dst == rhs (pmuludq is commutative).

Bug: v8:11612
Change-Id: I38c3a2b7f3c7bcf2d7e8faec1a67f0814d44ed20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2798527
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73780}
2021-04-01 17:22:24 +00:00
Jakob Gruber
232bf1ffe4 Clamp properly in the String.p.indexOf reduction
This fixes a bug introduced in crrev.com/c/2660995.
String.prototype.indexOf must clamp the `position` argument as per
step:

  7. Let start be the result of clamping pos between 0 and len.

Source: tc39.es/ecma262/#sec-string.prototype.indexof

Previously, this was done in the StringIndexOf builtin, but the recent
refactor changed builtin implementations to match the spec more
closely (i.e. to clamp in String.prototype.indexOf, not
StringIndexOf). This means we now have to clamp in
JSCallReducer::ReduceStringPrototypeIndexOf.

Tbr: neis@chromium.org
Bug: chromium:1194869
Change-Id: I5af8d41b50f4905453f03079e3ee6d46186536db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2799359
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73772}
2021-04-01 13:03:24 +00:00
Jakob Gruber
c76bae7db6 Add a test variant for concurrent_inlining
.. and enable it on fyi bots. Skip one test in this variant due to
incompatible flags.

Bug: v8:7790
Change-Id: I5b8fdd8572435c6f4474c505464ff1a22c830757
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2797287
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73770}
2021-04-01 12:38:14 +00:00
Georg Neis
08a0d3bc9d [dict-proto][compiler] Gracefully deal with AccessorInfo property
Bug: v8:11604
Change-Id: Ic4aa3ae64aa9c9a60aceade9072a5ead1c894b7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2799356
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73767}
2021-04-01 11:57:34 +00:00
Leszek Swirski
03f2f68695 Reland "[string] Fix non-SeqStrings in IsEqualTo"
This is a reland of e70cbb83da

Moved the ConsString comparison logic out-of-line, both to make gcc
happy, and to reduce the size of the fast-path in IsEqualToImpl.

Original change's description:
> [string] Fix non-SeqStrings in IsEqualTo
>
> Bug: chromium:1193903
> Change-Id: I80704dd3cba5754779432356b20bd3ea99630291
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794426
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73746}

Bug: chromium:1193903
Change-Id: Iae6f078853438427e86d3ac68bcfed0712a85bf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2797288
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73763}
2021-04-01 09:00:44 +00:00
Marja Hölttä
0994019c6c [Atomics.waitAsync] Add a regression test
Bug: chromium:1194026
Change-Id: I3f92b6b36279cc71b97df20ce5a8b4c8ec2b6b8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794436
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73760}
2021-03-31 23:45:53 +00:00
Bill Budge
76c6fd5e78 Revert "[string] Fix non-SeqStrings in IsEqualTo"
This reverts commit e70cbb83da.

Reason for revert: Breaks compile on gcc.
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20gcc/11148

Original change's description:
> [string] Fix non-SeqStrings in IsEqualTo
>
> Bug: chromium:1193903
> Change-Id: I80704dd3cba5754779432356b20bd3ea99630291
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794426
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73746}

Bug: chromium:1193903
Change-Id: If700cdc7cf8b50a9430d17489485769cb524efd5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2797539
Auto-Submit: Bill Budge <bbudge@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73749}
2021-03-31 16:51:07 +00:00
Junliang Yan
20a6b0e290 Fix stack overflow on regress-1067270.js
Change-Id: I530bd6fc7bf6db32e209b8d180ed1dc8254e6812
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794429
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73747}
2021-03-31 16:04:34 +00:00
Leszek Swirski
e70cbb83da [string] Fix non-SeqStrings in IsEqualTo
Bug: chromium:1193903
Change-Id: I80704dd3cba5754779432356b20bd3ea99630291
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794426
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73746}
2021-03-31 15:22:35 +00:00
Frank Emrich
c9b4f3c4a7 [dict-proto] TF support for constants in dictionary mode protos, pt. 4
This CL is part of a  series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.

This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.

This particular CL modifies existing mjsunit tests whose assumptions
don't hold if v8_dict_property_const_tracking is enabled. This is
done by adding special handling for the case that
%IsDictPropertyConstTrackingEnabled() holds.

Bug: v8:11248
Change-Id: Ia36be73e4659a988b2471f0c8151b0442f3a98f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2780292
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73745}
2021-03-31 14:53:45 +00:00
Leszek Swirski
4baf07a769 [sparkplug] Add scratch register for arm64
We didn't have enough scratch registers for a suspend generator
whose field write offsets exceeded the immediate value range.

Bug: v8:11420, chromium:1193493
Change-Id: Iee90db4ef1ec00924bcc4791a8e6ffb9138bb388
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794424
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73739}
2021-03-31 12:41:04 +00:00
Maya Lekova
3f8aa89e1e Revert "[ic] Add a new MegaDOM IC"
This reverts commit c83c9590ba.

Reason for revert: Speculatively reverting for a failure on Arm GC stress bot - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Arm%20GC%20Stress/b8851256837192083520/overview

Original change's description:
> [ic] Add a new MegaDOM IC
>
> This patch implements the MegaDOM IC setup and access. A new MegaDOM
> IC state indicates that we've seen only DOM accessors at this access
> site.
>
> This CL only adds support for DOM getters in LoadIC, other kinds of
> access will be added in follow on CLs.
>
> Still remaining TODO before shipping:
> 1. Have a mechanism to invalidate the protector
> 2. Have a mechanism to find the accessors that aren't overloaded
> 3. Use a new builtin to miss to runtime on access check failure
>
> Change-Id: Ie12efe5e9fa284f023043b996d61e7d74e710ee2
> Bug: v8:11321
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2618239
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73733}

Bug: v8:11321
Change-Id: Ib6a55796f2a3c345d4923f9eaa215a6ff55ed15b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794437
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73734}
2021-03-31 09:29:15 +00:00
Sathya Gunasekaran
c83c9590ba [ic] Add a new MegaDOM IC
This patch implements the MegaDOM IC setup and access. A new MegaDOM
IC state indicates that we've seen only DOM accessors at this access
site.

This CL only adds support for DOM getters in LoadIC, other kinds of
access will be added in follow on CLs.

Still remaining TODO before shipping:
1. Have a mechanism to invalidate the protector
2. Have a mechanism to find the accessors that aren't overloaded
3. Use a new builtin to miss to runtime on access check failure

Change-Id: Ie12efe5e9fa284f023043b996d61e7d74e710ee2
Bug: v8:11321
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2618239
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73733}
2021-03-31 08:42:42 +00:00
Adam Klein
6f766cdd95 [test] Widen regress-9017 skipping to all tsan configs
Bug: v8:9337
Change-Id: Ic9b1072007ed19435b8ea669bee7c07c7eef8e2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2795274
Auto-Submit: Adam Klein <adamk@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73731}
2021-03-30 23:19:27 +00:00
Manos Koukoutos
c9063b7e86 [wasm-gc] Fix and extend JS roundtrip for gc types
Changes:
- Wrap eqref and i31ref objects in the temporary wasm object wrapper
  (in addition to dataref and anyref). Accept those types in
  IsJSCompatibleSignature().
- Handle null correctly in all cases (i.e., do not wrap/unwrap it).
- Improve some error messages.
- Handle kRttWithDepth in one case where it was omitted.
- Some small structure improvements.
- Add an extensive test.

Bug: v8:7748, v8:11606
Change-Id: Ie519f2c87421664dd02cf29fe94f9a9d7510bae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794422
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73725}
2021-03-30 16:09:22 +00:00
Leszek Swirski
00afef3c7f [sparkplug/ia32] Fix argc clobbering
Fix the InstallBaselineCode path in the InterpreterEntryTrampoline to
restore the clobbered eax (i.e. argc) register.

Bug: v8:11420, chromium:1192459
Change-Id: I97ce5739cf22a08fbb46dbf372ab6276bb802440
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2791567
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73721}
2021-03-30 12:03:01 +00:00
Maya Lekova
fc6447c538 [test] Disable flaky compiler test on TSAN
The disabled regress-9017 test allocates too much memory and started
flakily failing on TSAN. CL that triggered the flake:
https://chromium-review.googlesource.com/c/v8/v8/+/2731528

Bug: v8:9337
Change-Id: Ia039e42a88c3665a9b9b4adc4a4b7c923afd5ba5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2791564
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73718}
2021-03-30 08:41:41 +00:00
Thibaud Michaud
806f79e492 [wasm][liftoff][eh] Fix unreachable delegate
Don't switch to the catch state if it is never reached.
Also steal the catch state instead of splitting it since it cannot be
used after a delegate instruction.

R=ahaas@chromium.org

Bug: chromium:1192313
Change-Id: I3967ac81e066d2146c8aa37b26a35a99ba88bdf6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2787488
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73703}
2021-03-29 09:41:26 +00:00
Zhi An Ng
71f1f0d489 Revert "[fastcall] Add fast API testing facilities to d8"
This reverts commit 9eba2d85f4.

Reason for revert: TSAN failures https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/14265/overview

Original change's description:
> [fastcall] Add fast API testing facilities to d8
>
> This CL provides the minimum necessary functionality to expose fast API
> for testing in mjsunit, exposing the fast path for fuzzing. It exposes
> a d8.test.fast_c_api with an `add_all` method, which exercises primitive
> types. On x64, all integer and floating point types are supported. On
> other platforms currently only 32-bit integers are included in the test.
>
> Design doc:
> https://docs.google.com/document/d/1KUKPfXkSRZTA2gMwaWbpQKlYfw0C-T6AE3XzC4viHbo/
>
> Bug: chromium:1052746
> Change-Id: Icc824199a26dd2abd2b869f5483a39d38e4dce3e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749154
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73670}

Bug: chromium:1052746
Change-Id: Iaf5083540ddfe882a747eaa9d1d2a2a8b4ba0ec0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2787081
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73673}
2021-03-25 17:29:05 +00:00
Maya Lekova
9eba2d85f4 [fastcall] Add fast API testing facilities to d8
This CL provides the minimum necessary functionality to expose fast API
for testing in mjsunit, exposing the fast path for fuzzing. It exposes
a d8.test.fast_c_api with an `add_all` method, which exercises primitive
types. On x64, all integer and floating point types are supported. On
other platforms currently only 32-bit integers are included in the test.

Design doc:
https://docs.google.com/document/d/1KUKPfXkSRZTA2gMwaWbpQKlYfw0C-T6AE3XzC4viHbo/

Bug: chromium:1052746
Change-Id: Icc824199a26dd2abd2b869f5483a39d38e4dce3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749154
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73670}
2021-03-25 15:56:53 +00:00
Patrick Thier
e438ae2df3 Reland "Reland "[sparkplug][deoptimizer] Deoptimize to baseline.""
This is a reland of e3ccb53877

No changes for the reland.
This CL was speculatively reverted, but was not the cause of the problem.

TBR=jgruber@chromium.org

Original change's description:
> Reland "[sparkplug][deoptimizer] Deoptimize to baseline."
>
> This is a reland of bdcd7d79d3
>
> Handle lazy deopts when the current bytecode is JumpLoop.
> Instead of advancing to the next bytecode, re-execute the JumpLoop.
>
> TBR=jgruber@chromium.org, neis@chromium.org
>
> Original change's description:
> > [sparkplug][deoptimizer] Deoptimize to baseline.
> >
> > If we have baseline code, deoptimize to baseline instead of the
> > interpreter. The process is similar to deopting to the interpreter.
> > We just use different builtins
> > (BaselineEnterAtBytecode/BaselineEnterAtNextBytecode) instead of
> > InterpreterEnterBytecodeDispatch/InterpreterEnterBytecodeAdvance, that
> > patch an interpreter frame to a baseline frame and continue execution in
> > baseline code (based on the deopt type, at the current or next
> > bytecode).
> >
> > Bug: v8:11420
> > Change-Id: Iabaefb36c05155a435c7b380906a86d9b9d549fa
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695591
> > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#73609}
>
> Bug: v8:11420
> Change-Id: Ib8cac028121188ddc23ff29377760ed684eb7392
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783035
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73636}

Bug: v8:11420
Change-Id: I7fbbb73a4fdaeab8b294862ee6ae952928c57994
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2784695
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73656}
2021-03-25 09:48:43 +00:00
Deepti Gandluri
ebc9f39f69 Revert "Reland "[sparkplug][deoptimizer] Deoptimize to baseline.""
This reverts commit e3ccb53877.

Reason for revert: Speculative revert for ARM 64 CFI fails - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20CFI/5174?

Original change's description:
> Reland "[sparkplug][deoptimizer] Deoptimize to baseline."
>
> This is a reland of bdcd7d79d3
>
> Handle lazy deopts when the current bytecode is JumpLoop.
> Instead of advancing to the next bytecode, re-execute the JumpLoop.
>
> TBR=jgruber@chromium.org, neis@chromium.org
>
> Original change's description:
> > [sparkplug][deoptimizer] Deoptimize to baseline.
> >
> > If we have baseline code, deoptimize to baseline instead of the
> > interpreter. The process is similar to deopting to the interpreter.
> > We just use different builtins
> > (BaselineEnterAtBytecode/BaselineEnterAtNextBytecode) instead of
> > InterpreterEnterBytecodeDispatch/InterpreterEnterBytecodeAdvance, that
> > patch an interpreter frame to a baseline frame and continue execution in
> > baseline code (based on the deopt type, at the current or next
> > bytecode).
> >
> > Bug: v8:11420
> > Change-Id: Iabaefb36c05155a435c7b380906a86d9b9d549fa
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695591
> > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#73609}
>
> Bug: v8:11420
> Change-Id: Ib8cac028121188ddc23ff29377760ed684eb7392
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783035
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73636}

Bug: v8:11420
Change-Id: Icd797b4979a114a2a627e12c8bb7d2215df03182
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2785074
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73643}
2021-03-24 17:44:16 +00:00
Patrick Thier
e3ccb53877 Reland "[sparkplug][deoptimizer] Deoptimize to baseline."
This is a reland of bdcd7d79d3

Handle lazy deopts when the current bytecode is JumpLoop.
Instead of advancing to the next bytecode, re-execute the JumpLoop.

TBR=jgruber@chromium.org, neis@chromium.org

Original change's description:
> [sparkplug][deoptimizer] Deoptimize to baseline.
>
> If we have baseline code, deoptimize to baseline instead of the
> interpreter. The process is similar to deopting to the interpreter.
> We just use different builtins
> (BaselineEnterAtBytecode/BaselineEnterAtNextBytecode) instead of
> InterpreterEnterBytecodeDispatch/InterpreterEnterBytecodeAdvance, that
> patch an interpreter frame to a baseline frame and continue execution in
> baseline code (based on the deopt type, at the current or next
> bytecode).
>
> Bug: v8:11420
> Change-Id: Iabaefb36c05155a435c7b380906a86d9b9d549fa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695591
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73609}

Bug: v8:11420
Change-Id: Ib8cac028121188ddc23ff29377760ed684eb7392
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783035
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73636}
2021-03-24 16:21:09 +00:00
Marja Hölttä
ee138d10ef [language] Fix Array.prototype.sort
It needs to return the ToObject-converted receiver, not the original
receiver.

Bug: v8:11362
Change-Id: I6404122c91402ea58851238d074951f1b7f2a039
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783036
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73626}
2021-03-24 11:20:58 +00:00
Frank Emrich
c2ba619c90 [dict-proto] TF support for constants in dictionary mode protos, pt. 3
This is a reland of
https://chromium-review.googlesource.com/c/v8/v8/+/2720300.
As compared to the original version, it adds
--no-stress-flush-bytecode to the const-dict-tracking.js test

Original description:

This CL is part of a  series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.

This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.

This particular CL implements support for the case that the property
in question is an accesor, meaning that the given PropertyAccessInfo
has kind kAccessorDictionaryProtoConstant.

Bug: v8:11248
Change-Id: I896e5dc59821f88abdb7a743e21ca3a700af9db2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2782280
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Frank Emrich <emrich@google.com>
Cr-Commit-Position: refs/heads/master@{#73617}
2021-03-23 20:00:08 +00:00
Santiago Aboy Solanes
fca1255686 [csa] Unmark tests as SLOW after TNodification
BUg: v8:6949
Change-Id: If2b144e189812b777dfa90b2ddc48ee525a37856
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778279
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73616}
2021-03-23 17:00:16 +00:00
Thibaud Michaud
4c5cf2e9e1 [wasm][liftoff] Allow refs in store helper
R=ahaas@chromium.org

Bug: v8:1189651
Change-Id: Ic414954101f99ac9d51af505f094cb03f0e85d29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773810
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73613}
2021-03-23 16:42:28 +00:00
Nico Hartmann
03227d053a Revert "[dict-proto] TF support for constants in dictionary mode protos, pt. 3"
This reverts commit b1883dc3e1.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20GC%20Stress/17269/overview

Original change's description:
> [dict-proto] TF support for constants in dictionary mode protos, pt. 3
>
> This CL is part of a  series that implements Turbofan support for
> property accesses satisfying the following conditions:
> 1. The holder is a dictionary mode object.
> 2. The holder is a prototype.
> 3. The access is a load.
>
> This feature will only be enabled if the build flag
> v8_dict_property_const_tracking is set.
>
> This particular CL implements support for the case that the property
> in question is an accesor, meaning that the given PropertyAccessInfo
> has kind kAccessorDictionaryProtoConstant.
>
> Bug: v8:11248
> Change-Id: Id082107edd45fa91a3f1d96aa9df345a60f46917
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720300
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Frank Emrich <emrich@google.com>
> Cr-Commit-Position: refs/heads/master@{#73607}

Bug: v8:11248
Change-Id: Id753354a5ccddd1a05ecf9aec3267f152ef713c5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2780299
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73612}
2021-03-23 16:34:18 +00:00
Frank Emrich
b1883dc3e1 [dict-proto] TF support for constants in dictionary mode protos, pt. 3
This CL is part of a  series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.

This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.

This particular CL implements support for the case that the property
in question is an accesor, meaning that the given PropertyAccessInfo
has kind kAccessorDictionaryProtoConstant.

Bug: v8:11248
Change-Id: Id082107edd45fa91a3f1d96aa9df345a60f46917
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720300
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Frank Emrich <emrich@google.com>
Cr-Commit-Position: refs/heads/master@{#73607}
2021-03-23 15:55:26 +00:00
Frank Emrich
afe9020f96 [dict-proto] TF support for constants in dictionary mode protos, pt. 2
This CL is part of a  series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.

This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.

This particular CL implements support for the case that the property
in question is a data property, meaning that the given
PropertyAccessInfo has kind kDataDictionaryProtoConstant.
Support for accessor properties is added in a separated CL.

Bug: v8:11248
Change-Id: I8794127d08c3d3aed6ec2a3eb19c4c82bdf2d1df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718229
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73603}
2021-03-23 12:20:56 +00:00
Leszek Swirski
be3c012679 [sparkplug] Include calls in stack guard
Calculate the maximum call size in the bytecode pre-visit, and pass that
(along with the bytecode's frame size) to the prologue to be included in
the stack check. This avoids doing a stack check before each call, and
mirrors a similar optimisation in TurboFan.

Also, use StackGuardWithGap instead of StackGuard, to make sure that
stack overflows in the prologue actually trigger stack overflows in the
runtime.

Bug: v8:11420
Fixed: chromium:1189890
Change-Id: I795c197c20f85611318ab09c7bca78ce40b64924
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778278
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73600}
2021-03-23 10:52:13 +00:00
Manos Koukoutos
a51056f5c4 [wasm] Rename kWasmStmt -> kWasmVoid
This is a more canonical type name, and is in line with {kVoidCode}.

Change-Id: Iaae9524b6fb6ecaafd63ce81cf30e3d01ca3e525
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2775565
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73557}
2021-03-22 07:58:18 +00:00
Shu-yu Guo
f19142e613 [top-level-await] Implement the new post-order requirement for async subgraphs
This CL implements
https://github.com/tc39/proposal-top-level-await/pull/159, which reached
consensus at the March 2021 TC39.

The high-level intent is for parent modules that depend on async modules
to remember the DFS post-order such that when their async dependency
finishes, they execute in that original post-order. This aligns the
ordering between completely sync module graphs and async module graphs.

Bug: v8:11557
Change-Id: I5bd8f38f040115c255ca1ce8253b9686fdb4af03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2757901
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73551}
2021-03-19 19:22:04 +00:00
Clemens Backes
81008e1752 [wasm][memory64] Fix typing of memory.grow
If memory64 is enabled, memory.grow should consume and return an i64
instead of i32.
This CL implements this for both TurboFan and Liftoff, and adds
validation and execution tests at different layers.

R=manoskouk@chromium.org

Bug: v8:10949
Change-Id: I0b725dbd0d5767bda4609747c1f4aad163c35304
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773800
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73542}
2021-03-19 13:51:23 +00:00
Georg Neis
1ffd5c2205 [compiler] Fix a bug in BranchElimination
The condition can change between VisitBranch and VisitIf, so VisitIf
can't assume that the condition is not yet in the ControlPathConditions
list. Thanks Manos!

Change-Id: Ic74253b6faf2663cfa5212765d81392cb89d73b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773312
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73539}
2021-03-19 13:12:43 +00:00
Manos Koukoutos
ec81d82d16 Reland "[turbofan] Optimize TrapIf/Unless in BranchElim. and CommonOp-Reducer"
This is a reland of a3b1233e16

Changes compared to original commit:
- Use a more canonical way to replace TrapIf/Unless nodes that always
  trap. This fixes the issue where their outputs were marked dead even
  if they were Merge/Loop nodes.
- Use Throw() over Return() to connect a dangling trap to End().
- Add regression test.

Original change's description:
> [turbofan] Optimize TrapIf/Unless in BranchElim. and CommonOp-Reducer
>
> Bug: v8:11510
> Change-Id: I1e8fcb54444e494c7d765ad556d09d954441361f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752876
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73468}

Bug: v8:11510, chromium:1189454
Change-Id: I1d691a3ea299ed668cff925910ed231aad37cac6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772601
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73537}
2021-03-19 13:02:53 +00:00
Benedikt Meurer
c0ee8f905b [wasm][inspector] Don't use Script::source_url to store URL.
The `Script::source_url` field holds the value of the magic
`//# sourceURL` comment if found, and the `Script::name` field is
supposed to hold the actual name of the resource (as provided by
the embedder ideally), in case of Chromium that's supposed to be
the URL (in case of Node.js it's often the local path).

Using `source_url` worked by chance so far, but for loading DWARF
symbol files correctly we need the initiator (which we pick from
the embedderName of the Script as reported to DevTools). More
importantly, the partial handling of `//# sourceURL` in V8 is a
layering violation and causes trouble in DevTools, i.e. when users
put relative paths here. So as part of refactoring and correctifying
the handling of `//# sourceURL`, we need to make sure that the embedder
provided name (the URL in case of Chromium) is always stored in the
`Script::name` field.

Bug: chromium:1183990, chromium:974543, chromium:1174507
Change-Id: I32e11def2b9b52be11bd2e0e64a2ab6bdcf5e52d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773584
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73536}
2021-03-19 12:19:13 +00:00
Shu-yu Guo
fd75c97d3f [interpreter] Apply Reflect.apply transform in BytecodeGenerator
Calls with a spread expression in a non-final position get transformed
to calls to Reflect.apply. This transformation is currently done in
the parser, which does not compose well with other features (e.g.
direct eval checking, optional chaining).

Do this transform in the BytecodeGenerator instead.

Bug: v8:11573, v8:11558, v8:5690
Change-Id: I56c90a2036fe5b43e0897c57766f666bf72bc3a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2765783
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73534}
2021-03-19 11:02:43 +00:00
Leszek Swirski
791e085d2f [sparkplug] Add always_sparkplug variant
Add an always_sparkplug testing variant, and fix a couple of issues it
found.

Bug: v8:11420
Change-Id: I7d87a41e3413f40271a0140118531f075d633b23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773047
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73529}
2021-03-19 09:52:50 +00:00
Ng Zhi An
b1c09571cc Reland "[wasm-simd] Fix i32x4.extadd_pairwise_i16x8_u codegen"
This is a reland of 1a69d8d874

The fix is to skip this regression test on systems that do not
support SIMD.

Original change's description:
> [wasm-simd] Fix i32x4.extadd_pairwise_i16x8_u codegen
>
> It did not handle the case where dst == src. We switch the registers
> used around to write to scratch first and ensure we don't overwrite dst.
>
> Bug: chromium:1187831
> Change-Id: Idf447aa1a3eff3920f2dfa3e0ec11efae37778cd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2762425
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73521}

Bug: chromium:1187831
Change-Id: I1bb6f4ce69f98064d3da5113e3b4c5a4f75a08c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2774133
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73526}
2021-03-18 22:49:09 +00:00