Instead of storing call_pc and ret_pc, store just one pc. This
simplifies frame inspection (no distinction between top frame and other
frames). The previous ret_pc can easily be computed from the stored pc,
since we know that we must be at a indirect or direct call site when
returning to a previous frame.
It also slightly simplifies the upcoming CL to call imported functions,
which would also have to set the call_pc.
R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5822
Change-Id: I5876c09ec36450dc1474a760282fd5e41eab38be
Reviewed-on: https://chromium-review.googlesource.com/453159
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43777}
This fixes a corner-case in {KeyAccumulator::CollectOwnJSProxyKeys}
where the keys returned by {JSReceiver::OwnPropertyKeys} for an array
are not internalized and hence have a diverging identity from keys
returned by the "ownKeys" trap of a proxy.
R=cbruni@chromium.org
TEST=mjsunit/regress/regress-crbug-700678
BUG=chromium:700678
Change-Id: I5efd012eade14bd45c69e4abb0aeda684baf38f0
Reviewed-on: https://chromium-review.googlesource.com/452979
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43775}
Those tests do real calls to rietveld. As we're moving away from this, we can skip testing it now.
BUG=chromium:701296
NOTRY=true
TBR=hablich@chromium.org
Change-Id: I44249160f7e35d4e2fac7aeb40889a825cfc5678
Reviewed-on: https://chromium-review.googlesource.com/454040
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43774}
If this flag is set, all code will be executed in the interpreter.
At some point in the future we might want to have a variant for testing
all code with this flag. Currently, I am using it for finding
unimplemented functionality in the interpreter and testing existing
functionality.
Mjsunit tests in follow-up CLs will use this flag too.
R=ahaas@chromium.org, titzer@chromium.org
BUG=v8:5822
Change-Id: I1393b4aedbb9f9070e011362ec95cb89f296dab4
Reviewed-on: https://chromium-review.googlesource.com/453700
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43773}
In Isolate::CaptureSimpleStackTrace, we were ignoring interpreter entry
frames so far. This CLs changes this to gets the interpreted stack from
the wasm interpreter and add the frames to the FrameArray.
R=ahaas@chromium.org, titzer@chromium.org
BUG=v8:5822
Change-Id: I705909532ff28af412ff809da94522866eaa1c0d
Reviewed-on: https://chromium-review.googlesource.com/452378
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43772}
This doesn't support "lookup after interceptor", but that should be unnecessary by now since we have non-masking interceptors.
BUG=
Change-Id: I8650a47ab2ce6fa314de25d0c4775b5c165df179
Reviewed-on: https://chromium-review.googlesource.com/453376
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43766}
I plan to change the constructor field of maps, and instead of patching
the intrinsics all over the place, just fall back to the runtime.
R=bmeurer@chromium.org
BUG=v8:6084
Change-Id: Ie294b74ab615fd794d7fc47488e2e30e2b49b4db
Reviewed-on: https://chromium-review.googlesource.com/454616
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43765}
As the code isn't used, but would have to be ported from hand-written
assembly to CodeStubAssembler anyways, I propose to remove it and
restore it if we decide that we actually need it.
R=vogelheim@chromium.org
BUG=
Change-Id: Iffd7fc6ec534b1dd7a9144da900424355c8a7a02
Reviewed-on: https://chromium-review.googlesource.com/453461
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43763}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Original-Commit-Position: refs/heads/master@{#43523}
Committed: a5af7fe9ee
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Commit-Position: refs/heads/master@{#43755}
Committed: 338622d7ca
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43759}
This reverts the previous revert, commit
5a04f4fd68.
Previously reverted changes:
> Revert "[SAB] Move Atomics builtins to C++"
>
> This reverts commit 2b9840d86f.
>
> Revert "[SAB] Remove unreachable Uint8Clamped atomics paths"
>
> This reverts commit d1160fb14f.
>
> Revert "Remove tiny unit test for MinSimple/MaxSimple"
>
> This reverts commit 837760ecb7.
>
> Revert "Remove infrastructure for experimental JS natives"
>
> This reverts commit 8cfe45b6f1.
These changes were reverted to improve a perf regression on a Chrome
bot. Since then, the regression has reappeared, then disappeared again
all from seemingly unrelated changes.
BUG=v8:6033
TBR=adamk@chromium.org,hpayer@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2732213005
Cr-Commit-Position: refs/heads/master@{#43758}
Reason for revert:
ASAN breakage, such as https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/19111/steps/Check/logs/grow-memory
Original issue's description:
> [wasm] Initial signal handler
>
> This is basically the minimum viable signal handler for Wasm bounds checks.
> It includes the TLS check and the fine grained instructions checks. These
> two checks provide most of the safety for the signal handler. Future CLs will
> add code range and data range checks for more robustness.
>
> The trap handling code and data structures are all in src/trap-handler, with
> the code that actually runs in the signal handler confined to
> src/trap-handler/signal-handler.cc.
>
> This changes adds a new V8 API that the embedder should call from a signal
> handler that will give V8 the chance to handle the fault first. For hosts that
> do not want to implement their own signal handler, we include the option to
> install a simple one. This simple handler is also used for the tests.
>
> When a Wasm module is instantiated, information about each function is passed
> to the trap handler, which is used to classify faults. These are removed during
> the instance finalizer.
>
> Several future enhancements are planned before turning this on by default.
> Obviously, the additional checks will be added to MaybeHandleFault. We are
> also planning to add a two-level CodeObjectData table that is grouped by
> isolates to make cleanup easier and also reduce potential for contending on
> a single data structure.
>
> BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
>
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Original-Commit-Position: refs/heads/master@{#43523}
> Committed: a5af7fe9ee
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Commit-Position: refs/heads/master@{#43755}
> Committed: 338622d7caTBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2744383002
Cr-Commit-Position: refs/heads/master@{#43757}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Commit-Position: refs/heads/master@{#43523}
Committed: a5af7fe9ee
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43755}
We emulate break by callling breakProgramCallback function in debugger context, we can just use HandleDebugBreak.
It allows us to move all stepping logic to debug.cc later and remove one usage of debugger context.
+ two minor issues fixed, see tests.
BUG=v8:5510
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2738503006
Cr-Commit-Position: refs/heads/master@{#43750}
A couple infrastructure changes went into this patch:
- test262 changed from expecting $ to $262
- upstream-local-tests.sh gets a command-line parameter for ease of use
- Fixed up the FAIL_SLOPPY infrastructure, which seems to have bit-rotted
- Inserted a terrible hack to get around test262 tests with a $ in the name
Drive-by fix for the length of Intl.DateTimeFormat.prototype.format
R=adamk
Review-Url: https://codereview.chromium.org/2733843002
Cr-Commit-Position: refs/heads/master@{#43749}
This makes it possible to directly request testing noturbofan_stress on the command line.
BUG=chromium:682617
TBR=mstarzinger@chromium.org,mvstanton@chromium.org,rmcilroy@chromium.org
NOTRY=true
Change-Id: I6ba9a022c4ef24fb5abe6878d3f2f972e8461eb8
Reviewed-on: https://chromium-review.googlesource.com/453180
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43748}
Part of the performance and refactoring work to move the TypedArray
constructors into CSA. This CL moves ConstructByArrayBuffer from JS
to CSA.
BUG=v8:5977
Change-Id: I0a200e6b3f6261ea2372ea9c3d3ca98e313cf2c5
Reviewed-on: https://chromium-review.googlesource.com/451620
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43747}
Test regress-694088.js is adapted for execution on big endian platforms.
TEST=test/mjsunit/compiler/regress-694088.js
BUG=
Review-Url: https://codereview.chromium.org/2739403002
Cr-Commit-Position: refs/heads/master@{#43746}
In the process, re-factor the implementation of Array.prototype.forEach so that
the bulk of the implementation can be re-used, since much of the spec is
identical. The refactor should also make it more straight-forward to implement
map and filter. The re-factored version only have a single slow path for processing
elements which is used for both the overall slow path and for the bailout from the
FAST_ELEMENTS case.
Review-Url: https://codereview.chromium.org/2709773002
Cr-Commit-Position: refs/heads/master@{#43745}
The switch statement itself is part of the switch block.
However, the source position of the statement is outside of
the block. This leads to confusion for the debugger, if the
switch block pushes a block context: the current context is
a block context, but the scope analysis based on the current
source position tells the debugger that we should be outside
the scope, so we should have the function context.
R=marja@chromium.org
BUG=v8:6085
Review-Url: https://codereview.chromium.org/2744213003
Cr-Commit-Position: refs/heads/master@{#43744}
Reason for revert:
Tanks Octane/Mandreel and Octane/MandreelLatency.
Original issue's description:
> [turbofan] Less aggressively insert SOFT deopts for property access.
>
> Sometimes TurboFan is able to extract receiver maps from the surrounding
> graph and thus is able to generate reasonable code for property accesses,
> even if those haven't been executed in the baseline tier yet. So, only
> stick in an SOFT deoptimization exit, if ExtractReceiverMaps failed to
> infer proper receiver maps.
>
> R=yangguo@chromium.org
> BUG=v8:5267
>
> Review-Url: https://codereview.chromium.org/2746013002
> Cr-Commit-Position: refs/heads/master@{#43736}
> Committed: b8453628c9TBR=yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2748663002
Cr-Commit-Position: refs/heads/master@{#43743}
Add a mechanic to set these Builtin exception predictions per-Isolate
rather than per-Context in the Bootstrapper.
Also add Debugger tests which would fail without these prediction
modes set.
Does not yet test for AsyncFromSyncIteratorPrototypeReturn, as this
requires AsyncGenerators and `yield*` to be hit.
BUG=chromium:691875
R=yangguo@chromium.org, jgruber@chromium.org, gsathya@chromium.org
Change-Id: Ic2d2aba3870cce2f7321080f4278875edf253c76
Reviewed-on: https://chromium-review.googlesource.com/451967
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#43742}
- Remove TypedArrayIndexOf in src/js/typedarray.js
- Implement it to C++ using the IndexOfValue in ElementsAccessor
- Add buffer neutering check also for %TypedArray%.prototype.includes
BUG=v8:5929
Review-Url: https://codereview.chromium.org/2733193002
Cr-Commit-Position: refs/heads/master@{#43741}
With this change, on ia32 and x64, a load from memory into a register can be replaced by a memory operand for integer binops if it makes sense.
BUG=
Review-Url: https://codereview.chromium.org/2728533003
Cr-Commit-Position: refs/heads/master@{#43739}
Sometimes TurboFan is able to extract receiver maps from the surrounding
graph and thus is able to generate reasonable code for property accesses,
even if those haven't been executed in the baseline tier yet. So, only
stick in an SOFT deoptimization exit, if ExtractReceiverMaps failed to
infer proper receiver maps.
R=yangguo@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2746013002
Cr-Commit-Position: refs/heads/master@{#43736}
These operations don't need the context, so no need to pass the context
to them. Also avoids the loading of context in the interpreter bytecode
handlers for StrictEqual and Typeof.
BUG=v8:5268,v8:5269
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2744173002
Cr-Commit-Position: refs/heads/master@{#43733}
To speed up Date.prototype.toString(), this patch adds a cache in
the DateCache for the string short name representing the time zone.
Because time zones in a particular location just have two short names
(for DST and standard time), and the DateCache already understands
whether a time is in DST or not, it is possible to keep the result
of OS::LocalTimezone around and select between the two based on
whether the time is DST or not.
In local microbenchmarks (calling Date.prototype.toString() in a
loop), I observed a 6-10% speedup with this patch. In the browser,
the speedup may be even greater as the system call needs to do
some extra work to break out of the sandbox. I don't think the
microbenchmark is extremely unrealistic; in any real program which
calls Date.prototype.toString() multiple times, the cache should
hit almost all of the time, as time zone changes are rare.
The proximate motivation for this patch was to enable ICU as a
backend for timezone information, which is drafted at
https://codereview.chromium.org/2724373002/
The ICU implementation of OS::LocalTimezone is even slower than
the system call one, but this patch makes their performance
indistinguishable on the microbenchmark.
In the tz database, many timezones actually do have a number of different
historical names. For example, America/Anchorage went through a number of
changes, from AST to AHST to YST to AKST. However, both ICU and the
Linux OS interfaces just report the modern timezone name in tests
for the appropriate timezone name, even for historical times. I can
see why this would be:
- For ICU, CLDR only has two short names in the data file: the one for
dst and non-dst
- For Linux, the timezone names do seem to make it into the
/etc/localtime file. However, glibc assumes there are only two relevant
names and selects between them, as you can see in its implementation
of localtime_r:
http://bazaar.launchpad.net/~vcs-imports/glibc/master/view/head:/time/tzset.c#L573
So, this cache should be valid until we switch to a more accurate source
of short timezone names.
BUG=v8:6031
Review-Url: https://codereview.chromium.org/2726253002
Cr-Commit-Position: refs/heads/master@{#43730}
