According to the WebAssembly spec no arithmetic operation should ever
return a signalling NaN. With the constant folding in V8, however, it
was possible that some arithmetic operations were elided, and if the
input of the arithmetic operation was a signalling NaN, then also the
result was the same signalling NaN. This CL removes some constant
folding optimizations and adjusts others so that even with constant
folding the result of an arithmetic operation is never a signalling NaN.
R=titzer@chromium.org, rossberg@chromium.org, bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2647353007
Cr-Commit-Position: refs/heads/master@{#42694}
We compare ES5, ES6 and a Babel transpilation of the ES6 test.
BUG=v8:5894
Review-Url: https://codereview.chromium.org/2655063003
Cr-Commit-Position: refs/heads/master@{#42689}
- Declaring a variable called "this" for preparsed functions was unnecessary;
DeclarationScope ctor already adds the variable.
- "arguments" for preparsed scopes need to be declared after parsing the
function, like it's done in the parser.
- Now arguments_ can be the dummy variable, so adapted code to it.
- A previous refactoring CL ( https://codereview.chromium.org/2638333002 ) was
incomplete; it had added ParserBase::ParseFunctionBody but
PreParser::ParseFunction didn't call it. This CL completes that work. This is
needed for getting "arguments" declared properly for preparsed functions.
- AllocateVariablesRecursively is already called for preparsed scopes (without
this CL, that is), and it bails out early. However, before the bailout it used
to dcheck num_stack_slots_ == 0; that is no longer true since we've done scope
analysis for preparsed scopes.
- Test fix: we cannot have any lazy inner functions in the test, except the
topmost lazy inner function. Such functions would also be lazy in the parser
case, and the parser would just throw away their variables. Then the test
tries to verify the preparsed data against the scopes without variables and fails.
- Disabled a test w/ a sloppy block function, will get that working again in the
upcoming CLs.
BUG=v8:5516
Review-Url: https://codereview.chromium.org/2655623005
Cr-Commit-Position: refs/heads/master@{#42685}
The InterpreterTester class cobbles together a JSFunction from
a manually created bytecode and feedback vector. However it's
fragile against design changes in the way literal arrays and
feedback vectors are handled. It's better to let it hand in
a feedback vector metadata object, and allow the system to
create the vector from that.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2652893010
Cr-Commit-Position: refs/heads/master@{#42684}
With creation frame we can show additional information with description of each async stack trace, which could help user to understand where promises were chained.
At least in case of Promise.resolve().then(foo1).then(foo2) we would be able to show following stack trace for break in foo2 callback:
foo2 (test.js:14:2)
-- Promise.resolve (test.js:29:14)--
-- Promise.resolve (test.js:28:14)--
promiseThen (test.js:30:2)
More details: https://docs.google.com/document/d/1u19N45f1gSF7M39mGsycJEK3IPyJgIXCBnWyiPeuJFE
BUG=v8:5738
R=dgozman@chromium.org,gsathya@chromium.org
Review-Url: https://codereview.chromium.org/2648873002
Cr-Commit-Position: refs/heads/master@{#42682}
This makes sure that the deoptimizer preserves the exact bit pattern of
floating-point values (both 32-bit and 64-bit) up to the point where a
potential {HeapNumber} is allocated. It in turn allows us to correctly
recognize the {hole_nan_value} when stored into a {FixedDouleArray}.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-684208
BUG=chromium:684208
Review-Url: https://codereview.chromium.org/2652303002
Cr-Commit-Position: refs/heads/master@{#42679}
In practice, Emscripten seems to emit cond?+a:+b type return
expressions. This is not allowed by the spec or errata, but we need
to support it for compatibility.
Similar patterns with ints / signed, do not seem to be supported.
BUG=v8:5891
R=mtrofin@chromium.org,aseemgarg@chromium.org
Review-Url: https://codereview.chromium.org/2648353010
Cr-Commit-Position: refs/heads/master@{#42677}
Enable enqueueing of eager inner function compilation onto the compiler
dispatcher. This enables these tasks to be performed in parallel to
compilation of the outer functio (only for Ignition functions).
We currently synchronize to ensure all inner function compilations
are complete before executing the outer function - future work will
allow outer function execution to happenin parallel to inner function
compilation.
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2611313002
Cr-Commit-Position: refs/heads/master@{#42667}
We did not smi-check the spread argument here, meaning we tried to take the map
of a smi, resulting in segfaults which clusterfuzz found.
Also added tests that exercise this path.
BUG=685086
Review-Url: https://codereview.chromium.org/2655013002
Cr-Commit-Position: refs/heads/master@{#42657}
The data produced at the moment only contains information about scope type +
positions, and only the most trivial tests pass.
Upcoming CLs will extend the data to contain information about variables (once
PreParser can produce it) and add more test cases.
BUG=v8:5516
Review-Url: https://codereview.chromium.org/2650703003
Cr-Commit-Position: refs/heads/master@{#42656}
This fixes the checks of accumulator usage flags in the computation of
the interpreter register liveness during bytecode analysis. The usage
flags at hand are bit patterns as opposed to flat enum values. Use the
safe accessors instead of plain comparison.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-683581
BUG=chromium:683581
Review-Url: https://codereview.chromium.org/2651653005
Cr-Commit-Position: refs/heads/master@{#42648}
This test checks that counters accurately reflect the allocated size.
There's an edge case that can occur when, previously to the allocation,
the page does not have enough space left to allocate the requested
object - then we move on to a fresh page, fill the remaining space of
the old page with a filler object, and allocate the requested object on
the new page.
The counters will show the size of the filler object plus the requested
object size, while the test expects only the requested size.
This CL fixes that case by performing two GCs to clear out new space.
BUG=
Review-Url: https://codereview.chromium.org/2652933002
Cr-Commit-Position: refs/heads/master@{#42646}
- kDebugPromiseCreated(task, parent_task)
This event occurs when promise is created (PromiseHookType::Init). V8Debugger uses this event to maintain task -> parent task map.
- kDebugEnqueueAsyncFunction(task)
This event occurs when first internal promise for async function is created. V8Debugger collects stack trace at this point.
- kDebugEnqueuePromiseResolve(task),
This event occurs when Promise fulfills with resolved status. V8Debugger collects stack trace at this point.
- kDebugEnqueuePromiseReject(task),
This event occurs when Promise fulfills with rejected status. V8Debugger collects stack trace at this point.
- kDebugPromiseCollected,
This event occurs when Promise is collected and no other chained callbacks can be added. V8Debugger removes information about async task for this promise.
- kDebugWillHandle,
This event occurs when chained promise function (either resolve or reject handler) is called. V8Debugger installs parent promise's stack (based on task -> parent_task map) as current if available or current promise's scheduled stack otherwise.
- kDebugDidHandle,
This event occurs after chained promise function has finished. V8Debugger restores asynchronous call chain to previous one.
With this change all instrumentation calls are related to current promise (before WillHandle and DidHandle were related to next async task).
Before V8Debugger supported only the following:
- asyncTaskScheduled(task1)
- asyncTaskStarted(task1)
- asyncTaskFinished(task1)
Now V8Debugger supports the following:
- asyncTaskScheduled(parent_task)
..
- asyncTaskCreated(task, parent_task),
- asyncTaskStarted(task), uses parent_task scheduled stack
- asyncTaskScheduled(task)
- asyncTaskFinished(task)
Additionally: WillHandle and DidHandle were migrated to PromiseHook API.
More details: https://docs.google.com/document/d/1u19N45f1gSF7M39mGsycJEK3IPyJgIXCBnWyiPeuJFE
BUG=v8:5738
R=dgozman@chromium.org,gsathya@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2650803003
Cr-Commit-Position: refs/heads/master@{#42644}
Array.prototype.concat does not properly handle JSProxy species that will
modify the currently visited array.
BUG=682194
Review-Url: https://codereview.chromium.org/2655623004
Cr-Commit-Position: refs/heads/master@{#42640}
Since JumpLoop is always backwards, and other jumps are always forwards,
we can store the jump offset as an always positive integer and decide on
the jump direction based on the bytecode. This will save a small amount
of space for large-ish for loops (>128 bytecodes).
Review-Url: https://codereview.chromium.org/2641443002
Cr-Commit-Position: refs/heads/master@{#42638}
Speculative reason for issue 684481.
BUG=chromium:684481
TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,
Original issue's description:
> [Parse] ParseInfo owns the parsing Zone.
>
> Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
> in preperation for enabling background compilation jobs for inner functions
> share the AST in the outer-function's parse zone memory (read-only), with the
> and zone being released when all compilation jobs have completed.
>
> BUG=v8:5203, v8:5215
> Review-Url: https://codereview.chromium.org/2632123006
> Cr-Commit-Position: refs/heads/master@{#42562}
> Committed: 4b0101d369
Review-Url: https://codereview.chromium.org/2648383005
Cr-Commit-Position: refs/heads/master@{#42633}
We can share almost all of the architecture-specific builtin code with super-call-with-spread.
Info to port-writers: The code in CheckSpreadAndPushToStack has changed slightly from what was in Generate_ConstructWithSpread, in that we take the length of the spreaded parameters from the JSArray rather than the FixedArray backing store.
BUG=v8:5511
Review-Url: https://codereview.chromium.org/2649143002
Cr-Commit-Position: refs/heads/master@{#42632}
The "sloppy eval in default param" cases will be useful for the future
tests which assert that parser and preparser produce the same scopes.
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2644333002
Cr-Commit-Position: refs/heads/master@{#42625}
Implement stepping by remembering the current step action in the wasm
interpreter handle in WasmDebugInfo, and using it when continuing
execution in the interpreter.
The control flow is as follows: After module compilation, the user sets
a breakpoint in wasm. The respective function is redirected to the
interpreter and the breakpoint is set on the interpreter. When it is
hit, we notify all debug event listeners, which might prepare stepping.
When returning from these listeners, before continuing execution, we
check whether stepping was requested and continue execution in the
interpreter accordingly.
Stepping from Wasm to JS and vice versa will be implemented and tested
in a follow-up CL. Testing this requires breakpoints and stepping in
Wasm to be exposed via the inspector interface, such that we can write
an inspector test. This mixed JS-Wasm-execution is hard to set up in a
cctest.
R=titzer@chromium.org, yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2649533002
Cr-Commit-Position: refs/heads/master@{#42624}
Similar to the maximum memory size this limit caused problems for
the fuzzer due to oom issues. With the command line flag we can limit
the maximum table size for the fuzzer.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2648223004
Cr-Commit-Position: refs/heads/master@{#42623}
A recent change to disallow wasm compilation in contexts where
CSP unsafe-eval would disallow eval also ended up banning asm.js there:
https://codereview.chromium.org/2646713002
This ends up banning non-evaled asm.js even in some places it should be
allowed.
NOTE: Although asm.js code converted to wasm generates an intermediate wasm
module. asm.js code evaled in a disallowed context can't even get
that far (as it's stoped at the eval site).
BUG=683867
R=mtrofin@chromium.org,titzer@chromium.org,adamk@chromium.org
Review-Url: https://codereview.chromium.org/2656463004
Cr-Commit-Position: refs/heads/master@{#42616}
V8 has internal mechanism to ignore steps and breaks inside internal scripts, in this CL it's reused for blackboxing implementation.
Advantages:
- much faster blackboxing implementation (before we at least wrap and collect current call stack for each step),
- get rid of StepFrame action and potential pause in blackboxed code after N StepFrame steps,
- simplification of debugger agent logic.
Disadvtanges:
- currently when user was paused in blackboxed code (e.g. on breakpoint) and then makes step action, debugger ignores blackboxed state of the script and allows to use step actions as usual - this behavior is regressed, we still able to support it on frontend side.
Current state and proposed changes for blackboxing: https://docs.google.com/document/d/1hnzaXPAN8_QC5ENxIgxgMNDbXLraM_OXT73rAyijTF8/edit?usp=sharing
BUG=v8:5842
R=yangguo@chromium.org,dgozman@chromium.org,alph@chromium.org
Review-Url: https://codereview.chromium.org/2633803002
Cr-Commit-Position: refs/heads/master@{#42614}
Check that number of properties < Code:kMaxArguments when object
destructuring with a rest property otherwise throw an error.
BUG=v8:5549
Review-Url: https://codereview.chromium.org/2650863002
Cr-Commit-Position: refs/heads/master@{#42613}
Also introduces FFIType separate from MachineType for express ffi
signatures.
BUG=v8:4456
Review-Url: https://codereview.chromium.org/2639163004
Cr-Commit-Position: refs/heads/master@{#42612}
Atomics.wait is a function which may block, which is not allowed on the
main thread. Since V8 doesn't know whether a particular isolate is the
"main thread", this CL adds an option to Isolate::CreateParams to choose
whether this function is allowed.
Review-Url: https://codereview.chromium.org/2642293002
Cr-Commit-Position: refs/heads/master@{#42611}
Manipulating the signaling NaN used for the hole and uninitialized double
field sentinel in C++, e.g. with bit_cast or HeapNumber::value()/set_value(),
will change its value on ia32 (the x87 stack is used to return values and
stores to the stack silently clear the signalling bit).
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2652553003
Cr-Commit-Position: refs/heads/master@{#42609}
Also fixes check for table segments to be performed against actual size not declared one.
Makes us pass memory.wast and linking.wast tests (modulo issue 5860).
R=titzer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2649553002
Cr-Commit-Position: refs/heads/master@{#42607}
Port the fast path for accessor inlining to cached property names from
Crankshaft to TurboFan. This constant-folds accesses to document in a
script.
R=jochen@chromium.org
BUG=v8:5548
Review-Url: https://codereview.chromium.org/2646363003
Cr-Commit-Position: refs/heads/master@{#42600}
The hardcoded constant caused a problem for the wasm fuzzer because
when the maximum memory was allocated in a test case, clusterfuzz ran
out of memory. with the command line flag we can set a lower limit
for the fuzzer.
The flag has the value of the constant as its default value, so that
for everything but the fuzzers nothing should change.
R=titzer@chromium.org
BUG=chromium:676888
Review-Url: https://codereview.chromium.org/2626313003
Cr-Commit-Position: refs/heads/master@{#42599}
We do not want to reserve space in the backing store for index keys.
Count index keys during creation of the BoilerplateDescription, and
substract them for the backing store size.
Correctly count index keys after encountering a property with
a computed name during object literal creation.
R=verwaest@chromium.org
BUG=v8:5625
Review-Url: https://codereview.chromium.org/2651523002
Cr-Commit-Position: refs/heads/master@{#42598}
The CL #42545 (https://codereview.chromium.org/2639353002 ) add SignallingNanSurvivesI32ReinterpretF32/SignallingNanSurvivesI64ReinterpretF64 tests.
Those tests failed at x87 port as X87 FPU hardware will convert a sNaN to qNaN automatically.
This CL skips SignallingNanSurvivesI32ReinterpretF32/SignallingNanSurvivesI64ReinterpretF64 tests for x87.
BUG=
Review-Url: https://codereview.chromium.org/2649843002
Cr-Commit-Position: refs/heads/master@{#42591}
Property backing store size for object literals is
the number of constant and named properties (possibly
over-allocating for the same names).
We do not reserve space in the backing store for __proto__.
We do not reserve space in the backing store for index keys.
Currently, we account for index keys in the runtime when iterating
over the boilerplate properties. Since the boilerplate properties
only include the properties up to the first computed property
name, the property backing store size includes space for index keys
if seen after the first computed property.
R=verwaest@chromium.org
BUG=v8:5625
Review-Url: https://codereview.chromium.org/2650593002
Cr-Commit-Position: refs/heads/master@{#42584}
Reason for revert:
Blocks roll https://codereview.chromium.org/2647183002/
Original issue's description:
> [build] Introduce an embedder version string
>
> Sometimes, the embedder might want to merge a fix to an abandoned branch
> or to a supported branch but the fix is not relevant to Chromium.
> This adds a new version string that the embedder can set on compile time
> and that will be appended to the official V8 version.
> The separator must be provided in the string. For instance, to have a
> full version string like "5.5.372.37.custom.1", the embedder must set
> V8_EMBEDDER_STRING to ".custom.1".
>
> Related Node.js issue: https://github.com/nodejs/node/pull/9754
>
> BUG=v8:5740
> R=machenbach@chromium.org,hablich@chromium.com,ofrobots@google.com
>
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
>
> Review-Url: https://codereview.chromium.org/2619213002
> Cr-Original-Commit-Position: refs/heads/master@{#42175}
> Committed: fc86d4329b
> Review-Url: https://codereview.chromium.org/2619213002
> Cr-Commit-Position: refs/heads/master@{#42582}
> Committed: 2c1d1e6088TBR=hablich@chromium.com,machenbach@chromium.org,ofrobots@google.com,mic.besace@gmail.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5740
Review-Url: https://codereview.chromium.org/2643393004
Cr-Commit-Position: refs/heads/master@{#42583}
Sometimes, the embedder might want to merge a fix to an abandoned branch
or to a supported branch but the fix is not relevant to Chromium.
This adds a new version string that the embedder can set on compile time
and that will be appended to the official V8 version.
The separator must be provided in the string. For instance, to have a
full version string like "5.5.372.37.custom.1", the embedder must set
V8_EMBEDDER_STRING to ".custom.1".
Related Node.js issue: https://github.com/nodejs/node/pull/9754
BUG=v8:5740
R=machenbach@chromium.org,hablich@chromium.com,ofrobots@google.com
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
Review-Url: https://codereview.chromium.org/2619213002
Cr-Original-Commit-Position: refs/heads/master@{#42175}
Committed: fc86d4329b
Review-Url: https://codereview.chromium.org/2619213002
Cr-Commit-Position: refs/heads/master@{#42582}
Convert strings to numbers if possible in the runtime call and store
in excluded property list.
BUG=v8:5549
Review-Url: https://codereview.chromium.org/2639333004
Cr-Commit-Position: refs/heads/master@{#42581}
This moves AsyncFunctionAwait{Caught,Uncaught} to CSA, and removes
async-await.js.
BUG=v8:5639
Review-Url: https://codereview.chromium.org/2643023002
Cr-Commit-Position: refs/heads/master@{#42579}
Reason for revert:
Breaks arm64.
Original issue's description:
> [regexp] Store named captures on the regexp result
>
> This implements storing named captures on the regexp result object.
> For instance, /(?<a>.)/u.exec("b") will return a result such that:
>
> result.group.a // "b"
>
> The spec proposal is not yet final, so this may still change in the future.
>
> BUG=v8:5437
>
> Review-Url: https://codereview.chromium.org/2630233003
> Cr-Original-Commit-Position: refs/heads/master@{#42532}
> Committed: 70000946eb
> Review-Url: https://codereview.chromium.org/2630233003
> Cr-Commit-Position: refs/heads/master@{#42570}
> Committed: ee94fa11edTBR=yangguo@chromium.org,littledan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2639403008
Cr-Commit-Position: refs/heads/master@{#42577}
This implements storing named captures on the regexp result object.
For instance, /(?<a>.)/u.exec("b") will return a result such that:
result.group.a // "b"
The spec proposal is not yet final, so this may still change in the future.
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2630233003
Cr-Original-Commit-Position: refs/heads/master@{#42532}
Committed: 70000946eb
Review-Url: https://codereview.chromium.org/2630233003
Cr-Commit-Position: refs/heads/master@{#42570}
In this particular case, we just did a (lhs)op(rhs), ignoring the case
that lhs and rhs might have different signedness.
This CL changes that to use the proper Cmp##op##Impl implementation,
which does two comparisions for signed-vs-unsigned checks, avoiding
compiler errors.
R=ishell@chromium.org
Review-Url: https://codereview.chromium.org/2642383002
Cr-Commit-Position: refs/heads/master@{#42566}
E.g., ast/ast.h uses Label but shouldn't need to include assembler.h for that. With
this change, we can hope for proper layering in the future (not quite there
yet).
Also includes minor random include lowering and relevant IWYU fixes.
BUG=v8:5294
Review-Url: https://codereview.chromium.org/2645063002
Cr-Commit-Position: refs/heads/master@{#42563}
Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
in preperation for enabling background compilation jobs for inner functions
share the AST in the outer-function's parse zone memory (read-only), with the
and zone being released when all compilation jobs have completed.
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2632123006
Cr-Original-Commit-Position: refs/heads/master@{#42539}
Committed: 839b06b64f
Review-Url: https://codereview.chromium.org/2632123006
Cr-Commit-Position: refs/heads/master@{#42562}
Test that setting breakpoints works for wasm, and that they are hit
correctly.
This basically tests all the layers involved: Compiling and running
wasm interpreter entries, passing arguments to the interpreter, storing
break point infos in wasm objects, getting the right BreakLocation from
wasm frames, and getting stack information from interpreted frames.
BUG=v8:5822
R=titzer@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2629883002
Cr-Commit-Position: refs/heads/master@{#42560}
The index input of load and store nodes has to be of type int32. However
it is still possible that this index input was lowered by the
Int64Lowering, for example if the index was a kTruncateInt64ToInt32
node. With this CL we check if there exists a replacement of the index
and if so, use the replacement instead of the original index as the
input for the lowered load and store nodes.
BUG=v8:5874
R=titzer@chromium.org, eholk@chromium.org
Review-Url: https://codereview.chromium.org/2644603004
Cr-Commit-Position: refs/heads/master@{#42559}
This particular test case is a hack that abuses Turbofan to
generate code that contains a switch table. Now that some
builtins use the CodeStubAssembler to implement switch tables
we don't need this test case anymore.
TBR=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2645943003
Cr-Commit-Position: refs/heads/master@{#42553}
This patch adds destructor to ValueSerializerTest test fixture class
which reset unhandled scheduled exceptions thrown from the current test.
In some cases unhandled scheduled exceptions from current test (eg.
from one test from ValueSerializerTestWithWasm test case) produce that
Context::New(isolate()) from next test's constructor returns NULL.
This error is easily reproduced when unittest file (compiled for ARM or
MIPS simulator) is directly executed (not by tools/run_tests.py script),
so all tests are executed together. When the script is used, each test
from ValueSerializerTestWithWasm test case is separately executed and
unhandled exception from one test doesn't efect to another test from
the same test case.
BUG=
Review-Url: https://codereview.chromium.org/2644083002
Cr-Commit-Position: refs/heads/master@{#42547}
The %_ValueOf intrinsic is not used anymore and the runtime call
%ValueOf will also disappear once all the self hosted builtins are
migrated.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2642303003
Cr-Commit-Position: refs/heads/master@{#42544}
Reason for revert:
Crashes on Windows in:
CompilerDispatcherJobTest.CompileFailureToFinalize
CompilerDispatcherJobTest.ScopeChain
Original issue's description:
> [Parse] ParseInfo owns the parsing Zone.
>
> Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
> in preperation for enabling background compilation jobs for inner functions
> share the AST in the outer-function's parse zone memory (read-only), with the
> and zone being released when all compilation jobs have completed.
>
> BUG=v8:5203,v8:5215
>
> Review-Url: https://codereview.chromium.org/2632123006
> Cr-Commit-Position: refs/heads/master@{#42539}
> Committed: 839b06b64fTBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2645613008
Cr-Commit-Position: refs/heads/master@{#42542}
Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
in preperation for enabling background compilation jobs for inner functions
share the AST in the outer-function's parse zone memory (read-only), with the
and zone being released when all compilation jobs have completed.
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2632123006
Cr-Commit-Position: refs/heads/master@{#42539}
Reason for revert:
Breaks no18n build: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/11604
Original issue's description:
> [regexp] Store named captures on the regexp result
>
> This implements storing named captures on the regexp result object.
> For instance, /(?<a>.)/u.exec("b") will return a result such that:
>
> result.group.a // "b"
>
> The spec proposal is not yet final, so this may still change in the future.
>
> BUG=v8:5437
>
> Review-Url: https://codereview.chromium.org/2630233003
> Cr-Commit-Position: refs/heads/master@{#42532}
> Committed: 70000946ebTBR=yangguo@chromium.org,littledan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2643213002
Cr-Commit-Position: refs/heads/master@{#42534}
This implements storing named captures on the regexp result object.
For instance, /(?<a>.)/u.exec("b") will return a result such that:
result.group.a // "b"
The spec proposal is not yet final, so this may still change in the future.
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2630233003
Cr-Commit-Position: refs/heads/master@{#42532}
Update string-capitalize expected result because now it
passes all the tests in the file.
Mark fast/js/string-capitalization as failing with no_i18n.
Relanding after revert because the failure was taken care of
by Adam's CL at https://codereview.chromium.org/2597543002 .
3rd langing after a crash is taken care of in
https://codereview.chromium.org/2621393002
In addition to the previous version of this CL (PS #4) that landed and
reverted, drop String.prototype.to(Locale){Upper,Lower}Case from the
whitelist of built-in functions for side-effect-free-debugging.
BUG=v8:4477, v8:4476
TEST=test262/{built-ins,intl402}/Strings/*, webkit/fast/js/*,
mjsunit/string-case, intl/general/case*
Cr-Original-Original-Commit-Position: refs/heads/master@{#41834}
Committed: 7c79e23c34
Review-Url: https://codereview.chromium.org/2588963002
Cr-Original-Commit-Position: refs/heads/master@{#41883}
Committed: a42c8c67de
Review-Url: https://codereview.chromium.org/2588963002
Cr-Commit-Position: refs/heads/master@{#42524}
Clang just got more strict about unused lambda captures,
and that requires us to clean all places with this issue
across all the Chromium code base. This CL fixes all such
cases in V8.
BUG=chromium:681136
Review-Url: https://codereview.chromium.org/2646553002
Cr-Commit-Position: refs/heads/master@{#42523}
- builtins-ic.cc takes the place of the AccessorAssembler shim
- AccessorAssemblerImpl can then be renamed
- some cleanup in code-factory.cc
- drop old _TF name suffixes
- fix Generate##Name##Impl in TF_BUILTIN macro
Review-Url: https://codereview.chromium.org/2647493002
Cr-Commit-Position: refs/heads/master@{#42520}
Make wasm code generation (including deserialization) aware of
allow_codegen_callback - if one were set by the host - akin to what we
do for `eval`.
This allows web pages that opt out of unsafe-eval to also opt out of
wasm scenarios.
BUG=v8:5869
Review-Url: https://codereview.chromium.org/2646713002
Cr-Commit-Position: refs/heads/master@{#42519}
Reason for revert:
compilation problems on mips
Original issue's description:
> [wasm] Fix I32ReinterpretF32 and I64ReinterpretF64 on ia32.
>
> On ia32 return statements in C++ automatically convert signalling NaNs
> to quiet NaNs, even when bit_cast is used. This CL removes all uses of
> bit_cast<float> and bit_cast<double> in the wasm compiler and wasm
> interpreter.
>
> R=titzer@chromium.org, clemensh@chromium.org
>
> Review-Url: https://codereview.chromium.org/2639353002
> Cr-Commit-Position: refs/heads/master@{#42512}
> Committed: 7739affa5bTBR=clemensh@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2645693003
Cr-Commit-Position: refs/heads/master@{#42514}
Also update a call in cctest to check the result.
BUG=chromium:681843
Review-Url: https://codereview.chromium.org/2647573003
Cr-Commit-Position: refs/heads/master@{#42513}
On ia32 return statements in C++ automatically convert signalling NaNs
to quiet NaNs, even when bit_cast is used. This CL removes all uses of
bit_cast<float> and bit_cast<double> in the wasm compiler and wasm
interpreter.
R=titzer@chromium.org, clemensh@chromium.org
Review-Url: https://codereview.chromium.org/2639353002
Cr-Commit-Position: refs/heads/master@{#42512}
Currently PropertyConstness is still in sync with PropertyLocation.
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2591233002
Cr-Commit-Position: refs/heads/master@{#42497}
This makes sure 32-bit constants that are used as {MachineType::Uint32}
by the deoptimization translation are also interpreted as such when the
literals are collected.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-681983
BUG=chromium:681983
Review-Url: https://codereview.chromium.org/2646463002
Cr-Commit-Position: refs/heads/master@{#42493}
Reason for revert:
Breaks all windows bots:
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds/6811
Original issue's description:
> [test] Remove local-tests from test262 archive and add to .isolate
>
> This might help fix the bots, which are broken in e.g.,
> https://build.chromium.org/p/tryserver.v8/builders/v8_mac_rel_ng_triggered/builds/14011
>
> The archive was added in order to transmit test262 tests more rapidly.
> It doesn't serve much of a purpose for local-tests. I naively added
> local-tests there out of symmetry. However, the BUILD.gn file does not
> regenerate an archive when files are only deleted and not added or
> changed. Since the performance concern is not present for the small
> volume of local-tests, this patch reverts to the more normal mechanism
> for sending over dependencies, with test262.isolate.
>
> R=adamk
>
> Review-Url: https://codereview.chromium.org/2643983002
> Cr-Commit-Position: refs/heads/master@{#42485}
> Committed: 9f545ea96fTBR=adamk@chromium.org,littledan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2640223003
Cr-Commit-Position: refs/heads/master@{#42491}
Since the script origin is part of the key used in the compilation
cache, this ensures that the cache never confuses a module with a
non-module script.
BUG=v8:1569,v8:5685
Review-Url: https://codereview.chromium.org/2611643002
Cr-Commit-Position: refs/heads/master@{#42490}
Intl constructors are specified to prohibit structurally invalid
subtags. BCP 47 defines itself to be case-insensitive. Firefox does
throw on case-insensitive duplicates, following the specifications.
This patch makes V8 do the same. There is some small compatibility
risk, but the case is fairly niche, so I hope it does not cause
much breakage.
BUG=v8:4215
Review-Url: https://codereview.chromium.org/2639333003
Cr-Commit-Position: refs/heads/master@{#42487}
The IA32AddPair and IA32SubPair instructions were using an input register as a
temporary value, which led to registers sometimes being clobbered when they
shouldn't have been. This led to problems, for example, in calling printf to
format doubles:
printf("%f", 1.2345) => 0.61725 (on x86)
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5800
Review-Url: https://codereview.chromium.org/2637583002
Cr-Commit-Position: refs/heads/master@{#42486}
This might help fix the bots, which are broken in e.g.,
https://build.chromium.org/p/tryserver.v8/builders/v8_mac_rel_ng_triggered/builds/14011
The archive was added in order to transmit test262 tests more rapidly.
It doesn't serve much of a purpose for local-tests. I naively added
local-tests there out of symmetry. However, the BUILD.gn file does not
regenerate an archive when files are only deleted and not added or
changed. Since the performance concern is not present for the small
volume of local-tests, this patch reverts to the more normal mechanism
for sending over dependencies, with test262.isolate.
R=adamk
Review-Url: https://codereview.chromium.org/2643983002
Cr-Commit-Position: refs/heads/master@{#42485}
This CL implements ldrex, ldrexb, ldrexh, strex, strexb, and strexh in the
Simulator. These instructions provide "exclusive" access, which provides mutual
exclusion for concurrent threads of execution.
The ARM specification gives some leeway to implementors, but essentially
describes each processor as having Local Monitor and Global Monitor. The Local
Monitor is used to check the exclusivity state without having to synchronize
with other processors. The Global Monitor is shared between processors. We
model both to make it easier to match behavior with the spec.
When running with multiple OS threads, each thread has its own isolate, and
each isolate has its own Simulator. The Local Monitor is stored directly on the
Simulator, and the Global Monitor is stored as a lazy singleton. The Global
Monitor maintains a linked-list of all Simulators.
All loads/stores (even non-exclusive) are guarded by the Global Monitor's mutex.
BUG=v8:4614
Review-Url: https://codereview.chromium.org/2006183004
Cr-Commit-Position: refs/heads/master@{#42481}
Currently V8 context just crashes on OOM, with this CL backend will send paused notification with OOM reason before OOM and will increase heap limits to allow further debugging on pause.
BUG=chromium:675911
Review-Url: https://codereview.chromium.org/2624543004
Cr-Commit-Position: refs/heads/master@{#42480}
Reason for revert:
Causes a few bugs caught by clusterfuzz.
Original issue's description:
> [Ignition/turbo] Add a CallWithSpread bytecode.
>
> Also, emit a NewWithSpread bytecode for CallNew AST nodes where possible, rather than desugaring in the parser.
>
> BUG=v8:5511
>
> Review-Url: https://codereview.chromium.org/2629363002
> Cr-Commit-Position: refs/heads/master@{#42455}
> Committed: 4bae43471dTBR=bmeurer@chromium.org,rmcilroy@chromium.org,verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5511
Review-Url: https://codereview.chromium.org/2642843002
Cr-Commit-Position: refs/heads/master@{#42470}
V8InspectorSession::schedulePauseOnNextStatement and V8InspectorSession::cancelPauseOnNextStatement are now exposed in inspector tests. These methods are required at least for better blackboxing tests.
BUG=v8:5842
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2636613002
Cr-Commit-Position: refs/heads/master@{#42469}
Also, emit a NewWithSpread bytecode for CallNew AST nodes where possible, rather than desugaring in the parser.
BUG=v8:5511
Review-Url: https://codereview.chromium.org/2629363002
Cr-Commit-Position: refs/heads/master@{#42455}
This also introduces exhaustive switch-cases for instance types.
BUG=chromium:681383
Review-Url: https://codereview.chromium.org/2646433002
Cr-Commit-Position: refs/heads/master@{#42447}
Non-capturing groups so far did not have any effect, so we elided
them in the regexp parser. However, they do affect how lookarounds
are parsed: in unicode mode, lookarounds are not quantifiable. They
are however if wrapped in a group.
BUG=v8:5845
Review-Url: https://codereview.chromium.org/2636883002
Cr-Commit-Position: refs/heads/master@{#42436}
- Currently WebAssembly.Memory.grow() assumes that it always has an instance associated with it,
fix to grow and reflect new size when no instance is associated with memory object.
- Correctness fixes for the js api, throw range errors instead of generic errors
BUG=chromium:680938
R=bradnelson@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2638243002
Cr-Commit-Position: refs/heads/master@{#42432}
This rewrites the rest property into a runtime call which sets up the
correct properties in the newly created object.
- Changes flag to --harmony-object-rest-spread
- Changes pattern rewriter to desugar rest property
- Adds new runtime function CopyDataPropertiesWithExcludedProperties
BUG=v8:5549
Review-Url: https://codereview.chromium.org/2620943002
Cr-Commit-Position: refs/heads/master@{#42430}
The existing implementation assumes that return nodes have exactly one
real value input. This assumption does not hold for WebAssembly. To
avoid incorrect behavior, this CL turns of the reduction of returns
with a value input count != 1.
R=titzer@chromium.org, mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2638053002
Cr-Commit-Position: refs/heads/master@{#42425}
Enable enqueueing of eager inner function compilation onto the compiler
dispatcher. This enables these tasks to be performed in parallel to
compilation of the outer functio (only for Ignition functions).
We currently synchronize to ensure all inner function compilations
are complete before executing the outer function - future work will
allow outer function execution to happenin parallel to inner function
compilation.
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2611313002
Cr-Commit-Position: refs/heads/master@{#42413}
Reduce duplication of the inner function declaration + now we get the
test for inner arrow functions for free (if we later implement lazy
inner arrow functions).
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2637003005
Cr-Commit-Position: refs/heads/master@{#42412}
Background: the first page of each space is implicitly immovable.
Recently, our builtin code objects have reached a size at which we
fill up the first page of code space during initialization. Once
that occurs, newly requested allocations of immovable code are
allocated in a large object space page of 512K.
This CL mitigates these effects by simply marking pages as immovable
during snapshot creation instead of going into LO space.
On snapshot builds, this should just work: deserialized pages are
trimmed and marked immovable when deserialization finishes.
However, non-snapshot builds and allocations of immovable CEntryStub
code at runtime are still affected.
BUG=v8:5831
Review-Url: https://codereview.chromium.org/2635973002
Cr-Commit-Position: refs/heads/master@{#42411}
The resume trampolin used to call the generator function with the context of the
last suspension rather than the closure's context. While that was fine for
Ignition, Turbofan got utterly confused. With this CL, the resume trampolin
always passes in the closure's context (like in the very first call of the
generator function). The generator function itself then restores its previously
current context by reading it from the generator object and doing a
PushContext.
BUG=chromium:681171
Review-Url: https://codereview.chromium.org/2639533002
Cr-Commit-Position: refs/heads/master@{#42407}
Instead, it is supposed to just return an empty context if it failed.
Also don't invoke interceptors (we don't for the parts that deserialize
from the snapshot anyways).
BUG=v8:5830
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2636903002
Cr-Commit-Position: refs/heads/master@{#42404}
Creates an AstStringConstants container which pre-initializes the
string constants used by AstValueFactory. This ensures that all
AstValueFactories will produce the same AstValue objects for constants,
and so they can be used by the BytecodeGenerator without having to pass
the AstValueFactory to it, enabling construction off-thread.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2630343002
Cr-Original-Commit-Position: refs/heads/master@{#42381}
Committed: d611496b8e
Review-Url: https://codereview.chromium.org/2630343002
Cr-Commit-Position: refs/heads/master@{#42394}
KillFields of an object should remove its cache from all the fields.
Currently, the cache in the front field is kept which is not expected.
This patch fixes it.
Review-Url: https://codereview.chromium.org/2618273002
Cr-Commit-Position: refs/heads/master@{#42388}
- Adds vmin, vmax for FP and integer vectors, both signed and unsigned.
- Regularizes switching logic in disasm and simulator for special codes
4 and 6.
- Factors vrecpe, vrsqrte, vrecps, vrsqrts into helper fns.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2623993006
Cr-Commit-Position: refs/heads/master@{#42385}
Reason for revert:
Seems to break modules-namespace2 on gcstress.
Original issue's description:
> [Parser] Introduce AstStringConstants to share constants across AstValueFactory
>
> Creates an AstStringConstants container which pre-initializes the
> string constants used by AstValueFactory. This ensures that all
> AstValueFactories will produce the same AstValue objects for constants,
> and so they can be used by the BytecodeGenerator without having to pass
> the AstValueFactory to it, enabling construction off-thread.
>
> BUG=v8:5203
>
> Review-Url: https://codereview.chromium.org/2630343002
> Cr-Commit-Position: refs/heads/master@{#42381}
> Committed: d611496b8eTBR=ahaas@chromium.org,marja@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2638783002
Cr-Commit-Position: refs/heads/master@{#42382}
Creates an AstStringConstants container which pre-initializes the
string constants used by AstValueFactory. This ensures that all
AstValueFactories will produce the same AstValue objects for constants,
and so they can be used by the BytecodeGenerator without having to pass
the AstValueFactory to it, enabling construction off-thread.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2630343002
Cr-Commit-Position: refs/heads/master@{#42381}
- Generalize the sloppy block function data structures to allow
PreParser adding and hoisting sloppy block funcs.
- This completes PreParser scope analysis.
BUG=v8:5501, v8:5516
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2636543002
Cr-Commit-Position: refs/heads/master@{#42368}
Now we can add a constness bit to the PropertyDetails.
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2629423002
Cr-Commit-Position: refs/heads/master@{#42366}
Moves constant element/property array building to be deferred for
igition and on-demand for the other compilers, and splits off the
object/array literal depth/flag initialisation from the array building.
BUG=v8:5832
Review-Url: https://codereview.chromium.org/2625873009
Cr-Commit-Position: refs/heads/master@{#42362}
1.
DCHECK in runtime-i18n.cc for case mapping was wrong to
assume that the longest primary language tag is 3 characters.
BCP 47 actually allows up to 8 characters.
2. GetFlatContent() was called to a string without flattening it first.
BUG=680314,680464
TEST=intl/general/case-mapping (see also the bugs)
Review-Url: https://codereview.chromium.org/2629763003
Cr-Commit-Position: refs/heads/master@{#42343}
With this CL, context loads and stores are "strengthened" by reducing
the incoming context chain and decreasing the depth accordingly,
whenever possible. This enables more opportunities for specialization
and will let us easily add module context specialization later.
BUG=
Review-Url: https://codereview.chromium.org/2559173003
Cr-Commit-Position: refs/heads/master@{#42334}
This puts lowering of {JSCreateClosure} operations behind a flag. For
now the benefit of inline allocating such closures is negligible, it
does increase code size, and breaks in combination with inlining based
on {SharedFunctionInfo}.
R=jarin@chromium.org
BUG=v8:2206
Review-Url: https://codereview.chromium.org/2636493002
Cr-Commit-Position: refs/heads/master@{#42331}
The simulator implements these exactly, but on ARM hardware,
the estimates are not exact, so CHECK_EQ will fail. This CL adds
a tolerance to the checks.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2628153003
Cr-Commit-Position: refs/heads/master@{#42320}
Reason for revert:
OK, the failure really does seem to be due to this patch: It triggers Clang to crash
FAILED: obj/test/unittests/unittests/function-body-decoder-unittest.obj
E:\b\build\slave\cache\cipd\goma/gomacc.exe ../../third_party/llvm-build/Release+Asserts/bin/clang-cl.exe /nologo /showIncludes /FC @obj/test/unittests/unittests/function-body-decoder-unittest.obj.rsp /c ../../test/unittests/wasm/function-body-decoder-unittest.cc /Foobj/test/unittests/unittests/function-body-decoder-unittest.obj /Fd"obj/test/unittests/unittests_cc.pdb"
Assertion failed: (NumGaps == 0 || Bias < MaxDefRange) && "large ranges should not have gaps", file E:\b\build\slave\win_upload_clang\build\src\third_party\llvm\lib\MC\MCCodeView.cpp, line 531
Wrote crash dump file "C:\Users\CHROME~2\AppData\Local\Temp\goma_temp.5068\clang-cl.exe-563144.dmp"
Let's leave it out for now.
Original issue's description:
> Reland of [wasm] Enforce that function bodies end with the \"end\" opcode. (patchset #1 id:1 of https://codereview.chromium.org/2628883006/ )
>
> Reason for revert:
> Try a reland; this might not have been the source of tree-closing.
>
> Original issue's description:
> > Revert of [wasm] Enforce that function bodies end with the \"end\" opcode. (patchset #3 id:40001 of https://codereview.chromium.org/2630553002/ )
> >
> > Reason for revert:
> > Caused tree to close by failing compilation:
> >
> > https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20clang/builds/4451
> >
> > Original issue's description:
> > > [wasm] Enforce that function bodies end with the \"end\" opcode.
> > >
> > > R=rossberg@chromium.org
> > > BUG=chromium:575167
> > >
> > > Review-Url: https://codereview.chromium.org/2630553002
> > > Cr-Commit-Position: refs/heads/master@{#42286}
> > > Committed: fcc6e85ec6
> >
> > TBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
> > # Skipping CQ checks because original CL landed less than 1 days ago.
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=chromium:575167
> >
> > Review-Url: https://codereview.chromium.org/2628883006
> > Cr-Commit-Position: refs/heads/master@{#42287}
> > Committed: 1d32a3989b
>
> TBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:575167
>
> Review-Url: https://codereview.chromium.org/2628203003
> Cr-Commit-Position: refs/heads/master@{#42296}
> Committed: e539bd8e0eTBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:575167
Review-Url: https://codereview.chromium.org/2633583002
Cr-Commit-Position: refs/heads/master@{#42298}
Reason for revert:
Try a reland; this might not have been the source of tree-closing.
Original issue's description:
> Revert of [wasm] Enforce that function bodies end with the \"end\" opcode. (patchset #3 id:40001 of https://codereview.chromium.org/2630553002/ )
>
> Reason for revert:
> Caused tree to close by failing compilation:
>
> https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20clang/builds/4451
>
> Original issue's description:
> > [wasm] Enforce that function bodies end with the \"end\" opcode.
> >
> > R=rossberg@chromium.org
> > BUG=chromium:575167
> >
> > Review-Url: https://codereview.chromium.org/2630553002
> > Cr-Commit-Position: refs/heads/master@{#42286}
> > Committed: fcc6e85ec6
>
> TBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:575167
>
> Review-Url: https://codereview.chromium.org/2628883006
> Cr-Commit-Position: refs/heads/master@{#42287}
> Committed: 1d32a3989bTBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:575167
Review-Url: https://codereview.chromium.org/2628203003
Cr-Commit-Position: refs/heads/master@{#42296}
Before, in `var p1 = p.then(() => {}) we would trigger the
before/after callbacks with p as the associated promise, but we must
call it with p1.
Also removes promise from PromiseReactionJobInfo.
Review-Url: https://codereview.chromium.org/2633443002
Cr-Commit-Position: refs/heads/master@{#42295}
This function was only needed for extrasUtils. Since it was simply
calling a builtin function, just expose that builtin instead. This
requires an arguments adapter frame for the builtin. As a drive-by
fix, also added an arguments adapter for the extrasUtils.resolvePromise
(and a regression test).
Other cleanup: removed unused native context slot for PROMISE_SET_AND_CREATE.
R=gsathya@chromium.org
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2626793003
Cr-Commit-Position: refs/heads/master@{#42284}
- updated WebAssembly.Instance ctor uses in our tests to match spec
- disallowing mem section *and* mem import, as per spec
BUG=v8:5824
Review-Url: https://codereview.chromium.org/2627763002
Cr-Commit-Position: refs/heads/master@{#42278}
This is a necessary cleanup before introducing PropertyConstness bit.
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2624903003
Cr-Commit-Position: refs/heads/master@{#42277}
The bug was caused by AstTraversalVisitor refactoring:
https://codereview.chromium.org/2169833002/
InitializerRewriter::VisitRewritableExpression in parser.cc didn't recurse; so
it fails when a rewritable expression contains another rewritable expression.
See the bug for more details.
BUG=chromium:679727
Review-Url: https://codereview.chromium.org/2629623002
Cr-Commit-Position: refs/heads/master@{#42274}
Reason for revert:
Blocks roll, ASan detects leaking ExternalStrings.
Original issue's description:
> Internalize strings in-place (reland^2)
>
> using newly introduced ThinStrings, which store a pointer to the actual,
> internalized string they represent.
>
> BUG=v8:4520
>
> (Previously landed as #42168 / af51befe69)
> (Previously landed as #42193 / 4c699e349a)
>
> Review-Url: https://codereview.chromium.org/2549773002
> Cr-Commit-Position: refs/heads/master@{#42235}
> Committed: ec45e6ed2eTBR=ishell@chromium.org,hpayer@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4520
Review-Url: https://codereview.chromium.org/2626893005
Cr-Commit-Position: refs/heads/master@{#42271}
Since we only can do limited checks during microtask execution, do the
checks before actually creating a promise
BUG=chromium:658194
R=bmeurer@chromium.org,gsathya@chromium.org
Review-Url: https://codereview.chromium.org/2628863002
Cr-Commit-Position: refs/heads/master@{#42265}
Literal arrays and feedback vectors for a function can be garbage
collected if we don't have a rooted closure for the function, which
happens often. It's expensive to come back from this (recreating
boilerplates and gathering feedback again), and the cost is
disproportionate if the function was inlined into optimized code.
To guard against losing these arrays when we need them, we'll now
create literal arrays when creating the feedback vector for the outer
closure, and root them strongly in that vector.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2620753003
Cr-Original-Commit-Position: refs/heads/master@{#42258}
Committed: 3188780410
Review-Url: https://codereview.chromium.org/2620753003
Cr-Commit-Position: refs/heads/master@{#42264}
Reason for revert:
gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/8105
also on mac
Original issue's description:
> [TypeFeedbackVector] Root literal arrays in function literals slots
>
> Literal arrays and feedback vectors for a function can be garbage
> collected if we don't have a rooted closure for the function, which
> happens often. It's expensive to come back from this (recreating
> boilerplates and gathering feedback again), and the cost is
> disproportionate if the function was inlined into optimized code.
>
> To guard against losing these arrays when we need them, we'll now
> create literal arrays when creating the feedback vector for the outer
> closure, and root them strongly in that vector.
>
> BUG=v8:5456
>
> Review-Url: https://codereview.chromium.org/2620753003
> Cr-Commit-Position: refs/heads/master@{#42258}
> Committed: 3188780410TBR=bmeurer@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,mvstanton@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2626863004
Cr-Commit-Position: refs/heads/master@{#42260}
Literal arrays and feedback vectors for a function can be garbage
collected if we don't have a rooted closure for the function, which
happens often. It's expensive to come back from this (recreating
boilerplates and gathering feedback again), and the cost is
disproportionate if the function was inlined into optimized code.
To guard against losing these arrays when we need them, we'll now
create literal arrays when creating the feedback vector for the outer
closure, and root them strongly in that vector.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2620753003
Cr-Commit-Position: refs/heads/master@{#42258}
This patch changes the test262 infrastructure to pass individual flags,
specified in the status file, for tests for experimental features, rather
than passing --harmony for all runs. With this change, it should be
easier to run test262 tests in automation when developing new features.
The new workflow would be, when adding a flag, include the flag in the
test expectations file, and when removing the flag, remove the lines from
the test expectations file. This way, the status file does not have to
change when staging or unstaging, and you get the benefit of the automated
tests before staging starts.
R=adamk
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
Review-Url: https://codereview.chromium.org/2601393002
Cr-Commit-Position: refs/heads/master@{#42249}
using newly introduced ThinStrings, which store a pointer to the actual,
internalized string they represent.
BUG=v8:4520
(Previously landed as #42168 / af51befe69)
(Previously landed as #42193 / 4c699e349a)
Review-Url: https://codereview.chromium.org/2549773002
Cr-Commit-Position: refs/heads/master@{#42235}
for debugging. This function is needed to pass increased heap limit
from the main DevTools isolate to the worker isolates it spawns.
BUG=chromium:675911
Review-Url: https://codereview.chromium.org/2624973003
Cr-Commit-Position: refs/heads/master@{#42228}
This API will allow DevTools to intercept out-of-memory condition,
increase the heap limit and schedule heap snapshot.
BUG=chromium:675911
Review-Url: https://codereview.chromium.org/2621873003
Cr-Commit-Position: refs/heads/master@{#42225}
This CL modifies the ast-numbering phase to collect function literals which
should be compiled eagerly. This is then used to eagerly compile the inner
functions before compiling the outer function. This will be used to queue
compilation jobs on the CompilerDispatcher in a later CL.
This CL moves the compilation of eager inner functions out of the
GetSharedFunctionInfo function and instead compiles them explicitly. This
simplifies GetSharedFunctionInfo and also means there is no need to pass a
LazyCompilationMode to the function, so this concept has been removed.
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2618553004
Cr-Commit-Position: refs/heads/master@{#42221}
Most notably, the interpreter now calls this stub instead of the
runtime.
BUG=
Review-Url: https://codereview.chromium.org/2619163004
Cr-Commit-Position: refs/heads/master@{#42218}
Reason for revert:
blocks roll, see: https://codereview.chromium.org/2628733002/
Debug mode runs into an Abort("External string expected, but not found").
Original issue's description:
> Internalize strings in-place (reland)
>
> using newly introduced ThinStrings, which store a pointer to the actual,
> internalized string they represent.
>
> BUG=v8:4520
>
> (Previously landed as #42168 / af51befe69.
>
> Review-Url: https://codereview.chromium.org/2549773002
> Cr-Commit-Position: refs/heads/master@{#42193}
> Committed: 4c699e349aTBR=ishell@chromium.org,hpayer@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4520
Review-Url: https://codereview.chromium.org/2625073002
Cr-Commit-Position: refs/heads/master@{#42212}
Lower StoreDataPropertyInLiteral() when storing
computed property names in object literals.
Add a new AccessMode, kStoreInLiteral. It is similar to
AccessMode::kStore but does not look
up properties on the prototype chain.
99% of all literal definitions with computed property names
end up with generic access_info because of how we count
properties. Once we fix
https://bugs.chromium.org/p/v8/issues/detail?id=5625,
they'll get lowered as well.
BUG=v8:5624
Review-Url: https://codereview.chromium.org/2619773002
Cr-Commit-Position: refs/heads/master@{#42210}
Also ensuring it is validation error to specify more than
one memory import.
BUG=v8:5824
Review-Url: https://codereview.chromium.org/2624853002
Cr-Commit-Position: refs/heads/master@{#42205}
using newly introduced ThinStrings, which store a pointer to the actual,
internalized string they represent.
BUG=v8:4520
(Previously landed as #42168 / af51befe69.
Review-Url: https://codereview.chromium.org/2549773002
Cr-Commit-Position: refs/heads/master@{#42193}
- Refactor Dispatch tables to have separate function, signature tables
- New Relocation type for WasmFunctionTableReference, assembler, compiler support.
- RelocInfo helper functions for Wasm references
Review-Url: https://codereview.chromium.org/2627543003
Cr-Commit-Position: refs/heads/master@{#42192}
Asm.js modules missing exports fail to run the last phase of
validation. Adding an explicit check for this.
BUG=676573
R=titzer@chromium.org,aseemgarg@chromium.org
Review-Url: https://codereview.chromium.org/2620893002
Cr-Commit-Position: refs/heads/master@{#42191}
Reason for revert:
Seems to break the Chromium build: https://codereview.chromium.org/2619193005/
Message:
[1832/9671] CXX obj/v8/v8_base/version.o
FAILED: obj/v8/v8_base/version.o
/b/c/cipd/goma/gomacc ../../third_party/llvm-build/Release+Asserts/bin/clang++ -MMD -MF obj/v8/v8_base/version.o.d -DV8_DEPRECATION_WARNINGS -DDCHECK_ALWAYS_ON=1 -DUSE_UDEV -DUI_COMPOSITOR_IMAGE_TRANSPORT -DUSE_AURA=1 -DUSE_PANGO=1 -DUSE_CAIRO=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -DUSE_PROPRIETARY_CODECS -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD -DSAFE_BROWSING_DB_LOCAL -DCHROMIUM_BUILD -DENABLE_MEDIA_ROUTER=1 -DFIELDTRIAL_TESTING_ENABLED -DCR_CLANG_REVISION=289944-2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DV8_I18N_SUPPORT -DENABLE_HANDLE_ZAPPING -DV8_USE_EXTERNAL_STARTUP_DATA -DV8_TARGET_ARCH_X64 -DDEBUG -DU_USING_ICU_NAMESPACE=0 -DU_ENABLE_DYLOAD=0 -DU_STATIC_IMPLEMENTATION -DICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_FILE -I../.. -Igen -I../../v8 -I../../v8/include -I../../third_party/icu/source/common -I../../third_party/icu/source/i18n -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -funwind-tables -fPIC -pipe -B../../third_party/binutils/Linux_x64/Release/bin -fcolor-diagnostics -fdebug-prefix-map=/b/c/b/linux/src=. -m64 -march=x86-64 -pthread -g1 --sysroot=../../build/linux/debian_wheezy_amd64-sysroot -fvisibility=hidden -Xclang -load -Xclang ../../third_party/llvm-build/Release+Asserts/lib/libFindBadConstructs.so -Xclang -add-plugin -Xclang find-bad-constructs -Xclang -plugin-arg-find-bad-constructs -Xclang check-ipc -Wheader-hygiene -Wstring-conversion -Wtautological-overlap-compare -Werror -Wall -Wno-unused-variable -Wno-missing-field-initializers -Wno-unused-parameter -Wno-c++11-narrowing -Wno-covered-switch-default -Wno-deprecated-register -Wno-unneeded-internal-declaration -Wno-inconsistent-missing-override -Wno-shift-negative-value -Wno-undefined-var-template -Wno-nonportable-include-path -Wno-address-of-packed-member -Wsign-compare -Winconsistent-missing-override -Wshorten-64-to-32 -O3 -fno-ident -fdata-sections -ffunction-sections -fno-threadsafe-statics -fvisibility-inlines-hidden -std=gnu++11 -fno-rtti -fno-exceptions -Wno-deprecated -c ../../v8/src/version.cc -o obj/v8/v8_base/version.o
../../v8/src/version.cc:42:34: error: use of undeclared identifier 'V8_EMBEDDER_STRING'
const char* Version::embedder_ = V8_EMBEDDER_STRING;
^
1 error generated.
Original issue's description:
> [build] Introduce an embedder version string
>
> Sometimes, the embedder might want to merge a fix to an abandoned branch
> or to a supported branch but the fix is not relevant to Chromium.
> This adds a new version string that the embedder can set on compile time
> and that will be appended to the official V8 version.
> The separator must be provided in the string. For instance, to have a
> full version string like "5.5.372.37.custom.1", the embedder must set
> V8_EMBEDDER_STRING to ".custom.1".
>
> Related Node.js issue: https://github.com/nodejs/node/pull/9754
>
> BUG=v8:5740
> R=machenbach@chromium.org,hablich@chromium.com,ofrobots@google.com
>
> Review-Url: https://codereview.chromium.org/2619213002
> Cr-Commit-Position: refs/heads/master@{#42175}
> Committed: fc86d4329bTBR=hablich@chromium.com,machenbach@chromium.org,ofrobots@google.com,mic.besace@gmail.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5740
Review-Url: https://codereview.chromium.org/2621033002
Cr-Commit-Position: refs/heads/master@{#42182}
... which were done after the promise has been resolved.
Goal of this CL - change promise instrumentation to support better callbacks, chained after promise resolution and prepare instrumentation for adding new asyncTaskCreated instrumentation.
Instrumentation changes:
- asyncTaskScheduled(recurring) when promise is fulfilled or rejected,
- asyncTaskCancelled when promise is collected (since [1] we can be sure that promise will survive scheduled microtasks).
Minor changes:
- async task type in inspector <-> debugger API transferred by enum instead of string,
- Debug manages async task ids based on promise objects.
More details: https://docs.google.com/document/d/1u19N45f1gSF7M39mGsycJEK3IPyJgIXCBnWyiPeuJFE
[1] https://codereview.chromium.org/2581503003/
BUG=chromium:632829,v8:5738
R=dgozman@chromium.org,yangguo@chromium.org,gsathya@chromium.org
Review-Url: https://codereview.chromium.org/2578923002
Cr-Commit-Position: refs/heads/master@{#42178}
Sometimes, the embedder might want to merge a fix to an abandoned branch
or to a supported branch but the fix is not relevant to Chromium.
This adds a new version string that the embedder can set on compile time
and that will be appended to the official V8 version.
The separator must be provided in the string. For instance, to have a
full version string like "5.5.372.37.custom.1", the embedder must set
V8_EMBEDDER_STRING to ".custom.1".
Related Node.js issue: https://github.com/nodejs/node/pull/9754
BUG=v8:5740
R=machenbach@chromium.org,hablich@chromium.com,ofrobots@google.com
Review-Url: https://codereview.chromium.org/2619213002
Cr-Commit-Position: refs/heads/master@{#42175}
Now we have declarations too, so it doesn't matter whether preparser
produces the same unresolved variables as the parser.
BUG=v8:5501, v8:5516
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2623583004
Cr-Commit-Position: refs/heads/master@{#42174}
This adds tracking the following:
- Let / var declarations in for loops
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2616393002
Cr-Commit-Position: refs/heads/master@{#42169}
using newly introduced ThinStrings, which store a pointer to the actual,
internalized string they represent.
BUG=v8:4520
Review-Url: https://codereview.chromium.org/2549773002
Cr-Commit-Position: refs/heads/master@{#42168}
Reason for revert:
F32x4Add / Sub are still failing. I'll have to investigate on ARM hardware when I get back.
Original issue's description:
> [WASM] Fix failing Wasm SIMD F32x4 tests.
> - Perform lane checks using FP compare instead of reinterpret casts. 0 and -0
> will be different under I32 compare.
> - Some arithmetic operations can generate NaN results, such as adding -Inf
> and +Inf. Skip these tests until we have a way to do more sophisticated
> FP comparisons in the SIMD tests.
> - Eliminate a redundant F32x4 parameter for FP SIMD vector checking. We will only have this one FP type.
>
> LOG=N
> BUG=v8:4124
>
> Review-Url: https://codereview.chromium.org/2594043002
> Cr-Commit-Position: refs/heads/master@{#42154}
> Committed: 5560bbb498TBR=titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2624713002
Cr-Commit-Position: refs/heads/master@{#42162}
Deferred function call validation is required to support out of order
asm.js function declaration. Unfortunately, since we've started interleaving
validation and asm-wasm building, we don't check names are resolved until
the end.
Fortunately, undefined names can be detected from their CallType.
Check this at asm-typer time.
BUG=676797
R=aseemgarg@chromium.org,titzer@chromium.org
Review-Url: https://codereview.chromium.org/2615443003
Cr-Commit-Position: refs/heads/master@{#42158}
The original TF port didn't maintain the same semantics as the CS/runtime implementation, and in fact introduced a bug that grew capacity too slowly on
32-bit platforms.
R=ishell@chromium.org
LOG=N
Review-Url: https://codereview.chromium.org/2617393002
Cr-Commit-Position: refs/heads/master@{#42155}
- Perform lane checks using FP compare instead of reinterpret casts. 0 and -0
will be different under I32 compare.
- Some arithmetic operations can generate NaN results, such as adding -Inf
and +Inf. Skip these tests until we have a way to do more sophisticated
FP comparisons in the SIMD tests.
- Eliminate a redundant F32x4 parameter for FP SIMD vector checking. We will only have this one FP type.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2594043002
Cr-Commit-Position: refs/heads/master@{#42154}
Previously, the Intl implementation tracked types two ways:
- In the intl_initialized_marker_symbol
- In various named properties of the intl_impl_object_symbol value
As far as I can tell, these will never disagree with each other,
modulo bugs in Intl itself. This patch removes the second type
checking system.
This reland includes a fixed type check for
Intl.DateTimeFormat.prototype.formatToParts , which is the only Intl
method which is not bound. All future methods will follow this
pattern.
The second reland ensures that a newly inserted test is only run
if Intl is present.
BUG=v8:5751,chromium:677055, v8:4962
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
TBR=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2623683002
Cr-Commit-Position: refs/heads/master@{#42152}
This changes the NewClosure interface descriptor, but ignores
the additional vector/slot arguments for now. The feedback vector
gets larger, as it holds a space for each literal array. A follow-on
CL will constructively use this space.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2614373002
Cr-Commit-Position: refs/heads/master@{#42146}
GCC4.8.5 on s390 emits warning "array subscript is above array bounds"
for line "code[pos + 1] = kLocalVoid;". The warning seems to be
correct because code[sizeof(code)] should be out of bounds.
I'm suggesting to run the loop till "sizeof(code) - 1" which GCC(4.8.5)
agrees with. Although this means the last byte is missed, but it should
be safe to do since the last few bytes are "0xb" (kExprEnd) and the
offending statement is only run when byte=kExprBlock.
R=titzer@chromium.org, mstarzinger@chromium.org, bradnelson@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2619063002
Cr-Commit-Position: refs/heads/master@{#42145}
Downside: this adds all kinds of weird includes in the .cc files.
(See design doc linked in the bug.)
BUG=v8:5402
Review-Url: https://codereview.chromium.org/2622503002
Cr-Commit-Position: refs/heads/master@{#42140}
We did not associate any position to the stack check in the wasm
function prologue, hence a check failed later when trying to map the
non-existent position to the asm.js source position.
With this CL, we add a mapping to the source position table, mapping
the stack check call to byte offset 0 (which is distinct from any valid
instruction position). Also, we add another entry to the asm.js source
position sidetable, mapping byte offset 0 to the start source position
of the function body.
R=titzer@chromium.org, ahaas@chromium.org
BUG=chromium:677685
Review-Url: https://codereview.chromium.org/2609363004
Cr-Commit-Position: refs/heads/master@{#42130}
This adds tracking the following:
- Declarations created by catch (potentially destructuring)
- Declarations created by for-each (potentially destructuring)
- Class declarations
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2617923003
Cr-Commit-Position: refs/heads/master@{#42129}
1) Fix confusion between for of and for in.
2) If a for loop doesn't declare its variables, no new variables
are introduced (the outer scope variables are used).
3) Add more cases for destructuring for and destructuring catch.
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2614023004
Cr-Commit-Position: refs/heads/master@{#42125}
Don't assume that the prototype of an object is always a JSObject when
inlining the known receiver map case for abstract relational comparison.
BUG=chromium:679202
R=ishell@chromium.org
Review-Url: https://codereview.chromium.org/2621583002
Cr-Commit-Position: refs/heads/master@{#42123}
Reason for revert:
Breaks noi18n.
Original issue's description:
> [intl] Remove redundant type checking system
>
> Previously, the Intl implementation tracked types two ways:
> - In the intl_initialized_marker_symbol
> - In various named properties of the intl_impl_object_symbol value
>
> As far as I can tell, these will never disagree with each other,
> modulo bugs in Intl itself. This patch removes the second type
> checking system.
>
> This reland includes a fixed type check for
> Intl.DateTimeFormat.prototype.formatToParts , which is the only Intl
> method which is not bound. All future methods will follow this
> pattern.
>
> BUG=v8:5751,chromium:677055, v8:4962
> CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
>
> Review-Url: https://codereview.chromium.org/2600913002
> Cr-Commit-Position: refs/heads/master@{#42118}
> Committed: aa8a2d2789TBR=yangguo@chromium.org,adamk@chromium.org,littledan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5751,chromium:677055, v8:4962
Review-Url: https://codereview.chromium.org/2617323002
Cr-Commit-Position: refs/heads/master@{#42119}
Previously, the Intl implementation tracked types two ways:
- In the intl_initialized_marker_symbol
- In various named properties of the intl_impl_object_symbol value
As far as I can tell, these will never disagree with each other,
modulo bugs in Intl itself. This patch removes the second type
checking system.
This reland includes a fixed type check for
Intl.DateTimeFormat.prototype.formatToParts , which is the only Intl
method which is not bound. All future methods will follow this
pattern.
BUG=v8:5751,chromium:677055, v8:4962
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
Review-Url: https://codereview.chromium.org/2600913002
Cr-Commit-Position: refs/heads/master@{#42118}
This patch provides improved infrastructure for developing test262 tests
together with V8. It has three parts:
- The test262 test runner is updated to look for local versions of tests
in the /test/test262/local-tests directory, which mirrors
/test/test262/data. Additional tests can be added there and are run
together with tests from upstream. Upstream tests can be locally
updated by using the same name in local-tests; if a same-named test
exists, then only the local version will be run. The local-tests
directory is in the V8 repository, unlike the contents of the data
directory, so tests can be added in the same patch as something else.
- The tool /test/test262/upstream-local-tests.sh is added to create
a patch against the test262 respository based on a patch which changes
the local-tests directory.
- The tool /test/test262/prune-local-tests.sh is added to remove
redundant local tests on a test262 roll.
See design doc:
https://docs.google.com/document/d/16bj7AIDgZLv4WOsUEzQ5NzcEN9_xo095e88Pz8FC5rA/edit
Review-Url: https://codereview.chromium.org/2611793002
Cr-Commit-Position: refs/heads/master@{#42117}
Separated:
- decoding of locals
- loop assignment analysis
- determination of opcode length
as statics that work on a Decoder. Neither need the context of a
Module, and were used in scenarios where one wasn't available either.
Changed BodyLocalDecls to match the usecases for the type. In all but
one (a printer), we want the list (in order of declaration, with
repetitions) of types of locals.
Removed a now-unnecessary constructor for the WasmFullDecoder.
BUG=
Review-Url: https://codereview.chromium.org/2610813009
Cr-Commit-Position: refs/heads/master@{#42115}
Previously the message was "this is not defined" which is nonsensical.
BUG=v8:4407
Review-Url: https://codereview.chromium.org/2614053002
Cr-Commit-Position: refs/heads/master@{#42114}
The attached chromium bug suggests that turning this on via a flag
regressed a perf test. Having previously run into slowdowns due
to experimental JS natives, my suspicion is that this regression
can be fixed by including the new builtins in the snapshot.
My intention is to land this patch to see if the regression
goes away on the bots.
Given the nature of this feature, it seems low-risk to remove
the runtime flag. If need be, it would be trivial to craft
a patch to remove these two methods from String.prototype
if we run into web compat issues during the release (note
that no release branch has yet picked up this feature).
BUG=v8:4954, chromium:677444
Review-Url: https://codereview.chromium.org/2610853010
Cr-Commit-Position: refs/heads/master@{#42111}
Also moves most of the runtime function into TF. There are lots of
runtime calls but they happen only for the debug case so it's fine.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2611083002
Cr-Commit-Position: refs/heads/master@{#42109}
Our test infrastructure ignores missing tests which are listed in
status files. Sometimes, tests are removed and status file lines
are not updated. This patch adds a presubmit check for status
files addressing JavaScript tests to not reference missing tests.
It also cleans up existing violations.
R=machenbach
Review-Url: https://codereview.chromium.org/2610353002
Cr-Commit-Position: refs/heads/master@{#42106}
This patch adds parsing of spread object property.
-- Changes ParsePropertyName to parse Token::ELLIPSIS.
-- Throws if rest is encountered by setting a pattern error.
-- Adds a new PropertyKind enum (SPREAD)
-- Adds a new ObjectLiteralProperty::kind (SPREAD)
-- Adds a new harmony-object-spread flag and protects the parser code
with it.
-- Adds a new runtime function called CopyDataProperties
-- Does not add any support for this feature in fullcodegen.
-- Ignition calls out to a runtime function CopyDataProperties to
perform spread operation.
-- Move FastAssign from builtins-objects.cc to objects.cc
-- Refactor Builtin_ObjectAssign to use SetOrCopyDataProperties
Object rest will be implemented in a follow on patch.
BUG=v8:5549
Review-Url: https://codereview.chromium.org/2606833002
Cr-Commit-Position: refs/heads/master@{#42102}
Add a more efficient encoding for state values that have a large number of
optimized-out inputs.
Review-Url: https://codereview.chromium.org/2509623002
Cr-Commit-Position: refs/heads/master@{#42088}
This makes the context allocation less pessimistic in case of name
clash.
This is also required for being able to skip inner functions.
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2610823003
Cr-Commit-Position: refs/heads/master@{#42087}
We need to check both sides for abstract equality of receivers in optimized
code, otherwise we don't handle implicit conversions and undetectable
objects correctly.
R=jarin@chromium.org
BUG=v8:5802
Review-Url: https://codereview.chromium.org/2612213002
Cr-Commit-Position: refs/heads/master@{#42085}
Add a feedback vector slot for computed property names in object
and class literals. Introduce new slot kind for storing
computed property names.
Change StaDataPropertyInLiteral to use the accumulator (again), so
we don't exceed Bytecodes::kMaxOperands.
We assume that most computed property names are
symbols. Therefore we should see performance
improvements, even if we deal with monomorphic ICs only.
This CL only collects feedback but does not use
it in Reduce() yet.
BUG=v8:5624
Review-Url: https://codereview.chromium.org/2587393006
Cr-Commit-Position: refs/heads/master@{#42082}
This moves the initialization of [[HomeObject]] for constructors from
the %DefineClass runtime function into the bytecode generator, and
makes it conditional (resolving an old TODO). As part of this refactor,
avoid a load of "prototype" by returning the class prototype from
%DefineClass.
This is one of many steps in moving more of class definition into
bytecode.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2610683003
Cr-Commit-Position: refs/heads/master@{#42072}
This removes all the promise allocation related methods from the CSA
and moves them PromiseBuiltinsAssembler with some edits.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2604273003
Cr-Commit-Position: refs/heads/master@{#42070}
mjsunit/big-object-literal will exhaust the stack in debug builds,
due to different compiler settings. It will work in optdebug.
This disables for both. Adding an 'optdebug' test to .status files
is easy, but I don't want to contribute to the 'mode x variant explosion'.
R=jochen@chromium.orgCC=franzih@chromium.org, machenbach@chromium.org
Review-Url: https://codereview.chromium.org/2609193002
Cr-Commit-Position: refs/heads/master@{#42061}
This CL simplifies the relation between the wasm graph builder, the
wasm decoder, and the wasm module they work on.
BUG=
Review-Url: https://codereview.chromium.org/2612643002
Cr-Commit-Position: refs/heads/master@{#42056}
-- Removes remaning debug from promise.js and moves it to c++
-- Changes debug_id to be a smi in PromiseReactionJobInfo and
PromiseResolveThenableJobInfo.
-- Changes debug_name to be a smi in PromiseReactionJobInfo and
PromiseResolveThenableJobInfo.
-- Adds PromiseDebugActionName and PromiseDebugActionType enums
-- Adds PromiseDebugActionNameToString and
PromiseDebugActionTypeToString helper methods
-- Changes variable `status` to be int in runtime functions.
-- Changes debug_id to start from 1, not 0 for easier bookkeeping.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2606093002
Cr-Commit-Position: refs/heads/master@{#42052}
