Reason for revert:
Breaks compile:
https://build.chromium.org/p/client.v8/builders/V8%20Mac64/builds/7740
Probably had outdated tryjobs
Original issue's description:
> Assembler changes for enabling GrowHeap in Wasm
> - New RelocInfo mode WASM_MEMORY_REFERENCE as a marker for wasm code objects that need to be relocated on a heap change
> - RelocInfo mode recorded for immediates that use the memory buffer as base
> - Tests to verify address patching works
>
> BUG=
>
> Committed: https://crrev.com/cc815b69c17da368107ed77306a5bb161170c834
> Cr-Commit-Position: refs/heads/master@{#34831}
TBR=titzer@chromium.org,yangguo@chromium.org,bradnelson@chromium.org,bradnelson@google.com,marija.antic@imgtec.com,gdeepti@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1808823002
Cr-Commit-Position: refs/heads/master@{#34832}
- New RelocInfo mode WASM_MEMORY_REFERENCE as a marker for wasm code objects that need to be relocated on a heap change
- RelocInfo mode recorded for immediates that use the memory buffer as base
- Tests to verify address patching works
BUG=
Review URL: https://codereview.chromium.org/1759873002
Cr-Commit-Position: refs/heads/master@{#34831}
In case when F inlined normal call to G which tail calls H we should not write translation for G for the tail call site.
Otherwise we will see G in a stack trace inside H.
This CL also enables all existing tests related to ES6 tail call elimination.
TBR=bmeurer@chromium.org
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1780043004
Cr-Commit-Position: refs/heads/master@{#34830}
Function declarations were previously permitted by V8 in many locations
which no ECMAScript specification allowed; the ECMAScript 2015 spec
enumerates a few locations (in blocks, as well as after labels and in
conditionals when in sloppy mode). This patch ships the flag to restrict
the usage of function declarations to those contexts.
R=adamk
LOG=Y
BUG=v8:4824
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1799233003
Cr-Commit-Position: refs/heads/master@{#34828}
We need to pop the context to correct level on return as well. This was incorrectly
removed in this cl: https://codereview.chromium.org/1768123002/. For example
when we have a try-catch-finally block and catch does a return, the return
does not happen immediately. It should execute finally block before it
returns. Return statement should pop the context to the correct level as
expected by finally block.
BUG=594369,v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1796893002
Cr-Commit-Position: refs/heads/master@{#34822}
Port 33c08596e1
Original commit message:
Int64Sub is lowered to a new turbofan operator, Int32SubPair. The new
operator takes 4 inputs an generates 2 outputs. The inputs are the low
word of the left input, high word of the left input, the low word of the
right input, and high word of the right input. The ouputs are the low
and high word of the result of the subtraction.
The implementation is very similar to the implementation of Int64Add.
R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1812473002
Cr-Commit-Position: refs/heads/master@{#34821}
The CL #34701 (https://codereview.chromium.org/1779123002/) added the Run_WasmF32SConvertI64/Run_WasmF64SConvertI64 test cases and X87 failed at them.
The reason is same as the CL #33630 (Issue 1649323002: X87: Change the test case for X87 RunRoundInt32ToFloat32), please refer: https://codereview.chromium.org/1649323002.
Here is the key comments from CL #33630:
Some new test cases use CheckFloatEq(...) and CheckDoubleEq(...) function for result check. When GCC compiling the CheckFloatEq() and CheckDoubleEq() function,
those inlined functions has different behavior comparing with GCC ia32 build and x87 build.
The major difference is sse float register still has single precision rounding semantic. While X87 register has no such rounding precsion semantic when directly use register value.
The V8 turbofan JITTed has exactly same result in both X87 and IA32 port.
For CHECK_EQ(a, b) function, if a and b are double or float, it will has similar behaviors like CheckFloatEq(...) and CheckDoubleEq(...) function when compiled by GCC and causes the test case fail.
So we add the following sentence to do type case to keep the same precision for Run_WasmF32SConvertI64/Run_WasmF64SConvertI64. Such as: volatile double expect = static_cast<float>(*i).
ahaas put those codes in CHECK_FLOAT_EQ and CHECK_DOUBLE_EQ macros in CL #34534 (https://codereview.chromium.org/1773513002 ).
So this CL replaced the CHECK_EQ in Run_WasmF32SConvertI64/Run_WasmF64SConvertI64 to CHECK_FLOAT_EQ/CHECK_DOUBLE_EQ for x87 can pass Run_WasmF32SConvertI64/Run_WasmF64SConvertI64 tests.
BUG=
Review URL: https://codereview.chromium.org/1784813004
Cr-Commit-Position: refs/heads/master@{#34813}
Int64Sub is lowered to a new turbofan operator, Int32SubPair. The new
operator takes 4 inputs an generates 2 outputs. The inputs are the low
word of the left input, high word of the left input, the low word of the
right input, and high word of the right input. The ouputs are the low
and high word of the result of the subtraction.
The implementation is very similar to the implementation of Int64Add.
@v8-arm-ports: please take a careful look at the implementation of sbc
in the simulator.
R=titzer@chromium.org, v8-arm-ports@googlegroups.com
Review URL: https://codereview.chromium.org/1778893005
Cr-Commit-Position: refs/heads/master@{#34808}
The monomorphic case already carefully ensures that we don't try to use
a regular elements load stub on string wrapper elements. The polymorphic
path must perform an equivalent check.
BUG=chromium:594955
LOG=n
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1806543002
Cr-Commit-Position: refs/heads/master@{#34807}
The feature was removed from the bots a while ago. It was
superseeded by the flaky-test detection which reruns tests.
Remaining tests still marked as flaky most certainly pass
since a while.
Referencing all the bugs whose expectations lines get
removed by this.
BUG=v8:3838,v8:3525,v8:3125
LOG=n
Review URL: https://codereview.chromium.org/1802983002
Cr-Commit-Position: refs/heads/master@{#34804}
port 1b23079936 (r34747)
original commit message:
Int64Add is lowered to a new turbofan operator, Int32AddPair. The new
operator takes 4 inputs an generates 2 outputs. The inputs are the low
word of the left input, high word of the left input, the low word of the
right input, and high word of the right input. The ouputs are the low
and high word of the result of the addition.
BUG=
Review URL: https://codereview.chromium.org/1806833002
Cr-Commit-Position: refs/heads/master@{#34803}
This part of Scope has existed since V8's initial check in, but from what
I can tell it's not required to implement "with". The only tests that
depend upon it are tests of the debugger and the Scope mirrors, but the
resulting test behavior after removing the bit still seems perfectly
reasonable to me. In fact, with the included fix for scope name collection,
the scope mirror is actually improved with this change.
As a bi-product, this fixes the attached bug, about the contains_with
bit having inconsistent values in some arrow function compilation
scenarios.
BUG=chromium:592353
LOG=n
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1804783002
Cr-Commit-Position: refs/heads/master@{#34802}
src/js/regexp.js was one of the few files that was left in sloppy
mode. The ES2017 draft specification requires that writes to
lastIndex throw when the property is non-writable, and test262
tests enforce this behavior. This patch puts that file in strict
mode.
BUG=v8:4504
R=yangguo@chromium.org
LOG=Y
Review URL: https://codereview.chromium.org/1776883005
Cr-Commit-Position: refs/heads/master@{#34801}
Array.prototype.concat did not work correct with complex elements on the
receiver or the prototype chain.
BUG=chromium:594574
LOG=y
Review URL: https://codereview.chromium.org/1804963002
Cr-Commit-Position: refs/heads/master@{#34798}
Updates InlineTwice to declare a function and then return a function
instead of using function expressions by wrapping a function with '('
and ')'. The earlier implementation would cause the function to
compile immediately instead of lazy compile. Also updates cctest.status
BUG=v8:4280,v8:4837,v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1800073002
Cr-Commit-Position: refs/heads/master@{#34790}
Word64Popcnt is lowered to Word32Popcnt(low-word) + Word32Popcnt(high_word).
Since the optional Word64Popcnt operator does not exist on 32 bit platforms,
I introduced a new operator "Word64PopcntPlaceholder" which is generated
in the WasmCompiler and then lowered in the Int64Lowering.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1803453003
Cr-Commit-Position: refs/heads/master@{#34777}
We may not emit bytecode for the evaluation of the to-be-returned
expression. In that case we cannot set two return positions for a return
statement (one before and one after the expression evaluation). This
sets the interpreter apart from full-codegen.
Make sure that we always have the second of the two return positions.
Note that we end up with separate test cases for ignition and FCG.
R=rmcilroy@chromium.org, vogelheim@chromium.org
BUG=v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1801473003
Cr-Commit-Position: refs/heads/master@{#34771}
On 32-bit systems these instructions are compiled to calls to
C functions. The TF node for the function call is already generated in
the wasm compiler, the lowering of the I64 parameters is done in the
Int64Lowering. We use the return value of the C function to determine
whether the calculation should trap or not.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1804513002
Cr-Commit-Position: refs/heads/master@{#34768}
Modules already have a separate entrypoint into the engine (at the moment,
this is v8::ScriptCompiler::CompileModule, though that will change to
something like ParseModule). This meant that requiring a commandline flag
simply added an extra complexity burden on embedders. By removing the v8
flag, this lets embedders use their own flagging mechanism (such as d8's
"--module", or Blink's RuntimeEnabledFeatures) to control whether
modules are to be used.
Also remove old modules tests that were being skipped (since they test
very old, pre-ES2015 modules syntax).
R=littledan@chromium.org
BUG=v8:1569, chromium:594639
LOG=y
Review URL: https://codereview.chromium.org/1804693002
Cr-Commit-Position: refs/heads/master@{#34764}
test262 "negative" test expectations list which exception is thrown. The ES2017
draft specification is very specific about which exception class is thrown
from which path, and V8 works hard to be correct with respect to that spec.
Previously, the test262 test runner would accept any nonzero status code,
such as from a crash, or a FAIL printed out, for a negative test. This
patch makes negative tests check for the right answer using a quick-and-dirty
parsing of the exception printing from d8 to find the exception class.
It invokes d8 in a way to get a status code of 0 from thrown exceptions
so that 'negative' tests aren't actually implemented by negating the output.
Amazingly, this didn't catch any test262 failures, but I verified the extra
checking interactively by changing a negative test to expect a different type
and saw it fail.
BUG=v8:4803
R=machenbach
LOG=Y
Review URL: https://codereview.chromium.org/1766503002
Cr-Commit-Position: refs/heads/master@{#34763}
This fixes the label binding mechanism that forwards a label to another
already bound target label. For source labels that are not being reached
by a jump, we should not try to patch jump sites. We still bind the
source label to reflect the target position though, just in case this
binding method will be used for backwards branches in the future.
R=rmcilroy@chromium.org
TEST=webkit/fast/js/parser-syntax-check
Review URL: https://codereview.chromium.org/1804643002
Cr-Commit-Position: refs/heads/master@{#34759}
The previous register allocation allowed invalid register aliasing in
cases where in the TF graph the node was used for multiple inputs of the
Word32PairShl node.
Additionally I renamed PairLsl to LslPair in the code generation for
consistency.
R=titzer@chromium.org, v8-arm-ports@googlegroups.com
Review URL: https://codereview.chromium.org/1776393004
Cr-Commit-Position: refs/heads/master@{#34755}
This moves the last remaining JS file based tests out of the "preparser"
suite. The tests in question all are expected to parse normally and not
throw any exception. This also deprecates the ability of the test suite
to run anything else outside Python templated tests.
R=adamk@chromium.org
TEST=preparser
Review URL: https://codereview.chromium.org/1782173005
Cr-Commit-Position: refs/heads/master@{#34753}
Int64Add is lowered to a new turbofan operator, Int32AddPair. The new
operator takes 4 inputs an generates 2 outputs. The inputs are the low
word of the left input, high word of the left input, the low word of the
right input, and high word of the right input. The ouputs are the low
and high word of the result of the addition.
R=titzer@chromium.org, v8-arm-ports@googlegroups.com
Review URL: https://codereview.chromium.org/1778493004
Cr-Commit-Position: refs/heads/master@{#34747}
Reduce the amount of code generated for OutOfLineLoadFloat* by computing
sqrt(-1) rather than move the NaN as an immediate. Add support for single
precision floating point immediate moves to enable this.
BUG=
Review URL: https://codereview.chromium.org/1758003003
Cr-Commit-Position: refs/heads/master@{#34746}
When black allocation is active, all objects allocated in old space are allocated black. Important: With that change, you cannot assume anymore that new objects are white right after their allocation. Currently, black allocation is enabled when incremental marking is started.
This feature can be turned off via flag: --noblack-allocation
BUG=chromium:561449
LOG=n
Review URL: https://codereview.chromium.org/1420423009
Cr-Commit-Position: refs/heads/master@{#34743}
Move all tests that use i64 values into test-run-wasm-64.cc. Introduce
macros that enable tests as they are implemented on 32 bit platforms.
R=ahaas@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1784343004
Cr-Commit-Position: refs/heads/master@{#34742}
On 32-bit systems I64XConvertFXX instructions are compiled to calls to
C functions. The TF node for the function call is already generated in
the wasm compiler, the lowering of the I64 parameter is done in the
Int64Lowering. We use the return value of the C function to determine
whether the conversion should trap or not.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1775903002
Cr-Commit-Position: refs/heads/master@{#34738}
This patch removes some [PASS, FAIL_OK] lines which consistently pass,
and it declares some tests to be test bugs as appropriate.
R=adamk
Review URL: https://codereview.chromium.org/1784063002
Cr-Commit-Position: refs/heads/master@{#34733}
ES2015 Object.prototype.toString semantics were enabled in version 4.9,
which has been in stable Chrome for nearly two weeks at this point.
R=littledan@chromium.org
Review URL: https://codereview.chromium.org/1784033002
Cr-Commit-Position: refs/heads/master@{#34732}
Updates cctest.status and also updates the test
cctest/test-serialize/SerializeInternalReference to return success when
FLAG_ignition is true. This test tests for internal references and is not
relevant for interpreter.
BUG=v8:4280,v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1782893002
Cr-Commit-Position: refs/heads/master@{#34723}
FullCodegen generates 2 statement positions for the loop init block, like so:
for(var i = 0; i....
^ ^
This change removes the first of those, updates unit tests,
and removes text expectations for Ignition.
---
An alternative would be to emulate the existing behaviour in Ignition, but:
- The new behaviour seems more logical,
- Ignition generates no bytecodes for the 'var', meaning there is no code position to attach the break position to.
BUG=v8:4690
LOG=Y
Review URL: https://codereview.chromium.org/1784883002
Cr-Commit-Position: refs/heads/master@{#34717}
This converts another test case that is expected to throw a TypeError
but no SyntaxError to have better test coverage (exact message is being
checked now).
R=machenbach@chromium.org
TEST=message,preparser
Review URL: https://codereview.chromium.org/1786623002
Cr-Commit-Position: refs/heads/master@{#34715}
This converts existing "preparser" tests that expect a certain exception
message to be produced into "message" tests. Thereby we get much better
coverage because the former test suite degraded by now to just check
whether each test case threw or not, the exception message was not being
checked at all.
This also deprecates the ability of "preparser" to specify that single
test cases based on JS files are expected to throw, "messages" is far
superior, use that test suite instead.
R=machenbach@chromium.org
TEST=message,preparser
Review URL: https://codereview.chromium.org/1784013003
Cr-Commit-Position: refs/heads/master@{#34713}
After histrogram timer added time recaling functionality,
some events, e.g. parse, histogram timer generates event log ending with 'MicroSeconds'.
Since ProfViz can't recorgnize it, this patch cuts off 'MicroSeconds' postfix.
R=vogelheim@chromium.org, yangguo@chromium.org
BUG=chromium:
LOG=N
Review URL: https://codereview.chromium.org/1771293002
Cr-Commit-Position: refs/heads/master@{#34710}
This also runs the message test suite against Ignition. By now most of
the source positions (and exception messages) are accurate, the failing
ones have been blacklisted.
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/1783773003
Cr-Commit-Position: refs/heads/master@{#34708}
- Make separate iterator functions for TypedArrays which do a type check
(and in the future should check for detached TypedArrays)
- Share the toString method with Arrays
BUG=v8:4785
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1780113002
Cr-Commit-Position: refs/heads/master@{#34698}
This check is guaranteed by the Promise spec and tested by test262
tests. It only has to run for subclasses. This patch adds the check
to the Promise code.
BUG=v8:4633
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1780823003
Cr-Commit-Position: refs/heads/master@{#34693}
These flags have been on by default since version 4.9, which has been
in stable Chrome for over a week now, demonstrating that they're
here to stay.
Also moved the tests out of harmony/ and into es6/.
Review URL: https://codereview.chromium.org/1776683003
Cr-Commit-Position: refs/heads/master@{#34692}
This is because compiler.cc is awesome. There are cases where we do not
yet have a SharedFunctionInfo that can tell us whether we are compiling
a generator function, we query the FunctionLiteral instead.
R=rmcilroy@chromium.org
BUG=v8:4681
LOG=n
Review URL: https://codereview.chromium.org/1780193002
Cr-Commit-Position: refs/heads/master@{#34677}
This ensures our optimizing compilers as well as the interpreter are
never tasked with compiling the generator-resuming builtin methods. The
corresponding intrinsics for those methods are not supported and it is
not possible to provide a C++ reference implementation for them. We do
this by assigning builtin function ids to them that we can recognize
during the compiler dispatch.
Note that this also affects the interpreter, because methods having a
builtin function id assigned are not interpreted ({function_data} field
is overlapping). If this ever changes we can still do an early check in
the compiler dispatch (similar to the optimizing compilers) easily.
This applies to the following methods:
- Generator.prototype.next (calls Runtime_GeneratorNext).
- Generator.prototype.return (calls Runtime_GeneratorReturn).
- Generator.prototype.throw (calls Runtime_GeneratorThrow).
R=neis@chromium.org
BUG=v8:4681
LOG=n
Review URL: https://codereview.chromium.org/1779123003
Cr-Commit-Position: refs/heads/master@{#34675}
Make the low level assembler implementation exact and protected to disallow explicit usage.
BUG=
Review URL: https://codereview.chromium.org/1749263002
Cr-Commit-Position: refs/heads/master@{#34673}
This ensures the interpreter is not tasked with compiling generator
functions. It currently does not support suspending activations at
yielding points, but we still want to be able to activate it for the
rest of JavaScript in the meantime.
R=rmcilroy@chromium.org
BUG=v8:4681
LOG=n
Review URL: https://codereview.chromium.org/1782013002
Cr-Commit-Position: refs/heads/master@{#34672}
Only CPSR_f is supported, and then only for the flags that we actually
simulate (NZCV). This isn't currently used, but will be useful for some
tests.
BUG=
Review URL: https://codereview.chromium.org/1776933003
Cr-Commit-Position: refs/heads/master@{#34662}
Previously, optimization has been disabled because of an assertion
failure, which requires the context to be linked into the weak native
context list of the heap.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1777883003
Cr-Commit-Position: refs/heads/master@{#34661}
Changes include:
- better test coverage for builds with snapshot
- write snapshot blobs to buffer instead of test serialization files
- renamed tests
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/1777213002
Cr-Commit-Position: refs/heads/master@{#34657}
We must close the iterator whenever the destructuring didn't exhaust it, unless an iterator operation (eg. next) threw. We do this by wrapping the iterator use in a try-catch-finally similar to the desugaring of for-of.
This is behind --harmony-iterator-close.
R=adamk@chromium.org
BUG=v8:3566
LOG=Y
Review URL: https://codereview.chromium.org/1772793002
Cr-Commit-Position: refs/heads/master@{#34654}
When an Array subclass is used as the receiver for concat, or with
certain usages of @@species, the output that's constructed is of
a different type with new slow path logic. This slow path still
made references to elements, so it's important that bounds checking
for a too-long result still be done. This patch repairs that bounds
checking.
R=cbruni
LOG=Y
BUG=chromium:592340
Review URL: https://codereview.chromium.org/1782443002
Cr-Commit-Position: refs/heads/master@{#34636}
Reading the registers' values back from the FrameDescription
should use the same offset computation as storing them into it.
The offsets must also match what the deoptimizer expects, which
is rx at offset rx.code() * kDoubleSize, even if some registers
are not saved (leaving gaps).
BUG=v8:4800
LOG=n
R=danno@chromium.org
Review URL: https://codereview.chromium.org/1769833006
Cr-Commit-Position: refs/heads/master@{#34633}
