The code generator uses `ip` as a scratch register directly to assemble a
"Constant -> Float stack slot" move. However, the assembler may also use it to
compute the address.
If we try to assemble such a move and the stack slot is out of range of a store
we get the following:
~~~
movw ip, #52429
movt ip, #15820
movw ip, #59328 ; Use ip to compute the address!
movt ip, #65535
str ip, [fp, +ip]
~~~
Bug:
Change-Id: I97a7b606e3f1d53ed44cc7787e49109cf7a7ab16
Reviewed-on: https://chromium-review.googlesource.com/602230
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#47370}
Now that OSR is done during graph building, we no longer have to
special-case OSR loops in the loop assignment analysis, as we no longer
have the restriction that registers are 'assigned' an OSRValue inside
the loop.
Bug: v8:6518
Change-Id: Ib4fa139091d77efa16246ddc6e63a10cbb877ee4
Reviewed-on: https://chromium-review.googlesource.com/615167
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47367}
Makes ClusterFuzz start fuzzing with the flag on.
BUG=v8:5516
Change-Id: Ia80f7d22f12fe25efb226102a896e8b0e3537947
Reviewed-on: https://chromium-review.googlesource.com/610000
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47366}
Allowing GetModuleNamespace on a not-yet-evaluated module does not make a
lot of sense because accessing the namespace object before evaluation
can lead to surprising behavior.
R=adamk@chromium.org
Bug: v8:1569
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I3e3feb344f6399bf92b3dabc97c571a61b38bd41
Reviewed-on: https://chromium-review.googlesource.com/613268
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47365}
This removes:
- CodeBreakIterator for FCG code.
- RelocModes for debug breaks.
- Code generator for debug break slots.
- GC support for debug break slots.
- Code flag to indicate code with debug break slots.
- Builtin type DBG.
- Mechanisms to replace FCG code in the debugger and LiveEdit.
- Runtime entry to the debugger from debug break slots.
R=bmeurer@chromium.org, rmcilroy@chromium.org, ulan@chromium.org
Bug: v8:6409
Change-Id: I5662c8800e3ef1b1584ad107bfe0aae26c9d8abb
Reviewed-on: https://chromium-review.googlesource.com/613263
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47364}
Port 4b397e6c90
Original Commit Message:
The way we access wasm addresses or sizes is the same, on
a platform. We have 2 size parameters - memory and table - and
2 addresses - globals and memory.
The CL also renames for generality the address setting API.
R=mtrofin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ic6c398e0eeb6c9344aca3f92223d8b99a9e518ef
Reviewed-on: https://chromium-review.googlesource.com/615012
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#47360}
Small improvements to code generated on arm and arm64.
Bug: v8:6644
Change-Id: Id3d9be87f6a071e949985a1b6b62a43d9195a104
Reviewed-on: https://chromium-review.googlesource.com/615300
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#47359}
This CL doesn't add static initializer
Fix d4c157ee65 commit
On big endian platforms wrong byte is initialized for "parameter_count"
field of the union.
Bug:
Change-Id: I1c4b1d7f5fb3bd29077fdaa158560c380fba1875
Reviewed-on: https://chromium-review.googlesource.com/613266
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#47356}
This one allows us to support custom promises implementation.
With awaitPromise flag Runtime.evaluate awaits
Promise.resolve(<expression result>).
This also allows to await for any non-Promise value, similar to await
expression, which is more convenient for most protocol users.
R=dgozman@chromium.org
Bug: chromium:755104
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iee798b33b6fb7de7d393372e164c0481d1bbf7eb
Reviewed-on: https://chromium-review.googlesource.com/614308
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47354}
Tests were monolithic, with large loops, and slow on ARM64. Refactor to
small tests so they can be sharded better, reduce page size to 1 to
keep the loops small.
BUG=v8:6532
Change-Id: I712551564d4a70fc12acdf114922feb614aeb271
Reviewed-on: https://chromium-review.googlesource.com/611614
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47353}
In the case of a function constructor or eval, we create a new script
object which doesn't have a script name. In this case, we traverse
upwards on the list of SFI's through script->eval_from_shared() to get
the outermost script that was not an eval script and get the script
name from that script.
Bug: chromium:746909, v8:6683, v8:5785
Change-Id: I430459f632a0e3b18fc3111a5cf1c00cedb9f520
Reviewed-on: https://chromium-review.googlesource.com/606701
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47352}
The way we access wasm addresses or sizes is the same, on
a platform. We have 2 size parameters - memory and table - and
2 addresses - globals and memory.
The CL also renames for generality the address setting API.
Bug:
Change-Id: Ib66c3aff6a0ab4313391528cd2692749bb389559
Reviewed-on: https://chromium-review.googlesource.com/612597
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47350}
* Avoid "using namespace" statements, which trigger clang's -Wheader-hygiene
warnings in jumbo builds.
* Undefine created macros at the end of source files.
BUG=chromium:746958
Change-Id: I5d25432c314437f607b0e1be22765a6764267ba6
Reviewed-on: https://chromium-review.googlesource.com/610962
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@opera.com>
Cr-Commit-Position: refs/heads/master@{#47347}
Fixes the implementation of wasm exceptions to use a WasmRuntimeError
object, and set the exception tag value as a property of the
object. This guarantees that an uncaught wasm exception is treated
like all other runtime errors.
Bug: v8:6577
Change-Id: I0ab0130444e745178e86c23b3bc9fc9f385c8d05
Reviewed-on: https://chromium-review.googlesource.com/611124
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47346}
Port c820b89bc5
Original Commit Message:
Removes the new.target slot from the interpreter's fixed frame. Instead
adds a field to BytecodeArray to get the bytecode's incoming
new.target or generator object register. The InterpreterEntryTrampoline
then sets this register with the incoming new.target (or generator object)
when the function is called. This register can be directly the new.target
or generator object variable if they are LOCAL location, otherwise it is a
temporary register which is then moved to the variable's location during the
function prologue.
This fixes a hack in the deoptimizer where we would set the new.target fixed
slot to undefined in order to avoid extending it's lifetime through the
optimized code - now it's just a standard register and can be optimized away
as normal.
R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ifb93179153016ad989c6ae3675554e70c426e2fa
Reviewed-on: https://chromium-review.googlesource.com/612746
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#47344}
Add a benchmark for TypedArray.prototype.set when
setting from another TypedArray with a different type.
Bug: v8:6704
Change-Id: Iad5585fe7d3a28b5b1a1b1f85ec81be659959239
Reviewed-on: https://chromium-review.googlesource.com/613267
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47343}
Add benchmark for TypedArray.prototype.set when
setting from another TypedArray with the same type.
Bug: v8:6704
Change-Id: Ibde60b17aa32fb9c8237b2ab766d2b2913e256d7
Reviewed-on: https://chromium-review.googlesource.com/613264
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47342}
The V8 mac asan bots correspond to "Mac ASAN Release" and
"Mac ASAN Debug" from chromium.lkgr waterfall.
Depends on infra side:
https://chromium-review.googlesource.com/c/613162TBR=yangguo@chromium.org
NOTRY=true
Bug: chromium:726584
Change-Id: Ic71e3577485131b260801eef9e801ab19ed093c1
Reviewed-on: https://chromium-review.googlesource.com/613480
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47338}
Splits CompileUnoptimizedCode into a non-main thread GenerateUnoptimizedCode and
a main thread FinalizeUnoptimizedCode phase. Adds Disallow<HeapAccess> scopes in
CompileUnoptimizedCode to ensure no access to the heap during this phase.
Also cleans up a few heap accesses in CompilationInfo's constructor to avoid
violating the disallowed heap access.
Currently we reallow heap access during asm.js compilation as a temporary
measure until the script streamer uses an off-heap script buffer.
BUG=v8:5203
TBR=titzer@chromium.org
Change-Id: I7f6140f19938a10a85f1cd89501812dd59dbf6d4
Reviewed-on: https://chromium-review.googlesource.com/605949
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47337}
This follows up 4af9cfcc by separating incremental marking state
from the full MC marking state. Runtime and tests now use only
the incremental marking state. The full MC marking state used
by MC during atomic pause.
This separation decouples atomicity of markbit accesses
during incremental marking and during full MC.
Bug: chromium:694255
TBR: mlippautz@chromium.org
Change-Id: Ia409ab06515cd0d1403a272a016633295c0d6692
Reviewed-on: https://chromium-review.googlesource.com/612350
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47336}
Depends on infra change:
https://chromium-review.googlesource.com/c/612079
This emulates the same GN configurations as from the builders
"UBSan Release" and "UBSan vptr Release" on the chromium.lkgr
waterfall.
NOTRY=true
TBR=yangguo@chromium.org
Bug: chromium:726584
Change-Id: I248765f7f8353351da2a4d5b897b06cbc04ba007
Reviewed-on: https://chromium-review.googlesource.com/612982
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47335}
The function shouldn't try to start black allocation if it is already
started.
Bug: chromium:694255
TBR: mlippautz@chromium.org
Change-Id: I77b5346f6ac2ec5947ca4351a8abe33865729fda
Reviewed-on: https://chromium-review.googlesource.com/612385
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47334}
This reverts commit 01cae9efe4.
Reason for revert: Seeing several flaky crashes on windows associated to this change:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/18407https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/18408
Original change's description:
> [Memory] Improve OOM callback tests.
>
> - Changes OOM tests to keep allocating more and more, starting from a
> large amount, until we exhaust address space and get a failure.
>
> Bug: v8:6635
> Change-Id: I007927c5f639ed395d90198272c93b6ee0e58249
> Reviewed-on: https://chromium-review.googlesource.com/609264
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47328}
TBR=bbudge@chromium.org,mlippautz@chromium.org
Change-Id: Ibe49f99040e1a3c595ed836d1d40dbd0c7247d1c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6635
Reviewed-on: https://chromium-review.googlesource.com/612288
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47332}
This reverts commit 0d14ad5712.
Reason for revert: Seems to add a static initializer:
https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/19779
Original change's description:
> [builtins] Fix union initialization
>
> Fix d4c157ee65 commit
>
> On big endian platforms wrong byte is being read when accessing
> "parameter_count" field of union, in function
> failing on MIPS big endian platforms.
>
> Builtins: :GetStackParameterCount. It is the reason of several tests
> Bug:
> Change-Id: Ia21aba80a89215022ee218d27552b5b4ea18a0db
> Reviewed-on: https://chromium-review.googlesource.com/603808
> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47330}
TBR=jkummerow@chromium.org,jarin@chromium.org,jgruber@chromium.org,predrag.rudic@imgtec.com,ivica.bogosavljevic@imgtec.com
Change-Id: I596bb1a04c72c8f5cb4f7b4a8e9161bd5889683d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/612287
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47331}
Fix d4c157ee65 commit
On big endian platforms wrong byte is being read when accessing
"parameter_count" field of union, in function
failing on MIPS big endian platforms.
Builtins: :GetStackParameterCount. It is the reason of several tests
Bug:
Change-Id: Ia21aba80a89215022ee218d27552b5b4ea18a0db
Reviewed-on: https://chromium-review.googlesource.com/603808
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47330}
- Changes OOM tests to keep allocating more and more, starting from a
large amount, until we exhaust address space and get a failure.
Bug: v8:6635
Change-Id: I007927c5f639ed395d90198272c93b6ee0e58249
Reviewed-on: https://chromium-review.googlesource.com/609264
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47328}
- See bug for the reduced test case.
- Not adding a regression test here: I don't want to assert that PreParser
doesn't detect the redeclaration error, OTOH I don't want to make it detect
the error either (in order to not couple detecting the error with
FLAG_experimental_preparser_analysis).
BUG=chromium:753896, v8:5516
Change-Id: I0f1beffe30e5cb48d6dbec35181980864e6df153
Reviewed-on: https://chromium-review.googlesource.com/608976
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47326}
These operators were only used by the old asm.js pipeline (with
fullcodegen and the AstGraphBuilder). When going through the new
pipeline, accesses to TypedArrays are handled by the native
context specialization during inlining.
Bug: v8:6409
Change-Id: Ib9b888c0b96f297a335580ee42dfa951bde566be
Reviewed-on: https://chromium-review.googlesource.com/612347
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47322}
