This ensures that the generated code output will match the reference code output
and fixes some failures when running tests natively.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1744493003
Cr-Commit-Position: refs/heads/master@{#34354}
Since both null and undefined are also marked as undetectable now, we
can just test that bit instead of having the CompareNilIC try to collect
feedback to speed up the general case (without the undetectable bit
being used).
Drive-by-fix: Update the type system to match the new handling of
undetectable in the runtime.
R=danno@chromium.org
Committed: https://crrev.com/666aec0348c8793e61c8633dee7ad29a514239ba
Cr-Commit-Position: refs/heads/master@{#34237}
Review URL: https://codereview.chromium.org/1722193002
Cr-Commit-Position: refs/heads/master@{#34344}
The CompareICStub produces an untagged raw word value, which has to be
translated to true or false manually in the TurboFan code. But for lazy
bailout after the CompareIC, we immediately go back to fullcodegen or
Ignition with the raw value, to a location where both fullcodegen and
Ignition expect a boolean value, which might crash or in the worst case
(depending on the exact computation inside the CompareIC) could lead to
arbitrary memory access.
Short-term fix is to use the proper runtime functions (unified with the
interpreter now) for comparisons. Next task is to provide optimized
versions of these based on the CodeStubAssembler, which can then be used
via code stubs in TurboFan or directly in handlers in the interpreter.
R=mstarzinger@chromium.org
BUG=v8:4788
LOG=n
Review URL: https://codereview.chromium.org/1738153002
Cr-Commit-Position: refs/heads/master@{#34335}
Moves skips to explicit fails and groups errors be failure reason. Almost all failures
are due to lack of generator support.
BUG=v8:4680
LOG=N
TBR=oth@chromium.org
Review URL: https://codereview.chromium.org/1740843003
Cr-Commit-Position: refs/heads/master@{#34334}
This patch adds the newly added support for contexts in V8 Tracing, as well
as use it to mark all the entry points for a V8 Isolate.
Update for reland: The current tracing interface needs to be updated (AddTraceEvent),
but the embedders need to migrate to the new version before removing the old version.
(Reland of: https://codereview.chromium.org/1686233002)
The revert happened because the 2 signatures of the old and new AddTraceEvent where different
so it threw an overload-virtual error on cross arm debug. This issue is temporary, and to solve
it, I added an implementation of the old and new everywhere until the embedder implements the new.
BUG=v8:4565
LOG=N
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/1704253002
Cr-Commit-Position: refs/heads/master@{#34332}
When operating in --rebaseline mode, each of the files will be updated.
In --raw-js mode, all the expectations will be written to the same file.
In default mode no more than one input file is accepted.
On POSIX systems, --rebaseline will autodiscover golden files when run
from the project root and no input file is provided.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1737623002
Cr-Commit-Position: refs/heads/master@{#34324}
The LoadBuffer operator that is used for asm.js heap access claims to
return only the appropriate typed array type, but out of bounds access
could make it return undefined. So far we tried to "repair" the graph
later if we see that our assumption was wrong, and for various reasons
that worked for some time. But now that wrong type information that is
propagated earlier is picked up appropriately and thus we generate wrong
code, i.e. we in the repro case we feed NaN into ChangeFloat64Uint32 and
thus get 2147483648 instead of 0 (with proper JS truncation).
This was always considered a temporary hack until we have a proper
asm.js pipeline, but since we still run asm.js through the generic
JavaScript pipeline, we have to address this now. Quickfix is to just
bailout from the pipeline when we see that the LoadBuffer type was
wrong, i.e. the result of LoadBuffer is not properly truncated and thus
undefined or NaN would be observable.
R=mstarzinger@chromium.org, jarin@chromium.org
BUG=chromium:589792
LOG=y
Review URL: https://codereview.chromium.org/1740123002
Cr-Commit-Position: refs/heads/master@{#34322}
Adds support for cpu profiler logging to the interpreter. Modifies the
the API to be passed AbstractCode objects instead of Code objects, and
adds extra functions to AbstractCode which is required by log.cc and
cpu-profiler.cc.
The main change in sampler.cc is to determine if a stack frame is an
interpreter stack frame, and if so, use the bytecode address as the pc
for that frame. This allows sampling of bytecode functions. This
requires adding support to SafeStackIterator to determine if a frame is
interpreted, which we do by checking the PC against pre-stored addresses
for the start and end of interpreter entry builtins.
Also removes CodeDeleteEvents which are dead code and haven't
been reported for some time.
Still to do is tracking source positions which will be done in a
followup CL.
BUG=v8:4766
LOG=N
Review URL: https://codereview.chromium.org/1728593002
Cr-Commit-Position: refs/heads/master@{#34321}
Extends the constant pool to deal with more slices.
Adds ReadUnalignedUInt32().
BUG=v8:4280,v8:4747
LOG=N
Review URL: https://codereview.chromium.org/1731893003
Cr-Commit-Position: refs/heads/master@{#34319}
We don't need to compare the result of ToObject against null, since
ToObject will always yield a proper receiver (or throw a TypeError).
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1736233002
Cr-Commit-Position: refs/heads/master@{#34318}
The %TailCall runtime entry and the %_TailCall intrinsic is not used,
and will never be used (because %TailCall doesn't actually do a tail
call). We will soon have proper ES6 tail calls, which are correct and
properly tested.
The %Apply runtime entry is basically a super-slow, less correct version
of Reflect.apply, so we can as well just use Reflect.apply, which is
exposed to builtins via %reflect_apply.
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/1739233002
Cr-Commit-Position: refs/heads/master@{#34317}
The %_Call intrinsic (if supported by the compiler) is lowered directly
to the Call builtin and thus throws a TypeError if the target is not
callable. The %Call runtime function also eventually calls into the Call
builtin, but had an early abort if the target is not a JSReceiver, which
is unnecessary and leads to various test failures for Ignition.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1727833006
Cr-Commit-Position: refs/heads/master@{#34316}
The treatment of different undetectable objects was inconsistent after
the latest changes to the undetectable bit in the maps. Given two
different undetectable JSObjects a and b, a monomorphic CompareIC would
say false for a == b, while the rest of the system (including the
generic case for the CompareIC) would say true.
The fix is rather straight-forward: We just go generic on a CompareIC
once we see an undetectable JSObject.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1735863004
Cr-Commit-Position: refs/heads/master@{#34315}
Reason for revert:
An Intl change that this depends on breaks a bot
Original issue's description:
> Test262 roll, 2016-2-23
>
> R=adamk
>
> Committed: https://crrev.com/34492040fbfb04fead21416245c8696b9847e751
> Cr-Commit-Position: refs/heads/master@{#34312}
TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1736223002
Cr-Commit-Position: refs/heads/master@{#34313}
Reason for revert:
Speculative revert in attempt to fix#2 crasher on canary.
Original issue's description:
> [compiler] Drop the CompareNilIC.
>
> Since both null and undefined are also marked as undetectable now, we
> can just test that bit instead of having the CompareNilIC try to collect
> feedback to speed up the general case (without the undetectable bit
> being used).
>
> Drive-by-fix: Update the type system to match the new handling of
> undetectable in the runtime.
>
> R=danno@chromium.org
>
> Committed: https://crrev.com/666aec0348c8793e61c8633dee7ad29a514239ba
> Cr-Commit-Position: refs/heads/master@{#34237}
TBR=danno@chromium.org,verwaest@chromium.org,bmeurer@chromium.org
LOG=y
BUG=chromium:589897
NOTRY=true
Review URL: https://codereview.chromium.org/1743433002
Cr-Commit-Position: refs/heads/master@{#34308}
This patch moves iterator finalization (calling .return() when a
for-of loop exits early) to shipping. The only part of this feature
which is currently known to be missing is destructuring--.return()
should be also be called when destructuring with an array which
does not end in a rest pattern, but it currently does not. The rest
of this feature, including calling .return() from certain builtins,
is implemented.
R=adamk
BUG=v8:3566
LOG=Y
Review URL: https://codereview.chromium.org/1738463003
Cr-Commit-Position: refs/heads/master@{#34307}
This calback is run after an attempt to run microtasks.
BUG=chromium:585949
LOG=Y
Review URL: https://codereview.chromium.org/1731773005
Cr-Commit-Position: refs/heads/master@{#34305}
Only use one set of %StrictEquals/%StrictNotEquals and
%Equals/%NotEquals runtime entries for both the interpreter
and the old-style CompareICStub. The long-term plan is to
update the CompareICStub to also return boolean values, and
even allow some more code sharing with the interpreter there.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1738883002
Cr-Commit-Position: refs/heads/master@{#34303}
This reverts commit 9146bc5e20.
This contains a fix for the following crash:
1. We record slots for a fixed array.
2. We trim the fixed array, so that some recorded slots are now in free space.
3. During mark-compact we sweep the page with the fixed array. Now free list items contain memory with recorded slots.
4. We evacuate a byte array using the new free list items.
5. We iterate slots that are now inside the byte array and crash.
BUG=chromium:589413,chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1735523002
Cr-Commit-Position: refs/heads/master@{#34302}
It is possible for JS objects to be allocated while we are retrieving the
profile. These JS objects can in turn end up getting sampled by the profiler.
Adding these to the profile data structures invalidates the iterators that
are presently in flight. This change prevents such concurrent modifications
from affecting the retrieve operation.
BUG=
Review URL: https://codereview.chromium.org/1735733002
Cr-Commit-Position: refs/heads/master@{#34298}
This adds explicit setters for the SharedFunctionInfo::function_data
field. Such setters are safer because they allow for explicit checking
of which values are allowed, and they improve readability because the
intended semantics become clear for each call-site. Also fix a cctest
case along the way.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1730853005
Cr-Commit-Position: refs/heads/master@{#34297}
By now the deprecation of strong mode is far enough along that the
support present in the interpreter matches the support in the other
compilers. Special expectations aren't needed anymore.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1738653003
Cr-Commit-Position: refs/heads/master@{#34293}
Bytecode expectations have been moved to external (.golden) files,
one per test. Each test in the suite builds a representation of the
the compiled bytecode using BytecodeExpectationsPrinter. The output is
then compared to the golden file. If the comparision fails, a textual
diff can be used to identify the discrepancies.
Only the test snippets are left in the cc file, which also allows to
make it more compact and meaningful. Leaving the snippets in the cc
file was a deliberate choice to allow keeping the "truth" about the
tests in the cc file, which will rarely change, as opposed to golden
files.
Golden files can be generated and kept up to date using
generate-bytecode-expectations, which also means that the test suite
can be batch updated whenever the bytecode or golden format changes.
The golden format has been slightly amended (no more comments about
`void*`, add size of the bytecode array) following the consideration
made while converting the tests.
There is also a fix: BytecodeExpectationsPrinter::top_level_ was left
uninitialized, leading to undefined behaviour.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1717293002
Cr-Commit-Position: refs/heads/master@{#34285}
Handles stack overflow in interpreter.
1. When visiting function literal, if the shared function
info cannot be found we should return a stack overflow.
2. When visiting the ast graph, if stack overflow happens
then all the ast nodes are not visited, so we need to have
appropriate handling in the AccumulatorResultScope and
RegisterResultScope.
3. MakeBytecode should not return a suceess unconditionally.
If there is a stack overflow, it should return false, so
RangeError can be thrown.
BUG=v8:4280,v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1721983005
Cr-Commit-Position: refs/heads/master@{#34282}
I turn the test off for now. The problem is that mips does not deal with
signalling NaNs as expected.
@v8-mips-ports: Could it be that the mips simulator deals differently
with signalling NaNs than the actual hardware? The implementation that
is tested in these tests assumes that sNaN * 1.0 = qNaN, where the bits
of sNaN and qNaN are equal except for the most significant mantissa bit.
This assumption holds for the simulator, but seems not to hold for actual
mips hardware. Do you know more about that?
R=mstarzinger@chromium.org, titzer@chromium.org, v8-mips-ports@googlegroups.com
Review URL: https://codereview.chromium.org/1735673003
Cr-Commit-Position: refs/heads/master@{#34278}
Migrate Math.imul, Math.fround, Math.acos, Math.asin and Math.atan to
C++ builtins, as these ones call into C++ anyway and so there's no
need to have this extra wrapper around it.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1731543004
Cr-Commit-Position: refs/heads/master@{#34274}
When there is no receiver object, plain function calls are a few
percent faster than %_Call().
This patch also fixes the HAS_INDEX macro used in a bunch of
Array.prototype functions to properly check for elements inherited
from prototypes.
Review URL: https://codereview.chromium.org/1706213002
Cr-Commit-Position: refs/heads/master@{#34269}
There was a bug in for-of loops without newly declared variables: If,
in performing the assignment, an exception were thrown, then
IteratorClose would not be called. The problem was that the assignment
is done as part of assign_each, which happens before the loop is put
back in the state which is recognized to be breaking/throwing/returning
early.
This patch modifies the for-of desugaring by setting the loop state
before, rather than after, evaluating the assign_each portion, which is
responsible for evaluating the assignment in for-of loops which do not
have a declaration.
This patch, together with https://codereview.chromium.org/1728973002 ,
allow all test262 iterator return-related tests to pass.
R=rossberg
BUG=v8:4776
LOG=Y
Review URL: https://codereview.chromium.org/1731773003
Cr-Commit-Position: refs/heads/master@{#34262}
In the for-of desugaring, IteratorClose is a subtle thing to get right.
When return exists, the logic for which exception to throw is as follows:
1. Get the 'return' property and property any exception that might come from
the property read
2. Call return, not yet propagating an exception if it's thrown.
3. If we are closing the iterator due to an exception, propagate that error.
4. If return threw, propagate that error.
5. Check if return's return value was not an object, and throw if so
Previously, we were effectively doing step 5 even if an exception "had already
been thrown" by step 3. Because this took place in a finally block, the exception
"won the race" and was the one propagated to the user. The fix is a simple change
to the desugaring to do step 5 only if step 3 didn't happen.
R=rossberg
BUG=v8:4775
LOG=Y
Review URL: https://codereview.chromium.org/1728973002
Cr-Commit-Position: refs/heads/master@{#34261}
This fixes a corner case that triggered an assert in full-codegens
operand stack depth tracking. We stop pushing operands if we overflow
the C-stack while iterating the AST. This makes the tracking go out of
sync before we fully returned from the tree traversal, at which point
the thrown RangeError will abort compilation.
R=ishell@chromium.org
TEST=mjsunit/regress/regress-crbug-589472
BUG=chromium:589472
LOG=n
Review URL: https://codereview.chromium.org/1732903002
Cr-Commit-Position: refs/heads/master@{#34255}
