Unlike the old manually written LoadNonexistent stub, the data handler properly supports keyed loads out of the box. Simply remove the condition that disables it.
BUG=
Review-Url: https://codereview.chromium.org/2693913002
Cr-Commit-Position: refs/heads/master@{#43165}
The environment variables for swarming shards are leaking into the gtest runs, which read them as well and in turn skip some tests. Now we make sure those environment variables aren't passed to the subprocesses.
BUG=v8:5956
Change-Id: I9c93b1facc703a10a88e633074977743ccd24eb0
Reviewed-on: https://chromium-review.googlesource.com/441745
Reviewed-by: Andrii Shyshkalov <tandrii@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43161}
Test both cases where the interesting constructs occur at the
laziness boundary and cases where they occur deeper.
BUG=v8:5501
R=vogelheim@chromium.org
Change-Id: I99e32cb0c829616011bf7d1f389a8d309b54d67e
Reviewed-on: https://chromium-review.googlesource.com/441844
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43157}
The StringEqual builtin can now deal with ExternalOneByteStrings
without going to the runtime. It still needs to go to the runtime
if the external string is short, i.e. if the resource data pointer
is not cached.
R=yangguo@chromium.org
BUG=v8:4913
Review-Url: https://codereview.chromium.org/2690853004
Cr-Commit-Position: refs/heads/master@{#43152}
The constructor for TypedArray in js/typedarray.js emitted
kInvalidTypedArrayAlignment if the array offset exceeded the size of the
underlying buffer. This seems like a typo introduced in
https://codereview.chromium.org/2090353003.
The error message to be emitted instead coincides with the already existing
kInvalidDataViewOffset. The message string is independent of whether the
object in question is a DataView or a typed array, so this CL:
(1) renames kInvalidDataViewOffset to just kInvalidOffset, and
(2) uses kInvalidOffset instead of kInvalidTypedArrayAlignment for cases
when the TypedArray is constructed with an offset exceeding the buffer
size.
BUG=v8:5733
TEST=Run d8, execute "new Uint8Array(new ArrayBuffer(1),2)", see the error message mention the invalid offset 2.
Review-Url: https://codereview.chromium.org/2692753002
Cr-Commit-Position: refs/heads/master@{#43151}
This CL fixes some nits in TypeError messages, unifying the form of
kDefineDisallowed and kObjectNotExtensible to match what is used by the
majority of the other messages:
* "Cannot" vs. "Can't" -> choose "Cannot"
* "property:%" -> "property %"
* omit the full-stop at the end of the message
BUG=v8:5673
Review-Url: https://codereview.chromium.org/2686233008
Cr-Commit-Position: refs/heads/master@{#43150}
This adds support for deoptimizing into the JSConstructStub after the
receiver instantiation but before the actual constructor invocation.
Such a deoptimization point is needed for cases where instantiation
might be observed (e.g. when new.target is a proxy) and hence might
trigger a deopt.
We use this new deoptimization point for the "after" frame-state the
inliner attaches to {JSCreate} nodes being inserted when constructor
calls are being inlined.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-5638b
BUG=v8:5638
Change-Id: I7c72c807ee8fb76d12e0e9ccab86d970ab1a0efd
Reviewed-on: https://chromium-review.googlesource.com/440125
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43149}
Previously, accumulators and registers each had a single element cache,
distinct from the local register cache. This meant that
a) Dead accumulator state nodes were not re-used if the accumulator
became live.
b) Functions with only one parameter (the this object) or only one
local register could not reuse the single-valued state value node
of the accumulator.
This patch introduces heavier re-use of state-value nodes, decreasing
memory use when building the graph and decreasing the number of nodes
created overall.
Change-Id: Ie3cc6913483aab0819d99be382eb2cb42de8c3d2
Reviewed-on: https://chromium-review.googlesource.com/440926
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43148}
If exactly one byte in the upper half of the pushed 8-byte value is
set, use a smaller code sequence to push this value on the stack.
Before, we did
movq r10,<constant>
push r10
Now, we do
push 0x0
movb [rsp+<offset>],<byte>
The old sequence had 12 bytes, the new one has 7.
Pushing such values is used a lot for stack frame markers, which are
small numbers (1-17) encoded as SMIs.
Review-Url: https://codereview.chromium.org/2685213004
Cr-Commit-Position: refs/heads/master@{#43146}
Windows won't create empty .lib files, and will subsequently fail to
find the library other rules expect
R=machenbach@chromium.org
BUG=
Change-Id: I8b848834a6957c2164f0eafc853587d39ccb6ca9
Reviewed-on: https://chromium-review.googlesource.com/440244
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43141}
We cannot skip the @@hasInstance lookup in instanceof depending on a
global protector cell, as the lookup of the property is observable
via proxies or accessors. So remove the global protector and properly
implement CSA::InstanceOf via GetPropertyStub, with an appropriate
fast-path for Function.prototype[@@hasInstance] where we call the
builtin code object directly if the function matches, skipping all
the checks from the call sequence, and also avoid the redundant
ToBoolean conversion on the result.
R=yangguo@chromium.orgTBR=ulan@chromium.org
BUG=v8:5958
Review-Url: https://codereview.chromium.org/2684033012
Cr-Commit-Position: refs/heads/master@{#43137}
Use private symbols to mark default promise handler, instead of calling out to default
handlers defined in JS. We check for this symbol in PromiseHandle and perform the
appropriate behavior as the default handlers.
Catch prediction logic is updated to account for a symbol.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2695593002
Cr-Commit-Position: refs/heads/master@{#43135}
Reason for revert:
Due to security issue described in review thread.
Original issue's description:
> [typedarrays] move %TypedArray%.prototype.copyWithin to C++
>
> - Removes shared InnerArrayCopyWithin JS builtin from src/js/array.js
> - Implements %TypedArray%.prototype.copyWithin as a C++ builtin, which
> relies on std::memmove rather than accessing individual eleements.
> - Fixes the case where copyWithin is invoked on a TypedArray with a
> detached buffer.
> - Add tests to ensure that +/-Infinity (for all 3 parameters) is handled correctly by the
> algorithm
>
> The C++ version gets through the benchmark more than 25000 times as
> quickly as the JS implementation.
>
> BUG=v8:5925, v8:5929, v8:4648
> R=cbruni@chromium.org, adamk@chromium.org, littledan@chromium.org
>
> Review-Url: https://codereview.chromium.org/2671233002
> Cr-Commit-Position: refs/heads/master@{#42975}
> Committed: 0f1c626d55TBR=cbruni@chromium.org,adamk@chromium.org,bmeurer@chromium.org,cwhan.tunz@gmail.com,caitp@igalia.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5925, v8:5929, v8:4648
Review-Url: https://codereview.chromium.org/2693753002
Cr-Commit-Position: refs/heads/master@{#43132}
These intrinsics are no longer required, but their runtime call pendants
are still in use. So remove support for those from all compilers.
BUG=v8:5049
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2694623002
Cr-Commit-Position: refs/heads/master@{#43131}
A couple of the builtins in src/js/typedarray.js still depends on these
intrinsics, so if we don't want to regress all of them, we'll have to
support these trivial intrinsics until the JS builtins are migrated.
R=yangguo@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2695553002
Cr-Commit-Position: refs/heads/master@{#43130}
It reduces the add operation for certain checked load/stores by pre-do
the add in compiling phase.
BUG=
Review-Url: https://codereview.chromium.org/2593483002
Cr-Commit-Position: refs/heads/master@{#43128}
Do not allow that holey properties are defined in Array sort.
Throw a type error if the array is not extensible and there are holey
properties in the middle of the array.
BUG=v8:4888
Review-Url: https://codereview.chromium.org/2664173002
Cr-Commit-Position: refs/heads/master@{#43126}
If a job was already enqueued, EnqueueAndStep would still step the job one
more step. However, since it didn't take the job out of the
pending_background_jobs pool, the job could get picked up by a background
thread which would try to step it, but it the job is now at a step which
can't be run on the background.
BUG=v8:5203,chromium:685515
Change-Id: I2cee2a33625ba455aca49a8037601be9ff8bb73f
Reviewed-on: https://chromium-review.googlesource.com/441084
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43121}
The heuristic checks for "(function", and now it also checks for
"(async function".
BUG=v8:4230
Review-Url: https://codereview.chromium.org/2682173005
Cr-Commit-Position: refs/heads/master@{#43120}
We have different modes of tracing: recording, event callback and
filtering. The cpu profiler should not be enabled when tracing is
enabled with filtering mode.
BUG=688651
Review-Url: https://codereview.chromium.org/2676403002
Cr-Commit-Position: refs/heads/master@{#43119}
This roll includes the SharedArrayBuffer tests (skipping for now)
but doesn't include the $ renaming.
This is a reland; previously, I reverted because I was confused about why
the rename of $ to $262 didn't break tests; it now seems that the
previous patch left it as an alias. This patch does not do the renaming
yet, as the renaming usage has not landed upstream yet.
R=adamk
Review-Url: https://codereview.chromium.org/2685603003
Cr-Commit-Position: refs/heads/master@{#43118}
Since preparser creates different scopes than the parser, the invariant "at most one rest parameter" doesn't hold when the rest param is a destructuring param.
No new tests added; the problem is visible w/ existing tests with FLAG_lazy_inner_functions on.
R=vogelheim@chromium.org
BUG=chromium:690919
Change-Id: I525b8dfee92acd0733702c5a940a1a83a94712df
Reviewed-on: https://chromium-review.googlesource.com/440925
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43117}