The FixedArray holding the export wrappers is never being used before
creating the WasmCompiledModule, so there is no need to store it in a
field on the WasmCompilationJob. Just create it when creating the
WasmCompiledModule.
R=ahaas@chromium.org
CC=mtrofin@chromium.org
Change-Id: Ibdca3d5c58faf4b52df10560bdf2734fdd7a4656
Reviewed-on: https://chromium-review.googlesource.com/758242
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49214}
The regexp fast path in MaybeCallFunctionAtSymbol had an issue in which
we'd call ToString after checking that the given {object} was a fast
regexp and deciding to take the fast path. This is invalid since
ToString() can call into user-controlled JS and may mutate {object}.
There's no way to place the ToString call correctly in this instance:
1 before BranchIfFastRegExp, it's a spec violation if we end up on the
slow regexp path;
2 the problem with the current location is already described above;
3 and we can't place it into the fast-path regexp builtin (e.g.
RegExpReplace) either due to the same reasons as 1.
The solution in this CL is to restrict the fast path to string
arguments only, i.e. cases where ToString would be a nop and can safely
be skipped.
Bug: chromium:782145
Change-Id: Ifd35b3a9a6cf2e77c96cb860a8ec98eaec35aa85
Reviewed-on: https://chromium-review.googlesource.com/758257
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49213}
This reverts commit ba76ad68e3.
Reason for revert: Broke GCStress on arm64 port...investigating
Original change's description:
> [Turbofan] Introduce AllocateRaw node
>
> In order to simplify and verify the TurboFan graph, we
> need to wire allocations into the control chain after
> effect control linearization.
>
> Bug: v8:7002
> Change-Id: I4c5956c8d16773d721482d46a0b407bee01a9597
> Reviewed-on: https://chromium-review.googlesource.com/738139
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49209}
TBR=mvstanton@chromium.org,jarin@chromium.org
Change-Id: I98669fdff1b960912d6eaad239776262f7bf8c67
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7002
Reviewed-on: https://chromium-review.googlesource.com/758396
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49212}
In order to simplify and verify the TurboFan graph, we
need to wire allocations into the control chain after
effect control linearization.
Bug: v8:7002
Change-Id: I4c5956c8d16773d721482d46a0b407bee01a9597
Reviewed-on: https://chromium-review.googlesource.com/738139
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49209}
Creates a new initializer function to instantiate instance class
fields in a base class.
An initializer function (similar to the one created for static fields)
is created during class declaration and assigned to a synthetic
context allocated variable.
This function is loaded from the variable during instantiation (when
the constructor is run) and run.
Bug: v8:5367
Change-Id: Ie11c2183b3001234ae41d7bcc2cb9b02c0764ab5
Reviewed-on: https://chromium-review.googlesource.com/754445
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49207}
Update the expected result for intl/number-format/format-currency
to match the output of ICU 60/CLDR 32.
Disable the test while ICU is rolled to ICU 60.1. This will be enabled
once v8 picks up the ICU roll to 60.1.
Bug: chromium:766816
Test: intl/numbuer-format/*
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Id6ffe149e9105ca050c6398d484437e1c88c2794
Reviewed-on: https://chromium-review.googlesource.com/756643
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49206}
This is in preparation for wasm on the native heap. All the
aforementioned API needs is the address where the JIT-ed code starts.
This refactoring reduces the dependency of the API to just that.
Bug: v8:6876
Change-Id: I00bbb171398f581db41b8a74ab719e8ea4db52c4
Reviewed-on: https://chromium-review.googlesource.com/755624
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49204}
Thanks Igor and Jakob for the hard work to migrate ICs to data-driven handlers!
This is done as of this CL.
Bug: v8:5561
Change-Id: Icf1ddf0065e3aa85ac7efe4b99f74821ce3c0ac2
Reviewed-on: https://chromium-review.googlesource.com/756842
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49203}
We no longer need the kAlreadyVisitedSlot because we can just check
for undefined in the kPromiseSlot to know if the clsoure was already
fulfilled.
This means we save one word per context per promise resolving closure.
Bug: v8:7037
Change-Id: Ib8f0fb445d2e143714d57fe644ba6d7a3f04c1f7
Reviewed-on: https://chromium-review.googlesource.com/756176
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49200}
The logic for wrapper compilation is the same in the sync and
async cases. Moreover, when moving wasm off the GC heap, we'll
initially skip serializing the wrappers, and regenerate them,
using the same logic, at deserialization.
Longer term, we intend to make the serialization format for wasm
more resilient wrt V8 versioning, time at which this separation
will continue playing a role: cross-v8 versions, wrappers will
be recompiled (instead of deserialzied), while wasm code may just
be deserialized.
Bug: v8:6876
Change-Id: I8d9ba835e7c83bb8d1f47163f62396a6fa17661d
Reviewed-on: https://chromium-review.googlesource.com/755542
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49198}
Valid prototype chain validity cells should have an initial value of
"Map::kPrototypeChainValid", not zero (even though they're the same).
Bug:
Change-Id: I7d3df7d2e3382f20ed598b387612bb48428e0fa0
Reviewed-on: https://chromium-review.googlesource.com/757140
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49196}
This is a reland of 34e3e7f91b
Original change's description:
> Introduce gc flag for fuzzing over compaction.
>
> Bug: v8:6972
> Change-Id: If1f4ee04ae00c6ae1e037bbb1ca758e952a8f843
> Reviewed-on: https://chromium-review.googlesource.com/738112
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Michał Majewski <majeski@google.com>
> Cr-Commit-Position: refs/heads/master@{#49191}
Bug: v8:6972
Change-Id: I690a72a6d5da17c6f15449b2be4cbb681a67e60e
Reviewed-on: https://chromium-review.googlesource.com/756894
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#49195}
This gives up on earlier attempts to interpret DeadValue as a signal of
unreachable code. This does not work because free-floating dead value
nodes, and even pure branch nodes that use them, can get scheduled so
early that they get reachable. Instead, we now eagerly remove branches
that use DeadValue in DeadCodeElimination and replace DeadValue inputs
to value phi nodes with dummy values.
Reland of https://chromium-review.googlesource.com/715716
Bug: chromium:741225 chromium:776256
Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
Reviewed-on: https://chromium-review.googlesource.com/727893
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49188}
Now that we only have the seeded variant, let's call it
number_dictionary_map. It's cleaner.
R=mstarzinger@chromium.org
Change-Id: I3e36ecb15140b5def835ca8ebe50ab829a21892d
Reviewed-on: https://chromium-review.googlesource.com/756749
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49183}
ZoneDeque is memory-inefficient, see
https://bugs.chromium.org/p/chromium/issues/detail?id=674287
As a downside, ZoneChunkList is not const correct, see
https: //bugs.chromium.org/p/v8/issues/detail?id=6473 .
Bug: v8:5516
Change-Id: I2db15006afd78aa932ab831cd9c0cff659229321
Reviewed-on: https://chromium-review.googlesource.com/750782
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49182}
The flag is --parallel-marking.
Bug: chromium:750084
Change-Id: I20ab5945d2cc41d44b29d7090a3436d028588540
Reviewed-on: https://chromium-review.googlesource.com/756709
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49178}
In the fast case, the feedback should be the same across all slots
(like a switch over enum values).
BUG=v8:7045
Change-Id: I2c32f81cda55874ea6fc8d6a18c85d9929cff1bb
Reviewed-on: https://chromium-review.googlesource.com/756701
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49177}
This value was uninitialized before. Initialize it to zero. Also, fix
the tracing output to actually print the start arity and not the end
arity.
R=rossberg@chromium.org
Change-Id: I1eda3be88ca842f60e40e3fb630eca254619ae83
Reviewed-on: https://chromium-review.googlesource.com/756702
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49176}
The section name is printed two times currently: Once in
{WasmSectionIterator::next()}, once in
{ModuleDecoderImpl::DecodeSection}.
This is confusing when looking at the trace output, hence remove one of
the outputs.
R=ahaas@chromium.org
Change-Id: Icc699d5eb0e39325d2849ea6c345b9522985003b
Reviewed-on: https://chromium-review.googlesource.com/756703
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49175}
They are uncovered by existing test cases once we support globals and
memory operations.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I66c7143b66c816ab9a032c18bf6b2c82f7291f68
Reviewed-on: https://chromium-review.googlesource.com/756705
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49174}
The bytecode generator has special handling for comparing the result of
the typeof operator against a string literal. This needs to be adapted
for bigints.
R=jkummerow@chromium.org, mythrie@chromium.org
Bug: v8:6791
Change-Id: I42d6c9e9225ce05e19393f10e01ae496ecb70c9c
Reviewed-on: https://chromium-review.googlesource.com/753465
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49172}
Actually all it does is throw a TypeError.
R=jkummerow@chromium.org
Bug: v8:6791
Change-Id: I884da4eaa937519c07c3516a1713829f52e28ad8
Reviewed-on: https://chromium-review.googlesource.com/753730
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49171}
Due to lazy deserialization, we need to ensure the snapshot blob is
not freed until the Isolate is destroyed.
Re-enable a few tests that can handle lazy deserialization just fine.
Unfortunately we can't do this for all tests as UNINITIALIZED_TEST does
not sufficiently set up the isolate for lazy deserialization (there's no
Isolate::snapshot_blob_).
Bug: v8:6624
Change-Id: Icf0d217da3a4c5ff1506facc7869d2dd1ac3a983
Reviewed-on: https://chromium-review.googlesource.com/756694
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49170}
Lazy TFJ builtins rely on a mechanism that uses the SharedFunctionInfo
to determine the builtin to deserialize. That obviously doesn't work if
we call the lazy builtin directly, so make sure this does not happen (at
least not through (Tail)CallBuiltin).
Bug: v8:6624
Change-Id: Iea95d83379a5a0e47324e1fef83c005350f2f02a
Reviewed-on: https://chromium-review.googlesource.com/754684
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49169}
This commit updates the jobs for generating postmortem
metadata. I96a8a7cdded6f7c37b6f1da659d63df9e3a5de2b moved
the Code class to a new file without updating the postmortem
jobs. This resulted in some constants used by Node.js to
disappear, leading to build failures on SmartOS.
See: https://github.com/nodejs/node-v8/issues/21
Bug:
Change-Id: Icf5f59fe464d933c4f5a3f622b08c01bc43c6a80
Reviewed-on: https://chromium-review.googlesource.com/741919
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49168}
This change
- adds new maps for elements, global, and named dictionaries.
- adds support to embed these dictionaries in the startup snapshot.
- adds support to embed these dictionaries in the code cache.
- refactors the rehashing logic.
TBR=mstarzinger@chromium.org, ishell@chromium.org, jgruber@chromium.org
Bug: v8:6593
Change-Id: I2455fe2a9cc6e93247940de99de5f124c2ada137
Reviewed-on: https://chromium-review.googlesource.com/756693
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49167}
This reverts commit 32f30f6338.
Reason for revert: broken Fuchsia build, https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Fuchsia%2F460%2F%2B%2Frecipes%2Fsteps%2Fcompile%2F0%2Fstdout
Original change's description:
> [platform] check return values from memory operations
>
> This change adds DCHECKs for calls such as mprotect, as well as marking some of
> the memory allocation and deallocation routines as V8_MUST_USE_RESULT. This
> additional checking gives us more useful information for failure in the presence
> of, for example, address space exhaustion.
>
> Bug:
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I5bc76c1da6160262d3d556fea49d284ddd4e02c5
> Reviewed-on: https://chromium-review.googlesource.com/721267
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49164}
TBR=hpayer@chromium.org,mlippautz@google.com,eholk@chromium.org
Change-Id: Ie4b57b45c801dcce7884645f50ff74f833de6dc4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/756137
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49165}
