This is the last piece of the TypedArray constructors that was still
written in JS.
Bug: v8:7102
Change-Id: I7c4dc867b09408caa4eec2873ea7185b6c61a525
Reviewed-on: https://chromium-review.googlesource.com/888751
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51122}
The num_tasks computation has long been based on NumberOfAvailableBackgroundThreads()
We used to have one background worker per core, stealing cycles from
the main thread. I fixed that @ crrev.com/534414. But now this
computation is wrong and generates one less task than it should (one
per worker but the main thread takes task #0 in practice).
Other usage of NumberOfAvailableBackgroundThreads() in V8 seem correct
already so this is the only tweak required.
R=mlippautz@chromium.org
Bug: chromium:808028
Change-Id: I784ed9b764017f146931547d30be4a3b180b5a2c
Reviewed-on: https://chromium-review.googlesource.com/904662
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51121}
This merely re-uses the same ScopeId as the task. Tracing shows these
as a nested layer with the same name. This is not the cleanest way to
do this but it makes the trace clearer for a minimal diff.
R=mlippautz@chromium.org
Bug: chromium:651354
Change-Id: Ib30ec7d04a30657a63a49aba9698cacd9af950d3
Reviewed-on: https://chromium-review.googlesource.com/904164
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51120}
Removes the overhead of Zone allocating temporary space
that only slightly improved performance of the overlap
(less common) case.
Bug: chromium:808360
Change-Id: Ic92f20f15decb12b916ee23267debd9adc785ee0
Reviewed-on: https://chromium-review.googlesource.com/904462
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#51119}
The perf jit support assumes that if a code object has source position entries,
then it has a source file associated with them. However, the WasmToJS wrapper
stubs are exceptions to this rule which causes a crash when using `--perf-prof`
with asm.js or WASM code.
Change-Id: I047e229477844bf5357c8553ee50e22c089ab1c2
Reviewed-on: https://chromium-review.googlesource.com/897643
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#51118}
Break points are cleared to empty fixed array, not undefined.
R=jgruber@chromium.org
Change-Id: Id8dcd08ed0aebc5c4f7745982cde48d562af9772
Reviewed-on: https://chromium-review.googlesource.com/904202
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51117}
Add a fast-path to Promise#finally, which skips the "then" lookup of the
Promise#then lookup chain is intact, similar to what we already do for
Promise#catch.
Drive-by-fix: Also use the @@species protector to speed up the lookup
of the SpeciesConstructor in Promise#finally.
Bug: v8:7253
Change-Id: If77e779a0188904effc4528beffc8f0bdd7c2efe
Reviewed-on: https://chromium-review.googlesource.com/902283
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51116}
Use unique pointers in vectors of current and finished profiles.
Change-Id: Ifb78f7d3804e9883062741fd4e4e31109965d501
Reviewed-on: https://chromium-review.googlesource.com/898984
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51113}
Move the nexus.IsUninitialized() check into ExtractReceiverMaps so that
we don't need to duplicate the bailout.
Change-Id: I55bdb9baca22f25f681a7a32f4ec56d599c748c6
Reviewed-on: https://chromium-review.googlesource.com/903169
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51112}
The stack overflow boilerplate has been removed since the Error
refactoring in 2016. These explicit stack space checks can now be
removed in favor of standard Throw semantics.
Change-Id: I8b02b9641ebd01e12d12b8da2454d2d04b65df3d
Reviewed-on: https://chromium-review.googlesource.com/903168
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51111}
MIPS64 requires that each allocated page is aligned to 256 MB.
This is so because we use J instruction for long branches
that are withing a 256 MB block of code.
Change-Id: I1222842a5b8ecfacc0397a744ab464e9a747f8b7
Reviewed-on: https://chromium-review.googlesource.com/901611
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51110}
It turns out that .incbin can be problematic for build systems, in
that the included binary file is not detected as a build-time
dependency.
The alternative is .byte inclusion, which we test here.
Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_compile_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Bug: v8:6666
Change-Id: Ie24f4191db17c920c617987d1bee730208776b91
Reviewed-on: https://chromium-review.googlesource.com/901352
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51109}
The `simpleBind` function exposed by V8 Extras was initially added to
work around the terrible performance of `Function.prototype.bind` at
the time. Nowadays `Function.prototype.bind` is significantly faster
and fully optimized by TurboFan, however, so there’s no need for the
`simpleBind` helper anymore.
Bug: chromium:807522
Change-Id: I1a0456e2aa34f92a3c9a0234a812b660f969d016
Reviewed-on: https://chromium-review.googlesource.com/903164
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51108}
We want to be able to use this from other builtins as well, so move it
to somewhere common.
Also adds typing and cleans up the coding style to match newer CSA code
a bit more. GrowableFixedArray is now a subclass of CodeStubAssembler
to make things easier and cleaner. The growing strategy has also been
slightly changed so that empty arrays can be produced.
Change-Id: I20cbd1069d489a6875804736d3e5abab80d0f777
Reviewed-on: https://chromium-review.googlesource.com/901324
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51107}
The catch prediction logic got confused when we merged the reactions and
result fields of JSPromise, because for settled promises it would start
to treat the result as reactions list, leading to a crash most likely or
memory corruption in the worst case (only if break on uncaught exception
is enabled). We can only inspect reactions when the promise is still in
"pending" state.
Bug: chromium:808973, v8:7253
Change-Id: I15162c96fce959a052fbc628addd9418da39327c
Reviewed-on: https://chromium-review.googlesource.com/903163
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51106}
This adds support for the {i64.const} opcode. Since this makes i64
values show up on the wasm stack, quite some code paths need to handle
them. The {CheckSupportedType} method still returns false for kWasmI64,
which will be changed in a follow-up CL. That requires more changes
since it unlocks more uses of i64, e.g. in loads and stores.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ie012d0cd3db001f8693573fd16a3cfafe187009b
Reviewed-on: https://chromium-review.googlesource.com/893319
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51105}
Previous implementation used delay slot the wrong way.
Also, trampoline pools were not generated as they should.
MIPS64 changed to be the same as MIPS since there is probably
same problem that is masked.
test=wasm-spec-tests/tests/br_table
Change-Id: I94786233714a4a2f5eb86e74e02b7e7a7328bf2b
Reviewed-on: https://chromium-review.googlesource.com/901883
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51100}
Modify "run_perf.py --filter Array/" so that it will let match "Array" but
not "ArrayLiteralSpread". Previously --filter Array/ would match nothing.
Change-Id: I1f9c677e3558fc2256a71306af5fc1a8394ac698
Reviewed-on: https://chromium-review.googlesource.com/895453
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51098}
Fixes float to I64 tests to not have duplicated tests.
Also changes the use of macro REQUIRE to only be needed when an opcode
(i.e. operation) is not supported on some architecture.
Bug: v8:7226
Change-Id: I6c18602bd836469077808c0b3c93732af7c8f0d8
Reviewed-on: https://chromium-review.googlesource.com/895408
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51097}
The test required a special runtime function, which did not work in
general but only in the context of that one test. After an offline
discussion we decided that what the test is testing is not worth a
runtime function, since we would also see in other tests if something
goes wrong.
R=clemensh@chromium.org
Bug: v8:7403
Change-Id: I129a189a9df299d409a4a555eae28783e47b97d1
Reviewed-on: https://chromium-review.googlesource.com/901284
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51095}
Also slightly restructure if-chain for readability.
Bug:
Change-Id: I1903106f412e559536bac3369610f40fa6b58680
Reviewed-on: https://chromium-review.googlesource.com/901502
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51094}
A previous CL lowered NumberConstant nodes into IntPtrConstant nodes during
simplified lowering. It inadvertently disabled an optimization in TypeArray
accesses that relied on matching NumberConstant(0).
Bug: chromium:806727
Change-Id: If1938af057be66dea8edc588cc048a01410ca0ad
Reviewed-on: https://chromium-review.googlesource.com/897494
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#51092}
The multi-return fuzzer was able to generate more than 256 parameters of
the same type. However, the fuzzer itself could not deal with so many
parameters. With this change more than 256 parameters of the same type
can be handled and tested.
R=clemensh@chromium.org
Bug: chromium:807862
Change-Id: I6941eb0ff7e78a8feebc437624fa100adeda4e3d
Reviewed-on: https://chromium-review.googlesource.com/897673
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51089}
This adds a new isolate wide Promise#then protector, which guards the
"then" lookup for all JSPromise instances whose [[Prototype]] is the
initial %PromisePrototype%. Thus arbitrary mutations to the
Promise.prototype (i.e. monkey-patching other methods or installing
new functions) no longer sent you down the slow-path. Use this protector
in Promise.prototype.catch and in Promise.resolve.
Drive-by-fix: Restructure the resolve logic a bit and avoid the
expensive and large SameValue check, which can be turned into a simple
reference equal, as the promise in there is known to be a JSPromise
anyways.
Bug: v8:7253
Change-Id: If68b12c6bc6ca9c4d10552ae84854ebc3b5774f9
Reviewed-on: https://chromium-review.googlesource.com/899302
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51085}
Report an error during scope analysis if we're unable to find a
variable proxy for the given private field. This can happen if we try
to access a private field that was not defined or if we're outside
the class scope.
This doesn't correctly throw an early error when pre parsing a top
level function because we don't track it's variables.
Bug: v8:5368
Change-Id: I0a1193fe0ae213c0732fae5d435e150852a8d87d
Reviewed-on: https://chromium-review.googlesource.com/892093
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51082}
The code was using the "correct" cache key for lookups, but not for
creating new entries, leading to us never hitting the cache for
some Function-constructor cases.
Bug: v8:4958, chromium:801556, chromium:802400, chromium:807192
Change-Id: I4ac2234b97a9f5f71957ef936dc4b588d020916b
Reviewed-on: https://chromium-review.googlesource.com/898096
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51081}
Remove hard-coded scratch registers (r9 and ip) from the code generator in favor
of using the `UseScratchRegisterScope` utility. And as a result, we can free the
r9 register for the allocator to use.
Note that the code generator now has to cope with a single scratch register (ip)
instead of two (ip + r9). Therefore the code sequences emitted by moves aren't
as optimized as they used to be. For instance, we now use a scratch S register
in places where we could use r9. We can optimize them further if we want but
running benchmarks showed no impact so keeping the code simpler was deemed
better for the time being.
Bug: v8:6553
Change-Id: I7fcf244cb1b6578564b503619a041006eaf74626
Reviewed-on: https://chromium-review.googlesource.com/895461
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51080}
This check verifies that all .h files in the src/ directory have an
include guard of the form
#ifndef V8_PATH_TO_FILE_H_
#define V8_PATH_TO_FILE_H_
// ...
#endif // V8_PATH_TO_FILE_H_
The check can be skipped with a magic comment:
// PRESUBMIT_INTENTIONALLY_MISSING_INCLUDE_GUARD
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I0a7b96abec289ad60f64ba8418f1892a6969596d
Reviewed-on: https://chromium-review.googlesource.com/897487
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51079}
A version of the spec change from
https://github.com/tc39/ecma262/pull/988, but applied to the
Async-from-Sync iterator type.
This change does not modify generated bytecode (but maybe it should to
take advantage of load IC feedback for loading "next"). Doing this grows
bytecode by quite a bit, since it's necessary to throw-if-not-an-object
before loading "next" (which currently gets to live in a code stub
instead).
BUG=v8:5855
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I0d2affef664d1069b24c54a553d62e17b49e5a16
Reviewed-on: https://chromium-review.googlesource.com/723136
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51078}
Port ca1d44e35f
Original Commit Message:
If enabled, this mode moves code for isolate-independent builtins off
the JS heap at Isolate creation. The Code object itself is rewritten
to tail-call the off-heap instruction stream.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ia1b14663c17308101ce5e952fd508c891a098f8d
Reviewed-on: https://chromium-review.googlesource.com/899105
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51077}
Special case script logging to also log the source of the script, even
if that source is off-heap in an external string.
Bug: v8:7266
Change-Id: I0d35f94f7b27d0d793d1a1a3fb8d3280960b253d
Reviewed-on: https://chromium-review.googlesource.com/899344
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51076}
This is a reland of ef06feded6.
Original change's description:
> Reland "[builtins] Add .incbin cctest"
>
> This is a reland of b012816155.
>
> Original change's description:
> > [builtins] Add .incbin cctest
> >
> > Just to ensure this is portable across all platforms.
> >
> > Credits go to https://github.com/graphitemaster/incbin, bits of the
> > .incbin code were taken from there. Thanks!
> >
> > Reland of https://crrev.com/c/881181
> >
> > Bug: v8:6666
> > Change-Id: I5c0dbf56b1c987fd88607dca69b39d65b59cdefc
> > Reviewed-on: https://chromium-review.googlesource.com/895597
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#51042}
>
> Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_compile_rel
> Bug: v8:6666
> Change-Id: I8fc0963e28996a84ed56c2e740d895e26611abf0
> Reviewed-on: https://chromium-review.googlesource.com/897630
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51054}
Bug: v8:6666
Change-Id: Icc6816e260dac2d8b8f6c9c4a2725b271dac4664
Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_compile_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/898927
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51075}
These 2 test have known issues
Change-Id: I4830e0af0f4f1cf7fd1189316356dd1f7dc2c6eb
Reviewed-on: https://chromium-review.googlesource.com/896721
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51074}
Copied as-is modulo compile tweaks from Chromium's base.
Copied tests highlighting existing overflow issues with V8's impl...
TimeDelta::Max() will initially be used in V8 to flag events that
never triggered in a TimedHistogram.
Also constexpr'ed a few things while I was in there, it's harmless
at worst and helps a little at best.
Ideally would constexpr all the Time*::From*() methods like in
Chromium but that has inlining implications and I don't know the
impact that could have on V8.
Bug: chromium:807606
Change-Id: If5aa92759d985be070e12af4dd20f0159169048b
Reviewed-on: https://chromium-review.googlesource.com/899342
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51073}
