Adds support for intrinsics which can be called as stubs. Namely:
- HasProperty
- MathPow
- NewObject
- NumberToString
- RegExpConstructResult
- RegExpExec
- Substring
- ToString
- ToName
- ToLength
- ToNumber
- ToObject
Also adds interface descriptors for stub calls which have arguments
passed on the stack.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2051573002
Cr-Commit-Position: refs/heads/master@{#37185}
If the semaphore is stored as a local variable in {CompileInParallel},
then the semaphore was sometimes deallocated too early and caused
the compilation tasks to crash. This only happens with libc-2.19,
libc-2.21 fixes the problem.
R=mlippautz@chromium.org, rossberg@chromium.org
Review-Url: https://codereview.chromium.org/2080223006
Cr-Commit-Position: refs/heads/master@{#37183}
Receiver is the hole when we construct a builtin object.
BUG=chromium:611684
Review-Url: https://codereview.chromium.org/2083163003
Cr-Commit-Position: refs/heads/master@{#37182}
Previously only stubs built in the snapshot were checked for having an
eager frame. This caused a regression to creap in on ia32 for
RegExpConstructResultStub. Change test to always check.
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
Review-Url: https://codereview.chromium.org/2089673002
Cr-Commit-Position: refs/heads/master@{#37181}
- Moves the most often used 32 items to the top. This shaves off 10kB
from the startup snapshot size.
- Sorts the rest by usage and type.
R=mlippautz@chromium.org
Review-Url: https://codereview.chromium.org/2088023003
Cr-Commit-Position: refs/heads/master@{#37176}
This was necessary since certain named handlers didn't check the name beforehand, and could miss to LoadIC_Miss with a name convertible to an index. This is currently not supported anymore, so we can drop this path. We should make sure we miss to the right label instead.
BUG=
Review-Url: https://codereview.chromium.org/2083283002
Cr-Commit-Position: refs/heads/master@{#37174}
Failing to do the right check in AdvancePage results in a crash in a CHECK later
in EnsureCurrentCapacity.
BUG=chromium:620750,chromium:622115
LOG=N
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2090013002
Cr-Commit-Position: refs/heads/master@{#37171}
This adds a dedicated test to make sure we don't try constant folding on
checks (in this case CheckTaggedPointer), which would generate invalid
code as we removing checks that guard the constant without knowing
whether it's safe to do so.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2087153002
Cr-Commit-Position: refs/heads/master@{#37168}
Let the SimplifiedOperatorReducer perform some strength reduction for
certain CheckTaggedSigned and CheckTaggedPointer inputs (reusing the
existing logic for ObjectIsSmi).
R=jarin@chromium.org
BUG=v8:5141
Review-Url: https://codereview.chromium.org/2080703006
Cr-Commit-Position: refs/heads/master@{#37167}
We cannot change x - y < 0 to x < y, because it would only be safe if
x - y cannot overflow, which we don't know in general.
R=jarin@chromium.org
BUG=v8:5129
Review-Url: https://codereview.chromium.org/2090493002
Cr-Commit-Position: refs/heads/master@{#37164}
Previously only stubs built in the snapshot were checked for having an
eager frame. This caused a regression to creap in on ia32 for
RegExpConstructResultStub. Change test to always check.
Review-Url: https://codereview.chromium.org/2089673002
Cr-Commit-Position: refs/heads/master@{#37162}
Rolling v8/build to f56976d676dfd5597229b21a83a53a58704582bf
Rolling v8/buildtools to 56eaae134648135663c4aa1ed82278572b5f35ef
Rolling v8/tools/mb to 5268873c8c1eebbf1a3aaed7e63f99b600fab65e
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2087933004
Cr-Commit-Position: refs/heads/master@{#37161}
Add a flag to gate experimental support for dynamic code loading and JITing (at runtime in a wasm module).
Enhancing functionality of the indirect function table to support JITing and dynamic linking by allowing additional space to be filled with an "undefined" function signature.
BUG=v8:5044
LOG=N
TEST=None
R=mtrofin@chromium.org,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2049513003
Cr-Commit-Position: refs/heads/master@{#37159}
The GN configs for different optimization levels are confusing and
should probably be reworked, but for now we add a special config
specifically so that we can compile with -O3 when appropriate.
R=brettw@chromium.org, machenbach@chromium.org
BUG=616031, 618678, 621335
Review-Url: https://codereview.chromium.org/2076403002
Cr-Commit-Position: refs/heads/master@{#37158}
Port f47b9e9810
Original commit message:
This adds a new BUILTIN frame type, which supports variable number of
arguments for builtins implemented in hand-written native code (we will
extend this mechanism to TurboFan builtins at some point). Convert the
Math.max and Math.min builtins to construct a BUILTIN frame if required.
This does not yet work for C++ builtins, but that'll be the next step.
R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=v8:4815
LOG=N
Review-Url: https://codereview.chromium.org/2087433003
Cr-Commit-Position: refs/heads/master@{#37157}
Reland of https://codereview.chromium.org/2048703002/
Code like `let a; eval("var a;");` should throw a SyntaxError, not a TypeError
(this caused a test262 failure.). However, the code `eval("function NaN() {}");`
should actually throw a TypeError. This patch changes most cases of
redeclaration errors from TypeError to SyntaxError. See the test
mjsunit/regress/redeclaration-error-types for a thorough analysis with spec
references.
The relevant sections of the spec are ES#sec-globaldeclarationinstantiation and
ES#sec-evaldeclarationinstantiation
BUG=v8:4955
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
R=adamk
Review-Url: https://codereview.chromium.org/2086063002
Cr-Commit-Position: refs/heads/master@{#37156}
Previously, an async arrow function would be parsed if any valid
ConditionalExpression began with the identifier "async", and its following token
was on the same line.
So for example, `async.bar foo => 1` was parsed as a valid async arrow function.
This patch corrects this behaviour by asserting that the following token is a
valid arrow parameters start.
BUG=v8:4483
R=littledan@chromium.org, henrique.ferreiro@gmail.com
Review-Url: https://codereview.chromium.org/2089733002
Cr-Commit-Position: refs/heads/master@{#37154}
Port eff959bb55
Original commit message:
Float32SubMinusZero and Float64SubMinusZero tests are failing because MIPS does not preserve NaN payload according to Wasm spec. Implemented macro-assembler methods that check for NaN operands, and return the qNaN value with preserved payload and sign bits.
TEST=cctest/test-run-wasm/Run_WasmFloat32SubMinusZero, cctest/test-run-wasm/Run_WasmFloat64SubMinusZero
BUG=
Review-Url: https://codereview.chromium.org/2081993002
Cr-Commit-Position: refs/heads/master@{#37151}
Add control dependencies to Projection and Int32Add/SubWithOverflow
operators, to prevent the scheduler from moving the Projection nodes
into the wrong place. This way the instruction selection can combine
the Int32Add/SubWithOverflow operations with the DeoptimizeIf and/or
DeoptimizeUnless nodes. This needs new operators CheckedInt32Add and
CheckedInt32Sub so that we can delay the actual lowering until the
effect/control linearizer.
This also makes CheckIf operator obsolete, so we can drop it.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2082993002
Cr-Commit-Position: refs/heads/master@{#37148}
Adds back simple dead code elimination to the bytecode pipeline.
BUG=v8:4280,chromium:616064
Review-Url: https://codereview.chromium.org/2038083002
Cr-Commit-Position: refs/heads/master@{#37147}
This CL merely sets the --ignition-generators flag to true. This flag is
currently only meaningful in combination with --ignition.
BUG=
Review-Url: https://codereview.chromium.org/2065963002
Cr-Commit-Position: refs/heads/master@{#37144}
Implements:
- WebAssembly object,
- WebAssembly.Module constructor,
- WebAssembly.Instance constructor,
- WebAssembly.compile async method,
- and Module and Instance instance objects.
Also, changes ErrorThrower to support capturing errors in a promise reject.
Since we cannot yet compile without fixing the Wasm memory, and cannot validate a module without compiling, the Module constructor and compile method don't do anything yet but checking that their argument is a suitable BufferSource. Instead of a compiled module, the hidden state of a Module object currently is just that buffer.
BUG=
Review-Url: https://codereview.chromium.org/2084573002
Cr-Commit-Position: refs/heads/master@{#37143}
If all uses of a CheckTaggedHole[convert-hole-to-undefined] node
truncate to word32, we can replace the hole check with a Smi check
and return the result as word32.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2079233006
Cr-Commit-Position: refs/heads/master@{#37142}
This runtime function now also works for Ignition generators. It returns the
source position of the yield at which a suspended generator got suspended. This
works by storing the current bytecode offset at suspension and using an existing
mechanism to map it back to a source position.
TBR=littledan@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2079613003
Cr-Commit-Position: refs/heads/master@{#37140}
Reason for revert:
[Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038
Original issue's description:
> [heap] Avoid the use of cells to point from code to new-space objects.
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=ulan@chromium.org
>
> Committed: https://crrev.com/2d2087b79a293a92a6ed34a2775e481ff2173b3c
> Cr-Commit-Position: refs/heads/master@{#37134}
TBR=titzer@chromium.org,ulan@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2087463004
Cr-Commit-Position: refs/heads/master@{#37139}