Reason for revert:
Found to break SAP Web IDE, and these semantics are not shipped in any other browser.
Revert to legacy semantics while assessing web compatibility.
BUG=chromium:624318
Original issue's description:
> Put RegExp js code in strict mode
>
> src/js/regexp.js was one of the few files that was left in sloppy
> mode. The ES2017 draft specification requires that writes to
> lastIndex throw when the property is non-writable, and test262
> tests enforce this behavior. This patch puts that file in strict
> mode.
>
> BUG=v8:4504
> R=yangguo@chromium.org
> LOG=Y
>
> Committed: https://crrev.com/80b1b2a45bbd9bf3d08e4e6516acfaaa8f438213
> Cr-Commit-Position: refs/heads/master@{#34801}
TBR=yangguo@chromium.org,adamk@chromium.org
Review-Url: https://codereview.chromium.org/2112713003
Cr-Commit-Position: refs/heads/master@{#37449}
In the current implementation of wasm an unrepresentable input of the
float32-to-int32 conversion is detected by first truncating the input, then
converting the truncated input to int32 and back to float32, and then checking
whether the result is the same as the truncated input.
This input check does not work on arm and arm64 for an input of (INT32_MAX + 1)
because on these platforms the float32-to-int32 conversion results in INT32_MAX
if the input is greater than INT32_MAX. When INT32_MAX is converted back to
float32, then the result is (INT32_MAX + 1) again because INT32_MAX cannot be
represented precisely as float32, and rounding-to-nearest results in (INT32_MAX
+ 1). Since (INT32_MAX + 1) equals the truncated input value, the input appears
to be representable.
With the changes in this CL, the result of the float32-to-int32 conversion is
incremented by 1 if the original result was INT32_MAX. Thereby the detection of
unrepresenable inputs in wasm works. Note that since INT32_MAX cannot be
represented precisely in float32, it can also never be a valid result of the
float32-to-int32 conversion.
@v8-mips-ports, can you do a similar implementation for mips?
R=titzer@chromium.org, Rodolph.Perfetta@arm.com
Review-Url: https://codereview.chromium.org/2105313002
Cr-Commit-Position: refs/heads/master@{#37448}
The functions related to code statistics are a part of spaces currently.
This is not very intutive and hence refactored these functions to a new
CodeStatistics class.
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2082863003
Cr-Commit-Position: refs/heads/master@{#37440}
-Defines SIMD128_REGISTERS for all platforms.
-Adds Simd128 register information to RegisterConfiguration, and implements
aliasing calculations.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2092103004
Cr-Commit-Position: refs/heads/master@{#37437}
Like the other Math builtins, Math.abs() is now a TurboFan builtin.
It uses RawMachineAssembler::Float64Abs().
R=bmeurer@chromium.org
BUG=v8:5163, v8:5086
LOG=N
Review-Url: https://codereview.chromium.org/2115493002
Cr-Commit-Position: refs/heads/master@{#37433}
This stores the wasm object and the function index in the script, and
adds functions to get the disassembled wasm code as well as the offset
table mapping from byte position to line and column in the disassembly
solely from the script.
This will be used to show "ui source code" in DevTools, and map raw
locations from the stack trace into this code view.
R=yangguo@chromium.org, ahaas@chromium.org, titzer@chromium.org
BUG=chromium:613110
patch from issue 2063013004 at patchset 80001 (http://crrev.com/2063013004#ps80001)
Review-Url: https://codereview.chromium.org/2105303002
Cr-Commit-Position: refs/heads/master@{#37430}
Converts FastNewClosureStub from a Hydrogen to a TurboFan code stub.
The plan is to start using this in the Interpreter CreateClosure
bytecode handler (in a follow-up CL).
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2100883003
Cr-Commit-Position: refs/heads/master@{#37429}
This adds a new CheckIf operator and changes all direct uses of
DeoptimizeIf and DeoptimizeUnless on the JavaScript level to use
CheckIf (or one of the more concrete check operators) instead.
This way we do not depend on particular frame states, but the
effect/control linearizer will assign an appropriate frame
state instead.
R=jarin@chromium.org
BUG=v8:5141
Review-Url: https://codereview.chromium.org/2115513002
Cr-Commit-Position: refs/heads/master@{#37423}
The call to String::Flatten can cause garbage collection and in general adds
complexity to the code generation. It also blocks the way to run code generation on worker threads.
The call to String::Flatten in Constant::ToHeapObject() seems not to be necessary
for correctness. If removing this call affects performance negatively, we can revert
this CL.
Review-Url: https://codereview.chromium.org/2107243002
Cr-Commit-Position: refs/heads/master@{#37422}
This adds verification of bailout IDs to {PrepareFrameState} to ensure
all bailout points used for lazy deoptimization have been prepared by
full codegen. This will catch bailout ID abuse during graph building
instead of late in the deoptimizer. Similar verification for all eager
deoptimization points is already present.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2105023003
Cr-Commit-Position: refs/heads/master@{#37421}
Reason for revert:
Speculative revert to unblock roll: https://codereview.chromium.org/2107223003/
Original issue's description:
> Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex.
>
> The spec was modified to relax some requirements which implementors had not been
> enforcing. Part of this process involved introducing a new abstract operation
> ToIndex, which had partial overlap with our existing semantics as well as some
> differences (most notably treating undefined as 0). Test262 tests were introduced to
> check for the new semantics, some of which we were failing. This patch amends the
> parts of our implementation corresponding to specification algorithms which use
> ToIndex to follow its semantics precisely.
>
> BUG=v8:4784,v8:5120
>
> Committed: https://crrev.com/09720349ea058d178521ec58d0a5676443a5a132
> Cr-Commit-Position: refs/heads/master@{#37406}
TBR=littledan@chromium.org,adamk@chromium.org,bakkot@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4784,v8:5120
Review-Url: https://codereview.chromium.org/2113593002
Cr-Commit-Position: refs/heads/master@{#37417}
Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.
Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.
BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel;tryserver.v8:v8_linux_nosnap_dbg
Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
Review-Url: https://codereview.chromium.org/2090723005
Cr-Original-Commit-Position: refs/heads/master@{#37384}
Cr-Commit-Position: refs/heads/master@{#37416}
Previously, any expressions inside destructuring patterns in a catch
would be parsed in the surrounding scope, instead of in the catch's
scope. This change fixes that by entering not only the catch scope,
but also the block scope inside it.
R=neis@chromium.org
BUG=v8:5106, v8:5112
Review-Url: https://codereview.chromium.org/2110193002
Cr-Commit-Position: refs/heads/master@{#37415}
Since we do negative type checks, the current shortcut might still affect
the lowering choices, possibly leading to inconsistent results.
This CL gets rid of the shortcut.
Review-Url: https://codereview.chromium.org/2101943005
Cr-Commit-Position: refs/heads/master@{#37412}
- Eliminates tests for whether a fixed register needs to be preserved,
and conservatively adds a UsePosition for all fixed live ranges.
This speeds up ProcessInstructions, especially when ARM register
aliasing introduces fixed live ranges for float and SIMD 128 registers.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2103793003
Cr-Commit-Position: refs/heads/master@{#37408}
types of primitives, not just undefined, booleans, numbers, and strings.
(The missing cases were null and Symbol.) This is required by the
specification, and there are test262 tests which we were failing due to
this bug.
BUG=v8:5124
Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208
Review-Url: https://codereview.chromium.org/2096873002
Cr-Original-Commit-Position: refs/heads/master@{#37234}
Cr-Commit-Position: refs/heads/master@{#37407}
The spec was modified to relax some requirements which implementors had not been
enforcing. Part of this process involved introducing a new abstract operation
ToIndex, which had partial overlap with our existing semantics as well as some
differences (most notably treating undefined as 0). Test262 tests were introduced to
check for the new semantics, some of which we were failing. This patch amends the
parts of our implementation corresponding to specification algorithms which use
ToIndex to follow its semantics precisely.
BUG=v8:4784,v8:5120
Review-Url: https://codereview.chromium.org/2090353003
Cr-Commit-Position: refs/heads/master@{#37406}
In ES2016, function declarations nested in blocks are formally allowed. This was
never a part of ECMAScript, but was a common extension. Unfortunately
implementations differed in the exact semantics. Annex B.3.3 in the spec tries
to standardize the parts which are common to different implementations, but does
so with some fairly complicated semantics.
This CL addresses three issues related to annex B.3.3:
* When the outer function had a complex parameter list, no hoisting whatsoever was
being performed.
* Hoisting was not blocked by parameters of the same name.
* Hoisting was not blocked by nested lexical declarations of the same name.
We had tests which checked for the second, but they were incorrectly passing due to
the first. This CL adds more complete tests.
BUG=v8:5151, v8:5111
Review-Url: https://codereview.chromium.org/2099623003
Cr-Commit-Position: refs/heads/master@{#37405}
Perform the following transformation:
| Before | After |
|------------------+---------------------|
| add w2, w0, w1 | adds w2, w0, w1 |
| cmp w2, #0x0 | b.<cond'> <addr> |
| b.<cond> <addr> | |
|------------------+---------------------|
| add w2, w0, w1 | adds w2, w0, w1 |
| cmp #0x0, w2 | b.<cond'> <addr> |
| b.<cond> <addr> | |
and the same for and instructions instead of add. When the result of the
add/and is not used, generate cmn/tst instead. We need to take care with which
conditions we can handle and what new condition we map them to.
BUG=
Review-Url: https://codereview.chromium.org/2065243005
Cr-Commit-Position: refs/heads/master@{#37400}
With the current approach we only need to track using an unordered set as we can
still access the backing store pointer and length by the time we free the
backing store.
Reland:
The issue was fixed in 67b5a501db.
BUG=chromium:619491, chromium:611688
LOG=N
R=ulan@chromium.org
This reverts commit 0e1eaec71d.
Review-Url: https://codereview.chromium.org/2109913003
Cr-Commit-Position: refs/heads/master@{#37399}
Reason for revert:
Can be cleanly relanded without any changes after a fix to redundancy elimination. Kudos go to Benedikt.
Depends on: https://codereview.chromium.org/2112463002/
Original issue's description:
> Revert of [turbofan] Implicitly emit eager checkpoint at graph building. (patchset #13 id:260001 of https://codereview.chromium.org/2074703002/ )
>
> Reason for revert:
> Causers flaky failures on the waterfall on Mac with the following error in the builtin QuickSort method:
>
> #
> # Fatal error in Zone
> # Allocation failed - process out of memory
> #
>
> Original issue's description:
> > [turbofan] Implicitly emit eager checkpoint at graph building.
> >
> > This makes preparation of eager checkpoints within the graph builder
> > implicit. Every sub-expression visitation is now guaranteed to emit
> > valid checkpoints in AstContext.
> >
> > R=jarin@chromium.org
> > BUG=v8:5021
> >
> > Committed: https://crrev.com/74e328efee7995aeee6d568f9d14f9bbc1087100
> > Cr-Commit-Position: refs/heads/master@{#37368}
>
> TBR=jarin@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:5021
>
> Committed: https://crrev.com/45190a4fbfa5199f6ddf5ed9a7e2f50be865e0db
> Cr-Commit-Position: refs/heads/master@{#37372}
TBR=jarin@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2107163002
Cr-Commit-Position: refs/heads/master@{#37395}
Reason for revert:
Looks like this breaks on nosnap: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/7626
Original issue's description:
> [builtins] New frame type for exits to C++ builtins
>
> Prior to this commit, calls to C++ builtins created standard exit
> frames, which are skipped when constructing JS stack traces. In order to
> show these calls on traces, we introduce a new builtin exit frame type.
>
> Builtin exit frames contain target and new.target on the stack and are
> not skipped during stack trace construction.
>
> BUG=v8:4815
> R=bmeurer@chromium.org, yangguo@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
> Cr-Commit-Position: refs/heads/master@{#37384}
TBR=yangguo@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4815
Review-Url: https://codereview.chromium.org/2106113002
Cr-Commit-Position: refs/heads/master@{#37394}
Commit d0b8e7fb introduced some functionality to allocate additional
space in the function table, filled with an "undefined" function
signature. Use -1 instead of undefined_value() as the latter can have
the top bits cleared (which happens often for arm64) and causes
intermittent test failures.
BUG=
Review-Url: https://codereview.chromium.org/2105293002
Cr-Commit-Position: refs/heads/master@{#37393}
Avoid repeatedly traversing empty kHuge empty free list categories. This is an
oversight as all other categories are already eagerly unlinked upon getting
empty (in FreeList::FindNodeIn).
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2109473004
Cr-Commit-Position: refs/heads/master@{#37391}
The implementation of DoubleRepresentation was based on undefined
behavior, and it can be replaced by bit_casts.
BUG=chromium:623168
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2105683006
Cr-Commit-Position: refs/heads/master@{#37390}
A pointer comparison on the effect path states is not sufficient to
guarantee termination; we really need to check the actual nodes to
make sure we terminate properly, similar to what BranchElimination
does.
R=jarin@chromium.org
BUG=v8:5161
Review-Url: https://codereview.chromium.org/2112463002
Cr-Commit-Position: refs/heads/master@{#37389}
- Changes InstructionOperand canonicalization to map all FP operands to kFloat64 on Intel and other platforms with simple aliasing.
- Bypass expensive interference calculations and fixed FP live range processing for platforms with simple aliasing.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2101653003
Cr-Commit-Position: refs/heads/master@{#37388}
This functionality is duplicated with the same functionality in
SimplifiedLowering, which is kinda premature and doesn't seem to
be useful.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2103323003
Cr-Commit-Position: refs/heads/master@{#37386}
Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.
Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.
BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review-Url: https://codereview.chromium.org/2090723005
Cr-Commit-Position: refs/heads/master@{#37384}
