If the LHS has a proxy in its prototype chain (or is itself one), then
the LHS's [prototype_or_initial_map] being the hole does not necessarily
imply that the result is false.
This CL also adds support for --force-slow-path, which would have been
useful in finding this bug earlier.
Bug: v8:9036
Change-Id: I6f5134d6ce18f9f14549ced3d33527f54ce9bcb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539497
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60476}
This reverts commit 63608968b6.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/19535
Original change's description:
> [wasm] Implement table.init for interpreter
>
> This also fixes CheckCallViaJS when a trap occurs. In that case, the
> trap callback is called instead of an exception being thrown, so if it
> isn't handled, a bogus result will be returned instead.
>
> Bug: v8:8965
> Change-Id: I560e89f353756df23c062fb8c9484d9971c19253
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539078
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Ben Smith <binji@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60473}
TBR=binji@chromium.org,mstarzinger@chromium.org
Change-Id: Iee528ac2f16988b25579af3555e6f17974cb0b05
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8965
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539498
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60474}
This also fixes CheckCallViaJS when a trap occurs. In that case, the
trap callback is called instead of an exception being thrown, so if it
isn't handled, a bogus result will be returned instead.
Bug: v8:8965
Change-Id: I560e89f353756df23c062fb8c9484d9971c19253
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539078
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60473}
The bottlenecks to prevent storing signalling NaNs in backing stores
were not perfect. This change makes it harder by ensuring that all
the Torque-side "[]=" operator overloads for FixedDoubleArray stores
have signalling NaNs silenced.
Bug: chromium:944435
Change-Id: I295d9b34f4c896db30989bb9db1a2b452daa03ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538517
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60459}
Allocate feedback vectors lazily when the function's interrupt budget has
reached a specified threshold. This cl introduces a new field in the
ClosureFeedbackCellArray to track the interrupt budget for allocating
feedback vectors. Using the interrupt budget on the bytecode array could
cause problems when there are closures across native contexts and we may
delay allocating feedback vectors in one of them causing unexpected
performance cliffs. In the long term we may want to remove interrupt budget
from bytecode array and use context specific budget for tiering up decisions
as well.
Bug: v8:8394
Change-Id: Ia8fbb71f5e8543a92f14c44aa762973da82d445c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520719
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60450}
The target of a 'break' statement without a provided label must be a
regular block belonging to a surrounding loop or switch statement, named
blocks (i.e. the one that just define a label) on the other hand must be
targeted specifically with the provided label (and not implicitly). This
fixes the behavior by introducing a dedicated {BlockKind::kNamed} for
this purpose.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-9022
BUG=v8:9022
Change-Id: I94c3d5b1196ed94b8b1b31f6eb3b68070cf324e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538126
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60445}
In the implementation of WebAssembly.compileStreaming and
WebAssembly.instantiateStreaming, we did not handle the case where the
input, which is a Promise, gets rejected. When this Promise got
rejected, the Promise returned by compileStreaming remained pending
forever.
With this CL, the rejection object of the input Promise gets forwarded
to the result Promise.
I also extended the --wasm-test-streaming flag to provide
WebAssembly.compileStreaming and WebAssembly.instantiateStreaming
in d8. The difference to the Chrome versions of these function is
that d8 does not know about Response objects. That's why in d8
compileStreaming and instantiateStreaming expect a Promise to an
ArrayBuffer or a TypedArray and not to a Response object.
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: chromium:943487
Change-Id: I77f789e9ae5d50ae9c9bc92bf27dbfe338fe0f13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535817
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60427}
Process feedback and hints for Lda/StaNamed bytecodes w.r.t. access on
the global proxy. This stores the property cells (or their absence) on
the JSGlobalProxyData.
Bug: v8:7790
Change-Id: Iadedea5494611c1b2ed38b6ce75687e084cc27f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499499
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60411}
ReduceArrayIndexOfIncludes didn't account for kUnreliableReceiverMaps.
Will think about a more robust mechanism for this.
Bug: chromium:944062
Change-Id: Ib2bdaf4399225de4413e12c5684f58dfe524a2cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532331
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60400}
Most of the mjsunit/wasm/table-copy.js tests have been ported to
cctests, so they can be tested with all execution tiers.
Bug: v8:8965
Change-Id: I448719be30a4b2bddb9e2cffb4c74d3134db2f50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1529548
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60396}
Above test passes on simulator but may take up to a few mintues. Test passes normally on native PPC.
Change-Id: I89b8feca1f6f0da41a5aff7c004718f0b63f76ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532343
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60387}
The `compiler-trace-flags.js` test just makes sure the various --trace-turbo*
flags do not cause V8 to crash. However, on builds with no snapshot, they would
generate a *lot* of output as they were tracing the compiler while generating
the snapshot.
Let's set the `--trace-turbo-filter` flag to make sure we only trace the test
functions. Sadly, WASM functions do not have a name, just an index, so we have
to split this test into two.
Bug: chromium:943064
Cq-Include-Trybots: luci.v8.try:v8_win_nosnap_shared_rel_ng
Change-Id: I30b3935f63d412ab8c96cc5156d342c428229865
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532078
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#60383}
The reason for the revert was that Liftoff did not bail out on indirect
calls to tables other than table 0. Whenever the Liftoff code got
executed, the test would fail.
Original message:
With this CL it is possible to use any anyfunc table in call-indirect,
not just the first table.
The current implementation is based on runtime calls. This is just an
initial implementation which should be replaced by a
dispatch-table-based eventually. However, this implementation allows
us to move forward with the anyref proposal implementation.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: Iedd56ee7acb281441bca32ffd3dc7157203ee1ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532072
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60382}
This reverts commit 9d167f57e0.
Reason for revert: There is a crash on https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/20026
Original change's description:
> [wasm][anyref] Add support of call-indirect for multiple tables
>
> With this CL it is possible to use any anyfunc table in call-indirect,
> not just the first table.
>
> The current implementation is based on runtime calls. This is just an
> initial implementation which should be replaced by a
> dispatch-table-based eventually. However, this implementation allows
> us to move forward with the anyref proposal implementation.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:7581
> Change-Id: I57d09b18add7f525555bf7c949aef17a64b0e7c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530801
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60360}
TBR=mstarzinger@chromium.org,ahaas@chromium.org
Change-Id: Iba4b84078aa070498be7e79212970b94595f5757
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7581
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532069
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60362}
With this CL it is possible to use any anyfunc table in call-indirect,
not just the first table.
The current implementation is based on runtime calls. This is just an
initial implementation which should be replaced by a
dispatch-table-based eventually. However, this implementation allows
us to move forward with the anyref proposal implementation.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I57d09b18add7f525555bf7c949aef17a64b0e7c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530801
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60360}
This skips two tests not suitable for gc fuzzing. Previous tests marked
PASS,FAIL are also skipped now, since endurance fuzzing was deprecated.
NOTRY=true
Bug: v8:8959
Change-Id: I0b13212da31457ad4da32fa9c1097dc9e5e9dc11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528433
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60356}
This is a reland of f8962ae1a2
Original change's description:
> Preparing v8 to use with python3 /test
>
> There are now less that 400 days until the end of life
> of Python 2(aka _legacy_ Python) https://pythonclock.org/ .
> The code compatibility check for python2 and python3
> used the following tools: futurize, flake8
> You can see the reports here: https://travis-ci.com/bmsdave/v8/builds
>
> This CL was uploaded by git cl split.
>
> Bug: v8:8594
> Change-Id: Idbf467daf629a4e808345a6a88036c2a3f259138
> Reviewed-on: https://chromium-review.googlesource.com/c/1470121
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59679}
Bug: v8:8594
Change-Id: I8c1a8d6593a4a927d56d37dada2c704062e842cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1484300
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60354}
This is a follow-up CL from https://chromium-review.googlesource.com/c/v8/v8/+/1432597
Indices of first and last symbol properties are recorded and used on a second iteration of DescriptorArrayForEach() to potentially reduce the iteration range
Bug: v8:6705
Change-Id: Iac73909d138214d1128e935eff686f2f058e17f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1516021
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60344}
This extends the support for the "except_ref" type on global variables
to support mutable globals, as well as importing and exporting such
globals. Test coverage is also increased.
R=ahaas@chromium.org
TEST=mjsunit/wasm/exceptions-global
BUG=v8:8091
Change-Id: I816406e322ffb574a4f054947682491e7b40335f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530802
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60327}
This change significantly improves the performance of string
concatenation in optimized code for the case where the resulting string
is represented as a ConsString. On the relevant test cases we go from
serializeNaive: 10762 ms.
serializeClever: 7813 ms.
serializeConcat: 10271 ms.
to
serializeNaive: 10278 ms.
serializeClever: 5533 ms.
serializeConcat: 10310 ms.
which represents a 30% improvement on the "clever" benchmark, which
tests specifically the ConsString creation performance.
This was accomplished via a couple of different steps, which are briefly
outlined here:
1. The empty_string gets its own map, so that we can easily recognize
and handle it appropriately in the TurboFan type system. This
allows us to express (and assert) that the inputs to NewConsString
are non-empty strings, making sure that TurboFan no longer creates
"crippled ConsStrings" with empty left or right hand sides.
2. Further split the existing String types in TurboFan to be able to
distinguish between OneByte and TwoByte strings on the type system
level. This allows us to avoid having to dynamically lookup the
resulting ConsString map in case of ConsString creation (i.e. when
we know that both input strings are OneByte strings or at least
one of the input strings is TwoByte).
3. We also introduced more finegrained feedback for the Add bytecode
in the interpreter, having it collect feedback about ConsStrings,
specifically ConsOneByteString and ConsTwoByteString. This feedback
can be used by TurboFan to only inline the relevant code for what
was seen so far. This allows us to remove the Octane/Splay specific
magic in JSTypedLowering to detect ConsString creation, and instead
purely rely on the feedback of what was seen so far (also making it
possible to change the semantics of NewConsString to be a low-level
operator, which is only introduced in SimplifiedLowering by looking
at the input types of StringConcat).
4. On top of the before mentioned type and interpreter changes we added
new operators CheckNonEmptyString, CheckNonEmptyOneByteString, and
CheckNonEmptyTwoByteString, which perform the appropriate (dynamic)
checks.
There are several more improvements that are possible based on this, but
since the change was already quite big, we decided not to put everything
into the first change, but do some follow up tweaks to the type system,
and builtin optimizations later.
Tbr: mstarzinger@chromium.org
Bug: v8:8834, v8:8931, v8:8939, v8:8951
Change-Id: Ia24e17c6048bf2b04df966d3cd441f0edda05c93
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Doc: https://bit.ly/fast-string-concatenation-in-javascript
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499497
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60318}
This adds basic support and tests for having global variables of type
"except_ref" that are default initialized to "null". The functionality
is part of the exception handling proposal and solely enabled by the
corresponding feature flag.
R=ahaas@chromium.org
TEST=mjsunit/wasm/exceptions-global
BUG=v8:8091
Change-Id: I581bc942fbe6688a5c58790a842fb024de22d924
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528439
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60317}
According to WebAssembly's thread proposal, the memory type is decided
at the Object's creation and don't change over time.
When growing a shared memory and the old buffer was marked as shared;
setup the new buffer as shared as well.
Bug: v8:8564
Change-Id: I7e59071d11b41315429232ae0c90436c6810bd0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526012
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Auto-Submit: Sven Sauleau <ssauleau@igalia.com>
Cr-Commit-Position: refs/heads/master@{#60312}
This implements the behavior discussed and specified here:
https://github.com/tc39/ecma262/issues/1461https://github.com/tc39/ecma262/pull/1470
As part of making this change, I realized that we didn't actually
toggle the behavior between the optimized and unoptimized version
based on the --harmony-await-optimization flag at all and just the
unoptimized version by default.
This patch removes the unoptimized version and uses the optimized
version as the default.
The other builtins that use this flag are not touched as part of this
CL, they will be updated separately.
Bug: v8:8998
Change-Id: I315e1b39dda91d0127b5e567986485d713eaa78d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1525872
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60310}
There were four places where we did essentially the same steps in
order to extract the initial map for inlining a JSCreate operation.
This CL creates a function on NodeProperties for this task.
As a side effect, this fixes a bug in ReduceJSCreateArray, where
has_initial_map could get called when it wasn't permissible to do so.
Notes: For simplicity, in one or two places where we used to get the
target/newtarget constants from the types we now get them from
HeapConstant nodes.
Cosmetic change: rename "receiver_map" to the more accurate
"root_map" in JSNativeContextSpecialization::ExtractReceiverMaps.
Bug: chromium:939316
Change-Id: I8fd9eb50993be3d839ab9b18eeea28184c53eabf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528435
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60301}
Implements decoding of compilation hints section in
{ModuleDecoderImpl}. The {wasm-module-builder.js} supports
the creation of that section. The feature can be enabled
with {--experimental-wasm-compilation-hints}.
Bug: v8:9003
Change-Id: Ic87e19d916f2ce316de453ea8c7c48c236a6d673
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1521115
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#60299}
Anyfunc globals are very similar to anyref globals. This CL is mostly
about extending the conditions which guard the anyref globals code.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: Ia92ac4560102cc3ed0060342f92758db28f415ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526004
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60281}
The existing has property handling did not account for the fact an IC can have LOAD_IGNORE_OUT_OF_BOUNDS while some of the maps in the IC do not allow out of bounds loads.
bug: chromium:942068
Change-Id: I935402d9d72e9c0228510ef69154ea130d1c71f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1525876
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60269}
This CL allows for either of 'minimum' or 'initial' for MemoryDescriptor
and TableDescriptor. It also adds a flag for the reflection features.
R=binji@chromium.org,adamk@chromium.org
Bug=v8:7742
Change-Id: Icfd4825f63e1eb784a39d10f740d55e81489eba7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1485243
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60256}
This CL only provides the implementation of memory.{init,copy,fill} and
data.drop.
Bug: v8:8965
Change-Id: I439f2520bfee8f147e4b0d1d31f954aaad2e14ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1510575
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60253}
R=binji@chromium.org,adamk@chromium.org
Bug=v8:7742
Change-Id: I5b9a614dd0c8b028d756cbd401c803de4cb9437f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513159
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60252}
This CL also changes the constructor for WasmTableObject so that the
maximum_length is set to undefined instead of a default value if there's
no maximum provided.
R=binji@chromium.org,adamk@chromium.org
Bug=v8:7742
Change-Id: I6310224e9997464bf69c198e2694a6cd76e01e8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513156
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60250}
Compilation only stores whether an error has been found, but not the
exact error or it's location. This is generated by running a validation
pass once all wire bytes have been received.
This unifies error messages by removing one more location where we
generate compilation error messages, and makes it deterministic because
a) we always report the error in the first failing function, and
b) if names are present, the error message will always contain the
function name.
R=titzer@chromium.org
Bug: chromium:926311, v8:8814
Change-Id: I79551b8bb73dcee503484de343a3ada60a6add4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1521112
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60242}
Add a CheckSmi call to the value of the position argument to
String.prototype.startsWith(search, [position]).
Bug: v8:8400, chromium:939746
Change-Id: I7462bebe0d3fde605a4c27a34c0d9bb3f0cc1c20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514198
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60216}
This CL just adds a parameter to addElementSegment and adjusts all
existing tests.
Note that addElementSegment contains some convenience code to construct
one initial table if it does not exist yet. I did not extend that code
to multiple tables. If you want to use multiple tables, you have to
create them first before calling addElementSegment.
R=clemensh@chromium.org
Bug: v8:7581
Change-Id: Ie131fd5dc19856703ab5cfb2fa8f7d576f70a18b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520709
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60211}
This Cl adds a type to {WasmTableObject}, and extends
{WasmTableObject::Set} and {WasmTableObject::Get} to support anyref
tables. I did it in one CL so that I can write tests.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I6c6d78f84715a7805f7bb881a63d3c1174f6a6ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511332
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60206}
