Removing a bad test case because:
- The test case makes wrong assumptions about compilation. We now
may run bytecode with the interpreter.
- The test exposes internal implementation details such as pc offset
of JIT code.
- The test uses a runtime function specially written to cater to, and
used only by this test. Being unmaintained, this runtime function
is already returning bogus results, making this test useless.
R=jgruber@chromium.org
Review-Url: https://codereview.chromium.org/2101223002
Cr-Commit-Position: refs/heads/master@{#37312}
When calling the return method on a generator suspended inside a yield*, yield*
in turn calls return on its iterable. If this results in a "done" iterator,
yield* must return immediately, thus terminating the generator. For some
reason, we didn't terminate the generator but continued right after the yield*.
R=adamk@chromium.org
BUG=v8:5131
Review-Url: https://codereview.chromium.org/2100093002
Cr-Commit-Position: refs/heads/master@{#37310}
port c1d01aea11 (r37086)
original commit message:
Compilation of wasm functions happens before instantiation. Imports are linked afterwards, at instantiation time. Globals and memory are also
allocated and then tied in via relocation at instantiation time.
This paves the way for implementing Wasm.compile, a prerequisite to
offering the compiled code serialization feature.
Currently, the WasmModule::Compile method just returns a fixed array
containing the code objects. More appropriate modeling of the compiled module to come.
Opportunistically centralized the logic on how to update memory
references, size, and globals, since that logic is the exact same on each
architecture, except for the actual storing of values back in the
instruction stream.
BUG=
Review-Url: https://codereview.chromium.org/2100393003
Cr-Commit-Position: refs/heads/master@{#37307}
Add NumberAbs operator to implement an inline version of Math.abs, that
can be optimized and eliminated. We don't use any speculation here, but
for now stick to the information we can infer (this way we avoid the
inherent deopt loops that Crankshaft has around Math.abs).
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
R=jarin@chromium.org
BUG=v8:5086
Review-Url: https://codereview.chromium.org/2096403002
Cr-Commit-Position: refs/heads/master@{#37306}
Rolling v8/build to 87e063014aa0f343b15f5de495a28e5f8572bf8d
Rolling v8/tools/clang to 2ad431ac7823581e1f39c5b770704e1e1ca6cb32
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2101893002
Cr-Commit-Position: refs/heads/master@{#37305}
port c781e83194 (r37072)
original commit message:
Import base::ieee754::cos() and base::ieee754::sin() from fdlibm and
introduce Float64Cos and Float64Sin TurboFan operator based on that,
similar to what we do for Float64Log. Rewrite Math.cos() and Math.sin()
as TurboFan builtins and use those operators to also inline Math.cos()
and Math.sin() into optimized TurboFan functions.
BUG=
Review-Url: https://codereview.chromium.org/2105613002
Cr-Commit-Position: refs/heads/master@{#37304}
Reason for revert:
Ready to test fix and reland.
Original issue's description:
> Revert of Include file names in trace_turbo output (patchset #3 id:40001 of https://codereview.chromium.org/2083863004/ )
>
> Reason for revert:
> Many build bots are failing with a message of the form:
>
> Missing or invalid v8 JSON file: /tmp/tmp2qcEUy_swarming/0/output.json
>
> Can be relanded once we understand why these failures are occuring.
>
> Original issue's description:
> > Include file names in trace_turbo output
> >
> > The trace turbo output will overwrite itself when functions in different
> > files share the same name. Output files now have the form
> > `turbo-<function_name>:<opt_file_name>-<opt_phase>.suffix`.
> >
> > R=ofrobots@google.com
> > BUG=
> >
> > Committed: https://crrev.com/a53b9bf02f31e5647c37e0392afa19f74df1a3ba
> > Cr-Commit-Position: refs/heads/master@{#37199}
>
> TBR=ofrobots@google.com,bmeurer@chromium.org,danno@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/97c2bc362f234bd58515a0faf6af23b4f8ad183a
> Cr-Commit-Position: refs/heads/master@{#37204}
TBR=ofrobots@google.com,bmeurer@chromium.org,danno@chromium.org,machenbach@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2081323007
Cr-Commit-Position: refs/heads/master@{#37303}
When reading malformed input, the length of variable-length types can be very large. Computing operand length with this and adding it to PC will overflow and screw up decode.
This patch switches to unsigned int for arity and lengths, terminates loop analysis on error, adds overflow checking to BranchTableOperand, and adds a unit test.
Review-Url: https://codereview.chromium.org/2052623003
Cr-Commit-Position: refs/heads/master@{#37301}
the .eh_frame format as part of the jitdump generated when
FLAG_perf_prof is enabled. The final goal is allowing precise unwinding
of callchains that include JITted code when profiling V8 using perf.
Unwinding information is stored in the body of code objects after the
code itself, prefixed with its length and aligned to a 8-byte boundary.
A boolean flag in the header signals its presence, resulting in zero
memory overhead when the generation of unwinding info is disabled or
no such information was attached to the code object.
A new jitdump record type (with id 4) is introduced for specifying
optional unwinding information for code load records. The EhFrameHdr
struct is also introduced, together with a constructor to initialise it
from the associated code object.
At this stage no unwinding information is written to the jitdump, but
the infrastructure for doing so is ready in place.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/1993653003
Cr-Commit-Position: refs/heads/master@{#37296}
This adds a missing lazy bailout point when defining data properties
with computed property names in object literals. The runtime call to
Runtime::kDefineDataPropertyInLiteral can trigger deopts. The necessary
bailout ID already exists and is now properly used.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-621816
BUG=chromium:621816
Review-Url: https://codereview.chromium.org/2099133003
Cr-Commit-Position: refs/heads/master@{#37294}
Instead of a JS implementation that calls C++ runtime functions, migrate String.fromCodePoint() to C++.
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2038563003
Cr-Commit-Position: refs/heads/master@{#37293}
This is a building block for GetPropertyStub. It supports querying fast,
slow and global objects without native accessors and interceptors.
BUG=v8:4911
LOG=Y
Review-Url: https://codereview.chromium.org/2079823002
Cr-Commit-Position: refs/heads/master@{#37291}
Proxy objects need special treatment in toString(). Usually, we use the
@@toStringTag, if it is set, otherwise we determine the result of toString()
by checking IsArray() and other internal slots. According to
ES2017 19.1.3.6, IsArray() and the internal slots must be checked first,
then get(@@toStringTag). The result of IsArray() and internal slots is discarded if
@@toStringTag is set. For proxy
objects, we must obey this order, because get() can have side-effects, i.e.,
revoke the proxy. For all other objects, we can skip the check of the
internal slots, if @@toStringTag is set.
BUG=
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review-Url: https://codereview.chromium.org/2090773006
Cr-Commit-Position: refs/heads/master@{#37289}
- Add a const bool kSimpleFPAliasing variable for each platform so it's
easier for the compiler to eliminate dead code.
- Modify RegisterAllocator to use it.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2101473002
Cr-Commit-Position: refs/heads/master@{#37288}
We can check if the instance type of an object is JS_PROMISE_TYPE to determine if it is a promise rather than test whether the property promise_state_symbol is present.
BUG=
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review-Url: https://codereview.chromium.org/2091243002
Cr-Commit-Position: refs/heads/master@{#37283}
port f5b83dec4e (r37061)
original commit message:
As a first step towards showing builtin frames in stack traces, we will now
push target and new target unconditionally.
Since the various specializations of BuiltinArguments are made redundant by
this change, we can remove them and all related code.
BUG=
Review-Url: https://codereview.chromium.org/2095323002
Cr-Commit-Position: refs/heads/master@{#37282}
The global object can be loaded from the native context and the name can be loaded in the type feedback metadata.
BUG=chromium:576312
Review-Url: https://codereview.chromium.org/2096653003
Cr-Commit-Position: refs/heads/master@{#37278}
port 198e09de5a (r37053)
original commit message:
Construct a BUILTIN frame before throwing an exception from runtime.
BUG=
Review-Url: https://codereview.chromium.org/2094223002
Cr-Commit-Position: refs/heads/master@{#37275}
If we know that a constant can be represented as word32, then we don't
need to insert a checked conversion, but just change the constant
appropriately.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2100063002
Cr-Commit-Position: refs/heads/master@{#37273}
port f47b9e9810 (r37051)
original commit message:
This adds a new BUILTIN frame type, which supports variable number of
arguments for builtins implemented in hand-written native code (we will
extend this mechanism to TurboFan builtins at some point). Convert the
Math.max and Math.min builtins to construct a BUILTIN frame if required.
This does not yet work for C++ builtins, but that'll be the next step.
BUG=
Review-Url: https://codereview.chromium.org/2096283003
Cr-Commit-Position: refs/heads/master@{#37270}
port d5f2ac5e33 (r37047)
original commit message:
Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.exp() as TurboFan builtin and use that operator to also
inline Math.exp() into optimized TurboFan functions.
BUG=
Review-Url: https://codereview.chromium.org/2096283002
Cr-Commit-Position: refs/heads/master@{#37269}
port c5e3c9bf56 (r37011)
original commit message:
Only Intel needed changes, arm and mips work as expected.
BUG=
Review-Url: https://codereview.chromium.org/2094143003
Cr-Commit-Position: refs/heads/master@{#37267}
port 2d1f977c93 (r36978)
original commit message:
Support for relocatable globals, to facilitate compilation before
instantiation.
BUG=
Review-Url: https://codereview.chromium.org/2096273002
Cr-Commit-Position: refs/heads/master@{#37266}
port 6470ddadf9 (r36950)
original commit message:
This introduces SilenceNaN operator, which makes sure that we only
store quiet NaNs into holey arrays. We omit the NaN silencing code
at instruction selection time if the input is an operation that
cannot possibly produce signalling NaNs.
BUG=
Review-Url: https://codereview.chromium.org/2099143002
Cr-Commit-Position: refs/heads/master@{#37265}
Rolling v8/build to 95bb77009ecdeaa992b031b947142fbf7da57ed6
Rolling v8/tools/mb to 62e2d060db3b06208f5d6558db03efd140ecd180
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2098293002
Cr-Commit-Position: refs/heads/master@{#37264}
port e95cfafb67 (r36917)
original commit message:
This fixes FastNewStrictArgumentsStub and FastNewRestParameterStub to no
longer assume that the strict arguments object being allocated will fit
into new-space. The case where said object needs to move to large object
space is now handled in the runtime.
BUG=
Review-Url: https://codereview.chromium.org/2100003002
Cr-Commit-Position: refs/heads/master@{#37263}