Reason for revert:
Speculative revert to unblock roll: https://codereview.chromium.org/2107223003/
Original issue's description:
> Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex.
>
> The spec was modified to relax some requirements which implementors had not been
> enforcing. Part of this process involved introducing a new abstract operation
> ToIndex, which had partial overlap with our existing semantics as well as some
> differences (most notably treating undefined as 0). Test262 tests were introduced to
> check for the new semantics, some of which we were failing. This patch amends the
> parts of our implementation corresponding to specification algorithms which use
> ToIndex to follow its semantics precisely.
>
> BUG=v8:4784,v8:5120
>
> Committed: https://crrev.com/09720349ea058d178521ec58d0a5676443a5a132
> Cr-Commit-Position: refs/heads/master@{#37406}
TBR=littledan@chromium.org,adamk@chromium.org,bakkot@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4784,v8:5120
Review-Url: https://codereview.chromium.org/2113593002
Cr-Commit-Position: refs/heads/master@{#37417}
Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.
Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.
BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel;tryserver.v8:v8_linux_nosnap_dbg
Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
Review-Url: https://codereview.chromium.org/2090723005
Cr-Original-Commit-Position: refs/heads/master@{#37384}
Cr-Commit-Position: refs/heads/master@{#37416}
Previously, any expressions inside destructuring patterns in a catch
would be parsed in the surrounding scope, instead of in the catch's
scope. This change fixes that by entering not only the catch scope,
but also the block scope inside it.
R=neis@chromium.org
BUG=v8:5106, v8:5112
Review-Url: https://codereview.chromium.org/2110193002
Cr-Commit-Position: refs/heads/master@{#37415}
types of primitives, not just undefined, booleans, numbers, and strings.
(The missing cases were null and Symbol.) This is required by the
specification, and there are test262 tests which we were failing due to
this bug.
BUG=v8:5124
Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208
Review-Url: https://codereview.chromium.org/2096873002
Cr-Original-Commit-Position: refs/heads/master@{#37234}
Cr-Commit-Position: refs/heads/master@{#37407}
The spec was modified to relax some requirements which implementors had not been
enforcing. Part of this process involved introducing a new abstract operation
ToIndex, which had partial overlap with our existing semantics as well as some
differences (most notably treating undefined as 0). Test262 tests were introduced to
check for the new semantics, some of which we were failing. This patch amends the
parts of our implementation corresponding to specification algorithms which use
ToIndex to follow its semantics precisely.
BUG=v8:4784,v8:5120
Review-Url: https://codereview.chromium.org/2090353003
Cr-Commit-Position: refs/heads/master@{#37406}
In ES2016, function declarations nested in blocks are formally allowed. This was
never a part of ECMAScript, but was a common extension. Unfortunately
implementations differed in the exact semantics. Annex B.3.3 in the spec tries
to standardize the parts which are common to different implementations, but does
so with some fairly complicated semantics.
This CL addresses three issues related to annex B.3.3:
* When the outer function had a complex parameter list, no hoisting whatsoever was
being performed.
* Hoisting was not blocked by parameters of the same name.
* Hoisting was not blocked by nested lexical declarations of the same name.
We had tests which checked for the second, but they were incorrectly passing due to
the first. This CL adds more complete tests.
BUG=v8:5151, v8:5111
Review-Url: https://codereview.chromium.org/2099623003
Cr-Commit-Position: refs/heads/master@{#37405}
Perform the following transformation:
| Before | After |
|------------------+---------------------|
| add w2, w0, w1 | adds w2, w0, w1 |
| cmp w2, #0x0 | b.<cond'> <addr> |
| b.<cond> <addr> | |
|------------------+---------------------|
| add w2, w0, w1 | adds w2, w0, w1 |
| cmp #0x0, w2 | b.<cond'> <addr> |
| b.<cond> <addr> | |
and the same for and instructions instead of add. When the result of the
add/and is not used, generate cmn/tst instead. We need to take care with which
conditions we can handle and what new condition we map them to.
BUG=
Review-Url: https://codereview.chromium.org/2065243005
Cr-Commit-Position: refs/heads/master@{#37400}
Reason for revert:
Looks like this breaks on nosnap: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/7626
Original issue's description:
> [builtins] New frame type for exits to C++ builtins
>
> Prior to this commit, calls to C++ builtins created standard exit
> frames, which are skipped when constructing JS stack traces. In order to
> show these calls on traces, we introduce a new builtin exit frame type.
>
> Builtin exit frames contain target and new.target on the stack and are
> not skipped during stack trace construction.
>
> BUG=v8:4815
> R=bmeurer@chromium.org, yangguo@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
> Cr-Commit-Position: refs/heads/master@{#37384}
TBR=yangguo@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4815
Review-Url: https://codereview.chromium.org/2106113002
Cr-Commit-Position: refs/heads/master@{#37394}
A pointer comparison on the effect path states is not sufficient to
guarantee termination; we really need to check the actual nodes to
make sure we terminate properly, similar to what BranchElimination
does.
R=jarin@chromium.org
BUG=v8:5161
Review-Url: https://codereview.chromium.org/2112463002
Cr-Commit-Position: refs/heads/master@{#37389}
This functionality is duplicated with the same functionality in
SimplifiedLowering, which is kinda premature and doesn't seem to
be useful.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2103323003
Cr-Commit-Position: refs/heads/master@{#37386}
Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.
Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.
BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review-Url: https://codereview.chromium.org/2090723005
Cr-Commit-Position: refs/heads/master@{#37384}
There are no useful typing rules for Change and Checked operators, so we
better make sure we don't run them through the Typer at all.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2107783004
Cr-Commit-Position: refs/heads/master@{#37382}
This function should also be callable from a concurrent thread, so we cannot use
the scope here. Instead, provide a test that checks that no handles are created.
R=ulan@chromium.org
TEST=cctest/test-conversions/NoHandlesForTryNumberToSize
BUG=
Review-Url: https://codereview.chromium.org/2106083002
Cr-Commit-Position: refs/heads/master@{#37381}
This changes many interfaces to accept StandardFrames instead of
JavaScriptFrames, and use the StackTraceFrameIterator instead of the
JavaScriptFrameIterator.
Also, the detailed frame information array now contains the script in
addition to the function, as wasm frames are not associated to any
javascript function.
This is a rebase of (https://codereview.chromium.org/2069823003/), since clemensh's internship has ended.
R=yangguo@chromium.org,ahaas@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2109093003
Cr-Commit-Position: refs/heads/master@{#37379}
The start argument must be converted to an integer before the length argument is
converted. (Consequently, the start argument is converted even when the length
is 0.) This matters because conversion is observable.
Also rewrite the function in a way that closely resembles the spec text.
R=littledan@chromium.org
BUG=v8:5140
Review-Url: https://codereview.chromium.org/2109583002
Cr-Commit-Position: refs/heads/master@{#37378}
Reland of https://codereview.chromium.org/2034093002 (reverted by
https://codereview.chromium.org/2080153002).
Original commit message:
Implement WASM support on big-endian platforms. WASM has
an implicit requirement that it is running on little-endian
machine. We achieve WASM support on BE by keeping data
in memory in little-endian order, and changing data
endianness before storing to memory and after loading from
memory.
BUG=
Review-Url: https://codereview.chromium.org/2083523002
Cr-Commit-Position: refs/heads/master@{#37373}
The reason:
All RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan/Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases
use the C++ function to generate the expected value or result. So for x87, all those expected value or result are
extended double precision as the extended double precision is default for x87 Gcc compiler and std lib on linux platform.
The issue is:
For RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan test cases, the expected values generated by C++ function
are extended double precision, the results generated by X87 jitted code are double precision according to the ECMA standard.
The comparison of different precisons caused some of those test cases failed.
For Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases, the expected values are pre-defined double precision values, the results
generated by C++ function are extended double precision. The comparison of different precisons caused some of those test cases
failed too.
This CL disables RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan/Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases for x87.
BUG=
Review-Url: https://codereview.chromium.org/2111493002
Cr-Commit-Position: refs/heads/master@{#37371}
The lastIndex property must be written with the semantics of a strict [[Set]],
so an exception must be thrown when the attributes don't allow writing. We used
to ignore the attributes.
R=littledan@chromium.org, yangguo@chromium.org
BUG=v8:5138
Review-Url: https://codereview.chromium.org/2109593002
Cr-Commit-Position: refs/heads/master@{#37369}
The only real use case left for TypeGuard was the renaming inside the
LoadElimination, but this case only occurs in dead code (guarded by a
previous Check), so it's not relevant, and we can drop the TypeGuard
operator completely.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2108793003
Cr-Commit-Position: refs/heads/master@{#37361}
Add a flag harmony_trailing_commas_in_parameters that allows trailing
commas in function parameter declaration lists and function call
parameter lists. Trailing commas are allowed in parenthetical lists like
`(a, b, c,)` only if the next token is `=>`, thereby making it an arrow
function declaration. Only 1 trailing comma is allowed, not `(a,,)`. A
trailing comma must follow a non-rest parameter, so `(,)` and `(...a,)`
are still SyntaxErrors. However, a trailing comma is allowed after a
spread parameter, e.g. `a(...b,);`.
Add parser tests for all of the above.
BUG=v8:5051
LOG=y
Review-Url: https://codereview.chromium.org/2094463002
Cr-Commit-Position: refs/heads/master@{#37355}
Comparisons were allowing asm 'int' values in places
that require strict 'signed' or 'unsigned' but not both.
Fixes crash when these make it to asm-wasm.
BUG=599413
BUG=v8:4203
R=aseemgarg@chromium.org
Review-Url: https://codereview.chromium.org/2106683003
Cr-Commit-Position: refs/heads/master@{#37353}
This reverts commit 1eb1dfabe4.
The original compilation separation change avoided associating a heap
for the wasm instance if memory was not provided, nor needed. The
grow memory CL assumed the old behavior, where a memory buffer was
always present, but may have had a zero size.
The 2CLS landed shortly after one another. We decided to treat the
grow memory as the race condition winner, so this CL here re-lands
compilation separation, plus adjusts grow memory to deal with
the undefined mem buffer.
BUG=
Review-Url: https://codereview.chromium.org/2102193003
Cr-Commit-Position: refs/heads/master@{#37352}
We were not checking that the string passed to instantiateFromAsm
contains a function declaration (any declaration was allowed).
Fixes crash.
BUG=620649
BUG=v8:4203
R=aseemgarg@chromium.org
Review-Url: https://codereview.chromium.org/2109533002
Cr-Commit-Position: refs/heads/master@{#37349}
Support for serializing/deserializing the compiled wasm module.
We want to reuse the javascript snapshotting mechanics, at least in the
short term, when we still use the JS heap for the compiled wasm code.
Given that a module may be compiled in one v8 instance and then
instantiated later, in a different instance, whatever information we need
at instantiation time must also be serializable.
We currently hold on to the un-decoded wasm bytes, for enabling
debugging scenarios. This imposes a ~20% penalty on the memory
requirements of the wasm compiled code. We do not need this data
otherwise, for runtime, and it is sensible to consider eventually loading it
on demand. Therefore, I intentionally avoided relying on it and re-
decoding the wasm module data, and instead saved the information
necessary to support instantiation.
Given how whatever we need to persist must be serializable, the CL
uses a structure made out of serializable objects (fixed arrays mostly)
for storing this information. I preferred going this route rather than
adding more wasm-specific support to the serializer, given that we want
to eventually move off the JS heap, and therefore the serializer.
Additionally, it turns out this extra information is relatively not complex:
minimal structure, little nesting depth, mostly simple data like numbers
or byte blobs, or opaque data like compiled functions.
This CL also moves export compilation ahead of instantiation time.
This change added a helper getter to FixedArray, to make typed retrieval
of elements easier.
BUG=
Review-Url: https://codereview.chromium.org/2094563002
Cr-Commit-Position: refs/heads/master@{#37348}
The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.
Adds a regression test.
BUG=621926
Committed: https://crrev.com/efa7095e3e360fbadbe909d831ac11b268ca26b0
Review-Url: https://codereview.chromium.org/2103713003
Cr-Original-Commit-Position: refs/heads/master@{#37339}
Cr-Commit-Position: refs/heads/master@{#37345}
Reason for revert:
Causes "buildbot failure in V8 on V8 Linux gcc 4.8, Check"
Original issue's description:
> [ia32] Fixes a bug in cmpw.
>
> The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.
>
> Adds a regression test.
>
> BUG=621926
>
> Committed: https://crrev.com/efa7095e3e360fbadbe909d831ac11b268ca26b0
> Cr-Commit-Position: refs/heads/master@{#37339}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=621926
Review-Url: https://codereview.chromium.org/2106913002
Cr-Commit-Position: refs/heads/master@{#37342}
The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.
Adds a regression test.
BUG=621926
Review-Url: https://codereview.chromium.org/2103713003
Cr-Commit-Position: refs/heads/master@{#37339}
When re-scoping arrow function parameter initializers, temporaries
should be moved from the closure of the old scope to the closure of
the new scope, if necessary.
R=adamk@chromium.org, rossberg@chromium.org
BUG=chromium:622663
LOG=N
Review-Url: https://codereview.chromium.org/2083083007
Cr-Commit-Position: refs/heads/master@{#37335}
This part of the snapshot API should not be in use yet, so we can still
change this. The motivation for this change is:
- Use MaybeHandle where reasonable.
- Remove ambiguity: when we use index to create context from snapshot,
we should not have a silent fallback if snapshot is not available.
- Symmetry: rename to Context::FromSnapshot to mirror templates.
R=jochen@chromium.org
BUG=chromium:617892
Review-Url: https://codereview.chromium.org/2100073002
Cr-Commit-Position: refs/heads/master@{#37334}
This cl fixes the long-standing bug for for-in with shadowing properties.
BUG=v8:705
Review-Url: https://codereview.chromium.org/2081733002
Cr-Commit-Position: refs/heads/master@{#37333}
This avoids forgetting to add files for either gyp or gn.
While for most executables, this is detected by compilation
errors, for test executables, it can lead to tests silently
not running.
BUG=chromium:474921
Review-Url: https://codereview.chromium.org/2098313002
Cr-Commit-Position: refs/heads/master@{#37331}
The reason for reverting is: This breaks gc-stress bot:
https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot
Abortion of compaction could cause duplicate entries in the typed-old-to-new remembered set. These duplicates could cause a DCHECK to trigger which checks that slots recorded in the remembered set never point to to-space. This reland-CL allows duplicates in the remembered set by removing the DCHECK, and additionally clears entries in the remembered set if objects are moved.
Original issue's description:
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.
This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js
Review-Url: https://codereview.chromium.org/2097023002
Cr-Commit-Position: refs/heads/master@{#37325}
Introduce a new machine operator Float64Pow that for now is backed by
the existing MathPowStub to start the unification of Math.pow, and at
the same time address the main performance issue that TurboFan still has
with the imaging-darkroom benchmark in Kraken.
Also migrate the Math.pow builtin itself to a TurboFan builtin and
remove a few hundred lines of hand-written platform code for special
handling of the fullcodegen Math.pow version.
BUG=v8:3599,v8:5086,v8:5157
Review-Url: https://codereview.chromium.org/2103733003
Cr-Commit-Position: refs/heads/master@{#37323}
The ARM64 instruction selector can generate code like this
negs w0, w1
b.vs deopt
but then reference the old value of w0 in the frame state, which will
obviously lead to wrong results.
R=jarin@chromium.org
BUG=v8:5158
Review-Url: https://codereview.chromium.org/2103793002
Cr-Commit-Position: refs/heads/master@{#37322}
When calling the throw method on a generator suspended inside a yield*, yield*
in turn tries to call throw on its iterable. If the iterable does not provide a
throw method, yield* must try to call the return method instead and then throw a
TypeError. Due to a bug in our desugaring, we never threw the TypeError.
R=adamk@chromium.org
BUG=v8:5132
Review-Url: https://codereview.chromium.org/2094253002
Cr-Commit-Position: refs/heads/master@{#37314}
Removing a bad test case because:
- The test case makes wrong assumptions about compilation. We now
may run bytecode with the interpreter.
- The test exposes internal implementation details such as pc offset
of JIT code.
- The test uses a runtime function specially written to cater to, and
used only by this test. Being unmaintained, this runtime function
is already returning bogus results, making this test useless.
R=jgruber@chromium.org
Review-Url: https://codereview.chromium.org/2101223002
Cr-Commit-Position: refs/heads/master@{#37312}
When calling the return method on a generator suspended inside a yield*, yield*
in turn calls return on its iterable. If this results in a "done" iterator,
yield* must return immediately, thus terminating the generator. For some
reason, we didn't terminate the generator but continued right after the yield*.
R=adamk@chromium.org
BUG=v8:5131
Review-Url: https://codereview.chromium.org/2100093002
Cr-Commit-Position: refs/heads/master@{#37310}
Add NumberAbs operator to implement an inline version of Math.abs, that
can be optimized and eliminated. We don't use any speculation here, but
for now stick to the information we can infer (this way we avoid the
inherent deopt loops that Crankshaft has around Math.abs).
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
R=jarin@chromium.org
BUG=v8:5086
Review-Url: https://codereview.chromium.org/2096403002
Cr-Commit-Position: refs/heads/master@{#37306}
When reading malformed input, the length of variable-length types can be very large. Computing operand length with this and adding it to PC will overflow and screw up decode.
This patch switches to unsigned int for arity and lengths, terminates loop analysis on error, adds overflow checking to BranchTableOperand, and adds a unit test.
Review-Url: https://codereview.chromium.org/2052623003
Cr-Commit-Position: refs/heads/master@{#37301}
the .eh_frame format as part of the jitdump generated when
FLAG_perf_prof is enabled. The final goal is allowing precise unwinding
of callchains that include JITted code when profiling V8 using perf.
Unwinding information is stored in the body of code objects after the
code itself, prefixed with its length and aligned to a 8-byte boundary.
A boolean flag in the header signals its presence, resulting in zero
memory overhead when the generation of unwinding info is disabled or
no such information was attached to the code object.
A new jitdump record type (with id 4) is introduced for specifying
optional unwinding information for code load records. The EhFrameHdr
struct is also introduced, together with a constructor to initialise it
from the associated code object.
At this stage no unwinding information is written to the jitdump, but
the infrastructure for doing so is ready in place.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/1993653003
Cr-Commit-Position: refs/heads/master@{#37296}
This adds a missing lazy bailout point when defining data properties
with computed property names in object literals. The runtime call to
Runtime::kDefineDataPropertyInLiteral can trigger deopts. The necessary
bailout ID already exists and is now properly used.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-621816
BUG=chromium:621816
Review-Url: https://codereview.chromium.org/2099133003
Cr-Commit-Position: refs/heads/master@{#37294}
This is a building block for GetPropertyStub. It supports querying fast,
slow and global objects without native accessors and interceptors.
BUG=v8:4911
LOG=Y
Review-Url: https://codereview.chromium.org/2079823002
Cr-Commit-Position: refs/heads/master@{#37291}
Proxy objects need special treatment in toString(). Usually, we use the
@@toStringTag, if it is set, otherwise we determine the result of toString()
by checking IsArray() and other internal slots. According to
ES2017 19.1.3.6, IsArray() and the internal slots must be checked first,
then get(@@toStringTag). The result of IsArray() and internal slots is discarded if
@@toStringTag is set. For proxy
objects, we must obey this order, because get() can have side-effects, i.e.,
revoke the proxy. For all other objects, we can skip the check of the
internal slots, if @@toStringTag is set.
BUG=
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review-Url: https://codereview.chromium.org/2090773006
Cr-Commit-Position: refs/heads/master@{#37289}
- Add a const bool kSimpleFPAliasing variable for each platform so it's
easier for the compiler to eliminate dead code.
- Modify RegisterAllocator to use it.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2101473002
Cr-Commit-Position: refs/heads/master@{#37288}
The global object can be loaded from the native context and the name can be loaded in the type feedback metadata.
BUG=chromium:576312
Review-Url: https://codereview.chromium.org/2096653003
Cr-Commit-Position: refs/heads/master@{#37278}
We deviate from spec in that, in our implementation, __defineGetter__ on non-
configurable properties returns false instead of throwing a TypeError. This commit
adds a use counter to track how often we would be throwing an error we currently
avoid, to determine if we can change to align with spec or if the spec is not
implementable.
BUG=v8:5070
Review-Url: https://codereview.chromium.org/2089533002
Cr-Commit-Position: refs/heads/master@{#37259}
- Adds the concept of FP register aliasing to RegisterConfiguration.
- Changes RegisterAllocator to distinguish between FP representations
when allocating.
- Changes LinearScanAllocator to detect interference when FP register
aliasing is combining, as on ARM.
- Changes ARM code generation to allow all registers s0 - s31 to be
accessed.
- Adds unit tests for RegisterConfiguration, mostly to test aliasing
calculations.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2086653003
Cr-Commit-Position: refs/heads/master@{#37251}
Port fc59eb8a7a
Original commit message:
Moves between operands with different representations shouldn't happen,
so don't test them. This makes it easier to modify canonicalization to
differentiate between floating point types, which is needed to support
floating point register aliasing for ARM and MIPS.
This change also expands tests to include explicit FP moves (both register and stack slot).
LOG=N
BUG=v8:4124
BUG=chromium:622619
Review-Url: https://codereview.chromium.org/2090993002
Cr-Commit-Position: refs/heads/master@{#37241}
Reason for revert:
[Sheriff] Breaks layout tests. Please rebase upstream if intended:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7691
Original issue's description:
> Amends the TypedArray constructor to use the path for primitives for all
> types of primitives, not just undefined, booleans, numbers, and strings.
> (The missing cases were null and Symbol.) This is required by the
> specification, and there are test262 tests which we were failing due to
> this bug.
>
> BUG=v8:5124
>
> Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208
> Cr-Commit-Position: refs/heads/master@{#37234}
TBR=littledan@chromium.org,bakkot@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5124
Review-Url: https://codereview.chromium.org/2091693004
Cr-Commit-Position: refs/heads/master@{#37236}
types of primitives, not just undefined, booleans, numbers, and strings.
(The missing cases were null and Symbol.) This is required by the
specification, and there are test262 tests which we were failing due to
this bug.
BUG=v8:5124
Review-Url: https://codereview.chromium.org/2096873002
Cr-Commit-Position: refs/heads/master@{#37234}
TypedArrays store their true length in an internal slot. This is
normally reflected in the .length property, but that property is
configurable. Algorithms which need the length of a typed array are to
use the internal slot, not the property; TypedArray.prototype.set was
not doing this.
BUG=v8:5133
Review-Url: https://codereview.chromium.org/2091153002
Cr-Commit-Position: refs/heads/master@{#37232}
While we properly handled scopes of initializers in destructured parameters,
we never did the right thing for computed properties. This patch fixes that
by factoring out PatternRewriter's scope rewriting logic and calls it
for the computed property case.
BUG=chromium:620119
Review-Url: https://codereview.chromium.org/2084103002
Cr-Commit-Position: refs/heads/master@{#37228}
Reason for revert:
Reland fixing msan and tsan
Original issue's description:
> Revert of Test262 roll (patchset #15 id:280001 of https://codereview.chromium.org/2068263002/ )
>
> Reason for revert:
> Broke msan and tsan; need to add an extra skip
>
> Original issue's description:
> > Test262 roll
> >
> > This roll does not include a test harness change; infrastructure issues
> > still need to be worked out.
> >
> > Committed: https://crrev.com/d3a95b8a78eefabf884a60bc3d6aac5830b44eb3
> > Cr-Commit-Position: refs/heads/master@{#37225}
>
> TBR=adamk@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Committed: https://crrev.com/8ea2cbea2e65dc506d50a25a81e610f37bc751ec
> Cr-Commit-Position: refs/heads/master@{#37226}
TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2097573003
Cr-Commit-Position: refs/heads/master@{#37227}
Reason for revert:
Broke msan and tsan; need to add an extra skip
Original issue's description:
> Test262 roll
>
> This roll does not include a test harness change; infrastructure issues
> still need to be worked out.
>
> Committed: https://crrev.com/d3a95b8a78eefabf884a60bc3d6aac5830b44eb3
> Cr-Commit-Position: refs/heads/master@{#37225}
TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2094613004
Cr-Commit-Position: refs/heads/master@{#37226}
This roll does not include a test harness change; infrastructure issues
still need to be worked out.
Review-Url: https://codereview.chromium.org/2068263002
Cr-Commit-Position: refs/heads/master@{#37225}
As a result LoadGlobalIC requires different slow stubs for each TypeofMode.
This CL is a prerequisite for not passing variable name to LoadGlobalIC:
the interceptor handler is the only kind of handler that requires a name
and therefore LoadGlobalIC dispatcher does not need a variable name as well.
BUG=chromium:576312
Review-Url: https://codereview.chromium.org/2081143002
Cr-Commit-Position: refs/heads/master@{#37222}
Reason for revert:
This breaks gc-stress bot: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot
#
# Fatal error in ../../src/heap/mark-compact.cc, line 3715
# Check failed: Page::FromAddress(reinterpret_cast<HeapObject*>(*slot)->address()) ->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION).
#
I can reproduce locally, and local revert also fixes it -> revert.
Reproduce with:
out/Debug/d8 --test --random-seed=2140216864 --nohard-abort --nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code --verify-heap --allow-natives-syntax --harmony-tailcalls test/mjsunit/mjsunit.js test/mjsunit/es6/tail-call-megatest-shard2.js --gc-interval=500 --stress-compaction --concurrent-recompilation-queue-length=64 --concurrent-recompilation-delay=500 --concurrent-recompilation
(Maybe run in loop; it's flaky when broken; but passes reliably w/ revert.)
Original issue's description:
> Reland [heap] Avoid the use of cells to point from code to new-space objects.
>
> The reason for reverting was: [Sheriff] Breaks arm debug:
> https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.
>
> The problem was the dereferencing of handles for smi checks. It turned out
> that these smi checks can be removed anyways, both on arm and on mips.
>
> Additionally some rebasing was necessary.
>
> Original issue's description:
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=mlippautz@chromium.org
>
> Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1
> Cr-Commit-Position: refs/heads/master@{#37217}
TBR=mlippautz@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2090983002
Cr-Commit-Position: refs/heads/master@{#37221}
Now we can turn it into a turbofan stub.
Create new instance types JS_ARGUMENTS_TYPE and JS_ERROR_TYPE.
Review-Url: https://codereview.chromium.org/2080243003
Cr-Commit-Position: refs/heads/master@{#37219}
ES2017 draft 19.1.3.6: If @@toStringTag is not a string, Object.prototype.toString()
returns [object Object], except in the following cases:
- Array
- String
- Arguments
- Function
- Error
- Boolean
- Number
- Date
- RegExp.
For anything else, e.g., Maps, Sets, TypedArrays, or the global object, toString() returns
[object Object] if @@toStringTag is absent or not a string. In order to be able to
easily identify the global object in d8, we set @@toStringTag to "global"
for d8.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=
Review-Url: https://codereview.chromium.org/2071343002
Cr-Commit-Position: refs/heads/master@{#37218}
The reason for reverting was: [Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.
The problem was the dereferencing of handles for smi checks. It turned out
that these smi checks can be removed anyways, both on arm and on mips.
Additionally some rebasing was necessary.
Original issue's description:
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.
This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js
R=mlippautz@chromium.org
Review-Url: https://codereview.chromium.org/2091733002
Cr-Commit-Position: refs/heads/master@{#37217}
Lowering of Int64Load, Int64Store, BitcastInt64ToFloat64 and
BitcastFloat64ToInt64 was using LE word ordering in memory,
causing failures on some tests.
BUG=mjsunit/regress/regress-599719,mjsunit/regress/regress-599717
Review-Url: https://codereview.chromium.org/2080213004
Cr-Commit-Position: refs/heads/master@{#37213}
CMN is a flag-setting add operation, and therefore is commutative.
{Add,Sub}WithOverflow generate ADD/SUB instructions that cannot
support a ROR shift.
BUG=
Review-Url: https://codereview.chromium.org/2087233005
Cr-Commit-Position: refs/heads/master@{#37212}
As part of the page type unification also unify page iterators. Iterating
over a space works the same for all spaces now (new, old, lo).
Iterating over pages of a space follows now the regular C++ iterator pattern:
- for (auto it = space->begin(); it != space->end(); ++it) {}
- for (Page* p : *space) {}
GC only: Loop supporting unlinking/freeing of a Page on the fly:
for (auto it = space->begin(); != space->end();) {
Page* p = *(it++);
p->Unlink();
}
For iteration of a range of new space pages use NewSpacePageRange which
also verifies that the range is actually a proper new space page range.
BUG=chromium:581412
LOG=N
Review-Url: https://codereview.chromium.org/2088223002
Cr-Commit-Position: refs/heads/master@{#37210}
