For keyed stores we recompute handlers based on the receiver maps
we have seen. This is done so that we can transition to the most generic
elements kind we have seen so far. When we recompute this handlers we
get a new prototype validity cell and ignore the existing cell. This
leads to incorrect behaviour if the cell was invalid. Recomputing the
handler may be extra work which is not worth doing at this point. So
we just reuse the existing validity cell and let the IC recompute the
handler if we see the map again.
Bug: chromium:1053939
Change-Id: Ifc891d70f5a4b8b774238e12fb40e29b4d174e37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2122032
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66963}
This reverts commit 8f68e39214.
Reason for revert: depot_tools started using Python3 by default with this deps roll, but it contained a Python3 bug. Reverting this and waiting for a new deps roll will fix the issue since the latest depot_tools contains the fix for this issue.
Original change's description:
> Update V8 DEPS.
>
> Rolling v8/build: 26e9d48..de373bb
>
> Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/032c783..054d61d
>
> Rolling v8/third_party/depot_tools: 2b2aec6..e3a49aa
>
> Rolling v8/tools/clang: 105a846..a560ab4
>
> TBR=machenbach@chromium.org,tmrts@chromium.org
>
> Change-Id: I04a2522f65cecb00308bdc0a8f7ed780fe4f3961
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2119950
> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/master@{#66851}
TBR=machenbach@chromium.org,v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com,tmrts@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:1065807
Change-Id: I87281218c99c55503f577b9ab17b2d3b59792601
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2132796
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66962}
Some embedders (e.g. ChromeOS) override the toolchain and do not
provide such macros.
Bug: chromium:1056170
Change-Id: I3012af6dd7f59580d00e58608a228df562706414
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2132798
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66961}
Port a1bd722799https://crrev.com/c/2129631
Original Commit Message:
This is the same cleanup as in the previous CL, but for {EmitBinOpImm}.
This requires a minor change in the name of the emit functions with
immediate, to make them distinguishable from the emit functions with two
registers. We just append an "i" to the functions with immediate.
Change-Id: I5089097cb74e204002f0dfcfb6ed10d3ade4da0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2132346
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#66959}
Use inline asm to generate the x64 PushAllRegistersAndIterateStack
which is the trampoline for conservative stack scanning. Keep the
function definition as C code to allow clang to generate the correct
mangling for each platform.
This approach has the benefit that it immediately works for all
platforms that support clang.
Bug: chromium:1056170
Change-Id: Ic7a1c1b57e67ae1442bd8bda4e55d89112facfc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2132787
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66958}
Use new API available in ICU65.1 so legacy locales won't be hidden.
Bug: v8:9312,chromium:968269
Change-Id: I6e44501249cdb863ff9b1ab858efdf8908380a82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2131373
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66957}
Only run the test when locale 'bn' is supported
Bug: v8:9100
Change-Id: I455d77a7fb7495f1f866211084cdb68fceb8c871
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2130069
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66956}
The trampoline should never inline the actual iteration method and
always use a full call. As a result, there can be no interesting data
in the redzone.
This allows simplifying as the existence and size of a red zone is platform
dependent.
Bug: chromium:1056170
Change-Id: I38d686b0e60fdcc383c40a45e7a81ec0e91f4d62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2132788
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66955}
The tests using the recursive function were broken on non-clang builds
as GCC is able to agressively the function in question and proof that
parameters are not actually needed.
Bug: chromium:1056170
Change-Id: Iacbff766ca9d300c9ae5d16394e205b1883609eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2130274
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66952}
Even though the default toolchain for assembly on Windows uses MASM
assemblers, we are not supposed to use them to support Linux/Win
cross-compile.
Bug: chromium:1056170, chromium:1066834
Change-Id: If17dbd68915f843e3fb47584560a4667d5c35bc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2132250
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66951}
Double literals without dots should still be parsed as double constants,
not unsigned constants. The static_cast would remove the fractional
part, making constants like "1e-15" come out as "0" unsigned constants.
The precise semantics is not spec'ed, so we still consider literals like
"1e1" to be unsigned, and only switch to double if there is a fractional
part.
R=ecmziegler@chromium.org
Bug: chromium:1065635
Change-Id: I0aac018058a149632e0849572d19fdcc7b2af7aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2126922
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66949}
The ReduceStringPrototypeStartsWith implementation in TurboFan
was doing the CheckString too late, after returning "false" in
case there are no arguments.
Fixed: chromium:1065741
Change-Id: I1016383d65120d3b050e76d6ac41986497af0b8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2129639
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66948}
JSStoreGlobal can become a call into runtime code (SetProperty)
that inspects the context in order to get the language mode. Thus
always passing the native context is not good enough.
Bug: chromium:1065737
Change-Id: Iba9537cd3de743a0967325acf7900190aa835b5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2130280
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66946}
This inlines the first set of macros in order reduce an unneccessary
layer of abstraction. This makes the code easier to read and to debug.
R=zhin@chromium.org
Bug: v8:10364
Change-Id: Ia8ccb90c285c365ae5b3d52b6b6912ad1a76d81d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2129532
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66945}
Port a447a44f31https://crrev.com/c/2064226
Original Commit Message:
Since now the IterationBody StackChecks are implicit within JumpLoops,
we are able to eagerly deopt in them. If we do that, whenever we advance
to the next bytecode we don't have to advance to the next literal
bytecode, but instead "advance" in the sense of doing the JumpLoop.
Adding tests that test this advancing for wide and extra wide JumpLoops.
Also, marking JumpLoop as needing source positions since now it has
the ability of causing an interrupt.
Change-Id: Ia435888fbaca8596839aa15dafb8b4e7239981fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2119783
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#66944}
Import the most commonly used ValueType kinds as constants into
{LiftoffCompiler}, so that we don't need the fully-qualified accessor on
{ValueType}.
This makes many template instantiations much shorter and hence easier to
read.
Drive-by: Replace break after function by return. This often saves
another line, making macros and switch statements much shorter.
R=zhin@chromium.org
Bug: v8:10364
Change-Id: If78352c2fa6b854989fa82718d0b3478b4d73aad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2129634
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66943}
- avoid endless recursion with corrupted traces
- speed up page by async bar repainting
- minor tweaks to avoid unnecessary work
- move helper functions to make command line version parse log files
Change-Id: If8ce9cc4093030d648fbc7bbb60e53412e9f7a79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2115434
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66942}
This is the same cleanup as in the previous CL, but for {EmitBinOpImm}.
This requires a minor change in the name of the emit functions with
immediate, to make them distinguishable from the emit functions with two
registers. We just append an "i" to the functions with immediate.
R=zhin@chromium.org
Bug: v8:10364
Change-Id: Ie3732a956698368a5f1fbe67334a13014cd2f354
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2129631
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66941}
The same issue has been fixed in Chromium [1] by Richard Townsend.
It seems that cl needs to be applied in V8 as well.
[1] https://chromium-review.googlesource.com/c/chromium/src/+/1593363
Also add self to authors file.
Bug: v8:10365
Change-Id: Ic38b18392263c2a89f207013ec61718418d5f132
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2130126
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66940}
If "use asm" is used inside a "function*" or async function, it should
bail out.
Drive-by: Minor cleanup in {Runtime_InstantiateAsmJs}.
R=ecmziegler@chromium.org
Bug: chromium:1065852
Change-Id: Ice48126b803a30c4b4ff7b5ae22df85a3f36198a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2126920
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66939}
Liftoff has lots of macros that just convert between {LiftoffRegister}
and either {Register} or {DoubleRegister}.
This CL avoids most of these lambdas by passing the original assembler
function to {EmitUnOp} and {EmitBinOp}, and converting the register
types only when calling the respective function.
This makes the code in many macros a lot shorter, and might allow us to
eliminate many macros and just inline their code.
R=zhin@chromium.org
Bug: v8:10364
Change-Id: I8b7dbb19e367d33181d94472ab422a0a50786449
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2129629
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66938}
The internalized string fixup during off-thread factory merging updates
object slot values, but didn't call the write barrier for that slot.
Now it does.
Bug: chromium:1011762
Change-Id: I11e546a06f48bdb476b66a1944f485b97b0d4dbe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2124318
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66936}
Only the NewSloppyArguments_Generic variant is used, so delete the
unused NewSloppyArguments function and rename the other one to the now
available name.
Change-Id: Ifb90a03bd112f78b4d95f7afc3b299c9634e9acc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2128051
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66935}
The stack scanner copies any potentially uninitialized values into a
temporary on the stack. The temporary is supposed to be unpoisoned
before processing.
This fixes an issue where we would pass the wrong address to
unpoisoning.
Bug: chromium:1056170
Change-Id: I8eb1564103d067e72f9de74b71d9ddfc23a68ade
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2130273
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66932}
Drive-by: Fix a few BE related issue with ptr-compr enabled.
Change-Id: Ic2ff9e69a42e65089a1c1544e5eba1833c2fd95e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2057355
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#66926}
The interpreter assumed that native context indices of the
runtime functions are less than 256, which is not the case if
intrinsics are at the end of the native context and we keep adding
fields to native context.
Also fix the operand type, so that we get a DCHECK failing if the ids
don't fall into the expected range.
Change-Id: I8bc13a90593739ec66cb0a507572cf5b2acc4235
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2129632
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66925}
Pure refactoring. The re-organization allows to easily
add more platforms.
Bug: chromium:1056170
Change-Id: Ia191c37a1dabff6952414c5314beeeae881713b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2129636
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66924}
Previously we use the error message for normal invalid private member
access, so for a failed brand check for class C, the error is
TypeError: Cannot read private member C from an object whose class did not declare it
This updates the message to
TypeError: Object must be an instance of class C
Bug: v8:8330
Change-Id: Ida98f46b8387631194a9b7a48bd1f419045ac6e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2100688
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66923}
This tests that the stack doesn't get misaligned after asm trampolines.
x86 and x64 psABI requires the stack to be 16 bytes aligned.
Bug: chromium:1056170
Change-Id: I73e7100806c6ecf3f5e884a121a15bcc384d8011
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2128048
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66922}
A previous CL made the mode an explicit argument but failed to
keep SimplifiedLowering from overriding it.
Moreover, CheckedUint64Bounds so far didn't support the two modes.
Change-Id: I01d8bf90fca77940fbeb428da57608a59f812c75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2124833
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66921}
Maintain a proper frame pointer in rbp when going through the
trampoline. This ensures that e.g. gdb can properly unwind the
stack.
Bug: chromium:1056170
Change-Id: I7a9252316e7ce8d83cf54e1efc801b92476bc4ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2128050
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66920}
We can make sure we exhaustively test all CreateArgumentsTypes by using
a switch rather than if-else.
Change-Id: Id00094eeb4cb0af212f5c939314aec72a30a3ee0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2128054
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66919}
In https://chromium-review.googlesource.com/c/v8/v8/+/2124837 we
changed the behavior of CreateDynamicFunction such that it throws
a TypeError if the operation is disallowed. The TypeError
constructor was taken from the target context, which didn't make
a lot of sense: the entered context doesn't have access to
the function ctor's context, so it won't have access to an
exception created in the function ctor's context either.
With this CL, the TypeError constructor is taken from the entered
context instead. Note that this is not necessarily the calling
context (we don't generally know the calling context at this point).
Bug: v8:10361, chromium:1065094
Change-Id: I09daa1f913a7e33841eb7fa0c00fca435df64b2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2127866
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66918}
If we want external people to stop shouting WASM, we should start
by avoiding that in our own code base.
This CL replaces almost all occurrences of "WASM" by "Wasm". The
last remaining ones (in frames.cc) are in capitalized contexts where
WASM fits.
TBR=ecmziegler@chromium.org
Bug: v8:10155
Change-Id: I905b92220768b99bb5e1165255691ffe4498dba3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2126917
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66917}
For i8x16, most i8x16 should be done now. Drive by cleanup to remove
unnecessary CpuFeatureScope (since they are in the macro assembler now).
Bug: v8:9561
Change-Id: Ic4e9462eec62badfae7a5164562fdb167da76968
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2121169
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66916}
