As required by #sec-built-in-function-objects.
They were strict functions before (see
e2f1c26982), but that got lost when they
were ported to ASM builtins.
This makes optimized and non-optimized code agree on the same behavior
in regress-105.js.
BUG=v8:105,v8:5778,v8:6325
Review-Url: https://codereview.chromium.org/2848313004
Cr-Commit-Position: refs/heads/master@{#45012}
getPossibleBreakpoints implementation can enforce function compilation which potentially can produce syntax error, we need to have a context to correctly report this error.
BUG=chromium:715334
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2851853002
Cr-Commit-Position: refs/heads/master@{#45003}
This makes the size of the class smaller by 8 bytes on 64-bit. I looked at the usage
pattern. Even though it seems the number of instances doesn't get higher
than a few thousand, this class is still very hot because it is constructed and
passed by value a lot. So perhaps reducing the size would make passing this
class by value or growing arrays more optimal and might save some cycles.
Before:
class v8::internal::compiler::Constant [sizeof = 24] {
[sizeof=4] v8::internal::compiler::Constant::Type type_
<padding> (4 bytes)
[sizeof=8] __int64 value_
[sizeof=4] v8::internal::RelocInfo::Mode rmode_
<padding> (4 bytes)
}
After:
class v8::internal::compiler::Constant [sizeof = 16] {
[sizeof=4] v8::internal::compiler::Constant::Type type_
[sizeof=4] v8::internal::RelocInfo::Mode rmode_
[sizeof=8] __int64 value_
}
BUG=chromium:710933
Review-Url: https://codereview.chromium.org/2841343002
Cr-Commit-Position: refs/heads/master@{#45001}
The error thrower did allocate the exception at the moment the error was
detected. For async compilation, this meant in another step than when
it was actually thrown. Since the HandleScope of the exception already
died at that point, this would have lead to memory errors.
With this refactoring, we only store the information needed to generate
the exception in the ErrorThrower, and only generate the exception
object once it is actually needed.
With regression test.
R=ahaas@chromium.org, mtrofin@chromium.org
Also-by: ahaas@chromium.org
Change-Id: Iffcab1f8d1cf5925e3643fcf0729ba9a84c7d277
Reviewed-on: https://chromium-review.googlesource.com/490085
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45000}
This CL changes certain frequently-called Array builtins to use CodeStubArguments
rather than peek at the stack frames above array builtins to determine if options
arguments have been passed into them.
Previous failure likely due to unfortunate/unluckily timed GC that moved due to
changed timing/allocation from this CL. Test mitigation for allocation-site-info.js
included.
BUG=v8:1956
LOG=N
Review-Url: https://codereview.chromium.org/2829093004
Cr-Commit-Position: refs/heads/master@{#44998}
Reason for revert:
Still fails. Likely has to do with gc heap size for allocation site tests, mitigation pending...
Original issue's description:
> [turbofan] Reland: Avoid going through ArgumentsAdaptorTrampoline for select CSA array builtins
>
> This CL changes certain frequently-called Array builtins to use CodeStubArguments
> rather than peek at the stack frames above array builtins to determine if options
> arguments have been passed into them.
>
> Previous failure cannot be reproed with failing config. Flake?
>
> BUG=v8:1956
> LOG=N
>
> Review-Url: https://codereview.chromium.org/2829093004
> Cr-Commit-Position: refs/heads/master@{#44996}
> Committed: 7ca381e847TBR=mvstanton@chromium.org,ishell@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1956
Review-Url: https://codereview.chromium.org/2851063002
Cr-Commit-Position: refs/heads/master@{#44997}
This CL changes certain frequently-called Array builtins to use CodeStubArguments
rather than peek at the stack frames above array builtins to determine if options
arguments have been passed into them.
Previous failure cannot be reproed with failing config. Flake?
BUG=v8:1956
LOG=N
Review-Url: https://codereview.chromium.org/2829093004
Cr-Commit-Position: refs/heads/master@{#44996}
Reason for revert:
Nosnap failure
Original issue's description:
> [turbofan] Avoid going through ArgumentsAdaptorTrampoline for select CSA/C++ builtins
>
> This CL changes certain frequently-called Array builtins to use CodeStubArguments
> rather than peek at the stack frames above array builtins to determine if options
> arguments have been passed into them.
>
> BUG=v8:1956
> LOG=N
>
> Review-Url: https://codereview.chromium.org/2829093004
> Cr-Commit-Position: refs/heads/master@{#44994}
> Committed: 680356278dTBR=mvstanton@chromium.org,ishell@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1956
Review-Url: https://codereview.chromium.org/2851703005
Cr-Commit-Position: refs/heads/master@{#44995}
This CL changes certain frequently-called Array builtins to use CodeStubArguments
rather than peek at the stack frames above array builtins to determine if options
arguments have been passed into them.
BUG=v8:1956
LOG=N
Review-Url: https://codereview.chromium.org/2829093004
Cr-Commit-Position: refs/heads/master@{#44994}
This reverts commit 4968b2c4d1.
Reason for revert: Speculative revert for severe perf regression
https://bugs.chromium.org/p/chromium/issues/detail?id=716468#c3
Original change's description:
> [intl] Switch to using declared accessors
>
> This patch cleans up the Intl code by switching to using declared
> accessors, rather than embedder fields, for holding references to
> ICU objects. Additionally:
> - Rename classes to be more similar to how other classes are named
> - Make some unreachable paths into check-fails, rather than throwing
> JS exceptions
> - Move some macros from objects-inl.h into object-macros.h, to allow
> the implementation here to not touch objects.h
> - Some setup logic is moved from runtime-i18n.cc to i18n.cc.
>
> This patch leaves type tags as they are; a future patch should move
> from a special Intl type tagging system to object types as other system
> objects use. Future patches should also move more logic to i18n.cc
>
> BUG=v8:5402,v8:5751,v8:6057
> CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
>
> Change-Id: Ia9cbb25cf8f52662e3deb15e64179d792c10842c
> Reviewed-on: https://chromium-review.googlesource.com/479651
> Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44804}
TBR=adamk@chromium.org,marja@chromium.org,mstarzinger@chromium.org,littledan@chromium.org,jwolfe@igalia.com
# Not skipping CQ checks because original CL landed > 1 day ago.
BUG=v8:5402,v8:5751,v8:6057
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I7a45d7def1f1de0f21e3efb7de9b31f6bcfea46d
Reviewed-on: https://chromium-review.googlesource.com/490328
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44992}
The current test/fuzzer/wasm directory is used for two things:
1) as the corpus directory for clusterfuzz
2) to test in v8 that the fuzzer runs correctly.
With the newly added files from the wasm spec tests this directory grew
quite big and adds unnecessary load on the trybots. Therefore I want to
do the following steps:
1) In this CL for V8: create a new directory for the clusterfuzz corpus
2) In chromium: use the new corpus directory
3) In v8: clean up the old directory to use it on the trybots.
R=bradnelson@chromium.orgCC=mmoroz@chromium.org
Change-Id: If690022558bb5780edf5a3649fb9745ef9c7407a
Reviewed-on: https://chromium-review.googlesource.com/490367
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44991}
- we should always set creation async stack if it's available regardless existing of current parent async stack,
- we should cleanup parent link iff there is no creation and schedule async stack for parent.
Let's consider example: Promise.resolve().then(x => x).then(x => x), there is three promises which will call following instrumentation:
1) created #1 (Promise.resolve()) - collected stack #1
2) scheduled #1 - collected stack #2
3) created #2 with #1 as parent (first .then) - collected stack #3
4) created #3 with #2 as parent (first .then) - collected stack #4
5) started #2 - use stack #2 as scheduled
6) scheduled #2 - collected stack #6
7) finished #2
8) started #3 - use stack #6 as scheduled
9) scheduled #3 - collected stack #7
10) finished #3
If we collect stacks between step 4 and 5, it's possible to collect scheduled stack #2 but still have creation stack for #2 - stack #3 - so we always need to add creation event if scheduled is collected.
If we collect stacks between created and scheduled we should not remove parent link even if parent was not scheduled yet.
BUG=v8:6189
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2844753002
Cr-Commit-Position: refs/heads/master@{#44990}
Only WASM has the notion of changing the maximum memory pages. This
CL corrects the UMA stats to only collect this data for WASM only.
BUG=v8:6321
R=bradnelson@chromium.org,bbudge@chromium.org
Review-Url: https://codereview.chromium.org/2845163002
Cr-Commit-Position: refs/heads/master@{#44988}
1. Replaces --crankshaft with --opt in tests.
2. Also fixes presubmit to check for --opt flag when
assertOptimized is used.
3. Updates testrunner/local/variants.py and
v8_foozie.py to use --opt flag.
This would mean, nooptimize variant means there are
no optimizations. Not even with %OptimizeFunctionOnNextCall.
Bug:v8:6325
Change-Id: I638e743d0773a6729c6b9749e2ca1e2537f12ce6
Reviewed-on: https://chromium-review.googlesource.com/490206
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44985}
... and stop checking that the native contexts of maps recorded in feedback vector
match function's native context - the feedback vector machinery already guarantees
that.
BUG=v8:6325
Change-Id: Iacd3f3a5f703694ff57b774b9658e186ad66641b
Reviewed-on: https://chromium-review.googlesource.com/490084
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44982}
There's no point in using our own implemention of List for this.
Bug:v8:6325
Change-Id: Idf3399bbaaf50f9e1fc7b16c67ea2c6246dd6574
Reviewed-on: https://chromium-review.googlesource.com/489949
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44980}
This avoids generating redundant code for different template
instantiations.
I also introduce getters instead of accessing the fields directly.
R=ahaas@chromium.org
BUG=v8:6325
Change-Id: I3e0eca9ef6a01e0a3ebb73f4f357bcb59e120f43
Reviewed-on: https://chromium-review.googlesource.com/490166
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44976}
The bot is at its resource limits.
TBR=yangguo@chromium.org,jgruber@chromium.org
NOTRY=true
Change-Id: I40520aa7ec8a85a16cce2c9f17544d6fb68166bb
Reviewed-on: https://chromium-review.googlesource.com/490087
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44973}
It's only needed to pass error information from step 1 to step 1b, thus
pass it explicitly to step 1b.
R=ahaas@chromium.org, mtrofin@chromium.org
Change-Id: Icca5ef8f94dedad65e797a4fb5a4d83145b7dfbd
Reviewed-on: https://chromium-review.googlesource.com/489521
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44972}
When a FunctionTemplate-based function is used as a constructor
and returns a JSProxy, we incorrectly treated that result the same
as a non-object result. Now it is treated like any other object
result, i.e., it becomes the result of the constructor call.
R=verwaest@chromium.org
BUG=v8:6294
Review-Url: https://codereview.chromium.org/2845123002
Cr-Commit-Position: refs/heads/master@{#44970}
This reduces the amount of special paths for testing.
Setup the memory used for testing exactly the same way as in real world.
Also, always connect the interpreter to the instance being executed,
and to the existing WasmInstance struct. This keeps information
synchronized between interpreter and test runner.
These changes allow us to execute e.g. GrowMemory from cctests either
in the interpreter or in compiled code.
R=ahaas@chromium.org
Change-Id: Id4726d061f3cdba789275350f500d769d27d2d63
Reviewed-on: https://chromium-review.googlesource.com/488561
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44966}
Make each compile phase a separate task. This allows us to store
additional information in each task instead of "globally" on the
AsyncCompileJob.
This CL only does the initial refactoring, without changing where data
is actually stored.
R=ahaas@chromium.org, mtrofin@chromium.org
Change-Id: Iad73de7b7d09f716c527e6d241314fde52aa55f8
Reviewed-on: https://chromium-review.googlesource.com/488142
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44965}
Also add support for JSFunction::prototype and JSString::length
accessors to CodeStubAssembler::CallGetterIfAccessor and remove
the special case hack from the LoadIC_Uninitialized.
Also address the TODO to unify the implementation with the
LoadIC_FunctionPrototype handler.
BUG=v8:5269,v8:6325
R=ishell@chromium.org
Change-Id: Ic51221e35a051c403d3a86dc41213c913e8f9d85
Reviewed-on: https://chromium-review.googlesource.com/489946
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44964}
