This adds tracking the following:
- Let / var declarations in for loops
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2616393002
Cr-Commit-Position: refs/heads/master@{#42169}
using newly introduced ThinStrings, which store a pointer to the actual,
internalized string they represent.
BUG=v8:4520
Review-Url: https://codereview.chromium.org/2549773002
Cr-Commit-Position: refs/heads/master@{#42168}
This adds the correctness fuzzer harness files to the output
directory guarded by a gn arg.
The switch will be turned on on the builder uploading builds to
clusterfuzz.
BUG=chromium:673246
NOTRY=true
TBR=tandrii@chromium.org,jochen@chromium.org
Review-Url: https://codereview.chromium.org/2623843002
Cr-Commit-Position: refs/heads/master@{#42166}
Reason for revert:
F32x4Add / Sub are still failing. I'll have to investigate on ARM hardware when I get back.
Original issue's description:
> [WASM] Fix failing Wasm SIMD F32x4 tests.
> - Perform lane checks using FP compare instead of reinterpret casts. 0 and -0
> will be different under I32 compare.
> - Some arithmetic operations can generate NaN results, such as adding -Inf
> and +Inf. Skip these tests until we have a way to do more sophisticated
> FP comparisons in the SIMD tests.
> - Eliminate a redundant F32x4 parameter for FP SIMD vector checking. We will only have this one FP type.
>
> LOG=N
> BUG=v8:4124
>
> Review-Url: https://codereview.chromium.org/2594043002
> Cr-Commit-Position: refs/heads/master@{#42154}
> Committed: 5560bbb498TBR=titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2624713002
Cr-Commit-Position: refs/heads/master@{#42162}
Instead of exporting/importing PromiseCreate and RejectPromise and going
through them, just call the runtime function / the TF builtin on the
context directly.
BUG=v8:5639
Review-Url: https://codereview.chromium.org/2599003002
Cr-Commit-Position: refs/heads/master@{#42160}
Deferred function call validation is required to support out of order
asm.js function declaration. Unfortunately, since we've started interleaving
validation and asm-wasm building, we don't check names are resolved until
the end.
Fortunately, undefined names can be detected from their CallType.
Check this at asm-typer time.
BUG=676797
R=aseemgarg@chromium.org,titzer@chromium.org
Review-Url: https://codereview.chromium.org/2615443003
Cr-Commit-Position: refs/heads/master@{#42158}
port 38602f1ff5 (r42146)
original commit message:
This changes the NewClosure interface descriptor, but ignores
the additional vector/slot arguments for now. The feedback vector
gets larger, as it holds a space for each literal array. A follow-on
CL will constructively use this space.
BUG=
Review-Url: https://codereview.chromium.org/2616403007
Cr-Commit-Position: refs/heads/master@{#42157}
The original TF port didn't maintain the same semantics as the CS/runtime implementation, and in fact introduced a bug that grew capacity too slowly on
32-bit platforms.
R=ishell@chromium.org
LOG=N
Review-Url: https://codereview.chromium.org/2617393002
Cr-Commit-Position: refs/heads/master@{#42155}
- Perform lane checks using FP compare instead of reinterpret casts. 0 and -0
will be different under I32 compare.
- Some arithmetic operations can generate NaN results, such as adding -Inf
and +Inf. Skip these tests until we have a way to do more sophisticated
FP comparisons in the SIMD tests.
- Eliminate a redundant F32x4 parameter for FP SIMD vector checking. We will only have this one FP type.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2594043002
Cr-Commit-Position: refs/heads/master@{#42154}
Previously, the Intl implementation tracked types two ways:
- In the intl_initialized_marker_symbol
- In various named properties of the intl_impl_object_symbol value
As far as I can tell, these will never disagree with each other,
modulo bugs in Intl itself. This patch removes the second type
checking system.
This reland includes a fixed type check for
Intl.DateTimeFormat.prototype.formatToParts , which is the only Intl
method which is not bound. All future methods will follow this
pattern.
The second reland ensures that a newly inserted test is only run
if Intl is present.
BUG=v8:5751,chromium:677055, v8:4962
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
TBR=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2623683002
Cr-Commit-Position: refs/heads/master@{#42152}
Avoid allocating local objects in the outer zone, instead create a new inner zone
in ValidatePendingAssessment.
BUG=v8:5796
Review-Url: https://codereview.chromium.org/2617413002
Cr-Commit-Position: refs/heads/master@{#42151}
This makes sure the metadata is found during minimization. Also renames
the test files to fit the naming pattern.
BUG=chromium:673246
NOTRY=true
TBR=tandrii@chromium.org,mbarbella@chromium.org
Review-Url: https://codereview.chromium.org/2622653002
Cr-Commit-Position: refs/heads/master@{#42150}
I can't actually figure out how to trigger a change in behavior here,
but it looks like we should be passing the same attributes both to
the accessor and the descriptor.
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2616843005
Cr-Commit-Position: refs/heads/master@{#42149}
String16 had a pseudo move constructor that took a const String16&&. The
problem with this is that the point of moving objects is the ability to
clobber the underlying data. If we look at this particular case, the
move ctor tried to then std::move the underlying std::basic_string<>;
this results in passing a const std::basic_string<>&& to the
basic_string ctor. This resolves to the const std::basic_string<>&
*copy* ctor. So in the end, we haven't moved anything.
Fix this by taking a mutable rvalue reference that allows the moving to
work as expected.
BUG=None
Review-Url: https://codereview.chromium.org/2616973002
Cr-Commit-Position: refs/heads/master@{#42147}
This changes the NewClosure interface descriptor, but ignores
the additional vector/slot arguments for now. The feedback vector
gets larger, as it holds a space for each literal array. A follow-on
CL will constructively use this space.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2614373002
Cr-Commit-Position: refs/heads/master@{#42146}
GCC4.8.5 on s390 emits warning "array subscript is above array bounds"
for line "code[pos + 1] = kLocalVoid;". The warning seems to be
correct because code[sizeof(code)] should be out of bounds.
I'm suggesting to run the loop till "sizeof(code) - 1" which GCC(4.8.5)
agrees with. Although this means the last byte is missed, but it should
be safe to do since the last few bytes are "0xb" (kExprEnd) and the
offending statement is only run when byte=kExprBlock.
R=titzer@chromium.org, mstarzinger@chromium.org, bradnelson@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2619063002
Cr-Commit-Position: refs/heads/master@{#42145}
If you try to store an object in new space to the Code header, it will
be added to the store buffer, and a DCHECK will fail later, since Code
objects should never occur in the store buffer.
This CL adds DCHECKs to catch such assignments early. Once we handle
this case better, they can be removed again.
R=mstarzinger@chromium.org, ulan@chromium.org
BUG=chromium:674535
Review-Url: https://codereview.chromium.org/2587073002
Cr-Commit-Position: refs/heads/master@{#42142}
Downside: this adds all kinds of weird includes in the .cc files.
(See design doc linked in the bug.)
BUG=v8:5402
Review-Url: https://codereview.chromium.org/2622503002
Cr-Commit-Position: refs/heads/master@{#42140}
The pattern IsNull(isolate) || IsUndefined(isolate) is used in many places all
over the code base.
Review-Url: https://codereview.chromium.org/2601503002
Cr-Commit-Position: refs/heads/master@{#42138}
ToName, ToObject, and ToNumber do not need an
eager checkpoint.
BUG=
Review-Url: https://codereview.chromium.org/2623473002
Cr-Commit-Position: refs/heads/master@{#42136}
We did not associate any position to the stack check in the wasm
function prologue, hence a check failed later when trying to map the
non-existent position to the asm.js source position.
With this CL, we add a mapping to the source position table, mapping
the stack check call to byte offset 0 (which is distinct from any valid
instruction position). Also, we add another entry to the asm.js source
position sidetable, mapping byte offset 0 to the start source position
of the function body.
R=titzer@chromium.org, ahaas@chromium.org
BUG=chromium:677685
Review-Url: https://codereview.chromium.org/2609363004
Cr-Commit-Position: refs/heads/master@{#42130}
This adds tracking the following:
- Declarations created by catch (potentially destructuring)
- Declarations created by for-each (potentially destructuring)
- Class declarations
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2617923003
Cr-Commit-Position: refs/heads/master@{#42129}
1) Fix confusion between for of and for in.
2) If a for loop doesn't declare its variables, no new variables
are introduced (the outer scope variables are used).
3) Add more cases for destructuring for and destructuring catch.
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2614023004
Cr-Commit-Position: refs/heads/master@{#42125}
Don't assume that the prototype of an object is always a JSObject when
inlining the known receiver map case for abstract relational comparison.
BUG=chromium:679202
R=ishell@chromium.org
Review-Url: https://codereview.chromium.org/2621583002
Cr-Commit-Position: refs/heads/master@{#42123}
If one input to JSStrictEqual/JSNotStrictEqual is Unique (except
InternalizedString) or the hole, then we can turn that into a
direct pointer comparison, as such values are only equal to exactly
the same unique value.
BUG=v8:5267
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2611363002
Cr-Commit-Position: refs/heads/master@{#42122}
