It was shipped in Chrome 63.
Bug: v8:5855
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Icc00b8300622d1c7b5662be8ac5e425b9781f666
Reviewed-on: https://chromium-review.googlesource.com/858381
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50558}
This reverts commit 2de796fc57.
Reason for revert: message test suite doesn't work with code
serializer step and predictable mode:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/18708
Looks like the flag doesn't exist anymore and the output comparison in
message tests doesn't like that.
Original change's description:
> [test] Add more d8-based test suites to d8_default
>
> This will run those suites with gc stress, code serializer, and verify-
> predictable mode.
>
> TBR=sergiyb@chromium.org
>
> Bug: v8:7285
> Change-Id: I4184376cf3fc9dd161b1e85ec562ed4266f5b8cf
> Reviewed-on: https://chromium-review.googlesource.com/864922
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50555}
TBR=machenbach@chromium.org,yangguo@chromium.org,sergiyb@chromium.org,majeski@google.com
Change-Id: Id0f26fcef246ed59ce3352c476b0643a64251ba1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7285
Reviewed-on: https://chromium-review.googlesource.com/864685
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50557}
This reverts commit 2de796fc57.
Reason for revert: Fails tests on Linux dbg:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/18708
Original change's description:
> [test] Add more d8-based test suites to d8_default
>
> This will run those suites with gc stress, code serializer, and verify-
> predictable mode.
>
> TBR=sergiyb@chromium.org
>
> Bug: v8:7285
> Change-Id: I4184376cf3fc9dd161b1e85ec562ed4266f5b8cf
> Reviewed-on: https://chromium-review.googlesource.com/864922
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50555}
TBR=machenbach@chromium.org,yangguo@chromium.org,sergiyb@chromium.org,majeski@google.com
Change-Id: I8d769829bdb96820e57b1cefcf92fb6976a1031d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7285
Reviewed-on: https://chromium-review.googlesource.com/865334
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50556}
This will run those suites with gc stress, code serializer, and verify-
predictable mode.
TBR=sergiyb@chromium.org
Bug: v8:7285
Change-Id: I4184376cf3fc9dd161b1e85ec562ed4266f5b8cf
Reviewed-on: https://chromium-review.googlesource.com/864922
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50555}
With --jit-to-native, we current don't disassemble any Liftoff code.
This CL adds that, and also adds printing of relocation info of native
wasm code.
R=mstarzinger@chromium.orgCC=titzer@chromium.org
Bug: v8:6600
Change-Id: Icb1249868224180171107b82e2dd7dc69e23db16
Reviewed-on: https://chromium-review.googlesource.com/863762
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50553}
These opcodes will always call out to a C function for now.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I0ba8984d593c0203b46c2814dec4c091754df99a
Reviewed-on: https://chromium-review.googlesource.com/860924
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50551}
Add tests with a few Array.of invocations in preparation for adding a
CodeStubAssembler generated version.
Change-Id: I5aee3f32a584ae31cebcbbe6b0e5491a4bc1da34
Reviewed-on: https://chromium-review.googlesource.com/861884
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50550}
This CL shares most of the implementation in the string
builtins String.prototype.charAt/charCodeAt/codePointAt.
Bug: v8:7270
Change-Id: Ibe43a0a22aa17fb5cd7f0519fd877fa8ae483863
Reviewed-on: https://chromium-review.googlesource.com/861786
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50546}
This adds a reduced version of bot_default with only d8-based test suites.
Those can be used for gc stress testing, fuzzing and predictable mode.
This also adds a missing explicit build rule for the debugger test suite.
It's working as it's part of the isolate file, but incremental
re-isolation might break on code changes.
Running the tests is still commented out to allow the infra-side to
land. Afterwards, we'll activate the extra testing as a V8 CL
commenting the lines back in.
Bug: v8:7285
Change-Id: I7b758c212f0c4ae3d2f79beea5ec597cee479565
Reviewed-on: https://chromium-review.googlesource.com/864045
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50545}
This changes the return type of
- StringBuiltinsAssembler::LoadSurrogatePairAt
- CodeStubAssembler::StringCharCodeAt
from TNode<Uint32T> to TNode<Int32T>.
This is justified because both functions only
return values in the positive range of signed
integer. This improves interoperatability, as
Int32T can be SmiTagged, while this is not
allowed for Uint32T.
Bug: v8:7270
Change-Id: I2768b6ec320fa0fbcf3e55af784339472fa4909e
Reviewed-on: https://chromium-review.googlesource.com/861782
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50542}
Flag getters (e.g. RegExp.p.get global) are defined on the prototype and
thus we need to use the more general BranchIfFastRegExp here instead of
IsFastRegExpNoPrototype.
Bug: chromium:800538
Change-Id: Ib6bc8a4fd3bf2f7dd31538c8dbb61814106c184b
Reviewed-on: https://chromium-review.googlesource.com/859767
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50538}
Liftoff could only call to code object on the gc heap so far. This CL
extends this to support calls to the native wasm heap. This became
urgent since --jit-to-native is enabled by default now.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ie07416a4041d4e6ea26a8c315008a41d81f52aab
Reviewed-on: https://chromium-review.googlesource.com/863667
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50537}
This fixes a spec bug in which the order of calls to 1) the flag getter
and 2) ToUint32(limit) was incorrect if ToUint32 pushes the regexp
instance onto the slow path. We are now more restrictive and completely
avoid ToUint32 on the fast path.
Bug: chromium:801171
Change-Id: I21d15fe566754d2bc05853f895636bb882fbf599
Reviewed-on: https://chromium-review.googlesource.com/863644
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50533}
This CL makes a fuzzer out of the cctest
test-multiple-return/ReturnMultipleRandom. The fuzzer creates a
CallDescriptor with input parameters and returns, and a function which
maps input parameters to returns. The fuzzer then calls this function
with a wrapper which checks that the correct mapping happened.
R=clemensh@chromium.org
Change-Id: Ib89c4063638baae69540a44486d7b2e9d13f8c1f
Reviewed-on: https://chromium-review.googlesource.com/859768
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50532}
Each of those types have to split off a single actual instance type.
There can be many that split off the same instance type.
Bug: v8:7266
Change-Id: Ic78b707e26e67bdd2072cd8a716c89eaae024e48
Reviewed-on: https://chromium-review.googlesource.com/860651
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50530}
Instead of bailing out and assuming everything will be fine if a builtin
hasn't been deserialized yet, deserialize eagerly and perform the full
check.
Change-Id: I60b0d33786a266e124358e2eebe926d8f785881d
Reviewed-on: https://chromium-review.googlesource.com/859998
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50529}
This adds support for i32.popcnt. If no hardware instruction for popcnt
is available, call out to C.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I9ae9e1d1e1392168d19c0eedcdd33eeea609a54f
Reviewed-on: https://chromium-review.googlesource.com/860658
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50528}
- Turbolizer highlights input and output nodes on hover.
- The three panes support resizing now (snap to side still works).
Bug:
Change-Id: Ida1513fd714a02ab772885ea1fdf6d9da8d540f6
Reviewed-on: https://chromium-review.googlesource.com/837068
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50523}
Also change fetch_deps.py to no longer be a no-op and rename
Main function for importing from other scripts.
R=machenbach@chromium.org
Bug: v8:6105
Change-Id: I067a212827316248f60e97ff27e9bb2dc20addfd
Reviewed-on: https://chromium-review.googlesource.com/860007
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50522}
https://github.com/tc39/ecma262/pull/988 gained concensus during the
september 2017 TC39 meetings. This moves the load of the "next" method
to the very beginning of the iteration protocol, rather than during
each iteration step.
This impacts:
- yield*
- for-of loops
- spread arguments
- array spreads
In the v8 implementation, this also affects async iteration versions of
these things (the sole exception being the Async-From-Sync iterator,
which requires a few more changes to work with this, likely done in a
followup patch).
This change introduces a new AST node, ResolvedProperty, which can be used
as a callee by Call nodes to produce the same bytecode as Property calls,
without observably re-loading the property. This is used in several
AST-desugarings involving the iteration protocol.
BUG=v8:6861, v8:5699
R=rmcilroy@chromium.orgTBR=neis@chromium.org, adamk@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I9685db6e85315ba8a2df87a4537c2bf491e1e35b
Reviewed-on: https://chromium-review.googlesource.com/857593
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50518}
Also sort some lists to improve readability.
Bug:
Change-Id: I296d1706e7c568c325732e9c57622bc4de571d62
Reviewed-on: https://chromium-review.googlesource.com/859240
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50517}
CFI-icall checking makes use of compile-time information to verify
whether a given indirect call is valid; however, this is impossible to
verify for calls into JITed code. Mark functions calling into JITed code
with an attribute disabling CFI-icall checking.
Bug=v8:7164
Change-Id: I20161510b810744ff5e234d77cf603913482a539
Reviewed-on: https://chromium-review.googlesource.com/861305
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50516}
The timezone offset in effect on Dec 25, 1995 won't be applicable
in years far away from 1995 (e.g. year 1111).
Calculate the timezone offset in Feb 1, 1995 and run other tests
on the same day.
This issue has been hidden because the current implementation doesn't
take into account the history of timezone offset changes(crbug.com/3547),
but was exposed when a correct implementation based on ICU was tried.
( https://chromium-review.googlesource.com/c/v8/v8/+/572148 ).
Bug: v8:7268
Test: webkit/date-constructor
Change-Id: I09834cff0baa47d6c8981e7712ebf39541e5ecb7
Reviewed-on: https://chromium-review.googlesource.com/861196
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50515}
Two usability improvements to the GDB jco macro:
* Check if the desired pc is within the code space (or large object
space), to avoid failures
* Highlight the current pc in the outputted code (yellow and bold) to
make it easier to find.
Change-Id: Ia094f33b61ed0fd2dd1e5e456992a17d97048639
Reviewed-on: https://chromium-review.googlesource.com/860102
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50514}
This is a reland of 50baf93425
This fixes the number of expected instructions in MaybeCallEntryHookDelayed,
only exposed by nosnap tests.
Original change's description:
> [arm64] Switch jssp to csp
>
> Switch stack pointer to using csp directly, making jssp redundant.
>
> Bug: v8:6644
> Change-Id: I8e38eda50d56a25161b187c0a033608dd9f90239
> Reviewed-on: https://chromium-review.googlesource.com/860097
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#50487}
Bug: v8:6644
Change-Id: Ie9a969ccbf00fd7a7cff8f45b73cdb6bc4f17df9
Reviewed-on: https://chromium-review.googlesource.com/860639
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50513}
Band-aid fix for infinite recursion in RegExp TFJ builtins.
TFJ builtins don't contain stack checks in general, so any deep
recursion involving only TFJ builtins can end up overflowing the stack
and segfaulting on the red area.
RegExp builtins in particular can only build such recursions using
RegExp.p.exec, and (as far as I can tell) only by modifying the instance
or prototype, thus hitting the slow path in all builtins.
This CL adds a stack check to RegExpExec, which is the choke point for
calling exec on slow-mode RegExps.
Bug: v8:7239, chromium:797481
Regression test
Change-Id: I78dbb5f868a775d9697606d513623f912639d7db
Reviewed-on: https://chromium-review.googlesource.com/856777
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50511}
