Also extend the API to reflect this new feature.
R=jgruber@chromium.org, szuend@google.com, ulan@chromium.org
Bug: v8:8125
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic7a7604a8c663ba04b324eb8902ff325a25654e7
Reviewed-on: https://chromium-review.googlesource.com/1202087
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55604}
This fixes exception creation (by the WebAssembly throw operation) so
that it is not observable by JavaScript. Internal properties are now
stored with symbol names instead of string names, which also prevents
them from being accessed or monkey-patched directly by JavaScript.
R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regress-8094
BUG=v8:8094
Change-Id: I33cb27f4373114cd4db28d9aef23560093e55242
Reviewed-on: https://chromium-review.googlesource.com/1203951
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55602}
WebAssembly.Instantiate would silently fail when the passed in memory
object did not have guard regions even though the compiled module assumes
so. This lead to an inconsitent state and a DCHECK error. Instead, now
throw a LinkError.
Change-Id: I68bab842bcc40d3325aea4b19979d80054ed407c
Reviewed-on: https://chromium-review.googlesource.com/1180892
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55601}
The wasm compiler used Pipeline::GenerateCodeForTesting to generate code
for various stubs. This change adds a dedicated entry point and moves
some common code there.
Bug: v8:8015
Change-Id: Ied628ba14c36e68826cb71d00506994184cc4763
Reviewed-on: https://chromium-review.googlesource.com/1196885
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55599}
In general, whether an error thrown from a script will be muted is
passed as (part of) ScriptOriginOptions when the script is compiled.
Currently, when eval is called, that information is not given, and it
uses the default options (IsSharedCrossOrigin = false,
IsOpaque = false). Give it the options for the script in which eval
is called.
Bug: chromium:875153
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng;luci.chromium.try:linux_chromium_rel_ng
Change-Id: I4b5b872b4a8c2b8e503d457f199d85892a4c817c
Reviewed-on: https://chromium-review.googlesource.com/1188052
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55596}
The previous typing rules for ToNumeric and ToNumber didn't match on the
NonBigIntPrimitive input set, which causes trouble when we morph ToNumeric
nodes into ToNumber nodes, and generally lead to worse typings in the
graph, and thus worse code generation. This change improves the existing
typing rules and turns ToNumber into a chokepoint again.
Bug: chromium:879898, v8:8015
Change-Id: I4a7ff0e9c420c5dcfdb2b96884e019a5943828a4
Reviewed-on: https://chromium-review.googlesource.com/1201522
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55595}
This reverts commit 1b3b808a54.
Reason for revert: crbug/879988
TBR=kozy@chromium.org
Original change's description:
> inspector: find magic comment using V8 scanner
>
> Inspector tries to provide sourceURL and sourceMappingURL for scripts
> with parser errors. Without this CL we convert source of each script
> to inspector string and search for magic comment there. Some web sites
> use pattern when they get some data from network and constantly try to
> parse this data as JSON, in this case we do a lot of useless work.
>
> So we can parse magic comments on V8 side only for compilation errors
> (excluding parse JSON errors), to do it we can reuse scanner by running
> it on each potential comment.
>
> R=alph@chromium.org,verwaest@chromium.org,yangguo@chromium.org
>
> Bug: chromium:873865,v8:7731
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I77c270fd0e95cd7b2c9ee4b7f72ef344bc1fa104
> Reviewed-on: https://chromium-review.googlesource.com/1182446
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Alexei Filippov <alph@chromium.org>
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55280}
TBR=alph@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:873865, v8:7731, chromium:879988
Change-Id: Ia7ac766e19f9b58562d9430811f10b25c4556a46
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1202583
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55594}
Now that we've removed kRootRegister from all ia32 interface
descriptors, let's make sure it does not sneak back in.
Bug: v8:6666
Change-Id: Ie3528908a142c36f106b0053041ed974216533d4
Reviewed-on: https://chromium-review.googlesource.com/1202083
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55590}
Just a minor refactoring that loads parameters just prior to their
uses to reduce register spills and restores. CSA is not smart enough
to do this on its own.
Bug: v8:6666
Change-Id: I6d01abc35b333b2b0d99fa86daaa6ecb6afcf6c0
Reviewed-on: https://chromium-review.googlesource.com/1201883
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55588}
The isolate can be efficiently loaded through other means: either as a
root-relative load (if embedded builtins are enabled), or as an embedded
external reference (i.e. the absolute pointer is included in the
instruction stream) otherwise.
The generated code should be at least as fast as previously. On x64
(with embedded builtins):
Before:
// Register moves in prologue:
0x7f47a6b4860a a 488955e0 REX.W movq [rbp-0x20],rdx
// And the load from a stack slot at each use-site.
0x7f47a6b486f2 f2 488b7de0 REX.W movq rdi,[rbp-0x20]
After:
// Each use-site just loads a root-relative offset.
0x7f1645fcc6ce ee 498dbd38ffffff REX.W leaq rdi,[r13-0xc8]
On ia32 (no embedded builtins), before:
0x5c608930 10 8955f0 mov [ebp-0x10],edx
0x5c6089fb db 891424 mov [esp],edx
After:
0x41d0898d 8d b80033b156 mov eax,0x56b13300
Removal reduces register pressure, and frees up ebx as the root register
on ia32.
Note that the set of allocatable registers was only reduced on ia32 to
exclude the root register.
Bug: v8:6666
Change-Id: I14e401e2823c82042c76acae10c3c935b9982993
Reviewed-on: https://chromium-review.googlesource.com/1201586
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55587}
In preparation for kRootRegister support on ia32.
Instead of pushing the register args first thing within the builtin to
free up needed scratch registers, we just pass the last 3 arguments on
the stack.
Drive-by: Update documentation of helper function.
Bug: v8:6666
Change-Id: I4a194d6885ac9cdfb9f5e66d687522442fae39ba
Reviewed-on: https://chromium-review.googlesource.com/1199025
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55585}
PreParser types, e.g., PreParserExpression, PreParserList,
PreParserFormalParameter. This also enhances ThreadedLists to be used
on the same class more than once.
Bug: v8:7926
Change-Id: Ied204120e5d12ab1f1c4192f6b3c05971a12683b
Reviewed-on: https://chromium-review.googlesource.com/1199262
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55584}
When v8_enable_embedded_bytecode_handlers is true, initialize the
bytecode dispatch table from the builtins table. Also stops creating
the handlers more than once as the SetupInterpreter will now always do
nothing even when not starting from a snapshot.
In the short term, with the flag enabled all the bytecode handlers are
eagerly deserialized.
Finally, the bytecode handlers are marked as non-isolate independent to
prevent them being embedded in the binary until they can be converted.
Bug: v8:8068
Change-Id: I9e5ef7f1dce1b2d11c7aa26526f06b53f8939697
Reviewed-on: https://chromium-review.googlesource.com/1188477
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55581}
After https://chromium-review.googlesource.com/c/v8/v8/+/1101323 some
AllocationSites can have dropped weak_next field, but this doesn't suported in
serializer/deserializer.
This CL adds support for such AllocationSites.
Change-Id: Ibf495ae4effdf4e127892d906967d8e30eebfc87
Reviewed-on: https://chromium-review.googlesource.com/1183238
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55579}
This CL replaces occurrences of "length" with the CSA macro
LengthStringConstant().
R=jgruber@chromium.org
Bug: v8:8015
Change-Id: Idf095587940f859e4c634865560abae325cd9fb4
Reviewed-on: https://chromium-review.googlesource.com/1201782
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55578}
This CL does two things: It adds a CSA helper to determine whether
the debug_execution_mode is kSideEffects. And it adds a runtime
function that exposes PerformSideEffectCheckForObject.
This will be needed for the Array.p.unshift Torque version.
R=jgruber@chromium.org
Change-Id: Idc1ae077956e0862e613a2c28af3f2cf4d5c3762
Reviewed-on: https://chromium-review.googlesource.com/1196362
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55577}
This CL replaces the JavaScript fall-back for Array.p.shift with a
baseline C++ implementation.
R=jgruber@chromium.org
Bug: v8:7624
Change-Id: Ib55e04e18e4e69089fc541636d3cad7fcb4c7245
Reviewed-on: https://chromium-review.googlesource.com/1186327
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55576}
These are now direct dependencies in Node.js.
R=lushnikov@chromium.org
Change-Id: I01a68394e2e22a1024b6c21b8222ac8b113fc693
Reviewed-on: https://chromium-review.googlesource.com/1179143
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55573}
The typing rules for NumberMax and NumberMin didn't properly deal with
-0 up until now, leading to suboptimal typing, i.e. for a simple case
like
Math.max(Math.round(x), 1)
TurboFan was unable to figure out that the result is definitely going
to be a positive integer in the range [1,inf] or NaN (assuming that
NumberOrOddball feedback is used for the value x).
Bug: v8:8015
Change-Id: I06e14a9c9b0b813eb214ace7749fcc6ab36bb66a
Reviewed-on: https://chromium-review.googlesource.com/1199304
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55570}
Printing of both union and tuple types was broken such that the first
type was always skipped due to a bug.
Bug: v8:8015
Change-Id: I4bd215a9d8fa5bc7e017dd28e66512f4961228d1
Reviewed-on: https://chromium-review.googlesource.com/1199365
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55569}
This makes us spec compliant.
Bug: chromium:875643
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I489870495fe1d326991c99f0551fe3329268c984
Reviewed-on: https://chromium-review.googlesource.com/1199910
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55567}
Instead of creating the SFIs during bootstrapping and storing on the
context, this patch just creates the SFIs on demand.
This patch saves 8 words per context, and several words per bound
function by not storing the SFI.
The created bound JSFunction is cached on the instance anyway, so it's
totally fine to take a small hit when creating the bound JSFunction.
Previously in the JS implementation, the creation of a bound function
was even slower as it was a lazy function that would have to parsed,
compiled and executed. So this is a step up in terms up perf and
memory.
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: If3b8461d00e5b37567b34b236d44e14576b630ff
Reviewed-on: https://chromium-review.googlesource.com/1200006
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55566}
Updates zx_vmar_*_old() callers back to the zx_vmar_*() equivalents,
which have a new parameter order.
Change-Id: I1662b4fbb866cef4eedc13e0db3e9389d4375d1e
Reviewed-on: https://chromium-review.googlesource.com/1199903
Commit-Queue: Wez <wez@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55562}
This reorders arguments in preparation for removing ebx from its
calling convention (in a follow-up some args will be passed on the
stack).
Drive-by: Improve readability in the code handling different cases
(array,spread,...).
Bug: v8:6666
Change-Id: I0160f8efafd0fd0e841739578e01c32b38adb66e
Reviewed-on: https://chromium-review.googlesource.com/1196884
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55557}
We can safely lower ToNumeric(x) to ToNumber(x) as long as we can
guarantee that x is any primitive except BigInt (as ToNumeric would
return that unchanged while ToNumber will throw).
Bug: v8:8015
Change-Id: I66573cc204c7c919095ca7598a027fabef7d71a8
Reviewed-on: https://chromium-review.googlesource.com/1199665
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55556}
