Instead of repeating it in every configuration, just add it to the
common FLAGS.
R=machenbach@chromium.org
Change-Id: I93e7ef0f0ad55bfe0a0e24f50d5a73d4658d7554
Reviewed-on: https://chromium-review.googlesource.com/1141733
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54552}
The data of an ArrayBuffer lives at backing_store(), not at
allocation_base(), which is just used as the pointer to free when the
buffer is unreachable.
Change-Id: Id6157ec4cf5b42631461327b3e6078fe25d20c57
Reviewed-on: https://chromium-review.googlesource.com/1143189
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54551}
Change many uses of deprecated methods returning Locals to use the
MaybeLocal versions.
Also fix uses of Utf8Length to use the Isolate versions.
Bug: v8:7754
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib89df12e6cc5ca50296d21b2bb51a3f3ed065dd4
Reviewed-on: https://chromium-review.googlesource.com/1142779
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54550}
Instead of having a separate liftoff config, which is tested against
the default (which currently means tier-up from liftoff to turbofan),
just choose reasonable liftoff configs for the existing configs.
'ignition' now implies pure liftoff execution.
'ignition_turbo_opt' always compiles with turbofan.
Other configs use the default (tier up).
R=machenbach@chromium.org
Bug: chromium:824098, v8:6600
Change-Id: I92c008fc1b1fa54d3161fb5695a095127d6ac263
Reviewed-on: https://chromium-review.googlesource.com/1141731
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54548}
This CL replaces all std::endl in implementation-visitor
since std::endl flushes the stream (which is not necessary).
R=tebbi@chromium.org
Bug: v8:7754, v8:7793
Change-Id: Ic4b43905280020a99cb405cc90440b2adb679839
Reviewed-on: https://chromium-review.googlesource.com/1142780
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#54546}
This reverts commit 9eca23e9ed.
Reason for revert: Clusterfuzz correctness issue
Original change's description:
> [turbofan] Inline Number constructor in certain cases
>
> This CL adds inlining for the Number constructor if new.target is not
> present. The lowering is BigInt compatible, i.e. it converts BigInts to
> numbers.
>
> Bug: v8:7904
> Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82
> Reviewed-on: https://chromium-review.googlesource.com/1118557
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54454}
TBR=jarin@chromium.org,neis@chromium.org,sigurds@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7904
Change-Id: Ie5fa6c1262b8acc33edb672a0124f4458fcded86
Reviewed-on: https://chromium-review.googlesource.com/1142777
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54544}
Remove the function identifier field from SharedFunctionInfo. This field
would store one of a) the function's inferred name, b) the "builtin
function id", or c) debug info. We remove these in turn:
a) The function's inferred name is available on the ScopeInfo, so like
the start/end position we read it off either the ScopeInfo (for
compiled functions) or the UncompiledData (for uncompiled functions).
As a side-effect, now both UncompiledData and its subclass,
UncompiledDataWithPreparsedScope, contain a pointer field. To keep
BodyDescriptors manageable, we introduce a SubclassBodyDescriptor
which effectively appends two BodyDescriptors together.
b) The builtin function id is < 255, so we can steal a byte from
expected no. of properies (also <255) and store these together.
Eventually we want to get rid of this field and use the builtin ID,
but this is pending JS builtin removal.
As a side-effect, BuiltinFunctionId becomes an enum class (for better
storage size guarantees).
c) The debug info can hang off anything (since it stores the field it
replaces), so we can attach it to the script field instead.
This saves a word on compiled function (uncompiled functions
unfortunately still have to store it in UncompiledData).
Bug: chromium:818642
Change-Id: I8b4b3a070f0fe328aafcaeac58842d144d12d996
Reviewed-on: https://chromium-review.googlesource.com/1138328
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54543}
Instead of looking up functions by their function literal id (which can
be slow now that function id involves a linear search for compiled
functions), we key the lookup by the function's start position.
This means that the script+literal id swapping to find equivalent
unchanged functions during constant pool patching no longer works -- we
could replace it by fixing up the start position of the redundant new
function, but instead we just build up a side-table mapping (new) start
positions to function literal ids, and use that function literal id to
find the old function in the script's SFI list.
Change-Id: I10bfce6c39665cba063e0ddbc8fd38a6f5fd5513
Reviewed-on: https://chromium-review.googlesource.com/1140169
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54542}
The WebAssembly spec is not fully deterministic: the sign bit of NaN
can be arbitrary. This sign bit can be observed by several WebAssembly
opcodes. In the testcase the sign bit of NaN makes the difference
between terminating code and an infinite loop.
In the libfuzzer fuzzer we have to prevent infinite loops ourselves.
At the moment we do this by only execute generated code of WebAssembly
modules for which the interpretation of the code ends in a limited
number of steps. With the non-determinism described above we cannot
guarantee the absence of infinite loops with this method. Therefore
we stop now to execute generated code of WebAssembly modules for which
we observe possible non-determinism in the interpreter.
R=clemensh@chromium.org
Bug: chromium:863829
Change-Id: I461d67df87d672bed25d6c915ba7ea5134cb5890
Reviewed-on: https://chromium-review.googlesource.com/1141945
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54541}
This CL fixes a bug where a fast-path was used on non-extensible
objects.
R=jgruber@chromium.org
Bug: chromium:865264,chromium:865285
Change-Id: Ie14c95b383a65576799c71576a5c0f9f8e1c29ca
Reviewed-on: https://chromium-review.googlesource.com/1142766
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#54539}
This is a reland of 7f67cbd4d1
Original change's description:
> [turbofan] More brokerization in JSCreateLowering.
>
> Brokerized ReduceJSCreateEmptyLiteralObject and added the scope
> for ReduceJSCreateLiteralArrayOrObject.
>
> Bug: v8:7790
> Change-Id: Ife34a6b610678a3fe24152151cf343400ee515bd
> Reviewed-on: https://chromium-review.googlesource.com/1140306
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54507}
Bug: v8:7790
Change-Id: Ia79ff9ef49c727155a9c476268234e56d2cc9fcb
Reviewed-on: https://chromium-review.googlesource.com/1142984
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54538}
The previous change to futex.js will spawn too many workers in d8 in
some test configurations, which will throw an error.
This CL works around that by spawning fewer workers for the
Atomics.notify tests.
TBR=adamk@chromium.org
Bug: v8:7338
Change-Id: I0f3583781e5352b4d6672d43a087dc56d920122d
Reviewed-on: https://chromium-review.googlesource.com/1142895
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54536}
Turbofan support for property loads from module namespace objects
has been tested by the test/js-perf-tests/Modules/basic-namespace
benchmark, but so far not by the mjsunit suite. This CL adds such
a test.
This is a follow-up to 8d7379c066.
Change-Id: I3c4183d761693199e6bc8740b812279efcd791a0
Reviewed-on: https://chromium-review.googlesource.com/1142594
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54535}
At the May 2018 TC39 meeting, they decided to rename Atomics.wake to
Atomics.notify. This change adds Atomics.notify as an alias, but does
not remove Atomics.wake, which will be removed later.
This allows for embedders to use either name to prevent
breaking tests. When the tests are switched over, we can remove
Atomics.wake.
Bug: v8:7883
Change-Id: If057ebff162bde975c6e1b60d83a4662f144e81f
Reviewed-on: https://chromium-review.googlesource.com/1142290
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54534}
- Modifies LinkageAllocator to understand aliasing on ARM.
- Adds ability to allocate SIMD registers too. Before, these would
default to stack allocated.
- Modifies WasmCompiler to be platform-independent.
Bug: v8:7754
Change-Id: I0c4355a44a4f409053b51ff675521a465e38aeb8
Reviewed-on: https://chromium-review.googlesource.com/1141114
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54533}
Avoid the C-call to switch the flag, just store to the address
directly. Since js-to-wasm wrappers are still isolate dependent,
we just store the address of the thread-local flag in the isolate
(in ThreadLocalTop) and update it if threads are switched.
R=ahaas@chromium.org, mstarzinger@chromium.org
Bug: chromium:862123, v8:5277
Change-Id: I9e8a40094f11a8b3ba6701dfa7fa026a2d052cb1
Reviewed-on: https://chromium-review.googlesource.com/1136299
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54531}
Move brackets enclosing declarator in a couple of V8_DEPRECATE_SOON
cases so that the attribute is correctly placed.
I.e. should come after the class keyword and after a function signature
but before the body.
Also adds suppressions for a case where a replacement method calls
the deprecated method it replaces.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I490ff07a13552cf335186d64ca061f21ac4e8afc
Reviewed-on: https://chromium-review.googlesource.com/1140593
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54527}
ReadOnlyRoots means that some added Isolate parameters are no longer
needed. So, we can remove them.
This patch was generated mostly automatically with a bespoke tool.
Bug: v8:7786
Bug: v8:7754
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ia44fd2a66652253f780e3674bf7fb431caef0493
Reviewed-on: https://chromium-review.googlesource.com/1136305
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54526}
For a script '()=>42', the anonymous arrow function has both start and
end position the same as the script function itself. This causes issues
when sorting the SourcePositionEvents of the function, in two ways:
* If the start positions are the same, we should order by *furthest*
end position to ensure the stack is in the right order
* If both start and end are the same, we need to order by function
literal id to make sure that start order and end order are inversed.
Also, MapLiterals assumes that start+end position uniquely identifies a
function, which is false in this case, so we process the top-level
script function separately in MapLiterals.
Change-Id: I2b2185dc2825018b7ea44c7d0918238e9b1dd972
Reviewed-on: https://chromium-review.googlesource.com/1141741
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54525}
This CL moves Array.p.fill from JavaScript to a C++ builtin. It has
a generic slow-path and fast-paths implemented via ElementsAccessor in
elements.cc.
R=cbruni@chromium.org
Bug: v8:7624
Change-Id: I8820e1195d2cd9b41c254058923ad9875aab067c
Reviewed-on: https://chromium-review.googlesource.com/1131130
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54522}
This is no longer necessary since we removed the debug context.
R=jgruber@chromium.org
Bug: v8:5530
Change-Id: Ibb9df3a1f139ee076296faedb80204e7fcc23197
Reviewed-on: https://chromium-review.googlesource.com/1134746
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54521}
This helps debugging unexpected traps, as you can figure out which
instruction triggered the trap.
R=mstarzinger@chromium.org
Change-Id: I61735f14e2838ace195f6b84b555b9ddfc06aa0f
Reviewed-on: https://chromium-review.googlesource.com/1140296
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54515}
Convert all remaining uses (in api.cc) to use private local
implementations. These local uses all appear inside deprecated
functions.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I86bcafd4c8a737da32fcb8ab275ec708632f9e39
Reviewed-on: https://chromium-review.googlesource.com/1140319
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54514}
Strictly speaking there are some left in api.cc, but they are in
deprecated functions with non-deprecated alternatives.
Apart from changes made using tooling, this also modifies
FieldType::AsClass to return Map* rather than Handle<Map> and converts
its call sites to create the Handle when they need it - currently
several sites immediately dereference the Handle.
Also marks WasmDebugInfo as NeverReadOnlySpaceObject so GetIsolate and
GetHeap remain usable.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I7ea5048f97f140c757f651712b8c33a5c7e0ebc1
Reviewed-on: https://chromium-review.googlesource.com/1140302
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54513}
This removes two pointers to Histograms from the memory tracker. These
histograms are stored as part of the Isolate and their lifetime is also
coupled to the Isolate. We cannot bind the pointers but need to pass
them (or the Isolate) as a parameter instead.
R=clemensh@chromium.org
BUG=v8:7424
Change-Id: I6b141b924bd858234641d6603a25fcb08cdf40e3
Reviewed-on: https://chromium-review.googlesource.com/1140312
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54512}
Now we can finally get rid of Map::weak_cell_cache!
BUG=v8:7308
Change-Id: I87a06509bf638bf6833ea2ba1eca525fb4b15df1
Reviewed-on: https://chromium-review.googlesource.com/1128882
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54511}
The BodyDescriptor of an object should use its aligned size.
Change-Id: If743ca130b3cb97c4f25054db6dc887d88fc5e32
Reviewed-on: https://chromium-review.googlesource.com/1140309
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54510}
Brokerized ReduceJSCreateEmptyLiteralObject and added the scope
for ReduceJSCreateLiteralArrayOrObject.
Bug: v8:7790
Change-Id: Ife34a6b610678a3fe24152151cf343400ee515bd
Reviewed-on: https://chromium-review.googlesource.com/1140306
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54507}
We try to prevent side effects by forbidding running any JavaScript
when we get property from node object.
In case of object node it is possible that by calling property we force
internal object initialization which may force creation of new context,
this initialization can not be made with forbided JavaScript and at the
same time is side effect free.
As workaround we can warmup dom objects first and then generate
description.
R=dgozman@chromium.org
Bug: chromium:827585
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ifd2c6317ffd5cb3822d2a2eedf3d0b0f36a201f1
Reviewed-on: https://chromium-review.googlesource.com/1041078
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54505}
