Commit Graph

9751 Commits

Author SHA1 Message Date
Michael Starzinger
5b120949d2 Reland "[wasm] Store signature with {WebAssembly.Function} objects."
This is a reland of 8092acbe41

Original change's description:
> [wasm] Store signature with {WebAssembly.Function} objects.
> 
> This adds simple serialization and deserialization of the signature
> provided when a {WebAssembly.Function} object is constructed. For now
> this signature is only used by the {WebAssembly.Function.type} method,
> but will soon be used when importing such functions as well.
> 
> R=jkummerow@chromium.org
> TEST=mjsunit/wasm/type-reflection
> BUG=v8:7742
> 
> Change-Id: If4a687ea537d8c12f4f01a7d3ac5a795ceb999c6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632211
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61898}

Bug: v8:7742
Change-Id: I5d784165c460abd9d7b07f5cdafc746d5380ccd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632159
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61910}
2019-05-29 08:59:08 +00:00
Ross McIlroy
238dab8d2d [Tools] Update tickprocessor entry processing to work on Android symbols.
On Android libraries there are zero length entries within the ranged
symbols which break our range processing. This updates the logic to
only add entries for zero-length entries if they aren't within the range
of the previously added entry.

Change-Id: I511a6221817c535d967a50413948a29d9deb1e85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627985
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61903}
2019-05-28 17:04:07 +00:00
Michael Starzinger
d46d3570cb Revert "[wasm] Store signature with {WebAssembly.Function} objects."
This reverts commit 8092acbe41.

Reason for revert: Causes UBSan warnings:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/6436

Original change's description:
> [wasm] Store signature with {WebAssembly.Function} objects.
> 
> This adds simple serialization and deserialization of the signature
> provided when a {WebAssembly.Function} object is constructed. For now
> this signature is only used by the {WebAssembly.Function.type} method,
> but will soon be used when importing such functions as well.
> 
> R=​jkummerow@chromium.org
> TEST=mjsunit/wasm/type-reflection
> BUG=v8:7742
> 
> Change-Id: If4a687ea537d8c12f4f01a7d3ac5a795ceb999c6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632211
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61898}

TBR=jkummerow@chromium.org,mstarzinger@chromium.org

Change-Id: I56ea9df5db3f95c05068186097e298cb73a3675d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7742
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632218
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61899}
2019-05-28 15:41:50 +00:00
Michael Starzinger
8092acbe41 [wasm] Store signature with {WebAssembly.Function} objects.
This adds simple serialization and deserialization of the signature
provided when a {WebAssembly.Function} object is constructed. For now
this signature is only used by the {WebAssembly.Function.type} method,
but will soon be used when importing such functions as well.

R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742

Change-Id: If4a687ea537d8c12f4f01a7d3ac5a795ceb999c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632211
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61898}
2019-05-28 14:31:45 +00:00
Georg Schmid
6e89adc80b Weaken representation tracking assertion in load elimination
Feedback pollution can create situations in which we statically see stores to the same field with incompatible representations; dynamically this should be impossible for a single TurboFan compilation unit. Instead of failing an assertion we produce Unreachable nodes.

R=tebbi@chromium.org

Bug: chromium:967434 chromium:967506
Change-Id: Id549ec84f28b4fed2d2e5ef05b40b48bc5b30e97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632169
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61894}
2019-05-28 13:43:05 +00:00
Georg Neis
72fbd957bd [turbofan] Fix serialization of resumables
This is a quick fix for the recent bailout-on-uninitialized feature of
the serializer, which does not work with resumables. For now, simply
treat the ResumeGenerator bytecode as if it was an exception handler
entry point. I want to revisit this later because the proper fix might
be to teach the serializer about the SwitchOnGeneratorState bytecode.

Bug: chromium:966560, v8:7790
Change-Id: I48bc6ba7299faa29802159cc7c36f4629667b5d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630670
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61877}
2019-05-28 09:30:23 +00:00
Benedikt Meurer
70bd7cf0ef Reland "[typedarray] Move external/data pointer to JSTypedArray."
This is a reland of 4b86fea530 with
copy&paste typo in CodeStubAssembler::AllocateByteArray() fixed
(bug led to holes in new space, which was crashing reproducibly
on the ia32 bot).

Original change's description:
> [typedarray] Move external/data pointer to JSTypedArray.
>
> As the next step in supporting huge typed arrays in V8, this moves the
> external/data pointer from the FixedTypedArrayBase backing store to the
> JSTypedArray instance itself, and replaces the special backing stores
> with a plain ByteArray (removing all the code for the FixedTypedArrayBase
> class hierarchy). By doing so, we can drastically simplify the system
> around typed arrays.
>
> Note: Several places in the code base used to check the instance type
> of the elements backing store of a JSTypedArray instead of checking the
> elements kind on the JSTypedArray map directly. Those had to be fixed,
> since the backing store is now always a ByteArray.
>
> Drive-by-fix: Move all the typed elements access related code into the
> elements.cc file to properly encapsulate the accesses.
>
> Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
> Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183
> Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646
> Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61855}

Tbr: petermarshall@chromium.org
Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183
Change-Id: I87fcdb28532c5f08cc227332a4d59546cb423810
Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel
Cq-Include-Trybots: luci.v8.try:v8_linux_shared_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631592
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61864}
2019-05-27 17:44:06 +00:00
Z Nguyen-Huu
6e85742157 Optimize array clone for sealed, frozen objects
Improve micro-benchmark by ~5x
Before:
ApplySpreadLiteral
ApplySpreadLiteral-Numbers(Score): 279
SpreadCallSpreadLiteral
SpreadCallSpreadLiteral-Numbers(Score): 285

After:
ApplySpreadLiteral
ApplySpreadLiteral-Numbers(Score): 1074
SpreadCallSpreadLiteral
SpreadCallSpreadLiteral-Numbers(Score): 1009


Bug: v8:6831
Change-Id: Ifd676ca13d5b7e86afc1578636fdd4dc2733c474
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628244
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61862}
2019-05-27 17:26:06 +00:00
Michael Starzinger
8c5d0e65c8 [wasm] Add preliminary {WebAssembly.Function.type} support.
This adds a reflective function to retrieve the function type of an
exported or constructed WebAssembly function object. Note that this
first implementation only supports exported functions for now, the
support for constructed functions will be done as a follow-up.

R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742

Change-Id: I38a16972d8437521993992ca20887c47c7c6b99b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627989
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61851}
2019-05-27 13:16:28 +00:00
Toon Verwaest
f58b7e1727 [json] Strings can lie to us about representation, so check what's underneath
Bug: chromium:967151
Change-Id: I54a856cfcc4b4b17bd282dd3eabe5a915e617ca5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630683
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61846}
2019-05-27 10:56:44 +00:00
Simon Zünd
82f6179c63 [array] Prevent negative work array capacity when sorting
When allocating large arrays on 32-bit systems, the length conversion
caused the work array capacity to become negative. As the sort range
is currently clamped at kSmiMaxValue anyway, the fix is to also
clamp the work capacity to that value.

R=jgruber@chromium.org

Bug: chromium:967065
Change-Id: I9ea60464c5b7f3796c5389cbaf668b990eddecf6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630672
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61845}
2019-05-27 10:41:44 +00:00
Georg Schmid
85f257f4c9 Reland "Make LoadElimination aware of const fields (Part 2; stores)"
This is a reland of e588ff10e5

The only change over the original CL is found in JSCreateLowering::AllocateFastLiteral. We now guard against boilerplate values for unboxed double fields that *look* like legitimate initial values, but should really be kHoleNanInt64 instead.

The underlying problem certainly existed before, but an invariant added to LoadElimination in this CL caused a Chromium layout test to fail. The change in this reland is therefore a workaround, the root cause remains to be fixed. Specifically, we find that a pointer to the undefined value oddball is sometimes reinterpreted as a double and assigned as a boilerplate value. @jarin suspects that this stems from in-place map updates.

Original change's description:
> Make LoadElimination aware of const fields (Part 2; stores)
>
> Adds const information to store field accesses and uses it in load elimination
>
> Change-Id: I00765c854c95c955dabd78557463267b95f75eef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611543
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Georg Schmid <gsps@google.com>
> Cr-Commit-Position: refs/heads/master@{#61796}

Change-Id: Ie388754890024a3ca7d10c9d4d7391442655b426
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630676
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Schmid <gsps@google.com>
Cr-Commit-Position: refs/heads/master@{#61838}
2019-05-27 09:06:33 +00:00
Simon Zünd
dbf02624c8 [array] Properly handle COW arrays in Array#sort
COW arrays were previously handled in the C++ pre-processing runtime
function.  The Torque version forgot a "EnsureWritableFastElements".
This CL fixes that.

Bug: chromium:967254
Change-Id: Ifbf89e57cfe724e61316b8abc226f7e8a262fce2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630675
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61835}
2019-05-27 08:51:05 +00:00
Z Nguyen-Huu
e846ad9fa5 Implement spec change in some Proxy traps
Pass test262 change in Proxy: defineProperty, deleteProperty, getOwnPropertyDescriptor.

Bug: v8:9228
Change-Id: Id9a2c8dcbfcf68ed2837eb6d5042abcbce7ab0ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1626474
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61832}
2019-05-27 05:04:19 +00:00
Simon Zünd
843b6646b1 Reland "[array] Move Array#sort pre-processing to Torque"
This is a reland of 2b0ac2fb9f

The layout test that caused this revert was fixed with:
https://crrev.com/c/1627386

Original change's description:
> [array] Move Array#sort pre-processing to Torque
>
> This CL removes the "PrepareElementsForSort" runtime function, and
> replaces it with a simpler version in Torque. The biggest difference
> is that certain sparse configurations no longer have a fast-path.
>
> The Torque pre-processing step replaces the existing Torque mechanism that
> copied already pre-processed elements into the "work" FixedArray. The Torque
> compacting works as follows:
>   - Iterate all elements from 0 to {length}
>     - If the element is the hole: Do nothing.
>     - If the element is "undefined": Increment undefined counter.
>     - In all other cases, push the element into the "work" FixedArray.
>
> Then the "work" FixedArray is sorted as before. Writing the elements from
> the "work" array back into the receiver, after sorting, has three steps:
>   1. Copy the sorted elements from the "work" FixedArray to the receiver.
>   2. Add previously counted number of "undefined" to the receiver.
>   3. Depending on the backing store either delete properties or
>      set them to the Hole up to {length}.
>
> Bug: v8:8714
> Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61812}

TBR: jgruber@chromium.org
Bug: v8:8714
Change-Id: If7613f6e5f37c5e0d649e8192195594bc6c32100
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627977
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61827}
2019-05-24 12:13:17 +00:00
Andreas Haas
d964a1b10e [wasm] Allow initialization of anyref tables
New spec changes allow anyref tables to be initialized with function
references.

R=mstarzinger@chromium.org

Bug: v8:7581
Change-Id: I59596e1e383408114b974fa10529ae15b8cf7a15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627348
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61823}
2019-05-24 11:39:56 +00:00
Simon Zünd
70eeb22d1c Revert "[array] Move Array#sort pre-processing to Torque"
This reverts commit 2b0ac2fb9f.

Reason for revert: Breaks scrollingcoordinator/non-fast-scrollable-region-nested.html layout test on https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Linux%2064/32241 

Original change's description:
> [array] Move Array#sort pre-processing to Torque
> 
> This CL removes the "PrepareElementsForSort" runtime function, and
> replaces it with a simpler version in Torque. The biggest difference
> is that certain sparse configurations no longer have a fast-path.
> 
> The Torque pre-processing step replaces the existing Torque mechanism that
> copied already pre-processed elements into the "work" FixedArray. The Torque
> compacting works as follows:
>   - Iterate all elements from 0 to {length}
>     - If the element is the hole: Do nothing.
>     - If the element is "undefined": Increment undefined counter.
>     - In all other cases, push the element into the "work" FixedArray.
> 
> Then the "work" FixedArray is sorted as before. Writing the elements from
> the "work" array back into the receiver, after sorting, has three steps:
>   1. Copy the sorted elements from the "work" FixedArray to the receiver.
>   2. Add previously counted number of "undefined" to the receiver.
>   3. Depending on the backing store either delete properties or
>      set them to the Hole up to {length}.
> 
> Bug: v8:8714
> Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61812}

TBR=peter.wm.wong@gmail.com,jgruber@chromium.org,tebbi@chromium.org,szuend@chromium.org

Change-Id: If1c1bc07f38dfbd4bf6b6ce8f9d70714e7526877
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8714
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627976
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61814}
2019-05-24 07:24:27 +00:00
Clemens Hammacher
b851d753c9 Revert "Make LoadElimination aware of const fields (Part 2; stores)"
This reverts commit e588ff10e5.

Reason for revert: consistently crashes layout tests: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/32225

Original change's description:
> Make LoadElimination aware of const fields (Part 2; stores)
> 
> Adds const information to store field accesses and uses it in load elimination
> 
> Change-Id: I00765c854c95c955dabd78557463267b95f75eef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611543
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Georg Schmid <gsps@google.com>
> Cr-Commit-Position: refs/heads/master@{#61796}

TBR=jarin@chromium.org,neis@chromium.org,tebbi@chromium.org,bmeurer@chromium.org,gsps@google.com

Change-Id: Ia299c36b197c2aad7cfd953b06de06f4536ddb74
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627975
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61813}
2019-05-24 06:28:17 +00:00
Simon Zünd
2b0ac2fb9f [array] Move Array#sort pre-processing to Torque
This CL removes the "PrepareElementsForSort" runtime function, and
replaces it with a simpler version in Torque. The biggest difference
is that certain sparse configurations no longer have a fast-path.

The Torque pre-processing step replaces the existing Torque mechanism that
copied already pre-processed elements into the "work" FixedArray. The Torque
compacting works as follows:
  - Iterate all elements from 0 to {length}
    - If the element is the hole: Do nothing.
    - If the element is "undefined": Increment undefined counter.
    - In all other cases, push the element into the "work" FixedArray.

Then the "work" FixedArray is sorted as before. Writing the elements from
the "work" array back into the receiver, after sorting, has three steps:
  1. Copy the sorted elements from the "work" FixedArray to the receiver.
  2. Add previously counted number of "undefined" to the receiver.
  3. Depending on the backing store either delete properties or
     set them to the Hole up to {length}.

Bug: v8:8714
Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61812}
2019-05-24 06:18:45 +00:00
Jaroslav Sevcik
a7e5504d83 [cleanup] Stop using the now-unused deopt_count from feedback vector.
Unfortunately, we still have to keep the field because GC mole and Torque
do not support platform specific padding well
(see http://crbug.com/v8/9287).

Bug: v8:9183
Change-Id: I2210be4b8174c97bc82145605f9b862aac3bdc37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624791
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61802}
2019-05-23 16:34:54 +00:00
Georg Schmid
e588ff10e5 Make LoadElimination aware of const fields (Part 2; stores)
Adds const information to store field accesses and uses it in load elimination

Change-Id: I00765c854c95c955dabd78557463267b95f75eef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611543
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Schmid <gsps@google.com>
Cr-Commit-Position: refs/heads/master@{#61796}
2019-05-23 15:06:47 +00:00
Andreas Haas
5cf5992a56 [wasm] Initialize IFT only for table 0
The indirect function table only exists for table 0 at the moment.
Therefore we should initialize it only for table 0.

R=mstarzinger@chromium.org

Bug: chromium:964607
Change-Id: I88a3a5cb5ebec7f0456adc2cebdf5cc499b22761
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624804
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61794}
2019-05-23 14:55:46 +00:00
Michael Starzinger
32e48cf510 [wasm] Support {WebAssembly.Function} object construction.
This makes the WebAssembly function constructor return a proper function
object. Note that the returned object is not yet callable, only the
prototype structure is in place.

R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742

Change-Id: If6a3d0ae7078b5526606eef1b8fd4815353b850b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627343
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61792}
2019-05-23 14:32:44 +00:00
Benedikt Meurer
130f919217 [test] Make tests pass with the GC fuzzer.
The tests need to properly hold on to the original fast-mode map,
otherwise the GC might clear that, and so the NormalizedMapCache
lookup would fail due to that.

Bug: chromium:963411, v8:9114, v8:9183, v8:9267
Change-Id: Ic41ed363959a5c182c74097767dc14c366076e17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627333
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61772}
2019-05-23 09:08:45 +00:00
Tobias Tebbi
52636535fa [turbofan] fix deopt-loop for specuative Boolean to Number conversion
Bug: chromium:965513
Change-Id: I18ff91c98ad6106c5d4df260e6ead6a9e2425dbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622119
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61730}
2019-05-22 10:38:39 +00:00
Michael Achenbach
90059ee5a0 [test] Skip slow test on ppc64
TBR=mythria@chromium.org
NOTRY=true

Bug: v8:9246
Change-Id: I18d6c22da5746d3af34c65ea22fd5ef80e4f13fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622850
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61721}
2019-05-22 06:56:53 +00:00
Ben Smith
76537bea86 [wasm] Use new names for instructions
These instructions were renamed in the October 2, WebAssembly CG meeting. The
issue describing the change is here:

https://github.com/WebAssembly/spec/issues/884

Change-Id: Ia9e8733156b5ed5db7fc9ab1681c1a51b874dd71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1620681
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61711}
2019-05-21 18:33:21 +00:00
Toon Verwaest
cdd3c7cb50 [runtime] Make sure we don't inplace update None to Double
This was already unsupported by the map updated because the condition was
manually checked before CanBeInPlaceChangedTo. Since the latter function missed
the check, however, new code using the function (json parser) missed the
relevant check. Simply move the condition to the function.

Bug: chromium:964869
Change-Id: I9424a5706c5f6d637acbf532707da3f1e7d9b55e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622114
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61703}
2019-05-21 15:17:27 +00:00
Michael Achenbach
786c34e59a [test] Skip tests unsuitable for gc fuzzing
NOTRY=true

Change-Id: Ice2b86a5104e55f9c618791222a3bb91a21b655f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621940
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61694}
2019-05-21 13:06:28 +00:00
Andreas Haas
efb11f2068 [wasm] Adjust segment loading for table index > 0
This was supposed to be only a clean-up, but the original code even
invalidated a test and thereby covered a test. I fixed the bug here as
well.

Without testing it I think this fixes https://crbug.com/964607.

Bug: v8:9183
Change-Id: I076f40a2302bfd5b7cecd2ae35d4e05a465e054b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621935
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61691}
2019-05-21 12:54:58 +00:00
Andreas Haas
9155ea6196 [wasm] Allow table.fill of size 0 at position table.length
This CL fixes an issue where V8 does not satisfy the WebAssembly spec of
the anyref proposal.

The table.fill instruction has 3 parameters, {start_index}, {length},
and {value}. V8 trapped with table-out-of-bounds when
{start_index >= table_size}. However, the spec requires that
{start_index == table_size} is valid when {length == 0}.

R=mstarzinger@chromium.org

Bug: v8:7581
Change-Id: I5f83a03fb8e349b48c887535f6f065492feb9ac2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609537
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61689}
2019-05-21 12:46:08 +00:00
Andreas Haas
9a858df67a [wasm][test] Do not add table in addElementSegment
This is just for convenience, and actually surprising behavior.

R=clemensh@chromium.org

Bug: v8:9183
Change-Id: I3316856e63b97bfb06da897c6f8b716bc988aa36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621932
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61684}
2019-05-21 11:05:18 +00:00
Simon Zünd
193a261775 Reland "[stack-trace] Include API functions in Error.stack stack trace"
This is a reland of 3dd5661204

The reland introduces a new flag "--experimental-stack-trace-frames".
The flag is disabled by default, but enabled for relevant tests.
The flag stays disabled by default until API frames are eagerly
symbolized to prevent leaks in blink web tests.

Original change's description:
> [stack-trace] Include API functions in Error.stack stack trace
>
> This CL extends Error.stack to include frames of functions declared
> with the C++ FunctionTemplate API. For example, "print" in d8.
>
> Two changes are necessary:
>   - HandleApiCall and friends need to go through an BUILTIN_EXIT frame
>     instead of an EXIT frame. The existing stack-trace machinery will
>     then pick up FunctionTemplate frames without additional changes.
>   - Turbofan doesn't go through HandleApiCall, but instead uses an
>     ASM builtin to enter FunctionTemplate functions. A "marker"
>     frame state is needed to include these frames in the stack trace.
>
> Note: This CL only includes these frames in Error.stack,
> but not (yet) in the stack-trace API (v8.h).
>
> Bug: v8:8742,v8:6802
> Change-Id: Ic0631af883cf56e0d0122a2e0c54e36fed324d91
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609835
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61602}

Bug: v8:8742, v8:6802
Change-Id: I1d3b79cdf0b2edcbaeff1ec15e10deeca725f017
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621925
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61683}
2019-05-21 10:40:30 +00:00
Andreas Haas
0e89afaa63 [wasm][test] Get rid of the imported parameter in addElementSegments
This parameter was just for convenience but did not end up in the
generated bytes.

R=clemensh@chromium.org

Bug: v8:9183
Change-Id: Id4faf5b9ad20a357c069c3189db6ed14945dea8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621929
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61681}
2019-05-21 10:03:55 +00:00
Z Duong Nguyen-Huu
8cbb60f30c Elements kind should not change after dictionary elements kind.
When reconfigure data field (e.g. change representation), it was allowed to transition from dictionary elements kind to sealed elements kind. With this change, this transition is forbidden.

Bug: chromium:963346
Change-Id: I6c9a5f6f269bc5ee4cd6176ff5e8d803f08dba1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613840
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61670}
2019-05-20 21:31:24 +00:00
Z Duong Nguyen-Huu
9ccad33c97 Optimize spread call for sealed, frozen objects
Also add mjsunit test for spread call with non-extensible objects

Micro-benchmark JSTests/ObjectFreeze shows ~7x improvement

Before:
SpreadCall
SpreadCall-Numbers(Score): 239

After:
SpreadCall
SpreadCall-Numbers(Score): 1461

Bug: v8:6831
Change-Id: Icefd89ad790ac159b7f0617d0a012eefd90d3b1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1614296
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61669}
2019-05-20 20:36:32 +00:00
Jaroslav Sevcik
5504068f49 Revert "[cleanup] Remove the now-unused deopt_count from feedback vector."
This reverts commit ad1fcd4343.

Reason for revert: Breaks waterfall.

Original change's description:
> [cleanup] Remove the now-unused deopt_count from feedback vector.
> 
> Bug: v8:9183
> Change-Id: Iceeccc8ab1e4e77b428e7e2feec39bff3317f241
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617675
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61665}

TBR=mstarzinger@chromium.org,jarin@chromium.org

Change-Id: Iea0e6a329f55a3a941f0b976925b2abdf7eece38
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9183
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619867
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61666}
2019-05-20 17:29:54 +00:00
Jaroslav Sevcik
ad1fcd4343 [cleanup] Remove the now-unused deopt_count from feedback vector.
Bug: v8:9183
Change-Id: Iceeccc8ab1e4e77b428e7e2feec39bff3317f241
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617675
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61665}
2019-05-20 15:48:33 +00:00
Michael Starzinger
92ef97d57c [wasm] Add argument checking to {WebAssembly.Function}.
This adds proper loading and parsing of the arguments that are being
passed to the {WebAssembly.Function} constructor function, including
tests covering most of the negative cases.

R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742

Change-Id: Id4d67789604ee72aec5ad831004a01434c1c6d6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619748
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61659}
2019-05-20 14:11:06 +00:00
Benedikt Meurer
437d710fc5 [map] Move Map::IsInRetainedMapListBit out of Map::bit_field2.
The invariant is that Map::bit_field2 shouldn't change, and the
IsInRetainedMapListBit apparently changes when the map is held
weakly from optimized code. This causes TurboFan compilations to
change the Map::Hash() result, which in turn causes lookups on
the normalized map cache to miss (and maybe other bad consequences).

With this change we swap Map::IsInRetainedMapListBit (previously in
bit_field2) and Map::HasHiddenPrototypeBit (previously in bit_field3)
to address this problem.

Bug: chromium:963411, v8:9114, v8:9267
Change-Id: I040a27c37305fa602649750bd93bee40c91fca78
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619747
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61657}
2019-05-20 14:01:46 +00:00
Yang Guo
5cc9f9bc5f Revert "[stack-trace] Include API functions in Error.stack stack trace"
This reverts commit 3dd5661204.

Reason for revert: causes leak tests in blink layout tests to fail: https://ci.chromium.org/p/chromium/builders/ci/WebKit%20Linux%20Trusty%20Leak/34295

Steps to reproduce:
- Build blink_tests with following GN args
is_component_build = false
is_debug = false
strip_absolute_paths_from_debug_symbols = true
- Run
third_party/blink/tools/run_web_tests.py --additional-expectations third_party/blink/web_tests/LeakExpectations --time-out-ms 48000 --enable-leak-detection external/wpt/wasm/webapi/body.any.html

Original change's description:
> [stack-trace] Include API functions in Error.stack stack trace
> 
> This CL extends Error.stack to include frames of functions declared
> with the C++ FunctionTemplate API. For example, "print" in d8.
> 
> Two changes are necessary:
>   - HandleApiCall and friends need to go through an BUILTIN_EXIT frame
>     instead of an EXIT frame. The existing stack-trace machinery will
>     then pick up FunctionTemplate frames without additional changes.
>   - Turbofan doesn't go through HandleApiCall, but instead uses an
>     ASM builtin to enter FunctionTemplate functions. A "marker"
>     frame state is needed to include these frames in the stack trace.
> 
> Note: This CL only includes these frames in Error.stack,
> but not (yet) in the stack-trace API (v8.h).
> 
> Bug: v8:8742,v8:6802
> Change-Id: Ic0631af883cf56e0d0122a2e0c54e36fed324d91
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609835
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61602}

TBR=yangguo@chromium.org,sigurds@chromium.org,jgruber@chromium.org,bmeurer@chromium.org,szuend@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:8742, v8:6802
Change-Id: I4942cd32c6ee5e249dae046eea6b9b2f7120b8ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617933
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61639}
2019-05-20 09:04:47 +00:00
Ujjwal Sharma
094435b6b6 Reland "[turbofan] Add fast path for single-character String#startsWith()"
This is a reland of e7e512da66

Original change's description:
> [turbofan] Add fast path for single-character String#startsWith()
> 
> This CL adds a fast path to String#startsWith(s) if s is a
> single character string.
> 
> Bug: v8:8400
> Change-Id: Ibd6a9d1e46d98f41c198d2b579208e25003eedb0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1525362
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61504}

Bug: v8:8400
Change-Id: Ic2d60ccb8fdeb51373fcd025a7e970fda0c14d79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1618342
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61637}
2019-05-20 08:42:57 +00:00
Jakob Kummerow
ffb8ae4f77 [tests] Fix two tests to be --gc-interval robust
deopt-unlinked.js: bytecode flushing destroys the information that
%GetDeoptCount relies on, so turn that off for this test.

cleanupsome-after-unregister.js: the function-local object {o} is
assumed to be alive throughout the function, so make sure its live
range (from the optimizing compiler's view) extends that far.

Drive-by cleanup: drop some unnecessary casting boilerplate from
Genesis::InitializeGlobal_harmony_intl_date_format_range().

Change-Id: I28617f842fe046dd0875a9a082cfc55a3a076bcf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617674
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61621}
2019-05-17 16:59:37 +00:00
Mythri A
2ebff71935 [test] Skip es6/classes in stress mode on PPC
es6/classes is slow to run in stress mode and times out on PPC.
As a long term fix we should split this into multiple tests so
each individual test runs faster.

Bug: v8:9246
Change-Id: I95eed06d85f73cc66229dfbd83ac7521dcbbb54f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615252
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61619}
2019-05-17 15:50:31 +00:00
Mike Stanton
c9b48e96ec [Torque] Array.prototype.shift correctness fix
Fastpath failed to store the hole on the array left side.

Bug: chromium:940274
Change-Id: I1eca7b241030474cf5aed6c68f155a1d22ae553e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617255
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61618}
2019-05-17 14:38:30 +00:00
Michael Starzinger
8a95dd3b55 [wasm] Add preliminary {WebAssembly.Function} constructor.
This adds a constructor function to be used as the base class for all
exported functions. With type reflection enabled exported functions are
instances of this new constructor. Using the constructor directly as
well as the 'type' property is still missing.

R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742

Change-Id: Id58359cf7866d24be0745abf36a839d3d86e5922
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617253
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61614}
2019-05-17 13:51:39 +00:00
Santiago Aboy Solanes
d382c2eabe [ptr-compr] Adding compressed case to lowering of Boolean Not
Fixes the chromium bug 963891

Bug: chromium:963891
Change-Id: Ie90c9581044b7d10dd8fcd73d52bda5fdfead292
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617248
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61608}
2019-05-17 12:45:48 +00:00
Maya Lekova
e7a5816e87 [test] Skipped slow tests on TSAN
NOTRY=true

Bug: v8:9242, v8:9026
Change-Id: I4047d128913968c2e7d89f461881d84e0c22849c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617256
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61606}
2019-05-17 12:06:55 +00:00
Santiago Aboy Solanes
1ebabbe9a7 [ptr-compr][arm64] Fix to timeout of regress-708247
Skipping rather than reverting the CL that introduced the slowness, due to
the fact that said CL is a Stable blocker fix.

Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:9256
Change-Id: I8f8b57c415d2b54fe57c43a87e42990909295c57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615260
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61603}
2019-05-17 09:30:17 +00:00
Simon Zünd
3dd5661204 [stack-trace] Include API functions in Error.stack stack trace
This CL extends Error.stack to include frames of functions declared
with the C++ FunctionTemplate API. For example, "print" in d8.

Two changes are necessary:
  - HandleApiCall and friends need to go through an BUILTIN_EXIT frame
    instead of an EXIT frame. The existing stack-trace machinery will
    then pick up FunctionTemplate frames without additional changes.
  - Turbofan doesn't go through HandleApiCall, but instead uses an
    ASM builtin to enter FunctionTemplate functions. A "marker"
    frame state is needed to include these frames in the stack trace.

Note: This CL only includes these frames in Error.stack,
but not (yet) in the stack-trace API (v8.h).

Bug: v8:8742,v8:6802
Change-Id: Ic0631af883cf56e0d0122a2e0c54e36fed324d91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609835
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61602}
2019-05-17 09:09:10 +00:00