This fixes a bug which causes the call count to change when
changing the speculation mode.
Bug: v8:7127
Change-Id: Icb43bd9ac392a5be4df154cb1e5cd4365013efc4
Reviewed-on: https://chromium-review.googlesource.com/911575
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51227}
d8's fragile path manipulation code requires that backslashes are
replaced with slashes before further processing. NormalizePath() is
the function that does this, and it's called in almost all the
required cases. But because of Clusterfuzz runs tests with
an absolute URL on the commandline, there was one case that
slipped through. This patch closes that gap.
No test added since this only reproduces under Clusterfuzz, not
in running mjsunit tests.
Bug: chromium:784012
Change-Id: Ie699e93ff1acb79edfe25ce59d576e9f7bd8c022
Reviewed-on: https://chromium-review.googlesource.com/912325
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51224}
This is a purely cosmetic change. Rename all local variables and
parameters of type CallDescriptor* to "call_descriptor".
For locals that are now named "call_descriptor", use auto upon
initialization, following the Google style guide
(https://google.github.io/styleguide/cppguide.html#auto).
Note: fields in structs and classes were not renamed in this CL.
R=clemensh@chromium.org,mstarzinger@chromium.org,jarin@chromium.org
Change-Id: Ic6f7afdba12f7b97741b098a9d0e0f58c41c587e
Reviewed-on: https://chromium-review.googlesource.com/909866
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51223}
Extend the current OOB support for typed arrays to also handle the
negative integer indices in the fast-path. This is safe because in
ECMAScript we never look up integer indexed properties (including
negative indices) on typed arrays in the prototype chain.
This reduces the performance cliff shown in the benchmark on the
relevant bug from
console.timeEnd: Runtime deopt, 596.185000
console.timeEnd: Runtime deopt, 1444.289000
console.timeEnd: Runtime deopt, 1445.191000
console.timeEnd: Runtime deopt, 1443.008000
to
console.timeEnd: Runtime deopt, 590.017000
console.timeEnd: Runtime deopt, 784.899000
console.timeEnd: Runtime deopt, 792.428000
console.timeEnd: Runtime deopt, 786.740000
which corresponds to a 2x improvement overall. It's not for free,
especially not in this benchmark, but the cliff isn't as bad as
it was previously.
Bug: v8:7027
Change-Id: Icf8a7ee87bb7ebc54f82c1b9166fc5e78c12bc0e
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/911574
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51222}
This refactors the instruction cache simulation to now be maintained
process-wide (as opposed to be per Isolate). It prepares for allowing
to share code between Isolates (e.g. WebAssembly or shared builtins)
while still allowing to simulate execution of such shared code.
R=clemensh@chromium.org
Change-Id: I5a6f083f4e32597565dc646f13b4445014c0daaa
Reviewed-on: https://chromium-review.googlesource.com/909130
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51219}
This avoids the ambiguous implicit conversion C++ compile
errors we had to fix with static_cast before.
Change-Id: I4247f617740f2b6d14d9588a902e0e25029a6726
Reviewed-on: https://chromium-review.googlesource.com/911629
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51217}
Add support for retrieving i64 parameters and returning them from a
liftoff function.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I407b6e3cde6967bacc59d8c3a54e0d5798164d18
Reviewed-on: https://chromium-review.googlesource.com/909215
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51214}
We don't need to generate TypedArraySpeciesCreate code for each type
case because TypedArraySpeciesCreate also handles each case, so it
generates duplicated codes. Thus, create a result object once before
switching to each type case. Also, replace ToNumber with
ToNumber_Inline.
This CL saves about 8000 bytes of generated code size.
Change-Id: I014535b0ef4b3d2a50a37cdc2b6cb4e83f6c2f17
Reviewed-on: https://chromium-review.googlesource.com/910755
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51213}
Fix 8238562b60
Requirement that the address is stored kJavaScriptCallCodeStartRegister
caused failures on MIPSR6, because of R6 optimization which doesn't load
the address in kJavaScriptCallCodeStartRegister.
Change-Id: If05d8bfe8601288b10fc65cca77664fe9638bbe9
Reviewed-on: https://chromium-review.googlesource.com/910851
Reviewed-by: Miran Karić <miran.karic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51212}
When streaming compilation for WebAssembly gets aborted, we reject the
promise associated with the compilation. However, in some circumstances,
e.g. when streaming comilation gets aborted because the browser tab gets
refreshed, then we want to omit rejecting the promise. In an older CL
(https://crrev.com/c/876103) we omit rejecting the promise when the
exception value is null. With this CL the exception value is a MaybeLocal
so that we document properly that the value can be null. In addition, I
added documentation to say that in that case we do not reject the promise.
R=adamk@chromium.org
Bug: chromium:803838
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6a093e61c8ec63f7ae385a7f77ae6178e7b34a06
Reviewed-on: https://chromium-review.googlesource.com/897647
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51211}
This allows to emit the best opcode for the register move. The type is
available at all call sites anyway.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I8516deff4d8a5480cea9df37cfc003fb9c668e8c
Reviewed-on: https://chromium-review.googlesource.com/910910
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51210}
The suppression flag must be set before loading the tests to have an effect.
This got turned around in https://crrev.com/c/899366 and is fixed again by
this CL.
TBR=sergiyb@chromium.org
NOTRY=true
Bug: v8:6917
Change-Id: Ie58465288a0d6eec9a99a23d610710de9e1cdddd
Reviewed-on: https://chromium-review.googlesource.com/911114
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51209}
This removes the Javascript version of Array.from in js/array.js and
adds a CodeStubAssembler version in src/builtins/builtins-array-gen.cc.
Also modify IteratorBuiltinsAssembler to allow querying the existence
of the iterator method without calling it so we can fall back to the
array-like behavior.
BUG=v8:1956
Change-Id: Ibfb3cef002d72d70bd30b4de676fd22becde006c
Reviewed-on: https://chromium-review.googlesource.com/887066
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51208}
Add support for i64 loads and stores.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I494fb466f702c8b89b96f7ded6d1cf09ec6991fb
Reviewed-on: https://chromium-review.googlesource.com/902046
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51207}
Since we naively build the JS source code through concatenation,
we need to ensure the regexp literal does not end up being interpreted
as a multiline comment:
const re = /*/;
Bug: v8:6741,chromium:808418
Change-Id: Id52fbd2d62c14fc634d05fa1b0192ab86cc9e4fc
Reviewed-on: https://chromium-review.googlesource.com/905667
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51206}
This new variant is executed on a small number of bots as part of the
"extra" suite. It checks that the wasm-jit-to-native flag can still be
disabled if unexpected failures pop up on a release branch.
R=machenbach@chromium.org
Bug: v8:7417
Change-Id: I1658cb2f04302fa80915b59bfedd85d980742db5
Reviewed-on: https://chromium-review.googlesource.com/909213
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51204}
As part of https://chromium-review.googlesource.com/902283 I changed the
JSCreateClosure lowering to respect the pretenure flag on the operator,
but that tanks some benchmarks heavily, as the Parser marks closures
like
args[l] = function(...) { ... }
for old-space allocation, which backfires for short-living closures.
Bug: v8:7253, chromium:810132
Change-Id: I66f048553d9f2a70b2691537e726128f3fb01563
Reviewed-on: https://chromium-review.googlesource.com/910849
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51203}
Added counter to correctly reflect the number of non-compiled functions.
Added usages of variables used only for tracing or debug to avoid compiler
warnings.
R=clemensh@chromium.org
Change-Id: I4c8d9c0f43bf23250b4702e43592cd64046d28c7
Reviewed-on: https://chromium-review.googlesource.com/907890
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51201}
This CL fixes several unrelated failures with --no-wasm-jit-to-native.
A follow-up CL will then add a new test variant with that flag.
R=ahaas@chromium.org
Bug: v8:7417
Change-Id: I40a7be53a50d0efbbec8de49aceeb4a43a1f41de
Reviewed-on: https://chromium-review.googlesource.com/909212
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51200}
The return type of {CallFPImpl} differs between declaration and
definition (int32_t vs intptr_t). Even though our bots seem to be fine
with this, I got a compile error on mac.
R=mstarzinger@chromium.org
Change-Id: I4fb26cbe712c090d08dfcd2614a7af78de09e448
Reviewed-on: https://chromium-review.googlesource.com/909428
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51196}
We used to calculate hash in completely incorrect way. We use each
forth character to calculate hash but we should use each one.
R=dgozman@chromium.org
Bug: v8:7426
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iaaa317bbf3b3ef71632735dfd069db450283b6f4
Reviewed-on: https://chromium-review.googlesource.com/909586
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51191}
Timeouts on num-fuzzer only lead to false positives, as tests might
take unpredictably longer.
This CL forgives timeouts through a global override mechanism of the
expected outcomes. This allows to remove already existing scattered
code that allowed timeouts in some test suites only.
Bug: v8:6917
Change-Id: Ib131765d360e335789c1952bc6793ed051e016ea
Reviewed-on: https://chromium-review.googlesource.com/908454
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51188}
Port 876f37c3de
Original Commit Message:
We reuse most of the infrastructure to set break points, with minor
differences when we encounter functions where we can only break on entry:
- PrepareFunctionForBreakPoints simply deopts all functions.
- Break point objects have the canonical source position 0.
- Break point is set/checked/cleared via bit on the DebugInfo.
- Debug::Break do not continue stepping since stepping is implemented via
regular break points and therefore do not interfere with break on entry.
I promise to add more tests.
R=yangguo@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I0595652adced533c1032a6c3fd64cddfd4e730da
Reviewed-on: https://chromium-review.googlesource.com/909292
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51186}
Change to v8/BUILD.gn regarding GN build of V8. Excluding platform-posix-time.h
and platform-posix-time.cc from the sources list on AIX os. The changes affect
AIX only.
Bug: chromium:616029
Change-Id: I5e5d46aa4c62f70544ff593294e459c607a03c67
Reviewed-on: https://chromium-review.googlesource.com/897124
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51183}
PromiseHooks can be called with a proxy which fails the cast and
crashes. This patch changes the runtime functions to
explicitly check for a JSPromise.
This has the side effect of removing the existing broken support for
catch prediction for non native promises.
Bug: v8:7398, v8:7190
Change-Id: I66dbe5f9935943a91afb7ee14919bd9248f9f7e4
Reviewed-on: https://chromium-review.googlesource.com/907677
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51182}
This reverts commit 14108f4c2e.
Reason for revert: Not the culprit for Canary microtask crashes
Original change's description:
> [builtins] Mega-revert to address the Dev blocker in crbug.com/808911.
>
> - Revert "[builtins] Save one word in contexts for Promise.all."
> This reverts commit 7632da067b.
> - Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
> This reverts commit d4f072ced3.
> - Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
> This reverts commit 6703dacdd6.
> - Revert "[debugger] Properly deal with settled promises in catch prediction."
> This reverts commit 40dd065823.
> - Revert "[builtins] Widen the fast-path for Promise builtins."
> This reverts commit db0556b7e8.
> - Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
> This reverts commit a582199c5e.
> - Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
> This reverts commit 6bf8885290.
> - Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
> This reverts commit 313b490ddd.
> - Revert "[builtins] Inline InternalPromiseThen into it's only caller"
> This reverts commit f7bd6a2fd6.
> - Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
> This reverts commit b23b098fa0.
> - Revert "[promise] Remove incorrect fast path"
> This reverts commit 0f6eafe855.
> - Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
> This reverts commit 8a677a2831.
> - Revert "[builtins] Refactor promises to reduce GC overhead."
> This reverts commit 8e7737cb58.
>
> Tbr: hpayer@chromium.org
> Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
> Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/906991
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51158}
Change-Id: I09d958cbebd635a325809072a290f2f53df8c5d4
Tbr: adamk@chromium.org,yangguo@chromium.org,bmeurer@chromium.org
Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/908988
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51181}
For local variables of type i64 and also for i64 constants, it makes
sense to store the constant value in the {VarState} instead of loading
the value into a register immediately. This also helps with some
instructions like i64 bitshifts, but also general patterns like
incrementing an i64 local variable by a fixed number.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: Ibed15228bbc53632dd3e60d7862ff2fbcb9832ca
Reviewed-on: https://chromium-review.googlesource.com/904443
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51179}
The new macro takes a void(Label* ok, Label* not_ok), which should
generate statements that branch to one of the labels. If the not_ok
Label is reached, it will abort just like CSA_ASSERT.
Also replaces an instance of #ifdef DEBUG ... #endif with this pattern
in builtins-regexp-gen.cc
Change-Id: Ie7ec87e041c040c03f9c528dccc8e709e50ed9b9
Reviewed-on: https://chromium-review.googlesource.com/906933
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51178}
