This cl also fixes two bugs in the previous code:
1) JITed functions were not allowed access to the heap because the module instance wasn't correctly synthesized. This wasn't discovered in the previous test.
2) Decoding of functions with the JITSingleFunction opcode was off by 1 as the length of the opcode wasn't computed correctly.
BUG=5044
Review-Url: https://codereview.chromium.org/2168183002
Cr-Commit-Position: refs/heads/master@{#37957}
Replace the zonelist with a link from a scope to any of its inner scopes, and a link to any sibling scope.
This makes scopes that track inner scopes use roughly the same amount of space as previously scopes without inner scopes would use for the empty zonelist (pointer to the memory + length field, which, granted could be slightly smaller on 64bit).
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2162143005
Cr-Commit-Position: refs/heads/master@{#37941}
Use the ForInFilterStub directly. Hence we will only jump to the runtime for
special receivers (instance_type <= LAST_SPECIAL_RECEIVER_TYPE) and for
converting element indices which are not in the string cache.
BUG=
Review-Url: https://codereview.chromium.org/2151773002
Cr-Commit-Position: refs/heads/master@{#37934}
Move VisitLiteral to decide what type of literal is being emitted by
checking the raw ASTValue type, instead of the internalized on-heap
value. This is required for concurrent bytecode generation.
As part of this change, the NUMBER AstValue constructor is modified to
try to convert numbers without a dot to SMIs where possible. This is to
maintain the behavior in NewNumber where such numbers are internalized as
SMIs, and ensures that we still emit LdaSmi bytecodes for these values
in the generated bytecode.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2152853002
Cr-Commit-Position: refs/heads/master@{#37931}
This removes a duplicate control scope. The visitor for ForOfStatement
nodes in the AST uses VisitIterationBody which pushes a separate control
scope. The number of control scopes will be off when we use them for
tracking loop depths.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2164503005
Cr-Commit-Position: refs/heads/master@{#37930}
Reason for revert:
Breaks tsan:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/10758
Original issue's description:
> [Intepreter] Always use BytecodeGraphBuilder when --turbo-from-bytecode
>
> Always use the BytecodeGraphBuilder when the --turbo-from-bytecode
> is enabled, assuming the function should be compiled for Ignition.
> Adds a new MaybeOptimizeIgnition function to runtime-profiler
> which is called if the function should be optimized from bytecode
> rather than going via full-codegen.
>
> BUG=v8:4280
>
> Committed: https://crrev.com/9ca7db914be88e6792a88eab4a1988ee031d70c4
> Cr-Commit-Position: refs/heads/master@{#37921}
TBR=mstarzinger@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2165223002
Cr-Commit-Position: refs/heads/master@{#37925}
Always use the BytecodeGraphBuilder when the --turbo-from-bytecode
is enabled, assuming the function should be compiled for Ignition.
Adds a new MaybeOptimizeIgnition function to runtime-profiler
which is called if the function should be optimized from bytecode
rather than going via full-codegen.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2156753002
Cr-Commit-Position: refs/heads/master@{#37921}
The optimizing compilers actually invoke %TransitionElementsKind for
any kind of JSObject, the only relevant thing is the elements kind.
The runtime function was however checking for JSArray unnecessarily.
This only worked by coincindence in Crankshaft because the stub would
normally not call into the runtime fallback.
R=jarin@chromium.org
BUG=chromium:629823
Review-Url: https://codereview.chromium.org/2166963004
Cr-Commit-Position: refs/heads/master@{#37919}
Fixes bug in test-gap-resolver.cc that didn't test different move reps.
Fixes test canonicalization so all slots have the same type (non-float).
Improve test failure text output.
LOG=N
BUG=v8:5187
Review-Url: https://codereview.chromium.org/2169493002
Cr-Commit-Position: refs/heads/master@{#37915}
This CL more or less reverts commit https://codereview.chromium.org/2107733002/
The use of the MathPow code stub that was introduced by that commit caused
problems on arm64, and the MathPow code stub was also an obstacle in the
implementation of parallel code generation.
In addition this CL turns on the mjsunit/wasm/embenchen tests for arm64
which were turned off because of problems with MathPow on arm64.
R=titzer@chromium.org, bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2166793002
Cr-Commit-Position: refs/heads/master@{#37911}
This CL fixes weird performance implications when changing layout of Code::flags field:
it happened that the unused ICStateField with MONOMORPHIC value in the handlers' flags
was accidentally offsetting the underflow bug in stub cache probing code on arm, arm64,
mips and mips64.
Stub cache tests now work even when snapshot is enabled.
Drive-by-change: Fixed counters manipulation on arm64 and mips64.
BUG=chromium:618701
Review-Url: https://codereview.chromium.org/2161153002
Cr-Commit-Position: refs/heads/master@{#37910}
For some bytecodes it is beneficial to always look for a Star
bytecode when dispatching to the next and inline perform it
without dispatching to the Star handler.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2142273003
Cr-Commit-Position: refs/heads/master@{#37904}
This additionally makes the invariant obvious that outer_scope==nullptr+is_with_scope is impossible.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2165923002
Cr-Commit-Position: refs/heads/master@{#37902}
As required by the spec.
This is a variant of what I reverted in f47e722403.
It will probably still cause a regression but now it's easier to migrate (parts of)
the current implementation to C++, which is expected to make things faster again.
BUG=chromium:627729,v8:5113
Review-Url: https://codereview.chromium.org/2164923002
Cr-Commit-Position: refs/heads/master@{#37897}
This avoids implementation-defined signed overflow in the simulator's
AddWithCarry implementation. The implementation of AddWithCarry now uses
unsigned arithmetic exclusively.
Testing coverage is also significantly improved.
BUG=
Review-Url: https://codereview.chromium.org/2157283003
Cr-Commit-Position: refs/heads/master@{#37895}
This frees up a field in Scope and untangles scope a little from the parser.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2160943004
Cr-Commit-Position: refs/heads/master@{#37887}
Add a dedicated simplified operator to inline the general case for the
ToBoolean conversion. In a follow up CL we will also use the ToBoolean
hints gathered by the baseline compiler.
Review-Url: https://codereview.chromium.org/2167593002
Cr-Commit-Position: refs/heads/master@{#37882}
Reason for revert:
This cl causes a large regression in octane (https://chromeperf.appspot.com/group_report?bug_id=629503). I have to investigate the reason before I can reland this.
Original issue's description:
> [Interpreter] Collect type feedback for 'new' in the bytecode handler
>
> Collect type feedback in the bytecode handler for 'new' bytecode. The
> current implementation does not collect allocation site feedback.
>
> BUG=v8:4280, v8:4780
> LOG=N
>
> Committed: https://crrev.com/1eadc76419b323fb2e55ae9953142f801704aa59
> Cr-Commit-Position: refs/heads/master@{#37862}
TBR=rmcilroy@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4780
Review-Url: https://codereview.chromium.org/2165633003
Cr-Commit-Position: refs/heads/master@{#37872}
This ports a large portion of Error methods to C++,
including the constructor, stack setter and getter,
and Error.prototype.toString.
BUG=
Review-Url: https://codereview.chromium.org/2142933003
Cr-Commit-Position: refs/heads/master@{#37870}
Original issue's description:
> [interpeter] Move to table based peephole optimizer.
>
> Introduces a lookup table for peephole optimizations.
>
> Fixes some tests using BytecodePeepholeOptimizer::Write() that should
> have been update to use BytecodePeepholeOptimizer::WriteJump().
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/f4234422b93b21a286b0f31799009bcbe8b90b9e
> Cr-Commit-Position: refs/heads/master@{#37819}
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2164583002
Cr-Commit-Position: refs/heads/master@{#37866}
Collect type feedback in the bytecode handler for 'new' bytecode. The
current implementation does not collect allocation site feedback.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2153433002
Cr-Commit-Position: refs/heads/master@{#37862}
This allows to pass deoptimization reasons to the profiler without the
requirement of always providing a source position. The absence of deopt
reasons is now communicated via a sentinel as the deopt id value. The
deoptimization reasons recently added to TurboFan are now passed to the
profiler.
R=bmeurer@chromium.org
TEST=cctest/test-cpu-profiler
Review-Url: https://codereview.chromium.org/2159793002
Cr-Commit-Position: refs/heads/master@{#37852}
We need to pay attention to potential side effects from parameter
evaluation when inlining the fast case Array.prototype.shift.
R=yangguo@chromium.org
BUG=chromium:614644
Review-Url: https://codereview.chromium.org/2161943002
Cr-Commit-Position: refs/heads/master@{#37850}
Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead just return undefined
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> BUG=chromium:541703
> R=verwaest@chromium.org,bmeurer@chromium.org
BUG=chromium:541703
R=verwaest@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng
Review-Url: https://codereview.chromium.org/2155503004
Cr-Commit-Position: refs/heads/master@{#37842}
The bug occurs because we do not canonicalize character class ranges
before adding case equivalents. While adding case equivalents, we abort
early for one-byte subject strings, assuming that the ranges are sorted.
Which they are not.
R=marja@chromium.org
BUG=v8:5199
Review-Url: https://codereview.chromium.org/2159683002
Cr-Commit-Position: refs/heads/master@{#37833}
This makes sure that we preserve call's tailness even if we have
introduced a loop exit between the call and the return.
BUG=chromium:628773
Review-Url: https://codereview.chromium.org/2155123002
Cr-Commit-Position: refs/heads/master@{#37832}
In int32 multiplication, if we have a positive integer as input, then we know we can't produce a -0 answer. The same is true if truncation is applied (x * y | 0). Without this information, we have to rather annoyingly check if the result of multiplication is 0, then OR the inputs to check for negativity, and possibly return -0. In TurboFan, we'll deopt in this case.
BUG=
Review-Url: https://codereview.chromium.org/2154073002
Cr-Commit-Position: refs/heads/master@{#37831}
So far TurboFan wasn't adding the deoptimization reasons for eager/soft
deoptimization exits that can be used by either the DevTools profiler or
the --trace-deopt flag. This adds basic support for deopt reasons on
Deoptimize, DeoptimizeIf and DeoptimizeUnless nodes and threads through
the reasons to the code generation.
Also moves the DeoptReason to it's own file (to resolve include cycles)
and drops unused reasons.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2161543002
Cr-Commit-Position: refs/heads/master@{#37823}
Reason for revert:
Break MIPS port.
Original issue's description:
> [interpeter] Move to table based peephole optimizer.
>
> Introduces a lookup table for peephole optimizations.
>
> Fixes some tests using BytecodePeepholeOptimizer::Write() that should
> have been update to use BytecodePeepholeOptimizer::WriteJump().
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/f4234422b93b21a286b0f31799009bcbe8b90b9e
> Cr-Commit-Position: refs/heads/master@{#37819}
TBR=rmcilroy@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2161563002
Cr-Commit-Position: refs/heads/master@{#37821}
Introduces a lookup table for peephole optimizations.
Fixes some tests using BytecodePeepholeOptimizer::Write() that should
have been update to use BytecodePeepholeOptimizer::WriteJump().
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2118183002
Cr-Commit-Position: refs/heads/master@{#37819}
This fixes the deoptimization information for the lazy bailout point
after a [[ToObject]] operation inserted for with statements. The result
value was pushed on the operand stack but erroneously ignored and left
on the operand stack by the FullCodeGenerator.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-5205
BUG=v8:5205
Review-Url: https://codereview.chromium.org/2158443002
Cr-Commit-Position: refs/heads/master@{#37818}
Highlights:
- Record all imports and exports in the ModuleDescriptor.
- Remove ImportDeclaration; instead, introduce a new variable kind for imports.
- Set name on default exported anonymous functions.
Still to do: declaration of namespace imports.
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2108193003
Cr-Commit-Position: refs/heads/master@{#37815}
The GetStackPointer() routine in test-platform uses an inline
assembly code to store the current stack pointer value into a static
variable sp_addr. The existing asm code for S390 uses an ST/STG
instruction, with the memory operand associated with the general ('=g')
constraint to sp_addr.
On GCC 4.8.5, the GCC compiler got confused and treated sp_addr as
an integer operand instead of memory operand, resulting in a store
being emitted that writes to an invalid meory location.
Given the specific store instructions being inlined here, we should
restict the sp_addr operand to explicitly be a memory operand using '=m'
instead of '=g'.
R=bmeurer@chromium.org,jkummerow@chormium.org,rmcilroy@chromium.org,yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2158523002
Cr-Commit-Position: refs/heads/master@{#37809}
Delaying for merges caused branch cloning using dummy effect phi inputs,
potentially splitting the effect chain at start.
We still have to delay the creation for loops because we need to break
cycles.
BUG=chromium:628403
Review-Url: https://codereview.chromium.org/2159603002
Cr-Commit-Position: refs/heads/master@{#37808}
This change makes the architecture that we target generated
v8 code for a property of the current toolchain, rather than a
global setting that applies to every toolchain.
This will allow us to properly build two snapshots for two different
architectures in a single build, which is needed for android
webview/monochrome builds.
R=brettw@chromium.org, jochen@chromium.org, michaelbai@chromium.org
BUG=625383
Review-Url: https://codereview.chromium.org/2116913002
Cr-Commit-Position: refs/heads/master@{#37805}
Reason for revert:
Unfortunately, the performance issues are still there on Android.
Original issue's description:
> [ic] [stubs] Don't use Code::flags in megamorphic stub cache hash computations.
>
> This should avoid weird performance issues when changing layout of Code::flags field.
>
> BUG=chromium:618701
>
> Committed: https://crrev.com/aa4140b1ccc114b82700471513c715f68b7c5dac
> Cr-Commit-Position: refs/heads/master@{#37755}
TBR=jkummerow@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:618701
Review-Url: https://codereview.chromium.org/2147213004
Cr-Commit-Position: refs/heads/master@{#37801}
This commit introduces support for writing unwinding tables in the
.eh_frame format, to be inserted in the jitdump read by Linux perf and
emitted with FLAG_perf_prof and FLAG_perf_prof_unwinding_info enabled.
x64 is fully implemented and tested, arm and arm64 are untested and the
unwinding information needs to be expanded, but the mechanism is ready.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/2026313002
Cr-Commit-Position: refs/heads/master@{#37799}
This reverts commit 457c02573c because it caused a
regression in SunSpider/string-fasta and possibly AreWeFastYet/Life. Need to
implement this in a smarter way.
TBR=littledan@chromium.org
BUG=chromium:627729,v8:5113
Review-Url: https://codereview.chromium.org/2149303003
Cr-Commit-Position: refs/heads/master@{#37793}
This makes sure that the uses of PlainPrimitiveToNumber get a more
precise type (so that the uses know how to interpret the output
representation).
BUG=chromium:628516
Review-Url: https://codereview.chromium.org/2151223002
Cr-Commit-Position: refs/heads/master@{#37792}
- Add Simd128 type to Wasm AST types
- Add a pass that converts SIMD machine ops to runtime calls
- Sample opcodes Int32x4Splat, Int32x4ExtractLane and test
- Separate out generic SIMD Machine ops as these cannot be
handled by runtime functions just yet.
LOG=N
BUG=v8:4124
R=bradnelson@chromium.org, bbudge@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/1991143002
Cr-Commit-Position: refs/heads/master@{#37789}
Annex B.3.3 of the spec requires that sloppy-mode block-scoped functions
declared by "eval" are hoisted unless doing so would cause an early
error (which is to say, conflict with a lexical declaration). This patch
amends the check for conflicting declarations to include those outside
of the eval itself.
BUG=v8:4468, v8:4479
Review-Url: https://codereview.chromium.org/2112163002
Cr-Commit-Position: refs/heads/master@{#37783}
Instead of unconditionally parsing the catch parameter as an expression
and then recovering if it turns out to be a simple variable proxy
(the overwhelmingly common case), this patch peeks one token ahead
before attempting to parse. This avoids doing the usual RemoveUnresolved
gymnastics in ParseTryStatement, and as a side-effect slightly improves
function name inference for an async arrow function test case.
Review-Url: https://codereview.chromium.org/2151433005
Cr-Commit-Position: refs/heads/master@{#37780}
1) Validation fails for literal indexes too large for accessing a given
heap type
2) Removes the special handling of FloatishDoubleQ, and FloatQDoubleQ;
the inheritance issue that required this special handling was fixed in
another CL.
3) Fix a macro name (from asm_* to ASM_*)
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
TEST=cctest/asmjs/test-asm-typer.cc
LOG=N
Review-Url: https://codereview.chromium.org/2150583003
Cr-Commit-Position: refs/heads/master@{#37776}
Implemented the WebAssembly.Module and WebAssembly.Instance
in terms of the WasmModule::CompileFunctions and
WasmModule::Instantiate APIs.
Added negative tests - for invalid module object.
BUG=
Review-Url: https://codereview.chromium.org/2121593002
Cr-Commit-Position: refs/heads/master@{#37775}
Typed lowering now produces SpeculativeNumberShiftLeft for JSShiftLeft if the type feedback is kSignedSmall or kSigned32.
BUG=v8:4583
LOG=n
Review-Url: https://codereview.chromium.org/2150553002
Cr-Commit-Position: refs/heads/master@{#37762}
Reason for revert:
blink is unhappy about the microtask change
Original issue's description:
> Reland "Don't compile functions in a context the caller doesn't have access to"
>
> Original issue's description:
> > Don't compile functions in a context the caller doesn't have access to
> >
> > Instead just return undefined
> >
> > A side effect of this is that it's no longer possible to compile
> > functions in a detached context.
> >
> > BUG=chromium:541703
> > R=verwaest@chromium.org,bmeurer@chromium.org
>
> BUG=chromium:541703
> R=verwaest@chromium.org
>
> Committed: https://crrev.com/6bceabac5b705b2ce1f52d34650cea1ae3b8c617
> Cr-Commit-Position: refs/heads/master@{#37756}
TBR=verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:541703
Review-Url: https://codereview.chromium.org/2151843002
Cr-Commit-Position: refs/heads/master@{#37760}
Using the Hydrogen code stub bailout mechanism is not correct for the
string length overflow check in the StringAddStub. Instead make sure we
just throw the proper exception.
R=mstarzinger@chromium.org
BUG=chromium:627934
Review-Url: https://codereview.chromium.org/2146353002
Cr-Commit-Position: refs/heads/master@{#37758}
This adds a missing conversion of time zone names to string primitives
before case conversion and regular expression matching are applied.
This is in sync with ECMA-402, section 12.1.1.1, step 16(a).
R=jochen@chromium.org
TEST=mjsunit/regress/regress-crbug-627935
BUG=chromium:627935
Review-Url: https://codereview.chromium.org/2143003005
Cr-Commit-Position: refs/heads/master@{#37757}
Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead just return undefined
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> BUG=chromium:541703
> R=verwaest@chromium.org,bmeurer@chromium.org
BUG=chromium:541703
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2143893005
Cr-Commit-Position: refs/heads/master@{#37756}
This should avoid weird performance issues when changing layout of Code::flags field.
BUG=chromium:618701
Review-Url: https://codereview.chromium.org/2147433002
Cr-Commit-Position: refs/heads/master@{#37755}
Original commit message:
Also, CodeGenerator::MakeCodeEpilogue now accepts an optional pointer
to a EhFrameWriter and will attach unwinding information to the code
object when passed one.
Reason for reverting:
The STATIC_CONST_MEMBER_DEFINITION in eh-frame-writer-unittest.cc
causes a compiler error on V8 Win64 - clang buildbot.
Removing that bit.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/2023503002
Cr-Commit-Position: refs/heads/master@{#37754}
If --turbo-type-feedback is off, the type hints on the operators will
just be kAny, so we don't need to do additional checks in the
JSTypedLowering reducer.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2144203002
Cr-Commit-Position: refs/heads/master@{#37750}
Reason for revert:
Breaks the roll, possibly win gn:
https://codereview.chromium.org/2148863002/
Original issue's description:
> [interpreter] Reduce dependencies in bytecodes.{h,cc}
>
> This CL reduces the number of dependencies bytecodes.{h,cc} to facilitate
> generating the bytecode peephole optimizer table during build. Specifically,
> it avoids depending on v8_base.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/4edebb1cd870ae6c1359ad54f83e618e185883b1
> Cr-Commit-Position: refs/heads/master@{#37715}
TBR=mstarzinger@chromium.org,rmcilroy@chromium.org,oth@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2151693003
Cr-Commit-Position: refs/heads/master@{#37743}
Reason for revert:
Causes crashes on Canary
Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead just return undefined
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> BUG=chromium:541703
> R=verwaest@chromium.org,bmeurer@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng
>
> Committed: https://crrev.com/992e34c21635b179a993b82ac1d81753e7a6a57a
> Cr-Commit-Position: refs/heads/master@{#37657}
TBR=bmeurer@chromium.org,verwaest@chromium.org,jochen@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:541703, chromium:628053
Review-Url: https://codereview.chromium.org/2148163002
Cr-Commit-Position: refs/heads/master@{#37736}
The runtime JIT function is passed in the function table to hook up the compiled code and the starting address of the memory to locate the bytes to be compiled.
BUG=5044
Review-Url: https://codereview.chromium.org/2137993003
Cr-Commit-Position: refs/heads/master@{#37735}
Reason for revert:
Correcting issue.
Original issue's description:
> Revert of Add errors for declarations which conflict with catch parameters. (patchset #6 id:100001 of https://codereview.chromium.org/2109733003/ )
>
> Reason for revert:
> Fuzzer claims `try { \"\" ; } catch(x) { let x1 = [1,,], x = x; }` causes a crash.
>
> Original issue's description:
> > Add errors for declarations which conflict with catch parameters.
> >
> > Catch parameters are largely treated as lexical declarations in the
> > block which contains their body for the purposes of early syntax errors,
> > with some exceptions outlined in B.3.5. This patch introduces most of
> > those errors, except those from `eval('for (var e of ...);')` inside of
> > a catch with a simple parameter named 'e'.
> >
> > Note that annex B.3.5 allows var declarations to conflict with simple
> > catch parameters, except when the variable declaration is the init of a
> > for-of statement.
> >
> > BUG=v8:5112,v8:4231
> >
> > Committed: https://crrev.com/2907c726b2bb5cf20b2bec639ca9e6a521585406
> > Cr-Commit-Position: refs/heads/master@{#37462}
>
> TBR=littledan@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:5112,v8:4231
>
> Committed: https://crrev.com/8834d5ecb559001c87c42322969471da60574a8c
> Cr-Commit-Position: refs/heads/master@{#37464}
R=littledan@chromium.org
BUG=v8:5112,v8:4231
Review-Url: https://codereview.chromium.org/2119933002
Cr-Commit-Position: refs/heads/master@{#37728}
* Rename Atomics.futexWait -> Atomics.wait
* Rename Atomics.futexWake -> Atomics.wake
* Remove Atomics.futexWakeOrRequeue
* Return value of Atomics.wait is now a string: "ok", "not-equal" or
"timed-out"
* Update comments that reference URL for ecmascript_sharedmem to
https://github.com/tc39/ecmascript_sharedmem
Review-Url: https://codereview.chromium.org/2143443002
Cr-Commit-Position: refs/heads/master@{#37727}
This fixes the deoptimization information for the lazy bailout point
after a [[ToName]] operation inserted for object literals and class
literals. The result value was erroneously ignored.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-627828
BUG=chromium:627828
Review-Url: https://codereview.chromium.org/2149493003
Cr-Commit-Position: refs/heads/master@{#37719}
This CL reduces the number of dependencies bytecodes.{h,cc} to facilitate
generating the bytecode peephole optimizer table during build. Specifically,
it avoids depending on v8_base.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2135273002
Cr-Commit-Position: refs/heads/master@{#37715}
- Adds move/swap handling for 4 and 16 bytes to ia32.
- Register allocator now only requests 4 bytes for floats on ia32 and arm.
- We probably need similar support in mips.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2027043002
Cr-Commit-Position: refs/heads/master@{#37714}
After this CL we can avoid using Code::flags in hash computations for megamorphic
stub caches and therefore the unused ICState field can be finally removed from flags.
BUG=chromium:618701
Review-Url: https://codereview.chromium.org/2123983004
Cr-Commit-Position: refs/heads/master@{#37708}
Original commit message:
Also, CodeGenerator::MakeCodeEpilogue now accepts an optional pointer
to a EhFrameWriter and will attach unwinding information to the code
object when passed one.
Reason for reverting:
The STATIC_CONST_MEMBER_DEFINITION in eh-frame-writer-unittest.cc
causes a compiler error on V8 Win64 - clang buildbot.
Removing that bit.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/2023503002
Cr-Commit-Position: refs/heads/master@{#37707}
If operands are loaded as unsigned 32-bit integer, they need to be sign extended to 64 bits.
TEST=cctest/test-run-machops/RunWord32AndAndWord32ShrP, cctest/test-run-machops/RunWord32OrP,
cctest/test-run-machops/RunWord32ShrP, cctest/test-run-machops/RunWord32XorP
BUG=
Review-Url: https://codereview.chromium.org/2147883002
Cr-Commit-Position: refs/heads/master@{#37705}
This fully deprecates all uses of the RUNTIME_ASSERT macro and removes
the macro and underlying logging function in question. All uses have
been replaces with CHECK macros which crash safely even in production.
It makes sure we discover abuse of runtime functions in the wild early
and also abort the process safely. Breaking assumptions in any runtime
function can no longer accidentally be caught by JavaScript.
R=yangguo@chromium.org
BUG=v8:5066
Review-Url: https://codereview.chromium.org/2132493002
Cr-Commit-Position: refs/heads/master@{#37704}
This makes sure the {AstGraphBuilder} respects the catch-prediction that
is provided by the parser along with each {TryStatement}. This is needed
for try-blocks materialized by the parser not to influence predictions
users expect when using the debugger.
R=neis@chromium.org
TEST=mjsunit/debug-exceptions
BUG=v8:5183
Review-Url: https://codereview.chromium.org/2147573002
Cr-Commit-Position: refs/heads/master@{#37702}
Previously, the following schedule fragment:
1: Parameter[0](0)
2: Parameter[1](0)
7: Int32Constant[1]
8: Int32Sub(2, 7)
9: Load[kRepTagged|kTypeAny](1, 8)
would generate the following code (on ia32):
mov eax,[ebp+0x8]
mov ecx,[ebp+0xc]
sub eax,0x1
mov eax,[eax+ecx*1]
Now it generates:
mov eax,[ebp+0x8]
mov ecx,[ebp+0xc]
mov eax,[eax+ecx*1-1]
Similar pattern matching also now works on x64.
BUG=v8:5192
LOG=N
Review-Url: https://codereview.chromium.org/2137323003
Cr-Commit-Position: refs/heads/master@{#37701}
Collect type feedback in the call bytecode handler. The current
implementation only collects feedback for JS function objects. The other
objects and Array functions do not collect any feedback. They will be
marked Megamorphic.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2122183002
Cr-Commit-Position: refs/heads/master@{#37700}
For JSToBoolean with Number inputs we still called out to the
ToBooleanStub, even though we easily handle them inline nowadays.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2145923002
Cr-Commit-Position: refs/heads/master@{#37699}
To correctly support instantiating a compiled module multiple times, we clone the
compiled module each time we create an instance, since some of the data is specific
to the instance - e.g. export code, wasm functions, indirect table.
BUG=v8:5072
Review-Url: https://codereview.chromium.org/2134593002
Cr-Commit-Position: refs/heads/master@{#37692}
Reason for revert:
The STATIC_CONST_MEMBER_DEFINITION in eh-frame-writer-unittest.cc causes a compiler error on V8 Win64 - clang buildbot. Removing that bit should be sufficient.
Original issue's description:
> Implement .eh_frame writer and disassembler.
>
> Also, CodeGenerator::MakeCodeEpilogue now accepts an optional pointer
> to a EhFrameWriter and will attach unwinding information to the code
> object when passed one.
>
> BUG=v8:4899
> LOG=N
>
> Committed: https://crrev.com/27d810e63b744b5b3d9aa28ff21413247773e6c2
> Cr-Commit-Position: refs/heads/master@{#37683}
TBR=rmcilroy@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4899
Review-Url: https://codereview.chromium.org/2143033002
Cr-Commit-Position: refs/heads/master@{#37688}
When trying to clone a branch, the ControlFlowOptimizer gave up as soon as it found a Phi/EffectPhi node that could not be placed directly below the IfTrue or IfFalse control paths.
Moving the step in the EffectControlLinearizer phase, after the first schedule, works around the problem by looking at the successor blocks.
BUG=
Review-Url: https://codereview.chromium.org/2139593002
Cr-Commit-Position: refs/heads/master@{#37687}
This solves an issue with throws inside for-of always being marked as caught.
BUG=v8:5183
Review-Url: https://codereview.chromium.org/2146493002
Cr-Commit-Position: refs/heads/master@{#37686}
Also, CodeGenerator::MakeCodeEpilogue now accepts an optional pointer
to a EhFrameWriter and will attach unwinding information to the code
object when passed one.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/2023503002
Cr-Commit-Position: refs/heads/master@{#37683}
- check that packed elements do not contain the_hole (with fix)
- verify argument objects with elements kind
- use JSObjectVerifiy in all JSObject "subclasses"
- change initialization order for ArrayLiteralBoilerplate to simplify verification
BUG=v8:5188
Review-Url: https://codereview.chromium.org/2126613002
Cr-Commit-Position: refs/heads/master@{#37680}
This is another point where we add inconsistent behavior between simple and
detailed stack traces. The functionality also does not seem to be used in
chrome anymore when uncaught exceptions are thrown. Remove it to reduce
maintenance burden.
BUG=624285
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2141523002
Cr-Commit-Position: refs/heads/master@{#37673}
I removed or replaced some values in the list of float and double values
in value-helper.h which cannot be represented precisely as floats or
doubles, respectively.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2135243004
Cr-Commit-Position: refs/heads/master@{#37671}
This removes the checking for use-def and def-use chain links from the
graph verification. Presence of such links can only be violated by a bug
in the actual {Node} implementation itself. That container class is also
covered by unit tests.
The verification in question was useful in the early days when the graph
implementation itself was prone to bugs. By now it has stabilized and
spending O(n^2) time during graph verification is too wasteful to still
be considered a reasonable trade-off.
R=jarin@chromium.org
TEST=unittests/NodeTest.*
Review-Url: https://codereview.chromium.org/2140973003
Cr-Commit-Position: refs/heads/master@{#37670}
The PlainPrimitiveToNumber operator performs a superset of the operations
previously performed by the BooleanToNumber and StringToNumber operators,
so we can just use the special lowering rules for PlainPrimitiveToNumber
based on the input type and get rid of the specialized operators.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2139183002
Cr-Commit-Position: refs/heads/master@{#37669}
This CL separates the check whether something is tail-callable from
the computation of the size of the stack parameters that a function
takes.
In order to track this precisely, the stack parameter size calculation
uses the recently landed MachineType information that's embedded
in return and parameter value LinkageLocations.
Review-Url: https://codereview.chromium.org/2121753002
Cr-Commit-Position: refs/heads/master@{#37668}
Remove obsolete definitions from macros.py, and drop the now obsolete
%_ToPrimitive, %_ToPrimitive_Number, %_ToPrimitive_String, %_ToName
and the %ToPrimitive_String intrinsics/runtime entries.
R=yangguo@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2137203002
Cr-Commit-Position: refs/heads/master@{#37665}
Instead just return undefined
A side effect of this is that it's no longer possible to compile
functions in a detached context.
BUG=chromium:541703
R=verwaest@chromium.org,bmeurer@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng
Review-Url: https://codereview.chromium.org/2034083002
Cr-Commit-Position: refs/heads/master@{#37657}
When the scanner finds a '-->', it's either part of an HTMLCloseComment
or a '--' followed by a '>'. Previously, only a preceding newline would
make it an HTMLCloseComment. Now, a preceding multiline comment also
makes it an HTMLCloseComment. The effect is that now the following is
not a SyntaxError:
x/*
*/-->this is now a comment
BUG=v8:5142
LOG=y
Review-Url: https://codereview.chromium.org/2119763003
Cr-Commit-Position: refs/heads/master@{#37656}
This patch just checks for a stack overflow and returns failure
from the cases which Clusterfuzz found. However, there may be
more locations in the parser which need similar treatment.
R=caitpotter88@gmail.com,neis
BUG=v8:4483,chromium:624300
Review-Url: https://codereview.chromium.org/2135503002
Cr-Commit-Position: refs/heads/master@{#37655}
This removes the frame state input representing the before-state from
nodes having any comparison operator. Lowering that inserts number
conversions of the inputs has to be disabled when deoptimization is
enabled, because the frame state layout is no longer known.
R=jarin@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2134173002
Cr-Commit-Position: refs/heads/master@{#37646}
This extends pretenuring decisions based on allocation sites to heap
numbers that are allocated as part of object literals. It ensures memory
locality of a bigger enclosure of the deep copy of an object literal.
R=bmeurer@chromium.org
TEST=cctest/test-heap/OptimizedPretenuringMixedInObjectProperties
Review-Url: https://codereview.chromium.org/2135933002
Cr-Commit-Position: refs/heads/master@{#37645}
By adding MachineType to LinkageLocation, it is possible not only to reason
about the location of a LinkageLocation on the stack, but also about it's
size. This will be useful in follow-on CLs that attempt to merge some of the
parameter passing logic of tail calls and normal (non-tail) calls.
As a nice side-effect, it is no longer necessary to separately keep a
MachineSignature in a CallDescriptor, because the MachineTypes contianed in
LinkageLocation for all of the Descriptor's parameters and return types are
sufficient. This CL therefore removes the MachineSignature from the
CallDescriptor and adjusts all the calling code accordingly, simplifying and
de-duplicating code in a bunch of places.
R=titzer@chromium.org, bmeurer@chromium.org
LOG=N
Review-Url: https://codereview.chromium.org/2124023003
Cr-Commit-Position: refs/heads/master@{#37633}
CallSite::IsConstructor() was unable to recognize builtin construct stubs
(NumberConstructor_ConstructStub and StringConstructor_ConstructStub) as
constructors, and thus these frames were not formatted correctly in stack
traces.
Fix this by explicitly marking their Code objects as construct stubs and
passing along a special receiver value when we encounter such cases in
CaptureSimpleStackTrace.
R=mstarzinger@chromium.org, yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2125163004
Cr-Commit-Position: refs/heads/master@{#37631}
This enables tests which verify allocation site feedback is used and
influences pretenuring decisions. By now TurboFan is respecting such
feedback. Ignition however doesn't provide such feedback yet.
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2135563003
Cr-Commit-Position: refs/heads/master@{#37628}
Consume Smi/Signed32 feedback for division and modulus and introduce
appropriate checked operators. This is especially important for modulus
where the Float64Mod operator is significantly slower than Int32Mod on
most platforms. For division it's mostly important to propagate
integerness, i.e. to avoid follow-up conversions between float and
int32.
Drive-by-fix: Use Int32Mod for the ModulusStub (and the bytecode handler)
when the inputs are both Smi.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2138633002
Cr-Commit-Position: refs/heads/master@{#37621}
The Intl code previously called the initial value of String.prototype.split
for some internal operations. However, this did not have the intended effect
as Intl only needs to split strings by strings, but String.prototype.split
has integration with Symbol.split for RegExps.
This patch replaces the calls of StringSplit in the Intl implementation
with direct calls to the %StringSplit runtime function to avoid the issue.
R=yangguo@chromium.org
BUG=v8:5179
Review-Url: https://codereview.chromium.org/2126073002
Cr-Commit-Position: refs/heads/master@{#37615}
Isolate is not going to retain a CPU profiler.
The client will be creating an instance of profiler when needed.
Deprectate v8::Isolate::GetCpuProfiler()
BUG=v8:4789
Review-Url: https://codereview.chromium.org/2117343006
Cr-Commit-Position: refs/heads/master@{#37613}
This enables tests which rely on the context available at "debugger"
statements to be accurate. This is the case by now when deoptimization
information is available.
R=yangguo@chromium.org
BUG=v8:4055
Review URL: https://codereview.chromium.org/2129123002 .
Cr-Commit-Position: refs/heads/master@{#37604}
Drive-by-fix: hydrogen code does not blindly return the
byteLength offset, instead it executes what is defined
in the byteLength getter.
BUG=
Review-Url: https://codereview.chromium.org/2123263002
Cr-Commit-Position: refs/heads/master@{#37595}
Such an object can be used to later create a context from it. It has to
have access checks with handlers enabled, as it cannot be accessed
otherwise.
BUG=chromium:618305
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2107673003
Cr-Commit-Position: refs/heads/master@{#37594}
This enables tests which rely on the context available at "debugger"
statements to be accurate. This is the case by now when deoptimization
information is available.
R=mvstanton@chromium.org
BUG=v8:4035
Review-Url: https://codereview.chromium.org/2125773005
Cr-Commit-Position: refs/heads/master@{#37590}
When reading the value property of an iterator result fails, we must not close the iterator.
This was not discovered earlier because the tests had a subtle bug.
This CL fixes both the desugaring and the tests.
BUG=
Review-Url: https://codereview.chromium.org/2119353002
Cr-Commit-Position: refs/heads/master@{#37571}
For variables introduced as part of a catch pattern, we used to set their
"initializer position" to the beginning of the pattern. This lead to
full-codegen eliminating crucial hole checks when reading such variables
inside the pattern itself.
R=adamk@chromium.org, littledan@chromium.org
BUG=v8:5178
Review-Url: https://codereview.chromium.org/2123953002
Cr-Commit-Position: refs/heads/master@{#37569}
We want to eventually move the profiling functionality out of V8 as library,
this patch exposes TickSample and its APIs in v8-profiler.h so that when
embedders use library, they can have more details.
Minor change: Rename tick-sample.[h|cc] to simulator-helper.[h|cc].
BUG=v8:4789
LOG=N
Review-Url: https://codereview.chromium.org/2105943002
Cr-Commit-Position: refs/heads/master@{#37564}
While the test was useful to reproduce the issue locally it creates a lot of
heap pressure and causes all sorts of troubles (OOM, slowness) on the bots, so
let's drop it.
R=hpayer@chromium.org
Review-Url: https://codereview.chromium.org/2127803002
Cr-Commit-Position: refs/heads/master@{#37551}
This removes explicit uses of the RUNTIME_ASSERT macro from some runtime
methods. The implicit ones in CONVERT_FOO_ARG_CHECKED will be addressed
in a separate CL for all runtime modules at once.
R=yangguo@chromium.org
BUG=v8:5066
Review-Url: https://codereview.chromium.org/2053573004
Cr-Commit-Position: refs/heads/master@{#37545}
This is a quick fix for the hole leaking from generators via the debugger's frame
inspection feature: when collecting the arguments, convert each hole to undefined.
In the long term, we probably want to remember and restore the actual arguments
rather than pushing these dummy arguments on each resume.
BUG=v8:5164
Review-Url: https://codereview.chromium.org/2122923003
Cr-Commit-Position: refs/heads/master@{#37544}
The dependency would only happen if we have a smi overflow for the length and
have create a heap number. In this case the heap number would've to survive
until the array buffer is collected.
To avoid this dependency we track the length (as we previously used to).
BUG=chromium:625752
LOG=N
TEST=test/mjsunit/regress/regress-625752.js
R=hpayer@chromium.org
This reverts commit 1791d7bb9a.
Review-Url: https://codereview.chromium.org/2127643002
Cr-Commit-Position: refs/heads/master@{#37537}
Reason for revert:
[Sheriff] This makes mjsunit/regress/regress-625752 extremely slow on all gc stress bots and leads to timeouts with custom snapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/6602
Original issue's description:
> [heap] Track length for array buffers to avoid free-ing dependency
>
> The dependency would only happen if we have a smi overflow for the length and
> have create a heap number. In this case the heap number would've to survive
> until the array buffer is collected.
>
> To avoid this dependency we track the length (as we previously used to).
>
> BUG=chromium:625748,chromium:625752
> LOG=N
> TEST=test/mjsunit/regress/regress-625752.js
> R=hpayer@chromium.org
>
> Committed: https://crrev.com/ddc75cc1356a58b6cfd63f9da0586e1150496b3d
> Cr-Commit-Position: refs/heads/master@{#37530}
TBR=hpayer@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:625748,chromium:625752
Review-Url: https://codereview.chromium.org/2127483003
Cr-Commit-Position: refs/heads/master@{#37533}
Introduces fused bytecodes for fusing LdaSmi followed by a binary op bytecode.
The chosen bytecodes are used frequently in Octane: AddSmi, SubSmi,
BitwiseOrSmi, BitwiseAndSmi, ShiftLeftSmi, ShiftRightSmi.
There are additional code stubs for these operations that are biased towards
both the left hand and right hand operands being Smis.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2111923002
Cr-Commit-Position: refs/heads/master@{#37531}
The dependency would only happen if we have a smi overflow for the length and
have create a heap number. In this case the heap number would've to survive
until the array buffer is collected.
To avoid this dependency we track the length (as we previously used to).
BUG=chromium:625748,chromium:625752
LOG=N
TEST=test/mjsunit/regress/regress-625752.js
R=hpayer@chromium.org
Review-Url: https://codereview.chromium.org/2122603004
Cr-Commit-Position: refs/heads/master@{#37530}
This adds a new optimization phase to the TurboFan pipeline, which walks
over the effect chain and tries to eliminate redundant loads (and even
some stores) of object fields. We currently ignore element access, but
that will probably need to be handled as well at some point. We also
don't have any special treatment to properly track object maps, which is
also on the list of things that will happen afterwards.
The implementation is pretty simple currently, and probably way to
inefficient. It's meant to be a proof-of-concept to iterate on.
R=jarin@chromium.org
BUG=v8:4930,v8:5141
Review-Url: https://codereview.chromium.org/2120253002
Cr-Commit-Position: refs/heads/master@{#37528}
This just removes some left-overs from when the {JSTypedLoweringTest}
covered strong mode and an iteration over all language modes was used
for testing all binary operations. The language mode in question has
been removed since then.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2121113002
Cr-Commit-Position: refs/heads/master@{#37526}
This removes the frame state input representing the before-state from
nodes having the {JSAdd} or the {JSSubtract} operator. Lowering that
inserts number conversions of the inputs has to be disabled when
deoptimization is enabled, because the frame state layout is no longer
known.
R=jarin@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2125593002
Cr-Commit-Position: refs/heads/master@{#37522}
This drops the %_ValueOf intrinsic, but keeps the runtime entry
%ValueOf for now, by either migrating the functionality (mostly
Debug mirror or toString/valueOf methods) to C++ or TurboFan
builtins, or switching to the %ValueOf runtime call when it's
not performance critical anyways.
The %_ValueOf intrinsic was one of the last blockers for fixing
the unsound machine operator typing in TurboFan.
R=yangguo@chromium.org
BUG=v8:5049
Committed: https://crrev.com/293bd7882987f00e465710ce468bfb1eaa7d3fa2
Review-Url: https://codereview.chromium.org/2126453002
Cr-Original-Commit-Position: refs/heads/master@{#37512}
Cr-Commit-Position: refs/heads/master@{#37519}
The Number.parseInt (and therefore the parseInt function on the global
object) are often used instead of Math.floor or just plain int32
truncation, and we can easily recognize those cases and provide a fast
path in TurboFan.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2125583002
Cr-Commit-Position: refs/heads/master@{#37518}
This removes the frame state input representing the before-state from
nodes having the {JSMultiply} operator. Lowering that inserts number
conversions of the inputs has to be disabled when deoptimization is
enabled, because the frame state layout is no longer known.
R=jarin@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2111193002
Cr-Commit-Position: refs/heads/master@{#37517}
The reason:
same as the CL #37371 (Issue 2111493002: X87: disable some sin/cos/expm1/tan test cases for x87.), please
refer https://codereview.chromium.org/2111493002 for more details.
For Acosh/ASinh test cases, the expected values are pre-defined double precision values, the results
generated by C++ function are extended double precision as the extended double precision is default for x87
Gcc compiler and std lib on linux platform. The comparison of different precisons caused some of those test
cases failed.
This CL disables Acosh/ASinh test cases for x87.
BUG=
Review-Url: https://codereview.chromium.org/2122593002
Cr-Commit-Position: refs/heads/master@{#37516}
The reason:
In CreateRandomOperand(), It used the register index 1 for ExplicitOperand(LocationOperand::REGISTER, rep,
GetRegisterCode(rep, 1)).
For x87 turbofan compiler, there's only 1 allocatable Float/Double register, i.e.: register index 0. the
GetRegisterCode(rep, 1) in ExplicitOperand() always return false when rep is MachineRepresentation::kFloat32/kFloat64.
It caused the test-gap-resolver/FuzzResolver failed at DCHECK_IMPLIES(kind == REGISTER && rep == MachineRepresentation::kFloat32,
FloatRegister::from_code(index).IsAllocatable(RegisterConfiguration::TURBOFAN)), src/compiler/instruction.cc, line 259, under
debug mode.
This CL disable test-gap-resolver/FuzzResolver test case for x87.
BUG=
Review-Url: https://codereview.chromium.org/2120203002
Cr-Commit-Position: refs/heads/master@{#37515}
Reason for revert:
[Sheriff] Breaks without i18n:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/8466
Original issue's description:
> [intrinsic] Drop the %_ValueOf intrinsic.
>
> This drops the %_ValueOf intrinsic, but keeps the runtime entry
> %ValueOf for now, by either migrating the functionality (mostly
> Debug mirror or toString/valueOf methods) to C++ or TurboFan
> builtins, or switching to the %ValueOf runtime call when it's
> not performance critical anyways.
>
> The %_ValueOf intrinsic was one of the last blockers for fixing
> the unsound machine operator typing in TurboFan.
>
> R=yangguo@chromium.org
> BUG=v8:5049
>
> Committed: https://crrev.com/293bd7882987f00e465710ce468bfb1eaa7d3fa2
> Cr-Commit-Position: refs/heads/master@{#37512}
TBR=yangguo@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2117273002
Cr-Commit-Position: refs/heads/master@{#37514}
This concerns formatting of calls to, e.g., Math.acos in stack traces,
in which the receiver is an object with an attached toString tag. If
such a tag exists, use it to format the receiver typename to ensure that
the stack trace includes 'Math.acos' instead of 'Object.acos'.
R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2110683007
Cr-Commit-Position: refs/heads/master@{#37513}
This drops the %_ValueOf intrinsic, but keeps the runtime entry
%ValueOf for now, by either migrating the functionality (mostly
Debug mirror or toString/valueOf methods) to C++ or TurboFan
builtins, or switching to the %ValueOf runtime call when it's
not performance critical anyways.
The %_ValueOf intrinsic was one of the last blockers for fixing
the unsound machine operator typing in TurboFan.
R=yangguo@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2126453002
Cr-Commit-Position: refs/heads/master@{#37512}
Currently there are two logic in Ticker, one is to try to request a
pre-allocated TickSample from CpuProfiler and then initialize it, and if the
request fails, it will initialize a local TickSample. The other is it will pass
an initialized TickSample to Profiler to log into v8.log.
This patch splits Ticker into two samplers, the first one remains in log.cc to
collect samples and pass to Profiler for logging, the second one will be called
by ProfilerEventsProcessor, and only use the circular queue only.
BUG=v8:4789
LOG=N
Review-Url: https://codereview.chromium.org/2108393002
Cr-Commit-Position: refs/heads/master@{#37506}
Stack trace generation requires access to the receiver; and while the
receiver is already on the stack, we cannot determine its position
during stack trace generation (it's stored in argv[0], and argc is only
stored in a callee-saved register).
This patch grants access to the receiver by pushing argc onto builtin
exit frames as an extra argument. Compared to simply pushing the
receiver, this requires an additional dereference during stack trace
generation, but one fewer during builtin calls.
BUG=v8:4815
Review-Url: https://codereview.chromium.org/2106883003
Cr-Commit-Position: refs/heads/master@{#37500}
