This CL also reduces the minimum semi-space size to 512K.
BUG=chromium:716032
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
Review-Url: https://codereview.chromium.org/2942543002
Cr-Commit-Position: refs/heads/master@{#45992}
With the introduction of the fast-cloning double fields in the CSA stub for
literals we forgot to check for deprecated maps. As a result every subsequent
IC-miss would have to migrate the objects from such boilerplates.
This CL makes sure we don't use the deprecated map when copying boilerplates,
thus restoring the original behavior.
Bug: v8:6211 chromium:728682
Change-Id: If9ea1e0c5c6fb4236cb7a82ea33306a600925ac3
Reviewed-on: https://chromium-review.googlesource.com/538677
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45981}
Storing the boilerplate on the first run leads to memory ovehead for code
that is run only once. Hence we directly return the creating literal on the
first run and only start creating copies from the second run on.
Bug: v8:6211
Change-Id: I69b96d124a5b594b991fdbcc76dbf935d973ffad
Reviewed-on: https://chromium-review.googlesource.com/530688
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45975}
This removes the heuristic from {JSStackFrame::IsConstructor} that tried
to infer whether a frame was called as a constructor or not from the
receiver value. We are now carrying along the appropriate bit derived
from the frame type instead.
R=jgruber@chromium.org
TEST=message/regress/regress-5727
BUG=v8:5727
Change-Id: I0e2f1d0f95485c84c4ebcd3cbfe0123c6afd2e01
Reviewed-on: https://chromium-review.googlesource.com/500313
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45972}
This reverts commit 8196e10265.
Reason for revert: Performance regression due to hashcode lookup.
Original change's description:
> [builtins] Move most WeakMap/WeakSet code from JS to C++ builtins
>
> They were already implemented mostly in C++ (only error/negative
> cases were handled in script), so this is mostly just a cleanup.
> Only the constructors remain in script after this CL.
>
> Bug: v8:6354
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I5b3579337a8e33dc30d49c2da5cfd42baec697bb
> Reviewed-on: https://chromium-review.googlesource.com/531670
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45924}
TBR=adamk@chromium.org,cbruni@chromium.org,gsathya@chromium.org
Bug: v8:6354, chromium:733238
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia5a741b9587886298f3ca057f6a6adeba556b8e0
Reviewed-on: https://chromium-review.googlesource.com/537207
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45966}
Previously, when destructuring against null or undefined we would
print:
d8> var { x } = null
(d8):1: TypeError: Cannot match against 'undefined' or 'null'.
var { x } = null
^
TypeError: Cannot match against 'undefined' or 'null'.
at (d8):1:1
The above message uses the term "match" which isn't a common term in
JavaScript to describe destructuring. This message also doesn't
provide the name of the property that fails destructuring.
This patch changes the error message to be:
d8> var { x } = null;
(d8):1: TypeError: Cannot destructure property `x` of 'undefined' or 'null'.
var { x } = null;
^
TypeError: Cannot destructure property `x` of 'undefined' or 'null'.
at (d8):1:1
This patch changes the message to say "destructure" instead of "match".
This patch adds support for printing property names that are string
literals. We iterate through every property and pick the first string
literal property name if it exists. This provides at least some
feedback to the developer.
This patch also makes the pointer point to the position of the
property name that fails destructuring.
For computed and numeric property names, we print a generic error:
d8> var { 1: x } = null
(d8):1: TypeError: Cannot destructure against 'undefined' or 'null'.
var { 1: x } = null
^
TypeError: Cannot destructure against 'undefined' or 'null'.
at (d8):1:1
Bug: v8:6499
Change-Id: I35b1ac749489828686f042975294b9926e2dfc53
Reviewed-on: https://chromium-review.googlesource.com/537341
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45965}
I incorrectly assumed that ScopeIterator::SetModuleVariableValue gets called
when the frame is the module function.
R=jgruber@chromium.org, kozyatinskiy@chromium.org
Bug: v8:1569, v8:6484
Change-Id: I1fbad8ccde57280149547c78e679527f7a0c89dd
Reviewed-on: https://chromium-review.googlesource.com/535620
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45961}
Use ICU to check ID_Start, ID_Continue and WhiteSpace even for BMP
when V8_INTL_SUPPORT is on (which is default).
Change LineTerminator::Is() to check 4 code points from
ES#sec-line-terminators instead of using tables and Lookup function.
Remove Lowercase::Is(). It's not used anywhere.
Update webkit/{ToNumber,parseFloat}.js to have the correct expectation
for U+180E and the corresponding expected files. This is a follow-up to
an earlier change ( https://codereview.chromium.org/2720953003 ).
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_win_dbg,v8_mac_dbg;master.tryserver.chromium.android:android_arm64_dbg_recipe
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
BUG=v8:5370,v8:5155
TEST=unittests --gtest_filter=CharP*
TEST=webkit: ToNumber, parseFloat
TEST=test262: built-ins/Number/S9.3*, built-ins/parse{Int,Float}/S15*
TEST=test262: language/white-space/mong*
TEST=test262: built-ins/String/prototype/trim/u180e
TEST=mjsunit: whitespaces
Review-Url: https://codereview.chromium.org/2331303002
Cr-Commit-Position: refs/heads/master@{#45957}
This removes support for reconstructing stack frames for full-codegen
from the deoptimizer. We no longer deoptimize to such code. This also
allows us to remove the {DeoptimizationOutputData} data structure.
R=jarin@chromium.org
BUG=v8:6409
Change-Id: Id28ef05aa985b6877b5c91926a7d7d0d6d6e661d
Reviewed-on: https://chromium-review.googlesource.com/535537
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45943}
This removes the ability to prepare bailout points in code generated by
the {FullCodeGenerator}. Such code is no longer used as the target of
deoptimization attempts, hence storing deoptimization data is obsolete.
R=jarin@chromium.org
BUG=v8:6409
Change-Id: I3200182a6e88014ce953881fa0d1ac0bc65ee424
Reviewed-on: https://chromium-review.googlesource.com/533153
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45939}
For unknown Argument object Maps we have to expect that constants fields
are kept on the Map.
Bug: chromium:729597
Change-Id: I110f77455ce434a431c8de27d021b1a5deb86f30
Reviewed-on: https://chromium-review.googlesource.com/532900
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45935}
- Eliminates S32x4Shuffle, S16x8Shuffle opcodes. All shuffles are subsumed
by S8x16Shuffle. This aligns us with the latest WASM SIMD spec.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2923103003
Cr-Commit-Position: refs/heads/master@{#45929}
Port the baseline implementation of Object.prototype.isPrototypeOf to
the CodeStubAssembler, sharing the existing prototype chain lookup logic
with the instanceof / OrdinaryHasInstance implementation. Based on that,
do the same in TurboFan, introducing a new JSHasInPrototypeChain
operator, which encapsulates the central prototype chain walk logic.
This speeds up Object.prototype.isPrototypeOf by more than a factor of
four, so that the code
A.prototype.isPrototypeOf(a)
is now performance-wise on par with
a instanceof A
for the case where A is a regular constructor function and a is an
instance of A.
Since instanceof does more than just the fundamental prototype chain
lookup, it was discovered in Node core that O.p.isPrototypeOf would
be a more appropriate alternative for certain sanity checks, since
it's less vulnerable to monkey-patching. In addition, the Object
builtin would also avoid the performance-cliff associated with
instanceof (due to the Symbol.hasInstance hook), as for example hit
by https://github.com/nodejs/node/pull/13403#issuecomment-305915874.
The main blocker was the missing performance of isPrototypeOf, since
it was still a JS builtin backed by a runtime call.
This CL also adds more test coverage for the
Object.prototype.isPrototypeOf builtin, especially when called from
optimized code.
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
BUG=v8:5269,v8:5989,v8:6483
R=jgruber@chromium.org
Review-Url: https://codereview.chromium.org/2934893002
Cr-Commit-Position: refs/heads/master@{#45925}
They were already implemented mostly in C++ (only error/negative
cases were handled in script), so this is mostly just a cleanup.
Only the constructors remain in script after this CL.
Bug: v8:6354
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I5b3579337a8e33dc30d49c2da5cfd42baec697bb
Reviewed-on: https://chromium-review.googlesource.com/531670
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45924}
TracingCpuProfiler test updates the current plaform while
concurrent marking is running.
This patch also disables stress-incremental-marking for
mjsunit/regress-430201.
BUG=chromium:694255
Change-Id: I85ff538c47bce0300cde3204989ef3f9512b805f
Reviewed-on: https://chromium-review.googlesource.com/533873
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45921}
This patch also fixes several cctests that require manual GC.
BUG=chromium:694255
Change-Id: Ida93ed2498a6c5b0187ee78d2b1da27d2ff1906a
Reviewed-on: https://chromium-review.googlesource.com/533233
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45913}
The new fuzzer takes the fuzzer input as module bytes and compiles them
with WebAssembly asynchronous compilation.
R=mtrofin@chromium.org
Change-Id: I9740edec68e26c04d011d85c68521e340be13c4c
Reviewed-on: https://chromium-review.googlesource.com/506156
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45912}
The function that generated a pre-shifted immediate didn't account for the
instruction with post-shift being unencodable. Fix this by passing
information about the target instruction, and use it to limit the application
of pre-shift.
BUG=chromium:725858
Change-Id: Ia0f70b2ea057975d90162aa6889f15b553acd321
Review-Url: https://codereview.chromium.org/2922173004
Cr-Commit-Position: refs/heads/master@{#45911}
There exists a hidden assumption in V8 that neither foreground nor
background tasks own any memory. For asynchronous WebAssembly
compilation this assumption was wrong, which causes crashes when V8 shut
down before the compilation finished.
With this CL I change the way asynchrous compilation happens. In the
existing implementation each compilation stage provided its own task
which could be spawned either in foreground or background. With this CL
each stage only provides a state, and a generic CompileTask executes on
that state. There exists exactly one state at a time.
To have exactly one state at a time I combined the stages
ExecuteCompilationUnits and FinishCompilationUnits to a single stage. In
addition I removed the WaitForBackgroundTasks stage and added a
CancelableTaskManager to the AsyncCompileJob instead to do the waiting.
BUG=v8:6436
R=clemensh@chromium.org, mtrofin@chromium.org
Change-Id: I2eb61f74235c65524ce720c474eaf99ae7472c81
Reviewed-on: https://chromium-review.googlesource.com/532993
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45908}
This gives the embedder more context for deciding whether code
generation should be allowed or not, or they can chose to include the
code in a report.
BUG=chromium:732736
R=ahaas@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ibbaa3d0574319d290f15565be3eed2ee4d3dda36
Reviewed-on: https://chromium-review.googlesource.com/532875
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45905}
This reverts commit e39c9e020f.
Reason for revert: Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/15561
Original change's description:
> [compiler] Drive optimizations with feedback vector
>
> For interpreted functions, use the optimized code slot in the feedback vector
> to store an optimization marker (optimize/in optimization queue) rather than
> changing the JSFunction's code object. Then, adapt the self-healing mechanism
> to also dispatch based on this optimization marker. Similarly, replace SFI
> marking with optimization marker checks in CompileLazy.
>
> This allows JSFunctions to share optimization information (replacing shared
> function marking) without leaking this information across native contexts. Non
> I+TF functions (asm.js or --no-turbo) use a CheckOptimizationMarker shim which
> generalises the old CompileOptimized/InOptimizationQueue builtins and also
> checks the same optimization marker as CompileLazy and
> InterpreterEntryTrampoline.
>
> Change-Id: I6826bdde7ab9a919cdb6b69bc0ebc6174bcb91ae
> Reviewed-on: https://chromium-review.googlesource.com/509716
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45901}
TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,leszeks@chromium.org
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: Ib6c2b4d90fc5f659a6dcaf3fd30321507ca9cb94
Reviewed-on: https://chromium-review.googlesource.com/532916
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45903}
For interpreted functions, use the optimized code slot in the feedback vector
to store an optimization marker (optimize/in optimization queue) rather than
changing the JSFunction's code object. Then, adapt the self-healing mechanism
to also dispatch based on this optimization marker. Similarly, replace SFI
marking with optimization marker checks in CompileLazy.
This allows JSFunctions to share optimization information (replacing shared
function marking) without leaking this information across native contexts. Non
I+TF functions (asm.js or --no-turbo) use a CheckOptimizationMarker shim which
generalises the old CompileOptimized/InOptimizationQueue builtins and also
checks the same optimization marker as CompileLazy and
InterpreterEntryTrampoline.
Change-Id: I6826bdde7ab9a919cdb6b69bc0ebc6174bcb91ae
Reviewed-on: https://chromium-review.googlesource.com/509716
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45901}
These CL skips the tests the same way it is done on ARM.
Bug:
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I03b5b6cb2c69a4838c649ce7beee6283f3324e6d
Reviewed-on: https://chromium-review.googlesource.com/532876
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#45900}
Double element types were much slower than Smi/Object previously.
We can box each double in a HeapNumber and push them into a new
FixedArray to save going into the runtime.
Bug: v8:4826, chromium:704966
Change-Id: I7f15d0d636a52760daefed722265c696c1ebb13e
Reviewed-on: https://chromium-review.googlesource.com/531004
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45897}
With the deprecation of Crankshaft, it's no longer necessary for
FullCodeGen to keep track of its runtime profiler ticks on the code
object, and we can instead unify the behaviour of FCG and Ignition to
both increment the SFI counter instead.
Bug: v8:6408
Change-Id: Idcdd673aa39af06fe15a0fc14dfda2afafb5e417
Reviewed-on: https://chromium-review.googlesource.com/528117
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45892}
The AST-based graph builder is by now only used for asm.js code. This
change hard-codes this assumption into the compilation pipeline and
hence allows us to remove support pertaining to deoptimization from
optimized code that was not derived from bytecode.
R=jarin@chromium.org
BUG=v8:6409
Change-Id: I1138f16f663db5b9ee34e3110184067b8fcffc8b
Reviewed-on: https://chromium-review.googlesource.com/531026
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45887}
Once a buffer has been externalized, V8 is no longer responsible for managing
the memory. The fact that V8 was freeing was leading to double free errors once
Blink's GC got around to freeing the buffer too.
Bug: chromium:730171, chromium:731046
Change-Id: Ib18a7e37cafd51bce0c5a983d5cf8f3e64eb2c13
Reviewed-on: https://chromium-review.googlesource.com/530132
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45882}
This feature has been on by default without incident
since V8 5.8.
Bug: v8:5051
Change-Id: I1baf81922efd87e07448955147c50a5ba5a0aa42
Reviewed-on: https://chromium-review.googlesource.com/532214
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45881}
Avoid constructing zones and large zone objects when initializing
WasmCompilationUnit. The main reason we did that is so we can cache
the CEntryStub node, which requires a code object, obtainable only
on the main thread. We need that value, however, on background threads,
which is also where we need the aforementioned large objects. We only
need that for the WasmCompilationUnits being currently compiled, which
is a number proportional to the number of background threads provided
by the embedder. Specifically, one zone is needed only for the duration
of the background compilation, while the second zone needs to survive
past that, so the compilation results may be committed to the GC heap
as Code objects.
The problem with these large objects is that the first allocation
in a Zone is at minimum 8KB. We used to allocate 2 zones. For
modules with 200K functions, that means 3.2GB of memory pre-allocated
before any of it is actually needed.
This change attaches a Handle to the CEntryStub on the WasmCompilationUnits,
and delays zone creation to when needed. The change also adds a way to
cache CEntryStubs in a JSGraph from a given Code handle - limited to the
scenario needed by wasm (and removable once we get wasm off the GC heap,
which subsumes removing this dependency on CEntryStubs)
An additional constraint for this change is that we want it to be easily
back-mergeable to address chromium:723899.
For the wasm payload in question, collecting the max memory used by d8
using /usr/bin/time --format='(%Xtext+%Ddata %Mmax)', we get the
following numbers (in KB):
- unchanged: 3307480
- patch 1: 1807140 (45% reduction)
- patch 3: 1230320 (62% reduction from first)
- patch 5/6: 519368 (84% reduction from first)
Bug: chomium:732010, chromium:723899
Change-Id: I45b96792daf8a9c8dc47d45fb52da75945a41401
Reviewed-on: https://chromium-review.googlesource.com/530193
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45880}
- Remove commented out line
- Simulate full space properly, independently of flags set
Bug:
Change-Id: I6013caae43eb40dd568fbd872eb0ee78288c61bf
Reviewed-on: https://chromium-review.googlesource.com/531084
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45874}
Distinguish the compilation caches instead by the shape of the key (cow fixed
array map meaning eval or script cache). This allows us to remove the odd "key"
argument from Shrink, EnsureCapacity and Rehash.
Bug: v8:6474
Change-Id: Ibcad22813063c3a9050da13dc51359f5b59e1254
Reviewed-on: https://chromium-review.googlesource.com/531184
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45873}
This adds missing support for in-object properties within objects having
the {JSGeneratorObject} type to materialization during deoptimization.
For corner-cases where the implicit generator object is statically known
not to escape, object layout might still be arbitrarily complex.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-732169
BUG=chromium:732169,v8:6481
Change-Id: I32f373913d60af64981dc4ed66873cc8a1dbe872
Reviewed-on: https://chromium-review.googlesource.com/530230
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45870}
The fence ensures that the concurrent marker observes consistent state
of mark-bits for newly allocated objects.
The patch also moves Bitmap functions to cc file and removes non-atomic
versions of SetRange and ClearRange.
BUG=chromium:694255
Change-Id: I466bef654f3d4a21b7aaebdfd6d5a39ddb5f2a0a
Reviewed-on: https://chromium-review.googlesource.com/530367
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45868}
console.context(name:string) method returns console instance, this console instance fully implements console interface (including fact that any method can be called without console as receiver).
Protocol.Runtime.consoleAPICalled notification contains additional context:string field:
- "anonymous#unique-id" for any method call on unnamed console context,
- "name#unique-id" for any method call on named console context.
console.count and console.timeEnd have context as a scope.
console.clear clear all messages regardless on what context instance it was called.
console calls is ~10% slower with this CL since we need to store and then fetch console_context_id and console_context_name from function object.
We recently (in April) made console calls twice faster so 10% doesn't sound critical and existing of console.log call in hot code is problem by itself.
R=pfeldman@chromium.org
Bug: chromium:728767
Change-Id: I5fc73216fb8b28bfe1e8c2c1b393ebfbe43cd02e
Reviewed-on: https://chromium-review.googlesource.com/522128
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45864}
The EnableFlagScope is useful also for non-boolean flags. With the
template we can use if for example in the wasm fuzzers to reduce the
maximum memory size of a wasm module.
In addition I put the EnableFlagScope into the v8::internal namespace,
and I fixed a small typo.
BUG=v8:6474
R=clemensh@chromium.org
Change-Id: Iae5d5c058c334cd0f9e09d20adfd229fc2d6c585
Reviewed-on: https://chromium-review.googlesource.com/531005
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45862}
In many places in WasmModule and contained structs we store references
into the wire bytes as pairs of offset and length.
This CL introduces a WireBytesRef struct which encapsulates these two
connected fields. This makes it easier to pass them and assign them as
one unit.
R=ahaas@chromium.org, mtrofin@chromium.org
BUG=v8:6474
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I4f2a40d848a51dc6f6f599f9253c3c6ed6e51627
Reviewed-on: https://chromium-review.googlesource.com/530687
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45859}
We were emitting the table index once in the element section instead of
once per element segment. This did not cause failures because we never
had more than one element segment.
This CL fixes this, and adds a test for more than one segment.
R=rossberg@chromium.org
Change-Id: I13923baf3dae383c72760286e24242d0ad55c4db
Reviewed-on: https://chromium-review.googlesource.com/527155
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45857}
This is a testing-only function, which is semantically equivalent to a
SyncCompile followed by SyncInstantiate.
We add a new SyncCompileAndInstantiate function to do those two steps
in one go, and use this method instead.
For AsmJs modules, a new testing function CompileAndRunAsmWasmModule is
introduced.
This is part of our effort to reduce the number of special paths for
testing. It is connected with
https://chromium-review.googlesource.com/529210, but should not
conflict with it.
After landing both CLs, we can later also get rid of
InstantiateModuleForTesting.
R=ahaas@chromium.org, mtrofin@chromium.org
BUG=v8:6474
Change-Id: I7891e968370d5eb68803076ce2639c65a2799dcc
Reviewed-on: https://chromium-review.googlesource.com/529844
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45852}
This CL removes unnecessary code duplication in the fuzzer code. Instead
of having special testing functions to compile and instantiate a
WebAssembly module, we now just call SyncCompile and SyncInstantiate.
This also fixed a problem when the fuzzer generated a GrowMemory
instruction.
BUG=v8:6474
R=clemensh@chromium.org
Change-Id: I5f2f23349b5866ea67be20a0826271791e1a013e
Reviewed-on: https://chromium-review.googlesource.com/529210
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45851}
This adds support for materializing objects of {JSGeneratorObject} type
during deoptimization. Cases where soft-deopts remove any escaping use
of the implicit generator object can cause it to be escape analyzed.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-732169
BUG=chromium:732169
Change-Id: I2ec10b2a509a4f37a456a8ca2fd74b8de2fb55be
Reviewed-on: https://chromium-review.googlesource.com/530847
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45849}
* add functionality to wasm-module-builder.js to emit the module name
in the name section.
* extend WasmModule to store the module name length and offset.
* add functionality to module-decoder.cc to decode the module name.
* use the module name for printing stack traces. more uses should
follow.
* extend one message test to contain a module name.
R=ahaas@chromium.org
Change-Id: I94e6f1f2eb99cb656a92a85bb7afe0742292046f
Reviewed-on: https://chromium-review.googlesource.com/530366
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45846}
Callables for TF builtins are autogenerated and accessible through
Builtins::CallableFor. This removes the manually written accessors from
CodeFactory.
Bug: v8:6474,v8:5737
Change-Id: I9d8dec97995471c1bb258147220c190bf72e5de8
Reviewed-on: https://chromium-review.googlesource.com/530745
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45839}
This CL removes most occurences of "WASM" from outputs and comments in
the code. They are replaced either by "WebAssembly" or (especially in
comments) "wasm". These are the spellings officially proposed on
http://webassembly.org/.
R=ahaas@chromium.org
BUG=v8:6474
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id39fa5e25591678263745a4eab266db546e65983
Reviewed-on: https://chromium-review.googlesource.com/529085
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45824}
In some [1] cases where a lexical declaration is not allowed, ASI will
cause a `let` at the end of a line to be interpreted as an
identifier. A recent patch [2] to fix up the error messages from
misplaced `let` usage was a little overzealous in triggering
the error, throwing a SyntaxError in this edge case. This patch
restores the ASI behavior, which is permitted in JSC and
SpiderMonkey as well. Thanks to a test262 test from Andre Bargull
for raising this issue.
[1] https://tc39.github.io/ecma262/#sec-expression-statement
[2] https://codereview.chromium.org/2697193007
Bug: v8:3305
Change-Id: I80ae8ad9a8a93389ff1003323f0d3f003e7a8c8e
Reviewed-on: https://chromium-review.googlesource.com/529225
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45817}
The wasm-code fuzzer used different parameters for the interpreter and
the generated code due to a typo. This typo is fixed by this CL.
R=clemensh@chromium.org
Change-Id: Ia9c72b83e7722e0a8b3fe6efb3f4b32ca5c937ab
Reviewed-on: https://chromium-review.googlesource.com/527447
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45812}
Also, as this is hard to track down, always DCHECK position after ReadBlock().
Change-Id: Ie32c3a311dd8df91f651b6d82ccacc7c95e6fde0
Reviewed-on: https://chromium-review.googlesource.com/528196
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45811}
ExpressionClassifier was used just for transmitting information back and forth
to DeclareFormalParameters.
As a bonus, we now do the Scope::IsDeclaredParameter check only when we're going
to use the information it produces.
BUG=v8:6092,v8:6474
Change-Id: Ib5ac6a779705caa74e933e1c6f03eaaf0f49bf05
Reviewed-on: https://chromium-review.googlesource.com/455836
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45809}
All the bytecode handlers were added a one test, so we would get a
total on all of the bytecode handler benchmarks. It is not a good
indicator when we total unrelated benchmarks. So added more categories
to group only related benchmarks together. This also makes it easier
to look at the results.
Bug: chromium:730628
Change-Id: I1c5858f40c1ce584c4b7bd833a7f3c52a43d07c6
Reviewed-on: https://chromium-review.googlesource.com/527436
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45808}
In some codes flushing the registers was costly: we processed each
register whereas all the registers alone in their equivalence class need
not to be processed. We now overapproximate easily which classes are of
size 2 so as to save many iterations in the Flush() loop in some cases.
Bug: v8:6432
Change-Id: I945e151736e8a515263ac76312127d930fd20d74
Reviewed-on: https://chromium-review.googlesource.com/525795
Commit-Queue: Alexandre Talon <alexandret@google.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45805}
This removes the ability of the compilation pipeline to invoke the
Crankshaft optimizing compiler for JavaScript functions. Note that in
this state Crankshaft can still be used to compile code stubs.
R=rmcilroy@chromium.org
BUG=v8:6408
Change-Id: I0bec7c8ec7c705c13257df43796403a228ea631c
Reviewed-on: https://chromium-review.googlesource.com/527443
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45803}
In sloppy mode, allow multiply labelled function declarations, such as
a: b: function c() {}
Such a form is allowed by the specification, as well as ChakraCore,
SpiderMonkey and JSC (though ChakraCore because it doesn't enforce
any lexical label restrictions.)
Thanks to Andre Bargull for adding the test262 test which caught the bug.
Change-Id: I2d3f172830c2e63252f00afa03177a7d17d79a27
Reviewed-on: https://chromium-review.googlesource.com/527639
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45802}
Both Ignition and TurboFan have been enabled by default for a while.
This just disentangles the implication between those two flags and sets
the --ignition individually. They can now be controlled individually.
R=rmcilroy@chromium.org
BUG=v8:6408
Change-Id: I08eca85120160efa5868b5ca36d1613964ed82eb
Reviewed-on: https://chromium-review.googlesource.com/527637
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45800}
- Eliminates b1x4, b1x8, and b1x16 as distinct WASM types.
- All vector comparisons return v128 type.
- Eliminates b1xN and, or, xor, not.
- Selects take a v128 mask vector and are now bit-wise.
- Adds a new test for Select, where mask is non-canonical (not 0's and -1's).
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2919203002
Cr-Commit-Position: refs/heads/master@{#45795}
Port 659e8f7b5c
Original Commit Message:
Instead of allocating and embedding certain heap numbers into the code
during code assembly, emit dummies but record the allocation requests.
Later then, in Assembler::GetCode, allocate the heap numbers and patch
the code by replacing the dummies with the actual objects. The
RelocInfos for the embedded objects are already recorded correctly when
emitting the dummies.
R=neis@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, bjaideep@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:6048
LOG=N
Review-Url: https://codereview.chromium.org/2929843002
Cr-Commit-Position: refs/heads/master@{#45793}
This CL takes advantage of the fact that StatsCounter is now local to
the Counters class. This includes:
1) Method StatsTable::SetCreateHistogramFunction() was only called in
one spot (in api.cc), which also called Counters::ResetHistograms()
and Counters::InitializeHistorgram(). InitializeHistogram can be
folded into Histogram.Reset().
2) Since Histogram::Reset() now regenerats the histogram, we no longer
need the field lookup_done_. Therefore there is no longer a race
between updating ptr_ and lookup_done_, making the Histogram class
thread safe.
3) Made the constructors of several classes private (except for class
Counters), minimizing the scope that they are used. When the couldn't
be moved, add comment that they were public only for test cases.
4) Removed the need for a mutex lock on StatsCounter::Reset(), since
it is now guaranteed to only be called when
StatsTable::SetCounterFunction() is called.
BUG=v8:6361
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
Review-Url: https://codereview.chromium.org/2918703002
Cr-Commit-Position: refs/heads/master@{#45791}
Add the ability for the typer to track whether a string could be the empty
string. This is needed for typed lowering of JSStringConcat since we can't
create cons string chain with the empty string in arbitrary positions.
The ToPrimitiveToString bytecode handler is modified to collect feedback on
whether it has ever seen the empty string, which is used by
SpeculativeToPrimitiveToString to ensure that the output is non-empty (or
depot) which will subsiquently be used to enable inline cons-string creation
for the JSStringConcat operator in typed lowering in a subsiquent CL.
BUG=v8:6243
Change-Id: I41b99b59798993f756aada8cff90fb137d65ea52
Reviewed-on: https://chromium-review.googlesource.com/522122
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45786}
The variant in question was intended to test Crankshaft, which is being
deprecated. Note that the variants 'nooptimization' and 'fullcode' still
test configuration where TurboFan is not active.
R=machenbach@chromium.org
BUG=v8:6408
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I587c3eee7ba511dfc270aab66b546d2532bc635f
Reviewed-on: https://chromium-review.googlesource.com/528133
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45785}
ThrowIfHole bytecodes were handled by introducing deopt points to check
for a hole. To avoid deopt loops a hole check protector was used to
generate control flow if there was a deopt due to a hole. However, the
normal control flow version should be as fast as the deopt version
in general. The deopt version could potentially consume less compile time
but it may not be worth the complexity added. Hence simplifying it to
only construct the control flow.
Bug: v8:6383
Change-Id: Icace11f7a6e21e64e1cebd104496e3f559bc85f7
Reviewed-on: https://chromium-review.googlesource.com/525573
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45783}
Don't treat new prototypes differently depending on how they become a
prototype. This is work towards always keeping prototypes in slow-mode.
Bug: v8:6471
Change-Id: I62de1018e21d91fda3a5da044615f32c718910b1
Reviewed-on: https://chromium-review.googlesource.com/526596
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45781}
This adds block coverage support for simple iteration. For-of and
for-in loops are not yet covered, and we don't yet keep execution counts
for init, cond, and next statements.
BUG=v8:6000
Change-Id: I30b468a2c93f0bb60e857b6632be92920f6857e0
Reviewed-on: https://chromium-review.googlesource.com/527113
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45779}
Array buffers can now have an allocation that is larger than the actual
buffer, such as when WebAssembly guard regions are enabled. Embedders
need to know the actual allocation start and length when externalizing
a buffer so they can deallocate it properly.
Bug: chromium:720302, v8:5277
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ifc184fdd59d77af01c07a64d2c0229ca859a01b0
Reviewed-on: https://chromium-review.googlesource.com/523271
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45777}
The two variants "turbofan" and "turbofan_opt" are not part of any of
the default sets of variants that run-tests.py uses. The only way to
trigger execution would be via the --variants flag directly, which our
infrastructure is not doing.
R=machenbach@chromium.org
Change-Id: Ifa58cb4a83a3760ffba73e8b40b417a845f53506
Reviewed-on: https://chromium-review.googlesource.com/526637
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45772}
BytecodeArrayBreakIterator doesn't iterate through locations in position() order. SkipToPosition is looking for closest break_index to passed one. So we should iterate through all breakable locations in function to get all of them.
R=jgruber@chromium.org
Bug: v8:6469
Change-Id: Ida0b849e9df40458a13e0a0f7af6a00349088228
Reviewed-on: https://chromium-review.googlesource.com/527135
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45765}
This CL contains a few pieces:
- A new mechanism to create "BuiltinContinuation" checkpoints in TurboFan
graphs, which--when triggered--swizzle the values in the the FrameState to be
parameters to a typically TF-generated builtin that resumes execution to finish
the slow-case functionality.
- Continuation builtins that have special handling in the deoptimizer and their own
new frame type to ensure that the values they need to begin executing can be stashed
away and restored immediately before the builtin is called via a trampoline that runs
when the continuation builtin's frame execution resumes.
- An implementation of Array.prototype.forEach in TurboFan that can be used to
inline it. The inlined forEach implementation uses the checkpoints mechanism
described above to deopt in the middle of the forEach in the cases that optimization
invariants are violated. There is a slightly different continuation stub for each
deopt point in the forEach implementation to ensure the correct side-effects, i.e.
that the deopt of the builtin isn't programmatically observable.
Review-Url: https://codereview.chromium.org/2803853005
Cr-Commit-Position: refs/heads/master@{#45764}
Adds support for Speculatively lower ToPrimitiveToString to CheckString
where the type hint shows the value has always been a string.
BUG=v8:6243
Change-Id: I7f36deb8c2bc309e6d0546e099c76ac518c6be09
Reviewed-on: https://chromium-review.googlesource.com/521123
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45760}
When the slow path for Array.prototype.indexOf calls a Proxy's "has"
trap, it must check afterwards whether an exception was thrown.
BUG=chromium:728813
Change-Id: I998bba6ddcd65adfed2eefb63b3285da60d2a43c
Reviewed-on: https://chromium-review.googlesource.com/527173
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45759}
This removes the test suite variant for stressing Crankshaft from the
list of supported variants. Other stress variants remain untouched.
R=machenbach@chromium.org
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Iad236c2b80a1dea21b8be9b931e6a4e88f3ebcc5
Reviewed-on: https://chromium-review.googlesource.com/527094
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45758}
This cl: https://chromium-review.googlesource.com/509613 changed
CheckNotTaggedHole to not produce any value output. This would mean that
in some cases, we could leak hole on value edges. This violates the
assumption that we cannot see a hole on several operators. Fixing this
back to the original state.
Bug: chromium:730254
Change-Id: I3512930e88dbe15e9d9b4b0d276868f354cc2ae2
Reviewed-on: https://chromium-review.googlesource.com/527033
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45757}
Adds support for lowering of ToPrimitiveToString and StringConcat bytecodes
to the corresponding builtins. As part of this, moves the interpreter
implementation of these operations into the appropriate builtin generators
and add builtin support for them.
Also adds TailCallRuntimeN operator to code-assembler which enables tail calling
a runtime function when the arguments have already been pushed onto the stack.
BUG=v8:6243
Change-Id: Id5c851bc42e4ff490d9a23a8990ae331c7eac73e
Reviewed-on: https://chromium-review.googlesource.com/515362
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45756}
It's possible to build circular objects through the reviver function in
JSON.parse. Recursion needs to check for stack overflows and throw as
needed.
BUG=chromium:729671
Change-Id: I52ccd9ed9fea5829810879f8dd8207043fa6d910
Reviewed-on: https://chromium-review.googlesource.com/525812
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45752}
The inlining of Function.prototype.bind can lead to escape analyzed
bound functions, which weren't handled by the Deoptimizer previously.
BUG=chromium:729573
R=jarin@chromium.org,cbruni@chromium.org
Review-Url: https://codereview.chromium.org/2931483003
Cr-Commit-Position: refs/heads/master@{#45751}
... as opposite to a global per-isolate one.
Also streamlined multiple checks into a single acceptsPause() method.
BUG=chromium:590878
Review-Url: https://codereview.chromium.org/2925903002
Cr-Commit-Position: refs/heads/master@{#45749}
Properly propagate the fact that the function has a statically known name from
parser to SharedFunctionInfo objects. The empty string that has been set as
name before this CL does not help to distinguish cases like:
var o1 = { ''(){} };
var o1 = { [foo()](){} };
or
var o2 = { get ''(){} };
var o2 = { get [foo()](){} };
This is a preliminary step for using different layouts for closure objects with
and without computed names.
TBR=bmeurer@chromium.org, marja@chromium.org
Bug: v8:6459
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I10afa6f4bda7881c3714711a75f720f83c1d875d
Reviewed-on: https://chromium-review.googlesource.com/522073
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45744}
Found multiple issues (added TODOs for them):
- isPaused() check is global, so one can resume from another session/context group
without receiving 'paused' notification;
- setBreakpointsActive flag is global affecting all sessions and context groups;
- max async call stack depth is global, and should be per context group.
BUG=chromium:590878
Review-Url: https://codereview.chromium.org/2921373002
Cr-Commit-Position: refs/heads/master@{#45742}
The regression is already fixed. This just adds a regression test to
ensure it will never be reintroduced.
R=ahaas@chromium.org
BUG=chromium:729991
Change-Id: I5cf960cc756cbb7723041bc06a78d6a14c66e241
Reviewed-on: https://chromium-review.googlesource.com/525538
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45739}
This CL implements general infrastructure for block coverage together with
initial support for if-statements.
Coverage output can be generated in lcov format by d8 as follows:
$ d8 --block-coverage --lcov=$(echo ~/simple-if.lcov) ~/simple-if.js
$ genhtml ~/simple-if.lcov -o ~/simple-if
$ chrome ~/simple-if/index.html
A high level overview of the implementation follows:
The parser now collects source ranges unconditionally for relevant AST nodes.
Memory overhead is very low and this seemed like the cleanest and simplest
alternative.
Bytecode generation uses these ranges to allocate coverage slots and insert
IncBlockCounter instructions (e.g. at the beginning of then- and else blocks
for if-statements). The slot-range mapping is generated here and passed on
through CompilationInfo, and is later accessible through the
SharedFunctionInfo.
The IncBlockCounter bytecode fetches the slot-range mapping (called
CoverageInfo) from the shared function info and simply increments the counter.
We don't collect native-context-specific counts as they are irrelevant to our
use-cases.
Coverage information is finally generated on-demand through Coverage::Collect.
The only current consumer is a d8 front-end with lcov-style output, but the
short-term goal is to expose this through the inspector protocol.
BUG=v8:6000
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
Review-Url: https://codereview.chromium.org/2882973002
Cr-Commit-Position: refs/heads/master@{#45737}
This takes into account the type of the type guard when choosing
representation for a node. To make the representation changes
unambiguous, we pass the restricted type to the changer.
BUG=chromium:726554
Review-Url: https://codereview.chromium.org/2920193004
Cr-Commit-Position: refs/heads/master@{#45734}
Previously Ignition would collect precise Number feedback for binary
operators, but TurboFan would just ignore that and treat it the same as
NumberOrOddball. That however generates a lot of unnecessary code, plus
it defeats redundancy elimination if the same input is also used by
compare operations, which do properly distinguish feedback Number and
NumberOrOddball.
This CL adds the missing bits to connect the existing functionality
properly, i.e. adding the missing BinaryOperationHint and using the
NumberOperationHint::kNumber in the representation selection for tagged
inputs.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2923543003
Cr-Commit-Position: refs/heads/master@{#45732}
The boundary cells of the mark-bitmap can be access concurrently,
so they need to be updated with atomic CAS.
BUG=chromium:694255
Change-Id: Ibe85f00c8b4ccc61edc43b400c5b08a6d0ba620e
Reviewed-on: https://chromium-review.googlesource.com/521103
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45731}
When optimizing stores to data properties in literals, we need to first
migrate deprecated maps before we lookup the property access infos for
those.
BUG=chromium:724608
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2930433003
Cr-Commit-Position: refs/heads/master@{#45727}
This reverts commit 7fa071a48b.
Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=729482
Original change's description:
> Reland [parser] Refactor streaming scanner streams.
>
> Unify, simplify logic, reduce UTF8 specific handling.
>
> Intend of this is also to have stream views.
> Stream views can be used concurrently by multiple threads, but
> only one thread may fetch new data from the underlying source.
> This together with unified stream view creation is intended to be
> used for parse tasks.
>
> BUG=v8:6093
>
> Change-Id: I3bce48185fa2c986d16619a9a8ece3ff4c4f5e60
> Reviewed-on: https://chromium-review.googlesource.com/509489
> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
> Cr-Commit-Position: refs/heads/master@{#45688}
TBR=marja@chromium.org,vogelheim@chromium.org,wiktorg@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
BUG=v8:6093
Change-Id: Iefa7c43a2f6ae3a7f3ef0f77d87b6ae36ae4be99
Reviewed-on: https://chromium-review.googlesource.com/525712
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45725}
For now skip WASM SIMD tests that fail when MIPS SIMD extension
is not available. Turn on these tests again when simd scalar lowering
mechanism supports all WASM SIMD operations.
Bug:
Change-Id: I4589680147c04716ed66680aaa06639f4f2452d0
Reviewed-on: https://chromium-review.googlesource.com/524082
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Reviewed-by: Miran Karić <Miran.Karic@imgtec.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#45721}
Introduces ThrowReferenceErrorIfHole / ThrowSuperNotCalledIfHole
/ ThrowSuperAlreadyCalledIfNotHole bytecodes to handle hole checks.
In the bytecode-graph builder they are handled by introducing a deopt point
instead of adding explicit control flow. JumpIfNotHole / JumpIfNotHoleConstant
bytecodes are removed since they are no longer required.
Bug: v8:4280, v8:6383
Change-Id: I58b70c556b0ffa30e41a0cd44016874c3e9c5fe1
Reviewed-on: https://chromium-review.googlesource.com/509613
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45720}
This wraps up the move to explicit APIs, i.e.
instantiateStreaming/compileStreaming.
Bug:
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Icc8280b2b3ad35acb90cc0beebe3acd7581179d7
Reviewed-on: https://chromium-review.googlesource.com/525141
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45719}
The change also moves creation of the iterator result from the parser to the bytecode generator.
Unfortunately, async generators will stay on the old scheme (try-finally around generator body) because I am not exactly sure how they work.
Review-Url: https://codereview.chromium.org/2917263002
Cr-Commit-Position: refs/heads/master@{#45713}
Instead of going through debugger agent, this patch implements
console.assert pause similar to debugger statement and OOM break.
New test uncovered a bug, where pause on exceptions state mix up
between different context groups. Added a TODO to fix it.
BUG=chromium:590878
Review-Url: https://codereview.chromium.org/2916363002
Cr-Commit-Position: refs/heads/master@{#45711}
Now that the BytecodeGenerator has a dedicated register holding
the generator object, BytecodeGenerator::VisitSuspend can
access the generator directly from that register. This reduces
by one the number of live registers at each suspend point.
Bug: v8:6351, v8:6460
Change-Id: I380a9d2bd8ca7eec6720e5392c1ca07dd0df0e2d
Reviewed-on: https://chromium-review.googlesource.com/522982
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45710}
This gives sessions separate remote objects space and also
makes command line api respect the session it was called from.
BUG=chromium:590878
Review-Url: https://codereview.chromium.org/2916803005
Cr-Commit-Position: refs/heads/master@{#45708}
TBR=ishell@chromium.org
Bug: v8:6457
Change-Id: I09d7d6ff8460688b7ddf25f733aea73a620db953
Reviewed-on: https://chromium-review.googlesource.com/523037
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45699}
This CL updates the hook for the WebAssembly spec repository, and it
updates the WebAssembly spec tests. The WebAssembly spec tests have to
be updated manually with the tools/wasm/update-wasm-spec-tests.sh
script. Mircea, I saw that you updated the WebAssembly spec repository
last time. Can you please take a look?
UPDATE: I improved the update script slightly, and there is one
additional JS API test we fail now and have to fix eventually.
R=mtrofin@chromium.org
Change-Id: I3c0df9cee64d444147db47daa0c1936edf116173
Reviewed-on: https://chromium-review.googlesource.com/509257
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45692}
Unify, simplify logic, reduce UTF8 specific handling.
Intend of this is also to have stream views.
Stream views can be used concurrently by multiple threads, but
only one thread may fetch new data from the underlying source.
This together with unified stream view creation is intended to be
used for parse tasks.
BUG=v8:6093
Change-Id: I3bce48185fa2c986d16619a9a8ece3ff4c4f5e60
Reviewed-on: https://chromium-review.googlesource.com/509489
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Cr-Commit-Position: refs/heads/master@{#45688}
Execution tests regress-336820 and regress-678917 finished with error
messages "allocation failure GC in old space requested" and "fatal
javascript OOM in CALL_AND_RETRY_LAST". For successful execution,
parameter max_old_space_size must be increased and this is done inside
tests.
TEST=mjsunit/regress/regress-336820,
mjsunit/regress/regress-678917
BUG=
Review-Url: https://codereview.chromium.org/2907363003
Cr-Original-Commit-Position: refs/heads/master@{#45672}
Committed: 1550c86909
Review-Url: https://codereview.chromium.org/2907363003
Cr-Commit-Position: refs/heads/master@{#45681}
When the input to Function.prototype.bind is a known function, we can
inline the allocation of the JSBoundFunction into TurboFan, which
provides a 2x speed-up for several hot functions in Node streams (as
discovered by Matteo Collina). One of example of this can be found in
https://github.com/nodejs/node/pull/13322, which can be optimized and
made more readable using bind instead of closures.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2916063002
Cr-Commit-Position: refs/heads/master@{#45679}
Based on past discussions I'm going to try to reland this change. This makes window.document and document behave the same after navigation, which is a change from what the spec says. If this works out though, it would greatly simplify the spec; and fix the fact that currently it's leaking the underlying global object, which we don't want for security and object-identity reasons.
Bug: chromium:713732
Change-Id: I5ce89afb46349ff92b7f5a884a7c388fcff887bf
Reviewed-on: https://chromium-review.googlesource.com/522605
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45678}
Unfortunately, even for an empty generator, we still use 8 register for various things (try-finally, copies of generator object, parser-introduced temporaries). I will try to get rid of these in separate CLs.
Changes:
- SuspendGenerator bytecode now takes register list to save.
- ResumeGenerator was split into two bytecodes:
* Resume generator reads the state out and marks the generator as
'executing'.
* RestoreGeneratorRegisters reloads the registers from
the generator.
+ this required adding support for output register list.
- Introduced generator_object_ register in the bytecode generator.
* in subsequent CLs, I will make better use of it, the goal is
to get rid if the .generator_object local variable.
- Taught register optimizer to flush unassigned registers.
BUG=v8:6379
Review-Url: https://codereview.chromium.org/2894293003
Cr-Commit-Position: refs/heads/master@{#45675}
Execution tests regress-336820 and regress-678917 finished with error
messages "allocation failure GC in old space requested" and "fatal
javascript OOM in CALL_AND_RETRY_LAST". For successful execution,
parameter max_old_space_size must be increased and this is done inside
tests.
TEST=mjsunit/regress/regress-336820,
mjsunit/regress/regress-678917
BUG=
Review-Url: https://codereview.chromium.org/2907363003
Cr-Commit-Position: refs/heads/master@{#45672}
This patch adds ability to connect multiple sessions to a single context group. This is an experimental feature, which is already supported in test harness.
So far covered runtime domain with tests (and found a bug thanks to the test). More tests to follow in next patches, probably with code adjustments as well.
BUG=chromium:590878
Review-Url: https://codereview.chromium.org/2906153002
Cr-Commit-Position: refs/heads/master@{#45667}
Currently x instanceof Map/Set checks cannot take the fast path, since
the Map/Set constructor has dictionary properties. To avoid that, just
forcibly migrate the Map/Set constructor to fast properties again once
it's fully setup in the bootstrapper.
Bug: v8:5717, v8:5902
Change-Id: I23dfd00456c9206a0ca5af71dfbc9236982936fc
Reviewed-on: https://chromium-review.googlesource.com/520578
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45663}
This fixes an issue with ful-codegen where code target entries for the OSR
check were being incorrectly shared. We now explicitly disable sharing of code
target constant pool entries for full-codegen and for calls to builtins from
WASM code, using a scope.
BUG=chromium:725743
Review-Url: https://codereview.chromium.org/2922433002
Cr-Commit-Position: refs/heads/master@{#45661}
This reverts commit ba8a753947.
Reason for revert: A layout test is unhappy:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/16010
Original change's description:
> Reland "[runtime] Pass global proxy as receiver to native accessors in case of contextual access"
>
> Based on past discussions I'm going to try to reland this change. This makes window.document and document behave the same after navigation, which is a change from what the spec says. If this works out though, it would greatly simplify the spec; and fix the fact that currently it's leaking the underlying global object, which we don't want for security and object-identity reasons.
>
> Bug: chromium:713732
> Change-Id: I835ef510fc78f04c602434a7cec6420e027c4012
> Reviewed-on: https://chromium-review.googlesource.com/520764
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Kentaro Hara <haraken@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45654}
TBR=haraken@chromium.org,verwaest@chromium.org
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:713732
Change-Id: Iecde1cd855c21efa73939bbfbff0c26540ee2d98
Reviewed-on: https://chromium-review.googlesource.com/521045
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45659}
Based on past discussions I'm going to try to reland this change. This makes window.document and document behave the same after navigation, which is a change from what the spec says. If this works out though, it would greatly simplify the spec; and fix the fact that currently it's leaking the underlying global object, which we don't want for security and object-identity reasons.
Bug: chromium:713732
Change-Id: I835ef510fc78f04c602434a7cec6420e027c4012
Reviewed-on: https://chromium-review.googlesource.com/520764
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45654}
DebugInfo was very closely tied to break point support:
* It contained only information relevant to break points.
* It was created and freed by break point implementation.
* Existence of a DebugInfo on the shared function info implied existence of
break points.
This CL is a step towards making DebugInfo usable by other debugging
functionality such as block coverage by decoupling it from break point support,
which is now only one kind of information stored on the DebugInfo object.
BUG=v8:6000
Review-Url: https://codereview.chromium.org/2909893002
Cr-Commit-Position: refs/heads/master@{#45640}
Most prototype implementations are not fully supported in the
interpreter. This is the case at least for exception handling, simd, and
atomics. Any function can be redirected to the interpreter though,
either by passing --wasm-interpret-all, or by dynamically redirecting to
the interpreter for debugging.
Making the flags experimental keeps the fuzzer from playing around with
these flags.
Drive-by: Refactor tests which explicitly set the prototype flag to use
a new scope for that.
R=ahaas@chromium.org
BUG=chromium:727584
Change-Id: I67da79f579f1ac93c67189afef40c6524bdd4430
Reviewed-on: https://chromium-review.googlesource.com/519402
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45639}
V8 provides ScriptCompiler::CompileFunctionInContext method which takes expression and compile it as anonymous function like (function() .. expression ..). To produce correct locations for stmts inside of this expression V8 compile this function with negative offset. Instead of stmt position blackboxing use function start position which is negative in described case.
Bug: chromium:705963
Change-Id: I86b113198fb59e77b3bbf523c8cd943e22f8a6ca
Reviewed-on: https://chromium-review.googlesource.com/519384
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45637}
Instead of allocating and embedding certain heap numbers into the code
during code assembly, emit dummies but record the allocation requests.
Later then, in Assembler::GetCode, allocate the heap numbers and patch
the code by replacing the dummies with the actual objects. The
RelocInfos for the embedded objects are already recorded correctly when
emitting the dummies.
R=jarin@chromium.org
BUG=v8:6048
Review-Url: https://codereview.chromium.org/2900683002
Cr-Commit-Position: refs/heads/master@{#45635}
This reverts commit c5aad5f284
The CL was reverted due to missing Chromium dependencies.
This commit removes the simulator trace-based tests, and the associated header file dependencies, previously pulled in by DEPS. The NEON support now has only hand-written tests, in test-assembler-arm64.cc. The remaining tests can be added in a later patch.
BUG=chromium:718439
Original issue's description:
> Reland "ARM64: Add NEON support"
>
> This reverts commit cc047635ff.
> The CL was reverted due to a missing DEPS mirror.
>
> Original issue's description:
> > ARM64: Add NEON support
> >
> > Add assembler, disassembler and simulator support for NEON in the ARM64 backend.
> >
> > BUG=
> >
> > Review-Url: https://codereview.chromium.org/2622643005
> > Cr-Commit-Position: refs/heads/master@{#44306}
>
> BUG=
>
> Review-Url: https://codereview.chromium.org/2812573003
> Cr-Commit-Position: refs/heads/master@{#44652}
Review-Url: https://codereview.chromium.org/2896303003
Cr-Commit-Position: refs/heads/master@{#45633}
In current implementation in expressions like await foo() we have break location right after foo call and before actual await.
And we additionally have a lot of other statement locations because of do scope.
Let's move async debugging closer to sync debugging and introduce only one break location for await - before awaited function call.
Bug: v8:6425,v8:6162
Change-Id: I7568767856022c49101e7f3b7e39a2e401d21644
Reviewed-on: https://chromium-review.googlesource.com/514046
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45625}
Causes crashes on canary if there is a GC and the value makes it onto
the stack.
Bug: chromium:727662
Change-Id: I44fa8cf8a83b43d64418896c0a1f5518401b454f
Reviewed-on: https://chromium-review.googlesource.com/519302
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45623}
- Enable aggressive lazy inner funcs (make non-declaration funcs lazy, ie let f =
function() { ... } when --experimental-preparser-scope-analysis is on.
- Turn on variable tracking for lazy top level functions: this makes their inner
functions skippable.
- Test fix for an testing bug uncovered by this work: when restoring the data
for the relevant scope, don't assume it's the outermost scope for which we
have data.
- Fix: if we abort lazy parsing a function, we shouldn't produce any data for
it.
BUG=v8:5516
Change-Id: I0606fbabb5886dc57dbb53ab5f3fb894ff5d032e
Reviewed-on: https://chromium-review.googlesource.com/518165
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45615}
It's extremely difficult to get right: there have been several bugs
related to this feature, especially when combined with
non-simple parameter lists in arrow functions.
BUG=chromium:727218
Change-Id: I97dfbc57a7650199964c5fe99de69143c8e537c2
Reviewed-on: https://chromium-review.googlesource.com/518145
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45603}
This CL improves break locations for expressions like 'var a = <expr>'. Without CL we use <expr> position as break location for initialization statement, with this CL we use position of first character after '=' as position.
Benefits (see test for details):
- only one break in expressions which includes mix of property lookup and calls, e.g. var p = Promise.resolve().then(x => x * 2),
- removed redundant break location for expressions like: let { x, y } = { x: 1, y: 2}.
TBR=dgozman@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org,marja@chromium.org,kozyatinskiy@chromium.org,devtools-reviews@chromium.org,v8-reviews@googlegroups.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:5909
Change-Id: Ie84fa79afeed09e28cf8478ba610a0cfbfdfc294
Reviewed-on: https://chromium-review.googlesource.com/518116
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45598}
This may happen in KeyedStoreIC when the last store via setter deprecates the receiver map.
Bug: chromium:723366
Change-Id: Iff19e50c3761584401340d276ab4eead111883c3
Reviewed-on: https://chromium-review.googlesource.com/517952
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45592}
This time for the current memory size. This call also used to use the
context object stored in the instance, hence it required the instance
to be set. This is no longer the case, so the DCHECKs can just be
removed.
R=ahaas@chromium.org
BUG=chromium:727222
Change-Id: I72a7e3e80c3beb15ecad00c5be068e803456797e
Reviewed-on: https://chromium-review.googlesource.com/517947
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45587}
This is consistent with C++ memory model and avoids confusion with GC
write barrier.
BUG=
Review-Url: https://codereview.chromium.org/2912773002
Cr-Commit-Position: refs/heads/master@{#45584}
By moving StatsTable from class Isolate to class Counters, it make the
class StatsTable thead safe. This is needed because these two classes
call each other, and for background compilation, instances of the
Counters class can persist longer that the corresponding Isolate it
came from.
It also removes unnecessary hops to the the Isolate, and checks if the
StatsTable has been created, for these communications.
BUG=v8:6361
Review-Url: https://codereview.chromium.org/2906063002
Cr-Commit-Position: refs/heads/master@{#45576}
This widens the range of value output counts to 32 bit on the {Operator}
class. Note that the limit imposed by the parser is 65535 parameters for
each function, but the {Start} node has additional value outputs.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-724153
BUG=chromium:724153
Change-Id: I21b5d947cc2305b255ddbbff6ec1dfa5c02784c7
Reviewed-on: https://chromium-review.googlesource.com/517489
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45573}
For lazy compilation, we encode information about table exports in the
deoptimization data. This information is rebuilt on each instantiation,
so we need to reset it when reusing code objects from another instance.
R=ahaas@chromium.org
BUG=chromium:727219
Change-Id: I90557ef06e692d0a8323223cac26679efcfa408b
Reviewed-on: https://chromium-review.googlesource.com/517945
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45559}
All APIs that can throw exceptions should return Maybe<> values
BUG=none
R=neis@chromium.org,gsathya@chromium.org
Change-Id: I6a6e5888cd71257bb02bdcfcc587c909d0c1d8f4
Reviewed-on: https://chromium-review.googlesource.com/517785
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45557}
Tests should instead be skipped or fixed.
Existing timeout expectations are either optimistically deleted or replaced by the SLOW keyword.
Change-Id: Ic43f52bf18d0702674c95f9263a109041a1c9cd8
Reviewed-on: https://chromium-review.googlesource.com/518122
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45552}
The test OneByteArrayJoin failed on MIPS64 in debug mode after
https://chromium-review.googlesource.com/c/489946/ with error messages
"allocation failure GC in old space requested" and
"Fatal javascript OOM in CALL_AND_RETRY_LAST". Successful test execution
is possible on two ways: with flag --max_old_space_size=7 or with
modification in the test (constraints.set_max_old_space_size(7)).
TEST=cctest/test-strings/OneByteArrayJoin
BUG=
Review-Url: https://codereview.chromium.org/2907803002
Cr-Commit-Position: refs/heads/master@{#45548}
This reverts commit 7a9cc70492.
Reason for revert: Changes layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/15882
This is about:
inspector/sources/debugger/source-frame-inline-breakpoint-decorations.html
Original change's description:
> [inspector] moved var initialization break location before init expression
>
> This CL improves break locations for expressions like 'var a = <expr>'. Without CL we use <expr> position as break location for initialization statement, with this CL we use position of first character after '=' as position.
> Benefits (see test for details):
> - only one break in expressions which includes mix of property lookup and calls, e.g. var p = Promise.resolve().then(x => x * 2),
> - removed redundant break location for expressions like: let { x, y } = { x: 1, y: 2}.
>
> Bug: v8:5909
> Change-Id: I039d911903a2826c9859710a63ab0462c992e11b
> Reviewed-on: https://chromium-review.googlesource.com/513926
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45530}
TBR=dgozman@chromium.org,marja@chromium.org,kozyatinskiy@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:5909
Change-Id: Ibf84401e8050d3c84db219d983de2c6bba0f697f
Reviewed-on: https://chromium-review.googlesource.com/518102
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45547}
... to make AsyncFunction subclassing work.
Bug: chromium:725537
Change-Id: I7edf4891e14e01567046e7536b3aa93877111448
Reviewed-on: https://chromium-review.googlesource.com/517087
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45544}
This CL improves break locations for expressions like 'var a = <expr>'. Without CL we use <expr> position as break location for initialization statement, with this CL we use position of first character after '=' as position.
Benefits (see test for details):
- only one break in expressions which includes mix of property lookup and calls, e.g. var p = Promise.resolve().then(x => x * 2),
- removed redundant break location for expressions like: let { x, y } = { x: 1, y: 2}.
Bug: v8:5909
Change-Id: I039d911903a2826c9859710a63ab0462c992e11b
Reviewed-on: https://chromium-review.googlesource.com/513926
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45530}
- Increase FPUregisters_[] element size to 128b in order to support MSA regs
- Add skeleton for MSA instr. decoding in mips32 and mips64 simulator
- Add support for fill.df, copy_u.df and copy_s.df MSA instructions
- Assembler test for fill.df, copy_u.df and copy_s.df
BUG=
Review-Url: https://codereview.chromium.org/2799923002
Cr-Commit-Position: refs/heads/master@{#45529}
Compilation failure is result to overloaded-virtual warning
treated as error.
BUG=
Review-Url: https://codereview.chromium.org/2895923002
Cr-Commit-Position: refs/heads/master@{#45525}
A few tests that would be good to have to verify that the known manifestations
of this bug are resolved.
Previously, the async generator and async function tests would crash. The other
ones never did, but still resulted in the register overwite bug.
BUG=v8:6322
R=adamk@chromium.org
Change-Id: Ic2238227629077de5671d67d18b3bfe018dd23f4
Reviewed-on: https://chromium-review.googlesource.com/514230
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#45524}
Rather than trying to pre-calculate the number of contexts required during
scope analysis, instead just allocate context registers in the register
allocator. This reduces frame size a bit due to reusing of registers when
the context isn't pushed.
BUG=v8:6322, chromium:716265
Change-Id: I145e38fcb3797a3b86c91e90ea9326a6e55b9b89
Reviewed-on: https://chromium-review.googlesource.com/514087
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45522}
In particular, local variables should be allocated on stack (in bytecode register), and stored/loaded to the generator object on generator suspend/resume.
The CL is based on @adamk's change to scoping/parsers (https://chromium-review.googlesource.com/c/498538/), I only made the debugger cope with this change.
I should note that the CL changes the scope type of suspended generators from ScopeType.Closure to ScopeType.Local. In the future we might want to introduce ScopeType.SuspendedGenerator to make the distinction explicit.
Some of the changes in the tests have been made because the debugger functions do not return scopes of closed generators anymore. Generators should be allowed to throw away their internal state when they finish.
BUG=v8:6368
Review-Url: https://codereview.chromium.org/2898163002
Cr-Commit-Position: refs/heads/master@{#45515}
Add a protector cell for string bounds checks that is being used to
protect speculative bounds for String.prototype.charCodeAt and
String.prototype.charAt in TurboFan (and Crankshaft). This way we don't
have the diamond in optimized code, which stands in the way of other
optimizations for charCodeAt that are currently being worked on by
petermarshall@.
BUG=v8:6391
TBR=mlippautz@chromium.orgR=petermarshall@chromium.org
Review-Url: https://codereview.chromium.org/2905623003
Cr-Commit-Position: refs/heads/master@{#45514}
There are two break locations at the same source location by desugaring:
- call iterator.next,
- before variable assignment.
Additionally location for for..of loops is moved from before "of" to before each variable expression.
We should not report first implicit call to avoid user confusion. User still able to go into .next function with both scenarios:
- when this call is reached by stepOver or stepInto from previous line,
- when this call is reached because of breakpoint at current line.
BUG=v8:6425
R=dgozman@chromium.org,jgruber@chromium.org
Review-Url: https://codereview.chromium.org/2893313002
Cr-Commit-Position: refs/heads/master@{#45509}
Add a sequential string type to the compiler, and transform
charCodeAt on SeqString into SeqStringCharCodeAt.
SeqStringCharCodeAt can handle one and two byte strings.
Bug: v8:6391
Change-Id: I2785257522c28f3b268c9833f5313e9630cb982a
Reviewed-on: https://chromium-review.googlesource.com/509573
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45508}
This avoids emitting redundant {PopContext} bytecode instructions when
non-local control-flow leaves the method body. It also folds multiple
such {PopContext} instructions into one, in case several scoping levels
are crossed at one. Only the expected context of the target of a local
control-flow transfer matters.
R=rmcilroy@chromium.org
TEST=debugger/regress/regress-crbug-724858
BUG=chromium:724858
Change-Id: Id4a47ae9fea25e75ae1af13619720b16a3975edf
Reviewed-on: https://chromium-review.googlesource.com/512545
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45507}
We're now using explicit APIs.
Bug:
Change-Id: I4a4248e44543f6e7dfcbdc66456e610fb98ff5ee
Reviewed-on: https://chromium-review.googlesource.com/513406
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45500}
Perf Sheriffs: This CL may change performance on various benchmarks.
BUG=chromium:716032
Review-Url: https://codereview.chromium.org/2895473003
Cr-Commit-Position: refs/heads/master@{#45495}
A number of improvements in mips64 load immediate macro is added per
suggestions from MIPS ART team. Also fix Subu and Dsubu macro, add a
test for Subu and Dsubu and make minor code adjustments.
BUG=
TEST=cctest/test-assembler-mips/li_macro
cctest/test-assembler-mips/Subu
cctest/test-assembler-mips/Dsubu
Review-Url: https://codereview.chromium.org/2892163002
Cr-Commit-Position: refs/heads/master@{#45493}
Previously the inlining of accessors into try-blocks (i.e. try/catch,
try/finally, for-of, etc.) was disabled in JSNativeContextSpecialization,
which prevented a couple of interesting optimizations, i.e. we end up
with a LOAD_IC in optimized code for this simple example:
class A { get x() { return 1; } }
function foo(a) {
try {
return a.x;
} catch (e) {
return 0;
}
}
foo(new A)
This is now fixed and the accessors are properly rewired into the
handler chain.
BUG=v8:6278,v8:6344,v8:6424
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2902533003
Cr-Commit-Position: refs/heads/master@{#45485}
This makes sure that property lookups on the provided imports object are
non-observable to JavaScript. It allows instantiation failures to fall
back to JavaScript proper without accidentally calling accessors twice.
Also accessors might invalidate previous checks done during linking or
throw exceptions.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-719384
BUG=chromium:719384
Change-Id: I3db2672d2a496110f705d02b82878e70cd5d701f
Reviewed-on: https://chromium-review.googlesource.com/509552
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45481}
Validation normally happens while generating the turbofan graph of a
wasm function. For lazy compilation (behind the flag
--wasm-lazy-compilation), we skip this graph generation step during
module generation. Thus we need to validate explicitely.
R=ahaas@chromium.org
BUG=chromium:724851
Change-Id: Ic70887c0d823460a272d0bb636dc98b2b7a7e55e
Reviewed-on: https://chromium-review.googlesource.com/509574
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45478}
The validation of utf8 strings in WebAssembly modules used the character
kBadChar = 0xFFFD to indicate a validation error. However, this
character can appear in a valid utf8 string. This CL fixes this problem
by duplicating some of the code in {Utf8::CalculateValue} and inlining
it directly into Utf8::Validate. Note that Utf8::Validate is used only
for WebAssembly.
Tests for this change are in the WebAssembly spec tests, which I will
update in a separate CL.
R=vogelheim@chromium.org
Change-Id: I8697b9299f3e98a8eafdf193bff8bdff90efd7dc
Reviewed-on: https://chromium-review.googlesource.com/509534
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45476}
This is to avoid ClusterFuzz picking up and using those calls.
With the proper syntax (no whitespace), they are recognized as runtime
calls and will be checked against a whitelist.
R=mstarzinger@chromium.org
BUG=chromium:724459
Change-Id: I5533f066feeb66f622230b12f79f9d227e2b2465
Reviewed-on: https://chromium-review.googlesource.com/509575
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45475}
If the maximum number of memory pages is raised using
--wasm-max-mem-pages, we might allocate more than kMaxInt bytes for
wasm memory. The byte length is stored as int in JSArrayBuffer, hence
this can lead to failures.
Thus, we now additially check against kMaxInt, and fail instantiation
if this check fails.
Drive-by: Add/fix more bounds checks.
R=ahaas@chromium.org
BUG=chromium:724846
Change-Id: Id8e1a1e13e15f4aa355ab9414b4b950510e5e88a
Reviewed-on: https://chromium-review.googlesource.com/509255
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45465}
This reverts commit bdf70aa0e2.
Reason for revert: Breaks perf testing. Comma missing in json.
Original change's description:
> [Interpreter] Improve handling of a === true / false.
>
> Add support for direct jumping on True/False for strict equals of boolean
> literals. This improves the score for such comparisons by around 75% on
> baseline code, and by around 40x on optimized code for the added performance
> test.
>
> Bug=v8:6403
>
> Change-Id: I81ea16a057e081eb6d159cd64c8e8615f65f9abb
> Reviewed-on: https://chromium-review.googlesource.com/509570
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45450}
TBR=rmcilroy@chromium.org,mythria@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Bug=v8:6403
Change-Id: I12b1868ba22354d056f38fe36e3c1e5fae5aa1b5
Reviewed-on: https://chromium-review.googlesource.com/509577
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45459}
Most of the plumbing is already present in the non-public API. According to
ES2016, Symbols are also accepted in calls to getOwnProperty(), and taking
them is required in Blink for proper record<K,V> WebIDL conversions.
R=jochen@chromium.org,verwaest@chromium.org
Bug: chromium:724481
Change-Id: I0dfe0e57f6d811f04ecbfd8ec0c97e44c9f02c96
Reviewed-on: https://chromium-review.googlesource.com/509611
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Raphael Kubo da Costa (rakuco) <raphael.kubo.da.costa@intel.com>
Cr-Commit-Position: refs/heads/master@{#45454}
Special cases addition expressions where one of the sides is known to be a
string to enable chains of string additions to be transformed into a series
of ToPrimitiveToString operations followed by a single string concatenation
at the end of the chain of additions. This should avoid creating temporary
strings for each of the string additions (in essence this is an automated
string builder).
BUG=v8:6243
Change-Id: I44977d6dad00ee906f251c4bd9cab27e160c09d1
Reviewed-on: https://chromium-review.googlesource.com/493966
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45453}
This makes sure that function imports without a single call site within
the asm.js module are still preserved in the WebAssembly module, hence
preserving intended JavaScript semantics during module instantiation.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-722348
BUG=chromium:722348
Change-Id: I624d0e52b32b864c1e3002187a99a0a63834a4b0
Reviewed-on: https://chromium-review.googlesource.com/509450
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45452}
Add support for direct jumping on True/False for strict equals of boolean
literals. This improves the score for such comparisons by around 75% on
baseline code, and by around 40x on optimized code for the added performance
test.
Bug=v8:6403
Change-Id: I81ea16a057e081eb6d159cd64c8e8615f65f9abb
Reviewed-on: https://chromium-review.googlesource.com/509570
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45450}
Only FullCodegen code ever gets flushed by code flushing. Since we are
deprecating the old pipeline, the added complexity introduced by code
flushing is no longer worth it. This CL removes it (but keeps code aging,
which is used to unlink SFIs from the compilation cache).
BUG=v8:6389,v8:6379,v8:6409
Change-Id: I90de113a101f86dbeaaf0511c61a090ef12aa365
Reviewed-on: https://chromium-review.googlesource.com/507388
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45446}
This adds a bunch of assertions to CSA, mostly about documenting and checking
parameter types.
Drive-by-change: Removed unused function.
BUG=v8:6325
Review-Url: https://codereview.chromium.org/2847923003
Cr-Original-Commit-Position: refs/heads/master@{#45398}
Committed: b14a981496
Review-Url: https://codereview.chromium.org/2847923003
Cr-Commit-Position: refs/heads/master@{#45443}
Currently SIMD integer comparison ops are implemented using Lt/Le, this is
sub-optimal on Intel, because all compares are done using pcmpgt(d/w/b) that
clobber the destination register, and will need additional instructions to
when using Lt/Le as the base implementation. This CL proposes moving to Gt/Ge
as the underlying implementation as this will only require swapping operands
on MIPS and is consistent with x86/ARM instructions.
BUG=v8:6020
R=bbudge@chromium.org, bmeurer@chromium.org, bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2874403002
Cr-Commit-Position: refs/heads/master@{#45440}
Bug:v8:6055
Change-Id: Ifeac048e5bee2d1782cdaaabe9f5257129b7be0e
Reviewed-on: https://chromium-review.googlesource.com/508528
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Loo Rong Jie <loorongjie@gmail.com>
Cr-Commit-Position: refs/heads/master@{#45437}
The WebAssembly code now uses these new APIs to allocate memory with guard
regions. Guarded array buffers are no longer always external, which eliminates
a lot of special cases around WebAssembly memory.
Bug: chromium:720302
Change-Id: I355b74ac30a05a18c8b363bd256d57458742849f
Reviewed-on: https://chromium-review.googlesource.com/505715
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45436}
All targets (at least on sanitizer builds) unconditionally depend
on //build/config/sanitizers:deps.
It is necessary for bug 593874 that all targets now also depend
on //buildtools/third_party/libc++:libcxx_proxy. This requires
adding a new "global dependency": //build/config:exe_and_shlib_deps.
This CL updates references to sanitizers:deps to instead refer to
//build/config:exe_and_shlib_deps.
BUG=chromium:723069
R=bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2894013003
Cr-Commit-Position: refs/heads/master@{#45435}
GeneratorClose is pretty simple, we can handle it in the interpreter.
BUG=v8:6351
Review-Url: https://codereview.chromium.org/2891353002
Cr-Commit-Position: refs/heads/master@{#45434}
This CL enforces passing an AssemblerDebugInfo object to Bind, most convently
acheived by the BIND macro.
Change-Id: I092714f10803f529d01d2fe716b96275b2bee806
Reviewed-on: https://chromium-review.googlesource.com/508729
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45433}
This fixes crashes during validation when trying to construct modules
with excessively large function tables. The {WasmModuleBuilder} now
gracefully checks against existing WebAssembly implementation limits.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-715455
BUG=chromium:715455
Change-Id: Ia9738cb0b49a1eb4caf073b75301c0303f295699
Reviewed-on: https://chromium-review.googlesource.com/509530
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45429}
This adds reporting of linking failures (i.e. module instantiation)
similar to the existing reporting for validation failures. Note that
the messages in question are deterministic and can be tested.
R=clemensh@chromium.org
Change-Id: Ibecebefb86f1d878f626702c05fd0cb21189dc2a
Reviewed-on: https://chromium-review.googlesource.com/507488
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45421}
In a recent CL I moved the corpus of the wasm fuzzer and of the
wasm-asmjs fuzzer to a different directory
(wasm_corpus and wasm_asmjs_corpus) so that the corpus is not executed
on the try-bots. With this CL I remove the old corpus from the
.gitignore file.
In addition I removed the hooks for wasm_corpus and
wasm_asmjs_corpus from the V8 DEPS file, because in a V8 checkout
they are not used anyway.
I also added code to the test runner to delete all *.wasm files
from the directories test/fuzzer/wasm and test/fuzzer/wasm_asmjs.
This code should be removed in a week, but it will help my coworkers
to cleanup their V8 checkout.
R=bradnelson@chromium.orgCC=machenbach@chromium.org
Change-Id: I9fdf9d77b71b133f84f7e744763d65fdf127d624
Reviewed-on: https://chromium-review.googlesource.com/505614
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45417}
This refactoring makes it easier to write advanced tests and
gives full control over what's happening to the test code.
It also forces description for every test.
BUG=none
Review-Url: https://codereview.chromium.org/2891213002
Cr-Commit-Position: refs/heads/master@{#45412}
As per spec, (https://github.com/WebAssembly/design/pull/1068), we
don't have compile/instantiate overloads anymore, instead, we
have explicitly named members.
This change introduces the new APIs, implements instantiateStreaming
based on compileStreaming, and uses the existing embedder mechanism.
It does not yet remove the functionality from compile/instantiate -
we do that after we adopt the new APIs on the blink side.
Also, it temporarily handles exceptions on the v8 side, which is also
something we'll move to the blink side.
Bug:
Change-Id: I77673b1c0d395dfcf13b2f25464fd5dfd99c8d82
Reviewed-on: https://chromium-review.googlesource.com/508852
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45411}
- moved all extensions to inspector_test.cc;
- properly supported multiple context groups and sessions;
- better isolation between components;
- better infrastructure in protocol-test.
BUG=chromium:590878
Review-Url: https://codereview.chromium.org/2890463004
Cr-Commit-Position: refs/heads/master@{#45409}
Split BytecodeGenerator::VisitSuspend into two pieces, one for
building the suspension code and one for resumption (these
are split into separate Build methods for convenience).
Each gets its own RegisterAllocationScope, which allows us to
reduce the register file size of the empty generator by 1.
For consistency, rename VisitGeneratorPrologue() to
BuildGeneratorPrologue() to match the names of the two
newly-created methods.
This relands the patch originally committed in
98927ea51b, as the test failure
due to that change was a code flushing bug. Code flushing was
disabled in de4a4095cf.
R=rmcilroy@chromium.org
Bug: v8:6379
Change-Id: Ifb4deafea99693c0a4e8646cf4e9884c7374cfc6
Reviewed-on: https://chromium-review.googlesource.com/508814
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45406}
This reverts commit ce538f70c1.
Reason for revert: breaks BOM handling (thus breaking Outlook web apps).
Original change's description:
> [parser] Refactor streaming scanner streams.
>
> Unify, simplify logic, reduce UTF8 specific handling.
>
> Intend of this is also to have stream views.
> Stream views can be used concurrently by multiple threads, but
> only one thread may fetch new data from the underlying source.
> This together with unified stream view creation is intended to be
> used for parse tasks.
>
> BUG=v8:6093
>
> Change-Id: Ied8e93090c506d4735080298f0fdaeed32043915
> Reviewed-on: https://chromium-review.googlesource.com/501789
> Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45336}
TBR=marja@chromium.org,vogelheim@chromium.org,jochen@chromium.org,wiktorg@google.com
BUG=v8:6093, chromium:724166
Change-Id: I022a23b8052d20d83a640c07b7864c622548bf90
Reviewed-on: https://chromium-review.googlesource.com/508888
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45404}
This patch adds HeapObject::set_map_after_allocation method that
initializes the map of the object without object layout checks.
All other map setters now check that transitions unsafe for
concurrent marking properly notify the GC.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2885883004
Cr-Commit-Position: refs/heads/master@{#45403}
