This fixes a long-standing TODO to only make a copy of a module's
wire bytes if the input is a SharedArrayBuffer and also fixes the
concurrent-modification bug for synchronous validation.
R=clemensh@chromium.org
BUG=chromium:794091
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I8d2f20a9aeedbc306434853f8f6cfc070a24cf97
Reviewed-on: https://chromium-review.googlesource.com/856559
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50472}
This reverts commit 8fbc6a05c1.
Reason for revert: https://crbug.com/800356
Original change's description:
> Optimize TypedArraySpeciesCreate using SpeciesProtector of Array
>
> If there is no constructor or species updates on Array or TypedArrays,
> then skip lookups of constructor and species so that we can create a new
> typed array quickly. This path makes TA.p.slice() 4x faster in fast
> cases.
>
> Bug: v8:7161
> Change-Id: Ib8d2a3f6b8b5ed356c5822a814164166d1285f64
> Reviewed-on: https://chromium-review.googlesource.com/828343
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50423}
TBR=jkummerow@chromium.org,jgruber@chromium.org,ishell@chromium.org,bmeurer@chromium.org,cwhan.tunz@gmail.com
Change-Id: Icca07564d2a83710852eb797bac25f1d5600696e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7161
Reviewed-on: https://chromium-review.googlesource.com/859156
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50470}
The types of the arguments length was wrong because it didn't include
the case of SMI_PARAMETERS. Fixing this by reverting to untyped nodes.
Bug:
Change-Id: Iebc2f1f4530f4f04418a0e200b7bb46938cb456f
Reviewed-on: https://chromium-review.googlesource.com/856981
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50466}
Port 2a50797d40
Original Commit Message:
This CL introduces a Context::kInvalidContext sentinel value to make clear that
no context is active. We silently accept smi 0 (= nullptr) as a non-set context
which usually was the default value making it hard to ensure whether this
happened on purpose or not.
R=cbruni@chromium.org, joransiu@ca.ibm.com, bjaideep@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: If907db07b6e84696e3f9c1df937ed75bac54a987
Reviewed-on: https://chromium-review.googlesource.com/857587
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#50465}
As they're now equal, simplify some TF opcodes by restoring jssp from csp on
stack pointer switch. Also, remove some direct references to jssp.
Bug: v8:6644
Change-Id: I20ee54fc0d536809a0aa72def43337f83cc91685
Reviewed-on: https://chromium-review.googlesource.com/857457
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50462}
Inlining the EnqueueMicrotask logic into the various uses blows up the
snapshot size significantly. So instead of doing that we just turn the
operation into a dedicated builtin that we call from the various uses.
This still avoids the runtime function call overhead and maintains the
fast path without write barriers for the common case of the microtask
queue fitting into new space.
This also moves back the microtask helper CSA functions to the
specialized assembler.
Bug: v8:7253, chromium:799563
Change-Id: I2d24d0e5c01e442c5ad7f5d4373fbc6e94351ac5
Reviewed-on: https://chromium-review.googlesource.com/856618
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50461}
This is used in chromium for html attribute event handlers.
See blink layout test fast/events/event-function-toString.html
Bug: v8:4958
Change-Id: Ib3d88af834bbb62b4ccd4683eda743d92064b075
Reviewed-on: https://chromium-review.googlesource.com/837641
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50460}
--fuzzer-gc-analysis prints allocations count without need for
predictable mode.
--random_gc_interval is similar to --gc-interval with 2 differences:
1) Causes gc every random(0, X) allocations instead of constant X.
2) Doesn't update the allocation timeout when there is a GC for
different reason than timeout equals to 0.
Bug: v8:6972
Change-Id: I07ad935fc264a61069255c7358b4fcbe42bfb17a
Reviewed-on: https://chromium-review.googlesource.com/815214
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50456}
This reverts commit bf4cc9ee15.
Reason for revert: Breaks windows with msvc and linux with gcc
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/841https://build.chromium.org/p/client.v8/builders/V8%20Linux%20gcc%204.8/builds/17265
Original change's description:
> [esnext] load `iterator.next` only once at beginning of iteration
>
> https://github.com/tc39/ecma262/pull/988 gained concensus during the
> september 2017 TC39 meetings. This moves the load of the "next" method
> to the very beginning of the iteration protocol, rather than during
> each iteration step.
>
> This impacts:
>
> - yield*
> - for-of loops
> - spread arguments
> - array spreads
>
> In the v8 implementation, this also affects async iteration versions of
> these things (the sole exception being the Async-From-Sync iterator,
> which requires a few more changes to work with this, likely done in a
> followup patch).
>
> This change introduces a new AST node, ResolvedProperty, which can be used
> as a callee by Call nodes to produce the same bytecode as Property calls,
> without observably re-loading the property. This is used in several
> AST-desugarings involving the iteration protocol.
>
> BUG=v8:6861, v8:5699
> R=rmcilroy@chromium.org, neis@chromium.org, adamk@chromium.org
>
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ib81106a0182687fc5efea0bc32302ad06376773b
> Reviewed-on: https://chromium-review.googlesource.com/687997
> Commit-Queue: Caitlin Potter <caitp@igalia.com>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50452}
TBR=rmcilroy@chromium.org,adamk@chromium.org,neis@chromium.org,caitp@igalia.com,caitp@chromium.org
Change-Id: I1797c0d596dfd6850d6f0f505f591a7a990dd1f1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6861, v8:5699
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/857616
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50454}
--stress-marking and --stress-scavenge flags with the value
greater than 0 enable additional tracking, allocation observers etc.
--fuzzer-analysis switches --stress-* flags into analysis mode,
which means that all allocation observers and additional checks
are still executed, but GC is not influenced by them. It also
provides analysis information needed by the fuzzer on the stdout.
Bug: v8:6972
Change-Id: I5ac45adb311441d57d5b951aeec036e689930e9f
Reviewed-on: https://chromium-review.googlesource.com/814536
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#50453}
https://github.com/tc39/ecma262/pull/988 gained concensus during the
september 2017 TC39 meetings. This moves the load of the "next" method
to the very beginning of the iteration protocol, rather than during
each iteration step.
This impacts:
- yield*
- for-of loops
- spread arguments
- array spreads
In the v8 implementation, this also affects async iteration versions of
these things (the sole exception being the Async-From-Sync iterator,
which requires a few more changes to work with this, likely done in a
followup patch).
This change introduces a new AST node, ResolvedProperty, which can be used
as a callee by Call nodes to produce the same bytecode as Property calls,
without observably re-loading the property. This is used in several
AST-desugarings involving the iteration protocol.
BUG=v8:6861, v8:5699
R=rmcilroy@chromium.org, neis@chromium.org, adamk@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ib81106a0182687fc5efea0bc32302ad06376773b
Reviewed-on: https://chromium-review.googlesource.com/687997
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50452}
This switches the source positions consumed by {WasmFunctionBuilder} to
have type {size_t} instead of {int}. All checks for accidental loss due
to overflow in static casts can now be moved into one place.
R=clemensh@chromium.org
Change-Id: Id0b0da5fe799eac794c9d610c4c4c9a72a587b3f
Reviewed-on: https://chromium-review.googlesource.com/857196
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50449}
In Liftoff, we want to trace the cache state basically before or after
processing each instruction. Instead of duplicating this code
everywhere, introduce a new interface method {NextInstruction}, which
is called before each instruction.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Iea61738d200076690a8440a75a2fd90018efa43b
Reviewed-on: https://chromium-review.googlesource.com/852457
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50447}
This is a reland of f22156bf37.
Original change's description:
> [Liftoff] Rename kConstant to kI32Const
>
> This makes it more clear that we only store i32 values as constants in
> the cache state.
>
> R=ahaas@chromium.org
>
> Bug: v8:6600
> Change-Id: I3022e963e864c9c533cbb673bd8502481389799b
> Reviewed-on: https://chromium-review.googlesource.com/853870
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50437}
Bug: v8:6600
Change-Id: I4c28f379eab525a0c86866c39b2e6b55f7c5ab1a
Reviewed-on: https://chromium-review.googlesource.com/857017
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50446}
We were trying to disassemble the whole body of a function, including
safepoints and the constant pool. This lead to DCHECK errors on mips.
This CL fixes that, and adds printing of source positions.
It also fixes the output of instructions size to only contain the
instructions for both on-the-heap and off-the-heap code.
R=titzer@chromium.org
Bug: chromium:800233
Change-Id: Idb15a779680af7997eb78aea2a329189b684d53e
Reviewed-on: https://chromium-review.googlesource.com/856458
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50444}
Loop headers contain a stack check in wasm, hence an exception can be
thrown at the position of the loop instruction. This means that for
asm.js, we need to store a source position for each loop instruction.
R=mstarzinger@chromium.org
Bug: chromium:799690
Change-Id: I129abef11461992e2f10af8e6afc28ce1cf83341
Reviewed-on: https://chromium-review.googlesource.com/856338
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50443}
In d8 a script is executed in a RealmScope. However, all micro task
which are created by the script are not executed within the RealmScope
at the moment. With this CL I move the execution of the micro task into
the RealmScope.
I thought about creating a new RealmScope for the micro tasks, but
(1) It did not fix the crashing repro;
(2) It seems wrong that the micro tasks are executed in a different
realm than the script;
Therefore I just moved the execution of the micro tasks into the
RealmScope of the script.
Thereby I moved the execution tasks also into the Context::Scope of the
script. The problem is that the Context::Scope surrounds the RealmScope,
and when I to open the RealmScope before the Context::Scope, not even
the execution of the script works anymore.
R=yangguo@chromium.org
Bug: chromium:797846
Change-Id: If152af282beec8f0b0564dcc9682fee8588e142c
Reviewed-on: https://chromium-review.googlesource.com/856497
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50442}
This adds support for i32.eqz, i32.clz, and i32.ctz.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I0dd7c14cf98b68463edae7de3ced9a9d1f82de44
Reviewed-on: https://chromium-review.googlesource.com/852456
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50441}
- Remove unused deoptimization reasons.
- Replace most uses of kNoReason with an actual reason (some are new).
- Rename kNoReason to kUnknown.
Bug:
Change-Id: Ia8df54fca0f0f4885ef0c3523ce8f67b557a635d
Reviewed-on: https://chromium-review.googlesource.com/839421
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50440}
This reverts commit f22156bf37.
Reason for revert: Lots of compile errors. Try bots sloppy??
Original change's description:
> [Liftoff] Rename kConstant to kI32Const
>
> This makes it more clear that we only store i32 values as constants in
> the cache state.
>
> R=ahaas@chromium.org
>
> Bug: v8:6600
> Change-Id: I3022e963e864c9c533cbb673bd8502481389799b
> Reviewed-on: https://chromium-review.googlesource.com/853870
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50437}
TBR=ahaas@chromium.org,clemensh@chromium.org
Change-Id: I6e224d4aa03ff18d6d55e9f8d4726fac711c7665
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6600
Reviewed-on: https://chromium-review.googlesource.com/857016
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50438}
This makes it more clear that we only store i32 values as constants in
the cache state.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I3022e963e864c9c533cbb673bd8502481389799b
Reviewed-on: https://chromium-review.googlesource.com/853870
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50437}
The checked node and used node were mismatched. It checked if
"var_unique" is a string, but it used "key" which may not be a string.
Bug: v8:4911, v8:7161, chromium:800077
Change-Id: Ia2aee8b77ac33500430365a4800bf9cca40a28fc
Reviewed-on: https://chromium-review.googlesource.com/855138
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50435}
This CL simply moves the implementation classes for WASM native
module serialization into the CC file and simplifies them a bit.
R=mstarzinger@chromium.org
Bug:
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id560d2c35eb12bdd461f5d80cb5211a2f4f51684
Reviewed-on: https://chromium-review.googlesource.com/856677
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50434}
In collaboration with Qingyan Li <qingyan.liqy@alibaba-inc.com>.
R=jgruber@chromium.org, mlippautz@chromium.org
Bug: v8:7249
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I87f62103ec5b31de274fa22ad275f1c1bcb3ed86
Reviewed-on: https://chromium-review.googlesource.com/846750
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50433}
There were two separate bugs here. First, a signed/unsigned mismatch
where we took the result of PositiveNumberToUint32 and treated it as a
signed int. Second, AdvanceStringIndex did not handle large input
values correctly.
Both are fixed by using uint64_t consistently.
Bug: chromium:799813, v8:7258
Change-Id: If2819f87986d0ca732bc24df290f6dc7614083e8
Reviewed-on: https://chromium-review.googlesource.com/854272
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50432}
Instead of calling Abort, which was failing when trying to read its
string argument as a Smi.
Change-Id: I008b8620cbb7df2a56fc5c5ea42f4d573b159f76
Reviewed-on: https://chromium-review.googlesource.com/856778
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50431}
This adds support for if blocks to Liftoff.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Iac7f3ec6526e1259b447ab6ec794a8a1c7ae05c3
Reviewed-on: https://chromium-review.googlesource.com/853501
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50430}
Temporary workaround to avoid the same variant name for multiple
variants of the same test.
Bug: v8:6917
Change-Id: I9a25dcaf81d35da0dc2617c089cb4811c2a958cb
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/852833
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50428}
This adds support for direct calls in Liftoff.
Drive-by: Fix / extend two tests for calls which were helpful for
developing this CL.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I20a98d9dd330da9a020c8c9b5c10b04e94af684d
Reviewed-on: https://chromium-review.googlesource.com/847579
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50427}
This ensures that there is only one entrance point from C++ to
generated code, hence only one method has to be excluded from CFI.
It also introduces type safety by only allowing the code to be called
with the right arguments.
This CL includes minor drive-by fixes in the tests, like removing
unused dummy variables.
R=mstarzinger@chromium.org
Bug: v8:7182
Change-Id: Ied9164a2497db9e7c032324c5e082094fdffc72d
Reviewed-on: https://chromium-review.googlesource.com/852213
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50426}
Store protected instruction info needed for the wasm trap handler.
This code will be used and covered by existing tests once we add support
for if-constructs to Liftoff.
R=titzer@chromium.orgCC=eholk@chromium.org
Bug: v8:6600, v8:5277
Change-Id: I508b0ab8572ef8b5c7943564714fcec7e9eb8e3b
Reviewed-on: https://chromium-review.googlesource.com/853497
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50425}