Names passed for imports and exports are checked during decoding,
leading to errors if they are no valid UTF-8. Function names are not
checked during decode, but rather lead to undefined being returned at
runtime if they are not UTF-8.
We need to do these checks on the Wasm side, since the factory
methods assume to get valid UTF-8 strings.
R=titzer@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1967023004
Cr-Commit-Position: refs/heads/master@{#36208}
With this CL it is possible to compile a wasm module with multiple
threads in parallel. Parallel compilation works as follows:
1) The main thread allocates a compilation unit for each wasm function.
2) The main thread spawns WasmCompilationTasks which run on the
background threads.
3.a) The background threads and the main thread pick one compilation unit
at a time and execute the parallel phase of the compilation unit.
After finishing the execution of the parallel phase, the compilation
unit is stored in a result queue.
3.b) If the result queue contains a compilation unit, the main thread
dequeues it and finishes its compilation.
4) After the execution of the parallel phase of all compilation units has
started, the main thread waits for all WasmCompilationTasks to finish.
5) The main thread finalizes the compilation of the module.
I'm going to add some additional tests before committing this CL.
R=titzer@chromium.org, bmeurer@chromium.org, mlippautz@chromium.org, mstarzinger@chromium.org
Committed: https://crrev.com/17215438659d8ff2d7d55f95226bf8a1477ccd79
Cr-Commit-Position: refs/heads/master@{#36178}
Review-Url: https://codereview.chromium.org/1961973002
Cr-Commit-Position: refs/heads/master@{#36207}
Currently we do not check for @@isConcatSpreadable properly. If the Symbol is
set on the Array.prototype or Object.prototype the current fast paths fail.
This CL adds a fix to globally invalidate a isConcatSpreadable_protector.
Drive-by-fix: use named accessors for context variables
LOG=N
BUG=chromium:542504, v8:903
Review-Url: https://codereview.chromium.org/1409123003
Cr-Commit-Position: refs/heads/master@{#36201}
We got the condition wrong and actually deoptimized when the typed array
was not neutered. This fixes the deopt loop in Math.random and actually
many programs that use typed arrays.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1970123002
Cr-Commit-Position: refs/heads/master@{#36194}
Reason for revert:
The ThreadSanitizer finds data races.
Original issue's description:
> [wasm] Implement parallel compilation.
>
> With this CL it is possible to compile a wasm module with multiple
> threads in parallel. Parallel compilation works as follows:
>
> 1) The main thread allocates a compilation unit for each wasm function.
> 2) The main thread spawns WasmCompilationTasks which run on the
> background threads.
> 3.a) The background threads and the main thread pick one compilation unit
> at a time and execute the parallel phase of the compilation unit.
> After finishing the execution of the parallel phase, the compilation
> unit is stored in a result queue.
> 3.b) If the result queue contains a compilation unit, the main thread
> dequeues it and finishes its compilation.
> 4) After the execution of the parallel phase of all compilation units has
> started, the main thread waits for all WasmCompilationTasks to finish.
> 5) The main thread finalizes the compilation of the module.
>
> I'm going to add some additional tests before committing this CL.
>
> R=titzer@chromium.org, bmeurer@chromium.org, mlippautz@chromium.org, mstarzinger@chromium.org
>
> Committed: https://crrev.com/17215438659d8ff2d7d55f95226bf8a1477ccd79
> Cr-Commit-Position: refs/heads/master@{#36178}
TBR=bmeurer@chromium.org,mlippautz@chromium.org,mstarzinger@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/1965243003
Cr-Commit-Position: refs/heads/master@{#36182}
The previous approach taken by FastNew[Sloppy,Strict,Rest]ArgumentsStub
looked at the function slot in order to skip stub frames
and find the JS frame. However, stub frames do not have a
function slot (in fact their fixed frame ends one slot
before the JS frame's function slot). Therefore, if this
location in the stub frame happens to have the function
object the create arguments stubs won't skip this frame
correctly.
Replace this approach with one where the stub is
specialized to either skip a frame if required (since
there will only ever be one extra frame on Ignition
the loop approach isn't necessary).
BUG=v8:4928
LOG=N
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
Review-Url: https://codereview.chromium.org/1949023003
Cr-Commit-Position: refs/heads/master@{#36181}
With this CL it is possible to compile a wasm module with multiple
threads in parallel. Parallel compilation works as follows:
1) The main thread allocates a compilation unit for each wasm function.
2) The main thread spawns WasmCompilationTasks which run on the
background threads.
3.a) The background threads and the main thread pick one compilation unit
at a time and execute the parallel phase of the compilation unit.
After finishing the execution of the parallel phase, the compilation
unit is stored in a result queue.
3.b) If the result queue contains a compilation unit, the main thread
dequeues it and finishes its compilation.
4) After the execution of the parallel phase of all compilation units has
started, the main thread waits for all WasmCompilationTasks to finish.
5) The main thread finalizes the compilation of the module.
I'm going to add some additional tests before committing this CL.
R=titzer@chromium.org, bmeurer@chromium.org, mlippautz@chromium.org, mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/1961973002
Cr-Commit-Position: refs/heads/master@{#36178}
Rather than pushing zero for the initial bytecode offset, we should push the
offset of the first bytecode handler, Smi tagged. This fixes the line number
for the top stack frame on overflow errors.
BUG=v8:4981
LOG=N
Review-Url: https://codereview.chromium.org/1950913004
Cr-Commit-Position: refs/heads/master@{#36137}
In the bytecode graphbuilder, translate the two generator-specific
bytecodes as a couple of runtime calls for now.
BUG=v8:4907
LOG=n
Review-Url: https://codereview.chromium.org/1957393004
Cr-Commit-Position: refs/heads/master@{#36134}
This implements declaration of lookup slots for variables and functions
within optimized code. Such a declaration only appears with top-level
eval code, which we only recently started handling in TurboFan.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1962723002
Cr-Commit-Position: refs/heads/master@{#36125}
The bailout points for named and keyed property loads when doing super
property calls are not being prepared by full-codegen, even though we
are using them in TurboFan for deopts and stack traces.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-4971
BUG=v8:4971
LOG=n
Review-Url: https://codereview.chromium.org/1960083002
Cr-Commit-Position: refs/heads/master@{#36109}
The flag in question used to fall-back to Crankshaft whenever an OSR
request couldn't be handled by TurboFan. By now OSR in TurboFan is
sufficiently stabilized that one single --use-osr flag should do it.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/1960043002
Cr-Commit-Position: refs/heads/master@{#36102}
mjsunit/es6/mirror-collections fails with ignition because dead registers
may hold references to objects. This prevents GC from collecting
otherwise dead objects. Dead registers are not cleared because the cost
of clearing them outweighs its benefits. Hence, modifying this test to
work around this problem.
BUG=v8:4280,v8:4853
LOG=N
Review-Url: https://codereview.chromium.org/1945223002
Cr-Commit-Position: refs/heads/master@{#36098}
Some tests which fail with '--ignition --turbo --turbo-from-bytecode' pass with
just '--ignition'. Unskip these tests. Also group other tests with related
bugs.
BUG=v8:4680
LOG=N
Review-Url: https://codereview.chromium.org/1944413002
Cr-Commit-Position: refs/heads/master@{#36083}
This changes different locations to extract the reference to the wasm
object and the function index from the stack trace, and make it
available through all the APIs which process stack traces.
The javascript CallSite object now has the new methods isWasm(),
getWasmObject() and getWasmFunctionIndex(); the byte offset is
available via getPosition().
Function names of wasm frames should be fully functional with this
commit, position information works reliably for calls, but not for
traps like unreachable or out-of-bounds accesses.
R=titzer@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1909353002
Cr-Commit-Position: refs/heads/master@{#36067}
Scope analysis is over-conservative when treating variable resolutions
as possibly-shadowed by a sloppy eval. In the attached bug, this comes
into play since catch scopes have different behavior with respect to
the "calls eval" in eager vs lazy compilation (in the latter, they
are never marked as "calls eval" because CatchContexts don't have
an associated ScopeInfo).
This patch changes the scope-type check to also eliminate a few other
cases where shadowing isn't possible, such as non-declaration block scopes.
BUG=chromium:608279
LOG=n
Review-Url: https://codereview.chromium.org/1950803002
Cr-Commit-Position: refs/heads/master@{#36046}
Previously, the species protector was invalidated whenever the __proto__ of
an Array instance was manipulated. Then, if the map's new_target_is_base field
remained set, it was correct to conclude that GetPrototypeOf(array) was
%ArrayPrototype%. However, this choice caused the popular D3 framework to
invalidate the species protector, causing many functions to become slower.
This patch eliminates that aspect of the species protector. Instead, the check
is to look at the instance->map()->prototype(). It is valid to look directly
at the map's prototype slot, ignoring hidden prototypes and proxies, because
- This is only called on Array instances, so the receiver cannot be a Proxy.
- For hidden prototypes, any inaccuracy would only result in conservatively
taking the slow path.
Theoretically, this patch could make methods applied to arrays from other
contexts slower. However, the slowdown would only affect a particular array
instance and not have a global spill-over effect. Further, the slowdown could
be addressed by tracking, either in the instance's map or in the actual
prototype object, whether it is a %ArrayPrototype% from any context, in a way
which is cheap to query, and use that rather than comparing to the currently
executing native context.
In interactive testing, this patch led the OnShape CAD system to experience
faster load times (110+s -> 40s).
BUG=chromium:606207
LOG=Y
Review-Url: https://codereview.chromium.org/1936393002
Cr-Commit-Position: refs/heads/master@{#36033}
Unlike previous implementation where the 'continue' keyword was a feature of a return statement the keyword is now recognized as a part of expression. Error reporting was significantly improved.
--harmony-explicit-tailcalls option is now orthogonal to --harmony-tailcalls so we can test both modes at the same time.
This CL also adds %GetExceptionDetails(exception) that fetches hidden |start_pos| and |end_pos| values from the exception object.
BUG=v8:4915
LOG=N
Review-Url: https://codereview.chromium.org/1928203002
Cr-Commit-Position: refs/heads/master@{#36024}
This fixes a bug where returning from a class literal inside
a try-finally didn't restore the context properly when
entering the finally clause.
BUG=v8:4965
LOG=n
Review-Url: https://codereview.chromium.org/1952633002
Cr-Commit-Position: refs/heads/master@{#36021}
The inline allocation sequence in the optimizing compilers cannot deal
well with funky types like JSRegExp, which have some magic fields in
addition to the inobject properties. In Crankshaft we already use the
FastNewObjectStub for %_NewObject in general, so fix TurboFan to the same.
Hopefully one day we can kill %_NewObject completely.
R=jarin@chromium.org
BUG=chromium:609029
LOG=n
Review-Url: https://codereview.chromium.org/1943403004
Cr-Commit-Position: refs/heads/master@{#36006}
Compiler backends get their language mode from the current
function, but should instead be deriving it from the current scope.
This allows proper handling of the always-strictness of class declarations
and expressions, and in particular the treatment of 'eval' calls in an
extends clause as a strict eval.
Also fix the parser's RecordEvalCall logic to only reach out to the
DeclarationScope in sloppy mode, which fixes the strange case of a
sloppy function thinking it contains a sloppy eval when in fact
it contains only a strict eval.
BUG=v8:4970
LOG=n
Review-Url: https://codereview.chromium.org/1931003003
Cr-Commit-Position: refs/heads/master@{#36001}
The problem is actually not related to try-catch, so here is a test
without try-catch.
BUG=chromium:607493
LOG=n
Review-Url: https://codereview.chromium.org/1943883002
Cr-Commit-Position: refs/heads/master@{#35985}
The ECMA 402 implementation previously pushed directly to real
Arrays, which risks having observably incorrect behavior in the
presence of monkey patching. This patch uses InternalArrays instead
to avoid that hazard.
R=jshin@chromium.org,yangguo@chromium.org
BUG=chromium:604299
LOG=N
Review-Url: https://codereview.chromium.org/1923803002
Cr-Commit-Position: refs/heads/master@{#35949}
The compilation pipeline is correctly guarding against accidental
tier-ups by now, the tests in question should no longer fail.
R=yangguo@chromium.org
BUG=v8:4961
LOG=n
Review-Url: https://codereview.chromium.org/1938983002
Cr-Commit-Position: refs/heads/master@{#35934}
This adds ignition to the testing variants that are run on all
bots.
Failing tests can only be skipped with the NO_IGNITION
keyword in status files. Existing expectations for the
ignition_turbofan variant are all duplicated and use the
NO_IGNITION keyword as well now.
BUG=v8:4280
LOG=N
Committed: https://crrev.com/132c09ed619f23fb7c6d26a4e3552c703389eabd
Cr-Commit-Position: refs/heads/master@{#35865}
Review-Url: https://codereview.chromium.org/1804003002
Cr-Commit-Position: refs/heads/master@{#35926}
When exporting `shared-library` in profile log, additionally export a
slide offset. This is required to parse profile logs generated on
systems with ASLR (OS X), otherwise it is impossible to assign C++
symbol names to their addresses in the log.
See: https://github.com/nodejs/node/issues/6466
BUG=
Review-Url: https://codereview.chromium.org/1934453003
Cr-Commit-Position: refs/heads/master@{#35921}
This ensures that the TurboFan pipeline is respecting the flag on the
CompilationInfo controlling whether to use the BytecodeGraphBuilder or
the AstGraphBuilder when ensuring deoptimization support.
R=rmcilroy@chromium.org
BUG=chromium:607871
LOG=n
Review-Url: https://codereview.chromium.org/1934563002
Cr-Commit-Position: refs/heads/master@{#35904}
This prepares for pulling chromium's build as dependency for
gn. After this, the files in build and gypfiles need to stay
in sync until chromium is updated.
BUG=chromium:474921
LOG=n
Review-Url: https://codereview.chromium.org/1848553003
Cr-Commit-Position: refs/heads/master@{#35898}
[wasm] Binary 11: Swap the order of section name / section length.
[wasm] Binary 11: Shorter section names.
[wasm] Binary 11: Add a prefix for function type declarations.
[wasm] Binary 11: Function types encoded as pcount, p*, rcount, r*
[wasm] Fix numeric names for functions.
R=rossberg@chromium.org,jfb@chromium.org,ahaas@chromium.org
BUG=chromium:575167
LOG=Y
Review-Url: https://codereview.chromium.org/1896863003
Cr-Commit-Position: refs/heads/master@{#35897}
[wasm] Binary 11: br_table takes a value.
[wasm] Binary 11: Add implicit blocks to if arms.
[wasm] Binary 11: Add arities to call, return, and breaks
[wasm] Binary 11: Add experimental version.
This CL changes the encoder, decoder, and tests to use a postorder
encoding of the AST, which is more efficient in decode time and
space.
R=bradnelson@chromium.org,rossberg@chromium.org,binji@chromium.org
BUG=chromium:575167
LOG=Y
Review-Url: https://codereview.chromium.org/1830663002
Cr-Commit-Position: refs/heads/master@{#35896}
This adds a dedicated flag for enabling the BytecodeGraphBuilder. The
intention is to be explicit when this variant is being tested and to
avoid unnecessary overhead in production code for a configuration that
is not yet shipping.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/1925123002
Cr-Commit-Position: refs/heads/master@{#35892}
Reason for revert:
[Sheriff] Looks like this breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/6442
Original issue's description:
> Remove more dead code after Object.observe removal
>
> This moves __{define,lookup}{Getter,Setter}__ to builtins.cc to free up the JavaScript implementation of DefineOwnProperty for deletion.
TBR=verwaest@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/1929293002
Cr-Commit-Position: refs/heads/master@{#35886}
These checks ensure that a TypeError is thrown, per spec, rather than
a runtime assert failure.
BUG=v8:4964
R=adamk
LOG=Y
Review-Url: https://codereview.chromium.org/1929123002
Cr-Commit-Position: refs/heads/master@{#35885}
This moves __{define,lookup}{Getter,Setter}__ to builtins.cc to free up the JavaScript implementation of DefineOwnProperty for deletion.
Review-Url: https://codereview.chromium.org/1904313004
Cr-Commit-Position: refs/heads/master@{#35876}
Reason for revert:
Will resubmit with proper fix and more test skips.
Original issue's description:
> [Ignition] Test ignition on all bots.
>
> This adds ignition to the testing variants that are run on all
> bots.
>
> Failing tests can only be skipped with the NO_IGNITION
> keyword in status files. Existing expectations for the
> ignition_turbofan variant are all duplicated and use the
> NO_IGNITION keyword as well now.
>
> BUG=v8:4280
> LOG=N
> NOTRY=true
TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,mythria@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/1930943002
Cr-Commit-Position: refs/heads/master@{#35871}
This adds ignition to the testing variants that are run on all
bots.
Failing tests can only be skipped with the NO_IGNITION
keyword in status files. Existing expectations for the
ignition_turbofan variant are all duplicated and use the
NO_IGNITION keyword as well now.
BUG=v8:4280
LOG=N
NOTRY=true
Review-Url: https://codereview.chromium.org/1804003002
Cr-Commit-Position: refs/heads/master@{#35865}
DevTools uses the debug interrupt to trap on function entry. Without
source position at the stack check, we would get bogus source positions.
R=mstarzinger@chromium.org
BUG=chromium:595646
LOG=N
Review-Url: https://codereview.chromium.org/1925063002
Cr-Commit-Position: refs/heads/master@{#35864}
Return the empty string from StringPad if the filler argument is the empty
string, effectively returning the string unchanged in StringPadStart and
StringPadEnd.
```
"foo".padStart(100000, "") -> "foo"
```
BUG=v8:4957, v8:4954
LOG=N
R=littledan@chromium.org
Review-Url: https://codereview.chromium.org/1926773003
Cr-Commit-Position: refs/heads/master@{#35837}
This is necessary to eventually build a turbofan graph.
BUG=v8:4907
LOG=n
Review URL: https://codereview.chromium.org/1901713003
Cr-Commit-Position: refs/heads/master@{#35820}
This commit introduces IgnitionStatisticsExtension, which provides
methods for accessing Ignition statistics and counters from JavaScript.
The extension is registered when FLAG_ignition and
FLAG_trace_ignition_dispatches are both enabled.
For the moment, the only exposed function is
getIgnitionDispatchCounters(), which allows to retrieve Ignition
dispatch counters as a JavaScript object.
BUG=v8:4899
LOG=N
Review URL: https://codereview.chromium.org/1899133004
Cr-Commit-Position: refs/heads/master@{#35816}
Between the miss and patching, we run user code. That may already patch the same code. IC refactoring broke this (again), so including a regression test this time around.
BUG=chromium:601392
LOG=n
Review URL: https://codereview.chromium.org/1925583002
Cr-Commit-Position: refs/heads/master@{#35811}
This adds a new ignition_turbofan testing variant that'll
allow switching turbofan off in the other ignition variant.
The switch will happen in a follow up after reconfiguring
the bots.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1922623003
Cr-Commit-Position: refs/heads/master@{#35790}
If the target is deprecated, the object will be updated on first store. If the source for that store equals the target, this will invalidate the cached representation of the source. Preventively upgrade the target.
BUG=chromium:604300
LOG=n
Review URL: https://codereview.chromium.org/1905933002
Cr-Commit-Position: refs/heads/master@{#35770}
Fixes a mistake made in r35618 for register OperandSize calculations.
BUG=605470
LOG=N
Review URL: https://codereview.chromium.org/1908033002
Cr-Commit-Position: refs/heads/master@{#35719}
This is a follow-up to 58429beb7b
"Fix KeyedStore stub selection for STRING_WRAPPER_ELEMENTS".
BUG=chromium:602184
LOG=n
Review URL: https://codereview.chromium.org/1912443004
Cr-Commit-Position: refs/heads/master@{#35715}
The feature was deprecated in M49 and flagged off in M50.
This patch removes it entirely from the codebase.
Review URL: https://codereview.chromium.org/1909433003
Cr-Commit-Position: refs/heads/master@{#35714}
Non-vectorized KeyedLoadICs used to remember whether they had seen Names
as keys; Crankshaft uses this information to avoid emitting elements
accesses which would always deopt. This CL restores that functionality
for vector ICs.
BUG=chromium:594183
LOG=y
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1912593002
Cr-Commit-Position: refs/heads/master@{#35706}
Our previous over-conservative answer caused us to emit hole checks in
full-codegen when eagerly parsing but not when lazily parsing.
With this patch, we use the positions of the BinaryOperations making up
the parameter list (which are the positions of the commas) to determine
the appropriate "end position" for each parameter's initializer. This means
that we get accurate-enough positions for the initializers in the eager
parsing step to get the same answers for hole-check-elimination that we
will later during ParseLazy.
In the included test case, for example:
(function() { ((s = 17, y = s) => s)(); } )();
^2 ^1
The old code would generate a hole check when trying to load
|s| for assignment to |y| (because it treated the closing parentheses
pointed to by "^1" as the "initialization position" of |s|).
The new code uses the comma pointed to by "^2" as the initialization
position of |s|. Since that occurs textually before the load of |s|,
full-codegen knows it can avoid the hole check.
BUG=v8:4908
LOG=n
Review URL: https://codereview.chromium.org/1900343002
Cr-Commit-Position: refs/heads/master@{#35678}
