This test creates a BigInt object with size more then 250 MB. On certain
test systems, this large memory consumption will cause the test failing.
Therefore, this test will be skipped for MIPS32 architecture.
TEST=mjsunit/harmony/bigint/regressions
BUG=
Change-Id: I21bf86c3e6058818c6db3ed8970c0f1e3873e0a6
Reviewed-on: https://chromium-review.googlesource.com/962381
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51940}
Previously install-sysroot.py relied on gyp. This should be fixed now.
This way, tools/node/fetch_deps.py can also be used to fetch
dependencies when building V8 to run V8 tests from a Node.js checkout.
R=machenbach@chromium.org
Change-Id: Ic4ee425d6ae744c32f604d14fbfdb0554a00c486
Reviewed-on: https://chromium-review.googlesource.com/962421
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51939}
Now, 'queryObjects' takes an optional 'objectGroup' argument,
allowing the frontend to release the response value.
This is important because each call produces a new Array, which
could not be released before.
Bug: chromium:815263
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I18c9a68c4ba45020fce9eea63cb263396a18d498
Reviewed-on: https://chromium-review.googlesource.com/935153
Commit-Queue: Erik Luo <luoe@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51938}
- Update CodeSpecialization::RelocateDirectCalls and ApplyToWholeInstance to take a native module instead
- Use CodeSpecialization on NativeModule::LinkAll
Bug: v8:7539
Change-Id: I71ceb3114e8a0fca71dfa32f0721ef5fb4485eb4
Reviewed-on: https://chromium-review.googlesource.com/959592
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51937}
Annotate global handle with label to identify the context held alive for
debugging in DevTools
Bug: chromium:811842
Change-Id: I24f08b4d01939421ba1b7ec7b03982f00ebbdd1a
Reviewed-on: https://chromium-review.googlesource.com/962788
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51936}
- Add a new bytecode for the ToString operation, replacing the old
intrinsic call (currently does not collect type feedback).
- Add a new AST node to represent TemplateLiterals, and avoid
generating unnecessary ToString operations in some simple cases.
- Use a single feedback slot for each string addition, because the
type feedback should always be the same for each addition
This seems to produce a very slight improvement on JSTests benchmarks
and bench-ruben.js from v8:7415, and it's possible that type feedback
for the ToString bytecode could provide more opportunities to eliminate
the runtime call in TurboFan.
Doesn't touch tagged templates
[esnext] fix OOB read in ASTPrinter::VisistTemplateLiteral
Fixes an error where TemplateLiteral printing in --print-ast
would try to read an element beyond the length of a vector.
BUG=v8:7415, chromium:820596
R=adamk@chromium.org, gsathya@chromum.org, rmcilroy@chromium.org, ishell@chromium.org, bmeurer@chromium.org
Change-Id: Ie56894f73a6445550a5f95f42160c4e29ab1da42
Reviewed-on: https://chromium-review.googlesource.com/958408
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#51933}
This CL is preparation for moving the contents of the WasmContext
directly into the WasmInstanceObject. The moved fields are all untagged
pointers to C++ memory or untagged sizes which will be used in
generated machine code for WASM. They are not currently used, but
they are all set to kHeapObjectTag to make sure they are not
interpreted as tagged by the GC, using a custom object descriptor.
R=mstarzinger@chromium.orgCC=clemensh@chromium.org
Bug: v8:7424
Change-Id: Ie5d5161df32564dcac74c6ff659f1a38ddca3cb0
Reviewed-on: https://chromium-review.googlesource.com/961065
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51932}
This adds support for i32.wrap/i64, i64.extend_s/i32, and
i64.extend_u/i32.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Iaeac1d24a53d044151cb244fffe3eab04314d908
Reviewed-on: https://chromium-review.googlesource.com/962281
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51930}
Now that Array.from() always calls the runtime to set the length if it's
not equal to the current length, don't actually set it on the fast path
since it's unobservable and doesn't change anything.
Also remove check for the array being writable since it's no longer
needed.
Change-Id: I0928d80b445807912fd925f7957c9a76385fc6bc
Reviewed-on: https://chromium-review.googlesource.com/961403
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51929}
This removes the relocation mode and code specialization for table
sizes. These are now stored in the context and not inlined into code.
Bug: v8:7549, v8:7424
R=mstarzinger@chromium.org
Change-Id: I4cec78fdd365cd0c1dab9f5f4b40ffb69f540bda
Reviewed-on: https://chromium-review.googlesource.com/962221
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51926}
This is a partial revert of e583fc836b.
The reasoning here is that the treatment of SpeculativeToNumber[hint]
was not consistent (which led to the original bug that caused the
performance regression): The semantics of the operator is that it turns
its input into a number, and might bailout if the input is too complex
to accomplish that within optimized code. It can use the hint to handle
even fewer cases without the risk of a deoptimization loop. However it
cannot rely on the hint influencing the output, especially not before
SimplifiedLowering ran. The code for the OOB element access however
relied on the hint being enforced, which caused the original bug.
This CL repairs that and instead uses CheckSmi for the OOB element
access guard.
Also-By: tebbi@chromium.org
Bug: chromium:819298, chromium:820729
Change-Id: I9b2170ccf9b5561d698c0108e93e538cac1e708c
Reviewed-on: https://chromium-review.googlesource.com/961066
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51924}
SafeStackFrameIterator used to skip over wasm frames, thus hiding them
for example in the Chrome profiler.
Change-Id: I81b1d73ab0b4fb1886f3300083a9550dc0f55525
Reviewed-on: https://chromium-review.googlesource.com/955697
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51922}
In case of Node.js (and Electron) we are guaranteed to always have only
off-heap typed arrays, indicated by V8_TYPED_ARRAY_MAX_SIZE_IN_HEAP
being 0. So we can leverage this fact in TurboFan to generate more
efficient code, avoiding the offset computation.
Bug: v8:7253
Change-Id: I97db0dfec21c594ff8be0f1d405e828c7ae38c33
Reviewed-on: https://chromium-review.googlesource.com/962243
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51921}
This adds support for i32.reinterpret/f32, i64.reinterpret/f64,
f32.reinterpret/i32, and f64.reinterpret/i64.
On x64, all operations are straight-forward. On ia32, conversions from
or to i64 are done via the stack.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: If5562caf7367726904c6e405ad4fc5436d21144e
Reviewed-on: https://chromium-review.googlesource.com/962224
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51920}
Always use the runtime to set the length on an array if it doesn't match
the expected length after populating it using Array.from.
Bug: chromium:821137
Change-Id: I5a730db58de61ba789040e6dfc815d6067fbae64
Reviewed-on: https://chromium-review.googlesource.com/962222
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51919}
Previously the error was "undefined is not a function". Now it is
"1 is not iterable".
Bug: v8:6522
Change-Id: If338ddefca78fd6a10cc12b26f0dec632900f32b
Reviewed-on: https://chromium-review.googlesource.com/959728
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51918}
During a C call, a previous value of the stack pointer is stored in a
platform specific callee saved register. Loading the out argument of the
C call might overwrite the value in that register, if the destination
register collides with the platform specific register. Hence, do first
use that register to restore the previous stack pointer, and only then
load the out argument.
Similarly, when pushing arguments to the stack, do first push all
values and then set the platform specific register in order to avoid
overwriting an argument value held in that register.
Drive-by: Fix offset computations for parameters pushed to the stack
for c calls.
R=titzer@chromium.org
Bug: chromium:820802,chromium:820896,chromium:820807,v8:6600
Change-Id: If4567467b7912454f0bd2cad5927233c98894b03
Reviewed-on: https://chromium-review.googlesource.com/959064
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51916}
Since f32 and f64 constants are loaded into registers right away, we
never need to spill them as constants later.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I7da91bb995e5127b0a9cb1a12a0fcd6566ed98ff
Reviewed-on: https://chromium-review.googlesource.com/960943
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51915}
Runtime.terminateExecution terminates current or next JavaScript
call. Termination flag is automatically reset as soon as v8 call
or microtasks are completed.
R=pfeldman@chromium.org
Bug: chromium:820640
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie21c123be3a61fe25cf6e04c38a8b6c664622ed7
Reviewed-on: https://chromium-review.googlesource.com/957386
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51912}
While deserializing a BigInt with the --harmony-bigint flag off is
harmless in itself, trying to wrap one as an Object (either during
deserialization of a JSValue or later from user code) requires the
BigInt constructor to be available. Since there's no strong reason
to support deserialization of BigInts without the flag, this patch
simply disallows it, which fixes the problem.
Bug: chromium:820819
Change-Id: I024a4f13715bbe95ee8eb6e1710e8f47ca227644
Reviewed-on: https://chromium-review.googlesource.com/959802
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51911}
Function names are optional in wasm and might not be present for most
functions. Instead of storing an empty name with each function, this
change loads names, if present, on first access of the name.
This also fixes an inconsistency with streaming compilation. Under
streaming compilation, functions are compiled before parsing the name
section. Hence, they always received an empty name. With this change,
assignment of names is typically deferred until the whole module was
parsed.
Bug: chromium:820291
Change-Id: I86d76aa40b7c45897d152725547795c8b6b9b9ba
Reviewed-on: https://chromium-review.googlesource.com/955647
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51909}
This can protect against refactoring bugs when adding fields to an
aggregate-initialized struct.
Change-Id: Id2e9824a1adb8bf5dbdc3775dc59ee9f18c43412
Reviewed-on: https://chromium-review.googlesource.com/960324
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51907}
This allows to enable -Wmissing-field-initializers in a future CL.
Change-Id: I67ac828be97bf4f283e97486981adebaf8e4ebf9
Reviewed-on: https://chromium-review.googlesource.com/957731
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51904}
BuildHoleCheckAndThrow in the bytecode graph builder did not
insert a loop exit; this defeated loop peeling, so we missed
out on performance. This CL inserts the LoopExit in that place,
and inserts two TODOs at places where additional loop exits might
be needed.
Bug: v8:7099
Change-Id: I08c08103cf125d505e37d3aa29a79aaff63a2d61
Reviewed-on: https://chromium-review.googlesource.com/960123
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51903}
When Promise.all is called with something which violates the iterable
contract, the resulting error should be provided by returning a rejected
promise, not by throwing.
Bug: v8:7553
Change-Id: I2769b09b49c9b80ef380419489416fc0fabff51b
Reviewed-on: https://chromium-review.googlesource.com/959599
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51902}
We were attempting to assemble code into the MacroAssembler buffer after
executing it, without resetting the permissions. As a result, tests that
are using START/END multiple times were failing.
Change-Id: Id84c6a07212a869f98edbd33d86ff70ee6c819db
Reviewed-on: https://chromium-review.googlesource.com/939388
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#51901}
Keep track of RelocInfo::Mode for ConstantPoolEntries in the assembler,
so that ARM's constant pool de-duping does not accidentally dedupe
constants with the same value but different reloc modes (e.g. the first
Code object in the builtins table as a CODE_TARGET vs. the builtin table
itself as an EXTERNAL_REFERENCE).
Change-Id: I15fad5b83bb99688726e66e0e290149025c6c059
Reviewed-on: https://chromium-review.googlesource.com/958864
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51900}
Now that wasm code lives in its own native heap, we no longer need to
switch protection for the js code space. Hence, remove a left-over
CodeSpaceMemoryModificationScope.
Change-Id: I80830bc4b0eee672c9e5c7ba0088ffcbc5b2da57
Bug: v8:7549
Reviewed-on: https://chromium-review.googlesource.com/960002
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51899}
This removes the last use of %AppendElement (and the function itself),
which was in the pattern rewriter's code for destructuring assignment
with an array rest pattern. In its place, it introduces a
StoreInArrayLiteral AST node that corresponds to the StoreInArrayLiteral
bytecode (which in turn corresponds to the StoreInArrayLiteral IC).
Change-Id: I1d212407b025cf0919263d119f6f47c88bd9a71e
Reviewed-on: https://chromium-review.googlesource.com/955307
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51898}
Implement instructions for stack operations.
Also, fix some issues that came up after implementing them.
Bug: v8:6600
Change-Id: I83dfe621b123081f9ae4d234605358c9ce81420f
Reviewed-on: https://chromium-review.googlesource.com/956072
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51897}
The IterableToList helper builtin can return the input JSArray unchanged
if the fast-path detection decides that it doesn't need to iterate the
elements, which means we can also get a JSArray with an elements kind
that is not PACKED_ELEMENTS as a result of IterableToList.
Bug: chromium:821159, v8:7310
Change-Id: I93a886e6b7f1e1a58dd05affa46fea7501cc5a81
Reviewed-on: https://chromium-review.googlesource.com/959323
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51893}
