Since we don't support gcc 2.96-4.0 any more, we can generalize the
V8_INFINITY macro to always use std::numeric_limits<double>::infinity().
This also makes value constexpr on all systems.
R=tebbi@chromium.org
Change-Id: Ifa97dd2ee6d2c1e179c45f60a82d1ea8481e0590
Reviewed-on: https://chromium-review.googlesource.com/725733
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48694}
These tests are currently failing on TSAN bot with OOM when running
with the stress-incremental-marking flag.
Bug: v8:6924
Change-Id: I50b9a7142b2e8759f4bc327516f8c06ce1779777
Reviewed-on: https://chromium-review.googlesource.com/723427
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48693}
A followup CL will move feedback slot allocation to the bytecode generator,
which means it won't be done for asm_wasm code and the function will have an
incorrect vector spec. Since asm_wasm doesn't use a feedback vector, just
prevent it from being allocated for this code.
BUG=v8:6921
Change-Id: I65a06f60bd75b54e5ef0df323184aad841e26177
Reviewed-on: https://chromium-review.googlesource.com/725703
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48692}
This reverts commit e737b4ce0d.
Reason for revert: On windows, V8_INFINITY is not constexpr
Original change's description:
> [test] Avoid unnecessary std::vector allocations
>
> Instead of copying an array of fixed values into an std::vector for
> each usage of the FOR_INPUTS macro, just iterate the constant data
> directly.
> This also makes the <type>_vector() functions return {constexpr Vector}
> instead of {std::vector}.
>
> R=tebbi@chromium.org
>
> Change-Id: Ifc3e5509b2fbf5e383c967c2f46acf2b07f7b5b4
> Reviewed-on: https://chromium-review.googlesource.com/725427
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48688}
TBR=clemensh@chromium.org,tebbi@chromium.org
Change-Id: Iccb52941d4efe71b49b41572c3d922a5d78bdfd2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/725899
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48691}
We didn't correctly maintain the effect chain between the load of
the map and the load of the instance type from the map.
Bug: v8:6929
Change-Id: I970709fe74483c5cdef3d0cea36bb9e1dc98b40e
Reviewed-on: https://chromium-review.googlesource.com/725424
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48690}
TurboFan expects the offset input of a Load or Store node to be a
pointer-size input, i.e. an int32 input on 32-bit platforms, and int64
on 64-bit platforms. In WebAssembly we always provided 32-bit offset
though, which caused problems when the high word of the register which
contained the offset was not empty.
With this CL we change the offset input to int64 on 64-bit platforms.
In addition we also change the type of the memory_size_ node to int64,
so that that we do not have to adjust the type of the memory size at
every memory load.
This CL will cause performance regressions but is necessary for
correctness and to avoid crashes.
R=titzer@chromium.org
Bug: chromium:766666
Change-Id: I5301e108d05e125258d2a06d500c1b75e91697b8
Reviewed-on: https://chromium-review.googlesource.com/723379
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48689}
Instead of copying an array of fixed values into an std::vector for
each usage of the FOR_INPUTS macro, just iterate the constant data
directly.
This also makes the <type>_vector() functions return {constexpr Vector}
instead of {std::vector}.
R=tebbi@chromium.org
Change-Id: Ifc3e5509b2fbf5e383c967c2f46acf2b07f7b5b4
Reviewed-on: https://chromium-review.googlesource.com/725427
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48688}
The test does not take into account that Turbofan can force completion
of in-object slack tracking.
Bug:
Change-Id: Ic7404e8395858acaf707e65ca4b17e6b7f776594
Reviewed-on: https://chromium-review.googlesource.com/723464
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48687}
kByteLengthOffset is actually at the start of the object, so to avoid
confusion, put the accessor declarations in the same order as the
actual fields.
Change-Id: Ic92e597911235ccf126cf934151a0886e5d2a6f6
Reviewed-on: https://chromium-review.googlesource.com/725325
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48686}
Add a SlotAddress macro assembler function to abstract obtaining the address of
an sp-relative double word slot. Then, merge some stack accesses in builtins,
generally changing from push to claim and poke.
Bug: v8:6644
Change-Id: Id7a9f6e276a038fbffd8e2bbaa21f51855f057f1
Reviewed-on: https://chromium-review.googlesource.com/723465
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48685}
Now that {DeoptimizationOutputData} does not exists anymore we can
rename {DeoptimizationInputData} to just {DeoptimizationData}.
R=jarin@chromium.org
Change-Id: Ib67967539d33714cc15e5d5b6dde522a9ede64b2
Reviewed-on: https://chromium-review.googlesource.com/725349
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48684}
Analog to other interceptors, intercept the DefineProperty
call only after obtaining the property descriptor.
This behavior allows us to mirror calls on a sandboxed object
as it is needed in Node. See for example
https://github.com/nodejs/node/pull/13265
Bug:
Change-Id: I73b8f8908d13473939b37fb6727858d0bee6bda3
Reviewed-on: https://chromium-review.googlesource.com/725295
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48683}
A while ago, CharacterRange::AddCaseEquivalents used to operate on a
single range (the `this` value) and add case equivalents for that to
`ranges`.
This was changed in a2baaaac to use `ranges` as a list of incoming
operands instead. When we now determine that the current range does not
have case equivalents, we need to `continue` instead of `return` to
avoid skipping the remaining ranges in the list.
Bug: v8:6940
Change-Id: I9face88a2ef8b9408f177e503f3399a25e688e06
Reviewed-on: https://chromium-review.googlesource.com/725430
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48682}
We never read this pointer, and it could cause crashes when the GC
inspects it.
Bug: v8:6956
Change-Id: Ib493c2f0418de3e89975fd1f5a7e86cc66868ec7
Reviewed-on: https://chromium-review.googlesource.com/725331
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48681}
This makes sure that the lowering of {JSCreate} operator during create
lowering is only applied to operations where both target and new.target
are known to be constructors.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-768080
BUG=chromium:774780,chromium:768080
Change-Id: I55a582a3453bba7e14655b594b7714a3940eeaae
Reviewed-on: https://chromium-review.googlesource.com/725332
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48680}
This allocates and populates potential exception handler tables before
the underlying {Code} objects is allocated. It essentially makes the
field holding said table immutable after allocation.
R=verwaest@chromium.org
BUG=v8:6792
Change-Id: I52ca374d40e3a72a4de022aca10faead6422db79
Reviewed-on: https://chromium-review.googlesource.com/723299
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48677}
The interface will now only be called for reachable code, hence the
check in the graph builder is not needed any more. We DCHECK instead.
R=titzer@chromium.org
Change-Id: I24ef96d62d6a5cda18d9efefcbd089d5f324f624
Reviewed-on: https://chromium-review.googlesource.com/716176
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48675}
All effectful nodes should be wired into the effect chain.
Bug: v8:6929
Change-Id: I8a0b4148bb65628657df8019434a33a85127e92a
Reviewed-on: https://chromium-review.googlesource.com/723359
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48674}
They did not preserve the bit pattern of nans before. Now they do.
Also, add some tests for these instructions.
R=ahaas@chromium.org, rodolph.perfetta@arm.com
Bug: v8:6947
Change-Id: I189720cd47e1768194567a41371fc9586b414c45
Reviewed-on: https://chromium-review.googlesource.com/722979
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48672}
The DoubleToI stub is no longer called outside of TurboFan, and always in the
same way:
- The parameter is on top of the stack.
- The stub is always called in a slow path.
- It truncates.
Therefore, we can simplify it to only support this case and remove dead
code.
On top of this, since the stub is always considered to be on a slow path for all
backends, this patch takes the opportunity to remove the `skip_fastpath`
optimisation. This would generate a stub which does not handle all inputs,
assuming that the backend already handled some of the inputs in a fast
path. Removing this allows the stub to have the same behaviour on all targets.
On Arm, this patch reworks the stub a little. We could use ip instead of saving
and restoring a register on the stack. Also, comments would mention that we
assume the exponent to be greater than 31 when the it can be 30 or higher. As
done for Arm64, let's check this at runtime in debug mode.
On Arm64, we can also implement the stub without pushing and poping off the
stack. It needs 2 general purpose and a double scratch registers which we have
reserved already (ip0, ip1 and d30). This removes the need to check that the
stack pointer is always 16-bytes aligned.
Finally, this also fixes a potential bug on Arm64, in the
`GetAllocatableRegisterThatIsNotOneOf` method which is now removed. We were
picking an allocatable double register when we meant to pick a general one.
Bug: v8:6644
Change-Id: I88d4597f377c9fc05432d5922a0d7129b6d19b47
Reviewed-on: https://chromium-review.googlesource.com/720963
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#48671}
This CL fixes all occurences that don't require special OWNER reviews,
or can be reviewed by Michi.
After this one, we should be able to reenable the readability/check
cpplint check.
R=mstarzinger@chromium.org
Bug: v8:6837, v8:6921
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ic81d68d5534eaa795b7197fed5c41ed158361d62
Reviewed-on: https://chromium-review.googlesource.com/721120
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48670}
The test was reading from undefined stack addresses instead of creating
a string filled with characters that look like a new space pointer.
Bug: v8:6953
Change-Id: I2c0a9034076012746bd70325a4f21c63f4c264fa
Reviewed-on: https://chromium-review.googlesource.com/725322
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48668}
Removes the interrupt check and runtime call to TryInstallOptimizedCode
from the optimization marker checks (i.e. CompileLazy and
InterpreterEntryTrampoline). Instead, we rely on the other interrupt
sources (in particular stack checks at function entries and loop
headers) to install optimized code for us.
This will hopefully not cause regressions, as we have plenty of other
interrupt checks, but it may delay optimized code execution for
some function by one function call.
Bug: v8:6933
Change-Id: Ieadfff7ae2078d2a84085294158ad9a706eb9c64
Reviewed-on: https://chromium-review.googlesource.com/723475
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48667}
This reverts commit 4054cf278f.
Reason for revert: Just exposes existing issues.
Original change's description:
> Revert "[test] Fix win-asan symbolizer path"
>
> This reverts commit 135576ffb6.
>
> Reason for revert: V8 Win32 ASAN failures: https://build.chromium.org/p/client.v8/builders/V8%20Win32%20ASAN/builds/73
>
> It appears these failures were lurking there already, but were hidden because of the bug this CL fixed. Opened https://crbug.com/v8/6953 about these issues.
>
> Original change's description:
> > [test] Fix win-asan symbolizer path
> >
> > This makes the symbolizer path relative, as the absolute paths contain
> > a drive letter + colon on windows. The colon is confused by the
> > sanitizer as an option separator.
> >
> > The test driver changes the cwd to the V8 root dir in each
> > invocation.
> >
> > Bug: chromium:726584
> > Change-Id: Icf4e5a55bba5dec8e59a3dfe3eccdf7224e65c33
> > Reviewed-on: https://chromium-review.googlesource.com/721124
> > Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48652}
>
> TBR=glider@chromium.org,rnk@chromium.org,machenbach@chromium.org,sergiyb@chromium.org,etienneb@chromium.org
>
> Change-Id: Ic78527950f6a239a03658e042d7244c9781d05db
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: chromium:726584
> Reviewed-on: https://chromium-review.googlesource.com/723825
> Reviewed-by: Eric Holk <eholk@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48653}
TBR=glider@chromium.org,rnk@chromium.org,machenbach@chromium.org,eholk@chromium.org,sergiyb@chromium.org,etienneb@chromium.org
Change-Id: I8ea3b1d74ece09bed4758522f51cbee56a7792e1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:726584
Reviewed-on: https://chromium-review.googlesource.com/725319
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48662}
This fixes https://bugs.chromium.org/p/chromium/issues/detail?id=773954.
The issue was that in the EffectControlLinearizer, the effect input of an
{Unreachable} node was not updated, leaving a {Checkpoint} behind.
This is a reland of 4cf476458f
Original change's description:
> Reland^3 "[turbofan] eagerly prune None types and deadness from the graph"
>
> This fixes the issues
> https://bugs.chromium.org/p/chromium/issues/detail?id=772873
> and https://bugs.chromium.org/p/chromium/issues/detail?id=772872.
>
> One problem was that mutating an effect node into Unreachable confused
> the LoadElimination sidetables, so I just always create a new node now.
>
> The other problem was that UpdateBlockControl() was executed after
> UpdateEffectPhi() in the lazy case. This reverted the update to the Merge input.
> So now I make sure that UpdateEffectPhi() is always executed last.
>
> This is a reland of 6ddb5e7da7
> Original change's description:
> > Reland^2 "[turbofan] eagerly prune None types and deadness from the graph"
> >
> > Now, the EffectControlLinearizer connects all occurrences of Unreachable to the
> > graph end. This fixes issues with later phases running DeadCodeElimination and
> > introducing new DeadValue nodes when processing uses of Unreachable.
> >
> > This is a reland of 3c4bc27f13
> > Original change's description:
> > > Reland "[turbofan] eagerly prune None types and deadness from the graph"
> > >
> > > This is a reland of e1cdda2512
> > > Original change's description:
> > > > [turbofan] eagerly prune None types and deadness from the graph
> > > >
> > > > In addition to using the {Dead} node to prune dead control nodes and nodes that
> > > > depend on them, we introduce a {DeadValue} node representing an impossible value
> > > > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > > > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > > > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > > > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > > > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > > > of a node with type {None} as dead.
> > > >
> > > > Bug: chromium:741225
> > > > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > > > Reviewed-on: https://chromium-review.googlesource.com/641250
> > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#48208}
> > >
> > > Bug: chromium:741225
> > > Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> > > Reviewed-on: https://chromium-review.googlesource.com/692034
> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#48232}
> >
> > Bug: chromium:741225
> > Change-Id: I5702ec34856c075717162153adc765774453c45f
> > Reviewed-on: https://chromium-review.googlesource.com/702264
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48366}
>
> Bug: chromium:741225
> Change-Id: I4054a694d2521c2e1f0c4a3ad0f3cf100b5c536f
> Reviewed-on: https://chromium-review.googlesource.com/709214
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48469}
Bug: chromium:741225
Change-Id: Id9d4f3a3ae36cb3e38f80edcdba88efa7922ca24
Reviewed-on: https://chromium-review.googlesource.com/715716
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48660}
Introduce new `SimulateMoves` and `SimulateSwaps` methods which take an initial
"state" as a FixedArray and perform a given list of moves on it. They give us
what the result of testing the CodeGenerator's AssembleMove and AssembleSwap
should be.
This way, we can now compare the results of running parallel moves with a
reference simulation.
Bug: v8:6848
Change-Id: I228f4310f32d2a82e0744afaff183e2c7ac08cb7
Reviewed-on: https://chromium-review.googlesource.com/723222
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48656}
They can have unboxed double fields and embedder fields.
Bug: chromium:775055
Change-Id: Idff67c776cb4209d78006b8f3f8ebc07aa509c42
Reviewed-on: https://chromium-review.googlesource.com/723425
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48655}
This reverts commit 135576ffb6.
Reason for revert: V8 Win32 ASAN failures: https://build.chromium.org/p/client.v8/builders/V8%20Win32%20ASAN/builds/73
It appears these failures were lurking there already, but were hidden because of the bug this CL fixed. Opened https://crbug.com/v8/6953 about these issues.
Original change's description:
> [test] Fix win-asan symbolizer path
>
> This makes the symbolizer path relative, as the absolute paths contain
> a drive letter + colon on windows. The colon is confused by the
> sanitizer as an option separator.
>
> The test driver changes the cwd to the V8 root dir in each
> invocation.
>
> Bug: chromium:726584
> Change-Id: Icf4e5a55bba5dec8e59a3dfe3eccdf7224e65c33
> Reviewed-on: https://chromium-review.googlesource.com/721124
> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48652}
TBR=glider@chromium.org,rnk@chromium.org,machenbach@chromium.org,sergiyb@chromium.org,etienneb@chromium.org
Change-Id: Ic78527950f6a239a03658e042d7244c9781d05db
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:726584
Reviewed-on: https://chromium-review.googlesource.com/723825
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48653}
This makes the symbolizer path relative, as the absolute paths contain
a drive letter + colon on windows. The colon is confused by the
sanitizer as an option separator.
The test driver changes the cwd to the V8 root dir in each
invocation.
Bug: chromium:726584
Change-Id: Icf4e5a55bba5dec8e59a3dfe3eccdf7224e65c33
Reviewed-on: https://chromium-review.googlesource.com/721124
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48652}
While change crrev.com/c/718338 was changing NULL to nullptr, change
crrev.com/c/711334 was adding another NULL. I noticed this (eventually)
because I was simultaneously trying to write a change which was very
dependent on the precise value being used for null pointers.
BUG=v8:6928,v8:6921
Change-Id: Ib42cccf90c91c050032cc9e34e44c99fd14ff1bb
Reviewed-on: https://chromium-review.googlesource.com/722619
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48651}
Ensure we only lower SpeculativeNumberBinops to a pure operator for
non-string plain primitives. Previously we could lower if a value might be
the-hole, however this would fail a CHECK in ConvertInputsToNumber which
expects a plain primitive.
BUG=chromium:772420
Change-Id: I0c755d10db7afd9cabfb638eca5662d70dfc8d51
Reviewed-on: https://chromium-review.googlesource.com/715717
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48649}
This prepares fixes in the implementations of vabs and vneg (potentially
more). In order to implement them correctly, we need to preserve the
exact bit pattern.
R=ahaas@chromium.org, rodolph.perfetta@arm.com
Bug: v8:6947
Change-Id: I7194a60371a6e3c9ffba32981c90090ffafaa610
Reviewed-on: https://chromium-review.googlesource.com/722941
Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48648}
This feature is turned off in flag-definitions but reenabled in a non-standard
way in d8. Given that the situations in which the trap handler are disabled are
more limited now due to integration problems, disabling this feature for now, since
we lack enough coverage to have confidence to turn it on by default.
We should probably introduce a proper test variant for this feature so that it
can be handled in a more standard way.
R=eholk@chromium.org
CC=mlippautz@chromium.org,hablich@chromium.org,mstarzinger@chromium.org
Bug:
Change-Id: Ic2e13181036ace8802736be847ae16ff889e3cea
Reviewed-on: https://chromium-review.googlesource.com/723221
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48646}