The HandlerCompiler did not properly handle the weird edge case when a
sloppy mode function was installed as an accessor on one of the value
wrapper prototypes and then accessed via a load from a primitive value.
In this case we just passed the primitive value untouched instead of
properly wrapping it first. The CallFunction builtin properly deals with
all the funny edge cases, so we use it instead of duplicating almost all
of the logic here (the performance difference is neglible).
R=verwaest@chromium.org
BUG=chromium:599073, v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1845243005
Cr-Commit-Position: refs/heads/master@{#35187}
This CL implements the ALCR, add logical 32-bit integer with carry, instruction in the s390 simulator.
Some 64-bit operations in the 4-byte arithmetic section of the s390 simulator have been refactored into a separate function to stay below 500 lines.
R=michael_dawson@ca.ibm.com,jyan@ca.ibm.com,mbrandy@us.ibm.com,joransiu@ca.ibm.com,
BUG=
Review URL: https://codereview.chromium.org/1846673003
Cr-Commit-Position: refs/heads/master@{#35184}
Add this define to the config used for mksnapshot. This fixes a bug
where certain applications would fail at runtime on Chromecast.
BUG=592660
LOG=Y
Bug: internal b/27495984
Test: Formerly broken Cast apps load and run as expected.
Review URL: https://codereview.chromium.org/1839763003
Cr-Commit-Position: refs/heads/master@{#35183}
There are still spec compliance fixes to be made, but this patch
turns the flag to shipping to make sure we get more canary coverage
and performance data from the bots.
BUG=v8:4602
LOG=y
Review URL: https://codereview.chromium.org/1847103002
Cr-Commit-Position: refs/heads/master@{#35181}
Reason for revert:
TC39 decided that this compatibility fix should be standardized.
Original issue's description:
> Remove RegExp.prototype.source getter compat workaround
>
> The getter RegExp.prototype.source is specified in ES2015 to throw when
> called on a non-RegExp instance, such as RegExp.prototype. We had previously
> put in a compatibility workaround for all RegExp getters to make them
> throw on access specifically with RegExp.prototype as the receiver; however,
> we only have evidence that this is needed for properties other than source.
> This patch removes the compatibility workaround for get RegExp.prototype.source
> and gives it semantics precisely as per the ES2015 specification.
>
> R=adamk
> BUG=chromium:581577,v8:4827
> LOG=Y
>
> Committed: https://crrev.com/80803aa89e31839b8f73959776fa7e1923c6b461
> Cr-Commit-Position: refs/heads/master@{#35086}
R=adamk@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:581577,v8:4827
LOG=Y
Review URL: https://codereview.chromium.org/1847783003
Cr-Commit-Position: refs/heads/master@{#35180}
*) For all tests the input validation was incorrect, i.e. some values
were considered invalid although they were valid. The problem was that
values which are outside int range can get in range through truncation.
*) Removed an assertion in the x64 code generation of
TruncateFloat64ToUint32 which trapped on negative inputs.
*) Introduced a new TF operator TruncateFloat32ToUint32 which does
the same as ChangeFloat32ToUint32 but does not trap on negative inputs.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1843983002
Cr-Commit-Position: refs/heads/master@{#35176}
53d51c52f3 (frame elision).
Turns out it was the cause of the regression in the referenced bug.
BUG=599421
LOG=N
Review URL: https://codereview.chromium.org/1847073002
Cr-Commit-Position: refs/heads/master@{#35175}
This reduces the reserved virtual memory size needed for the store buffer.
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1851473002
Cr-Commit-Position: refs/heads/master@{#35174}
ARM specific CONFIG_KUSER_HELPERS kernel feature for Linux can be disabled,
and in this case, we shouldn't crash. Use a __sync_synchronize() call
instead for Linux platforms.
BUG=chromium:599051
LOG=Y
Review URL: https://codereview.chromium.org/1840203004
Cr-Commit-Position: refs/heads/master@{#35170}
port 40bdbef975
Original commit message:
Int64Mul is lowered to a new turbofan operator, Int32MulPair. The new
operator takes 4 inputs an generates 2 outputs. The inputs are the low
word of the left input, high word of the left input, the low word of the
right input, and high word of the right input. The ouputs are the low
and high word of the result of the multiplication.
R=titzer@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1849543003
Cr-Commit-Position: refs/heads/master@{#35167}
Embedders that rely on unmodified wrappers to survive should pass the command-line flag --noscavenge_reclaim_unmodified_objects
BUG=4880
LOG=yes
Review URL: https://codereview.chromium.org/1839243005
Cr-Commit-Position: refs/heads/master@{#35164}
In the earlier implementation of GenerateDoubleToObject the context
is loaded from the parent's frame. rsi is clobbered because it is used
to store kHoleNan constnat. It is not always safe to peek at
the parents frame. Bytecode handlers have TypedFrame and the type of
frame is stored at FP + 1. GenerateDoubleToObject expects context
to be store at that place. In the current implementation rsi is pushed
onto the stack and is popped when exiting this function.
BUG=v8:4280,chromium:597565
LOG=N
Review URL: https://codereview.chromium.org/1848473002
Cr-Commit-Position: refs/heads/master@{#35163}
Change x64 to use the external references like all other platforms.
BUG=chromium:581076
LOG=N
Review URL: https://codereview.chromium.org/1844283002
Cr-Commit-Position: refs/heads/master@{#35160}
We only use it to store the Stringify function to format
REPL output. This is overkill and introduces issues with
security tokens.
R=jochen@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1845833002
Cr-Commit-Position: refs/heads/master@{#35158}
Previously all code stubs (i.e. both platform and Crankshaft code stubs)
preserved the context register for full-codegen (neither Ignition, nor
TurboFan nor Crankshaft require this or would benefit from this), but
the newly introduced TurboFanCodeStubs no longer do this and there's no
need to, so we have to make sure in full-codegen that we restore the
context register after intrinsic calls, which potentially call
TurboFanCodeStubs.
Drive-by-fix: VisitThisFunction can be made platform independent.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1848553002
Cr-Commit-Position: refs/heads/master@{#35154}
It for now only deals with fast-mode smi and object arrays with smi
keys and internalized strings; and fast-mode named properties with an internalized key or symbol.
BUG=v8:2472
LOG=n
Review URL: https://codereview.chromium.org/1843613002
Cr-Commit-Position: refs/heads/master@{#35152}
Test case objects were sorted without key function, resulting
in random sort order. On sharded builds, the shards are
determined by the sort order and rely on a deterministic
sorting. This led to random cctest and unittest cases being
dropped or executed twice on sharded testers.
TBR=jkummerow@chromium.org, hablich@chromium.org
Review URL: https://codereview.chromium.org/1842673002
Cr-Commit-Position: refs/heads/master@{#35151}
If a script is unloaded between the collection of an allocation and the
tranlation of an allocation profile, the profiler will segfault. With
this change, we report unloaded scripts as having no line number,column
number, or name.
R=ofrobots@google.com
BUG=
Review URL: https://codereview.chromium.org/1846723002
Cr-Commit-Position: refs/heads/master@{#35147}
port 40bdbef975 (r35131)
original commit message:
Int64Mul is lowered to a new turbofan operator, Int32MulPair. The new
operator takes 4 inputs an generates 2 outputs. The inputs are the low
word of the left input, high word of the left input, the low word of the
right input, and high word of the right input. The ouputs are the low
and high word of the result of the multiplication.
BUG=
Review URL: https://codereview.chromium.org/1845183002
Cr-Commit-Position: refs/heads/master@{#35146}
Rolling v8/third_party/android_tools to adfd31794011488cd0fc716b53558b2d8a67af8b
Rolling v8/third_party/icu to 628d39f5b088236d2021bf4388549fd92673ff1a
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1847623003
Cr-Commit-Position: refs/heads/master@{#35144}
Port 40bdbef975
Original commit message:
Int64Mul is lowered to a new turbofan operator, Int32MulPair. The new
operator takes 4 inputs an generates 2 outputs. The inputs are the low
word of the left input, high word of the left input, the low word of the
right input, and high word of the right input. The ouputs are the low
and high word of the result of the multiplication.
R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1847563003
Cr-Commit-Position: refs/heads/master@{#35143}
Properly implement Rotate Right sequence for S390, to use the 64-bit
RLLG instruction.
R=jyan@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1842093003
Cr-Commit-Position: refs/heads/master@{#35142}
Port of changes that replace JR and JALR instructions with JIC and JIALC
for mips64r6. Macroassembler Jump and Call functions now use JIC and
JIALC if branch delay slot is not used. Code patching is adjusted to
work with new changes. Jr and Jalr macroassembler functions are removed.
Other changes where mips32r6 uses jr/jalr are not done because mips64r6
uses j/jal instructions.
BUG=
Review URL: https://codereview.chromium.org/1830133002
Cr-Commit-Position: refs/heads/master@{#35141}
Removed Frame::needs_frame and the function-wide logic using it in
favor of FrameAccessState::has_frame, which can be set on a more
granular level, and driving it block by block.
BUG= v8:4533
LOG=N
Review URL: https://codereview.chromium.org/1775323002
Cr-Commit-Position: refs/heads/master@{#35139}