The trunc_l_[s,d] instructions incorrectly returns success when the input is INT64_MAX.
TEST=test-run-machops/RunTryTruncateFloat32ToInt64WithCheck,test-run-machops/RunTryTruncateFloat64ToInt64WithCheck
BUG=
Review URL: https://codereview.chromium.org/1542673002
Cr-Commit-Position: refs/heads/master@{#32990}
The CL #32908 (https://codereview.chromium.org/1526293002) updated the Float64 test data and cause the RunFloat64Add and RunFloat64Sub test cases failed.
The reason is same as the CL #31808 (issue 1430943002, X87: Change the test case for X87 float operations), please refer: https://codereview.chromium.org/1430943002/
Here is the key comments from CL #31808
Some new test cases use CheckFloatEq(...) and CheckDoubleEq(...) function for result check. When GCC compiling the CheckFloatEq() and CheckDoubleEq() function,
those inlined functions has different behavior comparing with GCC ia32 build and x87 build.
The major difference is sse float register still has single precision rounding semantic. While X87 register has no such rounding precsion semantic when directly use register value.
The V8 turbofan JITTed has exactly same result in both X87 and IA32 port.
So we add the following sentence to do type case to keep the same precision for RunFloat64Add and RunFloat64Sub.
Such as: volatile double expect = *i +/- *j; // *i +/- *j, etc.
BUG=
Review URL: https://codereview.chromium.org/1533593003
Cr-Commit-Position: refs/heads/master@{#32988}
A pre-requisite for this change was changing the interpreter to use
Runtime::ForInStep to bring the interpreter implementation closer
to the turbofan implementation. Also required to flatten out the
cache parameters into the interpreter frame for de-opt.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1531693002
Cr-Commit-Position: refs/heads/master@{#32986}
Function proxies would not be printed so far since they ended up in Function.prototype.toString which only works with Function as a receiver but no Proxy. Additionally added support for more gracefully dealing with recursive __proto__ structures introduced by proxies.
BUG=v8:1543
LOG=n
Review URL: https://codereview.chromium.org/1530293004
Cr-Commit-Position: refs/heads/master@{#32985}
The new implementation detects if the input value is outside i32 range
and traps it that case.
The range check is done as follows:
The input value is converted to int32 and then back to float. If the
result is the same as the truncated input value, then the input value
is within int32 range.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1537393003
Cr-Commit-Position: refs/heads/master@{#32984}
After Cvt_d_uw macro, upper 32 bits of the output remain
unitnitialized which caused flaky failures on some tests on
MIPS32R6
TEST=cctest/test-assembler-mips/MIPS13,mjsunit/asm/int32-umod
BUG=
Review URL: https://codereview.chromium.org/1537973002
Cr-Commit-Position: refs/heads/master@{#32983}
On ia32 the code which pushes parameters on the stack depends on the
types of the parameters which are to be pushed. I provide this type
information now by not only passing parameter nodes to
EmitPrepareArguments, but also the index in the call descriptor which
belongs to the parameter nodes.
This type information will also be necessary if we want to use the
PokePair instruction on arm64 again.
R=bradnelson@chromium.org, bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1534593004
Cr-Commit-Position: refs/heads/master@{#32982}
port b10d24ff2c685835e203075de4f11e12cd3d33cc(r32971)
original commit message:
Adds support for generating deoptimization translations for interpreter
stack frames, and building interpreter frames for these translations
when a function deopts. Also adds builtins for
InterpreterNotifyDeoptimized which resume the function's continuation at
the correct point in the interpreter after deopt.
MIPS patch contributed by balazs.kilvady@igmtec.com
BUG=
Review URL: https://codereview.chromium.org/1543433002
Cr-Commit-Position: refs/heads/master@{#32981}
Port b10d24ff2c
Original commit message:
Adds support for generating deoptimization translations for interpreter
stack frames, and building interpreter frames for these translations
when a function deopts. Also adds builtins for
InterpreterNotifyDeoptimized which resume the function's continuation at
the correct point in the interpreter after deopt.
R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1541483002
Cr-Commit-Position: refs/heads/master@{#32977}
- Simplify the variable-length pop sequence on entry. (It now uses
smaller code with no branches.)
- Use conditional compare to merge branches where appropriate.
- Make use of Ldrsw + UntagSmiFieldMemOperand to load smis more
efficiently.
- Only load 'undefined' and 'null' once per builtin.
- A few other small improvements.
BUG=
Review URL: https://codereview.chromium.org/1537903004
Cr-Commit-Position: refs/heads/master@{#32975}
Port 5bd4832492
Original commit message:
Introduce a new Apply builtin that forms a correct and optimizable
foundation for the Function.prototype.apply, Reflect.construct and
Reflect.apply builtins (which properly does the PrepareForTailCall
as required by the ES2015 spec).
The new Apply builtin avoids going to the runtime if it is safe to
just access the backing store elements of the argArray, i.e. if you
pass a JSArray with no holes, or an unmapped, unmodified sloppy or
strict arguments object.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4413, v8:4430
LOG=n
Review URL: https://codereview.chromium.org/1533073003
Cr-Commit-Position: refs/heads/master@{#32974}
Port aafc3e5484
Original commit message:
The FIRST-LAST_NONCALLABLE_SPEC_OBJECT_TYPE range was accidentially used
in field type tracking, where we should check for JSReceiver instead
(there's no need to exclude JSProxy or JSFunction from tracking).
And the use in %_ClassOf was actually wrong and didn't match the C++
implementation in JSReceiver::class_name() anymore. Now it's consistent
again.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:535408
LOG=n
Review URL: https://codereview.chromium.org/1537013002
Cr-Commit-Position: refs/heads/master@{#32973}
Adds support for generating deoptimization translations for interpreter
stack frames, and building interpreter frames for these translations
when a function deopts. Also adds builtins for
InterpreterNotifyDeoptimized which resume the function's continuation at
the correct point in the interpreter after deopt.
MIPS patch contributed by balazs.kilvady@igmtec.com
BUG=v8:4280
LOG=N
TEST=test-deoptimization.cc with --ignition and --turbo
Review URL: https://codereview.chromium.org/1528913003
Cr-Commit-Position: refs/heads/master@{#32971}
This CL prepare newspace evacuation for parallel execution wrt. to actual
allocations. The priority for allocations is:
* Try to allocate from LAB if objects are below kMaxLabObjectSize
* Allocate directly (synchronized) from newspace for larger objects.
* Fall back to old space allocation (which will be backed by a local compaction
space in future).
Semantical change: Previously we did fall back to regular new space promotion if
we are OOM in old space. With this CL we fall back to new space promotion, which
could fail because of fragmentation, again leading to an old space allocation
that finally bails into OOM.
Newspace evacuation is still single threaded and requires further changes to
allocation site tracking.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1487853002
Cr-Commit-Position: refs/heads/master@{#32970}
The trunc_l_[s,d] instructions incorrectly returns success when the input is INT64_MAX.
TEST=test-run-machops/RunTryTruncateFloat32ToInt64WithCheck,test-run-machops/RunTryTruncateFloat64ToInt64WithCheck
BUG=
Review URL: https://codereview.chromium.org/1539763003
Cr-Commit-Position: refs/heads/master@{#32968}
Adds FrameState nodes to graphs built by the Bytecode Graph Builder, in
preparation for adding deopt support. Also adds a new
FrameStateType::kInterpretedFunction to allow for specialized deopt
stack translation for interpreted frames. Finally adds support for
disabling typed lowering of binary ops, since the current approach
relies on a FrameState hack which does not apply to interpreted frames
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1514413002
Cr-Commit-Position: refs/heads/master@{#32964}
Updated toolchain.gypi to support v8 using CLANG on MIPS. These changes
include using integrated assembler with CLANG, and disabling options
used by GCC which are not supported by CLANG.
Reland https://codereview.chromium.org/1519493002 with fix to remove
duplicated 'conditions' sections.
TEST=
BUG=
Review URL: https://codereview.chromium.org/1530153003
Cr-Commit-Position: refs/heads/master@{#32963}
Pretty much everywhere except for a few places where we use
iterators.
BUG=
Review URL: https://codereview.chromium.org/1540453002
Cr-Commit-Position: refs/heads/master@{#32962}
Rolling v8/buildtools to fee7f1e849f59c3fd7bb7b2cacf876edca0572f3
Rolling v8/tools/clang to c745f4763a6af65800a40b6da508f3e943d1804e
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1540513002
Cr-Commit-Position: refs/heads/master@{#32961}
port 5bd4832492 (r32929)
original commit message:
Introduce a new Apply builtin that forms a correct and optimizable foundation for the Function.prototype.apply, Reflect.construct and Reflect.apply builtins
(which properly does the PrepareForTailCall as required by the ES2015 spec). The new Apply builtin avoids going to the runtime if it is safe to just access
the backing store elements of the argArray, i.e. if you pass a JSArray with no holes, or an unmapped, unmodified sloppy or strict arguments object.
mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com>;
BUG=
Review URL: https://codereview.chromium.org/1534543003
Cr-Commit-Position: refs/heads/master@{#32960}
This is based on the Skia Implementation.
More on the project can be found here:
https://docs.google.com/a/chromium.org/document/d/1_4LAnInOB8tM_DLjptWiszRwa4qwiSsDzMkO4tU-Qes/edit#heading=h.p97rw6yt8o2j
The V8 Tracing platform will replace the isolate->event_logger().
But since the current embedders (namely chromium) currently use the isolate->event_logger, I made the default implementation (event-tracer) call into isolate->event_logger if an event_logger was set.
Once the embedders properly implement the interface (for example in chromium it would look like this: https://codereview.chromium.org/707273005/), the default implementation will be doing nothing.
Once the embedders side is fixed, we will change how V8 uses the tracing framework beyond the call from Logger:CallEventLogger. (which would also include a d8 implementation)
BUG=v8:4560
LOG=N
Review URL: https://codereview.chromium.org/988893003
Cr-Commit-Position: refs/heads/master@{#32959}
part of a compile time improvement push. We got from 3 minutes down
to ~30 seconds prior to the change here.
This change further reduces the compile time down to 2 seconds, which
is actually slightly better than the pre-splintering total execution time
of about 3 seconds.
The cause of the regression was the repeated traversal of the children
of a live range, seeking for the one covering a safe point. The fix is to
leverage the intrinsic ordering in the chain of live range children, as well
as that of the safe points.
BUG= chromium:567745
LOG=N
Review URL: https://codereview.chromium.org/1529293002
Cr-Commit-Position: refs/heads/master@{#32958}
Added structural validation to live ranges, esp. for bugs that may
arise due to splintering / merging.
BUG=
Review URL: https://codereview.chromium.org/1533723002
Cr-Commit-Position: refs/heads/master@{#32954}
If the profiler is started via the API and not stopped, V8 will
intermittently crash during isolate teardown.
The fix is to run the DeleteAllProfiles function in Isolate::Deinit()
if cpu_profiler_ still exists.
https://groups.google.com/forum/#!topic/v8-dev/WsIlpbaD4mo
TEST= Run in debug mode, if you start a profile and don't stop it,
this assert should fail:
Fatal error in ../src/profiler/cpu-profiler.cc, line 414
Check failed: !is_profiling_.
Review URL: https://codereview.chromium.org/1526253005
Cr-Commit-Position: refs/heads/master@{#32953}
Add an internal field to each wasm function to keep a reference to the module. (So the GC can do the right thing when you only hold references to wasm functions but not the module).
Use Realloc carefully, to avoid copying from out of bounds.
Make snprintf use platform independent.
Don't disconnect external arraybuffers provided for the heap.
R=ahaas@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1531243003
Cr-Commit-Position: refs/heads/master@{#32951}
Allowing global references to be read through a proxy results in cross-origin information leaks. The ES6 spec currently does not mitigate this in any way. This CL adds a workaround that's easy for V8: throw whenever an unresolved reference would result in a proxy trap to be fired. I'm landing this so we can move forwards with staging proxies without putting users of --harmony at risk.
BUG=chromium:399951
LOG=n
Review URL: https://codereview.chromium.org/1529303003
Cr-Commit-Position: refs/heads/master@{#32949}
Make WasmModule free it's own memory, avoid mixing stack and
heap allocations in tests. This fixes several memory leaks.
Fix several signed compare issues.
Fix several floating point warnings.
Don't setup heap as external, as then the GC can't collect it.
Disable some tests that fail under ASAN.
R=ahaas@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1538543002
Cr-Commit-Position: refs/heads/master@{#32948}