Fixing several memory leaks in wasm unittests.
Avoiding std::vector::data() as it isn't supported on all
compilers on the bots.
Use EXCEPT_TRUE / EXPECT_FALSE to avoid warnings on some compilers when testing boolean equality.
R=ahaas@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1536603003
Cr-Commit-Position: refs/heads/master@{#32940}
port aafc3e5484 (r32926)
original commit message:
The FIRST-LAST_NONCALLABLE_SPEC_OBJECT_TYPE range was accidentially used
in field type tracking, where we should check for JSReceiver instead
(there's no need to exclude JSProxy or JSFunction from tracking).
And the use in %_ClassOf was actually wrong and didn't match the C++
implementation in JSReceiver::class_name() anymore. Now it's consistent
again.
BUG=
Review URL: https://codereview.chromium.org/1537613002
Cr-Commit-Position: refs/heads/master@{#32937}
- Before getting the length property, we must check for it
using [[GetOwnProperty]]. Also, if the obtained length
is a number, we must properly convert it to an integer.
- In order to get the prototype we must use [[GetPrototypeOf]],
and do so before checking the length.
R=cbruni@chromium.org, jkummerow@chromium.org
BUG=v8:1543
LOG=n
Review URL: https://codereview.chromium.org/1530893002
Cr-Commit-Position: refs/heads/master@{#32934}
In a previous incarnation of live range merging, we needed to cache the
last child in a chain of live ranges. We don't anymore, so removing
unused code.
BUG=
Review URL: https://codereview.chromium.org/1536523003
Cr-Commit-Position: refs/heads/master@{#32931}
Decoupled the Print APIs from RegisterAllocationData, and placed them
on the various APIs. Way easier to use these at debug time even outside
the register allocation pipeline.
BUG=
Review URL: https://codereview.chromium.org/1528983005
Cr-Commit-Position: refs/heads/master@{#32930}
Introduce a new Apply builtin that forms a correct and optimizable
foundation for the Function.prototype.apply, Reflect.construct and
Reflect.apply builtins (which properly does the PrepareForTailCall
as required by the ES2015 spec).
The new Apply builtin avoids going to the runtime if it is safe to
just access the backing store elements of the argArray, i.e. if you
pass a JSArray with no holes, or an unmapped, unmodified sloppy or
strict arguments object.
mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com>
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
BUG=v8:4413, v8:4430
LOG=n
R=yangguo@chromium.org
Committed: e4d2538911
Review URL: https://codereview.chromium.org/1523753002 .
Cr-Commit-Position: refs/heads/master@{#32929}
Reason for revert:
Breaks TSAN somewhow: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/7000
Original issue's description:
> [es6] Correct Function.prototype.apply, Reflect.construct and Reflect.apply.
>
> Introduce a new Apply builtin that forms a correct and optimizable
> foundation for the Function.prototype.apply, Reflect.construct and
> Reflect.apply builtins (which properly does the PrepareForTailCall
> as required by the ES2015 spec).
>
> The new Apply builtin avoids going to the runtime if it is safe to
> just access the backing store elements of the argArray, i.e. if you
> pass a JSArray with no holes, or an unmapped, unmodified sloppy or
> strict arguments object.
>
> mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com>
>
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> BUG=v8:4413, v8:4430
> LOG=n
> R=yangguo@chromium.org
>
> Committed: e4d2538911TBR=yangguo@chromium.org,paul.lind@imgtec.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4413, v8:4430
Review URL: https://codereview.chromium.org/1533803002 .
Cr-Commit-Position: refs/heads/master@{#32928}
Introduce a new Apply builtin that forms a correct and optimizable
foundation for the Function.prototype.apply, Reflect.construct and
Reflect.apply builtins (which properly does the PrepareForTailCall
as required by the ES2015 spec).
The new Apply builtin avoids going to the runtime if it is safe to
just access the backing store elements of the argArray, i.e. if you
pass a JSArray with no holes, or an unmapped, unmodified sloppy or
strict arguments object.
mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com>
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=v8:4413, v8:4430
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1523753002 .
Cr-Commit-Position: refs/heads/master@{#32927}
The FIRST-LAST_NONCALLABLE_SPEC_OBJECT_TYPE range was accidentially used
in field type tracking, where we should check for JSReceiver instead
(there's no need to exclude JSProxy or JSFunction from tracking).
And the use in %_ClassOf was actually wrong and didn't match the C++
implementation in JSReceiver::class_name() anymore. Now it's consistent
again.
R=yangguo@chromium.org
BUG=chromium:535408
LOG=n
Review URL: https://codereview.chromium.org/1535523003 .
Cr-Commit-Position: refs/heads/master@{#32926}
There's actually no need to restrict the inline allocation of
receivers for class constructors anymore; the relevant issues
were addressed in the compiler and runtime several weeks ago.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1532453004 .
Cr-Commit-Position: refs/heads/master@{#32925}
port 2c75e3d2ab (r32903)
original commit message:
We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code
without access-checks (see proxies-cross-realm-ecxeption.js).
BUG=
Review URL: https://codereview.chromium.org/1534663002
Cr-Commit-Position: refs/heads/master@{#32924}
Rolling v8/third_party/android_tools to f4c36ad89b2696b37d9cd7ca7d984b691888b188
Rolling v8/tools/clang to 67c5521f1878f7929f8f0afc74b31627b3bbffb3
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1530413002
Cr-Commit-Position: refs/heads/master@{#32923}
port 025d476cf5 (r32906)
original commit message:
Adds a slot for the bytecode offset to interpreter stack frames and
saves it on calls, and restores after calls.
Also fixes RawMachineAssembler::Return() to call MergeControlToEnd.
BUG=
Review URL: https://codereview.chromium.org/1535613003
Cr-Commit-Position: refs/heads/master@{#32922}
Port 2c75e3d2ab
Original commit message:
We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code without access-checks (see proxies-cross-realm-ecxeption.js).
BUG=
Review URL: https://codereview.chromium.org/1526253006
Cr-Commit-Position: refs/heads/master@{#32921}
Port 97161a29ed
Original commit message:
TryTruncateFloat32ToUint64 converts a float32 to a uint64. Additionally it
provides an optional second return value which indicates whether the conversion
succeeded (i.e. float32 value was within uint64 range) or not.
Additionally I fixed a bug on x64 and mips64 in the implementation of
TryTruncateFloat64ToUint64. Cases where the input value was between -1 and 0
were handled incorrectly.
R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1533613002
Cr-Commit-Position: refs/heads/master@{#32919}
Port bb2a830deb
Port 56673804e0
Original commit messages:
MachineType is now a class with two enum fields:
- MachineRepresentation
- MachineSemantic
Both enums are usable on their own, and this change switches some places
from using MachineType to use just MachineRepresentation. Most notably:
- register allocator now uses just the representation.
- Phi and Select nodes only refer to representations.
Store nodes use only MachineRepresentation, not MachineType.
R=jarin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1523373003
Cr-Commit-Position: refs/heads/master@{#32916}
Port 28261daa47
Original commit message:
This operator now provides a second output which indicates whether the
conversion from float32 to int64 was successful or not. The second output
returns 0 if the conversion fails, or something else if the conversion succeeds.
The second output can be ignored, which means that the operator can be used the
same as the original operator.
R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1530273002
Cr-Commit-Position: refs/heads/master@{#32914}
Adds support for loading and storing lookup variables.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1524803003
Cr-Commit-Position: refs/heads/master@{#32913}
This change adds support for local control flow when building graphs
from bytecode. The change ensures loop emitted from the bytecode
generator are in natural order so the only back branches are for loops.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1502243002
Cr-Commit-Position: refs/heads/master@{#32911}
If many threads use the same Isolate (or many Isolates) and then
terminate, their PerIsolateThreadData objects are never cleaned
up, resulting in a slow memory leak and, worse, the
PerIsolateThreadData chain getting larger and larger, adversely
affecting performance.
In this situation, embedders will now be encouraged to apply
DiscardThreadSpecificMetadata against any Isolate a thread is
done with, especially if the thread is about to terminate.
Note that it is harmless to run DiscardThreadSpecificMetadata
against an Isolate for which a thread has no thread data and
per-Isolate thread data can be reestablished if a thread starts
using an Isolate again after running DiscardThreadSpecificMetadata
against it.
It is, however, an embedder error to run
DiscardThreadSpecificMetadata against an Isolate in thread with a
Locker for the Isolate in the stack or against an Entered Isolate.
This change cannot cause any change in behavior in existing apps
as the only added coded can only be reached via the new
DiscardThreadSpecificMetadata method.
R=Jakob, jochen
BUG=
Review URL: https://codereview.chromium.org/1522703002
Cr-Commit-Position: refs/heads/master@{#32909}
Adds a slot for the bytecode offset to interpreter stack frames and
saves it on calls, and restores after calls.
Also fixes RawMachineAssembler::Return() to call MergeControlToEnd.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1512543002
Cr-Commit-Position: refs/heads/master@{#32906}
We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code without access-checks (see proxies-cross-realm-ecxeption.js).
Review URL: https://codereview.chromium.org/1521953002
Cr-Commit-Position: refs/heads/master@{#32903}
We must print "[object Array]" for proxies that satisfy Array.isArray.
Cosmetic change on the side: move ObjectProtoToString from JSObject to Object
since it deals with arbitrary objects.
R=adamk@chromium.org, verwaest@chromium.org
BUG=v8:1543
LOG=n
Review URL: https://codereview.chromium.org/1526023002
Cr-Commit-Position: refs/heads/master@{#32902}
Introduce JSCreateIterResultObject operator, as a way to optimize the
%_CreateIterResultObject intrinsic, which is used to provide uniform,
non-polymorphic result objects for iterators (and generators). We
cannot utilize the existing JSCreate operator here, because there's no
constructor function for iterator result objects (as required by the
spec).
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1531753002
Cr-Commit-Position: refs/heads/master@{#32901}
Tests for
* aborting a full page.
* partially aborting a page.
* partially aborting a page with pointers between aborted pages.
* partially aborting a page with store buffer entries.
Also introduces force_oom() which prohibits a old space to
expand
BUG=chromium:524425
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel,v8_linux_nosnap_dbg,v8_win_nosnap_shared_rel,v8_win_nosnap_shared_compile_rel
Review URL: https://codereview.chromium.org/1518803005
Cr-Commit-Position: refs/heads/master@{#32899}
The problem is this: when stepping over a recursive function call,
the recursive function is flooded with one-shot break points so that
we break after the call, but since the callee is the same function,
the callee is also flooded, resulting a break in the callee. That
however would have been a "step in" instead of "step over".
The original solution was to recognize this by comparing FP. If we
end up in Debug::Break, we still have to check the current FP against
the remembered FP to see whether we are on the same stack height.
If we are deeper, then it's not a "step over", and we do not trigger
a debug break event. In that case, we queue up the step-over, and
temporarily step out until we hit the desired stack height. Note that
in order to step out, we flood the caller, which in our example is
the same function as the callee. So we break at every flooded break
location, and comparing with FP to make sure we stepped out prevents
us from triggering debug break events.
The new solution simply ignores breaks when the FP compare fails.
We simply carry on until we hit a break where the FP compare succeeds.
There is no need to do a step out. The number of calls to Debug::Break
that do not trigger a debug break event due to failing FP compare is
the same. But the code is a lot easier to read.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1527253002
Cr-Commit-Position: refs/heads/master@{#32897}
While not really fitting our directory layout, the DEPS entry needs to
be at exactly the same position as it is in chromium, otherwise either
standalone or chromium build won't work :-/
BUG=none
R=machenbach@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1526843004
Cr-Commit-Position: refs/heads/master@{#32896}