This is a reland of af677f29b1, fixing
an issue with negative indices.
Original change's description:
> [ic] EmitElementStore: don't miss when hitting new space limit.
>
> CSA::EmitElementStore used to bail out (IC miss) via
> CSA::CheckForCapacityGrow when the capacity hits the new space
> limit, causing the store IC to go megamorphic in my example (see
> referenced bug). With this CL, we do what TF'ed code does already:
> call into Runtime::kGrowArrayElements (in this situation), thus
> staying monomorphic.
>
> Here's a contrived test case:
>
> ////////////////////////
> let x = [];
>
> function bar() {
> for (let i = 0; i < 50000; ++i) x[i] = i;
> }
>
> function foo() {
> for (let i = x.length; i < 100e6; ++i) x[i] = i;
> }
>
> bar();
> foo();
> ////////////////////////
>
> This took about 4s on my machine, now it takes 3s.
>
> Bug: v8:7447
> Change-Id: I7f268fc55835f363d250613ce0357444a663051c
> Reviewed-on: https://chromium-review.googlesource.com/918723
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51297}
Bug: v8:7447, chromium:812451
Change-Id: I345b5e5b2437c4f50e42bbd87947630f24cd95eb
Reviewed-on: https://chromium-review.googlesource.com/921201
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51311}
instance_class_name takes up space unnecessarily, and %_ClassOf and
class_name implement [[Class]] which isn't part of ES2015+ anymore.
Bug:
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I3a73f732ad83a616817fde9992f4e4d584638fa8
Reviewed-on: https://chromium-review.googlesource.com/776683
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51309}
The WasmModuleObjectBuilder was the first interface for streaming
compilation of WebAssembly. Over time we realized that the interface
is insufficient, and we introduced the WasmModuleObjectBuilderStreaming
class, which is used now for streaming compilation. Since the
WasmModuleObjectBuilder was never fully functional, I think it is okay
to remove it without a deprecation period.
R=clemensh@chromium.org, adamk@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia3ac5f150fdad7bc1ad04ba89aee53538d43ce01
Reviewed-on: https://chromium-review.googlesource.com/913614
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51305}
Apparently it can happen that the variable to which we're restoring to has a
two-byte name corresponding to the one-byte name we expect. Modify the debug-mode
name check to allow this.
BUG=v8:7428
Change-Id: I94c56a4b2de3c58b50246fecaead332b0f9679b4
Reviewed-on: https://chromium-review.googlesource.com/911801
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51304}
I fixed some spec tests since the last update, so we can turn them on
again. The problem was in the spec test itself and not in V8.
R=titzer@chromium.org
Change-Id: Id2755138293d22d49e0393b884df797a1134b6f9
Reviewed-on: https://chromium-review.googlesource.com/919041
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51290}
- Remove JS implementation of TA.p.filter
- Reimplement TA.p.filter as CSA
- This CL makes TA.p.filter 3x faster in microbenchmark
- Fix a spec bug: throw if buffer is detached while executing callback
Bug: v8:5929
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2e14b6001d354ca6659cf65fff4ead2942ddc9ff
Reviewed-on: https://chromium-review.googlesource.com/912989
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51288}
The description will be used to annotate roots in the heap snapshot.
Bug: chromium:811842
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ic5c9a89d1921cabddb06783f08ba63740e72820d
Reviewed-on: https://chromium-review.googlesource.com/916564
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51286}
This introduces masking of loads with speculation bit during code generation.
At the moment, this is done only for x64 optimized code, under the
--branch-load-poisoning flag.
Overview of changes:
- new register configuration configuration with one register reserved for
the speculation poison/mask (kSpeculationPoisonRegister).
- in codegen, we introduce an update to the poison register at the starts
of all successors of branches (and deopts) that are marked as safety
branches (deopts).
- in memory optimizer, we lower all field and element loads to PoisonedLoads.
- poisoned loads are then masked in codegen with the poison register.
* only integer loads are masked at the moment.
Bug: chromium:798964
Change-Id: Ie51fdbde578fc289dff029794f3cfe8eaf33e1ef
Reviewed-on: https://chromium-review.googlesource.com/901625
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51272}
Now that instruction cache flushing is process-wide and no longer bound
to a specific {Isolate}, we can also make setters on the {RelocInfo}
structure equally independent of the {Isolate} and remove the respective
parameter everywhere.
R=ahaas@chromium.org
Change-Id: I7b21f6f79d0d6cf73424019b9e808c3ec76de08e
Reviewed-on: https://chromium-review.googlesource.com/915922
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51269}
This is a reland of 6d5b54df82e27a82811a836dcdbbfe26829f0e6d
Original change's description:
> [cleanup] Harden the SubString CSA/Runtime implementations.
>
> Remove the self-healing for invalid parameters in the
> CodeStubAssembler::SubString helper and the %SubString runtime function,
> which is used as a fallback for the CodeStubAssembler implementation.
> All call sites must do appropriate parameter validation anyways now that
> the self-hosted JavaScript builtins using these helpers are gone, and we
> have proper contracts with the uses.
>
> Also remove the context parameter from the CodeStubAssembler::SubString
> method, which is unnecessary, since this can no longer throw an
> exception.
>
> Bug: v8:5269, v8:6936, v8:7109, v8:7137
> Change-Id: I19d93bad5f41faa0561c4561a48f78fcba99a549
> Reviewed-on: https://chromium-review.googlesource.com/795720
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49702}
Bug: v8:5269, v8:6936, v8:7109, v8:7137
Change-Id: I5e84998a2dd3990d7981505b401ffc770e0b7ac5
Reviewed-on: https://chromium-review.googlesource.com/913130
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51265}
The idea here is that in case the `thenable` is a JSPromise and `then`
is the initial `Promise.prototype.then` method, and the @@species lookup
chain is intact, we can skip creating the temporary promise and the
closures (with the shared context), and instead directly call into our
PerformPromiseThen. This is sound since - given above mentioned
conditions - our short-cut
PerformPromiseThen(thenable, undefined, undefined, promise_to_resolve)
is not observably different from the actual
resolve, reject = CreateResolvingFunctions(promise_to_resolve)
result_capability = NewPromiseCapability(%Promise%)
PerformPromiseThen(thenable, resolve, reject, result_capability)
except through PromiseHooks (and potentially via the async stack
traces). So we disable the fast-path if either promise hooks are enabled
or the debugger is active for now.
This improves the performance on the wikipedia benchmark by 20-25% and
the bluebird-doxbee benchmark by around 20%.
Bug: v8:7253
Change-Id: I23c92ad365c2b71d65057573f2d8febe2afe00b0
Reviewed-on: https://chromium-review.googlesource.com/911800
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51261}
This introduces dedicated builtins
- FulfillPromise,
- RejectPromise, and
- ResolvePromise,
which perform the corresponding operations from the language
specification, and removes the redundant entry points and the
excessive inlining of these operations into other builtins. We
also add the same logic on the C++ side, so that we don't need
to go into JavaScript land when resolving/rejecting from the
API.
The C++ side has a complete implementation, including full support
for the debugger and the current PromiseHook machinery. This is to
avoid constantly crossing the boundary for those cases, and to also
simplify the CSA side (and soon the TurboFan side), where we only
do the fast-path and bail out to the runtime for the general handling.
On top of this we introduce %_RejectPromise and %_ResolvePromise,
which are entry points used by the bytecode and parser desugarings
for async functions, and also used by the V8 Extras API. Thanks to
this we can uniformly optimize these in TurboFan, where we have
corresponding operators JSRejectPromise and JSResolvePromise, which
currently just call into the builtins, but middle-term can be further
optimized, i.e. to skip the "then" lookup for JSResolvePromise when
we know something about the resolution.
In TurboFan we can also already inline the default PromiseCapability
[[Reject]] and [[Resolve]] functions, although this is not as effective
as it can be right now, until we have inlining support for the Promise
constructor (being worked on by petermarshall@ right now) and/or SFI
based CALL_IC feedback.
Overall this change is meant as a refactoring without significant
performance impact anywhere; it seems to improve performance of
simple async functions a bit, but otherwise is neutral.
Bug: v8:7253
Change-Id: Id0b979f9b2843560e38cd8df4b02627dad4b6d8c
Reviewed-on: https://chromium-review.googlesource.com/911632
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51260}
This information is useful to know whom to assign bugs to when these tests are
crashing on our infrastructure.
R=petermarshall@chromium.org
No-Try: true
Change-Id: Ia165e0236602cae73e144011537d642e3535fa6b
Reviewed-on: https://chromium-review.googlesource.com/908563
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51259}
Most of the users of these api methods manually ensure that the returned
values are Strings. With an additional flag we can easily ensure that already
in V8 and avoid needless api roundtrips.
Bug: v8:7358
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I62165d44084abc9f07f5bdaace5105847edca60a
Reviewed-on: https://chromium-review.googlesource.com/901248
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51250}
Implements the change outlined in https://github.com/tc39/ecma262/pull/890,
which has been ratified and pulled into the specification. In particular,
template callsite objects are no longer kept in a global, eternal Map, but
are instead associated with their callsite, which can be collected. This
prevents a memory leak incurred by TaggedTemplate calls.
Changes, summarized:
- Remove the TemplateMap and TemplateMapShape objects, instead caching
template objects in the feedback vector.
- Remove the `hash` member of TemplateObjectDescriptor, and the Equals
method (used by TemplateMap)
- Add a new FeedbackSlotKind (kTemplateObject), which behaves similarly
to FeedbackSlotKind::kLiteral, but prevents eval caching. This ensures
that a new feedback vector is always created for eval() containing tagged
templates, even when the CompilationCache is used.
- GetTemplateObject bytecode now takes a feedback index, and only calls
into the runtime if the feedback is Smi::kZero (uninitialized).
BUG=v8:3230, v8:2891
R=littledan@chromium.org, yangguo@chromium.org, bmeurer@chromium.org,
rmcilroy@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I7827bc148d3d93e2b056ebf63dd624da196ad423
Reviewed-on: https://chromium-review.googlesource.com/624564
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51248}
some time the output of these two could be the same
if machine is fast enough.
Change-Id: I1d9c0191657abae3d053517d45059065df2d44dc
Reviewed-on: https://chromium-review.googlesource.com/911873
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51247}
According to the spec, if an imported function gets exported, the
exported function has to be identical to to imported function.
With this CL we initialize the list of potential js_wrappers_ with all
wasm function we imported. Therefore no new wrappers are generated for
these functions.
R=clemensh@chromium.org
Bug: v8:7364
Change-Id: Ibcd47d8fcc4c2fb5740d57ea547fbd01c2a4e80a
Reviewed-on: https://chromium-review.googlesource.com/901626
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51244}
The test is slower on msan than its own anticipated runtime, which the test
internally measures.
TBR=danno@chromium.org
NOTRY=true
Bug: v8:7439
Change-Id: Iba08f589697bcf17b1f4d2cedb1313ff9a34c082
Reviewed-on: https://chromium-review.googlesource.com/913468
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51239}
Apparently the fuzzer tries to create functions with more 130000
parameters, which is too much for TurboFan. For returns I use the
wasm limit because only wasm uses multiple returns.
R=clemensh@chromium.org
Bug: chromium:811070
Change-Id: Ib9a55439c1da8e82ef5f35ffb2e79cab8d4a9018
Reviewed-on: https://chromium-review.googlesource.com/913268
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51231}
Moves generation of speculation poison to be based on the PC target vs the
actual PC being executed. The speculation poison is generated in the prologue
of the generated code if CompilationInfo::kGenerateSpeculationPoison is set.
The result is stored in a known register, which can then be read using the
SpeculationPoison machine node.
Currently we need to ensure the SpeculationPoison node is scheduled right after
the code prologue so that the poison register doesn't get clobbered. This is
currently not verified, however it's only use is in RawMachineAssembler where
it is manually scheduled early.
The Ignition bytecode handlers are updated to use this speculation poison
rather than one generated by comparing the target bytecode.
BUG=chromium:798964
Change-Id: I2a3d0cfc694e88d7a8fe893282bd5082f693d5e2
Reviewed-on: https://chromium-review.googlesource.com/893160
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51229}
This fixes a bug which causes the call count to change when
changing the speculation mode.
Bug: v8:7127
Change-Id: Icb43bd9ac392a5be4df154cb1e5cd4365013efc4
Reviewed-on: https://chromium-review.googlesource.com/911575
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51227}
This is a purely cosmetic change. Rename all local variables and
parameters of type CallDescriptor* to "call_descriptor".
For locals that are now named "call_descriptor", use auto upon
initialization, following the Google style guide
(https://google.github.io/styleguide/cppguide.html#auto).
Note: fields in structs and classes were not renamed in this CL.
R=clemensh@chromium.org,mstarzinger@chromium.org,jarin@chromium.org
Change-Id: Ic6f7afdba12f7b97741b098a9d0e0f58c41c587e
Reviewed-on: https://chromium-review.googlesource.com/909866
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51223}
This refactors the instruction cache simulation to now be maintained
process-wide (as opposed to be per Isolate). It prepares for allowing
to share code between Isolates (e.g. WebAssembly or shared builtins)
while still allowing to simulate execution of such shared code.
R=clemensh@chromium.org
Change-Id: I5a6f083f4e32597565dc646f13b4445014c0daaa
Reviewed-on: https://chromium-review.googlesource.com/909130
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51219}
This avoids the ambiguous implicit conversion C++ compile
errors we had to fix with static_cast before.
Change-Id: I4247f617740f2b6d14d9588a902e0e25029a6726
Reviewed-on: https://chromium-review.googlesource.com/911629
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51217}
When streaming compilation for WebAssembly gets aborted, we reject the
promise associated with the compilation. However, in some circumstances,
e.g. when streaming comilation gets aborted because the browser tab gets
refreshed, then we want to omit rejecting the promise. In an older CL
(https://crrev.com/c/876103) we omit rejecting the promise when the
exception value is null. With this CL the exception value is a MaybeLocal
so that we document properly that the value can be null. In addition, I
added documentation to say that in that case we do not reject the promise.
R=adamk@chromium.org
Bug: chromium:803838
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6a093e61c8ec63f7ae385a7f77ae6178e7b34a06
Reviewed-on: https://chromium-review.googlesource.com/897647
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51211}
This removes the Javascript version of Array.from in js/array.js and
adds a CodeStubAssembler version in src/builtins/builtins-array-gen.cc.
Also modify IteratorBuiltinsAssembler to allow querying the existence
of the iterator method without calling it so we can fall back to the
array-like behavior.
BUG=v8:1956
Change-Id: Ibfb3cef002d72d70bd30b4de676fd22becde006c
Reviewed-on: https://chromium-review.googlesource.com/887066
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51208}
Since we naively build the JS source code through concatenation,
we need to ensure the regexp literal does not end up being interpreted
as a multiline comment:
const re = /*/;
Bug: v8:6741,chromium:808418
Change-Id: Id52fbd2d62c14fc634d05fa1b0192ab86cc9e4fc
Reviewed-on: https://chromium-review.googlesource.com/905667
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51206}
We used to calculate hash in completely incorrect way. We use each
forth character to calculate hash but we should use each one.
R=dgozman@chromium.org
Bug: v8:7426
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iaaa317bbf3b3ef71632735dfd069db450283b6f4
Reviewed-on: https://chromium-review.googlesource.com/909586
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51191}
Timeouts on num-fuzzer only lead to false positives, as tests might
take unpredictably longer.
This CL forgives timeouts through a global override mechanism of the
expected outcomes. This allows to remove already existing scattered
code that allowed timeouts in some test suites only.
Bug: v8:6917
Change-Id: Ib131765d360e335789c1952bc6793ed051e016ea
Reviewed-on: https://chromium-review.googlesource.com/908454
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51188}
PromiseHooks can be called with a proxy which fails the cast and
crashes. This patch changes the runtime functions to
explicitly check for a JSPromise.
This has the side effect of removing the existing broken support for
catch prediction for non native promises.
Bug: v8:7398, v8:7190
Change-Id: I66dbe5f9935943a91afb7ee14919bd9248f9f7e4
Reviewed-on: https://chromium-review.googlesource.com/907677
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51182}
This reverts commit 14108f4c2e.
Reason for revert: Not the culprit for Canary microtask crashes
Original change's description:
> [builtins] Mega-revert to address the Dev blocker in crbug.com/808911.
>
> - Revert "[builtins] Save one word in contexts for Promise.all."
> This reverts commit 7632da067b.
> - Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
> This reverts commit d4f072ced3.
> - Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
> This reverts commit 6703dacdd6.
> - Revert "[debugger] Properly deal with settled promises in catch prediction."
> This reverts commit 40dd065823.
> - Revert "[builtins] Widen the fast-path for Promise builtins."
> This reverts commit db0556b7e8.
> - Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
> This reverts commit a582199c5e.
> - Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
> This reverts commit 6bf8885290.
> - Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
> This reverts commit 313b490ddd.
> - Revert "[builtins] Inline InternalPromiseThen into it's only caller"
> This reverts commit f7bd6a2fd6.
> - Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
> This reverts commit b23b098fa0.
> - Revert "[promise] Remove incorrect fast path"
> This reverts commit 0f6eafe855.
> - Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
> This reverts commit 8a677a2831.
> - Revert "[builtins] Refactor promises to reduce GC overhead."
> This reverts commit 8e7737cb58.
>
> Tbr: hpayer@chromium.org
> Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
> Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/906991
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51158}
Change-Id: I09d958cbebd635a325809072a290f2f53df8c5d4
Tbr: adamk@chromium.org,yangguo@chromium.org,bmeurer@chromium.org
Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/908988
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51181}
Because of missing parentheses, the computation of the "half index" was
wrong, and always produced 0 or 1.
Also, for non-pairs, we were still passing kHighWord for the
RegPairHalf.
R=ahaas@chromium.org
Bug: v8:7422, v8:6600
Change-Id: If056aa8005d4b44e667b7d76b9be49ec0191d0eb
Reviewed-on: https://chromium-review.googlesource.com/908554
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51175}
Currently the disassembler tests continue on unimplemented instructions, fix
to abort instead as most bugs in the disassemblers will appear as unimplemented
instructions.
- Localize testing disassembler method to abort on unimplemented
- Fix failing x64 disassembler tests
Change-Id: I703cca9709c528327ec381d05a78cf3314ea4fa9
Reviewed-on: https://chromium-review.googlesource.com/907489
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51162}
wasm code manager is known to have issue on reloc tagging and
also constant pool. Ignore until fix go in.
Change-Id: I4d7ddafba3cf8bc81c73a7b156cba39985bce48d
Reviewed-on: https://chromium-review.googlesource.com/906950
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51160}
- Revert "[builtins] Save one word in contexts for Promise.all."
This reverts commit 7632da067b.
- Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
This reverts commit d4f072ced3.
- Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
This reverts commit 6703dacdd6.
- Revert "[debugger] Properly deal with settled promises in catch prediction."
This reverts commit 40dd065823.
- Revert "[builtins] Widen the fast-path for Promise builtins."
This reverts commit db0556b7e8.
- Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
This reverts commit a582199c5e.
- Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
This reverts commit 6bf8885290.
- Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
This reverts commit 313b490ddd.
- Revert "[builtins] Inline InternalPromiseThen into it's only caller"
This reverts commit f7bd6a2fd6.
- Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
This reverts commit b23b098fa0.
- Revert "[promise] Remove incorrect fast path"
This reverts commit 0f6eafe855.
- Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
This reverts commit 8a677a2831.
- Revert "[builtins] Refactor promises to reduce GC overhead."
This reverts commit 8e7737cb58.
Tbr: hpayer@chromium.org
Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/906991
Commit-Queue: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51158}
Adds the remaining saturating float to int conversion opcodes.
Bug: v8:7226
Change-Id: If84e564a7816eb4aedbc336f5c2e614da22bb10a
Reviewed-on: https://chromium-review.googlesource.com/905472
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51157}
This patch attempts to reduce the special handling of destructuring
assignments in arrow function parameters by "adopting" them from
wherever they were initially parsed into the arrow function's
FunctionState/Scope. This avoids incorrectly re-setting the
Scope of such assignments multiple times for arrow functions
that are nested inside other arrow params themselves.
It also generally seems better, in that we now only rewrite
destructuring assignments for a single function at a time.
Bug: chromium:807096
Change-Id: I6bef5613f99e3e8c130fc0aa2ee5d6fcf2efd34b
Reviewed-on: https://chromium-review.googlesource.com/900168
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51155}
Declare the private field variable in the preparser as well, to be
consistent with the parser.
Bug: v8:5386
Change-Id: I961ddf14e47b99701e2463cab0f4d4de140e1e3a
Reviewed-on: https://chromium-review.googlesource.com/905843
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51154}
When suspending, rather than saving all registers up to a certain index,
only save the ones that are live according to the liveness analysis.
Others are saved as optimized out constants, and are skipped during the
GenaratorStore lowering. Symmetrically, only restore live registers when
resuming.
Change-Id: Icc2df905b0fe2fe5c372097bd67d5316edcd1b54
Reviewed-on: https://chromium-review.googlesource.com/905662
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51153}
We reuse most of the infrastructure to set break points, with minor
differences when we encounter functions where we can only break on entry:
- PrepareFunctionForBreakPoints simply deopts all functions.
- Break point objects have the canonical source position 0.
- Break point is set/checked/cleared via bit on the DebugInfo.
- Debug::Break do not continue stepping since stepping is implemented via
regular break points and therefore do not interfere with break on entry.
I promise to add more tests.
Bug: v8:178
Change-Id: Ifc8231995c771286db0b848b811e1c3ad3b12494
Reviewed-on: https://chromium-review.googlesource.com/906245
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51152}
Port 7c14a408f9
Original Commit Message:
It turns out that .incbin can be problematic for build systems, in
that the included binary file is not detected as a build-time
dependency.
The alternative is .byte inclusion, which we test here.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ie42da993ae61964eb3f02f328333ec140902d929
Reviewed-on: https://chromium-review.googlesource.com/906688
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51148}
The .byte directive will be used instead of .incbin since the latter
comes with complications involving build-time dependency detection.
Drive-by-edits: Move macro definitions closer to their use-sites.
TBR=rmcilroy@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_compile_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Bug: v8:6666
Change-Id: Ibda0b3577688248dbf627cb69965d28309193859
Reviewed-on: https://chromium-review.googlesource.com/906488
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51147}
We need a deopt point for the case when we fail to find an initial
element from which to begin the reduction step.
Bug: v8:7384
Change-Id: I5e476ddc433be690577677b018639c4c0c70809b
Reviewed-on: https://chromium-review.googlesource.com/906508
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51146}
Port 0761b55d21
Original Commit Message:
"Extend the code-generator tests to cover AssembleMove and AssembleSwap with
Simd128 registers and stack slots, for targets that support them.
For this to work however, we need support for passing Simd128 stack parameters
in TurboFan which this patch implements for Arm and x86. PPC and S390 both do
not support the Simd128 representation and it appears MIPS and MIPS64's
implementation of AssembleMove and AssembleSwap do not support it either.
As per the design of the tests, the set of values to perform moves on are
represented in a FixedArray of Smis (for kTagged) and HeapNumbers (for kFloat32
and kFloat64). They are converted to raw values for the moves to be performed
on, to be then converted back into a FixedArray. For the kSimd128
representation, we represent values as a FixedArray of 4 Smis, each representing
a lane. They are converted to a raw Simd128 vector using the `I32x4ReplaceLane`
and `I32x4ExtractLane` operations.
Finally, these tests need Simd128 variables mixed with the CodeStubAssembler
which is not a use-case officially supported. And as a result, the `RecordWrite`
stub does not guarantee to preserve Simd128 registers. To get around this, we
have to be careful to skip write barriers when dealing with Simd128 parameters
inside the "teardown" function, and we've had to move all allocations to the
"setup" function.
Thanks to this, we are able to catch bugs such as this one
https://bugs.chromium.org/p/v8/issues/detail?id=6843."
Change-Id: If867dedf4a2c72cb75c58effda93e3eec432fd67
Reviewed-on: https://chromium-review.googlesource.com/906469
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51142}
It will record the time-to-schedule-after-job-start for different
task types to try to highlight use cases where contention might
be a problem (and show improvements to it later).
Also introducing AsyncTimedHistogram to support this use case whose
reported timings go beyond a single scope (i.e. the async version of
ScopedTimedHistogram).
Bug: chromium:807606
Change-Id: Ib4d581fa8b001723dfe8c91102280e9608b4fabb
Reviewed-on: https://chromium-review.googlesource.com/899365
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51131}
Port 47e272b206
Original Commit Message:
This is a reland of ef06feded6.
Original change's description:
> Reland "[builtins] Add .incbin cctest"
>
> This is a reland of b012816155.
>
> Original change's description:
> > [builtins] Add .incbin cctest
> >
> > Just to ensure this is portable across all platforms.
> >
> > Credits go to https://github.com/graphitemaster/incbin, bits of the
> > .incbin code were taken from there. Thanks!
> >
> > Reland of https://crrev.com/c/881181
> >
> > Bug: v8:6666
> > Change-Id: I5c0dbf56b1c987fd88607dca69b39d65b59cdefc
> > Reviewed-on: https://chromium-review.googlesource.com/895597
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#51042}
>
> Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_compile_rel
> Bug: v8:6666
> Change-Id: I8fc0963e28996a84ed56c2e740d895e26611abf0
> Reviewed-on: https://chromium-review.googlesource.com/897630
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51054}
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I863d01a4a7d91f9f2128e4598f417efe49c43e7b
Reviewed-on: https://chromium-review.googlesource.com/902431
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51124}
- Remove redundant instruction from I16x8Splat
- Force F32x4Splat to use movss, as using MacroAssembler can mix SSE/AVX
instructions
Bug: v8:6020
Change-Id: I781c22adecf892a79b6a38c3d83fc4022f9067de
Reviewed-on: https://chromium-review.googlesource.com/898429
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51123}
This is the last piece of the TypedArray constructors that was still
written in JS.
Bug: v8:7102
Change-Id: I7c4dc867b09408caa4eec2873ea7185b6c61a525
Reviewed-on: https://chromium-review.googlesource.com/888751
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51122}
Add a fast-path to Promise#finally, which skips the "then" lookup of the
Promise#then lookup chain is intact, similar to what we already do for
Promise#catch.
Drive-by-fix: Also use the @@species protector to speed up the lookup
of the SpeciesConstructor in Promise#finally.
Bug: v8:7253
Change-Id: If77e779a0188904effc4528beffc8f0bdd7c2efe
Reviewed-on: https://chromium-review.googlesource.com/902283
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51116}
It turns out that .incbin can be problematic for build systems, in
that the included binary file is not detected as a build-time
dependency.
The alternative is .byte inclusion, which we test here.
Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_compile_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Bug: v8:6666
Change-Id: Ie24f4191db17c920c617987d1bee730208776b91
Reviewed-on: https://chromium-review.googlesource.com/901352
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51109}
The `simpleBind` function exposed by V8 Extras was initially added to
work around the terrible performance of `Function.prototype.bind` at
the time. Nowadays `Function.prototype.bind` is significantly faster
and fully optimized by TurboFan, however, so there’s no need for the
`simpleBind` helper anymore.
Bug: chromium:807522
Change-Id: I1a0456e2aa34f92a3c9a0234a812b660f969d016
Reviewed-on: https://chromium-review.googlesource.com/903164
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51108}
The catch prediction logic got confused when we merged the reactions and
result fields of JSPromise, because for settled promises it would start
to treat the result as reactions list, leading to a crash most likely or
memory corruption in the worst case (only if break on uncaught exception
is enabled). We can only inspect reactions when the promise is still in
"pending" state.
Bug: chromium:808973, v8:7253
Change-Id: I15162c96fce959a052fbc628addd9418da39327c
Reviewed-on: https://chromium-review.googlesource.com/903163
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51106}
Modify "run_perf.py --filter Array/" so that it will let match "Array" but
not "ArrayLiteralSpread". Previously --filter Array/ would match nothing.
Change-Id: I1f9c677e3558fc2256a71306af5fc1a8394ac698
Reviewed-on: https://chromium-review.googlesource.com/895453
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51098}
Fixes float to I64 tests to not have duplicated tests.
Also changes the use of macro REQUIRE to only be needed when an opcode
(i.e. operation) is not supported on some architecture.
Bug: v8:7226
Change-Id: I6c18602bd836469077808c0b3c93732af7c8f0d8
Reviewed-on: https://chromium-review.googlesource.com/895408
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51097}
The test required a special runtime function, which did not work in
general but only in the context of that one test. After an offline
discussion we decided that what the test is testing is not worth a
runtime function, since we would also see in other tests if something
goes wrong.
R=clemensh@chromium.org
Bug: v8:7403
Change-Id: I129a189a9df299d409a4a555eae28783e47b97d1
Reviewed-on: https://chromium-review.googlesource.com/901284
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51095}
The multi-return fuzzer was able to generate more than 256 parameters of
the same type. However, the fuzzer itself could not deal with so many
parameters. With this change more than 256 parameters of the same type
can be handled and tested.
R=clemensh@chromium.org
Bug: chromium:807862
Change-Id: I6941eb0ff7e78a8feebc437624fa100adeda4e3d
Reviewed-on: https://chromium-review.googlesource.com/897673
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51089}
This adds a new isolate wide Promise#then protector, which guards the
"then" lookup for all JSPromise instances whose [[Prototype]] is the
initial %PromisePrototype%. Thus arbitrary mutations to the
Promise.prototype (i.e. monkey-patching other methods or installing
new functions) no longer sent you down the slow-path. Use this protector
in Promise.prototype.catch and in Promise.resolve.
Drive-by-fix: Restructure the resolve logic a bit and avoid the
expensive and large SameValue check, which can be turned into a simple
reference equal, as the promise in there is known to be a JSPromise
anyways.
Bug: v8:7253
Change-Id: If68b12c6bc6ca9c4d10552ae84854ebc3b5774f9
Reviewed-on: https://chromium-review.googlesource.com/899302
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51085}
Report an error during scope analysis if we're unable to find a
variable proxy for the given private field. This can happen if we try
to access a private field that was not defined or if we're outside
the class scope.
This doesn't correctly throw an early error when pre parsing a top
level function because we don't track it's variables.
Bug: v8:5368
Change-Id: I0a1193fe0ae213c0732fae5d435e150852a8d87d
Reviewed-on: https://chromium-review.googlesource.com/892093
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51082}
A version of the spec change from
https://github.com/tc39/ecma262/pull/988, but applied to the
Async-from-Sync iterator type.
This change does not modify generated bytecode (but maybe it should to
take advantage of load IC feedback for loading "next"). Doing this grows
bytecode by quite a bit, since it's necessary to throw-if-not-an-object
before loading "next" (which currently gets to live in a code stub
instead).
BUG=v8:5855
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I0d2affef664d1069b24c54a553d62e17b49e5a16
Reviewed-on: https://chromium-review.googlesource.com/723136
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51078}
This is a reland of ef06feded6.
Original change's description:
> Reland "[builtins] Add .incbin cctest"
>
> This is a reland of b012816155.
>
> Original change's description:
> > [builtins] Add .incbin cctest
> >
> > Just to ensure this is portable across all platforms.
> >
> > Credits go to https://github.com/graphitemaster/incbin, bits of the
> > .incbin code were taken from there. Thanks!
> >
> > Reland of https://crrev.com/c/881181
> >
> > Bug: v8:6666
> > Change-Id: I5c0dbf56b1c987fd88607dca69b39d65b59cdefc
> > Reviewed-on: https://chromium-review.googlesource.com/895597
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#51042}
>
> Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_compile_rel
> Bug: v8:6666
> Change-Id: I8fc0963e28996a84ed56c2e740d895e26611abf0
> Reviewed-on: https://chromium-review.googlesource.com/897630
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51054}
Bug: v8:6666
Change-Id: Icc6816e260dac2d8b8f6c9c4a2725b271dac4664
Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_compile_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/898927
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51075}
These 2 test have known issues
Change-Id: I4830e0af0f4f1cf7fd1189316356dd1f7dc2c6eb
Reviewed-on: https://chromium-review.googlesource.com/896721
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51074}
Copied as-is modulo compile tweaks from Chromium's base.
Copied tests highlighting existing overflow issues with V8's impl...
TimeDelta::Max() will initially be used in V8 to flag events that
never triggered in a TimedHistogram.
Also constexpr'ed a few things while I was in there, it's harmless
at worst and helps a little at best.
Ideally would constexpr all the Time*::From*() methods like in
Chromium but that has inlining implications and I don't know the
impact that could have on V8.
Bug: chromium:807606
Change-Id: If5aa92759d985be070e12af4dd20f0159169048b
Reviewed-on: https://chromium-review.googlesource.com/899342
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51073}
This creates a uniform PerformPromiseThen builtin, which performs the
operation with the same name from the spec, except that it expects the
handlers to be either undefined or callable already, since this is only
relevant for a single callsite (namely Promise.prototype.then).
Introduce a matching operator JSPerformPromiseThen into TurboFan, which
represents this operation and removes the additional checks in case of
Promise.prototype.then based on the information we can derived from the
receiver maps.
This yields a nice 20-25% improvement on Promise.prototype.then, as
illustrated by the following micro-benchmark
```js
const N = 1e7;
function inc(x) { return x + 1; }
function chain(promise) {
return promise.then(inc).then(value => {
if (value < N) chain(Promise.resolve(value));
});
}
console.time('total');
chain(Promise.resolve(0));
setTimeout(console.timeEnd.bind(console, 'total'));
```
which goes from around 1230ms to 930ms with this patch.
Bug: v8:7253
Change-Id: I5712a863acdbe7da3bb8e621887c7b952148c51a
Reviewed-on: https://chromium-review.googlesource.com/899064
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51071}
All tests are sensitive to internal state, which is incompatible with GC
fuzzing.
TBR=ulan@chromium.org
NOTRY=true
Bug: v8:7360
Change-Id: I4b28f40e099b7395e39725aaf6e9e199939ebd9f
Reviewed-on: https://chromium-review.googlesource.com/899087
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51069}
Load mjsunit.js inside the realm as otherwise the functions are not
available in the realm's scope.
This also prints timestamps after each test to easier track down slow
tests.
We also pass --omit-quit to not stop too early.
This also adds the ability to skip certain tests for endurance
fuzzing and skips some tests with known problems.
TBR=ulan@chromium.org,hpayer@chromium.org
Bug: v8:6972, v8:7400
Change-Id: I44464c28bfb10c84f2e59972e7b86945a47ca3b3
Reviewed-on: https://chromium-review.googlesource.com/899008
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51066}
- Adds a DCHECK to AllocatePages to enforce hint address alignment.
- Adds a DCHECK to AllocatePages to make length a multiple of allocation
granularity.
- Properly aligns the hint address in MemoryAllocator::AllocateChunk
to MemoryChunk::kAlignment.
This is to conform more closely to Chromium's page allocator API.
Bug:chromium:756050
Change-Id: Ib991fa80609834107829a9559f4b5b6b0996fc72
Reviewed-on: https://chromium-review.googlesource.com/898095
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51065}
Replace hard-coded uses of `kScratchDoubleReg`, `kScratchDoubleReg2` and
`kScratchQuadReg` with the safer `UseScratchRegisterScope`. The reason for doing
this is to be able to safely use these scratch registers inside the assembler
without having to worry about the code generator using them too.
For instance, using this scope showed us that `TryInlineTruncateDoubleToI` is
using a FP scratch register while the caller, the `DoubleToI` stub, is using it
too. We are safe only because the stub passes the scratch register to
`TryInlineTruncateDoubleToI` as an input. Using the scope forces us to
explicitely use the input register instead of acquiring a new scratch.
Bug: v8:6553
Change-Id: I84c53cd851d31ea33b0e3ef398d7a858b7e3e3c4
Reviewed-on: https://chromium-review.googlesource.com/895460
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#51061}
Especially "invalid function" and "invalid type" could contain much
more information.
Drive-by: Remove unused WasmTrapInvalidIndex.
R=ahaas@chromium.org
Change-Id: I7fd72c095eaad94e3e2d9bfe6ab4a9ce0bb4798b
Reviewed-on: https://chromium-review.googlesource.com/897526
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51059}
We were generating sequences of instructions for generating i32, i64,
f32 and f64 values, but not for generating an instruction without a
result value. This CL adds that.
R=ahaas@chromium.org
Change-Id: I5c17d4182dfc6a827c7cdaa611ba7941b9c5d12f
Reviewed-on: https://chromium-review.googlesource.com/897790
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51058}
This is a reland of b012816155.
Original change's description:
> [builtins] Add .incbin cctest
>
> Just to ensure this is portable across all platforms.
>
> Credits go to https://github.com/graphitemaster/incbin, bits of the
> .incbin code were taken from there. Thanks!
>
> Reland of https://crrev.com/c/881181
>
> Bug: v8:6666
> Change-Id: I5c0dbf56b1c987fd88607dca69b39d65b59cdefc
> Reviewed-on: https://chromium-review.googlesource.com/895597
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51042}
Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_compile_rel
Bug: v8:6666
Change-Id: I8fc0963e28996a84ed56c2e740d895e26611abf0
Reviewed-on: https://chromium-review.googlesource.com/897630
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51054}
Bug: v8:7387
Change-Id: I831bf8f580d4112d7e0f48d90bbe2f44eff73225
Reviewed-on: https://chromium-review.googlesource.com/897326
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51047}
The flag is enabled by default and provides a quick way to switch
between the old RetainerInfo and the new EmbedderGraph snapshoting
in local testing.
Bug: chromium:749490
Change-Id: I36406597a289090879cfa5051037c8cf35988e59
Reviewed-on: https://chromium-review.googlesource.com/897532
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51045}
This reverts commit b012816155.
Reason for revert: Still breaks the bot:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/1217
Original change's description:
> [builtins] Add .incbin cctest
>
> Just to ensure this is portable across all platforms.
>
> Credits go to https://github.com/graphitemaster/incbin, bits of the
> .incbin code were taken from there. Thanks!
>
> Reland of https://crrev.com/c/881181
>
> Bug: v8:6666
> Change-Id: I5c0dbf56b1c987fd88607dca69b39d65b59cdefc
> Reviewed-on: https://chromium-review.googlesource.com/895597
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51042}
TBR=machenbach@chromium.org,jgruber@chromium.org
Change-Id: I41a48908b6e0ff6a28beb8b28a1a9a739302081a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/897788
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51044}
Just to ensure this is portable across all platforms.
Credits go to https://github.com/graphitemaster/incbin, bits of the
.incbin code were taken from there. Thanks!
Reland of https://crrev.com/c/881181
Bug: v8:6666
Change-Id: I5c0dbf56b1c987fd88607dca69b39d65b59cdefc
Reviewed-on: https://chromium-review.googlesource.com/895597
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51042}
Instead of inlining NewPromiseCapability everywhere, we should have it
as a separate builtin that can be called. The motivation for doing so is
to reduce the overhead of the builtins and just share the slow-path
handling in a single place, plus this way we can also utilize the
NewPromiseCapability functionality from TurboFan optimized code
eventually.
Also remove the unused %new_promise_capability intrinsic and the builtin
backing it.
Bug: v8:7253
Change-Id: Ic7c916a11f12d063a645e2c25cc4120badee5640
Reviewed-on: https://chromium-review.googlesource.com/897804
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51036}
The wasm call fuzzer is superseded by the wasm compile fuzzer, thus
remove it.
The chromium side will land in https://crrev.com/c/895531.
R=ahaas@chromium.org
Change-Id: I211d9f8ad2ca5432dbbc6ecce0b6e13760f1af60
Reviewed-on: https://chromium-review.googlesource.com/895534
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51034}
Where the value we are switching on is a constant, we can just look
through each IfValue case and replace the switch and go straight to
the appropriate case. If no case matches, expect and go to the
IfDefault.
For the (unrealistic) example in the linked bug, this improves
performance ~1.5x.
Bug: v8:7389
Change-Id: I7ffe209bda9ed22571ea106396b18e0bcf9a1e22
Reviewed-on: https://chromium-review.googlesource.com/893141
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51029}
It was already always high-resolution on POSIX but was never high
resolution on Windows. Windows does support low latency high-resolution
timers for the majority of our user base.
TimeTicks::HighResolutionNow() was only explicitly requested in testing
frameworks. As such I left the call in place but made it DCHECK that
it's running on a Windows machine on which high-resolution clocks are
used. This confirms that none of our test fleet has regressed with this
change (the previous HighResolutionNow() used to be slightly more
aggressive and also do it in a few configurations where we now fallback
to low-resolution now).
This implementation was copied as-is (modulo minor v8 API
compatibility tweaks). These implementations were the same in the
past but had diverged when, sadly, the same bug was fixed separately
years apart, in Chromium and V8:
chromium: https://codereview.chromium.org/1284053004 + https://codereview.chromium.org/2393953003
v8: https://codereview.chromium.org/1304873011
This is a prerequisite to add metrics around parallel task execution
(low-resolution clocks are useless at that level, but we also don't want
to incur high-latency clocks on machines that can't afford it cheaply).
Bug: chromium:807606
Change-Id: Id18e7be895d8431ebd0e565a1bdf358fe7838489
Reviewed-on: https://chromium-review.googlesource.com/897485
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51027}
Otherwise bots with a low number of cores will hang trying to schedule
a mere 4 tasks.
This change allowing scheduling of an arbitrary number of test tasks,
the count was also augmented to better stress test the system.
Bug: chromium:805932
Change-Id: Ia10cd583c0675c256b4fd5d2765b50855d77a7f9
Reviewed-on: https://chromium-review.googlesource.com/895584
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51019}
That patch introduces EmbedderGraph interface that embedders can use to
represent C++ objects that retain or are retained by V8 JS objects.
The heap snapshot generator adds nodes and edges of the EmbedderGraph to
the heap snapshot, allowing arbitrarily complex retaining paths that
cross V8/Embedder boundary.
The new functionality is enabled only if the embedder sets the
BuildEmbedderGraph callback.
Bug: chromium:749490
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I10a1fa000d6d4ba47fc19d84c7cfc2c619d496fc
Reviewed-on: https://chromium-review.googlesource.com/890521
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51016}
This is a reland of 957ac3641c.
To avoid a race condition TSAN found when accessing FLAG_turbo_disable_switch_jump_table
in the InstructionSelector, this now threads the flag through the CompilationInfo.
Original change's description:
> [turbofan] disable indirect jumps in Turbofan generated switches
>
> Bug:
> Change-Id: I326bf518f895e7c030376210e7797f3dd4a9ae1f
> Reviewed-on: https://chromium-review.googlesource.com/873643
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50984}
Change-Id: I76c2804f140cc116e30881bfd05365a09240e605
Reviewed-on: https://chromium-review.googlesource.com/895643
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51014}
Previously we would directly take the result from a fulfilled native
promise bypassing the microtask queue. This is observably different
from the spec.
Note: Our variant of the bluebird benchmark is heavily favored towards
fulfilled native promises because we don't use setTimeout (unlike the
original benchmark). I suspect this pattern doesn't appear often in
the wild so it's fine to take this hit for now.
PSA for Perf sheriffs: this is going to tank some benchmarks.
Bug: chromium:800651, v8:5691, v8:6007
Change-Id: Ic273bf2195529424b0d87359d28d5267060d5252
Reviewed-on: https://chromium-review.googlesource.com/895416
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51010}
We still avoid the "then" lookup using the current fast-path
mega-guard in the baseline case, but in TurboFan we simply
constant-fold the "then" lookup in the JSCallReducer. So all
further optimizations on Promise#then in TurboFan will automatically
apply to Promise#catch as well.
Bug: v8:7253
Change-Id: Idf7252157375a0ae3a91c7a3b42c30c5f367c0a8
Reviewed-on: https://chromium-review.googlesource.com/895446
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51008}
A given JSPromise can either be in pending state, and accumulates
reactions, or in settled state, where all reactions are scheduled
as microtasks, and it carries a result. So we can use a single field
on the JSPromise instance to hold both the result and the reactions
and that field is interpreted differently depending on the status of
the JSPromise.
Bug: v8:7253
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I19a7d499c88f452f0d35979ab95deb110021cde9
Reviewed-on: https://chromium-review.googlesource.com/895528
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51004}
Implements the saturating opcode i64.trunc_s:sat/f32.
Also does some refactoring of the i32 saturating opcodes use a simplier
solution (calling a single method to handle all i32 values).
Also refactors code so that the remaining i64 saturating conversions
should be easy to add to the wasm compiler.
Bug: v8:7226
Change-Id: I031aca1e059b4baa989a56ecbc16941f591ff9b3
Reviewed-on: https://chromium-review.googlesource.com/887333
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51001}
The FeedbackNexus classes initially were one-to-one with IC classes,
but over time this got out of date. We also found Nexus' useful, so
we made more classes even for cases that weren't ICs.
The inheritence and polymorphism became confusing and led to
duplication. Better, to just talk about a (single) FeedbackNexus.
Bug: v8:7344
Change-Id: I509dc9657895d56c3859de6e6589695cdff9e73e
Reviewed-on: https://chromium-review.googlesource.com/890452
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50997}
The hash avoids assigning all CHECK failures to the same clusterfuzz
report.
Bug: chromium:805970
Change-Id: Ia52da335ea86fbc7cc924dd81a893722a6d3d92e
Reviewed-on: https://chromium-review.googlesource.com/894323
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50992}
The fuzzer found a couple of cases that exploited comments of the
form:
function test() {
const re = /*.../;
const str = '...*/...';
let result;
try { result = re.exec(str); } catch (e) { /* ... */ }
}
Note that the first line does not contain a regexp literal, it starts
a comment instead. The second line terminates the comment.
This fixes detection of such cases by initializing `result` to null.
TBR=yangguo@chromium.org
Bug: chromium:805970
Change-Id: I5d46db9892e2b4e71cdc2907cebf07a2e33b7a0e
Reviewed-on: https://chromium-review.googlesource.com/894403
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50991}
For mips, if 'mips_arch_variant=="r6"' and if 'mips_use_msa' flag is set
to 'true', then test-run-wasm-simd tests won't be skipped for mips. It
will also force 'MIPS_SIMD' bit in CpuFeatures to be set.
ARM processors are assumed to support SIMD.
Change-Id: Iea668b97ef995ca4949ddbf2ffc734aad89d3aa3
Reviewed-on: https://chromium-review.googlesource.com/868430
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#50981}
This implements the ideas outlined in the section "Microtask queue"
of the exploration document "Promise and async/await performance" (at
https://goo.gl/WHRar2), except that the microtask queue stays a linear
FixedArray for now, to avoid running into trouble with the parallel
scavenger. This way we can already save a significant amount of
allocations, thereby reducing the GC frequency quite a bit.
All items on the microtask queue are now proper structs that subclass
Microtask, i.e. we also wrap JSFunction and MicrotaskCallback jobs
into structs. We also consistently remember the context for every
microtask (except for MicrotaskCallback where we don't have a
context), and execute it later in exactly that context (as required
by the spec anyways for the Promise related jobs). Particularly
interesting is the PromiseReactionJobTask and its subclasses, since
they are designed to have the same size as the PromiseReaction. When
we resolve a JSPromise we just take the existing PromiseReaction
instances and morph them into PromiseFulfillReactionJobTask or
PromiseRejectReactionJobTask (depending whether you "Fulfill" or
"Reject"). That way the JSPromise class is now only 6 words instead
of 10 words.
Also the PromiseReaction and the reaction tasks can either carry a
JSPromise (for the fast native case) or a PromiseCapability (for the
generic case), which means we don't always pay the overhead of having
to also remember the "deferred resolve" and "deferred reject" handlers
that are only relevant for the generic case anyways.
It also fixes a spec violation where we called "then" before we actually
enqueued the PromiseResolveThenableJob, which is observably wrong.
Calling it later has the advantage that it should be fairly
straight-forward now to completely avoid it for native Promise
instances.
This seems to save around 10-20% on the various Promise benchmarks and
micro-benchmarks. We expect to gain even more as we're now able to
inline various operations into TurboFan optimized code easily.
Bug: v8:7253
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I893d24ca5bb046974b4f5826a8f6dd22f1210b6a
Reviewed-on: https://chromium-review.googlesource.com/892819
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50980}
This is a reland of 0db74d4974.
Original change's description:
> [test] Random seed processor
>
> 1. --total-timeout-sec now available for ./run-tests.py. It can be
> useful with infinite seed stressing
> 2. random seed dropped from the context. Now JSON progress indicator
> gets it from the list of command args.
>
> Bug: v8:6917
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I73e535bc8face9b913c696b8d5e3a246fa231004
> Reviewed-on: https://chromium-review.googlesource.com/888524
> Commit-Queue: Michał Majewski <majeski@google.com>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50964}
Bug: v8:6917
Change-Id: I1ea376a4abffce5ab65f4834ea7e6d6011765ffa
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/894204
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#50978}
Async generators didn't correctly handle the situation where one calls
.return on a suspended-at-start async generator and passes a
promise-like object whose awaiting causes a new request to the
generator.
Bug: chromium:805729
Change-Id: I4da13ab5bd97f8c2a2c5373242a2d5e2ab0f7f10
Reviewed-on: https://chromium-review.googlesource.com/891231
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50974}
This reverts commit 0db74d4974.
Reason for revert: https://chromium-swarm.appspot.com/task?id=3b609f9976bac610&refresh=10&show_raw=1
Original change's description:
> [test] Random seed processor
>
> 1. --total-timeout-sec now available for ./run-tests.py. It can be
> useful with infinite seed stressing
> 2. random seed dropped from the context. Now JSON progress indicator
> gets it from the list of command args.
>
> Bug: v8:6917
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I73e535bc8face9b913c696b8d5e3a246fa231004
> Reviewed-on: https://chromium-review.googlesource.com/888524
> Commit-Queue: Michał Majewski <majeski@google.com>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50964}
TBR=machenbach@chromium.org,sergiyb@chromium.org,majeski@google.com
Change-Id: I2d96ea328cda2d09b01ff455e47c77d567fafe00
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6917
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/894522
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50970}
This is a reland of 76195d9e08.
It was reverted because the new parallel tasks (with higher number
of workers) hang on client.v8.ports bots. Since each test task steals
the worker thread it's assigned but only processes one item before
waiting for completion by others: I think the problem is that there
aren't enough workers in client.v8.ports' config. There aren't any
try bots for this config... reduce the tests to use 4 tasks and
hope for the best (i.e. a 4 core machine that uses "num cores")...
Original change's description:
> Smoother distribution of worker assignment in parallel task array.
>
> This is a merge of https://chromium-review.googlesource.com/c/v8/v8/+/888704
> and https://chromium-review.googlesource.com/c/v8/v8/+/887084
>
> Which implements the fix in CL 887084 correctly in a world where
> there can be more tasks_ than items_ (crbug.com/806237).
>
> Bug: chromium:805932
> Change-Id: I05401be4fdce442644a8973281a9d88bd959b271
> Reviewed-on: https://chromium-review.googlesource.com/892883
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50956}
Reverted-on: https://chromium-review.googlesource.com/893462
Bug: chromium:805932
Change-Id: I4d0bda3b9f52e9160e613a8f34a95e48b814bb9e
Reviewed-on: https://chromium-review.googlesource.com/893362
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50967}
This reverts commit 76195d9e08.
Reason for revert: New parallel tests timeout on the waterfall (I think because it's configured to use less worker threads and TaskProcessingOneItem is currently designed to steal a worker but only process one item...).
Original change's description:
> Smoother distribution of worker assignment in parallel task array.
>
> This is a merge of https://chromium-review.googlesource.com/c/v8/v8/+/888704
> and https://chromium-review.googlesource.com/c/v8/v8/+/887084
>
> Which implements the fix in CL 887084 correctly in a world where
> there can be more tasks_ than items_ (crbug.com/806237).
>
> Bug: chromium:805932
> Change-Id: I05401be4fdce442644a8973281a9d88bd959b271
> Reviewed-on: https://chromium-review.googlesource.com/892883
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50956}
TBR=gab@chromium.org,hpayer@chromium.org,mlippautz@chromium.org
Change-Id: Icf52eb3afeb9467557c1e0db6922d590466943f0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:805932
Reviewed-on: https://chromium-review.googlesource.com/893462
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50965}
1. --total-timeout-sec now available for ./run-tests.py. It can be
useful with infinite seed stressing
2. random seed dropped from the context. Now JSON progress indicator
gets it from the list of command args.
Bug: v8:6917
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I73e535bc8face9b913c696b8d5e3a246fa231004
Reviewed-on: https://chromium-review.googlesource.com/888524
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50964}
This adds support for set_global and get_global.
R=ahaas@chromium.org
Change-Id: I08bfa3c23080f473616970e9894cfb6e55a4f76d
Reviewed-on: https://chromium-review.googlesource.com/890744
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50963}
Turns out we never generated if blocks or if-else blocks so far.
R=ahaas@chromium.org
Change-Id: I942dbc614b5b489094f5b029a70c40b336d09fa4
Reviewed-on: https://chromium-review.googlesource.com/890451
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50961}
Some tests need to ensure all builtins are deserialized. This adds a
helper to make that easier.
Drive-by-refactoring: Centralize lazy-deserialization tracing.
TBR=rmcilroy@chromium.org
Bug: v8:6624
Change-Id: I1f7caa6c539b12aabcba5b7b28c50ad40355848b
Reviewed-on: https://chromium-review.googlesource.com/891822
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50959}
- Port TypedArray.prototype.slice to CSA
- Implement TypedArraySpeciesCreateByLength as a CSA
- Fix spec bugs: Throw if a source typed array is neutered
after creating a result typed array
Bug: v8:5929
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ia7ce2239d37db6db172c00aa120ef51c31a14bac
Reviewed-on: https://chromium-review.googlesource.com/830991
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50952}
The wasm compile fuzzer generated {br} instructions, but no {br_if} so
far. This CL adds that.
R=ahaas@chromium.org
Change-Id: Ib5e47a26d96e88498104e0d57b9a49b74b7356eb
Reviewed-on: https://chromium-review.googlesource.com/890450
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50950}
The test inspects each builtin's RelocInfo. It's isolate-independent, iff there
are no entries for embedded objects, runtime calls, external references (which
could point to addresses on the isolate), or code targets.
Bug: v8:6666
Change-Id: Ie32353db445a9e81e1c9a0a8f1b5ffe1566a0404
Reviewed-on: https://chromium-review.googlesource.com/888639
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50949}
This only affects document.all, which is the only user of
|ObjectTemplate::SetCallAsFunctionHandler|, and will mean that
new document.all() will throw TypeError. There are tests for this:
//src/third_party/WebKit/LayoutTests/external/wpt/html/infrastructure/common-dom-interfaces/collections/htmlallcollection.html
(cherry picked from commit 7233447e4ac4587c81e91077857f8a30c4a6d2df)
Change-Id: Ibb39b3c61b688591c781158cf4abc0c2d74c908e
Reviewed-on: https://chromium-review.googlesource.com/882642
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Philip Jägenstedt <foolip@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/890496
Cr-Commit-Position: refs/heads/master@{#50943}
Add inbounds benchmark for String.p.charCodeAt
and add in and out of bounds benchmarks for
String.p.codePointAt.
Bug: v8:7092, v8:7326, chromium:806758
Change-Id: I48065627bd79d8fb24e55b2f6dce590e7adbbd6e
Reviewed-on: https://chromium-review.googlesource.com/891858
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50942}
Things that don't work yet:
(a) pre parsed scope data is broken
(b) private fields can be accessed outside classes
(c) no early or runtime error for accessing unknown fields
Things that do work:
everything else
Change-Id: I3d58be44e2be73ec50defb42403112a8a5e68c54
Bug: v8:5368
Reviewed-on: https://chromium-review.googlesource.com/865497
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50935}
