Sometimes we need to capture stack trace on one debugger and use it
later as a parent stack on another debugger (e.g. worker.postMessage).
This CL includes following addition to our protocol and v8-inspector.h:
- added Runtime.StackTraceId, this id represents stack trace captured
on debugger with given id,
- protocol client can fetch Runtime.StackTrace by
Runtime.StacKTraceId using Debugger.getStackTrace method,
- externalParent field is added to Debugger.paused event, it may
contain external parent stack trace,
- V8Inspector::storeCurrentStackTrace captures current stack trace
and returns V8StackTraceId for embedder this id can be used as
argument for V8Inspector::externalAsyncTaskStarted and
V8Inspector::externalAsyncTaskFinished method. Any async stack
trace captured between these calls will get passed external stack
trace as external parent. These methods are designed to be called
on different debuggers. If async task is scheduled and started on
one debugger user should continue to use asyncTask* API,
- Debugger.enable methods returns unique debuggerId.
TBR=dgozman@chromium.org,jgruber@chromium.org
Bug: chromium:778796
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I2c1a2b2e30ed69ccb61d10f08686f4edb09f50e4
Reviewed-on: https://chromium-review.googlesource.com/786274
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49591}
The main reason why we currently don't see this fail is that block-scopes always appear to have an extension: the scope info object is stored there.
Bug:
Change-Id: I38f0c15387e235eeea9a57c95af0d9eb185dad2a
Reviewed-on: https://chromium-review.googlesource.com/785951
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49585}
This reverts commit 3a41b697cd.
Reason for revert: Break msvc: https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/250
Original change's description:
> [inspector] introduced stackTraceId and externalAsyncTask API
>
> Sometimes we need to capture stack trace on one debugger and use it
> later as a parent stack on another debugger (e.g. worker.postMessage).
>
> This CL includes following addition to our protocol and v8-inspector.h:
> - added Runtime.StackTraceId, this id represents stack trace captured
> on debugger with given id,
> - protocol client can fetch Runtime.StackTrace by
> Runtime.StacKTraceId using Debugger.getStackTrace method,
> - externalParent field is added to Debugger.paused event, it may
> contain external parent stack trace,
> - V8Inspector::storeCurrentStackTrace captures current stack trace
> and returns V8StackTraceId for embedder this id can be used as
> argument for V8Inspector::externalAsyncTaskStarted and
> V8Inspector::externalAsyncTaskFinished method. Any async stack
> trace captured between these calls will get passed external stack
> trace as external parent. These methods are designed to be called
> on different debuggers. If async task is scheduled and started on
> one debugger user should continue to use asyncTask* API,
> - Debugger.enable methods returns unique debuggerId.
>
> Bug: chromium:778796
> Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I16aba0d04bfcea90f3e187e635a0588c92354539
> Reviewed-on: https://chromium-review.googlesource.com/754183
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49582}
TBR=dgozman@chromium.org,pfeldman@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org,jgruber@chromium.org
Change-Id: I9b52354fa0841e5148596cf594317f2e5fe508ea
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:778796
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/786152
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49584}
Sometimes we need to capture stack trace on one debugger and use it
later as a parent stack on another debugger (e.g. worker.postMessage).
This CL includes following addition to our protocol and v8-inspector.h:
- added Runtime.StackTraceId, this id represents stack trace captured
on debugger with given id,
- protocol client can fetch Runtime.StackTrace by
Runtime.StacKTraceId using Debugger.getStackTrace method,
- externalParent field is added to Debugger.paused event, it may
contain external parent stack trace,
- V8Inspector::storeCurrentStackTrace captures current stack trace
and returns V8StackTraceId for embedder this id can be used as
argument for V8Inspector::externalAsyncTaskStarted and
V8Inspector::externalAsyncTaskFinished method. Any async stack
trace captured between these calls will get passed external stack
trace as external parent. These methods are designed to be called
on different debuggers. If async task is scheduled and started on
one debugger user should continue to use asyncTask* API,
- Debugger.enable methods returns unique debuggerId.
Bug: chromium:778796
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I16aba0d04bfcea90f3e187e635a0588c92354539
Reviewed-on: https://chromium-review.googlesource.com/754183
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49582}
This test used to run 10M loop iterations to trigger OSR. Let's run 5
instead and trigger OSR manually through the runtime.
Bug: v8:7093
Change-Id: Ie0cdb9389ca465bf433e81a17fa60c300edc3e29
Reviewed-on: https://chromium-review.googlesource.com/785693
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49579}
The test is flaky due to huge string allocation.
Bug: v8:7093
Change-Id: I2f17eb8b96b569d84a1f5c9549753fd0ab7fee89
Reviewed-on: https://chromium-review.googlesource.com/785351
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49575}
These tests can take up to 10 minutes on bots. Split them up to
increase parallelism.
Bug: v8:7093
Change-Id: Iabfd34a7f2476d4add51da807f2e987e8d1153c9
Reviewed-on: https://chromium-review.googlesource.com/785411
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49573}
Old instrumentation was designed to collect promise creation stack and
promise scheduled stack together. In DevTools for last 6 months we
show only creation stack for promises. We got strong support from users
for new model. Now we can drop support for scheduled stacks and
simplify implementation.
New promise instrumentation is straightforward:
- we send kDebugPromiseThen when promise is created by .then call,
- we send kDebugPromiseCatch when promise is created by .catch call,
- we send kDebugWillHandle before chained callback and kDebugDidHandle
after chained callback,
- and we send separate kDebugAsyncFunctionPromiseCreated for internal
promise inside async await function.
Advantages:
- we reduce amount of captured stacks (we do not capture stack for
promise that constructed not by .then or .catch),
- we can consider async task related to .then and .catch as one shot
since chained callback is executed once,
- on V8 side we can implement required instrumentation using only
promise hooks,
Disadvantage:
- see await-promise test, sometimes scheduled stack was useful since we
add catch handler in native code,
Implementation details:
- on kInit promise hook we need to figure out why promise was created.
We analyze builtin functions until first user defined function on
current stack. If there is kAsyncFunctionPromiseCreate function then
we send kDebugAsyncFunctionPromiseCreated event. If there is
kPromiseThen or kPromiseCatch then only if this function is bottom
builtin function we send corresponded event to inspector. We need it
because Promise.all internally calls .then and in this case we have
Promise.all and Promise.then on stack at the same time and we do not
need to report this internally created promise to inspector.
Bug: chromium:778796
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I53f47ce8c5c4a9897655c3396c249ea59529ae47
Reviewed-on: https://chromium-review.googlesource.com/765208
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49553}
- Eliminates CommitRegion and UncommitRegion methods, replacing them with
calls to SetPermissions.
- Makes a similar change to the API of VirtualMemory.
- This changes system calls from mmap to mprotect on most POSIX platforms.
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ib10f8293c9398c6c1e729cd7d686b7c97e6a5d75
Reviewed-on: https://chromium-review.googlesource.com/769679
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49552}
Filtering by status file split to four parts:
1. Getting outcomes - reads both variant dependent and
independent outcomes, no more need to do it twice.
2. Checking unused rules - has a switch to check only variant
dependent/independent rules.
3. Reading flags - if outcome starts with '--' it is treated as a flag.
4. Actual filtering.
Outcomes removed from the testcase object, can be accessed
by call to its testsuite.
Bug: v8:6917
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I35762f891010ddda926250452b88656047433daa
Reviewed-on: https://chromium-review.googlesource.com/775160
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49547}
On x64, we optimize out EmbeddedReferences, unless we explicitly
indicate serialization is enabled. We serialize js-to-wasm wrappers,
which include such references.
Bug: v8:7083
Change-Id: I976da4af74bf7ee3245e1465b8e47f2c042ec3b4
Reviewed-on: https://chromium-review.googlesource.com/780207
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49546}
Typically the interpreter returns 0xdeadbeef to indicate an exception.
However, for stack overflows a normal exception is used. The interpreter
requires an activation, however, to deal with normal exceptions. With
this CL we start an activation before we execute the fuzzer input in the
interpreter.
R=clemensh@chromium.org
Bug: chromium:781103
Change-Id: I4fc3a18bfc2076aab9ff7d2324a3311fe222954a
Reviewed-on: https://chromium-review.googlesource.com/776835
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49545}
The unused properties fields number is calculatable via used in-object
properties count and we can drop it now.
Bug: chromium:774644
Change-Id: I7388af7772a8e793593fabc46527886cf2e36095
Reviewed-on: https://chromium-review.googlesource.com/781465
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49542}
Currently the SourcePositionTableBuilder requires a Zone because it
holds a ZoneVector<byte> of the encoded entries. Since ZoneVector is a
suboptimal data structure anyway, and for Liftoff we don't even have a
Zone allocated currently, this CL replaces the ZoneVector by
std::vector.
R=mstarzinger@chromium.org
Bug: v8:6600
Change-Id: I8010143e917e2351664e2b53746753b597f4407a
Reviewed-on: https://chromium-review.googlesource.com/779181
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49534}
This is a reland of 712fa67554.
Original change's description:
> [test] Add Liftoff variant
>
> Add a variant for testing the current state of the Liftoff
> implementation.
> This variant will only run on a subset of the bots, just like the
> --future variant.
>
> R=machenbach@chromium.org, hablich@chromium.org
>
> Bug: v8:7088, v8:6600
> Change-Id: If49fad3a8ed579356504b821a787326754f24e78
> Reviewed-on: https://chromium-review.googlesource.com/779420
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49504}
TBR=machenbach@chromium.orgCC=hablich@chromium.org
Bug: v8:7088, v8:6600
Change-Id: Ieb20020f07c70acaa64bb421763a41aa163a261b
Reviewed-on: https://chromium-review.googlesource.com/781499
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49531}
The integer value denoting the number of captures (and thus the size
of the list of captures created in @@replace [0]) can be controlled by
the user. This CL ensures we don't overflow and respect
Code::kMaxArguments, but note that it is still possible to trigger
OOMs through large lists.
Bug: chromium:786573
Change-Id: I19c88908c594487818d083b2ba423764ef91eae0
Reviewed-on: https://chromium-review.googlesource.com/779001
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49530}
The index of a function in the WasmModule data structure is offset by
the number of imported functions in the module. The {DecodeFunctionBody}
function of the module decoder, however, requires the function index
without this offset. The streaming processor mixed up these two ranges
of function indices. This is fixed in this CL.
R=clemensh@chromium.org
Bug: chromium:781507
Change-Id: Ie3e0c4703b06ecb923c98ffb961844915323197c
Reviewed-on: https://chromium-review.googlesource.com/776680
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49523}
This is a reland of c71fd20cf9
Original change's description:
> [wasm] Data structures for JIT-ing wasm to native memory.
>
> This CL introduces the structures for JIT-ing wasm on the native heap.
> They are described in detail at go/wasm-on-native-heap-stage-1
>
> Briefly:
> - WasmCodeManager manages memory for modules and offers an interior
> pointer lookup (i.e. PC -> WasmCode)
> - WasmCode represents code, including reloc info. It holds wasm
> specific data, like function index, and runtime information, like trap
> handler info.
> - NativeModule manages memory for one module.
>
> Tests cover the allocation and lookup aspects, following that current
> regression tests cover the JITed code. A separate CL will enable
> JITing using the new data structures.
>
> Bug: v8:6876
> Change-Id: I1731238409001fe97c97eafb7a12fd3922da6a42
> Reviewed-on: https://chromium-review.googlesource.com/767581
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49501}
Bug: v8:6876
Change-Id: Ifd1a4c23de8150dbdc75f059cd657e9670b15c9b
Reviewed-on: https://chromium-review.googlesource.com/779680
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49512}
This is a reland of 236298acbf.
Original change's description:
> [wasm] Unify deoptimization data
>
> Add methods to add deoptimization data and use them from all the places
> where we currently add them manually. Also add them to wasm-to-wasm
> wrappers compiled on table set, which was missing before, leading to
> the referenced bug.
>
> R=ahaas@chromium.org
>
> Bug: chromium:779292
> Change-Id: Ib9132d9faeb1092c46e22dd8196d201ce5c0942f
> Reviewed-on: https://chromium-review.googlesource.com/774838
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49452}
Bug: chromium:779292
Change-Id: I8219305fc894c50904db57e51245733f6613dcd3
Reviewed-on: https://chromium-review.googlesource.com/778159
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49508}
This reverts commit c71fd20cf9.
Reason for revert: msvc is unhappy (https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/208)
Original change's description:
> [wasm] Data structures for JIT-ing wasm to native memory.
>
> This CL introduces the structures for JIT-ing wasm on the native heap.
> They are described in detail at go/wasm-on-native-heap-stage-1
>
> Briefly:
> - WasmCodeManager manages memory for modules and offers an interior
> pointer lookup (i.e. PC -> WasmCode)
> - WasmCode represents code, including reloc info. It holds wasm
> specific data, like function index, and runtime information, like trap
> handler info.
> - NativeModule manages memory for one module.
>
> Tests cover the allocation and lookup aspects, following that current
> regression tests cover the JITed code. A separate CL will enable JITing
> using the new data structures.
>
> Bug: v8:6876
> Change-Id: I1731238409001fe97c97eafb7a12fd3922da6a42
> Reviewed-on: https://chromium-review.googlesource.com/767581
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49501}
TBR=bradnelson@chromium.org,ulan@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,mtrofin@chromium.org,mlippautz@chromium.org
Change-Id: Id54deb74782c6f0fd06c61ddcabb727eb7010333
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6876
Reviewed-on: https://chromium-review.googlesource.com/779679
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49503}
This CL introduces the structures for JIT-ing wasm on the native heap.
They are described in detail at go/wasm-on-native-heap-stage-1
Briefly:
- WasmCodeManager manages memory for modules and offers an interior
pointer lookup (i.e. PC -> WasmCode)
- WasmCode represents code, including reloc info. It holds wasm
specific data, like function index, and runtime information, like trap
handler info.
- NativeModule manages memory for one module.
Tests cover the allocation and lookup aspects, following that current
regression tests cover the JITed code. A separate CL will enable JITing
using the new data structures.
Bug: v8:6876
Change-Id: I1731238409001fe97c97eafb7a12fd3922da6a42
Reviewed-on: https://chromium-review.googlesource.com/767581
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49501}
I just pass a pointer of the platform to the task runner so that the
task runners can put tasks directly into the platform data structures.
R=rmcilroy@chromium.org
Change-Id: I7c1c56c3b9f550c0fe80012abcd31011e69f3d5d
Reviewed-on: https://chromium-review.googlesource.com/771751
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49498}
Streaming compilation started the compilation of a module at the
beginning of the code section. However, there exist valid modules which
do not contain a code section. In this CL we check for the existence of
a code section when we finish the stream. We do this by checking if the
module compiler in the AsyncCompileJob exists, because the module
compiler gets initialized at the beginning of the code section.
If we detect that compilation has not been started because there was no
code section, then we start compilation when the stream finishes.
R=clemensh@chromium.org
Bug: chromium:771973
Change-Id: I7c95a7a791d02254f086961e7cd81885eec27382
Reviewed-on: https://chromium-review.googlesource.com/778541
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49494}
When collecting source ranges for conditionals (`a ? b : c`), include
the '?' and ':' tokens in the then- and else ranges, respectively.
Bug: v8:7098
Change-Id: I22315e2040c96c977e0b49e1fafe4228a6558471
Reviewed-on: https://chromium-review.googlesource.com/778321
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49484}
For simple replacement strings without $ characters, we can do the
replacement in CSA for a global regexp. This is a common case because
this is currently the most widely used way to 'replaceAll' in a string.
This CL speeds up the test case in the linked bug by 13%.
Bug: v8:7053
Change-Id: I0d1d7c25fed07dfd7927191a3ef3138302e10c8f
Reviewed-on: https://chromium-review.googlesource.com/774440
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49472}
The "array protector" now guards the Object.prototype, the
Array.prototype and the String.prototype, so the name was a
bit misleading nowadays. So the new name "no elements protector"
was chosen.
Bug: v8:6936, v8:7014, v8:7027
Change-Id: I9a9d7caa2caf0ac9e78cc6658de2f0506970dfa2
Reviewed-on: https://chromium-review.googlesource.com/778162
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49471}
The ToBooleanHints were used to represent the ToBoolean feedback
collected by Fullcodegen. But Ignition doesn't collect this feedback
and also TurboFan doesn't make use of the hints, so we should remove
this for now.
Bug: v8:7101
Change-Id: Ifc97d3ebb7494029b33ad79fc8bafdf3c08fb871
Reviewed-on: https://chromium-review.googlesource.com/778163
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49470}
The existance of an `AllowJavascriptExecutionDebugOnly` scope in
`Isolate::ReportPendingMessages()` indicates that the API supports
running arbitrary JS code in a `AddMessageListener` callback.
Currently, this can fail in debug mode: The
`!isolate->external_caught_exception()` condition is checked when
entering API methods inside such a handler. However, if there is
a verbose `TryCatch` active when the exception occurs, this
check fails, and when calling `ToString()` on the exception object
leaves a pending exception itself, the flag is re-set to `true`.
Fix this problem by clearing the flag and the pending exception if
there was one during `ToString()`. This matches the code a few lines
up in `messages.cc`, so the exception state is now consistent
during the callback.
This currently makes a Node.js test fail in debug mode
(`parallel/test-error-reporting`).
Bug: node:7144
Bug: node:17016
Change-Id: I060d00fea3e9a497f4df34c6ff8d6e29ebe96321
Reviewed-on: https://chromium-review.googlesource.com/718096
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49466}
This CL creates the invariant that the BigInt class treats
BigInt objects as immutable. Writing to new BigInt objects
as part of their construction is done by the MutableBigInt
helper class, which in turn is hidden as an implementation
detail in bigint.cc.
As a side effect, this refactoring enforces right-trimming
checks for all newly created BigInts, and ensures that all
BigInt allocations possibly exceeding kMaxLength check for
this case and throw a RangeError instead of crashing.
Bug: v8:6791
Tbr: mlippautz@chromium.org
Change-Id: Id239746108e6b076b47a03ba37462001eb501507
Reviewed-on: https://chromium-review.googlesource.com/742329
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49462}
This CL also includes fixes for CF issues found while the previous
reland was active.
Bug: v8:5799, chromium:783902, chromium:783926, chromium:783822
Change-Id: I1f7d9b037d90838469c45f5d72771a77444c662e
Reviewed-on: https://chromium-review.googlesource.com/764067
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49457}
Persistent handles are always independent these days. Users should mark
weak handles as active using MarkActive if they want to keep weak
handles that are otherwise unreachable alive across scavenges.
Bug: chromium:780749
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I116e984ce14a035d1cef491d49f11a388fa8169d
Reviewed-on: https://chromium-review.googlesource.com/759794
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49456}
This reverts commit 236298acbf.
Reason for revert: suspected cause of failures on GC stress bots:
https://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/16341https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/16269
Original change's description:
> [wasm] Unify deoptimization data
>
> Add methods to add deoptimization data and use them from all the places
> where we currently add them manually. Also add them to wasm-to-wasm
> wrappers compiled on table set, which was missing before, leading to
> the referenced bug.
>
> Drive-by: Disable non-applicable MaybeHandle constructors to allow
> overloading functions with different Handle types.
>
> R=ahaas@chromium.org
>
> Bug: chromium:779292
> Change-Id: Ib9132d9faeb1092c46e22dd8196d201ce5c0942f
> Reviewed-on: https://chromium-review.googlesource.com/774838
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49452}
TBR=ahaas@chromium.org,clemensh@chromium.org
Change-Id: I02fb49d2ece8e04ac5fb26f618bfe6fb2f133d06
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:779292
Reviewed-on: https://chromium-review.googlesource.com/777079
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49455}
This reverts commit 4d3bc552b5.
Reason for revert: https://crbug.com/785778
Original change's description:
> [coverage] add coverage for binary expressions
>
> Adds block-level coverage tracking for binary && and ||
> expressions. Introduces a BinaryOperation source-range
> for tracking the operations themselves and an Expression
> source-range, used for tracking NaryLogical expressions.
>
> This builds on work by jgruber@chromium.org in
> the issue.
>
> TBR=marja@chromium.org
> R=jgruber@chromium.org, rmcilroy@chromium.org
>
> Bug: v8:6660
> Change-Id: I83a81f13a3514a734c06948b2d3e91138fb00e18
> Reviewed-on: https://chromium-review.googlesource.com/754564
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49304}
TBR=rmcilroy@chromium.org,marja@chromium.org,jgruber@chromium.org,ben@npmjs.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:6660
Change-Id: Ie017c528604b2e01400f527511413eaea5786198
Reviewed-on: https://chromium-review.googlesource.com/776768
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49454}
Both of these features were shipped in Chrome 62.
Bug: v8:4545, v8:6172
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ie00dcbeded7517a15696d4a78fcfbbf162919923
Reviewed-on: https://chromium-review.googlesource.com/775601
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49453}
Add methods to add deoptimization data and use them from all the places
where we currently add them manually. Also add them to wasm-to-wasm
wrappers compiled on table set, which was missing before, leading to
the referenced bug.
Drive-by: Disable non-applicable MaybeHandle constructors to allow
overloading functions with different Handle types.
R=ahaas@chromium.org
Bug: chromium:779292
Change-Id: Ib9132d9faeb1092c46e22dd8196d201ce5c0942f
Reviewed-on: https://chromium-review.googlesource.com/774838
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49452}
This test iterates all builtin objects; explicitly deserialize builtins
when necessary to avoid verifying DeserializeLazy by accident.
Bug: v8:6624
Change-Id: Iab3f708380809b7486ef11a2816e9593ee7e65cd
Reviewed-on: https://chromium-review.googlesource.com/654902
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49451}
This reverts commit acfef3ec93.
Reason for revert: Makes logmaps timeout in nosnap mode:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/18933
Original change's description:
> [log] Properly log all maps creating during bootstrapping
>
> Logger::LogMaps will print all maps currently present on the heap.
>
> Note that currently this does not properly log the detailed transitions
> for these maps.
>
> Change-Id: Ia3218d371549d7634fe3eda9e8e59b0b0bd8bebb
> Reviewed-on: https://chromium-review.googlesource.com/753885
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49444}
TBR=yangguo@chromium.org,cbruni@chromium.org
Change-Id: I264362552cbc2f8f0c1df84412f4dbeea08ef384
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/776815
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49447}
Logger::LogMaps will print all maps currently present on the heap.
Note that currently this does not properly log the detailed transitions
for these maps.
Change-Id: Ia3218d371549d7634fe3eda9e8e59b0b0bd8bebb
Reviewed-on: https://chromium-review.googlesource.com/753885
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49444}
This test uses 136GB of memory which is too much for our MIPS boards.
NOTRY=true
Bug: v8:7093
Change-Id: I382bf0832da6ae74241e89a2016c3738f03979fd
Reviewed-on: https://chromium-review.googlesource.com/776765
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49443}
This reverts commit 3e0bf580e8.
Reason for revert: MSVC does not compile any more, see https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/172
Original change's description:
> MIPS[64] Implementation of MSA instructions in builtin simulator
>
> This commit is a step toward enabling test-run-wasm-simd tests for MIPS.
> 36 of those were failing in V8 builtin simulator because some instructions
> were not implemented. Also there are minor fixes to some of the already
> implemented instructions.
>
> This commit has only 32-bit implementation. After review I will add
> 64-bit version.
>
> Bug:
> Change-Id: I25b0cac352db3efb56b922ace64ab2aaef82472d
> Reviewed-on: https://chromium-review.googlesource.com/744008
> Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
> Cr-Commit-Position: refs/heads/master@{#49439}
TBR=jkummerow@chromium.org,mstarzinger@chromium.org,mlippautz@chromium.org,bmeurer@chromium.org,predrag.rudic@mips.com,ivica.bogosavljevic@mips.com,Ilija.Pavlovic@mips.com,sreten.kovacevic@mips.com,Miran.Karic@imgtec.com
Change-Id: Ic0c6339473481fa75908e942bc86de2b5c6349d8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/776655
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49441}
This commit is a step toward enabling test-run-wasm-simd tests for MIPS.
36 of those were failing in V8 builtin simulator because some instructions
were not implemented. Also there are minor fixes to some of the already
implemented instructions.
This commit has only 32-bit implementation. After review I will add
64-bit version.
Bug:
Change-Id: I25b0cac352db3efb56b922ace64ab2aaef82472d
Reviewed-on: https://chromium-review.googlesource.com/744008
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#49439}
It was shipped in Chrome 62.
Bug: v8:5070
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I77119540411d1fe15691d40012cb96f4e2e45048
Reviewed-on: https://chromium-review.googlesource.com/776154
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49434}
"AbsoluteDivSmall" had a shortcut path for abs(divisor) == 1 where
it would simply return the dividend as result. However, its caller
"Divide" was blissfully ignorant of this trick and would therefore
simply set the value's sign as needed, modifying the input.
This CL prevents that, while continuing to avoid the full division
algorithm for abs(divisor) == 1.
Bug: v8:6791
Change-Id: I04cdc93f5ed2a696587c35c754e68f07012dd1a9
Reviewed-on: https://chromium-review.googlesource.com/772332
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49433}
- Adds SetPermissions method which returns bool result.
- Eliminates Guard, SetReadAndWritable, SetReadAndExecutable, and
SetReadWriteAndExecutable methods.
- Adds some Fuchsia memory allocation implementation.
- Some minor fixes in usage of OS::AllocatePageSize and
OS::CommitPageSize.
- Adds DCHECKs for sanitizing parameters to OS::Allocate/Free.
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I966ec6f029dd0371d70eca20bae197d87956f8b5
Reviewed-on: https://chromium-review.googlesource.com/760657
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49430}
Reland of https://chromium-review.googlesource.com/c/v8/v8/+/727893
The crashes should be fixed by https://chromium-review.googlesource.com/c/v8/v8/+/763531
Original change's description:
> Revert "Reland^5 "[turbofan] eagerly prune None types and deadness from the graph""
>
> This reverts commit ac0661b358.
>
> Reason for revert: Clusterfuzz unhappy: chromium:783019 chromium:783035
>
> Original change's description:
> > Reland^5 "[turbofan] eagerly prune None types and deadness from the graph"
> >
> > This gives up on earlier attempts to interpret DeadValue as a signal of
> > unreachable code. This does not work because free-floating dead value
> > nodes, and even pure branch nodes that use them, can get scheduled so
> > early that they get reachable. Instead, we now eagerly remove branches
> > that use DeadValue in DeadCodeElimination and replace DeadValue inputs
> > to value phi nodes with dummy values.
> >
> > Reland of https://chromium-review.googlesource.com/715716
> >
> > Bug: chromium:741225 chromium:776256
> > Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
> > Reviewed-on: https://chromium-review.googlesource.com/727893
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#49188}
>
> TBR=jarin@chromium.org,tebbi@chromium.org
>
> Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
> Change-Id: I6a8fa3a08ce2824a858ae01817688e63ed1f442e
> Reviewed-on: https://chromium-review.googlesource.com/758770
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49262}
TBR=jarin@chromium.org,tebbi@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
Change-Id: I6c02b4beb02997ec34015ed2f6791a93c70f5e36
Reviewed-on: https://chromium-review.googlesource.com/772150
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49429}
This is a reland of 77b0baa649.
Original change's description:
> [wasm] Fix importing wasm-lazy-compile stubs
>
> If two modules use lazy compilation, and one imports a function of
> another, we are unwrapping the js-to-wasm wrapper of the export. This
> was failing so far, because during unwrapping we did not find the wasm
> code.
> This CL fixes this by also recognizing WasmCompileLazy stubs as "wasm
> code".
>
> R=ahaas@chromium.org
>
> Bug: chromium:779569, v8:5991
> Change-Id: If2260c3721e3746a7635b9d0182fd520df2fb773
> Reviewed-on: https://chromium-review.googlesource.com/771672
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49405}
Bug: chromium:779569, v8:5991
Change-Id: I4818e933467bd5a040f1514b8fc18db219a092c7
Reviewed-on: https://chromium-review.googlesource.com/774538
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49426}
At the moment the inspector tests do not dispose the isolate. This is a
problem because the disposal of the isolate is used to stop the
execution of background tasks. The missing disposal of the isolate
caused flaky tests on the bots recently. With this CL the isolates of
the inspector tests get disposed.
The disposal of the isolate requires the following changes: 1) Store the
isolate in a unique_ptr so that it gets disposed when the isolate-data
gets disposed. It is necessary to use the unique_ptr so that the isolate
gets disposed after other members of isolate-data get disposed. 2)
Dispose all sessions. The reason is that the sessions require the
isolate to exist when they get disposed because they own handles.
Sessions, however, are stored in a static map, whereas the isolate is
stored indirectly in a local variable of the main function. Since local
variables get disposed before the static map is cleared, we have to
clear the map before the end of the main function.
R=kozyatinskiy@chromium.org
Change-Id: Icb33184de254638b6cdfb899e940f18e6064cd69
Reviewed-on: https://chromium-review.googlesource.com/774885
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49424}
When initializing the stack state at a merge point, don't force all
stack slots into registers. Allow constants to stay constants as long
as they are not part of the merge. Otherwise we might break assumptions
of outer blocks which then try to merge a register into a constant and
fail.
Also, add some documentation to {InitMergeStackSlot} to document the
intent of the implementation.
R=titzer@chromium.org
Bug: v8:784050, v8:6600
Change-Id: I3a4c83b446909027be075d3207cb7c748a6b1aad
Reviewed-on: https://chromium-review.googlesource.com/766353
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49423}
Now that UnoptimizedCompileJob only has three stages, move the logic for
stepping between these stages out of UnoptimizedCompileJob and back into
CompilerDispatcher.
BUG=v8:5203
Change-Id: I3bb776e14ef9da801dc9792e9e643b8026135060
Reviewed-on: https://chromium-review.googlesource.com/774743
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49422}
This ensures that the {Code::builtin_index} field is only set during
allocation of new {Code} objects, making this field truly immutable.
R=jgruber@chromium.org
BUG=v8:6792
Change-Id: Ic793346976183149e2d077e92cb9da3c925ea865
Reviewed-on: https://chromium-review.googlesource.com/774439
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49414}
Simplifies the unoptimized compile job to have only three steps, the
on-main-thread prepare step, the off-thread compile step and the
on-main-thread finalization step.
As part of this change, the compiler dispatcher no longer supports
functions with outer scopeinfo's, since these need to be analysed on the
main thread.
BUG=v8:5203
Change-Id: Ifb378ef81bd47b6f6d4037a3b8acf88660896c4e
Reviewed-on: https://chromium-review.googlesource.com/774558
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49413}
This CL also narrows the rw scopes on various call sites.
Bug: chromium:774108,v8:6792
Change-Id: I41a6f5dc4948833baaa441fb998ef40d8a832619
Reviewed-on: https://chromium-review.googlesource.com/758370
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49411}
This reverts commit 77b0baa649.
Reason for revert: Breaks on win64 bot: https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Win64_-_debug%2F20172%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2Flazy-compilation%2F0
Original change's description:
> [wasm] Fix importing wasm-lazy-compile stubs
>
> If two modules use lazy compilation, and one imports a function of
> another, we are unwrapping the js-to-wasm wrapper of the export. This
> was failing so far, because during unwrapping we did not find the wasm
> code.
> This CL fixes this by also recognizing WasmCompileLazy stubs as "wasm
> code".
>
> R=ahaas@chromium.org
>
> Bug: chromium:779569, v8:5991
> Change-Id: If2260c3721e3746a7635b9d0182fd520df2fb773
> Reviewed-on: https://chromium-review.googlesource.com/771672
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49405}
TBR=ahaas@chromium.org,clemensh@chromium.org
Change-Id: If5ab7b9de95ef662a65a6a5b919fa1f13aa492cd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:779569, v8:5991
Reviewed-on: https://chromium-review.googlesource.com/774518
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49409}
Previously, we had lazy parsing of class constructor disabled when a
class literal had class fields because we were using a reference to
the initializer function variable to load the function and call it.
Instead, in this patch, we use the scope analysis to lookup this
initializer function variable.
Bug: v8:5367
Change-Id: Ib73d7e6abed33c04d1f574e7976bea4869d54757
Reviewed-on: https://chromium-review.googlesource.com/768384
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49406}
If two modules use lazy compilation, and one imports a function of
another, we are unwrapping the js-to-wasm wrapper of the export. This
was failing so far, because during unwrapping we did not find the wasm
code.
This CL fixes this by also recognizing WasmCompileLazy stubs as "wasm
code".
R=ahaas@chromium.org
Bug: chromium:779569, v8:5991
Change-Id: If2260c3721e3746a7635b9d0182fd520df2fb773
Reviewed-on: https://chromium-review.googlesource.com/771672
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49405}
When calling the CWasmEntry in order to call from the interpreter to a
wasm function, the given buffer must hold the arguments, and must also
have enough space to hold the return values. We were missing the second
part, hence we failed when there are no parameters, but a return.
R=ahaas@chromium.org
Bug: chromium:784125
Change-Id: I08d417cae60eea64fda8a72e898dbed9f3e88148
Reviewed-on: https://chromium-review.googlesource.com/771633
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49402}
We need to explicitly rule out negative indices for the out-of-bounds
case, otherwise we can end up with a monomorphic KeyedLoadIC that allows
OOB accesses, but doesn't properly check whether there are properties
with negative integer names on the receiver.
Bug: chromium:784835
Change-Id: Ic3ef5438b76094f024de0c6348183fb62b32088c
Reviewed-on: https://chromium-review.googlesource.com/774278
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49396}
The option lets us use the function in cases where we cannot use the current
version due to restrictions on src and dst. This will be useful for some arm64
builtins when we pad the stack arguments, where we will need to copy the
existing arguments either one slot up or one slot down in memory.
Bug: v8:6644
Change-Id: I75281cdc9fa6812e3b24bf5756057c93305cbb95
Reviewed-on: https://chromium-review.googlesource.com/771711
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#49394}
Beside blocks, do also generate loops.
Also, generalize generation of breaks such that they can happen
anywhere, even outside of a block or loop.
R=eholk@chromium.org
Change-Id: Ib2f8c75913e97f331ec105fd87fc882bc5c04864
Reviewed-on: https://chromium-review.googlesource.com/771610
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49392}
Removes Isolate from compilation info and instead threads isolate through
function calls. This ensures that we can't access the isolate from
background thread compilations.
BUG=v8:5203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I9a4e1cd67c4736e36f609360b996fb55166a1c50
Reviewed-on: https://chromium-review.googlesource.com/751745
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49386}
The foreground task runner and the background task runner are the same.
Thereby we can get predictable behavior.
R=clemensh@chromium.org
Change-Id: I18f9c7277a344b7884d6de0c2159cc3f010576b4
Reviewed-on: https://chromium-review.googlesource.com/771833
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49383}
The streaming decoder allocates the whole section buffer of the code
section when it reads the section length of the code section. Therefore
we have to check that the different parts of the code section actually
use all the bytes, and that the different parts of the code section do
not need more bytes than available. The check that all bytes are used
was missing in the case where the code section contained zero functions.
In addition, this CL adds some tracing to the streaming decoder which
may be useful in future debugging.
R=clemensh@chromium.org
Bug: chromium:783595
Change-Id: Icf056c25a3000b4a08a791939dab0ccde9fc3f80
Reviewed-on: https://chromium-review.googlesource.com/768788
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49380}
There was a data race in the access of the foreground_task_runner_map_.
I protect each access to foreground_task_runner_map_ with a lock now.
Original change's description:
> [platform] Implement TaskRunners in the DefaultPlatform
>
> This CL implements the TaskRunners in the DefaultPlatform which has been
> added recently to the platform API. In addition I changed how task
> posting works on the DefaultPlatform.
>
> With this implementation the DefaultPlatform keeps one
> DefaultForegroundTaskRunner per isolate, plus one
> DefaultBackgroundTaskRunner. The DefaultPlatform owns these TaskRunners
> with a shared_ptr, which is also shared with any caller of
> GetForegroundTaskRunner or GetBackgroundTaskrunner.
>
> This CL moves the task management from the DefaultPlatform to the
> TaskRunners. The DefaultForegroundTaskRunner owns and manages the the
> task queue, the delayed task queue, and the idle task queue. The
> DefaultBackgroundTaskRunner owns the WorkerThread pool and the
> background task queue.
>
> In addition changed many Task* to std::unique_ptr<Task> to document task
> ownership.
>
> R=rmcilroy@chromium.org
>
> Change-Id: Ib9a01f1f45e5b48844a37d801f884210ec3f6c27
> Reviewed-on: https://chromium-review.googlesource.com/753583
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49354}
Change-Id: Iddccdb07bde1a799815ec6ed6af37082df4987c7
Reviewed-on: https://chromium-review.googlesource.com/770970
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49379}
The backing store fixed array for collections needs to be allocated
in LOS if it exceeds the maximum regular heap object size.
Drive-by-fix: Only store fixed array map once as per TODO.
Bug: chromium:784862
Change-Id: I6b4dd2e45153ae107171e21bc7448e0d9b54b0ed
Reviewed-on: https://chromium-review.googlesource.com/771150
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49378}
Adds a stress-background-compile mode which runs compilation on a background
thread at the same time as compiling on the main thread to flush out races.
This is added as one of the variants, removing stress_asm_validation since this
is no longer a useful variant.
BUG=v8:5203
Change-Id: I73dd9f21d9b6da4a4cb39c05061aa24116e6c5ad
Reviewed-on: https://chromium-review.googlesource.com/741746
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49376}
Previously, the Parser stored a Scope alongside a RewritableExpression
for each potential destructuring assignment. This Scope was later used
during rewriting to set the correct context for the rewriting. But this
approach failed if a new Scope was inserted into the Scope chain between
the time the assignment was parsed and when it was rewritten.
By storing the Scope directly in RewritableExpression,
ReparentExpressionScopes() is able to appropriately re-scope such
expressions prior to their rewriting.
Bug: chromium:779457
Change-Id: Ieb429a3da841f76d5798610af59da4fccb000652
Reviewed-on: https://chromium-review.googlesource.com/767666
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49368}
This is a reland of 4899bcb66d
This is a reland of b73ee3344a
Original change's description:
> [Memory] Use OS::Allocate for all OS memory allocations.
>
> - Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
> - Changes OS::Allocate to take alignment parameter, reorders parameters
> to match page_allocator.
> - Since the size of memory allocation can be deduced, don't return the
> amount of memory allocated.
> - Changes reservation of aligned address space. Before we would reserve
> (size + alignment) rounded up to page size. This is too much, because
> maximum misalignment is (alignment - page_size).
> - On Windows and Cygwin, we release an oversize allocation and
> immediately retry at the aligned address in the allocation. If we
> lose the address due to a race, we just retry.
> - Clean up all the calls to OS::Allocate in codegen and tests by adding
> helper AllocateSystemPage function (allocation.h) and
> AllocateAssemblerBuffer (cctest.h).
> - Changes 'assm' to 'masm' in some targets for consistency when using
> a macro-assembler.
>
> - Eliminates OS::ReleaseRegion, replacing with calls to OS::Free.
> - Adds bool return value to OS::Free.
> - Cleans up types of flags, protection on Windows and Cygwin.
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iad3c025334e8f8d7d647be99a36a11ee449c9087
Reviewed-on: https://chromium-review.googlesource.com/767014
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49363}
This reverts commit 8de2e6db02.
Reason for revert: Suspect for:
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20nosnap%20-%20shared/builds/24237https://build.chromium.org/p/client.v8/builders/V8%20Win64/builds/20896
Original change's description:
> [platform] Implement TaskRunners in the DefaultPlatform
>
> This CL implements the TaskRunners in the DefaultPlatform which has been
> added recently to the platform API. In addition I changed how task
> posting works on the DefaultPlatform.
>
> With this implementation the DefaultPlatform keeps one
> DefaultForegroundTaskRunner per isolate, plus one
> DefaultBackgroundTaskRunner. The DefaultPlatform owns these TaskRunners
> with a shared_ptr, which is also shared with any caller of
> GetForegroundTaskRunner or GetBackgroundTaskrunner.
>
> This CL moves the task management from the DefaultPlatform to the
> TaskRunners. The DefaultForegroundTaskRunner owns and manages the the
> task queue, the delayed task queue, and the idle task queue. The
> DefaultBackgroundTaskRunner owns the WorkerThread pool and the
> background task queue.
>
> In addition changed many Task* to std::unique_ptr<Task> to document task
> ownership.
>
> R=rmcilroy@chromium.org
>
> Change-Id: Ib9a01f1f45e5b48844a37d801f884210ec3f6c27
> Reviewed-on: https://chromium-review.googlesource.com/753583
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49354}
TBR=rmcilroy@chromium.org,ahaas@chromium.org
Change-Id: I6c381915a2cae8ea1a0d21d6cfa6e797ccd2d947
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/768748
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49357}
This CL implements the TaskRunners in the DefaultPlatform which has been
added recently to the platform API. In addition I changed how task
posting works on the DefaultPlatform.
With this implementation the DefaultPlatform keeps one
DefaultForegroundTaskRunner per isolate, plus one
DefaultBackgroundTaskRunner. The DefaultPlatform owns these TaskRunners
with a shared_ptr, which is also shared with any caller of
GetForegroundTaskRunner or GetBackgroundTaskrunner.
This CL moves the task management from the DefaultPlatform to the
TaskRunners. The DefaultForegroundTaskRunner owns and manages the the
task queue, the delayed task queue, and the idle task queue. The
DefaultBackgroundTaskRunner owns the WorkerThread pool and the
background task queue.
In addition changed many Task* to std::unique_ptr<Task> to document task
ownership.
R=rmcilroy@chromium.org
Change-Id: Ib9a01f1f45e5b48844a37d801f884210ec3f6c27
Reviewed-on: https://chromium-review.googlesource.com/753583
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49354}
This partially retires --trace-parse and --trace-preparse which will be fully removed in
a later CL.
Drive-by-fix: make the Parser constructor arguments order more
consistent.
Bug: chromium:757467
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I80a688ce553adfa65ad346718604bd53a9e606a9
Reviewed-on: https://chromium-review.googlesource.com/744046
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49350}
With this CL, {CreateDefaultPlatform} returns a unique_ptr to indicate
that the caller owns the returned memory. We had several memory leaks
where the memory of the DefaultPlatform did not get deallocated.
In addition, the {TracingController} of the {DefaultPlatform} also gets
received as a unique_ptr. Thereby we document that the {DefaultPlatform}
takes ownership of the {TracingController}. Note that the memory of the
{TracingController} was already owned by the {DefaultPlatform}, but it
was not documented in the interface, and it was used incorrectly in
tests.
This CL fixes the asan issues in
https://chromium-review.googlesource.com/c/v8/v8/+/753583
([platform] Implement TaskRunners in the DefaultPlatform)
R=rmcilroy@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I0d1a6d3b22bb8289dc050b1977e4f58381cec675
Reviewed-on: https://chromium-review.googlesource.com/755033
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49349}
This CL adds a very crude unittest to check that RuntimeCallStats work
correctly with api callbacks present. This currently doesn't check that
all parent timers (namely FunctionCallback) are handled properly.
Drive-by-Fix:
- Use Microseconds for all RCS timer tests
- Add TestWithContext::SetGlobalProperty helper
- Use explicit v8:: prefix in test-utils.{h,cc}
Change-Id: I054e78abca0b87a3b9e07d3b06cccdad15403bae
Reviewed-on: https://chromium-review.googlesource.com/766429
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49348}
This reverts commit f010b28fbe.
Reason for revert: Introduces a clusterfuzz issue and CAnary crash
Original change's description:
> [TurboFan] Diagnostic code to track down bug in representation selection
>
> We need to characterize the types of dead (IrOpcode::kDead) nodes
> introduced in compilation phases prior to representation selection.
> Normally, a dead node isn't expected at the start of this phase. The
> question is, which phase introduced the dead node and failed to
> deal with it properly?
>
> Bug: chromium:780658
> Change-Id: Ief5b45480bb7d704a2d09dafd60b5d389e0fd42e
> Reviewed-on: https://chromium-review.googlesource.com/765968
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49328}
TBR=mvstanton@chromium.org,mstarzinger@chromium.org
Change-Id: I5d628eb1de630ce4a353b6ef0f80fd74ad740f17
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:780658
Reviewed-on: https://chromium-review.googlesource.com/768747
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49347}
Make sure we have at least two elements in the Map, otherwise we don't
perform a proper dictionary lookup.
Bug: chromium:781218
Change-Id: I471e3822b95c15e3a5b2ac54c8ad1f030bd54d40
Reviewed-on: https://chromium-review.googlesource.com/768708
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49345}
- Remove weak-collection.js
- Adds TFJ builtins for WeakSet and WeakMap constructors
- Unified helpers and constructor behavior into a BaseCollectionsAssembler
- Fast paths for...
- unmodified constructor function
- argument is a fast JS array
- entries are fast JS arrays, for Map/WeakMap
- no arguments passed
Quick benchmarks shows significant improvements (1.12x - 5.7x!) for ALL collection constructors (weak and non-weak):
https://github.com/peterwmwong/v8-perf/blob/master/weakcollection-constructor/README.md
More could be done for performance. Currently we always call out to JS to add entries, if we knew the prototype was unmodified, we could call the builtins directly.
Bug: v8:5049, v8:6604
Change-Id: Id7912c1eed5bcf512df7fd6238f04166a8a5937e
Reviewed-on: https://chromium-review.googlesource.com/760385
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49343}
The lookbehind tests weren’t being skipped in the “without
lookbehind” case, resulting in a redundant test.
Bug: v8:4545
Change-Id: Ia004508373ba6ec49fd9de690909467eb0a15361
Reviewed-on: https://chromium-review.googlesource.com/765468
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49339}
Fix two more places where StringToBigInt differs from parseInt:
- Binary and octal radix prefixes are supported
- Trailing non-whitespace junk is not allowed
This is done with a new Behavior enum in BigIntParseIntHelper,
along with a couple of bool configuration flags in StringToIntHelper.
Bug: v8:6791, v8:7038
Change-Id: Ib91bfc5ccb04ad0dd6c99bc81e19c1239264a469
Reviewed-on: https://chromium-review.googlesource.com/764595
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49335}
We need to characterize the types of dead (IrOpcode::kDead) nodes
introduced in compilation phases prior to representation selection.
Normally, a dead node isn't expected at the start of this phase. The
question is, which phase introduced the dead node and failed to
deal with it properly?
Bug: chromium:780658
Change-Id: Ief5b45480bb7d704a2d09dafd60b5d389e0fd42e
Reviewed-on: https://chromium-review.googlesource.com/765968
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49328}
This fixes a corner-case where resuming a suspended generator would not
perform stack overflow checks and hence cause the stack to grow without
bounds.
R=neis@chromium.org
BUG=chromium:781583
Change-Id: Ib04116e489ac6b962cb821263860497abb57bbae
Reviewed-on: https://chromium-review.googlesource.com/765953
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49327}
- Update most callsites to use the new RunJS method
- Update tests to use TestWithNativeContext if possible
- Remove RunJS from test-helpers.cc
- Remove TestWithRandomNumberGenerator from test-utils.h
Change-Id: Ib2a6cc56334dc391ca6a2aeb7780fa324f44f109
Reviewed-on: https://chromium-review.googlesource.com/765373
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49325}
The only empty PropertyArray is the empty_property_array object on the
isolate. Allowing empty PropertyArrays causes the turbofan to ignore the
existing hash when growing the backing store again. We currently only end
up with the empty PropertyArray when following back transitions.
Bug: chromium:781218, chromium:783713
Change-Id: If41dd09b965cdc8d957b9ca50ba3c8a7f4254769
Reviewed-on: https://chromium-review.googlesource.com/763230
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49318}
Revert this and its follow-up as suspect for current canary OOM crasher.
This reverts commit 4899bcb66d.
This reverts commit b73ee3344a.
TBR=adamk@chromium.org,hpayer@chromium.org
Bug: chromium:783708
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I4c00582e7ab2df22216ad6732e2843e9958db0c0
Reviewed-on: https://chromium-review.googlesource.com/765447
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49315}
Turn cases where we are multiplying with a power of two into a left shift. We
hit this optimisation roughly 500 times in the snapshot.
Bug:
Change-Id: Ibd3104a3dbe49f247a2d84db94891f6e3a897026
Reviewed-on: https://chromium-review.googlesource.com/763229
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#49306}
- Eliminates OS::ReleaseRegion, replacing with calls to OS::Free.
- Adds bool return value to OS::Free.
- Cleans up types of flags, protection on Windows and Cygwin.
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6a642374e33876966a5552fb0cdf552dc6d79aaa
Reviewed-on: https://chromium-review.googlesource.com/762345
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49305}
Adds block-level coverage tracking for binary && and ||
expressions. Introduces a BinaryOperation source-range
for tracking the operations themselves and an Expression
source-range, used for tracking NaryLogical expressions.
This builds on work by jgruber@chromium.org in
the issue.
TBR=marja@chromium.orgR=jgruber@chromium.org, rmcilroy@chromium.org
Bug: v8:6660
Change-Id: I83a81f13a3514a734c06948b2d3e91138fb00e18
Reviewed-on: https://chromium-review.googlesource.com/754564
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49304}
MIPS team has recently migrated to @mips.com e-mail address.
Dusan Simicic is no longer part of MIPS V8 team, therefore
his name is removed from OWNERS.
TBR=mstarzinger@chromium.org
NOTRY=true
Bug:
Change-Id: I67fde24a5b9214fa3fca05c0399888b8d18fc699
Reviewed-on: https://chromium-review.googlesource.com/758639
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49299}
Temporary implementation of GC fuzzer based on the deopt fuzzer.
It will be merged with the deopt fuzzer to create more general numfuzzer.
Webkit test suite updated to ignore trace_incremental_marking flag output.
Bug: v8:6917
Change-Id: I053ae32f3cd3f74ba8b71fc5bdfc7264f54dca11
Reviewed-on: https://chromium-review.googlesource.com/758437
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49296}
This is a reland of 6c6132880a
Original change's description:
> [Liftoff] Implement parallel register moves
>
> This was not implemented so far, leading to lots of clusterfuzz issues.
> Testing this feature would require complicating the interface a lot and
> exposing more implementation details in the header file, hence we just
> go with regression tests for now.
>
> R=ahaas@chromium.org, titzer@chromium.org
>
> Bug: v8:6600, chromium:782280
> Change-Id: I12863f3eb59a8dffdcc7d3bfb8e1f0ae0eec15ee
> Reviewed-on: https://chromium-review.googlesource.com/758772
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49286}
Bug: v8:6600, chromium:782280
Change-Id: I82a75bfeaf83dc63a2917da3ccdc4721c5d689e7
Reviewed-on: https://chromium-review.googlesource.com/763387
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49292}
This reverts commit 6c6132880a.
Reason for revert: breaks compilation on win64 bot: https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/69
Original change's description:
> [Liftoff] Implement parallel register moves
>
> This was not implemented so far, leading to lots of clusterfuzz issues.
> Testing this feature would require complicating the interface a lot and
> exposing more implementation details in the header file, hence we just
> go with regression tests for now.
>
> R=ahaas@chromium.org, titzer@chromium.org
>
> Bug: v8:6600, chromium:782280
> Change-Id: I12863f3eb59a8dffdcc7d3bfb8e1f0ae0eec15ee
> Reviewed-on: https://chromium-review.googlesource.com/758772
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49286}
TBR=titzer@chromium.org,ahaas@chromium.org,clemensh@chromium.org
Change-Id: I386983da7f9f03d54cef2190b01fd2cc5785966e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6600, chromium:782280
Reviewed-on: https://chromium-review.googlesource.com/763367
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49289}
This was not implemented so far, leading to lots of clusterfuzz issues.
Testing this feature would require complicating the interface a lot and
exposing more implementation details in the header file, hence we just
go with regression tests for now.
R=ahaas@chromium.org, titzer@chromium.org
Bug: v8:6600, chromium:782280
Change-Id: I12863f3eb59a8dffdcc7d3bfb8e1f0ae0eec15ee
Reviewed-on: https://chromium-review.googlesource.com/758772
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49286}
- Implement exchangeable timer clock for RuntimeCallStats for testing
- Rewrite RuntimeCAllStatsTest to overwrite the default RCS timer
This gets rid of the previous flakiness for these tests due to using
the real platform timer.
Bug: v8:5677
Change-Id: Iff312c7f79ab97407ba1c0c2c72fb0b35a5efdf1
Reviewed-on: https://chromium-review.googlesource.com/760416
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49285}
The DEPS roll in f3a2e34d updated ICU to a version that includes
a fix for https://ssl.icu-project.org/trac/ticket/13462. As a
result, our Script_Extension data is now correct again.
This patch re-enables the Test262 tests that were failing due to this
ICU data bug.
BUG=v8:4743
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If0f08693ed0355c59b9c02aa6d941dab1588431c
Reviewed-on: https://chromium-review.googlesource.com/761616
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49284}
There were some places left where that could happen.
Bug: chromium:782754
Change-Id: I1db1f5b361cdf443b730a220c0e569ad48dd298d
Reviewed-on: https://chromium-review.googlesource.com/758841
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49283}
Removes the handling of the flag independent. The flag will be removed in a followup.
The patch changes handling of V8::PersistentBase that are set to Weak:
- The Scavenger ignores the flag independent.
- The Scavenger keeps alive anything that is marked as Active.
- The Scavenger is free to drop weak handles of non-Active object if they
are otherwise dead.
Active:
- Any JSObject will always be marked Active.
- Any JSApiObject will be marked Active if it has been modified (=has elements, properties, etc.)
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
Bug: chromium:780749
Change-Id: If1f547f2419930ad9400bd3b11bdbf609cb57649
Reviewed-on: https://chromium-review.googlesource.com/741801
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49277}
This is a reland of 7e78506fc2
Original change's description:
> [Memory] Use OS::Allocate for all OS memory allocations.
>
> - Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
> - Changes OS::Allocate to take alignment parameter, reorders parameters
> to match page_allocator.
> - Since the size of memory allocation can be deduced, don't return the
> amount of memory allocated.
> - Changes reservation of aligned address space. Before we would reserve
> (size + alignment) rounded up to page size. This is too much, because
> maximum misalignment is (alignment - page_size).
> - On Windows and Cygwin, we release an oversize allocation and
> immediately retry at the aligned address in the allocation. If we
> lose the address due to a race, we just retry.
> - Clean up all the calls to OS::Allocate in codegen and tests by adding
> helper AllocateSystemPage function (allocation.h) and
> AllocateAssemblerBuffer (cctest.h).
> - Changes 'assm' to 'masm' in some targets for consistency when using
> a macro-assembler.
>
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
> Reviewed-on: https://chromium-review.googlesource.com/749848
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49235}
Bug: chromium:756050
Change-Id: I333f7a6aea0bcb608d01cafb43e94893a4625b15
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/758509
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49273}
This was meant to be included in https://crrev.com/c/757129 but got missed
somehow. The fuzzer was generating i64.store instructions with an i32 value
argument instead of i64 like it should be.
Bug:
Change-Id: I5b5bcdb22b2ac3abe872e7ff0ab0019b5ecb9c98
Reviewed-on: https://chromium-review.googlesource.com/759148
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49270}
I made a mistake in yesterday's cleanup.
R=jarin@chromium.org
Bug: chromium:783051
Change-Id: Iabd7403096197ce8e54d46e079bc9a70aa98578d
Reviewed-on: https://chromium-review.googlesource.com/758765
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49266}
Pending exceptions were not cleared when the TurboFan result was not
compared to the Interpreter result, which happens when the result may be
affected by potential nondeterminism. With this CL we always clear
pending exceptions.
R=clemensh@chromium.org
Bug: chromium:782267
Change-Id: Ibe9b33c94810cccb6282c6c8dc49748fb79b07e4
Reviewed-on: https://chromium-review.googlesource.com/758272
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49265}
Since the deoptimizer generalizes maps for all materialized objects, it
must make sure that none of the object's fields contain mutable heap numbers
(only double fields are allowed to point to mutable heap numbers). With this CL,
we simply change any mutable heap numbers in property arrays to immutable ones.
This could be dangerous if some non-materialized object could point to this
property array, but this cannot happen because interpreter registers cannot
refer to naked property arrays.
Bug: chromium:776309
Change-Id: I897b604fa804de673710cfa3ba0595dbd9f80eeb
Reviewed-on: https://chromium-review.googlesource.com/759781
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49263}
This reverts commit ac0661b358.
Reason for revert: Clusterfuzz unhappy: chromium:783019 chromium:783035
Original change's description:
> Reland^5 "[turbofan] eagerly prune None types and deadness from the graph"
>
> This gives up on earlier attempts to interpret DeadValue as a signal of
> unreachable code. This does not work because free-floating dead value
> nodes, and even pure branch nodes that use them, can get scheduled so
> early that they get reachable. Instead, we now eagerly remove branches
> that use DeadValue in DeadCodeElimination and replace DeadValue inputs
> to value phi nodes with dummy values.
>
> Reland of https://chromium-review.googlesource.com/715716
>
> Bug: chromium:741225 chromium:776256
> Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
> Reviewed-on: https://chromium-review.googlesource.com/727893
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49188}
TBR=jarin@chromium.org,tebbi@chromium.org
Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
Change-Id: I6a8fa3a08ce2824a858ae01817688e63ed1f442e
Reviewed-on: https://chromium-review.googlesource.com/758770
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49262}
assembler-arm64.h and assembler-arm64-inl.h have a B() function
which conflicts with the B macro in bytecode-utils.h.
Headers that leak macros can be annoying to deal with, in this case
we can't simply undef B at the end of source files that include
bytecode-utils.h because the second source file that includes
bytecode-utils.h won't see the B macro. Let's just move this macro
into the two unittest files that include this header.
Bug: chromium:746958
Change-Id: I588b73fe81615f882a0e010c92ba187d3bc2bf25
Reviewed-on: https://chromium-review.googlesource.com/758779
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49258}
R=yangguo@chromium.org
This is a reland of
for the no-i18n configuration.
https: //chromium-review.googlesource.com/c/v8/v8/+/571746 with a fix
Bug:
Change-Id: I3e654791267b20fb3703ad4220404d8078f43440
Reviewed-on: https://chromium-review.googlesource.com/758999
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Corry <erikcorry@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49251}
This patch adds support for Regional_Indicator within Unicode property
escapes in regular expressions.
The Regional_Indicator binary property was added in Unicode v10 and is
supported in ICU 60.1.
An `#if` directive is used to prevent breaking Node.js until they
update their ICU.
BUG=v8:4743
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I7acec13c8ae7552558a0f852937984bba828e738
Reviewed-on: https://chromium-review.googlesource.com/758273
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49250}
Like CSP flag 'unsafe-eval', which communicates if both JS source
files and WASM binary files may be compiled, this CL adds a similar
flag for the compilation of WASM binary files.
That is, a WASM binary file will be compiled only if the new flag is
defined, or the flag for 'unsafe-eval' allows it. These flags are
implemented as callback functions on the isolate. The callbacks get a
(CSP) context, and a string, and returns the corresponding value of
the flag.
Both callbacks are initialized with the nullptr, and is used to
communicate that no CSP policy is defined. This allows this concept to
work, independent of it running in Chrome.
It also does a small clean up in api.cc to use macro CALLER_SETTERS,
instead of explicit code when appropriate.
Bug: v8:7041
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Idb3356574ae2a298057e6b7bccbd3492831952ae
Reviewed-on: https://chromium-review.googlesource.com/759162
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49243}
This reverts commit 7e78506fc2.
Reason for revert: Broke Android build on Arm64.
Original change's description:
> [Memory] Use OS::Allocate for all OS memory allocations.
>
> - Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
> - Changes OS::Allocate to take alignment parameter, reorders parameters
> to match page_allocator.
> - Since the size of memory allocation can be deduced, don't return the
> amount of memory allocated.
> - Changes reservation of aligned address space. Before we would reserve
> (size + alignment) rounded up to page size. This is too much, because
> maximum misalignment is (alignment - page_size).
> - On Windows and Cygwin, we release an oversize allocation and
> immediately retry at the aligned address in the allocation. If we
> lose the address due to a race, we just retry.
> - Clean up all the calls to OS::Allocate in codegen and tests by adding
> helper AllocateSystemPage function (allocation.h) and
> AllocateAssemblerBuffer (cctest.h).
> - Changes 'assm' to 'masm' in some targets for consistency when using
> a macro-assembler.
>
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
> Reviewed-on: https://chromium-review.googlesource.com/749848
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49235}
TBR=bbudge@chromium.org,hpayer@chromium.org,mlippautz@chromium.org
Change-Id: Ic09de4d63c19746a62e804b1f889817ffaebc330
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/758625
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49242}
The Wasm AST-based fuzzer is supposed to create valid modules by
construction. This change adds a CHECK to enforce this property.
Additionally, this change exposed several cases where we were not generating
valid modules before:
* Block types did not match up correctly
* Memory operations could have invalid alignments
* Storing an i64 could generate an i32 argument incorrectly.
This CL includes fixes for these issues as well.
Bug:
Change-Id: I1aef5532bc880367ec46dc6e79b2d4dbacf2f84b
Reviewed-on: https://chromium-review.googlesource.com/757129
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49241}
b % 32 could produce negative results. Therefore, the result
of the shift could be undefined values.
Bug:
Change-Id: I6c2f7201df424735695aa01891d46523e3c5bd12
Reviewed-on: https://chromium-review.googlesource.com/759079
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49240}
StoreDataPropertyInLiteral doesn't throw (because the previous uses of
this didn't throw), but class fields can throw on defining the
property which means we can't use this. Changing to CreateDataProperty
runtime call instead.
Bug: v8:5367
Change-Id: I1ab45413b121972dd18fe2b35a0cedd8efe0e0bf
Reviewed-on: https://chromium-review.googlesource.com/757824
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49239}
We need to throw before rethrowing, otherwise the exception does
not trigger a debugger event and is not reported if uncaught.
R=gsathya@chromium.org, jgruber@chromium.org
Bug: v8:7047
Change-Id: I7ce0253883a21d6059e4e0ed0fc56dc55a0dcba6
Reviewed-on: https://chromium-review.googlesource.com/758372
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49237}
The method forces all running profilers attached to the provided isolate
to collect a sample with the current stack.
It is going to be used to synchronize trace events generated by embedder with the samples
collected by the profiler.
Also it will finally allow us to break dependency of isolate on CPU profiler.
BUG=chromium:721099
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I81a0f8a463f837b5201bc8edaf2eb4f3761e3ff8
Reviewed-on: https://chromium-review.googlesource.com/750264
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49236}
- Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
- Changes OS::Allocate to take alignment parameter, reorders parameters
to match page_allocator.
- Since the size of memory allocation can be deduced, don't return the
amount of memory allocated.
- Changes reservation of aligned address space. Before we would reserve
(size + alignment) rounded up to page size. This is too much, because
maximum misalignment is (alignment - page_size).
- On Windows and Cygwin, we release an oversize allocation and
immediately retry at the aligned address in the allocation. If we
lose the address due to a race, we just retry.
- Clean up all the calls to OS::Allocate in codegen and tests by adding
helper AllocateSystemPage function (allocation.h) and
AllocateAssemblerBuffer (cctest.h).
- Changes 'assm' to 'masm' in some targets for consistency when using
a macro-assembler.
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
Reviewed-on: https://chromium-review.googlesource.com/749848
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49235}
Now that ICU 60.1 was autorolled in, reenable
number-format/format-currency test the expected result of which was
adjusted to match the output from ICU 60.1/CLDR 32.
Bug: chromium:766816
Test: intl/number-format/format-currency
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If58d493821d505b86202e134b9e2061504dd5e6a
Reviewed-on: https://chromium-review.googlesource.com/758027
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49234}
For each single bug, the fuzzer might find many very similar inputs
which trigger this bug. All of them are reported as individual bugs
currently, which means lots of noise in bug reports and increased
workload for the clusterfuzz sheriffs.
After this change, all bugs of the same category ("compiles !=
validates", "interpreter != liftoff", ...) will be grouped together.
This requires us to fix them soon after reporting, as they will hide
all other bugs of the same category.
R=ahaas@chromium.orgCC=mmoroz@chromium.org
Change-Id: Ie203eed0c7681e3450df977b10c0d9dbbc402d34
Reviewed-on: https://chromium-review.googlesource.com/758438
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49231}
Instead of disabling the entire RegExp Unicode property escape test
suite, this patch explicitly lists the failing tests and only disables
them.
BUG=v8:4743
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If398eb4fcc8d9d96279dc5afb29489e699744d9f
Reviewed-on: https://chromium-review.googlesource.com/758757
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49230}
This patch adds support for Emoji_Component within Unicode property
escapes in regular expressions.
The Emoji_Component binary property was added in Emoji data v5
and is supported in ICU 60.1.
An `#if` directive is used to prevent breaking Node.js until they
update their ICU.
BUG=v8:4743
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If1b49a4c175e88f1840ca5ef8d57829d6d8c3291
Reviewed-on: https://chromium-review.googlesource.com/758261
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49229}
They have been meaning the same thing for a while now.
R=jarin@chromium.org
Bug:
Change-Id: Ie5988e6429b795babfa1e1f79841a9f03b8362dc
Reviewed-on: https://chromium-review.googlesource.com/758268
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49228}
There's three common situations in which we need to create JSFunction
objects. 1) from the compiler, 2) from tests, and 3) everything else
(mostly during bootstrapping).
This is an attempt to simplify case 3), which previously relied on
several Factory::NewFunction overloads where it was not clear how the
semantics of each overload differed.
This CL removes all but one overload, and packs arguments into a new
NewFunctionArgs helper class.
It also removes the hacks around
SFI::set_lazy_deserialization_builtin_id by explicitly passing
builtin_id into Factory::NewSharedFunctionInfo.
Drive-by-fix: Properly set is_constructor hint in
SimpleCreateSharedFunctionInfo.
Bug: v8:6624
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ica94d95e72e443055db5e7ff9e8cdf4115201ef1
Reviewed-on: https://chromium-review.googlesource.com/757094
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49224}
The C_WASM_ENTRY only calls wasm code, so (outgoing) parameters of this
code are always untagged.
R=ahaas@chromium.org
Bug: v8:7049
Change-Id: I989908eea668bd56aa88f3f1744105d218584ef1
Reviewed-on: https://chromium-review.googlesource.com/758245
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49221}
We explicitly serialize the backing store when we see the TypedArray.
We then put the reference in the external_pointer. To recalculate the
backing_store pointer during deserialization, we have to keep track of
each TypedArray and then fix up the pointer by adding the offset again.
Bug: v8:6966
Change-Id: I105d44413cffe5766c23c2a3d32ca2b78b5f22e8
Reviewed-on: https://chromium-review.googlesource.com/751269
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49219}
We already have a helper method for generating a sequence of values.
Reuse this instead of reimplementing the same thing two more times.
R=ahaas@chromium.orgCC=eholk@chromium.org
Change-Id: Ifbbe1324173951156c1ec9bba84fd1aa4bcb2adb
Reviewed-on: https://chromium-review.googlesource.com/758365
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49216}
The regexp fast path in MaybeCallFunctionAtSymbol had an issue in which
we'd call ToString after checking that the given {object} was a fast
regexp and deciding to take the fast path. This is invalid since
ToString() can call into user-controlled JS and may mutate {object}.
There's no way to place the ToString call correctly in this instance:
1 before BranchIfFastRegExp, it's a spec violation if we end up on the
slow regexp path;
2 the problem with the current location is already described above;
3 and we can't place it into the fast-path regexp builtin (e.g.
RegExpReplace) either due to the same reasons as 1.
The solution in this CL is to restrict the fast path to string
arguments only, i.e. cases where ToString would be a nop and can safely
be skipped.
Bug: chromium:782145
Change-Id: Ifd35b3a9a6cf2e77c96cb860a8ec98eaec35aa85
Reviewed-on: https://chromium-review.googlesource.com/758257
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49213}
Creates a new initializer function to instantiate instance class
fields in a base class.
An initializer function (similar to the one created for static fields)
is created during class declaration and assigned to a synthetic
context allocated variable.
This function is loaded from the variable during instantiation (when
the constructor is run) and run.
Bug: v8:5367
Change-Id: Ie11c2183b3001234ae41d7bcc2cb9b02c0764ab5
Reviewed-on: https://chromium-review.googlesource.com/754445
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49207}
Update the expected result for intl/number-format/format-currency
to match the output of ICU 60/CLDR 32.
Disable the test while ICU is rolled to ICU 60.1. This will be enabled
once v8 picks up the ICU roll to 60.1.
Bug: chromium:766816
Test: intl/numbuer-format/*
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Id6ffe149e9105ca050c6398d484437e1c88c2794
Reviewed-on: https://chromium-review.googlesource.com/756643
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49206}
We no longer need the kAlreadyVisitedSlot because we can just check
for undefined in the kPromiseSlot to know if the clsoure was already
fulfilled.
This means we save one word per context per promise resolving closure.
Bug: v8:7037
Change-Id: Ib8f0fb445d2e143714d57fe644ba6d7a3f04c1f7
Reviewed-on: https://chromium-review.googlesource.com/756176
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49200}
This is a reland of 34e3e7f91b
Original change's description:
> Introduce gc flag for fuzzing over compaction.
>
> Bug: v8:6972
> Change-Id: If1f4ee04ae00c6ae1e037bbb1ca758e952a8f843
> Reviewed-on: https://chromium-review.googlesource.com/738112
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Michał Majewski <majeski@google.com>
> Cr-Commit-Position: refs/heads/master@{#49191}
Bug: v8:6972
Change-Id: I690a72a6d5da17c6f15449b2be4cbb681a67e60e
Reviewed-on: https://chromium-review.googlesource.com/756894
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#49195}
This gives up on earlier attempts to interpret DeadValue as a signal of
unreachable code. This does not work because free-floating dead value
nodes, and even pure branch nodes that use them, can get scheduled so
early that they get reachable. Instead, we now eagerly remove branches
that use DeadValue in DeadCodeElimination and replace DeadValue inputs
to value phi nodes with dummy values.
Reland of https://chromium-review.googlesource.com/715716
Bug: chromium:741225 chromium:776256
Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
Reviewed-on: https://chromium-review.googlesource.com/727893
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49188}
In the fast case, the feedback should be the same across all slots
(like a switch over enum values).
BUG=v8:7045
Change-Id: I2c32f81cda55874ea6fc8d6a18c85d9929cff1bb
Reviewed-on: https://chromium-review.googlesource.com/756701
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49177}
The bytecode generator has special handling for comparing the result of
the typeof operator against a string literal. This needs to be adapted
for bigints.
R=jkummerow@chromium.org, mythrie@chromium.org
Bug: v8:6791
Change-Id: I42d6c9e9225ce05e19393f10e01ae496ecb70c9c
Reviewed-on: https://chromium-review.googlesource.com/753465
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49172}
Actually all it does is throw a TypeError.
R=jkummerow@chromium.org
Bug: v8:6791
Change-Id: I884da4eaa937519c07c3516a1713829f52e28ad8
Reviewed-on: https://chromium-review.googlesource.com/753730
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49171}
Due to lazy deserialization, we need to ensure the snapshot blob is
not freed until the Isolate is destroyed.
Re-enable a few tests that can handle lazy deserialization just fine.
Unfortunately we can't do this for all tests as UNINITIALIZED_TEST does
not sufficiently set up the isolate for lazy deserialization (there's no
Isolate::snapshot_blob_).
Bug: v8:6624
Change-Id: Icf0d217da3a4c5ff1506facc7869d2dd1ac3a983
Reviewed-on: https://chromium-review.googlesource.com/756694
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49170}
This change
- adds new maps for elements, global, and named dictionaries.
- adds support to embed these dictionaries in the startup snapshot.
- adds support to embed these dictionaries in the code cache.
- refactors the rehashing logic.
TBR=mstarzinger@chromium.org, ishell@chromium.org, jgruber@chromium.org
Bug: v8:6593
Change-Id: I2455fe2a9cc6e93247940de99de5f124c2ada137
Reviewed-on: https://chromium-review.googlesource.com/756693
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49167}
This reverts commit 32f30f6338.
Reason for revert: broken Fuchsia build, https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Fuchsia%2F460%2F%2B%2Frecipes%2Fsteps%2Fcompile%2F0%2Fstdout
Original change's description:
> [platform] check return values from memory operations
>
> This change adds DCHECKs for calls such as mprotect, as well as marking some of
> the memory allocation and deallocation routines as V8_MUST_USE_RESULT. This
> additional checking gives us more useful information for failure in the presence
> of, for example, address space exhaustion.
>
> Bug:
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I5bc76c1da6160262d3d556fea49d284ddd4e02c5
> Reviewed-on: https://chromium-review.googlesource.com/721267
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49164}
TBR=hpayer@chromium.org,mlippautz@google.com,eholk@chromium.org
Change-Id: Ie4b57b45c801dcce7884645f50ff74f833de6dc4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/756137
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49165}
This change adds DCHECKs for calls such as mprotect, as well as marking some of
the memory allocation and deallocation routines as V8_MUST_USE_RESULT. This
additional checking gives us more useful information for failure in the presence
of, for example, address space exhaustion.
Bug:
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I5bc76c1da6160262d3d556fea49d284ddd4e02c5
Reviewed-on: https://chromium-review.googlesource.com/721267
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49164}
Resetting phantom handles while keeping finalizers alive leads to the
problem of eagerly resetting a handle although another finalizer keeps
it (transitively) alive.
This becomes a problem with internal pointers to Blink as without
global handle a Blink GC is free to collect wrappables.
This CL untangles finalizers handling from phantom handle resets by
introducing a separate path for resetting.
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
Bug: chromium:781728
Change-Id: Ica138b72942698fd996c6e9fe0bdc19cc432c010
Reviewed-on: https://chromium-review.googlesource.com/753724
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49162}
This test uses a lot of memory and is causing OOM crashes on bots.
Bug: v8:7042
Change-Id: I63ff4d44ca8e26b65875df53ebd235976183c558
Reviewed-on: https://chromium-review.googlesource.com/755593
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49161}
The sampling heap profiles can now be retrieved without stopping
the profiler.
BUG=v8:6887
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I491206d0bafd7d4e198622117c12aab0057e6bc6
Reviewed-on: https://chromium-review.googlesource.com/749700
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49160}
Previously StaNamedProperty and StaKeyedProperty were in a weird state where
they claimed to not touch the accumulator, but actually did in case they were
deopted in the middle. A frame was added in the middle to overwrite the
accumulator again with the right value before returning from the setter, using
a lot of complexity in the deoptimizer.
This changes those instructions to be marked as writing to the accumulator
(e.g., the result of the setter), and uses to manually store and reload into
the accumulator the value being stored.
If we want to avoid the additional bytecodes, we could make sure that bytecodes
that claim to leave the accumulator alone don't deopt back to Advance/Dispatch
but LoadAccumulatorWithValue/Advance/Dispatch. That's in a way similar to what
happened before this CL, but I believe could be implemented much simpler.
Bug:
Change-Id: I4850a690ef5a30976701d0e050951faa46fd1c18
Reviewed-on: https://chromium-review.googlesource.com/753487
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49159}
This reverts commit 3877bf6f4b.
Reason for revert: failed compilation on Win64/clang:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20clang/builds/9015
Original change's description:
> Snapshot: support rehashing property and element dictionaries.
>
> This change
> - adds new maps for elements, global, and named dictionaries.
> - adds support to embed these dictionaries in the startup snapshot.
> - adds support to embed these dictionaries in the code cache.
> - refactors the rehashing logic.
>
> R=ishell@chromium.org, jgruber@chromium.org, mstarzinger@chromium.org
>
> Bug: v8:6593
> Change-Id: I8d9a7ba7145f1af4e6e15301a4d5611f07c77f33
> Reviewed-on: https://chromium-review.googlesource.com/753323
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49155}
TBR=yangguo@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,ishell@chromium.org
Change-Id: I0b45d2d07da97b9a7953abf4ad24eec4ea944306
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6593
Reviewed-on: https://chromium-review.googlesource.com/755493
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49156}
This change
- adds new maps for elements, global, and named dictionaries.
- adds support to embed these dictionaries in the startup snapshot.
- adds support to embed these dictionaries in the code cache.
- refactors the rehashing logic.
R=ishell@chromium.org, jgruber@chromium.org, mstarzinger@chromium.org
Bug: v8:6593
Change-Id: I8d9a7ba7145f1af4e6e15301a4d5611f07c77f33
Reviewed-on: https://chromium-review.googlesource.com/753323
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49155}
Each valid memory module generated by one of the wasm fuzzers will now
also be executed in Liftoff, and the result of the execution will be
compared against the interpreted result.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I6a437faae4230ce4dfc7924dd1418da20ea92356
Reviewed-on: https://chromium-review.googlesource.com/753328
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49154}
In current implementation Object.getOwnPropertyDescriptor calls native
getter. It can produce side effects. We can avoid calling it.
DevTools frontend will show clickable dots and on click returns value.
This CL does not affect Blink and only affect several Node.js
properties, e.g. process.title.
R=yangguo@chromium.org
Bug: v8:6945
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I5764c779ceed4d50832edf68b2b4c6ee2c2dd65c
Reviewed-on: https://chromium-review.googlesource.com/754223
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49152}
When initializing the cache state for a merge, we should never use
registers multiple times. Other code paths leading to the same merge
point might provide different values for the different slots there.
R=ahaas@chromium.org
Bug: v8:7035, v8:6600
Change-Id: I8e409b494af0fdc1a5045ec04571611b97fcaf86
Reviewed-on: https://chromium-review.googlesource.com/754816
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49150}
This is a reland of 2769a7c44b.
The failing test is fixed now.
Original change's description:
> [wasm] Test binary operations for more inputs
>
> Instead of hard-coding one or two inputs per binary operation, use all
> inputs provided by FOR_INT32_INPUTS.
>
> R=ahaas@chromium.org
>
> Change-Id: I534227f93068f52d69ea0ff0fcf686a9af034bad
> Reviewed-on: https://chromium-review.googlesource.com/753484
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49136}
Change-Id: Ied9d4e5977b13b3d0f644e6586b1b14bd412de26
Reviewed-on: https://chromium-review.googlesource.com/753389
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49148}
This adds code-space modification scopes to all sites that still rely on
mutation of {Code} objects after allocation. Currently some scopes also
potentially are in performance-critical places that might regress if the
protection would be enabled in its current form.
R=clemensh@chromium.org
BUG=v8:6792
Change-Id: I8d511e0e452324dae027e50a9da8e6f77224b86f
Reviewed-on: https://chromium-review.googlesource.com/751521
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49147}
Instead of calling a number of member functions which return lambdas
which are then wrapped in std::functions, just use the member functions
directly. This allows to make the arrays with the alternatives constexpr
instead of dynamically filling it on each call.
R=eholk@chromium.org, ahaas@chromium.org
Change-Id: Id1256f442f411eb291941911b25de24a985a9b34
Reviewed-on: https://chromium-review.googlesource.com/753722
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49146}
This CL adds support for memory operations to the AST-based Wasm compile
fuzzer. We've had several bugs in this area, so additional fuzz coverage should
help detect these sooner.
Change-Id: I28b5b95f1fc28939db764efe78de6d56bc61263c
Reviewed-on: https://chromium-review.googlesource.com/742383
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49144}
The maximum length of the chars in bytes was hardcoded and was not
updated with the increase in string length on 64-bit platforms.
The other platforms don't do this debug check so they don't need
updating.
Bug: chromium:779407
Change-Id: I94fd946f9e67b39075c1f7eed14a20e9db126a72
Reviewed-on: https://chromium-review.googlesource.com/753584
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49142}
This reverts commit 2769a7c44b.
Reason for revert:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm/builds/5195
Original change's description:
> [wasm] Test binary operations for more inputs
>
> Instead of hard-coding one or two inputs per binary operation, use all
> inputs provided by FOR_INT32_INPUTS.
>
> R=ahaas@chromium.org
>
> Change-Id: I534227f93068f52d69ea0ff0fcf686a9af034bad
> Reviewed-on: https://chromium-review.googlesource.com/753484
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49136}
TBR=ahaas@chromium.org,clemensh@chromium.org
Change-Id: I40a6822679956d872b21d5c01e548d5c49a4250f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/753731
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49139}
