Add an easy way to preview ArrayBuffer as a typed array. This change
will always allow previewing ArrayBuffer instances as Uint8Array and
Int8Array. ArrayBuffer instances that have even length will allow
Int16Array preview and ArrayBuffers that have length divisible by 4 will
allow Int32Array previews.
Bug:
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I07440147cc9e83c8a987f9316bd8d1b936db2717
Reviewed-on: https://chromium-review.googlesource.com/842472
Commit-Queue: Eugene Ostroukhov <eostroukhov@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50315}
In tests r6_ldpc and r6_lwupc are accidentally removed instructions
which should be actually tested - LDPC and LWUPC.
(See 822be9b238 "Normalize casing of
hexadecimal digits".)
This CL fixes this error in tests.
TEST=cctest/test-assembler-mips64/r6_ldpc,
cctest/test-assembler-mips64/r6_lwupc
BUG=
Change-Id: I34b8da2c6b97c0d85bde4f1cd3b3c704a9d05208
Reviewed-on: https://chromium-review.googlesource.com/845623
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#50313}
Add an early exit if the control op is Dead to prevent failing the
DCHECK.
BUG=chromium:797596, v8:5940, v8:3018
R=bmeurer@chromium.org, jarin@chromium.org
Change-Id: I6090380ea69c3205740b6c7a41d7c066d18d6a9f
Reviewed-on: https://chromium-review.googlesource.com/844978
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50312}
This CL adds the i32.trunc_s:sat/f32 WASM opcode to the turbofan
compiler and interpreter (more saturating operators will be added in
later CLs).
The operatation has been added under an experimental flag.
Bug: v8:7226
Change-Id: Ia69e981ffddb2da682e53ba25f489fc9d0cd2db5
Reviewed-on: https://chromium-review.googlesource.com/834670
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50311}
Fix 29bb707e9b
Compilation on GYP fails due to missing OnCriticalMemoryPressure
overload that accepts size_t parameter. In this case the compiler
complains about hiding virtual function.
This patch reintroduces the missing functions.
Bug:
Change-Id: I493891f6908987a6f27c669a16f6c3772339333d
Reviewed-on: https://chromium-review.googlesource.com/844077
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#50306}
- Instantiation errors are no longer recorded. If instantiation fails,
the module(s) are reset to "uninstantiated". When instantiation is
re-attempted, the thrown exception will be fresh.
- Instantiation can succeed even where there are modules in the graph
that previously failed evaluation.
Bug: v8:1569
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I429f616918afe5f8ab1a956024f0a22f464b8c44
Reviewed-on: https://chromium-review.googlesource.com/763369
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50301}
This is the implementation of crrev.com/c/766371 for mips64.
Original description:
Add the ability to return (multiple) return values on the stack:
- Extend stack frames with a new buffer region for return slots.
This region is located at the end of a caller's frame such that
its slots can be indexed as caller frame slots in a callee
(located beyond its parameters) and assigned return values.
- Adjust stack frame constructon and deconstruction accordingly.
- Extend linkage computation to support register plus stack returns.
- Reserve return slots in caller frame when respective calls occur.
- Introduce and generate architecture instructions ('peek') for
reading back results from return slots in the caller.
- Aggressive tests.
- Some minor clean-up.
R=v8-mips-ports@googlegroups.com
Change-Id: Ia924f94367320b9062e33d35b58ccd38c8fc3ca3
Reviewed-on: https://chromium-review.googlesource.com/842483
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50299}
Instead of these two instructions I generalize the kX64Peek instruction.
R=bmeurer@chromium.org
Change-Id: Ie5f8c7d428b65df3ca8b75594f6a06a75cc8e978
Reviewed-on: https://chromium-review.googlesource.com/839863
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50294}
This patch implements https://github.com/tc39/proposal-class-fields/pull/65
and https://github.com/tc39/proposal-static-class-features/ by
splitting out instance and static field declarations into separate
flags for the separate proposals. Instance class fields is currently
at Stage 3 whereas static class fields is currently at Stage 2.
Bug: v8:5367
Change-Id: I133c945fd0b22dc5718c7bb61b10f22348087acd
Reviewed-on: https://chromium-review.googlesource.com/839778
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50293}
On 32-bit platforms, float64 stack returns take 2 stack slots. In the
implemention of the kArmPeek instruction we assume that provided slot
index points to the first stack slot. However, due to an off-by-1 issue
the provided slot index pointed to the second stack slot. This CL fixes
the problem and generalizes an existing test which reproduces it.
R=v8-arm-ports@googlegroups.com
Change-Id: Ibb2fd8275cf912da064e2f863c2d64d2526caaac
Reviewed-on: https://chromium-review.googlesource.com/839761
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50291}
- Adds abstract base class PageAllocator, defined in v8-platform.h. Adds
GetPageAllocator method to v8::Platform.
- Implements a DefaultPageAllocator, implemented in terms of base::OS
page allocation methods.
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iece0b261a07294a49c30ac25e848dc39cb1a32e2
Reviewed-on: https://chromium-review.googlesource.com/809778
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50282}
All get outcome logic moved out from testsuite which makes output
processors serializable. Output processors that are not global
are stored inside testcase to share them with all test copies.
Bug: v8:6917
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I625466b2b00565d885556f96cab03d8d16fa7ff4
Reviewed-on: https://chromium-review.googlesource.com/837069
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50275}
The wasm compile fuzzer now generates up to four functions with
different signatures, and generates calls between them.
R=ahaas@chromium.orgCC=eholk@chromium.org
Change-Id: I94903a80c78f8463dc1dee91ccf3be33c431e25a
Reviewed-on: https://chromium-review.googlesource.com/839860
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50274}
I just fixed an annoying bug where I accidentally used DataRange more
than once, leading to endless recursion.
This CL avoids that by forbidding copying of DataRange. Instead, it's
mostly passed by reference now.
R=ahaas@chromium.orgCC=eholk@chromium.org
Change-Id: I3925548951645d13823ff42d9d833bde76d6cca6
Reviewed-on: https://chromium-review.googlesource.com/839762
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50273}
This is the implementation of crrev.com/c/766371 for mips.
Original description:
Add the ability to return (multiple) return values on the stack:
- Extend stack frames with a new buffer region for return slots.
This region is located at the end of a caller's frame such that
its slots can be indexed as caller frame slots in a callee
(located beyond its parameters) and assigned return values.
- Adjust stack frame constructon and deconstruction accordingly.
- Extend linkage computation to support register plus stack returns.
- Reserve return slots in caller frame when respective calls occur.
- Introduce and generate architecture instructions ('peek') for
reading back results from return slots in the caller.
- Aggressive tests.
- Some minor clean-up.
R=v8-mips-ports@googlegroups.com
Change-Id: I2f30cc297771ec74b0b935b6ea28d3d61a986d5c
Reviewed-on: https://chromium-review.googlesource.com/839660
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50272}
Adds support for emitting the drop opcode in the wasm compile fuzzer.
R=ahaas@chromium.orgCC=eholk@chromium.org
Change-Id: Idb6f07f3f50ffda472107bd6276221e803c37152
Reviewed-on: https://chromium-review.googlesource.com/839760
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50267}
Fixes a regression causing a seg fault instead of the
expected stack overflow.
Bug: chromium:796427, v8:6005
Change-Id: Ifc752a4009a25f447f5e87745dcc1bb83722c34e
Reviewed-on: https://chromium-review.googlesource.com/838854
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50265}
Also fix GetPropertyDescriptorWithInterceptor so that it only calls the
interceptor once.
R=ahaas@chromium.org, franzih@chromium.org
Bug: node:17480, node:17481
Change-Id: I2c3813f80df2962ec909bae7267884ce0b8ccbef
Reviewed-on: https://chromium-review.googlesource.com/816515
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50260}
This patch updates the instruction selector and code generator to pad arguments
for arm64 and drop an even number of slots when dropping the arguments. It also
updates the builtins that handle arguments. These changes need to be made at
the same time.
It also adds some tests for forwarding varargs, as this was affected by the
builtin changes and the existing tests did not catch all issues.
Bug: v8:6644
Change-Id: I81318d1d1c9ab2568f84f2bb868d2a2d4cb56053
Reviewed-on: https://chromium-review.googlesource.com/829933
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50259}
When shared memory is defined in the module bytes, and not imported/exported
underlying memory should be a SharedArrayBuffer. This was missing in the
allocate flow during instantiation. Fixed to use a SharedArrayBuffer.
BUG=v8:6532
Change-Id: Ic62ed3fd578a0e03124ee40b273e6a4ea474bba4
Reviewed-on: https://chromium-review.googlesource.com/835348
Reviewed-by: Eric Holk <eholk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50255}
In a benchmark that I'm looking at, the numbers quickly overflow our
current limit.
This patch increases kMaxLength to the greatest value that's possible
without requiring further code changes.
Bug: v8:6791
Change-Id: I7a0d126dcd566d536375a294fa4dcf10b8823ed7
Reviewed-on: https://chromium-review.googlesource.com/833876
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50240}
This is a reland of bcf1172992
The test was timing out in no snapshot builds, as each CodeAssemblerTester
creates a new Context. Reduced the random iterations significantly.
Original change's description:
> [arm64] Preparation for padding of arguments
>
> As part of JSSP removal, we need to align the arguments passed to functions
> on the stack, by adding a padding slot when the total number of arguments
> is odd.
>
> This patch introduces the kPadArguments flag (which is currently set to
> false for all architectures), which will control padding of arguments in
> architecture-independent parts of the code (deoptimizer, instruction
> selector).
>
> It also adds some executable tests for tail calls with various stack
> parameter counts on the caller and callee sides.
>
> This will be turned on for arm64 together with arm64-specific changes to
> the code generator, the MacroAsembler and the builtins, in a later patch.
>
> Bug: v8:6644
> Change-Id: I79a5c149123fe8130cedd1ccffec3d9b50361e08
> Reviewed-on: https://chromium-review.googlesource.com/806554
> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50134}
TBR=jarin@chromium.org
Bug: v8:6644
Change-Id: I795877ed9791e126ffac6841dbbb65189e95d207
Reviewed-on: https://chromium-review.googlesource.com/833046
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50238}
This is the implementation of crrev.com/c/766371 for arm.
Original description:
Add the ability to return (multiple) return values on the stack:
- Extend stack frames with a new buffer region for return slots.
This region is located at the end of a caller's frame such that
its slots can be indexed as caller frame slots in a callee
(located beyond its parameters) and assigned return values.
- Adjust stack frame constructon and deconstruction accordingly.
- Extend linkage computation to support register plus stack returns.
- Reserve return slots in caller frame when respective calls occur.
- Introduce and generate architecture instructions ('peek') for
reading back results from return slots in the caller.
- Aggressive tests.
- Some minor clean-up.
R=v8-arm-ports@googlegroups.com
Change-Id: I7d61424a184d5778baf1d1270013f4e0c7ec68b4
Reviewed-on: https://chromium-review.googlesource.com/836608
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50237}
We used to frequently break the ABI when we introduced new instance
types because some instance types are hard-coded in v8.h.
Now that we have more instance types available, we can leave some
room to anticipate future new instance types.
Also take this opportunity to reorder some instance types.
Also see: https://github.com/nodejs/node/issues/17754
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I9b59eeab9dfcdf11d779f0b700fc5dce30d3eebe
Reviewed-on: https://chromium-review.googlesource.com/833874
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50223}
Previously, FrameFunctionIterator::next() assumed that the frame summary
was non-empty. It's now possible for the list not to be empty, if the
JS microtask pump invokes a builtin function which uses
FrameFunctionIterator directly. While this is unlikely to show up in
real world code, it is necessary to handle it to prevent crashes.
BUG=chromium:794744
R=mstarzinger@chromium.org, cbruni@chromium.org, verwaest@chromium.org
Change-Id: Ie95c2228544f57730d1c6c1ff955b2c94ff1c06b
Reviewed-on: https://chromium-review.googlesource.com/833266
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#50221}
This is a reland of ab38b03d1b
Original change's description:
> [builtins] Port Object.p.toLocaleString to CSA from JS
>
> - Added ObjectPrototypeToLocaleString TFJ
> - Remove v8natives.js
> - Move GetMethod and GetIterator into prologue.js
>
> TBR=adamk@chromium.org
>
> Bug: v8:6005
> Change-Id: I2b5b65892304e62bf64375458f8ffb9473b2c9b7
> Reviewed-on: https://chromium-review.googlesource.com/826479
> Reviewed-by: Peter Wong <peter.wm.wong@gmail.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
> Cr-Commit-Position: refs/heads/master@{#50120}
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
TBR=adamk@chromium.org
Bug: v8:6005
Change-Id: Ie8c8810c5231e933e61ea8babe963e58bb6dcaed
Reviewed-on: https://chromium-review.googlesource.com/831156
Reviewed-by: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#50218}
Background tasks read this flag, which creates a data race. This patch
works around the data races by making the access to the flag atomic.
The actual fix will be to not mutate the flag.
Bug: chromium:794911
Change-Id: Idcf03b7a1037e876036918418ce989b420784428
Reviewed-on: https://chromium-review.googlesource.com/834508
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50215}
... or sometimes by FATAL(...) to give a better error message.
The benefit of UNREACHABLE() over CHECK(false) is that the compiler
knows that this macro will never return, hence we can omit the return
of a dummy value afterwards.
R=neis@chromium.org
Change-Id: I14e6a4f1d75f1338f481bd1520d841fd383d6202
Reviewed-on: https://chromium-review.googlesource.com/832431
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50214}
This reverts commit 004f348aba.
Reason for revert: Breaks msvc compile: https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/672
Original change's description:
> [fuzzer] Add attributes to LLVMFuzzerInitialize definition.
>
> That prevents the linker from dead-stripping the function, as it is not called
> directly, it is resolved in the runtime via dlsym().
>
> Bug: chromium:754124, chromium:787723
> Change-Id: I46a02ef01349f59b7ed944ce1483b7277e234a19
> Reviewed-on: https://chromium-review.googlesource.com/833995
> Commit-Queue: Max Moroz <mmoroz@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50212}
TBR=ahaas@chromium.org,mmoroz@chromium.org,mathias@chromium.org
Change-Id: Iba35b55ee4d11aca0dfb9cffde7a6a51e0c8e46c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:754124, chromium:787723
Reviewed-on: https://chromium-review.googlesource.com/834548
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50213}
That prevents the linker from dead-stripping the function, as it is not called
directly, it is resolved in the runtime via dlsym().
Bug: chromium:754124, chromium:787723
Change-Id: I46a02ef01349f59b7ed944ce1483b7277e234a19
Reviewed-on: https://chromium-review.googlesource.com/833995
Commit-Queue: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50212}
The problem was that parts of Simd8x16ShuffleOperand were uninitialized.
Original message:
[wasm] Stop decoding operands after error.
When we decode operands of WebAssembly instructions, we do not use the
current pc but a pc of the instruction plus some offset. However, the
pc of the instruction + offset can become invalid in case of a decoder
error. Therefore we have to stop decoding operands explicitly in case
of an error.
R=clemensh@chromium.org
Bug: chromium:795131
Change-Id: I732bc23547dbe531019d81a4397d22165a26d46b
Reviewed-on: https://chromium-review.googlesource.com/833934
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50211}
Pass shell name instead of an absolute path.
Bug: v8:796166
Change-Id: Ia9472e893fd2cb3fde2a94997f3e9daf30da06ea
Reviewed-on: https://chromium-review.googlesource.com/833917
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50207}
Move the object and array literal flag and depth initialization to when
they are visited by the bytecode generator. This avoids issues with
doing this initialization before we know whether the (syntactic) literal
is actually a literal value or a destructuring assignment.
Bug: chromium:795922
Bug: v8:7178
Change-Id: I022178ab4bc9e71f80560f3b78a759d95d4d0584
Reviewed-on: https://chromium-review.googlesource.com/833882
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50204}
This reverts commit 6633ad56d8.
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/18850
Original change's description:
> [wasm] Stop decoding operands after error.
>
> When we decode operands of WebAssembly instructions, we do not use the
> current pc but a pc of the instruction plus some offset. However, the
> pc of the instruction + offset can become invalid in case of a decoder
> error. Therefore we have to stop decoding operands explicitly in case
> of an error.
>
> R=clemensh@chromium.org
>
> Bug: chromium:795131
> Change-Id: I3b7b45782c71a70364adf930bee3e94a1be88fea
> Reviewed-on: https://chromium-review.googlesource.com/832867
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50196}
TBR=ahaas@chromium.org,clemensh@chromium.org
Change-Id: I5a67f77285fdedc7f4645f8efaaf0087b4046011
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:795131
Reviewed-on: https://chromium-review.googlesource.com/832650
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50199}
When we decode operands of WebAssembly instructions, we do not use the
current pc but a pc of the instruction plus some offset. However, the
pc of the instruction + offset can become invalid in case of a decoder
error. Therefore we have to stop decoding operands explicitly in case
of an error.
R=clemensh@chromium.org
Bug: chromium:795131
Change-Id: I3b7b45782c71a70364adf930bee3e94a1be88fea
Reviewed-on: https://chromium-review.googlesource.com/832867
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50196}
There was an issue when the caller of a function with multiple returns
did not use all values which were returned over the stack. The caller
used only the used returns to calculate the offsets on the stack,
whereas the callee used all returns to calculate the offsets.
With this CL also the caller uses all returns to calculate the stack
offsets and thereby agrees again with the callee on the location of
all returns.
In addition I fixed an issue on x64: A quad word is reserved on the
stack frame to spill callee-saved FP registers, which is not pointer
size.
R=titzer@chromium.org
Change-Id: Ibe56b4b57e4b6e59071a868805b1237412344f93
Reviewed-on: https://chromium-review.googlesource.com/824043
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50193}
Teach the fuzzer about the new DotAll flag.
Bug: v8:6612
Change-Id: I92d6bfd920f5daef6733b1c547063ede718ecc8f
Reviewed-on: https://chromium-review.googlesource.com/832748
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50188}
Bug:
Change-Id: I7d4152139548d8a24c0b444dfff3c363bf92680b
Reviewed-on: https://chromium-review.googlesource.com/816836
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50185}
Remove comment about usage of FATAL, UNREACHABLE and UNIMPLEMENTED,
which was deprecated since https://crrev.com/1410713006.
Also, refactor the FATAL macro and use it for implementing UNREACHABLE
and UNIMPLEMENTED, and in more code. The benefit over printf +
CHECK(false) is that the compiler knows that FATAL will never return.
R=bmeurer@chromium.org
Change-Id: I8c2ab3b4e6edfe8eff5ec6fdf3d92b15d0ed7126
Reviewed-on: https://chromium-review.googlesource.com/832726
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50183}
Update tests to work with new behavior.
This feature is shipping in Firefox 54, so compatibility risk is low.
R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel
Bug: v8:4958
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ib16d19468cf935f961d7bcd856ebbeb5692d3e61
Reviewed-on: https://chromium-review.googlesource.com/546941
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50178}
We should not report promise created for async function as candidate
for stepping. Regular StepInto works fine in this case.
TBR=dgozman@chromium.org
Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I8dafec5417df0de593cb2a1c06d6a11093e7c64b
Reviewed-on: https://chromium-review.googlesource.com/828024
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50176}
I also added a test for movdqa, which was already implemented.
R=bmeurer@chromium.org
Change-Id: I6dd5cba072f1439dcdfb5f975de116e4534c7581
Reviewed-on: https://chromium-review.googlesource.com/832466
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50175}
The interface of {WasmCompiledModule} currently mostly receives and
provides handles to the contained data. Other interfaces don't (see
{object-macros.h}.
This leads to performance and memory overhead for chained accesses like
{instance->compiled_module()->shared()->script()}, because intermediate
accessors allocate Handles for no reason. It also breaks the
constraints that lower-case accessors should be trivial to execute, but
allocating a handle is not trivial (should not be done in a loop if not
needed).
It also silences gcmole errors, as documented in
https://crrev.com/c/832268.
R=ahaas@chromium.org, mtrofin@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ib82fb295977a47b4a8ab9bae9c9b6e2b235ad5e5
Reviewed-on: https://chromium-review.googlesource.com/832387
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50173}
This CL passes feedback from the element kind deopt points
in Array.push to the deoptimizer. If the deopt points are
triggered, further speculation on Array.push is disallowed.
Bug: v8:7127, v8:7204
Change-Id: Ie91dee598bd8b8797110c8f468406327226893a4
Reviewed-on: https://chromium-review.googlesource.com/831523
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50171}
Make sure that a continue still executed the increment part of a for
loop by adding another nested block for the body, which is the break
target for a continue in the body. The increment code lives outside
this block, in the original loop.
R=bradnelson@chromium.orgCC=mstarzinger@chromium.org
Bug: chromium:788916
Change-Id: I178b874ffac16d9237a0f4da097d2742bd93335a
Reviewed-on: https://chromium-review.googlesource.com/832447
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50169}
This change is quite invasive, because CheckSmi is lowered
through representation change depending on UseInfo to several
different checked conversion operators. This CL adds feedback
to every checked conversion operator to Int32.
Bug: v8:7127, v8:7204
Change-Id: Icb780e5a69d321c2ec161c3c2a32984bdcf101f1
Reviewed-on: https://chromium-review.googlesource.com/831521
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50167}
We had a number of accessors defined on {WasmCompiledModule}, which
redirected to {WasmSharedModuleData}. This is uncommon in the code base
and hides where information is really stored.
This CL removes them and accesses information directly from the
{WasmSharedModuleData} instead.
R=ahaas@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I54fce75dbf7dcb2f16dcf13e4634b5618225a429
Reviewed-on: https://chromium-review.googlesource.com/831510
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50157}
Many methods currently defined in WasmCompiledModule actually only use
shared information from WasmSharedModuleData. Hence, move them to this
class.
R=ahaas@chromium.org
Bug: chromium:750256
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia298306c3757fca8e2d93eaaf3424d6f91150212
Reviewed-on: https://chromium-review.googlesource.com/831509
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50156}
See https://github.com/tc39/proposal-regexp-named-groups/pull/40.
The spec is being changed to always create a 'groups' property on
regexp result objects. Its value is undefined if no named captures
exist, and the object containing named captures otherwise.
Bug: v8:7192, v8:5437
Change-Id: I1fb00ffc186c7effd84b5692dcbed420581855c3
Reviewed-on: https://chromium-review.googlesource.com/829137
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50154}
Instruction selector computes the range of case statement labels
to choose between a table or lookup based switch. We need to special
case this when there are no case statements.
Bug: chromium:794825
Change-Id: I46ef57d17f5e2b99a3570f7f3c4ff06e75d78fab
Reviewed-on: https://chromium-review.googlesource.com/830013
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50153}
Add a test case to check performance of TypedArray.prototype.slice for
non-species cases.
Bug: v8:5929
Change-Id: Ic4aa43575c442c80a4ff981df38c0262f6b2a7b8
Reviewed-on: https://chromium-review.googlesource.com/831308
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50150}
Add a test case to check performance of TypedArray.prototype.subarray
for non-species cases.
Bug: v8:7161
Change-Id: Idab8187403cc61596ce90fe03ab2300c38055857
Reviewed-on: https://chromium-review.googlesource.com/831370
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50149}
This changes the implementation of
v8::ScriptCompiler::CompileFunctionInContext
See design doc: https://goo.gl/ppkK6QR=adamk@chromium.org, marja@chromium.org, mstarzinger@chromium.org
Bug: v8:7172, chromium:70895
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iab0b6e879c1a3b33b623bfa2af9c706643c06fa7
Reviewed-on: https://chromium-review.googlesource.com/810946
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50148}
The irregexp compiler expects RegExpCharacterClass instances to
contain at least one range. This preserves that invariant when parsing
the negated \P{Any} unicode property.
Bug: chromium:793588
Change-Id: If71fdce014a7e64d8af559084ee88108303d694b
Reviewed-on: https://chromium-review.googlesource.com/827010
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Erik Corry <erikcorry@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50146}
Add feedback to GrowFastElements operator and thread it
through to the deoptimize node it the lowering. The CL
uses the feedback to allow Array.push to disable speculation
if the grow operation deopts.
Bug: v8:7127, v8:7204
Change-Id: Ib5850a93759b9194c0fc2f191f6adf5d49cb7f55
Reviewed-on: https://chromium-review.googlesource.com/827128
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50145}
This reverts commit bcf1172992.
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/16791
The test cctest/test-run-tail-calls/FuzzStackParamCount hangs on
the nosnap debug bot and times out.
Original change's description:
> [arm64] Preparation for padding of arguments
>
> As part of JSSP removal, we need to align the arguments passed to functions
> on the stack, by adding a padding slot when the total number of arguments
> is odd.
>
> This patch introduces the kPadArguments flag (which is currently set to
> false for all architectures), which will control padding of arguments in
> architecture-independent parts of the code (deoptimizer, instruction
> selector).
>
> It also adds some executable tests for tail calls with various stack
> parameter counts on the caller and callee sides.
>
> This will be turned on for arm64 together with arm64-specific changes to
> the code generator, the MacroAsembler and the builtins, in a later patch.
>
> Bug: v8:6644
> Change-Id: I79a5c149123fe8130cedd1ccffec3d9b50361e08
> Reviewed-on: https://chromium-review.googlesource.com/806554
> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50134}
TBR=rmcilroy@chromium.org,jarin@chromium.org,georgia.kouveli@arm.com
Change-Id: Iff4d7da418204834822842b160eacb8980058172
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6644
Reviewed-on: https://chromium-review.googlesource.com/830847
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50144}
- Creates a memory management API in v8::internal, which corresponds
to the existing one in base::OS.
- Implements the new API in terms of the old one.
- Changes all usage of the base::OS API to the one in v8::internal. This
includes all tests, except platform and OS tests.
- Makes OS:: methods private.
- Moves all LSAN calls into the v8::internal functions.
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iaa3f022e3e12fdebf937f3c76b6c6455014beb8a
Reviewed-on: https://chromium-review.googlesource.com/794856
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50139}
As part of JSSP removal, we need to align the arguments passed to functions
on the stack, by adding a padding slot when the total number of arguments
is odd.
This patch introduces the kPadArguments flag (which is currently set to
false for all architectures), which will control padding of arguments in
architecture-independent parts of the code (deoptimizer, instruction
selector).
It also adds some executable tests for tail calls with various stack
parameter counts on the caller and callee sides.
This will be turned on for arm64 together with arm64-specific changes to
the code generator, the MacroAsembler and the builtins, in a later patch.
Bug: v8:6644
Change-Id: I79a5c149123fe8130cedd1ccffec3d9b50361e08
Reviewed-on: https://chromium-review.googlesource.com/806554
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50134}
Support inlining Array.prototype.findIndex in Turbofan.
Depending on array size, quick benchmarks show a >2x
improvement: https://github.com/peterwmwong/v8-perf/blob/master/array-find-findIndex-tf/README.md
Bug: chromium:791045, v8:1956, v8:7165
Change-Id: I250554885f924c97b0072e09ee289713df5cbe63
Reviewed-on: https://chromium-review.googlesource.com/824382
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50133}
The unicode property escape syntax restricts unicode property names and
unicode property values to consist only of characters taken from the
[a-zA-Z0-9_] character class. See the spec at:
https://tc39.github.io/proposal-regexp-unicode-property-escapes/
In most cases, we do not actually need to validate that this is the
case, since subsequent property lookup in ICU will fail (and throw a
SyntaxError) if the given property does not exist.
However, there one special case. The ICU lookup takes the property name
as a null-terminated string, so it will accept carefully malformed
property names (e.g. '\p{Number\0[}'). This can end up confusing the
regexp parser.
With this CL, we explicitly restrict potential property names / values
to the character set as specified.
Bug: v8:4743, chromium:793793
Change-Id: Ic97deea8602571ec6793b79c4bb858e1c7597405
Reviewed-on: https://chromium-review.googlesource.com/824272
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50130}
In a generator containing loops, there are always certain control flow
paths that are impossible, due to the way we represent generators at the
bytecode level. Unfortunately, the graph builder can't tell that these
paths are impossible. In combination with dead code, it can then happen
that we build a subgraph (for unreachable code) whose incoming context
is the undefined oddball. JSContextSpecialization did not expect that.
Bug: chromium:794822
Change-Id: I259be5ae6c5f5adc8fca19c64bf71285ee922b7a
Reviewed-on: https://chromium-review.googlesource.com/828954
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50129}
This makes sure the builtin lowering of Object.create doesn't invalidate
any previously taken dependencies. Aborting compilation after such cases
would lead to repeating optimization attempts without learning, hence we
disallow such situations.
R=verwaest@chromium.org
BUG=chromium:794394,chromium:786723
Change-Id: I6b6928cab19692bbbe3cd241ade862a2306eb0c7
Reviewed-on: https://chromium-review.googlesource.com/827066
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50128}
Making test262's GetExpectedOutcomes independent from a command.
It will enable us to move this function to precompute phase.
Bug: v8:6917
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ibb59da29bd30f32427ba6230a22d7d0801954bf0
Reviewed-on: https://chromium-review.googlesource.com/828933
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#50127}
- Added ObjectPrototypeToLocaleString TFJ
- Remove v8natives.js
- Move GetMethod and GetIterator into prologue.js
TBR=adamk@chromium.org
Bug: v8:6005
Change-Id: I2b5b65892304e62bf64375458f8ffb9473b2c9b7
Reviewed-on: https://chromium-review.googlesource.com/826479
Reviewed-by: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#50120}
This reverts commit 917b9cb9fc.
In this CL, we canonicalize the fixed array when allocating storage for
empty fixed array. During initialization, we also make sure that we do
not write to the empty fixed array. This is quite hacky, but it
seems to be the least intrusive change.
Bug: chromium:793863
Change-Id: I1449ebac7c1e390467566a759bf70e7e2fabda31
Reviewed-on: https://chromium-review.googlesource.com/827013
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50119}
Finishing a chunk of data during streaming compilation caused background
tasks to be restarted unconditionally. However, restarting background
tasks is not possible after compilation has already finished. With this
CL we do not allow anymore to restart background tasks after they have
been finished.
R=clemensh@chromium.orgCC=mtrofin@chromium.org
Change-Id: I4c0a9761fb627f04b254f72e05873e29e7647eb0
Reviewed-on: https://chromium-review.googlesource.com/827008
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50115}
This CL also adds support for "lookup on dictionary receivers" to store ICs.
Bug: v8:7206, v8:5561
Change-Id: Icebbc2d52c71f5d25b43f2f2a8adf674e4ec2cbc
Reviewed-on: https://chromium-review.googlesource.com/819232
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50113}
The IsPromise brand check is now replaced with an IsObject check.
The spec was changed here:
a1628886f8
Bug: v8:7095
Change-Id: I5668083c888f9efcdfc1491c919c810c75d73ac7
Reviewed-on: https://chromium-review.googlesource.com/826606
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50108}
Given that we already treat feedback vector as a source of truth for
language mode of other store operations and given that the StoreGlobalIC
dispatcher does not depend on the language more anymore, we can just combine
these two bytecodes.
Bug: v8:7206
Change-Id: I27f03f2102ff79ec20fa997eb18dde816f376b00
Reviewed-on: https://chromium-review.googlesource.com/823846
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50102}
Add support for disallowing speculation upon deoptimize from
a CheckBound node, and use this in the case of array builtins
in js-call-reducer to prevent deoptimization loops.
Bug: v8:7127
Change-Id: I04cf655b10178d2938d2f0ee6b336601fab6463b
Reviewed-on: https://chromium-review.googlesource.com/822195
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50097}
Port bd732f7ddd
Original Commit Message:
The original CL introduced a test which uses a random number generator.
I disable the test for now, which is okay because this CL adds to a
work-in-progress feature anyways, and I will fix the problem in another
CL.
Original description:
Add the ability to return (multiple) return values on the stack:
- Extend stack frames with a new buffer region for return slots.
This region is located at the end of a caller's frame such that
its slots can be indexed as caller frame slots in a callee
(located beyond its parameters) and assigned return values.
- Adjust stack frame constructon and deconstruction accordingly.
- Extend linkage computation to support register plus stack returns.
- Reserve return slots in caller frame when respective calls occur.
- Introduce and generate architecture instructions ('peek') for
reading back results from return slots in the caller.
- Aggressive tests.
- Some minor clean-up.
So far, only ia32 and x64 are implemented.
R=ahaas@chromium.org, joransiu@ca.ibm.com, jbarboza@ca.ibm.com
BUG=
LOG=N
Change-Id: I8d63286aa5af5f52cc2eeaf2adeee13d0ff19e7d
Reviewed-on: https://chromium-review.googlesource.com/823084
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50091}
In a certain scenario streaming compilation got stuck and did never
finish. This CL fixes this issue.
Scenario:
* Streaming compilation starts
* The compilation tasks execute all compiation units in the working
queue and set the finished_ flag to true.
* New data arrives over streaming
* The compilation tasks compile so fast that the executed_units_ queue
gets full. The compilation tasks stop executing and wait for the
finisher task to restart them.
* The finisher task does not restart the compilation tasks because the
finished_ flag is set.
With this CL I remove the finished flag and instead look at the size
of the working queue directly.
In addition I added a test which does not actually reproduce this
scenario but seems good to have anyways.
R=mtrofin@chromium.org
Change-Id: I44560c43e51be13c4461208368e21137b115656c
Reviewed-on: https://chromium-review.googlesource.com/824523
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50090}
This ensures that MigrateFastToFast does not overflow the length of the
property array.
Bug: chromium:789393
Change-Id: I77adc319c1c8c469ea482bad35ead8661d535192
Reviewed-on: https://chromium-review.googlesource.com/824167
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50086}
The dispatcher is responsible for handling stores to lexical environment
variables and for storing directly to the JSGlobalObject. In the latter
case the dispatcher also ensures that JSGlobalProxy is provided as
a receiver if a setter function has to be called.
Unlike StoreIC the calling convention for the StoreGlobalIC does not include
receiver.
Bug: v8:7206, chromium:576312, v8:5561
Change-Id: Ifa896c7b41bf440785b757c2272ec91211e79c98
Reviewed-on: https://chromium-review.googlesource.com/818965
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50081}
- All testcase/testsuite/variant generator subclasses renamed to
just TestCase/TestSuite/VariantGenerator since they're private
implementation.
- All `testcase` variables renamed to `test` to not conflict with
a module name.
- No more two statements in the same line.
- Removed some unused testsuite methods.
Bug: v8:6917
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I7710f3419f738a5f9ddca73765dd2cad2e35b952
Reviewed-on: https://chromium-review.googlesource.com/823964
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#50076}
RegisterLists should only be allocated via the register allocator. To ensure
this, make the RegisterList constructor private and only expose it to tests
and the BytecodeRegisterAllocator.
Change-Id: I09ebfc5c0f1baecfb1333fd672b96d462fd26fcf
Reviewed-on: https://chromium-review.googlesource.com/822196
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50073}
This disallows speculation after deoptimization from any of
Array.{forEach,map,filter,find} due to CheckMap fails. Such
CheckMap fails happen if the builtins' function argument
causes the map of the array to change. The js-call-lowering
refrains from optimizing builtins for which speculation was
disallowed.
Bug: v8:6898, v8:7127
Change-Id: Ied6696f8fb023ee404fb82e9d37bfb061f293854
Reviewed-on: https://chromium-review.googlesource.com/819354
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50069}
I also used the opportunity to clean up the loop peeler a bit by making the
class stateful, to avoid passing long argument lists around.
Bug: v8:5864
Change-Id: I2e034c6eabd381b01e15cf3e6aa3ce7b14e7b3d8
Reviewed-on: https://chromium-review.googlesource.com/822933
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50067}
- create testcase subclass for each test
- move get_command, get_source from suite to test
- promises-aplus tests are broken
- moving expected outcomes etc. is still in progress
Bug: v8:6917
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I006e64ecf51dda95c41dff88c68b24f17a638566
Reviewed-on: https://chromium-review.googlesource.com/798331
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50065}
The new frame type is inteneded to represent native C++ stack frames.
JS code may sometimes make calls to helper native functions that do not
provide any special stack layout besides the return address and frame pointer.
Currently the stack iterator bails out when it sees an unknown frame.
The patch allows the iterator to unwind stacks having such frames.
BUG=chromium:768540
Change-Id: I9c273c7015695a6733c0a0c52b522fca7b25de0d
Reviewed-on: https://chromium-review.googlesource.com/794991
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50058}
* DisableInlineAllocationSteps was a blunt hammer added to work around
tests that needed to avoid artificially lower limits imposed by
observers. PauseAllocationObserversScope can properly disable step on
a temporary basis.
* Modify tests. Remove DisableInlineAllocationSteps.
This exposed a bug in allocation observers: we were not doing a step
when a fresh page is added.
Fix this by moving the step into UpdateAllocationInfo. We should be
doing a step (and keeping top_on_previous_step_ consistent) whenever
we move move top(). UpdateAllocationInfo is the correct place for this
rather than the callers of UpdateAllocationInfo.
Bug:
Change-Id: I2edc238dc2e73bf9a2e9738c2a9b50efcac5cbf0
Reviewed-on: https://chromium-review.googlesource.com/821052
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50052}
If an initializer is a NaryOperation, its position ends up as a start position
of a Scope, and a DCHECK used to fire.
Interestingly, this was not caught by our existing tests.
BUG=chromium:791256
Change-Id: Id47f850c7ad17ca580352f9bd56c9567b485c3b8
Reviewed-on: https://chromium-review.googlesource.com/822093
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50051}
This operation was used to implement asm.js stores, but is obsolete
with asm.js stores now being lowered to normal graph nodes.
R=mstarzinger@chromium.orgCC=jarin@chromium.org
Bug:
Change-Id: Iea90b1a62be2e273c0562058642adc5b63ae2cf8
Reviewed-on: https://chromium-review.googlesource.com/822570
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50046}
This is a reland of c3bd741efd
Original change's description:
> Fix "this" value in lazily-parsed module functions.
>
> When preparsing top-level functions in a module, we didn't track
> unresolved variables. Consequently, "this" ended up referencing
> the global "this", which has the wrong value (in a module "this"
> is supposed to be the undefined value).
>
> This patch fixes that. This also lets us stop forcing context
> allocation of all variables in module scopes, which the patch
> takes care of as well.
>
> Bug: chromium:791334
> Change-Id: Ifac1f1adc033f3facfb3d29dd4bca32ee27bffcf
> Reviewed-on: https://chromium-review.googlesource.com/808938
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50025}
TBR=adamk@chromium.orgTBR=kozyatinskiy@chromium.org
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Bug: chromium:791334
Change-Id: I57acc7b84a345565b36cbb55924fa2ff9b449eec
Reviewed-on: https://chromium-review.googlesource.com/822341
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50045}
Currently Page::ShrinkToHighWaterMark checks that there is only one
filler in the to-be-freed area at the end of the page. This does not
hold if an allocation observer is active.
We should instead check that the to-be-freed area does not contain
allocated objects and will not contain allocated objects:
1) Following chain of fillers we arrive at the end of the page.
2) The free list of the page is empty.
This patch also changes PagedSpace::ResetFreeList to evict free list
entries of each page, instead of just reseting the global free list.
It also removes invalidation of free list categories.
Now FreeList::EvictFreeListItems simply evicts free list entries without
invalidating free list categories.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6051578ec2c91c9614d14c7a6ce188d2db5ace3b
Reviewed-on: https://chromium-review.googlesource.com/822571
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50040}
This reverts commit c3bd741efd.
Reason for revert: Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/20384
Original change's description:
> Fix "this" value in lazily-parsed module functions.
>
> When preparsing top-level functions in a module, we didn't track
> unresolved variables. Consequently, "this" ended up referencing
> the global "this", which has the wrong value (in a module "this"
> is supposed to be the undefined value).
>
> This patch fixes that. This also lets us stop forcing context
> allocation of all variables in module scopes, which the patch
> takes care of as well.
>
> Bug: chromium:791334
> Change-Id: Ifac1f1adc033f3facfb3d29dd4bca32ee27bffcf
> Reviewed-on: https://chromium-review.googlesource.com/808938
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50025}
TBR=adamk@chromium.org,marja@chromium.org,neis@chromium.org,kozyatinskiy@chromium.org
Change-Id: I81f69334ed2ce104c00e6205d50001e4bdf07d15
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:791334
Reviewed-on: https://chromium-review.googlesource.com/822258
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50036}
The original CL introduced a test which uses a random number generator.
I disable the test for now, which is okay because this CL adds to a
work-in-progress feature anyways, and I will fix the problem in another
CL.
Original description:
Add the ability to return (multiple) return values on the stack:
- Extend stack frames with a new buffer region for return slots.
This region is located at the end of a caller's frame such that
its slots can be indexed as caller frame slots in a callee
(located beyond its parameters) and assigned return values.
- Adjust stack frame constructon and deconstruction accordingly.
- Extend linkage computation to support register plus stack returns.
- Reserve return slots in caller frame when respective calls occur.
- Introduce and generate architecture instructions ('peek') for
reading back results from return slots in the caller.
- Aggressive tests.
- Some minor clean-up.
So far, only ia32 and x64 are implemented.
Change-Id: I8b03fc4e53946daaa0e14a34603f4824a04fad7e
Reviewed-on: https://chromium-review.googlesource.com/819557
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50031}
When preparsing top-level functions in a module, we didn't track
unresolved variables. Consequently, "this" ended up referencing
the global "this", which has the wrong value (in a module "this"
is supposed to be the undefined value).
This patch fixes that. This also lets us stop forcing context
allocation of all variables in module scopes, which the patch
takes care of as well.
Bug: chromium:791334
Change-Id: Ifac1f1adc033f3facfb3d29dd4bca32ee27bffcf
Reviewed-on: https://chromium-review.googlesource.com/808938
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50025}
Some refactor moved from
https://chromium-review.googlesource.com/c/v8/v8/+/798331.
Bug: v8:6917
Change-Id: I8cae6cfca7a0d7d8e234052c0ab0bfe252355e60
Reviewed-on: https://chromium-review.googlesource.com/819550
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50020}
If we have several scripts with the same url (see many <script> tags in
one page), then we try to set breakpoint only in script with given
lineNumber inside and ignore all other scripts. We should follow the
same logic when we capture hint for later breakpoint restore.
R=yangguo@chromium.org
Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I44a332ac64f62ec9a0d24d5fe4688f8ced125e39
Reviewed-on: https://chromium-review.googlesource.com/821053
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50019}
This is a separation of the DFA Unicode Decoder from
https://chromium-review.googlesource.com/c/v8/v8/+/789560
I attempted to make the DFA's table a bit more explicit in this CL. Still, the
linter prevents me from letting me present the array as a "table" in source
code. For a better representation, please refer to
https://docs.google.com/spreadsheets/d/1L9STtkmWs-A7HdK5ZmZ-wPZ_VBjQ3-Jj_xN9c6_hLKA
- - - - -
Now for a big copy-paste from 789560:
Essentially, reworks a standard FSM (imagine an
array of structs) and flattens it out into a single-dimension array.
Using Table 3-7 of the Unicode 10.0.0 standard (page 126 of
http://www.unicode.org/versions/Unicode10.0.0/ch03.pdf), we can nicely
map all bytes into one of 12 character classes:
00. 0x00-0x7F
01. 0x80-0x8F (split from general continuation because this range is not
valid after a 0xF0 leading byte)
02. 0x90-0x9F (split from general continuation because this range is not
valid after a 0xE0 nor a 0xF4 leading byte)
03. 0xA0-0xBF (the rest of the continuation range)
04. 0xC0-0xC1, 0xF5-0xFF (the joined range of invalid bytes, notice this
includes 255 which we use as a known bad byte during hex-to-int
decoding)
05. 0xC2-0xDF (leading bytes which require any continuation byte
afterwards)
06. 0xE0 (leading byte which requires a 0xA0-0xBF afterwards then any
continuation byte after that)
07. 0xE1-0xEC, 0xEE-0xEF (leading bytes which requires any continuation
afterwards then any continuation byte after that)
08. 0xED (leading byte which requires a 0x80-0x9F afterwards then any
continuation byte after that)
09. 0xF1-F3 (leading bytes which requires any continuation byte
afterwards then any continuation byte then any continuation byte)
10. 0xF0 (leading bytes which requires a 0x90-0xBF afterwards then any
continuation byte then any continuation byte)
11. 0xF4 (leading bytes which requires a 0x80-0x8F afterwards then any
continuation byte then any continuation byte)
Note that 0xF0 and 0xF1-0xF3 were swapped so that fewer bytes were
needed to represent the transition state ("9, 10, 10, 10" vs.
"10, 9, 9, 9").
Using these 12 classes as "transitions", we can map from one state to
the next. Each state is defined as some multiple of 12, so that we're
always starting at the 0th column of each row of the FSM. From each
state, we add the transition and get a index of the new row the FSM is
entering.
If at any point we encounter a bad byte, the state + bad-byte-transition
is guaranteed to map us into the first row of the FSM (which contains no
valid exiting transitions).
The key differences from Björn's original (or his self-modified) DFA is
the "bad" state is now mapped to 0 (or the first row of the FSM) instead
of 12 (the second row). This saves ~50 bytes when gzipping, and also
speeds up determining if a string is properly encoded (see his sample
code at http://bjoern.hoehrmann.de/utf-8/decoder/dfa/#performance).
Finally, I've replace his ternary check with an array access, to make
the algorithm branchless. This places a requirement on the caller to 0
out the code point between successful decodings, which it could always
have done because it's already branching.
R=marja@google.com
Bug:
Change-Id: I574f208a84dc5d06caba17127b0d41f7ce1a3395
Reviewed-on: https://chromium-review.googlesource.com/805357
Commit-Queue: Justin Ridgewell <jridgewell@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50012}
Since we have only unittests that are under GoogleTestSuite there
is no need to keep it as a default suite and we can make it
specific for unittests.
Bug: v8:6917
Change-Id: Ie2d57342773f228dea72184ab0f2abfc9d2daa70
Reviewed-on: https://chromium-review.googlesource.com/819253
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50011}
Includes drive-by fix of a small BigInt bug, as caught by
test262/built-ins/BigInt/constructor-from-string-syntax-errors
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ic3b78310912f84bbf904a1fcb7ddf2d7eb2df013
Reviewed-on: https://chromium-review.googlesource.com/817775
Reviewed-by: Sathya Gunasekaran (ooo until 12/12) <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50010}