Previously we would shift the length of the string by three, which
could overflow with the new larger string length limit. Now we check
that the length will fit without extra allocation before and after
the shift, because really large strings will never fit, and will
always go to the Checked case.
Bug: chromium:748069, v8:6148
Change-Id: I41cac14b0fde6c5e8ca92305a052cbb743111554
Reviewed-on: https://chromium-review.googlesource.com/584611
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46896}
This brings the wasm-constants.js file inline with that (forked copy) in
the WebAssembly spec repo, which should make it easier to export tests
from V8 to the spec in the future.
R=clemensh@chromium.org
Bug:
Change-Id: I7db23efc2d671f65b614f9dbc97ae2f355f91b04
Reviewed-on: https://chromium-review.googlesource.com/586248
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46894}
In definitions for BranchShortHelperR6 and BranchAndLinkShortHelperR6
are noted many source code lines which are very often repeated or very
similar. These lines of code calcluate offsets and for them this CL
introduces functions CalculateOffset().
TEST=
BUG=
Change-Id: Ia64020efaeab207e72fc00d1dcb5b35a4003f36a
Reviewed-on: https://chromium-review.googlesource.com/574229
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Reviewed-by: Miran Karić <Miran.Karic@imgtec.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#46893}
The CL introduces optimizations in code generator to MipsTst, MipsCmp,
MipsCmpS and MipsCmpD instructions for mips32 and Mips64Tst, Mips64Cmp,
Mips64CmpS and Mips64CmpD for mips64.
BUG=
Change-Id: I6daf465e0ac7475691078b4d683da5247df6ea99
Reviewed-on: https://chromium-review.googlesource.com/584529
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Commit-Queue: Miran Karić <Miran.Karic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#46892}
This DCHECK would have triggered in the test cases in the attached bug.
Bug: chromium:740591
Change-Id: Ib8e866fe60f5f4ee825e6772f68be768925ed792
Reviewed-on: https://chromium-review.googlesource.com/585401
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46891}
The yield* statement when used in combination with async iterators is not
supported yet, as that is desugared into a more complex construct that doesn't
offer a good dedicated bytecode to attach the source range information yet.
Note that invocation counts of generator functions are incorrect as they count
each resumption as an individual call. See https://crbug.com/v8/6594.
Bug: v8:6000
Change-Id: I7ac7073473c9b64bb207cdbc4dab083ec1145656
Reviewed-on: https://chromium-review.googlesource.com/582690
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46890}
This switches the {StdlibSet} to be a data structure that does not
require dynamic memory allocation. This makes it easier to carry it
around as part of a {CompilationJob} and serialize it into the heap.
R=clemensh@chromium.org
Change-Id: I77b2353cfdcd9438a26f04d00749159fed9b9b6c
Reviewed-on: https://chromium-review.googlesource.com/584868
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46889}
Refactor common test code into code-coverage-utils.js and add tests to
verify counter behavior in opt/no-opt situations.
Bug: v8:6000
Change-Id: I07e62345476e8c81521c491ae605ddaf71600667
Reviewed-on: https://chromium-review.googlesource.com/584449
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46888}
Before we try to do ASI and fail with a generic error, we special case
for the await token in the failure case.
Bug: v8:6572, v8:6513
Change-Id: Ia050c98b5a5b20bc326f429a367635b8553e4112
Reviewed-on: https://chromium-review.googlesource.com/582210
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46885}
With this patch, rather than embedding the JSReceiver address directly
in the WasmToJS wrappers, we put that in a fixed array with global handle
scope and instead embed the location of the handle and the index in the
wrapper. This ensures that the wrapper doesn't need to be patched if the
GC kicks in. This is needed to get the WASM code off the GCed heap.
R=mtrofin@chromium.org
Bug:
Change-Id: Ie5a77a78cdecec51b04f702c63b8e4285e6a2d8d
Reviewed-on: https://chromium-review.googlesource.com/581682
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46884}
Remove need for shuffling of accumulator and operand registers when
suspending a generator
BUG=v8:6351
TBR=bmeurer@chromium.org
Change-Id: I372509adc03b9781716412b809639554fe16e372
Reviewed-on: https://chromium-review.googlesource.com/578377
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46883}
Bug: chromium:740591
Change-Id: I869be41d8630b23704b9470c4d3db8a21bbde873
Reviewed-on: https://chromium-review.googlesource.com/583531
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46881}
- Changes some instance fields from VM pointers to VM.
- Changes some comments to correctly describe code.
Bug: v8:6635
Change-Id: I9ec93ef0b09d541c966caa6482c5832cd6b1e149
Reviewed-on: https://chromium-review.googlesource.com/584931
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46880}
Allow appending expressions to a CSA_ASSERT call, which will be printed
if the assert fails, e.g.
CSA_ASSERT(csa, IsFixedArray(array), array)
->
CSA_ASSERT failed: IsFixedArray(array) [../../src/foo.cc]
* array: 0x12345678 <SharedFunctionInfo>
This helps debug assert failures where it may not be immediately obvious
why the assert failed, and the runtime call to print the failure has
already clobbered the registers used by the predicate.
Currently, the number of additional expressions is limited to 5, for
macro simplicity.
Change-Id: I000b6806ea0f8f9240493b3606c9f845ca65faf9
Reviewed-on: https://chromium-review.googlesource.com/584752
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46878}
The manual monthly update of the wasm spec tests.
R=rossberg@chromium.org
Change-Id: I7d30750f18d6b4e53bbb59e24e040b1bd87d7eba
Reviewed-on: https://chromium-review.googlesource.com/584750
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46877}
os.system uses fork(), which is not supported by ASAN/LSAN. Some fuzz tests
consist of js code that randomly picks properties and functions and calls them.
Sometimes, this combination means ASAN will report false positives.
Bug: chromium:740361
Change-Id: Id8d517263251a1fe88abadd33b0225c664b00498
Reviewed-on: https://chromium-review.googlesource.com/580313
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46876}
Empty Array literals are amongst the most commonly used literal types on our
top25 page list. Using a custom bytecode we can drop the boilerplate for empty
Array literals alltogether. However, we still need a proper AllocationSite to
track ElementsKind transitions.
Bug: v8:6211, chromium:746935
Change-Id: I891eaa778e4e81e138e483a65f04ae00ae30bd28
Reviewed-on: https://chromium-review.googlesource.com/580932
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46875}
Rather than using an ad-hock ownership model for ast_value_factory, use a
shared_ptr.
BUG=v8:5203
Change-Id: I5f2a573c8b175a3138ad8b01aa78bddadd16e6d3
Reviewed-on: https://chromium-review.googlesource.com/582628
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46874}
This must throw for uninitialized properties.
R=adamk@chromium.org
Bug: v8:1569, v8:5487
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I8beb8bf6a197870eb5c038102ab474dd12f6b6eb
Reviewed-on: https://chromium-review.googlesource.com/582013
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46870}
Now that we are writing more complex code in the effect control
linearizer, it can be helpful to stop in certain cases during
development / debugging.
Bug:
Change-Id: Ibeafe807c43e092534509d4d9c3f84f9c20525a5
Reviewed-on: https://chromium-review.googlesource.com/584749
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46869}
Reland of https://chromium-review.googlesource.com/c/544888/.
Instead of counting profiler ticks on the shared function info (which is
shared between native contexts), count them on the feedback vector
(which is not). This allows us to continue pushing optimization
decisions off the SFI, onto the feedback vector.
Note that a side-effect of this is that ICs don't have to walk the stack
to reset profiler ticks, as they can access the feedback vector directly
from their feedback nexus.
Change-Id: I7aa6baed03f726843d1b62629c72b74f05114b48
Reviewed-on: https://chromium-review.googlesource.com/579051
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46868}
This adds a missing swarming config to the ubsan builders to fix
test isolation.
This also adds ubsan_vptr to the inferred options from build metadata.
For ubsan_vptr builds, the test runner makes sure to set up the
required options.
TBR=ishell@chromium.org
Bug: chromium:726584
Change-Id: I9667ba2b6d9d0f363f7cc94d23308e09da002d99
Reviewed-on: https://chromium-review.googlesource.com/577689
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46866}
This reverts commit 87aae715df.
Reason for revert: Speculative revert because of ASAN leaks in https://chromium-review.googlesource.com/584488
Original change's description:
> [inspector] support for cases when embedder doesn't call contextDestroyed
>
> Node.js doesn't have good place to call contextDestroyed.
> We need to cleanup everything on our side to allow clients to not call
> contextDestroyed method.
>
> R=dgozman@chromium.org,eostroukhov@google.com
>
> Bug: none
> Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I6bfd4d6039f53eb994a2d20ecbca650744564e29
> Reviewed-on: https://chromium-review.googlesource.com/575519
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46849}
TBR=dgozman@chromium.org,kozyatinskiy@chromium.org,eostroukhov@google.com,eostroukhov@chromium.org
Change-Id: Ic3c2764159f809536670f73ab0cd5ea37317d400
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/584767
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46865}
This reverts commit 8580529302.
Reason for revert: increased memory usage on benchmarks.
BUG=chromium:747806
Original change's description:
> [heap] Remove clearing of caches and counter of shared function info in
> marking visitors.
>
> This makes incremental and concurrent visitors of share function infos
> side-effect free.
>
> BUG=chromium:694255
>
> Change-Id: I85ee7bac17f17bdbc101ef64ecfb46020b5b3458
> Reviewed-on: https://chromium-review.googlesource.com/574851
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46796}
TBR=ulan@chromium.org,mlippautz@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:694255
Change-Id: Id28551ce8378820b0272721b7efb388727c442d4
Reviewed-on: https://chromium-review.googlesource.com/584288
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46864}
Moves AsmJs compilation into an AsmJs compilation job. This enables it
to be treated like other unoptimized compilations and avoids some
special-casing in compiler.cc.
BUG=v8:5203
Change-Id: I71ad27e3f72815b4c4074634fff0d168a9c89102
Reviewed-on: https://chromium-review.googlesource.com/581487
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46863}
Move ScopeInfo allocation out of DeclarationScope::Analyse and do it later
in the compile when finalizing unoptimized code generation. This is to enable
scope analysis to be done without heap allocation so it could run off-thread.
BUG=v8:5203
Change-Id: I954aacd4353925bbbd5a940d979027de2c52e1fd
Reviewed-on: https://chromium-review.googlesource.com/581108
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46862}
This is so that we can distinguish hash tables by instance type. We can
then introduce maps for each kind of hash tables to further distinguish.
R=mstarzinger@chromium.org
Bug: v8:6593
Change-Id: Ice9e6bb7b85d825207ac489b6930ac9020d60db8
Reviewed-on: https://chromium-review.googlesource.com/582814
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46861}
We currently have a fixed limit of 256 characters for error messages
generated in the decoder. However, we sometimes embed names in it,
which makes it easy to generate a crash by using long names (e.g. for
exports) in invalid wasm modules.
This CL fixes this by switching to a stream based interface, allowing
to pass arbitrary objects to be printed. With this interface, we can
easily limit the length of output later.
R=titzer@chromium.org
Bug: chromium:740023
Change-Id: I2848c31c63a015157e2a3a9458b54e523060cd69
Reviewed-on: https://chromium-review.googlesource.com/565282
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46860}
Add a third parameter to {AsHex} which specifies whether the prefix
"0x" should be printed. Also, add the {AsHexBytes} helper which
outputs the hex number as individual bytes separated by a whitespace.
Also add unit tests for both helpers.
Both helper will be used in an upcoming refactoring of wasm error
messages:
https://chromium-review.googlesource.com/c/565282R=titzer@chromium.org
Change-Id: I42d5ace9841ffb918cb4d6803b6347229e446097
Reviewed-on: https://chromium-review.googlesource.com/583448
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46859}
Extend the errors.js mjsunit test to also check for the message in the
generated errors. This will help catch bugs later, e.g. when
refactoring the way we output errors:
https://chromium-review.googlesource.com/c/565282
Drive-by 1: Fix a superfluous period in one error message.
Drive-by 2: Fix a weird exception catching construct in the test.
R=titzer@chromium.org
Change-Id: I1c2e92fb2c34a481cbf8802153f8502452d45348
Reviewed-on: https://chromium-review.googlesource.com/582960
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46858}
The second f1 function would overwrite the first, breaking all tests
that were intended to use the first f1 definition.
Bug:
Change-Id: I79dd1ae344ebf3cf08991d550983f1b01274b352
Reviewed-on: https://chromium-review.googlesource.com/581528
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46856}
Inside of V8 there's no use of InternalPackedArray left, so no need to
keep that around.
R=yangguo@chromium.org
Change-Id: I819fc400ef46353339596dec98b70df2d442ed47
Reviewed-on: https://chromium-review.googlesource.com/583653
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46853}
A Phi is necessary to carry the ElementsKind forward in case transitions
are taken.
Bug: chromium:747075
Change-Id: I9d9d66b0219fe3f67d08536f4d478ee300c76acb
Reviewed-on: https://chromium-review.googlesource.com/583090
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46852}
This CL adds support for ArrayBuffer and SharedArrayBuffer subtypes for injected
script source. It also adds the byteLength/size to the description of these
objects and for the upcoming "blob" subtype when appropriate.
This is dependent on a DevTools frontend patch to accept these new subtypes:
https://chromium-review.googlesource.com/c/582427/
Bug: chromium:653620
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: If8f612b54e82e6fd2f056545bd521868ba7349fd
Reviewed-on: https://chromium-review.googlesource.com/582233
Commit-Queue: Erik Luo <luoe@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46851}
Node.js doesn't have good place to call contextDestroyed.
We need to cleanup everything on our side to allow clients to not call
contextDestroyed method.
R=dgozman@chromium.org,eostroukhov@google.com
Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6bfd4d6039f53eb994a2d20ecbca650744564e29
Reviewed-on: https://chromium-review.googlesource.com/575519
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46849}