- Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
- Changes OS::Allocate to take alignment parameter, reorders parameters
to match page_allocator.
- Since the size of memory allocation can be deduced, don't return the
amount of memory allocated.
- Changes reservation of aligned address space. Before we would reserve
(size + alignment) rounded up to page size. This is too much, because
maximum misalignment is (alignment - page_size).
- On Windows and Cygwin, we release an oversize allocation and
immediately retry at the aligned address in the allocation. If we
lose the address due to a race, we just retry.
- Clean up all the calls to OS::Allocate in codegen and tests by adding
helper AllocateSystemPage function (allocation.h) and
AllocateAssemblerBuffer (cctest.h).
- Changes 'assm' to 'masm' in some targets for consistency when using
a macro-assembler.
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
Reviewed-on: https://chromium-review.googlesource.com/749848
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49235}
Now that ICU 60.1 was autorolled in, reenable
number-format/format-currency test the expected result of which was
adjusted to match the output from ICU 60.1/CLDR 32.
Bug: chromium:766816
Test: intl/number-format/format-currency
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If58d493821d505b86202e134b9e2061504dd5e6a
Reviewed-on: https://chromium-review.googlesource.com/758027
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49234}
Function prologues created slots for callee-saved registers twice on all platforms.
This didn't affect JS because it doesn't use callee-save, but would probably have
badly broken exceptions raised in Wasm code because Isolate::UnwindAndFindHandler
was restoring registers and SP incorrectly. It also broke the in-progress CL for
on-stack multiple returns.
No tests included with this fix, because currently it is almost impossible to test
directly (according to mstarzinger). But it will be tested indirectly via the upcoming
multi-return support.
Change-Id: If763cafc03de0a912eca48d5e25e8edfc4552b24
Reviewed-on: https://chromium-review.googlesource.com/758374
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49233}
For each single bug, the fuzzer might find many very similar inputs
which trigger this bug. All of them are reported as individual bugs
currently, which means lots of noise in bug reports and increased
workload for the clusterfuzz sheriffs.
After this change, all bugs of the same category ("compiles !=
validates", "interpreter != liftoff", ...) will be grouped together.
This requires us to fix them soon after reporting, as they will hide
all other bugs of the same category.
R=ahaas@chromium.orgCC=mmoroz@chromium.org
Change-Id: Ie203eed0c7681e3450df977b10c0d9dbbc402d34
Reviewed-on: https://chromium-review.googlesource.com/758438
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49231}
Instead of disabling the entire RegExp Unicode property escape test
suite, this patch explicitly lists the failing tests and only disables
them.
BUG=v8:4743
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If398eb4fcc8d9d96279dc5afb29489e699744d9f
Reviewed-on: https://chromium-review.googlesource.com/758757
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49230}
This patch adds support for Emoji_Component within Unicode property
escapes in regular expressions.
The Emoji_Component binary property was added in Emoji data v5
and is supported in ICU 60.1.
An `#if` directive is used to prevent breaking Node.js until they
update their ICU.
BUG=v8:4743
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If1b49a4c175e88f1840ca5ef8d57829d6d8c3291
Reviewed-on: https://chromium-review.googlesource.com/758261
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49229}
They have been meaning the same thing for a while now.
R=jarin@chromium.org
Bug:
Change-Id: Ie5988e6429b795babfa1e1f79841a9f03b8362dc
Reviewed-on: https://chromium-review.googlesource.com/758268
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49228}
Arm64 jumbo builds might otherwise select the CountTrailingZeros function
from utils-arm64.h as a closer match, and fail to build due to differences
in the function prototype.
Bug: chromium:782640
Change-Id: Ie26d71b34aaf0e3ae5020597fed506df83b7d0ea
Reviewed-on: https://chromium-review.googlesource.com/758271
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#49226}
This is a cleanup.
R=jarin@chromium.org
Bug:
Change-Id: I1621fde3f2a7da03ceca781b96d5ffec44eb8168
Reviewed-on: https://chromium-review.googlesource.com/758373
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49225}
There's three common situations in which we need to create JSFunction
objects. 1) from the compiler, 2) from tests, and 3) everything else
(mostly during bootstrapping).
This is an attempt to simplify case 3), which previously relied on
several Factory::NewFunction overloads where it was not clear how the
semantics of each overload differed.
This CL removes all but one overload, and packs arguments into a new
NewFunctionArgs helper class.
It also removes the hacks around
SFI::set_lazy_deserialization_builtin_id by explicitly passing
builtin_id into Factory::NewSharedFunctionInfo.
Drive-by-fix: Properly set is_constructor hint in
SimpleCreateSharedFunctionInfo.
Bug: v8:6624
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ica94d95e72e443055db5e7ff9e8cdf4115201ef1
Reviewed-on: https://chromium-review.googlesource.com/757094
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49224}
Flip this for a day or two to gather perf bot results & stability
issues. Results will be collected in https://crbug.com/782637.
TBR=hablich@chromium.org
Bug: v8:6624, chromium:782637
Change-Id: I70eb5d6287d4723f935715ef80d9ba129dc282f0
Reviewed-on: https://chromium-review.googlesource.com/758375
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49222}
The C_WASM_ENTRY only calls wasm code, so (outgoing) parameters of this
code are always untagged.
R=ahaas@chromium.org
Bug: v8:7049
Change-Id: I989908eea668bd56aa88f3f1744105d218584ef1
Reviewed-on: https://chromium-review.googlesource.com/758245
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49221}
Add support for interpreter bytecode handlers that are deserialized
lazily immediately before they are first used.
Design doc: http://goo.gl/QxZBL2
Bug: v8:6624
Change-Id: Id68844ed14e76ca781b0bfe42c25a94b4fed1ae5
Reviewed-on: https://chromium-review.googlesource.com/750982
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49220}
We explicitly serialize the backing store when we see the TypedArray.
We then put the reference in the external_pointer. To recalculate the
backing_store pointer during deserialization, we have to keep track of
each TypedArray and then fix up the pointer by adding the offset again.
Bug: v8:6966
Change-Id: I105d44413cffe5766c23c2a3d32ca2b78b5f22e8
Reviewed-on: https://chromium-review.googlesource.com/751269
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49219}
We already have a helper method for generating a sequence of values.
Reuse this instead of reimplementing the same thing two more times.
R=ahaas@chromium.orgCC=eholk@chromium.org
Change-Id: Ifbbe1324173951156c1ec9bba84fd1aa4bcb2adb
Reviewed-on: https://chromium-review.googlesource.com/758365
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49216}
The FixedArray holding the export wrappers is never being used before
creating the WasmCompiledModule, so there is no need to store it in a
field on the WasmCompilationJob. Just create it when creating the
WasmCompiledModule.
R=ahaas@chromium.org
CC=mtrofin@chromium.org
Change-Id: Ibdca3d5c58faf4b52df10560bdf2734fdd7a4656
Reviewed-on: https://chromium-review.googlesource.com/758242
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49214}
The regexp fast path in MaybeCallFunctionAtSymbol had an issue in which
we'd call ToString after checking that the given {object} was a fast
regexp and deciding to take the fast path. This is invalid since
ToString() can call into user-controlled JS and may mutate {object}.
There's no way to place the ToString call correctly in this instance:
1 before BranchIfFastRegExp, it's a spec violation if we end up on the
slow regexp path;
2 the problem with the current location is already described above;
3 and we can't place it into the fast-path regexp builtin (e.g.
RegExpReplace) either due to the same reasons as 1.
The solution in this CL is to restrict the fast path to string
arguments only, i.e. cases where ToString would be a nop and can safely
be skipped.
Bug: chromium:782145
Change-Id: Ifd35b3a9a6cf2e77c96cb860a8ec98eaec35aa85
Reviewed-on: https://chromium-review.googlesource.com/758257
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49213}
This reverts commit ba76ad68e3.
Reason for revert: Broke GCStress on arm64 port...investigating
Original change's description:
> [Turbofan] Introduce AllocateRaw node
>
> In order to simplify and verify the TurboFan graph, we
> need to wire allocations into the control chain after
> effect control linearization.
>
> Bug: v8:7002
> Change-Id: I4c5956c8d16773d721482d46a0b407bee01a9597
> Reviewed-on: https://chromium-review.googlesource.com/738139
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49209}
TBR=mvstanton@chromium.org,jarin@chromium.org
Change-Id: I98669fdff1b960912d6eaad239776262f7bf8c67
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7002
Reviewed-on: https://chromium-review.googlesource.com/758396
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49212}
In order to simplify and verify the TurboFan graph, we
need to wire allocations into the control chain after
effect control linearization.
Bug: v8:7002
Change-Id: I4c5956c8d16773d721482d46a0b407bee01a9597
Reviewed-on: https://chromium-review.googlesource.com/738139
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49209}
Creates a new initializer function to instantiate instance class
fields in a base class.
An initializer function (similar to the one created for static fields)
is created during class declaration and assigned to a synthetic
context allocated variable.
This function is loaded from the variable during instantiation (when
the constructor is run) and run.
Bug: v8:5367
Change-Id: Ie11c2183b3001234ae41d7bcc2cb9b02c0764ab5
Reviewed-on: https://chromium-review.googlesource.com/754445
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49207}
Update the expected result for intl/number-format/format-currency
to match the output of ICU 60/CLDR 32.
Disable the test while ICU is rolled to ICU 60.1. This will be enabled
once v8 picks up the ICU roll to 60.1.
Bug: chromium:766816
Test: intl/numbuer-format/*
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Id6ffe149e9105ca050c6398d484437e1c88c2794
Reviewed-on: https://chromium-review.googlesource.com/756643
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49206}
This is in preparation for wasm on the native heap. All the
aforementioned API needs is the address where the JIT-ed code starts.
This refactoring reduces the dependency of the API to just that.
Bug: v8:6876
Change-Id: I00bbb171398f581db41b8a74ab719e8ea4db52c4
Reviewed-on: https://chromium-review.googlesource.com/755624
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49204}
Thanks Igor and Jakob for the hard work to migrate ICs to data-driven handlers!
This is done as of this CL.
Bug: v8:5561
Change-Id: Icf1ddf0065e3aa85ac7efe4b99f74821ce3c0ac2
Reviewed-on: https://chromium-review.googlesource.com/756842
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49203}
We no longer need the kAlreadyVisitedSlot because we can just check
for undefined in the kPromiseSlot to know if the clsoure was already
fulfilled.
This means we save one word per context per promise resolving closure.
Bug: v8:7037
Change-Id: Ib8f0fb445d2e143714d57fe644ba6d7a3f04c1f7
Reviewed-on: https://chromium-review.googlesource.com/756176
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49200}
The logic for wrapper compilation is the same in the sync and
async cases. Moreover, when moving wasm off the GC heap, we'll
initially skip serializing the wrappers, and regenerate them,
using the same logic, at deserialization.
Longer term, we intend to make the serialization format for wasm
more resilient wrt V8 versioning, time at which this separation
will continue playing a role: cross-v8 versions, wrappers will
be recompiled (instead of deserialzied), while wasm code may just
be deserialized.
Bug: v8:6876
Change-Id: I8d9ba835e7c83bb8d1f47163f62396a6fa17661d
Reviewed-on: https://chromium-review.googlesource.com/755542
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49198}
Valid prototype chain validity cells should have an initial value of
"Map::kPrototypeChainValid", not zero (even though they're the same).
Bug:
Change-Id: I7d3df7d2e3382f20ed598b387612bb48428e0fa0
Reviewed-on: https://chromium-review.googlesource.com/757140
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49196}
This is a reland of 34e3e7f91b
Original change's description:
> Introduce gc flag for fuzzing over compaction.
>
> Bug: v8:6972
> Change-Id: If1f4ee04ae00c6ae1e037bbb1ca758e952a8f843
> Reviewed-on: https://chromium-review.googlesource.com/738112
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Michał Majewski <majeski@google.com>
> Cr-Commit-Position: refs/heads/master@{#49191}
Bug: v8:6972
Change-Id: I690a72a6d5da17c6f15449b2be4cbb681a67e60e
Reviewed-on: https://chromium-review.googlesource.com/756894
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#49195}
This gives up on earlier attempts to interpret DeadValue as a signal of
unreachable code. This does not work because free-floating dead value
nodes, and even pure branch nodes that use them, can get scheduled so
early that they get reachable. Instead, we now eagerly remove branches
that use DeadValue in DeadCodeElimination and replace DeadValue inputs
to value phi nodes with dummy values.
Reland of https://chromium-review.googlesource.com/715716
Bug: chromium:741225 chromium:776256
Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
Reviewed-on: https://chromium-review.googlesource.com/727893
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49188}
