... as there's no search involved and there are never multiple names.
Change-Id: Ice88c4d98195e74f6540926b0a1199df62b42da2
Reviewed-on: https://chromium-review.googlesource.com/c/1466645
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59532}
This CL contains the following changes:
(1) Allocate memory for WasmTables in the WasmInstance.
- We extend the WasmInstance by a FixedArray which stores
references to the WasmTables.
(2) Rename the name of the backing store of WasmTables from `functions`
to `elements`.
- The name `functions` just does not fit anyref tables.
(3) Generate code with TurboFan for table.get and table.set.
(4) Extend wasm-module-builder.js to be able to generate modules with
multiple tables.
(5) Add mjsunit tests to test table.get and table.set.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I44af4838ee7a37b394841a2f673ecae5734a4d1c
Reviewed-on: https://chromium-review.googlesource.com/c/1463519
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59529}
Most of the users of InNewSpace actually mean InYoungGeneration.
Subsequent CL will remove InNewSpace to avoid confusion.
Bug: chromium:852420
Tbr: mlippautz@chromium.org
Change-Id: I6234d162d51c215787972e7ada1cd5b804b60fda
Reviewed-on: https://chromium-review.googlesource.com/c/1463521
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59523}
This avoids confusion with the code that is being generated.
R=sigurds@chromium.org
Change-Id: Icb5bd417ca8502553af201654cca1419b9eac87d
Reviewed-on: https://chromium-review.googlesource.com/c/1462001
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59522}
Currently, PRIVATE_NAME / PrivateIdentifier is not valid in
ObjectLiterals or other places expecting the PropertyName production.
A SyntaxError here prevents an access violation later on when attempting
to dereference a null property key
BUG=v8:8808
R=gsathya@chromium.org, littledan@chromium.org
Change-Id: Idde9c669cb48c1595b83115351a8fe0caed40eef
Reviewed-on: https://chromium-review.googlesource.com/c/1461161
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#59515}
The line number is associated with each sample along with pointer
to the ProfileNode and timeDelta. Once collected line numbers are
streamed as an array of integers in "ProfileChunk" trace events.
If all the line numbers are zero, the array may be omitted. Otherwise
the array length matches length of samples and timeDeltas arrays.
BUG=chromium:925089
Change-Id: I1ef5cd1b208b03bb127f4d17b1efa74c01959542
Reviewed-on: https://chromium-review.googlesource.com/c/1459739
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59514}
Given a map, its HasNonInstancePrototype bit in bit_field can differ
from the same bit in that map's root map. If that is the case just
return false from the equivalence check. (Currently, we just assert
that bit_field is the same for a map and its root map.)
Bug: chromium:930486
Change-Id: Ic0eb83f80725fb1224e0f97927127e1cb8ad92e6
Reviewed-on: https://chromium-review.googlesource.com/c/1462004
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59508}
Fixes a segfault that occurs when v8::CpuProfilers are restarted caused
by the reuse of a stale CodeEventObserver.
Bug: chromium:929928
Change-Id: I5d5f7eaf5cd903910130cdb0cfec8c3fd6608edd
Reviewed-on: https://chromium-review.googlesource.com/c/1459740
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59506}
The spec specifies that a non-true return values from the trap functions
should be treated as error in the strict mode. With the new lazy feedback
effort inferring the language mode is expensive and causes regression on
these tests. Since the test doesn't actually need to test this, fixing
them to return true would help test the performance of calling the trap
without the unnecessary overhead of inferring the language mode.
Bug: chromium:925289
Change-Id: Ib650c3210ee260296257ae3b56174099a5492675
Reviewed-on: https://chromium-review.googlesource.com/c/1462959
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59505}
The test says that it is testing dictionary mode, but it is only
creating fast mode arrays.
Bug: chromium:852420
Change-Id: I99ccc997aaa87ecf49bddf02e46b7e543f535374
Reviewed-on: https://chromium-review.googlesource.com/c/1462918
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59504}
When executing the interpreter, we should not try to create compiled
code. Otherwise we cannot implement and test a feature in the
interpreter in isolation.
R=ahaas@chromium.orgCC=fgm@chromium.org
Change-Id: I2074de31650a52b38b2f6e530e20b427d2d1db65
Reviewed-on: https://chromium-review.googlesource.com/c/1462876
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59493}
That way we can properly walk the active ambiguous stack of expressions and
stop where it's non-ambiguous. In the bug we would have forced context
allocation of "this" in an outer function because an inner function was parsed
as part of an arrow function head and "this" was referenced. That caused the
ambiguous arrow head scope to be marked, even though the reference came from a
non-ambiguous function.
Bug: chromium:930580
Change-Id: I0bf0fa569e2d2ca1dc26b0514fe5bdb48ab7ae6f
Reviewed-on: https://chromium-review.googlesource.com/c/1462005
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59488}
This is a reland of 7179cdb116
The node integration build failure appears to be constant.
Original change's description:
> Reland "Introduce a PREMONOMORPHIC state to StoreGlobalIC"
>
> (Fixed test failure in lite-mode)
>
> Introduce a PREMONOMORPHIC state to StoreGlobalIC
>
> It's used rather narrowly for now -- only when we run into an
> interceptor during the lookup. After the call to SetProperty, we know
> more. That is, the interceptor was only there because it's a new
> property, and the call to SetProperty ends up creating it.
>
> By delaying the initialization of the IC, we recognize the (now)
> created property, and can provide good feedback downstream to
> TurboFan.
>
> TBR=ishell@chromium.org
>
> Bug: v8:8712
> Change-Id: Ieb79dcf1354ee294ad0f479a4a6c41a77f389850
> Reviewed-on: https://chromium-review.googlesource.com/c/1460955
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59483}
TBR=ishell@chromium.org
Bug: v8:8712
Change-Id: I31aa4c066ff46cb39187eed392313d2e524f4445
Reviewed-on: https://chromium-review.googlesource.com/c/1461998
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59485}
This reverts commit 7179cdb116.
Reason for revert: Breaks node integration build.
Original change's description:
> Reland "Introduce a PREMONOMORPHIC state to StoreGlobalIC"
>
> (Fixed test failure in lite-mode)
>
> Introduce a PREMONOMORPHIC state to StoreGlobalIC
>
> It's used rather narrowly for now -- only when we run into an
> interceptor during the lookup. After the call to SetProperty, we know
> more. That is, the interceptor was only there because it's a new
> property, and the call to SetProperty ends up creating it.
>
> By delaying the initialization of the IC, we recognize the (now)
> created property, and can provide good feedback downstream to
> TurboFan.
>
> TBR=ishell@chromium.org
>
> Bug: v8:8712
> Change-Id: Ieb79dcf1354ee294ad0f479a4a6c41a77f389850
> Reviewed-on: https://chromium-review.googlesource.com/c/1460955
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59483}
TBR=mvstanton@chromium.org,ishell@chromium.org
Change-Id: Ifd45908ee66760ef9199d9722b7e558c31f77830
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8712
Reviewed-on: https://chromium-review.googlesource.com/c/1461997
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59484}
(Fixed test failure in lite-mode)
Introduce a PREMONOMORPHIC state to StoreGlobalIC
It's used rather narrowly for now -- only when we run into an
interceptor during the lookup. After the call to SetProperty, we know
more. That is, the interceptor was only there because it's a new
property, and the call to SetProperty ends up creating it.
By delaying the initialization of the IC, we recognize the (now)
created property, and can provide good feedback downstream to
TurboFan.
TBR=ishell@chromium.org
Bug: v8:8712
Change-Id: Ieb79dcf1354ee294ad0f479a4a6c41a77f389850
Reviewed-on: https://chromium-review.googlesource.com/c/1460955
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59483}
This reverts commit ec06b5c456.
Reason for revert: Breaks "lite" builder.
Original change's description:
> Introduce a PREMONOMORPHIC state to StoreGlobalIC
>
> It's used rather narrowly for now -- only when we run into an
> interceptor during the lookup. After the call to SetProperty, we know
> more. That is, the interceptor was only there because it's a new
> property, and the call to SetProperty ends up creating it.
>
> By delaying the initialization of the IC, we recognize the (now)
> created property, and can provide good feedback downstream to
> TurboFan.
>
> Bug: v8:8712
> Change-Id: I4e10ba220c8363b393c6de84ce35fe5ef0e9c427
> Reviewed-on: https://chromium-review.googlesource.com/c/1456090
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59481}
TBR=mvstanton@chromium.org,ishell@google.com,ishell@chromium.org
Change-Id: I072a55275d64315924090a68247bb430f5c4f03d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8712
Reviewed-on: https://chromium-review.googlesource.com/c/1460954
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59482}
It's used rather narrowly for now -- only when we run into an
interceptor during the lookup. After the call to SetProperty, we know
more. That is, the interceptor was only there because it's a new
property, and the call to SetProperty ends up creating it.
By delaying the initialization of the IC, we recognize the (now)
created property, and can provide good feedback downstream to
TurboFan.
Bug: v8:8712
Change-Id: I4e10ba220c8363b393c6de84ce35fe5ef0e9c427
Reviewed-on: https://chromium-review.googlesource.com/c/1456090
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59481}
Bailout from map update if there are private symbol transitions on
non-extensible maps.
Bug: chromium:930045
Change-Id: I02fbea0ec0afde07cded688c06122d8f2bb25921
Reviewed-on: https://chromium-review.googlesource.com/c/1460949
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59480}
HeapObject::SizeFromMap() was too large to get inlined anyway.
HeapObject::IsFoo() predicates should be implemented in foo-inl.h,
because that's what they depend on.
This patch also fixes up includes: dropping unnecessary ones from
object-inl.h, and adding them in other places that previously
relied on getting them transitively.
Bug: v8:8562
Change-Id: Id062bed67257d9dc1899f2d71f44cf69a1368c83
Reviewed-on: https://chromium-review.googlesource.com/c/1450778
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59478}
This commit allows inlining of Array#indexOf and Array#includes when the array type is polymorphic for types that are compatable for array iteration.
Bug: v8:8388
Change-Id: Ib826bad857c7dfe0ee7af99bb456b50b7a8b6ef9
Reviewed-on: https://chromium-review.googlesource.com/c/1450137
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59473}
Instead of eliminating bounds checks based on types, we introduce
an aborting bounds check that crashes rather than deopts.
Bug: v8:8806
Change-Id: Icbd9c4554b6ad20fe4135b8622590093679dac3f
Reviewed-on: https://chromium-review.googlesource.com/c/1460461
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59467}
This is a reland of 97628eeeb9.
Original change's description:
> [error] extend error stack w/ function parameters
>
> Extend FrameArray to hold weak references to parameters forfunctions in
> the call stack. The goal here is to provide more metadata for postmortem
> tools (such as llnode), especially in cases of rethrowing (this will be
> particularly useful when using postmortem with promises on Node.js).
>
> Besides postmortem, these changes allow us to print a more detailed
> stack trace for errors with parameters types (or even values), which can
> be useful since JavaScript functions can receive any number of
> parameters of any type, and having a function behave differently
> according to the number of parameters received as well as their types is
> a common pattern on JS libraries and frameworks.
>
> R=<U+200B>bmeurer@google.com, yangguo@google.com
>
> Change-Id: Idf0984d0dbac16041f11d738d4b1c095a8eecd61
> Reviewed-on: https://chromium-review.googlesource.com/c/1289489
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58468}
R=bmeurer@google.com, jkummerow@chromium.org, yangguo@google.com
Change-Id: I53d90bb862d9c5e9541116b375fa4de70e3e76dd
Reviewed-on: https://chromium-review.googlesource.com/c/1405568
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59458}
This reverts commit 734a657522.
Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/29872
Original change's description:
> Do not enqueue or run a microtask on detached contexts
>
> This CL disables EnqueueMicrotask and RunMicrotasks on detached
> contexts. That is, if an embedder call DetachGlobal() on a v8::Context,
> EnqueueMicrotask on that context will not take effect, and all Microtask
> that is enqueued before DetachGlobal will be cancelled.
>
> On Blink, this implies that a frame will no longer run a microtask after
> it's navigated away. OTOH, detached frames in Blink are not affected.
>
> Bug: v8:8124
> Change-Id: I5b00ceef5ea2afb87cf067a65eb95c29bf91176d
> Reviewed-on: https://chromium-review.googlesource.com/c/1416071
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59445}
TBR=yukishiino@chromium.org,adamk@chromium.org,yangguo@chromium.org,bmeurer@chromium.org,verwaest@chromium.org,tzik@chromium.org
Change-Id: I9f5b703e7101aa3c251fe03ed4b52e9d71ae605a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8124
Reviewed-on: https://chromium-review.googlesource.com/c/1460466
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59448}
This CL disables EnqueueMicrotask and RunMicrotasks on detached
contexts. That is, if an embedder call DetachGlobal() on a v8::Context,
EnqueueMicrotask on that context will not take effect, and all Microtask
that is enqueued before DetachGlobal will be cancelled.
On Blink, this implies that a frame will no longer run a microtask after
it's navigated away. OTOH, detached frames in Blink are not affected.
Bug: v8:8124
Change-Id: I5b00ceef5ea2afb87cf067a65eb95c29bf91176d
Reviewed-on: https://chromium-review.googlesource.com/c/1416071
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59445}
This makes the existing error message tests also test the error
produced by asynchronous compilation and instantiation.
It also slightly tweaks the error message to contain the name of the
API function invoked instead of "WebAssembly Instantiation".
R=titzer@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: chromium:926311
Change-Id: If4ab963cee8267d43b289169d21b31637c471d6d
Reviewed-on: https://chromium-review.googlesource.com/c/1456085
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59442}
Port String.prototype.endsWith from a CPP builtin to a Torque builtin.
Spec: https://tc39.github.io/ecma262/#sec-string.prototype.endswith
Bug: v8:8400
Change-Id: I4ac8cb92acb68389db844deaecc9ae1c6e7d6bd5
Reviewed-on: https://chromium-review.googlesource.com/c/1454677
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59441}
This is a reland of 78ed0e3fdb
The breakage was unrelated to constant field tracking (see
the linked bugs).
Original change's description:
> Ship constant field tracking
>
> Bug: v8:8361
> Change-Id: I25c52c708517cf27add89e0c5c97e6d21abb2a9a
> Reviewed-on: https://chromium-review.googlesource.com/c/1456089
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59415}
Bug: v8:8361, v8:8799, v8:8801
Change-Id: I318768b925f3efd285cb27aa93e6de35fdcced42
Reviewed-on: https://chromium-review.googlesource.com/c/1458238
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59440}
Drive-by: Refactor FlushInstructionCache to its own header. This removes
dependencies of objects.cc and code.cc
Bug: v8:8562
Change-Id: If23f3b9d4f2068e08c61c0f4b070ecfe1b9a6cc0
Reviewed-on: https://chromium-review.googlesource.com/c/1456081
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59435}
The new scheduling reduces the main thread marking performed in
tasks and on allocation. It is based on two counters:
- bytes_marked,
- scheduled_bytes_to_mark.
The bytes_marked accounts marking done both the main thread and
the concurrent threads. The scheduled_bytes_to_mark increases based
on allocated bytes and also based on time passed since the start
of marking. The main thread steps are allowed to mark the minimal
amount if bytes_marked is greater than scheduled_bytes_to_mark.
This also changes tasks posted for marking. Before only normal
tasks were posted. Now delayed tasks are posted if the marker is
ahead of schedule.
Bug: 926189
Change-Id: I5bc9c33a5ecfc9f8d09f78d08ae277d16a2779ca
Reviewed-on: https://chromium-review.googlesource.com/c/1443056
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59433}
Some tests assume that kMaxRegularHeapObjectSize is close to the
page size. They break if the constant is decreased to 16KB to stress
young large objects.
Bug: chromium:852420
Change-Id: I2542878810823f7a73019b1e451a080fcfc1f78f
Reviewed-on: https://chromium-review.googlesource.com/c/1456043
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59430}
This adds a test case to check consistency of how an "unreachable" trap
is handled by a surrounding "try" block in case those two operations are
in different functions (i.e. not local to one function body). It also
fixes a DCHECK for an as-of-yet untested interpreter state transition.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8729
Change-Id: I432c48d0bc664f7ab092aaafef6dfa29c5f262fd
Reviewed-on: https://chromium-review.googlesource.com/c/1454605
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59429}
Just add tests so we can observe the number first.
Got the following results
$ python -u tools/run_perf.py --binary-override-path out/x64.release/d8 --filter "JSTests/Intl" test/js-perf-test/JSTests.json
INFO >>> Running suite: JSTests/Intl
INFO >>> Stdout (#1):
NewIntlCollator-Intl(Score): 161
NewIntlDateTimeFormat-Intl(Score): 9.73
NewIntlNumberFormat-Intl(Score): 18.6
NewIntlPluralRules-Intl(Score): 18.5
NewIntlListFormat-Intl(Score): 19.4
NewIntlRelativeTimeFormat-Intl(Score): 18.7
Bug: chromium:928098
Change-Id: I59f28393af8f868de639dcb81a7b2f69ce2f0eba
Reviewed-on: https://chromium-review.googlesource.com/c/1455717
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59424}
For the initial implementation we simply keep the capacity of
the young large object space in sync with the capacity of the
new space. The only subtlety is that we allow at least one
large object independent from its size. So it may exceed the
capacity of the space.
This also fixes setting of the large page flags for incremental
marking.
Bug: chromium:852420
Change-Id: I12a9d4a7350464ca291710917ecad782ae73b8e1
Reviewed-on: https://chromium-review.googlesource.com/c/1456092
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59422}
We often use raw assertPromiseResult with {success ==
assertUnreachable} for that. Having a separate helper increases
readability and allows us to generate consistent (and better) error
messages.
R=titzer@chromium.org
Bug: chromium:926311
Change-Id: I507941eacaafe6c576098d7829a76b27384a4fb6
Reviewed-on: https://chromium-review.googlesource.com/c/1456039
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59417}
This is a reland of I968a08cef6a6d49350aa79185b2c6fb856d15f23
Original change's description:
> [builtins] [turbofan] Refactor Float64Pow to use single implementation
>
> Remove platform-specific Float64Pow implementations and utils Pow in
> favor of a base::ieee754::pow implementation.
>
> This unifies the implementation of pow for the compiler, wasm, and
> runtime.
>
> Bug: v8:5848, v8:5086
> Change-Id: I968a08cef6a6d49350aa79185b2c6fb856d15f23
> Reviewed-on: https://chromium-review.googlesource.com/c/1403018
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59229}
Bug: v8:5848, v8:5086
Change-Id: I92f22ae03adafd9ad042e8d4bb406cbd5b5fb51e
Cq-Include-Trybots: luci.chromium.try:linux_chromium_ubsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/1447854
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59411}
This adds constant field tracking for arrays. To prevent changing the
field in some other elements-kind-branch of transition tree, we only
use the const information in the optimizing compiler if the map is not
an array map or if the map is stable (since stable maps cannot
transition to a different elements-kind-branch without deopt).
Some more details:
https://docs.google.com/document/d/1r2GAvdi_wudDS6iRUfdPw0gxWMfV-IX1PqKgwW47FyE
Bug: chromium:912162, v8:8361
Change-Id: Iea1b2f03ddee16205c2141ac5e813a973dd23cf4
Reviewed-on: https://chromium-review.googlesource.com/c/1454606
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59409}
V8 test suites return tests by loading them into memory up-front. Up-front
loading has memory and loading-time overhead for the testrunner.
This CL converts the test-suites to load tests during the test run in parallel.
After CL, most test suites start running immediately and all test suites start
running after 3 seconds on a modern SSD.
This CL eliminates the 200 MiB memory spikes that causes memory problems in mac
minis.
Overhead of running test262 before CL:
Line # Mem usage Increment Line Contents
=================================================
264 225.760 MiB 195.8.000 MiB tests = self._load_testsuite_generators(args, options)
-------------------------------------------------
Overhead of running test262 after CL:
Line # Mem usage Increment Line Contents
================================================
264 28.840 MiB 0.000 MiB tests = self._load_testsuite_generators(args, options)
-------------------------------------------------
R=machenbach@chromium.org
CC=yangguo@chromium.org,sergiyb@chromium.org
Bug: v8:8174, v8:8552, v8:8728
Change-Id: Iab540b9410239b05dc80b4a5228db25d8b8fb3b9
Reviewed-on: https://chromium-review.googlesource.com/c/1454478
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59408}
"this" is a very common expression. By using a single ThisExpression object
we can both avoid allocating many unnecessary VariableProxies and specialize
the resolution of this since we know where it's declared up-front. This also
avoids having to special-case "this" reference handling in the paths that would
behave differently for "this" than for regular references; e.g., with-scopes.
The tricky pieces are due to DebugEvaluate and this/super() used as default
parameters of arrow functions. In the former case we replace the WITH_SCOPE
with FUNCTION_SCOPE so that we make sure that "this" is intercepted, and still
rely on regular dynamic variable lookup. Arrow functions are dealt with by
marking "this" use in ArrowHeadParsingScopes. If the parenthesized expression
ends up being an arrow function, we force context allocate on the outer scope
(and mark "has_this_reference" on the FUNCTION_SCOPE so DebugEvaluate in the
arrow function can expose "this").
The CL also removes the now unused ThisFunction AST node.
Change-Id: I0ca38ab92ff58c2f731e07db2fbe91df901681ef
Reviewed-on: https://chromium-review.googlesource.com/c/1448313
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59393}
This is a reland of 81eec150f6
Original change's description:
> Reland "[test] refactor testsuite configuration"
>
> This is a reland of 7f92ad0ab6
>
> Original change's description:
> > [test] refactor testsuite configuration
> >
> > Every testsuite configuration consist of at least 30% code duplication.
> >
> > The code age ranges from 10 years old to 5 years old. Implementing anything that
> > touches the testsuite code becomes a technical fight to the death.
> >
> > This CL removes all the duplication by refactoring the common functionality.
> >
> > This CL contains structural changes without any logical changes % small bug
> > fixes.
> >
> > R=machenbach@chromium.org
> > CC=yangguo@chromium.org,sergiyb@chromium.org
> >
> > Bug: v8:8174, v8:8769
> > Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
> > Reviewed-on: https://chromium-review.googlesource.com/c/1445881
> > Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#59361}
>
> Bug: v8:8174, v8:8769
> Change-Id: I8e7078cfb875ceb3777e57084e6f8dfac09693e7
> Reviewed-on: https://chromium-review.googlesource.com/c/1454485
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Tamer Tas <tmrts@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59369}
Bug: v8:8174, v8:8790
Change-Id: I38ab9d37bca76057441a970f26e2102e4387a857
Reviewed-on: https://chromium-review.googlesource.com/c/1454724
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59387}
1. Change the function to align with UTS35 instead of (old) RFC.
2. Restrict tag as Unicode Locale Identifier by code that on top of ICU.
Because icu::Locale in ICU63 is not tight enough to restrict that.
Added comments to show what to do (to use icu::LocaleBuilder) after
the landing of ICU64
3. Fix to pass two tests in test262.
Bug: v8:8262,v8:8670,v8:7684
Change-Id: If244647e6a50daae305b9ae1a569100859be8a0c
Reviewed-on: https://chromium-review.googlesource.com/c/1435737
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59382}
Introduce a way to set a custom finalization callback that can be used
to signal and set up destruction of embedder memory.
Bug: chromium:923361
Change-Id: Ifc62ebd534aba3b02511c74b59161ec3edc0ee0d
Reviewed-on: https://chromium-review.googlesource.com/c/1452447
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59381}
This reverts commit 73dd9b5527.
Reason for revert: Broke telemetry layout tests - https://ci.chromium.org/p/chromium/builders/luci.chromium.try/win7-rel/9936 as can be seen in this roll - https://chromium-review.googlesource.com/c/chromium/src/+/1454259
Original change's description:
> [utf8] Rewrite NewStringFromUtf8 using Utf8::ValueOfIncremental
>
> This is 3-4x faster than using the Utf8Decoder. This matters for proper
> parse-time measurements using d8.
>
> Change-Id: I9870e9fbe400ec022a6eeb20491c80a2a32f8519
> Reviewed-on: https://chromium-review.googlesource.com/c/1451827
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59347}
TBR=ulan@chromium.org,leszeks@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I3f8faebb61c19a41ee496a571228f53c0d5fc8dd
Reviewed-on: https://chromium-review.googlesource.com/c/1454495
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59378}
Preserve coverage for unused functions by force marking them used when
code coverage is enabled.
Bug: chromium:927464
Change-Id: Ia973467d06f7268f4e98cc76d0bb98cc591e979c
Reviewed-on: https://chromium-review.googlesource.com/c/1454717
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59373}
This reverts commit 81eec150f6.
Reason for revert: windows mozilla test failures
Original change's description:
> Reland "[test] refactor testsuite configuration"
>
> This is a reland of 7f92ad0ab6
>
> Original change's description:
> > [test] refactor testsuite configuration
> >
> > Every testsuite configuration consist of at least 30% code duplication.
> >
> > The code age ranges from 10 years old to 5 years old. Implementing anything that
> > touches the testsuite code becomes a technical fight to the death.
> >
> > This CL removes all the duplication by refactoring the common functionality.
> >
> > This CL contains structural changes without any logical changes % small bug
> > fixes.
> >
> > R=machenbach@chromium.org
> > CC=yangguo@chromium.org,sergiyb@chromium.org
> >
> > Bug: v8:8174, v8:8769
> > Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
> > Reviewed-on: https://chromium-review.googlesource.com/c/1445881
> > Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#59361}
>
> Bug: v8:8174, v8:8769
> Change-Id: I8e7078cfb875ceb3777e57084e6f8dfac09693e7
> Reviewed-on: https://chromium-review.googlesource.com/c/1454485
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Tamer Tas <tmrts@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59369}
TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org
Change-Id: I8f5650b5f46be299c004e2fa8b708fa2c17a4dc2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8174, v8:8769
Reviewed-on: https://chromium-review.googlesource.com/c/1454607
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59370}
This is a reland of 7f92ad0ab6
Original change's description:
> [test] refactor testsuite configuration
>
> Every testsuite configuration consist of at least 30% code duplication.
>
> The code age ranges from 10 years old to 5 years old. Implementing anything that
> touches the testsuite code becomes a technical fight to the death.
>
> This CL removes all the duplication by refactoring the common functionality.
>
> This CL contains structural changes without any logical changes % small bug
> fixes.
>
> R=machenbach@chromium.org
> CC=yangguo@chromium.org,sergiyb@chromium.org
>
> Bug: v8:8174, v8:8769
> Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
> Reviewed-on: https://chromium-review.googlesource.com/c/1445881
> Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59361}
Bug: v8:8174, v8:8769
Change-Id: I8e7078cfb875ceb3777e57084e6f8dfac09693e7
Reviewed-on: https://chromium-review.googlesource.com/c/1454485
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59369}
This reverts commit 7f92ad0ab6.
Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win32/19148
Original change's description:
> [test] refactor testsuite configuration
>
> Every testsuite configuration consist of at least 30% code duplication.
>
> The code age ranges from 10 years old to 5 years old. Implementing anything that
> touches the testsuite code becomes a technical fight to the death.
>
> This CL removes all the duplication by refactoring the common functionality.
>
> This CL contains structural changes without any logical changes % small bug
> fixes.
>
> R=machenbach@chromium.org
> CC=yangguo@chromium.org,sergiyb@chromium.org
>
> Bug: v8:8174, v8:8769
> Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
> Reviewed-on: https://chromium-review.googlesource.com/c/1445881
> Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59361}
TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org,v8-reviews@chromium.org
Change-Id: I473f0d4c6b9c0239923b8c03699dbc38b7f85030
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8174, v8:8769
Reviewed-on: https://chromium-review.googlesource.com/c/1454599
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59362}
Every testsuite configuration consist of at least 30% code duplication.
The code age ranges from 10 years old to 5 years old. Implementing anything that
touches the testsuite code becomes a technical fight to the death.
This CL removes all the duplication by refactoring the common functionality.
This CL contains structural changes without any logical changes % small bug
fixes.
R=machenbach@chromium.orgCC=yangguo@chromium.org,sergiyb@chromium.org
Bug: v8:8174, v8:8769
Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
Reviewed-on: https://chromium-review.googlesource.com/c/1445881
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59361}
Test262 has a couple of duplicated test files with the identical inside both
"test262/data/test" and "test262/local-tests/test".
Testrunner used to deduplicate the tests, which masked this issue.
This CL removes the obsolete copies in the local-tests.
R=adamk@chromium.org,yangguo@chromium.org,machenbach@chromium.org
Bug: v8:8174,v8:8728
Change-Id: Iecdc40b417f237feb916f1c3a24f8def7ea11fad
Reviewed-on: https://chromium-review.googlesource.com/c/1452436
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59354}
Remove the call to [[HasProperty]] for the shared property when threads
feature is enabled.
Bug: v8:8782
Change-Id: I492ed3726ea846a1a52dc3a0e0a183d9ee506e96
Reviewed-on: https://chromium-review.googlesource.com/c/1451826
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Cr-Commit-Position: refs/heads/master@{#59352}
This is 3-4x faster than using the Utf8Decoder. This matters for proper
parse-time measurements using d8.
Change-Id: I9870e9fbe400ec022a6eeb20491c80a2a32f8519
Reviewed-on: https://chromium-review.googlesource.com/c/1451827
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59347}
This is a reland of a9e93572d4
Original change's description:
> [test] Check for illegal uses of mjsunit methods
>
> The assertThrows and assertDoesNotThrow methods expect either a
> function to execute, or a string to eval. In several tests however we
> accidentally passed the *result* of the statement to be tested instead
> of the code.
> This CL adds check to catch such error early, and removes wrong uses.
> In most places, we do not need to use assertDoesNotThrow anyway,
> because exceptions are handled as test failures.
>
> Drive-by: Unify catch syntax in mjsunit.js and make sure to propagate
> MjsUnitAssertionErrors correctly.
>
> R=mathias@chromium.org
>
> Bug: v8:8562
> Change-Id: I88894a667cbe0570774f748a9a23e8a527887a49
> Reviewed-on: https://chromium-review.googlesource.com/c/1439238
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59277}
Bug: v8:8562
Change-Id: I3b26935f7b35302d499266155273ea271bf8151d
Reviewed-on: https://chromium-review.googlesource.com/c/1449792
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59328}
This is a reland of 0befa6d4c3
Original change's description:
> [nojit] Check that --jitless is disabled when creating wasm code
>
> Drive-by: Amend wasm test skips for lite mode.
>
> Bug: v8:7777
> Change-Id: I23e13b65e548c19d6b24a26e0b962a9978f54ed7
> Reviewed-on: https://chromium-review.googlesource.com/c/1449616
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59314}
Tbr: mstarzinger@chromium.org
Bug: v8:7777
Change-Id: I0a076b36bb2e69b612df89b0f35067f299f27a7e
Reviewed-on: https://chromium-review.googlesource.com/c/1451819
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59325}
In the process add missing base Torque functionality for 8-bit and
16-bit integers and Cast<> operators to make them easy to use.
As a poster child, port the field declarations of SharedFunctionInfo
to the class definition in base.tq.
As a drive by: Add the missing GN dependency on
class-definitions-from-dsl.h
Bug: v8:7793
Change-Id: I76a41c2e81ffd1cbb90ac7a4ef8d4003ac86e8dc
Reviewed-on: https://chromium-review.googlesource.com/c/1445882
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59321}
This CL makes the TypedArray#sort unit test more robust, that checks
for the stable property.
R=jgruber@chromium.org
Bug: v8:8567
Change-Id: I8e6a729d0a8b54901535d49eb578b8b34bd6f2eb
Reviewed-on: https://chromium-review.googlesource.com/c/1449695
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59316}
These offsets are now transported via CodeDesc.
Bug: v8:8758
Change-Id: If7485c62878bc81a55c9b4ca8ce3578dab2376ce
Reviewed-on: https://chromium-review.googlesource.com/c/1447717
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59315}
Drive-by: Amend wasm test skips for lite mode.
Bug: v8:7777
Change-Id: I23e13b65e548c19d6b24a26e0b962a9978f54ed7
Reviewed-on: https://chromium-review.googlesource.com/c/1449616
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59314}
Set entries return an array with the value as first and second entry.
As such these are considered key value pairs to align with maps
entries iterator.
So far the return value was identical to the values iterator and that
is misleading.
This also adds tests to verify the results and improves the coverage
a tiny bit by testing different iterators.
Refs: https://github.com/nodejs/node/issues/24629R=yangguo@chromium.org
Change-Id: I669a724bb4afaf5a713e468b1f51691d22c25253
Reviewed-on: https://chromium-review.googlesource.com/c/1350790
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59311}
The result of Object::ToInteger is a number rounded to an
integer value, but not necessarily in the range of what a
C++ "int" can represent. Doing the 2 <= radix <= 36 range
check first makes the subsequent cast safe.
Bug: chromium:927212
Change-Id: I49f115140f6dc1f951cbc08a3025b3ac92ec8628
Reviewed-on: https://chromium-review.googlesource.com/c/1449040
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59303}
This reverts commit a1b431d7d3.
Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/22809
Original change's description:
> [serializer] share class positions tuple across contexts
>
> Class positions is a struct that stores the start and end positions of a class
> literal. It is stored both on class objects, and the template used to
> instantiate class objects.
>
> The template is reachable from the bytecode array and therefore serialized by
> the startup serializer. Class objects are context-dependent and therefore
> serialized by the partial serializer. Serializing class positions from both
> serializers violates the assumption that we don't serialize any object twice.
>
> R=gsathya@chromium.org
>
> Bug: v8:8761
> Change-Id: If22c554cc7396d63998a015454ce0c67a7d2e05c
> Reviewed-on: https://chromium-review.googlesource.com/c/1444956
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59292}
TBR=yangguo@chromium.org,mstarzinger@chromium.org,gsathya@chromium.org
Change-Id: I9f3fd1b29b5991b450223f8b27dfc7aa7e5a3171
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8761
Reviewed-on: https://chromium-review.googlesource.com/c/1450116
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59300}
This basically adjusts reality to match our expectations. Methods based
on Code::kConstantPoolOffset expected the constant pool to be located
immediately following the handler table and before the code comments
section, while it was actually emitted before the jump table. We did
not notice earlier since this is only relevant on ppc.
Bug: v8:8758
Change-Id: I189af491fe133a7dc480ff4056372ba7a27faa81
Reviewed-on: https://chromium-review.googlesource.com/c/1445880
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#59299}
Users should switch to TracedGlobal and the newly added methods of
v8::EmbedderHeapTracer.
Bug: chromium:923361, v8:8562
Change-Id: I3e5ed5785a0a49c0b65c7b1d1d103e568dd3e938
Reviewed-on: https://chromium-review.googlesource.com/c/1445752
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59297}
This CL revises some of our error messages, and removes unneeded parts
(like "AsyncCompilation: " or "(null): "). It also extends existing
tests to check for the precise error message more thoroughly to detect
changes or nondeterminism earlier.
R=titzer@chromium.org, ahaas@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: chromium:926311
Change-Id: I1ccfb307d4a61291f4582330152a53fbadd0848f
Reviewed-on: https://chromium-review.googlesource.com/c/1445897
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59296}
This adds support for integrity level transitions (preventExtensions,
seal and freeze) to MapUpdater and Map::TryUpdate.
In both cases, we first try to detect whether there were integrity
level transitions in the transition tree to the old map and make note
of the most restrictive integrity transition and the map just before
the transition (integrity-source-map). Then we find an appropriate root
(based on integrity-source-map's elements kind) and replay the
transitions based on the integrity-source-map's descriptor
array. Finally, if we saw an integrity level transition in
the beginning, we will find-or-create that transition (on the
updated version of integrity-source-map).
For the following micro-benchmark, we get about 10x speedup.
```
function C() {
this.x = 1;
Object.seal(this);
this.x = 0.1;
}
const start = Date.now();
for (let i = 0; i < 1e7; i++) {
new C();
}
console.log("Reconfigure sealed: " + (Date.now() - start));
```
Before:
> Reconfigure sealed: 5202
After:
> Reconfigure sealed: 479
Bug: v8:8538
Change-Id: If695be7469d8b6ccd44ac4528be8aa34b65b3e4d
Reviewed-on: https://chromium-review.googlesource.com/c/1442640
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59295}
Class positions is a struct that stores the start and end positions of a class
literal. It is stored both on class objects, and the template used to
instantiate class objects.
The template is reachable from the bytecode array and therefore serialized by
the startup serializer. Class objects are context-dependent and therefore
serialized by the partial serializer. Serializing class positions from both
serializers violates the assumption that we don't serialize any object twice.
R=gsathya@chromium.org
Bug: v8:8761
Change-Id: If22c554cc7396d63998a015454ce0c67a7d2e05c
Reviewed-on: https://chromium-review.googlesource.com/c/1444956
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59292}
This CL changes the usage pattern from
FOR_XXX_VALUES(i) { Use(*i); }
to
FOR_XXX_VALUES(i) { Use(i); }
which is way more intuitive.
Note that the replacement in the uses was done via regular expression,
so it's purely mechanical. In two locations I removed unneeded braces
around the macro, because they confused clang-format.
I plan to do more cleanups (remove redundant assignments within the
FOR_XXX_VALUES body) in a follow-up CL.
R=mstarzinger@chromium.org
Bug: v8:8562
Change-Id: I4329bfcf34e5b077d19b50f4204ceb3b4340fe61
Reviewed-on: https://chromium-review.googlesource.com/c/1449615
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59287}
If we need to allocate a DOUBLE_ELEMENTS backing store, it's important
to allow large object space allocation.
BUG: chromium:926856
Change-Id: I9dd94f7176891a6f8f11d5f579b67df8151a40b5
Reviewed-on: https://chromium-review.googlesource.com/c/1449531
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59285}
This reverts commit a9e93572d4.
Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/23956
Happened already 2 builds earlier, but the output is corrupted due to
an outage.
Original change's description:
> [test] Check for illegal uses of mjsunit methods
>
> The assertThrows and assertDoesNotThrow methods expect either a
> function to execute, or a string to eval. In several tests however we
> accidentally passed the *result* of the statement to be tested instead
> of the code.
> This CL adds check to catch such error early, and removes wrong uses.
> In most places, we do not need to use assertDoesNotThrow anyway,
> because exceptions are handled as test failures.
>
> Drive-by: Unify catch syntax in mjsunit.js and make sure to propagate
> MjsUnitAssertionErrors correctly.
>
> R=mathias@chromium.org
>
> Bug: v8:8562
> Change-Id: I88894a667cbe0570774f748a9a23e8a527887a49
> Reviewed-on: https://chromium-review.googlesource.com/c/1439238
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59277}
TBR=ahaas@chromium.org,clemensh@chromium.org,mathias@chromium.org
Change-Id: Iec06c95dd3223f27297e5c6e02835d26b5e753e7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8562
Reviewed-on: https://chromium-review.googlesource.com/c/1449634
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59284}
The assertThrows and assertDoesNotThrow methods expect either a
function to execute, or a string to eval. In several tests however we
accidentally passed the *result* of the statement to be tested instead
of the code.
This CL adds check to catch such error early, and removes wrong uses.
In most places, we do not need to use assertDoesNotThrow anyway,
because exceptions are handled as test failures.
Drive-by: Unify catch syntax in mjsunit.js and make sure to propagate
MjsUnitAssertionErrors correctly.
R=mathias@chromium.org
Bug: v8:8562
Change-Id: I88894a667cbe0570774f748a9a23e8a527887a49
Reviewed-on: https://chromium-review.googlesource.com/c/1439238
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59277}
This fixes stack height management when a call to an external function
raises a type error trap. It also adds a test case that such exceptions
can be caught locally.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8729
Change-Id: I54b19ba86eb937695584229753d7f6cfa7e1a15d
Reviewed-on: https://chromium-review.googlesource.com/c/1447773
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59273}
This CL replaces the current TypedArray#sort with a simpler mergesort.
The fastpath when the user does not provide a comparison function
is still used.
In addition, TypedArray#sort now converts all elements in the
TypedArray to tagged values upfront, sorts them and writes them
back into the TypedArray as the final step.
R=jgruber@chromium.org, tebbi@chromium.org
Bug: v8:8567
Change-Id: Ib672c5cf510f7c0a2e722d1baa2704305a9ff235
Reviewed-on: https://chromium-review.googlesource.com/c/1445987
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59271}
This way we can remove them correctly and avoid leaks.
R=mstarzinger@chromium.org, ulan@chromium.org
Bug: v8:8725
Change-Id: I52cbbf34a94171aaeb581b55aecb25311465544d
Reviewed-on: https://chromium-review.googlesource.com/c/1446453
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59266}
Multiplication, division, and toString can take a very long
time for large inputs. This patch adds stack checks to each
of these operations so embedders can interrupt them.
Bug: chromium:922032
Change-Id: Idae9d32d6f78a028de4d2ba3abdb79c624f0dca1
Reviewed-on: https://chromium-review.googlesource.com/c/1444913
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59262}
(The bug didn't affect any functionality; we just left detached WeakCells in
inconsistent state.)
BUG=v8:8179
Change-Id: I28f6c27532383b94bdfd746db903096f1dc6f1cc
Reviewed-on: https://chromium-review.googlesource.com/c/1447651
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59255}
This is a reland of 1e3582b5ae
Original change's description:
> Reland "[builtins] Verify Isolate compatibility with the embedded blob"
>
> This is a reland of b022e825bd
>
> Original change's description:
> > [builtins] Verify Isolate compatibility with the embedded blob
> >
> > Embedded builtins (= the embedded blob) have a few dependencies on the
> > snapshot state. For instance, they require that metadata stored on
> > builtin Code objects as well as the builtins constant table remain
> > unchanged from mksnapshot-time. Embedders may violate these
> > assumptions by accident, e.g. by loading a snapshot generated with
> > different build flags, leading to seemingly unrelated failures later
> > on.
> >
> > This CL introduces an Isolate hash stored in the embedded blob which
> > hashes relevant parts of builtin Code objects and the builtins
> > constant table. It's verified in Isolate::Init in debug builds.
> >
> > Bug: v8:8723
> > Change-Id: Ifc9bdbe6f56ea67d8984f162afa73a3572cfbba8
> > Reviewed-on: https://chromium-review.googlesource.com/c/1442641
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#59177}
>
> Tbr: yangguo@chromium.org,sigurds@chromium.org
> Bug: v8:8723
> Change-Id: I1dd001783f0f1fae21a9809c8639e40f55b8f663
> Reviewed-on: https://chromium-review.googlesource.com/c/1445985
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59236}
Tbr: yangguo@chromium.org,sigurds@chromium.org
Bug: v8:8723
Change-Id: I8e4ae2f09d16b693c1fb814477d8487385046ee4
Reviewed-on: https://chromium-review.googlesource.com/c/1448312
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59250}
This CL revises some of our error messages to be more precise or more
aesthetically appealing.
R=titzer@chromium.org, ahaas@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: chromium:926311
Change-Id: I38eaee09fd37f9b67fdb08bc7b0df64a6eaf96f9
Reviewed-on: https://chromium-review.googlesource.com/c/1445980
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59249}
This reverts commit 1e3582b5ae.
Reason for revert: Still fails nosnap: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/22789
Original change's description:
> Reland "[builtins] Verify Isolate compatibility with the embedded blob"
>
> This is a reland of b022e825bd
>
> Original change's description:
> > [builtins] Verify Isolate compatibility with the embedded blob
> >
> > Embedded builtins (= the embedded blob) have a few dependencies on the
> > snapshot state. For instance, they require that metadata stored on
> > builtin Code objects as well as the builtins constant table remain
> > unchanged from mksnapshot-time. Embedders may violate these
> > assumptions by accident, e.g. by loading a snapshot generated with
> > different build flags, leading to seemingly unrelated failures later
> > on.
> >
> > This CL introduces an Isolate hash stored in the embedded blob which
> > hashes relevant parts of builtin Code objects and the builtins
> > constant table. It's verified in Isolate::Init in debug builds.
> >
> > Bug: v8:8723
> > Change-Id: Ifc9bdbe6f56ea67d8984f162afa73a3572cfbba8
> > Reviewed-on: https://chromium-review.googlesource.com/c/1442641
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#59177}
>
> Tbr: yangguo@chromium.org,sigurds@chromium.org
> Bug: v8:8723
> Change-Id: I1dd001783f0f1fae21a9809c8639e40f55b8f663
> Reviewed-on: https://chromium-review.googlesource.com/c/1445985
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59236}
TBR=yangguo@chromium.org,sigurds@chromium.org,jgruber@chromium.org
Change-Id: If6082452c739d4de44ed70d3c6355f5282684ac1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8723
Reviewed-on: https://chromium-review.googlesource.com/c/1448311
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59241}
This is a reland of b022e825bd
Original change's description:
> [builtins] Verify Isolate compatibility with the embedded blob
>
> Embedded builtins (= the embedded blob) have a few dependencies on the
> snapshot state. For instance, they require that metadata stored on
> builtin Code objects as well as the builtins constant table remain
> unchanged from mksnapshot-time. Embedders may violate these
> assumptions by accident, e.g. by loading a snapshot generated with
> different build flags, leading to seemingly unrelated failures later
> on.
>
> This CL introduces an Isolate hash stored in the embedded blob which
> hashes relevant parts of builtin Code objects and the builtins
> constant table. It's verified in Isolate::Init in debug builds.
>
> Bug: v8:8723
> Change-Id: Ifc9bdbe6f56ea67d8984f162afa73a3572cfbba8
> Reviewed-on: https://chromium-review.googlesource.com/c/1442641
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59177}
Tbr: yangguo@chromium.org,sigurds@chromium.org
Bug: v8:8723
Change-Id: I1dd001783f0f1fae21a9809c8639e40f55b8f663
Reviewed-on: https://chromium-review.googlesource.com/c/1445985
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59236}
This reverts commit 595aafeb21.
Reason for revert:
https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8922824501209195616/+/steps/Mozilla/0/logs/15.8.2.13/0
Original change's description:
> [builtins] [turbofan] Refactor Float64Pow to use single implementation
>
> Remove platform-specific Float64Pow implementations and utils Pow in
> favor of a base::ieee754::pow implementation.
>
> This unifies the implementation of pow for the compiler, wasm, and
> runtime.
>
> Bug: v8:5848, v8:5086
> Change-Id: I968a08cef6a6d49350aa79185b2c6fb856d15f23
> Reviewed-on: https://chromium-review.googlesource.com/c/1403018
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59229}
TBR=yangguo@chromium.org,jarin@chromium.org,neis@chromium.org,clemensh@chromium.org,me@gus.host
Change-Id: I266df4b8350cfcebcea8f6063ad75ad962381105
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5848, v8:5086
Reviewed-on: https://chromium-review.googlesource.com/c/1447715
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59232}
Also use the feedback as a hint for the target, because target and
new.target are often the same and we have no way of checking that
in the serializer.
Bug: v8:7790
Change-Id: I9647bf9ab830a76657de400f413fc1cb798a2ade
Reviewed-on: https://chromium-review.googlesource.com/c/1445988
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59230}
Remove platform-specific Float64Pow implementations and utils Pow in
favor of a base::ieee754::pow implementation.
This unifies the implementation of pow for the compiler, wasm, and
runtime.
Bug: v8:5848, v8:5086
Change-Id: I968a08cef6a6d49350aa79185b2c6fb856d15f23
Reviewed-on: https://chromium-review.googlesource.com/c/1403018
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59229}
This adds support for handling exceptions between different frames of
one single interpreter activation. Frames are dropped until a local
handler is found. If none is found in the current activation then we
delegate to the existing stack unwinding mechanism to deal with multiple
activations interspersed with non-interpreter stack frames on the actual
machine stack.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8091
Change-Id: Ia4abb27ff037bf0d3e3b05721bd3c971ef820e3c
Reviewed-on: https://chromium-review.googlesource.com/c/1445989
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59228}
In particular, test all integrity level transitions properly.
The motivation for this fix was to get rid of the test that introduce {frozen_symbol}
transition while leaving properties configurable and writable. This CL tests each
integrity transition separately, and sets the attributes accordingly.
Bug: v8:8538
Change-Id: I741d87bba1472aec68bf92084e65edc16c1e08d8
Reviewed-on: https://chromium-review.googlesource.com/c/1446097
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59226}
The build config inherited from Chromium only enables a subset
of the checks that UBSan supports. We want them all, so this
patch overrides what "is_ubsan" means for V8.
Bug: v8:3770
Change-Id: I1d0a7d994279272f13ff1d4ac9ed235fcbfc0951
Reviewed-on: https://chromium-review.googlesource.com/c/1443502
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59222}
We noticed that almost every call site were loading both files,
the split isn't necessary anymore.
In some message tests, removed the absolute line number to allow future
changes.
Bug: v8:8726
Change-Id: I8527f0a1ecfa685aa01a5e2f5f47ddf1cb13a545
Reviewed-on: https://chromium-review.googlesource.com/c/1446452
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59220}
For instances created via constructors and `new` we try to pre-size
the instances such that ideally all the data properties can be
allocated as in-object properties (and we don't need to allocate the
out-of-object PropertyArray backing store). This is accomplished with
the helper of the Parser, which counts the property assignments to
`this` in the constructor, and we use that as the starting point for
pre-sizing logic (a mechanism called *slack tracking* is used to
dynamically shrink the objects based on the real memory usage, and
eventually compute the final starting size for instances of the
individual constructors).
This works well even with class hierarchies, since for a derived class
constructor we just include the current constructor plus all the base
constructors. I.e. with
```js
class A {
constructor() {
this.x00 = null;
this.x01 = null;
this.x02 = null;
this.x03 = null;
this.x04 = null;
this.x05 = null;
this.x06 = null;
this.x07 = null;
this.x08 = null;
this.x09 = null;
this.x10 = null;
this.x11 = null;
this.x12 = null;
this.x13 = null;
this.x14 = null;
this.x15 = null;
this.x16 = null;
this.x17 = null;
this.x18 = null;
this.x19 = null;
}
}
class B extends A {
constructor() {
super();
}
}
```
we will eventually learn that instances of `B` need 20 in-object
properties. However this breaks with transpiled code (i.e. as
generated via TypeScript or Babel), even when the constructors are
properly chained.
```js
function A() {
this.x00 = null;
this.x01 = null;
this.x02 = null;
this.x03 = null;
this.x04 = null;
this.x05 = null;
this.x06 = null;
this.x07 = null;
this.x08 = null;
this.x09 = null;
this.x10 = null;
this.x11 = null;
this.x12 = null;
this.x13 = null;
this.x14 = null;
this.x15 = null;
this.x16 = null;
this.x17 = null;
this.x18 = null;
this.x19 = null;
}
function B() {
A.call(this);
}
Object.setPrototypeOf(B, A);
```
Here we will always have 10 in-object properties for instances of
`B` (due to the generic over-allocation logic), and the other 10
properties have to be allocated in the out-of-object PropertyArray.
This is unfortunate and actually not necessary. Instead we could just
do the same [[Prototype]] walk on the constructor for regular function
constructors that we perform for derived (native) class constructors.
This CL changes that, such that we give the same treatment to transpiled
class that we have for native classes.
R=verwaest@chromium.org
Bug: v8:8764, v8:8765
Doc: https://bit.ly/v8-instance-presizing-with-transpiled-classes
Change-Id: Iac54391e41c9a39101751a678b3a647269fb009d
Reviewed-on: https://chromium-review.googlesource.com/c/1442643
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59214}
Changes made to the Wasm module builder:
- Create emit_u64v for emitting a LEB128 that conceptually represent
an 64-bits integer.
- Differentiate toBuffer and toUint8Array for returning respectively
ArrayBuffer and a Uint8Array.
- Moved wasmF32Const and wasmF64Const functions because we can take
advantage of the existing cached conversion buffers. Also, declaring
them in the constants file will collide with the module-builder since
they are loaded in the same scope.
- The byte_view buffer (used by some conversions to bytes) switched from
Int8Array to Uint8Array.
Changes made to the Wasm contants:
- Add a new kSharedHasMaximumFlag flag for shared memory with a maximum
value.
Bug: v8:8726
Change-Id: If16c59896cfa1d42008da413e2e144b73a0fa5ce
Reviewed-on: https://chromium-review.googlesource.com/c/1443062
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Cr-Commit-Position: refs/heads/master@{#59213}
This fixes how the interpreter modifies the operand stack in the case
calls with non-zero parameter or return count throw an exception. The
interpreter raises the exception before arguments are popped and before
results are pushed onto the stack. This makes the control transfer
analysis fit this model. It also makes the tests trigger this aspect.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8091
Change-Id: I001fc4bc0030393d3c97be3fa9425bc540575071
Reviewed-on: https://chromium-review.googlesource.com/c/1445972
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59212}
This patch changes the parser to allow for-of initializer
var-redeclaration of non-destructured catch parameters.
Previously, the spec allowed var-redeclaration of a
non-destructured catch parameter…
try {} catch (e) { var e; }
…except in the particular case where the var declaration is
a for-of initializer:
try {} catch (e) { for (var e of whatever) {} }
https://github.com/tc39/ecma262/pull/1393 removes this strange
exceptional case. This patch implements that change.
BUG=v8:8759
Change-Id: Ia4e33ac1eab89085f8a5fdb547f479cfa38bbee5
Reviewed-on: https://chromium-review.googlesource.com/c/1444954
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59209}
The test defined a function called "Register" which clashes with other functions
with the same name.
NOTRY=true
TBR=sigurds@chromium.org
BUG=v8:8179
Change-Id: I7ddfc481cd1de750272de7b43e2e7f9fe26626a9
Reviewed-on: https://chromium-review.googlesource.com/c/1445982
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59208}
Only Heap::GcSafeFindCodeForInnerPointer requires the chunk map.
Other large object spaces use more the efficient
MemoryChunk::FromAnyPointerAddress.
Additionally, this patch renames Register/Unregister to AddPage/RemovePage
to be consistent with other spaces and makes them virtual.
Bug: chromium:852420
Change-Id: I8d637bb59e15bd61fe452fda7f4a55049d32030c
Reviewed-on: https://chromium-review.googlesource.com/c/1439417
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59207}
This is an initial step towards clarifying the layout of the
instruction area. As follow-ups, we should remove additional
safepoint and handler table offset parameters, and perhaps alter
Code::safepoint_table_offset (handler_table) semantics to always
contain a real offset and avoid the magic 0 signifying nonexistent
tables.
Bug: v8:8758
Change-Id: I9f54629ff3ddad69904b0e1ce2a58e047397aa15
Reviewed-on: https://chromium-review.googlesource.com/c/1434036
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59202}
This implements preliminary handling of exceptions thrown by external
functions that have been imported into the module. Note that handling
internal function is still missing, but tests have been added.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8091
Change-Id: I9d07739d8b4715a5643114fd7a868cdd8d72efd0
Reviewed-on: https://chromium-review.googlesource.com/c/1445751
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59199}
In future, weak handles will be considered as independent and MarkActive() will
not be supported anymore. Users should switch to TracedGlobal, when relying on
special cases for using handles with v8::EmbedderHeapTracer.
Bug: chromium:923361, v8:8562
Change-Id: Ic6e01a1ab59a25c5fb0aa2ebfb8ddb02e454d72d
Reviewed-on: https://chromium-review.googlesource.com/c/1443064
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59194}
TracedGlobal integrates with the use case of EmbedderHeapTracer and replaces
regular weak Global or Persistent nodes for such cases. This allows to simplify
the case for regular weak handles in a sense that they follow regular weak
semantics (if the underlying object is otherwise unreachable the weak handle
will be reset).
TracedGlobal requires slightly different semantics in the sense that it can be
required to keep them alive on Scavenge garbage collections because there's a
transitive path that is only known when using the EmbedderHeapTracer.
TracedGlobal accomodates that use case.
TracedGlobal follows move semantics and can thus be used in regular std
containers without wrapping data structure.
The internal state uses 20% less memory and allows for only iterating those
nodes when necessary. The design trades the virtual call when iterating
interesting persistents in the GC prologue with calling out through the
EmbedderHeapTracer for each node which is also a virtual call. There is one less
iteration over the set of handles required though and the design is robust
against recursive GCs that mutate the embedder state during the prologue
callback.
Bug: chromium:923361
Change-Id: Idbacfbe4723cd12af9de21058a4792e51dc4df74
Reviewed-on: https://chromium-review.googlesource.com/c/1425523
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59183}
Enables WebAssembly's js-api module/customSection. The specification has
been updated; see https://github.com/WebAssembly/spec/issues/915. V8 was
already using DOMString.
Bug: v8:8633
Change-Id: I4c3e93c21594dbba84b3697e7e85069c3ff8b441
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/1415554
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59182}
This fixes RunWasmInterpreter_* tests on big endian mips/ppc/s390.
Change-Id: I4b9b767d0de45004ee1195ac225c6d1027c17a05
Reviewed-on: https://chromium-review.googlesource.com/c/1439517
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59174}
On Liftoff bailout, instead of binding all unbound labels (to avoid
triggering DCHECKS in their destructor), just Unuse them.
R=mstarzinger@chromium.org
Bug: chromium:924843
Change-Id: Icf581bca06eaa7369ab2bbd5d805112289d6a801
Reviewed-on: https://chromium-review.googlesource.com/c/1442645
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59172}
In some test-run-wasm-js cctests we want to call wasm code through the
js-to-wasm wrapper. This did not work if we wanted to run the wasm code
in the interpreter, because we never compiled a WasmInterpreterEntry,
and we did not patch the jump table.
With this CL we do both now.
R=clemensh@chromium.orgCC=fgm@chromium.org
Change-Id: I49971c5079053ed572928da7eab3e6ea3cb57c25
Reviewed-on: https://chromium-review.googlesource.com/c/1435941
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59170}
During execution, the tier can be switch from Liftoff to TurboFan. We
already handle this in some locations by getting the tier before
execution, so that we later know which was the requested tier for that
unit.
In the case of the --wasm-tier-mask-for-testing flag, this accounting
was not right because the tier was already switched in the constructor.
This CL changes the compilation units to store both the requested and
the executed tier explicitly, so we know which counter to decrement
when the unit finishes.
R=ahaas@chromium.org
Bug: chromium:925671
Change-Id: I673463135e9b3ab17e40cfdfd5d3a526ad5a9b79
Reviewed-on: https://chromium-review.googlesource.com/c/1442639
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59168}
There is no linking stage any more, and all the {Link} method did was
to set the module to executable. Thus rename the method to reflect that.
R=ahaas@chromium.org
Bug: v8:8562
Change-Id: Ifc83b5cbbb1377312d7c318e50a0f9d1ede45aa6
Reviewed-on: https://chromium-review.googlesource.com/c/1439237
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59167}
This is a followup change for https://crrev.com/c/1437275 to keep
the core wasm spec tests in sync with the tests checked out in
test/wasm-js/data.
R=clemensh@chromium.org
Change-Id: I3c78c5db647e9c871b4c64efbc9656acd1266efb
Reviewed-on: https://chromium-review.googlesource.com/c/1442638
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59166}
Currently, errors somewhere deep in a promise chain are not reported as
test failures. We would print the error, but still return with exit
status 0. This CL fixes this to treat any uncaught exception as
failure, as we already do in {Shell::ExecuteString}.
R=yangguo@chromium.org
Change-Id: Idc4e58cc0d45f8fca3f7b2c5070ab68d317fc00b
Reviewed-on: https://chromium-review.googlesource.com/c/1439378
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59165}
