1) Make sure we don't enable prototype setup mode for parent class and its prototype
objects.
2) Make sure we create builtins and their prototypes with completed setup mode.
3) Drive-by-fix: setup typed array classes in bootstrapper.cc instead of typedarray.js,
and drop %FunctionSetPrototype().
Bug: v8:7115, v8:5902
Change-Id: I58ac091d85647abc3307bd47baf48e378e3695c5
Reviewed-on: https://chromium-review.googlesource.com/790992
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49655}
This extends the typing rule for NumberTrunc to deal with general number
inputs properly, thus addressing a long-standing TODO. We also add test
cases to ensure that the typing rule gets the corner cases for NaN and
-0 right.
Bug: v8:5267, v8:7109
Change-Id: Iedc541a0f4619f37da37ea36940f92472034cdf2
Reviewed-on: https://chromium-review.googlesource.com/792932
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49652}
This extends the typing rule for NumberRound to deal with general number
inputs properly, thus addressing a long-standing TODO. We also add test
cases to ensure that the typing rule gets the corner cases for NaN and
-0 right.
Bug: v8:5267, v8:7109
Change-Id: Ia865ec1d6f8d96f20641bee96891740a9fc6e627
Reviewed-on: https://chromium-review.googlesource.com/792931
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49651}
This extends the typing rule for NumberCeil to deal with general number
inputs properly, thus addressing a long-standing TODO. We also add test
cases to ensure that the typing rule gets the corner cases for NaN and
-0 right.
Bug: v8:5267, v8:7109
Change-Id: I9154e47e58ad106791613db0030051f2a802a981
Reviewed-on: https://chromium-review.googlesource.com/792930
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49650}
This enforces that we use ParseExpressionCoverGrammar, and not ParseExpression,
for several tricky cases. Also clarify comment on ParserBase::ParseExpression().
Change-Id: I1d1289abdf539c96f4b42f97c79a8adf3c06e728
Reviewed-on: https://chromium-review.googlesource.com/783171
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49647}
Besides avoiding the weird hack of inserting a statement at the 0th
index of the function body, we also avoid allocating (and initializing)
the variable if it's unreferenced (which I'd wager is the common case).
Bug: v8:6092
Change-Id: If917d422bb4818cf21e8272aa786ca84d4472802
Reviewed-on: https://chromium-review.googlesource.com/784092
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49646}
Pull most JSTypedArray source arguments onto the fast path.
Same source & target elements-kinds simply call memmove. Other
combinations call directly into C and reuse ElementsAccessor logic.
Only overlapping source & target args with differing elements-kinds
remain on the slow runtime path.
Bug: v8:7123, v8:3590
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I80284b61478b0e3266b8f16bde8a56bd90f080b0
Reviewed-on: https://chromium-review.googlesource.com/788857
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49643}
Introduce new runtime flag that forces to always use
slow path for regex, promise and array builtins. It
works in DEBUG or with new compile time flag
ENABLE_FASTSLOW_SWITCH.
It will be used in the fast/slow path fuzzer or as a
testing variant to ensure that slow path implementation
behave equivalent to corresponding fast paths (where
applicable).
Bug: v8:7120
Change-Id: Ia2a4ab7aca5051e852723782c529bd2e8e5925ca
Reviewed-on: https://chromium-review.googlesource.com/787291
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49642}
In order to implement CacheState merging correctly, we need to know at
least the register type to be used for each stack slot. For stack
slots, this is not stored currently. Since there is enough space
available in the VarState anyway, we just always store the full type,
which will allow also for other optimizations like not always spilling
and filling the full 8 bytes.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I6c7c1d39847063591bf72b7f186a2128295d889b
Reviewed-on: https://chromium-review.googlesource.com/789861
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49641}
Just use the default operators instead of reimplementing them for
{Steal} and {Split}.
Drive-by: Remove unactionable TODO.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I7556cbf7264cf271b2e8966a5e96ca8e41eb3e73
Reviewed-on: https://chromium-review.googlesource.com/789862
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49640}
Implement the new spec behavior that says construction from a neutered
buffer should throw after the ToIndex call on the length argument.
Bug: v8:6216
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I219a107730b53fca639bc813f68f7ddc27e79017
Reviewed-on: https://chromium-review.googlesource.com/789847
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49639}
Previously we only created synthetic variables in the parser and not
in the preparser, causing mismatch in the preparsed scope data.
This patch creates the variables in both parsers.
Bug: v8:5367
Change-Id: I9c511d0b9212bd36816956b06dc204b0b5920e1c
Reviewed-on: https://chromium-review.googlesource.com/789848
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49637}
Within SanitizeImports it is possible that JavaScript code gets executed
therefore we have to open the CodeSpaceMemoryModificationScope after
SanitizeImports.
R=clemensh@chromium.org
Bug: chromium:788469
Change-Id: Ide9bbd4ee4613b28380979d4a6c66d26e6a9406f
Reviewed-on: https://chromium-review.googlesource.com/789936
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49635}
This adds a fast path that avoids the runtime transition for JSArray
source arguments with {packed,holey} {smi,double} elements kinds.
The fast path currently calls straight into C and copies there using
elements accessor logic.
Local tests show a 4x speedup when copying from 1-element JSArrays.
As the source array becomes larger, the time spent copying elements
begins to dominate.
Bug: v8:3590
Change-Id: I05ebe54d7b255d0a76ad46ac11ce7cfd516b8ac8
Reviewed-on: https://chromium-review.googlesource.com/789010
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49634}
VarState was a struct so far, but gained more and more functionality.
Even more will be added for supporting floating point operations.
Thus, make this a proper class.
Drive-by: Order all switch cases to first handle the stack case, then
register, then constant.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I694613ebc4910bcf74a1617485bd72878f46e987
Reviewed-on: https://chromium-review.googlesource.com/789937
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49632}
This fixes the computation of the {may_have_interesting_symbols} flag
for the last map computed in {Map::AddMissingTransitions} method. The
last map is allocated ahead of time, but the flag is only correct once
the descriptors are actually installed in the end.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-786020
BUG=chromium:786020
Change-Id: Iff97780609fe596437eb6bea85606a1c3bb2ac4c
Reviewed-on: https://chromium-review.googlesource.com/789839
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49631}
The GcSafe* methods rely on Heap internals and should thus belong to Heap.
Bug:
Change-Id: I4e6468d51c4dda1d10e94568698e05bee1b56b40
Reviewed-on: https://chromium-review.googlesource.com/789935
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49630}
Previously, the class fields initializer function was stored on a
synthetic context allocated variable. This approach had sevaral
problems:
- We didn't know that class literal had fields until after we had
completely parsed the class literal. This meant that we had to go back
and fix up the scope of the constructor to have this synthetic
variable. This resulted in mismatch between parser and preparsed scope
data.
- This synthetic variable could potentially resolve to an initializer
of an outer class.
For ex:
class X extends Object {
c = 1;
constructor() {
var t = () => {
class P extends Object {
constructor() {
var t = () => { super(); };
t();
}
}
super();
}
t();
}
}
In this the inner class P could access the outer class X's initiliazer
function. We would have to maintain extra metadata to make sure this
doesn't happen.
Instead this new approach uses a private symbol to store the
initializer function on the class constructor itself.
For the base constructor case, we can simply check for a bit on the
constructor function literal to see if we need to emit code that loads
and calls this initializer function. Therefore, we don't pay the cost
of loading this function in case there are no class fields.
For the derived constructor case, there are two possiblities:
(a) We are in a super() call directly in the derived constructor:
In this case we can do a check similar to the base constructor check,
we can check for a bit on the derived constructor and emit code for
loading and calling the initializer function.
This is usually the common case and we don't pay any cost for not using
class fields.
(b) We are in a super() call inside an arrow function in the derived
constructor:
In this case, we /always/ emit code to load and call the initializer
function. If the function doesn't exist then we have undefined and we
don't call anything. Otherwise we call the function.
super() can't be called twice so even if we emit code to load and call
the initializer function multiple times, it doesn't matter because it
would have already been an error.
Bug: v8:5367
Change-Id: I7f77cd6493ff84cf0e430a8c1039bc9ac6941a88
Reviewed-on: https://chromium-review.googlesource.com/781660
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49628}
This increases the maximum nesting level for memory modification scopes
from 3 to 4. It is a follow-up to WebAssembly optimizations which did
increase the total nesting in favor of performance. This also hoists
out the value into a constant, so that it is easier to change.
R=ahaas@chromium.org
BUG=v8:6792,chromium:787731
Change-Id: Ib60a7d66cdf42227d6b717a38c0923bcbbacf8dc
Reviewed-on: https://chromium-review.googlesource.com/788859
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49626}
When compaction is aborted we used to remember this in a data structure
and in a flag on the page that was set by the compacting thread.
Setting the flag races with other threads recording old-to-old slots and
thus checking the page's flags.
Since we already record the page in a data structure, we can delay
setting the flag on the page until post processing aborted compaction
pages right after the evacuation phase.
Bug: v8:7125
Change-Id: I20d109f0f69cf8eab90ed355c113abc6a2f606da
Reviewed-on: https://chromium-review.googlesource.com/789931
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49625}
The chromium style guide allows the use of c++14 features
(https://chromium-cpp.appspot.com/).
Thus ycm should use c++14 by default.
R=bmeurer@chromium.org
Change-Id: I6eca99931d117ad57213e8c6e18e75d83b7fd675
Reviewed-on: https://chromium-review.googlesource.com/789873
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49624}
... and use it for allocation of FixedArray-based objects with custom maps.
Change-Id: Id31d05cf506e3607210fe7fdaf05f55053de5e2a
Reviewed-on: https://chromium-review.googlesource.com/789113
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49622}
It is not possible to simulate big-endian systems on X64/X86,
so snapshots must be generated natively or using an emulator
such as qemu.
Bug:
Change-Id: Ib7ea6fe27ea5da19f270251f18fbc5f1c43413ce
Reviewed-on: https://chromium-review.googlesource.com/771673
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#49621}
Redirect forwards stdout to a file for the duration of a gdb command.
This is useful when inspecting very large objects that generate several pages
of output in a gdb session.
If the GDB_EXTERNAL_EDITOR environment variable is set, popup will
automatically open the generated temporary file in the provided editor.
A simple default that works is GDB_EXTERNAL_EDITOR="gnome-open". Note that
this should be a GUI editor since you would otherwise interrupt the
active gdb session.
redirect jco 0x12345678
redirect x/2000xg 0x12345678
Examples:
Change-Id: I2db78112a0141427c83813d16d94a19bc2cffddf
Reviewed-on: https://chromium-review.googlesource.com/788861
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49620}
During WebAssembly compilation and instantiation we entered a
{CodeSpaceMemoryModificationScope} several times per function. This
introduced significant overhead, see the referenced bug. With this CL
we enter the {CodeSpaceMemoryModificationScope} on a per-module
granularity and not on a function granularity. We enter now the
following scopes:
* one scope for the whole synchronous compilation;
* one scope for each finishing step in asynchronous compilation (each
step finishes multiple functions);
* one scope for module instantiation, without the execution of the
start function.
Locally these changes reduced the overhead significantly.
R=mstarzinger@chromium.org, titzer@chromium.orgCC=clemensh@chromium.org
Bug: chromium:787731
Change-Id: I5c5694544a97f4c1e5a2a29da9a005d0ca7616bd
Reviewed-on: https://chromium-review.googlesource.com/787851
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49618}
This removes:
- V8::AddGCPrologueCallback
- V8::RemoveGCPrologueCallback
- V8::AddGCEpilogueCallback
- V8::RemoveGCEpilogueCallback
The emebedder should use the Isolate versions of these functions.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I7974bc7478e542f29483cf939b33dbb872a3b41d
Reviewed-on: https://chromium-review.googlesource.com/788053
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49617}
In snapshots with several contexts, some contexts may not reference
function or object templates, and therefore would not require external
references for deserialization. However, function and object templates
are deserialized with the isolate as part of the partial snapshot cache,
so we would need these external references even if we only use contexts
that don't need them.
With this patch, we use a fallback in case no external references are
provided. This way, we only run into issues when we actually call native
callbacks.
R=jgruber@chromium.org, peria@chromium.org
Change-Id: I6af8a77f26c92bd73fdab6112474c62da270597f
Reviewed-on: https://chromium-review.googlesource.com/784831
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49615}
This is a reland of 4d3bc552b5
Original change's description:
> [coverage] add coverage for binary expressions
>
> Adds block-level coverage tracking for binary && and ||
> expressions. Introduces a BinaryOperation source-range
> for tracking the operations themselves and an Expression
> source-range, used for tracking NaryLogical expressions.
>
> This builds on work by jgruber@chromium.org in
> the issue.
>
> TBR=marja@chromium.org
> R=jgruber@chromium.org, rmcilroy@chromium.org
>
> Bug: v8:6660
> Change-Id: I83a81f13a3514a734c06948b2d3e91138fb00e18
> Reviewed-on: https://chromium-review.googlesource.com/754564
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49304}
Bug: v8:6660
Change-Id: I1c8571660d6c501d526886867bd841c49d5c44fd
Reviewed-on: https://chromium-review.googlesource.com/778288
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49613}
A bytecode array can be serialized while concurrent marking is running
and aging the bytecode array, which results in a data race.
This patch ensures that the age byte of a bytecode array is not
accessed during serialization.
Bug: v8:7085
Change-Id: I83e4b67fbef0754bf75015b4d1b9b660a0cd402f
Reviewed-on: https://chromium-review.googlesource.com/785677
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49612}
- Fast path for same type source typed array
- Move previous CPP implementation into a runtime function "TypedArraySet"
- Remove parts covered by the TFJ
- Basic receiver, offset, source checks
- Handling of same type source typed array
Bug: v8:3590
Change-Id: I0f19d961424c30cc8bbcb8648b623e7e6dfa33f4
Reviewed-on: https://chromium-review.googlesource.com/786414
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49608}
The existing access to the signatures is plain wrong. This CL fixes
this.
Note that cross-instance indirect calls are only enabled since a few
days (https://crrev.com/c/778159), which is why this bug was not
detected before.
R=titzer@chromium.org
Bug: chromium:787910
Change-Id: Iaac4d1d85840c921eb8554c5094933ec8d987802
Reviewed-on: https://chromium-review.googlesource.com/787312
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49607}