We emitted rotation by 24 bits with bitwise and, but that is wrong
because the low 8 bits can wrap around and "leak" into the result.
Bug: chromium:739902
Change-Id: Id49251e89405afb1581b8c60cde808c2d8bf693d
Reviewed-on: https://chromium-review.googlesource.com/645848
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47746}
This violated the style guide, and caused problems for jumbo builds.
R=titzer@chromium.orgCC=mostynb@opera.com
Bug: chromium:746958
Change-Id: Iaa75d444f5b5f595c54058de14b394119390921c
Reviewed-on: https://chromium-review.googlesource.com/645529
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47744}
They violate the style guide, and cause problems for jumbo builds.
This CL removes all occurrences in src/wasm except for the file
wasm-objects.cc, which is a bit more involved and will be fixed in a
separate CL.
R=titzer@chromium.orgCC=mostynb@opera.com
Bug: chromium:746958
Change-Id: If5d9c03e0d6fa364e1d21feda49773468a48fba6
Reviewed-on: https://chromium-review.googlesource.com/645707
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47743}
Except registration all calls should be dominated by actual visiation
and/or copying.
Bug:
Change-Id: Iccc58253d627ecf4b4525de5824f76c048c35150
Reviewed-on: https://chromium-review.googlesource.com/645128
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47742}
Use int instead of byte to store the source position when computing a
location based on the stack trace stored in an error object.
Also add tests, since this code path was not covered before (not even
for small position where it would have succeeded).
Also, add some comments about which positions are 0-based and 1-based.
R=titzer@chromium.org
Change-Id: I313dcd6c47b77093ced9bb687415715d04eafb97
Reviewed-on: https://chromium-review.googlesource.com/645527
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47739}
Now that the ticks are stored in the feedback vector the function
parameter to CodeStubAssembler::UpdateFeedback is unused and we
can remove it (and the need to load the closure on the use sites).
Change-Id: I60bdebd2003ab707a7ad8451d0cb2189b70fd9cf
Reviewed-on: https://chromium-review.googlesource.com/645626
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47738}
This test documents the basic behavior of the EnumCache which is shared
on the DescriptorArray.
Change-Id: Idd40670d99d81bb5e4b6161ffc47f2898ca9d2a9
Reviewed-on: https://chromium-review.googlesource.com/643297
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47735}
This reverts commit c6b153fd69.
Reason for revert: Doesn't compile on the tree.
Original change's description:
> [cctest] Add fuzz tests for generating parallel moves.
>
> These new tests are somewhat similar to the existing gap resolver tests except
> we use the code generator and eventually run the generated code. The main idea
> is to cover cases that are difficult to hit, such as move from/to slots which
> are out of range of loads and stores, but may happen nonetheless.
>
> At this time, the tests only make sure the code generator actually generated
> some code, and that this code runs. In the future, it would be great to also
> check that the moves were actually performed.
>
> Bug: v8:6553
> Change-Id: I089a25fa05b3a20649658bb8952926ab11f91d68
> Reviewed-on: https://chromium-review.googlesource.com/574850
> Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47733}
TBR=bbudge@chromium.org,danno@chromium.org,jarin@chromium.org,pierre.langlois@arm.com,bmeurer@chromium.org
Change-Id: I875ab38e039fdbf58b8f08658c391147d2ec01fa
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6553
Reviewed-on: https://chromium-review.googlesource.com/645446
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47734}
These new tests are somewhat similar to the existing gap resolver tests except
we use the code generator and eventually run the generated code. The main idea
is to cover cases that are difficult to hit, such as move from/to slots which
are out of range of loads and stores, but may happen nonetheless.
At this time, the tests only make sure the code generator actually generated
some code, and that this code runs. In the future, it would be great to also
check that the moves were actually performed.
Bug: v8:6553
Change-Id: I089a25fa05b3a20649658bb8952926ab11f91d68
Reviewed-on: https://chromium-review.googlesource.com/574850
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47733}
heap-inl.h exposes the whole world, which is fine from other inline
files but not from regular headers.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I09ec67c6558682cb0d5181031bc39341a3f4c5bf
Reviewed-on: https://chromium-review.googlesource.com/643294
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47729}
When calling
Object(value)
where the value is known to be a JSReceiver, we can just replace it with
value, as the Object constructor call is a no-op in that case. Otherwise
when value is known to be not null or undefined then we can replace the
Object constructor call with an invocation of ToObject.
This covers the common pattern found in bundles generated by Webpack,
where the Object constructor is used to call imported functions, i.e.
Object(module.foo)(1, 2, 3)
There's a lot of detail in https://github.com/webpack/webpack/issues/5600
on this matter and why this pattern was chosen.
Bug: v8:6772
Change-Id: I2b4f0b4542b68b97b337ce571d6d79946c73d8bb
Reviewed-on: https://chromium-review.googlesource.com/643868
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47728}
PreParser and Parser didn't agree whether a generator in a sloppy block is a
sloppy block function or not, and thus the data generated by PreParser was
inconsistent with what the Parser wanted to restore.
BUG=v8:5516, chromium:760116
Change-Id: I0fd3c267691b8afd63a1336774769caf551c143e
Reviewed-on: https://chromium-review.googlesource.com/642886
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47727}
This patch introduces a new container type ScriptOrModule which
provides the name and the host defined options of the script/module.
This patch also introduces a new PrimitivesArray that can hold
Primitive values, which the embedder can use to store metadata.
The HostDefinedOptions is passed to V8 through the ScriptOrigin, and
passed back to the embedder through HostImportModuleDynamically for
module loading.
Bug: v8:5785, v8:6658, v8:6683
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I56c26fc9a680b273ac0a6691e5ad75f15b8dc80a
Reviewed-on: https://chromium-review.googlesource.com/622158
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47724}
CaseClause never made sense as an Expression; this CL allows us to
remove several UNREACHABLEs and slim down the representation of
CaseClause by removing its source position (which was only used
in prettyprinting).
The only real fallout of this change is that SourceRangeMap now
stores its keys as ZoneObject*, rather than AstNode*, but since
there's already compile time typechecking for inserting items
into the map this shouldn't cause any ill effects.
While modifying CaseClause, also removed the dead body_target()
accessor (and related member variable). Thus this CL overall
reduces the memory needed for each CaseClause by two words.
Bug: v8:6092
Change-Id: I0021c0590a69e29305c41ec6105c8824ae0cc25b
Reviewed-on: https://chromium-review.googlesource.com/639316
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47722}
Jumps (and returns) in Ignition update the interrupt budget, and call
into the runtime if the budget drops below zero. Since forward jumps
only ever increase the budget, we don't need to generate this check or
the call for them at all.
Change-Id: I8c4ae15edab39a3a5725a98f38efba3a16243d91
Reviewed-on: https://chromium-review.googlesource.com/643209
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47720}
I found that v8 will crash when --print-code is turned on while Regexp
is interpreted. It crashes when trying to print Relocation info during
Disassembly. It should probably avoid printing out disassembly when the
Code object is a bytecode regexp.
Bug:
Change-Id: I35b531cb03996a303248652871452266c78fee38
Reviewed-on: https://chromium-review.googlesource.com/642127
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#47718}
It has exactly the inverse meaning of CHECK_ERROR. Since CHECK_ERROR is
used in the majority of the cases, and is more readable in most cases,
this CL replaces all uses of VALIDATE by CHECK_ERROR.
It also includes a few minor refactorings of the touched code.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I3d6b3b8bfd131e14f0d852b07622382b11b488f0
Reviewed-on: https://chromium-review.googlesource.com/643268
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47717}
This is a reland of 15fe64c0e5
Original change's description:
> [wasm] Handle non-asm-js case in WasmCompiledModule::GetAsmJsSourcePosition.
>
> This hides more implementation details and simplifies callers.
>
> R=ahaas@chromium.org
>
> Bug:
> Change-Id: I4809611c55b810a3b0674713e12f3f17401e6c9c
> Reviewed-on: https://chromium-review.googlesource.com/620713
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47434}
Change-Id: Ica097f43e5f9122eb44b537822f9021d5eab2703
Reviewed-on: https://chromium-review.googlesource.com/643207
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47716}
Script::SetEvalOrigin() could do a stackwalk depending on whether one of
its arguments is a sentinel value. This is somewhat surprising behavior,
and since this function has just one caller, it makes more sense to do
this in that location.
R=mstarzinger@chromium.org
Bug:
Change-Id: Iddd38b42d9a3a8f4898aafb20fe165dfee51d516
Reviewed-on: https://chromium-review.googlesource.com/643386
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47715}
intl_date_time_format_function is only set in i18n builds. Use
opaque_reference_function to test for Builtins::kIllegal instead.
TBR=yangguo@chromium.org
NOTREECHECKS=true
NOTRY=true
Bug: v8:6624
Change-Id: I0631862e6e022d222b52dceb58a8fe65f7d6a4e8
Reviewed-on: https://chromium-review.googlesource.com/643506
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47714}
Use the DEFINE_FIELD_OFFSET_CONSTANTS macro to define the fields in the
BytecodeArray layout description.
Change-Id: I89ff2d7cd967aa1a503cbedd5d95dcd80f4d038c
Reviewed-on: https://chromium-review.googlesource.com/643130
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47713}
Lazy deserialization needs to determine the underlying builtin by looking at
the SharedFunctionInfo.
This packs the builtin_id into the SFI::function_data field, and adds
convenience functions to Code as a drive-by addition.
Bug: v8:6624
Change-Id: I59093815aa6937342302153ebc95dd60edb0064e
Reviewed-on: https://chromium-review.googlesource.com/641490
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47712}
And reuse the CHECK_ERROR and VALIDATE macros.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ibeabdf0815418b6c70e2441ed9267261eb8883b6
Reviewed-on: https://chromium-review.googlesource.com/643131
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47711}
To deserialize builtins individually, we need to preserve their starting
offsets within the serialized data.
Bug: v8:6624
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I48a48330aeb63de2c8cfcbea6fb94e1b2917495c
Reviewed-on: https://chromium-review.googlesource.com/637774
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47708}
Aligns behavior with other allocate calls in factory that allow
choosing the generation depending on the use case.
Bug: v8:6771
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I63b95de7e664a51af8ca24a75f2122dfe1792c42
Reviewed-on: https://chromium-review.googlesource.com/642799
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47707}
This is a reland of 49e3bfd572
Original change's description:
> [snapshot] Move builtins to dedicated snapshot area
>
> As a first step towards lazy builtin deserialization, this CL moves
> builtins to their own dedicated area in the snapshot blob, physically
> located after startup data and before context-specific data.
>
> The startup- and partial serializers now serialize all seen builtins as
> references, i.e. they only encode the relevant builtin id (taking care
> to preserve special behavior around the interpreter trampoline and
> CompileLazy). Builtins are later fully serialized by the
> BuiltinSerializer. The separate blobs are finally glued together by
> CreateSnapshotBlob.
>
> Deserialization takes the same steps: when we see builtin reference
> bytecodes before builtins have been deserialized, we push to a list of
> deferred builtin references. After builtin deserialization, this list is
> iterated and all builtin references are fixed up.
>
> Bug: v8:6624
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: Idee42fa9c92bdbe8d5b8c4b8bf3ca9dd39634004
> Reviewed-on: https://chromium-review.googlesource.com/610225
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47596}
Bug: v8:6624
Change-Id: I8bfac56c482d992987c270bf0fea7acd9e4ca0c7
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/638271
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47705}
Daniel Bratell reports:
> v8 had a couple of files that were very slow to compile before jumbo
> and if those now end up in the same translation unit, then I can see
> how that translation unit can take an extreme time to get through
> the compiler.
>
> From one of my test builds (times in seconds):
> 49.7 v8_base/objects.o
> 44.0 v8_base/code-stub-assembler.o
> 32.9 v8_base/api.o
> 30.5 v8_base/elements.o
> 25.9 v8_builtins_generators/builtins-regexp-gen.o
> 22.8 v8_base/parser.o
> 21.2 v8_base/heap.o
>
> All of these are in the slowest 0.1% ninja jobs so they are extreme
> in some way. I think I would just exclude them all (or at least the
> 30s+ ones) completely from jumbo.
BUG=chromium:746958
Change-Id: I01741109def4f9ac7c946319374076eb7b9d03b6
Reviewed-on: https://chromium-review.googlesource.com/637971
Commit-Queue: Mostyn Bramley-Moore <mostynb@opera.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47703}
This CL introduces two tests to verify that the correct memory is
accessed when a wasm module invokes an wasm function imported from a
second module that accesses its (i.e., second module's) memory.
The first test verifies that the second module's memory is accessed in
case the first module does not have memory. In the second test, both the
modules have memory.
R=ahaas@chromium.org,clemensh@chromium.org,gdeepti@chromium.org
Change-Id: I75c3a5335583a91af0e7e4179c482142165b1c01
Reviewed-on: https://chromium-review.googlesource.com/637837
Commit-Queue: Enrico Bacis <enricobacis@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47702}
To enable executing code in a context of a particular time or date (e.g. when
codepath depends on whether it's say evening or New Year) there is a need for
a way to provide it bypassing actual system time.
Bug: chromium:751993
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iee35d97b74345f63fff814a65a6f134d7c970341
Reviewed-on: https://chromium-review.googlesource.com/598666
Commit-Queue: Sergei Datsenko <dats@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47700}
Introduce a proper empty_descriptor_array, which has the proper layout
(length is 2 and the two fields are set properly). Also add a special
EnumCache class and a matching empty_enum_cache. The contract now is
that we only need to check the EnumLength on the map to know whether we
are allowed to use the enum cache. This greatly simplifies the handling
of the enum cache (and also the descriptor arrays), especially for the
future work on optimizing keyed access via the enum cache indices.
Bug: v8:6702
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I5ef517a3041163cd65ef003f691139ea52233e83
Reviewed-on: https://chromium-review.googlesource.com/641030
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47697}