No need to create allocation site for literals in oneshot code since
they are executed only once. The interpreter emits a runtime call to
CreateObjectLiteralWithoutAllocationSite for creating literals in
oneshot code instead.
Change-Id: I224b3a30f10361cfe9ff63129b36da8230c5e403
Reviewed-on: https://chromium-review.googlesource.com/1163615
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55050}
In Trunc_ul_d and Trunc_ul_s, register result is optional and
this is signaled by setting its value to invalid.
AreAliased expects that all registers are valid. For this reason
the compilation fails in snapshot generation mode.
This CL fixes the issue by calling AreAliased macro only
with valid registers.
Change-Id: Iae931447887b94e64b19b50c53e605656b8c3906
Reviewed-on: https://chromium-review.googlesource.com/1170766
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#55049}
This reverts commit 60d1277f66.
Reason for revert: This is not sound as long as cast<FixedDoubleArray>() doesn't do the same.
Original change's description:
> [csa] CSA type checks: allow the empty FixedArray to be CAST() to FixedDoubleArray
>
> This should allow to re-land https://crrev.com/c/1039190
>
> Bug: chromium:871886
>
> Change-Id: If815537410b3fa09902026dc26205421f5c36ae5
> Reviewed-on: https://chromium-review.googlesource.com/1169019
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55015}
TBR=jarin@chromium.org,tebbi@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:871886
Change-Id: Ib81f3a069776f9e1aa01d16b9d4979de7c56fcde
Reviewed-on: https://chromium-review.googlesource.com/1170742
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55043}
This is a reland of f991465b42
Original change's description:
> [wasm] Publish new code from the background threads.
>
> R=clemensh@chromium.org
> BUG=v8:7921
>
> Change-Id: Ib86cb5f742907b6e54365827facfc765867ca22e
> Reviewed-on: https://chromium-review.googlesource.com/1156384
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54985}
Bug: v8:7921
Change-Id: I08c5eb689fe4f8ef2f7b576f0145eb0ae617fd9d
Reviewed-on: https://chromium-review.googlesource.com/1170603
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55042}
This adds a new command abstraction for running commands on Android
using dockered devices on swarming.
The new abstraction handles pushing all required files to the device.
The logic used for pushing and running is reused from the perf runner.
This adds only the mjsunit test suite. Others will be handled in
follow up CLs. The suite logic is enhanced with auto-detection of files
to be pushed to devices, for e.g. load or import statements.
Some test cases need an extra resource section for specifying required
files.
Remaining failing tests are marked in the status files for later
triage.
Bug: chromium:866862
Change-Id: I2b957559f07fdcd8c1bd2f7034f5ba7754a31fb7
Reviewed-on: https://chromium-review.googlesource.com/1150153
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55041}
This is a reland of c1226cea1ec11d5b766226c912c475647a731274
Original change's description:
> [scanner] Simplify TemplateSpan raw literal character handling
>
> Instead of adding and removing literal chars, only add raw literal characters when we have to and never remove them.
>
> Change-Id: Ib604c8c9fb69a96708eec3a03de102e0668c01d7
> Reviewed-on: https://chromium-review.googlesource.com/1167505
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Caitlin Potter <caitp@igalia.com>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Change-Id: Ia15501d75c3beaf336e90a80e0abb738f696ef9e
Reviewed-on: https://chromium-review.googlesource.com/1170604
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55040}
This CL adds a ToObject_Inline CSA macro that avoids the "ToObject"
builtin call if the passed argument is already a JSReceiver.
The CL also replaces all occurences of ToObject in Torque code with
ToObject_Inline.
R=jgruber@chromium.org
Change-Id: I1cd66d5d51dde5a93d9a0c55489b13a6f4ba9dc2
Reviewed-on: https://chromium-review.googlesource.com/1169819
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55039}
Log::MessageBuilder was already escaping most unsafe characters when
they were being logged, but plain backslashes were not. Merely updating
the existing escaping path was not sufficient, as recursion would cause
escape codes to be doubly escaped. This patches refactors the API to
ensure incoming text is escaped exactly once.
Bug: v8:8039
Change-Id: Id48aabf29fb6153189ae4a1ad7dfaaf4b41b62ad
Reviewed-on: https://chromium-review.googlesource.com/1169049
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Bret Sepulveda <bsep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55038}
This assigns dummy instance templates to all WebAssembly API functions
used as constructors. It hence avoids implicit receivers from having the
internal instance types. These objects would never be fully initialized
and causes heap iterations to stumble over these objects.
R=clemensh@chromium.org
BUG=v8:8003
Change-Id: I3c81d8dc3ae4a38e650b390a04170585cb31ec77
Reviewed-on: https://chromium-review.googlesource.com/1170685
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55037}
This CL changes the ArrayPrototypeShift builtin to a CSA macro which
is used in a newly created Torque builtin.
This is in preparation for removing the JavaScript fall-back, which
will be replaced by a baseline Torque implementation.
R=cbruni@chromium.org, jgruber@chromium.org
Bug: v8:7624
Change-Id: I9b7898beea2802cc02d394e040a1e500387cf108
Reviewed-on: https://chromium-review.googlesource.com/1169172
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55036}
Objects created through the API may be of different types then JS_API_* and
WASM types. E.g. a JsGlobalProxy may be created through an ObjectTemplate.
Bug: v8:8022
Change-Id: I393353cc89c82258d7ad3ba460b5bbd94af33090
Reviewed-on: https://chromium-review.googlesource.com/1169021
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55035}
This CL replaces 'let' with 'const' where applicable. This will
generate TNodes instead of TVARIABLEs in the resulting CSA code.
R=jgruber@chromium.org
Bug: v8:8015
Change-Id: I806702c1bfa141e4c934a83c34dd49c321e18ce7
Reviewed-on: https://chromium-review.googlesource.com/1169811
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55033}
Most platforms do not need these methods. Thus, make them private to
the mips headers.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I3fb1a2a3fd9a53dfc55b45763c150911db43b537
Reviewed-on: https://chromium-review.googlesource.com/1169203
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55032}
This CL replaces Delete/SetProperty runtime calls with calls to their
stub version. The stubs will bail to the runtime themselves if they
can't perform the action.
R=jgruber@chromium.org
Bug: v8:8015
Change-Id: I1f141296ee074e028c27a3682e2eb46d9f74c0d9
Reviewed-on: https://chromium-review.googlesource.com/1169810
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55031}
Some clients (see Node.js) use platform path as ScriptOrigin.
Reporting platform path in protocol makes using protocol much harder.
This CL introduced V8InspectorClient::resourceNameToUrl method that
is called for any reported using protocol url.
V8Inspector uses url internally as well so protocol client may generate
pattern for blackboxing with file urls only and does not need to build
complicated regexp that covers files urls and platform paths on
different platforms.
R=lushnikov@chromium.orgTBR=yangguo@chromium.org
Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iff302e7441df922fa5d689fe510f5a9bfd470b9b
Reviewed-on: https://chromium-review.googlesource.com/1164624
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55029}
Port 352e408b0e
Original Commit Message:
Add codegen support for up to 4GiB memories in Liftoff code.
This CL also adds three new mjsunit tests that stress large WASM
memories (1, 2, and 4 GiB) and checks that accesses near these
boundaries properly generate traps.
Note there is still some trickiness around the setting of:
1.) the flag --wasm-max-mem-pages
2.) wasm-limits.h kSpecMaxWasmMemoryPages = 65536
3.) wasm-limits.h kV8MaxWasmMemoryPages = 32767
In particular, the allocation of memories is still limited to
3.) and the runtime flag can only lower this limit.
The above means that the tests for 2GiB and 4GiB memories will silently
OOM by design until 3.) is changed (though they currently pass with
manual testing). I argue it is better to include these tests up front,
since they will immediately trigger if their memory allocation succeeds.
Therefore the plan is to lift the restriction on 3.) after removing
all other other internal V8 limitations including array buffers and views.
R=titzer@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:7881
LOG=N
Change-Id: Ice70a9ac5a9a26b08cc77acb7deec98305574d01
Reviewed-on: https://chromium-review.googlesource.com/1167914
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55026}
This CL changes the order of the parameters of HasProperty to be
more consistent with other CSA macros.
Drive-by-change: Use HasProperty stub directly in Torque.
R=jgruber@chromium.org
Bug: v8:8015
Change-Id: I73d1096afbb86d52e2af67c1969549f1158448a7
Reviewed-on: https://chromium-review.googlesource.com/1166831
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55025}
The HasProperty builtin differed in its expected argument order from
the HasProperty runtime function. Like all other related spec
primitives (e.g.: GetProperty, SetProperty, DeleteProperty), it should
take {object} as the first argument and {key} as the second.
This CL changes the builtin and all related spots to use the correct
order.
There was also a tricky bug in interpreter intrinsic rewriting, which
assumes (but does not verify) that the argument order between runtime
function and builtin is identical. Besides cctests, HasProperty
intrinsic rewriting seems to be dead code.
Bug: v8:8036
Change-Id: Ia669fd6f5c73a30df4e4607064603be759ced392
Reviewed-on: https://chromium-review.googlesource.com/1167297
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55022}
When the memory pressure level is critical and there are managed objects
that call AdjustAmountOfExternalMemory in their finalizer, we trigger
GC for each dying managed object. See the test for an example.
This fixes the bug by clearing the memory pressure level before GC.
Bug: v8:8014
Change-Id: Id5144430a52fb8545aa23f33229a11b1714cbf10
Reviewed-on: https://chromium-review.googlesource.com/1169011
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55021}
This CL introduces a set of configuration options implemented as
a struct of booleans that together comprise the set of enabled
or detected features. The configuration options replace command-line
flags that were checked deep in the implementation. As such, it is
necessary to plumb them through multiple levels of abstraction.
R=ahaas@chromium.orgCC=mstarzinger@chromium.org
BUG=chromium:868844
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1b82f5826e4fd263f68e8cafcd923bac5818a637
Reviewed-on: https://chromium-review.googlesource.com/1163670
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55018}
This is a reland of 690bda84eb
Original change's description:
> [Interpreter] Do not use IC slots for property load/stores in an IIFE and top-level code
>
> An IIFE or top-level code is executed only once hence, there is no need to collect
> type feedback. We can save some memory by not using IC slots for property Loads/Stores
> within a IIFE/top-level code. This CL emits Runtime Get/Set property calls instead of LdaNamedProperty
> /StaNamedProperty for the property loads within a IIFE and top-level code.
>
> Change-Id: I3e0ce26d05d82bb3648cb9262c4e112a2c4556c9
> Reviewed-on: https://chromium-review.googlesource.com/1146579
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Chandan Reddy <chandanreddy@google.com>
> Cr-Commit-Position: refs/heads/master@{#54949}
Change-Id: I7b07ce86f7236d82191caaceafd31b86e5863ff5
Reviewed-on: https://chromium-review.googlesource.com/1167802
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#55017}
Currently it was only used for modules, so repurposed it to be a weak pointer to
JSModuleNamespace.
BUG=v8:7308
Change-Id: I4ef522fafebd37624c309081d7432501c2c69b7a
Reviewed-on: https://chromium-review.googlesource.com/1163704
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55013}
With the callback we can check if the origin trial is turned on for a
given context.
I will not land the other CL which added a flag to the isolate. The
information if the origin trial is on is context-specific and not
isolate-specific, and it's hard on the embedder side to track all
creations of a context.
With the API proposed in this CL we will ask the embedder every time we
start compilation whether the origin trial is on or off.
R=yangguo@chromium.org
Bug:868844
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I8822f40ab12582a5b0bd6640790a269107fc085a
Reviewed-on: https://chromium-review.googlesource.com/1163621
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55011}
Also make printing of an incomplete AST more robust.
Change-Id: I56636890deb6e38882a3f8206aff7cde3e4bab60
Reviewed-on: https://chromium-review.googlesource.com/1168498
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55009}
This allows to have only one version of {AreAliased} which has a
clean implementation.
R=mstarzinger@chromium.org
Bug: v8:8015
Change-Id: I25c64a8c2077383129548773319799fac768521e
Reviewed-on: https://chromium-review.googlesource.com/1167290
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55007}
The HeapController is now refactored in a way that new controllers only
need to specify the constants that define how a space grows and shrinks.
Bug: chromium:845409
Change-Id: I804eed440a791d6fbd232b7540a1cbe66b16a5f1
Reviewed-on: https://chromium-review.googlesource.com/1165347
Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55006}
This CL adds a SetProperty method to the KeyedStoreGenericGenerator
that mirrors what "KeyedStoreGeneric" does (used for
KeyedStoreIC_MegaMorphic). This new SetProperty method is then used
in the SetProperty stub.
Change-Id: I72a684238ef6c3b8c4db8ba957d5b79238f7e495
Reviewed-on: https://chromium-review.googlesource.com/1164945
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55005}
Elements is already set by CSA::AllocateJSArray.
Bug: v8:7871
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I89b87f9f33eca4a92216f248606fb746f0de5412
Reviewed-on: https://chromium-review.googlesource.com/1168487
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55004}
This CL changes the sorting algorithm used in Array.p.sort from
QuickSort to TimSort (implemented in Torque).
Detailed performance results can be found here: https://goo.gl/4E733J
To save on code space, fast-paths are implemented as sets of
function pointers instead of specializing generics.
R=cbruni@chromium.org, jgruber@chromium.org
Bug: v8:7382, v8:7624
Change-Id: I7cd4287e4562d84ab7c79c58ae30780630f976de
Reviewed-on: https://chromium-review.googlesource.com/1151199
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55003}