- Replaces calls to Allocator Reserve, Free, and SetPermissions
with equivalent page allocator calls (allocation.h).
- Un-implements these methods to catch usage, in preparation for
removing these.
Bug: chromium:799573
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id233b7a9cfc8e332c64e514f6359e8b670c2d75e
Reviewed-on: https://chromium-review.googlesource.com/911883
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51340}
Add TurboFan inlining support for the following V8 Extras:
- v8.createPromise
- v8.rejectPromise
- v8.resolvePromise
These are used by the streams implementation in Chrome currently, and
were previously not inlined into TurboFan, although TurboFan already
had all the necessary functionality (namely the JSCreatePromise,
JSRejectPromise and JSResolvePromise operators). We might eventually
want to use these functions in Node core as well (at least short-term
for Node 10), to replace the C++ internal API functions with the same
name that are currently being used by parts of Node core.
For this to work, the rejectPromise and resolvePromise builtins had
to be moved back to CSA, as for JavaScript builtins we still have the
policy that the optimizing compiler must not inline them. But that's
straight-forward since the CSA has all the necessary functionality
available anyways.
Bug: v8:7253
Change-Id: I39ab015c379956cd58ace866e17f8ec23b2257b2
Reviewed-on: https://chromium-review.googlesource.com/924146
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51332}
Tbr: jarin@chromium.org
Change-Id: I17477e2c82398b228a366a3d1fd8eb521dd51eae
Reviewed-on: https://chromium-review.googlesource.com/922270
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51317}
instance_class_name takes up space unnecessarily, and %_ClassOf and
class_name implement [[Class]] which isn't part of ES2015+ anymore.
Bug:
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I3a73f732ad83a616817fde9992f4e4d584638fa8
Reviewed-on: https://chromium-review.googlesource.com/776683
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51309}
The WasmModuleObjectBuilder was the first interface for streaming
compilation of WebAssembly. Over time we realized that the interface
is insufficient, and we introduced the WasmModuleObjectBuilderStreaming
class, which is used now for streaming compilation. Since the
WasmModuleObjectBuilder was never fully functional, I think it is okay
to remove it without a deprecation period.
R=clemensh@chromium.org, adamk@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia3ac5f150fdad7bc1ad04ba89aee53538d43ce01
Reviewed-on: https://chromium-review.googlesource.com/913614
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51305}
The description will be used to annotate roots in the heap snapshot.
Bug: chromium:811842
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ic5c9a89d1921cabddb06783f08ba63740e72820d
Reviewed-on: https://chromium-review.googlesource.com/916564
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51286}
This introduces masking of loads with speculation bit during code generation.
At the moment, this is done only for x64 optimized code, under the
--branch-load-poisoning flag.
Overview of changes:
- new register configuration configuration with one register reserved for
the speculation poison/mask (kSpeculationPoisonRegister).
- in codegen, we introduce an update to the poison register at the starts
of all successors of branches (and deopts) that are marked as safety
branches (deopts).
- in memory optimizer, we lower all field and element loads to PoisonedLoads.
- poisoned loads are then masked in codegen with the poison register.
* only integer loads are masked at the moment.
Bug: chromium:798964
Change-Id: Ie51fdbde578fc289dff029794f3cfe8eaf33e1ef
Reviewed-on: https://chromium-review.googlesource.com/901625
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51272}
Now that instruction cache flushing is process-wide and no longer bound
to a specific {Isolate}, we can also make setters on the {RelocInfo}
structure equally independent of the {Isolate} and remove the respective
parameter everywhere.
R=ahaas@chromium.org
Change-Id: I7b21f6f79d0d6cf73424019b9e808c3ec76de08e
Reviewed-on: https://chromium-review.googlesource.com/915922
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51269}
This is a reland of 6d5b54df82e27a82811a836dcdbbfe26829f0e6d
Original change's description:
> [cleanup] Harden the SubString CSA/Runtime implementations.
>
> Remove the self-healing for invalid parameters in the
> CodeStubAssembler::SubString helper and the %SubString runtime function,
> which is used as a fallback for the CodeStubAssembler implementation.
> All call sites must do appropriate parameter validation anyways now that
> the self-hosted JavaScript builtins using these helpers are gone, and we
> have proper contracts with the uses.
>
> Also remove the context parameter from the CodeStubAssembler::SubString
> method, which is unnecessary, since this can no longer throw an
> exception.
>
> Bug: v8:5269, v8:6936, v8:7109, v8:7137
> Change-Id: I19d93bad5f41faa0561c4561a48f78fcba99a549
> Reviewed-on: https://chromium-review.googlesource.com/795720
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49702}
Bug: v8:5269, v8:6936, v8:7109, v8:7137
Change-Id: I5e84998a2dd3990d7981505b401ffc770e0b7ac5
Reviewed-on: https://chromium-review.googlesource.com/913130
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51265}
The idea here is that in case the `thenable` is a JSPromise and `then`
is the initial `Promise.prototype.then` method, and the @@species lookup
chain is intact, we can skip creating the temporary promise and the
closures (with the shared context), and instead directly call into our
PerformPromiseThen. This is sound since - given above mentioned
conditions - our short-cut
PerformPromiseThen(thenable, undefined, undefined, promise_to_resolve)
is not observably different from the actual
resolve, reject = CreateResolvingFunctions(promise_to_resolve)
result_capability = NewPromiseCapability(%Promise%)
PerformPromiseThen(thenable, resolve, reject, result_capability)
except through PromiseHooks (and potentially via the async stack
traces). So we disable the fast-path if either promise hooks are enabled
or the debugger is active for now.
This improves the performance on the wikipedia benchmark by 20-25% and
the bluebird-doxbee benchmark by around 20%.
Bug: v8:7253
Change-Id: I23c92ad365c2b71d65057573f2d8febe2afe00b0
Reviewed-on: https://chromium-review.googlesource.com/911800
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51261}
This introduces dedicated builtins
- FulfillPromise,
- RejectPromise, and
- ResolvePromise,
which perform the corresponding operations from the language
specification, and removes the redundant entry points and the
excessive inlining of these operations into other builtins. We
also add the same logic on the C++ side, so that we don't need
to go into JavaScript land when resolving/rejecting from the
API.
The C++ side has a complete implementation, including full support
for the debugger and the current PromiseHook machinery. This is to
avoid constantly crossing the boundary for those cases, and to also
simplify the CSA side (and soon the TurboFan side), where we only
do the fast-path and bail out to the runtime for the general handling.
On top of this we introduce %_RejectPromise and %_ResolvePromise,
which are entry points used by the bytecode and parser desugarings
for async functions, and also used by the V8 Extras API. Thanks to
this we can uniformly optimize these in TurboFan, where we have
corresponding operators JSRejectPromise and JSResolvePromise, which
currently just call into the builtins, but middle-term can be further
optimized, i.e. to skip the "then" lookup for JSResolvePromise when
we know something about the resolution.
In TurboFan we can also already inline the default PromiseCapability
[[Reject]] and [[Resolve]] functions, although this is not as effective
as it can be right now, until we have inlining support for the Promise
constructor (being worked on by petermarshall@ right now) and/or SFI
based CALL_IC feedback.
Overall this change is meant as a refactoring without significant
performance impact anywhere; it seems to improve performance of
simple async functions a bit, but otherwise is neutral.
Bug: v8:7253
Change-Id: Id0b979f9b2843560e38cd8df4b02627dad4b6d8c
Reviewed-on: https://chromium-review.googlesource.com/911632
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51260}
Most of the users of these api methods manually ensure that the returned
values are Strings. With an additional flag we can easily ensure that already
in V8 and avoid needless api roundtrips.
Bug: v8:7358
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I62165d44084abc9f07f5bdaace5105847edca60a
Reviewed-on: https://chromium-review.googlesource.com/901248
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51250}
This fixes a bug which causes the call count to change when
changing the speculation mode.
Bug: v8:7127
Change-Id: Icb43bd9ac392a5be4df154cb1e5cd4365013efc4
Reviewed-on: https://chromium-review.googlesource.com/911575
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51227}
This is a purely cosmetic change. Rename all local variables and
parameters of type CallDescriptor* to "call_descriptor".
For locals that are now named "call_descriptor", use auto upon
initialization, following the Google style guide
(https://google.github.io/styleguide/cppguide.html#auto).
Note: fields in structs and classes were not renamed in this CL.
R=clemensh@chromium.org,mstarzinger@chromium.org,jarin@chromium.org
Change-Id: Ic6f7afdba12f7b97741b098a9d0e0f58c41c587e
Reviewed-on: https://chromium-review.googlesource.com/909866
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51223}
This refactors the instruction cache simulation to now be maintained
process-wide (as opposed to be per Isolate). It prepares for allowing
to share code between Isolates (e.g. WebAssembly or shared builtins)
while still allowing to simulate execution of such shared code.
R=clemensh@chromium.org
Change-Id: I5a6f083f4e32597565dc646f13b4445014c0daaa
Reviewed-on: https://chromium-review.googlesource.com/909130
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51219}
This avoids the ambiguous implicit conversion C++ compile
errors we had to fix with static_cast before.
Change-Id: I4247f617740f2b6d14d9588a902e0e25029a6726
Reviewed-on: https://chromium-review.googlesource.com/911629
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51217}
When streaming compilation for WebAssembly gets aborted, we reject the
promise associated with the compilation. However, in some circumstances,
e.g. when streaming comilation gets aborted because the browser tab gets
refreshed, then we want to omit rejecting the promise. In an older CL
(https://crrev.com/c/876103) we omit rejecting the promise when the
exception value is null. With this CL the exception value is a MaybeLocal
so that we document properly that the value can be null. In addition, I
added documentation to say that in that case we do not reject the promise.
R=adamk@chromium.org
Bug: chromium:803838
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6a093e61c8ec63f7ae385a7f77ae6178e7b34a06
Reviewed-on: https://chromium-review.googlesource.com/897647
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51211}
PromiseHooks can be called with a proxy which fails the cast and
crashes. This patch changes the runtime functions to
explicitly check for a JSPromise.
This has the side effect of removing the existing broken support for
catch prediction for non native promises.
Bug: v8:7398, v8:7190
Change-Id: I66dbe5f9935943a91afb7ee14919bd9248f9f7e4
Reviewed-on: https://chromium-review.googlesource.com/907677
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51182}
This reverts commit 14108f4c2e.
Reason for revert: Not the culprit for Canary microtask crashes
Original change's description:
> [builtins] Mega-revert to address the Dev blocker in crbug.com/808911.
>
> - Revert "[builtins] Save one word in contexts for Promise.all."
> This reverts commit 7632da067b.
> - Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
> This reverts commit d4f072ced3.
> - Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
> This reverts commit 6703dacdd6.
> - Revert "[debugger] Properly deal with settled promises in catch prediction."
> This reverts commit 40dd065823.
> - Revert "[builtins] Widen the fast-path for Promise builtins."
> This reverts commit db0556b7e8.
> - Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
> This reverts commit a582199c5e.
> - Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
> This reverts commit 6bf8885290.
> - Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
> This reverts commit 313b490ddd.
> - Revert "[builtins] Inline InternalPromiseThen into it's only caller"
> This reverts commit f7bd6a2fd6.
> - Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
> This reverts commit b23b098fa0.
> - Revert "[promise] Remove incorrect fast path"
> This reverts commit 0f6eafe855.
> - Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
> This reverts commit 8a677a2831.
> - Revert "[builtins] Refactor promises to reduce GC overhead."
> This reverts commit 8e7737cb58.
>
> Tbr: hpayer@chromium.org
> Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
> Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/906991
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51158}
Change-Id: I09d958cbebd635a325809072a290f2f53df8c5d4
Tbr: adamk@chromium.org,yangguo@chromium.org,bmeurer@chromium.org
Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/908988
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51181}
Currently the disassembler tests continue on unimplemented instructions, fix
to abort instead as most bugs in the disassemblers will appear as unimplemented
instructions.
- Localize testing disassembler method to abort on unimplemented
- Fix failing x64 disassembler tests
Change-Id: I703cca9709c528327ec381d05a78cf3314ea4fa9
Reviewed-on: https://chromium-review.googlesource.com/907489
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51162}
- Revert "[builtins] Save one word in contexts for Promise.all."
This reverts commit 7632da067b.
- Revert "[builtins] Also use the Promise#then protector for Promise#finally()."
This reverts commit d4f072ced3.
- Revert "[builtins] Don't mess with entered context for MicrotaskCallbacks."
This reverts commit 6703dacdd6.
- Revert "[debugger] Properly deal with settled promises in catch prediction."
This reverts commit 40dd065823.
- Revert "[builtins] Widen the fast-path for Promise builtins."
This reverts commit db0556b7e8.
- Revert "[builtins] Unify PerformPromiseThen and optimize it with TurboFan."
This reverts commit a582199c5e.
- Revert "[builtins] Remove obsolete PromiseBuiltinsAssembler::AppendPromiseCallback."
This reverts commit 6bf8885290.
- Revert "[builtins] Turn NewPromiseCapability into a proper builtin."
This reverts commit 313b490ddd.
- Revert "[builtins] Inline InternalPromiseThen into it's only caller"
This reverts commit f7bd6a2fd6.
- Revert "[builtins] Implement Promise#catch by really calling into Promise#then."
This reverts commit b23b098fa0.
- Revert "[promise] Remove incorrect fast path"
This reverts commit 0f6eafe855.
- Revert "[builtins] Squeeze JSPromise::result and JSPromise::reactions into a single field."
This reverts commit 8a677a2831.
- Revert "[builtins] Refactor promises to reduce GC overhead."
This reverts commit 8e7737cb58.
Tbr: hpayer@chromium.org
Bug: chromium:800651, chromium:808911, v8:5691, v8:7253
Change-Id: I8c8ea5ed32ed62f6cd8b0d027a3707ddd891e5f1
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/906991
Commit-Queue: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51158}
Adds the remaining saturating float to int conversion opcodes.
Bug: v8:7226
Change-Id: If84e564a7816eb4aedbc336f5c2e614da22bb10a
Reviewed-on: https://chromium-review.googlesource.com/905472
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51157}
Declare the private field variable in the preparser as well, to be
consistent with the parser.
Bug: v8:5386
Change-Id: I961ddf14e47b99701e2463cab0f4d4de140e1e3a
Reviewed-on: https://chromium-review.googlesource.com/905843
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51154}
We reuse most of the infrastructure to set break points, with minor
differences when we encounter functions where we can only break on entry:
- PrepareFunctionForBreakPoints simply deopts all functions.
- Break point objects have the canonical source position 0.
- Break point is set/checked/cleared via bit on the DebugInfo.
- Debug::Break do not continue stepping since stepping is implemented via
regular break points and therefore do not interfere with break on entry.
I promise to add more tests.
Bug: v8:178
Change-Id: Ifc8231995c771286db0b848b811e1c3ad3b12494
Reviewed-on: https://chromium-review.googlesource.com/906245
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51152}
Port 7c14a408f9
Original Commit Message:
It turns out that .incbin can be problematic for build systems, in
that the included binary file is not detected as a build-time
dependency.
The alternative is .byte inclusion, which we test here.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ie42da993ae61964eb3f02f328333ec140902d929
Reviewed-on: https://chromium-review.googlesource.com/906688
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51148}
The .byte directive will be used instead of .incbin since the latter
comes with complications involving build-time dependency detection.
Drive-by-edits: Move macro definitions closer to their use-sites.
TBR=rmcilroy@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_compile_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Bug: v8:6666
Change-Id: Ibda0b3577688248dbf627cb69965d28309193859
Reviewed-on: https://chromium-review.googlesource.com/906488
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51147}
Port 0761b55d21
Original Commit Message:
"Extend the code-generator tests to cover AssembleMove and AssembleSwap with
Simd128 registers and stack slots, for targets that support them.
For this to work however, we need support for passing Simd128 stack parameters
in TurboFan which this patch implements for Arm and x86. PPC and S390 both do
not support the Simd128 representation and it appears MIPS and MIPS64's
implementation of AssembleMove and AssembleSwap do not support it either.
As per the design of the tests, the set of values to perform moves on are
represented in a FixedArray of Smis (for kTagged) and HeapNumbers (for kFloat32
and kFloat64). They are converted to raw values for the moves to be performed
on, to be then converted back into a FixedArray. For the kSimd128
representation, we represent values as a FixedArray of 4 Smis, each representing
a lane. They are converted to a raw Simd128 vector using the `I32x4ReplaceLane`
and `I32x4ExtractLane` operations.
Finally, these tests need Simd128 variables mixed with the CodeStubAssembler
which is not a use-case officially supported. And as a result, the `RecordWrite`
stub does not guarantee to preserve Simd128 registers. To get around this, we
have to be careful to skip write barriers when dealing with Simd128 parameters
inside the "teardown" function, and we've had to move all allocations to the
"setup" function.
Thanks to this, we are able to catch bugs such as this one
https://bugs.chromium.org/p/v8/issues/detail?id=6843."
Change-Id: If867dedf4a2c72cb75c58effda93e3eec432fd67
Reviewed-on: https://chromium-review.googlesource.com/906469
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51142}
Port 47e272b206
Original Commit Message:
This is a reland of ef06feded6.
Original change's description:
> Reland "[builtins] Add .incbin cctest"
>
> This is a reland of b012816155.
>
> Original change's description:
> > [builtins] Add .incbin cctest
> >
> > Just to ensure this is portable across all platforms.
> >
> > Credits go to https://github.com/graphitemaster/incbin, bits of the
> > .incbin code were taken from there. Thanks!
> >
> > Reland of https://crrev.com/c/881181
> >
> > Bug: v8:6666
> > Change-Id: I5c0dbf56b1c987fd88607dca69b39d65b59cdefc
> > Reviewed-on: https://chromium-review.googlesource.com/895597
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#51042}
>
> Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_compile_rel
> Bug: v8:6666
> Change-Id: I8fc0963e28996a84ed56c2e740d895e26611abf0
> Reviewed-on: https://chromium-review.googlesource.com/897630
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51054}
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I863d01a4a7d91f9f2128e4598f417efe49c43e7b
Reviewed-on: https://chromium-review.googlesource.com/902431
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51124}
- Remove redundant instruction from I16x8Splat
- Force F32x4Splat to use movss, as using MacroAssembler can mix SSE/AVX
instructions
Bug: v8:6020
Change-Id: I781c22adecf892a79b6a38c3d83fc4022f9067de
Reviewed-on: https://chromium-review.googlesource.com/898429
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51123}
This is the last piece of the TypedArray constructors that was still
written in JS.
Bug: v8:7102
Change-Id: I7c4dc867b09408caa4eec2873ea7185b6c61a525
Reviewed-on: https://chromium-review.googlesource.com/888751
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51122}
It turns out that .incbin can be problematic for build systems, in
that the included binary file is not detected as a build-time
dependency.
The alternative is .byte inclusion, which we test here.
Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_compile_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Bug: v8:6666
Change-Id: Ie24f4191db17c920c617987d1bee730208776b91
Reviewed-on: https://chromium-review.googlesource.com/901352
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51109}
The `simpleBind` function exposed by V8 Extras was initially added to
work around the terrible performance of `Function.prototype.bind` at
the time. Nowadays `Function.prototype.bind` is significantly faster
and fully optimized by TurboFan, however, so there’s no need for the
`simpleBind` helper anymore.
Bug: chromium:807522
Change-Id: I1a0456e2aa34f92a3c9a0234a812b660f969d016
Reviewed-on: https://chromium-review.googlesource.com/903164
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51108}
Fixes float to I64 tests to not have duplicated tests.
Also changes the use of macro REQUIRE to only be needed when an opcode
(i.e. operation) is not supported on some architecture.
Bug: v8:7226
Change-Id: I6c18602bd836469077808c0b3c93732af7c8f0d8
Reviewed-on: https://chromium-review.googlesource.com/895408
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51097}
This adds a new isolate wide Promise#then protector, which guards the
"then" lookup for all JSPromise instances whose [[Prototype]] is the
initial %PromisePrototype%. Thus arbitrary mutations to the
Promise.prototype (i.e. monkey-patching other methods or installing
new functions) no longer sent you down the slow-path. Use this protector
in Promise.prototype.catch and in Promise.resolve.
Drive-by-fix: Restructure the resolve logic a bit and avoid the
expensive and large SameValue check, which can be turned into a simple
reference equal, as the promise in there is known to be a JSPromise
anyways.
Bug: v8:7253
Change-Id: If68b12c6bc6ca9c4d10552ae84854ebc3b5774f9
Reviewed-on: https://chromium-review.googlesource.com/899302
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51085}
Report an error during scope analysis if we're unable to find a
variable proxy for the given private field. This can happen if we try
to access a private field that was not defined or if we're outside
the class scope.
This doesn't correctly throw an early error when pre parsing a top
level function because we don't track it's variables.
Bug: v8:5368
Change-Id: I0a1193fe0ae213c0732fae5d435e150852a8d87d
Reviewed-on: https://chromium-review.googlesource.com/892093
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51082}
