This reverts commit ac0661b358.
Reason for revert: Clusterfuzz unhappy: chromium:783019 chromium:783035
Original change's description:
> Reland^5 "[turbofan] eagerly prune None types and deadness from the graph"
>
> This gives up on earlier attempts to interpret DeadValue as a signal of
> unreachable code. This does not work because free-floating dead value
> nodes, and even pure branch nodes that use them, can get scheduled so
> early that they get reachable. Instead, we now eagerly remove branches
> that use DeadValue in DeadCodeElimination and replace DeadValue inputs
> to value phi nodes with dummy values.
>
> Reland of https://chromium-review.googlesource.com/715716
>
> Bug: chromium:741225 chromium:776256
> Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
> Reviewed-on: https://chromium-review.googlesource.com/727893
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49188}
TBR=jarin@chromium.org,tebbi@chromium.org
Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
Change-Id: I6a8fa3a08ce2824a858ae01817688e63ed1f442e
Reviewed-on: https://chromium-review.googlesource.com/758770
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49262}
This is a reland of 0db90bc527
Original change's description:
> [regexp] Include unicode/uvernum.h in parser
>
> This patch explicitly includes unicode/uvernum.h in the regular
> expression parser.
>
> It should be removed once we no longer need to check
> `U_ICU_VERSION_MAJOR_NUM` during preprocessing, i.e. once Node.js
> updates their ICU. This is an ongoing effort:
> https://github.com/nodejs/node/pull/16876
>
> BUG=v8:4743
>
> Change-Id: I3cd9447b481249a9035d9fb00745057da8809c58
> Reviewed-on: https://chromium-review.googlesource.com/758407
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49253}
Bug: v8:4743
Change-Id: Id3f375f27fb5eaa4129884f99095d16763bd6e86
Reviewed-on: https://chromium-review.googlesource.com/758861
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49260}
assembler-arm64.h and assembler-arm64-inl.h have a B() function
which conflicts with the B macro in bytecode-utils.h.
Headers that leak macros can be annoying to deal with, in this case
we can't simply undef B at the end of source files that include
bytecode-utils.h because the second source file that includes
bytecode-utils.h won't see the B macro. Let's just move this macro
into the two unittest files that include this header.
Bug: chromium:746958
Change-Id: I588b73fe81615f882a0e010c92ba187d3bc2bf25
Reviewed-on: https://chromium-review.googlesource.com/758779
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49258}
This turns the deoptimization entries from free-floating memory chunks
that were not considered part of the heap into true {Code} objects. By
marking them as immovable we get the same guarantees without the need
for side-stepping heap API methods.
R=jarin@chromium.org
BUG=v8:6792
Change-Id: I88e1795e52fb586f7ca960d08cd6d9d082f4df9b
Reviewed-on: https://chromium-review.googlesource.com/756851
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49257}
This reverts commit 0db90bc527.
Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/17335
You need to also check whether i18n is on, e.g. #ifdef V8_INTL_SUPPORT.
Original change's description:
> [regexp] Include unicode/uvernum.h in parser
>
> This patch explicitly includes unicode/uvernum.h in the regular
> expression parser.
>
> It should be removed once we no longer need to check
> `U_ICU_VERSION_MAJOR_NUM` during preprocessing, i.e. once Node.js
> updates their ICU. This is an ongoing effort:
> https://github.com/nodejs/node/pull/16876
>
> BUG=v8:4743
>
> Change-Id: I3cd9447b481249a9035d9fb00745057da8809c58
> Reviewed-on: https://chromium-review.googlesource.com/758407
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49253}
TBR=yangguo@chromium.org,jshin@chromium.org,jgruber@chromium.org,mathias@chromium.org
Change-Id: I58d6b7a49b707c97153b8b0aec141248f5c669e1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:4743
Reviewed-on: https://chromium-review.googlesource.com/759777
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49255}
This was originally introduced to reuse large handlers, but now only
LdaContextSlot and LdaCurrentContextSlot remain (both roughly 2-300
bytes in size).
Since handler reuse complicates lazy (de)serialization and currently
doesn't seem to give us significant advantages, let's remove this.
Bug: v8:6624
Change-Id: I6f19952632e10bd67677a825bbcb46d580a9d5c8
Reviewed-on: https://chromium-review.googlesource.com/758642
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49254}
This patch explicitly includes unicode/uvernum.h in the regular
expression parser.
It should be removed once we no longer need to check
`U_ICU_VERSION_MAJOR_NUM` during preprocessing, i.e. once Node.js
updates their ICU. This is an ongoing effort:
https://github.com/nodejs/node/pull/16876
BUG=v8:4743
Change-Id: I3cd9447b481249a9035d9fb00745057da8809c58
Reviewed-on: https://chromium-review.googlesource.com/758407
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49253}
R=yangguo@chromium.org
This is a reland of
for the no-i18n configuration.
https: //chromium-review.googlesource.com/c/v8/v8/+/571746 with a fix
Bug:
Change-Id: I3e654791267b20fb3703ad4220404d8078f43440
Reviewed-on: https://chromium-review.googlesource.com/758999
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Corry <erikcorry@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49251}
This patch adds support for Regional_Indicator within Unicode property
escapes in regular expressions.
The Regional_Indicator binary property was added in Unicode v10 and is
supported in ICU 60.1.
An `#if` directive is used to prevent breaking Node.js until they
update their ICU.
BUG=v8:4743
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I7acec13c8ae7552558a0f852937984bba828e738
Reviewed-on: https://chromium-review.googlesource.com/758273
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49250}
This reverts commit 7e78506fc2.
Reason for revert: Breaks roll:
https://build.chromium.org/p/tryserver.chromium.android/builders/android_arm64_dbg_recipe/builds/381619
Original change's description:
> [Memory] Use OS::Allocate for all OS memory allocations.
>
> - Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
> - Changes OS::Allocate to take alignment parameter, reorders parameters
> to match page_allocator.
> - Since the size of memory allocation can be deduced, don't return the
> amount of memory allocated.
> - Changes reservation of aligned address space. Before we would reserve
> (size + alignment) rounded up to page size. This is too much, because
> maximum misalignment is (alignment - page_size).
> - On Windows and Cygwin, we release an oversize allocation and
> immediately retry at the aligned address in the allocation. If we
> lose the address due to a race, we just retry.
> - Clean up all the calls to OS::Allocate in codegen and tests by adding
> helper AllocateSystemPage function (allocation.h) and
> AllocateAssemblerBuffer (cctest.h).
> - Changes 'assm' to 'masm' in some targets for consistency when using
> a macro-assembler.
>
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
> Reviewed-on: https://chromium-review.googlesource.com/749848
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49235}
TBR=bbudge@chromium.org,hpayer@chromium.org,mlippautz@chromium.org
Change-Id: If538a174d048e0416b4374426df721d4ea84cd4c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/758860
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49249}
The runtime_call_stats_ can be NULL on a worker thread when RCS
are enabled dynamically.
BUG=v8:7043
Change-Id: I1d26ae76c46955e017c82037b4a015ad86ba2f77
Reviewed-on: https://chromium-review.googlesource.com/755419
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49245}
Like CSP flag 'unsafe-eval', which communicates if both JS source
files and WASM binary files may be compiled, this CL adds a similar
flag for the compilation of WASM binary files.
That is, a WASM binary file will be compiled only if the new flag is
defined, or the flag for 'unsafe-eval' allows it. These flags are
implemented as callback functions on the isolate. The callbacks get a
(CSP) context, and a string, and returns the corresponding value of
the flag.
Both callbacks are initialized with the nullptr, and is used to
communicate that no CSP policy is defined. This allows this concept to
work, independent of it running in Chrome.
It also does a small clean up in api.cc to use macro CALLER_SETTERS,
instead of explicit code when appropriate.
Bug: v8:7041
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Idb3356574ae2a298057e6b7bccbd3492831952ae
Reviewed-on: https://chromium-review.googlesource.com/759162
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49243}
This reverts commit 7e78506fc2.
Reason for revert: Broke Android build on Arm64.
Original change's description:
> [Memory] Use OS::Allocate for all OS memory allocations.
>
> - Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
> - Changes OS::Allocate to take alignment parameter, reorders parameters
> to match page_allocator.
> - Since the size of memory allocation can be deduced, don't return the
> amount of memory allocated.
> - Changes reservation of aligned address space. Before we would reserve
> (size + alignment) rounded up to page size. This is too much, because
> maximum misalignment is (alignment - page_size).
> - On Windows and Cygwin, we release an oversize allocation and
> immediately retry at the aligned address in the allocation. If we
> lose the address due to a race, we just retry.
> - Clean up all the calls to OS::Allocate in codegen and tests by adding
> helper AllocateSystemPage function (allocation.h) and
> AllocateAssemblerBuffer (cctest.h).
> - Changes 'assm' to 'masm' in some targets for consistency when using
> a macro-assembler.
>
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
> Reviewed-on: https://chromium-review.googlesource.com/749848
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49235}
TBR=bbudge@chromium.org,hpayer@chromium.org,mlippautz@chromium.org
Change-Id: Ic09de4d63c19746a62e804b1f889817ffaebc330
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/758625
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49242}
The Wasm AST-based fuzzer is supposed to create valid modules by
construction. This change adds a CHECK to enforce this property.
Additionally, this change exposed several cases where we were not generating
valid modules before:
* Block types did not match up correctly
* Memory operations could have invalid alignments
* Storing an i64 could generate an i32 argument incorrectly.
This CL includes fixes for these issues as well.
Bug:
Change-Id: I1aef5532bc880367ec46dc6e79b2d4dbacf2f84b
Reviewed-on: https://chromium-review.googlesource.com/757129
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49241}
b % 32 could produce negative results. Therefore, the result
of the shift could be undefined values.
Bug:
Change-Id: I6c2f7201df424735695aa01891d46523e3c5bd12
Reviewed-on: https://chromium-review.googlesource.com/759079
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49240}
StoreDataPropertyInLiteral doesn't throw (because the previous uses of
this didn't throw), but class fields can throw on defining the
property which means we can't use this. Changing to CreateDataProperty
runtime call instead.
Bug: v8:5367
Change-Id: I1ab45413b121972dd18fe2b35a0cedd8efe0e0bf
Reviewed-on: https://chromium-review.googlesource.com/757824
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49239}
This was a regression from 317cf32131
which showed up, at least, on Kraken.
Bug: chromium:782150
Change-Id: Ifd69b86c566182f1a50761b67c911bdde2aed997
Reviewed-on: https://chromium-review.googlesource.com/759101
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49238}
We need to throw before rethrowing, otherwise the exception does
not trigger a debugger event and is not reported if uncaught.
R=gsathya@chromium.org, jgruber@chromium.org
Bug: v8:7047
Change-Id: I7ce0253883a21d6059e4e0ed0fc56dc55a0dcba6
Reviewed-on: https://chromium-review.googlesource.com/758372
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49237}
The method forces all running profilers attached to the provided isolate
to collect a sample with the current stack.
It is going to be used to synchronize trace events generated by embedder with the samples
collected by the profiler.
Also it will finally allow us to break dependency of isolate on CPU profiler.
BUG=chromium:721099
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I81a0f8a463f837b5201bc8edaf2eb4f3761e3ff8
Reviewed-on: https://chromium-review.googlesource.com/750264
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49236}
- Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
- Changes OS::Allocate to take alignment parameter, reorders parameters
to match page_allocator.
- Since the size of memory allocation can be deduced, don't return the
amount of memory allocated.
- Changes reservation of aligned address space. Before we would reserve
(size + alignment) rounded up to page size. This is too much, because
maximum misalignment is (alignment - page_size).
- On Windows and Cygwin, we release an oversize allocation and
immediately retry at the aligned address in the allocation. If we
lose the address due to a race, we just retry.
- Clean up all the calls to OS::Allocate in codegen and tests by adding
helper AllocateSystemPage function (allocation.h) and
AllocateAssemblerBuffer (cctest.h).
- Changes 'assm' to 'masm' in some targets for consistency when using
a macro-assembler.
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
Reviewed-on: https://chromium-review.googlesource.com/749848
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49235}
Now that ICU 60.1 was autorolled in, reenable
number-format/format-currency test the expected result of which was
adjusted to match the output from ICU 60.1/CLDR 32.
Bug: chromium:766816
Test: intl/number-format/format-currency
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If58d493821d505b86202e134b9e2061504dd5e6a
Reviewed-on: https://chromium-review.googlesource.com/758027
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49234}
Function prologues created slots for callee-saved registers twice on all platforms.
This didn't affect JS because it doesn't use callee-save, but would probably have
badly broken exceptions raised in Wasm code because Isolate::UnwindAndFindHandler
was restoring registers and SP incorrectly. It also broke the in-progress CL for
on-stack multiple returns.
No tests included with this fix, because currently it is almost impossible to test
directly (according to mstarzinger). But it will be tested indirectly via the upcoming
multi-return support.
Change-Id: If763cafc03de0a912eca48d5e25e8edfc4552b24
Reviewed-on: https://chromium-review.googlesource.com/758374
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49233}
For each single bug, the fuzzer might find many very similar inputs
which trigger this bug. All of them are reported as individual bugs
currently, which means lots of noise in bug reports and increased
workload for the clusterfuzz sheriffs.
After this change, all bugs of the same category ("compiles !=
validates", "interpreter != liftoff", ...) will be grouped together.
This requires us to fix them soon after reporting, as they will hide
all other bugs of the same category.
R=ahaas@chromium.orgCC=mmoroz@chromium.org
Change-Id: Ie203eed0c7681e3450df977b10c0d9dbbc402d34
Reviewed-on: https://chromium-review.googlesource.com/758438
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49231}
Instead of disabling the entire RegExp Unicode property escape test
suite, this patch explicitly lists the failing tests and only disables
them.
BUG=v8:4743
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If398eb4fcc8d9d96279dc5afb29489e699744d9f
Reviewed-on: https://chromium-review.googlesource.com/758757
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49230}
This patch adds support for Emoji_Component within Unicode property
escapes in regular expressions.
The Emoji_Component binary property was added in Emoji data v5
and is supported in ICU 60.1.
An `#if` directive is used to prevent breaking Node.js until they
update their ICU.
BUG=v8:4743
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If1b49a4c175e88f1840ca5ef8d57829d6d8c3291
Reviewed-on: https://chromium-review.googlesource.com/758261
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49229}
They have been meaning the same thing for a while now.
R=jarin@chromium.org
Bug:
Change-Id: Ie5988e6429b795babfa1e1f79841a9f03b8362dc
Reviewed-on: https://chromium-review.googlesource.com/758268
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49228}
Arm64 jumbo builds might otherwise select the CountTrailingZeros function
from utils-arm64.h as a closer match, and fail to build due to differences
in the function prototype.
Bug: chromium:782640
Change-Id: Ie26d71b34aaf0e3ae5020597fed506df83b7d0ea
Reviewed-on: https://chromium-review.googlesource.com/758271
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#49226}
This is a cleanup.
R=jarin@chromium.org
Bug:
Change-Id: I1621fde3f2a7da03ceca781b96d5ffec44eb8168
Reviewed-on: https://chromium-review.googlesource.com/758373
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49225}
There's three common situations in which we need to create JSFunction
objects. 1) from the compiler, 2) from tests, and 3) everything else
(mostly during bootstrapping).
This is an attempt to simplify case 3), which previously relied on
several Factory::NewFunction overloads where it was not clear how the
semantics of each overload differed.
This CL removes all but one overload, and packs arguments into a new
NewFunctionArgs helper class.
It also removes the hacks around
SFI::set_lazy_deserialization_builtin_id by explicitly passing
builtin_id into Factory::NewSharedFunctionInfo.
Drive-by-fix: Properly set is_constructor hint in
SimpleCreateSharedFunctionInfo.
Bug: v8:6624
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ica94d95e72e443055db5e7ff9e8cdf4115201ef1
Reviewed-on: https://chromium-review.googlesource.com/757094
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49224}
Flip this for a day or two to gather perf bot results & stability
issues. Results will be collected in https://crbug.com/782637.
TBR=hablich@chromium.org
Bug: v8:6624, chromium:782637
Change-Id: I70eb5d6287d4723f935715ef80d9ba129dc282f0
Reviewed-on: https://chromium-review.googlesource.com/758375
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49222}
The C_WASM_ENTRY only calls wasm code, so (outgoing) parameters of this
code are always untagged.
R=ahaas@chromium.org
Bug: v8:7049
Change-Id: I989908eea668bd56aa88f3f1744105d218584ef1
Reviewed-on: https://chromium-review.googlesource.com/758245
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49221}
Add support for interpreter bytecode handlers that are deserialized
lazily immediately before they are first used.
Design doc: http://goo.gl/QxZBL2
Bug: v8:6624
Change-Id: Id68844ed14e76ca781b0bfe42c25a94b4fed1ae5
Reviewed-on: https://chromium-review.googlesource.com/750982
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49220}
We explicitly serialize the backing store when we see the TypedArray.
We then put the reference in the external_pointer. To recalculate the
backing_store pointer during deserialization, we have to keep track of
each TypedArray and then fix up the pointer by adding the offset again.
Bug: v8:6966
Change-Id: I105d44413cffe5766c23c2a3d32ca2b78b5f22e8
Reviewed-on: https://chromium-review.googlesource.com/751269
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49219}
We already have a helper method for generating a sequence of values.
Reuse this instead of reimplementing the same thing two more times.
R=ahaas@chromium.orgCC=eholk@chromium.org
Change-Id: Ifbbe1324173951156c1ec9bba84fd1aa4bcb2adb
Reviewed-on: https://chromium-review.googlesource.com/758365
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49216}
The FixedArray holding the export wrappers is never being used before
creating the WasmCompiledModule, so there is no need to store it in a
field on the WasmCompilationJob. Just create it when creating the
WasmCompiledModule.
R=ahaas@chromium.org
CC=mtrofin@chromium.org
Change-Id: Ibdca3d5c58faf4b52df10560bdf2734fdd7a4656
Reviewed-on: https://chromium-review.googlesource.com/758242
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49214}
The regexp fast path in MaybeCallFunctionAtSymbol had an issue in which
we'd call ToString after checking that the given {object} was a fast
regexp and deciding to take the fast path. This is invalid since
ToString() can call into user-controlled JS and may mutate {object}.
There's no way to place the ToString call correctly in this instance:
1 before BranchIfFastRegExp, it's a spec violation if we end up on the
slow regexp path;
2 the problem with the current location is already described above;
3 and we can't place it into the fast-path regexp builtin (e.g.
RegExpReplace) either due to the same reasons as 1.
The solution in this CL is to restrict the fast path to string
arguments only, i.e. cases where ToString would be a nop and can safely
be skipped.
Bug: chromium:782145
Change-Id: Ifd35b3a9a6cf2e77c96cb860a8ec98eaec35aa85
Reviewed-on: https://chromium-review.googlesource.com/758257
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49213}