When doing VS 2017 official builds of some targets, including
mksnapshot.exe, a warning about a buffer overrun is shown. After
analysis and discussion with Microsoft it was decided that this warning
is spurious. The warning is:
warning C4789: buffer 'key' of size 16 bytes will be overrun; 4
bytes will be written starting at offset 16
Despite the certain language "4 bytes *will* be written..." it is in
fact a heuristic based warning. Suppressing it at this point in the
inlining stack appears to avoid the issues.
R=hablich@chromium.org
BUG=v8:6068
Review-Url: https://codereview.chromium.org/2804033005
Cr-Commit-Position: refs/heads/master@{#44625}
The arm64 MacroAssembler expects buffer_size to be an unsigned, not a
size_t.
BUG=chromium:710913
Review-Url: https://codereview.chromium.org/2818513002
Cr-Commit-Position: refs/heads/master@{#44623}
Optimizations are supposed to be disabled in our stack-trace code when
building with VC++. However the check used #if defined(COMPILER_MSVC)
when that is never defined in v8. The correct define in v8 is
V8_CC_MSVC.
R=hablich@chromium.org
Review-Url: https://codereview.chromium.org/2800043003
Cr-Commit-Position: refs/heads/master@{#44621}
gdb_index is not in declare_args() and has no effect.
NOTRY=true
Change-Id: I88a9558937aa8fea30ab246899bea4a123947f82
Reviewed-on: https://chromium-review.googlesource.com/475772
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44620}
The BytecodePipeline is no longer used by any optimizers, so remove it and
connect the BytecodeArrayBuilder directly to the BytecodeWriter.
Also remove some functions from BytecodeNode which are no longer used.
BUG=v8:6194
Change-Id: Id2ec94ff1d4db41b108a778100459283fbb2256c
Reviewed-on: https://chromium-review.googlesource.com/471528
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44619}
This relands commit a79f903155.
Original change's description:
> [Interpreter] Unify approach to building interpreter handler and Turbofan stubs.
>
> Moves interpreter-generator.cc to a similar model of building handlers as
> Turbofan stubs elsewhere, to simplify moving code between stubs / builtins and
> bytecode handlers. This removes the "__" hack from the Interpreter generator
> code.
>
> Also make SetBytecodeOffset private to InterpreterAssembler and make
> LdaImmutable[Current]ContextSlot and Lda[Current]ContextSlot share
> handlers since they are identical.
>
> Change-Id: I9e91e7d37c2ea75513e4dcc3b95b4bb6517f83da
> Reviewed-on: https://chromium-review.googlesource.com/471987
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44534}
>
TBR=rmcilroy@chromium.org,jkummerow@chromium.org,machenbach@chromium.org,cbruni@chromium.org,leszeks@chromium.org,v8-reviews@googlegroups.com,ishell@chromium.org
Change-Id: I282fe5582f681ccb0642537a70f89185558ee195
Reviewed-on: https://chromium-review.googlesource.com/474755
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44617}
Unfortunately, this test cannot test that a function was really skipped (i.e.,
not parsed).
BUG=v8:5516
Change-Id: I8db5027d2216a95cc012ceae8e17554095cc1d4f
Reviewed-on: https://chromium-review.googlesource.com/457037
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44615}
Reason for revert:
Roll blocker: https://bugs.chromium.org/p/chromium/issues/detail?id=710824
Original issue's description:
> [wasm] instantiate expressed in terms of compile
>
> Today, the semantics of:
>
> WebAssembly.instantiate
>
> and
>
> WebAssembly.compile().then(new WebAssemblyInstance)
>
> are subtly different, to the point where attempting the proposed
> change uncovered bugs.
>
> In the future, it's possible that .instantiate actually have different
> semantics - if we pre-specialized to the provided ffi, for example.
> Right now that's not the case.
>
> This CL:
> - gets our implementation closer to what developers may write using
> the compile -> new Instance alternative, in particular wrt promise
> creation. By reusing code paths, we uncover more bugs, and keep
> maintenance cost lower.
>
> - it gives us the response-based WebAssembly.instantiate implicitly.
> Otherwise, we'd need that same implementation on the blink side. The
> negative is maintenance: imagine if the bugs I mentioned could only be
> found when running in Blink.
>
> BUG=chromium:697028
>
> Review-Url: https://codereview.chromium.org/2806073002
> Cr-Commit-Position: refs/heads/master@{#44592}
> Committed: 7829af3275TBR=bradnelson@chromium.org,ahaas@chromium.org,adamk@chromium.org,mtrofin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:697028
Review-Url: https://codereview.chromium.org/2810203002
Cr-Commit-Position: refs/heads/master@{#44614}
The biggest problem is isolate.h (this CL doesn't solve that yet).
BUG=v8:5294
Change-Id: I56b32109f501c48facd99cd12ca6c8f427e188a9
Reviewed-on: https://chromium-review.googlesource.com/471487
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44613}
BUG=v8:4742
R=machenbach@chromium.org,jkummerow@chromium.org
Change-Id: I03e87db1536f33a67593437f8c72c33486ecdbd1
Reviewed-on: https://chromium-review.googlesource.com/474787
Commit-Queue: Loo Rong Jie <loorongjie@gmail.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44610}
This adds a fast path to skip runtime calls to GetSubstitution when
the replacer string does not contain a '$' char.
Extended background:
String.prototype.replace is (roughly) structured as follows:
* Check if {searchValue} has a @@replace Symbol, and delegate to that if
so. We currently implement efficient fast paths when {searchValue} is
a String or a fast RegExp.
* A specialized fast path for single-char {searchValue}, "long" subject
string, and String {replaceValue} that do not contain '$' chars (yes,
this fast path is very specialized).
* Check for the location of the first match using StringIndexOf, and
exit early if no match is found.
* Finally build the return value, which is 'prefix + replacement +
suffix', where replacement is either the result of calling {replaceValue}
(if it is callable), or GetSubstitution(ToString({replaceValue}))
otherwise.
There's several spots that could be improved.
StringIndexOf currently calls into C++ runtime for all but the simple
1-byte, 1-char {searchValue} case. We need to finally add support for
remaining cases.
The runtime call to GetSubstitution can be skipped if the replacer
string does not contain any '$' syntax. This CL handles that case.
BUG=
Review-Url: https://codereview.chromium.org/2813843002
Cr-Commit-Position: refs/heads/master@{#44606}
This is necessary to appease "gn check" if gtest_prod.h becomes a part
of the Chromium checkout, instead of a third-party repository brought
over by Chromium's DEPS. The file is already listed in v8's DEPS, but gn
does not use DEPS as an input.
BUG=chromium:630705
Review-Url: https://codereview.chromium.org/2807353002
Cr-Commit-Position: refs/heads/master@{#44604}
The hole NaN should also have proper Type::Hole, and not silently hide
in the Type::Number. This way we can remove all the special casing for
the hole NaN, and we also finally get the CheckNumber right.
This also allows us to remove some ducktape from the Deoptimizer, as for
escape analyzed FixedDoubleArrays we always pass the hole value now to
represent the actual holes.
Also-By: jarin@chromium.org
BUG=chromium:684208,chromium:709753,v8:5267
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2814013003
Cr-Commit-Position: refs/heads/master@{#44603}
The local variables were parsed two times, which in fact doubled the
amount of local variables allocated for each called function.
This was costing memory and performance. As the additional local
variables were never used, we did not recognize this before.
Add a test case for locals and stack values of interpreted frames.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: Ie5cb8d8f5441edee6abb46aa6bebef4a033d582b
Reviewed-on: https://chromium-review.googlesource.com/474749
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44602}
Similar to WasmInterpreter::Thread, we now also use the pimpl idiom for
InterpretedFrame, hiding the implementation completely in the .cc file.
This allows us to store just two things per InterpretedFrameImpl: The
corresponding thread, and the frame index.
The external interface changes to always return a std::unique_ptr,
because the object layout is not known via the public interface, hence
objects cannot be stack allocated. They also cannot be copied or passed
by value.
The frame inspection interface will be tested after another fix in
https://chromium-review.googlesource.com/474749.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: I7b109da73df745fac97ec72cb0cf4f0ad71e5da9
Reviewed-on: https://chromium-review.googlesource.com/472887
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44600}
RationalizeConsecutiveAtoms optimizes ab|ac|az to a(?:b|c|d).
Ensure that this optimization does not split surrogate pairs in unicode
mode.
BUG=chromium:641091
Review-Url: https://codereview.chromium.org/2813893002
Cr-Commit-Position: refs/heads/master@{#44599}
As of crrev.com/2760213003, the CheckBounds operator passes a truncation
that identfies zero and minus zero. However that was not reflected in
the typing rule, and as such the type of CheckBounds(-0,length) was
always Type::None. That confused the typed alias analysis in the
LoadElimination and led to ignoring StoreElement nodes.
BUG=chromium:708050
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2812013006
Cr-Commit-Position: refs/heads/master@{#44598}
Add the notion of reliable vs. unreliable receiver map information to
the NodeProperties::InferReceiverMaps machinery. The information is
considered reliable here if the maps are known to be valid based on the
effect chain, and unreliable if there was a side-effect in between that
might have changed the receiver map.
Use this unreliable information for Array.prototype.push, guarded by
either stability dependencies or map checks, which might present a
potential deoptimization loop, which is very unlikely, but still needs
fixing in the future. This is important to optimize calls to push even
in cases like this
array.push(something.func());
where we have a side-effect (the call to something.func) between the
load of array.push and the actual call.
R=jarin@chromium.org
BUG=v8:5267,v8:6241
Review-Url: https://codereview.chromium.org/2812233002
Cr-Commit-Position: refs/heads/master@{#44595}
This change mirrors the semantics for derived class constructors. This
change doesn't affect non class constructors.
This change could potentially break web compat. More details:
https://github.com/tc39/ecma262/pull/469
Bug=v8:5536
Change-Id: I519599949523733332d0b35e4f8d9ecb01cac495
Reviewed-on: https://chromium-review.googlesource.com/461225
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44594}
This reverts commit 9df5674bd5 because it
is not compatible with the way that Array.prototype.reduceRight and
Array.prototype.reduce deal with optional parameters at this point (i.e.
parameters where the behavior is different depending on whether the
parameter was skipped or undefined was passed).
In general, it might be better to not adapt arguments for builtins with
optional paramters, that are likely skipped, for example as in
Object.create or Array.prototype.reduce. Since that will require
arguments adaptor frames for normal calls, especially from baseline
code. Instead it might make sense to use the variadic arguments support
in the CodeStubAssembler instead to avoid the arguments adaptor in all
cases (not only when called from TurboFan optimized code).
BUG=v8:5267,chromium:709782,chromium:707992,chromium:708282,chromium:708599,chromium:709173,chromium:709747,chromium:707065,chromium:710417
TBR=danno@chromium.org
Review-Url: https://codereview.chromium.org/2817653002
Cr-Commit-Position: refs/heads/master@{#44593}
Today, the semantics of:
WebAssembly.instantiate
and
WebAssembly.compile().then(new WebAssemblyInstance)
are subtly different, to the point where attempting the proposed
change uncovered bugs.
In the future, it's possible that .instantiate actually have different
semantics - if we pre-specialized to the provided ffi, for example.
Right now that's not the case.
This CL:
- gets our implementation closer to what developers may write using
the compile -> new Instance alternative, in particular wrt promise
creation. By reusing code paths, we uncover more bugs, and keep
maintenance cost lower.
- it gives us the response-based WebAssembly.instantiate implicitly.
Otherwise, we'd need that same implementation on the blink side. The
negative is maintenance: imagine if the bugs I mentioned could only be
found when running in Blink.
BUG=chromium:697028
Review-Url: https://codereview.chromium.org/2806073002
Cr-Commit-Position: refs/heads/master@{#44592}
Port 57afd0bb07
Original Commit Message:
Adds a collection of call bytecodes which have an implicit undefined
receiver argument, for cases such as global calls where we know that the
receiver has to be undefined. This way we can skip an LdaUndefined,
decrease bytecode register pressure, and set a more accurate
ConvertReceiverMode on the interpreter and TurboFan call.
As a side effect, the "normal" Call bytecode now becomes a rare case
(only with calls and super property calls), so we get rid of its 0-2
argument special cases and modify CallProperty[N] to use the
NotNullOrUndefined ConvertReceiverMode.
Reland of https://chromium-review.googlesource.com/c/463287 after fixing
tests in https://codereview.chromium.org/2813873002.
R=leszeks@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2813563006
Cr-Commit-Position: refs/heads/master@{#44589}
One of our internal Chromecast builds was failing due to undefined
va_list in wasm-result.h. I also searched for other files where va_list
was used without including stdarg.h and added it as necessary (since
include-what-you-use is a thing).
BUG=chromium:706443
Review-Url: https://codereview.chromium.org/2780913002
Cr-Commit-Position: refs/heads/master@{#44588}
After r299061, MSan started complaining about uninitialized data in
fwrite.
BUG=chromium:710152
Review-Url: https://codereview.chromium.org/2808253002
Cr-Commit-Position: refs/heads/master@{#44587}
The test "assertThrows(builder.instantiate)" threw a TypeError before,
which made the test pass, but not because of the feature we wanted to
test.
This CL fixes the test to call builder.instantiate correctly, and also
tests for the correct error message.
Drive-by fix: Fix {expected} and {found} parameters in assertThrows.
R=ahaas@chromium.org
Change-Id: I11c0f63885cc14a36559e637aea60a9da6f1bb8f
Reviewed-on: https://chromium-review.googlesource.com/472886
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44584}
Since --trace-ignition now has to be enabled at snapshot-building time,
this patch adds it as a gn build option.
Change-Id: I5d55339a7be7eef4e1f9da46ec44fbfd431325b7
Reviewed-on: https://chromium-review.googlesource.com/474905
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44583}
Adds a collection of call bytecodes which have an implicit undefined
receiver argument, for cases such as global calls where we know that the
receiver has to be undefined. This way we can skip an LdaUndefined,
decrease bytecode register pressure, and set a more accurate
ConvertReceiverMode on the interpreter and TurboFan call.
As a side effect, the "normal" Call bytecode now becomes a rare case
(only with calls and super property calls), so we get rid of its 0-2
argument special cases and modify CallProperty[N] to use the
NotNullOrUndefined ConvertReceiverMode.
Reland of https://chromium-review.googlesource.com/c/463287 after fixing
tests in https://codereview.chromium.org/2813873002.
Change-Id: I314d69c7643ceec6a5750ffdab60dad38dad09e5
Reviewed-on: https://chromium-review.googlesource.com/474752
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44582}
- support new v8.log-based source
- fix function name resolution from v8.log
- simplify displaying and add direct links to source files
Change-Id: Ice1acdd9ebaefb27387fecc5446b973bf323dbcc
NOTRY=true
Change-Id: Ice1acdd9ebaefb27387fecc5446b973bf323dbcc
Reviewed-on: https://chromium-review.googlesource.com/474824
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44579}
Allowing a user handler for segv is default in GN, but not in GYP. We pass it now explicitly to make the last gyp bot temporarily happy.
TBR=vogelheim@chromium.org
Bug: chromium:710409
Change-Id: Ib997245f348481158bd8d64192ac653b60237452
Reviewed-on: https://chromium-review.googlesource.com/474147
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44578}
This constructs different typed arrays from different types of other
typed arrays, hopefully countering microbenchmarks which are able to
optimize for exactly one pair of types.
Bug: v8:5977
Change-Id: Ie3b07d6ecaaca6db0be410e902e437a2a643d71c
Reviewed-on: https://chromium-review.googlesource.com/474748
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44576}
