The re-typer now only types a node if its inputs are all typed with the
exception of phi nodes. This works because all cycles in the graph have
to contain a phi node.
BUG=chromium:625558
Review-Url: https://codereview.chromium.org/2120243002
Cr-Commit-Position: refs/heads/master@{#37493}
port 5febc27b5d (r37416)
original commit message:
Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.
Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.
BUG=
Review-Url: https://codereview.chromium.org/2120873002
Cr-Commit-Position: refs/heads/master@{#37490}
Since python3 does not use the old print statement, it may not be able
to load gdb-v8-support.py script in gdb as below:
(gdb) source tools/gdb-v8-support.py
File "tools/gdb-v8-support.py", line 170
print result
^
SyntaxError: Missing parentheses in call to 'print'
This fixes print statement for both python2 and python3.
R=jochen@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2084163004
Cr-Commit-Position: refs/heads/master@{#37488}
Rolling v8/build to 76d9f8b4fcae07fb82f28295468cf92bade935bd
Rolling v8/buildtools to db6179b29f90d28026b0cb23ef71d56ec31b8bd6
Rolling v8/tools/clang to 775e2f874b9f53f0e82c4e7c61dc29f3cdcb3379
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2117993002
Cr-Commit-Position: refs/heads/master@{#37486}
This patch implements "immutable prototype exotic objects" from the ECMAScript
spec, which are objects whose __proto__ cannot be changed, but are not otherwise
frozen. They are introduced in order to prevent a Proxy from being introduced
to the prototype chain of the global object.
The API is extended by a SetImmutablePrototype() call in ObjectTemplate, which
can be used to vend new immutable prototype objects. Additionally, Object.prototype
is an immutable prototype object.
In the implementation, a new bit is added to Maps to say whether the prototype is
immutable, which is read by SetPrototype. Map transitions to the immutable prototype
state are not saved in the transition tree because the main use case is just for
the prototype chain of the global object, which there will be only one of per
Context, so no need to take up the extra word for a pointer in each full transition
tree.
BUG=v8:5149
Review-Url: https://codereview.chromium.org/2108203002
Cr-Commit-Position: refs/heads/master@{#37482}
Port b86ac0e05a
Original commit message:
Both of these were broken in different ways:
* On arm, the loop counter was passed as argc on the stack.
* On arm64, we passed argc + 1 instead of argc.
The result in both cases was an incorrect receiver for the builtin frame
when generating stack traces.
BUG=v8:4815
Review-Url: https://codereview.chromium.org/2120463002
Cr-Commit-Position: refs/heads/master@{#37481}
This makes the elimination of checkpoints flowing effect-wise into nodes
having the {Return} operator more permissive. We can cut out checkpoints
even when they are not wholly owned by the return. This also alleviates
a problem where TCO no longer applies.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-624747
BUG=chromium:624747
Review-Url: https://codereview.chromium.org/2118793002
Cr-Commit-Position: refs/heads/master@{#37480}
This optimizes the passing of stack parameters in function calls.
For some architectures (ia32/x64), using pushes when possible instead
of bumping the stack and then storing parameters generates much
smaller code, and in some cases is faster (e.g. when a push of a memory
location can implement a memory-to-memory copy and thus elide an
intermediate load. On others (e.g. ARM), the benefit is smaller, where
it's only possible to elide direct stack pointer adjustment in certain cases
or combine multiple register stores into a single instruction in other limited
situations. On yet other platforms (ARM64, MIPS), there are no push instructions,
and this optimization isn't used at all.
Ideally, this mechanism would be used for both tail calls and normal calls,
but "normal" calls are currently pretty efficient, and tail calls are very
inefficient, so this CL sets the bar low for building a new mechanism to
handle parameter pushing that only needs to raise the bar on tail calls for now.
The key aspect of this change is that adjustment to the stack pointer
for tail calls (and perhaps later real calls) is an explicit step separate from
instruction selection and gap resolution, but aware of both, making it possible
to safely recognize gap moves that are actually pushes.
Review-Url: https://codereview.chromium.org/2082263002
Cr-Commit-Position: refs/heads/master@{#37477}
Import fdlibm versions of acos, acosh, asin and asinh, which are more
precise and produce the same result across platforms (we were using
libm versions for asin and acos so far, where both speed and precision
depended on the operating system so far). Introduce appropriate TurboFan
operators for these functions and use them both for inlining and for the
generic builtin.
Also migrate the Math.imul and Math.fround builtins to TurboFan builtins
to ensure that their behavior is always exactly the same as the inlined
TurboFan version (i.e. C++ truncation semantics for double to float
don't necessarily meet the JavaScript semantics).
For completeness, also migrate Math.sign, which can even get some nice
love in TurboFan.
Drive-by-fix: Some alpha-sorting on the Math related functions, and
cleanup the list of Math intrinsics that we have to export via the
native context currently.
BUG=v8:3266,v8:3496,v8:3509,v8:3952,v8:5169,v8:5170,v8:5171,v8:5172
TBR=rossberg@chromium.orgR=franzih@chromium.org
Review-Url: https://codereview.chromium.org/2116753002
Cr-Commit-Position: refs/heads/master@{#37476}
This ensures no eager bailout point is emitted after a comma expression
in test context where the right-hand side omitted an eager bailout point
as well. This is to stay in sync with full-codegen.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-624919
BUG=chromium:624919
Review-Url: https://codereview.chromium.org/2113893004
Cr-Commit-Position: refs/heads/master@{#37475}
Migrate Math.hypot() from JS to C++ builtins. Use normalization and
Kahan summation to avoid overflow and rounding errors.
R=bmeurer@chromium.org
BUG=v8:5165, v8:5086
LOG=n
Review-Url: https://codereview.chromium.org/2102223005
Cr-Commit-Position: refs/heads/master@{#37473}
Both of these were broken in different ways:
* On arm, the loop counter was passed as argc on the stack.
* On arm64, we passed argc + 1 instead of argc.
The result in both cases was an incorrect receiver for the builtin frame
when generating stack traces.
BUG=v8:4815
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2112883002
Cr-Commit-Position: refs/heads/master@{#37471}
port 588e15c034 (r37345)
original commit message:
The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.
Adds a regression test.
BUG=
Review-Url: https://codereview.chromium.org/2119793002
Cr-Commit-Position: refs/heads/master@{#37469}
port e607e12ea0 (r37323)
original commit message:
Introduce a new machine operator Float64Pow that for now is backed by
the existing MathPowStub to start the unification of Math.pow, and at
the same time address the main performance issue that TurboFan still has
with the imaging-darkroom benchmark in Kraken.
Also migrate the Math.pow builtin itself to a TurboFan builtin and
remove a few hundred lines of hand-written platform code for special
handling of the fullcodegen Math.pow version.
BUG=
Review-Url: https://codereview.chromium.org/2119773003
Cr-Commit-Position: refs/heads/master@{#37468}
Rolling v8/build to c80c063b314ab9cc6c3c5955c7444c2fa514bcec
Rolling v8/buildtools to 454e53abae6e4d68ee992b0a93a4174b75519393
Rolling v8/tools/mb to ea4154b4daca60a5f5c04ef764b7eaf50362250c
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2113243002
Cr-Commit-Position: refs/heads/master@{#37467}
port 5e05854019 (r37325)
original commit message:
The reason for reverting is: This breaks gc-stress bot:
https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot
Abortion of compaction could cause duplicate entries in the typed-old-to-new remembered set. These duplicates could cause a DCHECK to trigger which checks that slots recorded in the remembered set neve
Original issue's description:
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.
This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js
BUG=
Review-Url: https://codereview.chromium.org/2112193002
Cr-Commit-Position: refs/heads/master@{#37466}
Reason for revert:
Fuzzer claims `try { \"\" ; } catch(x) { let x1 = [1,,], x = x; }` causes a crash.
Original issue's description:
> Add errors for declarations which conflict with catch parameters.
>
> Catch parameters are largely treated as lexical declarations in the
> block which contains their body for the purposes of early syntax errors,
> with some exceptions outlined in B.3.5. This patch introduces most of
> those errors, except those from `eval('for (var e of ...);')` inside of
> a catch with a simple parameter named 'e'.
>
> Note that annex B.3.5 allows var declarations to conflict with simple
> catch parameters, except when the variable declaration is the init of a
> for-of statement.
>
> BUG=v8:5112,v8:4231
>
> Committed: https://crrev.com/2907c726b2bb5cf20b2bec639ca9e6a521585406
> Cr-Commit-Position: refs/heads/master@{#37462}
TBR=littledan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5112,v8:4231
Review-Url: https://codereview.chromium.org/2112223002
Cr-Commit-Position: refs/heads/master@{#37464}
- Uses byte_width() to determine if spill ranges can be merged.
- Modifies InstructionOperand canonicalization to ignore representation for stack slots.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2074323002
Cr-Commit-Position: refs/heads/master@{#37463}
Catch parameters are largely treated as lexical declarations in the
block which contains their body for the purposes of early syntax errors,
with some exceptions outlined in B.3.5. This patch introduces most of
those errors, except those from `eval('for (var e of ...);')` inside of
a catch with a simple parameter named 'e'.
Note that annex B.3.5 allows var declarations to conflict with simple
catch parameters, except when the variable declaration is the init of a
for-of statement.
BUG=v8:5112,v8:4231
Review-Url: https://codereview.chromium.org/2109733003
Cr-Commit-Position: refs/heads/master@{#37462}
AddBoundMethod, in i18n.js, returns functions all of which share the
same backing SharedFunctionInfo, which means that its calls to
InstallGetter were causing all such functions to have a single name
(that of the last caller, "get breakType").
This patch skips calling InstallGetter and instead directly calls
%DefineGetterPropertyUnchecked, which itself sets the name property
on the JSFunction instance (it knows how to do this in order to handle
getters that have computed property names).
Also takes care of a TODO having to do with the inner boundMethod:
its name is now made empty, by using a new macro that gets around
ES2015's function name inference.
Finally, removes a redundant %FunctionRemovePrototype: arrow functions
have no prototypes to begin with.
R=littledan@chromium.org
BUG=v8:4778
Review-Url: https://codereview.chromium.org/2109223002
Cr-Commit-Position: refs/heads/master@{#37459}
Reason for revert:
By request from ishell, plan is to leave this in master for awhile longer
Original issue's description:
> Revert of Add crash instrumentation for crbug.com/621147 (patchset #5 id:80001 of https://codereview.chromium.org/2100313002/ )
>
> Reason for revert:
> Instrumentation not needed on master branch
>
> Original issue's description:
> > Add crash instrumentation for crbug.com/621147
> >
> > BUG=chromium:621147
> > LOG=N
> > R=ishell@chromium.org,cbruni@chromium.org
> >
> > Committed: https://crrev.com/5ff508a82299f20a0d9828cf73072a4f4772fab8
> > Cr-Commit-Position: refs/heads/master@{#37328}
>
> TBR=verwaest@chromium.org,cbruni@chromium.org,ishell@chromium.org,mlippautz@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=chromium:621147, chromium:624764
>
> Committed: https://crrev.com/b324850900e531ccee03f1712333f13dfcf15427
> Cr-Commit-Position: refs/heads/master@{#37456}
TBR=verwaest@chromium.org,cbruni@chromium.org,ishell@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:621147, chromium:624764
Review-Url: https://codereview.chromium.org/2114743002
Cr-Commit-Position: refs/heads/master@{#37458}
Added missing GetExtraICState() function for CompareICStub. Without it,
code->extra_ic_state() in IC::StateFromCode was returning zero, which was
causing some performance regressions, as the TypeFeedbackInfo was not updated
correctly, resulting in the runtime profiler choosing not to optimise some
functions that we previously would.
BUG=
Review-Url: https://codereview.chromium.org/2116523002
Cr-Commit-Position: refs/heads/master@{#37457}
Reason for revert:
Instrumentation not needed on master branch
Original issue's description:
> Add crash instrumentation for crbug.com/621147
>
> BUG=chromium:621147
> LOG=N
> R=ishell@chromium.org,cbruni@chromium.org
>
> Committed: https://crrev.com/5ff508a82299f20a0d9828cf73072a4f4772fab8
> Cr-Commit-Position: refs/heads/master@{#37328}
TBR=verwaest@chromium.org,cbruni@chromium.org,ishell@chromium.org,mlippautz@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:621147, chromium:624764
Review-Url: https://codereview.chromium.org/2118493002
Cr-Commit-Position: refs/heads/master@{#37456}
Currently only property queries are supported.
This CL also factores out prototype chain iteration logic.
GetPropertyStub is not used yet.
BUG=v8:4911
LOG=Y
Review-Url: https://codereview.chromium.org/2087863002
Cr-Commit-Position: refs/heads/master@{#37455}
This turns the blacklist back into a white-list adding all binary operations as allowed operations. The one known fix is that it forces canonicalization of the double-hole as double constant.
BUG=chromium:621147
Review-Url: https://codereview.chromium.org/2106393002
Cr-Commit-Position: refs/heads/master@{#37452}
This removes the need to thread through frame states for eager bailout
points from the call-site into the reduction helper. The node under
reduction is known to JSBinopReduction, frame states are loaded late.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2112643006
Cr-Commit-Position: refs/heads/master@{#37450}
Reason for revert:
Found to break SAP Web IDE, and these semantics are not shipped in any other browser.
Revert to legacy semantics while assessing web compatibility.
BUG=chromium:624318
Original issue's description:
> Put RegExp js code in strict mode
>
> src/js/regexp.js was one of the few files that was left in sloppy
> mode. The ES2017 draft specification requires that writes to
> lastIndex throw when the property is non-writable, and test262
> tests enforce this behavior. This patch puts that file in strict
> mode.
>
> BUG=v8:4504
> R=yangguo@chromium.org
> LOG=Y
>
> Committed: https://crrev.com/80b1b2a45bbd9bf3d08e4e6516acfaaa8f438213
> Cr-Commit-Position: refs/heads/master@{#34801}
TBR=yangguo@chromium.org,adamk@chromium.org
Review-Url: https://codereview.chromium.org/2112713003
Cr-Commit-Position: refs/heads/master@{#37449}
In the current implementation of wasm an unrepresentable input of the
float32-to-int32 conversion is detected by first truncating the input, then
converting the truncated input to int32 and back to float32, and then checking
whether the result is the same as the truncated input.
This input check does not work on arm and arm64 for an input of (INT32_MAX + 1)
because on these platforms the float32-to-int32 conversion results in INT32_MAX
if the input is greater than INT32_MAX. When INT32_MAX is converted back to
float32, then the result is (INT32_MAX + 1) again because INT32_MAX cannot be
represented precisely as float32, and rounding-to-nearest results in (INT32_MAX
+ 1). Since (INT32_MAX + 1) equals the truncated input value, the input appears
to be representable.
With the changes in this CL, the result of the float32-to-int32 conversion is
incremented by 1 if the original result was INT32_MAX. Thereby the detection of
unrepresenable inputs in wasm works. Note that since INT32_MAX cannot be
represented precisely in float32, it can also never be a valid result of the
float32-to-int32 conversion.
@v8-mips-ports, can you do a similar implementation for mips?
R=titzer@chromium.org, Rodolph.Perfetta@arm.com
Review-Url: https://codereview.chromium.org/2105313002
Cr-Commit-Position: refs/heads/master@{#37448}
Having presubmit called from within the test runner often
requires logic to remove the call again.
After the GN transition it would be better if presubmit is
called by a wrapper script if needed at all. It is run
on upload and on the tryservers anyways.
BUG=chromium:474921
Review-Url: https://codereview.chromium.org/2114653002
Cr-Commit-Position: refs/heads/master@{#37447}
This executes an action as part of the build, writing a json
configuration that includes all build flags relevant to v8
testing.
The test runner will derive all build-dependent flags from
the file if it detects it.
BUG=chromium:474921
Review-Url: https://codereview.chromium.org/2106423002
Cr-Commit-Position: refs/heads/master@{#37446}
