Later manipulation of Array.prototype.concat could lead to calling the Date constructor with empty arguments list. This let a non-mocked date slip in.
BUG=chromium:698097
NOTRY=true
TBR=yangguo@chromium.org,mstarzinger@chromium.org
Change-Id: Ib4bd97e06ea7be8c32d0057d42943f9f82ea6b5f
Reviewed-on: https://chromium-review.googlesource.com/449732
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43570}
The old proxy only mocked out constructor calls and didn't intercept function application. It also kept the original constructor property, through which non-mocked dates could be constructed again.
BUG=chromium:697870
NOTRY=true
R=mstarzinger@chromium.org,yangguo@chromium.org
Change-Id: Icb4ef22342424f95463a7a9c57fa0bb8d910ac19
Reviewed-on: https://chromium-review.googlesource.com/448564
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43569}
WASM interpreter requires that parameters are stored in big-endian natural
memory order (higher bits on lower addresses and lower bits on higher address).
On the other hand, WASM compiled code naturally stores data in memory in
little-endian order. This CL implements big-endian support for passing
double and int64 parameters to WASM interpreter.
TEST=cctest/test-wasm-interpreter-entry/TestArgumentPassing_int64,
cctest/test-wasm-interpreter-entry/TestArgumentPassing_AllTypes
Review-Url: https://codereview.chromium.org/2721053002
Cr-Commit-Position: refs/heads/master@{#43568}
- No callbacks for std::sort of integer typed arrays when user-defined
comparison is not given
- Use template function, instead of macro, for comparison function
- Do not sort if the array size is less than or equal to 1
BUG=v8:5953
Review-Url: https://codereview.chromium.org/2726153003
Cr-Commit-Position: refs/heads/master@{#43565}
This involved adding a count_ member to SloppyBlockFunctionMap, so
to avoid making DeclarationScope larger, this patch makes the
creation of the map lazy, thus reducing the size of DeclarationScope
by several words in the process.
BUG=chromium:688567
Change-Id: If9a9eb2ccc01690fe10edadb3aa9625454ff4a19
Reviewed-on: https://chromium-review.googlesource.com/448701
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43558}
This makes the assumption about new-space allocation in the CSA more clear.
Additionally AllocateInNewSpace asserts that the allocation will fit in the
new-space in a debug build.
Change-Id: Ica5e7e12656dcdaa2c739b3d300fdcbaeb2355a2
Reviewed-on: https://chromium-review.googlesource.com/448043
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43557}
- Implements Select instructions using a single ARM vbsl instruction.
- Renames boolean machine operators to match renamed S1xN machine types.
- Implements S1xN vector logical ops, AND, OR, XOR, NOT for ARM.
- Implements S1xN AnyTrue, AllTrue ops for ARM.
- Eliminates unused SIMD op categories in opcodes.h.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2711863002
Cr-Commit-Position: refs/heads/master@{#43556}
This CL fixes a bug in the implementation of the code generation of
kArm64Tst32, where the shift input operand of kArm64Tst32 was ignored.
Please take a special look at the fix in kArm64Tst. I applied the fix
there as well, but because of differences in the instruction selector
I was not able to write a test for it.
R=v8-arm-ports@googlegroups.com
BUG=v8:6028
Review-Url: https://codereview.chromium.org/2729853003
Cr-Commit-Position: refs/heads/master@{#43555}
This hack is causing false "last-resort" garbage collections.
When incremental marking is in progress and overshoots the limit,
our heuristics in the allocator request finishing the mark-compact
because V8 is in optimize-for-memory mode.
However, the mark-compact gets replaced by scavenger which leads to
retrying the allocation two times and eventually doing last resort GC
(which throws away all the marking info).
BUG=chromium:697119
Review-Url: https://codereview.chromium.org/2723003003
Cr-Commit-Position: refs/heads/master@{#43554}
BinopMatcher does not notify the reducers using it when it flips inputs to commutative operators. This leads to value numbering not being re-executed in this case. Together with the fact that value numbering might still reduce such a modified node in the case of a hash collision merging the buckets of two equivalent nodes, this leads to unpredictable behaviour.
This is the easiest fix for the problem: Always running value numbering last. This is also a performance improvement because value numbering never changes but only replaces nodes.
R=mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2728983002
Cr-Commit-Position: refs/heads/master@{#43552}
Turbofan is a lot slower than Crankshaft at constructing TypedArrays,
because we always go to the C++ builtin. Port the builtin to CSA
to improve performance, and to clean up the implementation, which is
split across multiple files and pieces at the moment.
This CL increases the performance with --future to roughly the same
as with crankshaft.
BUG=v8:5977
Change-Id: Id0d91a4592de41a3a308846d79bd44a608931762
Reviewed-on: https://chromium-review.googlesource.com/448537
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43548}
This reverts commit 5c200fa0f1.
Reason for revert: Relies on changes that were reverted.
Original change's description:
> [builtins] Delete unused TypedArrayInitialize intrinsic.
>
> This CL only deletes code. We dont call these anymore, so they are safe
> to remove.
>
> BUG=v8:5977
>
> Change-Id: I59889c3dbb9c2610f3502d582b6c307b1fb4f63b
> Reviewed-on: https://chromium-review.googlesource.com/448517
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#43543}
TBR=cbruni@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5977
Change-Id: I41f32b0b8f74bcfdf9afbd7cc150cca9f5edd199
Reviewed-on: https://chromium-review.googlesource.com/448563
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43545}
This reverts commit 5c200fa0f1.
Reason for revert: Breaks compile:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20builder/builds/23538
Maybe conflicts with a change that just landed.
Original change's description:
> [builtins] Delete unused TypedArrayInitialize intrinsic.
>
> This CL only deletes code. We dont call these anymore, so they are safe
> to remove.
>
> BUG=v8:5977
>
> Change-Id: I59889c3dbb9c2610f3502d582b6c307b1fb4f63b
> Reviewed-on: https://chromium-review.googlesource.com/448517
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#43543}
TBR=cbruni@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5977
Change-Id: Iba1611f4c93d105a4163338b59bda42ea7937443
Reviewed-on: https://chromium-review.googlesource.com/448562
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43544}
This CL only deletes code. We dont call these anymore, so they are safe
to remove.
BUG=v8:5977
Change-Id: I59889c3dbb9c2610f3502d582b6c307b1fb4f63b
Reviewed-on: https://chromium-review.googlesource.com/448517
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43543}
... instead of inlining the dispatchers' code. This should reduce the size of the generated
builtins code.
BUG=
Change-Id: Ia3f68ea8b398f049bad87f6ce93c818f0af4674f
Reviewed-on: https://chromium-review.googlesource.com/447938
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43542}
First part of relanding d2c093bcaf.
BUG=chromium:651354
Change-Id: I34ebea331d482d5039626ccff48b11ad175793ee
Reviewed-on: https://chromium-review.googlesource.com/448518
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43541}
This unifies the search for a potential {IfException} projection with
the existing predicate on {NodeProperties} used by the rest of the
system. Also contains a related drive-by change to graph builders. This
is in preparation of eliding {IfSuccess} projections when possible.
R=jarin@chromium.org
Change-Id: I8ba0ae9e9fdb69a77bce01578200ceea434535f7
Reviewed-on: https://chromium-review.googlesource.com/448039
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43540}
- Perform lane checks using FP compare instead of reinterpret casts. 0 and -0
will be different under I32 compare.
- Some arithmetic operations can generate NaN results, such as adding -Inf
and +Inf. Skip these tests until we have a way to do more sophisticated
FP comparisons in the SIMD tests.
- Eliminate a redundant F32x4 parameter for FP SIMD vector checking. We will only have this one FP type.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2594043002
Cr-Original-Commit-Position: refs/heads/master@{#42154}
Committed: 5560bbb498
Review-Url: https://codereview.chromium.org/2594043002
Cr-Commit-Position: refs/heads/master@{#43528}
Reason for revert:
Breaks tree, i.e. https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/18928/steps/Check/logs/grow-memory
Original issue's description:
> [wasm] Initial signal handler
>
> This is basically the minimum viable signal handler for Wasm bounds checks.
> It includes the TLS check and the fine grained instructions checks. These
> two checks provide most of the safety for the signal handler. Future CLs will
> add code range and data range checks for more robustness.
>
> The trap handling code and data structures are all in src/trap-handler, with
> the code that actually runs in the signal handler confined to
> src/trap-handler/signal-handler.cc.
>
> This changes adds a new V8 API that the embedder should call from a signal
> handler that will give V8 the chance to handle the fault first. For hosts that
> do not want to implement their own signal handler, we include the option to
> install a simple one. This simple handler is also used for the tests.
>
> When a Wasm module is instantiated, information about each function is passed
> to the trap handler, which is used to classify faults. These are removed during
> the instance finalizer.
>
> Several future enhancements are planned before turning this on by default.
> Obviously, the additional checks will be added to MaybeHandleFault. We are
> also planning to add a two-level CodeObjectData table that is grouped by
> isolates to make cleanup easier and also reduce potential for contending on
> a single data structure.
>
> BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
>
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Commit-Position: refs/heads/master@{#43523}
> Committed: a5af7fe9eeTBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org,eholk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2723133003
Cr-Commit-Position: refs/heads/master@{#43525}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43523}
As of version 13, delegates do not need to worry about colliding tags with the
tags reserved by v8, since v8 inserts a "host object" prefix beforehand. Thus
the format is now suitable for more general use, without opting into the "legacy"
mode that had this caveat.
Review-Url: https://codereview.chromium.org/2722213002
Cr-Commit-Position: refs/heads/master@{#43521}