The test TestExportImportedMemoryGrowMultipleInstances in
test/mjsunit/wasm/import-memory.js had a TODO about not taking into
account the maximum size for exported memory objects, thus permitting to
grow past thhe maximum specified in the exported memory object.
The check is already in place at wasm-objects.cc:266
(https://cs.chromium.org/chromium/src/v8/src/wasm/wasm-objects.cc?rcl=a01b55b548add5aec1d3d4d8fcdadfa01555c6ea&l=266).
This CL removes the TODO and asserts that growing past maximum for
exported objects fails.
R=ahaas@chromium.org, gdeepti@chromium.org
Change-Id: Ifa69e4e85e04bc2280b629cebb30d400cca9420f
Reviewed-on: https://chromium-review.googlesource.com/593948
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Enrico Bacis <enricobacis@google.com>
Cr-Commit-Position: refs/heads/master@{#47029}
This is a reland of 3f90d9f994
Original change's description:
> [Memory] Add an OnCriticalMemoryPressure method to V8::Platform.
>
> Adds virtual V8::Platform::OnCriticalMemoryPressure method, default
> implementation does nothing.
>
> Calls this method on first allocation failures in NewArray, Malloced,
> and zone AccountingAllocator and adds retry logic.
>
> Adds utility functions for allocating base::VirtualMemory to functions
> in allocation.h, which call this method and add retry logic.
>
> Calls these utility functions in heap CodeRange, Spaces, StoreBuffer
> and SequentialMarkingDeque.
>
> Bug: v8:6635
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I38afd394f3be556aca037d16675e9884658158cb
> Reviewed-on: https://chromium-review.googlesource.com/583543
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46988}
Bug: v8:6635
Change-Id: I0d70c5796f407f0ed42cfddf581d26f533f9bea8
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/593090
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47027}
The patch changes CallPrinter's AST traversal to continue even after
the first positive match for an AST node. This helps us check for the
subsequent GetIterator AST node in case of destructuring.
We can not differentiate between the function call failing and the
GetIterator failing based on source position info. This would involve
runtime checks costing performance.
Instead of providing an incorrect error, we provide both the
possiblities to user and allow them to disambiguate.
Previously,
d8> function f() { return 5; }
undefined
d8> var [a] = f();
(d8):1: TypeError: f is not a function
var [a] = f();
^
TypeError: f is not a function
at (d8):1:11
Now,
d8> function f() { return 5; }
undefined
d8> var [a] = f();
(d8):1: TypeError: f is not a function or its return value is not iterable
var [a] = f();
^
TypeError: f is not a function or its return value is not iterable
at (d8):1:11
Bug: v8:6616, v8:6513
Change-Id: I3d6427f10cae54951b0ad0e5ddcbe802bb7191c1
Reviewed-on: https://chromium-review.googlesource.com/594894
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47025}
For this testcase to run on BE, it requires Load/store
reversed byte instructions. Disabling testcase until
the necessary instructions are implemented.
R=machenbach@chromium.org, jkummerow@chromium.org
BUG=
LOG=N
Change-Id: I380c9a07030ba12e9b9e81c372496819102e2b0d
Reviewed-on: https://chromium-review.googlesource.com/595047
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#47023}
This call from inspector side is redundant, V8 will clear all breakpoints on removing debug delegate in v8::internal::Debug::Unload method.
In any case for correct support of multiclient we need to clear breakpoints in V8DebuggerAgentImpl::disable method.
R=dgozman@chromium.org
Bug: v8:5510,chromium:652939
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I66f9b97797860bad28884a099928d54ac3560428
Reviewed-on: https://chromium-review.googlesource.com/592281
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47022}
This sets the minimum semi-space size to 512K, but does not
change the initial semi-space size.
This reverts commit 774a4c5e24.
Original commit message:
> [heap] Allow a minimum semi-space size of 512K.
> This CL also reduces the minimum semi-space size to 512K.
> BUG=chromium:716032
BUG=chromium:735649
TBR=mlippautz@chromium.org
Change-Id: I1f5dd05b0851ba2b438bedcc023a5cf5f9242a81
Reviewed-on: https://chromium-review.googlesource.com/594107
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47016}
Since any deopt-count-based heuristics should be native context
dependent, it belongs in the feedback vector rather than the SFI.
Bug: v8:6402
Change-Id: I30804d58bc1dec9150558e6ee21ee5b4dbd36c8d
Reviewed-on: https://chromium-review.googlesource.com/593661
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47014}
This reverts commit 409f84c93b.
Reason for revert: Breaks nosnap debug:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/14288
Original change's description:
> [async-iteration] implement spec-change to `yield` in async generators
>
> Per https://github.com/tc39/proposal-async-iteration/pull/102/files:
>
> AsyncGeneratorResolve no longer unwraps a value component. Instead, the
> value is unwrapped before the builtin call via Await, allowing Promise
> rejections to affect the generator control flow.
>
> Thus, all `yield <expr>` implicitly become `yield await <expr>`.
>
> Additionally, `return <expr>` becomes `return await <expr>`. Finally, when
> the generator is resumed with `.return()`, the parameter passed to .return()
> is awaited before generator execution properly continues).
>
> BUG=v8:5855
> R=littledan@chromium.org, neis@chromium.org, adamk@chromium.org
>
> Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
> Change-Id: Ife084076c3ed434b5467e6aeba14082f8b410ad5
> Reviewed-on: https://chromium-review.googlesource.com/523844
> Commit-Queue: Caitlin Potter <caitp@igalia.com>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47011}
TBR=rmcilroy@chromium.org,adamk@chromium.org,yangguo@chromium.org,neis@chromium.org,littledan@chromium.org,gsathya@chromium.org,caitp@igalia.com
Change-Id: Ie6ad7e5410a3a89aab7a5dc68de36eb27b9354fe
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5855
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/593952
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47013}
Per https://github.com/tc39/proposal-async-iteration/pull/102/files:
AsyncGeneratorResolve no longer unwraps a value component. Instead, the
value is unwrapped before the builtin call via Await, allowing Promise
rejections to affect the generator control flow.
Thus, all `yield <expr>` implicitly become `yield await <expr>`.
Additionally, `return <expr>` becomes `return await <expr>`. Finally, when
the generator is resumed with `.return()`, the parameter passed to .return()
is awaited before generator execution properly continues).
BUG=v8:5855
R=littledan@chromium.org, neis@chromium.org, adamk@chromium.org
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ife084076c3ed434b5467e6aeba14082f8b410ad5
Reviewed-on: https://chromium-review.googlesource.com/523844
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47011}
Instead of auto-generating the Name() convenience accessor, use a macro to
avoid wasting code space.
BUILTIN_CODE(isolate, Name)
expands to
isolate->builtins()->builtin_handle(Builtins::kName);
This reduces the size of libv8.so by 134,752 bytes on a x64 release build.
Bug: v8:6624
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Idff7ee5c45e344e73412c0f47e92553c7c7ff75f
Reviewed-on: https://chromium-review.googlesource.com/593607
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47010}
Remove opt_count from SFI, which only had two real uses:
1. Detecting OSR in tests -- replaced with a stack walk in
%GetOptimizationStatus
2. Naming optimization log files -- replaced with the
optimization id
This allows us to remove a field from the SFI, moving the
bailout reason into the counters field.
As a drive-by, add optimization marker information (e.g.
marked for optimization) to the optimization status.
Change-Id: Id77deb5dd5439dfba058a7e1e1748de26b717d0d
Reviewed-on: https://chromium-review.googlesource.com/592028
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47009}
This reverts commit 072d0e3eb6.
Reason for revert: Performance regressions (https://crbug.com/749041).
Original change's description:
> [wasm] Allow for arbitrarily long error messages
>
> We currently have a fixed limit of 256 characters for error messages
> generated in the decoder. However, we sometimes embed names in it,
> which makes it easy to generate a crash by using long names (e.g. for
> exports) in invalid wasm modules.
> This CL fixes this by switching to a stream based interface, allowing
> to pass arbitrary objects to be printed. With this interface, we can
> easily limit the length of output later.
>
> R=titzer@chromium.org
>
> Bug: chromium:740023
> Change-Id: I2848c31c63a015157e2a3a9458b54e523060cd69
> Reviewed-on: https://chromium-review.googlesource.com/565282
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46860}
TBR=titzer@chromium.org,clemensh@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:740023, chromium:749041
Change-Id: I005a60d55dcf01d350230f8d98f715bab9c43886
Reviewed-on: https://chromium-review.googlesource.com/593807
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47008}
Print AST needs access to the internalized strings, so make sure AST
is internalized before we print it.
BUG=v8:5203
Change-Id: Ia4995147feb7ec466523a0c4a89620749b23dcab
Reviewed-on: https://chromium-review.googlesource.com/593648
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47006}
Function-granularity coverage skips functions that are both uncovered
and have an uncovered parent. This optimization needs to be tweaked once
block coverage and incremental collection is in play, as it is possible
to have a function with invocation_count == 0 (i.e. uncovered at
function granularity) that still has relevant block-granularity
coverage.
Bug: v8:6000
Change-Id: I4cc81b8a6935aa58e29d383ed4fa749cbfe69352
Reviewed-on: https://chromium-review.googlesource.com/589508
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46991}
Adds virtual V8::Platform::OnCriticalMemoryPressure method, default
implementation does nothing.
Calls this method on first allocation failures in NewArray, Malloced,
and zone AccountingAllocator and adds retry logic.
Adds utility functions for allocating base::VirtualMemory to functions
in allocation.h, which call this method and add retry logic.
Calls these utility functions in heap CodeRange, Spaces, StoreBuffer
and SequentialMarkingDeque.
Bug: v8:6635
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I38afd394f3be556aca037d16675e9884658158cb
Reviewed-on: https://chromium-review.googlesource.com/583543
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46988}
To avoid using debugging context and debugger-script.js on inspector side we can move SetScriptSource call to v8::internal::Debug. Theoretically we can move live edit implementation to native completely but since it will be reimplemented it looks redundant.
R=yangguo@chromium.org,jgruber@chromium.org
Bug: chromium:652939
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id09492c2d2a93efbde429c9cc1bc181d5fdda19b
Reviewed-on: https://chromium-review.googlesource.com/590736
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46985}
This reverts commit 176a2b24fb.
Reason for revert: performance regression on the benchmarks.
Original change's description:
> [heap] Reland "[heap] Allow a minimum semi-space size of 512K."
>
> This patch changes the semi-space size to 512K.
>
> > Original commit message:
> > Revert "[heap] Allow a minimum semi-space size of 512K."
> > This reverts commit 0d2ed6c328.
> > The CL introduced perf regressions: crbug.com/735649.
> > We are going to reland the CL in an isolated V8 roll to ensure
> > that perf regressions are attributed correctly.
>
> > Original commit message:
> > > [heap] Allow a minimum semi-space size of 512K.
> > > This CL also reduces the minimum semi-space size to 512K.
> > > BUG=chromium:716032
> > BUG=chromium:735649
>
> Change-Id: Iabc377cba2911b28d51b98bb5b85134d4e893632
> Reviewed-on: https://chromium-review.googlesource.com/575066
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46763}
TBR=ulan@chromium.org,mlippautz@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I80f8b6699f41e91512f7cec38060c829252ff95e
Reviewed-on: https://chromium-review.googlesource.com/591309
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46982}
in preparation for caching StoreIC-Transition handlers in there.
This CL should not change behavior or performance.
The TransitionArray class no longer serves a dual purpose; it is now
simply the data structure serving that role. Further, it now supports
storing transitioning handlers in its "target" slot, which in turn have
a WeakCell pointing to the transition target (but this functionality
is not being used yet).
The interface for accessing a map's transitions, previously implemented
as a set of static functions, is now handled by the TransitionsAccessor
class. It distinguishes the following internal states:
- kPrototypeInfo: map is a prototype map, will never cache any transitions.
- kUninitialized: map can cache transitions, but doesn't have any.
- kWeakCell: map caches a single transition, stored inline. Formerly known
as "IsSimpleTransition".
- kFullTransitionArray: map uses a TransitionArray to store transitions.
- kTuple3Handler, kFixedArrayHandler: to be used in the future for caching
transitioning handlers.
Change-Id: If2aa68390981f96f317b958445a6e0b935c2a14e
Reviewed-on: https://chromium-review.googlesource.com/550118
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46981}
Add UseScratchRegisterScope for MIPS and use it instead of using at register directly.
Original commit message:
`Introduce a stripped down version of UseScratchRegisterScope for ARM and use it
inside the assembler and macro-assembler. At the exception of the Call
instructions, we now use this scope instead of using the ip register
directly. This is inspired from how the ARM64 backend works.
In general, the benefit of doing this is we can catch cases where ip is being
used both by the caller and by the assembler. But more specifically, TurboFan
reserves r9 as an extra scratch register because ip can already be used by the
assembler. With this utility, we can isolate the cases in the code generator
which need an extra register and potentially fix them, allowing us to give r9
back to the register allocator.
This patch uncovered places in the assembler where we were using ip
unconditionally when we could have re-used the destination register instead.`
Bug:
Change-Id: I1a35c1661579882801605337abfc95f75b47f052
Reviewed-on: https://chromium-review.googlesource.com/574923
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#46963}
Rather than storing the isolate in compiler dispatcher jobs, which gets
weird for jobs that are entirely off-thread, instead pass the isolate
in when stepping on the main thread.
This makes it clearer which steps must be executed on the main thread,
as they require the caller to explicitly give them access to the
isolate.
Bug: v8:6537
Change-Id: I02fff7c77fdcdbfb099a38235f94d8c1040699ac
Reviewed-on: https://chromium-review.googlesource.com/589437
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46962}
With TurboFan, there should no longer be any deopt loops (aside from
bugs). So, the "too many deopts" bailout is no longer needed, at least
in its current form.
This fixes an issue where deopt counts are leaked between native
contexts, resulting in optimization being disabled unnecessarily.
Bug: v8:6402
Change-Id: Ia06374ae6b5c2d473bcdd8eef1284bf02766c2fb
Reviewed-on: https://chromium-review.googlesource.com/588894
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46961}
This includes the catch and finally keywords in the respective range.
For instance:
// Catch range previously: |<--------->|
try { /* ... */ } catch (e) { /* ... */ }
// Now: |<------------------->|
Bug: v8:6000
Change-Id: I1bd9f7fce8bb7de945da83ab512833841b9d956a
Reviewed-on: https://chromium-review.googlesource.com/586598
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46959}
Everything inside a class lives inside the class scope, so
reparenting the class scope is the only operation that
should be done to ClassLiterals during reparenting.
Bug: chromium:740591
Change-Id: Ia5b96b44ff1ca6cfa274effb5a04651809bab9bd
Reviewed-on: https://chromium-review.googlesource.com/588054
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46951}
The approach to creating compiler dispatcher jobs for inner functions after
they had been parsed didn't provide the startup benifits we hoped for due
to the need to hold onto the whole zone memory AST while waiting for the
jobs to complete.
This CL removes the ability to create these compilation jobs (which was never
enabled by default anyway). Going forward we will potentially use the
parser task approach to parse+compile inner functions in their own job.
BUG=v8:5203
Change-Id: I63134746aa23b4aa6e3bfa17c539954890fd9b0f
Reviewed-on: https://chromium-review.googlesource.com/590007
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46948}
This CL moves us much closer to the point where we can remove debugger-script.js and usage of debugger context from inspector.
There are three main parts left:
- managing breakpoints,
- inspecting stack and scopes (this CL),
- LiveEdit.
In this CL I moved all stack/scope inspection to native. As side effect running debugger and inspector tests are 10-20% faster (it's significant since not all of tests requesting break).
R=yangguo@chromium.org,jgruber@chromium.org
Bug: chromium:652939
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I409396a687e18e9c0554c0c9c35b6e1064627be8
Reviewed-on: https://chromium-review.googlesource.com/580645
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46947}
These counters handle cases in which the catch/finally block contains a jump
statement.
Bug: v8:6000
Change-Id: Ic83f11ee431edabe61f129c9abc3adc12a79c338
Reviewed-on: https://chromium-review.googlesource.com/586595
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46945}
We must ensure required root objects will be filled when such
objects will be deserialized.
Change-Id: I25136d31cb2e0c0a69a51c5635192f17bbe2a9ba
Reviewed-on: https://chromium-review.googlesource.com/579768
Commit-Queue: Vyacheslav Chigrin <vchigrin@yandex-team.ru>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46944}
We've been passing a context to the compiler, which turns out to be
solely used to determine if we're executing in a specific cctest configuration.
This change adds a configuration to the graph builder that we can use to
explicitly opt out of stack checks and traps. CcTests default to opting out,
except for the few that don't.
Bug:
Change-Id: I4724e31c2a62e9b3ab4feadb788287c374b39f53
Reviewed-on: https://chromium-review.googlesource.com/585779
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46943}
This fixes the second-order Array.prototype function {forEach} and {map}
to now perform a callability check of the given callback function. For
empty arrays it is observable whether such a check outside the loop has
been elided or not.
R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-crbug-747062
BUG=chromium:747062
Change-Id: I1bbe7f44b3b3d18e9b41ad0436975434adf84321
Reviewed-on: https://chromium-review.googlesource.com/588893
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46942}
Reland of https://chromium-review.googlesource.com/c/558290/
Makes compiler dispatcher jobs an abstract interface, with unoptimized
compile jobs as an implementation of this interface.
Bug: v8:6537
Change-Id: Ia85781f72c7aaca497896ca4efa91ada97e43b1c
Reviewed-on: https://chromium-review.googlesource.com/589154
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46940}
In the process, cleanup some of the maths and functionality used to setup
descriptors and compute parameters. Also cleanup and correct the context
passing.
Change-Id: I6b6629bc81ef1c03425332dd6eadf3085efec7c9
Reviewed-on: https://chromium-review.googlesource.com/588892
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46938}
Note that this also renames the existing "asm_wasm" variant to use the
more appropriate "stress_asm_wasm" name.
R=rmcilroy@chromium.org
BUG=v8:6409
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I1f9550cd03874c678f4583047a4e123a6f090250
Reviewed-on: https://chromium-review.googlesource.com/584879
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46937}
Instead of having feedback vector as a subtype of FixedArray with
reserved slots, make it a first-class variable-sized object with a
fixed-size header. This allows us to compress counters to ints in the
header, rather than forcing them to be Smis.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Icc5f088ffbc2e2651b845bc71ea42060639e3e48
Reviewed-on: https://chromium-review.googlesource.com/585129
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46935}
