Smi::LexicographicCompare: signed integer overflow on negation.
Drive-by improvement: reduce number of branches.
RegExpQuantifier: signed integer overflow on multiplication.
DateCache::DaylightSavingsOffsetInMs: signed integer overflow
on addition.
Bug: v8:3770,chromium:923466,chromium:923642,chromium:923626
Change-Id: If7d995a13893d1315449ee0bab8b5f2553e170f5
Reviewed-on: https://chromium-review.googlesource.com/c/1436229
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59143}
NativeRegExpMacroAssembler::Match() can return either a Result sentinel
or an int indicating the number of matches, so it should return a plain
int which we can only safely cast to Result or IrregexpResult when it's
guaranteed to be the former case.
Bug: v8:3770
Change-Id: I4c3447e0cdebd5f825964e086574ab504a1799cd
Reviewed-on: https://chromium-review.googlesource.com/c/1435735
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59142}
Since we allocate raw zone memory for its inputs right behind the Node
object anyway, drop the previously OOB-accessed 1-element array within
the Node and use address computation to get to the inputs storage.
Note that this saves one pointer per Node, except for Nodes with zero
inputs, where it uses 1*sizeof(Use) more memory than before.
Bug: v8:3770
Change-Id: I7f5965c6f1b49013eb7f5a447b685d47decaa8fb
Reviewed-on: https://chromium-review.googlesource.com/c/1436218
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59141}
This reverts commit 3145505ad3.
Reason for revert: breaks jumbo build due to interpreter::Register using declaration
Original change's description:
> [turbofan] Support new.target in the serializer.
>
> Bug: v8:7790
> Change-Id: Ie98cff6f8b1f184c8152952cc3d39e373c93565d
> Reviewed-on: https://chromium-review.googlesource.com/c/1435943
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59118}
TBR=neis@chromium.org,mslekova@chromium.org
Change-Id: I81369da5e7a9b3ec946737bbb2fc349b51e3bd7f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7790
Reviewed-on: https://chromium-review.googlesource.com/c/1440116
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59139}
The ZX_VM_FLAG_PERM_* names have been deprecated in favour of the
ZX_VM_PERM_* form, and will shortly be removed from the Fuchsia SDK.
Bug: chromium:925597
Change-Id: Ic05912cbf9758915e1bc97c41c682aee028a3b5d
Reviewed-on: https://chromium-review.googlesource.com/c/1437817
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Wez <wez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59138}
If running under debugger:
1. Output from _v8_internal_Print_Object into debugger's command window
2. Break into debugger before aborting
Change-Id: I49e4d83c817e6588c4679c9fb9766602927542db
Reviewed-on: https://chromium-review.googlesource.com/c/1435771
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59137}
Two small changes were done as part of the port:
- Changes TypedArrayInitializeWithBuffer from a TFS builtin to a macro.
It was only called from ConstructByArrayBuffer and this removes the
overhead of the TFS call.
- Introduces a GetTypedArrayElementsInfo that retrieves both the element
size and map. Instead of generating the elements kind switch code (
DispatchTypedArrayByElementsKind) twice, just generate once at the
beginning of CreateTypedArray.
This reduces overall builtins size by 364 bytes (Mac x64.release)
- Before
1364 - TypedArrayInitializeWithBuffer
6468 - CreateTypedArray
- After
7468 - CreateTypedArray
This also improves performance of TypedArray JSPerf benchmarks
(SubarrayNoSpecies, ConstructByArrayBuffer) by 5-8%.
Bug: v8:7161
Change-Id: I68eed2ea4db103f44ad9751229c29fba9bc9d24d
Reviewed-on: https://chromium-review.googlesource.com/c/1437822
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59135}
Previously, macros that returned true for "ShouldBeInlined" were only
compiled if they were called, which made it impossible to
type/semantic check all Torque code (e.g. newly added methods to
structs). One might argue that all code should be tested (and thus
through inlining compiled), but for prototyping, the skipped
compilations were definitely annoying.
As part of this change, added a ShouldGenerateExternalCode method to
declarables (by default returns !ShouldBeInlined) that makes it
possible to suppresses C++ code generation for any method. To
support this at the lowest level, a NullOStream classes is added as
part of this patch.
Finally, added support for generating C++ for passing structs as label
parameters to run previously inlined methods through the
implementation-visitor for non-inlined compilation.
Bug: v8:7793
Change-Id: I8ce23382e12ddc25f46222c25729c82433040a73
Reviewed-on: https://chromium-review.googlesource.com/c/1434378
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59134}
Store the WasmError longer and only creating the heap Error object (via
ErrorThrower) right before it's being used. This prevents a
DeferredHandleScope and simplifies code a lot.
R=mstarzinger@chromium.org
Bug: v8:8689
Change-Id: Iad98f6facaf1914e4d31edde4221ed8789c1fbfa
Reviewed-on: https://chromium-review.googlesource.com/c/1439116
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59133}
This adds preliminary support for exception handling to the interpreter.
Note that due to missing reference type support, the exception object is
not yet correctly put onto the operand stack. Also exceptions raised by
call operations are not handled properly yet.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8091
Change-Id: Ie68ca9448c7beafe8967dff5bb5de6642edcc9e4
Reviewed-on: https://chromium-review.googlesource.com/c/1436017
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59131}
If the context is in strict mode, then we can avoid iterating the
stack since we cannot go stricter than that.
Bug: chromium:925289
Change-Id: I422176c85f2dfd9176a60bc7c3a7674f96238bd0
Reviewed-on: https://chromium-review.googlesource.com/c/1439396
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59130}
Vars without initialisers don't need to allocate a VariableProxy, as the
proxy expression is not really needed for anything. So, we can special
case declaration parsing to look ahead for a '=' (plus a few other
cases), and skip the variable proxy allocation if it isn't there.
As a side-effect, variables that are only declared but never used are
no longer marked is_used, and thus not allocated. This saves on
generating dead code.
Change-Id: Ie4f04c6b5c1138df4c2e17acf1f0150459b3b571
Reviewed-on: https://chromium-review.googlesource.com/c/1434376
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59129}
Now that I saw the typo I cannot unsee it anymore, but somehow this
typo went unrecognized for nearly 12 months (since
https://crrev.com/c/904443).
R=ahaas@chromium.org
Bug: v8:8562
Change-Id: Iafaeb2313dcfa305007c3c87e8f0440d8b15980e
Reviewed-on: https://chromium-review.googlesource.com/c/1436021
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59125}
The API for serialized modules changed a bit in version 7.3. The old
API is deprecated, hence remove it in 7.4.
R=mstarzinger@chromium.org, ulan@chromium.org
Bug: chromium:912031
Change-Id: Ib1a55dc88db9e98aef03006caf8cdc1be4f85b9f
Reviewed-on: https://chromium-review.googlesource.com/c/1436020
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59122}
The ToDateString builtin now uses StringStream to format dates
instead of SNPrintF. The patch also implements a new allocator
based on SSO that's able to expand automatically.
Bug: v8:7770
Change-Id: I23e03ec06fcfc7bda1e5abb1ac82637e5c9ddc95
Reviewed-on: https://chromium-review.googlesource.com/c/1425905
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59119}
This CL changes 'HasNext' to 'HasFrame' and 'Next' to 'Advance' to
better reflect the semantics of the iterator.
'Next' usually returns the next element.
R=jgruber@chromium.org
Bug: v8:8562
Change-Id: Idbd1c084c39dd4a10c1c6a6db7782637b9b16cc4
Reviewed-on: https://chromium-review.googlesource.com/c/1436023
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59117}
The implicit constructor is deprecated since version 7.3, hence can be
removed in 7.4.
R=ulan@chromium.org
Change-Id: I54a530240648c1721924195d7fccc157d483e6d8
Reviewed-on: https://chromium-review.googlesource.com/c/1436018
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59116}
This reverts commit c9616b0fcb.
Reason for revert: Fails gc-stress tests: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Mac64%20GC%20Stress/5460
Original change's description:
> Infer the language mode instead of passing it as a parameter to builtins
>
> It is better to infer the language mode from the context and the closure
> instead of getting it from the feedback vector. This will allow us to use
> some of these builtins even when feedback vectors are not allocated.
> Language mode is only needed to decide if we need to throw an exception
> when a store fails. This is on a slow path and hence deriving the language
> mode is not on critical path.
>
> Bug: v8:8580
> Change-Id: Id0d8e78d35046f015b5cdc15d5fc3f8a17dd8757
> Reviewed-on: https://chromium-review.googlesource.com/c/1421924
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59113}
TBR=mythria@chromium.org,verwaest@chromium.org
Change-Id: I584b41ca4d396165a3a294b7facee30f0c4f4a7f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8580
Reviewed-on: https://chromium-review.googlesource.com/c/1436025
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59114}
It is better to infer the language mode from the context and the closure
instead of getting it from the feedback vector. This will allow us to use
some of these builtins even when feedback vectors are not allocated.
Language mode is only needed to decide if we need to throw an exception
when a store fails. This is on a slow path and hence deriving the language
mode is not on critical path.
Bug: v8:8580
Change-Id: Id0d8e78d35046f015b5cdc15d5fc3f8a17dd8757
Reviewed-on: https://chromium-review.googlesource.com/c/1421924
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59113}
No difference in behavior because the other branch of the condition
already allowed positive 0.
Change-Id: Ia31d3366f882b5eaf004f17d26e4213f8de57794
Reviewed-on: https://chromium-review.googlesource.com/c/1435936
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59111}
The test runner is stuck on start-up otherwise.
TBR=sergiyb@chromium.org
NOTRY=true
Bug: v8:8552
Change-Id: Ief2632ce168f83ae33bc9ae1f7edee152505cae9
Reviewed-on: https://chromium-review.googlesource.com/c/1437276
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59107}
This is part of an effort to improve the performance of TA#subarray.
Bug: v8:7161
Change-Id: Iffd469ca6528710c28cc454604a725ca9748359d
Reviewed-on: https://chromium-review.googlesource.com/c/1435768
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59105}
An enum-typed value should never have a value outside of that enum's
range.
This patch enforces that in Debug mode, while in Release mode keeping
the previous behavior of returning "UnknownOpcode" as the mnemonic for
illegal IrOpcode values to ease debugging.
Bug: v8:3770
Change-Id: I83a5a356f1fb7a266921940a4495f1d39a1823cd
Reviewed-on: https://chromium-review.googlesource.com/c/1436221
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59102}
Not even when copying 0 bytes. Same for memmove and memcmp.
Bug: v8:3770
Change-Id: I3ed45a4572467ec7a9fc697ac28c004aa9b8b274
Reviewed-on: https://chromium-review.googlesource.com/c/1436217
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59101}
The Memory<T>(address) helper requires the address to be aligned. Since
values embedded into ia32/x64 code can in general be unaligned, we must
use ReadUnalignedValue/WriteUnalignedValue to manipulate them.
Bug: v8:3770
Change-Id: I12c3fc6aa09062dcc9188b6782ed4a35e1d684bd
Reviewed-on: https://chromium-review.googlesource.com/c/1436223
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59100}
Anyref parameters can exist across GC runs. Therefore the GC has to
know where anyref parameters are on the stack so that it can mark them
in its marking phase, and update them in the compaction phase.
Already in a previous CL we grouped all anyref parameters so that they
can be found more easily in a stack frame, see
https://crrev.com/c/1371827. In this CL we implement the stack scanning
itself.
Note that anyref parameters are not scanned while iterating over the
caller's frame (to which they actually belong), but while iterating
over the callee's frame. The reason is that with tail-calls, only the
callee knows how many tagged stack parameters (aka anyref parameters)
there are.
R=mstarzinger@chromium.orgalso-by=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I7a41ce11d06c0d420146fdb0bb8d5606f28824d7
Reviewed-on: https://chromium-review.googlesource.com/c/1424955
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59099}
This CL changes Array#sort to use the generic path for fast elements
kinds if --force-slow-path is present. Note that the IsFastJSArray macro
includes this check but not the Cast itself.
R=jgruber@chromium.org
Bug: v8:8215
Change-Id: I1135ab9db15effd86020f49f4ae23ba1e1da07f8
Reviewed-on: https://chromium-review.googlesource.com/c/1435940
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59097}
This fixes a corner case with the matching for a {UBFX} instruction.
According to the ISA reference "UBFX Rd, Rn, #lsb, #width" is only valid
for "#width" in the [1;32-#lsb] range. Specifically a "#width" of 0 is
invalid but was not checked against by the instruction selector.
R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-924905
BUG=chromium:924905
Change-Id: I470671282b215be62dfd147a619a0d317f7cc746
Reviewed-on: https://chromium-review.googlesource.com/c/1435939
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59096}
Inferring the language mode involves iterating the stack to find the
closure. This is an expensive operation and should be done only when
required. This cl changes the implementation to infer the language
mode only when we can't defer it any further. Currently, we infer the
language mode when throwing an exception or when passing this
information to PropertyCallbackArguments.
This cl also changes the language mode parameter to SetProperty
related methods to Maybe<ShouldThrow>. We only use the language mode to
decide if we need to throw and using ShouldThrow instead of language
mode simplifies the code by avoiding conversions from Maybe<ShouldThrow>
to Maybe<LanguageMode> and vice-versa.
Bug: v8:8580, chromium:923820, chromium:925289
Change-Id: I72497497f62fe0d86fcecd57b06b3183b7531f7b
Reviewed-on: https://chromium-review.googlesource.com/c/1425912
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59094}
