The test still runs into the 240s timeout on Nexus5 and
Nexus7.
NOTRY=true
TBR=adamk, caitp
Review-Url: https://codereview.chromium.org/2406173002
Cr-Commit-Position: refs/heads/master@{#40151}
This test is timing out in gc-stress mode since RegExp.prototype.test
was moved to C++. RE.proto.test will be improved shortly, and this test
should be reenabled then.
BUG=v8:5339
NOTRY=true
Review-Url: https://codereview.chromium.org/2407133002
Cr-Commit-Position: refs/heads/master@{#40150}
Reason for revert:
Fails under LeakSanitizer on auto-roll fyi bot:
https://build.chromium.org/p/client.v8.fyi/builders/Auto-roll%20-%20release%20process/builds/49447
Original issue's description:
> [modules] Store Module metadata in per-Context EmbedderData
>
> Unifies the approaches used for storing the specifier -> module mapping
> and the module -> directory mapping, using std::unordered_maps for both
> and storing them per-Context.
>
> This requires adding a method to the v8::Module API to get a hash code
> for a Module, but allows slimming down the API in return: gone are
> SetEmbedderData/GetEmbedderData, along with the fourth argument
> to ResolveModuleCallback.
>
> Besides a simpler API, this allows d8 to get closer to the HTML loader,
> which requires each Realm to have a persistent module map (though this
> capability is not yet exercised by any tests).
>
> BUG=v8:1569
>
> Committed: https://crrev.com/9cf8fce74cf6e7afd6aea3f3545f6bb61572f277
> Cr-Commit-Position: refs/heads/master@{#40133}
TBR=jochen@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2406973003
Cr-Commit-Position: refs/heads/master@{#40145}
* Inspector should depend on v8_libbase, v8 depedency is added in conditions section.
* Inlined sources since they aren't used outside of this gyp file.
BUG=chromium:635948
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2408833002
Cr-Commit-Position: refs/heads/master@{#40139}
- Make testcfg.py ignore files ending in "_FIXTURE.js", which are not supposed
to be tested standalone but only as imports to other modules.
- Refine test262.status to match where we are with the modules implementation.
BUG=v8:1569
R=adamk@chromium.org
Review-Url: https://codereview.chromium.org/2400713004
Cr-Commit-Position: refs/heads/master@{#40134}
Unifies the approaches used for storing the specifier -> module mapping
and the module -> directory mapping, using std::unordered_maps for both
and storing them per-Context.
This requires adding a method to the v8::Module API to get a hash code
for a Module, but allows slimming down the API in return: gone are
SetEmbedderData/GetEmbedderData, along with the fourth argument
to ResolveModuleCallback.
Besides a simpler API, this allows d8 to get closer to the HTML loader,
which requires each Realm to have a persistent module map (though this
capability is not yet exercised by any tests).
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2393303002
Cr-Commit-Position: refs/heads/master@{#40133}
Extend a test of namespace imports such that it accesses the object inside a
with statement (inside a sloppy function).
Drive-by-fix: remove duplicate initialization of embedder data (probably due to
bad merge).
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2405603003
Cr-Commit-Position: refs/heads/master@{#40129}
Also add a test for when the first argument is null or undefined, as there are no tests that cover this currently.
BUG=v8:5364
Review-Url: https://codereview.chromium.org/2399423003
Cr-Commit-Position: refs/heads/master@{#40127}
The spurious failures were caused by the compiled module
template and its corresponding owning object getting out of
sync due to memory allocations (which may trigger GC)
between the points each were fetched.
Specifically, the {original} was first obtained; then a GC
may happen when cloning the {code_table}. At this point,
the {original}'s owner may have been collected, getting us
down the path of not cloning. When time comes to patch up
globals, we incorrectly try to patch them assuming the
global start is at 0 (nullptr), which in fact it isn't.
This change roots early, in a GC-free area, both objects.
Additionally, it avoids publishing to the instances chain
the new instance until the very end. This way:
- the objects used to create the new instance offer a
consistent view
- the instances chain does not see the object we try to
form. If something fails, we can safely retry.
- since the owner is rooted, the state of the front of the
instances chain stays unchanged - with the same compiled
module we started from. So the early belief that we needed
to clone is not invalidated by any interspersed GC.
This situation suffers from a sub-optimality discussed in
the design document, in that, in a memory constrained
system, the following snippet may surprisingly fail:
var m = new WebAssembly.Module(...);
var i1 = new WebAssembly.Instance(m);
i1 = null;
var i2 = new WebAssembly.Instance(m); //may fail.
This will be addressed subsequently.
BUG=v8:5451
Review-Url: https://codereview.chromium.org/2395063002
Cr-Commit-Position: refs/heads/master@{#40126}
This CL ports RegExp.prototype.test, RegExp.prototype.match
and RegExp.prototype.search to C++.
Performance regressions are expected but should be improved
in an upcoming CL.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2394713003
Cr-Commit-Position: refs/heads/master@{#40122}
- Adds an optional representation field to VReg and TestOperand structs.
- Adds a simple FP allocation test to register-allocator-unittest.cc.
- Adds some simple FP tests to move-optimizer-unittest.cc.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2400513002
Cr-Commit-Position: refs/heads/master@{#40117}
The CL #39795 (https://codereview.chromium.org/2345593003 ) added MultiReturnSelect_f32/MultiReturnSelect_f64 tests.
Because those tests need 2 float point return registers and x87 only has 1 FP return register, Those tests failed at x87 port.
This CL skips MultiReturnSelect_f32/MultiReturnSelect_f64 tests for x87.
BUG=
Review-Url: https://codereview.chromium.org/2405743002
Cr-Commit-Position: refs/heads/master@{#40113}
If an inner function only declares a variable but doesn't use it, Parser
and PreParser produced different unresolved variables, and that confused
the pessimistic context allocation.
This is continuation to https://codereview.chromium.org/2388183003/
This CL fixes more complicated declarations (which are not just one
identifier). For this, PreParser needs to accumulate identifiers used
in expressions.
In addition, this CL manifests FLAG_lazy_inner_functions in tests, so that
we get clusterfuzz coverage for it.
BUG=chromium:650969, v8:5501
Review-Url: https://codereview.chromium.org/2400613003
Cr-Commit-Position: refs/heads/master@{#40112}
There were once plans to generate cross-context code with TurboFan,
however that doesn't fit into the model anymore, and so all of this
is essentially dead untested code (and thus most likely already broken
in subtle ways). With this mode still in place it would also be a lot
harder to make inlining based on SharedFunctionInfo work.
BUG=v8:2206,v8:5499
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2406803002
Cr-Commit-Position: refs/heads/master@{#40109}
Updated the deserialization API to avoid copying uncompiled
bytes.
BUG=
Review-Url: https://codereview.chromium.org/2404673002
Cr-Commit-Position: refs/heads/master@{#40108}
String16 is not public part of src/inspector. All usage are replaced with vector of char/unit16_t to avoid potential linker problems.
BUG=chromium:635948
R=dgozman@chromium.org,machenbach@chromium.org
Review-Url: https://codereview.chromium.org/2403493002
Cr-Commit-Position: refs/heads/master@{#40098}
Reason for revert:
Needed to revert https://codereview.chromium.org/2400343002/
Original issue's description:
> [parser] Deprecate ParseInfo constructor taking closure.
>
> This removes the {ParseInfo} constructor consuming a closure, replacing
> all uses to pass only the shared function info. The goal is to make the
> fact that parsing is independent of a concrete closure explicit.
>
> R=jochen@chromium.org
> BUG=v8:2206
>
> Committed: https://crrev.com/3de42b3f224217ec88e4c609d3cf23fe06806dca
> Cr-Commit-Position: refs/heads/master@{#40083}
TBR=jochen@chromium.org,bmeurer@chromium.org,marja@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2206
Review-Url: https://codereview.chromium.org/2406623002
Cr-Commit-Position: refs/heads/master@{#40097}
This implements namespace imports (import * as foo from "bar"), except for the
@@iterator property on namespace objects (to be done later).
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2388153003
Cr-Commit-Position: refs/heads/master@{#40096}
Found with libfuzzer. The length is automatically converted to int (thus
large sizes could become negative, even though they are legal "array sizes").
Besides that, the length is coerced to a SMI (which is an even tighter
constraint on 32-bit systems, where it limits the legal sizes to 2^30 - 1).
Add checks that the length of a dense array is below that threshold, and also
fail fast if a length that is provided obviously could not be the correct dense
length (because there isn't enough data left in the buffer to populate such an
array).
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2399873002
Cr-Commit-Position: refs/heads/master@{#40094}
Previously this would result in applying trying to find a size modulo zero,
which causes SIGFPE. This approach was preferred over adding a default case
to preserve the ability of the compiler to detect unhandled switch cases
(within the valid range of the enum).
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2395073003
Cr-Commit-Position: refs/heads/master@{#40088}
(GcStress failure was unrelated.)
At one time, we hoped to generate the same code for different
native contexts. But in truth, much performance comes from optimizing
on the native context. Now we abandon this pathway.
BUG=
TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
Review URL: https://codereview.chromium.org/2402663002 .
Cr-Commit-Position: refs/heads/master@{#40086}
The create.js file is loaded unconditionally in run.js,
therefore we need to add it to resources, otherwise it
fails on Android.
TBR=caitp@igalia.com
NOTRY=true
Review-Url: https://codereview.chromium.org/2401883002
Cr-Commit-Position: refs/heads/master@{#40084}
This removes the {ParseInfo} constructor consuming a closure, replacing
all uses to pass only the shared function info. The goal is to make the
fact that parsing is independent of a concrete closure explicit.
R=jochen@chromium.org
BUG=v8:2206
Review-Url: https://codereview.chromium.org/2396963003
Cr-Commit-Position: refs/heads/master@{#40083}
This reverts commit 7db0ecdec3.
Manual revert since automatic revert is too large for the web interface.
BUG=
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,ahaas@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
Review-Url: https://codereview.chromium.org/2396353002
Cr-Commit-Position: refs/heads/master@{#40082}
Reason for revert:
Possible GCSTRESS failure, investigating.
Original issue's description:
> [turbofan] Discard the shared code entry in the optimized code map.
>
> At one time, we hoped to generate the same code for different
> native contexts. But in truth, much performance comes from optimizing
> on the native context. Now we abandon this pathway.
>
> BUG=
>
> Committed: https://crrev.com/55af3c44c99a6e4cd6d53df775023d760ad2b2c3
> Cr-Commit-Position: refs/heads/master@{#40079}
TBR=mstarzinger@chromium.org,ishell@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2403453002
Cr-Commit-Position: refs/heads/master@{#40081}
At one time, we hoped to generate the same code for different
native contexts. But in truth, much performance comes from optimizing
on the native context. Now we abandon this pathway.
BUG=
Review-Url: https://codereview.chromium.org/2401653002
Cr-Commit-Position: refs/heads/master@{#40079}
The _ParseException function in testcfg.py made incorrect assumptions about how
exceptions are printed (I believe it expected a trace like that produced by
Error).
R=littledan@chromium.org
BUG=v8:5136
Review-Url: https://codereview.chromium.org/2386103010
Cr-Commit-Position: refs/heads/master@{#40078}
This implicitly convers parseFloat on the global object as well, since
it's the same function. This is mostly straight-forward, but adds
another fast case for HeapNumbers as well.
R=ishell@chromium.org
Review-Url: https://codereview.chromium.org/2395373002
Cr-Commit-Position: refs/heads/master@{#40072}
- Added gating code in the module-decoder to allow SIMD code only when
it can be decoded correctly
- SIMD128 values should not be exported to JS
- Try/Catch should not be available in asmjs modules
- Trivial fixes for S128 values
BUG=chromium:648079
R=ahaas@chromium.org, titzer@chromium.org, bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2400863003
Cr-Commit-Position: refs/heads/master@{#40067}
One step closer to the informally-agreed upon specification
that structured cloning will always succeed, meaning, if
we fail to deserialize (e.g. because version mismatch in
serialized format and v8 version), we recompile.
As part of this work, the deserializer will need to become
more resilient to invalid input data, and fail graciously
rather than CHECK-ing. This CL addresses some of that,
sufficient to unblock the current serialization tests.
Subsequent CLs will add more testing and the appropriate
fixes.
BUG=639090
Review-Url: https://codereview.chromium.org/2395793003
Cr-Commit-Position: refs/heads/master@{#40058}
This patch sets `this` to be undefined when calling resolve and reject
functions attached to the deferred.
BUG=v8:5476
Review-Url: https://codereview.chromium.org/2399053003
Cr-Commit-Position: refs/heads/master@{#40056}
A new V8 API object v8::TracingCpuProfiler is introduced.
Client can create it on an isolate to enable JS CPU profiles collected
during tracing session.
Once the v8.cpu_profile2 tracing category is enabled the profiler emits
CpuProfile and CpuProfileChunk events with the profile data.
BUG=chromium:406277
Review-Url: https://codereview.chromium.org/2396733002
Cr-Commit-Position: refs/heads/master@{#40054}
Imports and exports in 0xC can be much more than functions, including
tables, memories, and globals. This CL refactors the underlying
organization of imports and exports to support these new import types.
BUG=
Committed: https://crrev.com/599f8a83420346d9cba5ff97bd2a7520468207b6
Review-Url: https://codereview.chromium.org/2390113003
Cr-Original-Commit-Position: refs/heads/master@{#40033}
Cr-Commit-Position: refs/heads/master@{#40050}
This enables the {BytecodeGraphBuilder} whenever heuristics in the
compilation pipeline determine both Ignition and TurboFan to be used.
There no longer needs to be an explicit flag passed in order to build
graphs from bytecode.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2363413005
Cr-Commit-Position: refs/heads/master@{#40045}
With this CL, we devolve all Constants introduced as they are with an object handle into
* Range - for integers
* Nan
* MinusZero
* OtherNumberConstant - for doubles
* HeapConstant
We reduce the amount we have to inspect an object handle during optimization. Also, simplifications result. For example, you never have to check if a Range contains a HeapConstant.
BUG=
Review-Url: https://codereview.chromium.org/2381523002
Cr-Commit-Position: refs/heads/master@{#40041}
Imports and exports in 0xC can be much more than functions, including
tables, memories, and globals. This CL refactors the underlying
organization of imports and exports to support these new import types.
BUG=
Review-Url: https://codereview.chromium.org/2390113003
Cr-Commit-Position: refs/heads/master@{#40033}
The scavenger should never consider mark bits for promotion/copy as this creates
weird livetimes at the start of incremental marking. E.g. consider an object
marked black by the marker at the start of incremental marking. A scavenge would
promote it to the old generation although it could --and for short-living
objects actually does-- become unreachable during marking
Also, keeping this invariant significantly simplifies young generation mark
compacting as we can compare against the scavenging decision without keeping
different sets of markbits.
BUG=chromium:651354
R=hpayer@chromium.org
Review-Url: https://codereview.chromium.org/2397713002
Cr-Commit-Position: refs/heads/master@{#40026}
Fixes:
- Remove OsrGuards on frame specialization (for asm.js).
- Handle the rename in the walk for native context.
- Fix LoadContext effect wiring for Osr context chains.
Review-Url: https://codereview.chromium.org/2388303006
Cr-Commit-Position: refs/heads/master@{#40021}
v8::Integer::Value() method returns int64 but all scriptIds are 32 bit based. We can safely cast int64 into int here to make compilers happy.
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2394973002
Cr-Commit-Position: refs/heads/master@{#40016}
On PPC64 linux the OS page size is 64KB, therefore when the
snapshot is created the serialized heap already has LO_SPACE
allocated(the allocation goes beyond the 1st page of
CODE_SPACE and hence LO_SPACE is allocated).
I've updated the testcase to check if the delta
of the LO_SPACE is zero.
R=mlippautz@chromium.org, ulan@chromium.org, vogelheim@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2394893002
Cr-Commit-Position: refs/heads/master@{#40014}
Allow fround to take values without dots for globals (the spec allows this
subtly).
Drop over-restrictive assert preventing floating point globals from working.
BUG=v8:4203
R=jpp@chromium.org,aseemgarg@chromium.org
Review-Url: https://codereview.chromium.org/2397823003
Cr-Commit-Position: refs/heads/master@{#40013}
Reason for revert:
Speculative revert due to very strange-looking win/dbg failures
which reference SignedDivisionByConstant:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/12736
Original issue's description:
> Reland "Turn libbase into a component"
>
> Original issue's description:
> > Turn libbase into a component
> >
> > This is a precondition for turning libplatform into a component
> >
> > BUG=v8:5412
> > R=jgruber@chromium.org,machenbach@chromium.org
> > CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_
> dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
> >
> > Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104
> > Cr-Commit-Position: refs/heads/master@{#39950}
>
> BUG=v8:5412
> TBR=jgruber@chromium.org,machenbach@chromium.org
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe;master.tryserver.chromium.mac:mac_chromium_compile_dbg_ng
>
> Committed: https://crrev.com/17cb51254cafa932025e9980b60f89f756d411cb
> Cr-Commit-Position: refs/heads/master@{#39969}
TBR=jgruber@chromium.org,machenbach@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5412
Review-Url: https://codereview.chromium.org/2396933002
Cr-Commit-Position: refs/heads/master@{#40009}
Reason for revert:
Broke the tree again, for no obvious reason :/
Original issue's description:
> [interpreter] Add string type feedback to add
>
> Adds string type feedback to Ignition's AddWithFeedback code stub, for now only
> adding a special case for when both lhs and rhs are strings. This improves
> octane's splay by >100%.
>
> BUG=v8:5400
>
> Committed: https://crrev.com/fb4ae2239d37adaf0321165034050316914de708
> Committed: https://crrev.com/bf1a94f1b269914856a8c8763fd282367f066c67
> Cr-Original-Commit-Position: refs/heads/master@{#39987}
> Cr-Commit-Position: refs/heads/master@{#39996}
TBR=rmcilroy@chromium.org,mythria@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5400
Review-Url: https://codereview.chromium.org/2393193002
Cr-Commit-Position: refs/heads/master@{#40000}
Adds string type feedback to Ignition's AddWithFeedback code stub, for now only
adding a special case for when both lhs and rhs are strings. This improves
octane's splay by >100%.
BUG=v8:5400
Committed: https://crrev.com/fb4ae2239d37adaf0321165034050316914de708
Review-Url: https://codereview.chromium.org/2392533002
Cr-Original-Commit-Position: refs/heads/master@{#39987}
Cr-Commit-Position: refs/heads/master@{#39996}
This makes sure we run the module tests against all variants using
Ignition as the first compilation tier. It will henceforth extend the
test coverage to the BytecodeGraphBuilder as well.
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2397733002
Cr-Commit-Position: refs/heads/master@{#39992}
Reason for revert:
Fails unittests on win32 debug:
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds/5026
Original issue's description:
> [interpreter] Add string type feedback to add
>
> Adds string type feedback to Ignition's AddWithFeedback code stub, for now only
> adding a special case for when both lhs and rhs are strings. This improves
> octane's splay by >100%.
>
> BUG=v8:5400
>
> Committed: https://crrev.com/fb4ae2239d37adaf0321165034050316914de708
> Cr-Commit-Position: refs/heads/master@{#39987}
TBR=rmcilroy@chromium.org,mythria@chromium.org,leszeks@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5400
Review-Url: https://codereview.chromium.org/2395743004
Cr-Commit-Position: refs/heads/master@{#39991}
Adds string type feedback to Ignition's AddWithFeedback code stub, for now only
adding a special case for when both lhs and rhs are strings. This improves
octane's splay by >100%.
BUG=v8:5400
Review-Url: https://codereview.chromium.org/2392533002
Cr-Commit-Position: refs/heads/master@{#39987}
Reason for revert:
Tanks the world.
Original issue's description:
> [turbofan] Osr value typing + dynamic type checks on entry.
>
> This introduces a new OsrGuard node that is inserted during graph building
> to guard the inferred type of the OSR value.
>
> The type of the OSR value is inferred by running the typer before OSR
> deconstruction, and then taking the type from the phi that takes the
> OSR value. After the deconstruction, we throw the types away.
>
> At the moment we only support the SignedSmall OSR type and we always
> pick the tagged representation. Later, we might want to support more
> types (such as Number) and pick better representations (int32/float64).
>
> This CL also removes the OSR deconstruction tests because they build
> unrealistic graph (no effect chain, no loop termination). I considered
> adding the effect chains to the tests, but this would make the tests
> even more brittle.
>
> Committed: https://crrev.com/1f5dc90a900d222da44bee3eff171a2ba1e3c076
> Cr-Commit-Position: refs/heads/master@{#39971}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2395783002
Cr-Commit-Position: refs/heads/master@{#39985}
The implementation of MemorySize with RelocatableInt32Constants is
problematic if MemorySize is placed close to a GrowMemory instruction in
the code. The use of a runtime function guarantees that the order in
which MemorySize and GrowMemory is executed is correct.
R=titzer@chromium.org
BUG=chromium:651961
TEST=mjsunit/regress/wasm/regression-651961
Committed: https://crrev.com/2c12a9a42d454a36fcd2931fa458d72832eeb689
Review-Url: https://codereview.chromium.org/2386183004
Cr-Original-Commit-Position: refs/heads/master@{#39972}
Cr-Commit-Position: refs/heads/master@{#39980}
If possible, take the constant map from the (known) native context for
JSCreateIterResultObject, so that subsequent map checks can be
eliminated in case of iterator inlining.
R=jarin@chromium.org
BUG=v8:3822
Review-Url: https://codereview.chromium.org/2394783002
Cr-Commit-Position: refs/heads/master@{#39974}
Reason for revert:
Patch problem
Original issue's description:
> [wasm] Call a runtime function for a MemorySize instruction.
>
> The implementation of MemorySize with RelocatableInt32Constants is
> problematic if MemorySize is placed close to a GrowMemory instruction in
> the code. The use of a runtime function guarantees that the order in
> which MemorySize and GrowMemory is executed is correct.
>
> R=titzer@chromium.org
> BUG=chromium:651961
> TEST=mjsunit/regress/wasm/regression-651961
>
> Committed: https://crrev.com/2c12a9a42d454a36fcd2931fa458d72832eeb689
> Cr-Commit-Position: refs/heads/master@{#39972}
TBR=titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:651961
Review-Url: https://codereview.chromium.org/2391223002
Cr-Commit-Position: refs/heads/master@{#39973}
The implementation of MemorySize with RelocatableInt32Constants is
problematic if MemorySize is placed close to a GrowMemory instruction in
the code. The use of a runtime function guarantees that the order in
which MemorySize and GrowMemory is executed is correct.
R=titzer@chromium.org
BUG=chromium:651961
TEST=mjsunit/regress/wasm/regression-651961
Review-Url: https://codereview.chromium.org/2386183004
Cr-Commit-Position: refs/heads/master@{#39972}
This introduces a new OsrGuard node that is inserted during graph building
to guard the inferred type of the OSR value.
The type of the OSR value is inferred by running the typer before OSR
deconstruction, and then taking the type from the phi that takes the
OSR value. After the deconstruction, we throw the types away.
At the moment we only support the SignedSmall OSR type and we always
pick the tagged representation. Later, we might want to support more
types (such as Number) and pick better representations (int32/float64).
This CL also removes the OSR deconstruction tests because they build
unrealistic graph (no effect chain, no loop termination). I considered
adding the effect chains to the tests, but this would make the tests
even more brittle.
Review-Url: https://codereview.chromium.org/2384113002
Cr-Commit-Position: refs/heads/master@{#39971}
Original issue's description:
> Turn libbase into a component
>
> This is a precondition for turning libplatform into a component
>
> BUG=v8:5412
> R=jgruber@chromium.org,machenbach@chromium.org
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_
dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
>
> Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104
> Cr-Commit-Position: refs/heads/master@{#39950}
BUG=v8:5412
TBR=jgruber@chromium.org,machenbach@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe;master.tryserver.chromium.mac:mac_chromium_compile_dbg_ng
Review-Url: https://codereview.chromium.org/2395553002
Cr-Commit-Position: refs/heads/master@{#39969}
This fixes a gc stress bug. We cannot rely on an ordering of
clearing of the weak cells, so we explicitly reset the weak
link to the owning instance, when finalizing a compiled
module. In turn, this serves as a reliable signal when GCs
happen while instantiating, allowing us to correctly link the
new instance.
BUG=chromium:652425
Review-Url: https://codereview.chromium.org/2393443003
Cr-Commit-Position: refs/heads/master@{#39964}
Previously, b6e9f625c1 fixed self-assignment
in parameters to throw. But it failed to deal with the case of
destructuring with defaults. This patch extends that previous approach
to always treat the end of a parameter as its initializer position,
whether it has an initializer or not.
This is the minimal change to make it easy to merge; a follow-up
will rename the field of Parameter from "initializer_end_position"
to "end_position".
BUG=v8:5454
Review-Url: https://codereview.chromium.org/2390943002
Cr-Commit-Position: refs/heads/master@{#39962}
Reason for revert:
Main suspect for roll block:
https://codereview.chromium.org/2387403002/
Original issue's description:
> Turn libbase into a component
>
> This is a precondition for turning libplatform into a component
>
> BUG=v8:5412
> R=jgruber@chromium.org,machenbach@chromium.org
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
>
> Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104
> Cr-Commit-Position: refs/heads/master@{#39950}
TBR=jgruber@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5412
Review-Url: https://codereview.chromium.org/2393603002
Cr-Commit-Position: refs/heads/master@{#39960}
The correctness fuzzer executes the input array in two different
execution engines and compares the results. If the results don't match,
the correctness fuzzer crashes.
Since the crash signature is always the same if the results don't match,
cluster fuzz would group all inputs which lead to non-matching results.
To avoid the grouping a base64 hash has to be appended to the crash
signature. This CL changes the text which is appended to the crash
signature to a base64 hash.
Note that I do not create a base64 hash directly because the base64
class is not available in V8. Instead I create a string which looks
like a base64 hash.
R=mmoroz@chromium.org, aarya@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2390233002
Cr-Commit-Position: refs/heads/master@{#39953}
This is a precondition for turning libplatform into a component
BUG=v8:5412
R=jgruber@chromium.org,machenbach@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
Review-Url: https://codereview.chromium.org/2381273002
Cr-Commit-Position: refs/heads/master@{#39950}
In some (rare) cases, the context depth passed to a dynamic variable lookup can
be zero. In these cases, the fast path for the lookup (i.e. load from context or
global) can always be taken, as there is no need to search the current context.
However, with no slow path checks, the bytecode graph builder had a null
environment for the slow path, causing segfaults when this graph was built.
This patch adds a null check for the slow path environment, and skips building
the slow path if the environment is null.
BUG=chromium:652186
Review-Url: https://codereview.chromium.org/2385123002
Cr-Commit-Position: refs/heads/master@{#39949}
If an inner function only declares a variable but doesn't use it, Parser
and PreParser produced different unresolved variables, and that confused
the pessimistic context allocation.
BUG=chromium:650969
Review-Url: https://codereview.chromium.org/2388183003
Cr-Commit-Position: refs/heads/master@{#39947}
- Changes tests to canonicalize FP slot/register moves, to simplify
testing any implementations that may fragment FP register moves.
- Adds code to generate correct ParallelMoves (e.g. no slot sources
of different reps overlapping.)
- Refactors test functions, so we can add manually generated tests
to current fuzzed tests.
- Adds SIMD operands, since these can be tested here now.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2365983002
Cr-Commit-Position: refs/heads/master@{#39943}
Added a test that Runtime.getProperties doesn't truncate Set and Map properties in [[Entries]] in internalProperties.
BUG=chromium:650729
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2376863002
Cr-Commit-Position: refs/heads/master@{#39940}
Currently the parameter is first parsed as a reference, and then translated into a parameter. The reference stays around though, and gets resolved to the parameter. That automatically creates a use. Now that I drop all unresolved references when we abort preparsing, that also drops the unresolved reference.
Instead, mark the variable as used when its marked as forced context allocation. That's what happens in almost all other cases.
This raises the question: does it really make sense to parse parameters this ways? It seems pretty generic, but neither fast nor memory-efficient ... Did I misunderstand something?
Just land if you think the CL looks good as is.
BUG=chromium:651613
Review-Url: https://codereview.chromium.org/2386623002
Cr-Commit-Position: refs/heads/master@{#39935}
Fixes the case when the 'imm' is in range [8000,ffff], as the specification
says the 'imm' is sign-extended before the comparsion, so the effective range
is [max_unsigned-7fff,max_unsigned].
TEST=mjsunit/generated-transition-stub@3b8ad45e
BUG=
Review-Url: https://codereview.chromium.org/2386673002
Cr-Commit-Position: refs/heads/master@{#39922}
matching function, creates a hashmap the specialises the case of keys
that simply check pointer equality.
I measure an average ~1% improvement on Octane code-load.
Review-Url: https://codereview.chromium.org/2369963002
Cr-Commit-Position: refs/heads/master@{#39920}
This is essentially CL/2275293002, with the difference that the effect
dependencies are now updated correctly.
BUG=
Review-Url: https://codereview.chromium.org/2378773013
Cr-Commit-Position: refs/heads/master@{#39919}
There are only a few occasions where we allocate a register in an outer
expression allocation scope, which makes the costly free-list approach
of the BytecodeRegisterAllocator unecessary. This CL replaces all
occurrences with moves to the accumulator and stores to a register
allocated in the correct scope. By doing this, we can simplify the
BytecodeRegisterAllocator to be a simple bump-pointer allocator
with registers released in the same order as allocated.
The following changes are also made:
- Make BytecodeRegisterOptimizer able to use registers which have been
unallocated, but not yet reused
- Remove RegisterExpressionResultScope and rename
AccumulatorExpressionResultScope to ValueExpressionResultScope
- Introduce RegisterList to represent consecutive register
allocations, and use this for operands to call bytecodes.
By avoiding the free-list handling, this gives another couple of
percent on CodeLoad.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2369873002
Cr-Commit-Position: refs/heads/master@{#39905}
Before evaluating a module, all variables declared at the top-level
in _any_ of the modules in the dependency graph must be initialized.
This is observable because a module A can access a variable imported
from module B (e.g. a function) at a point when module B's body hasn't
been evaluated yet.
We achieve this by implementing modules internally as generators with
two states (not initialized, initialized).
R=adamk@chromium.org
BUG=v8:1569
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_win_dbg
Committed: https://crrev.com/f4dfb6fbe1cdd9a0f287a1a9c496e1f69f6f5d20
Committed: https://crrev.com/8c52a411583e870bd5ed100864caa58f491c5d88
Review-Url: https://codereview.chromium.org/2375793002
Cr-Original-Original-Commit-Position: refs/heads/master@{#39871}
Cr-Original-Commit-Position: refs/heads/master@{#39892}
Cr-Commit-Position: refs/heads/master@{#39900}
Reason for revert:
Speculative revert for christmas tree
Original issue's description:
> Reland: [modules] Properly initialize declared variables.
>
> Before evaluating a module, all variables declared at the top-level
> in _any_ of the modules in the dependency graph must be initialized.
> This is observable because a module A can access a variable imported
> from module B (e.g. a function) at a point when module B's body hasn't
> been evaluated yet.
>
> We achieve this by implementing modules internally as generators with
> two states (not initialized, initialized).
>
> R=adamk@chromium.org
> BUG=v8:1569
> CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_win_dbg
>
> Committed: https://crrev.com/f4dfb6fbe1cdd9a0f287a1a9c496e1f69f6f5d20
> Committed: https://crrev.com/8c52a411583e870bd5ed100864caa58f491c5d88
> Cr-Original-Commit-Position: refs/heads/master@{#39871}
> Cr-Commit-Position: refs/heads/master@{#39892}
TBR=adamk@chromium.org,mstarzinger@chromium.org,machenbach@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2387593002
Cr-Commit-Position: refs/heads/master@{#39896}
- added inspector test suite definition in testcfg.py
- added JS infrastructure for tests in protocol-test.js
BUG=chromium:635948
R=dgozman@chromium.org,alph@chromium.org
Review-Url: https://codereview.chromium.org/2370743003
Cr-Commit-Position: refs/heads/master@{#39895}
Before evaluating a module, all variables declared at the top-level
in _any_ of the modules in the dependency graph must be initialized.
This is observable because a module A can access a variable imported
from module B (e.g. a function) at a point when module B's body hasn't
been evaluated yet.
We achieve this by implementing modules internally as generators with
two states (not initialized, initialized).
R=adamk@chromium.org
BUG=v8:1569
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_win_dbg
Committed: https://crrev.com/f4dfb6fbe1cdd9a0f287a1a9c496e1f69f6f5d20
Review-Url: https://codereview.chromium.org/2375793002
Cr-Original-Commit-Position: refs/heads/master@{#39871}
Cr-Commit-Position: refs/heads/master@{#39892}
- added test runner, that takes file names and V8 flags as arguments and run scripts from passed files with passed flags in frontend context
BUG=chromium:635948
R=dgozman@chromium.org,alph@chromium.org
Review-Url: https://codereview.chromium.org/2372793002
Cr-Commit-Position: refs/heads/master@{#39891}
- added the channel implementation,
- added inspector implementation,
- added v8::Extension for communication between backend and frontend.
BUG=chromium:635948
R=dgozman@chromium.org,alph@chromium.org
Review-Url: https://codereview.chromium.org/2368393003
Cr-Commit-Position: refs/heads/master@{#39888}
Note that the offset can still be out of bounds, even after grow memory. The calculation of the remaining size can overflow.
R=gdeepti@chromium.org
BUG=chromium:644670
Review-Url: https://codereview.chromium.org/2376153003
Cr-Commit-Position: refs/heads/master@{#39886}
Making new nodes inside of exception-handled blocks fiddles around with the
current environment to merge the exception paths. In particular, the current
environment pointer is mutated. This patch ensures that when we merge the fast
and slow paths of the LdaContextLookup, we actually merge the correct
environment and do not accidentally merge the exceptional environment.
BUG=chromium:651394
Review-Url: https://codereview.chromium.org/2379043002
Cr-Commit-Position: refs/heads/master@{#39878}
The test now checks the case when an observer is added after tracing is started.
BUG=chromium:406277
Review-Url: https://codereview.chromium.org/2376953002
Cr-Commit-Position: refs/heads/master@{#39874}
Reason for revert:
Suspect for causing win64 debug problems:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/12646
Original issue's description:
> [modules] Properly initialize declared variables.
>
> Before evaluating a module, all variables declared at the top-level
> in _any_ of the modules in the dependency graph must be initialized.
> This is observable because a module A can access a variable imported
> from module B (e.g. a function) at a point when module B's body hasn't
> been evaluated yet.
>
> We achieve this by implementing modules internally as generators with
> two states (not initialized, initialized).
>
> R=adamk@chromium.org
> BUG=v8:1569
>
> Committed: https://crrev.com/f4dfb6fbe1cdd9a0f287a1a9c496e1f69f6f5d20
> Cr-Commit-Position: refs/heads/master@{#39871}
TBR=adamk@chromium.org,mstarzinger@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2379063002
Cr-Commit-Position: refs/heads/master@{#39873}
Before evaluating a module, all variables declared at the top-level
in _any_ of the modules in the dependency graph must be initialized.
This is observable because a module A can access a variable imported
from module B (e.g. a function) at a point when module B's body hasn't
been evaluated yet.
We achieve this by implementing modules internally as generators with
two states (not initialized, initialized).
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2375793002
Cr-Commit-Position: refs/heads/master@{#39871}
- added a inspector folder,
- added related GN and gyp files,
- added task handling infrastructure for test runner.
BUG=chromium:635948
R=dgozman@chromium.org,alph@chromium.org
Review-Url: https://codereview.chromium.org/2361623006
Cr-Commit-Position: refs/heads/master@{#39866}
Strings takes a considerate amount of time and times out on
many platforms. Generally the iterations need to be reduced
to free resources.
NOTRY=true
TBR=hablich@chromium.org
Review-Url: https://codereview.chromium.org/2374393002
Cr-Commit-Position: refs/heads/master@{#39856}
Reason for revert:
No real improvement as we still lack the ability to promote from
scavenges/young gen GCs.
Let's keep this in mind for later.
Original issue's description:
> [heap] Remove border page
>
> A page now belongs either the nursery *or* the intermediate gen. The page that
> contained objects of both spaces is removed in this change.
>
> BUG=chromium:636331
>
> Committed: https://crrev.com/42ece47446f0dbd3779d6e0e00dce97a1931a9f9
> Cr-Commit-Position: refs/heads/master@{#39778}
TBR=ulan@chromium.org,hpayer@chromium.org
BUG=chromium:636331
Review-Url: https://codereview.chromium.org/2383443002
Cr-Commit-Position: refs/heads/master@{#39854}
The module size is encoded as a HeapNumber, and needs to be
explicitly cloned.
BUG=chromium:647649
Review-Url: https://codereview.chromium.org/2347333002
Cr-Commit-Position: refs/heads/master@{#39845}
- Store instruction with an offset bigger than GrowMemory offset should handle out of bounds correctly
- Refactor to separate runnning from compile so arguments can be passed in to module builder tests.
BUG=chromium:644670
R=ahaas@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2373613004
Cr-Commit-Position: refs/heads/master@{#39840}
