Ensure that effect outputs from nodes are used if they have
an effect output. This helps us avoid an easy-to-make error
where we fail to update the effect chain with the result of
effectful operations.
Bug: v8:6929
Change-Id: I585dc627b3c330006ec04717ff9b2f5060dbad6a
Reviewed-on: https://chromium-review.googlesource.com/718107
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48861}
The (KEYED_)LOAD/STORE_ICs didn't properly leave the UNINITIALIZED as
long as the receiver was always null/undefined. This leads to
deoptimization loops in TurboFan, because the compiler always put in a
SOFT deoptimization at this point.
Bug: v8:6989
Change-Id: I1a32bfb722f121f8b593e8972e657290d7b0531d
Reviewed-on: https://chromium-review.googlesource.com/735319
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48854}
Previously, V8's slice was implemented in a combination of C++ and a
Javascript fallback. The disadvantage of this approach was that the
fast-path required a call through the CEntryStub, which introduced
considerable overhead for small arrays with fast elements kinds.
Now the implementation primarily uses the CSA to generate both the
full spec-complaint implementation as well as fast paths for argument
objects and arrays with fast elements kinds. The CSA implementation
uses a C++ implementation fallback in select situations where the the
complexity of a CSA implementation would be too great and the
CEntryStub overhead is not decisive (e.g. slices of dictionary
elements arrays).
Performance results on semi-random arrays with small number of
elements (old vs. new):
smi copy: 48.7 ms vs. 12 ms
smi slice: 43.5 ms 14.8 ms
object copy: 35.5 ms 7.7 ms
object slice: 38.7 ms 8.8 ms
dictionary slice: 2398.3 ms vs. 5.4 ms
fast sloppy arguments slice: 9.6 ms vs. 7.2 ms
slow sloppy arguments slice: 28.9 ms vs. 8.5 ms
As a bonus, the new implementation is fully spec-compliant and fixes
at least one existing bug.
The design document for Array.prototype builtin rework can be found
at https://goo.gl/wFHe2n
Bug: v8:1956,v8:6601,v8:6710,v8:6978
Change-Id: Ia0155bedcf39b4577605ff754f416c2af938efb7
Reviewed-on: https://chromium-review.googlesource.com/574710
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48853}
Support inlining of Array.prototype.filter in TurboFan.
Bug: v8:1956
Change-Id: If50e230d14461063d378c0591dc27dea43371afa
Reviewed-on: https://chromium-review.googlesource.com/733089
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48846}
The tests are generated randomly, using Python's arbitrary-precision
integers as the source of truth.
The generator script is landed as part of this CL. It also supports
a "stress test" mode for on-demand intensive test coverage.
Bug: v8:6791
Change-Id: Idc7a2e90fd8a0a8176283614b33ecd4c3597b1d1
Reviewed-on: https://chromium-review.googlesource.com/731464
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48844}
When TurboFan sees a call to Reflect.get with exactly two parameters,
we can lower that to a direct call to the GetPropertyStub, which is
certainly faster than the general C++ builtin. This gives a nice
7-8% improvement on the chai test in the web-tooling-benchmark.
The micro-benchmark on the issue goes from
reflectGetPresent: 461 ms.
reflectGetAbsent: 470 ms.
to
reflectGetPresent: 141 ms.
reflectGetAbsent: 245 ms.
which is an up to 3.2x improvement.
Bug: v8:5996, v8:6936, v8:6937
Change-Id: Ic439fccb13f1a2f84386bf9fc31b4283d101afc4
Reviewed-on: https://chromium-review.googlesource.com/732988
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48841}
Currently we incorrectly show global object as arrow function receiver.
With this CL:
- if this is used inside of function we show correct this value,
- if this is unused and V8 optimizes it out - we show undefined.
Second is known issue which we should address separately.
R=dgozman@chromium.org,yangguo@chromium.org
Bug: chromium:552753
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iac88a07fe622eb9b2f8af7ecbc4a32a56c8cdfaa
Reviewed-on: https://chromium-review.googlesource.com/723840
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48839}
If the buffer associated with WebAssembly.Memory is used as memory
for asm.js modules, throw a range error on Memory.Grow.
Bug: chromium:776677
Change-Id: Iebcd7797fa7724002dd8073d1dbaeb98f080d316
Reviewed-on: https://chromium-review.googlesource.com/731844
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48837}
This patch implements the runtime semantics of static public
class fields.
Adds a new InitializeClassFieldsStatement AST node that contains
all the static class fields and their initializers.
ClassLiteral is now desugared to be included in a do-exp that calls
an initializer function which contains this new AST node.
Bug: v8:5367
Change-Id: I3574e4c685f1c039de42521c122e24f8d28e5d6c
Reviewed-on: https://chromium-review.googlesource.com/714817
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48835}
This reverts commit 97ead4338e.
Reason for revert: makes the PreParserScopeAnalysis test much slower.
Original change's description:
> [parser] Skipping inner funcs: Use less memory for variables.
>
> - Make it possible to store quarter-bytes instead of full bytes.
>
> - Don't store is_used; it can be recovered correctly based on the actual full
> parse (when a lazy function is eventually called) and
> has_forced_scope_allocation.
>
> - With the is_used change, the old testing approach (which compared a scope for
> which we didn't do scope allocation to the baseline) no longer made
> sense. Replaced it with a new testing approach, which is also closer to the
> actual usage.
>
> BUG=v8:5516
>
> Change-Id: I02bac24e482126689dcdbabe8b3a04977be29b0c
> Reviewed-on: https://chromium-review.googlesource.com/725422
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48828}
TBR=marja@chromium.org,verwaest@chromium.org
Change-Id: I8cb87bcd55462b1cef4444dabb5cbfa2ecb24c7c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5516
Reviewed-on: https://chromium-review.googlesource.com/732878
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48829}
- Make it possible to store quarter-bytes instead of full bytes.
- Don't store is_used; it can be recovered correctly based on the actual full
parse (when a lazy function is eventually called) and
has_forced_scope_allocation.
- With the is_used change, the old testing approach (which compared a scope for
which we didn't do scope allocation to the baseline) no longer made
sense. Replaced it with a new testing approach, which is also closer to the
actual usage.
BUG=v8:5516
Change-Id: I02bac24e482126689dcdbabe8b3a04977be29b0c
Reviewed-on: https://chromium-review.googlesource.com/725422
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48828}
Also removes can_execute_on_background_thread() since all compilation jobs can now do that.
Part of the work towards enabling off-thread bytecode compilation.
BUG=v8:5203
Change-Id: I6a52c26d599ce74482b5fb49926603cb326f1e31
Reviewed-on: https://chromium-review.googlesource.com/731285
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48826}
Fixes the implementation of step 9 in the Proxy's internal [[Get]]
method:
Let targetDesc be ? target.[[GetOwnProperty]](P)
If P is an accessor, this should not result in a call to the getter.
Likewise in [[Set]] and [[Has]].
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-get-p-receiver
Bug: chromium:776338
Change-Id: I2652ffab2b3e4c38de00a82b8419192fdc768951
Reviewed-on: https://chromium-review.googlesource.com/732897
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48825}
- Fix a wrong type casting triggered when a given array's length is zero
- Add a regression test case
Bug: chromium:777182, chromium:768775
Change-Id: I615b73e9d7bad657c872c96c7a204efe355d8289
Reviewed-on: https://chromium-review.googlesource.com/732865
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48821}
This adds a new InstanceOfIC where the TestInstanceOf bytecode collects
constant feedback about the right-hand side of instanceof operators,
including both JSFunction and JSBoundFunction instances. TurboFan then
uses the feedback to optimize instanceof in places where the right-hand
side is not a known constant (known to TurboFan).
This addresses the odd performance cliff that we see with instanceof in
functions with multiple closures. It was discovered as one of the main
bottlenecks on the uglify-es test in the web-tooling-benchmark. The
uglify-es test (run in separation) is ~18% faster with this change.
On the micro-benchmark in the tracking bug we go from
instanceofSingleClosure_Const: 69 ms.
instanceofSingleClosure_Class: 246 ms.
instanceofMultiClosure: 246 ms.
instanceofParameter: 246 ms.
to
instanceofSingleClosure_Const: 70 ms.
instanceofSingleClosure_Class: 75 ms.
instanceofMultiClosure: 76 ms.
instanceofParameter: 73 ms.
boosting performance by roughly 3.6x and thus effectively removing the
performance cliff around instanceof.
Bug: v8:6936, v8:6971
Change-Id: Ib88dbb9eaef9cafa4a0e260fbbde73427a54046e
Reviewed-on: https://chromium-review.googlesource.com/730686
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48820}
There are wasm operations which operate on floats or double, but they
need to preserve the exact bit pattern. Thus they cannot be stored and
passed as float or double, since that might flip the signaling NaN bit.
This CL extends WasmValue to store floats and doubles as bit pattern,
and adds accessors to extract them as Float32 or Float64.
The interpreter is changed to execute certain operations (i32.abs,
i32.neg, i64.abs, i64.neg, f32.reinterpret/i32, f64.reinterpret/i64) on
boxed floats.
R=titzer@chromium.org
Bug: v8:6954
Change-Id: I0251d1a67b6caf593194d4eb292a325cdd3f20cf
Reviewed-on: https://chromium-review.googlesource.com/730716
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48819}
Even static constant fields need to have definitions outside of the
class scope if a reference to them is passed.
This CL fixes link errors which occured on an independent CL
(https://crrev.com/c/730716).
Drive-by: Make the fields constexpr.
R=mstarzinger@chromium.org
Change-Id: Iff5dd1f3d41ddfba0c20531dbecd63c1d4c670e8
Reviewed-on: https://chromium-review.googlesource.com/732114
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48816}
This reverts commit 14165a47d4.
Reason for revert: Fix is incomplete, will reland soon.
Original change's description:
> [proxy] Fix invalid call to getter in [[Get/Set]]
>
> Fixes the implementation of step 9 in the Proxy's internal [[Get]]
> method:
>
> Let targetDesc be ? target.[[GetOwnProperty]](P)
>
> If P is an accessor, this should not result in a call to the getter.
> Likewise in [[Set]].
>
> https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-get-p-receiver
>
> Bug: chromium:776338
> Change-Id: Ic06b7eeac6a1ef9606ddda6fa9d6d58b709702fb
> Reviewed-on: https://chromium-review.googlesource.com/731123
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48813}
TBR=neis@chromium.org,jgruber@chromium.org
Change-Id: I92a11791b3c6a73ada1f72fe4193c25e7a054746
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:776338
Reviewed-on: https://chromium-review.googlesource.com/732877
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48815}
Fixes the implementation of step 9 in the Proxy's internal [[Get]]
method:
Let targetDesc be ? target.[[GetOwnProperty]](P)
If P is an accessor, this should not result in a call to the getter.
Likewise in [[Set]].
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-get-p-receiver
Bug: chromium:776338
Change-Id: Ic06b7eeac6a1ef9606ddda6fa9d6d58b709702fb
Reviewed-on: https://chromium-review.googlesource.com/731123
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48813}
The information that such functions must be parsed in module mode
didn't get properly propagated.
Also refactor some related code to make it more robust. In particular,
set parsing_module_ at parser construction time only.
Bug: v8:1569, v8:6919
Change-Id: Id136fb15c240373cad07c82025b778d0c0c43148
Reviewed-on: https://chromium-review.googlesource.com/716478
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48811}
Implicitly escape all output that is passed to Log::MessageBuilder.
We escape non-printable characters and the log field separator ','
using the \x00 and \u0000 escape sequences.
Example:
Before: event-foo,"space: ","comma: ,","double quotes: """
After: event-foo,space: ,comma: \x2C,double quotes: "
This might slightly impact human readability of the log files in
extreme cases. However, most strings do not contain any escaped
characters.
Bug:
Change-Id: Ic78f6d9932367d02f9f3c3f70b41b5c283bdf880
Reviewed-on: https://chromium-review.googlesource.com/728332
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48805}
This is a reland of 06ff9e974a
Original change's description:
> [logging] Use OFStream for log events
>
> This simplifies a few operations and removes the size limitations
> implied by the message buffer used.
>
> Change-Id: I8b873a0ffa399a037ff5c2501ba4b68158810968
> Reviewed-on: https://chromium-review.googlesource.com/724285
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48766}
Change-Id: Iafda1c88d9180d188d6b8bd7d03d6d27100538d8
Reviewed-on: https://chromium-review.googlesource.com/731107
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48804}
Use an intrinsic for GetImportMetaObject and generate bytecode for the
case where import.meta has been initialized already. This way the
runtime method will only be called once per module.
Bug: v8:6693
Change-Id: If661e88e6accfb1c5795e37a80582d04f6dd87dd
Reviewed-on: https://chromium-review.googlesource.com/716536
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48801}
The spec got rid of `CheckObjectCoercible` a while back, and so should
we. This change is not observable in most of the affected cases since
`ToObject` is up near the top of most Array method algorithms. An
example of an observable effect of this change occurs for the following
input:
Array.prototype.sort.call(null, 1);
Behavior before applying the patch (incorrect message):
TypeError: Array.prototype.sort called on null or undefined
Expected behavior:
TypeError: The comparison function must be either a function or
undefined
This patch removes `CheckObjectCoercible` and adds tests to ensure the
few observable cases are addressed correctly.
The patch also adds a missing `ToObject(this)` to
`Array.prototype.lastIndexOf` which would otherwise become observable
as a result of `CheckObjectCoercible` being removed.
BUG=v8:3577,v8:6921
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ia086095076c4bf4d8d58dab26bc28df02994ed01
Reviewed-on: https://chromium-review.googlesource.com/718577
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48800}
Whitespace-only strings count as empty too.
This behavior is different from BigInt.parseInt(""),
which throws a SyntaxError.
Bug: v8:6791, v8:6957
Change-Id: I6671c803f3ba83e23c3e0cad81d3af29dba61c9f
Reviewed-on: https://chromium-review.googlesource.com/727301
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48797}
- Introduce the new union type UnionType<T1,T2>, used for Number and
Numeric. Similarly, PairType<T1,T2> is used for a Turbofan operation
with two results. Further details in the design doc:
https://docs.google.com/document/d/10foP3m7SDWyFfbda96iEJ_XYOLQdd32AeoP8SD1cTcs/edit#heading=h.bghdno28mr7u
- Allow to derive the MachineType from a static type.
This allows to select the right MachineType when performing a
load/store.
- Disallow casts (UncheckedCast() or CAST()) when the target and
origin type have no overlap.
New cast ReinterpretCast() is an UncheckedCast without this check.
- Caveat of this CL: Checked casts (CAST()) are not possible for
UnionType<T1,T2> with the exception of Number (due to the existence
of Number in OBJECT_TYPE_LIST and the existence of an IsNumber()
function in the runtime).
Bug: v8:6949
Change-Id: I21a683d1341f69cebd8a347f545b454b463c52ad
Reviewed-on: https://chromium-review.googlesource.com/723320
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48796}
[wasm] Fix signature canonicalization for error case.
The decoder should not attempt to insert null signatures into the SignatureMap.
R=ahaas@chromium.org
Bug: chromium:775366
Change-Id: I0fbc0547dbf00fd25d37271a03b6756481a4c6a1
Reviewed-on: https://chromium-review.googlesource.com/730752
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48793}
If the input array is a JSArray with fast elements, it makes sense
to create an output array of the same ElementsKind when possible.
Bug: v8:1956
Change-Id: Ie9c937cf1751ccbbbe7cc76f40e1e1a0328ed37c
Reviewed-on: https://chromium-review.googlesource.com/730748
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48789}
JSClassOf may lower to a call to a builtin, and needs to be
modeled in a way that the effect chain can be maintained.
Bug: v8:6929
Change-Id: Ida332e6d85e2eb8b33fcad810d195ef3e897ccb0
Reviewed-on: https://chromium-review.googlesource.com/727204
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48786}
In the special case of KeyedLoadIC, where the key that is passed in is a
Name that is always the same we only checked for identity in both the
stub and the TurboFan case, which works fine for symbols and internalized
strings, but doesn't really work with non-internalized strings, where
the identity check will fail, the runtime will internalize the string,
and the IC will then see the original internalized string again and not
progress in the feedback lattice. This leads to tricky deoptimization
loops in TurboFan and constantly missing ICs.
This adds fixes the stub to always try to internalize strings first
when the identity check fails and then doing the check again. If the
name is not found in the string table we miss, since in that case the
string cannot match the previously recorded feedback name (which is
always a unique name).
In TurboFan we represent this checks with new CheckEqualsSymbol and
CheckEqualsInternalizedString operators, which validate the previously
recorded feedback, and the CheckEqualsInternalizedString operator does
the attempt to internalize the input.
Bug: v8:6936, v8:6948, v8:6969
Change-Id: I3f3b4a587c67f00f7c4b60d239eb98a9626fe04a
Reviewed-on: https://chromium-review.googlesource.com/730224
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48784}
The issue in the arm simulator is fixed, reenable the tests.
R=ahaas@chromium.org
Bug: v8:6947
Change-Id: Ie57dbc01e02dbda3a978306b61ffff92c78d2f97
Reviewed-on: https://chromium-review.googlesource.com/725291
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48782}
This allocates and populates potential source position table before the
underlying {Code} objects is allocated. It essentially makes the field
holding said table immutable after allocation.
R=verwaest@chromium.org
BUG=v8:6792
Change-Id: If35462688a1b502f28ae84f73b82b5df5005735f
Reviewed-on: https://chromium-review.googlesource.com/727895
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48781}
This is a reland of 6f93d59d92.
One more test had to be disabled (tracked by bug 6954), and
two machops tests needed to be changed to use boxed floats
and doubles.
Original change's description:
> [test] Add nan bit patterns to uint{32,64}_vector
>
> If you just cast those patterns to float or double and pass them
> around, the quiet/signaling NaN bit might change. We had several bugs
> around this, so add these patterns to the general input vectors.
>
> This uncovers a bug in the wasm interpreter, which will be fixed in a
> separate CL.
>
> R=ahaas@chromium.org
>
> Bug: v8:6947, v8:6954
> Change-Id: I205b8ab784b087b1e4988190fa725df0b90e7ee0
> Reviewed-on: https://chromium-review.googlesource.com/725345
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48731}
Bug: v8:6947, v8:6954
Change-Id: I9a38b5d9324131c3950c537910371a73c93d2c13
Reviewed-on: https://chromium-review.googlesource.com/728439
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48780}
This reverts commit 9fd029ef25.
Due to a ClusterFuzz issue.
TBR=mstarzinger@chromium.org
Bug: chromium:776511
Change-Id: I0f30e2e8de97f3c437a1756c82e645828358ad91
Reviewed-on: https://chromium-review.googlesource.com/730006
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48775}
The wasm memory deserialization didn't properly increment the object id, so
wouldn't work properly if the memory object (or its contained
SharedArrayBuffer) where included multiple times in the object.
Bug: v8:6895
Change-Id: I5c4c25bad2ec6152883c5a7321038aba1950480a
Reviewed-on: https://chromium-review.googlesource.com/721630
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48767}
intl.js throws an exception when datetime-value to format is
Infinity or NaN, but there was a way to thwart the check.
Moreover, intl.js and runtime-intl.cc have unnecessary conversions
of 'Number->Date->Number'. I removed the unnecessary conversion
and made 'Number' be passed to %InternalDateFormat. With this
streamlining, the work-around mentioned above does not work
anymore.
Add a check in runtime_intl.cc for Infinity/NaN and throw a
RangeError.
Add invalid-time test for invalid datetime-values passed to
Intl.DateTimeFormat.format().
Bug: chromium:774833
Test: intl/date-format/invalid-time.js
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Idc575e532a86ee110dc4bb945ae023d6516650ee
Reviewed-on: https://chromium-review.googlesource.com/724860
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48765}
Moves the feedback vector slot allocation out of ast-numbering and into
bytecode generation directly. This has a couple of benifits, including reduced
AST size, avoid code duplication and reduced feedback vector sizes in many cases
due to only allocating slots when needed. Also removes AstProperties since
this is no longer needed.
AstNumbering is now only used to allocate suspend ids for generators.
BUG=v8:6921
Change-Id: I103e8593c94ef5b2e56c34ef4f77bd6e7d64796f
Reviewed-on: https://chromium-review.googlesource.com/722959
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48757}
Also ensure that CSA's CloneFixedArray and ExtractFixedArray correctly
transition COW to non-COW maps when doing a clone requiring copying.
Bug: chromium:775888
Change-Id: I31c97072761fdd2360d86f840c9fd6ab2d72973a
Reviewed-on: https://chromium-review.googlesource.com/727900
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48754}
This is a reland of f77d98f755.
The issue was already fixed when this got reverted.
Original change's description:
> Reland "[arm] [simulator] Do also execute tests on real hardware"
>
> This is a reland of 8bacd8486b.
> The failing test is disabled if not executing in the simulator.
>
> Original change's description:
> > [arm] [simulator] Do also execute tests on real hardware
> >
> > In order to avoid writing tests that *only* pass in the simulator, but
> > not on real hardware, do also execute the simulator tests on real
> > hardware.
> >
> > R=ahaas@chromium.org, rodolph.perfetta@arm.com
> >
> > Bug: v8:6947
> > Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> > Reviewed-on: https://chromium-review.googlesource.com/722961
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48706}
>
> Bug: v8:6947, v8:6963
> Change-Id: I5733794bc5ca223c8e66afcdeb8414b1b4121314
> Reviewed-on: https://chromium-review.googlesource.com/727880
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48734}
Bug: v8:6947, v8:6963
Change-Id: I6124164ff92a2387d714ce974000b6f615b91983
Reviewed-on: https://chromium-review.googlesource.com/727207
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48752}
