Previously the KeyAccumulator incorrectly reused the filter properties when
collecting the keys of a proxy target. This led to incorect behavior where for
instance non-enumerable properties were filtered too early.
Bug: v8:7818
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I9b43b65be168ef0975fea9245d433a54338d228e
Reviewed-on: https://chromium-review.googlesource.com/1113743
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54008}
The upstream test suite for Unicode property escapes [1] is exhaustive
and is updated soon after every new release of the Unicode Standard.
It is then upstreamed into Test262.
This patch simplifies our own Script_Extensions tests and the script
used to generate them. Now, only a few code points are tested for each
Script_Extension. This avoids unnecessary friction every time ICU
is updated based on a new Unicode version.
[1] https://github.com/mathiasbynens/unicode-property-escapes-tests
[2] https://github.com/tc39/test262/tree/master/test/built-ins/RegExp/property-escapes
Bug: chromium:850334, v8:7825
Change-Id: I792d6848ef48b41ea5e9db18b777040d019822f3
Reviewed-on: https://chromium-review.googlesource.com/1112250
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54003}
This is a reland of ada648006b, fixed
for 32 bit architectures (register pairs).
Original change's description:
> [Liftoff] Fix register use count
>
> In {SetLocalFromStackSlot}, we decrement the use count of the register
> in the target slot without updating this slot, and then call
> {GetUnusedRegister}. At that point, the register use counts do not
> match the cache state, which leads to errors later on.
> This CL fixes this by marking the target slot as a stack slot after
> reducing the register use count.
>
> It also adds a Validation which helped to find that error and will
> catch similar errors earlier.
>
> R=titzer@chromium.org
>
> Bug: chromium:854050, v8:6600
> Change-Id: I74d3a5aa947ec4247d7b4557567f642bf4082316
> Reviewed-on: https://chromium-review.googlesource.com/1111958
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53976}
TBR=titzer@chromium.org
Bug: chromium:854050, v8:6600
Change-Id: Ibc8801737e9604a8490382c569b0378585625376
Reviewed-on: https://chromium-review.googlesource.com/1112238
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53981}
This reverts commit ada648006b.
Reason for revert: Failure with slow dchecks: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/20982
Original change's description:
> [Liftoff] Fix register use count
>
> In {SetLocalFromStackSlot}, we decrement the use count of the register
> in the target slot without updating this slot, and then call
> {GetUnusedRegister}. At that point, the register use counts do not
> match the cache state, which leads to errors later on.
> This CL fixes this by marking the target slot as a stack slot after
> reducing the register use count.
>
> It also adds a Validation which helped to find that error and will
> catch similar errors earlier.
>
> R=titzer@chromium.org
>
> Bug: chromium:854050, v8:6600
> Change-Id: I74d3a5aa947ec4247d7b4557567f642bf4082316
> Reviewed-on: https://chromium-review.googlesource.com/1111958
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53976}
TBR=titzer@chromium.org,clemensh@chromium.org
Change-Id: I5b8d8d405dcd7f82ee431cba290419425b9859a1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:854050, v8:6600
Reviewed-on: https://chromium-review.googlesource.com/1112277
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53979}
In {SetLocalFromStackSlot}, we decrement the use count of the register
in the target slot without updating this slot, and then call
{GetUnusedRegister}. At that point, the register use counts do not
match the cache state, which leads to errors later on.
This CL fixes this by marking the target slot as a stack slot after
reducing the register use count.
It also adds a Validation which helped to find that error and will
catch similar errors earlier.
R=titzer@chromium.org
Bug: chromium:854050, v8:6600
Change-Id: I74d3a5aa947ec4247d7b4557567f642bf4082316
Reviewed-on: https://chromium-review.googlesource.com/1111958
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53976}
Cleanup decoding of flags so that invalid flags for sections other than
memory are caught correctly.
Bug: chromium:853453
Change-Id: Ia347d5f7672eee93ca3f6a743f06fba629f55cb5
Reviewed-on: https://chromium-review.googlesource.com/1104976
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53972}
Before flipping the flag, some tests need to be adapted. This CL
prepares these tests, such that the flag flip CL really just flips a
flag.
R=titzer@chromium.org, hablich@chromium.org
Bug: v8:6600, chromium:787421
Change-Id: I8030df69cda5f3fb81354350a37f65c0d1c669bd
Reviewed-on: https://chromium-review.googlesource.com/1110363
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53959}
Also add a DCHECK to a branch that can only be taken for the null
prototype.
R=sigurds@chromium.org
Change-Id: Ib94fe8f25ecfd1a4baa576915e6edfa60bcd771b
Reviewed-on: https://chromium-review.googlesource.com/1109961
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53939}
This CL fixes a bug where execution would continue on a fast-path
even though a previous recursion step bailed to the slow path. This
would allow possibly illegal loads that could leak to JS.
Drive-by change: Instead of bailing to the slow-path on each recursion
step, we now bail completely and start the slow-path afterwards.
R=cbruni@chromium.org, jgruber@chromium.org
Bug: chromium:854299, v8:7382
Change-Id: Ib2fd5d85dbd0c3894d7775c4f62e053c31b5e5d1
Reviewed-on: https://chromium-review.googlesource.com/1107702
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53892}
This CL fixes a bug that allowed OOB read/stores on fastpaths when
a comparison function caused the underlying FixedArray to change
while keeping the elements kinds and size property on the original
JSArray the same.
R=jgruber@chromium.org
Bug: chromium:852592
Change-Id: I09af357d10e7f41e75241e4c87430fc9aa806f8c
Reviewed-on: https://chromium-review.googlesource.com/1104158
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53811}
Reading up on the bug description, this is a test
that is triggered by TurboFan execution. This can
be done with natives and does not need excessive
loop iterations. Additionally, we have a more specific
regression test for the original issue in the repo:
http://crrev.com/c/584837
Bug: v8:7783
Change-Id: Id022b515b663e6fb897acb29f43ef92b70b547b8
Reviewed-on: https://chromium-review.googlesource.com/1101018
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53799}
This CL moves the remaining runtime DataView getters to Torque,
namely DataViewGetBigInt64/BigUint64, and removes the associated
runtime code that is now unneeded.
All of the DataView getters are now implemented in Torque, which brings
a nice performance improvement over the former C++ builtin code.
Change-Id: I35cf2eabce3c79cc0d3200e7f24dbe0c3e5c2804
Reviewed-on: https://chromium-review.googlesource.com/1092736
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53765}
Byte offset can be outside of Smi range and must be loaded as a Number
rather than a Smi.
Bug: chromium:852258
Change-Id: Ida6e07ba68a050d4f5a9f28500986cc67c619b4c
Reviewed-on: https://chromium-review.googlesource.com/1100886
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53748}
We assumed that if the ErrorThrower is empty after instantiation, then
instantiation succeeded and an instance exists which we can return.
However, if the start function throws, no instance exists, which caused
a crash. With this CL we handle execeptions thrown by the start
function correctly.
R=clemensh@chromium.org
Bug: chromium:848966
Change-Id: I51dc94e6bc563aa4a4b88c44a14e831af913fbd8
Reviewed-on: https://chromium-review.googlesource.com/1092234
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53687}
Mutable globals are now included in the wasm v1 spec.
Bug: v8:7625
Change-Id: Ib9b92d8348102f99a3b92820d0057b2c11a1e49a
Reviewed-on: https://chromium-review.googlesource.com/1095650
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53683}
This is a reland of a229e12101
The original commit broke a layout test in Blink. The test in Blink
has been marked to be skipped and will be updated once this patch
lands.
See https://chromium-review.googlesource.com/c/chromium/src/+/1097455
Original change's description:
> [builtins] set DataView.length to 1
>
> Refs: https://github.com/tc39/ecma262/pull/1131
> Test: test262/built-ins/DataView/length
> Bug: v8:7816
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I66a06734bd32cd2043a8d04728b2185f6093bd69
> Reviewed-on: https://chromium-review.googlesource.com/1094980
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53649}
Bug: v8:7816
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: If63be80523a68d3a2b515fe1d55a243d2dd2a9b2
Reviewed-on: https://chromium-review.googlesource.com/1097568
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53682}
Mutable globals are stored in the instance differently, so they must be
exported differently as well.
Also fix a counting bug that occurred when a module contained a global
and an imported mutable global (CalculateGlobalOffsets is called
twice).
Bug: v8:7625
Change-Id: I1cd7ef5d6ff7cb7e09239035f89d7b36d0436063
Reviewed-on: https://chromium-review.googlesource.com/1096673
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53681}
This CL re-enables a mjsunit test for some simulator configurations
after Array.p.sort pivot selection improvements have landed.
R=jgruber@chromium.org
Bug: v8:7795
Change-Id: I03599c34e34a0bafd5f276b03aa4f059a8078026
Reviewed-on: https://chromium-review.googlesource.com/1096764
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53660}
For errors, it just printed "Failure: expected <Error()> found
<Error()>" and completely omitted the specific error type and the
message.
The new output is:
Failure:
expected:
Error(Error: my explicit error)
found:
Error(ReferenceError: ffi is not defined)
R=mstarzinger@chromium.org
Change-Id: Ie17a97e4413c4585b9560fd1c408018ee8c06701
Reviewed-on: https://chromium-review.googlesource.com/1092746
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53625}
This is a reland of 91bab5588c
This CL contains two major changes w.r.t to the original CL:
The random state is removed from the Smi root list and we pre-seed the RNG
on each sort with the length of the array.
To cut down on the length of the arguments list and to keep track of the
random state across recursive calls, we move most of the sort arguments into
a FixedArray and reload from the array for each recursion.
Original change's description:
> [array] Use random middle element to determine pivot during sorting
>
> This CL adds a "random state" to the Smi Root list and implements a
> basic Linear congruential pseudo random number generator in Torque.
>
> The RNG is used to determine the pivot element for sorting. This will
> prevent the worst cases for certain data layouts.
>
> Drive-by-fix: Make sorting of ranges and execution pauses for profviz
> deterministic by adding a secondary sorting criteria.
>
> Bug: v8:7382
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ieb871e98e74bdb803f821b0cd35d2f67ee0f2868
> Reviewed-on: https://chromium-review.googlesource.com/1082193
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Simon Zünd <szuend@google.com>
> Cr-Commit-Position: refs/heads/master@{#53524}
Bug: v8:7382
Change-Id: Ia7bef7ed1c0e904ffe43bc428e702f64f9c6a60b
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1087888
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53583}
This CL adds the simplest version of a trap handler fallback. At
instantiation time, we check whether the module was compiled to use
trap handlers and the memory is guarded. If the memory is not guarded
but the module is supposed to use trap handlers, we recompile the
module with bounds checks so that we can use an unguarded memory.
The compiled module is replaced with a bounds checking version, meaning
future instances from this module will also use bounds checks.
Some likely desirable features that are current missing but can be
added future CLs include:
* Disabling trap handler mode entirely.
* Recompiling all old instances so that trap handler and bounds checked
code does not coexist in the same process.
Bug: v8:7143
Change-Id: I161fc0d544133b07dc4a93cc6af813369aaf3efe
Reviewed-on: https://chromium-review.googlesource.com/1018182
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53566}
The typical use of assertThrowsEquals is to check that a specific
object is thrown. However, assertEquals only does a proper equality
check for primitive types, not for complex types. Using assertSame
does a reference equality check on objects, which is more what you
would expect from assertThrowsEquals. For exception kind testing,
assertThrowsEquals actually did not work correctly, assertThrows is
better for that case.
R=clemensh@chromium.org, mythria@chromium.org
Change-Id: I24fb22e75fa33ebe90eb4bae40825119a054bba5
Reviewed-on: https://chromium-review.googlesource.com/1087952
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53556}
This reverts commit 91bab5588c.
Reason for revert: Seems to break a layout test:
https://ci.chromium.org/buildbot/client.v8.fyi/V8-Blink%20Linux%2064/23895
See also:
https://github.com/v8/v8/wiki/Blink-layout-tests
Original change's description:
> [array] Use random middle element to determine pivot during sorting
>
> This CL adds a "random state" to the Smi Root list and implements a
> basic Linear congruential pseudo random number generator in Torque.
>
> The RNG is used to determine the pivot element for sorting. This will
> prevent the worst cases for certain data layouts.
>
> Drive-by-fix: Make sorting of ranges and execution pauses for profviz
> deterministic by adding a secondary sorting criteria.
>
> Bug: v8:7382
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ieb871e98e74bdb803f821b0cd35d2f67ee0f2868
> Reviewed-on: https://chromium-review.googlesource.com/1082193
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Simon Zünd <szuend@google.com>
> Cr-Commit-Position: refs/heads/master@{#53524}
TBR=hpayer@chromium.org,cbruni@chromium.org,jgruber@chromium.org,szuend@google.com
Change-Id: I54f5d3f719428fd089ff12ff217d1c819f9ad1f7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7382
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1088506
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53542}
`date` could be outside the int32_t range and thus FastD2I may not be
used.
Bug: chromium:849663
Change-Id: I96a012b40d35ec8f80e449e4e687b0ce7b572d5e
Reviewed-on: https://chromium-review.googlesource.com/1087063
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53526}
This CL adds a "random state" to the Smi Root list and implements a
basic Linear congruential pseudo random number generator in Torque.
The RNG is used to determine the pivot element for sorting. This will
prevent the worst cases for certain data layouts.
Drive-by-fix: Make sorting of ranges and execution pauses for profviz
deterministic by adding a secondary sorting criteria.
Bug: v8:7382
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ieb871e98e74bdb803f821b0cd35d2f67ee0f2868
Reviewed-on: https://chromium-review.googlesource.com/1082193
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53524}
date in Makeday should be converted to integer.
https://www.ecma-international.org/ecma-262/5.1/#sec-15.9.1.12
Bug: v8:7475,chromium:846723
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I3aa725e7ce1822345502284aec919695c4ca084d
Reviewed-on: https://chromium-review.googlesource.com/1080110
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53516}
This is a reland of df1676e616
Original change's description:
> [array] Implement Array.p.sort in Torque
>
> This CL implements a generic baseline version and 3 fastpaths, for
> various elements kinds, of Array.p.sort in Torque. Details can be found
> in the Design Doc: https://goo.gl/Ge321G.
>
> Performance impact on micro benchmarks depends on the element kind
> and whether the user provides a comparison function.
> For HoleySmi/HoleyElement we have a speedup between 1.5-1.8 across
> the board. For Dictionary we are slower in all micro benchmarks (0.7).
> For PackedSmi it depends on the call site and whether or not a
> comparison function is used.
>
> Detailed numbers: https://goo.gl/mTyPSb
>
> Bug: v8:7382
> Change-Id: I50acabd2032af0bc01d36b0de0f555d66be56a7e
> Reviewed-on: https://chromium-review.googlesource.com/1061523
> Commit-Queue: Simon Zünd <szuend@google.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53481}
Bug: v8:7382,v8:7806,chromium:849293
Change-Id: I176cb660d92eb174bd91685cb0a39f50c4cbaa69
Reviewed-on: https://chromium-review.googlesource.com/1086827
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53511}
This reverts commit df1676e616.
Reason for revert: https://crbug.com/v8/7382#c26
Original change's description:
> [array] Implement Array.p.sort in Torque
>
> This CL implements a generic baseline version and 3 fastpaths, for
> various elements kinds, of Array.p.sort in Torque. Details can be found
> in the Design Doc: https://goo.gl/Ge321G.
>
> Performance impact on micro benchmarks depends on the element kind
> and whether the user provides a comparison function.
> For HoleySmi/HoleyElement we have a speedup between 1.5-1.8 across
> the board. For Dictionary we are slower in all micro benchmarks (0.7).
> For PackedSmi it depends on the call site and whether or not a
> comparison function is used.
>
> Detailed numbers: https://goo.gl/mTyPSb
>
> Bug: v8:7382
> Change-Id: I50acabd2032af0bc01d36b0de0f555d66be56a7e
> Reviewed-on: https://chromium-review.googlesource.com/1061523
> Commit-Queue: Simon Zünd <szuend@google.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53481}
TBR=cbruni@chromium.org,jgruber@chromium.org,szuend@google.com
Change-Id: I4c1b32a434d49caba67c80bccb068390607f90a2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7382
Reviewed-on: https://chromium-review.googlesource.com/1085407
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53494}
This makes stack checks in WasmCode independent of the underlying
Isolate by loading the limit address from the WasmInstanceObject instead
of embedding it into the instruction stream. It hence removes the last
use of the Isolate field from WasmGraphBuilder.
Additionally this introduces the notion of a "runtime stub" which
represents stub code global to the NativeModule that can be directly
called from each WasmCode in the same module. These stubs can act as
trampolines via which Isolate-independent WasmCode can enter other V8
builtins or runtime functions that remain Isolate-dependent. They will
eventually replace the current "trampoline" in a NativeModule.
R=titzer@chromium.org
BUG=v8:7424
Change-Id: Ie1f5582ee656b1ab7716ea06316d6e21a0268e74
Reviewed-on: https://chromium-review.googlesource.com/1078732
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53487}
This CL implements a generic baseline version and 3 fastpaths, for
various elements kinds, of Array.p.sort in Torque. Details can be found
in the Design Doc: https://goo.gl/Ge321G.
Performance impact on micro benchmarks depends on the element kind
and whether the user provides a comparison function.
For HoleySmi/HoleyElement we have a speedup between 1.5-1.8 across
the board. For Dictionary we are slower in all micro benchmarks (0.7).
For PackedSmi it depends on the call site and whether or not a
comparison function is used.
Detailed numbers: https://goo.gl/mTyPSb
Bug: v8:7382
Change-Id: I50acabd2032af0bc01d36b0de0f555d66be56a7e
Reviewed-on: https://chromium-review.googlesource.com/1061523
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53481}
This was renamed recently in the spec.
Change-Id: I825e47e8b4113ddb2c3356ee8e7663705ba65e1c
Reviewed-on: https://chromium-review.googlesource.com/1079851
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53448}
Compress the parameter count (and function length) stored in
SharedFunctionInfo to a uint16_t. This limits us to 2^16 - 1 parameters
per function, minus one for the "don't adapt arguments" sentinel value,
which is one fewer than Code::kMaxArguments was already. Anyway, 65534
arguments should be enough for anyone!
This drops SFI size by 4 bytes.
Bug: chromium:818642
Change-Id: I126bfb24453dcdc5087a104d3a12cf195a56fa9f
Reviewed-on: https://chromium-review.googlesource.com/1076627
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53447}
The regression test 2185-2 measured the Array.p.sort time for various
pre-sorted data configurations. This CL adds the various data
configurations to the ArraySortPreSorted benchmark and removes the
regression test altogether.
R=cbruni@chromium.org, jgruber@chromium.org
Change-Id: I6e2eb235e4a7578f4a107229bfc6a9e89a3aa5e3
Reviewed-on: https://chromium-review.googlesource.com/1076188
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53420}
This loads references to {null} values from the instance object instead
of embedding them into the generated code. It is one step towards making
the {WasmCode} objects independent of the Isolate.
Note that this also fixes an issue with the serializer/deserializer that
failed to properly serialize {null} values and accidentally collapsed
them to {undefined} values instead.
R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-7785
BUG=v8:7424,v8:7785
Change-Id: Ie436c2d96890e7c8c89ffe2bd4189a759254775b
Reviewed-on: https://chromium-review.googlesource.com/1070981
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53352}
At the moment, WebAssembly.instantiate(bytes) is implemented by
desugaring it to WebAssembly.compile(bytes).then(WebAssembly.instantiate).
The problem is that the {then} in this snippet is observable. With this
CL I introduce a CompilationResultResolver which allows to do the
desugaring internally and thereby make the {then} unobservable.
Unfortunately the result of WebAssembly.instantiate(bytes) is different
than the result of WebAssembly.instantiate(module). Therefore I also
introduced an InstantiationResultResolver for symmetry with
WebAssembly.compile.
R=mstarzinger@chromium.org
Bug: chromium:837417
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2d98e03d65f2ada19041d5a9e2df5da91b24ccca
Reviewed-on: https://chromium-review.googlesource.com/1059783
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53347}
The slow test tests SmiLexicographicCompare on a large number of Smi comparisons;
we can disable this test for some debug/noopt builds without losing much coverage.
Bug: v8:7783
Change-Id: Iab40e596604bb957b4d3312073ad85dbac08c6a0
Reviewed-on: https://chromium-review.googlesource.com/1068190
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53333}
The timeout in the test is close to execution time in debug mode so it
fails occasionally. The test is measuring array slice algorithm
performance but changes unrelated to it affect the test result in debug
mode, therefore it should be skipped.
BUG=v8:7726
TEST=regress/regress-165637
Change-Id: Ib330d8e3c0d3f6a1150ccb59b60d17a41b87df87
Reviewed-on: https://chromium-review.googlesource.com/1071576
Commit-Queue: Miran Karić <miran.karic@mips.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53326}
This CL uses the new function pointers and generic features of Torque
to improve the performance of TypedArray.p.sort.
Instead of one Load/Store builtin that dispatches at runtime based on
the element kind, there are now many small builtins (one for each
element kind). The sorting algorithm then uses function pointers to
those small builtins, which get set once.
Changes in the relevant benchmarks:
Benchmark Original (JS) Current This CL
IntTypes 83.9 202.3 240.7
BigIntTypes 32.1 47.2 53.3
FloatTypes 99.3 109.3 129.3
Bug: v8:7382
Change-Id: I8684410524d546615b19f6edcbfdc615068196aa
Reviewed-on: https://chromium-review.googlesource.com/1070069
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53322}
Instead use the canonical empty fixed array. Some code assumes
that this is the only fixed array of length 0.
Bug: chromium:843062
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: If780acf50147c061a81f2ff2b31779fbd1c78559
Reviewed-on: https://chromium-review.googlesource.com/1064052
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53320}
Also mark another slow tests as SLOW.
TBR=jgruber@chromium.org
Bug: v8:7783
Change-Id: I69a8ac82e7898fa3b374c5b66a441f040d241413
Reviewed-on: https://chromium-review.googlesource.com/1069093
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53306}
The TC39 committee reached consensus to rename `flatten` to `flat`
during the May 22nd meeting. The corresponding patch to the proposal
is here:
093eacc7fe
Bug: v8:7220
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie8049ae4d4589a4ae7fe3d203053cef798c135e4
Reviewed-on: https://chromium-review.googlesource.com/1069467
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53294}
The ECMAScript ⊃ JSON proposal doesn’t affect LineContinuation
grammar. These tests verify that the behavior remains the same when
the --harmony-subsume-json feature flag is enabled.
Bug: v8:7418
Change-Id: Iec5cb1bc112f278481ba1202f0c2b8693917843a
Reviewed-on: https://chromium-review.googlesource.com/1067463
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53270}
This is not web compatible, so let's delete the code.
Bug: v8:5536
Change-Id: I50506d37dcdff1f7f95577c47adcec653cc1f06e
Reviewed-on: https://chromium-review.googlesource.com/1064740
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53264}
Optimize String.p.split for the case when the separator is empty and
the subject is a direct one-byte string.
Bug: v8:7103
Change-Id: Ica277d2c426679a1f77a1ef8ecb523bd596f65fb
Reviewed-on: https://chromium-review.googlesource.com/1045950
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53260}
The js-to-wasm wrappers are shared across instances, so we cannot
directly call the instance-specific wasm-to-js wrappers. Instead, we
need to call via the import table.
R=titzer@chromium.org
Bug: chromium:843563
Change-Id: Ia882604f6769472fe2eb69176cbed728215ced29
Reviewed-on: https://chromium-review.googlesource.com/1064610
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53254}
ICU 61.1 was released in late March with CLDR 33.
Arabic number format change in CLDR 33 requires
a small adjustment in the test result.
See https://chromium-review.googlesource.com/c/chromium/deps/icu/+/1041578
for details on ICU 61.1.
NOTREECHECKS=true
Bug: chromium:838383, chromium:843073
Test: test262/intl402/*, intl/*
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I3778423b7dc67891767c95ea503e003013ae5b69
Reviewed-on: https://chromium-review.googlesource.com/1038230
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53251}
It is possible for user code to modify fast regexp result objects
before they are used e.g. by RegExp.p.match, so we may not make any
assumptions about their contents. The only exception is when the
RegExp itself is fast.
Bug: chromium:843022
Change-Id: I14eafbdfb2b2ced609da1391b57c73cbe167f7fb
Reviewed-on: https://chromium-review.googlesource.com/1061455
Reviewed-by: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53210}
Array.indexOf accepts an optional fromIndex argument. When non-negative,
this argument restricts the searched indices to those starting at
fromIndex:
[1, 2, 1].indexOf(1,1) == 2
When negative, it is meant to be added to the array length to provide
such initial index for the search:
[1, 2, 1].indexOf(1, -2) == 2
This transformation has been done by the non-optimised builtin but not
by the reducer. The CL adds this construction to the reducer.
Bug: chromium:842612
Change-Id: I0ff089997f4ebb4dc3c2923e52c382a8a96cd711
Reviewed-on: https://chromium-review.googlesource.com/1059628
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Vaclav Brozek <vabr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53197}
We were always using the instance we were currently building. If the
start function is an exported wasm function of another instance, use the
exporting instance instead.
R=titzer@chromium.org
Bug: chromium:843120
Change-Id: I141d272b947bef8e903be7208ddf6ce344e754c4
Reviewed-on: https://chromium-review.googlesource.com/1059620
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53190}
Since the code around that is quite fragile, and I plan to refactor it,
just add some tests to ensure that everything is and keeps working as
intended.
R=mstarzinger@chromium.org
Bug: v8:7758
Change-Id: Ib3814b93b465286d70b5669ed0161eecb9fc925a
Reviewed-on: https://chromium-review.googlesource.com/1059616
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53187}
The --trace-turbo flag would cause a crash when compiling a WASM_FUNCTION. It
was caused by assuming the OptimizedCompilationInfo had a SharedFunctionInfo
attached if the code isn't a stub and wasm functions are not considered as such.
In order to test this, we've added a new flag to specify were to dump JSON
files: --trace-turbo-path. This is used to make sure we do not leave lots of
files behind in the top-level directory. It should be useful as standalone
feature too.
Change-Id: Ia9442638d28100bea45a8683fb233803cc5393f2
Reviewed-on: https://chromium-review.googlesource.com/1030555
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53153}
The clusterfuzz issue crashes because VisitBinops expected only but 4
input operands but in the generated graph 5 input operands get created
The issue is fixed by increasing the size of the input operand buffer.
R=jarin@chromium.org
Bug: chromium:842501
Change-Id: I4bbb09a968e165e6f5a0a02d06eee97333f7aa38
Reviewed-on: https://chromium-review.googlesource.com/1056989
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53147}
We must not accept something of kBit representation as of
kWord32 representation (unless it's truncated accordingly).
Deopt instead.
Bug: v8:7740
Change-Id: Ib4f73600d66f8762a6e22f7ea1ce79e8ef451b34
Reviewed-on: https://chromium-review.googlesource.com/1054670
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53144}
This was already the case for 1-byte strings. This prevents crashes when
attempting to externalize such strings.
Bug: chromium:842078, v8:7464
Change-Id: I3092a6748edaf77b2689f7b6f6b949929998e508
Reviewed-on: https://chromium-review.googlesource.com/1054290
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53124}
Avoid writing NumberOfElements to HashTable when it hasn't changed as
the HashTable could be in RO_SPACE and this operation will crash.
Bug: v8:841592
Change-Id: Iffadd567fc10aa9cd13d953da81275464b16c6c0
Reviewed-on: https://chromium-review.googlesource.com/1052693
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53116}
This is a reland of e084eea628.
Undefined behavious was fixed in https://crrev.com/c/1051235.
Original change's description:
> Fix SourcePositionInfo for wasm
>
> In wasm we often don't have a SharedFunctionInfo associated with a
> compilation job, so we can't get a Script. Just print "unknown" in
> these cases (instead of crashing).
>
> R=titzer@chromium.org
> CC=herhut@chromium.org
>
> Bug: chromium:840757, v8:7738
> Change-Id: I850c6adfd9e07c9a0f6dd018f1a9314feb89d887
> Reviewed-on: https://chromium-review.googlesource.com/1049632
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53080}
TBR=titzer@chromium.org
Bug: chromium:840757, v8:7738
Change-Id: If04040a33766955cfed78e7c27226dd04c3f9b9f
Reviewed-on: https://chromium-review.googlesource.com/1051266
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53111}
Code comments are heap-allocated and never freed. We don't want to
attach them to the code object via a finalizer, since that could change
gc timing and heap layout when you enable code comments. They are used
to testing only anyway, so leaking is acceptable here.
R=bmeurer@chromium.org, jarin@chromium.org
Bug: v8:7738
Change-Id: I27b0f95db1d66b57f4f113c154f23edb84e6700d
Reviewed-on: https://chromium-review.googlesource.com/1051241
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53107}
