The stack-switching test is not expected to pass yet if a GC happens
in the runtime call or in the wasm call.
R=ahaas@chromium.org
Bug: v8:12191, v8:12344
Change-Id: Iba66be58c1abd2ffbb22bbd7d34f8df0246a2a92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250900
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77594}
A "store own" slow runtime was missing, and the slow handler on the
StoreOwnIC was using the non-own slow runtime function, incorrectly
causing setters to be called.
For baseline, [1] invalidates the invariant that StoreOwnIC is only used
for storing properties already in the literal boilerplate, since it's
also used when the new literal is cloned from an object spread.
[1] https://chromium-review.googlesource.com/c/v8/v8/+/3224666
Bug: chromium:1263389, v8:11429
Change-Id: I0284396f306f937d1b8ff96adda6cc133c19726a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3244308
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77591}
Bug: v8:12329
Change-Id: I51c38d70537889b7534fb7e6b4066e6ab440234a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3248163
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77582}
This reverts commit 45227ffdb4.
Reason for revert: Breaks on gc_stress mode, see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/35988/overview
Original change's description:
> [turbofan] extend type asserts to cover all JS types
>
> Extend type assertions to all types covering JavaScript values.
> This is achieved by allocating type representations on the heap using
> newly defined HeapObject subclasses. To allocate these in the compiler,
> we disable concurrent compilation for the --assert-types flag for now.
>
> Fix two type errors that came up with the existing tests:
> 1. JSCreateKeyValueArray has type Array (i.e., a JSArray) instead of
> OtherObject.
> 2. OperationTyper::NumberToString(Type) can type the result as the
> HeapConstant Factory::zero_string(). However, NumberToString does
> not always produce this string. To avoid regressions, the CL keeps
> the HeapConstant type and changes the runtime and builtin code to
> always produce the canonical "0" string.
>
> A few tests were failing because they check for truncations to work
> and prevent deoptimization. However, AssertType nodes destroy all
> truncations (which is by design), so these tests are incompatible
> and now disabled for the assert_types variant.
>
> Drive-by fix: a few minor Torque issues that came up.
>
> Change-Id: If03b7851f7e6803a2f69edead4fa91231998f764
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234717
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77565}
Change-Id: Ia779a11fc811846194c7a8d1e40b372b265e7ea4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247034
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Owners-Override: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77566}
Extend type assertions to all types covering JavaScript values.
This is achieved by allocating type representations on the heap using
newly defined HeapObject subclasses. To allocate these in the compiler,
we disable concurrent compilation for the --assert-types flag for now.
Fix two type errors that came up with the existing tests:
1. JSCreateKeyValueArray has type Array (i.e., a JSArray) instead of
OtherObject.
2. OperationTyper::NumberToString(Type) can type the result as the
HeapConstant Factory::zero_string(). However, NumberToString does
not always produce this string. To avoid regressions, the CL keeps
the HeapConstant type and changes the runtime and builtin code to
always produce the canonical "0" string.
A few tests were failing because they check for truncations to work
and prevent deoptimization. However, AssertType nodes destroy all
truncations (which is by design), so these tests are incompatible
and now disabled for the assert_types variant.
Drive-by fix: a few minor Torque issues that came up.
Change-Id: If03b7851f7e6803a2f69edead4fa91231998f764
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234717
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77565}
Recompute the spill offsets for values in the merge region, instead of
reusing the offsets of the source. This ensures that spill slots stay
contiguous (modulo alignment).
This also solves a correctness issue where the spill offsets in the
merge region could move up, thereby overwriting the source of another
move.
With this change, the spill offsets always move down (to fill the gap)
or stay the same, such that processing them from bottom to top
can only overwrite sources of already-processed moves.
Since we do not reuse the current state's offsets, this might generate
extra stack moves and regress generated code performance a bit.
Drive-by: print spill offsets in the Liftoff trace
R=clemensb@chromium.org
Bug: v8:12270
Change-Id: I8d20df8fc1e80dd36b6f651de457686e9935a628
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3245115
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77556}
According to the spec, the three parameters (stdlib, foreign, and heap)
must be mutually distinct. We did not check this yet, which led to
observable differences between asm validation and standard JavaScript
semantics.
R=thibaudm@chromium.org
Bug: chromium:1068355
Change-Id: I451f63d10ea50474aeb6e8a547918b5af769343b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3244408
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77554}
We used to apply an invalid optimization which skips `length` writes
if the JSArray is 'fast' and the old value equals the new value. This
optimization is not valid if e.g. `length` is non-writable.
Fixed: chromium:1262478
Change-Id: I49ef50de293dae5c3a62c64b303ec34b9c0f6cbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3236720
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77552}
This CL fixes an issue in EffectControlLinearizer, where the primitive
type of the argument of a fast C call was used to compute its
MachineType even when the argument was actually a TypedArray, which
should always be treated as a Tagged type. This resulted in Float32/64
typed arrays being passed in FP registers, leading to a crash in the
register allocator.
Drive-by fix: Fixed output from --trace-turbo-alloc so that all of its
sub-parts are printed with PrintF, avoiding interleaved log lines.
Bug: chromium:1260954
Change-Id: I249c8629daae3af437fb52f53f45211f3a214222
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3231341
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77521}
Character class handling in the irregexp pipeline is quite complex;
codepoints outside the BMP (basic multilingual plane) are only
translated into surrogate pairs when needed, e.g. when the subject
string is two-byte. If not needed, the codepoints simply stay part of
the list of CharacterRanges.
In EmitCharClass, we determine the valid subset of ranges through
ranges_length; until this CL, we forgot to pass that information on to
MakeRangeArray. Do that now by truncating the list of CharacterRanges.
Fixed: chromium:1262423
Change-Id: I5bb5b839e9935890ca2d10908ad66d72c3217178
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3240782
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77514}
To get more details about the failure when it flakes.
Bug: v8:12332
Change-Id: I1bf5188efe13a75e34dd9832e6275fd985ee8dbd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3233974
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77498}
If an output operand has "same as input" policy, we cannot assume that
it's input 0. Instead we should look at the {input_index}.
The bug manifests on Wasm select instructions, where the input index is
actually 2 and not 0.
In order to test this better, we introduce the a new
--turbo-force-mid-tier-regalloc flag, which always uses the mid-tier
register allocator. Otherwise the bug would only manifest on huge
functions.
R=mslekova@chromium.org
CC=thibaudm@chromium.org
Bug: v8:12330
Change-Id: I6a005a48bbd2aba354dc99fed587bffce24c8839
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234722
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77495}
Calling class constructors without new is a spec violation and should
raise an exception.
In [1] calling class constructors with spread (without new) was handled
by reducing the node to a call to runtime to raise the exception.
However, arguments of the call have to be evaluated first ([2]).
This CL changes the reduction of JSCallWithSpread/JSCallWithArrayLike to
a no-op in JSCallReducer if the target is a class constructor, delaying
raising of the exception to the call builtin.
[1] https://crrev.com/c/3229369
[2] https://tc39.es/ecma262/#sec-evaluatecall
Bug: chromium:1262007
Change-Id: I2ef504d4ce6e51d582b5951beb6debb983cefba6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3236348
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77492}
--no-stress-flush-bytecode doesn't exist and should be
--no-stress-flush-code. Not supressing it means a tester could pass
--stress-flush-code and --no-flush-bytecode, which are contradictory and
will assert.
Bug: v8:12331
Cq-Include-Trybots: luci.v8.try:v8_numfuzz_dbg_ng,v8_numfuzz_ng
Change-Id: I6490271bcb11f5ea925eb8b65fbe0455c2dafeaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3233952
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77483}
Handling of class constructors was moved from CallFunction to Call
in [1].
When reducing calls with spread we forward varargs directly to
CallFunction, if we are spreading to inlined arguments or arguments of
the outermost function.
In that case we didn't check for class constructors and therefore didn't
raise an exception.
This CL adds checks for class constructors to all JSCall* nodes in
JSCallReducer that missed them before.
[1] https://crrev.com/c/3186434
Bug: chromium:1260623
Change-Id: Id39cdfd09ff5aae804ae30d96909518e408c9613
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229369
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77472}
These two tests rely on the functions being immediately compiled with SP.
Concurrent SP might add a delay and fail the test.
Bug: v8:12054
Change-Id: I52dbdfeb5c49c23f2d20a43bb8a87aba1f16358e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3233233
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77471}
mjsunit/regress/regress-crbug-9161 had two spinlocks on an atomic:
1. WaitUntil(lock == kStageRunning)
2. WaitUntil(lock == kStageDone)
But, in theory the worker updating the "lock" could progress all the way
to kStageDone before the first loop manages to check the lock value
again.
We can make this more robust by checking:
1. WaitUntil(lock != kStageInit)
2. WaitUntil(lock == kStageDone)
That way both loops check for _any_ state past the state they want to
progress past.
Bug: v8:11437
Change-Id: I5220e61070a305301c678928edb0925c04dae970
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3231339
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77460}
This CL adds support for BigInt.asIntN, the necessary operations and
extensions of the compiler's type system to allow lowering of BigInts
to word64 representations that are interpreted as signed 64 bit BigInts.
Bug: v8:9407
Change-Id: Id4f1f45437c1caf94e01c7b4e063c2ae2386c88a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3198070
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77458}
This is a reland of dca83ff7e7
Relanding without changes, looks like the bot that failed succeeded
again before the revert landed (https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/38915/overview)
Original change's description:
> [snapshot] Fix two stress_snapshot failures
>
> 1. Stress snapshot discards code on SFIs, which breaks flushing
> invariants. Add --stress-snapshot to those invariants.
> 2. Another test failing on IsScript, added it to the disabled list.
>
> Change-Id: Ic415923a9cc96d34b74f7450b29be99c1b53d077
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229375
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77430}
Change-Id: I18fd290c3794d90addc2a94765d57a3ee3ceab86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229563
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77447}
[1] fixes the behavior of StaNamedOwnProperty to no longer do prototype
lookups. This lets us revert [2] and go back to using the fast path in
the clone spread object literal bytecode.
The test case from [2] is kept.
[1] https://chromium-review.googlesource.com/c/v8/v8/+/2795831
[2] https://chromium-review.googlesource.com/c/v8/v8/+/3178969
Bug: v8:9888, chromium:1251366
Change-Id: I9d2cb69b803c403f63365f55d27c4de20ff7dafb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3224666
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77444}
1. Stress snapshot discards code on SFIs, which breaks flushing
invariants. Add --stress-snapshot to those invariants.
2. Another test failing on IsScript, added it to the disabled list.
Change-Id: Ic415923a9cc96d34b74f7450b29be99c1b53d077
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229375
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77430}
This CL improves wasm inlining heuristics in Turbofan, for an average
8,5% performance improvement in selected benchmarks.
Changes:
- In WasmInliner::Reduce(), only collect inlining candidates into a
priority queue, according to WasmInliner::LexicographicOrdering.
Move actual inlining to Finalize().
- Remove the InlineFirstFew heuristic. Add two limits to inlining:
Maximum relative size increase (reversely proportional to the function
size), and absolute size increase.
- Pass information about call frequency from liftoff-collected feedback
to the WasmInliner though the wasm module.
- Run wasm inlining along other optimizations in the pipeline.
- Split inlining and speculative inlining tests.
Bug: v8:7748, v8:12166
Change-Id: Iccee22093db765981889a24451fb458dfce1f1a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3222764
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77428}
Since we introduced `array.init` as a way to create fully initialized
arrays, immutable arrays are no longer useless, and they enable certain
static optimizations, so this patch allows them.
Bug: v8:7748
Change-Id: I404aab60099826f4bd83cf54e5e1acbc38a3ca9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3221151
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77397}
We need to check if the index is less than zero and miss to the runtime
if this is so.
Bug: chromium:1257519
Change-Id: I7d22f2765232815120b8baf7b8b83d5b00024375
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218975
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77380}
Introduces several new runtime mechanics for defining private fields,
including:
- Bytecode StaKeyedPropertyAsDefine
- Builtins StoreOwnIC{Trampoline|Baseline|_NoFeedback}
- Builtins KeyedDefineOwnIC{Trampoline|Baseline|_Megamorphic}
- TurboFan IR opcode JSDefineProperty
These new operations can reduce a runtime call per class field into a
more traditional Store equivalent. In the microbenchmarks, this
results in a substantial win over the status quo (~8x benchmark score
for single fields with the changes, ~20x with multiple fields).
The TurboFan JSDefineProperty op is lowered in
JSNativeContextSpecialization, however this required some hacks.
Because private fields are defined as DONT_ENUM when added to the
object, we can't find a suitable transition using the typical data
property (NONE) flags. I've added a mechanism to specify the required
PropertyAttributes for the transition we want to look up.
Details:
New bytecodes:
- StaKeyedPropertyAsDefine, which is essentially StaKeyedProperty
but with a different IC builtin (KeyedDefineOwnIC). This is a
bytecode rather than a flag for the existing StaKeyedProperty in
order to avoid impacting typical keyed stores in any way due to
additional branching and testing.
New builtins:
- StoreOwnIC{TTrampoline|Baseline|_NoFeedback} is now used for
StaNamedOwnProperty. Unlike the regular StoreIC, this variant will
no longer look up the property name in the prototype.
In adddition, this CL changes an assumption that
StoreNamedOwnProperty can't result in a map transition, as we
can't rely on the property already being present in the Map due
to an object literal boilerplate.
In the context of class features, this replaces the runtime
function %CreateDataProperty().
- KeyedDefineOwnIC{Trampoline|Baseline|_Megamorphic} is used by the
new StaKeyedPropertyAsDefine bytecode. This is similar to an
ordinary KeyedStoreIC, but will not check the prototype for
setters, and for private fields, will take the slow path if the
field already exists.
In the context of class features, this replaces the runtime
function %AddPrivateField().
TurboFan IR:
- JSDefineProperty is introduced to represent a situation where we
need to use "Define" semantics, in particular, it codifies that we
do not consult the prototype chain, and the semantics relating to
private fields are implied as well.
R=leszeks@chromium.org, syg@chromium.org, rmcilroy@chromium.org
Bug: v8:9888
Change-Id: Idcc947585c0e612f9e8533aa4e2e0f8f0df8875d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2795831
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#77377}
Land some of the tests for Temporal.PlainDateTime
All marked as FAIL at this stage.
Bug: v8:11544
Change-Id: I09bf681e61f19d96607c848ddcb6bee06580aff1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085625
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77332}
Compiling Sparkplug on the heap saved 10% of the CompileBaseline
RCS metric, but that came with too much code complexity.
Since in the end that corresponds to < 1% of the entire compilation
time, we decided to revert this project.
This reverts:
commit e29b2ae48a
commit d1f2a83b7d
commit 4666e18206
commit a1147408e4
commit e0d4254f97
commit 9ab8422da7
commit a3b24ecc51
commit 1eb8770691
commit fe5c9dfd90
commit 7ac3b55a20
commit 7e95f30ec9
commit 323b596212
commit 6bf0b70490
commit e82b368b67
commit 5020d83e05
commit 642a467338
commit ec7b99d5c6
commit fb4f89aede
commit 208854bb14
commit 63be6dde31
Bug: v8:12158
Change-Id: I9f2539be6c7d80c6e243c9ab173e3c5bb0dff97d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3136453
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77319}
This is a reland of 0adc1410b1
1. Fork out test/mjsunit/temporal/function-exist.js test
to test/mjsunit/temporal/function-exist-no-i18n.js and mark
function-exist FAIL in no_i18n build.
Original change's description:
> [Temporal] Part 1 - Skeleton
>
> 1. Expose all the functions to empty buildins.
> 2. Wire up basic structure of classes and internal slots.
>
> Design Doc: https://docs.google.com/document/d/1Huu2OUlmveBh4wjgx0D7ouC9O9vSdiZWaRK3OwkQZU0/
>
> This is just a CL to establish a skeleton for Temporal.
> The Temporal is very big. The prototype CL is in
> https://chromium-review.googlesource.com/c/v8/v8/+/2967755
> but too big to be reviewed so I break up the basic structure here first.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel
> Bug: v8:11544
> Change-Id: I10d09e3c2530e5b1a6ba60014a2294e138879ff3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092561
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76819}
Bug: v8:11544
Change-Id: I60eaface94ba9b3408cb235cd1ae425151a36732
Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160324
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77303}
The expected assertion is specific to irregexp codegen.
Bug: chromium:1255368
Change-Id: I14d033285014727de2e63582ed798fc82570497d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3207892
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77254}
When aborting code generation, we need to call {AbortedCodeGeneration}
on the {MacroAssembler} contained in the {RegExpMacroAssemblerARM}.
R=jgruber@chromium.org
Bug: chromium:1255368
Change-Id: If37351e8f5715e23affd21ad2de8a8eaad3ea094
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3204965
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77250}
The error showed when printing the resulting code object, because the
tier was neither TurboFan nor Liftoff, even though the code was
registered as a standard wasm function (instead of an import wrapper).
R=jkummerow@chromium.org
Bug: chromium:1254674
Change-Id: I26482fd88d72403393428979abf08e9f60cd8c4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3202001
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77238}
This reenables a test which is passing, independent of missing
accounting for shared memory. This is because we repeatedly trigger a GC
explicitly in all workers.
R=dinfuehr@chromium.org
Bug: v8:12278
Change-Id: I73d1513d809787284af0be4956018806719acd50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3201995
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77219}
Trying to optimize in such case breaks down the optimization, as we
end up with potentially non-eliminatable nodes that depend on the dead
IfTrue/IfFalse node.
Drive-by: Clean up dead nodes with {Kill()}.
Bug: v8:11510, chromium:1255354
Change-Id: Ia89fe6c243974c3c2abac6ad80bd4677a935f637
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200073
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77211}
