This CL implements a streaming decoder which takes the bytes
of a wasm module as an input, potentially split into multiple
chunks, and decodes them into segments. Each segment either
contains the payload of a whole section, or the code of a
single function. The goal is that the streaming decoder is
used for streaming compilation. That's where the interface
comes from, see
(https://cs.chromium.org/chromium/src/v8/include/v8.h?q=OnBytesReceived&sq=package:chromium&l=4060)
Error positions are not reported correctly at the moment. I
plan to do this in a separate CL.
Change-Id: I6e3df6a91945c7baec2dc4f5de2e5f47636083df
Reviewed-on: https://chromium-review.googlesource.com/471350
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45250}
The reason we need this mode is that IterateRoots for the Scavenger only
captures dependent weak nodes. This is also what we do for marking for the
minor MC.
Since the regular marking might also mark objects that are weakly
(non-dependently) pointed to by nodes we need to capture all of them during
pointers updating. The reason this works for the Scavenger is because we do one
pass at the end of the scavenger (combined with resetting) that captures all
those nodes.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2869413002
Cr-Commit-Position: refs/heads/master@{#45248}
Clearing the pending exception is not enough - if we want to swallow an
exception while currently on top of an external handler (e.g. TryCatch),
we also need to clear external_caught_exception.
BUG=chromium:719380
Review-Url: https://codereview.chromium.org/2870423002
Cr-Commit-Position: refs/heads/master@{#45247}
This reverts commit e2890c19a7.
Reason for revert: Looks like this CL causes slowdown on multiple builders, Check tests timeout and raise exceptions on the bot. Possible it is a bot issue as well, see tracking bug - https://bugs.chromium.org/p/chromium/issues/detail?id=720606
Original change's description:
> [global-handles] Remove dead code
>
> Bug: chromium:720477
> Change-Id: I090168c575c41b7038af5dfba6cd8973d1154c51
> Reviewed-on: https://chromium-review.googlesource.com/501790
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45241}
TBR=hpayer@chromium.org,mlippautz@chromium.org,jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Bug: chromium:720477
Change-Id: I92f40d8c4dbfdb5208b3068648612e8c5b97fb20
Reviewed-on: https://chromium-review.googlesource.com/502029
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45243}
Reason for revert:
CHECK is too strict.
Original issue's description:
> [inspector] use creation stack trace as parent for async call chains
>
> Creation stack trace points to the place where callback was actually chained, scheduled points where parent promise was resolved.
> For async tasks without creation stack (e.g. setTimeout) we continue to use scheduled as creation since usually they are the same.
>
> BUG=v8:6189
> R=dgozman@chromium.org
>
> Review-Url: https://codereview.chromium.org/2868493002
> Cr-Commit-Position: refs/heads/master@{#45198}
> Committed: e118462f18TBR=dgozman@chromium.org,alexclarke@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:6189
Review-Url: https://codereview.chromium.org/2868423004
Cr-Commit-Position: refs/heads/master@{#45242}
- Currently if GrowMemory is called with pages = 0, an attempt is made to
unregister the ArrayBuffer even if it is external. Cleanup so all Detaching
of ArrayBuffer is centralized to one method, and can only be called fromJS.
- Gate creating WeakHandles to the memory on the buffer having guard pages
enabled. Currently creating a WeakHandle is gated only on if the buffer
is_external true. If a buffer is marked is_external = true to begin with,
the WeakHandle is created and the Finalizer is run causing the program to
crash.
BUG=chromium:717647
Review-Url: https://codereview.chromium.org/2867233002
Cr-Commit-Position: refs/heads/master@{#45238}
This makes sure that the checking of stdlib values during module
instantiation is non-observable. It is needed to prevent observable
double evaluation of the involved property loads in case of failures
during instantiation and also fixes some issues with exceptions
happening during property loads.
R=clemensh@chromium.org
TEST=mjsunit/asm/asm-stdlib
BUG=v8:6297
Change-Id: I1d0c371e51bee8186d14fa794fb3f9b7f67e5944
Reviewed-on: https://chromium-review.googlesource.com/501887
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45237}
Since the feedback vector is itself a native context structure, why
not store optimized code for a function in there rather than in
a map from native context to code? This allows us to get rid of
the optimized code map in the SharedFunctionInfo, saving a pointer,
and making lookup of any optimized code quicker.
Original patch by Michael Stanton <mvstanton@chromium.org>
BUG=v8:6246,chromium:718891
TBR=yangguo@chromium.org,ulan@chromium.org
Change-Id: I3bb9ec0cfff32e667cca0e1403f964f33a6958a6
Reviewed-on: https://chromium-review.googlesource.com/500134
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45234}
When black allocation is turned on at deserialization time, then
slots in deserialized objects have to be visited by the incremental
marker. For spaces with reservations, this has always been done; for
large object space with its special handling, this patch adds it.
Additionally, we must ensure that no incremental steps that might
cause incremental marking to finish are performed while there is an
AlwaysAllocateScope around.
BUG=chromium:718859
Review-Url: https://codereview.chromium.org/2868103002
Cr-Commit-Position: refs/heads/master@{#45231}
Reason for revert:
buildbot failures
Original issue's description:
> [heap] Verify remembered set for objects in the old generation.
>
> Review-Url: https://codereview.chromium.org/2868053002
> Cr-Commit-Position: refs/heads/master@{#45225}
> Committed: 755a809ee5TBR=mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2870413002
Cr-Commit-Position: refs/heads/master@{#45227}
Added support for DINSM and DINSU bit insertion instructions. Also fixed
errors with bit extraction instructions, added disassembler tests and
adjusted the code to make it more compact.
BUG=
TEST=cctest/test-assembler-mips/Dins
cctest/test-disasm-mips/Type0
Review-Url: https://codereview.chromium.org/2871663002
Cr-Commit-Position: refs/heads/master@{#45226}
One of the serializer fuzzers passes in random data to the deserializer,
which can then be used to deserialize a JSRegExp instance with random flag
contents. This can cause issues since the JSRegExp::Flag enum statically
contains kDotAll - but it is only valid to set kDotAll iff
FLAG_harmony_regexp_dotall is set.
This CL verifies deserialized flags before constructing the JSRegExp
and bails out if they are invalid.
R=jbroman@chromium.org,yangguo@chromium.org
BUG=chromium:719280
Review-Url: https://codereview.chromium.org/2870743004
Cr-Commit-Position: refs/heads/master@{#45222}
This fixes cases where falling off the end of a non-void function was
accepted as a valid asm.js module. This led to translation failures in
the WASM code. Only void functions are allowed to fall off the end.
R=clemensh@chromium.org
TEST=mjsunit/asm/return-types
BUG=chromium:719286
Change-Id: I7b1c9ba5381b87a23cf0a2171bee5e5f5e8cd9de
Reviewed-on: https://chromium-review.googlesource.com/500312
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45221}
By C++ standard, behaviour is undedined when converting -Infinity to
integer. This patch assures correct behaviour in this case on all
platforms.
BUG=
Review-Url: https://codereview.chromium.org/2865113005
Cr-Commit-Position: refs/heads/master@{#45220}
Mechanical change to remove argument adaption from RegExp.p.split,
RegExp.p.replace when the actual arguments counts does not match
the formal parameter count (should be a tad faster this way).
BUG=v8:6369
Review-Url: https://codereview.chromium.org/2865313002
Cr-Commit-Position: refs/heads/master@{#45219}
Mechanical change to remove argument adaption from Array.p.indexOf and
Array.p.includes when the actual arguments counts does not match the formal
parameter count.
BUG=v8:6369
Review-Url: https://codereview.chromium.org/2873653002
Cr-Commit-Position: refs/heads/master@{#45218}
Isolate::ThrowException calls Debug::OnException, this method can potentially enter debugger context and on exception inspector can lazily compile injected-script-source so NO_SCRIPT_NO_EXCEPTIONS restriction looks too strict to me
R=jochen@chromium.org
BUG=v8:5830
Change-Id: Ic37aaa7bc6f2bd5922654f1a3c235d5eaacb8f85
Reviewed-on: https://chromium-review.googlesource.com/501351
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45217}
For small arrays, it's way faster to just move the elements instead of
doing the fairly complex and heavy-weight left-trimming. Crankshaft has
had this optimization for small arrays already; this CL more or less
ports this functionality to TurboFan, which yields a 4x speed-up when
using shift on small arrays (with up to 16 elements).
This should recover some of the regressions reported in the Node.js issues
https://github.com/nodejs/node/issues/12657
and discovered for the syncthrough module using
https://github.com/mcollina/syncthrough/blob/master/benchmarks/basic.js
as benchmark.
R=jarin@chromium.org
BUG=v8:6376
Review-Url: https://codereview.chromium.org/2874453002
Cr-Commit-Position: refs/heads/master@{#45216}
During i18n code reorg, a couple of changes for ICU 59 prep were
lost. Add them back.
See https://codereview.chromium.org/2738503008/ for the original CL.
BUG=v8:6062
TEST=v8 can be compiled with ICU 59 (hash: c28886684 ).
Change-Id: Ie19a40a9e54d0a8966dbe8e072f9afabf9e85e4f
Reviewed-on: https://chromium-review.googlesource.com/499609
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45213}
This CL introduces a new type, MapHandles, which is a STL vector of Handle<Map>.
It is now used everywhere where lists of Handle<Maps> are required, replacing
usages of V8's internal List type.
Also-By: franzih@chromium.org
BUG=v8:6333,v8:6325
LOG=N
Review-Url: https://codereview.chromium.org/2809923002
Cr-Commit-Position: refs/heads/master@{#45211}
- S32x4Shuffle by decomposing into s-register moves if no patterns match.
- S16x8Shuffle, S8x16Shuffle implemented with vtbl if no patterns match.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2856363003
Cr-Commit-Position: refs/heads/master@{#45210}
This reverts commit 26fdb617f5.
Reason for revert: v8:6378
Original change's description:
> [stubs] Properly convert the receiver for GetPropertyStub.
>
> Call ToObject on the GetPropertyStub input first, so that lookups on
> Strings and other primitives don't automatically hit the runtime, i.e.
> as the stub is also used to lookup the special @@split and @@replace
> symbols for various String builtins.
>
> BUG=v8:5269
> R=ishell@chromium.org
>
> Change-Id: I5dbbc84aa2051173bf10be71c782fbe448481034
> Reviewed-on: https://chromium-review.googlesource.com/488441
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44961}
TBR=ishell@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
BUG=v8:5269
Change-Id: I1e2e83b492d82656ead81ea35adbbcf5d324d2b8
Reviewed-on: https://chromium-review.googlesource.com/500135
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45206}
Bug: v8:6351
Change-Id: I6a5b44486bac87e2b3cb9aa93808b2c7964d6202
Reviewed-on: https://chromium-review.googlesource.com/499508
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45205}
Reason for revert:
Seems to break cfi:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20cfi/builds/9989
Original issue's description:
> [turbofan] Add alignment parameter to StackSlot operator
>
> If alignment parameter is set, the memory returned by the
> StackSlot operator will be aligned according to the parameter.
>
> The implementation goes like this. If alignment parameter is set
> we allocate a bit more memory than actually needed and so we
> can move the beginning of the StackSlot in order to have it aligned.
>
>
> BUG=
>
> Review-Url: https://codereview.chromium.org/2816743003
> Cr-Commit-Position: refs/heads/master@{#45197}
> Committed: d8bfdb7a99TBR=ahaas@chromium.org,clemensh@chromium.org,titzer@chromium.org,bmeurer@chromium.org,ivica.bogosavljevic@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2867403002
Cr-Commit-Position: refs/heads/master@{#45203}
heap_find walks all the page of the heap and finds the references to a given
address.
NOTRY=true
Change-Id: I3271ab96d0224acf2361fe5bc4c8b0a608caf091
Reviewed-on: https://chromium-review.googlesource.com/500190
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45202}
This extension imitates user-interaction on a page by randomly clicking on
links matching a given regexp pattern.
Change-Id: I210bebf36ce6e3a3c785953010ce21528093d1af
NOTRY=true
Change-Id: I210bebf36ce6e3a3c785953010ce21528093d1af
Reviewed-on: https://chromium-review.googlesource.com/500247
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45201}
