- Both AllTrue/AnyTrue values should return boolean 0/1
instead of 0xffffffff to match Spec/Toolchain
- Fix AllTrue implementation to be correct
- Add unit tests to spot check return values as the
cumulative test can coerce some return values to True/False
Change-Id: I84eb73c915414c9ec290e73f1306404ceff729f0
Bug: v8:8636
Reviewed-on: https://chromium-review.googlesource.com/c/1404197
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58715}
If feedback for call site frequency is 0, then the combined frequency
is still 0, even if the current function invocation count is infinity.
Bug: chromium:919754
Change-Id: I97be096b6b38f934fb13f01b2b22e148c539e1c0
Reviewed-on: https://chromium-review.googlesource.com/c/1404445
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58714}
If a species constructor is installed, filter() needs to loop over
the elements of the array in the "slow" way, because it doesn't
know the ElementsKind of the output array. The code failed to
bail out to the slow case for the loop right away on discovering this.
Bug: chromium:920184, chromium:920491
Change-Id: I74496db20a90807b631c1bebe7604d85b199df67
Reviewed-on: https://chromium-review.googlesource.com/c/1405035
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58713}
The concurrent marker can now process all objects.
This patch also eagerly visits the objects that undergo layout
changes. This is because previously such objects were pushed
onto the bailout worklist, which is gone now.
To preserve the incremental step accounting, the patch introduces
a new GC tracer scope called MC_INCREMENTAL_LAYOUT_CHANGE.
Bug: v8:8486
Change-Id: Ic1c2f0d4e2ac0602fc945f3258af9624247bd65f
Reviewed-on: https://chromium-review.googlesource.com/c/1386486
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58712}
Use the right register type for the temporary register.
R=titzer@chromium.org
Bug: v8:6600, chromium:917588
Change-Id: Ia2617f6b406924ca7f496608fd495faf04dff25b
Reviewed-on: https://chromium-review.googlesource.com/c/1403127
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58711}
Keep track of loop nesting depth on FunctionState and use that to decide
whether to mark var as assigned. That also fixes the weird cornercase where a
loop body can have multiple expressions due to multiple declarations with
independent initializers in a single var-statement.
Change-Id: Ia24affde29e22e9464448fd390062f6dd983faf2
Reviewed-on: https://chromium-review.googlesource.com/c/1405037
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58707}
For desrtucturing assignments from null/undefined, we throw an error
that references the destructuring object literal's property name, e.g.
for
var { x } = null;
we report that we cannot destructure 'x' from null.
Rather than calculating this property during bytecode generation (and
including it in the bytecode as an argument to the type error
constructor), we can calculate it at exception throwing time, by
re-parsing the source in a similar way to the existing call site
rendering.
This slightly decreases bytecode size and slightly decreases the amount
of work the bytecode compiler needs to do. In the future, it could also
allow us to give more detailed error messages, as we now have access to
the entire AST and are on the slow path anyway.
Bug: v8:6499
Change-Id: Icdbd4667db548b4e5e62ef97797a3771b5c1bf72
Reviewed-on: https://chromium-review.googlesource.com/c/1396080
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58706}
Mostly signed integer overflows, and a few cases of double
division by zero (which is defined by IEEE-754 to return
Infinity (or NaN for 0/0) but is UB in C++).
In base/ieee754.cc, use constants for NaN and Infinity instead
of computing these values.
In spaces-unittest.cc, ensure that a large enough allocation
is used.
Bug: v8:3770
Change-Id: I50d9a77dc860ef9993b7b269a5f8c117b0f62f9d
Reviewed-on: https://chromium-review.googlesource.com/c/1403454
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58701}
This reverts commit 5dee355fe6.
Reason for revert: https://ci.chromium.org/p/v8-internal/builders/luci.v8-internal.ci/v8_linux64_perf_1/4282
Original change's description:
> [test] add perf tests for String.p.startsWith
>
> Add performance tests for String.prototype.startsWith ahead of port to
> torque in order to keep track of how performance is affected.
>
> Bug: v8:8400
> Change-Id: Ifc753a6f13da20c1760e545a99fd693717e3acc6
> Reviewed-on: https://chromium-review.googlesource.com/c/1402934
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58685}
TBR=jgruber@chromium.org,usharma1998@gmail.com
Change-Id: I5855b08fa5e55ab8594185a0a84a26f567e2b9d3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8400
Reviewed-on: https://chromium-review.googlesource.com/c/1404446
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58697}
Mostly signed integer overflows, and a few cases of double
division by zero (which is defined by IEEE-754 to return
Infinity (or NaN for 0/0) but is UB in C++).
Bug: v8:3770
Change-Id: Id92725b0ac57cb357978124a3dc6f477430bc97d
Reviewed-on: https://chromium-review.googlesource.com/c/1403133
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58696}
The 'done' setting dance in BuildFillArrayWithIterator turned out to
not be useful, as the StoreInArrayLiteral call could not ever throw an
exception. Since iterator exceptions count as done, we are guarnteed to
be done as soon as we enter the loop.
Change-Id: Ibe2ba1fcbe383bfcfedb185169890b6931cc7884
Reviewed-on: https://chromium-review.googlesource.com/c/1402792
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58695}
The IteratorClose spec specifies that exceptions in
%GetMethod(iterator.return) are not suppressed by exceptions in the
given continuation (body of a loop, assignments in destructuring),
while exceptions in the execution of iterator.return() are.
This means that we have to split out the property access + a typeof
check to be outside the try-catch, and keep the call inside of it.
The non-split version is only for cases when there is no 'throws'
continuation (as is the case for yield* calling IteratorClose), so
the existing BuildIteratorClose can be renamed to reflect this.
Change-Id: Id71aea4fddd6ffb986bd9aaa09d29615a8800f71
Reviewed-on: https://chromium-review.googlesource.com/c/1402789
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58694}
Mostly signed integer overflows, and a few cases of double
division by zero (which is defined by IEEE-754 to return
Infinity (or NaN for 0/0) but is UB in C++).
Bug: v8:3770
Change-Id: I8007987594ff534ca697c1c3247215a72a001343
Reviewed-on: https://chromium-review.googlesource.com/c/1403132
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58693}
This CL disables RX (read and execute) permissions for Code memory
when in jitless mode. All memory that was previously allocated RX
is now read-only.
Bug: v8:7777
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Change-Id: I52d6ed785d244ec33168a02293c5506d26f36fe8
Reviewed-on: https://chromium-review.googlesource.com/c/1390122
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58692}
Add performance tests for String.prototype.startsWith ahead of port to
torque in order to keep track of how performance is affected.
Bug: v8:8400
Change-Id: Ifc753a6f13da20c1760e545a99fd693717e3acc6
Reviewed-on: https://chromium-review.googlesource.com/c/1402934
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58685}
If the key of the u-ext has no value it will return error so
we should just return undefined for that case.
Bug: v8:8663
Change-Id: I7446ad74c8d0609ad268385b6f4d986060424ce9
Reviewed-on: https://chromium-review.googlesource.com/c/1404194
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58682}
Since register can be used multiple times on the stack, they can also
be spilled into multiple stack slots. At merge points, we then might
have to reload the spilled slots. A DCHECK currently checks that each
register is only loaded once. Instead of failing, just load the first
stack slot, the others are statically known to contain the same value
anyways.
R=ahaas@chromium.org
Bug: v8:6600, chromium:919533
Change-Id: Ic0c806238b2997f006829b4b509a50468a55befa
Reviewed-on: https://chromium-review.googlesource.com/c/1403124
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58676}
The unwinding info writer was assuming that a block that had no initial
state must be the start or end block. It was trying to check if the
block was the start or end by asserting that the block had either
no predecessors or no successors. Loop rotation breaks this assumption,
since it can move a block from inside a loop to before the loop
header, and the block can then be the "start" block. But since
such a block has both predecessor(s) and a successor, the check was
wrong.
R=clemensh@chromium.org
BUG=chromium:913844
Change-Id: Ic24c67a822d510cb082f25608089d313c3459be8
Reviewed-on: https://chromium-review.googlesource.com/c/1373770
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58675}
Emit a single destructuring assignment for destructuring declarations,
which can be desugared by the bytecode generator. This allows us to
remove destructuring desugaring from the parser (specifically, the
pattern rewriter) entirely.
The pattern "rewriter" is now only responsible for walking the
destructuring pattern to declare variables, mark them assigned, and
potentially rewrite scopes for the edge case of parameters with a sloppy
eval.
Note that since the rewriter is no longer rewriting, we have to flip the
VariableProxy copying logic for var re-lookup, so that we now pass the
new VariableProxy to the variable declaration and leave the original
unresolved (rather than passing the original through and rewriting to a
new unresolved VariableProxy).
This change does have some effect on breakpoint locations, due to some
of the available information changing between the parser and bytecode
generator, however the new locations appear to be more consistent
between assignments and declarations.
Change-Id: I3a58dd0a387d2bfb8e5e9e22dde0acc5f440cb82
Reviewed-on: https://chromium-review.googlesource.com/c/1382462
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58670}
Ivica Bogosavljevic is no longer part of MIPS V8 team, and therefore his
name is removed from OWNERS.
TBR=mstarzinger@chromium.org
NOTRY=true
No-Presubmit: true
Change-Id: I1ea6745b795573a17362dfd869528ddf78b8ab41
Reviewed-on: https://chromium-review.googlesource.com/c/1402775
Commit-Queue: Predrag Rudic <prudic@wavecomp.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58667}
These flakes can't be reproduced locally so we need more information
when they fail. Add some logging so that we can figure out why they
are breaking.
Bug: v8:8649, v8:8648
Change-Id: I2fb1384bb7592c6fc68c08952505e79329f00bec
Reviewed-on: https://chromium-review.googlesource.com/c/1400418
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58641}
Print all the mismatch failures in the bytecode rather than aborting at
the first mismatch.
R=rmcilroy
Change-Id: Id572ead5fdc4d126ac9a05942f940b0eaef7150f
Reviewed-on: https://chromium-review.googlesource.com/c/1400412
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58628}
This CL adds support for anyref in WebAssembly.Global objects. Note
that the specification is not complete yet in this area.
I did the following changes:
- I renamed the `array_buffer` field of WasmGlobalObject to
`untagged_buffer`
- I added an additional field of type FixedArray, `tagged_buffer`.
- In the constructor of WasmGlobalObject I allocate either the former
or the latter, but not both.
- In the WebAssembly.Global constructor I added special handling for
the case where no initial value is provided. In that case I set the
inital value to `null` and not to `undefined`.
R=titzer@chromium.org
Bug: v8:7581
Change-Id: I7e4855d7e6c04a9bcdc7ebd450caca5819d060e2
Reviewed-on: https://chromium-review.googlesource.com/c/1398226
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58625}
If we have both f32 and f64 locals, we use the same register to hold
their zero value. On stack transfers, we might thus encounter the same
fp register with both the f32 and f64 type. Explicitly allow that case
to happen.
R=ahaas@chromium.org
Bug: chromium:918917, v8:6600
Change-Id: I6937008d38853fe2bdccd9715e1a2499cf6bf7c6
Reviewed-on: https://chromium-review.googlesource.com/c/1398225
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58623}
This CL prevents redundancy elimination from widening types, which
can cause problems if the input of a DeadValue (which has type None)
is replaced by an equivalent node that does not have type None. This
can happen because load elimination does not re-type nodes, for
example.
Bug: chromium:919340
Change-Id: I89e872412edbcdc610e70ae160cde56cd045006c
Reviewed-on: https://chromium-review.googlesource.com/c/1397709
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58617}
The two names refer to the same thing by now, so this patch is
entirely mechanical.
Bug: v8:3770
Change-Id: Ia360c06c89af6b3da27fd21bbcaeb2bdaa28ce22
Reviewed-on: https://chromium-review.googlesource.com/c/1397705
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58615}
This is a reland of part of
https://chromium-review.googlesource.com/c/v8/v8/+/1397664.
It drops the explicit fni_.Infer() call after parsing arrow functions. We'll
want to avoid inferring if the arrow function is an argument to a function
call.
It also avoids adding the single argument of "name => " to the inferred name.
Bug: chromium:916975
Change-Id: I96a934408113483d73eba14073fe21e8cfe2ada6
Reviewed-on: https://chromium-review.googlesource.com/c/1397665
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58613}
Fix WebAssembly's global/constructor js-api. Globals with a value
of i64 is now valid even if Wasm BigInt feature isn't activated.
Bug: v8:8319
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Change-Id: Ia41ad69efa5253064ecdb8f59b149393cd672b68
Reviewed-on: https://chromium-review.googlesource.com/c/1382747
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58603}
This patch sets the name slot of the private name symbols for
private fields and display the names in error messages of invalid
private field accesses.
TBR: adamk@chromium.org
Bug: v8:8144
Change-Id: Id34c468e2bddd1c3001517b4d447c7497402df76
Reviewed-on: https://chromium-review.googlesource.com/c/1374332
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#58601}
We plan to store additional information that is not related to scopes.
The new name will reflect this fact better.
Change-Id: I4ddb1017bc255e6ad271e4448848ed630f367d5b
Reviewed-on: https://chromium-review.googlesource.com/c/1388538
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58591}
The AsmType class uses a design similar to the old Object* model, where
arbitrary values (including 0) are reinterpret_cast to pointers. This
yields the following UBSan error, among others:
src/asmjs/asm-parser.cc:2000:51: runtime error: member call on null
pointer of type 'v8::internal::wasm::AsmType'
This patch does the smallest possible fix by turning the affected methods
into static functions. Longer-term, we should consider switching the
overall class design to a "struct wrapping an Address" model like the new
Object definition, which is a bit non-trivial because some AsmType types
are ZoneObject subclasses.
Bug: v8:3770
Change-Id: Ie2a7cdc9eab32c4c469d699212c84b0419480b4f
Reviewed-on: https://chromium-review.googlesource.com/c/1397663
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58586}
- Removes the last `CORE` JS native script: `prologue.js`.
- Removes build step and bootstrapping associated with building/loading `CORE` JS natives.
- Removes `natives_utils_object` from context.
- Deprecates `--expose-natives-as` flag.
- Ports extra utils functions to C++ (`uncurryThis`) or Torque
(`createPrivateSymbol`, `markPromiseAsHandled`, and `promiseState`).
- Move extra utils constants initialization into bootstrapper
(`kPROMISE_PENDING`, `kPROMISE_FULFILLED`, `kPROMISE_REJECTED`).
- Removes unused extra utils functions `log` and `logStackTrace`.
Drive-by: Added test coverage for Array#includes being an unscopeable.
Bug: v8:7624
Change-Id: I5d983f8d11b76cb4dd3c2c67592ce1dc88364cd9
Reviewed-on: https://chromium-review.googlesource.com/c/1381672
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#58577}
This CL fixes the problem that the platform was set at MockPlatform's
constructor but was not reset.
Bug: v8:8527
Change-Id: I21c3b19320885b1b38999161db7cc1b8f15d798e
Reviewed-on: https://chromium-review.googlesource.com/c/1397821
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Hajime Hoshi <hajimehoshi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58574}
We cannot take the fast-path if the user messed with the Symbol.species
property on the Promise.prototype, as that makes the internal promises
observable.
Bug: chromium:917076
Change-Id: I928e0bd17836ca78cf88591610526aa7bc1d293c
Reviewed-on: https://chromium-review.googlesource.com/c/1396426
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58563}
With this CL it is possible to import any JavaScript object as an anyref
global. The exception is WasmGlobalObject, which cannot hold anyref
globals yet.
R=clemensh@chromium.org
Bug: v8:7581
Change-Id: I5b0fc686a4ec5c579d1d635b53be5ccdf0a78f27
Reviewed-on: https://chromium-review.googlesource.com/c/1382452
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58557}
Previously we stored the source position table, which stored a mapping
of pc offsets to line numbers, and the inline_locations, which stored a
mapping of pc offsets to stacks of {CodeEntry, line_number} pairs. This
was slightly wasteful because we had two different tables which were
both keyed on the pc offset and contained some overlapping information.
This CL combines the two tables in a way. The source position table now
maps a pc offset to a pair of {line_number, inlining_id}. If the
inlining_id is valid, then it can be used to look up the inlining stack
which is stored in inline_locations, but is now keyed by inlining_id
rather than pc offset. This also has the nice effect of de-duplicating
inline stacks which we previously duplicated.
The new structure is similar to how this data is stored by the compiler,
except that we convert 'source positions' (char offset in a file) into
line numbers as we go, because we only care about attributing ticks to
a given line.
Also remove the helper RecordInliningInfo() as this is only actually
used to add inline stacks by one caller (where it is now inlined). The
other callers would always bail out or are only called from
test-cpu-profiler.
Remove AddInlineStack and replace it with SetInlineStacks which adds all
of the stacks at once. We need to do it this way because the source pos
table is passed into the constructor of CodeEntry, so we need to create
it before the CodeEntry, but the inline stacks are not (they are part of
rare_data which is not always present), so we need to add them after
construction. Given that we calculate both the source pos table and the
inline stacks before construction, it's just easier to add them all at
once.
Also add a print() method to CodeEntry to make future debugging easier
as I'm constantly rewriting this locally.
Bug: v8:8575, v8:7719, v8:7203
Change-Id: I39324d6ea13d116d5da5d0a0d243cae76a749c79
Reviewed-on: https://chromium-review.googlesource.com/c/1392195
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58554}
The reference implementation used in the tests does not fully match
the spec, so for the diverging cases we need to explicitly specify
the correct expectation.
Every single change in this patch has been verified against every
major JavaScript engine using eshost + jsvu. All implementations
match the spec (and the V8 implementation), with the following two
exceptions:
- One expectation was wrong because of a JavaScriptCore bug (that
is, we inherited the incorrect expectation when importing the
tests from WebKit). A comment was added for that one.
- This work resulted in the discovery of bugs in Moddable/XS:
https://github.com/Moddable-OpenSource/moddable/issues/112
Change-Id: I05d91d7acc5c8765e941fcd68c1086c2694c710c
Reviewed-on: https://chromium-review.googlesource.com/c/1396081
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58546}
Currently in both kCallerLineNumbers and kLeafNodeLineNumbers modes, we
correctly capture inline stacks. In leaf number mode, this is simple as
we simply add the path onto the existing tree. For caller line numbers
mode this is more complex, because each path through various inlined
function should be represented in the tree, even when there are
multiple callsites to the same function inlined.
Currently we don't correctly show line numbers for inlined functions.
We do actually have this information though, which is generated by
turbofan and stored in the source_position_table data structure on the
code object.
This also changes the behavior of the SourcePositionTable class. A
problem we uncovered is that the PC that the sampler provides for every
frame except the leaf is the return address of the calling frame. This
address is *after* the call has already happened. It can be attributed
to the next line of the function, rather than the calling line, which
is wrong. We fix that here by using lower_bound in GetSourceLineNumber.
The same problem happens in GetInlineStack - the PC of the caller is
actually the instruction after the call. The information turbofan
generates assumes that the instruction after the call is not part of
the call (fair enough). To fix this we do the same thing as above - use
lower_bound and then iterate back by one.
TBR=alph@chromium.org
Bug: v8:8575, v8:8606
Change-Id: Idc4bd4bdc8fb70b70ecc1a77a1e3744a86f83483
Reviewed-on: https://chromium-review.googlesource.com/c/1374290
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58545}
The {movsx_b} instruction can only take byte registers (or operands) as
source. Ensure that for i8 sign extensions to i64, the src register is
moved to a temporary byte register first, similar to the same operation
on i32 a few lines above.
R=ahaas@chromium.org
Bug: chromium:918149, v8:6600
Change-Id: I17bc942127baee57279a7fc0caac9d82bd7c6bfb
Reviewed-on: https://chromium-review.googlesource.com/c/1394555
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58542}
The high GC stressing in this tests causes bytecode flushing which breaks some
invariants in the test.
BUG=v8:8629
Change-Id: I7efff098ed4fa96006c8200e174132a6297bd36f
Reviewed-on: https://chromium-review.googlesource.com/c/1394743
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58541}
regress-6989 uses assertOptimized and will hence fail randomly depending
on GC timing. This means we should not run it under GC stress.
This can be verified by running the test under GC stress and changing the
--gc-interval. It is easy to find values for which the test fails, and
values for which the test passes.
Change-Id: Ibd8bfbc1712ad60830255e4d89ea795023134891
Reviewed-on: https://chromium-review.googlesource.com/c/1396078
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58540}
One spec test is failing at the moment. I disabled it for now and
created an bugtracker issue:
https://crbug.com/v8/8633R=gdeepti@chromium.org
Change-Id: Ibc3087d0582b95395d45d261155f6ac7e1a47f0c
Reviewed-on: https://chromium-review.googlesource.com/c/1394551
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58538}
Make the function return Maybe<std::string> to propagate error.
Bug: chromium:917151
Change-Id: I4330b0c54c122b1eddd3b37e21e0f387cb5d803a
Reviewed-on: https://chromium-review.googlesource.com/c/1392205
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58535}
We currently trigger a GC when creating a module while the remaining
uncommitted code space is below 32MB. For bigger modules, this is not
enough. Instead, make this limit relative: Trigger GC if we fall below
50% of the available code space, and re-adjust this limit after each GC
to avoid repeated GCs that do not free anything.
R=ahaas@chromium.org
Bug: v8:8624
Change-Id: I7abfad3b57663d528a26d29232ad6bc2dc63cef4
Reviewed-on: https://chromium-review.googlesource.com/c/1391753
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58527}
We currently de-duplicate used registers also in regions which do not
need merging. In those regions though it can never happen that we need
to pass different values from any merge input. Apart from introducing
unnecessary register moves, this also causes a DCHECK to fail, because
we might later want to merge back different registers into one.
Assume this initial stack state (where each letter is a register):
[A B B C]
If in any child block the two Bs get de-duplicated so something like
[A B D C]
then we run into trouble when merging back this state into the parent
state, because both B and D would need to be put into B.
In this case we can statically infer that B and D must hold the same
value anyway, but having this situation does not make much sense in the
first place, so the DCHECK fires correctly.
R=titzer@chromium.org
Bug: v8:8423, chromium:917412
Change-Id: I24c36b062e04a134cf7051725afab98126753f31
Reviewed-on: https://chromium-review.googlesource.com/c/1392190
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58522}
On x64 the {kScratchRegister} cannot be held in a {LiftoffRegister},
since it is not a valid cache register. Also, the code unnecessarily
checked whether there is an unused cache register, but then didn't use
it. Simplify the logic to always use the scratch register, just
distinguish between 4-byte and 8-byte moves.
On ia32 we did not move 64-bit values correctly if we didn't have
unused registers and needed to move via the stack.
R=titzer@chromium.org
Bug: v8:6600, chromium:917588, chromium:917450
Change-Id: I0bbe946c6ac8fca62f85711ae47afdac9c02ae6b
Reviewed-on: https://chromium-review.googlesource.com/c/1391755
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58521}
Templates are nicer than macros, and in this case it's not more complex.
R=tebbi@chromium.org
Bug: v8:8562
Change-Id: I3aea7b4138f144166418c0827dd7c58ea459c670
Reviewed-on: https://chromium-review.googlesource.com/c/1392200
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58518}
If the parameter list contains class declarations we should use the
block scope corresponding to the class when rewriting the initializers.
Bug: chromium:917988
Change-Id: I7fcd44a264b7c0113cbd821b759e0bee6c9345a0
Reviewed-on: https://chromium-review.googlesource.com/c/1392240
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58515}
Instead of de-sugaring destructuring assignment in the parser (using the
pattern rewriter), pass the Object/ArrayLiterals through to the bytecode
generator, which can desugar them in-place.
This allows us to decrease the amount of AST node creation, and improve
the generated bytecode using domain-specific knowledge. As a side effect
we partially fix an old execution ordering spec bug.
Currently only implemented for assignments, not declarations, as the
latter has some additional complexity.
Bug: v8:4951
Change-Id: I3d69d232bea2968ef20df68a74014d9e05808cfe
Reviewed-on: https://chromium-review.googlesource.com/c/1375660
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58512}
Apart from being more in-line with the style guide, this allows to use
DEFINE_LAZY_LEAKY_OBJECT_GETTER for defining {TypeCache::Get}.
R=tebbi@chromium.org
Bug: v8:8562
Change-Id: I016b28624950ce9404180fc1ca1a232551f75cd0
Reviewed-on: https://chromium-review.googlesource.com/c/1392201
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58500}
Identify validation fails to read the index of prefixed opcodes, and not
continue to decode the next bytes.
Change-Id: I2c737af55615ba69ba0c5f5adf18a06c6cdb951a
Bug: chromium:905815
Reviewed-on: https://chromium-review.googlesource.com/c/1390927
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58485}
This reverts commit 97628eeeb9.
Reason for revert: breaks compilation in Lite mode, which does not allow overriding of certain flags. See https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8926078411629093216/+/steps/build/0/steps/compile/0/stdout.
Original change's description:
> [error] extend error stack w/ function parameters
>
> Extend FrameArray to hold weak references to parameters for functions in
> the call stack. The goal here is to provide more metadata for postmortem
> tools (such as llnode), especially in cases of rethrowing (this will be
> particularly useful when using postmortem with promises on Node.js).
>
> Besides postmortem, these changes allow us to print a more detailed
> stack trace for errors with parameters types (or even values), which can
> be useful since JavaScript functions can receive any number of
> parameters of any type, and having a function behave differently
> according to the number of parameters received as well as their types is
> a common pattern on JS libraries and frameworks.
>
> R=bmeurer@google.com, yangguo@google.com
>
> Change-Id: Idf0984d0dbac16041f11d738d4b1c095a8eecd61
> Reviewed-on: https://chromium-review.googlesource.com/c/1289489
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58468}
TBR=yangguo@chromium.org,bmeurer@google.com,bmeurer@chromium.org,mat@mmarchini.me
Change-Id: Ide0a434c1521ab2bbeca6821397ff63ba7d40fe5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1390128
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58469}
Extend FrameArray to hold weak references to parameters for functions in
the call stack. The goal here is to provide more metadata for postmortem
tools (such as llnode), especially in cases of rethrowing (this will be
particularly useful when using postmortem with promises on Node.js).
Besides postmortem, these changes allow us to print a more detailed
stack trace for errors with parameters types (or even values), which can
be useful since JavaScript functions can receive any number of
parameters of any type, and having a function behave differently
according to the number of parameters received as well as their types is
a common pattern on JS libraries and frameworks.
R=bmeurer@google.com, yangguo@google.com
Change-Id: Idf0984d0dbac16041f11d738d4b1c095a8eecd61
Reviewed-on: https://chromium-review.googlesource.com/c/1289489
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58468}
These test off-heap builtin call sequences and don't make sense in
noembed builds.
Tbr: sigurds@chromium.org
Bug: v8:7777
Change-Id: I2795257e33b6ad87958d08f0845b75a7e88988f2
Reviewed-on: https://chromium-review.googlesource.com/c/1390120
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58461}
%AddNamedProperty was only used by regression tests, and is easily
replaced by Object.defineProperty (or deleted, in the case of a
cctest that was designed to test it directly).
%AddElement was unused (probably due to the death of array.js).
Bug: v8:7624
Change-Id: Icc17fd7a7419aa649275414a351f176f104040e2
Reviewed-on: https://chromium-review.googlesource.com/c/1387990
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58448}
This reverts commit 3411e7c3e8.
Reason for revert: Breaks test expecations - https://ci.chromium.org/p/chromium/builders/luci.chromium.try/linux_chromium_rel_ng/260731
Original change's description:
> [parser] Create arrow function scopes while parsing the head
>
> This simplifies NextArrowFunctionInfo, allows us to Scope::Snapshot::Reparent
> directly rather than moving it, and allows us to skip reparenting in the simple
> parameter arrow function cases.
>
> This CL additionally fixes arrow function name inferring.
>
> Change-Id: Ie3e5ea778f3d7b84b2a10d4f4ff73931cfc9384a
> Reviewed-on: https://chromium-review.googlesource.com/c/1386147
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58405}
TBR=ishell@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I8f31b96f844f0673364bf435fa6c809e40d62fa3
Reviewed-on: https://chromium-review.googlesource.com/c/1388541
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58446}
This changes a few bits about how continuation counters are handled.
It introduces a new mechanism that allows removal of a continuation
range after it has been created. If coverage is enabled, we run a first
post-processing pass on the AST immediately after parsing, which
removes problematic continuation ranges in two situations:
1. nested continuation counters - only the outermost stays alive.
2. trailing continuation counters within a block-like structure are
removed if the containing structure itself has a continuation.
R=bmeurer@chromium.org, jgruber@chromium.org, yangguo@chromium.org
Bug: v8:8381, v8:8539
Change-Id: I6bcaea5060d8c481d7bae099f6db9f993cc30ee3
Reviewed-on: https://chromium-review.googlesource.com/c/1339119
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58443}
Ensure that GetUnusedRegister is always called before
acquiring the scratch register in case it is needed
for spilling the value of the used register.
Bug: v8:6600, chromium:910824
Change-Id: I93ae684ad504584807dfa6227b6af14609c6bcf5
Reviewed-on: https://chromium-review.googlesource.com/c/1387498
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58442}
This CL does two things:
1. It introduces Call/JumpCodeObject as the bottleneck for all calls
to non-heap-constant Code objects; and
2. it dispatches directly to the off-heap entry point for all embedded
code.
Codegen at runtime remains unchanged to preserve the shorter,
branch-less calling sequence.
Bug: v8:7777
Change-Id: I15fdcb51625209904c6a56737f085a23219319b9
Reviewed-on: https://chromium-review.googlesource.com/c/1382461
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58440}
This also adjusts debug printing of descriptor arrays and adds a check
to the code serializer.
Bug: v8:8617
Tbr: mlippautz@chromium.org
Change-Id: Ic04f01abf9f7ed5a310b9e51a22c04fda108f563
Reviewed-on: https://chromium-review.googlesource.com/c/1387501
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58438}
It's nice to have a quick way to get stable results on the local
machine for the classic d8 benchmarks. CSuite revitalizes an
old tool called BSuite which offers multiple averaged runs,
and a nice ascii display of results.
Sample usage:
./csuite.py octane baseline ~/src/v8/out/d8
./csuite.py octane compare ~/src/v8/out-mine/d8
benchmark: score | master | % |
===================================================+==========+========+
Richards: 26201.0 | 26568.0 | -1.4 |
DeltaBlue: 55744.0 | 58309.0 | -4.4 |
Crypto: 31831.0 | 31815.0 | |
RayTrace: 73481.0 | 73185.0 | 0.4 |
............<snip>............................
Octane: 36388.0 | 35741.0 | 1.8 |
---------------------------------------------------+----------+--------+
See README.md for more documentation.
Change-Id: I182490506ca07fab1240bd485bd1d7a8920db893
Reviewed-on: https://chromium-review.googlesource.com/c/1387487
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58434}
This is a reland of 0e22ec737b
Original change's description:
> [regexp] Escape newlines when setting [[OriginalSource]]
>
> This escapes LineTerminator characters in a regexp pattern when
> creating the string that will be stored in the [[OriginalSource]] slot.
>
> As an example, the source property for all following objects will equal
> "\n" (a '\' character followed by 'n'):
>
> /\n/
> new RegExp("\n")
> new RegExp("\\n")
>
> Bug: v8:1982, chromium:855009
> Change-Id: I3b539497a0697e3d51ec969cae49308b0b312a19
> Reviewed-on: https://chromium-review.googlesource.com/c/1384316
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58387}
Bug: v8:1982, chromium:855009
Change-Id: I1ba22395477ec37e8e8c944000f9beade1e3250b
Reviewed-on: https://chromium-review.googlesource.com/c/1386495
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58419}
The DCHECK was overly restrictive when checking that a weak handle is
not a finalizer when hitting it through a regular scavenge processing
path.
Only happened with finalizers to unmodified API wrappers or regular
objects that were also marked as independent.
Bug: v8:8586
Change-Id: I2c2a5b21f6e8a5ddc6671f762b508ba083c04335
Reviewed-on: https://chromium-review.googlesource.com/c/1387485
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58414}
Merging the temporary HeapObjectPtr back into HeapObject.
Bug: v8:3770
Change-Id: I5bcd23ca2f5ba862cf5b52955dca143e531c637b
Reviewed-on: https://chromium-review.googlesource.com/c/1386492
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58410}
This simplifies NextArrowFunctionInfo, allows us to Scope::Snapshot::Reparent
directly rather than moving it, and allows us to skip reparenting in the simple
parameter arrow function cases.
This CL additionally fixes arrow function name inferring.
Change-Id: Ie3e5ea778f3d7b84b2a10d4f4ff73931cfc9384a
Reviewed-on: https://chromium-review.googlesource.com/c/1386147
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58405}
This reverts commit 0e22ec737b.
Reason for revert: Breaks layout tests:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/28814
Original change's description:
> [regexp] Escape newlines when setting [[OriginalSource]]
>
> This escapes LineTerminator characters in a regexp pattern when
> creating the string that will be stored in the [[OriginalSource]] slot.
>
> As an example, the source property for all following objects will equal
> "\n" (a '\' character followed by 'n'):
>
> /\n/
> new RegExp("\n")
> new RegExp("\\n")
>
> Bug: v8:1982, chromium:855009
> Change-Id: I3b539497a0697e3d51ec969cae49308b0b312a19
> Reviewed-on: https://chromium-review.googlesource.com/c/1384316
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58387}
TBR=yangguo@chromium.org,jgruber@chromium.org,mathias@chromium.org
Change-Id: I1db7e6a0c6cd1cd995fe9f499458108e88dc8cb9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:1982, chromium:855009
Reviewed-on: https://chromium-review.googlesource.com/c/1386493
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58396}
The source register of {movsx_b} must be a byte register.
Drive-by: Add missing sign extension opcodes to wasm-constants.js.
R=herhut@chromium.org
Bug: chromium:916869
Change-Id: I571c1ea2a0e197afefc810f306eed238250cd5e0
Reviewed-on: https://chromium-review.googlesource.com/c/1386110
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58394}
V8 is almost completely JS-free. There's no need to ship the minifier
any more.
Bug: v8:7624,v8:5505,v8:4240,v8:4235,v8:4188,v8:1557
Change-Id: Iee15bf68c66bac27a67fe70e10b1edd4dcef89d1
Reviewed-on: https://chromium-review.googlesource.com/c/1386146
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58392}
Disable mjsunit/spread-large-array and mjsunit/spread-large-string in
lite mode.
Bug: v8:8394
Change-Id: I630efc1e2b397189b0ea1e602fbfa472851abe1f
Reviewed-on: https://chromium-review.googlesource.com/c/1386484
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58391}
This escapes LineTerminator characters in a regexp pattern when
creating the string that will be stored in the [[OriginalSource]] slot.
As an example, the source property for all following objects will equal
"\n" (a '\' character followed by 'n'):
/\n/
new RegExp("\n")
new RegExp("\\n")
Bug: v8:1982, chromium:855009
Change-Id: I3b539497a0697e3d51ec969cae49308b0b312a19
Reviewed-on: https://chromium-review.googlesource.com/c/1384316
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58387}
Remove flags and all string in JSLocale
This does not change the logic of Intl.Locale constructor
but only the way we store the information.
Preparation for logic rewrite that sync with latest spec.
Bug: v8:7684
Change-Id: Ib61705eaf00e5bcf63443c55c29f0b0b61f8e4c9
Reviewed-on: https://chromium-review.googlesource.com/c/1377996
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58386}
It's been enabled for several releases now.
R=gsathya@chromium.org
Change-Id: Ib1806a1373821ee542dae2fd80f639b56bd99ed9
Reviewed-on: https://chromium-review.googlesource.com/c/1384796
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58381}
Since we have FindEntry, this is redudant.
This patch also
* Makes the tests for FindEntry stricter by testing the value
* Makes the OrderedNameDictionary::Add and
SmallOrderedNameDictionary::Add consistent by using GetHash and
using a DCHECK for the FindEntry call
Bug: v8:6443, v8:7569
Change-Id: I4859cd6735ec385c19acad6ce5cecaeac45173dd
Reviewed-on: https://chromium-review.googlesource.com/c/1382828
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58380}
Recent versions of the Windows Universal CRT changed the behavior of
fmod for when the first parameter is negative. In particular, a result
of negative zero became positive zero. This is rarely critical but it
causes test failures and may effect some JS test suites or web pages.
The fix is to modify Modulo to check for a result of 0 when the first
parameter is negative and change the result to -0. That fixes four of
the five test failures and the fifth one is fixed by comparing the
results against Modulo instead of std::fmod.
Bug: chromium:915045
Change-Id: Ia4490ec98361a37006d6c338acd33f959fa3ccea
Reviewed-on: https://chromium-review.googlesource.com/c/1383091
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58377}
Now we just check for each variable declared in the parameter scope whether it
occurs as a lexical variable in the body scope. This way the preparser will
also identify them.
Bug: v8:2728, v8:5064
Change-Id: I9fd96590fa431de0656c85295fd31af9b36f2e32
Reviewed-on: https://chromium-review.googlesource.com/c/1384225
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58375}
Now a descriptor array tracks the number of descriptors that were
already marked. The marking visitor of a map only marks the subset
of the descriptors that it needs and that are not already marked.
If a descriptor array is shared between M maps and has N descriptos,
then the number of marking operations is reduced from O(M*N) to O(N).
This patch also adds a marking barrier for descriptors.
The marked descriptor counter in a descriptor array is not cleared
after mark-compact GC. Instead, it embeds two bits from the global
mark-compact epoch counter and is considered 0 if the bits do not match
the current value of the global epoch counter.
Bug: v8:8486
Change-Id: I2a7822a6833f3143e1d351e5e4819c2ef2c07fb0
Reviewed-on: https://chromium-review.googlesource.com/c/1382746
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58372}
OrderedNameDictionarHandler is the external API to interface with the
OrderedNameDictionary variants. This abstracts away the need for the
user to know that there are two different backing stores.
Bug: v8:6443, v8:7569
Change-Id: Ief4f0904823988e629a01060b018b4cb0291542d
Reviewed-on: https://chromium-review.googlesource.com/c/1381758
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58369}
Don't allocate feedback vectors and feedback metadata in lite mode.
Also updates to skip tests that require feedback vectors.
This is a reland of
https://chromium-review.googlesource.com/c/v8/v8/+/1384087 after skipping
the failing tests.
Bug: v8:8394
Change-Id: I7766533b85a144e62996ceed8d542cdc534feeb5
Reviewed-on: https://chromium-review.googlesource.com/c/1384307
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58363}
This addresses most of the regression in of
Kraken's json-stringify-tinderbox-orig with
31bit Smis: Many object properties become heap
numbers, and printing an integer which is
represented as a double is slower than printing
the integer directly.
Change-Id: I9a14c4da61721b6c3f22e88145acc6a61ed4a419
Bug: v8:8344
Reviewed-on: https://chromium-review.googlesource.com/c/1382741
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58358}
We don't eagerly throw for assignments to calls; see v8:4480. They are simply
turned into assignments to Property instead. We need to record a declaration
error, however. Otherwise we'll end up with a Property in a declaration
context.
To reduce the scope of the lazy throwing, in this fix I record a pattern error
instead, making calls as assignment target in a destructuring assignment
context throw eagerly.
Bug: chromium:916288
Change-Id: If94a46b5d2b65c3549c641e0e19135c6c8af7a9a
Reviewed-on: https://chromium-review.googlesource.com/c/1384084
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58357}
This reverts commit 62e86b88e5.
Reason for revert: Fails on arm sim lite debug: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite%20-%20debug/1075
Original change's description:
> Do not allocate feedback vectors and feedback metadata in lite mode
>
> Don't allocate feedback vectors and feedback metadata in lite mode.
> Also updates to skip tests that require feedback vectors.
>
> Bug: v8:8394
> Change-Id: I22c64a32c44bb8f25fb09003d6e9fc5a04e84f8a
> Reviewed-on: https://chromium-review.googlesource.com/c/1378173
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58351}
TBR=rmcilroy@chromium.org,yangguo@chromium.org,mlippautz@chromium.org,mythria@chromium.org
Change-Id: I88fd37ea4e21aa2cc81eceb87ddb35c23224beae
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8394
Reviewed-on: https://chromium-review.googlesource.com/c/1384087
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58355}
- Directly declares the special catch variable from the parser-base.
- Tracks Scope on PreParserBlock and finds conflicting lexical declarations by
simply walking the VariableMap of the block inserted for the pattern; or the
catch variable in case of identifier.
- This also enables throwing errors for duplicate let in the preparser. We may
have to back that out if it breaks something.
Bug: v8:2728, v8:7828
Change-Id: Id2eea62062533eb99cd6670c42a4b1da87139008
Reviewed-on: https://chromium-review.googlesource.com/c/1382095
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58353}
Don't allocate feedback vectors and feedback metadata in lite mode.
Also updates to skip tests that require feedback vectors.
Bug: v8:8394
Change-Id: I22c64a32c44bb8f25fb09003d6e9fc5a04e84f8a
Reviewed-on: https://chromium-review.googlesource.com/c/1378173
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58351}
Now just accumulate right before we might validate a property and once we're
done, so we're guaranteed to catch all PatternErrors.
Bug: v8:8607
Change-Id: Ibc5bc7773756f4827868ca01d0f9fb0c5545e59b
Reviewed-on: https://chromium-review.googlesource.com/c/1382749
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58343}
Otherwise the error would have been dropped between the previous
accumulate and the subsequent ValidateExpression.
Bug: v8:8607
Change-Id: I29f5d5b6887b57f4b70369ba370fe0b44b1d6798
Reviewed-on: https://chromium-review.googlesource.com/c/1382744
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58339}
When we call ObjectToString on JSValues we only looked at string tags
on the prototype map of the JSValue's value type and do not check the
tags on the JSValue's prototype chain which may be non-trivial if
subclassing is involved. For ex: if we have a class Test extend Number,
we only looked for tags on the Number prototype and not on the Test
prototype. This cl fixes the builtin to also check for these cases.
Bug: v8:7706
Change-Id: I9f0e3bb6499646bf27b92bf4fb4e9014f6efa56b
Reviewed-on: https://chromium-review.googlesource.com/c/1378176
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58338}
This is a reland of fac6f63eb8, after
adding initialization of unused element slots.
Original change's description:
> Use CopyElements (which uses memcpy) to copy FixedDoubleArray.
>
> This improves the performance of ExtractFixedArray and
> CloneFastJSArray for double arrays, which in turn improve the
> performance of cloning double arrays with slice() or spreading.
>
> This, however, does not improve performance of spreading holey
> double arrays, because spreading needs extra work to convert
> holes to undefined.
>
> Bug: v8:7980
> Change-Id: Ib8aed74abbb0b06982a3b754e134fa415cb7de2d
> Reviewed-on: https://chromium-review.googlesource.com/c/1280308
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Hai Dang <dhai@google.com>
> Cr-Commit-Position: refs/heads/master@{#56680}
Bug: v8:7980
Change-Id: I899af60c061b9cd6eb619c247c5fc515b92e9fd7
Reviewed-on: https://chromium-review.googlesource.com/c/1382735
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58333}
This changes how rewind upon preparser abort works. It now rewinds to the start
of the parameter scope. In the case of "function X(" it is before the "(". In
the case of arrow functions it's before the start of the arrow function. This
allows us to reparse the arrow function from the start so all parameters are
declared properly.
Bug: v8:2728, v8:7390
Change-Id: I1c40056a49ec198560e63cd73949a59221ee0401
Reviewed-on: https://chromium-review.googlesource.com/c/1382736
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58332}
The SFI's flags can be changed by the mutator while the concurrent marker is checking
the flags for bytecode flushing. None of the flag bits checked for bytecode flushing
are changed, however since they are in an int32 field TSAN will complain if any of the
other flags are changed while reading from another flag. Fix this by making the flags
use the RELAXED_INT32_ACCESSORS.
BUG=v8:8592,v8:8395
Change-Id: I5fbb4fd381c2b288abf0cd36eb0b8256e1929af6
Reviewed-on: https://chromium-review.googlesource.com/c/1382458
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58325}
This CL implements the global.get and global.set instruction for anyref
globals. This includes:
* Properly decode anyref globals.
* Add a FixedArray to WasmInstanceObject to store anyref globals.
* Initialize the FixedArray.
* Generate code for global.get and global set.
This CL does not allow to import globals yet.
R=clemensh@chromium.org
Bug: v8:7581
Change-Id: I62617409271d9b6f2253a191681189865aa1f459
Reviewed-on: https://chromium-review.googlesource.com/c/1380112
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58318}
The parser object can now be created on a worker thread, therefore we shouldn't access
global FLAGs during the constructor. Instead move them to the ParseInfo constructor
and set the parser fields based on these. Also avoid accessing always_opt flags in
bytecode-flags - instead accessing it in ParseInfo and propagating to the bytecode
generator.
Also gets rid of unused kUntrustedCodeMitigations flag in UnoptimizedCompilationInfo
BUG=v8:8582
Change-Id: I6e6fdc8cc7865803cb5f334f652abc0e3e4cb3ce
Reviewed-on: https://chromium-review.googlesource.com/c/1375918
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58316}
Since we always flatten the string upfront, we don't need to
implement the the UTF8 conversion as a string visitor anymore.
R=petermarshall@chromium.org
Bug: v8:6780, v8:8605
Change-Id: I27946551d7c3742f47ac36d5c909c19a7f2b0371
Reviewed-on: https://chromium-review.googlesource.com/c/1371828
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58312}
Since it's explicit what we're tracking, we can immediately throw errors in
certain cases, and ignore irrelevant errors. We don't need to use the
classifier itself to track "let let", since we know whether we're parsing a
"let". Errors that were previously (almost) always accumulated are now
immediately pushed to the scopes that care (parameter initialization errors).
This CL drops avoiding allocation of classified errors, at least for now, but
that doesn't affect performance anymore since we don't aggressively blacklist
anymore. Classified errors are even less likely with the more precise approach.
ParseAssignmentExpression doesn't introduce its own scope immediately, but
reuses the outer scope.
Rather than using full ExpressionClassifiers + Accumulate to separate
expressions/patterns from each other while keeping track of the overall error
state, this now uses an explicit AccumulationScope.
When we parse (async) arrow functions we introduce new scopes
that track that they may be (async) arrow functions.
We track StrictModeFormal parameters in 2 different ways if it isn't
immediately certain that it is a strict-mode formal error: Either directly on
the (Pre)ParserFormalParameters, or on the NextArrowFunctionInfo in the case
we're not yet certain that we'll have an arrow function. In the latter case we
don't have a FormalParameter object yet, and we'll copy it over once we know
we're parsing an arrow function. The latter works because it's not allowed to
change strictness of a function with non-simple parameters.
Design doc:
https://docs.google.com/document/d/1FAvEp9EUK-G8kHfDIEo_385Hs2SUBCYbJ5H-NnLvq8M/
Change-Id: If4ecd717c9780095c7ddc859c8945b3d7d268a9d
Reviewed-on: https://chromium-review.googlesource.com/c/1367809
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58307}
Change the initial value of breakType to undefined
Store break type into bits
Change the algorithm
Bug: v8:6891
Change-Id: Id2cc1e90c28d92364318928fc8a377f172ebb339
Reviewed-on: https://chromium-review.googlesource.com/c/1374996
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58298}
C++ introduces the {alignas} keyword, which can be used with types or
integral constant expressions. Use this instead of the V8_ALIGNAS (for
types) or V8_ALIGNED (for integral constants) macros.
R=ulan@chromium.org
Bug: v8:8562
Change-Id: I54999b56a5715237f88c63d8543ef728a5b2eff5
Reviewed-on: https://chromium-review.googlesource.com/c/1379935
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58290}
Parser::MaybeResetCharacterStream calls Scope::ContainsAsmModule which
recursively checks whether a Scope is an asm module or any of its
sub-scopes. This is sub-optimal for deeply nested scopes and many
functions which do not contain any asm modules.
Drive-by-fix:
- rename Scope::asm_module to Scope::is_asm_module
Change-Id: I922270c608b54c6525f0672ead4aca90f57a6551
Reviewed-on: https://chromium-review.googlesource.com/c/1360636
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58288}
