The eats_at_least (EAL) value is applied in forward-directions only.
Two reasons for that which are relevant to this CL:
- EAL's of neighboring nodes are combined additively, irrespective of
their read_backward value.
- EatsAtLeastPropagator::VisitText uses the successor's
eats_at_least_from_not_start value, which doesn't work properly for
read_backwards successors (which may end at the start).
A symptom of this bug was that we applied an incorrect EAL of 255
starting at the initial 'x' of /x(?<=^x{4})/); for subject strings
shorter than 255 chars, this would result in an incorrect failure
result.
Bug: v8:11616
Change-Id: I4b2b1b78f0cea8f59e4beb1037ee46035d83c927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807596
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73848}
This CL fixes the behaviour of the d8.test.fast_c_api constructor when
the global object has been modified by not allowing calls to it without
the `new` keyword.
Bug: chromium:1196597
Change-Id: I49b4a412d501f5c9adaa72b63beec1483ab4c449
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808943
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73831}
This CL skips the fast-api-calls mjsunit test, as it relies
on particular optimization/deoptimization patterns.
Bug: v8:11620
Change-Id: I4c2fd3b1db8aff73935dd6525fd0ad3edc307dd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808935
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73819}
Explicitly check for JSFunction or JSBoundFunction and throw if any other
JS type is passed to d8.test.verifySourcePositions.
Bug: chromium:1195717
Change-Id: Id65875526d5d6b3f720850d41d0a8192ec407035
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807607
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73811}
This is a reland of 9eba2d85f4.
The reland fixes a global state variable which was incompatible
with the --isolate flag in d8, which runs the same script in a
different isolate.
Original change's description:
> [fastcall] Add fast API testing facilities to d8
>
> This CL provides the minimum necessary functionality to expose fast API
> for testing in mjsunit, exposing the fast path for fuzzing. It exposes
> a d8.test.fast_c_api with an `add_all` method, which exercises primitive
> types. On x64, all integer and floating point types are supported. On
> other platforms currently only 32-bit integers are included in the test.
>
> Design doc:
> https://docs.google.com/document/d/1KUKPfXkSRZTA2gMwaWbpQKlYfw0C-T6AE3XzC4viHbo/
>
> Bug: chromium:1052746
> Change-Id: Icc824199a26dd2abd2b869f5483a39d38e4dce3e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749154
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73670}
Bug: chromium:1052746
Change-Id: I33b265b97bf7c797eee7d4cce5066999358a8c66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2790174
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73801}
We are overwriting rhs when dst == rhs && dst != lhs. This is not a
problem on TurboFan because we specify unique registers and dst == lhs
in the instruction-selector.
The fix is to use the helper EmitSimdCommutativeBinOp, which will check
for dst == rhs (pmuludq is commutative).
Bug: v8:11612
Change-Id: I38c3a2b7f3c7bcf2d7e8faec1a67f0814d44ed20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2798527
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73780}
This fixes a bug introduced in crrev.com/c/2660995.
String.prototype.indexOf must clamp the `position` argument as per
step:
7. Let start be the result of clamping pos between 0 and len.
Source: tc39.es/ecma262/#sec-string.prototype.indexof
Previously, this was done in the StringIndexOf builtin, but the recent
refactor changed builtin implementations to match the spec more
closely (i.e. to clamp in String.prototype.indexOf, not
StringIndexOf). This means we now have to clamp in
JSCallReducer::ReduceStringPrototypeIndexOf.
Tbr: neis@chromium.org
Bug: chromium:1194869
Change-Id: I5af8d41b50f4905453f03079e3ee6d46186536db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2799359
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73772}
.. and enable it on fyi bots. Skip one test in this variant due to
incompatible flags.
Bug: v8:7790
Change-Id: I5b8fdd8572435c6f4474c505464ff1a22c830757
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2797287
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73770}
Bug: v8:11604
Change-Id: Ic4aa3ae64aa9c9a60aceade9072a5ead1c894b7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2799356
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73767}
This is a reland of e70cbb83da
Moved the ConsString comparison logic out-of-line, both to make gcc
happy, and to reduce the size of the fast-path in IsEqualToImpl.
Original change's description:
> [string] Fix non-SeqStrings in IsEqualTo
>
> Bug: chromium:1193903
> Change-Id: I80704dd3cba5754779432356b20bd3ea99630291
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794426
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73746}
Bug: chromium:1193903
Change-Id: Iae6f078853438427e86d3ac68bcfed0712a85bf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2797288
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73763}
This CL is part of a series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.
This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.
This particular CL modifies existing mjsunit tests whose assumptions
don't hold if v8_dict_property_const_tracking is enabled. This is
done by adding special handling for the case that
%IsDictPropertyConstTrackingEnabled() holds.
Bug: v8:11248
Change-Id: Ia36be73e4659a988b2471f0c8151b0442f3a98f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2780292
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73745}
This reverts commit c83c9590ba.
Reason for revert: Speculatively reverting for a failure on Arm GC stress bot - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Arm%20GC%20Stress/b8851256837192083520/overview
Original change's description:
> [ic] Add a new MegaDOM IC
>
> This patch implements the MegaDOM IC setup and access. A new MegaDOM
> IC state indicates that we've seen only DOM accessors at this access
> site.
>
> This CL only adds support for DOM getters in LoadIC, other kinds of
> access will be added in follow on CLs.
>
> Still remaining TODO before shipping:
> 1. Have a mechanism to invalidate the protector
> 2. Have a mechanism to find the accessors that aren't overloaded
> 3. Use a new builtin to miss to runtime on access check failure
>
> Change-Id: Ie12efe5e9fa284f023043b996d61e7d74e710ee2
> Bug: v8:11321
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2618239
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73733}
Bug: v8:11321
Change-Id: Ib6a55796f2a3c345d4923f9eaa215a6ff55ed15b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794437
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73734}
This patch implements the MegaDOM IC setup and access. A new MegaDOM
IC state indicates that we've seen only DOM accessors at this access
site.
This CL only adds support for DOM getters in LoadIC, other kinds of
access will be added in follow on CLs.
Still remaining TODO before shipping:
1. Have a mechanism to invalidate the protector
2. Have a mechanism to find the accessors that aren't overloaded
3. Use a new builtin to miss to runtime on access check failure
Change-Id: Ie12efe5e9fa284f023043b996d61e7d74e710ee2
Bug: v8:11321
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2618239
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73733}
Bug: v8:9337
Change-Id: Ic9b1072007ed19435b8ea669bee7c07c7eef8e2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2795274
Auto-Submit: Adam Klein <adamk@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73731}
Changes:
- Wrap eqref and i31ref objects in the temporary wasm object wrapper
(in addition to dataref and anyref). Accept those types in
IsJSCompatibleSignature().
- Handle null correctly in all cases (i.e., do not wrap/unwrap it).
- Improve some error messages.
- Handle kRttWithDepth in one case where it was omitted.
- Some small structure improvements.
- Add an extensive test.
Bug: v8:7748, v8:11606
Change-Id: Ie519f2c87421664dd02cf29fe94f9a9d7510bae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794422
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73725}
The disabled regress-9017 test allocates too much memory and started
flakily failing on TSAN. CL that triggered the flake:
https://chromium-review.googlesource.com/c/v8/v8/+/2731528
Bug: v8:9337
Change-Id: Ia039e42a88c3665a9b9b4adc4a4b7c923afd5ba5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2791564
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73718}
Don't switch to the catch state if it is never reached.
Also steal the catch state instead of splitting it since it cannot be
used after a delegate instruction.
R=ahaas@chromium.org
Bug: chromium:1192313
Change-Id: I3967ac81e066d2146c8aa37b26a35a99ba88bdf6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2787488
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73703}
This reverts commit 9eba2d85f4.
Reason for revert: TSAN failures https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/14265/overview
Original change's description:
> [fastcall] Add fast API testing facilities to d8
>
> This CL provides the minimum necessary functionality to expose fast API
> for testing in mjsunit, exposing the fast path for fuzzing. It exposes
> a d8.test.fast_c_api with an `add_all` method, which exercises primitive
> types. On x64, all integer and floating point types are supported. On
> other platforms currently only 32-bit integers are included in the test.
>
> Design doc:
> https://docs.google.com/document/d/1KUKPfXkSRZTA2gMwaWbpQKlYfw0C-T6AE3XzC4viHbo/
>
> Bug: chromium:1052746
> Change-Id: Icc824199a26dd2abd2b869f5483a39d38e4dce3e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749154
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73670}
Bug: chromium:1052746
Change-Id: Iaf5083540ddfe882a747eaa9d1d2a2a8b4ba0ec0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2787081
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73673}
This CL provides the minimum necessary functionality to expose fast API
for testing in mjsunit, exposing the fast path for fuzzing. It exposes
a d8.test.fast_c_api with an `add_all` method, which exercises primitive
types. On x64, all integer and floating point types are supported. On
other platforms currently only 32-bit integers are included in the test.
Design doc:
https://docs.google.com/document/d/1KUKPfXkSRZTA2gMwaWbpQKlYfw0C-T6AE3XzC4viHbo/
Bug: chromium:1052746
Change-Id: Icc824199a26dd2abd2b869f5483a39d38e4dce3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749154
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73670}
This is a reland of e3ccb53877
No changes for the reland.
This CL was speculatively reverted, but was not the cause of the problem.
TBR=jgruber@chromium.org
Original change's description:
> Reland "[sparkplug][deoptimizer] Deoptimize to baseline."
>
> This is a reland of bdcd7d79d3
>
> Handle lazy deopts when the current bytecode is JumpLoop.
> Instead of advancing to the next bytecode, re-execute the JumpLoop.
>
> TBR=jgruber@chromium.org, neis@chromium.org
>
> Original change's description:
> > [sparkplug][deoptimizer] Deoptimize to baseline.
> >
> > If we have baseline code, deoptimize to baseline instead of the
> > interpreter. The process is similar to deopting to the interpreter.
> > We just use different builtins
> > (BaselineEnterAtBytecode/BaselineEnterAtNextBytecode) instead of
> > InterpreterEnterBytecodeDispatch/InterpreterEnterBytecodeAdvance, that
> > patch an interpreter frame to a baseline frame and continue execution in
> > baseline code (based on the deopt type, at the current or next
> > bytecode).
> >
> > Bug: v8:11420
> > Change-Id: Iabaefb36c05155a435c7b380906a86d9b9d549fa
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695591
> > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#73609}
>
> Bug: v8:11420
> Change-Id: Ib8cac028121188ddc23ff29377760ed684eb7392
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783035
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73636}
Bug: v8:11420
Change-Id: I7fbbb73a4fdaeab8b294862ee6ae952928c57994
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2784695
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73656}
This reverts commit e3ccb53877.
Reason for revert: Speculative revert for ARM 64 CFI fails - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20CFI/5174?
Original change's description:
> Reland "[sparkplug][deoptimizer] Deoptimize to baseline."
>
> This is a reland of bdcd7d79d3
>
> Handle lazy deopts when the current bytecode is JumpLoop.
> Instead of advancing to the next bytecode, re-execute the JumpLoop.
>
> TBR=jgruber@chromium.org, neis@chromium.org
>
> Original change's description:
> > [sparkplug][deoptimizer] Deoptimize to baseline.
> >
> > If we have baseline code, deoptimize to baseline instead of the
> > interpreter. The process is similar to deopting to the interpreter.
> > We just use different builtins
> > (BaselineEnterAtBytecode/BaselineEnterAtNextBytecode) instead of
> > InterpreterEnterBytecodeDispatch/InterpreterEnterBytecodeAdvance, that
> > patch an interpreter frame to a baseline frame and continue execution in
> > baseline code (based on the deopt type, at the current or next
> > bytecode).
> >
> > Bug: v8:11420
> > Change-Id: Iabaefb36c05155a435c7b380906a86d9b9d549fa
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695591
> > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#73609}
>
> Bug: v8:11420
> Change-Id: Ib8cac028121188ddc23ff29377760ed684eb7392
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783035
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73636}
Bug: v8:11420
Change-Id: Icd797b4979a114a2a627e12c8bb7d2215df03182
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2785074
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73643}
This is a reland of bdcd7d79d3
Handle lazy deopts when the current bytecode is JumpLoop.
Instead of advancing to the next bytecode, re-execute the JumpLoop.
TBR=jgruber@chromium.org, neis@chromium.org
Original change's description:
> [sparkplug][deoptimizer] Deoptimize to baseline.
>
> If we have baseline code, deoptimize to baseline instead of the
> interpreter. The process is similar to deopting to the interpreter.
> We just use different builtins
> (BaselineEnterAtBytecode/BaselineEnterAtNextBytecode) instead of
> InterpreterEnterBytecodeDispatch/InterpreterEnterBytecodeAdvance, that
> patch an interpreter frame to a baseline frame and continue execution in
> baseline code (based on the deopt type, at the current or next
> bytecode).
>
> Bug: v8:11420
> Change-Id: Iabaefb36c05155a435c7b380906a86d9b9d549fa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695591
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73609}
Bug: v8:11420
Change-Id: Ib8cac028121188ddc23ff29377760ed684eb7392
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783035
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73636}
It needs to return the ToObject-converted receiver, not the original
receiver.
Bug: v8:11362
Change-Id: I6404122c91402ea58851238d074951f1b7f2a039
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783036
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73626}
This is a reland of
https://chromium-review.googlesource.com/c/v8/v8/+/2720300.
As compared to the original version, it adds
--no-stress-flush-bytecode to the const-dict-tracking.js test
Original description:
This CL is part of a series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.
This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.
This particular CL implements support for the case that the property
in question is an accesor, meaning that the given PropertyAccessInfo
has kind kAccessorDictionaryProtoConstant.
Bug: v8:11248
Change-Id: I896e5dc59821f88abdb7a743e21ca3a700af9db2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2782280
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Frank Emrich <emrich@google.com>
Cr-Commit-Position: refs/heads/master@{#73617}
This reverts commit b1883dc3e1.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20GC%20Stress/17269/overview
Original change's description:
> [dict-proto] TF support for constants in dictionary mode protos, pt. 3
>
> This CL is part of a series that implements Turbofan support for
> property accesses satisfying the following conditions:
> 1. The holder is a dictionary mode object.
> 2. The holder is a prototype.
> 3. The access is a load.
>
> This feature will only be enabled if the build flag
> v8_dict_property_const_tracking is set.
>
> This particular CL implements support for the case that the property
> in question is an accesor, meaning that the given PropertyAccessInfo
> has kind kAccessorDictionaryProtoConstant.
>
> Bug: v8:11248
> Change-Id: Id082107edd45fa91a3f1d96aa9df345a60f46917
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720300
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Frank Emrich <emrich@google.com>
> Cr-Commit-Position: refs/heads/master@{#73607}
Bug: v8:11248
Change-Id: Id753354a5ccddd1a05ecf9aec3267f152ef713c5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2780299
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73612}
This CL is part of a series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.
This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.
This particular CL implements support for the case that the property
in question is an accesor, meaning that the given PropertyAccessInfo
has kind kAccessorDictionaryProtoConstant.
Bug: v8:11248
Change-Id: Id082107edd45fa91a3f1d96aa9df345a60f46917
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720300
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Frank Emrich <emrich@google.com>
Cr-Commit-Position: refs/heads/master@{#73607}
This CL is part of a series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.
This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.
This particular CL implements support for the case that the property
in question is a data property, meaning that the given
PropertyAccessInfo has kind kDataDictionaryProtoConstant.
Support for accessor properties is added in a separated CL.
Bug: v8:11248
Change-Id: I8794127d08c3d3aed6ec2a3eb19c4c82bdf2d1df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718229
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73603}
Calculate the maximum call size in the bytecode pre-visit, and pass that
(along with the bytecode's frame size) to the prologue to be included in
the stack check. This avoids doing a stack check before each call, and
mirrors a similar optimisation in TurboFan.
Also, use StackGuardWithGap instead of StackGuard, to make sure that
stack overflows in the prologue actually trigger stack overflows in the
runtime.
Bug: v8:11420
Fixed: chromium:1189890
Change-Id: I795c197c20f85611318ab09c7bca78ce40b64924
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778278
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73600}
This is a more canonical type name, and is in line with {kVoidCode}.
Change-Id: Iaae9524b6fb6ecaafd63ce81cf30e3d01ca3e525
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2775565
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73557}
This CL implements
https://github.com/tc39/proposal-top-level-await/pull/159, which reached
consensus at the March 2021 TC39.
The high-level intent is for parent modules that depend on async modules
to remember the DFS post-order such that when their async dependency
finishes, they execute in that original post-order. This aligns the
ordering between completely sync module graphs and async module graphs.
Bug: v8:11557
Change-Id: I5bd8f38f040115c255ca1ce8253b9686fdb4af03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2757901
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73551}
If memory64 is enabled, memory.grow should consume and return an i64
instead of i32.
This CL implements this for both TurboFan and Liftoff, and adds
validation and execution tests at different layers.
R=manoskouk@chromium.org
Bug: v8:10949
Change-Id: I0b725dbd0d5767bda4609747c1f4aad163c35304
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773800
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73542}
The condition can change between VisitBranch and VisitIf, so VisitIf
can't assume that the condition is not yet in the ControlPathConditions
list. Thanks Manos!
Change-Id: Ic74253b6faf2663cfa5212765d81392cb89d73b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773312
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73539}
This is a reland of a3b1233e16
Changes compared to original commit:
- Use a more canonical way to replace TrapIf/Unless nodes that always
trap. This fixes the issue where their outputs were marked dead even
if they were Merge/Loop nodes.
- Use Throw() over Return() to connect a dangling trap to End().
- Add regression test.
Original change's description:
> [turbofan] Optimize TrapIf/Unless in BranchElim. and CommonOp-Reducer
>
> Bug: v8:11510
> Change-Id: I1e8fcb54444e494c7d765ad556d09d954441361f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752876
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73468}
Bug: v8:11510, chromium:1189454
Change-Id: I1d691a3ea299ed668cff925910ed231aad37cac6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772601
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73537}
The `Script::source_url` field holds the value of the magic
`//# sourceURL` comment if found, and the `Script::name` field is
supposed to hold the actual name of the resource (as provided by
the embedder ideally), in case of Chromium that's supposed to be
the URL (in case of Node.js it's often the local path).
Using `source_url` worked by chance so far, but for loading DWARF
symbol files correctly we need the initiator (which we pick from
the embedderName of the Script as reported to DevTools). More
importantly, the partial handling of `//# sourceURL` in V8 is a
layering violation and causes trouble in DevTools, i.e. when users
put relative paths here. So as part of refactoring and correctifying
the handling of `//# sourceURL`, we need to make sure that the embedder
provided name (the URL in case of Chromium) is always stored in the
`Script::name` field.
Bug: chromium:1183990, chromium:974543, chromium:1174507
Change-Id: I32e11def2b9b52be11bd2e0e64a2ab6bdcf5e52d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773584
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73536}
Calls with a spread expression in a non-final position get transformed
to calls to Reflect.apply. This transformation is currently done in
the parser, which does not compose well with other features (e.g.
direct eval checking, optional chaining).
Do this transform in the BytecodeGenerator instead.
Bug: v8:11573, v8:11558, v8:5690
Change-Id: I56c90a2036fe5b43e0897c57766f666bf72bc3a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2765783
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73534}
This is a reland of 1a69d8d874
The fix is to skip this regression test on systems that do not
support SIMD.
Original change's description:
> [wasm-simd] Fix i32x4.extadd_pairwise_i16x8_u codegen
>
> It did not handle the case where dst == src. We switch the registers
> used around to write to scratch first and ensure we don't overwrite dst.
>
> Bug: chromium:1187831
> Change-Id: Idf447aa1a3eff3920f2dfa3e0ec11efae37778cd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2762425
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73521}
Bug: chromium:1187831
Change-Id: I1bb6f4ce69f98064d3da5113e3b4c5a4f75a08c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2774133
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73526}
This reverts commit 1a69d8d874.
Reason for revert: Fails on nosse: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/41365/overview
Original change's description:
> [wasm-simd] Fix i32x4.extadd_pairwise_i16x8_u codegen
>
> It did not handle the case where dst == src. We switch the registers
> used around to write to scratch first and ensure we don't overwrite dst.
>
> Bug: chromium:1187831
> Change-Id: Idf447aa1a3eff3920f2dfa3e0ec11efae37778cd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2762425
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73521}
Bug: chromium:1187831
Change-Id: I40d360b16338ef52e7e4327d4166c194ee950827
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773802
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73522}
It did not handle the case where dst == src. We switch the registers
used around to write to scratch first and ensure we don't overwrite dst.
Bug: chromium:1187831
Change-Id: Idf447aa1a3eff3920f2dfa3e0ec11efae37778cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2762425
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73521}