This reverts commit ff22ae80e2.
Reason for revert: new test fails on UBSAN
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/10831
Original change's description:
> [turbofan][csa] optimize Smi untagging better
>
> - Introduce new operator variants for signed right-shifts with the
> additional information that they always shift out zeros.
> - Use these new operators for Smi untagging.
> - Merge left-shifts with a preceding Smi-untagging shift.
> - Optimize comparisons of Smi-untagging shifts to operate on the
> unshifted word.
> - Optimize 64bit comparisons of values expanded from 32bit to use
> a 32bit comparison instead.
> - Change CodeStubAssembler::UntagSmi to first sign-extend and then
> right-shift to enable better address computations for Smi indices.
>
> Bug: v8:9962
> Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67378}
TBR=neis@chromium.org,tebbi@chromium.org
Change-Id: I2617d7a44e5ae33fd79322d37c8b722c00162d22
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9962
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165873
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67380}
- Introduce new operator variants for signed right-shifts with the
additional information that they always shift out zeros.
- Use these new operators for Smi untagging.
- Merge left-shifts with a preceding Smi-untagging shift.
- Optimize comparisons of Smi-untagging shifts to operate on the
unshifted word.
- Optimize 64bit comparisons of values expanded from 32bit to use
a 32bit comparison instead.
- Change CodeStubAssembler::UntagSmi to first sign-extend and then
right-shift to enable better address computations for Smi indices.
Bug: v8:9962
Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67378}
This reverts commit 390ed4b934.
Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux/36714?
Original change's description:
> [arm] Change fp_fixed registers to be allocatable registers
>
> fp_fixed1 and fp_fixed2 are used by the S8x16Shuffle operation. They
> need to be allocatable, so that they can be correctly marked as fixed
> and spilled as required. The previous value of fp_fixed2, d29, is not in
> the list of allocatable double registers, and not marked as fixed
> appropriately.
>
> One fix could be to extend the list of allocatable double registers, but
> there is a comment there saying that the list is kept even-length to
> make stack alignment easier. So rather than messing with that, we
> instead change what fp_fixed1 and fp_fixed2 is, since S8x16Shuffle is
> the only user, this is a simpler change.
>
> Bug: chromium:1070078
> Change-Id: Id7de9b256bad2cfb11b0f06b66eb80a48ff7827c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161565
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67372}
TBR=gdeepti@chromium.org,zhin@chromium.org,thibaudm@chromium.org
Change-Id: I00b4b34771b5832cc3d5fe6eac7aac506ec82d50
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1070078
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165865
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67375}
fp_fixed1 and fp_fixed2 are used by the S8x16Shuffle operation. They
need to be allocatable, so that they can be correctly marked as fixed
and spilled as required. The previous value of fp_fixed2, d29, is not in
the list of allocatable double registers, and not marked as fixed
appropriately.
One fix could be to extend the list of allocatable double registers, but
there is a comment there saying that the list is kept even-length to
make stack alignment easier. So rather than messing with that, we
instead change what fp_fixed1 and fp_fixed2 is, since S8x16Shuffle is
the only user, this is a simpler change.
Bug: chromium:1070078
Change-Id: Id7de9b256bad2cfb11b0f06b66eb80a48ff7827c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161565
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67372}
If module bytes end in a prefix like 0xfc (numeric prefix), we read out
of bounds (pc + 1). So, if validate flag is set, check the length.
Bug: chromium:1073553
Change-Id: Ia9771419d01f2315723d19dd96630172b5a7a1f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161404
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67370}
The impl works by posting up to NumberOfWorkerThreads() tasks
with CallOnWorkerThread().
Change-Id: I188ac57c9e5d6e3befdcc6f945fbf337dabe1d1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2130886
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Gabriel Charette <gab@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67368}
This is the last cctest that uses the interpreter for debugging.
This CL moves it over to Liftoff.
R=jkummerow@chromium.org
Bug: v8:10389
Change-Id: I1791f0c762c9aab38eee5f5fb96772f4d01c212f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164790
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67367}
Moves the Script line-end initialization for profiling out of
CreateScript and into FinalizeScriptCompilation. This ensures that
scripts created off-thread still get line-ends when necessary.
Bug: chormium:1011762
Change-Id: If16ad17b2b3ec96908420107bd5f9161eab9492f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2122020
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67363}
This is a reland of 29c1eab92e
Original change's description:
> [builtins] Clean up the use of class_name / ES5 [[Class]]
>
> Before ES2015, the ES spec had a [[Class]] internal slot for all
> objects, which Object.prototype.toString() would use to figure the
> returned string. Post-ES2015, the [[Class]] slot was removed in spec for
> all objects, with the @@toStringTag well-known symbol the proper way to
> change Object.prototype.toString() output.
>
> At the time, spec-identical handling without the use of [[Class]] was
> implemented in V8 for all objects other than API objects, where issues
> with the Web IDL spec [1] prevented Blink, and hence V8, to totally
> migrate to @@toStringTag. However, since 2016 [2] Blink has been setting
> @@toStringTag on API class prototypes to manage the
> Object.prototype.toString() output, so the legacy [[Class]] handling in
> V8 has not been necessary for the past couple of years.
>
> This CL removes the remaining legacy [[Class]] handling in
> Object.prototype.toString(), JSReceiver::class_name(), and
> GetConstructorName(). However, it does not remove the class_name field
> in FunctionTemplateInfo, as it is still used for the `name` property of
> created functions.
>
> This CL also cleans up other places in the codebase that still reference
> [[Class]].
>
> This change should have minimal impact on web-compatibility. For the
> change to be observable, a script must do one of the following:
>
> 1. delete APIConstructor.prototype[Symbol.toStringTag];
> 2. Object.setPrototypeOf(apiObject, somethingElse);
>
> Before this CL, these changes will not change the apiObject.toString()
> output. But after this CL, they will make apiObject.toString() show
> "[object Object]" (in the first case) or the @@toStringTag of the other
> prototype (in the latter case).
>
> However, both are deemed unlikely. @@toStringTag is not well-known
> feature of JavaScript, nor does it get tampered much on API
> constructors. In the second case, setting the prototype of an API object
> would effectly render the object useless, as all its methods (including
> property getters/setters) would no longer be accessible.
>
> Currently, @@toStringTag-based API object branding is not yet
> implemented by other browsers. This V8 bug in particular has been an
> impediment to standardizing toString behavior. Fixing this bug will
> unblock [3] and lead to a better Web IDL spec, and better toString()
> compatibility for all.
>
> [1]: https://www.w3.org/Bugs/Public/show_bug.cgi?id=28244
> [2]: https://crrev.com/909c0d7d5a53c8526ded351683c65ea7d17531d4
> [3]: https://github.com/heycam/webidl/pull/357
>
> Bug: chromium:793406
> Cq-Include-Trybots: luci.chromium.try:linux-rel
> Change-Id: Iceded24e37afa2646ec385d5018909f55b177f93
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2146996
> Commit-Queue: Timothy Gu <timothygu@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67327}
Bug: chromium:793406
Change-Id: Ia5d97bd4e1c44cadc6f18a17ffc9d06b038cf8f1
Cq-Include-Trybots: luci.chromium.try:linux-rel
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2163881
Auto-Submit: Timothy Gu <timothygu@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67361}
The cctests for breakpoints were still executing in the interpreter.
This CL moves them over to Liftoff.
Note that the additional methods on {DebugInfo} will be reused for other
purposes, see https://crrev.com/c/1941139.
R=jkummerow@chromium.org
Bug: v8:10389
Change-Id: Ia88150612377d6e7db0514af1efe091124b3ddce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162852
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67360}
This is a reland of a441cbfb57
Disabling cctest/test-compiler/DeepEagerCompilationPeakMemory in stress
mode since allocation is no longer deterministic.
Original change's description:
> [offthread] Move stress-background-compile to compiler.cc
>
> Make --stress-background-compile a V8 flag rather than a d8 flag, so
> that it also tests unittests/cctests.
>
> Now, with this flag, every top-level script compile (that fulfills a
> couple of restrictions) will be both main-thread and background-thread
> compiled, taking the result of the background compile. In the future,
> we'll probably want to verify that the two results are equivalent.
>
> One of the necessary changes to allow tests to pass was to introduce a
> concept of a "temporary" script (with a temporary script id), which
> doesn't get added to the script list. This is to avoid the main-thread
> compile part of the stress-test having a debugger-visible side-effect,
> e.g. in tests that enumerate scripts. We can't just create new ids for
> such scripts, as then script-id expectation files no longer match.
>
> Bug: chromium:1011762
> Change-Id: I500bbf2cabea762e69aca3dbae247daae71192cb
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2120541
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67332}
TBR=rmcilroy@chromium.org
Bug: chromium:1011762
Change-Id: I5f9f0eb71caa4829e72b4a6d2824cbebd3698bd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162876
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67356}
This patch will allow turboprop to selectively turn off const based
optimizations.
Change-Id: Icd0ec29968287a428cbf38857191900dbf3fda36
Bug: v8:9684, v8:10431
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2149429
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67355}
62b8fce3..31dabb56
31dabb5 Add a test for Unicode key-type pairs being canonicalized by Intl.Locale regardless whether they're passed in the input tag, or through the options object. by Jeff Walden · 9 hours ago master
7a4b88e Add `null` named capture coercion test case by Alexey Shvayka · 9 hours ago
6de6484 Add functional replacement test by Alexey Shvayka · 9 hours ago
a6f3449 Add string replacement test by Alexey Shvayka · 9 hours ago
eca34ed Drop "the" and align license headers by Alexey Shvayka · 9 hours ago
34b2ab3 Use non ID_Continue characters in negative tests by Alexey Shvayka · 9 hours ago
89bb1b7 Remove negative parse tests that are now valid by Alexey Shvayka · 9 hours ago
3b5845a Add invalid non-Unicode test by Alexey Shvayka · 9 hours ago
b0995ea Add invalid Unicode test by Alexey Shvayka · 9 hours ago
fd18971 Add valid non-Unicode test by Alexey Shvayka · 9 hours ago
1991c24 Add valid Unicode test by Alexey Shvayka · 9 hours ago
d57bd9d Simplify alphanum regex in testIntl.js by Ross Kirsling · 9 hours ago
064d3c2 correct exceptions for exceptZero by Frank Yung-Fong Tang · 9 hours ago
18f5551 correct expectation for exceptZero by Frank Yung-Fong Tang · 9 hours ago
7bb81a4 correct expectation for exceptZero by Frank Yung-Fong Tang · 9 hours ago
52ec585 correct expectation for exceptZero by Frank Yung-Fong Tang · 9 hours ago
6b3b5c1 correct expectation for exceptZero by Frank Yung-Fong Tang · 9 hours ago
7aa1291 correct expectation for exceptZero by Frank Yung-Fong Tang · 9 hours ago
fb00de4 correct expectation of exceptZero by Frank Yung-Fong Tang · 9 hours ago
11cc0c0 correct expectation for exceptZero by Frank Yung-Fong Tang · 9 hours ago
9119877 correct expectation for exceptZero by Frank Yung-Fong Tang · 9 hours ago
2022f97 correct expectation for exceptZero by Frank Yung-Fong Tang · 9 hours ago
0fc6784 correct exceptZero expectation by Frank Yung-Fong Tang · 9 hours ago
988bf55 correct exceptZero expectation by Frank Yung-Fong Tang · 9 hours ago
e5d4129 correct for exceptZero by Frank Yung-Fong Tang · 9 hours ago
8293c96 correct expectation for exceptZero by Frank Yung-Fong Tang · 9 hours ago
0279d96 correct cases for exceptZero by Frank Yung-Fong Tang · 9 hours ago
d401735 correction for exceptZero by Frank Yung-Fong Tang · 9 hours ago
f07fe8c correct by Frank Yung-Fong Tang · 9 hours ago
c1a1111 correct by Frank Yung-Fong Tang · 9 hours ago
832ecd2 correct by Frank Yung-Fong Tang · 9 hours ago
940be66 correct expectation for signDisplay: "exceptZero" by Frank Yung-Fong Tang · 9 hours ago
df0207c Test revoked [[ProxyHandler]] by Alexey Shvayka · 9 hours ago
d6834ac Test revoked callable [[ProxyTarget]] by Alexey Shvayka · 9 hours ago
449f3ed Test revoked [[ProxyTarget]] by Alexey Shvayka · 9 hours ago
c2f0a3c Bring back accidentally removed __proto__ test by Alexey Shvayka · 9 hours ago
0c06bbc Add "proto-from-ctor-realm" test for AggregateError by Alexey Shvayka · 9 hours ago
a240781 Use isConstructor harness in revocation function test by Alexey Shvayka · 9 hours ago
c31133b Add Proxy.revocable built-in test by Alexey Shvayka · 9 hours ago
fadb907 Atomics.waitAsync: fix lint trash by Rick Waldron · 10 hours ago
d7e4de1 Atomics.waitAsync: validate array type; waiter list position, notify before timeout by Rick Waldron · 10 hours ago
161ce48 Atomics.waitAsync: misused symbol args. by Rick Waldron · 10 hours ago
127fa27 Atomics: remove erroneous argument from getReport() in harness/atomicsHelper.js by Rick Waldron · 10 hours ago
bd5b37e Atomics.waitAsync: symbol for timeout throws by Rick Waldron · 10 hours ago
eeb75f6 Atomics.waitAsync: poisoned object throws by Rick Waldron · 10 hours ago
db9c0ef Atomics.waitAsync: out of range index by Rick Waldron · 10 hours ago
0923420 Atomics.waitAsync: fix lint issues by Rick Waldron · 10 hours ago
c3efb56 Atomics.waitAsync: make all agent timeouts async by Rick Waldron · 10 hours ago
f03c0c2 fixup! Atomics.waitAsync: no spurious wakeup on [operation] by Rick Waldron · 10 hours ago
e9ee3dc Atomics: add setTimeout, getReportAsync & safeBroadcastAsync to harness/atomicsHelper .js by Rick Waldron · 10 hours ago
a46bbfd Atomics: drop unused id argument to agent receiveBroadcast handler by Rick Waldron · 10 hours ago
974a4ff Atomics.waitAsync: no spurious wakeup on [operation] by Rick Waldron · 10 hours ago
6d4b4eb Atomics.waitAsync: false, nan, negative, null, object zero timeouts by Rick Waldron · 10 hours ago
4c2ca05 Atomics.waitAsync: negative index throws by Rick Waldron · 10 hours ago
a196c93 Atomics.waitAsync: negative timeout by Rick Waldron · 10 hours ago
677fb82 Atomics.waitAsync: false for timeouts, revised. by Rick Waldron · 10 hours ago
9519cd8 Atomics.waitAsync: Return Value by Rick Waldron · 10 hours ago
dabcc05 Atomics.waitAsync: false, nan for timeouts by Rick Waldron · 10 hours ago
c0f0adf Atomics.waitAsync: ValidateSharedIntegerTypedArray, ValidateAtomicAccess & Return promiseCapability.[[Promise]] by Rick Waldron · 10 hours ago
4e48a56 Atomics.wait: fix esid by Rick Waldron · 10 hours ago
bb37b88 Atomics.waitAsync: add descriptor, length, name tests by Rick Waldron · 10 hours ago
f32b35e Atomics.waitAsync: add feature to features.txt by Rick Waldron · 10 hours ago
1394a4f Fix Proxy tests by Alexey Shvayka · 10 hours ago
fe0d4dc Fix bound function tests by Alexey Shvayka · 10 hours ago
57fa74b Add yield* throw() method test by Alexey Shvayka · 5 days ago
5628e99 Add default parameters test by Alexey Shvayka · 5 days ago
1c06724 Add ObjectBindingPattern destructuring tests by Alexey Shvayka · 5 days ago
4d9944e Add ArrayBindingPattern destructuring tests by Alexey Shvayka · 5 days ago
1d513c3 Update indices-groups-object.js by Gus Caplan · 5 days ago
30542f3 Update groups-object.js by Gus Caplan · 5 days ago
97bd6fd Update indices-groups-object.js by Gus Caplan · 5 days ago
a799a4a Sort out __proto__ occurances outside of annexB by Gus Caplan · 5 days ago
e1fb459 Use slice in RegExp lookBehind test by Michaël Zasso · 5 days ago
68205eb Fixed wrong `esid` and `features` in a Promise.all test by jhnaldo · 5 days ago
048b6b5 Assert that Symbol is a constructor by Alexey Shvayka · 9 days ago
4a8e49b Add test for \0 in Unicode patterns (#2569) by Alexey Shvayka · 13 days ago
156d1b6 Fix async iterator methods not passing absent values tests (#2571) by Alexey Shvayka · 13 days ago
13d057d fix namespace set test (#2574) by Gus Caplan · 13 days ago
27a41b6 Improve malformed RegExp named groups coverage (#2568) by Alexey Shvayka · 13 days ago
6fb6ff6 Add String.prototype.split test by Alexey Shvayka · 2 weeks ago
0c0bcef Add String.prototype.search test by Alexey Shvayka · 2 weeks ago
2597829 Add String.prototype.replaceAll test by Alexey Shvayka · 2 weeks ago
f21c828 Add String.prototype.replace test by Alexey Shvayka · 2 weeks ago
d8a6a06 Add String.prototype.match test by Alexey Shvayka · 2 weeks ago
c1a7ffa Rename searchValue-replace-method-abrupt.js by Alexey Shvayka · 2 weeks ago
18bb955 Upstream additional language tag canonicalisation and Intl.Locale tests from SpiderMonkey by André Bargull · 2 weeks ago
5d8e6c8 Restore grandfathered tests removed in #2054 by André Bargull · 2 weeks ago
de02cf4 Re-enable variant subtag canonicalisation in tests by André Bargull · 2 weeks ago
a525174 Add Unicode and Transformed extension canonicalisation by André Bargull · 2 weeks ago
1c93566 Update language tag mappings to CLDR 36.1 by André Bargull · 2 weeks ago
033f31a Add the language tag mappings python script by André Bargull · 2 weeks ago
756ee6a Update list of numbering systems by André Bargull · 2 weeks ago
7556d59 Update list of Intl service constructors by André Bargull · 2 weeks ago
Bug: v8:7834
Change-Id: I533f42e2460ba355091e46dec29a4920255a134f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2163877
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67352}
This reverts commit 29c1eab92e.
Reason for revert: Causes Blink test failures:
https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Linux/4222
Original change's description:
> [builtins] Clean up the use of class_name / ES5 [[Class]]
>
> Before ES2015, the ES spec had a [[Class]] internal slot for all
> objects, which Object.prototype.toString() would use to figure the
> returned string. Post-ES2015, the [[Class]] slot was removed in spec for
> all objects, with the @@toStringTag well-known symbol the proper way to
> change Object.prototype.toString() output.
>
> At the time, spec-identical handling without the use of [[Class]] was
> implemented in V8 for all objects other than API objects, where issues
> with the Web IDL spec [1] prevented Blink, and hence V8, to totally
> migrate to @@toStringTag. However, since 2016 [2] Blink has been setting
> @@toStringTag on API class prototypes to manage the
> Object.prototype.toString() output, so the legacy [[Class]] handling in
> V8 has not been necessary for the past couple of years.
>
> This CL removes the remaining legacy [[Class]] handling in
> Object.prototype.toString(), JSReceiver::class_name(), and
> GetConstructorName(). However, it does not remove the class_name field
> in FunctionTemplateInfo, as it is still used for the `name` property of
> created functions.
>
> This CL also cleans up other places in the codebase that still reference
> [[Class]].
>
> This change should have minimal impact on web-compatibility. For the
> change to be observable, a script must do one of the following:
>
> 1. delete APIConstructor.prototype[Symbol.toStringTag];
> 2. Object.setPrototypeOf(apiObject, somethingElse);
>
> Before this CL, these changes will not change the apiObject.toString()
> output. But after this CL, they will make apiObject.toString() show
> "[object Object]" (in the first case) or the @@toStringTag of the other
> prototype (in the latter case).
>
> However, both are deemed unlikely. @@toStringTag is not well-known
> feature of JavaScript, nor does it get tampered much on API
> constructors. In the second case, setting the prototype of an API object
> would effectly render the object useless, as all its methods (including
> property getters/setters) would no longer be accessible.
>
> Currently, @@toStringTag-based API object branding is not yet
> implemented by other browsers. This V8 bug in particular has been an
> impediment to standardizing toString behavior. Fixing this bug will
> unblock [3] and lead to a better Web IDL spec, and better toString()
> compatibility for all.
>
> [1]: https://www.w3.org/Bugs/Public/show_bug.cgi?id=28244
> [2]: https://crrev.com/909c0d7d5a53c8526ded351683c65ea7d17531d4
> [3]: https://github.com/heycam/webidl/pull/357
>
> Bug: chromium:793406
> Cq-Include-Trybots: luci.chromium.try:linux-rel
> Change-Id: Iceded24e37afa2646ec385d5018909f55b177f93
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2146996
> Commit-Queue: Timothy Gu <timothygu@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67327}
TBR=verwaest@chromium.org,timothygu@chromium.org
Change-Id: I678d2ffc1064b1d1ddb62024cc23c6c41b216ef4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:793406
Cq-Include-Trybots: luci.chromium.try:linux-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2163956
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67349}
This reverts commit a441cbfb57.
Reason for revert: causes DeepEagerCompilationPeakMemory to fail.
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux/36681
Original change's description:
> [offthread] Move stress-background-compile to compiler.cc
>
> Make --stress-background-compile a V8 flag rather than a d8 flag, so
> that it also tests unittests/cctests.
>
> Now, with this flag, every top-level script compile (that fulfills a
> couple of restrictions) will be both main-thread and background-thread
> compiled, taking the result of the background compile. In the future,
> we'll probably want to verify that the two results are equivalent.
>
> One of the necessary changes to allow tests to pass was to introduce a
> concept of a "temporary" script (with a temporary script id), which
> doesn't get added to the script list. This is to avoid the main-thread
> compile part of the stress-test having a debugger-visible side-effect,
> e.g. in tests that enumerate scripts. We can't just create new ids for
> such scripts, as then script-id expectation files no longer match.
>
> Bug: chromium:1011762
> Change-Id: I500bbf2cabea762e69aca3dbae247daae71192cb
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2120541
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67332}
TBR=rmcilroy@chromium.org,leszeks@chromium.org
Change-Id: I8716b332b07fe4f394b5a32c986bbe652325582d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1011762
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2163143
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67347}
Pick handful of failure cases from
https://bugs.chromium.org/p/v8/issues/detail?id=10437
Mark the test fail
The bug should be fixed by ICU67.1 and will be landed soon.
Bug: v8:10437
Change-Id: Iac309dd48b2220da777c006c7a35fac24e454430
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161510
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67345}
1. read and output into option after timeZoneName
2. Not output into resolvedOptions if dateStyle or timeStyle is presented.
3. Add unit test
Spec: https://github.com/tc39/ecma402/pull/347
Bug: v8:10438
Change-Id: Ie7fecdb5b6dc83dc9a6dfd8ced26679a4051c833
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161509
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67344}
- Use the new builtin to convert f32 to Number, rather than changing
to f64, then calling f64 to Number.
Bug: v8:10070
Change-Id: I9a0660af8f5e517c2c6691d57d665b7e6316a51b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2111714
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67342}
This change allows Torque code to initialize bitfield structs, using the
same syntax as struct initialization. It also moves the definition of
the JSPromise flags to Torque as an example usage.
Bug: v8:7793
Change-Id: I3d5e49aa22139ffb4b8ea9f308dd36a2d22b2c1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2148176
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67338}
Introduce an OffThreadTransferHandle (and OffThreadTransferMaybeHandle),
which points to a piece of storage known to (and owned by) the
OffThreadIsolate. On Publish, the OffThreadIsolate converts this storage
stub from a raw pointer to an off-thread object into a main-thread
Handle.
This allows users of an OffThreadIsolate to not have to worry (as much)
about the dance of saving raw object pointers before off-thread finishes
and converting those to Handles before it off-thread isolate is
published.
Bug: chromium:1011762
Change-Id: I7ceb4ed85e770bd6e1867649188597bbcaedb32d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161066
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67337}
Now that PartialSerializer/Deserializer/etc have been renamed to
ContextSerializer/ContextDeserializer/etc, the files can now be renamed
hopefully leaving the full history available in code search.
Bug: v8:10416
Change-Id: I266c915f6d01a7e2913c4d34d9913fa551046dc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144061
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67333}
Make --stress-background-compile a V8 flag rather than a d8 flag, so
that it also tests unittests/cctests.
Now, with this flag, every top-level script compile (that fulfills a
couple of restrictions) will be both main-thread and background-thread
compiled, taking the result of the background compile. In the future,
we'll probably want to verify that the two results are equivalent.
One of the necessary changes to allow tests to pass was to introduce a
concept of a "temporary" script (with a temporary script id), which
doesn't get added to the script list. This is to avoid the main-thread
compile part of the stress-test having a debugger-visible side-effect,
e.g. in tests that enumerate scripts. We can't just create new ids for
such scripts, as then script-id expectation files no longer match.
Bug: chromium:1011762
Change-Id: I500bbf2cabea762e69aca3dbae247daae71192cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2120541
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67332}
Move the persistent compilation state and Isolate inputs (such as the
allocator, shared AST constants, hash seed, logger, etc.) which survives
across both parse and compile, out of ParseInfo and into a new
UnoptimizedCompileState class. Also add UnoptimizedCompilePerThreadState
for per-thread state such as stack limit and RCS.
In particular, this new state survives the ParseInfo being destructed,
which means it is available after off-thread finalization. This allows a
followup to access the PendingCompilationErrorHandler after finalization
and report errors on merge.
Bug: v8:10314
Change-Id: Ia186bc0f267c704efd771aa1895f50a4525a8364
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2105636
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67329}
Before ES2015, the ES spec had a [[Class]] internal slot for all
objects, which Object.prototype.toString() would use to figure the
returned string. Post-ES2015, the [[Class]] slot was removed in spec for
all objects, with the @@toStringTag well-known symbol the proper way to
change Object.prototype.toString() output.
At the time, spec-identical handling without the use of [[Class]] was
implemented in V8 for all objects other than API objects, where issues
with the Web IDL spec [1] prevented Blink, and hence V8, to totally
migrate to @@toStringTag. However, since 2016 [2] Blink has been setting
@@toStringTag on API class prototypes to manage the
Object.prototype.toString() output, so the legacy [[Class]] handling in
V8 has not been necessary for the past couple of years.
This CL removes the remaining legacy [[Class]] handling in
Object.prototype.toString(), JSReceiver::class_name(), and
GetConstructorName(). However, it does not remove the class_name field
in FunctionTemplateInfo, as it is still used for the `name` property of
created functions.
This CL also cleans up other places in the codebase that still reference
[[Class]].
This change should have minimal impact on web-compatibility. For the
change to be observable, a script must do one of the following:
1. delete APIConstructor.prototype[Symbol.toStringTag];
2. Object.setPrototypeOf(apiObject, somethingElse);
Before this CL, these changes will not change the apiObject.toString()
output. But after this CL, they will make apiObject.toString() show
"[object Object]" (in the first case) or the @@toStringTag of the other
prototype (in the latter case).
However, both are deemed unlikely. @@toStringTag is not well-known
feature of JavaScript, nor does it get tampered much on API
constructors. In the second case, setting the prototype of an API object
would effectly render the object useless, as all its methods (including
property getters/setters) would no longer be accessible.
Currently, @@toStringTag-based API object branding is not yet
implemented by other browsers. This V8 bug in particular has been an
impediment to standardizing toString behavior. Fixing this bug will
unblock [3] and lead to a better Web IDL spec, and better toString()
compatibility for all.
[1]: https://www.w3.org/Bugs/Public/show_bug.cgi?id=28244
[2]: https://crrev.com/909c0d7d5a53c8526ded351683c65ea7d17531d4
[3]: https://github.com/heycam/webidl/pull/357
Bug: chromium:793406
Cq-Include-Trybots: luci.chromium.try:linux-rel
Change-Id: Iceded24e37afa2646ec385d5018909f55b177f93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2146996
Commit-Queue: Timothy Gu <timothygu@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67327}
Load splat opcodes are currently multi-byte, but were not passing the
right lengths for decoding of immediates.
Bug: v8:10258
Change-Id: I2c93c3f915eaa43a74722cf0285f161d16ef0ff6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154769
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67326}
The multi-value repository was removed from the list of repositories we
pull in update-wasm-spec-tests.sh. But the tarball still contains some
multi-value tests which should be removed.
R=ahaas@chromium.org
Change-Id: Ifb96a105c95d09f202a0f23ba50cddaa7ced494b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161074
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67323}
Test needs to be removed as discussed under
https://crrev.com/c/2099445.
Change-Id: If026b54ba5d27aea23cb62fe11688d86bcee9df2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161388
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67322}
There's no reason for it to be a JSArray; it's an internal data member.
We only have a slow version for constructing a FixedArray from an
Iterable, but since this is not a performance critical code path,
it's fine.
BUG=v8:9808
Change-Id: I5bcfac4cc545880966421a96d3aa3d899bbf6cd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157371
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67321}
We are getting the following error due to int overflow:
test/cctest/test-code-stub-assembler.cc:3868:28: warning: integer overflow in expression [-Woverflow]
factory->NewNumber(2 * kSmiMaxValue),
~~^~~~~~~~~~~~~~
Change-Id: I85b14a5c500b977febcfe7921bea9b25631a9912
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2160355
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67320}
The multi-value proposal is now merged in the main spec repository, so:
- Remove everything that references the multi-value spec repository
- Add --experimental-wasm-mv to the default flags
R=ahaas@chromium.org
Change-Id: I9f809c21404bb5c1d21eb330748ea51a15688546
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2153219
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67313}
- implemented as a single-linked list with head and tail
pointers. The tail pointer is needed for freelist appending;
- stores entries in buckets, where bucket[log2(size)] stores
entries >= size;
- implements worst fit allocation to amortize free list call;
- ported from Blink: https://bit.ly/2yC8XKJ.
Bug: chromium:1056170
Change-Id: I26cf62c948c95a7cbfecd5f7f22ad975e6b8c732
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157376
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67310}
This is a reland of e1b93a4ff5
which was a reland of 313d4844d9
which was a reland of 0a59e0cb08
which was a reland of 146f5375da
which was a reland of d91679bf3a
Give up on using C++ bitfields, go back to having base::BitField and
getters/setters.
Original change's description:
> [parser] Introduce UnoptimizedCompileFlags
>
> UnoptimizedCompileFlags defines the input flags shared between parse and
> compile (currently parse-only). It is set initially with some values, and
> is immutable after being passed to ParseInfo (ParseInfo still has getters
> for the fields, but no setters).
>
> Since a few of the existing flags were output flags, ParseInfo now has a
> new output_flags field, which will eventually migrate to a ParseOutputs
> structure.
>
> Bug: v8:10314
> Change-Id: If3890a5fad883bca80a97bf9dfe44d91797dc286
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2096580
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66782}
TBR=ulan@chromium.org,szuend@chromium.org
Bug: v8:10314
Change-Id: I54bcd107a0e85cf1a2ddeef0759100547eb65652
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157378
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67309}
The partial snapshot/serializer/deserializer are renamed to context *,
while the partial snapshot cache is renamed to startup object cache in
line with the read-only object cache (as this better reflects where it
lives and what it does).
To avoid a gap in the file history due to renaming both the files and
identifiers simulataneously, this leaves all the partial-*.* files in
place. They will be renamed in a follow-up CL.
Bug: v8:10416
Change-Id: I5ef41cad751aaa24b35ee2b3c72bd0295832f2c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144115
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67306}
This is a reland of 80843eda31
Original change's description:
> [torque] Allow storing to bitfield structs that are stored in Smis
>
> This change:
> 1. Updates the Torque compiler to allow direct access to bitfields that
> are packed within Smi values, which previously would have required a
> separate untagging step,
> 2. Updates JSRegExpStringIterator to represent its flags in Torque,
> 3. Adds reduction cases in MachineOperatorReducer for when the input to
> a branch or the left-hand side of a Word32Equals is based on a 64-bit
> shift-and-mask operation which has been truncated to 32 bits, as is
> the case in the code generated by step 1, and
> 4. Adds a reduction case in MachineOperatorReducer to remove an extra
> Word64And operation added by step 1.
>
> Bug: v8:7793
> Change-Id: Ib4ac2def6211b3cae6be25a8b2a644be5c7d6d3f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2119225
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67290}
Bug: v8:7793
Change-Id: I783b6ec080042fec0e922927f6675dede458a072
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159731
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67305}
When compiling modules with many functions, the list of regions in the
{DisjointAllocationPool} can become quite large if the functions die in
a random order (which they typically do, since the order of Liftoff
compilation is different than the order to TurboFan compilation; which
work stealing, both are nondeterministic).
Iterating the list of regions in the {DisjointAllocationPool} was thus
linear in the number of regions, which is linear in the number of
functions of the module. Since we insert new regions one by one, overall
runtime was quadratic.
This CL fixes this by switching from a linked list to a std::set.
Merging a new region is thus logarithmic instead of linear, and overall
we are {n*log(n)} instead of {n^2}.
Note: For {AllocateInRegion} we still need to linearly iterate all
regions that overlap the requested region, but this has not shown to be
a problem so far.
R=ahaas@chromium.org
Bug: v8:10432
Change-Id: I193e56c2abab782e386194fbe64dadfa250916f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154797
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67303}
- Adds builtins to convert between Int32/Float64 and JS Number.
- WasmInt32ToHeapNumber (bypass SMI test)
- WasmFloat64ToNumber
- Adds builtins to convert between Tagged and Int32/Float64.
- WasmTaggedNonSmiToInt32 (bypass SMI test)
- WasmTaggedToFloat64
- Uses these builtins in Wasm import and export wrappers instead of
generating the equivalent code inline.
Results of running Wasm/import-export-wrappers.js Benchmark:
https://docs.google.com/document/d/1QIB0xnqdJFRsOJKQYZ8DZgzWn4WysybgugbcO0sYcQA/edit?usp=sharing
NOTE: CL will need to be rebased after linkage fix lands.
Bug: v8:10070
Change-Id: Ib34507fcd18bdf80938b5707310a5a4f76cdec72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2099445
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67292}
This reverts commit 80843eda31.
Reason for revert: Causes compilation failure on macs
https://ci.chromium.org/p/v8/builders/ci/Mac%20V8%20FYI%20Release%20(Intel)/8934?
Original change's description:
> [torque] Allow storing to bitfield structs that are stored in Smis
>
> This change:
> 1. Updates the Torque compiler to allow direct access to bitfields that
> are packed within Smi values, which previously would have required a
> separate untagging step,
> 2. Updates JSRegExpStringIterator to represent its flags in Torque,
> 3. Adds reduction cases in MachineOperatorReducer for when the input to
> a branch or the left-hand side of a Word32Equals is based on a 64-bit
> shift-and-mask operation which has been truncated to 32 bits, as is
> the case in the code generated by step 1, and
> 4. Adds a reduction case in MachineOperatorReducer to remove an extra
> Word64And operation added by step 1.
>
> Bug: v8:7793
> Change-Id: Ib4ac2def6211b3cae6be25a8b2a644be5c7d6d3f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2119225
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67290}
TBR=tebbi@chromium.org,seth.brenith@microsoft.com,nicohartmann@chromium.org
Change-Id: Ifa683c92631291c9437438682b6efb2e12862682
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159730
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67291}
This change:
1. Updates the Torque compiler to allow direct access to bitfields that
are packed within Smi values, which previously would have required a
separate untagging step,
2. Updates JSRegExpStringIterator to represent its flags in Torque,
3. Adds reduction cases in MachineOperatorReducer for when the input to
a branch or the left-hand side of a Word32Equals is based on a 64-bit
shift-and-mask operation which has been truncated to 32 bits, as is
the case in the code generated by step 1, and
4. Adds a reduction case in MachineOperatorReducer to remove an extra
Word64And operation added by step 1.
Bug: v8:7793
Change-Id: Ib4ac2def6211b3cae6be25a8b2a644be5c7d6d3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2119225
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67290}
We give the optimized code another chance on soft deopts in TurboProp.
If the deopt is happening on infrequently taken paths, then this will
let us reuse the optimized code for the subsequent executions. If the
soft deopts are happening multiple times on the same code, then we would
discard the optimized code. The number of deopts we would wait is
controlled by FLAG_reuse_opt_code_count.
BUG=v8:10433
Change-Id: Iaadea4cffde7d7d55be4875c9586694dca64957c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2093503
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67289}
We are compiling V8 using devtoolset-8 and it is generating a new
compilation error related to String Truncation:
error: ‘char* strncpy(char*, const char*, size_t)’ output truncated copying between 1 and 15 bytes from a string of length 15 [-Werror=stringop-truncation]
strncpy(buffer, unicode_utf8, i);
Which basically means the null terminating character was not added to
the end of the buffer:
https://developers.redhat.com/blog/2018/05/24/detecting-string-truncation-with-gcc-8/
This CL will changes 2 uses of "strncpy" to "memcpy" as strings
are being copied partially and `\n` being added at a later stage.
Change-Id: I3656afb00463d70ddb8700a487a1978b793e1d09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2155038
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67277}
