Implicitly escape all output that is passed to Log::MessageBuilder.
We escape non-printable characters and the log field separator ','
using the \x00 and \u0000 escape sequences.
Example:
Before: event-foo,"space: ","comma: ,","double quotes: """
After: event-foo,space: ,comma: \x2C,double quotes: "
This might slightly impact human readability of the log files in
extreme cases. However, most strings do not contain any escaped
characters.
Bug:
Change-Id: Ic78f6d9932367d02f9f3c3f70b41b5c283bdf880
Reviewed-on: https://chromium-review.googlesource.com/728332
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48805}
This is a reland of 06ff9e974a
Original change's description:
> [logging] Use OFStream for log events
>
> This simplifies a few operations and removes the size limitations
> implied by the message buffer used.
>
> Change-Id: I8b873a0ffa399a037ff5c2501ba4b68158810968
> Reviewed-on: https://chromium-review.googlesource.com/724285
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48766}
Change-Id: Iafda1c88d9180d188d6b8bd7d03d6d27100538d8
Reviewed-on: https://chromium-review.googlesource.com/731107
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48804}
Use an intrinsic for GetImportMetaObject and generate bytecode for the
case where import.meta has been initialized already. This way the
runtime method will only be called once per module.
Bug: v8:6693
Change-Id: If661e88e6accfb1c5795e37a80582d04f6dd87dd
Reviewed-on: https://chromium-review.googlesource.com/716536
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48801}
The spec got rid of `CheckObjectCoercible` a while back, and so should
we. This change is not observable in most of the affected cases since
`ToObject` is up near the top of most Array method algorithms. An
example of an observable effect of this change occurs for the following
input:
Array.prototype.sort.call(null, 1);
Behavior before applying the patch (incorrect message):
TypeError: Array.prototype.sort called on null or undefined
Expected behavior:
TypeError: The comparison function must be either a function or
undefined
This patch removes `CheckObjectCoercible` and adds tests to ensure the
few observable cases are addressed correctly.
The patch also adds a missing `ToObject(this)` to
`Array.prototype.lastIndexOf` which would otherwise become observable
as a result of `CheckObjectCoercible` being removed.
BUG=v8:3577,v8:6921
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ia086095076c4bf4d8d58dab26bc28df02994ed01
Reviewed-on: https://chromium-review.googlesource.com/718577
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48800}
Whitespace-only strings count as empty too.
This behavior is different from BigInt.parseInt(""),
which throws a SyntaxError.
Bug: v8:6791, v8:6957
Change-Id: I6671c803f3ba83e23c3e0cad81d3af29dba61c9f
Reviewed-on: https://chromium-review.googlesource.com/727301
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48797}
- Introduce the new union type UnionType<T1,T2>, used for Number and
Numeric. Similarly, PairType<T1,T2> is used for a Turbofan operation
with two results. Further details in the design doc:
https://docs.google.com/document/d/10foP3m7SDWyFfbda96iEJ_XYOLQdd32AeoP8SD1cTcs/edit#heading=h.bghdno28mr7u
- Allow to derive the MachineType from a static type.
This allows to select the right MachineType when performing a
load/store.
- Disallow casts (UncheckedCast() or CAST()) when the target and
origin type have no overlap.
New cast ReinterpretCast() is an UncheckedCast without this check.
- Caveat of this CL: Checked casts (CAST()) are not possible for
UnionType<T1,T2> with the exception of Number (due to the existence
of Number in OBJECT_TYPE_LIST and the existence of an IsNumber()
function in the runtime).
Bug: v8:6949
Change-Id: I21a683d1341f69cebd8a347f545b454b463c52ad
Reviewed-on: https://chromium-review.googlesource.com/723320
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48796}
[wasm] Fix signature canonicalization for error case.
The decoder should not attempt to insert null signatures into the SignatureMap.
R=ahaas@chromium.org
Bug: chromium:775366
Change-Id: I0fbc0547dbf00fd25d37271a03b6756481a4c6a1
Reviewed-on: https://chromium-review.googlesource.com/730752
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48793}
If the input array is a JSArray with fast elements, it makes sense
to create an output array of the same ElementsKind when possible.
Bug: v8:1956
Change-Id: Ie9c937cf1751ccbbbe7cc76f40e1e1a0328ed37c
Reviewed-on: https://chromium-review.googlesource.com/730748
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48789}
JSClassOf may lower to a call to a builtin, and needs to be
modeled in a way that the effect chain can be maintained.
Bug: v8:6929
Change-Id: Ida332e6d85e2eb8b33fcad810d195ef3e897ccb0
Reviewed-on: https://chromium-review.googlesource.com/727204
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48786}
In the special case of KeyedLoadIC, where the key that is passed in is a
Name that is always the same we only checked for identity in both the
stub and the TurboFan case, which works fine for symbols and internalized
strings, but doesn't really work with non-internalized strings, where
the identity check will fail, the runtime will internalize the string,
and the IC will then see the original internalized string again and not
progress in the feedback lattice. This leads to tricky deoptimization
loops in TurboFan and constantly missing ICs.
This adds fixes the stub to always try to internalize strings first
when the identity check fails and then doing the check again. If the
name is not found in the string table we miss, since in that case the
string cannot match the previously recorded feedback name (which is
always a unique name).
In TurboFan we represent this checks with new CheckEqualsSymbol and
CheckEqualsInternalizedString operators, which validate the previously
recorded feedback, and the CheckEqualsInternalizedString operator does
the attempt to internalize the input.
Bug: v8:6936, v8:6948, v8:6969
Change-Id: I3f3b4a587c67f00f7c4b60d239eb98a9626fe04a
Reviewed-on: https://chromium-review.googlesource.com/730224
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48784}
The issue in the arm simulator is fixed, reenable the tests.
R=ahaas@chromium.org
Bug: v8:6947
Change-Id: Ie57dbc01e02dbda3a978306b61ffff92c78d2f97
Reviewed-on: https://chromium-review.googlesource.com/725291
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48782}
This allocates and populates potential source position table before the
underlying {Code} objects is allocated. It essentially makes the field
holding said table immutable after allocation.
R=verwaest@chromium.org
BUG=v8:6792
Change-Id: If35462688a1b502f28ae84f73b82b5df5005735f
Reviewed-on: https://chromium-review.googlesource.com/727895
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48781}
This is a reland of 6f93d59d92.
One more test had to be disabled (tracked by bug 6954), and
two machops tests needed to be changed to use boxed floats
and doubles.
Original change's description:
> [test] Add nan bit patterns to uint{32,64}_vector
>
> If you just cast those patterns to float or double and pass them
> around, the quiet/signaling NaN bit might change. We had several bugs
> around this, so add these patterns to the general input vectors.
>
> This uncovers a bug in the wasm interpreter, which will be fixed in a
> separate CL.
>
> R=ahaas@chromium.org
>
> Bug: v8:6947, v8:6954
> Change-Id: I205b8ab784b087b1e4988190fa725df0b90e7ee0
> Reviewed-on: https://chromium-review.googlesource.com/725345
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48731}
Bug: v8:6947, v8:6954
Change-Id: I9a38b5d9324131c3950c537910371a73c93d2c13
Reviewed-on: https://chromium-review.googlesource.com/728439
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48780}
This reverts commit 9fd029ef25.
Due to a ClusterFuzz issue.
TBR=mstarzinger@chromium.org
Bug: chromium:776511
Change-Id: I0f30e2e8de97f3c437a1756c82e645828358ad91
Reviewed-on: https://chromium-review.googlesource.com/730006
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48775}
The wasm memory deserialization didn't properly increment the object id, so
wouldn't work properly if the memory object (or its contained
SharedArrayBuffer) where included multiple times in the object.
Bug: v8:6895
Change-Id: I5c4c25bad2ec6152883c5a7321038aba1950480a
Reviewed-on: https://chromium-review.googlesource.com/721630
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48767}
intl.js throws an exception when datetime-value to format is
Infinity or NaN, but there was a way to thwart the check.
Moreover, intl.js and runtime-intl.cc have unnecessary conversions
of 'Number->Date->Number'. I removed the unnecessary conversion
and made 'Number' be passed to %InternalDateFormat. With this
streamlining, the work-around mentioned above does not work
anymore.
Add a check in runtime_intl.cc for Infinity/NaN and throw a
RangeError.
Add invalid-time test for invalid datetime-values passed to
Intl.DateTimeFormat.format().
Bug: chromium:774833
Test: intl/date-format/invalid-time.js
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Idc575e532a86ee110dc4bb945ae023d6516650ee
Reviewed-on: https://chromium-review.googlesource.com/724860
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48765}
Moves the feedback vector slot allocation out of ast-numbering and into
bytecode generation directly. This has a couple of benifits, including reduced
AST size, avoid code duplication and reduced feedback vector sizes in many cases
due to only allocating slots when needed. Also removes AstProperties since
this is no longer needed.
AstNumbering is now only used to allocate suspend ids for generators.
BUG=v8:6921
Change-Id: I103e8593c94ef5b2e56c34ef4f77bd6e7d64796f
Reviewed-on: https://chromium-review.googlesource.com/722959
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48757}
Also ensure that CSA's CloneFixedArray and ExtractFixedArray correctly
transition COW to non-COW maps when doing a clone requiring copying.
Bug: chromium:775888
Change-Id: I31c97072761fdd2360d86f840c9fd6ab2d72973a
Reviewed-on: https://chromium-review.googlesource.com/727900
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48754}
This is a reland of f77d98f755.
The issue was already fixed when this got reverted.
Original change's description:
> Reland "[arm] [simulator] Do also execute tests on real hardware"
>
> This is a reland of 8bacd8486b.
> The failing test is disabled if not executing in the simulator.
>
> Original change's description:
> > [arm] [simulator] Do also execute tests on real hardware
> >
> > In order to avoid writing tests that *only* pass in the simulator, but
> > not on real hardware, do also execute the simulator tests on real
> > hardware.
> >
> > R=ahaas@chromium.org, rodolph.perfetta@arm.com
> >
> > Bug: v8:6947
> > Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> > Reviewed-on: https://chromium-review.googlesource.com/722961
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48706}
>
> Bug: v8:6947, v8:6963
> Change-Id: I5733794bc5ca223c8e66afcdeb8414b1b4121314
> Reviewed-on: https://chromium-review.googlesource.com/727880
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48734}
Bug: v8:6947, v8:6963
Change-Id: I6124164ff92a2387d714ce974000b6f615b91983
Reviewed-on: https://chromium-review.googlesource.com/727207
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48752}
This revert is manual, but almost completely automatic.
It was just blocked by a single-line irrelevant refactoring change.
This reverts commit 1cee0e012e.
Reason for revert: chromium:776256
Original change's description:
> Reland^4 "[turbofan] eagerly prune None types and deadness from the graph"
>
> This fixes https://bugs.chromium.org/p/chromium/issues/detail?id=773954.
> The issue was that in the EffectControlLinearizer, the effect input of an
> {Unreachable} node was not updated, leaving a {Checkpoint} behind.
>
> This is a reland of 4cf476458f
> Original change's description:
> > Reland^3 "[turbofan] eagerly prune None types and deadness from the graph"
> >
> > This fixes the issues
> > https://bugs.chromium.org/p/chromium/issues/detail?id=772873
> > and https://bugs.chromium.org/p/chromium/issues/detail?id=772872.
> >
> > One problem was that mutating an effect node into Unreachable confused
> > the LoadElimination sidetables, so I just always create a new node now.
> >
> > The other problem was that UpdateBlockControl() was executed after
> > UpdateEffectPhi() in the lazy case. This reverted the update to the Merge input.
> > So now I make sure that UpdateEffectPhi() is always executed last.
> >
> > This is a reland of 6ddb5e7da7
> > Original change's description:
> > > Reland^2 "[turbofan] eagerly prune None types and deadness from the graph"
> > >
> > > Now, the EffectControlLinearizer connects all occurrences of Unreachable to the
> > > graph end. This fixes issues with later phases running DeadCodeElimination and
> > > introducing new DeadValue nodes when processing uses of Unreachable.
> > >
> > > This is a reland of 3c4bc27f13
> > > Original change's description:
> > > > Reland "[turbofan] eagerly prune None types and deadness from the graph"
> > > >
> > > > This is a reland of e1cdda2512
> > > > Original change's description:
> > > > > [turbofan] eagerly prune None types and deadness from the graph
> > > > >
> > > > > In addition to using the {Dead} node to prune dead control nodes and nodes that
> > > > > depend on them, we introduce a {DeadValue} node representing an impossible value
> > > > > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > > > > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > > > > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > > > > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > > > > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > > > > of a node with type {None} as dead.
> > > > >
> > > > > Bug: chromium:741225
> > > > > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > > > > Reviewed-on: https://chromium-review.googlesource.com/641250
> > > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > > > Cr-Commit-Position: refs/heads/master@{#48208}
> > > >
> > > > Bug: chromium:741225
> > > > Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> > > > Reviewed-on: https://chromium-review.googlesource.com/692034
> > > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#48232}
> > >
> > > Bug: chromium:741225
> > > Change-Id: I5702ec34856c075717162153adc765774453c45f
> > > Reviewed-on: https://chromium-review.googlesource.com/702264
> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#48366}
> >
> > Bug: chromium:741225
> > Change-Id: I4054a694d2521c2e1f0c4a3ad0f3cf100b5c536f
> > Reviewed-on: https://chromium-review.googlesource.com/709214
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48469}
>
> Bug: chromium:741225
> Change-Id: Id9d4f3a3ae36cb3e38f80edcdba88efa7922ca24
> Reviewed-on: https://chromium-review.googlesource.com/715716
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48660}
TBR=jarin@chromium.org,tebbi@chromium.org,bmeurer@chromium.org
Bug: chromium:741225 chromium:776256
Change-Id: Iaf2af3cb6dea5fdece43297cb9d987e7decc726d
Reviewed-on: https://chromium-review.googlesource.com/727804
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48749}
This also changes modulo to be more like others, e.g., Pow:
- have an inline Modulo
- have a modulo_double_double that we can use as FUNCTION_ADDR in assembler.cc
Bug:
Change-Id: Id360e4adcde5712ffc5ac22abd3bbaab6aec09f5
Reviewed-on: https://chromium-review.googlesource.com/728027
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48747}
This reverts commit 6f93d59d92.
Reason for revert: Breaks full-debug build:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20full%20debug/builds/2239
Original change's description:
> [test] Add nan bit patterns to uint{32,64}_vector
>
> If you just cast those patterns to float or double and pass them
> around, the quiet/signaling NaN bit might change. We had several bugs
> around this, so add these patterns to the general input vectors.
>
> This oncovers a bug in the wasm interpreter, which will be fixed in a
> separate CL.
>
> R=ahaas@chromium.org
>
> Bug: v8:6947, v8:6954
> Change-Id: I205b8ab784b087b1e4988190fa725df0b90e7ee0
> Reviewed-on: https://chromium-review.googlesource.com/725345
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48731}
TBR=ahaas@chromium.org,clemensh@chromium.org
Change-Id: I4ceb82eab5d4cbf1f335bf6f358178a17a2fd0ba
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6947, v8:6954
Reviewed-on: https://chromium-review.googlesource.com/728101
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48745}
This reverts commit f77d98f755.
Reason for revert: Still fails:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm/builds/4978
Original change's description:
> Reland "[arm] [simulator] Do also execute tests on real hardware"
>
> This is a reland of 8bacd8486b.
> The failing test is disabled if not executing in the simulator.
>
> Original change's description:
> > [arm] [simulator] Do also execute tests on real hardware
> >
> > In order to avoid writing tests that *only* pass in the simulator, but
> > not on real hardware, do also execute the simulator tests on real
> > hardware.
> >
> > R=ahaas@chromium.org, rodolph.perfetta@arm.com
> >
> > Bug: v8:6947
> > Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> > Reviewed-on: https://chromium-review.googlesource.com/722961
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48706}
>
> Bug: v8:6947, v8:6963
> Change-Id: I5733794bc5ca223c8e66afcdeb8414b1b4121314
> Reviewed-on: https://chromium-review.googlesource.com/727880
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48734}
TBR=rodolph.perfetta@arm.com,ahaas@chromium.org,clemensh@chromium.org
Change-Id: I0ed35fc9e1dd5d30b0871479d17f0678fec17499
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6947, v8:6963
Reviewed-on: https://chromium-review.googlesource.com/727903
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48743}
The test was recently enabled (together with other simulator tests) to
also run on native hardware (in https://crrev.com/c/727880).
Temporarlily disable this one test again until the issue is fixed.
R=ahaas@chromium.org
Bug: v8:6963
Change-Id: Ib6bae773a1d54541c87c37fb8547413ee7deac58
Reviewed-on: https://chromium-review.googlesource.com/728021
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48739}
This allocates and populates potential deoptimization data arrays before
the underlying {Code} objects is allocated. It aims at making the field
holding said data immutable after allocation. Note that we still mutate
this field during deoptimization.
R=verwaest@chromium.org
BUG=v8:6792
Change-Id: Id0c2cfb65e782d7292d2df6bff41c54b2b8c3351
Reviewed-on: https://chromium-review.googlesource.com/725704
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48738}
- Throw a TypeError exception if a given target argument is not a typed
array before converting a given offset argument to an integer.
- Add a testcase
Bug: chromium:768775
Change-Id: Id132a0f154fcf930f211922fcbef6c66f9d6f285
Reviewed-on: https://chromium-review.googlesource.com/728120
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48736}
This is a reland of 8bacd8486b.
The failing test is disabled if not executing in the simulator.
Original change's description:
> [arm] [simulator] Do also execute tests on real hardware
>
> In order to avoid writing tests that *only* pass in the simulator, but
> not on real hardware, do also execute the simulator tests on real
> hardware.
>
> R=ahaas@chromium.org, rodolph.perfetta@arm.com
>
> Bug: v8:6947
> Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> Reviewed-on: https://chromium-review.googlesource.com/722961
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48706}
Bug: v8:6947, v8:6963
Change-Id: I5733794bc5ca223c8e66afcdeb8414b1b4121314
Reviewed-on: https://chromium-review.googlesource.com/727880
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48734}
If you just cast those patterns to float or double and pass them
around, the quiet/signaling NaN bit might change. We had several bugs
around this, so add these patterns to the general input vectors.
This oncovers a bug in the wasm interpreter, which will be fixed in a
separate CL.
R=ahaas@chromium.org
Bug: v8:6947, v8:6954
Change-Id: I205b8ab784b087b1e4988190fa725df0b90e7ee0
Reviewed-on: https://chromium-review.googlesource.com/725345
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48731}
This adds BigInt support to JavaScript's abstract equality (== and !=),
implemented mainly via CodeStubAssembler::Equal and via Object::Equals.
Bug: v8:6791
Change-Id: I53219f2f71baa760b142cc676f18931731b87226
Reviewed-on: https://chromium-review.googlesource.com/725701
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48730}
Because the toboolean operator may lower to a builtin call (which is
effectful in turbofan parlance after effect control linearization),
it really should be encoded as a simplified operator, which can
be optimized with respect for the effect chain in linearization.
No new functionality here, rather a furniture rearrangement in
the TurboFan node structure.
Bug: v8:6929
Change-Id: I371fd22941397d5c28d13bded2738161d8da8275
Reviewed-on: https://chromium-review.googlesource.com/725721
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48727}
This is a reland of e737b4ce0d.
The issue on windows bots was fixed in https://crrev.com/c/725733.
Original change's description:
> [test] Avoid unnecessary std::vector allocations
>
> Instead of copying an array of fixed values into an std::vector for
> each usage of the FOR_INPUTS macro, just iterate the constant data
> directly.
> This also makes the <type>_vector() functions return {constexpr Vector}
> instead of {std::vector}.
>
> R=tebbi@chromium.org
>
> Change-Id: Ifc3e5509b2fbf5e383c967c2f46acf2b07f7b5b4
> Reviewed-on: https://chromium-review.googlesource.com/725427
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48688}
Change-Id: I9ad5d22803bbbf35c458965497acc603cfa01b20
Reviewed-on: https://chromium-review.googlesource.com/725979
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48726}
Replace GetElement and SetElement to Get and Set, and use CopyElements,
which reduces 4x-13x overheads.
Bug: chromium:768775
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I58534b30c2035195c5f4b8f2c04e7c459bdbebaa
Reviewed-on: https://chromium-review.googlesource.com/720661
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48723}
This addresses the odd performance cliff, where the CallIC tracks known
JSFunction targets, but goes MEGAMORPHIC when it sees a JSBoundFunction
target. With this fix in place the micro-benchmark on the bug goes from
arrowCall: 82 ms.
boundCall: 234 ms.
to
arrowCall: 81 ms.
boundCall: 80 ms.
so Function#bind doesn't cause any additional overhead anymore.
Bug: v8:5267, v8:6962
Change-Id: Iaceaf89fd3e99e2afe2ae45e96a6813a3ef8b1d2
Reviewed-on: https://chromium-review.googlesource.com/727879
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48722}
This patch provides "Abstract Comparison" functions on the BigInt
class for comparing BigInts to Numbers and Strings.
The functionality is not exposed to JavaScript yet.
Bug: v8:6791
Change-Id: I835f290203a31f363970b1edb359e19af6dabc5d
Reviewed-on: https://chromium-review.googlesource.com/722324
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48718}
This reverts commit 8bacd8486b.
Reason for revert: Fails on chromebooks:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug/builds/4820
Original change's description:
> [arm] [simulator] Do also execute tests on real hardware
>
> In order to avoid writing tests that *only* pass in the simulator, but
> not on real hardware, do also execute the simulator tests on real
> hardware.
>
> R=ahaas@chromium.org, rodolph.perfetta@arm.com
>
> Bug: v8:6947
> Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> Reviewed-on: https://chromium-review.googlesource.com/722961
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48706}
TBR=rodolph.perfetta@arm.com,ahaas@chromium.org,clemensh@chromium.org
Change-Id: I4ec1c6ce4f6e86916a83a748819752ba00179ca2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6947
Reviewed-on: https://chromium-review.googlesource.com/727760
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48716}
So far the JSCallReducer was only able to unfold constant
JSBoundFunction targets for JSCall nodes, which is not the
common case. With the introduction of JSCreateBoundFunction
operator earlier, we can now also recognize calls to bound
functions where the bind happens earlier in the function,
i.e. as the example of
a.map(f.bind(self))
in https://twitter.com/BenLesh/status/920700003974123520, which
is a handy way to use Function#bind. So this transformation
takes a node like
JSCall(JSCreateBoundFunction(bound_target_function,
bound_this,
a1,...,aN),
receiver, p1,...,pM)
and turns that into
JSCall(bound_target_function, bound_this, a1,...,aN,p1,...,pM)
allowing TurboFan to further inline the bound_target_function
at this call site if that's also inlinable (i.e. it's a known
constant JSFunction or the result of a JSCreateClosure call).
This improves the micro-benchmark from
arrowCall: 55 ms.
boundCall: 221 ms.
arrowMap: 181 ms.
boundMap: 806 ms.
to
arrowCall: 71 ms.
boundCall: 76 ms.
arrowMap: 188 ms.
boundMap: 186 ms.
so that Function#bind in this case is as fast as using closures,
which is an up to 4.3x improvement in the Array#map example.
Bug: v8:5257, v8:6961
Change-Id: Ibca650faad912bf9db1db6fbc48772e7551289a6
Reviewed-on: https://chromium-review.googlesource.com/727799
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48713}
The bug reference has been fixed, probably due to the new WasmContext
changes. We should keep a regression test for this anyway though.
Bug: v8:6931
Change-Id: Ie9d94690e764498d2153691d96414d0d26258794
Reviewed-on: https://chromium-review.googlesource.com/727022
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48712}
In order to avoid writing tests that *only* pass in the simulator, but
not on real hardware, do also execute the simulator tests on real
hardware.
R=ahaas@chromium.org, rodolph.perfetta@arm.com
Bug: v8:6947
Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
Reviewed-on: https://chromium-review.googlesource.com/722961
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48706}
This reverts commit d607f1e72d.
Reason for revert: Suspected cause of hanging tests:
https://bugs.chromium.org/p/v8/issues/detail?id=6927#c13
Original change's description:
> [Memory] Move GetRandomMmapAddr from base::OS platform to v8::internal.
>
> - Moves GetRandomMmapAddr from platform to v8::internal allocation
> primitives, in preparation for delegating this to the embedder.
> - Adds hint parameters to OS functions that used to use this function.
>
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: Iad72e6eac9c08a3e22c2cd2b2905623b8e514ae0
> Reviewed-on: https://chromium-review.googlesource.com/677777
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48124}
TBR=bbudge@chromium.org,ulan@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:756050
Change-Id: I2c515934906e67b47ceea2863bc2992ac1d23ab3
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/726319
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48701}
Support inlining of Array.prototype.filter in TurboFan.
(relanding with fix for chromium:766635, visible in the
diff between patchsets 2 and 3)
Bug: v8:1956,chromium:766635
Change-Id: Ia50be6770602513e3d91d17e2b2ca9d3b0e8b42a
Reviewed-on: https://chromium-review.googlesource.com/721119
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48697}
This makes the function constexpr and implements it for arbitrary
unsigned integer types (up to 64 bits, but this can be extended if
needed).
R=mstarzinger@chromium.org
Bug: v8:6600, v8:6921
Change-Id: I86d427238fadd55abb5a27f31ed648d4b02fc358
Reviewed-on: https://chromium-review.googlesource.com/718457
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48696}
