This fixes a crash with a predicate used during stack unwinding of
WebAssembly frames during exception handling. The predicate caused an
observable side-effect in JavaScript during unwinding, code that is
inherently unhandlified and is not allowed to be observable.
The fix actually just removes the entire predicate. This is because the
updated proposal causes all JavaScript exceptions to participate in
WebAssembly exception handling, allowing modelling of "finally" language
constructs to perform cleanup independent of the embedders exception
details.
R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-8095
BUG=v8:8095
Change-Id: Ic03bc45e7b7f4562a431ccf910ee9ddcf558aa48
Reviewed-on: https://chromium-review.googlesource.com/1193445
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55457}
The SharedFeedbackSlot helper class allow bytecodes to share one feedback
slot. The helper will only create the slot on-demand, at the first-use.
This does not encapsulate the use-case of FeedbackSlotCache.
Change-Id: I22aec19d59e52e7395898fa2a59c5c1ec95abbe8
Reviewed-on: https://chromium-review.googlesource.com/1189904
Commit-Queue: Hai Dang <dhai@google.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55452}
This CL re-implements Array.p.lastIndexOf in Torque. The implementation
consists of a generic baseline path and a fast-path for JSArrays with fast
ElementsKinds.
Sparse support for JSArrays was removed.
Bug: v8:7624
Change-Id: I6ae877aaf99fa97a91763b3d60a0ee05623ab085
Reviewed-on: https://chromium-review.googlesource.com/1190345
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55451}
This fixes the wrong JSON data that was not updated by CL 1188572.
Change-Id: I8cf1a040fa7faa95b967f8dc995b8222304f5514
Reviewed-on: https://chromium-review.googlesource.com/1193244
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#55447}
Currently chunked and streaming character streams don't have cloning support as this
requires additional changes on the Blink side.
BUG=v8:8041
Change-Id: I167b3b1cd5ae1ac4038f3715b6a679d3e65d9a85
Reviewed-on: https://chromium-review.googlesource.com/1183429
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55444}
The spec specifies that search and standard can not be valid values
for the collation extension keyword. Instead users are expected to use
the options bag to set the correct usage options.
But, ICU expects the usage option to be set through the collation
extension value.
In this patch, we set the usage option using the collation extension
value in ICU. For resolvedOptions, we filter out this extension value
using ICU to be spec compatible.
Previously, we stored the usage option on the JSCollator instance. But
this patch changes the logic to just look it up from the icu::Collator
when required. This saves one word of memory.
This fails a test262 that was incorrectly fixed. A follow on patch
will fix the test262 test.
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I8c66c6286287e686f4cd152fa1301f9d51c38654
Reviewed-on: https://chromium-review.googlesource.com/1180488
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55437}
"short" external strings are not short, they mean that the external data
pointer is not cached. Rename the various classes and objects to align
with the actual meaning.
Bug: chromium:877044
Change-Id: Ie3d5baa9ad352ac6ca89f5ba1d066760825e4beb
Reviewed-on: https://chromium-review.googlesource.com/1185192
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Benoit L <lizeb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55432}
This patch disables the conditions that cause the test to flake, but
as a band-aid that doesn't fix the underlying issue.
Bug: v8:8084
Change-Id: I46380d0ce4f450c176583330ed760bc3b57b9edc
Reviewed-on: https://chromium-review.googlesource.com/1189822
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Bret Sepulveda <bsep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55426}
This CL changes a constant pool test to include tests for the marker
and the encoded pool size.
Change-Id: Ia5cfd173e5d523a02252fd3b14f302e5c8994881
Reviewed-on: https://chromium-review.googlesource.com/1186626
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55423}
With warmup and/or longer runs, the benchmark results are more reliable.
This CL also splits the benchmark into smaller ones for easier management.
Change-Id: Ieba0734bef841d131b3184938109ca179994e173
Reviewed-on: https://chromium-review.googlesource.com/1188572
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#55422}
- Implement all the I64Atomic operations on ARM
- Change assembler methods to use Registers instead of memory operands
- Move atomics64 test up be tested on all archs, disable tests on MIPS
BUG:v8:6532
Change-Id: I91bd42fa819f194be15c719266c36230f9c65db8
Reviewed-on: https://chromium-review.googlesource.com/1180211
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55416}
If maxLength is larger than String::kMaxLength, we used to throw
immediately. However, we must first look at the filler argument, which
is observable. Moreover, if the filler is empty, we must return the
input unchanged.
Bug: v8:8078
Change-Id: Ic3d135f9e25da56df45b059144e45e19dda9c3d8
Reviewed-on: https://chromium-review.googlesource.com/1188313
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55414}
This allows to replace redundant LoadField's whose type doesn't match
the type of the replacement, by just turning those LoadField's into
TypeGuard's.
Bug: v8:8070
Change-Id: Ia329bb536f8829be27e070e90e9eaae0618dac7a
Reviewed-on: https://chromium-review.googlesource.com/1188131
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55407}
This halfs the test size but also halfs the baseline for the score to
make it comparable.
Bug: v8:7926
Change-Id: Id3769def6a555ef1bddf8dd5e54c04b8652e5b54
Reviewed-on: https://chromium-review.googlesource.com/1188465
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55403}
This method introduces an inherent race because it allows changing
global static flag variables from concurrently running Isolates (or
Workers). Since there are not too many use-cases left, the method in
question can be removed entirely.
R=hpayer@chromium.org
Change-Id: I9798730dd775b04f0bc83f18ed5982672e76e5d5
Reviewed-on: https://chromium-review.googlesource.com/1186731
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55392}
Add location information in heap snapshot for objects where the
constructor can be determined.
Bug: chromium:854097
Change-Id: Ieb2ab70a65809ecc9dfa0d73a33fa57add430465
Reviewed-on: https://chromium-review.googlesource.com/1179156
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55387}
Builtin functions were being logged via both LogCodeObjects and
LogCompiledFunctions. The latter assumes the code in question has a
Name and so would end up logging an unattributable entry. This patch
stops logging that entry.
Bug: v8:8061
Change-Id: Iebc9bfa9618986afdbf8b1b71b64bf17a1f4196a
Reviewed-on: https://chromium-review.googlesource.com/1184923
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Bret Sepulveda <bsep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55379}
This CL fixes the "sort-lengths" benchmark so the ElementsKind of the
array to sort is PACKED_SMI again. This was somehow broken.
R=jgruber@chromium.org
Change-Id: I129e001eae4c88e9f99174b3494193232d933c3f
Reviewed-on: https://chromium-review.googlesource.com/1188122
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55371}
This CL adds a baseline implementation for Array.p.reverse in Torque,
as well as fastpaths for PACKED elements kinds.
Support for sparse JSArrays was removed.
R=jgruber@chromium.org, petermarshall@chromium.org
Bug: v8:7624
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I12900fbbb44746f1c5d36b78be826e14b88b4f69
Reviewed-on: https://chromium-review.googlesource.com/1185600
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55369}
This is a reland of b10a967f4b
Original change's description:
> [wasm] Add feature counter for threads and shared memory
>
> This adds a feature counter for WASM shared memory (i.e. the presence
> of the "shared" bit in a WASM module's memory section) and the usage
> of WASM threads opcodes (i.e. wake/wait and atomics).
>
> This CL also plumbs the WasmFeatures through the compilation pipeline
> to detect features as functions are being compiled.
>
> R=ahaas@chromium.org, ulan@chromium.org
> BUG=chromium:868844
>
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I854f932d3adb16e4fd87196fe2a193950295b856
> Reviewed-on: https://chromium-review.googlesource.com/1186329
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55337}
Bug: chromium:868844
Change-Id: Iac3a38d80fa71aadd7147704669a8fd671ecfae8
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1186343
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55363}
This is a reland of 9e48a24fd9
Original change's description:
> Reland "[array] Move Array.p.sort to Torque and use TimSort instead of QuickSort"
>
> The CL was reverted because it broke some tests in ChromeOS.
>
> > [array] Move Array.p.sort to Torque and use TimSort instead of QuickSort
> >
> > This CL changes the sorting algorithm used in Array.p.sort from
> > QuickSort to TimSort (implemented in Torque).
> >
> > Detailed performance results can be found here: https://goo.gl/4E733J
> >
> > To save on code space, fast-paths are implemented as sets of
> > function pointers instead of specializing generics.
> >
> > R=cbruni@chromium.org, jgruber@chromium.org
> >
> > Bug: v8:7382, v8:7624
> > Change-Id: I7cd4287e4562d84ab7c79c58ae30780630f976de
> > Reviewed-on: https://chromium-review.googlesource.com/1151199
> > Commit-Queue: Simon Zünd <szuend@google.com>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#55003}
>
> Bug: v8:7382, v8:7624
> Change-Id: Ic7a3230f3708177774b0760f08b7659d83ec5505
> Reviewed-on: https://chromium-review.googlesource.com/1184901
> Commit-Queue: Simon Zünd <szuend@google.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55325}
Bug: v8:7382, v8:7624
Change-Id: I297611f45c09967e0f6961156b0c9ebdebc7053f
Reviewed-on: https://chromium-review.googlesource.com/1186801
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55360}
The WasmCompilationData was a struct that served as an input/output
mechanism for communicating with the code generator. In particular,
it contained a flag for enabling runtime exception for WASM in the code
generator and it also gathered the protected instruction info from
the code generator to be communicated to the WasmCodeManager.
This CL inlines the exception support flag into OptimizedCompilationInfo
and the protected instruction information into the code generator,
along the lines of other flags and data structures created by the
code generator.
R=mstarzinger@chromium.org
Change-Id: If436636067f1a829a095310a73045fe3301cb694
Reviewed-on: https://chromium-review.googlesource.com/1186409
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55358}
The test is timing out on the Arm simulator when TimSort is disabled.
NOTRY=true
TBR=sigurds@chromium.org
Bug: v8:7783
Change-Id: I51e159822d0010253a458f0c380c52f27f7fe972
Reviewed-on: https://chromium-review.googlesource.com/1186583
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55354}
No need to create allocation site for array literals in oneshot code since
they are executed only once. The interpreter emits a runtime call to
CreateArrayLiteralWithoutAllocationSite for creating literals in
oneshot code instead.
Change-Id: I285879c84759ff9e2ce281e9548112f52ce5e7d1
Reviewed-on: https://chromium-review.googlesource.com/1167843
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#55349}
This reverts commit b10a967f4b.
Reason for revert: Breaks a TSAN bot - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20TSAN/22122
Original change's description:
> [wasm] Add feature counter for threads and shared memory
>
> This adds a feature counter for WASM shared memory (i.e. the presence
> of the "shared" bit in a WASM module's memory section) and the usage
> of WASM threads opcodes (i.e. wake/wait and atomics).
>
> This CL also plumbs the WasmFeatures through the compilation pipeline
> to detect features as functions are being compiled.
>
> R=ahaas@chromium.org, ulan@chromium.org
> BUG=chromium:868844
>
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I854f932d3adb16e4fd87196fe2a193950295b856
> Reviewed-on: https://chromium-review.googlesource.com/1186329
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55337}
TBR=ulan@chromium.org,titzer@chromium.org,ahaas@chromium.org
Change-Id: Id011b6707b3359598621b315b87171644132b0ab
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:868844
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1186421
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55340}
This adds a feature counter for WASM shared memory (i.e. the presence
of the "shared" bit in a WASM module's memory section) and the usage
of WASM threads opcodes (i.e. wake/wait and atomics).
This CL also plumbs the WasmFeatures through the compilation pipeline
to detect features as functions are being compiled.
R=ahaas@chromium.org, ulan@chromium.org
BUG=chromium:868844
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I854f932d3adb16e4fd87196fe2a193950295b856
Reviewed-on: https://chromium-review.googlesource.com/1186329
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55337}
This CL fixes wrong parentheses that caused the sort-length benchmark
to generate "random" arrays that only contained zeroes.
R=ishell@chromium.org
Change-Id: Ie2a564da037425a4ef9c2417597cdc13b497e32b
Reviewed-on: https://chromium-review.googlesource.com/1186332
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55336}
The CL was reverted because it broke some tests in ChromeOS.
> [array] Move Array.p.sort to Torque and use TimSort instead of QuickSort
>
> This CL changes the sorting algorithm used in Array.p.sort from
> QuickSort to TimSort (implemented in Torque).
>
> Detailed performance results can be found here: https://goo.gl/4E733J
>
> To save on code space, fast-paths are implemented as sets of
> function pointers instead of specializing generics.
>
> R=cbruni@chromium.org, jgruber@chromium.org
>
> Bug: v8:7382, v8:7624
> Change-Id: I7cd4287e4562d84ab7c79c58ae30780630f976de
> Reviewed-on: https://chromium-review.googlesource.com/1151199
> Commit-Queue: Simon Zünd <szuend@google.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55003}
Bug: v8:7382, v8:7624
Change-Id: Ic7a3230f3708177774b0760f08b7659d83ec5505
Reviewed-on: https://chromium-review.googlesource.com/1184901
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55325}
This reverts commit 7dc828b256.
Reason for revert: breaks no-i18n build:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20noi18n%20-%20debug/22340
Original change's description:
> Stop logging Builtin functions as LazyCompile.
>
> Builtin functions were being logged via both LogCodeObjects and
> LogCompiledFunctions. The latter assumes the code in question has a
> Name and so would end up logging an unattributable entry. This patch
> stops logging that entry.
>
> Bug: v8:8061
> Change-Id: I20e5a853b8a214a91191fa644083bac7af9dc2c4
> Reviewed-on: https://chromium-review.googlesource.com/1177759
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Bret Sepulveda <bsep@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55302}
TBR=bsep@chromium.org,jgruber@chromium.org,petermarshall@chromium.org
Change-Id: I27e1ed75fea95914640f9618b1fd0c1fd7d8f6a7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8061
Reviewed-on: https://chromium-review.googlesource.com/1184981
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55305}
Builtin functions were being logged via both LogCodeObjects and
LogCompiledFunctions. The latter assumes the code in question has a
Name and so would end up logging an unattributable entry. This patch
stops logging that entry.
Bug: v8:8061
Change-Id: I20e5a853b8a214a91191fa644083bac7af9dc2c4
Reviewed-on: https://chromium-review.googlesource.com/1177759
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Bret Sepulveda <bsep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55302}
