This fixes two places that used the marking write barrier for elements
instead of the new marking write barrier for descriptor array.
This also ensures that revisited objects are marked black.
Bug: v8:8651,chromium:917794
Change-Id: Ifc17ff89686f32ccf61d4b3f764b0ab536c42912
Reviewed-on: https://chromium-review.googlesource.com/c/1406670
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58742}
The JSRegExp's data fixed array is variable size depending on the
regexp kind.
Bug: v8:8572
Change-Id: I8f07b8e8d2a9a81e0905563fb701e1e3687cafb5
Reviewed-on: https://chromium-review.googlesource.com/c/1405034
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58741}
As far as I can tell these were unused; their only callers were arm
and ppc simulators, but codegen explicitly returned nullptr if in a
simulator build, falling back to std::sqrt.
There's more potential cleanup to be done here for other functions
defined in codegen-*.cc files.
Tbr: clemensh@chromium.org
Bug: v8:7777, v8:8675
Change-Id: I4b9d6062c6724a810ab094d09e3cd04a0b733d9b
Reviewed-on: https://chromium-review.googlesource.com/c/1405851
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58740}
This reverts commit fd49c8bb43.
Reason for revert: Speculative revert for:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/24672
Original change's description:
> [heap] Optimize MemoryChunk::FromAnyPointerAddress
>
> Currently this function requires the caller to hold a mutex for the
> large page chunk hashtable and performs a hashtable lookup.
>
> This patch adds a header sentinel field in each MemoryChunk. The field
> is then used to distinguish large object slots from ordinary slots.
>
> Bug: chromium:915233
> Change-Id: I9fbeeb4f07f49573d0a21f9a2cc934370e417d68
> Reviewed-on: https://chromium-review.googlesource.com/c/1391752
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58732}
TBR=ulan@chromium.org,mlippautz@chromium.org
Change-Id: I232729fdfd55baef7de99ea2fd14fbc0a2f71d27
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:915233
Reviewed-on: https://chromium-review.googlesource.com/c/1406671
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58738}
This unifies the code between parser and preparser, and removes more code from
the pattern rewriter.
This makes "var x" without assignment and initializer in a loop pessimistically
marked as assigned, but that seems pretty unlikely since the variable will just
always be undefined. It is also still strictly better than what we had until
very recently since any var outside of the function scope used to be marked as
assigned. Now we only mark such variables as assigned.
Change-Id: Icb37ab249b2a79c2d57a5769bdb964b435cebf62
Reviewed-on: https://chromium-review.googlesource.com/c/1405228
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58736}
Dynamically process the arguments instead of hardcoding them,
which is brittle when they change.
Change-Id: I08f603dc6df6e3ed34518326b67da15f6a6d6102
Reviewed-on: https://chromium-review.googlesource.com/c/1405312
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58733}
Currently this function requires the caller to hold a mutex for the
large page chunk hashtable and performs a hashtable lookup.
This patch adds a header sentinel field in each MemoryChunk. The field
is then used to distinguish large object slots from ordinary slots.
Bug: chromium:915233
Change-Id: I9fbeeb4f07f49573d0a21f9a2cc934370e417d68
Reviewed-on: https://chromium-review.googlesource.com/c/1391752
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58732}
In the degenerate case where we wanted to emit {x = x - x} (where {x}
is any register), ia32 and x64 generated wrong code (producing {-x + -x}
instead). Fix this by special casing this case.
R=ahaas@chromium.org
Bug: chromium:919308
Change-Id: I9cd9818d2a678450ac6530107e7a5cbb625ddb8d
Reviewed-on: https://chromium-review.googlesource.com/c/1405029
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58731}
Found by mjsunit/numops-fuzz-part* tests in stress mode.
Bug: v8:3770
Change-Id: I598885b37624660dabb90f55529615b872d10d93
Reviewed-on: https://chromium-review.googlesource.com/c/1405313
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58729}
Also fix an issue with naming in Array.prototype.filter that
wasn't addressed before.
Change-Id: I7465eda12e6981f46f6efa2efc81183cbdffea01
Reviewed-on: https://chromium-review.googlesource.com/c/1400847
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58728}
This change makes it less likely to pick one of the registers that
are not byte addressable on ia32. This is not a correctness issue but
fixes some code size and runtime regressions.
After the change to prefer registers that are not used in hinting, it
was very likely that one of the registers that are not byte addressable
was chosen, leading to extra code in cases where the carry flags was
materialized as a real boolean value. With this change, we pick the first
register that is not used in hinting, thereby mostly using byte
addressable registers on ia32.
Change-Id: I42968cf3fd7b7db949d275c40d0afeb74b5e48c3
Reviewed-on: https://chromium-review.googlesource.com/c/1404450
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58726}
This avoids having to update either the source code or the generated
test cases each year.
R=ahaas@chromium.org
Change-Id: I33fb85dc4ae7d45f8d05d982e0285d6fd3008a26
Reviewed-on: https://chromium-review.googlesource.com/c/1405032
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58725}
i64 values can be up to 20 characters long (19 + sign), plus we need
one character for the terminating null character. Thus the previous 18
needs to be increased to 21.
Also extend the test to check the longest possible i64 values.
R=ahaas@chromium.orgCC=kozyatinskiy@chromium.org
Bug: v8:8644
Change-Id: Ia9458db162a55dd57b5e8bc7cf7db73c3bab4734
Reviewed-on: https://chromium-review.googlesource.com/c/1404443
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58724}
In {Assembler::and_} we might need to use the scratch register. Thus use
a free LiftoffRegister instead to emit i32 popcnt.
R=ahaas@chromium.orgCC=george.wort@arm.com
Bug: chromium:918284
Change-Id: Ia814899bf6e33dd4989fd09329542b4bc09b48df
Reviewed-on: https://chromium-review.googlesource.com/c/1405036
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58723}
As a follow-up of https://crrev.com/c/1372857 that repordered
the parameters of JSEntry, this CL updates JSEntry for MIPS64 for new
ordering.
Bug: v8:8124
Change-Id: Ia7efab0e22e48cfe36420654bd2b724986202027
Reviewed-on: https://chromium-review.googlesource.com/c/1406528
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58722}
As a follow-up of https://crrev.com/c/1372857 that repordered
the parameters of JSEntry, this CL updates JSEntry for MIPS for new
ordering.
Bug: v8:8124
Change-Id: Ic7f22a4f59b1c15a959a3249b4f13cd8f3f1c331
Reviewed-on: https://chromium-review.googlesource.com/c/1405166
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58721}
This is a reland of 8f83fd0a55
Original change's description:
> [wasm] Fix SIMD boolean reductions on Intel
>
> - Both AllTrue/AnyTrue values should return boolean 0/1
> instead of 0xffffffff to match Spec/Toolchain
> - Fix AllTrue implementation to be correct
> - Add unit tests to spot check return values as the
> cumulative test can coerce some return values to True/False
>
> Change-Id: I84eb73c915414c9ec290e73f1306404ceff729f0
> Bug: v8:8636
> Reviewed-on: https://chromium-review.googlesource.com/c/1404197
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58715}
Bug: v8:8636
Change-Id: Ifc438d7b64bf5d461cc848851165665104fe57d0
Reviewed-on: https://chromium-review.googlesource.com/c/1405909
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58719}
Enable --harmony-object-from-entries by default.
Object.fromEntries is a new standard library method, whose proposal
(https://tc39.github.io/proposal-object-from-entries/) is currently
at stage 3.
It simply creates a JSObject from an iterable collection of key/value
pairs, such that `Object.fromEntries([ [ "a", "b" ] ]) -> { a: "b" }`
BUG=v8:8021
R=gsathya@chromium.org, adamk@chromium.org
Change-Id: I75787fce7ab06704be989576e7850d029ff4c1bf
Reviewed-on: https://chromium-review.googlesource.com/c/1397914
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58718}
- Both AllTrue/AnyTrue values should return boolean 0/1
instead of 0xffffffff to match Spec/Toolchain
- Fix AllTrue implementation to be correct
- Add unit tests to spot check return values as the
cumulative test can coerce some return values to True/False
Change-Id: I84eb73c915414c9ec290e73f1306404ceff729f0
Bug: v8:8636
Reviewed-on: https://chromium-review.googlesource.com/c/1404197
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58715}
If feedback for call site frequency is 0, then the combined frequency
is still 0, even if the current function invocation count is infinity.
Bug: chromium:919754
Change-Id: I97be096b6b38f934fb13f01b2b22e148c539e1c0
Reviewed-on: https://chromium-review.googlesource.com/c/1404445
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58714}
If a species constructor is installed, filter() needs to loop over
the elements of the array in the "slow" way, because it doesn't
know the ElementsKind of the output array. The code failed to
bail out to the slow case for the loop right away on discovering this.
Bug: chromium:920184, chromium:920491
Change-Id: I74496db20a90807b631c1bebe7604d85b199df67
Reviewed-on: https://chromium-review.googlesource.com/c/1405035
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58713}
The concurrent marker can now process all objects.
This patch also eagerly visits the objects that undergo layout
changes. This is because previously such objects were pushed
onto the bailout worklist, which is gone now.
To preserve the incremental step accounting, the patch introduces
a new GC tracer scope called MC_INCREMENTAL_LAYOUT_CHANGE.
Bug: v8:8486
Change-Id: Ic1c2f0d4e2ac0602fc945f3258af9624247bd65f
Reviewed-on: https://chromium-review.googlesource.com/c/1386486
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58712}
Use the right register type for the temporary register.
R=titzer@chromium.org
Bug: v8:6600, chromium:917588
Change-Id: Ia2617f6b406924ca7f496608fd495faf04dff25b
Reviewed-on: https://chromium-review.googlesource.com/c/1403127
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58711}
This changes WebAssembly runtime stub compilation to no longer require
an Isolate parameter. Such stubs are shared between Isolates and hence
must be independent of the concrete Isolate anyways. Also we will soon
generate such stubs from background tasks, where we should not pass an
Isolate parameter either.
R=clemensh@chromium.orgCC=jkummerow@chromium.org
Change-Id: Id9de46cae3fb77946d745a4aeadccac50f6e8350
Reviewed-on: https://chromium-review.googlesource.com/c/1405039
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58710}
Removed the static field and made it an instance field on the
BundleBuilder.
Change-Id: I58a9f4a744654b262a3e47e6873baffb537eb21b
Reviewed-on: https://chromium-review.googlesource.com/c/1404444
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58709}
Using a single bit in the inner function description preparse data of the
parent function we can avoid storing many NULL values for empty inner function
data.
This saves roughly 40KB out of 140KB PreparseScopeData on cnn.com.
Change-Id: Ib6019a8ceb99e772b398198074e171f635c0556e
Reviewed-on: https://chromium-review.googlesource.com/c/1405038
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58708}
Keep track of loop nesting depth on FunctionState and use that to decide
whether to mark var as assigned. That also fixes the weird cornercase where a
loop body can have multiple expressions due to multiple declarations with
independent initializers in a single var-statement.
Change-Id: Ia24affde29e22e9464448fd390062f6dd983faf2
Reviewed-on: https://chromium-review.googlesource.com/c/1405037
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58707}
For desrtucturing assignments from null/undefined, we throw an error
that references the destructuring object literal's property name, e.g.
for
var { x } = null;
we report that we cannot destructure 'x' from null.
Rather than calculating this property during bytecode generation (and
including it in the bytecode as an argument to the type error
constructor), we can calculate it at exception throwing time, by
re-parsing the source in a similar way to the existing call site
rendering.
This slightly decreases bytecode size and slightly decreases the amount
of work the bytecode compiler needs to do. In the future, it could also
allow us to give more detailed error messages, as we now have access to
the entire AST and are on the slow path anyway.
Bug: v8:6499
Change-Id: Icdbd4667db548b4e5e62ef97797a3771b5c1bf72
Reviewed-on: https://chromium-review.googlesource.com/c/1396080
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58706}
Class declarations support structured heap data that is a subtype of
HeapObject. Only fields of Object subtypes (both strong and weak)
are currently supported (no scalar fields yet).
With this CL, both the field list macro used with the C++
DEFINE_FIELD_OFFSET_CONSTANTS macro (to make field offset constants) as
well as the Torque "operator '.field'" macros are generated for the
classes declared in Torque. This is a first step to removing the
substantial amount of duplication and boilerplate code
needed to declare heap object classes.
As a proof of concept, and handful of class field definitions,
including those for non trivial classes like JSFunction, have been
moved to Torque.
Bug: v8:7793
Change-Id: I2fa0b53db65fa6f5fe078fb94e1db3418f908753
Reviewed-on: https://chromium-review.googlesource.com/c/1373971
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58704}
Originally, the NativeModule and the WasmModuleObject were created
together, and the streaming decoder was notified after the
WasmModuleObject was created. A recent CL (https://crrev.com/c/1402544),
however, changed that. The NativeModule gets created before compilation
starts, the WasmModuleObject, however, gets created after compilation.
The streaming decoder only needs the NativeModule to register a callback
before compilation. Therefore this CL we change the notification of the
streaming decoder to receive only the NativeModule, not the
WasmModuleObject, before starting compilation.
R=clemensh@chromium.orgCC=bbudge@chromium.org
Bug: chromium:719172
Change-Id: I4ad879e4ebd2d88174d7e2a0c6359f2836926763
Reviewed-on: https://chromium-review.googlesource.com/c/1404442
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58703}
Mostly signed integer overflows, and a few cases of double
division by zero (which is defined by IEEE-754 to return
Infinity (or NaN for 0/0) but is UB in C++).
In base/ieee754.cc, use constants for NaN and Infinity instead
of computing these values.
In spaces-unittest.cc, ensure that a large enough allocation
is used.
Bug: v8:3770
Change-Id: I50d9a77dc860ef9993b7b269a5f8c117b0f62f9d
Reviewed-on: https://chromium-review.googlesource.com/c/1403454
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58701}
Pipeline::GenerateCodeForWasmNativeStub() currently does not pass
an Isolate to the PipelineData it creates, to ensure that compiled
code does not accidentally depend on a given Isolate. However, this
prevents the assembler from converting ExternalReference accesses to
RootArray offsets. This patch sets the corresponding AssemblerOption.
Bug: v8:3770
Change-Id: Ia4d5269e2e884a0af8abc6d122734f47db045ac0
Reviewed-on: https://chromium-review.googlesource.com/c/1404447
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58700}
Since all categories are now statically defined, there's no need to warm
any of them up explicitly in order for the categories to show up in the
tracing UI.
Depends on https://chromium-review.googlesource.com/c/chromium/src/+/1401273.
Bug: chromium:914579
Change-Id: I8ae8977130ae89d6ee3351194ad258d13f3c14f4
Reviewed-on: https://chromium-review.googlesource.com/c/1402779
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Sami Kyöstilä <skyostil@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58699}
This will make it easier to separate out parameter declaration from other other
parameter scope information tracking.
Change-Id: I8712dd7fc589c84bc1e1a1eab9038af6047b21cd
Reviewed-on: https://chromium-review.googlesource.com/c/1403118
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58698}
This reverts commit 5dee355fe6.
Reason for revert: https://ci.chromium.org/p/v8-internal/builders/luci.v8-internal.ci/v8_linux64_perf_1/4282
Original change's description:
> [test] add perf tests for String.p.startsWith
>
> Add performance tests for String.prototype.startsWith ahead of port to
> torque in order to keep track of how performance is affected.
>
> Bug: v8:8400
> Change-Id: Ifc753a6f13da20c1760e545a99fd693717e3acc6
> Reviewed-on: https://chromium-review.googlesource.com/c/1402934
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58685}
TBR=jgruber@chromium.org,usharma1998@gmail.com
Change-Id: I5855b08fa5e55ab8594185a0a84a26f567e2b9d3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8400
Reviewed-on: https://chromium-review.googlesource.com/c/1404446
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58697}
Mostly signed integer overflows, and a few cases of double
division by zero (which is defined by IEEE-754 to return
Infinity (or NaN for 0/0) but is UB in C++).
Bug: v8:3770
Change-Id: Id92725b0ac57cb357978124a3dc6f477430bc97d
Reviewed-on: https://chromium-review.googlesource.com/c/1403133
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58696}
The 'done' setting dance in BuildFillArrayWithIterator turned out to
not be useful, as the StoreInArrayLiteral call could not ever throw an
exception. Since iterator exceptions count as done, we are guarnteed to
be done as soon as we enter the loop.
Change-Id: Ibe2ba1fcbe383bfcfedb185169890b6931cc7884
Reviewed-on: https://chromium-review.googlesource.com/c/1402792
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58695}
The IteratorClose spec specifies that exceptions in
%GetMethod(iterator.return) are not suppressed by exceptions in the
given continuation (body of a loop, assignments in destructuring),
while exceptions in the execution of iterator.return() are.
This means that we have to split out the property access + a typeof
check to be outside the try-catch, and keep the call inside of it.
The non-split version is only for cases when there is no 'throws'
continuation (as is the case for yield* calling IteratorClose), so
the existing BuildIteratorClose can be renamed to reflect this.
Change-Id: Id71aea4fddd6ffb986bd9aaa09d29615a8800f71
Reviewed-on: https://chromium-review.googlesource.com/c/1402789
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58694}
Mostly signed integer overflows, and a few cases of double
division by zero (which is defined by IEEE-754 to return
Infinity (or NaN for 0/0) but is UB in C++).
Bug: v8:3770
Change-Id: I8007987594ff534ca697c1c3247215a72a001343
Reviewed-on: https://chromium-review.googlesource.com/c/1403132
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58693}
