Replace CHECK with throwing exception when no or invalid arguments
are passed to async_hooks.createHook.
Bug: chromium:860481
Change-Id: Ie5a915ee66f2a0ff79c4df5aef94ff883866ecda
Reviewed-on: https://chromium-review.googlesource.com/1127054
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54264}
Fixes V8 correctness failure when there's a proxy in the global object
prototype chain and unsuccessful attempt is made to access a property.
Bug: chromium:849024
Change-Id: I829e1a6c038982b7c7a77f8bdefb61facb4614f0
Reviewed-on: https://chromium-review.googlesource.com/1124446
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54237}
Changes SharedFunctionInfo to store a function_token_offset, relative
to the start_position, instead of the full function_token_position.
This enables us to reduce both FunctionTokenPosition and
ExpectedNofProperties to 16 bits each, saving 32 bits per SFI.
BUG=chromium:818642,chromium:783853
TBR=yangguo@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I45aefcec605c1da502053c23c73564ceaed6c9b5
Reviewed-on: https://chromium-review.googlesource.com/1122982
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54220}
This is a reland of 8e0f67be3f
Previously landed as: 3c4d0316e4 / 1065818
Previously landed as: 8e0f67be3f / 1088890
Original change's description:
> [async] Expose async hooks to d8
>
> This implementation follows the Node.js API as a guideline.
Bug: chromium:850530
Change-Id: I8ba22b11c80328108b197d687826ce0198420c9c
Reviewed-on: https://chromium-review.googlesource.com/1125679
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54191}
We need to push the sign-extended constant instead of just the lower 32
bits. Otherwise, the callee might read stale data from the stack.
Bug: chromium:854011, v8:6600
R=ahaas@chromium.orgCC=rodolph.perfetta@arm.com
Change-Id: Iafcfd6ba9532771615b41215fb4d1a2b85ce5623
Reviewed-on: https://chromium-review.googlesource.com/1124683
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54185}
This CL adds a regression test that will check that the elements
pointer is properly reloaded after the JavaScript comparison
function is called during Array.p.sort.
R=jgruber@chromium.org
Bug: chromium:859809
Change-Id: I15f55fcc1906bd8d0751596e5457367a643b92da
Reviewed-on: https://chromium-review.googlesource.com/1124475
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54174}
This CL adds code to inline the Int8 and Uint8 getters for DataView
objects in TurboFan in js-call-reducer.cc, as well as a new test file.
It already improves execution speed compared to the Torque baseline
implementation, and implements most of the architecture needed
for inlining the other DataView getters and setters as well.
Change-Id: I0e62b98fd6ec995f7db5ec42ea1eff1f03572f97
Reviewed-on: https://chromium-review.googlesource.com/1119909
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#54157}
This CL changes the NumberDictionary fast-path for Array.p.sort to
throw a TypeError when trying to write to a read-only property.
Previously, the fast-path simply bailed to the slow-path which could
swallow the TypeError by accident. I.e. because the fast-path could
leave the array in an inconsistent state that is already sorted.
Example:
let arr = new Array(10);
Object.defineProperty(arr, 0, {value: 2, writable: false});
Object.defineProperty(arr, 2, {value: 1, writable: false});
arr.sort();
The pre-processing step will move the value 1 to index 1: {0: 2, 1: 1}
When trying to swap those 2 values, the fast-path will write the 2 at
index 1, then try to write the 1 at index 0 and fail, bailing to the
slow-path. As the array looks like {0: 2, 1: 2} its already sorted
and the TypeError will not be thrown.
R=jgruber@chromium.org
Bug: v8:7382, v8:7907
Change-Id: I5d2f2d73478fdca066ce1048dcb2b8301751cb1f
Reviewed-on: https://chromium-review.googlesource.com/1122120
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54150}
For spread calls with arrays with double elements but zero length,
we skip the box-as-heapnumber step; so in this corner case the
Call builtin sees a FixedDoubleArray, which is fine because it
doesn't read any of the raw double values from it.
This patch doesn't change the implementation, it only updates the
assert to match reality.
Bug: chromium:856095
Change-Id: I0227f4ccbc6c61c8f5f7669a266ef7a64c6a9a43
Reviewed-on: https://chromium-review.googlesource.com/1117922
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54149}
This correctly serializes {RelocInfo::INTERNAL_REFERENCE} addresses in a
position-independent form, so that they can be properly relocated when
the code is deserialized again. We store the offset within the code in
the serialized stream.
R=clemensh@chromium.org
TEST=mjsunit/wasm/compiled-module-serialization
BUG=chromium:857049
Change-Id: Ie8c84ee67bdfc17a65faa159a21cc1f2a78ac924
Reviewed-on: https://chromium-review.googlesource.com/1122414
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54140}
When parsing a numeric literal in a line like "a=0x0e+b|0;",
currently the scanner consumes the "e+" part (as it thinks
it's the start of an exponent).
In the ECMAScript lexical grammar HexIntegerLiteral cannot
contain exponents, which means the '+' character should be
parsed as a binary operator.
R=bradnelson@chromium.org
BUG=v8:7893
Change-Id: I97a0d4ea2ee1d38a3462efbfaef5eb87b8ea704b
Reviewed-on: https://chromium-review.googlesource.com/1116551
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54132}
This makes sure the reverse tag translation of direct call targets to
respective call tags is properly performed. Otherwise all direct call
end up being deserialized to call the function with index '0'. Ooops!
R=clemensh@chromium.org
TEST=mjsunit/wasm/compiled-module-serialization
BUG=chromium:857049
Change-Id: I37c1ee72b000daec87efdeed08d60a067b1a1b0c
Reviewed-on: https://chromium-review.googlesource.com/1120256
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54124}
This CL fixes the NumberDictionary fast-path in Array.p.sort, when
storing to a read-only property that was never read from.
R=jgruber@chromium.org
Bug: v8:7907
Change-Id: I2b772fb5b1619a94a7d239ba4417ecb7902a167c
Reviewed-on: https://chromium-review.googlesource.com/1119910
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54109}
When storing an indexed property in a typed array, it's necessary to
convert the value to a Number (or to a Bigint) before performing the
bounds check, per
https://tc39.github.io/ecma262/#sec-integerindexedelementset.
This CL adds appropriate type conversions in
Object::SetPropertyInternal (which technically is reached after the
bounds check has already occurred, but this isn't observable yet ---
In the future, once OOB accesses on TypedArrays actually throw, this
will need to be refactored again), and in StoreFastElementStub, and
ElementsTransitionAndStoreStub (via CSA::EmitElementStore).
The change was not necessary in TurboFan, as
JSNativeContextSpecialization already performs the value conversion
before the boundscheck.
The result is some fixed test262 tests, and some new test coverage
for this behaviour in mjsunit.
BUG=v8:7896, v8:5327
R=neis@chromium.org, jkummerow@chromium.org, gsathya@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ibe6bec24c72ef6a4fd3e77d5bcafa03737f4c5e3
Reviewed-on: https://chromium-review.googlesource.com/1117372
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54096}
Supporting postMessage from WebAssembly.Module requires implementing
some logic in the ValueSerializer and ValueDeserializer delegates. This
change implements some simple logic for d8.
This change also fixes a DCHECK that occurs when sending a shared
WebAssembly.Memory object to two Workers.
Bug: chromium:857049
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idddb23a48175c7175967af3fbc03d8572452a069
Reviewed-on: https://chromium-review.googlesource.com/1117871
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54093}
When run locally, one times out and the other runs out of stack space.
R=sigurds@chromium.org
Change-Id: I7cc1aa9bb0857f12ac46baf80de18a2c5175b8b9
Reviewed-on: https://chromium-review.googlesource.com/1118231
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54087}
Previously the KeyAccumulator incorrectly reused the filter properties when
collecting the keys of a proxy target. This led to incorect behavior where for
instance non-enumerable properties were filtered too early.
Bug: v8:7818
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I9b43b65be168ef0975fea9245d433a54338d228e
Reviewed-on: https://chromium-review.googlesource.com/1113743
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54008}
The upstream test suite for Unicode property escapes [1] is exhaustive
and is updated soon after every new release of the Unicode Standard.
It is then upstreamed into Test262.
This patch simplifies our own Script_Extensions tests and the script
used to generate them. Now, only a few code points are tested for each
Script_Extension. This avoids unnecessary friction every time ICU
is updated based on a new Unicode version.
[1] https://github.com/mathiasbynens/unicode-property-escapes-tests
[2] https://github.com/tc39/test262/tree/master/test/built-ins/RegExp/property-escapes
Bug: chromium:850334, v8:7825
Change-Id: I792d6848ef48b41ea5e9db18b777040d019822f3
Reviewed-on: https://chromium-review.googlesource.com/1112250
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54003}
This is a reland of ada648006b, fixed
for 32 bit architectures (register pairs).
Original change's description:
> [Liftoff] Fix register use count
>
> In {SetLocalFromStackSlot}, we decrement the use count of the register
> in the target slot without updating this slot, and then call
> {GetUnusedRegister}. At that point, the register use counts do not
> match the cache state, which leads to errors later on.
> This CL fixes this by marking the target slot as a stack slot after
> reducing the register use count.
>
> It also adds a Validation which helped to find that error and will
> catch similar errors earlier.
>
> R=titzer@chromium.org
>
> Bug: chromium:854050, v8:6600
> Change-Id: I74d3a5aa947ec4247d7b4557567f642bf4082316
> Reviewed-on: https://chromium-review.googlesource.com/1111958
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53976}
TBR=titzer@chromium.org
Bug: chromium:854050, v8:6600
Change-Id: Ibc8801737e9604a8490382c569b0378585625376
Reviewed-on: https://chromium-review.googlesource.com/1112238
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53981}
This reverts commit ada648006b.
Reason for revert: Failure with slow dchecks: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/20982
Original change's description:
> [Liftoff] Fix register use count
>
> In {SetLocalFromStackSlot}, we decrement the use count of the register
> in the target slot without updating this slot, and then call
> {GetUnusedRegister}. At that point, the register use counts do not
> match the cache state, which leads to errors later on.
> This CL fixes this by marking the target slot as a stack slot after
> reducing the register use count.
>
> It also adds a Validation which helped to find that error and will
> catch similar errors earlier.
>
> R=titzer@chromium.org
>
> Bug: chromium:854050, v8:6600
> Change-Id: I74d3a5aa947ec4247d7b4557567f642bf4082316
> Reviewed-on: https://chromium-review.googlesource.com/1111958
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53976}
TBR=titzer@chromium.org,clemensh@chromium.org
Change-Id: I5b8d8d405dcd7f82ee431cba290419425b9859a1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:854050, v8:6600
Reviewed-on: https://chromium-review.googlesource.com/1112277
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53979}
In {SetLocalFromStackSlot}, we decrement the use count of the register
in the target slot without updating this slot, and then call
{GetUnusedRegister}. At that point, the register use counts do not
match the cache state, which leads to errors later on.
This CL fixes this by marking the target slot as a stack slot after
reducing the register use count.
It also adds a Validation which helped to find that error and will
catch similar errors earlier.
R=titzer@chromium.org
Bug: chromium:854050, v8:6600
Change-Id: I74d3a5aa947ec4247d7b4557567f642bf4082316
Reviewed-on: https://chromium-review.googlesource.com/1111958
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53976}
Cleanup decoding of flags so that invalid flags for sections other than
memory are caught correctly.
Bug: chromium:853453
Change-Id: Ia347d5f7672eee93ca3f6a743f06fba629f55cb5
Reviewed-on: https://chromium-review.googlesource.com/1104976
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53972}
Before flipping the flag, some tests need to be adapted. This CL
prepares these tests, such that the flag flip CL really just flips a
flag.
R=titzer@chromium.org, hablich@chromium.org
Bug: v8:6600, chromium:787421
Change-Id: I8030df69cda5f3fb81354350a37f65c0d1c669bd
Reviewed-on: https://chromium-review.googlesource.com/1110363
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53959}
Also add a DCHECK to a branch that can only be taken for the null
prototype.
R=sigurds@chromium.org
Change-Id: Ib94fe8f25ecfd1a4baa576915e6edfa60bcd771b
Reviewed-on: https://chromium-review.googlesource.com/1109961
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53939}
This CL fixes a bug where execution would continue on a fast-path
even though a previous recursion step bailed to the slow path. This
would allow possibly illegal loads that could leak to JS.
Drive-by change: Instead of bailing to the slow-path on each recursion
step, we now bail completely and start the slow-path afterwards.
R=cbruni@chromium.org, jgruber@chromium.org
Bug: chromium:854299, v8:7382
Change-Id: Ib2fd5d85dbd0c3894d7775c4f62e053c31b5e5d1
Reviewed-on: https://chromium-review.googlesource.com/1107702
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53892}
This CL fixes a bug that allowed OOB read/stores on fastpaths when
a comparison function caused the underlying FixedArray to change
while keeping the elements kinds and size property on the original
JSArray the same.
R=jgruber@chromium.org
Bug: chromium:852592
Change-Id: I09af357d10e7f41e75241e4c87430fc9aa806f8c
Reviewed-on: https://chromium-review.googlesource.com/1104158
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53811}
Reading up on the bug description, this is a test
that is triggered by TurboFan execution. This can
be done with natives and does not need excessive
loop iterations. Additionally, we have a more specific
regression test for the original issue in the repo:
http://crrev.com/c/584837
Bug: v8:7783
Change-Id: Id022b515b663e6fb897acb29f43ef92b70b547b8
Reviewed-on: https://chromium-review.googlesource.com/1101018
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53799}
This CL moves the remaining runtime DataView getters to Torque,
namely DataViewGetBigInt64/BigUint64, and removes the associated
runtime code that is now unneeded.
All of the DataView getters are now implemented in Torque, which brings
a nice performance improvement over the former C++ builtin code.
Change-Id: I35cf2eabce3c79cc0d3200e7f24dbe0c3e5c2804
Reviewed-on: https://chromium-review.googlesource.com/1092736
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53765}
Byte offset can be outside of Smi range and must be loaded as a Number
rather than a Smi.
Bug: chromium:852258
Change-Id: Ida6e07ba68a050d4f5a9f28500986cc67c619b4c
Reviewed-on: https://chromium-review.googlesource.com/1100886
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53748}
We assumed that if the ErrorThrower is empty after instantiation, then
instantiation succeeded and an instance exists which we can return.
However, if the start function throws, no instance exists, which caused
a crash. With this CL we handle execeptions thrown by the start
function correctly.
R=clemensh@chromium.org
Bug: chromium:848966
Change-Id: I51dc94e6bc563aa4a4b88c44a14e831af913fbd8
Reviewed-on: https://chromium-review.googlesource.com/1092234
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53687}
Mutable globals are now included in the wasm v1 spec.
Bug: v8:7625
Change-Id: Ib9b92d8348102f99a3b92820d0057b2c11a1e49a
Reviewed-on: https://chromium-review.googlesource.com/1095650
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53683}
This is a reland of a229e12101
The original commit broke a layout test in Blink. The test in Blink
has been marked to be skipped and will be updated once this patch
lands.
See https://chromium-review.googlesource.com/c/chromium/src/+/1097455
Original change's description:
> [builtins] set DataView.length to 1
>
> Refs: https://github.com/tc39/ecma262/pull/1131
> Test: test262/built-ins/DataView/length
> Bug: v8:7816
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I66a06734bd32cd2043a8d04728b2185f6093bd69
> Reviewed-on: https://chromium-review.googlesource.com/1094980
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53649}
Bug: v8:7816
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: If63be80523a68d3a2b515fe1d55a243d2dd2a9b2
Reviewed-on: https://chromium-review.googlesource.com/1097568
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53682}
Mutable globals are stored in the instance differently, so they must be
exported differently as well.
Also fix a counting bug that occurred when a module contained a global
and an imported mutable global (CalculateGlobalOffsets is called
twice).
Bug: v8:7625
Change-Id: I1cd7ef5d6ff7cb7e09239035f89d7b36d0436063
Reviewed-on: https://chromium-review.googlesource.com/1096673
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53681}
This CL re-enables a mjsunit test for some simulator configurations
after Array.p.sort pivot selection improvements have landed.
R=jgruber@chromium.org
Bug: v8:7795
Change-Id: I03599c34e34a0bafd5f276b03aa4f059a8078026
Reviewed-on: https://chromium-review.googlesource.com/1096764
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53660}
For errors, it just printed "Failure: expected <Error()> found
<Error()>" and completely omitted the specific error type and the
message.
The new output is:
Failure:
expected:
Error(Error: my explicit error)
found:
Error(ReferenceError: ffi is not defined)
R=mstarzinger@chromium.org
Change-Id: Ie17a97e4413c4585b9560fd1c408018ee8c06701
Reviewed-on: https://chromium-review.googlesource.com/1092746
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53625}
This is a reland of 91bab5588c
This CL contains two major changes w.r.t to the original CL:
The random state is removed from the Smi root list and we pre-seed the RNG
on each sort with the length of the array.
To cut down on the length of the arguments list and to keep track of the
random state across recursive calls, we move most of the sort arguments into
a FixedArray and reload from the array for each recursion.
Original change's description:
> [array] Use random middle element to determine pivot during sorting
>
> This CL adds a "random state" to the Smi Root list and implements a
> basic Linear congruential pseudo random number generator in Torque.
>
> The RNG is used to determine the pivot element for sorting. This will
> prevent the worst cases for certain data layouts.
>
> Drive-by-fix: Make sorting of ranges and execution pauses for profviz
> deterministic by adding a secondary sorting criteria.
>
> Bug: v8:7382
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ieb871e98e74bdb803f821b0cd35d2f67ee0f2868
> Reviewed-on: https://chromium-review.googlesource.com/1082193
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Simon Zünd <szuend@google.com>
> Cr-Commit-Position: refs/heads/master@{#53524}
Bug: v8:7382
Change-Id: Ia7bef7ed1c0e904ffe43bc428e702f64f9c6a60b
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1087888
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53583}
This CL adds the simplest version of a trap handler fallback. At
instantiation time, we check whether the module was compiled to use
trap handlers and the memory is guarded. If the memory is not guarded
but the module is supposed to use trap handlers, we recompile the
module with bounds checks so that we can use an unguarded memory.
The compiled module is replaced with a bounds checking version, meaning
future instances from this module will also use bounds checks.
Some likely desirable features that are current missing but can be
added future CLs include:
* Disabling trap handler mode entirely.
* Recompiling all old instances so that trap handler and bounds checked
code does not coexist in the same process.
Bug: v8:7143
Change-Id: I161fc0d544133b07dc4a93cc6af813369aaf3efe
Reviewed-on: https://chromium-review.googlesource.com/1018182
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53566}
The typical use of assertThrowsEquals is to check that a specific
object is thrown. However, assertEquals only does a proper equality
check for primitive types, not for complex types. Using assertSame
does a reference equality check on objects, which is more what you
would expect from assertThrowsEquals. For exception kind testing,
assertThrowsEquals actually did not work correctly, assertThrows is
better for that case.
R=clemensh@chromium.org, mythria@chromium.org
Change-Id: I24fb22e75fa33ebe90eb4bae40825119a054bba5
Reviewed-on: https://chromium-review.googlesource.com/1087952
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53556}
This reverts commit 91bab5588c.
Reason for revert: Seems to break a layout test:
https://ci.chromium.org/buildbot/client.v8.fyi/V8-Blink%20Linux%2064/23895
See also:
https://github.com/v8/v8/wiki/Blink-layout-tests
Original change's description:
> [array] Use random middle element to determine pivot during sorting
>
> This CL adds a "random state" to the Smi Root list and implements a
> basic Linear congruential pseudo random number generator in Torque.
>
> The RNG is used to determine the pivot element for sorting. This will
> prevent the worst cases for certain data layouts.
>
> Drive-by-fix: Make sorting of ranges and execution pauses for profviz
> deterministic by adding a secondary sorting criteria.
>
> Bug: v8:7382
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ieb871e98e74bdb803f821b0cd35d2f67ee0f2868
> Reviewed-on: https://chromium-review.googlesource.com/1082193
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Simon Zünd <szuend@google.com>
> Cr-Commit-Position: refs/heads/master@{#53524}
TBR=hpayer@chromium.org,cbruni@chromium.org,jgruber@chromium.org,szuend@google.com
Change-Id: I54f5d3f719428fd089ff12ff217d1c819f9ad1f7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7382
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1088506
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53542}
`date` could be outside the int32_t range and thus FastD2I may not be
used.
Bug: chromium:849663
Change-Id: I96a012b40d35ec8f80e449e4e687b0ce7b572d5e
Reviewed-on: https://chromium-review.googlesource.com/1087063
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53526}
This CL adds a "random state" to the Smi Root list and implements a
basic Linear congruential pseudo random number generator in Torque.
The RNG is used to determine the pivot element for sorting. This will
prevent the worst cases for certain data layouts.
Drive-by-fix: Make sorting of ranges and execution pauses for profviz
deterministic by adding a secondary sorting criteria.
Bug: v8:7382
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ieb871e98e74bdb803f821b0cd35d2f67ee0f2868
Reviewed-on: https://chromium-review.googlesource.com/1082193
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53524}
date in Makeday should be converted to integer.
https://www.ecma-international.org/ecma-262/5.1/#sec-15.9.1.12
Bug: v8:7475,chromium:846723
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I3aa725e7ce1822345502284aec919695c4ca084d
Reviewed-on: https://chromium-review.googlesource.com/1080110
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53516}
This is a reland of df1676e616
Original change's description:
> [array] Implement Array.p.sort in Torque
>
> This CL implements a generic baseline version and 3 fastpaths, for
> various elements kinds, of Array.p.sort in Torque. Details can be found
> in the Design Doc: https://goo.gl/Ge321G.
>
> Performance impact on micro benchmarks depends on the element kind
> and whether the user provides a comparison function.
> For HoleySmi/HoleyElement we have a speedup between 1.5-1.8 across
> the board. For Dictionary we are slower in all micro benchmarks (0.7).
> For PackedSmi it depends on the call site and whether or not a
> comparison function is used.
>
> Detailed numbers: https://goo.gl/mTyPSb
>
> Bug: v8:7382
> Change-Id: I50acabd2032af0bc01d36b0de0f555d66be56a7e
> Reviewed-on: https://chromium-review.googlesource.com/1061523
> Commit-Queue: Simon Zünd <szuend@google.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53481}
Bug: v8:7382,v8:7806,chromium:849293
Change-Id: I176cb660d92eb174bd91685cb0a39f50c4cbaa69
Reviewed-on: https://chromium-review.googlesource.com/1086827
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53511}
This reverts commit df1676e616.
Reason for revert: https://crbug.com/v8/7382#c26
Original change's description:
> [array] Implement Array.p.sort in Torque
>
> This CL implements a generic baseline version and 3 fastpaths, for
> various elements kinds, of Array.p.sort in Torque. Details can be found
> in the Design Doc: https://goo.gl/Ge321G.
>
> Performance impact on micro benchmarks depends on the element kind
> and whether the user provides a comparison function.
> For HoleySmi/HoleyElement we have a speedup between 1.5-1.8 across
> the board. For Dictionary we are slower in all micro benchmarks (0.7).
> For PackedSmi it depends on the call site and whether or not a
> comparison function is used.
>
> Detailed numbers: https://goo.gl/mTyPSb
>
> Bug: v8:7382
> Change-Id: I50acabd2032af0bc01d36b0de0f555d66be56a7e
> Reviewed-on: https://chromium-review.googlesource.com/1061523
> Commit-Queue: Simon Zünd <szuend@google.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53481}
TBR=cbruni@chromium.org,jgruber@chromium.org,szuend@google.com
Change-Id: I4c1b32a434d49caba67c80bccb068390607f90a2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7382
Reviewed-on: https://chromium-review.googlesource.com/1085407
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53494}
This makes stack checks in WasmCode independent of the underlying
Isolate by loading the limit address from the WasmInstanceObject instead
of embedding it into the instruction stream. It hence removes the last
use of the Isolate field from WasmGraphBuilder.
Additionally this introduces the notion of a "runtime stub" which
represents stub code global to the NativeModule that can be directly
called from each WasmCode in the same module. These stubs can act as
trampolines via which Isolate-independent WasmCode can enter other V8
builtins or runtime functions that remain Isolate-dependent. They will
eventually replace the current "trampoline" in a NativeModule.
R=titzer@chromium.org
BUG=v8:7424
Change-Id: Ie1f5582ee656b1ab7716ea06316d6e21a0268e74
Reviewed-on: https://chromium-review.googlesource.com/1078732
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53487}
This CL implements a generic baseline version and 3 fastpaths, for
various elements kinds, of Array.p.sort in Torque. Details can be found
in the Design Doc: https://goo.gl/Ge321G.
Performance impact on micro benchmarks depends on the element kind
and whether the user provides a comparison function.
For HoleySmi/HoleyElement we have a speedup between 1.5-1.8 across
the board. For Dictionary we are slower in all micro benchmarks (0.7).
For PackedSmi it depends on the call site and whether or not a
comparison function is used.
Detailed numbers: https://goo.gl/mTyPSb
Bug: v8:7382
Change-Id: I50acabd2032af0bc01d36b0de0f555d66be56a7e
Reviewed-on: https://chromium-review.googlesource.com/1061523
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53481}
This was renamed recently in the spec.
Change-Id: I825e47e8b4113ddb2c3356ee8e7663705ba65e1c
Reviewed-on: https://chromium-review.googlesource.com/1079851
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53448}
Compress the parameter count (and function length) stored in
SharedFunctionInfo to a uint16_t. This limits us to 2^16 - 1 parameters
per function, minus one for the "don't adapt arguments" sentinel value,
which is one fewer than Code::kMaxArguments was already. Anyway, 65534
arguments should be enough for anyone!
This drops SFI size by 4 bytes.
Bug: chromium:818642
Change-Id: I126bfb24453dcdc5087a104d3a12cf195a56fa9f
Reviewed-on: https://chromium-review.googlesource.com/1076627
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53447}
The regression test 2185-2 measured the Array.p.sort time for various
pre-sorted data configurations. This CL adds the various data
configurations to the ArraySortPreSorted benchmark and removes the
regression test altogether.
R=cbruni@chromium.org, jgruber@chromium.org
Change-Id: I6e2eb235e4a7578f4a107229bfc6a9e89a3aa5e3
Reviewed-on: https://chromium-review.googlesource.com/1076188
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53420}
This loads references to {null} values from the instance object instead
of embedding them into the generated code. It is one step towards making
the {WasmCode} objects independent of the Isolate.
Note that this also fixes an issue with the serializer/deserializer that
failed to properly serialize {null} values and accidentally collapsed
them to {undefined} values instead.
R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-7785
BUG=v8:7424,v8:7785
Change-Id: Ie436c2d96890e7c8c89ffe2bd4189a759254775b
Reviewed-on: https://chromium-review.googlesource.com/1070981
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53352}
At the moment, WebAssembly.instantiate(bytes) is implemented by
desugaring it to WebAssembly.compile(bytes).then(WebAssembly.instantiate).
The problem is that the {then} in this snippet is observable. With this
CL I introduce a CompilationResultResolver which allows to do the
desugaring internally and thereby make the {then} unobservable.
Unfortunately the result of WebAssembly.instantiate(bytes) is different
than the result of WebAssembly.instantiate(module). Therefore I also
introduced an InstantiationResultResolver for symmetry with
WebAssembly.compile.
R=mstarzinger@chromium.org
Bug: chromium:837417
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2d98e03d65f2ada19041d5a9e2df5da91b24ccca
Reviewed-on: https://chromium-review.googlesource.com/1059783
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53347}
The slow test tests SmiLexicographicCompare on a large number of Smi comparisons;
we can disable this test for some debug/noopt builds without losing much coverage.
Bug: v8:7783
Change-Id: Iab40e596604bb957b4d3312073ad85dbac08c6a0
Reviewed-on: https://chromium-review.googlesource.com/1068190
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53333}
The timeout in the test is close to execution time in debug mode so it
fails occasionally. The test is measuring array slice algorithm
performance but changes unrelated to it affect the test result in debug
mode, therefore it should be skipped.
BUG=v8:7726
TEST=regress/regress-165637
Change-Id: Ib330d8e3c0d3f6a1150ccb59b60d17a41b87df87
Reviewed-on: https://chromium-review.googlesource.com/1071576
Commit-Queue: Miran Karić <miran.karic@mips.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53326}
This CL uses the new function pointers and generic features of Torque
to improve the performance of TypedArray.p.sort.
Instead of one Load/Store builtin that dispatches at runtime based on
the element kind, there are now many small builtins (one for each
element kind). The sorting algorithm then uses function pointers to
those small builtins, which get set once.
Changes in the relevant benchmarks:
Benchmark Original (JS) Current This CL
IntTypes 83.9 202.3 240.7
BigIntTypes 32.1 47.2 53.3
FloatTypes 99.3 109.3 129.3
Bug: v8:7382
Change-Id: I8684410524d546615b19f6edcbfdc615068196aa
Reviewed-on: https://chromium-review.googlesource.com/1070069
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53322}
Instead use the canonical empty fixed array. Some code assumes
that this is the only fixed array of length 0.
Bug: chromium:843062
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: If780acf50147c061a81f2ff2b31779fbd1c78559
Reviewed-on: https://chromium-review.googlesource.com/1064052
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53320}
