We cannot change x - y < 0 to x < y, because it would only be safe if
x - y cannot overflow, which we don't know in general.
R=jarin@chromium.org
BUG=v8:5129
Review-Url: https://codereview.chromium.org/2090493002
Cr-Commit-Position: refs/heads/master@{#37164}
Previously only stubs built in the snapshot were checked for having an
eager frame. This caused a regression to creap in on ia32 for
RegExpConstructResultStub. Change test to always check.
Review-Url: https://codereview.chromium.org/2089673002
Cr-Commit-Position: refs/heads/master@{#37162}
Rolling v8/build to f56976d676dfd5597229b21a83a53a58704582bf
Rolling v8/buildtools to 56eaae134648135663c4aa1ed82278572b5f35ef
Rolling v8/tools/mb to 5268873c8c1eebbf1a3aaed7e63f99b600fab65e
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2087933004
Cr-Commit-Position: refs/heads/master@{#37161}
Add a flag to gate experimental support for dynamic code loading and JITing (at runtime in a wasm module).
Enhancing functionality of the indirect function table to support JITing and dynamic linking by allowing additional space to be filled with an "undefined" function signature.
BUG=v8:5044
LOG=N
TEST=None
R=mtrofin@chromium.org,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2049513003
Cr-Commit-Position: refs/heads/master@{#37159}
The GN configs for different optimization levels are confusing and
should probably be reworked, but for now we add a special config
specifically so that we can compile with -O3 when appropriate.
R=brettw@chromium.org, machenbach@chromium.org
BUG=616031, 618678, 621335
Review-Url: https://codereview.chromium.org/2076403002
Cr-Commit-Position: refs/heads/master@{#37158}
Port f47b9e9810
Original commit message:
This adds a new BUILTIN frame type, which supports variable number of
arguments for builtins implemented in hand-written native code (we will
extend this mechanism to TurboFan builtins at some point). Convert the
Math.max and Math.min builtins to construct a BUILTIN frame if required.
This does not yet work for C++ builtins, but that'll be the next step.
R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=v8:4815
LOG=N
Review-Url: https://codereview.chromium.org/2087433003
Cr-Commit-Position: refs/heads/master@{#37157}
Reland of https://codereview.chromium.org/2048703002/
Code like `let a; eval("var a;");` should throw a SyntaxError, not a TypeError
(this caused a test262 failure.). However, the code `eval("function NaN() {}");`
should actually throw a TypeError. This patch changes most cases of
redeclaration errors from TypeError to SyntaxError. See the test
mjsunit/regress/redeclaration-error-types for a thorough analysis with spec
references.
The relevant sections of the spec are ES#sec-globaldeclarationinstantiation and
ES#sec-evaldeclarationinstantiation
BUG=v8:4955
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
R=adamk
Review-Url: https://codereview.chromium.org/2086063002
Cr-Commit-Position: refs/heads/master@{#37156}
Previously, an async arrow function would be parsed if any valid
ConditionalExpression began with the identifier "async", and its following token
was on the same line.
So for example, `async.bar foo => 1` was parsed as a valid async arrow function.
This patch corrects this behaviour by asserting that the following token is a
valid arrow parameters start.
BUG=v8:4483
R=littledan@chromium.org, henrique.ferreiro@gmail.com
Review-Url: https://codereview.chromium.org/2089733002
Cr-Commit-Position: refs/heads/master@{#37154}
Port eff959bb55
Original commit message:
Float32SubMinusZero and Float64SubMinusZero tests are failing because MIPS does not preserve NaN payload according to Wasm spec. Implemented macro-assembler methods that check for NaN operands, and return the qNaN value with preserved payload and sign bits.
TEST=cctest/test-run-wasm/Run_WasmFloat32SubMinusZero, cctest/test-run-wasm/Run_WasmFloat64SubMinusZero
BUG=
Review-Url: https://codereview.chromium.org/2081993002
Cr-Commit-Position: refs/heads/master@{#37151}
Add control dependencies to Projection and Int32Add/SubWithOverflow
operators, to prevent the scheduler from moving the Projection nodes
into the wrong place. This way the instruction selection can combine
the Int32Add/SubWithOverflow operations with the DeoptimizeIf and/or
DeoptimizeUnless nodes. This needs new operators CheckedInt32Add and
CheckedInt32Sub so that we can delay the actual lowering until the
effect/control linearizer.
This also makes CheckIf operator obsolete, so we can drop it.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2082993002
Cr-Commit-Position: refs/heads/master@{#37148}
Adds back simple dead code elimination to the bytecode pipeline.
BUG=v8:4280,chromium:616064
Review-Url: https://codereview.chromium.org/2038083002
Cr-Commit-Position: refs/heads/master@{#37147}
This CL merely sets the --ignition-generators flag to true. This flag is
currently only meaningful in combination with --ignition.
BUG=
Review-Url: https://codereview.chromium.org/2065963002
Cr-Commit-Position: refs/heads/master@{#37144}
Implements:
- WebAssembly object,
- WebAssembly.Module constructor,
- WebAssembly.Instance constructor,
- WebAssembly.compile async method,
- and Module and Instance instance objects.
Also, changes ErrorThrower to support capturing errors in a promise reject.
Since we cannot yet compile without fixing the Wasm memory, and cannot validate a module without compiling, the Module constructor and compile method don't do anything yet but checking that their argument is a suitable BufferSource. Instead of a compiled module, the hidden state of a Module object currently is just that buffer.
BUG=
Review-Url: https://codereview.chromium.org/2084573002
Cr-Commit-Position: refs/heads/master@{#37143}
If all uses of a CheckTaggedHole[convert-hole-to-undefined] node
truncate to word32, we can replace the hole check with a Smi check
and return the result as word32.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2079233006
Cr-Commit-Position: refs/heads/master@{#37142}
This runtime function now also works for Ignition generators. It returns the
source position of the yield at which a suspended generator got suspended. This
works by storing the current bytecode offset at suspension and using an existing
mechanism to map it back to a source position.
TBR=littledan@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2079613003
Cr-Commit-Position: refs/heads/master@{#37140}
Reason for revert:
[Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038
Original issue's description:
> [heap] Avoid the use of cells to point from code to new-space objects.
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=ulan@chromium.org
>
> Committed: https://crrev.com/2d2087b79a293a92a6ed34a2775e481ff2173b3c
> Cr-Commit-Position: refs/heads/master@{#37134}
TBR=titzer@chromium.org,ulan@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2087463004
Cr-Commit-Position: refs/heads/master@{#37139}
Add explicit state in BytecodeSourceInfo to simplify checks for
validity and whether a statement or expression position.
Remove BytecodeSourceInfo::Update which inherited rules for updating
source position information during bytecode building.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2048203002
Cr-Commit-Position: refs/heads/master@{#37136}
Make intrinsic ids a contiguous set of ids so that the switch statement can build
a table switch rather than doing a large if/else tree.
BUG=v8:4822
LOG=N
Review-Url: https://codereview.chromium.org/2084623002
Cr-Commit-Position: refs/heads/master@{#37135}
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.
This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2045263002
Cr-Commit-Position: refs/heads/master@{#37134}
We need to trim the graph before we execute the MemoryOptimizer, because
that just walks the effect chain from Start to End and cannot deal with
dead nodes in the use lists.
R=jarin@chromium.org
BUG=chromium:614292
Review-Url: https://codereview.chromium.org/2080703003
Cr-Commit-Position: refs/heads/master@{#37133}
Base the fast-path in AdjustAmountOfExternalMemory on a value + limit. To
preserve the behavior the limit is just set using kExternalAllocationLimit.
Redo naming of related members.
R=jochen@chromium.org
BUG=chromium:621829
LOG=N
Review-Url: https://codereview.chromium.org/2085893002
Cr-Commit-Position: refs/heads/master@{#37131}
While the EcmaScript specification doesn't define precise values for the
Math constants or the Math functions, we should at least ensure that the
values of the constants and the functions agree, i.e. Math.E should be
exactly the same value as Math.exp(1).
Also make sure that Math.exp(1) returns the expected value; we should
revisit the fdlibm algorithm and figure out why it's wrong in the last
bit.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=chromium:626111,v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2079233005
Cr-Commit-Position: refs/heads/master@{#37128}
port 757221e574ecba543a65f4822c083aa860e030eb(r36876)
original commit message:
Neither globals nor lookup slots can be hole-initialized anymore, thus
removing some dead code from the code generators and runtime-scopes.
BUG=
Review-Url: https://codereview.chromium.org/2086813002
Cr-Commit-Position: refs/heads/master@{#37127}
Yanking out in an effort to reduce dependencies. We probably want to
separate codegen into instance-specific and module-generic purpose -
eventually.
BUG=
Review-Url: https://codereview.chromium.org/2085863003
Cr-Commit-Position: refs/heads/master@{#37126}
port 406146ff5ca274265ee704d73a00c8a8127f75c6(r36870)
original commit message:
This makes sure we do not compile ToNumber stub on demand. This makes it
easier to use during concurrent compilation.
BUG=
Review-Url: https://codereview.chromium.org/2088633003
Cr-Commit-Position: refs/heads/master@{#37125}
port 40b5c1d41f7da58411d5538f26cc736d2f40abe0(r36842)
original commit message:
BUG=
Review-Url: https://codereview.chromium.org/2080873003
Cr-Commit-Position: refs/heads/master@{#37124}
port 3cfcc7e111 (r36786)
original commit message:
It may be that we have a feedback vector, but no literals. In this case
we can store into the OptimizedCodeMap directly instead of using a WeakCell,
because all data in the feedback vector is already held weakly.
The use of a WeakCell in the OptimizedCodeMap is only required when
there are literals which may hold maps strongly.
This is to address a performance regression caused by the creation of
a large number of WeakCells.
BUG=
Review-Url: https://codereview.chromium.org/2081663004
Cr-Commit-Position: refs/heads/master@{#37123}
Rolling v8/build to 7580e8854eb309008f00f115ea0adb13dac454a4
Rolling v8/buildtools to 4dcb5ed1079e7a527061925637b8cc627e289e82
Rolling v8/tools/clang to ea64c667cd841b2c3268bd7dfd223269f3ea23ba
Rolling v8/tools/gyp to 35eafcd939515d51d19556c543f9cf97faf75ee6
Rolling v8/tools/mb to 8b4a59c463a697a3e418c28e85f534e87337ba7f
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2078333005
Cr-Commit-Position: refs/heads/master@{#37121}
When separating compile from instantiation, I accidentally elided size
reporting for wasm functions. This change fixes that (verified with
re-running benchmarks), and also consolidates the responsibility of
size reporting within the instantiation method, away from the various
compile phases.
We should probably rethink this reporting when we move wasm codegen
off the JS Heap, if the wasm module code ends up being shared.
BUG=
Review-Url: https://codereview.chromium.org/2079353002
Cr-Commit-Position: refs/heads/master@{#37120}
Port cbc6adc86c
Original commit message:
Runtime_DeclareLookupSlot is used when generating code for var and function declarations
originating in an eval. Over time, it's accumulated quite a bit of cruft, which this CL removes:
- With legacy const gone, lookup slots never have any property attributes.
- There was a bit signaling that the variable was from an eval, but that was redundant since
DeclareLookupSlot is only used for eval.
- Some Proxy-related code didn't make sense here.
Its name was also not terribly clear: while "LookupSlot" is used in several places, this
particular function is only used for declaring variables and functions inside sloppy eval.
Renamed (and split into two) to make this clear for future archeologists.
Also added various DCHECKs to check the assumptions being made.
R=adamk@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2085623003
Cr-Commit-Position: refs/heads/master@{#37117}
Port c1d01aea11
Original commit message:
Compilation of wasm functions happens before instantiation. Imports are linked afterwards, at instantiation time. Globals and memory are also
allocated and then tied in via relocation at instantiation time.
This paves the way for implementing Wasm.compile, a prerequisite to
offering the compiled code serialization feature.
Currently, the WasmModule::Compile method just returns a fixed array
containing the code objects. More appropriate modeling of the compiled module to come.
Opportunistically centralized the logic on how to update memory
references, size, and globals, since that logic is the exact same on each
architecture, except for the actual storing of values back in the
instruction stream.
R=mtrofin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=v8:5072
LOG=N
Review-Url: https://codereview.chromium.org/2087453002
Cr-Commit-Position: refs/heads/master@{#37116}
