This CL removes unnecessary code duplication in the fuzzer code. Instead
of having special testing functions to compile and instantiate a
WebAssembly module, we now just call SyncCompile and SyncInstantiate.
This also fixed a problem when the fuzzer generated a GrowMemory
instruction.
BUG=v8:6474
R=clemensh@chromium.org
Change-Id: I5f2f23349b5866ea67be20a0826271791e1a013e
Reviewed-on: https://chromium-review.googlesource.com/529210
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45851}
This adds support for materializing objects of {JSGeneratorObject} type
during deoptimization. Cases where soft-deopts remove any escaping use
of the implicit generator object can cause it to be escape analyzed.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-732169
BUG=chromium:732169
Change-Id: I2ec10b2a509a4f37a456a8ca2fd74b8de2fb55be
Reviewed-on: https://chromium-review.googlesource.com/530847
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45849}
Explicitly set argument for use_cfi_recover introduced in:
https://codereview.chromium.org/2920963002
This retains the behavior we had in GYP:
Print useful diagnostics, but crash to make the errors show up.
Also set use_cfi_cast=true. In gyp we've set this by default:
-fsanitize=cfi-derived-cast
-fsanitize=cfi-unrelated-cast
In GN it now lives behind the use_cfi_cast flag.
NOTRY=true
TBR=vogelheim@chromium.org
Bug: chromium:726584
Change-Id: If202bc42fff3d5ff398576a114af7a7c3fb3fd2b
Reviewed-on: https://chromium-review.googlesource.com/528175
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45848}
This removes support for disabling TurboFan by default via the build
time {v8_disable_turbo} flag. We no longer need to be able to build
binaries with TurboFan disabled.
R=machenbach@chromium.org
BUG=v8:6408
Change-Id: I4062914c2bf823ab42250595ad67d1dc8da3f1d3
Reviewed-on: https://chromium-review.googlesource.com/528138
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45847}
* add functionality to wasm-module-builder.js to emit the module name
in the name section.
* extend WasmModule to store the module name length and offset.
* add functionality to module-decoder.cc to decode the module name.
* use the module name for printing stack traces. more uses should
follow.
* extend one message test to contain a module name.
R=ahaas@chromium.org
Change-Id: I94e6f1f2eb99cb656a92a85bb7afe0742292046f
Reviewed-on: https://chromium-review.googlesource.com/530366
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45846}
Don't use byte-width instructions when accessing |compiler_hints|
field (only FunctionKind bit field accesses are yet to be fixed).
This CL eases adding new bit fields to the compiler hints field.
Bug: v8:6470
Change-Id: Ibc2dfb42c0bf0df49fcb9e37c10fda789db4c3c8
Reviewed-on: https://chromium-review.googlesource.com/528120
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45844}
Only the CompilationCache doesn't actually specialize the table to the point where it knows how to hash stored keys. This moves the virtual HashForObject down from HashTableKey to CompilationCacheKey, and moves previous virtual implementations to the respective shapes.
Bug: v8:6474
Change-Id: I0a1ae26a224d602d16692d2b09c96a2ab193f07f
Reviewed-on: https://chromium-review.googlesource.com/529110
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45842}
This allows us to just call this method without returning dummy
{nullptr} values or even calling {graph()->NewNode()} afterwards.
R=ahaas@chromium.org
BUG=v8:6474
Change-Id: I6c03eb639dfb635ce791e7d3a731d9dfdf7800a8
Reviewed-on: https://chromium-review.googlesource.com/529308
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45840}
Callables for TF builtins are autogenerated and accessible through
Builtins::CallableFor. This removes the manually written accessors from
CodeFactory.
Bug: v8:6474,v8:5737
Change-Id: I9d8dec97995471c1bb258147220c190bf72e5de8
Reviewed-on: https://chromium-review.googlesource.com/530745
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45839}
For more static type safety: Avoid passing wasm objects as Object and
casting them before use. Use the correct type right away.
R=ahaas@chromium.org
BUG=v8:6474
Change-Id: Id0c486560115dd1a7bd9b6a12d2fb938e06520ef
Reviewed-on: https://chromium-review.googlesource.com/530744
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45838}
The instanceof cache was initially introduced to speed up
x instanceof y
where y is always the same constructor and x is always an object with
the same map. With the introduction of ES2015's @@hasInstance and the
Function.prototype[Symbol.hasInstance] handler (which calls into
OrdinaryHasInstance), this already became quite useless. It doesn't seem
to provide any real value (not sure it ever did for real), but it's
getting in the way of some useful refactorings (i.e. sharing logic
between OrdinaryHasInstance and Object.prototype.isPrototypeOf for
example).
So this CL completely removes the leftover bits of the instanceof cache,
including the GC and SetPrototype logic.
BUG=v8:6479,v8:6474
R=jgruber@chromium.orgTBR=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2932263002
Cr-Commit-Position: refs/heads/master@{#45835}
Sufficient to compile //v8 in Chrome with target_os="fuchsia". Doesn't
link yet, due to missing implementations (primarily VirtualMemory, as
well as a few utility functions).
BUG=chromium:731217
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
Review-Url: https://codereview.chromium.org/2931143002
Cr-Commit-Position: refs/heads/master@{#45831}
It was too early to remove SharedFunctionInfo::kCompilerHintsSize.
TBR=jkummerow@chromium.org
Bug: v8:6470
Change-Id: I6d4ff1399155ebb587896cc2b1f117df14bea082
Reviewed-on: https://chromium-review.googlesource.com/529130
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45827}
Port af76779aa3
Original Commit Message:
This splits the monolithic Apply builtin into several smaller builtins,
namely CallVargargs and ConstructVarargs, which accept a length and a
FixedArray of elements and deal with the actual stack manipulation, and
CallWithArrayLike / ConstructWithArrayLike that deal with getting the
elements from the receiver (for Function.prototype.apply, Reflect.apply
and Reflect.construct), which can now be written using the CSA.
The idea is that these builtins can be reused by TurboFan directly in
the future when we optimize apply better, and that we can also reuse the
core logic in the handling of spread calls/constructs.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4587,v8:5269
LOG=N
Review-Url: https://codereview.chromium.org/2932833002
Cr-Commit-Position: refs/heads/master@{#45826}
Define compiler hints bits as bit fields but not as enum.
This eases adding new bit fields to the compiler hints field.
TBR=marja@chromium.org
Bug: v8:6470
Change-Id: Ia023bab25b925847924c45d5a57f85a14c8f1971
Reviewed-on: https://chromium-review.googlesource.com/529044
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45825}
This CL removes most occurences of "WASM" from outputs and comments in
the code. They are replaced either by "WebAssembly" or (especially in
comments) "wasm". These are the spellings officially proposed on
http://webassembly.org/.
R=ahaas@chromium.org
BUG=v8:6474
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id39fa5e25591678263745a4eab266db546e65983
Reviewed-on: https://chromium-review.googlesource.com/529085
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45824}
Introduce base::make_unique as a replacement for std::make_unique,
introduced in C++14.
Use it in the wasm code base to construct new objects and wrap them in
a unique_ptr, making the code more compact and readable.
R=ahaas@chromium.org
BUG=v8:6474
Change-Id: I2b9c800edc456021b057f1e69d3c144889b1c9f4
Reviewed-on: https://chromium-review.googlesource.com/529167
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45822}
In some [1] cases where a lexical declaration is not allowed, ASI will
cause a `let` at the end of a line to be interpreted as an
identifier. A recent patch [2] to fix up the error messages from
misplaced `let` usage was a little overzealous in triggering
the error, throwing a SyntaxError in this edge case. This patch
restores the ASI behavior, which is permitted in JSC and
SpiderMonkey as well. Thanks to a test262 test from Andre Bargull
for raising this issue.
[1] https://tc39.github.io/ecma262/#sec-expression-statement
[2] https://codereview.chromium.org/2697193007
Bug: v8:3305
Change-Id: I80ae8ad9a8a93389ff1003323f0d3f003e7a8c8e
Reviewed-on: https://chromium-review.googlesource.com/529225
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45817}
And in one case just remove it since it is superflous.
R=mstarzinger@chromium.org
BUG=v8:6474
Change-Id: I60bfac75f5d65a56c7ca8d67923e9314ec703eac
Reviewed-on: https://chromium-review.googlesource.com/529244
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45816}
This reduces confusion with GC write barrier. The word "barrier" is
reserved for GC write barrier and "fence" for memory ordering fence.
BUG=v8:6474
Change-Id: Ic4352f04430eaca742b72db1580ee0a42a1ffefb
Reviewed-on: https://chromium-review.googlesource.com/528103
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45813}
The wasm-code fuzzer used different parameters for the interpreter and
the generated code due to a typo. This typo is fixed by this CL.
R=clemensh@chromium.org
Change-Id: Ia9c72b83e7722e0a8b3fe6efb3f4b32ca5c937ab
Reviewed-on: https://chromium-review.googlesource.com/527447
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45812}
Also, as this is hard to track down, always DCHECK position after ReadBlock().
Change-Id: Ie32c3a311dd8df91f651b6d82ccacc7c95e6fde0
Reviewed-on: https://chromium-review.googlesource.com/528196
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45811}
base::Optional is a replacement for std::optional, until we switch to
C++17 and can use std::optional directly.
The implementation is copied from chromium's base::Optional, but put in
the {v8::base} namespace instead of just {base}. Also, the
specialization of std::hash for base::Optional is omitted, since it's
disallowed in the style guide.
A first use in the AsmJsParser is introduced, if that one sticks, I
will refactor more uses of std::unique_ptr to use base::Optional
instead, avoiding the heap allocation.
R=mstarzinger@chromium.org
BUG=v8:6474
Change-Id: I019599d4bf9ff0105bf592dfb96d6050feba18ae
Reviewed-on: https://chromium-review.googlesource.com/528884
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45810}
ExpressionClassifier was used just for transmitting information back and forth
to DeclareFormalParameters.
As a bonus, we now do the Scope::IsDeclaredParameter check only when we're going
to use the information it produces.
BUG=v8:6092,v8:6474
Change-Id: Ib5ac6a779705caa74e933e1c6f03eaaf0f49bf05
Reviewed-on: https://chromium-review.googlesource.com/455836
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45809}
All the bytecode handlers were added a one test, so we would get a
total on all of the bytecode handler benchmarks. It is not a good
indicator when we total unrelated benchmarks. So added more categories
to group only related benchmarks together. This also makes it easier
to look at the results.
Bug: chromium:730628
Change-Id: I1c5858f40c1ce584c4b7bd833a7f3c52a43d07c6
Reviewed-on: https://chromium-review.googlesource.com/527436
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45808}
The mips/mips64 port of http://crrev.com/2909893002. Original commit message:
DebugInfo was very closely tied to break point support:
* It contained only information relevant to break points.
* It was created and freed by break point implementation.
* Existence of a DebugInfo on the shared function info implied existence of
break points.
This CL is a step towards making DebugInfo usable by other debugging
functionality such as block coverage by decoupling it from break point support,
which is now only one kind of information stored on the DebugInfo object.
BUG=v8:6000
Change-Id: Ia770ff3c048022652d8abbe30d372fde5cb452a4
Reviewed-on: https://chromium-review.googlesource.com/528112
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45807}
This makes popping from the marking deque safe for concurrent marking.
BUG=chromium:694255
Change-Id: I3edf8ece3d3c3dd8f045b3ea2f8196b322a56a54
Reviewed-on: https://chromium-review.googlesource.com/527154
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45806}
In some codes flushing the registers was costly: we processed each
register whereas all the registers alone in their equivalence class need
not to be processed. We now overapproximate easily which classes are of
size 2 so as to save many iterations in the Flush() loop in some cases.
Bug: v8:6432
Change-Id: I945e151736e8a515263ac76312127d930fd20d74
Reviewed-on: https://chromium-review.googlesource.com/525795
Commit-Queue: Alexandre Talon <alexandret@google.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45805}
Use convenient macros for accessing bit fields.
Bug: v8:6470
Change-Id: Iada9779ce56c7ca2e8b6a9617c236e294db7325e
Reviewed-on: https://chromium-review.googlesource.com/527432
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45804}
This removes the ability of the compilation pipeline to invoke the
Crankshaft optimizing compiler for JavaScript functions. Note that in
this state Crankshaft can still be used to compile code stubs.
R=rmcilroy@chromium.org
BUG=v8:6408
Change-Id: I0bec7c8ec7c705c13257df43796403a228ea631c
Reviewed-on: https://chromium-review.googlesource.com/527443
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45803}
In sloppy mode, allow multiply labelled function declarations, such as
a: b: function c() {}
Such a form is allowed by the specification, as well as ChakraCore,
SpiderMonkey and JSC (though ChakraCore because it doesn't enforce
any lexical label restrictions.)
Thanks to Andre Bargull for adding the test262 test which caught the bug.
Change-Id: I2d3f172830c2e63252f00afa03177a7d17d79a27
Reviewed-on: https://chromium-review.googlesource.com/527639
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45802}
