The ScriptBreakpoint struct was before just holding line, column and
condition. It now additionally holds the scriptId.
This encapsulates information nicer, and allows for easier translation
of wasm locations, since one struct now holds all information needed
for the translation.
BUG=chromium:659715
R=yangguo@chromium.org, kozyatinskiy@chromium.org
Review-Url: https://codereview.chromium.org/2491133003
Cr-Commit-Position: refs/heads/master@{#41044}
In order to address a performance issue.
BUG=v8:5512, chromium:664937
Review-Url: https://codereview.chromium.org/2506003002
Cr-Commit-Position: refs/heads/master@{#41041}
Reason for revert:
This was a speculative fix for perf regressions on Nexus 10 and ChromeOS. However, perf graphs after this landed show no improvement, so we should go back to the smaller, simpler code before.
Original issue's description:
> [Turbofan] CodeGenerator for ARM avoids moves from VFP to general regs.
> - Adds VmovExtended, VswpExtended methods to MacroAssembler. These methods
> use only VFP registers to perform s-register moves.
>
> LOG=N
> BUG=v8:4124
TBR=bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2505003002
Cr-Commit-Position: refs/heads/master@{#41039}
Now that we consistently preparse the parameters of a preparsed
function, these no longer crash.
BUG=5501
Review-Url: https://codereview.chromium.org/2502333002
Cr-Commit-Position: refs/heads/master@{#41038}
The new AccessorAssembler encapsulates all the functionality that's
specific to building LoadIC/StoreIC stubs.
There are two header files (accessor-assembler.h and
accessor-assembler-impl.h) so that clients of the assembler can include
the one, and subclassing assemblers can include the other.
Review-Url: https://codereview.chromium.org/2507733002
Cr-Commit-Position: refs/heads/master@{#41037}
Fixes a bug in ast-graph-builder added in r40965
BUG=chromium:665680
Review-Url: https://codereview.chromium.org/2509643002
Cr-Commit-Position: refs/heads/master@{#41034}
If the strings are both onebyte strings, then use memcmp on the underlying data stores.
BUG=chromium:657747
Review-Url: https://codereview.chromium.org/2502323002
Cr-Commit-Position: refs/heads/master@{#41033}
The operator in question is guaranteed to produce a tagged value that is
not equal to the-hole, it however does not guarantee the value to be a
HeapObject. The correct representation hence is {kTagged}.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-665587
BUG=chromium:665587
Review-Url: https://codereview.chromium.org/2504183002
Cr-Commit-Position: refs/heads/master@{#41032}
The reason is that non-configurability still allows a writable property to become read-only.
BUG=chromium:663750
Review-Url: https://codereview.chromium.org/2508873002
Cr-Commit-Position: refs/heads/master@{#41029}
This is in preparation for introducing more specialized
CodeStubAssembler subclasses. The state object can be handed
around, while the Assembler instances are temporary-scoped.
BUG=v8:5628
Original review: https://codereview.chromium.org/2498073002/
Review-Url: https://codereview.chromium.org/2502293002
Cr-Commit-Position: refs/heads/master@{#41028}
This brings the two utf-8 decoders (bulk + incremental) in line.
Technically, either behaviour was correct, since the utf-8 spec
demands incomplete utf-8 be handled, but does not specify how.
Unicode recommends that "the maximal subpart at that offset
should be replaced by a single U+FFFD," and with this change we
consistently do that. More details + spec references in the bug.
BUG=chromium:662822
Review-Url: https://codereview.chromium.org/2493143003
Cr-Commit-Position: refs/heads/master@{#41025}
Properties can be defined inside the object literal (ES6) or after
object creation. The behavior differes if there are accessors, interceptors
or proxies in the Object prototype chain.
These test cases assure we preserve correct behavior as we
improve performance of definitions in literals.
BUG=v8:5624
Review-Url: https://codereview.chromium.org/2501553002
Cr-Commit-Position: refs/heads/master@{#41024}
Adds a bytecode to set and retrieve the pending message. This avoids a
runtime call in finally blocks, and also ensures that TurboFan builds a
graph using the SetMessage / LoadMessage nodes instead of inserting a
runtime call.
BUG=chromium:662334
Review-Url: https://codereview.chromium.org/2501503005
Cr-Commit-Position: refs/heads/master@{#41023}
Object::GetProperty fails if the given name is a valid array index.
This CL switches to Object::GetPropertyOrElement for lookups of imports.
The new tests check that we now accept numbers as module name or
function name in FFI.
R=ahaas@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2503313002
Cr-Commit-Position: refs/heads/master@{#41022}
We don't need to check for neutered array buffers unless at least one
JSArrayBuffer has been neutered (i.e. detached in TC39 speak). For this
we introduce a protector cell that get's invalidated on first call to
the JSArrayBuffer::Neuter() method.
R=jarin@chromium.org,ulan@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2504163002
Cr-Commit-Position: refs/heads/master@{#41021}
This CL further extends the debug wrapper, migrates around 60 tests, and
removes a few tests that use functionality we will not support anymore.
In more detail:
* Removed tests that use:
* enable/disable individual breakpoints
* invocationText()
* the ScriptCollected event
* showBreakPoints
* evalFromScript (and similar)
* mirror.constructedBy and mirror.referencedBy
* event_data.promise()
* Some frame.evaluate uses were adapted since due to differences between
remote objects (inspector) and mirrors. For instance, exceptions are
currently not recreated exactly, since the inspector protocol does not
give us the stack and message separately. Other objects (such as
'this' in debug-evaluate-receiver-before-super) need to be explicitly
converted to a string before the test works correctly.
* Ensure that inspector stores the script before sending ScriptParsed and
ScriptFailedToParse events in order to be able to use the script from
within those events.
* Better remote object reconstruction (e.g. for undefined and arrays).
* New functionality in wrapper:
* debuggerFlags().breakPointsActive.setValue()
* scripts()
* execState.setVariableValue()
* execState.scopeObject().value()
* execState.scopeObject().property()
* execState.frame().allScopes()
* eventData.exception()
* eventData.script()
* setBreakPointsActive()
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2497973002
Cr-Commit-Position: refs/heads/master@{#41019}
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared doesn't want to compile. Missing export annotation?
Original issue's description:
> [refactoring] Split CodeAssemblerState out of CodeAssembler
>
> This is in preparation for introducing more specialized
> CodeStubAssembler subclasses. The state object can be handed
> around, while the Assembler instances are temporary-scoped.
>
> BUG=v8:5628
TBR=ishell@chromium.org,mstarzinger@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5628
Review-Url: https://codereview.chromium.org/2504913002
Cr-Commit-Position: refs/heads/master@{#41018}
When we have a known JSTypedArray instance at optimization time, i.e. as
in asm.js-like use cases and also when there are global typed arrays that
are tracked via global object property constant tracking, we can generate
more efficient code in that case by specializing to the immutable internal
fields of the JSTypedArray (and the JSArrayBuffer backing it).
R=jarin@chromium.org
BUG=v8:4470,v8:5267
Review-Url: https://codereview.chromium.org/2510553002
Cr-Commit-Position: refs/heads/master@{#41017}
When we don't have a base, and the displacement returned by the
BaseWithIndexAndDisplacement64Matcher cannot be encoded as immediate,
we can still try to utilize the scale factor matching by just using
the displacement as base. This happens when we do indexed memory
accesses to known addresses.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2504123002
Cr-Commit-Position: refs/heads/master@{#41016}
This is in preparation for introducing more specialized
CodeStubAssembler subclasses. The state object can be handed
around, while the Assembler instances are temporary-scoped.
BUG=v8:5628
Review-Url: https://codereview.chromium.org/2498073002
Cr-Commit-Position: refs/heads/master@{#41015}
This was causing array buffer views created by ValueDeserializer to have
uninitialized internal fields, which lead to crashes in layout tests when
Blink tried to read those fields.
For array buffers, JSArrayBuffer::Setup is responsible for this logic
(as well as initializing the V8 fields); this is similar to that.
The runtime already seems to correctly initialize these for script-created
array buffer views as well, which is why this issue was not detected sooner.
Review-Url: https://codereview.chromium.org/2498413002
Cr-Commit-Position: refs/heads/master@{#41014}
Inferred names are currently generated for FunctionLiterals but not generated
for ClassLiterals. Without them, DevTools does not have enough information to
make descriptive descriptions.
E.g.
var x = {y: class{}};
var a = new x.y();
console.log(a);
This shows "Object{}" when it could be more descriptive "x.y {}"
BUG=v8:5621
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
Review-Url: https://codereview.chromium.org/2488193003
Cr-Commit-Position: refs/heads/master@{#41013}
In case of an allocation failure in for-in over holey elements, use precise
number of elements to allocate a smaller buffer for the collected indices.
Drive-by-fix: make is_the_hole accept the isolate for faster checks.
BUG=chromium:609761
Review-Url: https://codereview.chromium.org/2041963003
Cr-Commit-Position: refs/heads/master@{#41010}
ICU now supports uppercasing in Greek via its regular uppercasing API.
So, there's no need to use a slow transliteration API for uppercasing
in Greek.
This CL includes rolling ICU to ICU 58.1.
Besides, drop intl402/Intl/getCanonicalLocales/weird-cases from
test262.status because it passes now with ICU 58.1.
BUG=chromium:637001,v8:5012
Review-Url: https://codereview.chromium.org/2491333003
Cr-Commit-Position: refs/heads/master@{#41009}
Previously, we also used to treat the link as strong, when iterating a promoted
JSFunction.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2506633002
Cr-Commit-Position: refs/heads/master@{#41008}
This CL defines move semantics for String16, and fixes issues with the
hash code not being set correctly on swap or copy.
It also extends the interface by a few handy templates.
All this functionality will be used for the wasm translations, where
String16s are often concatenated and used as keys in hash tables.
BUG=chromium:659715
R=yangguo@chromium.org, kozyatinskiy@chromium.org
Review-Url: https://codereview.chromium.org/2493723003
Cr-Commit-Position: refs/heads/master@{#41007}
Before, we allocated one script per function per instance, and each
script referenced the wasm instance and the function index. Now we only
allocate one script per compiled wasm module, so the script also only
references this WasmCompiledModule, which causes changes to many interfaces.
Instead of fixing the disassemble API only used via debug.js, I decided
to drop it for now. Some later CL will reintroduce it via
DebugInterface.
BUG=v8:5530,chromium:659715
R=yangguo@chromium.org, titzer@chromium.orgCC=jgruber@chromium.org
Review-Url: https://codereview.chromium.org/2493823003
Cr-Commit-Position: refs/heads/master@{#41004}
It always throws an exception in the cases that it fails, so throwing another
doesn't help things.
BUG=chromium:664416
Review-Url: https://codereview.chromium.org/2495393002
Cr-Commit-Position: refs/heads/master@{#40999}
Avoid using the iterator for arrays with fast elements where the iterator has
not been modified.
Only deals with the case where there is a single spread argument.
Improves the six-speed "spread" benchmark to 1.5x slower than baseline es5 implementation, compared to 19x slower previously.
BUG=v8:5511
Review-Url: https://codereview.chromium.org/2465253011
Cr-Commit-Position: refs/heads/master@{#40998}
When generating snapshot on a machine with a different page size than
the target machine, we can run into problems as the v8 page area size
changes. This is because v8 has page guards which depend on os page
size, so if the target has larger os page, v8 page area is smaller and
may not fit the contents.
The solution proposed here is adding a flag, v8_os_page_size, that
would, if used, override local os page size and use the one specified
during snapshot generation.
BUG=
Review-Url: https://codereview.chromium.org/2488403003
Cr-Commit-Position: refs/heads/master@{#40997}
Since the liveness analysis's non-live value clearing rebuilds the state
value trees, we don't need to be smart when creating state values in the
initial graph building. This simplifies both the building and the
iteration over the state values by the liveness analyzer.
Review-Url: https://codereview.chromium.org/2495413003
Cr-Commit-Position: refs/heads/master@{#40996}
