The code-generator used i.InputInt6 to get the mask-width from the
instruction. However, thereby 64 got wrapped to 0, which is an invalid
mask width. I changed the i.InputInt6 to an i.InputInt32, which should
be okay because the mask-width comes from base::bits::CountPopulation64.
BUG=v8:6122
R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com
Review-Url: https://codereview.chromium.org/2755373002
Cr-Commit-Position: refs/heads/master@{#43927}
Default to the chromium-internal build config (instead of the more
permissive no_chromium_code config).
BUG=v8:5878
Review-Url: https://codereview.chromium.org/2758563002
Cr-Commit-Position: refs/heads/master@{#43909}
Parse tasks are still WIP so there is really no benefit turning them on.
Turn off irrelevant tests.
Fix duplicate parameters inverted logic.
Fix use_counts tracking.
Fix language mode, super_property, evals.
Fix modules and stack overflow.
BUG=v8:6093
Change-Id: I8567b36eef7b9de6799789e7520810bde9c86e5b
Reviewed-on: https://chromium-review.googlesource.com/455916
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43903}
This CL renames all occurrences of "internal field" to "embedder field"
to prevent confusion. As it turns out, these fields are not internal to
V8, but are actually embedder provided fields that should not be mucked
with by the internal implementation of V8.
Note that WASM does use these fields, and it should not.
BUG=v8:6058
Review-Url: https://codereview.chromium.org/2741683004
Cr-Commit-Position: refs/heads/master@{#43900}
This is a first stab at extending the existing early lowering approach
to property access operations. Currently we only handle the case where
named property loads are lowered to a soft deoptimize operation, due to
insufficient type feedback.
R=jarin@chromium.org
Change-Id: I779ffb99978023237da5ad9eaf0241fe74243882
Reviewed-on: https://chromium-review.googlesource.com/456316
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43899}
This is a first step towards moving Turbofan code generation off the main thread.
Summary of the changes:
- AssemblerBase no longer has a pointer to the isolate. Instead, its
constructor receives the few things that it needs from the isolate (on most
architectures this is just the serializer_enabled flag).
- RelocInfo no longer has a pointer to the isolate. Instead, the functions
that need it take it as an argument. (There are currently still a few that
implicitly access the isolate through a HeapObject.)
- The MacroAssembler now explicitly holds a pointer to the isolate (before, it
used to get it from the Assembler).
- The jit_cookie also moved from AssemblerBase to the MacroAssemblers, since
it's not used at all in the Assemblers.
- A few architectures implemented parts of the Assembler with the help
of a Codepatcher that is based on MacroAssembler. Since the Assembler no
longer has the isolate, but the MacroAssembler still needs it, this doesn't
work anymore. Instead, these Assemblers now use a new PatchingAssembler.
BUG=v8:6048
Review-Url: https://codereview.chromium.org/2732273003
Cr-Commit-Position: refs/heads/master@{#43890}
Since TrapIf has been implemented on all platforms, there is no need
anymore for the old WasmTrapHelper code. This CL also removes
TrapIf-specific tests.
R=titzer@chromium.org, clemensh@chromium.org
Change-Id: Ic069598441b7bd63bde2e66f4e536abea5ecebe6
Reviewed-on: https://chromium-review.googlesource.com/452380
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43887}
test-unboxed-doubles/WriteBarrierObjectShiftFieldsRight recently started
failing on arm64-nosnapshot builds due to a broken CHECK.
# Fatal error in ../../test/cctest/test-unboxed-doubles.cc, line 1417
# Check failed: heap->InNewSpace(*obj_value).
It expects the result of Factory::NewJSArray() to be in new
space; but NewJSArray encapsulates two allocations so the return value can
actually be in old space. Fix it by ensuring only one allocation occurs.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2759433002
Cr-Commit-Position: refs/heads/master@{#43886}
DetachArrayBuffer makes incorrect assumptions about the state of the ArrayBuffer. It assumes that that the ArrayBuffer is internal to wasm unless guard pages are enabled, this is not the case as the ArrayBuffer can be externalized outside of wasm, in this case through gin.
BUG=chromium:700384
Review-Url: https://codereview.chromium.org/2754153002
Cr-Commit-Position: refs/heads/master@{#43880}
- Change test to avoid adding denormalized numbers. This flushes to
zero on ARM hardware when using Neon.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2754543007
Cr-Commit-Position: refs/heads/master@{#43864}
- Adds new load/store opcodes (0xc0, 0xc1) for S128 type.
- Implements these for ARM.
- Enables more WASM SIMD tests, and adds new LoadStoreLoad test.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2745853002
Cr-Commit-Position: refs/heads/master@{#43841}
Adds a TestTypeof bytecode to deal with comparisons of the form:
typeof(object) === 'string';
Also adds support to Turbofan to perform these comparisons without
inserting checkpoints.
BUG=v8:4280,v8:5267
Change-Id: Ib5cc1c6816dfe70a4120838d8eada2fc0267750f
Reviewed-on: https://chromium-review.googlesource.com/454837
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43832}
Mark slow tests discovered by manual audit of reported durations.
Slow tests will run first, which will lead to higher test runner throughput.
Also some tests have flaky timeouts occasionally.
BUG=chromium:601468
Change-Id: If9aeb5422e79ff25b867b01c50386a5fdebeb494
Reviewed-on: https://chromium-review.googlesource.com/455736
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43819}
Removes the --ignition-staging flag since it is no longer used
by anything and won't be a shipping configuration. Also removes
ignition_turbo variant from testrunner, since it is now
the same as the turbofan variant.
BUG=v8:4280
Change-Id: I3b96e986879fc70b8e202fe9496334828acdd0ba
Reviewed-on: https://chromium-review.googlesource.com/452621
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43806}
- Implements vuzp, vtrn instructions for q-registers.
- Refactors vmvn, vswp to use common unary op helper fn.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2739033002
Cr-Commit-Position: refs/heads/master@{#43795}
This is a cleanup in preparation to implement calling imported
functions via the wasm interpreter.
For imported functions, we do not create entries in the
interpreter_code_ vector any more.
I also simplified the interface and removed unused or redundant return
values. More things are now DCHECKed instead of bailing out.
Also, we previously had two PushFrame methods: One is supposed to
initialize the interpreter from external code (i.e. adds the first
frame to the stack), the other one is used to push new frames on the
frame stack for called functions. This CL renames the first to
InitFrame, and makes it use the second one. The other remaining user is
the DoCall method.
R=titzer@chromium.org
BUG=v8:5822
Change-Id: Id09ff1e3256428fbd8c955e4664507a0c3167e53
Reviewed-on: https://chromium-review.googlesource.com/453482
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43793}
When a FunctionEntryHook parameter was passed to isolate creation,
we ignored any existing snapshots anyway. Since the ability to
bootstrap from scratch will be removed from snapshot builds, the
FunctionEntryHook feature must depend on a no-snapshot build.
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2733203002
Cr-Commit-Position: refs/heads/master@{#43779}
As the code isn't used, but would have to be ported from hand-written
assembly to CodeStubAssembler anyways, I propose to remove it and
restore it if we decide that we actually need it.
R=vogelheim@chromium.org
BUG=
Change-Id: Iffd7fc6ec534b1dd7a9144da900424355c8a7a02
Reviewed-on: https://chromium-review.googlesource.com/453461
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43763}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Original-Commit-Position: refs/heads/master@{#43523}
Committed: a5af7fe9ee
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Commit-Position: refs/heads/master@{#43755}
Committed: 338622d7ca
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43759}
This reverts the previous revert, commit
5a04f4fd68.
Previously reverted changes:
> Revert "[SAB] Move Atomics builtins to C++"
>
> This reverts commit 2b9840d86f.
>
> Revert "[SAB] Remove unreachable Uint8Clamped atomics paths"
>
> This reverts commit d1160fb14f.
>
> Revert "Remove tiny unit test for MinSimple/MaxSimple"
>
> This reverts commit 837760ecb7.
>
> Revert "Remove infrastructure for experimental JS natives"
>
> This reverts commit 8cfe45b6f1.
These changes were reverted to improve a perf regression on a Chrome
bot. Since then, the regression has reappeared, then disappeared again
all from seemingly unrelated changes.
BUG=v8:6033
TBR=adamk@chromium.org,hpayer@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2732213005
Cr-Commit-Position: refs/heads/master@{#43758}
Reason for revert:
ASAN breakage, such as https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/19111/steps/Check/logs/grow-memory
Original issue's description:
> [wasm] Initial signal handler
>
> This is basically the minimum viable signal handler for Wasm bounds checks.
> It includes the TLS check and the fine grained instructions checks. These
> two checks provide most of the safety for the signal handler. Future CLs will
> add code range and data range checks for more robustness.
>
> The trap handling code and data structures are all in src/trap-handler, with
> the code that actually runs in the signal handler confined to
> src/trap-handler/signal-handler.cc.
>
> This changes adds a new V8 API that the embedder should call from a signal
> handler that will give V8 the chance to handle the fault first. For hosts that
> do not want to implement their own signal handler, we include the option to
> install a simple one. This simple handler is also used for the tests.
>
> When a Wasm module is instantiated, information about each function is passed
> to the trap handler, which is used to classify faults. These are removed during
> the instance finalizer.
>
> Several future enhancements are planned before turning this on by default.
> Obviously, the additional checks will be added to MaybeHandleFault. We are
> also planning to add a two-level CodeObjectData table that is grouped by
> isolates to make cleanup easier and also reduce potential for contending on
> a single data structure.
>
> BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
>
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Original-Commit-Position: refs/heads/master@{#43523}
> Committed: a5af7fe9ee
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Commit-Position: refs/heads/master@{#43755}
> Committed: 338622d7caTBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2744383002
Cr-Commit-Position: refs/heads/master@{#43757}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Commit-Position: refs/heads/master@{#43523}
Committed: a5af7fe9ee
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43755}
This fixes the catch predictions for the following builtins --
AsyncFunctionAwaitCaught
AsyncFunctionAwaitUncaught
PromiseResolveClosure
ResolvePromise
PromiseResolve
Added tests for each.
Added whitelist for builtins behind a flag.
BUG=chromium:691875
Change-Id: I816cafdb69f0c9f1eefc440a0a44c36713d0b7dc
Reviewed-on: https://chromium-review.googlesource.com/450894
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43725}
Specifically, add bytecodes for Call0, Call1, Call2, CallProperty0, CallProperty1,
and CallProperty2. Also share the bytecode handler code between between
equivalent CallX and CallPropertyX handlers.
Review-Url: https://codereview.chromium.org/2684993002
Cr-Original-Commit-Position: refs/heads/master@{#43290}
Committed: 00d6f1f80a
Review-Url: https://codereview.chromium.org/2684993002
Cr-Commit-Position: refs/heads/master@{#43700}
It depends on constant field tracking and currently disabled.
BUG=v8:5495
Change-Id: I6202cddfc2d32b5a06c5ab00c42caa6e276a3eb1
Reviewed-on: https://chromium-review.googlesource.com/451639
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43687}
- Changes input filtering to test NaNs, but skip very large or very
small inputs, which may cause imprecision on some platforms.
- Changes expected result filtering to only skip NaNs.
LOG=N
BUG=6020
Review-Url: https://codereview.chromium.org/2738703006
Cr-Commit-Position: refs/heads/master@{#43681}
This introduces a new truncation bit for truncation of minus-zero to zero.
At the moment it is only used to handle the limit cases of deopt, such as the
one in the Google maps workload (see simplified version below), where the -q
(which is desugared to q * -1.0) currently deoptimizes because the result would
produce minus zero. To handle this situation, we exploit the knowledge that
righthand side of + cannot be -0, so even if lefthand side was -0, the result
would still be 0 (so the + operation cannot distinguish between left hand side
0 and -0).
function f(q) {
q -= 4;
return (-q) + q;
}
f(10);
f(10);
%OptimizeFunctionOnNextCall(f);
f(4);
Review-Url: https://codereview.chromium.org/2734253002
Cr-Commit-Position: refs/heads/master@{#43661}
- Implements Float32x4 Mul, Min, Max for ARM.
- Implements Float32x4 relational ops for ARM.
- Implements reciprocal, reciprocal square root estimate/refinement ops for ARM.
- Reorganizes tests to eliminate need for specialized float ref fns in tests.
- Rephrases Gt, Ge in terms of Lt, Le, and eliminates the redundant machine
operators.
- Renames test-run-wasm-simd test names to match instructions.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2729943002
Cr-Commit-Position: refs/heads/master@{#43658}
Fix two issues in the interpreter entry for 64 bit return values on
32 bit platforms. First, the effect chain was slightly incorrect, second
the order of the returned values was wrong.
Also add a test case for this.
Tested on x64, ia32 and s390.
Plus drive-by fix in Int64Lowering to reuse global constants for
big-endian/little-endian disambiguation.
R=titzer@chromium.org
BUG=v8:5822
Review-Url: https://codereview.chromium.org/2731713002
Cr-Commit-Position: refs/heads/master@{#43654}
This requires serialized data to track the number of API-provided
external references separately.
And it flushes out a case of serialized data corruption (stored "length"
field too large) that we didn't handle without crashing.
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2736923002
Cr-Commit-Position: refs/heads/master@{#43649}
malloc(0) returning 0 is expected behavior on AIX but
compiling with -D_LINUX_SOURCE_COMPAT, malloc(0) should
return a valid pointer (which we do define for AIX). However,
including cstdlib resets the behaviour of _LINUX_SOURCE_COMPAT.
GCC bug: 79839
R=jochen@chromium.org, titzer@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2732743002
Cr-Commit-Position: refs/heads/master@{#43647}
This pretty much rewrites the preparsed scope data collection. We used to store
the allocation result, but it's faster to just store the raw data which is
needed for deciding it later. (This way we don't need to run the allocation
algorithm for just getting this data.)
For each variable: is_used, maybe_assigned,
has_forced_context_allocation, and for each scope:
inner_scope_calls_eval_.
In addition, this CL moves data handling out of Scope and into
PreParsedScopeData where it belongs and simplifies the API for
PreParsedScopeData.
BUG=v8:5516
R=vogelheim@chromium.org
Change-Id: Ia5a4fa52f585cd4f483ce9a92f2dd7d9754f34ed
Reviewed-on: https://chromium-review.googlesource.com/451273
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43641}
The parser already changes all negative equality comparison operations
to their positive pendants in {ParserBase::ParseBinaryExpression}. No
other source of the Token::NE exists in the system. We can remove all
handling from the compiler and interpreter backends.
R=bmeurer@chromium.org
Change-Id: I58722c08dd8e498f20c65886fce86b8172737b10
Reviewed-on: https://chromium-review.googlesource.com/449716
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43627}
Deletion can cause collisions to be moved in the map which breaks iteration.
For now just remove this support. Also add some additional collision tests
to the test.
BUG=v8:5203
Change-Id: I54a0a4af51da08b3f963dc1d7661dba291e4efea
Reviewed-on: https://chromium-review.googlesource.com/445900
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43621}
This CL provide type with each break location, type could be: call, return or debugger statement.
BUG=chromium:432469
R=yangguo@chromium.org,dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2728563002
Cr-Commit-Position: refs/heads/master@{#43619}
The concurrent marker uses ObjectVisitor to iterate pointers in objects
and local marking bitmaps to keep track of visited objects.
To keep it simple for now, I removed support for multiple tasks
and canceling unfinished tasks.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2732053002
Cr-Commit-Position: refs/heads/master@{#43618}
This patch adds a trivial ConcurrentMarking class that can start
background tasks.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2728363002
Cr-Commit-Position: refs/heads/master@{#43615}
From asm.js code we might get an empty ArrayBuffer as heap memory. In
this case, both the old memory start and the new memory start will be
nullptr. The size however has to be patched from default_size to 0.
This CL changes code specialization to be able to either patch memory
references, or patch memory sizes or both.
R=titzer@chromium.org, ahaas@chromium.org
BUG=chromium:698587
Change-Id: I4d9d811d75cb83842f23df317e8e7fc02aeb5146
Reviewed-on: https://chromium-review.googlesource.com/450257
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43613}
A previous patch lifting the restriction on invalid escape sequences in
tagged templates had a bug when two template tokens appeared immediately
adject to each other. This moves invalid escape information from the
tokenizer state proper into the TokenDesc, preventing the overwriting
which caused this issue.
Previous CL is at
https://codereview.chromium.org/2665513002
BUG=v8:6029,v8:5546
Review-Url: https://codereview.chromium.org/2724003006
Cr-Commit-Position: refs/heads/master@{#43596}
We don't need the JSStrictNotEqual operator in the compiler, because
this is never generated by the BytecodeGraphBuilder, and the code in
the AstGraphBuilder was dead code. Also remove the backing builtin
StrictNotEqual.
R=mstarzinger@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2727003006
Cr-Commit-Position: refs/heads/master@{#43594}
In lazy compilation, we only compile one function at a time, and we
might not have the wire bytes of the whole module available.
This CL prepares the WasmCompilationUnit for this setting.
It will also be helpful for streaming compilation.
Also, the ErrorThrower (which might heap-allocate) is not stored in the
WasmCompilationUnit any more. Instead, it is passed to the
FinishCompilation method which is allowed to heap-allocate.
R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5991
Review-Url: https://codereview.chromium.org/2726553003
Cr-Commit-Position: refs/heads/master@{#43573}
- Implements Select instructions using a single ARM vbsl instruction.
- Renames boolean machine operators to match renamed S1xN machine types.
- Implements S1xN vector logical ops, AND, OR, XOR, NOT for ARM.
- Implements S1xN AnyTrue, AllTrue ops for ARM.
- Eliminates unused SIMD op categories in opcodes.h.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2711863002
Cr-Commit-Position: refs/heads/master@{#43556}
This CL fixes a bug in the implementation of the code generation of
kArm64Tst32, where the shift input operand of kArm64Tst32 was ignored.
Please take a special look at the fix in kArm64Tst. I applied the fix
there as well, but because of differences in the instruction selector
I was not able to write a test for it.
R=v8-arm-ports@googlegroups.com
BUG=v8:6028
Review-Url: https://codereview.chromium.org/2729853003
Cr-Commit-Position: refs/heads/master@{#43555}
- Perform lane checks using FP compare instead of reinterpret casts. 0 and -0
will be different under I32 compare.
- Some arithmetic operations can generate NaN results, such as adding -Inf
and +Inf. Skip these tests until we have a way to do more sophisticated
FP comparisons in the SIMD tests.
- Eliminate a redundant F32x4 parameter for FP SIMD vector checking. We will only have this one FP type.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2594043002
Cr-Original-Commit-Position: refs/heads/master@{#42154}
Committed: 5560bbb498
Review-Url: https://codereview.chromium.org/2594043002
Cr-Commit-Position: refs/heads/master@{#43528}
Reason for revert:
Breaks tree, i.e. https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/18928/steps/Check/logs/grow-memory
Original issue's description:
> [wasm] Initial signal handler
>
> This is basically the minimum viable signal handler for Wasm bounds checks.
> It includes the TLS check and the fine grained instructions checks. These
> two checks provide most of the safety for the signal handler. Future CLs will
> add code range and data range checks for more robustness.
>
> The trap handling code and data structures are all in src/trap-handler, with
> the code that actually runs in the signal handler confined to
> src/trap-handler/signal-handler.cc.
>
> This changes adds a new V8 API that the embedder should call from a signal
> handler that will give V8 the chance to handle the fault first. For hosts that
> do not want to implement their own signal handler, we include the option to
> install a simple one. This simple handler is also used for the tests.
>
> When a Wasm module is instantiated, information about each function is passed
> to the trap handler, which is used to classify faults. These are removed during
> the instance finalizer.
>
> Several future enhancements are planned before turning this on by default.
> Obviously, the additional checks will be added to MaybeHandleFault. We are
> also planning to add a two-level CodeObjectData table that is grouped by
> isolates to make cleanup easier and also reduce potential for contending on
> a single data structure.
>
> BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
>
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Commit-Position: refs/heads/master@{#43523}
> Committed: a5af7fe9eeTBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org,eholk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2723133003
Cr-Commit-Position: refs/heads/master@{#43525}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43523}
BUG=v8:6022
Change-Id: I54205cb3ecc2dd31ed62e55726f0ec5fcd202c30
Reviewed-on: https://chromium-review.googlesource.com/446349
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43500}
This is more useful than always returning undefined.
BUG=v8:1569,v8:5978
Change-Id: Id10cf87f7865db1a85de412460eaead4e4bf3b62
Reviewed-on: https://chromium-review.googlesource.com/446846
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43498}
With the params (a, b, ...c) the param / variable declaration order used to be
"temp, temp, c, a, b". Now it is "temp, temp, a, b, c" as you'd expect. This
makes it easier for PreParser to match the parameter order of Parser.
R=verwaest@chromium.org
BUG=v8:5516
Change-Id: I79da04ef3f812bf52c032bed6263c009fecb7988
Reviewed-on: https://chromium-review.googlesource.com/447677
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43490}
The x64 side is included in https://chromium-review.googlesource.com/c/444226/
BUG=v8:5294
Change-Id: Ie255604c5e38c72e3c2b76e1ca3557a5fde108ee
Reviewed-on: https://chromium-review.googlesource.com/446394
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43481}
perf regression. See crbug.com/695653 for more info.
Revert "[SAB] Move Atomics builtins to C++"
This reverts commit 2b9840d86f.
Revert "[SAB] Remove unreachable Uint8Clamped atomics paths"
This reverts commit d1160fb14f.
Revert "Remove tiny unit test for MinSimple/MaxSimple"
This reverts commit 837760ecb7.
Revert "Remove infrastructure for experimental JS natives"
This reverts commit 8cfe45b6f1.
BUG=695653
TBR=hablich@chromium.org
Review-Url: https://codereview.chromium.org/2715223003
Cr-Commit-Position: refs/heads/master@{#43462}
When an instance of a constructor goes dictionary mode, this changes the initial map
of that constructor to also be in dictionary mode. This avoids spurious hidden class
creation, that also results in IC misses.
BUG=
Change-Id: I0e70f822ac345d0224f2092ec473621a603d4cc5
Reviewed-on: https://chromium-review.googlesource.com/446361
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43452}
Now that no harmony-flagged features are implemented in experimental
JS, most of this is simply dead code.
As PostExperimentals() is no longer needed, I also removed the use of
Import() in the debug context, allowing the deletion of PostDebug()
along with PostExperimentals(); cleanup code is moved to the
end of PostNatives.
Also gets rid of some longer-dead code in prologue.js related to
TypedArrays, and some duplicate code for setting up SharedArrayBuffer
builtins.
Review-Url: https://codereview.chromium.org/2705293004
Cr-Commit-Position: refs/heads/master@{#43418}
The DescriptorInterceptor should intercept all
Object.getOwnPropertyDescriptor calls. This CL fixes
the interceptor's behavior if the iterator state is
ACCESS_CHECK.
BUG=
Review-Url: https://codereview.chromium.org/2707263002
Cr-Commit-Position: refs/heads/master@{#43417}
