Clearing the pending exception is not enough - if we want to swallow an
exception while currently on top of an external handler (e.g. TryCatch),
we also need to clear external_caught_exception.
BUG=chromium:719380
Review-Url: https://codereview.chromium.org/2870423002
Cr-Commit-Position: refs/heads/master@{#45247}
Reason for revert:
CHECK is too strict.
Original issue's description:
> [inspector] use creation stack trace as parent for async call chains
>
> Creation stack trace points to the place where callback was actually chained, scheduled points where parent promise was resolved.
> For async tasks without creation stack (e.g. setTimeout) we continue to use scheduled as creation since usually they are the same.
>
> BUG=v8:6189
> R=dgozman@chromium.org
>
> Review-Url: https://codereview.chromium.org/2868493002
> Cr-Commit-Position: refs/heads/master@{#45198}
> Committed: e118462f18TBR=dgozman@chromium.org,alexclarke@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:6189
Review-Url: https://codereview.chromium.org/2868423004
Cr-Commit-Position: refs/heads/master@{#45242}
- Currently if GrowMemory is called with pages = 0, an attempt is made to
unregister the ArrayBuffer even if it is external. Cleanup so all Detaching
of ArrayBuffer is centralized to one method, and can only be called fromJS.
- Gate creating WeakHandles to the memory on the buffer having guard pages
enabled. Currently creating a WeakHandle is gated only on if the buffer
is_external true. If a buffer is marked is_external = true to begin with,
the WeakHandle is created and the Finalizer is run causing the program to
crash.
BUG=chromium:717647
Review-Url: https://codereview.chromium.org/2867233002
Cr-Commit-Position: refs/heads/master@{#45238}
This makes sure that the checking of stdlib values during module
instantiation is non-observable. It is needed to prevent observable
double evaluation of the involved property loads in case of failures
during instantiation and also fixes some issues with exceptions
happening during property loads.
R=clemensh@chromium.org
TEST=mjsunit/asm/asm-stdlib
BUG=v8:6297
Change-Id: I1d0c371e51bee8186d14fa794fb3f9b7f67e5944
Reviewed-on: https://chromium-review.googlesource.com/501887
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45237}
Since the feedback vector is itself a native context structure, why
not store optimized code for a function in there rather than in
a map from native context to code? This allows us to get rid of
the optimized code map in the SharedFunctionInfo, saving a pointer,
and making lookup of any optimized code quicker.
Original patch by Michael Stanton <mvstanton@chromium.org>
BUG=v8:6246,chromium:718891
TBR=yangguo@chromium.org,ulan@chromium.org
Change-Id: I3bb9ec0cfff32e667cca0e1403f964f33a6958a6
Reviewed-on: https://chromium-review.googlesource.com/500134
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45234}
When black allocation is turned on at deserialization time, then
slots in deserialized objects have to be visited by the incremental
marker. For spaces with reservations, this has always been done; for
large object space with its special handling, this patch adds it.
Additionally, we must ensure that no incremental steps that might
cause incremental marking to finish are performed while there is an
AlwaysAllocateScope around.
BUG=chromium:718859
Review-Url: https://codereview.chromium.org/2868103002
Cr-Commit-Position: refs/heads/master@{#45231}
Added support for DINSM and DINSU bit insertion instructions. Also fixed
errors with bit extraction instructions, added disassembler tests and
adjusted the code to make it more compact.
BUG=
TEST=cctest/test-assembler-mips/Dins
cctest/test-disasm-mips/Type0
Review-Url: https://codereview.chromium.org/2871663002
Cr-Commit-Position: refs/heads/master@{#45226}
One of the serializer fuzzers passes in random data to the deserializer,
which can then be used to deserialize a JSRegExp instance with random flag
contents. This can cause issues since the JSRegExp::Flag enum statically
contains kDotAll - but it is only valid to set kDotAll iff
FLAG_harmony_regexp_dotall is set.
This CL verifies deserialized flags before constructing the JSRegExp
and bails out if they are invalid.
R=jbroman@chromium.org,yangguo@chromium.org
BUG=chromium:719280
Review-Url: https://codereview.chromium.org/2870743004
Cr-Commit-Position: refs/heads/master@{#45222}
This fixes cases where falling off the end of a non-void function was
accepted as a valid asm.js module. This led to translation failures in
the WASM code. Only void functions are allowed to fall off the end.
R=clemensh@chromium.org
TEST=mjsunit/asm/return-types
BUG=chromium:719286
Change-Id: I7b1c9ba5381b87a23cf0a2171bee5e5f5e8cd9de
Reviewed-on: https://chromium-review.googlesource.com/500312
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45221}
For small arrays, it's way faster to just move the elements instead of
doing the fairly complex and heavy-weight left-trimming. Crankshaft has
had this optimization for small arrays already; this CL more or less
ports this functionality to TurboFan, which yields a 4x speed-up when
using shift on small arrays (with up to 16 elements).
This should recover some of the regressions reported in the Node.js issues
https://github.com/nodejs/node/issues/12657
and discovered for the syncthrough module using
https://github.com/mcollina/syncthrough/blob/master/benchmarks/basic.js
as benchmark.
R=jarin@chromium.org
BUG=v8:6376
Review-Url: https://codereview.chromium.org/2874453002
Cr-Commit-Position: refs/heads/master@{#45216}
This CL introduces a new type, MapHandles, which is a STL vector of Handle<Map>.
It is now used everywhere where lists of Handle<Maps> are required, replacing
usages of V8's internal List type.
Also-By: franzih@chromium.org
BUG=v8:6333,v8:6325
LOG=N
Review-Url: https://codereview.chromium.org/2809923002
Cr-Commit-Position: refs/heads/master@{#45211}
- S32x4Shuffle by decomposing into s-register moves if no patterns match.
- S16x8Shuffle, S8x16Shuffle implemented with vtbl if no patterns match.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2856363003
Cr-Commit-Position: refs/heads/master@{#45210}
Bug: v8:6351
Change-Id: I6a5b44486bac87e2b3cb9aa93808b2c7964d6202
Reviewed-on: https://chromium-review.googlesource.com/499508
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45205}
Reason for revert:
Seems to break cfi:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20cfi/builds/9989
Original issue's description:
> [turbofan] Add alignment parameter to StackSlot operator
>
> If alignment parameter is set, the memory returned by the
> StackSlot operator will be aligned according to the parameter.
>
> The implementation goes like this. If alignment parameter is set
> we allocate a bit more memory than actually needed and so we
> can move the beginning of the StackSlot in order to have it aligned.
>
>
> BUG=
>
> Review-Url: https://codereview.chromium.org/2816743003
> Cr-Commit-Position: refs/heads/master@{#45197}
> Committed: d8bfdb7a99TBR=ahaas@chromium.org,clemensh@chromium.org,titzer@chromium.org,bmeurer@chromium.org,ivica.bogosavljevic@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2867403002
Cr-Commit-Position: refs/heads/master@{#45203}
Creation stack trace points to the place where callback was actually chained, scheduled points where parent promise was resolved.
For async tasks without creation stack (e.g. setTimeout) we continue to use scheduled as creation since usually they are the same.
BUG=v8:6189
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2868493002
Cr-Commit-Position: refs/heads/master@{#45198}
If alignment parameter is set, the memory returned by the
StackSlot operator will be aligned according to the parameter.
The implementation goes like this. If alignment parameter is set
we allocate a bit more memory than actually needed and so we
can move the beginning of the StackSlot in order to have it aligned.
BUG=
Review-Url: https://codereview.chromium.org/2816743003
Cr-Commit-Position: refs/heads/master@{#45197}
That's cleaner than having every target depending on v8 include icu
itself.
BUG=none
R=machenbach@chromium.org
Change-Id: Icaa9e8670718664041a6efe2622366c89b733f81
Reviewed-on: https://chromium-review.googlesource.com/500127
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45196}
This tests and fixes validation failures caused by assignments to
variables holding functions references (which are all considered
immutable). Such references can come from "stdlib" or "foreign".
R=clemensh@chromium.org
TEST=mjsunit/asm/global-imports
BUG=chromium:719382
Change-Id: Ic02be765e0773a6cc74a54e11a09d42ffb683cb8
Reviewed-on: https://chromium-review.googlesource.com/500188
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45189}
Due to speculative optimizations, the compiler can run into situations
where it's asked perform impossible operations, like loading a tagged
element as a float64 instead. All of this is guaranteed to be in dead
code (unless there's a bug), but leads to confusion and violates
assumptions in the compiler (that make perfect sense for code that is
not dead). So teach LoadElimination not to mix up element accesses with
incompatible representations.
BUG=chromium:719479
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2866233002
Cr-Commit-Position: refs/heads/master@{#45185}
This CL prevents problems with library libicui18n.so during execution
inspector tests when component is defined as shared library.
TEST=inspector/*
BUG=
Review-Url: https://codereview.chromium.org/2863383003
Cr-Commit-Position: refs/heads/master@{#45176}
This reverts commit 662aa425ba.
Reason for revert: Crashing on Canary
BUG=chromium:718891
Original change's description:
> Reland: [TypeFeedbackVector] Store optimized code in the vector
>
> Since the feedback vector is itself a native context structure, why
> not store optimized code for a function in there rather than in
> a map from native context to code? This allows us to get rid of
> the optimized code map in the SharedFunctionInfo, saving a pointer,
> and making lookup of any optimized code quicker.
>
> Original patch by Michael Stanton <mvstanton@chromium.org>
>
> BUG=v8:6246
> TBR=yangguo@chromium.org,ulan@chromium.org
>
> Change-Id: Ic83e4011148164ef080c63215a0c77f1dfb7f327
> Reviewed-on: https://chromium-review.googlesource.com/494487
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45084}
TBR=ulan@chromium.org,rmcilroy@chromium.org,yangguo@chromium.org,jarin@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
BUG=v8:6246
Change-Id: Idab648d6fe260862c2a0e35366df19dcecf13a82
Reviewed-on: https://chromium-review.googlesource.com/498633
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45174}
This reverts commit f7c25da680.
Reason for revert: Fixed
Original change's description:
> Revert "Introducing an event loop mechanism for d8."
>
> This reverts commit de964dbe57.
>
> Reason for revert:
> https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/17958
>
> Original change's description:
> > Introducing an event loop mechanism for d8.
> >
> > This mechanism ensures APIs like wasm async complete their work,
> > without requiring use of natives (%APIs).
> >
> > The mechanism is similar to the one used in content_shell,
> > which should allow us to easily port tests in that environment.
> >
> > Review-Url: https://codereview.chromium.org/2842843005
> > Cr-Original-Commit-Position: refs/heads/master@{#44908}
> > Bug:
> > Change-Id: I9deee0d256a600c60b42902fc8ef8478e5546344
> > Reviewed-on: https://chromium-review.googlesource.com/494968
> > Commit-Queue: Mircea Trofin <mtrofin@google.com>
> > Reviewed-by: Jochen Eisinger <jochen@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#45165}
>
> TBR=bradnelson@chromium.org,mtrofin@chromium.org,mtrofin@google.com,jochen@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Change-Id: Iafec2615d705d1990c57229cab3a988c00b5e12f
> Reviewed-on: https://chromium-review.googlesource.com/498630
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45166}
TBR=bradnelson@chromium.org,machenbach@chromium.org,mtrofin@chromium.org,mtrofin@google.com,jochen@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Change-Id: Ic3c782e918326e291a6cb9bb349c609e9a340b09
Reviewed-on: https://chromium-review.googlesource.com/498430
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@google.com>
Cr-Commit-Position: refs/heads/master@{#45172}
Intrinsic and generic lowering for generator object creation. In a follow-on, create lowering will be addressed.
BUG=v8:6352
Review-Url: https://codereview.chromium.org/2862213002
Cr-Commit-Position: refs/heads/master@{#45171}
This patch expands scope analysis to skip hole initialization
when it can be determined statically that no hole checks will
be generated at runtime.
Two conditions must be met to safely eliminate hole initialization:
- There must not exist a VariableProxy referencing this Variable
whose HoleCheckMode is kRequired
- The Variable must be stack allocated; any other allocation implies
that it may be accessed from not-yet-analyzed scopes (other modules,
inner functions, or eval code) and that code may require
hole checks.
The new logic required removing debug code in full-codegen which is
now incorrect in some cases.
Also fixed Variable's bitfield helpers to take no more space than needed.
Bug: chromium:651637
Change-Id: Ie5ac326af4e05b7a5c3c37cd4d0afba6a51a504d
Reviewed-on: https://chromium-review.googlesource.com/494006
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45170}
This reverts commit de964dbe57.
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/17958
Original change's description:
> Introducing an event loop mechanism for d8.
>
> This mechanism ensures APIs like wasm async complete their work,
> without requiring use of natives (%APIs).
>
> The mechanism is similar to the one used in content_shell,
> which should allow us to easily port tests in that environment.
>
> Review-Url: https://codereview.chromium.org/2842843005
> Cr-Original-Commit-Position: refs/heads/master@{#44908}
> Bug:
> Change-Id: I9deee0d256a600c60b42902fc8ef8478e5546344
> Reviewed-on: https://chromium-review.googlesource.com/494968
> Commit-Queue: Mircea Trofin <mtrofin@google.com>
> Reviewed-by: Jochen Eisinger <jochen@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45165}
TBR=bradnelson@chromium.org,mtrofin@chromium.org,mtrofin@google.com,jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Change-Id: Iafec2615d705d1990c57229cab3a988c00b5e12f
Reviewed-on: https://chromium-review.googlesource.com/498630
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45166}
This mechanism ensures APIs like wasm async complete their work,
without requiring use of natives (%APIs).
The mechanism is similar to the one used in content_shell,
which should allow us to easily port tests in that environment.
Review-Url: https://codereview.chromium.org/2842843005
Cr-Original-Commit-Position: refs/heads/master@{#44908}
Bug:
Change-Id: I9deee0d256a600c60b42902fc8ef8478e5546344
Reviewed-on: https://chromium-review.googlesource.com/494968
Commit-Queue: Mircea Trofin <mtrofin@google.com>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45165}
Reason for revert:
Should define its own NO_HARNESS_PATTERN. See comments.
Original issue's description:
> [test] add --no-harness option to debugger tests.
>
> Review-Url: https://codereview.chromium.org/2831083003
> Cr-Commit-Position: refs/heads/master@{#44774}
> Committed: 43c20d4cc5TBR=caitp@igalia.com,yangguo@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
Review-Url: https://codereview.chromium.org/2871593002
Cr-Commit-Position: refs/heads/master@{#45163}
Make ModuleResult and FunctionResult return Result<std::unique_ptr<X>>.
This makes memory ownership and transfer of ownership more clear and
avoids a lot of manual releases of the referenced native heap object.
R=ahaas@chromium.org
Change-Id: I7a3f5bd7761b6ae1ebdc7d17ff1b96a8df599871
Reviewed-on: https://chromium-review.googlesource.com/498352
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45160}
With this CL we share code among the wasm fuzzers which construct a
module and run it in the interpreter and as compiled code.The fuzzers
themselves only contain the code now which creates the module and the
parameters.
BUG=v8:6325
R=eholk@chromium.org
Change-Id: I1c2d8b013531c86cb27837f1b8ec89d2688c536b
Reviewed-on: https://chromium-review.googlesource.com/490048
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45156}
After the recent fast-property deletion changes, there can be a
non-empty out-of-object backing store (that previously held properties)
even though the next double property will be stored in-object.
BUG=chromium:718779
Review-Url: https://codereview.chromium.org/2861093004
Cr-Commit-Position: refs/heads/master@{#45146}
As a first step towards improving generator creation, create a builtin
that can do it without a call to the runtime. Thread that builtin
into the interpreter via an intrinsic.
BUG=v8:6352
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2861983002
Cr-Commit-Position: refs/heads/master@{#45145}
This CL migrates the CPP builtin to CSA with fast paths for strings
that can be unpacked to direct one-byte strings. Short strings are
handled directly in CSA, others need to call into C for conversion.
Microbenchmarks for "abcd".toLowerCase() show speedups of 2.5x.
BUG=v8:6353,v8:6344
Review-Url: https://codereview.chromium.org/2859203002
Cr-Commit-Position: refs/heads/master@{#45141}
Forcing an object into dictionary mode now requires deleting
a property that's not the last property.
BUG=chromium:718816
NOTRY=true
Review-Url: https://codereview.chromium.org/2860403002
Cr-Commit-Position: refs/heads/master@{#45140}
Formal parameters of an arrow function are parsed even if the function
itself is preparsed. It is because we don't know if it is an arrow
function parameter list or just comma separated expression list.
When we parse:
(a, b = (function c() { return a; })())
call to function c may be just part of an assignment in an expression
list, but if it's followed by:
=> { return b; }
It is an arrow function and the call to c is a default parameter.
Before we see the arrow we might have already created a parse task
to parse function c.
BUG=v8:6093
Change-Id: I59a59acfdbbfd808dab1518060748be2addcd54a
Reviewed-on: https://chromium-review.googlesource.com/493347
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45132}
Instead of explicitly instantiating six copies of each function for
zero to five arguments, define them as variadic template.
This avoids the arbitrary limit to five arguments, and avoids lots of
code duplication.
Drive-by fix: [iwyu] Add missing include.
R=mstarzinger@chromium.org
Change-Id: Id7edde3611ddfade16c7afbbf4b9000cedd76468
Reviewed-on: https://chromium-review.googlesource.com/496247
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45130}
This adaptation will allow build v8 when the component is defined as
shared library. Without this, at linking phase of the unittests will be
displayed error messages for undefined references.
TEST=
BUG=
Review-Url: https://codereview.chromium.org/2853483002
Cr-Commit-Position: refs/heads/master@{#45126}
The collection builtins (Map, Set, WeakMap, WeakSet) are still written
in JavaScript and make heavy use of %_ClassOf, which is kind of
expensive compared to a simple instance type check. Change that to use
simple instance type checks instead.
R=jarin@chromium.org
BUG=v8:6261,v8:6278,v8:6344
Review-Url: https://codereview.chromium.org/2814773005
Cr-Original-Commit-Position: refs/heads/master@{#45106}
Committed: 28170099fd
Review-Url: https://codereview.chromium.org/2814773005
Cr-Commit-Position: refs/heads/master@{#45124}
When a virtual object passes by a store node that updates a field to the existing value, then the object and its state were not copied, which lead to the original object being passed on.
If then later the store actually modifies and copies the virtual object, this new copy is not passed down the effect chain, so subsequent nodes still refer to the original virtual object and try to update it once new information flows in.
This conflicts with updates on the node that originally created the virtual object, leading to divergence.
Bug: v8:6345
Change-Id: Iab1ce98a60b48478b343eae765c80bdfcb8ba390
Reviewed-on: https://chromium-review.googlesource.com/496267
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45120}
