Fix WebAssembly's table/grow js-api. The argument is a unsigned long,
this change refactors most of arithmetic and bounds checks type from
int64 to uint32_t, according to the spec.
Bug: v8:8319
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Change-Id: Ia29121c930d7fb930668e54a5a769dae25234f2c
Reviewed-on: https://chromium-review.googlesource.com/c/1351006
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58936}
Though I'm not (yet) a much of a wasm code expert, I have made and
reviewed a number of changes to this file, and feel pretty comfortable
with it, so I figured it might be reasonable starting place.
Change-Id: I8d5d0b219def6adeba52e752467bb0405554ee01
Reviewed-on: https://chromium-review.googlesource.com/c/1418593
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58935}
Turns on --harmony-hashbang when experimental JS features are enabled.
BUG=v8:8523
R=gsathya@chromium.org, adamk@chromium.org
Change-Id: I2b1e6c146d900cb8a998060b4b93127f907b6728
Reviewed-on: https://chromium-review.googlesource.com/c/1417382
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#58933}
This reverts commit 4e1d7c87b9.
Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/14986
Original change's description:
> [wasm] Split compilation in three stages
>
> In order to refactor ownership between objects in wasm compilation, the
> compilation (executed by background tasks) is split in three stages:
> getting a compilation unit (while holding a mutex), executing the work
> (without any mutex and without keeping the NativeModule alive), and
> submitting the work (with a mutex again).
>
> This CL prepares this design by splitting compilation from submission.
> Both steps are still executed right after each other. This will be
> changed in a follow-up CL.
>
> R=titzer@chromium.org
> CC=mstarzinger@chromium.org
>
> Bug: v8:8689
> Change-Id: I2f92aee8e2f2d45470d8c63314ed026341630902
> Reviewed-on: https://chromium-review.googlesource.com/c/1414920
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58929}
TBR=titzer@chromium.org,clemensh@chromium.org
Change-Id: Ic3d0287b354ef5f834b76bc2cdc096d2231f4477
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8689
Reviewed-on: https://chromium-review.googlesource.com/c/1422917
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58932}
- Introduce NodeSpace that holds allocation related logic.
- Provide std compatible iterator for node iteration.
This allows for creating a different internal node type.
The change is just a refactoring without functional changes.
Bug: chromium:923361
Change-Id: I424f821d96b3a82f64024aedff6c289d3eec11a2
Reviewed-on: https://chromium-review.googlesource.com/c/1418192
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58931}
In order to refactor ownership between objects in wasm compilation, the
compilation (executed by background tasks) is split in three stages:
getting a compilation unit (while holding a mutex), executing the work
(without any mutex and without keeping the NativeModule alive), and
submitting the work (with a mutex again).
This CL prepares this design by splitting compilation from submission.
Both steps are still executed right after each other. This will be
changed in a follow-up CL.
R=titzer@chromium.orgCC=mstarzinger@chromium.org
Bug: v8:8689
Change-Id: I2f92aee8e2f2d45470d8c63314ed026341630902
Reviewed-on: https://chromium-review.googlesource.com/c/1414920
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58929}
testrunner has tests asserting about the implementation details, assertions
about the behavior of the testrunner (already in-place) provides robust coverage
already.
This cl remove the brittle assertions.
R=machenbach@chromium.orgCC=yangguo@chromium.org,sergiyb@chromium.org
Bug: v8:8174
Change-Id: I6583c971b7cf7eb2eb7dfa2b6737d6aa67957feb
Reviewed-on: https://chromium-review.googlesource.com/c/1421359
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58928}
MIPS32 doesn't have constraint for maximum code range or maximum PC
relative code range, and allocation of kMaxPCRelativeCodeRangeInMB
memory results in OOM failure from allocator.
This patch also skips verifying transitive builtins for 64-bit MIPS
because it doesn't have implemented pc-relative calls and jumps yet.
Change-Id: I7cad154827c2a9fd274901895a5a54c5ce176b03
Reviewed-on: https://chromium-review.googlesource.com/c/1414853
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Predrag Rudic <prudic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#58927}
By using a shared byte buffer on the preparser we can drastically
reduce the number of ZoneChunkLists.
Each PreparseDataBuilder now explicitly keeps track of all inner
builders/functions and writes out the data in consecutive order.
Change-Id: I0aada118d869b150108c1f633d9960474ad2f9a1
Reviewed-on: https://chromium-review.googlesource.com/c/1411600
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58926}
This reverts commit d5e63b03bf.
Reason for revert: Fails gc-stress: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Mac64%20GC%20Stress/5312
Original change's description:
> Reland "[GC] Ensure JSFunctions with flushed bytecode are flushed during GC."
>
> This is a reland of f5729f1cda
>
> TBR=ulan@chromium.org
>
> Original change's description:
> > [GC] Ensure JSFunctions with flushed bytecode are flushed during GC.
> >
> > When bytecode is flushed from a SFI, the JSFunctions still retain their
> > FeedbackVector's and point to the interpreter entry trampoline. They are
> > reset if re-executed, however if not they could hold onto the feedback
> > vector indefinetly. This CL adds a pass the GC to detect JSFunctions that
> > need to be reset, and performs the reset at the end of GC.
> >
> > BUG=v8:8395
> >
> > Change-Id: I3de8655aff9ff80f912b4fd51dee43eb98cfd519
> > Reviewed-on: https://chromium-review.googlesource.com/c/1393292
> > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58775}
>
> Bug: v8:8395
> Change-Id: I9bc84b62332575a080561c51f08b699b91e41e4a
> Reviewed-on: https://chromium-review.googlesource.com/c/1414859
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58924}
TBR=ulan@chromium.org,rmcilroy@chromium.org
Change-Id: I5d3012d4c7277ae792b0488780ff426d51dd602f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8395
Reviewed-on: https://chromium-review.googlesource.com/c/1421838
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58925}
This is a reland of f5729f1cdaTBR=ulan@chromium.org
Original change's description:
> [GC] Ensure JSFunctions with flushed bytecode are flushed during GC.
>
> When bytecode is flushed from a SFI, the JSFunctions still retain their
> FeedbackVector's and point to the interpreter entry trampoline. They are
> reset if re-executed, however if not they could hold onto the feedback
> vector indefinetly. This CL adds a pass the GC to detect JSFunctions that
> need to be reset, and performs the reset at the end of GC.
>
> BUG=v8:8395
>
> Change-Id: I3de8655aff9ff80f912b4fd51dee43eb98cfd519
> Reviewed-on: https://chromium-review.googlesource.com/c/1393292
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58775}
Bug: v8:8395
Change-Id: I9bc84b62332575a080561c51f08b699b91e41e4a
Reviewed-on: https://chromium-review.googlesource.com/c/1414859
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58924}
We found the nexus 5x flake so this is no longer needed.
Leave the printing functions themselves as they will still be useful
for local debugging.
Bug: v8:8649
Change-Id: Ie0af2bc9b0fc7fb8ac00ec0039b6898553865189
Reviewed-on: https://chromium-review.googlesource.com/c/1420957
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58923}
If a function is classed as an IIFE it will be have different bytecode generated
to reduce feedback vector overhead for run-once code. As a result, we need to retain
this information if we are going to lazily compile the bytecode later in order to
get the same result. This is necessary for lazy bytecode flushing and lazy source
positions, both of which need to recompile functions which were previously compiled.
BUG=v8:8395,v8:8510
Change-Id: Ib898868102610216315faa20c9da682f6c523390
Reviewed-on: https://chromium-review.googlesource.com/c/1417636
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58921}
The tests were skipped due to problems with the previous test setup. Now the
setup is the same as in Chromium and those tests should pass.
NOTRY=true
Bug: chromium:828847
Change-Id: Ibfbb931031176add90a340ca79c71e89f05e3045
Reviewed-on: https://chromium-review.googlesource.com/c/1421318
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58918}
This test checks that the ModuleCompiledCallback is called eventually.
R=clemensh@chromium.orgCC=adamk@chromium.org
Bug: v8:8677
Change-Id: I360f88064f870dd4a12db019e3c9f72154abf13b
Reviewed-on: https://chromium-review.googlesource.com/c/1420759
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58917}
The AsyncCompileJob should not cancel compilation if baseline
compilation already finished. At that point, we might still be tiering
up, and the module might even already be shared across isolates.
R=titzer@chromium.orgCC=ahaas@chromium.org
Bug: v8:8677, v8:8689
Change-Id: Ia2192a1985bf4a3b7125ce5a713c83bbcc1bf6b7
Reviewed-on: https://chromium-review.googlesource.com/c/1417931
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58916}
This renames the existing v8_linux64_ubsan_rel_ng{triggered} into
v8_linux64_ubsan_vptr_rel_ng{triggered} and keeps using the
ubsan_vptr build and test config for it.
This adds build configs for the new builders:
v8_linux64_ubsan_rel_ng
V8 Clusterfuzz Linux64 UBSan - release builder
This also adds test configs for
v8_linux64_ubsan_rel_ng_triggered
NOTRY=true
Bug: chromium:853202
Change-Id: I0f9b4fba459a2c02a26e777f60773697e4d4d557
Reviewed-on: https://chromium-review.googlesource.com/c/1417456
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58915}
This reverts commit 13e07389ff.
Original change's description:
> [heap] Remove bailout marking worklist.
>
> The concurrent marker can now process all objects.
> This patch also eagerly visits the objects that undergo layout
> changes. This is because previously such objects were pushed
> onto the bailout worklist, which is gone now.
> To preserve the incremental step accounting, the patch introduces
> a new GC tracer scope called MC_INCREMENTAL_LAYOUT_CHANGE.
>
> Bug: v8:8486
> Change-Id: Ic1c2f0d4e2ac0602fc945f3258af9624247bd65f
> Reviewed-on: https://chromium-review.googlesource.com/c/1386486
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58712}
Change-Id: I85c99837819f6971c248198bd51ad40eebdb4fac
Reviewed-on: https://chromium-review.googlesource.com/c/1417595
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58913}
This CL removes a CHECK_LE that does not hold in all cases. After
moving all elements to the front, current_pos will point to the next
free spot. In the case where an object is 'packed', i.e. each index
has a non-undefined value, and the length is smaller then the max
index, current_pos will be greater than the length (limit in the code).
Sidenote: The block after taking the minimum (where the counted
undefineds get set) will not be affected. In the case where
num_undefined > 0, current_pos should be guaranteed to be smaller
than limit, as long there are no accessors with side-effects.
R=jgruber@chromium.org
Bug: chromium:923265
Change-Id: Id533cdc4db6c6c6f266cf7c6a8ab6ecbbeee7016
Reviewed-on: https://chromium-review.googlesource.com/c/1420679
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58912}
This reverts commit 0896599f6f.
Reason for revert: Speculative revert, seems to cause a layout test failure blocking the LKGR - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/29320
Original change's description:
> Change SetProperty/SetSuperProperty to infer language mode when possible
>
> In most cases, the language mode can be inferred from the closure and
> the context. Computing the language mode instead of passing it around
> simplifies the ICs and will make it possible to go towards lazily
> allocating feedback vectors. Currently ICs obtain the language mode from
> the feedback vectors and with lazy feedback allocation we may not always
> have feedback vectors. Since computing language mode is a bit expensive
> we want to defer it as far as possible.
>
> In Array builtins and other builtins like Reflect.Set we need to force a
> language mode when setting the properties. To support these cases the
> SetProperty methods allow the language mode to be overridden when needed.
>
> This is a first cl in a series of cls, that will defer the language mode
> computation further and remove language mode where it is not needed.
>
> BUG: v8:8580
> Change-Id: I9c2396e3bcfe77c3c9d6760c46d86954d54744b9
> Reviewed-on: https://chromium-review.googlesource.com/c/1409426
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58893}
TBR=mlippautz@chromium.org,mythria@chromium.org,jgruber@chromium.org,verwaest@chromium.org
Change-Id: I2e0f80a4577a8ca86c05a62205f9dfa488418a52
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1420758
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58911}
This changes the compare/exchange operation to the 'strong' one
which avoids potential spurious failures. These failures would be
hidden by the loop in AtomicGuard - except that we only ever call
compare_exchange_weak once when is_blocking is false. See the linked
bug for more info.
Bug: v8:8649
Change-Id: I94ebe04e86f4676d2b7404d833157f61d5df8a59
Reviewed-on: https://chromium-review.googlesource.com/c/1418190
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58909}
It does exactly the same as GetWireBytesStorage.
Also change the WasmCompilationUnit::ExecuteCompilation method to
receive a reference to the shared_ptr, since it does not take (shared)
ownership. This saves one ref count increment and decrement.
R=titzer@chromium.org
Bug: v8:8689
Change-Id: I03c3ec5f907c738c73e0dc16646d78ecac3f3717
Reviewed-on: https://chromium-review.googlesource.com/c/1417632
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58908}
This reverts commit 22cb8d45c3.
Reason for revert: it is fundamentally wrong to fetch default
frame context using contextGroupId: contextGroupId is per page rather
then per frame.
Original change's description:
> inspector: teach v8Inspector to return default context
>
> This is a follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/1173718
>
> R=kozy, pfeldman
> TBR=pfeldman
>
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I48b4ca5589505d03773477623654fa54703f0714
> Reviewed-on: https://chromium-review.googlesource.com/1175061
> Commit-Queue: Andrey Lushnikov <lushnikov@chromium.org>
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55133}
TBR=lushnikov@chromium.org,pfeldman@chromium.org,kozyatinskiy@chromium.org
NOTRY=true
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: Ide4246bfe75ccc8a4fb1f0c5dbc44ae4236cac5c
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1419082
Commit-Queue: Andrey Lushnikov <lushnikov@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58906}
Cleans up always=true intl-relative-time-format flag
It shipped in m71 in Dec 2018.
Bug: v8:8704
Change-Id: I52d86aea9aedf201a216a1df0773a486fbee37b9
Reviewed-on: https://chromium-review.googlesource.com/c/1417299
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58904}
MicrotaskQueueTest uses Isolate's default_microtask_queue for testing,
however the instance is shared between test cases, and causes flaky
failure of MicrotaskQueueTest.BufferGrowth.
This CL adds a MicrotaskQueue instance for each test fixture, so that
each test cases use separate ones.
Also, this CL removes the DCHECK that denies non-default MicrotaskQueue
to run, which is unneeded after https://crrev.com/c/1369906.
Bug: v8:8124
Change-Id: I4ff236c327bf0be14f582b3ca8c802fd72661b42
Reviewed-on: https://chromium-review.googlesource.com/c/1417315
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58901}
and also fix part of test in intl402/Locale/likely-subtags
Improve Intl::ToLanguageTag to also handle -yes in -u- extension
Avoid removing if there are other text after -true and -yes before -
Bug: v8:7669, v8:8236
Change-Id: I59943651889602288e6978d0b1c875d89199fe33
Reviewed-on: https://chromium-review.googlesource.com/c/1383094
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58900}
The current implementation does not correctly handle the edge case for setYear
where input is something like -0.99
Bug: v8:5139
Change-Id: Ia919814eb6282c7f996cccc4531ed073e843ba27
Reviewed-on: https://chromium-review.googlesource.com/c/1412501
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#58899}
At the moment, the whole WebAssembly compilation may run in a single
background task. On a low-end device, this can mean that the background
thread is busy for seconds and thereby blocks other tasks, see e.g.
https://crbug.com/914757.
With this CL we re-schedule compilation tasks after every 50ms. These
50ms are an arbitrary number. I don't want to introduce too much
overhead, but since this is in the background we also don't have to
make tasks super short.
Tasks which are going to compile with TurboFan will be posted with
lower priority.
This change requires changes in the CancelableTaskManager. At the
moment it is not possible that a background task posts a new task
which is managed by the same task manager as itself. The problem is
about how to deal with another thread which calls CancelAndWait
concurrently. At the moment, if a new task gets posted after the call
to CancelAndWait, then `CHECK(!canceled_)` in
CancelableTaskManager::Register will fail. If we used a lock to
synchronize the calls to CancelAndWait and Register, then there would
be a deadlock, where the thread which calls CancelAndWait waits for
the task which wants to call Register, but at the same time blocks that
task by holding the lock.
With the change here, posting a task after the call to CancelAndWait
will just immediately cancel the new task. This matches the behavior
you would get if CancelAndWait is called right after calling Register.
Bug: chromium:914757
Change-Id: I6d57aba161db8a915ec0d745658e0c28d25219a8
Reviewed-on: https://chromium-review.googlesource.com/c/1411884
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58898}
Port 1a1f4e1ef4
Original Commit Message:
Refactor the AllocateAssemblerBuffer helper for the new Assembler API.
This is the only non-mechanical part, all other callsites that create
Assembler instances can be trivially changed to the new API. This will
be done in a separate CL.
R=clemensh@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I8e22f8c2b6c2b1b9158969d28d4edf291a84bcf0
Reviewed-on: https://chromium-review.googlesource.com/c/1416952
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58897}
Port fab59bbb08
Original Commit Message:
The previous implementation of MicrotaskQueue::RunMicrotasks() didn't
support non-default MicrotaskQueue as RunMicrotasks builtin couldn't
take a parameter.
This CL updates the entry trampoline for RunMicrotasks builtin to pass
a MicrotaskQueue parameter to support non-default one.
R=tzik@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Id30e746879b1a17921320eac6c6f6c30e56961cc
Reviewed-on: https://chromium-review.googlesource.com/c/1417385
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58894}
In most cases, the language mode can be inferred from the closure and
the context. Computing the language mode instead of passing it around
simplifies the ICs and will make it possible to go towards lazily
allocating feedback vectors. Currently ICs obtain the language mode from
the feedback vectors and with lazy feedback allocation we may not always
have feedback vectors. Since computing language mode is a bit expensive
we want to defer it as far as possible.
In Array builtins and other builtins like Reflect.Set we need to force a
language mode when setting the properties. To support these cases the
SetProperty methods allow the language mode to be overridden when needed.
This is a first cl in a series of cls, that will defer the language mode
computation further and remove language mode where it is not needed.
BUG: v8:8580
Change-Id: I9c2396e3bcfe77c3c9d6760c46d86954d54744b9
Reviewed-on: https://chromium-review.googlesource.com/c/1409426
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58893}
This CL adds a helper function that simplifies a bounds check pattern
that appears repeatedly in the code.
R=clemensh@chromium.org
Change-Id: I8c617515b34eb2d262d58a239a29c1515de2d92d
Reviewed-on: https://chromium-review.googlesource.com/c/1417611
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58892}
This reverts commit 8683116e64.
Reason for revert: There's a bug in the StoreGlobalIC that causes regressions in combination with this CL (observable in Chrome but
not in d8).
Original change's description:
> Reland^3 "[turbofan] Use feedback when reducing global loads/stores."
>
> This is a reland of 2d2c137492 without
> changes. Offending chromium tests have been modified.
>
> Original change's description:
> > Reland^2 "[turbofan] Use feedback when reducing global loads/stores."
> >
> > This reverts commit ac85ab0a3d. A
> > chromium test caused trouble and was taken care of in
> > https://chromium-review.googlesource.com/c/1384064.
> >
> > Original change's description:
> > > [turbofan] Use feedback when reducing global loads/stores.
> > >
> > > We already record the script context location or the property cell
> > > as feedback of the global load/store IC, so Turbofan doesn't need
> > > to do the lookups again.
> >
> > TBR=sigurds@chromium.org
> >
> > Change-Id: I58bcd9bceec2f9cf401f7b0fc4460a6da6cd0abc
> > Reviewed-on: https://chromium-review.googlesource.com/c/1386404
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58393}
>
> Change-Id: Ic6734201a6c45f2752488ab44b16859776802f51
> Reviewed-on: https://chromium-review.googlesource.com/c/1408252
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58769}
TBR=neis@chromium.org,sigurds@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:922545, chromium:922514, chromium:922558
Change-Id: I6e4c4c0fbc29a0f2a03972f1687242ae247ebfa8
Reviewed-on: https://chromium-review.googlesource.com/c/1417614
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58891}
Port edab9a2021
Original Commit Message:
and TurboAssembler. Instead of listing all the different combinations
of arguments (which is one more now, temporarily), just forward all
arguments down via MacroAssembler and TurboAssembler to
TurboAssemblerBase.
Interestingly, this requires more specific types sometimes (int instead
of size_t), since further down the forwarding chain, the compiler does
not recognize any more that the value is a constant, and emits a
warning about a possibly truncating implicit conversion.
R=clemensh@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I6dddc58b81d020570087393158f4ad0f37efa9ce
Reviewed-on: https://chromium-review.googlesource.com/c/1417379
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58889}
This inlines macros with structs as label parameters, to work-around
a limitation in the C++ lowering of macros that doesn't allow this.
Bug: v8:7793
Change-Id: Idd177c115f3a0b277e8cf99b8a051e6d253359b3
Reviewed-on: https://chromium-review.googlesource.com/c/1417613
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58888}
This CL fixes the zero-count and overlapping cases for the table.copy
bytecode.
R=mstarzinger@chromium.orgCC=binji@chromium.org
BUG=v8:7747
Change-Id: I6211e4c899621069ebf8bc088b3ab4e80c7bbd0a
Reviewed-on: https://chromium-review.googlesource.com/c/1417172
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58887}
