2016-02-25 12:07:07 +00:00
|
|
|
#
|
|
|
|
# Autogenerated by generate-bytecode-expectations.
|
|
|
|
#
|
|
|
|
|
|
|
|
---
|
|
|
|
wrap: yes
|
2016-09-16 13:26:44 +00:00
|
|
|
test function name: f
|
2016-02-25 12:07:07 +00:00
|
|
|
|
|
|
|
---
|
|
|
|
snippet: "
|
|
|
|
eval('var x = 10;'); return x;
|
|
|
|
"
|
2017-08-11 15:16:31 +00:00
|
|
|
frame size: 10
|
2016-02-25 12:07:07 +00:00
|
|
|
parameter count: 1
|
2018-05-02 13:57:26 +00:00
|
|
|
bytecode array length: 63
|
2016-02-25 12:07:07 +00:00
|
|
|
bytecodes: [
|
[interpreter] Move function-entry stack check to start of bytecode array
The function-entry stack check should dominate all other
instructions in a function. Prior to this CL it was possible to create
paths not including a stack check due to SwitchOnGeneratorState: the
generator-creation branch had a stack check, while generator-resume
branches did not.
0 : af fb 00 01 SwitchOnGeneratorState r0, [0], [1] { 0: @22 }
4 : 27 fe fa Mov <closure>, r1
7 : 27 02 f9 Mov <this>, r2
10 : 64 0a fa 02 InvokeIntrinsic [_CreateJSGeneratorObject], r1-r2
14 : 26 fb Star r0
16 : a7 StackCheck
17 : b0 fb fb 01 00 SuspendGenerator r0, r0-r0, [0]
22 : b1 fb fb 01 ResumeGenerator r0, r0-r0
[... no stack check here ...]
This CL moves the stack check to the beginning of the bytecode array,
i.e. before SwitchOnGeneratorState.
Bug: chromium:1020031
Change-Id: I8ba8cba99611ddbe50c76023129d926cc84b1d5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903440
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64888}
2019-11-11 13:34:07 +00:00
|
|
|
/* 10 E> */ B(StackCheck),
|
Reland x3 "[runtime] Remove extension slots from context objects"
Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}
TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
Bug: v8:9744
Change-Id: I8700ed2fa62c89e86c39bb16ac3167f38ea8d63f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873695
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64477}
2019-10-22 12:59:24 +00:00
|
|
|
B(CreateFunctionContext), U8(0), U8(4),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(PushContext), R(1),
|
2016-05-11 12:21:56 +00:00
|
|
|
B(Ldar), R(this),
|
2019-10-17 15:58:38 +00:00
|
|
|
B(StaCurrentContextSlot), U8(3),
|
2016-05-11 12:21:56 +00:00
|
|
|
B(CreateMappedArguments),
|
Revert "Reland "[runtime] Move Context::native_context to the map""
This reverts commit c7c47c68f2c0eb1155cfacab785aba54f61d9218.
Reason for revert: breaks TSAN
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/28738
Original change's description:
> Reland "[runtime] Move Context::native_context to the map"
>
> This is a reland of f05bae1e0df48aa6a32d958fb4339a85fefb5179
>
> Previously I presumed that the context read from a frame in the profiler was
> a valid context. Turns out that on non-intel we're not guaranteed that the
> frame is properly set up. In the case we looked at, the profiler took a
> sample right before writing the frame marker indicating a builtin frame,
> causing the "context" pointer from that frame to be a bytecode array. Since
> we'll read random garbage on the stack as a possible context pointer, I made
> the code reading the native context from it a little more defensive.
>
> Bug: v8:9860
>
> Original change's description:
> > [runtime] Move Context::native_context to the map
> >
> > Remove the native context slot from contexts by making context maps
> > native-context-specific. Now we require 2 loads to go from a context to the
> > native context, but we have 1 field fewer to store when creating contexts.
> >
> > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Reviewed-by: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#64296}
>
> Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Auto-Submit: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64314}
TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com
Change-Id: I4f9edc62ea6f9f5857619ff0ad1a63cab4b33cc3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9860
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864937
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64316}
2019-10-16 13:10:30 +00:00
|
|
|
B(StaCurrentContextSlot), U8(5),
|
2019-10-17 15:58:38 +00:00
|
|
|
B(Ldar), R(0),
|
|
|
|
B(StaCurrentContextSlot), U8(4),
|
2018-05-02 13:57:26 +00:00
|
|
|
/* 14 S> */ B(LdaLookupGlobalSlot), U8(1), U8(0), U8(1),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(2),
|
2018-05-02 13:57:26 +00:00
|
|
|
B(LdaConstant), U8(2),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(Star), R(3),
|
2016-05-11 12:21:56 +00:00
|
|
|
B(LdaZero),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(7),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(LdaSmi), I8(10),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(8),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(LdaSmi), I8(14),
|
|
|
|
B(Star), R(9),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Mov), R(2), R(4),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(Mov), R(3), R(5),
|
|
|
|
B(Mov), R(closure), R(6),
|
|
|
|
B(CallRuntime), U16(Runtime::kResolvePossiblyDirectEval), R(4), U8(6),
|
|
|
|
B(Star), R(2),
|
2017-10-19 15:12:42 +00:00
|
|
|
/* 14 E> */ B(CallUndefinedReceiver1), R(2), R(3), U8(2),
|
2018-05-02 13:57:26 +00:00
|
|
|
/* 35 S> */ B(LdaLookupGlobalSlot), U8(3), U8(4), U8(1),
|
2017-07-14 17:50:09 +00:00
|
|
|
/* 44 S> */ B(Return),
|
2016-02-25 12:07:07 +00:00
|
|
|
]
|
|
|
|
constant pool: [
|
2018-05-02 13:57:26 +00:00
|
|
|
SCOPE_INFO_TYPE,
|
2016-09-06 16:10:19 +00:00
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE ["eval"],
|
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE ["var x = 10;"],
|
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE ["x"],
|
2016-02-25 12:07:07 +00:00
|
|
|
]
|
|
|
|
handlers: [
|
|
|
|
]
|
|
|
|
|
|
|
|
---
|
|
|
|
snippet: "
|
|
|
|
eval('var x = 10;'); return typeof x;
|
|
|
|
"
|
2017-08-11 15:16:31 +00:00
|
|
|
frame size: 10
|
2016-02-25 12:07:07 +00:00
|
|
|
parameter count: 1
|
2018-05-02 13:57:26 +00:00
|
|
|
bytecode array length: 64
|
2016-02-25 12:07:07 +00:00
|
|
|
bytecodes: [
|
[interpreter] Move function-entry stack check to start of bytecode array
The function-entry stack check should dominate all other
instructions in a function. Prior to this CL it was possible to create
paths not including a stack check due to SwitchOnGeneratorState: the
generator-creation branch had a stack check, while generator-resume
branches did not.
0 : af fb 00 01 SwitchOnGeneratorState r0, [0], [1] { 0: @22 }
4 : 27 fe fa Mov <closure>, r1
7 : 27 02 f9 Mov <this>, r2
10 : 64 0a fa 02 InvokeIntrinsic [_CreateJSGeneratorObject], r1-r2
14 : 26 fb Star r0
16 : a7 StackCheck
17 : b0 fb fb 01 00 SuspendGenerator r0, r0-r0, [0]
22 : b1 fb fb 01 ResumeGenerator r0, r0-r0
[... no stack check here ...]
This CL moves the stack check to the beginning of the bytecode array,
i.e. before SwitchOnGeneratorState.
Bug: chromium:1020031
Change-Id: I8ba8cba99611ddbe50c76023129d926cc84b1d5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903440
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64888}
2019-11-11 13:34:07 +00:00
|
|
|
/* 10 E> */ B(StackCheck),
|
Reland x3 "[runtime] Remove extension slots from context objects"
Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}
TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
Bug: v8:9744
Change-Id: I8700ed2fa62c89e86c39bb16ac3167f38ea8d63f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873695
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64477}
2019-10-22 12:59:24 +00:00
|
|
|
B(CreateFunctionContext), U8(0), U8(4),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(PushContext), R(1),
|
2016-05-11 12:21:56 +00:00
|
|
|
B(Ldar), R(this),
|
2019-10-17 15:58:38 +00:00
|
|
|
B(StaCurrentContextSlot), U8(3),
|
2016-05-11 12:21:56 +00:00
|
|
|
B(CreateMappedArguments),
|
Revert "Reland "[runtime] Move Context::native_context to the map""
This reverts commit c7c47c68f2c0eb1155cfacab785aba54f61d9218.
Reason for revert: breaks TSAN
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/28738
Original change's description:
> Reland "[runtime] Move Context::native_context to the map"
>
> This is a reland of f05bae1e0df48aa6a32d958fb4339a85fefb5179
>
> Previously I presumed that the context read from a frame in the profiler was
> a valid context. Turns out that on non-intel we're not guaranteed that the
> frame is properly set up. In the case we looked at, the profiler took a
> sample right before writing the frame marker indicating a builtin frame,
> causing the "context" pointer from that frame to be a bytecode array. Since
> we'll read random garbage on the stack as a possible context pointer, I made
> the code reading the native context from it a little more defensive.
>
> Bug: v8:9860
>
> Original change's description:
> > [runtime] Move Context::native_context to the map
> >
> > Remove the native context slot from contexts by making context maps
> > native-context-specific. Now we require 2 loads to go from a context to the
> > native context, but we have 1 field fewer to store when creating contexts.
> >
> > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Reviewed-by: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#64296}
>
> Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Auto-Submit: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64314}
TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com
Change-Id: I4f9edc62ea6f9f5857619ff0ad1a63cab4b33cc3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9860
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864937
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64316}
2019-10-16 13:10:30 +00:00
|
|
|
B(StaCurrentContextSlot), U8(5),
|
2019-10-17 15:58:38 +00:00
|
|
|
B(Ldar), R(0),
|
|
|
|
B(StaCurrentContextSlot), U8(4),
|
2018-05-02 13:57:26 +00:00
|
|
|
/* 14 S> */ B(LdaLookupGlobalSlot), U8(1), U8(0), U8(1),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(2),
|
2018-05-02 13:57:26 +00:00
|
|
|
B(LdaConstant), U8(2),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(Star), R(3),
|
2016-05-11 12:21:56 +00:00
|
|
|
B(LdaZero),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(7),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(LdaSmi), I8(10),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(8),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(LdaSmi), I8(14),
|
|
|
|
B(Star), R(9),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Mov), R(2), R(4),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(Mov), R(3), R(5),
|
|
|
|
B(Mov), R(closure), R(6),
|
|
|
|
B(CallRuntime), U16(Runtime::kResolvePossiblyDirectEval), R(4), U8(6),
|
|
|
|
B(Star), R(2),
|
2017-10-19 15:12:42 +00:00
|
|
|
/* 14 E> */ B(CallUndefinedReceiver1), R(2), R(3), U8(2),
|
2018-05-02 13:57:26 +00:00
|
|
|
/* 35 S> */ B(LdaLookupGlobalSlotInsideTypeof), U8(3), U8(4), U8(1),
|
2016-05-11 12:21:56 +00:00
|
|
|
B(TypeOf),
|
2017-07-14 17:50:09 +00:00
|
|
|
/* 51 S> */ B(Return),
|
2016-02-25 12:07:07 +00:00
|
|
|
]
|
|
|
|
constant pool: [
|
2018-05-02 13:57:26 +00:00
|
|
|
SCOPE_INFO_TYPE,
|
2016-09-06 16:10:19 +00:00
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE ["eval"],
|
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE ["var x = 10;"],
|
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE ["x"],
|
2016-02-25 12:07:07 +00:00
|
|
|
]
|
|
|
|
handlers: [
|
|
|
|
]
|
|
|
|
|
|
|
|
---
|
|
|
|
snippet: "
|
|
|
|
x = 20; return eval('');
|
|
|
|
"
|
2017-08-11 15:16:31 +00:00
|
|
|
frame size: 10
|
2016-02-25 12:07:07 +00:00
|
|
|
parameter count: 1
|
2018-05-02 13:57:26 +00:00
|
|
|
bytecode array length: 64
|
2016-02-25 12:07:07 +00:00
|
|
|
bytecodes: [
|
[interpreter] Move function-entry stack check to start of bytecode array
The function-entry stack check should dominate all other
instructions in a function. Prior to this CL it was possible to create
paths not including a stack check due to SwitchOnGeneratorState: the
generator-creation branch had a stack check, while generator-resume
branches did not.
0 : af fb 00 01 SwitchOnGeneratorState r0, [0], [1] { 0: @22 }
4 : 27 fe fa Mov <closure>, r1
7 : 27 02 f9 Mov <this>, r2
10 : 64 0a fa 02 InvokeIntrinsic [_CreateJSGeneratorObject], r1-r2
14 : 26 fb Star r0
16 : a7 StackCheck
17 : b0 fb fb 01 00 SuspendGenerator r0, r0-r0, [0]
22 : b1 fb fb 01 ResumeGenerator r0, r0-r0
[... no stack check here ...]
This CL moves the stack check to the beginning of the bytecode array,
i.e. before SwitchOnGeneratorState.
Bug: chromium:1020031
Change-Id: I8ba8cba99611ddbe50c76023129d926cc84b1d5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903440
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64888}
2019-11-11 13:34:07 +00:00
|
|
|
/* 10 E> */ B(StackCheck),
|
Reland x3 "[runtime] Remove extension slots from context objects"
Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}
TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
Bug: v8:9744
Change-Id: I8700ed2fa62c89e86c39bb16ac3167f38ea8d63f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873695
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64477}
2019-10-22 12:59:24 +00:00
|
|
|
B(CreateFunctionContext), U8(0), U8(4),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(PushContext), R(1),
|
2016-05-11 12:21:56 +00:00
|
|
|
B(Ldar), R(this),
|
2019-10-17 15:58:38 +00:00
|
|
|
B(StaCurrentContextSlot), U8(3),
|
2016-05-11 12:21:56 +00:00
|
|
|
B(CreateMappedArguments),
|
Revert "Reland "[runtime] Move Context::native_context to the map""
This reverts commit c7c47c68f2c0eb1155cfacab785aba54f61d9218.
Reason for revert: breaks TSAN
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/28738
Original change's description:
> Reland "[runtime] Move Context::native_context to the map"
>
> This is a reland of f05bae1e0df48aa6a32d958fb4339a85fefb5179
>
> Previously I presumed that the context read from a frame in the profiler was
> a valid context. Turns out that on non-intel we're not guaranteed that the
> frame is properly set up. In the case we looked at, the profiler took a
> sample right before writing the frame marker indicating a builtin frame,
> causing the "context" pointer from that frame to be a bytecode array. Since
> we'll read random garbage on the stack as a possible context pointer, I made
> the code reading the native context from it a little more defensive.
>
> Bug: v8:9860
>
> Original change's description:
> > [runtime] Move Context::native_context to the map
> >
> > Remove the native context slot from contexts by making context maps
> > native-context-specific. Now we require 2 loads to go from a context to the
> > native context, but we have 1 field fewer to store when creating contexts.
> >
> > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Reviewed-by: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#64296}
>
> Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Auto-Submit: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64314}
TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com
Change-Id: I4f9edc62ea6f9f5857619ff0ad1a63cab4b33cc3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9860
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864937
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64316}
2019-10-16 13:10:30 +00:00
|
|
|
B(StaCurrentContextSlot), U8(5),
|
2019-10-17 15:58:38 +00:00
|
|
|
B(Ldar), R(0),
|
|
|
|
B(StaCurrentContextSlot), U8(4),
|
2017-01-25 17:39:24 +00:00
|
|
|
/* 14 S> */ B(LdaSmi), I8(20),
|
2018-05-02 13:57:26 +00:00
|
|
|
/* 16 E> */ B(StaLookupSlot), U8(1), U8(0),
|
|
|
|
/* 22 S> */ B(LdaLookupGlobalSlot), U8(2), U8(0), U8(1),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(2),
|
2018-05-02 13:57:26 +00:00
|
|
|
B(LdaConstant), U8(3),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(Star), R(3),
|
2016-05-11 12:21:56 +00:00
|
|
|
B(LdaZero),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(7),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(LdaSmi), I8(10),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(8),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(LdaSmi), I8(29),
|
|
|
|
B(Star), R(9),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Mov), R(2), R(4),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(Mov), R(3), R(5),
|
|
|
|
B(Mov), R(closure), R(6),
|
|
|
|
B(CallRuntime), U16(Runtime::kResolvePossiblyDirectEval), R(4), U8(6),
|
|
|
|
B(Star), R(2),
|
2017-10-19 15:12:42 +00:00
|
|
|
/* 29 E> */ B(CallUndefinedReceiver1), R(2), R(3), U8(2),
|
2017-07-14 17:50:09 +00:00
|
|
|
/* 38 S> */ B(Return),
|
2016-02-25 12:07:07 +00:00
|
|
|
]
|
|
|
|
constant pool: [
|
2018-05-02 13:57:26 +00:00
|
|
|
SCOPE_INFO_TYPE,
|
2016-09-06 16:10:19 +00:00
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE ["x"],
|
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE ["eval"],
|
2019-04-18 09:29:49 +00:00
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE [""],
|
2016-02-25 12:07:07 +00:00
|
|
|
]
|
|
|
|
handlers: [
|
|
|
|
]
|
|
|
|
|
2016-09-16 13:26:44 +00:00
|
|
|
---
|
|
|
|
snippet: "
|
|
|
|
var x = 20;
|
|
|
|
f = function(){
|
|
|
|
eval('var x = 10');
|
|
|
|
return x;
|
|
|
|
}
|
|
|
|
f();
|
|
|
|
"
|
2017-08-11 15:16:31 +00:00
|
|
|
frame size: 10
|
2016-09-16 13:26:44 +00:00
|
|
|
parameter count: 1
|
2018-05-02 13:57:26 +00:00
|
|
|
bytecode array length: 63
|
2016-09-16 13:26:44 +00:00
|
|
|
bytecodes: [
|
[interpreter] Move function-entry stack check to start of bytecode array
The function-entry stack check should dominate all other
instructions in a function. Prior to this CL it was possible to create
paths not including a stack check due to SwitchOnGeneratorState: the
generator-creation branch had a stack check, while generator-resume
branches did not.
0 : af fb 00 01 SwitchOnGeneratorState r0, [0], [1] { 0: @22 }
4 : 27 fe fa Mov <closure>, r1
7 : 27 02 f9 Mov <this>, r2
10 : 64 0a fa 02 InvokeIntrinsic [_CreateJSGeneratorObject], r1-r2
14 : 26 fb Star r0
16 : a7 StackCheck
17 : b0 fb fb 01 00 SuspendGenerator r0, r0-r0, [0]
22 : b1 fb fb 01 ResumeGenerator r0, r0-r0
[... no stack check here ...]
This CL moves the stack check to the beginning of the bytecode array,
i.e. before SwitchOnGeneratorState.
Bug: chromium:1020031
Change-Id: I8ba8cba99611ddbe50c76023129d926cc84b1d5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903440
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64888}
2019-11-11 13:34:07 +00:00
|
|
|
/* 38 E> */ B(StackCheck),
|
Reland x3 "[runtime] Remove extension slots from context objects"
Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}
TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
Bug: v8:9744
Change-Id: I8700ed2fa62c89e86c39bb16ac3167f38ea8d63f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873695
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64477}
2019-10-22 12:59:24 +00:00
|
|
|
B(CreateFunctionContext), U8(0), U8(4),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(PushContext), R(1),
|
2016-09-16 13:26:44 +00:00
|
|
|
B(Ldar), R(this),
|
2019-10-17 15:58:38 +00:00
|
|
|
B(StaCurrentContextSlot), U8(3),
|
2016-09-16 13:26:44 +00:00
|
|
|
B(CreateMappedArguments),
|
Revert "Reland "[runtime] Move Context::native_context to the map""
This reverts commit c7c47c68f2c0eb1155cfacab785aba54f61d9218.
Reason for revert: breaks TSAN
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/28738
Original change's description:
> Reland "[runtime] Move Context::native_context to the map"
>
> This is a reland of f05bae1e0df48aa6a32d958fb4339a85fefb5179
>
> Previously I presumed that the context read from a frame in the profiler was
> a valid context. Turns out that on non-intel we're not guaranteed that the
> frame is properly set up. In the case we looked at, the profiler took a
> sample right before writing the frame marker indicating a builtin frame,
> causing the "context" pointer from that frame to be a bytecode array. Since
> we'll read random garbage on the stack as a possible context pointer, I made
> the code reading the native context from it a little more defensive.
>
> Bug: v8:9860
>
> Original change's description:
> > [runtime] Move Context::native_context to the map
> >
> > Remove the native context slot from contexts by making context maps
> > native-context-specific. Now we require 2 loads to go from a context to the
> > native context, but we have 1 field fewer to store when creating contexts.
> >
> > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Reviewed-by: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#64296}
>
> Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Auto-Submit: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64314}
TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com
Change-Id: I4f9edc62ea6f9f5857619ff0ad1a63cab4b33cc3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9860
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864937
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64316}
2019-10-16 13:10:30 +00:00
|
|
|
B(StaCurrentContextSlot), U8(5),
|
2019-10-17 15:58:38 +00:00
|
|
|
B(Ldar), R(0),
|
|
|
|
B(StaCurrentContextSlot), U8(4),
|
2018-05-02 13:57:26 +00:00
|
|
|
/* 44 S> */ B(LdaLookupGlobalSlot), U8(1), U8(0), U8(1),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(2),
|
2018-05-02 13:57:26 +00:00
|
|
|
B(LdaConstant), U8(2),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(Star), R(3),
|
2016-09-16 13:26:44 +00:00
|
|
|
B(LdaZero),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(7),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(LdaSmi), I8(38),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(8),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(LdaSmi), I8(44),
|
|
|
|
B(Star), R(9),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Mov), R(2), R(4),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(Mov), R(3), R(5),
|
|
|
|
B(Mov), R(closure), R(6),
|
|
|
|
B(CallRuntime), U16(Runtime::kResolvePossiblyDirectEval), R(4), U8(6),
|
|
|
|
B(Star), R(2),
|
2017-10-19 15:12:42 +00:00
|
|
|
/* 44 E> */ B(CallUndefinedReceiver1), R(2), R(3), U8(2),
|
Reland x3 "[runtime] Remove extension slots from context objects"
Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}
TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
Bug: v8:9744
Change-Id: I8700ed2fa62c89e86c39bb16ac3167f38ea8d63f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873695
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64477}
2019-10-22 12:59:24 +00:00
|
|
|
/* 66 S> */ B(LdaLookupContextSlot), U8(3), U8(4), U8(1),
|
2017-07-14 17:50:09 +00:00
|
|
|
/* 75 S> */ B(Return),
|
2016-09-16 13:26:44 +00:00
|
|
|
]
|
|
|
|
constant pool: [
|
2018-05-02 13:57:26 +00:00
|
|
|
SCOPE_INFO_TYPE,
|
2016-09-16 13:26:44 +00:00
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE ["eval"],
|
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE ["var x = 10"],
|
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE ["x"],
|
|
|
|
]
|
|
|
|
handlers: [
|
|
|
|
]
|
|
|
|
|
2016-09-20 10:31:24 +00:00
|
|
|
---
|
|
|
|
snippet: "
|
|
|
|
x = 20;
|
|
|
|
f = function(){
|
|
|
|
eval('var x = 10');
|
|
|
|
return x;
|
|
|
|
}
|
|
|
|
f();
|
|
|
|
"
|
2017-08-11 15:16:31 +00:00
|
|
|
frame size: 10
|
2016-09-20 10:31:24 +00:00
|
|
|
parameter count: 1
|
2018-05-02 13:57:26 +00:00
|
|
|
bytecode array length: 63
|
2016-09-20 10:31:24 +00:00
|
|
|
bytecodes: [
|
[interpreter] Move function-entry stack check to start of bytecode array
The function-entry stack check should dominate all other
instructions in a function. Prior to this CL it was possible to create
paths not including a stack check due to SwitchOnGeneratorState: the
generator-creation branch had a stack check, while generator-resume
branches did not.
0 : af fb 00 01 SwitchOnGeneratorState r0, [0], [1] { 0: @22 }
4 : 27 fe fa Mov <closure>, r1
7 : 27 02 f9 Mov <this>, r2
10 : 64 0a fa 02 InvokeIntrinsic [_CreateJSGeneratorObject], r1-r2
14 : 26 fb Star r0
16 : a7 StackCheck
17 : b0 fb fb 01 00 SuspendGenerator r0, r0-r0, [0]
22 : b1 fb fb 01 ResumeGenerator r0, r0-r0
[... no stack check here ...]
This CL moves the stack check to the beginning of the bytecode array,
i.e. before SwitchOnGeneratorState.
Bug: chromium:1020031
Change-Id: I8ba8cba99611ddbe50c76023129d926cc84b1d5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903440
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64888}
2019-11-11 13:34:07 +00:00
|
|
|
/* 34 E> */ B(StackCheck),
|
Reland x3 "[runtime] Remove extension slots from context objects"
Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}
TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
Bug: v8:9744
Change-Id: I8700ed2fa62c89e86c39bb16ac3167f38ea8d63f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873695
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64477}
2019-10-22 12:59:24 +00:00
|
|
|
B(CreateFunctionContext), U8(0), U8(4),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(PushContext), R(1),
|
2016-09-20 10:31:24 +00:00
|
|
|
B(Ldar), R(this),
|
2019-10-17 15:58:38 +00:00
|
|
|
B(StaCurrentContextSlot), U8(3),
|
2016-09-20 10:31:24 +00:00
|
|
|
B(CreateMappedArguments),
|
Revert "Reland "[runtime] Move Context::native_context to the map""
This reverts commit c7c47c68f2c0eb1155cfacab785aba54f61d9218.
Reason for revert: breaks TSAN
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/28738
Original change's description:
> Reland "[runtime] Move Context::native_context to the map"
>
> This is a reland of f05bae1e0df48aa6a32d958fb4339a85fefb5179
>
> Previously I presumed that the context read from a frame in the profiler was
> a valid context. Turns out that on non-intel we're not guaranteed that the
> frame is properly set up. In the case we looked at, the profiler took a
> sample right before writing the frame marker indicating a builtin frame,
> causing the "context" pointer from that frame to be a bytecode array. Since
> we'll read random garbage on the stack as a possible context pointer, I made
> the code reading the native context from it a little more defensive.
>
> Bug: v8:9860
>
> Original change's description:
> > [runtime] Move Context::native_context to the map
> >
> > Remove the native context slot from contexts by making context maps
> > native-context-specific. Now we require 2 loads to go from a context to the
> > native context, but we have 1 field fewer to store when creating contexts.
> >
> > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Reviewed-by: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#64296}
>
> Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Auto-Submit: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64314}
TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com
Change-Id: I4f9edc62ea6f9f5857619ff0ad1a63cab4b33cc3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9860
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864937
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64316}
2019-10-16 13:10:30 +00:00
|
|
|
B(StaCurrentContextSlot), U8(5),
|
2019-10-17 15:58:38 +00:00
|
|
|
B(Ldar), R(0),
|
|
|
|
B(StaCurrentContextSlot), U8(4),
|
2018-05-02 13:57:26 +00:00
|
|
|
/* 40 S> */ B(LdaLookupGlobalSlot), U8(1), U8(0), U8(1),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(2),
|
2018-05-02 13:57:26 +00:00
|
|
|
B(LdaConstant), U8(2),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(Star), R(3),
|
2016-09-20 10:31:24 +00:00
|
|
|
B(LdaZero),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(7),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(LdaSmi), I8(34),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Star), R(8),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(LdaSmi), I8(40),
|
|
|
|
B(Star), R(9),
|
2017-04-11 14:20:30 +00:00
|
|
|
B(Mov), R(2), R(4),
|
2017-08-11 15:16:31 +00:00
|
|
|
B(Mov), R(3), R(5),
|
|
|
|
B(Mov), R(closure), R(6),
|
|
|
|
B(CallRuntime), U16(Runtime::kResolvePossiblyDirectEval), R(4), U8(6),
|
|
|
|
B(Star), R(2),
|
2017-10-19 15:12:42 +00:00
|
|
|
/* 40 E> */ B(CallUndefinedReceiver1), R(2), R(3), U8(2),
|
2018-05-02 13:57:26 +00:00
|
|
|
/* 62 S> */ B(LdaLookupGlobalSlot), U8(3), U8(4), U8(1),
|
2017-07-14 17:50:09 +00:00
|
|
|
/* 71 S> */ B(Return),
|
2016-09-20 10:31:24 +00:00
|
|
|
]
|
|
|
|
constant pool: [
|
2018-05-02 13:57:26 +00:00
|
|
|
SCOPE_INFO_TYPE,
|
2016-09-20 10:31:24 +00:00
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE ["eval"],
|
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE ["var x = 10"],
|
|
|
|
ONE_BYTE_INTERNALIZED_STRING_TYPE ["x"],
|
|
|
|
]
|
|
|
|
handlers: [
|
|
|
|
]
|
|
|
|
|