This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.
Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).
On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).
R=yangguo@chromium.org
TEST=cctest/test-run-jsexceptions/DeoptTry
Review URL: https://codereview.chromium.org/1010883002
Cr-Commit-Position: refs/heads/master@{#27440}
> There are two reasons that could cause invalid slots appearance in SlotsBuffer:
> 1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
> 2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
> This CL also adds useful machinery that helps triggering incremental write barriers.
> BUG=chromium:454297
> LOG=Y
NOTRY=true
Review URL: https://codereview.chromium.org/1032833002
Cr-Commit-Position: refs/heads/master@{#27433}
Reason for revert:
Need to revert in order to revert https://codereview.chromium.org/1029323003/
Original issue's description:
> Filter invalid slots out from the SlotsBuffer after marking.
>
> There are two reasons that could cause invalid slots appearance in SlotsBuffer:
> 1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
> 2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
>
> This CL also adds useful machinery that helps triggering incremental write barriers.
>
> BUG=chromium:454297
> LOG=Y
>
> Committed: https://crrev.com/5c47c1c0d3e4a488f190c16a64ee02f5a14e6561
> Cr-Commit-Position: refs/heads/master@{#27423}
TBR=hpayer@chromium.org,erik.corry@gmail.com,ishell@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:454297
Review URL: https://codereview.chromium.org/1033453005
Cr-Commit-Position: refs/heads/master@{#27426}
There are two reasons that could cause invalid slots appearance in SlotsBuffer:
1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
This CL also adds useful machinery that helps triggering incremental write barriers.
BUG=chromium:454297
LOG=Y
Review URL: https://codereview.chromium.org/1010363005
Cr-Commit-Position: refs/heads/master@{#27423}
Gather references to unbound variables where the reference (VariableProxy) is
inside strong mode. Check them against the global object when a script is bound
to a context (during compilation).
This CL only checks unbound variables which are not inside lazy functions - TBD
how do we solve that; alternatives: add developer mode which disables laziness /
do the check whenever lazy functions are really compiled.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1005063002
Cr-Commit-Position: refs/heads/master@{#27422}
These are needed (among other things) for a TurboFan-generated
StringAddStub. Furthermore, they can be used to nuke the overly
complex %_IsInstanceType intrisic, it's completely expressible in
JavaScript now, but that will be done in a separate CL.
Alpha-sorted things a bit on the way to ease navigation.
Review URL: https://codereview.chromium.org/1010973010
Cr-Commit-Position: refs/heads/master@{#27415}
This removes the CompilationInfoWithZone class from the header file
because it is more than a pure convenience class and shouldn't be used
outside of the compiler at all.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1000353004
Cr-Commit-Position: refs/heads/master@{#27411}
it is the last patch of https://codereview.chromium.org/1012633002
All that we need here is to push the collected info to the profiler
and convert it into actionable information about deopt.
On the Next: get the info accessible by embedder.
BUG=chromium:452067
LOG=n
TEST=DeoptAtFirstLevelInlinedSource, DeoptAtSecondLevelInlinedSource, DeoptUntrackedFunction
Review URL: https://codereview.chromium.org/1013143003
Cr-Commit-Position: refs/heads/master@{#27403}
This removes the stub-based constructor from CompilationInfoWithZone
as this class is more than a pure convenience class and only by chance
doesn't have an effect in the destructor.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1026513004
Cr-Commit-Position: refs/heads/master@{#27376}
With this change, we remember the types of frame state inputs (in a new
operator, called TypedStateValues). Instead of inferring the value types
when building translations, we used the recorded types.
The original approach was not reliable because the passes after
simplified lowering can change node types, and this in turn confuses
the translation builder.
BUG=chromium:468727
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1015423002
Cr-Commit-Position: refs/heads/master@{#27310}
This reduces the overhead of typed lowering, because we lower
JSToBoolean/JSUnaryNot directly if possible, instead of first lowering
to AnyToBoolean, and then letting the SimplifiedOperatorReducer do the
further lowering.
Also remove some obsolete tests from the cctest suite that have since
been removed by proper unittests. And improve unitttest coverage for the
typed lowering cases.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/999173003
Cr-Commit-Position: refs/heads/master@{#27295}
Updated excludes to remove SKIPs where possible. Either
removing if no longer needed or replacing with SLOW where
tests just need more time to run
modified: test/cctest/cctest.status
modified: test/mjsunit/mjsunit.status
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1017073003
Cr-Commit-Position: refs/heads/master@{#27287}
We were able to remove most of our changes needed to compile
on AIX with an earlier compiler level. These changes are the
remaining ones.
The changes in heap/heap.cc are needed because otherwise the
compiler complains that result is potentially used before
it is initialized.
The changes in heap/mark-compact.cc are required because
AIX supports the full 64 bit address range so the check
being guarded is invalid.
The changes in build/toolchain.gypi and
test/cctest/cctest/gyp are aix only and are adjust the
compile/link options to allow the AIX build to succeed.
modified: build/toolchain.gypi
modified: src/heap/heap.cc
modified: src/heap/mark-compact.cc
modified: test/cctest/cctest.gyp
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1013833002
Cr-Commit-Position: refs/heads/master@{#27255}
In constructing the transfer between loop copies, we need to merge the backedges from all the previous copies of the given loop. The control reduction will work out which ones are really reachable.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1004993004
Cr-Commit-Position: refs/heads/master@{#27246}
The cause was dynamic allocation of an accounting structure used to
create/initialize the type feedback vector, done at the end of the
numbering pass. The solution is to Zone-allocate the structure to
bring it's lifetime in line with the compilation unit.
BUG=
Review URL: https://codereview.chromium.org/1014793003
Cr-Commit-Position: refs/heads/master@{#27241}
A hydrogen code stub is not the best approach because it builds a frame
and doesn't have the technology to discard roots at tail call exits.
Platform-specific stubs provide much better performance at this point.
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/988653003
Cr-Commit-Position: refs/heads/master@{#27235}
The per-isolate compilation cache is a lot faster still than
the serialized code cache. Promote code to compilation cache
after deserialization.
R=vogelheim@chromium.org
BUG=chromium:399580
LOG=N
Review URL: https://codereview.chromium.org/1008363002
Cr-Commit-Position: refs/heads/master@{#27220}
The CL enables the same instructions are selected for Word32 and Word64 compare
operations which is possible due to a fact 32-bit inputs and produced values
are always sign-extended.
TEST=
BUG=
Review URL: https://codereview.chromium.org/1005123002
Cr-Commit-Position: refs/heads/master@{#27212}
Reason for revert:
Increased rate of Chrome crashes. Requires further investigation.
Original issue's description:
> Reland of Remove slots that point to unboxed doubles from the StoreBuffer/SlotsBuffer.
>
> The problem is that tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
> This CL also adds useful machinery that helps triggering incremental write barriers.
>
> BUG=chromium:454297, chromium:465273
> LOG=Y
>
> Committed: https://crrev.com/6d0677d845c47ab9fa297de61d0e3d8e5480a02a
> Cr-Commit-Position: refs/heads/master@{#27141}
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:454297, chromium:465273
Review URL: https://codereview.chromium.org/1004623003
Cr-Commit-Position: refs/heads/master@{#27207}
Basically recognize certain x < y ? x : y constructs and turn that into
Float64Min/Float64Max operations, if the target machine supports that.
On x86 we lower to (v)minsd/(v)maxsd.
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/998283002
Cr-Commit-Position: refs/heads/master@{#27160}
Port 84e90b2d0d
Original commit message:
Four tests are failing due to a problem with no frame ranges.
TEST=cctest/test-cpu-profiler/CollectDeoptEvents
BUG=
Review URL: https://codereview.chromium.org/1000723002
Cr-Commit-Position: refs/heads/master@{#27152}
We can reduce the number of type feedback vector slots required, and
also reduce IC misses.
Review URL: https://codereview.chromium.org/1001533002
Cr-Commit-Position: refs/heads/master@{#27149}
A diamond is unused if the Merge node has no Phi/EffectPhi uses, exactly
two inputs, one IfTrue and one IfFalse, which have the same Branch
control input and no other uses except for the Merge. In this case the
diamond can safely be removed.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1000883003
Cr-Commit-Position: refs/heads/master@{#27148}
The test/cctest/cctest.status and test/mjsunit/mjsunit.status
tests now pass under the simulator so removing these
excludes
modified: test/cctest/cctest.status
modified: test/mjsunit/mjsunit.status
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/995393003
Cr-Commit-Position: refs/heads/master@{#27145}
Since recursive modules are gone, only the top-level scope can have
module inner scopes. Rename Scope::AllocateModulesRecursively to
Scope::AllocateModules, and add test showing the module Variables
are still allocated appropriately in the top level scope.
BUG=v8:1569,v8:3940
LOG=n
Review URL: https://codereview.chromium.org/999893003
Cr-Commit-Position: refs/heads/master@{#27143}
The problem is that tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
This CL also adds useful machinery that helps triggering incremental write barriers.
BUG=chromium:454297, chromium:465273
LOG=Y
Review URL: https://codereview.chromium.org/988363002
Cr-Commit-Position: refs/heads/master@{#27141}
Contribution of PowerPC port (continuation of 422063005,
817143002,866843003, and 901083004). This patch updates
the ppc directories to make them current with changes in
common code as of today.
We had to exclude the test test-serialize/SerializeInternalReference
until we agree on the right way to add those changes for PPC as
outlined in the description in the google doc provided earlier.
We also had to exclude a couple of other tests due to new
failures seen since the last uplevel. We excluded as opposed
to waiting until we could investigate to maximize the chance
of getting PPC compiling in the google repos before new
breaking changes are made.
I'll note that before applying any of our changes the
mozilla part of quickcheck was already broken when using
the lastest repo content so I had to run without that
modified: src/compiler/ppc/code-generator-ppc.cc
modified: src/compiler/ppc/instruction-codes-ppc.h
modified: src/compiler/ppc/instruction-selector-ppc.cc
modified: src/ic/ppc/handler-compiler-ppc.cc
modified: src/ic/ppc/ic-compiler-ppc.cc
modified: src/ppc/assembler-ppc-inl.h
modified: src/ppc/assembler-ppc.cc
modified: src/ppc/assembler-ppc.h
modified: src/ppc/builtins-ppc.cc
modified: src/ppc/code-stubs-ppc.cc
modified: src/ppc/codegen-ppc.cc
modified: src/ppc/full-codegen-ppc.cc
modified: src/ppc/lithium-codegen-ppc.cc
modified: src/ppc/macro-assembler-ppc.cc
modified: src/ppc/macro-assembler-ppc.h
modified: test/cctest/cctest.status
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/994533004
Cr-Commit-Position: refs/heads/master@{#27125}
None of these fields is used in Blink. Embedder always can implement them using existing API.
BUG=chromium:465651
LOG=Y
Review URL: https://codereview.chromium.org/983833006
Cr-Commit-Position: refs/heads/master@{#27113}
We use slightly different schema for JumpTable on arm64 than for x64.
We do a branch (B) to the JumpTable from the code,
then a branch (B) to the end of jump table code
and then branch to the deoptimizer code with putting
the return address into lr register (Call which is actually Blr).
As a result the 'from' address in Deoptimizer always points to
the end of JumpTable code and we can get nothing from this information.
0) I moved save_doubles and needs_frame code out of for_loop.
1) I replaced B commands with Bl so we put different return addresses
to lr register for the different jump table entries and replaced
the final Call with Br which do not touch lr register.
Also I removed the last_entry check so we will always do the Bl
even for the last entry because we need the right address in lr.
I don't think that this will affect the performance because it
just one more branch for entire deopt mechanics.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/984893003
Cr-Commit-Position: refs/heads/master@{#27094}
Provide an intrinsic %MathFloor / %_MathFloor that is used to optimize
both Math.ceil and Math.floor, and use the JS inlining mechanism to
inline Math.ceil into TurboFan code. Although we need to touch code
outside of TurboFan to make this work, this does not affect the way we
handle Math.ceil and/or Math.floor in CrankShaft, because for CrankShaft
the old-style builtin function id based inlining still kicks in first.
Once this solution is stabilized, we can use it for Math.floor as well.
And once that is settled, we can establish it as the unified way to
inline builtins, and get rid of the specialized builtin function id
based inlining at some point.
Note that "builtin" applies to basically every piece of internal
JavaScript/intrinsics based code, so this also applies to the yet to be
defined JavaScript based code stubs and handlers.
BUG=v8:3953
LOG=n
R=yangguo@chromium.org,svenpanne@chromium.org
Review URL: https://codereview.chromium.org/990963003
Cr-Commit-Position: refs/heads/master@{#27086}
Context specialization enables inlining (at least currently it is the
only enabler for inlining), but inlining enables more possibilities for
context specialization. So we really need to run them together.
This is especially important with the "module based builtins" that we're
working towards.
BUG=v8:3952
LOG=n
Review URL: https://codereview.chromium.org/988423004
Cr-Commit-Position: refs/heads/master@{#27085}
since the old style weakness is slated for removal, we might as well reuse the name to limit confusion. additionally I simplified the callback type to a enum to either get internal field values or not
this should be a non-breaking change with the exception of PhantomPersistentValueMap, which is unused.
R=jochen@chromium.org, erikcorry@chromium.org
BUG=
Review URL: https://codereview.chromium.org/989153003
Cr-Commit-Position: refs/heads/master@{#27084}
Rationale: separate the inputs and outputs of parsing + analysis from the business of compiling (i.e. generating machine code).
BUG=
Review URL: https://codereview.chromium.org/974213002
Cr-Commit-Position: refs/heads/master@{#27078}
The original code always returned the first entry from RelocInfo that matched with
bailout_id. But we may have a few different deopt reasons for one bailout_id.
So we need to get the one which matches with a particular call from JumpTable.
We can do this by checking not 'target_address' (it maps to bailout_id)
but 'from' address which maps to a particular JumpTable entry.
The test was reworked so it tests identical functions against different reasons.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/984773003
Cr-Commit-Position: refs/heads/master@{#27076}
Reason for revert:
It caused a lot of Canary crashes.
Original issue's description:
> Remove slots that point to unboxed doubles from the StoreBuffer/SlotsBuffer.
>
> The problem is that tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
> This CL also adds useful machinery that helps triggering incremental write barriers.
>
> BUG=chromium:454297
> LOG=Y
>
> Committed: https://crrev.com/9633ebabd405c264d33f603f8798c31f59418dcd
> Cr-Commit-Position: refs/heads/master@{#27054}
TBR=verwaest@chromium.org,hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:454297
Review URL: https://codereview.chromium.org/991793002
Cr-Commit-Position: refs/heads/master@{#27063}
We mark certain builtins for inlining, and those should always be
inlined into optimized code (CrankShaft already handles it this way), so
we should support that in TurboFan as well. Currently this mainly
affects a certain set of Math functions, but once have the basics in
place we can extend this to any kind of builtin/code stub/accessor.
This adds a new flag --turbo_builtin_inlining (enabled by default), that
forces the inliner to always inline builtins marked for inlining, but
does not affect inlining of other functions (this is still controlled by
the --turbo-inlining flag).
BUG=v8:3952
LOG=n
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/993473002
Cr-Commit-Position: refs/heads/master@{#27059}
The problem is that tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
This CL also adds useful machinery that helps triggering incremental write barriers.
BUG=chromium:454297
LOG=Y
Review URL: https://codereview.chromium.org/957273002
Cr-Commit-Position: refs/heads/master@{#27054}
Original issue: https://codereview.chromium.org/980573002/
Simple transitions are now stored in a map's "transitions" field (as a WeakCell wrapping the target map); full TransitionArrays are used when that's not sufficient.
To encapsulate these storage format implementation details, functions for manipulating and querying transitions have been refactored to be static functions on the TransitionArray class, and take maps as inputs.
Review URL: https://codereview.chromium.org/988703002
Cr-Commit-Position: refs/heads/master@{#27044}
This keeps dying maps alive for FLAG_retain_maps_for_n_gc garbage collections
to increase chances of them being reused for new objects in future and
decrease number of deoptimizations.
BUG=v8:3664
LOG=N
TEST=cctest/test-heap/MapRetaining
Review URL: https://codereview.chromium.org/980523004
Cr-Commit-Position: refs/heads/master@{#27040}
Reason for revert:
Some tests still flaky
Original issue's description:
> CpuProfiler: enable tests except four failing tests.
>
> Four tests are failing due to a problem with no frame ranges.
>
> BUG=
> LOG=n
>
> Committed: https://crrev.com/2be160e726f2be6272b77e53fbd556aded6024f1
> Cr-Commit-Position: refs/heads/master@{#27035}
TBR=yurys@chromium.org,svenpanne@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/987553005
Cr-Commit-Position: refs/heads/master@{#27037}
This makes sure that any pending message is saved before entering
and restored after exiting a finally block. It also makes sure that
operand stacks are kept in sync to full-codegen.
R=bmeurer@chromium.org
TEST=cctest/test-run-jsexceptions/ThrowMessage
Review URL: https://codereview.chromium.org/979173002
Cr-Commit-Position: refs/heads/master@{#27036}
Four tests are failing due to a problem with no frame ranges.
BUG=
LOG=n
Review URL: https://codereview.chromium.org/976203003
Cr-Commit-Position: refs/heads/master@{#27035}
External references are encoded as a tuple of type and ID. This
requires both the external reference encode and the decoder to
create a mapping between the encoding and the external reference
table index.
Instead, we simply use the external reference table index as
encoding.
We now also assume that there are no duplicate entries. Existing
duplicates have been removed in this change.
R=vogelheim@chromium.org
Review URL: https://codereview.chromium.org/982773003
Cr-Commit-Position: refs/heads/master@{#27033}
Reason for revert:
x64 test failures
Original issue's description:
> Simplify and compact transitions storage
>
> Simple transitions are now stored in a map's "transitions" field (as a WeakCell wrapping the target map); full TransitionArrays are used when that's not sufficient.
> To encapsulate these storage format implementation details, functions for manipulating and querying transitions have been refactored to be static functions on the TransitionArray class, and take maps as inputs.
>
> Committed: https://crrev.com/45fbef7f2252fce10634931cb103ccc1fc95ae6a
> Cr-Commit-Position: refs/heads/master@{#27029}
TBR=verwaest@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/982143002
Cr-Commit-Position: refs/heads/master@{#27030}
Simple transitions are now stored in a map's "transitions" field (as a WeakCell wrapping the target map); full TransitionArrays are used when that's not sufficient.
To encapsulate these storage format implementation details, functions for manipulating and querying transitions have been refactored to be static functions on the TransitionArray class, and take maps as inputs.
Review URL: https://codereview.chromium.org/980573002
Cr-Commit-Position: refs/heads/master@{#27029}
If function.name property has string type then stack frame will contain it otherwise DebugName from shared function info.
BUG=17356
LOG=Y
R=yurys@chromium.org
Review URL: https://codereview.chromium.org/917743002
Cr-Commit-Position: refs/heads/master@{#27025}
Internal references are absolute addresses into the instruction
stream. Turn them into relative addresses when serializing and
back when deserializing to keep them valid.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/976623002
Cr-Commit-Position: refs/heads/master@{#27020}
According to Source Map specification [1] source map url can be passed either as a magic comment at the end of script or as SourceMap http header. We already parse the former value and expose it on Script object. This change allows to unify the way we deal with source map urls received in http header by providing api for passing that url into the script being compiled.
source_map_url is intentionally not passed into CompilationCacheScript::Lookup. The cache is anyways disabled when debugger is on.
[1] https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k/edit
LOG=Y
BUG=chromium:462572
Review URL: https://codereview.chromium.org/983603003
Cr-Commit-Position: refs/heads/master@{#27017}
This extends the stack unwinding logic to respect optimized frames
and perform a lookup in the handler table to find handlers. It also
contains fixes to the API call stubs to allow a stack walk while
promoting scheduled exceptions.
R=jarin@chromium.org
TEST=cctest/test-run-jsexceptions
Review URL: https://codereview.chromium.org/969533004
Cr-Commit-Position: refs/heads/master@{#27016}
This adds support for the double bits intrinsics to TurboFan, and is
a first step towards fast Math functions inlined into TurboFan code
or even compiled by themselves with TurboFan.
Review URL: https://codereview.chromium.org/974313002
Cr-Commit-Position: refs/heads/master@{#27006}
Experimental globals are simply flag values on the builtins object to
turn on/off harmony features. We still need to declare them even when
we don't turn on harmony features for the snapshot.
R=vogelheim@chromium.org
Review URL: https://codereview.chromium.org/978813002
Cr-Commit-Position: refs/heads/master@{#26992}
We now have BreakLocation::Iterator to iterate via RelocIterator, and
create a BreakLocation when we are done iterating. The reloc info is
stored in BreakLocation in a GC-safe way and instantiated on demand.
R=ulan@chromium.org
BUG=v8:3924
LOG=N
Review URL: https://codereview.chromium.org/967323002
Cr-Commit-Position: refs/heads/master@{#26983}
Re-installing experimental natives after deserialization causes failures if
said experimental native is already included in the snapshot. However, there
is no way to tell whether a certain harmony feature has been included.
Experimental natives may also be turned on/off on-demand, which a snapshot
that includes them would not support for all cases.
The simple solution for the meantime is to never include experimental natives
in the snapshot and initialize them after deserialization on-demand.
R=vogelheim@chromium.org
Review URL: https://codereview.chromium.org/981473002
Cr-Commit-Position: refs/heads/master@{#26982}
This just contains test, no fixes. Note that some of the tests are
still disabled because they either fail or we don't want ClusterFuzz
to pick up the flag yet.
R=jarin@chromium.org
TEST=cctest/test-run-jsexceptions/Deopt,mjsunit/compiler/try-deopt
Review URL: https://codereview.chromium.org/972943004
Cr-Commit-Position: refs/heads/master@{#26968}
Contribution of PowerPC port (continuation of 422063005, 817143002,
866843003, and 901083004. This patch updates the ppc directories
to make them current with changes in common code, removes the
optimization to use the ool constant pool, and excludes tests that
don't pass under the ppc simulator given a 240s timeout.
Subsequent patches will cover:
- remaining optimizations for PPC
- remaining AIX changes not resolved by 4.8 compiler (4.8 is only recently available for AIX)
- incremental updates required to ppc directories due to platform specific changes made
in google repos while we complete the above steps.
modified: src/compiler/ppc/code-generator-ppc.cc
modified: src/ic/ppc/handler-compiler-ppc.cc
modified: src/ppc/assembler-ppc-inl.h
modified: src/ppc/assembler-ppc.cc
modified: src/ppc/assembler-ppc.h
modified: src/ppc/builtins-ppc.cc
modified: src/ppc/code-stubs-ppc.cc
modified: src/ppc/debug-ppc.cc
modified: src/ppc/deoptimizer-ppc.cc
modified: src/ppc/frames-ppc.cc
modified: src/ppc/frames-ppc.h
modified: src/ppc/full-codegen-ppc.cc
modified: src/ppc/lithium-codegen-ppc.cc
modified: src/ppc/lithium-ppc.cc
modified: src/ppc/lithium-ppc.h
modified: src/ppc/macro-assembler-ppc.cc
modified: src/ppc/macro-assembler-ppc.h
modified: test/cctest/cctest.status
modified: test/mjsunit/mjsunit.status
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/965823002
Cr-Commit-Position: refs/heads/master@{#26951}
On 64-bit targets, we can skip the write barrier for Store nodes if the
input is ChangeInt32ToTagged, because the value being stored is
definitely represented as a smi then.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/968113002
Cr-Commit-Position: refs/heads/master@{#26934}
This required fixing the exports_ hash map to use the appropriate
comparison function instead of pointer comparison.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/960793003
Cr-Commit-Position: refs/heads/master@{#26920}
For now we just use the RawMachineAssembler, this will be changed
later to use the whole TurboFan pipeline.
Review URL: https://codereview.chromium.org/925373002
Cr-Commit-Position: refs/heads/master@{#26902}
This also adds a new VariableMode, IMPORT, which will be
used to do appropriate binding for Import-declared Variables.
Only named imports are handled for now. "import *" and default
import syntaxes have had their TODOs adjusted to match the new
code structure.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/948303004
Cr-Commit-Position: refs/heads/master@{#26895}
This reverts commit b57be748b1 and
disables the test/mjsunit/debug-clearbreakpointgroup.js because
BreakLocationIterator::ClearBreakPoint is already broken for unrelated reasons (see v8:3924).
BUG=v8:3877
LOG=N
TEST=cctest/test-heap/Regress3877
Review URL: https://codereview.chromium.org/957373002
Cr-Commit-Position: refs/heads/master@{#26893}
Reason for revert:
Breaks test/mjsunit/debug-clearbreakpointgroup.js on arm64.debug.
Original issue's description:
> Fix memory leak caused by field type in descriptor array.
>
> When a field type is a map, it is wrapped in a weak cell upon storing to the descriptor array.
>
> Map::GetFieldType(i) does the unwrapping.
>
> BUG=v8:3877
> LOG=N
> TEST=cctest/test-heap/Regress3877
>
> Committed: https://crrev.com/77d3ae0e119893ac8d34ea6ca090cddd5bbf987e
> Cr-Commit-Position: refs/heads/master@{#26879}
TBR=verwaest@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3877
Review URL: https://codereview.chromium.org/960103003
Cr-Commit-Position: refs/heads/master@{#26883}
When a field type is a map, it is wrapped in a weak cell upon storing to the descriptor array.
Map::GetFieldType(i) does the unwrapping.
BUG=v8:3877
LOG=N
TEST=cctest/test-heap/Regress3877
Review URL: https://codereview.chromium.org/955063002
Cr-Commit-Position: refs/heads/master@{#26879}
The FunctionLiteral returned from the parser for modules now has a MODULE_SCOPE,
instead of associating the module scope with a Block inside it. This makes
it easy to get at the ModuleDescriptor from the caller of Parse(), so I've added
a basic test that pokes at the scope and the descriptor. Expect more tests
in this vein.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/953983002
Cr-Commit-Position: refs/heads/master@{#26836}
Contribution of PowerPC port (continuation of 422063005, 817143002,
866843003, and 901083004. The bulk of the changes are to remove some
hard coded assumptions about heap page size within existing tests.
The remaining change is to use a larger heap page size for PPC linux
as this provides a performance benefit due to the larger memory page size.
modified: src/base/build_config.h
modified: src/heap/heap.cc
modified: test/cctest/test-alloc.cc
modified: test/cctest/test-constantpool.cc
modified: test/cctest/test-heap.cc
modified: test/cctest/test-spaces.cc
modified: test/cctest/test-weakmaps.cc
modified: test/cctest/test-weaksets.cc
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/910333004
Cr-Commit-Position: refs/heads/master@{#26833}
This also includes a regression test for crbug/459512.
BUG=chromium:459512
LOG=N
Review URL: https://codereview.chromium.org/947103002
Cr-Commit-Position: refs/heads/master@{#26795}
Reason for revert:
See crbug.com/460412 and crbug.com/460356. Reverting on master in order to roll from master again soon.
Original issue's description:
> Correctly propagate terminate exception in TryCall.
>
> BUG=v8:3892
> LOG=Y
>
> Committed: https://crrev.com/a49b55b78844557b65a98e7a77dd26078157ed7f
> Cr-Commit-Position: refs/heads/master@{#26685}
TBR=ishell@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3892
Review URL: https://codereview.chromium.org/946973004
Cr-Commit-Position: refs/heads/master@{#26792}
Add() becomes AddLocalExport, which takes an export_name and a local_name.
New parsing tests exercise this.
Also start generating exports for default exports (though this doesn't yet
handle anonymous default exports).
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/934323004
Cr-Commit-Position: refs/heads/master@{#26758}
The root of problem is the fact that we don't track the position of 'this' statement but use them when visit compare statement.
As a result we have -1 as the position of left expression and the resulting relative position is negative and doesn't fit into BitField.
BUG=452067
TEST=test-cpu-profiler/SourceLocation
LOG=n
Review URL: https://codereview.chromium.org/940593002
Cr-Commit-Position: refs/heads/master@{#26741}
Additionally handlify the "transition" field so that GC can stop caring about it.
BUG=
Review URL: https://codereview.chromium.org/935033003
Cr-Commit-Position: refs/heads/master@{#26718}
This gets Variable and VariableProxy out of the business of worrying about
Interfaces.
At the same time, get rid of the notion of "module variables". In ES6, variables
that refer to modules will be simply be CONST bindings to module namespace
objects.
The only change in logic here is one more early error:
duplicate export names are now rejected.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/918373002
Cr-Commit-Position: refs/heads/master@{#26708}
This adds a new ControlFlowOptimizer that - for now - recognizes chains
of Branches generated by the SwitchBuilder for a subset of javascript
switches into Switch nodes. Those Switch nodes are then lowered to
either table or lookup switches.
Also rename Case to IfValue (and introduce IfDefault) for consistency.
BUG=v8:3872
LOG=n
Review URL: https://codereview.chromium.org/931623002
Cr-Commit-Position: refs/heads/master@{#26691}
Previous approach for property reconfiguration was to create a free-floating map with generalized representations of all fields. This patch does it right.
When property is reconfigured either by changing its kind (kData <-> kAccessor) or its attributes it implies creation of a new branch in transition tree. If such a branch already existed before reconfiguration then it should be merged with the old (or source) branch of the transition tree. Merging procedure includes all the heavy machinery such as property location changes (kDescriptor -> kField), field representation/field type generalization, map deprecation, etc.
Review URL: https://codereview.chromium.org/888623002
Cr-Commit-Position: refs/heads/master@{#26667}
and "Just visit young array buffers during scavenge. Additionally keep the views in new space in a separate global list and move them to the corresponding array buffers when they get promoted."
This reverts commit 295ab27830
and commit bd61a85faf.
TBR=hpayer@chromium.org
NOTRY=true
Review URL: https://codereview.chromium.org/929973002
Cr-Commit-Position: refs/heads/master@{#26653}
The preparser needs to log the usage of super properties and then update
the scope when we create the function later.
BUG=v8:3888
LOG=N
R=dslomov@chromium.org, marja
Review URL: https://codereview.chromium.org/923683002
Cr-Commit-Position: refs/heads/master@{#26642}
It is a default option for some try bots.
otherwise compilation fails on
DCHECK(layout_descriptor->IsConsistentWithMap(*map));
BUG=none
LOG=n
Review URL: https://codereview.chromium.org/920993003
Cr-Commit-Position: refs/heads/master@{#26636}
1) create beefy RelocInfo table when cpu profiler is active, so if a function
was optimized when profiler was active RelocInfo would get separate DeoptInfo
for the each deopt case.
2) push DeoptInfo from CodeEntry to ProfileNode.
When deopt happens we put the info collected on #1 into CodeEntry and record stack sample.
On the sampling thread we grab the deopt data and append it to the corresponding ProfileNode deopts list.
Sample profile dump.
[Top down]:
0 (root) 0 #1
1 29 #2
1 test 29 #3
2 opt_function 29 #4
2 opt_function 29 #5
deopted at 118 with reason 'not a heap number'
deopted at 137 with reason 'division by zero'
BUG=452067
LOG=n
Committed: https://crrev.com/ce8701b247d3c6604f24f17a90c02d17b4417f54
Cr-Commit-Position: refs/heads/master@{#26615}
Review URL: https://codereview.chromium.org/919953002
Cr-Commit-Position: refs/heads/master@{#26630}
Reason for revert:
static initializers broke the build
Original issue's description:
> CPUProfiler: Push deopt reason further to ProfileNode.
>
> 1) create beefy RelocInfo table when cpu profiler is active, so if a function
> was optimized when profiler was active RelocInfo would get separate DeoptInfo
> for the each deopt case.
>
> 2) push DeoptInfo from CodeEntry to ProfileNode.
> When deopt happens we put the info collected on #1 into CodeEntry and record stack sample.
> On the sampling thread we grab the deopt data and append it to the corresponding ProfileNode deopts list.
>
> Sample profile dump.
> [Top down]:
> 0 (root) 0 #1
> 1 29 #2
> 5 test 29 #3
> 3 opt_function 29 #4
> deopted at 52 with reason 'not a heap number'
> deopted at 71 with reason 'division by zero'
>
> BUG=452067
> LOG=n
>
> Committed: https://crrev.com/ce8701b247d3c6604f24f17a90c02d17b4417f54
> Cr-Commit-Position: refs/heads/master@{#26615}
TBR=jarin@chromium.org,svenpanne@chromium.org,yurys@chromium.org,alph@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=452067
Review URL: https://codereview.chromium.org/915173005
Cr-Commit-Position: refs/heads/master@{#26616}
1) create beefy RelocInfo table when cpu profiler is active, so if a function
was optimized when profiler was active RelocInfo would get separate DeoptInfo
for the each deopt case.
2) push DeoptInfo from CodeEntry to ProfileNode.
When deopt happens we put the info collected on #1 into CodeEntry and record stack sample.
On the sampling thread we grab the deopt data and append it to the corresponding ProfileNode deopts list.
Sample profile dump.
[Top down]:
0 (root) 0 #1
1 29 #2
5 test 29 #3
3 opt_function 29 #4
deopted at 52 with reason 'not a heap number'
deopted at 71 with reason 'division by zero'
BUG=452067
LOG=n
Review URL: https://codereview.chromium.org/919953002
Cr-Commit-Position: refs/heads/master@{#26615}
Parser must be able to operate independent of Isolate and the V8 heap during
parsing. After the heap-independent phase, there is a heap dependent phase,
during which we internalize strings, handle errors, etc.
This makes Isolate (also via CompilationInfo) unaccessible during parsing, and
thus decreases the probability of accidental code changes which would add
heap-dependent operations into the heap-independent phase.
Since Isolate is also accessible via CompilationInfo, now CompilationInfo is
only passed to the entry points of parsing, and not stored in Parser.
R=rossberg@chromium.org
BUG=
Review URL: https://codereview.chromium.org/908173003
Cr-Commit-Position: refs/heads/master@{#26612}
Use a fake code stub instead, basically following the null object pattern.
Review URL: https://codereview.chromium.org/918973002
Cr-Commit-Position: refs/heads/master@{#26610}
Previously, emitting two more more unique source positions at the same pc would
generate two or more RelocInfo entries. Now, only the last emitted source
position for any pc is added to the RelocInfo.
Review URL: https://codereview.chromium.org/908443002
Cr-Commit-Position: refs/heads/master@{#26608}
This reduces young generation garbage collections when many array buffers are allocated.
BUG=
Review URL: https://codereview.chromium.org/904633003
Cr-Commit-Position: refs/heads/master@{#26605}
A CompilationInfo constructed from just an Isolate* and a Zone* is in
weird an inconsistent state (calling e.g. flags() on it will crash),
so we need to avoid them. This CL removes almost all of them, the
remaining 2 call sites in (for testing only) will be handled in a
separate CL. Things which have been changed:
* Linkage is basically a decorator for CallDescriptor now.
* ChangeLowering doesn't need Linkage at all.
* JSGenericLowering doesn't need a full CompilationInfo*, just a
single flag.
* JSContextSpecializer doesn't need the full CompilationInfo, just a
Context.
* Removed unused CompilationInfo from SimplifiedLoweringTester.
This nicely decouples things already a bit more, but there's still
work to do...
Review URL: https://codereview.chromium.org/899803003
Cr-Commit-Position: refs/heads/master@{#26580}
Function.prototype.toMethod was removed from ES6.
This removes the function and updates the tests to either
use %ToMethod or a dedicated syntax (using concise method
or a class).
BUG=v8:3330
LOG=N
R=dslomov@chromium.org, adamk
Review URL: https://codereview.chromium.org/914713002
Cr-Commit-Position: refs/heads/master@{#26559}
