Optimize String.p.split for the case when the separator is empty and
the subject is a direct one-byte string.
Bug: v8:7103
Change-Id: Ica277d2c426679a1f77a1ef8ecb523bd596f65fb
Reviewed-on: https://chromium-review.googlesource.com/1045950
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53260}
This also includes the precise reducer name. Currently the information
is available in the node tooltip in turbolizer. The new shortcut 's' in
the graph view selects the nodes the currently selected nodes were created
from.
Bug: v8:7327
Change-Id: I7ca7327d0cfa112972e3567df6e4a223c8eff3c0
Reviewed-on: https://chromium-review.googlesource.com/1064059
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53258}
When processing imports of an instance, we were storing pointers to
exported (and re-imported) wasm functions in the code table of the
importing module. This is dangerous since imports are instance specific.
Avoid ever storing call targets for imports in the NativeModule.
Instead, read the call targets from the imports table of the instance.
R=mstarzinger@chromium.org
Bug: chromium:843563
Change-Id: Id9f43a6c127025a5feaa81b2be75c001bc0bea81
Reviewed-on: https://chromium-review.googlesource.com/1065774
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53256}
The js-to-wasm wrappers are shared across instances, so we cannot
directly call the instance-specific wasm-to-js wrappers. Instead, we
need to call via the import table.
R=titzer@chromium.org
Bug: chromium:843563
Change-Id: Ia882604f6769472fe2eb69176cbed728215ced29
Reviewed-on: https://chromium-review.googlesource.com/1064610
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53254}
Making it into more "idiomatic" Torque code (we are still defining what that means).
Template specialization on double and fast fixed arrays allowed me to cut
down on the boilerplate.
Bug: v8:7672
Change-Id: Ia35706993a9e2ea087ecc3ef93b3a5864ec97827
Reviewed-on: https://chromium-review.googlesource.com/1064054
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53246}
This was set very regularly in FillFunctionInfo, but it was almost
always set to kNoReason, because the associated SFI had no bailout
reason. Given that having a bailout reason is the rare case, we
just assume an empty bailout reason, and use the rare_data_ struct
to store the string pointer if we do need it.
This saves another pointer of space on the CodeEntry object (approx
1.4 MiB on the node server example).
Bug: v8:7719
Change-Id: I8e2272b572285ddf353ba0b303e6da095b7d5272
Reviewed-on: https://chromium-review.googlesource.com/1064370
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53244}
Long timezone names overflowed the timezone cache which had a static
length of 100. This uses dynamically allocated std::strings as backing
stores instead.
Bug: chromium:842085
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I3da474c8b7c530b0933018c6239021979c320043
Reviewed-on: https://chromium-review.googlesource.com/1064111
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53243}
We need to change WasmExportedFunction to call imported functions via
the import table, so there will be no embedded call target.
This also removes the necessity to generate an unreachable call after
the runtime call for js-incompatible signatures.
R=titzer@chromium.org
Bug: chromium:843563,v8:6668
Change-Id: I82cb31930f6b61ad59fde63a8c5ae631da3d1a14
Reviewed-on: https://chromium-review.googlesource.com/1063771
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53239}
Turn `debug::EntriesPreview` into a public API.
This is a straightforward approach to addressing
https://github.com/nodejs/node/issues/20409
(not relying on functionality behind `--allow-natives-syntax`)
in Node.js.
Refs: https://github.com/nodejs/node/issues/20409
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I7021e5846012a55a82c488408ded6591f6b139e7
Reviewed-on: https://chromium-review.googlesource.com/1057467
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53226}
Also fixup some implementations that were lagging behind per the lack of
pure virtual not having enforced everything yet.
Also fixed recently introduced
PredictablePlatform::CallDelayedOnWorkerThread() to ignore delayed tasks
after realizing the intent is to intercept worker tasks instead of
sending them to |platform_|.
Node.js migrated off these APIs @
https://github.com/v8/node/pull/69R=ahaas@chromium.org, yangguo@chromium.org
Bug: chromium:817421
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I92171f213b5fc64ab1f21e8eec72738f5ce228bd
Reviewed-on: https://chromium-review.googlesource.com/1045310
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53223}
Currently ProfilerListener holds all the CodeEntries it ever
created during the profiling session. It is not capable of removing
entries corresponding to the code objects discarded by GC as there's
no such code event.
However it is sometimes possible to tell if a code object was GCed.
Hook up to the CodeMap code entry removal and if the entry has never
been hit by a sample we can safely delete it.
As a bonus the CodeEntryInfo size has been reduced on x64, which also
saves 8 x <number of code entries> bytes.
BUG=v8:7719
Change-Id: I988bc5b59f3fba07157a9f472cbcf68596fcd969
Reviewed-on: https://chromium-review.googlesource.com/1054346
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53222}
In the context of launching Liftoff, this will help us estimate the code
size increase and find a good value for the maximum allowed code space.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ie76172edbf136629636911fe97c7ecdc940be86d
Reviewed-on: https://chromium-review.googlesource.com/1061497
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53220}
- Changes WASM serialization to copy misaligned code into an aligned
buffer before relocating. This extra copy will eventually go away
when code is mapped into the process.
- Serialized code buffers no longer need padding to align their
contents.
Change-Id: Ib016c69b5099a4cf039dcd3d36a48f076033227c
Reviewed-on: https://chromium-review.googlesource.com/1060471
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53219}
This CL adds the new type expression
builtin(Context, ArgType1, ...) => ReturnType
and allows to use Torque-defined builtins as values of this type, as well
as calling values of this type.
The new function pointer types are subtypes of Code.
Change-Id: Ib7ba3ce6ef7a8591a4c79230dd189fd25698d5b9
Reviewed-on: https://chromium-review.googlesource.com/1060056
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53217}
It is possible for user code to modify fast regexp result objects
before they are used e.g. by RegExp.p.match, so we may not make any
assumptions about their contents. The only exception is when the
RegExp itself is fast.
Bug: chromium:843022
Change-Id: I14eafbdfb2b2ced609da1391b57c73cbe167f7fb
Reviewed-on: https://chromium-review.googlesource.com/1061455
Reviewed-by: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53210}
The term memory usually refers to the wasm memory. In the
{NativeModule}, we store pools for allocated and available code space.
This CL changes naming to make clear that this is code space and not
memory.
R=titzer@chromium.org
Bug: v8:7754
Change-Id: I195bf5c9227ad246af302ae1e98f9c839a02adbf
Reviewed-on: https://chromium-review.googlesource.com/1061495
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53208}
In WebAssembly benchmarks I saw Binop instructions with 6 inputs. We
don't know how many inputs there can actually be, so we conservatively
increase the number to 8 now.
R=jarin@chromium.org
Bug=chromium:842501
Change-Id: Id087481e7e524006c2f03fc545f9e35d1cad1fe8
Reviewed-on: https://chromium-review.googlesource.com/1061114
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53207}
The CallIC class is obsolete and unused for a long time, and the
IC::FrameDepth was only there to support the additional frame
that was imposed by the CallFunctionStub. All of that is long gone, so
we don't need that here.
Bug: v8:7754
Change-Id: Ic82f68b325e3e10e285e30111053ffffd547f965
Reviewed-on: https://chromium-review.googlesource.com/1061354
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53206}
As my mum used to say: When it comes to flushing, later is better than early.
Tentative fix for Android invoke crashers with write protection code
enabled.
Bug: chromium:842862
Change-Id: Ib37115883a6fa615c9514aeb543dc3527335803a
Reviewed-on: https://chromium-review.googlesource.com/1059673
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53202}
This adds a filter option for --trace-turbo, --trace-turbo-graph
and --trace-turbo-scheduled. The filter is a pattern that matches
function names in this way:
"*" all; the default
"-" all but the top-level function
"-name" all but the function "name"
"" only the top-level function
"name" only the function "name"
"name*" only functions starting with "name"
"~" none; the tilde is not an identifier
Bug: v8:7761
Change-Id: I7e8e726023f2c72754b0dd691d790af20b022fd3
Reviewed-on: https://chromium-review.googlesource.com/1059774
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53201}
The problem occurs when getting an unused register causes spilling, but
the generated code is not executed because of a branch, resulting in
loss of data.
BUG=
TEST=cctest/test-run-wasm/RunWasmLiftoff_I64Sh*
Change-Id: Icdb897df42059ed27bec57fcf91cc8338e4598f3
Reviewed-on: https://chromium-review.googlesource.com/1060213
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#53200}
This CL consolidates CopyFromPrototype and RemoveArrayHoles into a
single runtime function. It also creates two small helper functions
that are needed in both pre-processing steps.
Additionally it removes the return value from CopyFromPrototype since
it is no longer needed (it was previously used by a sort post-
processing step that no longer exists).
Bug: v8:7382
Change-Id: I7f9b00c1bc639d2118fdecef9c3b45c2cf010310
Reviewed-on: https://chromium-review.googlesource.com/1051887
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53199}
- I think d8's ability to load es6 modules is important enough to
document through the CLI
- I also tried to simplify the d8/shell CLI synopsis
This is my first patch; I can't run the automated test suite.
Change-Id: I6376542f57f11dd8ec53be9b53f3d17d46a86fed
Reviewed-on: https://chromium-review.googlesource.com/1056530
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53198}
Array.indexOf accepts an optional fromIndex argument. When non-negative,
this argument restricts the searched indices to those starting at
fromIndex:
[1, 2, 1].indexOf(1,1) == 2
When negative, it is meant to be added to the array length to provide
such initial index for the search:
[1, 2, 1].indexOf(1, -2) == 2
This transformation has been done by the non-optimised builtin but not
by the reducer. The CL adds this construction to the reducer.
Bug: chromium:842612
Change-Id: I0ff089997f4ebb4dc3c2923e52c382a8a96cd711
Reviewed-on: https://chromium-review.googlesource.com/1059628
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Vaclav Brozek <vabr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53197}
Adds Page::MakeHeaderRelocatable that clears pointers to objects
outside the space. In this case relocatable means the entire page
heading is position independent in memory, meaning it could be saved to
disk and reloaded at a different memory location in a new process
without there being any invalid pointers.
Currently this only affects mutex_, locate_tracker_ and reservation_.
Additionally makes VerifyHeap work when there's no mutex in a Page.
This is just a stepping stone to making the Pages headers relocatable
since heap_ and owner_ still point out of the Page.
Also removes the empty ReadOnlySpace destructor.
Bug: v8:7464
Change-Id: Ife3c06575fa73a5818c4991fb9bec30a5f43901d
Reviewed-on: https://chromium-review.googlesource.com/1054879
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53196}
This function didn't account for addresses of api-provided external
references, leading to out-of-bound reads on external_reference_table.
(This happened to me when printing a code object in gdb, I'm not sure
how to easily test it.)
Also remove an unused method from the private Value class.
R=jgruber@chromium.org
Change-Id: Id14fed3fb3866df750bcad8f4a02c61748b07ad3
Reviewed-on: https://chromium-review.googlesource.com/1060035
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53195}
Code generation introduces indirections if a builder exists (and the
serializer is active). These indirections are not necessary outside of
embedded builtins (e.g. in bytecode handlers), so let's reduce its
lifetime.
Bug: v8:6666
Change-Id: I57207012997786f599f79f0982da61eea26f3e22
Reviewed-on: https://chromium-review.googlesource.com/1059114
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53194}
https://github.com/tc39/proposal-intl-locale
Rename locale property to baseName to better reflect the intented use case and the change in spec.
TBR: bmeurer@chromium.org
Bug: v8:7684
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I91b630b49ce73abcebd6040ec968c91d75cff879
Reviewed-on: https://chromium-review.googlesource.com/1014411
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53193}
ArrayBuffer memory allocated off-heap was previously tracked by a test-
only retained_size() field on each LocalArrayBufferTracker.
Changes in off-heap ArrayBuffer memory usage are now reported to the
Space with which the ArrayBuffer is associated, so that the value is
cheaply available to include in e.g. GC limit calculations, via a new
getter, ExternalBackingStoreBytes().
Changes to external ArrayBuffer backing-store allocations are tracked in
an AtomicNumber associated with each Space, to allow for ArrayBuffers
being concurrently moved or freed from multiple Pages in the same Space
during sweeps & compactions.
Bug: chromium:837583
Change-Id: I8b1b6addd5cd05533d8da55ca813e134bc36e181
Reviewed-on: https://chromium-review.googlesource.com/1052347
Commit-Queue: Wez <wez@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53192}
With the introduction of a jump table, call targets will not be
{WasmCode} objects any more. Instead, we just call any {Address}.
This CL does not change anything yet, but changes interfaces to accept
an {Address} instead of {WasmCode*}.
R=titzer@chromium.org
Bug: v8:7758
Change-Id: Id299738bb7cc6a1891e4a03d7f67c24cde6d1699
Reviewed-on: https://chromium-review.googlesource.com/1058793
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53191}
We were always using the instance we were currently building. If the
start function is an exported wasm function of another instance, use the
exporting instance instead.
R=titzer@chromium.org
Bug: chromium:843120
Change-Id: I141d272b947bef8e903be7208ddf6ce344e754c4
Reviewed-on: https://chromium-review.googlesource.com/1059620
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53190}
The (currently four, soon five) RelocIterator constructors contain
basically identical logic. Refactor that into a basic version that all
other constructors call.
Bug: v8:6666
Change-Id: Ice7b4891d5e539ff6fe63337fc52d480d85dc270
Reviewed-on: https://chromium-review.googlesource.com/1059109
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53189}
In particular:
* number of pointer fields
* number embedder fields
* number boxed fields
* number of unboxed double field
* number of raw data fields
Bug: v8:7703
Change-Id: I22a310d941317a0f34f67536e55fbfab5f5354cd
Reviewed-on: https://chromium-review.googlesource.com/1056532
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53188}
{ImportedFunctionEntry} offers two {set} methods: One takes a
{JSReceiver*}, the other one a {WasmInstanceObject*}. Since
{WasmInstanceObject} inherits from {JSReceiver}, it's quite easy to
confuse the two if the instance is hold as e.g. {JSObject}.
Hence, rename the methods to remove this ambiguity.
R=titzer@chromium.org
Bug: v8:7758
Change-Id: I06617a565faa561d3afc70085e0df3b528c715bb
Reviewed-on: https://chromium-review.googlesource.com/1059147
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53185}
The interpreter entry was sometimes referred to as "interpreter stub"
or "interpreter wrapper". Use the term "interpreter entry" consistently.
R=titzer@chromium.org
Bug: v8:7754
Change-Id: Ia06449c91300fca454c6afd5c82a789749d6b7d0
Reviewed-on: https://chromium-review.googlesource.com/1058794
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53184}
For generating the WasmCompileLazy builtin, we need to know the list of
parameter registers in wasm. Instead of duplicating this, just use the
existing array from wasm-linkage.h.
R=titzer@chromium.org
Change-Id: Ib552af7b6a3defbc9c8b48390244bf943306a4b7
Reviewed-on: https://chromium-review.googlesource.com/1057310
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53182}
Since `at` register is used a lot in macro-assembler-mips, change
usage of this register with `kScratchReg` and `kScratchReg2`.
Also, remove TODO comments for unaligned memory access, since there
is nothing that can be done about it.
Change-Id: Ibf55c04a1f53521f34dfb483294de3010a0120c6
Reviewed-on: https://chromium-review.googlesource.com/1059347
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#53181}
Moving asserts from helpers to the call sites, so the failure messages are more
helpful.
BUG=v8:7308
Change-Id: I1da491d408c2e2a1017b1d3fe484b7b3d877a2cf
Reviewed-on: https://chromium-review.googlesource.com/1058802
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53180}
This CL changes the generated C++ code for LabeledStatementBlocks to
only emit labels if they are used.
Prior to this CL, when a label was only used on one path of an
if constexpr expression, and not at all anywhere else,
the try/label construct would BIND a label that was not used,
causing a CSA verification error.
R=tebbi@chromium.org
Change-Id: Ia81a0cd081b84528c95bbdbdb98b9ab51928e13f
Reviewed-on: https://chromium-review.googlesource.com/1057247
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53173}
Splitting out hash table into a separate file in
b934607d4c caused a performance
regression.
This inlines GetHash and GetSimpleHash to fix the regression.
Bug: chromium:840694, v8:6443
Change-Id: I0466fa017a179ef2375cec4ddec8f04dfba75921
Reviewed-on: https://chromium-review.googlesource.com/1058446
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53170}
Port 5dfe23a40d
Original Commit Message:
When encountering a LoadStackPointer input to a comparison, generate a register
LocationOperand that points to the stack pointer. This can avoid unnecessary
spilling of the stack pointer.
R=georgia.kouveli@arm.com, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ie3fecf70f78c234fefad86fec74820a61f3d227b
Reviewed-on: https://chromium-review.googlesource.com/1057965
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#53167}
Implement atomic compare exchange and atomic bin OPs for
PPC and s390
Change-Id: I8f89a0ebb912082c4c1e6b9a3daf64f28c114010
Reviewed-on: https://chromium-review.googlesource.com/1013861
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#53165}
This makes the fact that {WasmSharedModuleData} is shared across
instances explicit by hanging this {shared} reference off the module
object instead of the instance-specific {WasmCompiledModule} object.
R=titzer@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I99bf3d855d6283bdc48373f0f8e2df1990905d3f
Reviewed-on: https://chromium-review.googlesource.com/1051909
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53163}
When encountering a LoadStackPointer input to a comparison, generate a register
LocationOperand that points to the stack pointer. This can avoid unnecessary
spilling of the stack pointer.
Change-Id: Ifd1a5aaf22c9c594e653cf4689ba46587811c4d0
Reviewed-on: https://chromium-review.googlesource.com/1055568
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53161}
This CL disables a DCHECK in RemoveArrayHoles that was triggered for
JSArrays that have read-only elements in the prototype chain.
The DCHECK is not removed because it will be re-enabled later when
the copying from the prototype chain (during sorting) will be done
for JSArrays as well.
R=cbruni@chromium.org
Bug: chromium:840855
Change-Id: Ia278bd2f060df094f477b4efbc3f5bdafd7ea7a8
Reviewed-on: https://chromium-review.googlesource.com/1057588
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53159}
Liftoff currently does not support all asm.js code, and tier-up does
not work with lazy compilation. Hence, disable Liftoff for asm.js in
general. We will look at this later, when we have better tier-up.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I00d9e27d861067b22c0738ade7070538ee8c919c
Reviewed-on: https://chromium-review.googlesource.com/1047245
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53158}
Instead of unconditionally copying the script name into a
heap-allocated char vector, use existing storage if possible. Also, try
to avoid materializing the script name for computing its length.
R=titzer@chromium.org
Change-Id: If0e8ac95ecbbb4e7463d9e4a4cdb5579270bcdaf
Reviewed-on: https://chromium-review.googlesource.com/1051230
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53157}
Minor performance optimization: A {WasmDecoder} instantiated with
{validate == false} does not need to check {decoder->ok()}.
R=titzer@chromium.org
Change-Id: Ieac8b18432453e1cfe9ee66a15a5e2145570436e
Reviewed-on: https://chromium-review.googlesource.com/1057567
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53156}
Now that {WasmCode} objects are no longer specific to an instance, it is
no longer needed to patch code when the last instance is finalized. The
code specialization in {WasmCompiledModule::Reset} is no longer needed.
R=clemensh@chromium.org
Change-Id: I430e7f7258d309916de1188d47677c7feb8123b0
Reviewed-on: https://chromium-review.googlesource.com/1057488
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53155}
A std::unique_ptr of array type uses the "delete[]" operator to delete
the memory, hence we should use "new[]" to allocate it.
I sometimes get this reported locally, even though I have
"alloc_dealloc_mismatch=0" in ASAN_OPTIONS. So why not just fix it.
R=marja@chromium.org
Bug: v8:7754
Change-Id: I026287a0e0ee4b9560c4fc7333267e738392b13f
Reviewed-on: https://chromium-review.googlesource.com/1057230
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53154}
The --trace-turbo flag would cause a crash when compiling a WASM_FUNCTION. It
was caused by assuming the OptimizedCompilationInfo had a SharedFunctionInfo
attached if the code isn't a stub and wasm functions are not considered as such.
In order to test this, we've added a new flag to specify were to dump JSON
files: --trace-turbo-path. This is used to make sure we do not leave lots of
files behind in the top-level directory. It should be useful as standalone
feature too.
Change-Id: Ia9442638d28100bea45a8683fb233803cc5393f2
Reviewed-on: https://chromium-review.googlesource.com/1030555
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53153}
The flag hash is used by code caching to recognize incompatible V8
configurations. When the flag hash differs, the cache is thrown out.
Code produced by embed/noembed builds is incompatible, and thus needs
to change the flag hash as well.
Bug: v8:6666, v8:7739
Change-Id: Icae8c6dc39b2eab491d28b2155f67103acf68181
Reviewed-on: https://chromium-review.googlesource.com/1057331
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53152}
This gets rid of the weakness hacks which were needed for remembering that maps
as handlers are weak, and other handles are strong.
BUG=v8:7308
Change-Id: I7fd3252ba67350803e2207dc12bbdf6abbae7e23
Reviewed-on: https://chromium-review.googlesource.com/1055449
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53151}
Module and script SharedFunctionInfos can't be used interchangeably
(e.g.: it should not be possible to bind a Module's SFI to a Context).
The dedicated type disambiguates the two.
This also adds an overload for CreateCodeCache which takes an unbound
module script instead of an unbound script. Both are just a SFI
underneath, so their behavior is identical.
Bug: v8:7685
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iab519d0d50b6b41c95abdb6397f5622e292da4d8
Reviewed-on: https://chromium-review.googlesource.com/1047107
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53150}
The clusterfuzz issue crashes because VisitBinops expected only but 4
input operands but in the generated graph 5 input operands get created
The issue is fixed by increasing the size of the input operand buffer.
R=jarin@chromium.org
Bug: chromium:842501
Change-Id: I4bbb09a968e165e6f5a0a02d06eee97333f7aa38
Reviewed-on: https://chromium-review.googlesource.com/1056989
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53147}
Makes all but one data member private instead of protected and replaces
all Space::heap_ accesses with Space::heap().
Also moves Executability down from Space into PagedSpace and remove all
references in SemiSpace since it's always initialized with
NOT_EXECUTABLE.
Bug: v8:7754
Change-Id: Ic03ce35a5f970b3c1e25b32da53e4c9717b2ee1e
Reviewed-on: https://chromium-review.googlesource.com/1055510
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53146}
Shares the feedback slot when loading / storing named properties
when the name of the property and the variable corresponding
to the object are the same. This reduces the memory usage on most
real world benchmarks. There is a slight (~1%) increase in the overall
time spent in V8 on a couple of these pages.
There is also no overall performance regression on peak-performance
benchmarks like Octane, ARES. More detailed results are in this doc[1]
[1]: https://docs.google.com/document/d/1rPNjXU-WOlyNQovuQS28Zf2PHCENR97Bi76gV9mHHOc/edit?usp=sharing
BUG: v8:7530
Change-Id: I7dd98c2d26f4e6c94690ca7d9a8a4a8281b3142d
Reviewed-on: https://chromium-review.googlesource.com/966302
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53145}
We must not accept something of kBit representation as of
kWord32 representation (unless it's truncated accordingly).
Deopt instead.
Bug: v8:7740
Change-Id: Ib4f73600d66f8762a6e22f7ea1ce79e8ef451b34
Reviewed-on: https://chromium-review.googlesource.com/1054670
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53144}
We accidentally always enabled retpolines for indirect calls in
https://crrev.com/c/1047385. This regresses performance and code size
unnecessarily if the --no-untrusted-code-mitigations flag is used.
R=titzer@chromium.org
Bug: chromium:840376, chromium:798964
Change-Id: I6bab130e33d0dafa1f547ebf7e7930a23c4eba20
Reviewed-on: https://chromium-review.googlesource.com/1057128
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53142}
LSan is not implemented on windows, and trying to use the
{__lsan_ignore_object} function gives link error.
Since LSan is never enabled on windows, we also don't need the
annotations, so just disable them on windows.
R=bmeurer@chromium.org
Bug: chromium:842166,v8:7738
Change-Id: Ibaed77b4b884c09c7a08e081d953c56c53f907ff
Reviewed-on: https://chromium-review.googlesource.com/1056990
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53141}
Change-Id: I37ed9115c099f3d17f23a26348a1bbf5f773ee32
Reviewed-on: https://chromium-review.googlesource.com/1056668
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#53136}
In the process, add a few simple tests for "constexpr" expressions, which
identified a few bugs that are also fixed in this CL.
Change-Id: I97486c781572642d2b574b92133b1f9cda3db592
Reviewed-on: https://chromium-review.googlesource.com/1055493
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53135}
