This makes sure we perform a proper holder lookup when trying to inline
API accessors calls in TurboFan. Inlining is completely disabled in case
the holder is not found, otherwise the appropriate holder is passed via
the {PropertyAccessInfo} structure (if different from the receiver).
R=bmeurer@chromium.org
TEST=cctest/test-api/ReceiverSignature
BUG=chromium:752149
Change-Id: I7b192724afd99d651b6477b2f2c8b403a10efb9d
Reviewed-on: https://chromium-review.googlesource.com/603615
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47216}
This reverts commit 1dfaec2647.
Reason for revert: Does not fix the performance regression, see bug.
Original change's description:
> Partial revert of "Remove ~MaybeHandle and statically assert that handles are trivially copyable"
>
> Reason: cause Blink regression on Android
>
> Original CL: https://chromium-review.googlesource.com/c/538463/
>
> Bug: chromium:735910
> Change-Id: I405e71f6ffeaf9fa467036a6fafa0271a60de9d3
> Reviewed-on: https://chromium-review.googlesource.com/593247
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Loo Rong Jie <loorongjie@gmail.com>
> Cr-Commit-Position: refs/heads/master@{#46995}
R=yangguo@chromium.org,loorongjie@gmail.com,jbroman@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:735910
Change-Id: I65eecd575fb1b77471c6dd83a01df6c4e8a85214
Reviewed-on: https://chromium-review.googlesource.com/603797
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47213}
Another pure refactoring CL. This extracts methods used only by Deserializer
subclasses.
Bug: v8:6624
Change-Id: Ib4dd7cdc591dff217e282e68a490c8c7129b9c96
Reviewed-on: https://chromium-review.googlesource.com/602188
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47211}
Change the CALL_IC machinery inside of Ignition to collect new.target
feedback for Construct and ConstructWithSpread bytecodes instead of
collecting feedback about the target, and adapt TurboFan's JSCallReducer
to consume feedback for new.target instead of target on JSConstruct
nodes.
This enables TurboFan to inline JSCreate - and thus the actual instance
allocation - into derived leaf constructors even if the leaf constructor
itself is not inlined, and thereby removes this weird performance cliff.
The feedback for target in case of class constructors is provided by
the function context specialization, and in case of `new A`, we can
just use the feedback for new.target, as both target and new.target are
A in that case.
Bug: v8:5517, v8:6399, v8:6679
Change-Id: I0475e2500e787fd672ed037ac0faed78a8fa5dc0
Reviewed-on: https://chromium-review.googlesource.com/604790
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47210}
This code appears to have been wrong forever, as it only
threw in strict mode (presumably predating ES2015 const).
In order to get exactly the right behavior, special
handling of sloppy named function expressions is required.
Rather than polluting PropertyAttributes with another
dummy value, this CL simply adds a bool output argument
to Context::Lookup to indicate that case.
Bug: v8:6677
Change-Id: I34daa5080d291808f10cbaefc91d716f0b22963b
Reviewed-on: https://chromium-review.googlesource.com/602690
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47207}
The ConstructFunctionForwardVarargs and ConstructForwardVarargs
builtins, which are used when inlining the Reflect.construct
builtin into TurboFan optimized code, didn't properly check the
new.target parameter whether it's a constructor.
Bug: chromium:752481
Change-Id: I9b8f8c429d6eaed0ff8d27fc3f6b52eb906766a2
Reviewed-on: https://chromium-review.googlesource.com/604187
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47206}
This is part of the effort to consolidate the ownership of
wasm instantiation/specialization parameters.
This change is focused solely on the interpreter part of that effort, to
verify we're not regressing performance in interpreter benchmarks.
There are two aspects being addressed:
- dataflow-wise, we always fetch the interpreter's memory view from the
runtime objects (i.e. WasmInstanceObject/WasmCompiledModule). This is
consistent with how other instance-specific information is obtained
(e.g. code, indirect functions).
- representation-wise, we do not reuse ModuleEnv/WasmInstance just for
the memory view, because it is surprising that other instance info isn't
accessed from there.
Bug:
Change-Id: I536fbffd8e1f142a315fa1770ba9b08319f56a8e
Reviewed-on: https://chromium-review.googlesource.com/602083
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47205}
The code accidentally jumped over the actual left-shift part when the
head of the array was the hole.
Bug: chromium:752722
Change-Id: I300a3ebcfafb07d6ecebc01fa57c66eb26f349ac
Reviewed-on: https://chromium-review.googlesource.com/603717
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47204}
Currently only A test operators had output, but since ABReducer and BCReducer
perform in-place replacement of A nodes into B nodes, and then sometimes into
C nodes, we need B and C nodes to have as many outputs. Otherwise, we run into
a situation where a node {x} has a use {y}, but its operators has 0 outputs,
which is inconsistent.
Bug:
Change-Id: I0f73b83d2115dfeda3c9cbc97b9a2fc168f4c31b
Reviewed-on: https://chromium-review.googlesource.com/603716
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alexandre Talon <alexandret@google.com>
Cr-Commit-Position: refs/heads/master@{#47202}
This reverts commit 15ef03cbf3.
Reason for revert: Found the following bugs
Bug: chromium:752846, chromium:752712, chromium:752850
Original change's description:
> Reland "[builtins] Port getting property from Proxy to CSA"
>
> This reland is after fix in [heap] Delete wrong DCHECK.
> It includes moving ProxyGetProperty to its own stub to reduce
> binary size.
>
> This is a reland of 47a97aa53b
> Original change's description:
> > [builtins] Port getting property from Proxy to CSA
> >
> > Bug: v8:6559, v8:6557
> > Change-Id: If6c51f5483adb73ddd2495cede5d85e887a3c298
> > Reviewed-on: https://chromium-review.googlesource.com/589212
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Commit-Queue: Maya Lekova <mslekova@google.com>
> > Cr-Commit-Position: refs/heads/master@{#47113}
>
> Bug: v8:6559, v8:6557
> Change-Id: I76acd97ba1acb62b7e7983db1741441d997050f0
> Reviewed-on: https://chromium-review.googlesource.com/600215
> Commit-Queue: Maya Lekova <mslekova@google.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47159}
TBR=jkummerow@chromium.org,mstarzinger@chromium.org,franzih@chromium.org,jgruber@chromium.org,ishell@chromium.org,bmeurer@chromium.org,mslekova@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I51bef25a031b02cf4deab11282473acae57f1ed3
Reviewed-on: https://chromium-review.googlesource.com/603708
Commit-Queue: Maya Lekova <mslekova@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47200}
Refactors CompileUnoptimizedCode to do all the finalization for both
inner and the outermost function after having prepared and executed their
compile jobs. This will enable the function to be split into an off-thread
phase and a finalization main thread phase.
BUG=v8:5203
Change-Id: I400933c27b7aa52f9a7318b721adecfc94c80981
Reviewed-on: https://chromium-review.googlesource.com/602236
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47199}
Moves creation of the CompilationInfo for unoptimized compilation into the
respective CompilationJobs for Igntition, Fullcode and asm.js. This unifies
the behaviour with respect to the optimized compilation jobs, and enables the
CompileInfo to be owned by the CompilationJob.
As part of this change, we no longer build new dummy ParseInfos for eager inner
functions, instead using just the single outer ParseInfo created during the
actual parsing.
BUG=v8:5203
Change-Id: I6813758dfc5eeff44f5a40bf621184e330593bf9
Reviewed-on: https://chromium-review.googlesource.com/601990
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47198}
Drop the deprecated CallConstructStub and remove the use of CallICStub
from fullcodegen, since that feedback is unused completely every since
Crankshaft got removed, thus we can safely unlink all the CallIC stuff
from fullcodegen nowadays, and completely nuke the CallICStub and the
CallICTrampolineStub now (we can also transitively nuke the unused
CreateAllocationSiteStub and CreateWeakCellStub).
Instead the CallIC logic is integrated into Ignition now, and part of
the bytecode handlers for [[Call]] and [[Construct]]. There's still some
follow-up cleanup with the way the Array constructor feedback is
integrated, but that's way easier now.
Bug: v8:5517, v8:6399, v8:6409, v8:6679
Change-Id: I0a6c6046faceca9b1606577bc9e63d9295e44619
Reviewed-on: https://chromium-review.googlesource.com/603609
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47196}
The interpreter was not able to call imported wasm functions (hitting
UNIMPLEMENTED). This CL fixes this by creating a "CWasmEntry", which is
signature-specific. It has JS linkage and receives the wasm code object
to call and a buffer containing all arguments (similar to the
interpreter entry). It loads all arguments from the buffer and calls the
given code object.
The c-wasm-entry code objects are cached per instance, such that we
only create them once per signature.
These wasm entry stubs will also allow us to call back to compiled code
from the interpreter, which we might want to do to reduce the slowdown
of executing wasm for debugging.
R=titzer@chromium.org
Bug: chromium:735792
Change-Id: I7fecec3a7bec62a9de40fff115b684759b12a28b
Reviewed-on: https://chromium-review.googlesource.com/600308
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47195}
As of https://chromium-review.googlesource.com/600968 the CallIC no
longer supports AllocationSite feedback for [[Call]], so we can drop
the TurboFan bits that deal with AllocationSites for JSCall nodes as
well. This further simplifies the handling of the Array constructor.
Drive-by-fix: Rename Builtins::kArrayCode to Builtins::kArrayConstructor
for sake of consistency.
Bug: v8:6399
Change-Id: I9e6a684fc00dd72e25f925db5f407c3f3f715873
Reviewed-on: https://chromium-review.googlesource.com/602354
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47194}
This reverts commit 6c541561ef.
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/17240
Original change's description:
> [ic] Properly integrate the CallIC into Ignition.
>
> Drop the deprecated CallConstructStub and remove the use of CallICStub
> from fullcodegen, since that feedback is unused completely every since
> Crankshaft got removed, thus we can safely unlink all the CallIC stuff
> from fullcodegen nowadays, and completely nuke the CallICStub and the
> CallICTrampolineStub now (we can also transitively nuke the unused
> CreateAllocationSiteStub and CreateWeakCellStub).
>
> Instead the CallIC logic is integrated into Ignition now, and part of
> the bytecode handlers for [[Call]] and [[Construct]]. There's still some
> follow-up cleanup with the way the Array constructor feedback is
> integrated, but that's way easier now.
>
> Bug: v8:5517, v8:6399, v8:6409, v8:6679
> Change-Id: Ia0efc6145ee64633757a6c3fd1879d4906ea2835
> Reviewed-on: https://chromium-review.googlesource.com/602134
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47192}
TBR=rmcilroy@chromium.org,yangguo@chromium.org,bmeurer@chromium.org
Change-Id: I416ce6646f62ceb4127b3acee43912ee0d701c23
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5517, v8:6399, v8:6409, v8:6679
Reviewed-on: https://chromium-review.googlesource.com/603647
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47193}
Drop the deprecated CallConstructStub and remove the use of CallICStub
from fullcodegen, since that feedback is unused completely every since
Crankshaft got removed, thus we can safely unlink all the CallIC stuff
from fullcodegen nowadays, and completely nuke the CallICStub and the
CallICTrampolineStub now (we can also transitively nuke the unused
CreateAllocationSiteStub and CreateWeakCellStub).
Instead the CallIC logic is integrated into Ignition now, and part of
the bytecode handlers for [[Call]] and [[Construct]]. There's still some
follow-up cleanup with the way the Array constructor feedback is
integrated, but that's way easier now.
Bug: v8:5517, v8:6399, v8:6409, v8:6679
Change-Id: Ia0efc6145ee64633757a6c3fd1879d4906ea2835
Reviewed-on: https://chromium-review.googlesource.com/602134
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47192}
I want to reuse the PassType helper in another CL, thus move it from
logging.h to template-utils.h, and rename it to pass_value_or_ref to
match other helpers there.
Also, add a boolean template parameter to declare whether array
dimensions should be removed. The default is to do so, which helps to
reduce the number of template instantiations by always passing arrays
as pointers.
Also, fix the usages in logging.h to actually use that helper when
instantiating other template functions. This will reduce the number of
instantiations.
And finally, we now have unit tests for the template utils, to document
what we expect, and test that this works on all architectures.
R=ishell@chromium.org, tebbi@chromium.org
Change-Id: I1ef5d2a489a5cfc7601c5ab13748674e3aa86cd6
Reviewed-on: https://chromium-review.googlesource.com/594247
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47191}
The debugger replaces the bytecode array when breakpoints are set
by walking the stack and mutating the dedicated stack slots for the
bytecode arrays. This means that Ignition has to properly reload the
bytecode array after calls, which works for a single call inside a
bytecode handler, but fails if there are multiple calls.
R=rmcilroy@chromium.org
Change-Id: Ia7744edc91490014d77ad9ad17a328cab5f8530f
Reviewed-on: https://chromium-review.googlesource.com/603410
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47190}
The ThrowIllegalInvocation runtime function is not used anywhere.
Bug:
Change-Id: I1bb5386e917f0a4ff787a071cef5e13a3f85ee30
Reviewed-on: https://chromium-review.googlesource.com/600230
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47185}
This patch makes the check lock-free. When concurrent marking is on,
the main thread checks two marking worklist: bailout and shared.
Often the bailout worklist empty, so the emptiness check is in hot path.
Bug: chromium:694255
TBR: mlippautz@chromium.org
Change-Id: I5c92ea3fb6c5300d653fbd27b536241851231f24
Reviewed-on: https://chromium-review.googlesource.com/602351
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47184}
If the subject string is a string, it's pointer-equal to the search
string, and position <= 0, then we can simply return 0 and skip
all other logic in String.p.indexOf.
Further context at:
https://twitter.com/hashseed/status/893539117367271425
Bug:
Change-Id: I93ce724f0ade6332599ba395fe8c662a28f05ade
Reviewed-on: https://chromium-review.googlesource.com/602214
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47183}
This patch allows the concurrent marker to process more objects before
checking for the interrupt request from the main thread.
Bug: chromium:694255
TBR: mlippautz@chromium.org
Change-Id: I876d3156ca9843196f2fdddbd8bd28d1a3f472b1
Reviewed-on: https://chromium-review.googlesource.com/602131
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47182}
Move unnecessarily public methods from frames.h into .cc file.
Remove dead StackFrame::SetCallerFp().
R=mstarzinger@chromium.org
Bug:
Change-Id: I7b66a430cfb01bb38046c9e92f504134ba8316a3
Reviewed-on: https://chromium-review.googlesource.com/602271
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47181}
This reverts commit 25f03308a7.
Reason for revert: Fix the cause of bot failure and reland
Original change's description:
> Revert "[wasm] redirect wasm calls to js functions through a GCed table"
>
> This reverts commit eb65f35e96.
>
> Reason for revert: Broke jetstream benchmark on android.
>
> BUG=chromium:750828
>
> Original change's description:
> > [wasm] redirect wasm calls to js functions through a GCed table
> >
> > With this patch, rather than embedding the JSReceiver address directly
> > in the WasmToJS wrappers, we put that in a fixed array with global handle
> > scope and instead embed the location of the handle and the index in the
> > wrapper. This ensures that the wrapper doesn't need to be patched if the
> > GC kicks in. This is needed to get the WASM code off the GCed heap.
> >
> > R=mtrofin@chromium.org
> >
> > Bug:
> > Change-Id: Ie5a77a78cdecec51b04f702c63b8e4285e6a2d8d
> > Reviewed-on: https://chromium-review.googlesource.com/581682
> > Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> > Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#46884}
>
> TBR=mtrofin@chromium.org,aseemgarg@google.com,aseemgarg@chromium.org,clemensh@chromium.org
>
> # Not skipping CQ checks because original CL landed > 1 day ago.
>
> Change-Id: I26f49ee0a1fe73cc5d8852ded87b56638be39ebf
> Reviewed-on: https://chromium-review.googlesource.com/596268
> Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47059}
R=mtrofin@chromium.org,aseemgarg@google.com,aseemgarg@chromium.org,clemensh@chromium.org,sullivan@chromium.org
Change-Id: I29ef35f6e612a706d9f571da3e7beb1da8b5052b
Bug: chromium:750828
Reviewed-on: https://chromium-review.googlesource.com/597010
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47177}
This reverts commit bec2b4d267.
Reason for revert: NewArrayOOM fails.
Original change's description:
> [Memory] Experiment to try using regular version of 'new T[]'.
>
> - Use normal new, vs. nothrow new.
> - Modify NewArray to have only 1 invocation of new.
>
> Bug: chromium:752056
> Change-Id: I1a2fb3626264b1bf647af9227d55e9b54e44e8b6
> Reviewed-on: https://chromium-review.googlesource.com/600895
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47173}
TBR=bbudge@chromium.org,mlippautz@chromium.org
Change-Id: I881f3b75209714d11d93fae6268171ffa9cc47a1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:752056
Reviewed-on: https://chromium-review.googlesource.com/602847
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47174}
- Use normal new, vs. nothrow new.
- Modify NewArray to have only 1 invocation of new.
Bug: chromium:752056
Change-Id: I1a2fb3626264b1bf647af9227d55e9b54e44e8b6
Reviewed-on: https://chromium-review.googlesource.com/600895
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47173}
This was suggested by bmeurer after running into the confusing
example of:
x => {x:x}
which might appear to be an arrow function that returns an object
literal containing its argument, but instead is an arrow function
that does nothing.
While it's unclear whether the language would change to make this
probable programmer error an actual syntax error, we can at least
gather some data on the question of whether we see any such code
in the wild.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I08202039ecf7a7a4c71ad95ecd839436b4ec2af8
Reviewed-on: https://chromium-review.googlesource.com/600888
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47171}
In some cases, PreParser cannot replicate the Scope structure created by
Parser. It happens esp. with arrow function parameters, since the relevant
information is already lost by the time we figure out it's an arrow function.
In these cases, PreParser should bail out of trying to create data for skipping
inner functions.
Implementation notes:
- The arrow function case is more fundamental; the non-arrow case could be
hacked together somehow if we implemented tracking is_simple for each param
separately; but now that it's possible to bail out consistently from both
cases, I don't think the is_simple complication is worth it.
- The added mjsunit test cases are based on the test262 test cases which exposed
the problem.
- cctest/preparser/PreParserScopeAnalysis was exercising similar cases, but the
problem didn't show up because the function parameters didn't contain
skippable functions. Those test cases have been repurposed for testing the
bailout.
- Extra precaution: the bailout tests are in a separate file, to guard from the
bug that a bailout case results in bailing out of *all* data creation, which
would make all skipping tests in the same file useless.
BUG=v8:5516
Change-Id: I4324749a5ec602fa5d7dc27647ade0284a6842fe
Reviewed-on: https://chromium-review.googlesource.com/599849
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47170}
This patch removes a few unnecessary bits of async function
parsing (the PrepareAsyncFunctionBody() helper method, the
FunctionBodyType enum) by doing separate handling of
block and single-expression async arrow functions.
Change-Id: I64f837635a23eaf06d42887ca7f9ac59c768f0f2
Reviewed-on: https://chromium-review.googlesource.com/601247
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47169}
This CL moves the recording of the number of functions in a Wasm
module to the size read in the "functions" section of the module. The
advantage is that all modules read this section once, making it a good
target for collecting the data.
The previous code was also broken because in one code path, it did not
distinguish between asm.js and Wasm modules.
Bug: v8:6361
Change-Id: I6c49e91975c1730608e791036d15622d538bce77
Reviewed-on: https://chromium-review.googlesource.com/600837
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47168}
