This uses a separate temporary zone for running the asm.js parser, which
can be discarded immediately after the parser finished validating one
module. It reduces the lifetime of all data-structures local to the
parser and only uses the compilation zone to hold the resulting module.
R=clemensh@chromium.org
Change-Id: I5f5a613e0abd24cd85a49ebd97f9ee7cee46b02a
Reviewed-on: https://chromium-review.googlesource.com/506733
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45377}
Super calls need to refer to .this_function, .new.target and this, and super
property references need to refer to .this_function and this, so that the
is_used for those variables will be set and they will be allocated correctly.
BUG=v8:5516
Change-Id: Idc58539fccad70c995e029051b59a67ea66bff91
Reviewed-on: https://chromium-review.googlesource.com/506094
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45376}
This CL refactors the module decoder so that it can process a list of
section buffers instead of one module buffer. This change is needed for
streaming compilation. Streaming compilation may require additional
changes.
This CL introduces the following interface to the module decoder:
StartDecoding -- starts the decoding
DecodeModuleHeader -- decodes the module header
DecodeSection -- decodes the section
FinishDecoding -- finishes the decoding and returns the WasmModule
Aside from the different interface the biggest change to the module
decoder is the introduction of a buffer_offset, which is the offset
of the current section buffer of the module decoder in the module bytes.
This buffer_offset is used to translate from section offsets to module
offsets and back.
Another nice change is that the module decoder does not have a zone
anymore. Instead the zone is stored directly in the WasmModule where
it belongs. Zone ownership is also more obvious now.
R=mtrofin@chromium.org, clemensh@chromium.org
Change-Id: I815d777ec380f4c617c39e828ea0c9746c0bae20
Reviewed-on: https://chromium-review.googlesource.com/505490
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45374}
AssembleCode will eventually be moved into ExecuteJob, i.e., off
the main thread.
Bug: v8:6048
Change-Id: If84ee2aaca6c8827cb769c7d69e5094fb4f32e4b
Reviewed-on: https://chromium-review.googlesource.com/506669
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45372}
Original CL description:
[compiler] Delay allocation of heap numbers for deoptimization literals.
... until after the main bulk of code generation, which will soon run on a
different thread.
Bug: v8:6048, chromium:722978
Change-Id: I690c0b009211a2bac60cf06f577720a914c21000
Reviewed-on: https://chromium-review.googlesource.com/507207
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45371}
AstNodeFactory used to get the Zone directly from AstValueFactory. But that's
generally the wrong Zone (the main Zone, instead of the temp Zone), and the
creator of AstNodeFactory had to call set_zone right after. By adding a Zone
param, we can pass the correct Zone right away.
Also made PreParserFactory have an AstNodeFactory, so that we don't need to
create temporary AstNodeFactories all the time.
Also removed AstNodeFactory::BodyScope since DiscardableZoneScope essentially
did the same thing already.
BUG=v8:5516,v8:6092
Change-Id: I189d2e6afe91c91e49d8ed7e3496a0d9c405e1c5
Reviewed-on: https://chromium-review.googlesource.com/507129
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45370}
This makes message reporting use the same message text for the normal
as well as --predictable execution. Running in predictable mode should
just suppress all asm.js messages wholesale if needed.
R=clemensh@chromium.org
Change-Id: Ice1e83c4b098fbc4c3b301c685614afe26190016
Reviewed-on: https://chromium-review.googlesource.com/506093
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45368}
Non-printable characters do not make sense.
Inputs with non balanced brackets are mostly useless as well.
This validation function makes the fuzzer 15-20x faster.
Also use -only_ascii=1 option of libFuzzer:
https://codereview.chromium.org/2875933003
BUG=chromium:584819
Review-Url: https://codereview.chromium.org/2881583002
Cr-Commit-Position: refs/heads/master@{#45367}
This reverts commit bb90a2e85d.
Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=722978
Original change's description:
> [compiler] Delay allocation of heap numbers for deoptimization literals.
>
> ... until after the main bulk of code generation, which will soon run on a
> different thread.
>
> R=jarin@chromium.org
>
> Bug: v8:6048
> Change-Id: I12aaaf2725e2422f588c29f50084eb77b56ad9a5
> Reviewed-on: https://chromium-review.googlesource.com/505616
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45340}
TBR=jarin@chromium.org,neis@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Bug: v8:6048
Change-Id: I161f175685c24dc59ee4e761ea6d00a235573e7a
Reviewed-on: https://chromium-review.googlesource.com/506021
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45366}
The underlying issue is that TF Nodes cannot handle input counts
outside the integer range. On an illegal br_table instruction, we
generated a switch node with a control output count >kMaxInt.
Operator::ControlOutputCount turned this into a negative integer later,
leading to a failing DCHECK.
Since such large numbers cannot occur in any valid wasm function anyway,
we just add an additional check to the br table count. There is already
a TODO in the code to change Operator::ControlOutputCount to size_t.
R=ahaas@chromium.org
BUG=chromium:722445
Change-Id: I1975072226e073dee6c8da3b9fa9a050a4695917
Reviewed-on: https://chromium-review.googlesource.com/505496
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45365}
The interpreter does not implement all asm.js specific opcodes. Thus
the combination of --validate-asm and --wasm-interpret-all might crash.
The interpreter does not need to execute asm.js modules, as they are
debugged by executing them in turbofan instead of the wasm interpreter.
This CL thus excludes asm.js modules from --wasm-interpret-all.
R=ahaas@chromium.org
BUG=chromium:719175
Change-Id: I14228ea11ee3ea8a229cfa6e4179338a442b6cca
Reviewed-on: https://chromium-review.googlesource.com/506160
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45364}
This encapsulates message reporting into separate functions independent
from the logic of asm.js compilation and instantiation. It is mostly
refactoring with a small fix to also report successful instantiation of
the "single function" case.
R=clemensh@chromium.org
Change-Id: I89c2d62707e891bf51c19945c4067195f41290a4
Reviewed-on: https://chromium-review.googlesource.com/506195
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45362}
Migrate the Object.keys builtin to the CodeStubAssembler and
use the enum cache backing store whenever it is available. This
gives a nice speedup of 1.5x to 2x when using Object.keys on fast-mode
objects that have (or can have) an enum cache.
R=cbruni@chromium.org
BUG=v8:5269,v8:6405
Review-Url: https://codereview.chromium.org/2853393002
Cr-Commit-Position: refs/heads/master@{#45361}
This brings clear separation to tasks vs isolate management.
BUG=none
Review-Url: https://codereview.chromium.org/2885253002
Cr-Commit-Position: refs/heads/master@{#45355}
By default we just break when we first time reach passed location, with current - we'll break at passed location only when it happens within the same stack frame.
BUG=v8:6397
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2879923003
Cr-Commit-Position: refs/heads/master@{#45354}
Adds a generic job that is based on items and tasks.
Bug: chromium:651354
Change-Id: I378e04741c5761ea6c4a74816b9af8ea22867f53
Reviewed-on: https://chromium-review.googlesource.com/506075
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45353}
This will make it easier to create more connections/context groups.
BUG=none
Review-Url: https://codereview.chromium.org/2886903003
Cr-Commit-Position: refs/heads/master@{#45352}
No need to return an empty map. Return a JSObject instead.
Bug: v8:5933
Change-Id: I9fb727c5e1920ba94fd3d5e7ef2a7d9d602f56d8
Reviewed-on: https://chromium-review.googlesource.com/506194
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45350}
So continue to location can be called only for one context group id at the same time.
BUG=v8:6397
Review-Url: https://codereview.chromium.org/2882213004
Cr-Commit-Position: refs/heads/master@{#45349}
Generate the code (extra runtime calls) for --trace-ignition support at
compile time, based on a #define (similar to TRACE_MAPS). Then check for
--trace-ignition at run-time when deciding whether to actually print
anything. This should make --trace-ignition less painful to use.
Note that --trace-igition is disabled by default, even on debug builds.
It has to be enabled with the gn arg "v8_enable_trace_ignition=true"
As a drive-by, TRACE_MAPS is renamed to V8_TRACE_MAPS, for consistency,
and SFI unique index (needed both by --trace-ignition and --trace-maps)
is cleaned up to be behind another #define.
Change-Id: I8dd0c62d0e6b7ee9c75541d45eb729dc03acbee9
Reviewed-on: https://chromium-review.googlesource.com/506203
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45346}
Since deferred return/async return/rethrow commands don't have an associated
statement, we can reuse their entries in the deferred command list.
Bug: v8:4280
Bug: v8:6218
Change-Id: Ic51fb735d4ea13ebea1d5e456ec5689c0d98a4ac
Reviewed-on: https://chromium-review.googlesource.com/506077
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45344}
R=adamk@chromium.org
Bug:
Change-Id: I47087c6a15beceb7084079dcf644de7e9ede772c
Reviewed-on: https://chromium-review.googlesource.com/505620
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45342}
... until after the main bulk of code generation, which will soon run on a
different thread.
R=jarin@chromium.org
Bug: v8:6048
Change-Id: I12aaaf2725e2422f588c29f50084eb77b56ad9a5
Reviewed-on: https://chromium-review.googlesource.com/505616
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45340}
Reland d8bfdb7a99
Original commit message:
If alignment parameter is set, the memory returned by the
StackSlot operator will be aligned according to the parameter.
The implementation goes like this. If alignment parameter is set
we allocate a bit more memory than actually needed and so we
can move the beginning of the StackSlot in order to have it aligned.
BUG=
Review-Url: https://codereview.chromium.org/2874713003
Cr-Commit-Position: refs/heads/master@{#45339}
JSFunctions should no longer be materialized on deopt, and the code doing
the materialization doesn't keep track of clearing the optimized code slot
if the function is marked for deopt, so just remove it.
BUG=chromium:718891
Change-Id: I8a1abfd2a1b810017c06fa6f889a85b428cb9dbd
Reviewed-on: https://chromium-review.googlesource.com/498628
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45338}
Unify, simplify logic, reduce UTF8 specific handling.
Intend of this is also to have stream views.
Stream views can be used concurrently by multiple threads, but
only one thread may fetch new data from the underlying source.
This together with unified stream view creation is intended to be
used for parse tasks.
BUG=v8:6093
Change-Id: Ied8e93090c506d4735080298f0fdaeed32043915
Reviewed-on: https://chromium-review.googlesource.com/501789
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45336}
This is in preparation for running code generation off the main thread.
Bug: v8:6048
Change-Id: Ic1ddcbbb8995d49dfcef1ffbf135117291a00ea7
Reviewed-on: https://chromium-review.googlesource.com/505513
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45334}
... by only looking at the handle.
This is in preparation for running code generation off the main thread.
Bug: v8:6048
Change-Id: I19b105c13278a2821a0b2395033e54abf5552a43
Reviewed-on: https://chromium-review.googlesource.com/506190
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45333}
When most elements of an object are deleted, we want to normalize its
elements backing store to a dictionary in order to save space. Finding
the right time to do so should not incur a linear cost on each delete
operation. This patch changes the heuristic to an amortized-constant
approach based on a global counter and the current backing store
capacity.
BUG=chromium:542978
Change-Id: Ifdf29ab2211fdde1df9078f63be4118627d6a67e
Reviewed-on: https://chromium-review.googlesource.com/506191
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45330}
