The inspector cannot deal with breaking inside of debug-evaluate.
There is therefore no point in supporting that in the debugger.
The optional additional context parameter for debug-evaluate also
can be removed since it's not being used.
R=jgruber@chromium.org
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2580323002
Cr-Commit-Position: refs/heads/master@{#41791}
This is so that a NotSuperConstructor error is thrown before evaluating the
arguments to the super constructor. Besides updating the runtime function, a
new bytecode GetSuperConstructor is introduced.
BUG=v8:5336
Review-Url: https://codereview.chromium.org/2504553003
Cr-Commit-Position: refs/heads/master@{#41788}
This adds kInit, kResolve, kBefore and kAfter lifecycle hooks to promises.
This also exposes an API to set the PromiseHook.
BUG=v8:4643
Review-Url: https://codereview.chromium.org/2575313002
Cr-Commit-Position: refs/heads/master@{#41775}
Transform LdaNull/LdaUndefined followed by StrictEquality to TestNull/TestUndefined.
This would avoid a call to the compare IC. In the bytecode-graph builder these are
mapped to StrictEqual javascript operator. When reducing this operator, we already
optimize the cases for null/undefined.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2554723004
Cr-Commit-Position: refs/heads/master@{#41768}
Many websites use simple calls to String.prototype.indexOf with either a
one character ASCII needle or needles bigger than the search string. This
CL adds a TFJ builtin for these simple cases, giving up to factor 5 speedup.
Drive-by-fix: Add default Object type to Arguments.at
BUG=
Review-Url: https://codereview.chromium.org/2539093002
Cr-Commit-Position: refs/heads/master@{#41760}
If a context snapshot includes the global proxy constructor function, we
expect the incoming global proxy to have the correct instance size so
that we can reinitialize it with said constructor. However, when the
bootstrapper allocates a new global proxy, we need to know the expected
size.
We solve this by storing the size on the to-be-serialized isolate.
R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892
Review-Url: https://codereview.chromium.org/2585693002
Cr-Commit-Position: refs/heads/master@{#41756}
This introduces an explicit struct for the communication channel between
the {ArrayLiteral} AST node and the corresponding runtime methods. Those
methods take a pair of {ElementsKind} as well as an array (can either be
a FixedArray or a FixedDoubleArray) of constant values.
For bonus points it also reduces the size of the involved heap object by
one word (i.e. length field of FixedArray not needed anymore).
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2581683003
Cr-Commit-Position: refs/heads/master@{#41752}
The WasmRunner now always holds a TestingModule, and allows to add
several functions to it. The prepares a change to always run wasm code
with a full module behind it, removing the special handling for "no wasm
instance" at runtime (http://crrev.com/2551053002).
This CL here also templatizes the WasmRunner such that the Call method must
be called with the same signature specified for the WasmRunner. This
already catched several mismatches there.
R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2551043002
Cr-Original-Commit-Position: refs/heads/master@{#41728}
Committed: 2ff5906231
Review-Url: https://codereview.chromium.org/2551043002
Cr-Commit-Position: refs/heads/master@{#41747}
Reason for revert:
Win64 dbg failures
Original issue's description:
> [wasm] Make WasmRunner the central test structure
>
> The WasmRunner now always holds a TestingModule, and allows to add
> several functions to it. The prepares a change to always run wasm code
> with a full module behind it, removing the special handling for "no wasm
> instance" at runtime (http://crrev.com/2551053002).
> This CL here also templatizes the WasmRunner such that the Call method must
> be called with the same signature specified for the WasmRunner. This
> already catched several mismatches there.
>
> R=titzer@chromium.org, ahaas@chromium.org
> BUG=v8:5620
>
> Review-Url: https://codereview.chromium.org/2551043002
> Cr-Commit-Position: refs/heads/master@{#41728}
> Committed: 2ff5906231TBR=ahaas@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2583543002
Cr-Commit-Position: refs/heads/master@{#41732}
Instead of unconditionally setting maybe_assigned for parameters, treat
parameters like other variables except that at the end we set maybe_assigned if
the function has a sloppy arguments object.
R=adamk@chromium.org, mstarzinger@chromium.org
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2578103002
Cr-Commit-Position: refs/heads/master@{#41731}
The WasmRunner now always holds a TestingModule, and allows to add
several functions to it. The prepares a change to always run wasm code
with a full module behind it, removing the special handling for "no wasm
instance" at runtime (http://crrev.com/2551053002).
This CL here also templatizes the WasmRunner such that the Call method must
be called with the same signature specified for the WasmRunner. This
already catched several mismatches there.
R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2551043002
Cr-Commit-Position: refs/heads/master@{#41728}
If an accessor property is non-configurable, one should not be able
to re-declare it as a function. This specifically applies to special properties like window.location.
BUG=chromium:670596
Review-Url: https://codereview.chromium.org/2582493002
Cr-Commit-Position: refs/heads/master@{#41725}
Some instructions in WebAssembly trap for some inputs, which means that the
execution is terminated and (at least at the moment) a JavaScript exception is
thrown. Examples for traps are out-of-bounds memory accesses, or integer
divisions by zero.
Without the TrapIf and TrapUnless operators trap check in WebAssembly introduces 5
TurboFan nodes (branch, if_true, if_false, trap-reason constant, trap-position
constant), in addition to the trap condition itself. Additionally, each
WebAssembly function has four TurboFan nodes (merge, effect_phi, 2 phis) whose
number of inputs is linear to the number of trap checks in the function.
Especially for functions with high numbers of trap checks we observe a
significant slowdown in compilation time, down to 0.22 MiB/s in the sqlite
benchmark instead of the average of 3 MiB/s in other benchmarks. By introducing
a TrapIf common operator only a single node is necessary per trap check, in
addition to the trap condition. Also the nodes which are shared between trap
checks (merge, effect_phi, 2 phis) would disappear. First measurements suggest a
speedup of 30-50% on average.
This CL only implements TrapIf and TrapUnless on x64. The implementation is also
hidden behind the --wasm-trap-if flag.
Please take a special look at how the source position is transfered from the
instruction selector to the code generator, and at the context that is used for
the runtime call.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2562393002
Cr-Commit-Position: refs/heads/master@{#41720}
MIPS[64]R6 supports only fusion multiply-accumulate instructions, and using
these causes failures of several tests that expect exact floating-point
results. Therefore we disable fusion multiply-accumulate in both emitted and
compiled code on R6.
TEST=cctest/test-run-machops/RunFloat64MulAndFloat64Add1,mjsunit/es6/math-expm1.js
mjsunit/es6/math-fround.js,mjsunit/compiler/multiply-add.js
BUG=
Review-Url: https://codereview.chromium.org/2569683002
Cr-Commit-Position: refs/heads/master@{#41717}
Allocate the registers used as arguments to a call on-demand after visiting the
argument (or reciever). This means that the visited expression can use registers
that would otherwise have been allocated for arguments which haven't been
visited yet.
The reason for doing this is to avoid keeping things live in registers
unecessarily for chained function calls, which avoids a memory leak for
functions which chain a large number of calls with large temporary arguments /
recievers.
BUG=chromium:672027
Review-Url: https://codereview.chromium.org/2557173004
Cr-Commit-Position: refs/heads/master@{#41714}
Reason for revert:
LiveEdit is broken in some cases.
Original issue's description:
> Store SharedFunctionInfos of a Script in a FixedArray indexed by their ID
>
> Now that SharedFunctionInfos have a unique ID (and the IDs are dense),
> we can use them as an index into an array, instead of using a
> WeakFixedArray where we have to do a linear scan.
>
> Hooking up liveedit is a bit more involved, see
> https://docs.google.com/presentation/d/1FtNa3U7WsF5bPhY9uGoJG5Y9hnz5VBDabfOWpb4unWI/edit
> for an overview
>
> BUG=v8:5589
> R=verwaest@chromium.org,jgruber@chromium.org
>
> Committed: https://crrev.com/6595e7405769dc9d49e9568d61485efc6d468baf
> Cr-Commit-Position: refs/heads/master@{#41600}
TBR=jgruber@chromium.org,verwaest@chromium.org,yangguo@chromium.org,jochen@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5589,chromium:673950
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2578433002
Cr-Commit-Position: refs/heads/master@{#41684}
The assignment in default parameters (e.g., function foo(a = somedefault) { }
doesn't flow through PreParserFactory::NewAssignment even if the comment claims so.
Thus, piping through the variables is not needed.
Kudos to neis@ for pointing this out.
BUG=v8:5501
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2569983003
Cr-Commit-Position: refs/heads/master@{#41670}
Reason for revert:
Still flakes on ARM.
Original issue's description:
> [deoptimizer] Enable test that should no longer fail.
>
> R=jarin@chromium.org
> TEST=cctest/test-cpu-profiler/CollectDeoptEvents
>
> Committed: https://crrev.com/3f9c2c590d687562d6adb531d1159738c07013f4
> Cr-Commit-Position: refs/heads/master@{#41664}
TBR=jarin@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2568403003
Cr-Commit-Position: refs/heads/master@{#41667}
Generalize Messages to include an error level.
Add a parameter to AddMessageHandler to select which error levels to receive, using a mask (default being just errors, i.e. the current behavior).
BUG=v8:4203
R=dgozman@chromium.org,machenbach@chromium.org,danno@chromium.org,bmeurer@chromium.org,jochen@chromium.org
Review-Url: https://codereview.chromium.org/2526703002
Cr-Commit-Position: refs/heads/master@{#41648}
The evaluation order of this argument was accidentally changed when the
special-case was added for super calls with a final spread argument.
Review-Url: https://codereview.chromium.org/2563423002
Cr-Commit-Position: refs/heads/master@{#41633}
This fixes the corner-case where the method in question failed to lookup
the very last deoptimization bailout without subsequent entries within
the relocation info. Also enable a test covering this.
R=tebbi@chromium.org
TEST=cctest/test-cpu-profiler/CollectDeoptEvents
Review-Url: https://codereview.chromium.org/2565733002
Cr-Commit-Position: refs/heads/master@{#41623}
In the asm.js code translated to wasm, we call imported functions via a
WASM_TO_JS stub, which first calls the function and then calls ToNumber
on the return value. Exceptions can happen in both calls.
We were only ever reporting the location of the function call, whereas
asm.js code executed via turbofan reported the location of the type
coercion operator ("+" on "+foo()" or "|" on "foo()|0").
This CL implements the same behaviour for asm.js code translated to
wasm. The following is changed:
- the AsmWasmBuilder records the parent node when descending on a binary
operator (also "+foo()" is represented by a binary operation).
- it stores not one location per call in the source position side
table, but two (one for the call, one for the parent which does the
type coercion).
- the wasm compiler annotates the source positions "0" and "1" to the
two calls in the WASM_TO_JS wrapper (only if the module origin is
asm.js).
- the StackFrame::State struct now also holds the callee_pc_address,
which is set in ComputeCallerState. The WASM frame uses this
information to determine whether the callee frame is WASM_TO_JS, and
whether that frame is at the ToNumber conversion call.
- the same information is also stored in the FrameArray which is used
to reconstruct the stack trace later.
R=titzer@chromium.org, bradnelson@chromium.orgCC=jgruber@chromium.org
BUG=v8:4203,v8:5724
Committed: https://crrev.com/94cd46b55e24fa2bb7b06b3da4d5ba7f029bc262
Review-Url: https://codereview.chromium.org/2555243002
Cr-Original-Commit-Position: refs/heads/master@{#41599}
Cr-Commit-Position: refs/heads/master@{#41613}
The deserialization of the {Scope::asm_module} predicate relies on a
context being present for such modules. This ensures we always allocate
such a context, even in cases where no variables are allocated in it.
R=neis@chromium.org
TEST=cctest/test-parsing/AsmModuleFlag
BUG=v8:5653
Review-Url: https://codereview.chromium.org/2561103004
Cr-Commit-Position: refs/heads/master@{#41611}
This will be used in CSA to check if any promisehook is set.
-- Adds a is_promisehook_enabled_ field to the isolate and helper methods.
-- Adds this field to the ExternalReference table.
-- Adds a helper method to access this from CSA
Note -- this patch doesn't actually add the ability to attach the hook
yet.
BUG=v8:4643
Review-Url: https://codereview.chromium.org/2566483002
Cr-Commit-Position: refs/heads/master@{#41607}
Reason for revert:
gc-stress failures
Original issue's description:
> [wasm] Fix location for error in asm.js ToNumber conversion
>
> In the asm.js code translated to wasm, we call imported functions via a
> WASM_TO_JS stub, which first calls the function and then calls ToNumber
> on the return value. Exceptions can happen in both calls.
> We were only ever reporting the location of the function call, whereas
> asm.js code executed via turbofan reported the location of the type
> coercion operator ("+" on "+foo()" or "|" on "foo()|0").
>
> This CL implements the same behaviour for asm.js code translated to
> wasm. The following is changed:
> - the AsmWasmBuilder records the parent node when descending on a binary
> operator (also "+foo()" is represented by a binary operation).
> - it stores not one location per call in the source position side
> table, but two (one for the call, one for the parent which does the
> type coercion).
> - the wasm compiler annotates the source positions "0" and "1" to the
> two calls in the WASM_TO_JS wrapper (only if the module origin is
> asm.js).
> - during stack trace generation (in the StackTraceIterator), when we
> move from the WASM_TO_JS frame to the WASM frame, we remember at which
> call inside the WASM_TO_JS wrapper we are, and encode this information
> in the generated caller state, used for the WASM frame.
> - the same information is also stored in the FrameArray which is used
> to reconstruct the stack trace later.
>
> R=titzer@chromium.org, bradnelson@chromium.org
> CC=jgruber@chromium.org
> BUG=v8:4203,v8:5724
>
> Committed: https://crrev.com/94cd46b55e24fa2bb7b06b3da4d5ba7f029bc262
> Cr-Commit-Position: refs/heads/master@{#41599}
TBR=bradnelson@chromium.org,mstarzinger@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4203,v8:5724
Review-Url: https://codereview.chromium.org/2563613003
Cr-Commit-Position: refs/heads/master@{#41601}
In the asm.js code translated to wasm, we call imported functions via a
WASM_TO_JS stub, which first calls the function and then calls ToNumber
on the return value. Exceptions can happen in both calls.
We were only ever reporting the location of the function call, whereas
asm.js code executed via turbofan reported the location of the type
coercion operator ("+" on "+foo()" or "|" on "foo()|0").
This CL implements the same behaviour for asm.js code translated to
wasm. The following is changed:
- the AsmWasmBuilder records the parent node when descending on a binary
operator (also "+foo()" is represented by a binary operation).
- it stores not one location per call in the source position side
table, but two (one for the call, one for the parent which does the
type coercion).
- the wasm compiler annotates the source positions "0" and "1" to the
two calls in the WASM_TO_JS wrapper (only if the module origin is
asm.js).
- during stack trace generation (in the StackTraceIterator), when we
move from the WASM_TO_JS frame to the WASM frame, we remember at which
call inside the WASM_TO_JS wrapper we are, and encode this information
in the generated caller state, used for the WASM frame.
- the same information is also stored in the FrameArray which is used
to reconstruct the stack trace later.
R=titzer@chromium.org, bradnelson@chromium.orgCC=jgruber@chromium.org
BUG=v8:4203,v8:5724
Review-Url: https://codereview.chromium.org/2555243002
Cr-Commit-Position: refs/heads/master@{#41599}
Fix 7a6f294ffe.
The first correction enables correct execution DoMathMinMax when two
input registers are the same register.
The second correction adds NOP instructions after branch instructions
in tests macro_float_minmaxf(32|64).
TEST=cctest/test-macro-assembler-mips[64]/macro_float_minmax_f32
cctest/test-macro-assembler-mips[64]/macro_float_minmax_f64
mjsunit/regress/math-min
BUG=
Review-Url: https://codereview.chromium.org/2556793003
Cr-Commit-Position: refs/heads/master@{#41596}
Aside from the default snapshot, there is no need for additional context
snapshots to have the ability to replace the global proxy and global object
after deserialization. Changes include:
- Changes to the API to better distinguish default context snapshot from
additional context snapshots.
- Disallow global handles when creating snapshots.
- Allow extensions when creating snapshots.
This solves the issue of not being able to having accessors and interceptors on
the global object of contexts to be serialized.
R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892
Review-Url: https://codereview.chromium.org/2557743003
Cr-Commit-Position: refs/heads/master@{#41588}
The patch was reverted due to a bug - we failed to evict OSR-optimized
code in the case where the SharedFunctionInfo OptimizedCodeMap was
empty/cleared.
Since we OSR code rarely, it makes sense to store it and look for it on the native context rather than the SharedFunctionInfo. This makes the OptimizedCodeMap data structure more space efficient, as it doesn't have to store an ast ID for the OSR entry point.
Review-Url: https://codereview.chromium.org/2561083002
Cr-Commit-Position: refs/heads/master@{#41584}
This CL attempts to set the maybe-assigned flag for variables that are written
to as part of a destructuring or loop header.
For instance, in the following two cases we now mark x as maybe-assigned.
a) [x] = [1];
b) for (x of [1,2,3]) {};
There's more work to do here, this is just a first step.
R=adamk@chromium.org, mstarzinger@chromium.org
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2562443003
Cr-Commit-Position: refs/heads/master@{#41582}
Currently when the number passed to TryNumberToSize is 1 << 64,
it gets away with a bug caused by rounding of mantissa.
Then the number will be casted to 0 and TryNumberToSize
will return true. This patch fix this by making the range check
more accurate.
BUG=v8:5712
Review-Url: https://codereview.chromium.org/2548243004
Cr-Commit-Position: refs/heads/master@{#41578}
-- Moves promiseHasHandlerSymbol to inobject property
-- Ports PromiseResolveClosure to TF
-- Fix a non spec async-await test which fails now because we do a map
check for native promise check (instead of IsPromise). Changing the
constructor (in the test) invalidates the map check.
This patch results in a 7.1% performance improvement in the bluebird
benchmark (over 5 runs).
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2541283002
Cr-Commit-Position: refs/heads/master@{#41569}
jasongin@ created this patch.
dcc50445a3
This patch adds the support to emit a trace event by using a comma-separated
list of categories, so that the trace event will be emitted if there is at least
one category is enabled in the categories list.
TBR=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2558193002
Cr-Commit-Position: refs/heads/master@{#41567}
When v8 fails an access check, it invokes a helper to try to see if it
can service the request via an access check interceptor. Invoking the
access check interceptor can throw an exception (e.g. a SecurityError).
Unfortunately, the failed access check property helpers and the
interceptor helpers don't agree on how to propagate the exception: if
the interceptor helper detects a scheduled exception, it promotes the
exception to a pending exception and returns to the failed access check
property helper.
The failed access check property helper also has an early return in
case of a scheduled exception. However, this doesn't work, as the
previously thrown exception is no longer scheduled, as it's been
promoted to a pending exception. Thus, the failed access check property
helper always end up calling the failed access check callback as well.
Since Blink's implementation of the failed access check callback also
throws an exception, this conflicts with the previously-thrown,
already-pending exception.
With this patch, the failed access check property helpers check for a
pending exception rather than a scheduled exception after invoking the
interceptor, so the exception can be propagated correctly.
BUG=v8:5715
R=yangguo@chromium.org,jochen@chromium.org
Review-Url: https://codereview.chromium.org/2550423002
Cr-Commit-Position: refs/heads/master@{#41556}
Introduces:
- a new AST node representing the GetIterator() algorithm in the specification, to be used by ForOfStatement, YieldExpression (in the case of delegating yield*), and the future `for-await-of` loop proposed in http://tc39.github.io/proposal-async-iteration/#sec-async-iterator-value-unwrap-functions.
- a new opcode (JumpIfJSReceiver), which is useful for `if Type(object) is not Object` checks which are common throughout the specification. This node is easily eliminated by TurboFan.
The AST node is desugared specially in bytecode, rather than manually when building the AST. The benefit of this is that desugaring in the BytecodeGenerator is much simpler and easier to understand than desugaring the AST.
This also reduces parse time very slightly, and allows us to use LoadIC rather than KeyedLoadIC, which seems to have better baseline performance. This results in a ~20% improvement in test/js-perf-test/Iterators micro-benchmarks, which I believe owes to the use of the slightly faster LoadIC as opposed to the KeyedLoadIC in the baseline case. Both produce identical optimized code via TurboFan when the type check can be eliminated, and the load can be replaced with a constant value.
BUG=v8:4280
R=bmeurer@chromium.org, rmcilroy@chromium.org, adamk@chromium.org, neis@chromium.org, jarin@chromium.orgTBR=rossberg@chromium.org
Review-Url: https://codereview.chromium.org/2557593004
Cr-Commit-Position: refs/heads/master@{#41555}
Since we OSR code rarely, it makes sense to store it and look for it on the native context rather than the SharedFunctionInfo. This makes the OptimizedCodeMap data structure more space efficient, as it doesn't have to store an ast ID for the OSR entry point.
BUG=
Review-Url: https://codereview.chromium.org/2549753002
Cr-Commit-Position: refs/heads/master@{#41554}
The flag must be used only by CodeStubAssemblerGraphsCorrectness cctest for now
and once all the verification issues are fixed the flag will be enabled in debug
mode by default.
This CL also relaxes some checks for code stub graphs and fixes some issues in the stubs.
BUG=
Review-Url: https://codereview.chromium.org/2558653002
Cr-Commit-Position: refs/heads/master@{#41547}
This allows to detect a static property also named 'name', and also makes sure 'name' is added last, to be standards-compliant.
BUG=v8:4199
Review-Url: https://codereview.chromium.org/2423053002
Cr-Commit-Position: refs/heads/master@{#41546}
Removing elements from stub cache by Major key only does not always work.
BUG=
Review-Url: https://codereview.chromium.org/2551353003
Cr-Commit-Position: refs/heads/master@{#41544}
This just calls into a runtime function for implementation currently.
Intermediate step in speeding up constructor calls containing a spread.
The NewWithSpread bytecode will probably end up having different arguments with future CLs - the constructor and the new.target should have their own regs. For now we are calling into the runtime function, so we need the regs together.
BUG=v8:5659
Review-Url: https://codereview.chromium.org/2541113004
Cr-Commit-Position: refs/heads/master@{#41542}
The flag must be used only by CodeStubAssemblerGraphsCorrectness cctest for now
and once all the verification issues are fixed the flag will be enabled in debug
mode by default.
BUG=
Review-Url: https://codereview.chromium.org/2551933002
Cr-Commit-Position: refs/heads/master@{#41531}
The asm-wasm-builder started allocating SharedFunctionInfos,
this makes it bad we'd passed Script by pointer (due to ignorance).
Switching to Handle<Script>.
R=clemensh@chromium.org,titzer@chromium.org
BUG=v8:5716
Review-Url: https://codereview.chromium.org/2552873003
Cr-Commit-Position: refs/heads/master@{#41529}
come from the runtime.
This patch fixes an issue of heap growing to max capacity when incremental
marking is finished but cannot finalize due to GC stack guard not triggering.
It can happen if all allocations come from the runtime, for example,
from JSON parser or compiler.
Now before expanding the heap we check if we are above the allocation limit
and the incremental marking needs to be finalized. If so we do not expand
the heap and force GC, which will finalize the incremental marking.
The check is performed for paged spaces and large-object space.
BUG=chromium:670675
Review-Url: https://codereview.chromium.org/2552613004
Cr-Commit-Position: refs/heads/master@{#41524}
This makes the context allocation less pessimistic in the following cases:
function outer() {
var a; // Won't be context allocated
function inner1() { var a; a; }
function inner2(a) { a; }
function inner3([a]) { a; }
function inner4({ a: b}) { a; }
}
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2407163003
Cr-Commit-Position: refs/heads/master@{#41521}
Equality with null/undefined is equivalent to a check on the undetectable bit
on the map of the object. This would be more efficient than performing the entire
comparison operation.
This cl introduces:
1. A new bytecode called TestUndetectable that checks if the object is null/undefined.
2. Updates peeophole optimizer to emit TestUndetectable when a LdaNull/Undefined
precedes equality check.
4. TestUndetectable is transformed to ObjectIsUndetectable operator when building
turbofan graph.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2547043002
Cr-Commit-Position: refs/heads/master@{#41514}
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/11861
See:
https://github.com/v8/v8/wiki/Blink-layout-tests
Original issue's description:
> Object
> -- New JSObject for promises: JSPromise
>
> Builtins
> -- PromiseThen TFJ
> -- PromiseCreateAndSet TFJ for internal use
> -- PerformPromiseThen TFJ for internal use
> -- PromiseInit for initial promise setup
> -- SpeciesConstructor for use in PromiseThen
> -- ThrowIfNotJSReceiver for use in SpeciesConstructor
> -- AppendPromiseCallback to update FixedArray with new callback
> -- InternalPerformPromiseThen
>
> Promises.js
> -- Cleanup unused symbols
> -- Remove PerformPromiseThen
> -- Remove PromiseThen
> -- Remove PromiseSet
> -- Remove PromiseAttachCallbacks
>
> Runtime
> -- PromiseSet to set promise inobject values
> -- Refactor functions to use FixedArrays for callbacks instead of
> JSArray
> -- Runtime_PromiseStatus to return promise status
> -- Runtime_PromiseResult to return promise result
> -- Runtime_PromiseDeferred to return deferred attached to promise
> -- Runtime_PromiseRejectReactions to return reject reactions attached
> to promise
>
> This CL results in a 13.07% improvement in the promises benchmark
> (over 5 runs).
>
> BUG=v8:5343
>
> Committed: https://crrev.com/30b564c76f490f8f6b311a74b25b26cf0a96be2d
> Cr-Commit-Position: refs/heads/master@{#41503}
TBR=bmeurer@chromium.org,jgruber@chromium.org,caitp@igalia.com,gsathya@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2554013002
Cr-Commit-Position: refs/heads/master@{#41512}
This allows us to forward declare Label and Variable classes without including the
code-assembler.h.
BUG=
Review-Url: https://codereview.chromium.org/2551163003
Cr-Commit-Position: refs/heads/master@{#41509}
-- New JSObject for promises: JSPromise
Builtins
-- PromiseThen TFJ
-- PromiseCreateAndSet TFJ for internal use
-- PerformPromiseThen TFJ for internal use
-- PromiseInit for initial promise setup
-- SpeciesConstructor for use in PromiseThen
-- ThrowIfNotJSReceiver for use in SpeciesConstructor
-- AppendPromiseCallback to update FixedArray with new callback
-- InternalPerformPromiseThen
Promises.js
-- Cleanup unused symbols
-- Remove PerformPromiseThen
-- Remove PromiseThen
-- Remove PromiseSet
-- Remove PromiseAttachCallbacks
Runtime
-- PromiseSet to set promise inobject values
-- Refactor functions to use FixedArrays for callbacks instead of
JSArray
-- Runtime_PromiseStatus to return promise status
-- Runtime_PromiseResult to return promise result
-- Runtime_PromiseDeferred to return deferred attached to promise
-- Runtime_PromiseRejectReactions to return reject reactions attached
to promise
This CL results in a 13.07% improvement in the promises benchmark
(over 5 runs).
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2536463002
Cr-Commit-Position: refs/heads/master@{#41503}
Don't unconditionally assume that Tagged->Word32 changes are always
truncating independent of the type of the input. Work-around the
remaining issues with for-in by properly renaming the index if it's
not already of appropriate type (happens with generators or OSR).
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2545393002
Cr-Commit-Position: refs/heads/master@{#41484}
The changes are:
1) Pass lambdas as const references to avoid unnecessary copying.
2) Remove CodeStubAssembler* parameter from loop bodies and let the lambdas
capture the right assembler instead. It makes the loop body code look
uniform with the surrounding code and unblocks splitting of a CSA
into different classes.
BUG=
Review-Url: https://codereview.chromium.org/2535753012
Cr-Commit-Position: refs/heads/master@{#41482}
Tests were falling in qemu because of inexact computation in tests.
After correcting tests, simulator also had to be fixed.
Review-Url: https://codereview.chromium.org/2539133002
Cr-Commit-Position: refs/heads/master@{#41447}
Fix compilation failure in test-macro-assembler[64].cc
caused by 8fcfe66f94
due to warning `lambda-expression in unevaluated context`.
TEST=cctest/test-macro-assembler-mips[64]
BUG=
Review-Url: https://codereview.chromium.org/2543643005
Cr-Commit-Position: refs/heads/master@{#41433}
Debugging API is still in use by Node.
Revert "[debug] remove deprecated debug command message queue."
This reverts commit abdbfc953d.
Revert "[debug] mark more unused debug API as deprecated."
This reverts commit d5ada19ce7.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2537313005
Cr-Commit-Position: refs/heads/master@{#41427}
Trampolines are generated when the value of pc_offset is greater than
next_buffer_check_ (attribute from Assembler class). This value
shouldn't be incremented in bind_to() method when internal reference
label is bound, because it is not decremented when the switch table is
generated (dd() method from Assemler class).
This patch fixes this problem. Regression test are also included for
mips and mips64 arch.
BUG=
Review-Url: https://codereview.chromium.org/2530143002
Cr-Commit-Position: refs/heads/master@{#41423}
Unfortunately we have to split this up into two cases: those with exactly one spread argument as the final argument, and all others, due to any side-effects of evaluation being visible.
This is in preparation for a new bytecode which handles super calls.
BUG=v8:5659
Review-Url: https://codereview.chromium.org/2540593003
Cr-Commit-Position: refs/heads/master@{#41415}
Attempt to fix or get insight into failing vswp test on V8 ARM bot.
LOG=N
BUG=
Review-Url: https://codereview.chromium.org/2539533005
Cr-Commit-Position: refs/heads/master@{#41397}
JS operators always have an implicit context input, so just use that instead.
BUG=
Review-Url: https://codereview.chromium.org/2541813002
Cr-Commit-Position: refs/heads/master@{#41392}
These byte pointers (module_start and module_end) were only valid
during decoding. During instantiation or execution, they can get
invalidated by garbage collection.
This CL removes them from the WasmModule struct, and introduces a new
ModuleStorage struct as interface to the wasm wire bytes.
Since the storage is often needed together with the ModuleEnv, a new
ModuleStorageEnv struct holds both a ModuleEnv and a ModuleStorage.
The pointers in the ModuleStorage should never escape the live range of
this struct, as they might point into a SeqOneByteString or ArrayBuffer.
Therefore, the WasmInterpreter needs to create its own copy of the
whole module.
Runtime functions that previously used the raw pointers in WasmModule
(leading to memory errors) now have to use the SeqOneByteString in the
WasmCompiledModule.
R=titzer@chromium.org
BUG=chromium:669518
Review-Url: https://codereview.chromium.org/2540133002
Cr-Commit-Position: refs/heads/master@{#41388}
Make the AsmWasmBuilder drive the process of typing and potentially parsing
function bodies. This will allow us to keep only a single asm.js function's
AST in memory as we convert to WebAssembly.
This is needed to keep our memory footprint low.
Add some additional output to a few tests that's helpful to see which stage they fail at.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
LOG=N
R=marja@chromium.org,adamk@chromium.org,aseemgarg@chromium.org,titzer@chromium.org
Review-Url: https://codereview.chromium.org/2398023002
Cr-Commit-Position: refs/heads/master@{#41372}
Improves performance in simple, single element case by 5% and in multiple
elements cases by 2%.
BUG=chromium:608675
LOG=N
Review-Url: https://codereview.chromium.org/2497243002
Cr-Commit-Position: refs/heads/master@{#41368}
Adds a bytecode_age field to BytecodeArray objects. This is incremented each
time the bytecode array is marked by GC, and reset to zero if the bytecode
is executed.
This is used to enable the CompilationCache for interpreted functions,
where Interpreted entries are evicted once the bytecode becomes old.
BUG=chromium:666275,v8:4680
Review-Url: https://codereview.chromium.org/2534763003
Cr-Commit-Position: refs/heads/master@{#41356}
MarkingParity was used to avoid performing an operation on an object if it was
marked multiple times. We no longer mark things multiple times, so this concept
is no longer required.
BUG=chromium:666275
Review-Url: https://codereview.chromium.org/2529173002
Cr-Commit-Position: refs/heads/master@{#41354}
This introduces three new types OtherCallable, CallableProxy (and OtherProxy),
and BoundFunction to make it possible to express Callable in the Type system.
It also forces all undetectable receivers to be Callable, which matches the
use case for undetectable, namely document.all (guarded by proper checks and
tests).
It also uses these new types to properly optimize instanceof (indirectly via
OrdinaryHasInstance) based on the type of the constructor and the object. So
we are able to constant-fold certain instanceof expressions based on types
and completely avoid the builtin call.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2535753004
Cr-Commit-Position: refs/heads/master@{#41345}
FunctionTemplateInfo::SetPrototypeProviderTemplate adds support for sharing
prototypes between several function templates. This is used to properly set up
Image.prototype and HTMLImageElement.protoype which should be equal according
to the spec.
BUG=chromium:2969
Review-Url: https://codereview.chromium.org/2531653002
Cr-Commit-Position: refs/heads/master@{#41343}
Removed a redundant check: If completion is not normal, then #iterator cannot be undefined.
Review-Url: https://codereview.chromium.org/2533803002
Cr-Commit-Position: refs/heads/master@{#41321}
If code is flushed on a SFI, we can still use the bytecode if it was compiled,
since this never gets flushed.
This fixes a DCHECK where we were trying to compile the bytecode multiple
times after the baseline code was flushed.
BUG=chromium:668133
Review-Url: https://codereview.chromium.org/2526243002
Cr-Commit-Position: refs/heads/master@{#41274}
The deprecated pipeline is used for asm.js only, where we forcibly
disable inlining anyways (for performance reasons), so inlining via
the AstGraphBuilder is essentially dead code by now, thus there's no
point in trying to keep that around in the code base.
Also nuke the test-run-inlining.cc file, which would require some heavy
surgery (for probably little benefit), and move the useful tests for
mjsunit tests instead.
BUG=v8:2206,v8:5657
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2527053002
Cr-Commit-Position: refs/heads/master@{#41245}
The handwritten-assembly implementations of both dispatcher and
generic stub have been replaced by Turbofan-generated stubs.
Review-Url: https://codereview.chromium.org/2523473002
Cr-Commit-Position: refs/heads/master@{#41188}
The new SourcePosition class allows for precise tracking of source positions including the stack of inlinings. This CL makes the cpu profiler use this new information. Before, the cpu profiler used the deoptimization data to reconstruct the inlining stack. However, optimizing compilers (especially Turbofan) can hoist out checks such that the inlining stack of the deopt reason and the inlining stack of the position the deoptimizer jumps to can be different (the old cpu profiler tests and the ones introduced in this cl produce such situations for turbofan). In this case, relying on the deoptimization info produces paradoxical results, where the reported position is before the function responsible is called. Even worse, https://codereview.chromium.org/2451853002/ combines the precise position with the wrong inlining stack from the deopt info, leading to completely wrong results.
Other changes in this CL:
- DeoptInlinedFrame is no longer needed, because we can compute the correct inlining stack up front.
- I changed the cpu profiler tests back to test situations where deopt checks are hoisted out in Turbofan and made them robust enough to handle the differences between Crankshaft and Turbofan.
- I reversed the order of SourcePosition::InliningStack to make it match the cpu profiler convention.
- I removed CodeDeoptEvent::position, as it is no longer used.
R=alph@chromium.org
BUG=v8:5432
Review-Url: https://codereview.chromium.org/2503393002
Cr-Commit-Position: refs/heads/master@{#41168}
By now the compilation pipeline is flexible enough to run module tests
against all variants, we should no longer choose unsupported compilers
for modules. It also fixes the predicate checking for functions being
"resumable" in the {AstNumberingVisitor} heuristic.
R=neis@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2517143002
Cr-Commit-Position: refs/heads/master@{#41144}
Some minifiers use the pattern !function ... () for JS code that should
be immediately executed. This change recognizes that pattern and treats
it equally to parenthesized functions.
A bit more background info is in the referenced bug.
R=verwaest@chromium.org
BUG=v8:5643
Review-Url: https://codereview.chromium.org/2509143003
Cr-Commit-Position: refs/heads/master@{#41114}
It originates from the era where we used to run a separate preparse step
before parsing and store the function data. Now the usage of preparser
is something completely different, so this flag doesn't make sense any
more.
In addition, this way we get more test coverage for preparser (for small
scripts).
BUG=
Review-Url: https://codereview.chromium.org/2513563002
Cr-Commit-Position: refs/heads/master@{#41110}
Adds the marking logic to mark the young generation.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2498583002
Cr-Commit-Position: refs/heads/master@{#41104}
Add bytecode for defining data properties, which initially just calls the runtime function.
BUG=v8:5624
Review-Url: https://codereview.chromium.org/2510743002
Cr-Commit-Position: refs/heads/master@{#41101}
This fixes the bogus implementation of the function in question and adds
test coverage for the deserialization of the corresponding flags from
the serialized scope info. Note that the tests so far only cover cases
where the module and the function contain context-allocated variables.
R=verwaest@chromium.org
TEST=cctest/test-parsing/AsmFunctionFlag
BUG=v8:5653
Review-Url: https://codereview.chromium.org/2507063004
Cr-Commit-Position: refs/heads/master@{#41093}
With this change, WebAssembly.Memory objects have backing stores allocated as an
8GB region where everything beyond the size of the Wasm heap is inaccessible.
GrowMemory is now implemented by changing the protection on the guard regions to
make the new portions of the heap accessible.
Guard pages are not enabled by default, but this change adds a flag and a test
variant to make sure we get test coverage on them.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2396433008
Cr-Commit-Position: refs/heads/master@{#41089}
Collect string feedback for compare operations. Without this,
functions which have a lot of string compare operations end up with
a high generic type percentage, and don't get optimized until very
late.
Currently TurboFan doesn't use this String feedback for compare
operations, but this could be done in future work if it is useful.
BUG=chromium:660947
Review-Url: https://codereview.chromium.org/2506013005
Cr-Commit-Position: refs/heads/master@{#41078}
The reasons are:
1) The names dictionaries in the feedback metadata seems to consume a lot of memory
and the idea didn't payoff.
2) The absence of a name parameter blocks data handlers support in LoadGlobalIC.
This CL reverts a part of r37278 (https://codereview.chromium.org/2096653003/).
BUG=chromium:576312, v8:5561
Review-Url: https://codereview.chromium.org/2510653002
Cr-Commit-Position: refs/heads/master@{#41046}
The new AccessorAssembler encapsulates all the functionality that's
specific to building LoadIC/StoreIC stubs.
There are two header files (accessor-assembler.h and
accessor-assembler-impl.h) so that clients of the assembler can include
the one, and subclassing assemblers can include the other.
Review-Url: https://codereview.chromium.org/2507733002
Cr-Commit-Position: refs/heads/master@{#41037}
This is in preparation for introducing more specialized
CodeStubAssembler subclasses. The state object can be handed
around, while the Assembler instances are temporary-scoped.
BUG=v8:5628
Original review: https://codereview.chromium.org/2498073002/
Review-Url: https://codereview.chromium.org/2502293002
Cr-Commit-Position: refs/heads/master@{#41028}
This brings the two utf-8 decoders (bulk + incremental) in line.
Technically, either behaviour was correct, since the utf-8 spec
demands incomplete utf-8 be handled, but does not specify how.
Unicode recommends that "the maximal subpart at that offset
should be replaced by a single U+FFFD," and with this change we
consistently do that. More details + spec references in the bug.
BUG=chromium:662822
Review-Url: https://codereview.chromium.org/2493143003
Cr-Commit-Position: refs/heads/master@{#41025}
Properties can be defined inside the object literal (ES6) or after
object creation. The behavior differes if there are accessors, interceptors
or proxies in the Object prototype chain.
These test cases assure we preserve correct behavior as we
improve performance of definitions in literals.
BUG=v8:5624
Review-Url: https://codereview.chromium.org/2501553002
Cr-Commit-Position: refs/heads/master@{#41024}
Adds a bytecode to set and retrieve the pending message. This avoids a
runtime call in finally blocks, and also ensures that TurboFan builds a
graph using the SetMessage / LoadMessage nodes instead of inserting a
runtime call.
BUG=chromium:662334
Review-Url: https://codereview.chromium.org/2501503005
Cr-Commit-Position: refs/heads/master@{#41023}
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared doesn't want to compile. Missing export annotation?
Original issue's description:
> [refactoring] Split CodeAssemblerState out of CodeAssembler
>
> This is in preparation for introducing more specialized
> CodeStubAssembler subclasses. The state object can be handed
> around, while the Assembler instances are temporary-scoped.
>
> BUG=v8:5628
TBR=ishell@chromium.org,mstarzinger@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5628
Review-Url: https://codereview.chromium.org/2504913002
Cr-Commit-Position: refs/heads/master@{#41018}
This is in preparation for introducing more specialized
CodeStubAssembler subclasses. The state object can be handed
around, while the Assembler instances are temporary-scoped.
BUG=v8:5628
Review-Url: https://codereview.chromium.org/2498073002
Cr-Commit-Position: refs/heads/master@{#41015}
This was causing array buffer views created by ValueDeserializer to have
uninitialized internal fields, which lead to crashes in layout tests when
Blink tried to read those fields.
For array buffers, JSArrayBuffer::Setup is responsible for this logic
(as well as initializing the V8 fields); this is similar to that.
The runtime already seems to correctly initialize these for script-created
array buffer views as well, which is why this issue was not detected sooner.
Review-Url: https://codereview.chromium.org/2498413002
Cr-Commit-Position: refs/heads/master@{#41014}
Inferred names are currently generated for FunctionLiterals but not generated
for ClassLiterals. Without them, DevTools does not have enough information to
make descriptive descriptions.
E.g.
var x = {y: class{}};
var a = new x.y();
console.log(a);
This shows "Object{}" when it could be more descriptive "x.y {}"
BUG=v8:5621
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
Review-Url: https://codereview.chromium.org/2488193003
Cr-Commit-Position: refs/heads/master@{#41013}
Avoid using the iterator for arrays with fast elements where the iterator has
not been modified.
Only deals with the case where there is a single spread argument.
Improves the six-speed "spread" benchmark to 1.5x slower than baseline es5 implementation, compared to 19x slower previously.
BUG=v8:5511
Review-Url: https://codereview.chromium.org/2465253011
Cr-Commit-Position: refs/heads/master@{#40998}
This shares the pending_error_handler from the parser to the preparser, allowing the preparser to directly log errors to it. This removes LogMessage from the loggers. ParserLogger::LogMessage was already unused, so this also removes error info from the preparse data altogether.
BUG=
Review-Url: https://codereview.chromium.org/2502633002
Cr-Commit-Position: refs/heads/master@{#40984}
SourcePosition::InliningId() refers to a the new table DeoptimizationInputData::InliningPositions(), which provides the following data for every inlining id:
- The inlined SharedFunctionInfo as an offset into DeoptimizationInfo::LiteralArray
- The SourcePosition of the inlining. Recursively, this yields the full inlining stack.
Before the Code object is created, the same information can be found in CompilationInfo::inlined_functions().
If SourcePosition::InliningId() is SourcePosition::kNotInlined, it refers to the outer (non-inlined) function.
So every SourcePosition has full information about its inlining stack, as long as the corresponding Code object is known. The internal represenation of a source position is a positive 64bit integer.
All compilers create now appropriate source positions for inlined functions. In the case of Turbofan, this required using AstGraphBuilderWithPositions for inlined functions too. So this class is now moved to a header file.
At the moment, the additional information in source positions is only used in --trace-deopt and --code-comments. The profiler needs to be updated, at the moment it gets the correct script offsets from the deopt info, but the wrong script id from the reconstructed deopt stack, which can lead to wrong outputs. This should be resolved by making the profiler use the new inlining information for deopts.
I activated the inlined deoptimization tests in test-cpu-profiler.cc for Turbofan, changing them to a case where the deopt stack and the inlining position agree. It is currently still broken for other cases.
The following additional changes were necessary:
- The source position table (internal::SourcePositionTableBuilder etc.) supports now 64bit source positions. Encoding source positions in a single 64bit int together with the difference encoding in the source position table results in very little overhead for the inlining id, since only 12% of the source positions in Octane have a changed inlining id.
- The class HPositionInfo was effectively dead code and is now removed.
- SourcePosition has new printing and information facilities, including computing a full inlining stack.
- I had to rename compiler/source-position.{h,cc} to compiler/compiler-source-position-table.{h,cc} to avoid clashes with the new src/source-position.cc file.
- I wrote the new wrapper PodArray for ByteArray. It is a template working with any POD-type. This is used in DeoptimizationInputData::InliningPositions().
- I removed HInlinedFunctionInfo and HGraph::inlined_function_infos, because they were only used for the now obsolete Crankshaft inlining ids.
- Crankshaft managed a list of inlined functions in Lithium: LChunk::inlined_functions. This is an analog structure to CompilationInfo::inlined_functions. So I removed LChunk::inlined_functions and made Crankshaft use CompilationInfo::inlined_functions instead, because this was necessary to register the offsets into the literal array in a uniform way. This is a safe change because LChunk::inlined_functions has no other uses and the functions in CompilationInfo::inlined_functions have a strictly longer lifespan, being created earlier (in Hydrogen already).
BUG=v8:5432
Review-Url: https://codereview.chromium.org/2451853002
Cr-Commit-Position: refs/heads/master@{#40975}
In captured stack traces, all lines and columns must be 1-based.
Even though this makes things a bit ugly, we have to comply also for
wasm locations, where line and column encode function index and byte
offset (both are originally 0-based).
If we don't comply, the frontend might complain, as e.g. DevTools does.
BUG=chromium:659715
R=yangguo@chromium.org, kozyatinskiy@chromium.orgCC=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2493943002
Cr-Commit-Position: refs/heads/master@{#40971}
This removes the POSSIBLY_EVAL_CALL call type, and instead uses OTHER_CALL
or WITH_CALL to decide whether to do the special LOOKUP_SLOT_CALL runtime
call to find the callee and possibly update the receiver with the with-object.
This means that eval calls out of 'with' blocks can now just do a normal
LdaLookupGlobalSlot operation, which can check the context chain for eval
extentions and fast-path the lookup if none exist.
BUG=661556
Review-Url: https://codereview.chromium.org/2487483004
Cr-Commit-Position: refs/heads/master@{#40965}
This replaces LOOKUP_SLOT_CALL with WITH_CALL, and relies on regular lookup-slot handling in variable load to support other lookup slots (variables resolved in the context of sloppy eval). This allows optimizations for such variable loads to kick in for calls as well. We only need special handling for function calls in the context of with, since it changes the receiver of the call from undefined/global to the with-object.
This currently doesn't yet make it work for the direct eval call itself, since the POSSIBLY_EVAL_CALL flag is also used to deal with direct eval later.
BUG=
Review-Url: https://codereview.chromium.org/2480253006
Cr-Commit-Position: refs/heads/master@{#40962}
Changes include:
- Adding V8_EXPORT macro for SnapshotCreator
- Removing outdated DCHECKs.
- Allow nullptr as external reference. This required a...
- Refactoring of hashmaps used by the serializer.
- Remove external references for counters. These are not used
anywhere for isolates that are being serialized.
- Put template infos into the partial snapshot cache.
- Remove unnecessary presubmit check for external references.
mksnapshot crashes if external references are missing.
R=jochen@chromium.org, vogelheim@chromium.org
BUG=chromium:617892
Review-Url: https://codereview.chromium.org/2490783004
Cr-Commit-Position: refs/heads/master@{#40949}
This adds a new ExternalPointer type, which is an Internal type that is
used for ExternalReferences and other pointer values, like the pointers
into the asm.js heap. It also adds a PointerConstant operator, which we
use to represents these raw constants (we can probably remove that
particular operator again once WebAssembly ships with the validator).
R=mvstanton@chromium.org
BUG=v8:5267,v8:5270
Review-Url: https://codereview.chromium.org/2494753003
Cr-Commit-Position: refs/heads/master@{#40923}
According to the spec data segments are allowed even if the memory size
is zero. However, if one of the data segments has a length greater than
0, then module instantiation should fail.
I also changed the exception type in LoadDataSegments to TypeError,
because that's the exception type for all exceptions which can happen
during instantiation.
R=titzer@chromium.org, rossberg@chromium.org
TEST=cctest/test-run-wasm-module/EmptyMemoryEmptyDataSegment, cctest/test-run-wasm-module/EmptyMemoryNonEmptyDataSegment
Review-Url: https://codereview.chromium.org/2483053005
Cr-Commit-Position: refs/heads/master@{#40922}
This CL moves all heap-allocated WASM data structures, both ones
that are bonafide JSObjects and ones that are FixedArrays only, into a
consistent place with consistent layout. Note that not all accessors are complete, and I haven't fully spread the new static typing goodness
to all places in the code.
R=ahaas@chromium.org,rossberg@chromium.org
CC=gdeepti@chromium.org,mtrofin@chromium.org,clemensh@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2490663002
Cr-Commit-Position: refs/heads/master@{#40913}
- A new runtime function (%create_resolving_functions) is installed to
call the CreateResolvingFunctions builtin from JS.
- Three new builtins are created - resolve and reject functions and a
third function that creates a new JSFunctions from these
resolve/reject builtins.
- The promise reject function is installed on the context temporarily
as internal_promise_reject. This should go away once we remove
PromiseSet.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2459283004
Cr-Commit-Position: refs/heads/master@{#40903}
TurboFan can create ConsStrings with empty first parts (for history on
this decision, see da27e0c886). Add a
fast-path for such cases in String::SlowFlatten.
BUG=
Review-Url: https://codereview.chromium.org/2489273002
Cr-Commit-Position: refs/heads/master@{#40885}
We seem to get some small wins from avoiding the Ldr bytecodes, probably due
to reduced icache pressure since there are less bytecode handlers. Replace
the Ldr bytecodes with Star lookahead inlined into the Lda versions.
Also fixes IsAccumulatorLoadWithoutEffects to include LdaContextSlot and
LdaCurrentContextSlot
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2489513005
Cr-Commit-Position: refs/heads/master@{#40883}
... and make them applicable outside of CSA.
Nice bonus is that the assert condition instructions will now appear inside [Assert / ]Assert brackets.
BUG=
Review-Url: https://codereview.chromium.org/2489743002
Cr-Commit-Position: refs/heads/master@{#40869}
Adds an IsInterpreted() function to both SharedFunctionInfo and JSFunction.
This is used to fix the test-heap code-aging tests since Ignition doesn't
age code.
BUG=v8:4680
Review-Url: https://codereview.chromium.org/2481433002
Cr-Commit-Position: refs/heads/master@{#40868}
The Ldr[Named/Keyed]Property bytecodes are problematic for the deoptimizer when
inlining accessors in TurboFan. Remove them and replace with a Star lookahead
in the bytecode handlers for Lda[Named/Keyed]Property.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2485383002
Cr-Commit-Position: refs/heads/master@{#40860}
The bounds check in LoadDataSegment was off by one. I also improved the
error message, and fixed an issue where data was initialized even if
the bounds check failed.
In InstantiateModuleForTesting I allow instantiation of modules without
exports. This check was legacy code from the time where instantiation
and execution was still combined in a single function.
R=titzer@chromium.org, rossberg@chromium.org
TEST=cctest/test-run-wasm-module/InitDataAtTheUpperLimit
Review-Url: https://codereview.chromium.org/2486183002
Cr-Commit-Position: refs/heads/master@{#40856}
The spec defines that indirect calls in WebAssembly code should cause a
validation error if no function table exists.
The CL contains the following changes:
1) Throw a validation error for indirect calls if the function table
not exist.
2) Do not create TF nodes to throw a runtime error for indirect calls
if the function table does not exist.
3) Fix existing unit tests by creating a dummy function table.
4) Add new a new test which tests that indirect calls without function
table cause a validation error.
R=rossberg@chromium.orgCC=titzer@chromium.org
TEST=unittests/AstDecoderTest.IndirectCallsWithoutTableCrash
Review-Url: https://codereview.chromium.org/2484623002
Cr-Commit-Position: refs/heads/master@{#40852}
We recently allowed global constants in asm.js validated code.
When used in a return statement, these need to be of an allowed type.
BUG=660813
R=jpp@chromium.org,aseemgarg@chromium.org
Review-Url: https://codereview.chromium.org/2481103002
Cr-Commit-Position: refs/heads/master@{#40850}
We handle this case specially because otherwise we would have to do
complicated overflow detection.
R=titzer@chromium.org
TEST=cctest/test-run-wasm/RunWasmCompiled_LoadMaxUint32Offset
Review-Url: https://codereview.chromium.org/2490533003
Cr-Commit-Position: refs/heads/master@{#40844}
With this CL, we set the is_source_positions_enabled flag on CompilationInfo when
- a command line flag is enabled that requires Turbofan to preserve source position
information (e.g. --trace-deopt), and
- when profiling is enabled.
This also removes the --turbo-source-positions flag.
The goal is to eventually only track source position information when needed.
R=mstarzinger@chromium.org
BUG=v8:5439
Review-Url: https://codereview.chromium.org/2484163003
Cr-Commit-Position: refs/heads/master@{#40836}
This is an experiment to check whether the heuristics is still useful.
BUG=
Review-Url: https://codereview.chromium.org/2482163002
Cr-Commit-Position: refs/heads/master@{#40833}
The access check is generated as a:
- Equality check of an execution-time and a compile-time native contexts
for primitive receivers.
- Equality check of an execution-time and a compile-time native contexts
or equality check of a respective security tokens for global proxy receivers.
- No-op for other kinds of receivers.
BUG=v8:5561
Review-Url: https://codereview.chromium.org/2482913002
Cr-Commit-Position: refs/heads/master@{#40829}
This introduces two new bytecodes LdaModuleVariable and StaModuleVariable,
replacing the corresponding runtime calls.
Support in the bytecode graph builder exists only in the form of runtime calls.
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2471033004
Cr-Commit-Position: refs/heads/master@{#40825}
The memory leak is fixed by calling the GC at the end of the tests. The GC collects the WasmModuleWrapper objects, which deallocates WasmModule c++ object. For the mjsunit tests the GC is already called because of the --invoke_weak_callbacks flag.
BUG=chromium:662388
Review-Url: https://codereview.chromium.org/2476643003
Cr-Commit-Position: refs/heads/master@{#40822}
Reason for revert:
Speculative revert for blocking roll:
https://codereview.chromium.org/2479233002/
Original issue's description:
> [wasm] Indirect calls without function table cause validation errors.
>
> The spec defines that indirect calls in WebAssembly code should cause a
> validation error if no function table exists.
>
> The CL contains the following changes:
> 1) Throw a validation error for indirect calls if the function table
> not exist.
> 2) Do not create TF nodes to throw a runtime error for indirect calls
> if the function table does not exist.
> 3) Fix existing unit tests by creating a dummy function table.
> 4) Add new a new test which tests that indirect calls without function
> table cause a validation error.
>
> R=rossberg@chromium.org
> CC=titzer@chromium.org
>
> TEST=unittests/AstDecoderTest.IndirectCallsWithoutTableCrash
TBR=rossberg@chromium.org,titzer@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2479283002
Cr-Commit-Position: refs/heads/master@{#40811}
This makes use of the newly introduced cell indices to speed up variable
accesses. Imports and local exports are now directly stored in (separate)
arrays. In the future, we may merge the two arrays into a single one, or
even into the module context.
This CL also replaces the LoadImport and LoadExport runtime functions with
a single LoadVariable taking a variable index as argument (rather than a
name).
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2465283004
Cr-Commit-Position: refs/heads/master@{#40808}
This
- removes the ParserRecorder base class,
- devirtualizes the LogFunction and LogMessage functions,
- reuses the SingletonLogger for all preparser calls
In a subsequent step the preparser should probably log directly to the CompleteParserRecorder rather than indirectly through the singleton logger...
BUG=
Review-Url: https://codereview.chromium.org/2474393003
Cr-Commit-Position: refs/heads/master@{#40803}
The spec defines that indirect calls in WebAssembly code should cause a
validation error if no function table exists.
The CL contains the following changes:
1) Throw a validation error for indirect calls if the function table
not exist.
2) Do not create TF nodes to throw a runtime error for indirect calls
if the function table does not exist.
3) Fix existing unit tests by creating a dummy function table.
4) Add new a new test which tests that indirect calls without function
table cause a validation error.
R=rossberg@chromium.orgCC=titzer@chromium.org
TEST=unittests/AstDecoderTest.IndirectCallsWithoutTableCrash
Review-Url: https://codereview.chromium.org/2484623002
Cr-Commit-Position: refs/heads/master@{#40802}
Drive-by-fix 1: be more precise in machine representations for
AllocateNameDictionary to make --turbo_verify_machine_graph happy.
Drive-by-fix 2: Improve graph verifier output by printing input
representation.
BUG=
Review-Url: https://codereview.chromium.org/2475913002
Cr-Commit-Position: refs/heads/master@{#40797}
This patch fixes two bugs in V8 to allow the global object to have a frozen proto:
- The immutable prototype map check is done on the map of the "real receiver",
the one that's found after the hidden prototype traversal, rather than
the object that SetPrototype is called on.
- The immutable prototype bit from the ObjectTemplate used to instantiate
the global object, as passed to Context::New, is respected when instantiating
the global object.
R=adamk
BUG=v8:5149
Review-Url: https://codereview.chromium.org/2474843003
Cr-Commit-Position: refs/heads/master@{#40778}
This removes the deprecated flag in question which has been enabled by
default a while ago. All components can by now deal with activations of
a single function being mixed between Ignition and other compilers. The
maintenance overhead to support a mode that clears bytecode is no longer
warranted.
R=rmcilroy@chromium.org
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2475203003
Cr-Commit-Position: refs/heads/master@{#40776}
Parameters of a lazily parsed function used to be parsed eagerly, and parameter
handling was split between Parser::ParseFunctionLiteral and
ParseEagerFunctionBody, leading to inconsistencies.
After this CL, we preparse (lazy parse) the parameters of lazily parsed
functions.
(For arrow functions, we cannot do that ofc.)
This is needed for later features (PreParser with scope analysis).
-- CL adapted from marja's https://codereview.chromium.org/2411793003/
BUG=
Review-Url: https://codereview.chromium.org/2472063002
Cr-Commit-Position: refs/heads/master@{#40771}
Some accessors requires little to no computation at all, its result can be
cached in a private property, avoiding the call overhead.
Calls to the getter are translated into a cheap property load.
Follow-on to crrev.com/2347523003, from peterssen@google.com
BUG=chromium:634276, v8:5548
Review-Url: https://codereview.chromium.org/2405213002
Cr-Commit-Position: refs/heads/master@{#40765}
With an instance of CodeStubArguments, builtin stub generators can generate code
that accesses the receiver passed to the builtin, as well as access and iterate
over the variable number of arguments that are passed in.
Review-Url: https://codereview.chromium.org/2469273003
Cr-Commit-Position: refs/heads/master@{#40726}
Removed a wrong condition test in TwoByteExternalBufferedStream. This changed fixes errors that may occur under some conditions.
Review-Url: https://codereview.chromium.org/2469723002
Cr-Commit-Position: refs/heads/master@{#40722}
The wasm interpreter crashed because it interpreted the table of
br_table as a table of uint8, but according to the spec it is a table of
varint32. Therefore the wasm interpreter misinterpreted 0x80 0x00 as 128
and not as 0, which caused a crash.
R=tizer@chromium.org
BUG=chromium:660262
TEST=cctest/test-run-wasm/RunWasmInterpreted_Regression_660262
Review-Url: https://codereview.chromium.org/2463063002
Cr-Commit-Position: refs/heads/master@{#40708}
This reduces per-scope overhead from minimally 6 words to 2 words, with one additional pointer per entry, rather than an average of 2 per entry for larger-than-4 element lists. For temp zone parsed functions it additionally makes the declaration-list actually freeable.
This introduces ThreadedList to implement the details of dealing with such a list.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2457393003
Cr-Commit-Position: refs/heads/master@{#40703}
To enable the global object prototype chain to be frozen, all objects
in the chain need to be marked as immutable prototype exotic objects.
However, a bug in the previous implementation of immutable prototype
exotic objects left the check in place when initially setting up the
object, which made it impossible to allow inheritance chains. This
patch removes that mistaken check.
BUG=v8:5149
Review-Url: https://codereview.chromium.org/2449163004
Cr-Commit-Position: refs/heads/master@{#40702}
Reason for revert:
Causes performance regressions (up to 10% on the "IC" bucket). :-(
Original issue's description:
> [ic] Experiment: disable map-specific handler cache.
>
> IC data handlers support most of the hot cases nowdays. Let's see if
> the map-specific code cache still help us to improve things.
>
> BUG=v8:5561
TBR=ishell@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5561
Review-Url: https://codereview.chromium.org/2474653002
Cr-Commit-Position: refs/heads/master@{#40701}
In the process, add a more general mechanism for passing around
and amending list of CodeStubAssembler Variables. That change
makes it possible to more easily add Variables to loops that are
generated by utility functions, e.g. BuildFastLoop.
LOG=N
Review-Url: https://codereview.chromium.org/2461363002
Cr-Commit-Position: refs/heads/master@{#40700}
This is preparation for using TF to create builtins that handle variable number of
arguments and have to remove these arguments dynamically from the stack upon
return.
The gist of the changes:
- Added a second argument to the Return node which specifies the number of stack
slots to pop upon return in addition to those specified by the Linkage of the
compiled function.
- Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
handles all tail-call cases except where the return value type differs, this fallback
was not really useful and in fact caused unexpected behavior with variable
sized argument popping, since it wasn't possible to materialize a Return node
with the right pop count from the TailCall without additional context.
- Modified existing Return generation to pass a constant zero as the additional
pop argument since the variable pop functionality
LOG=N
Review-Url: https://codereview.chromium.org/2446543002
Cr-Commit-Position: refs/heads/master@{#40699}
Reason for revert:
Seems to break arm64 sim debug and blocks roll:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/builds/3294
Original issue's description:
> [turbofan] Support variable size argument removal in TF-generated functions
>
> This is preparation for using TF to create builtins that handle variable number of
> arguments and have to remove these arguments dynamically from the stack upon
> return.
>
> The gist of the changes:
> - Added a second argument to the Return node which specifies the number of stack
> slots to pop upon return in addition to those specified by the Linkage of the
> compiled function.
> - Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
> handles all tail-call cases except where the return value type differs, this fallback
> was not really useful and in fact caused unexpected behavior with variable
> sized argument popping, since it wasn't possible to materialize a Return node
> with the right pop count from the TailCall without additional context.
> - Modified existing Return generation to pass a constant zero as the additional
> pop argument since the variable pop functionality
>
> LOG=N
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,epertoso@chromium.org,danno@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2473643002
Cr-Commit-Position: refs/heads/master@{#40691}
IC data handlers support most of the hot cases nowdays. Let's see if
the map-specific code cache still help us to improve things.
BUG=v8:5561
Review-Url: https://codereview.chromium.org/2462973003
Cr-Commit-Position: refs/heads/master@{#40685}
We only need included categories list, excluded categories list will only work
if we use regular expression in categories list, which is not supported in V8.
TBR=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2462143002
Cr-Commit-Position: refs/heads/master@{#40681}
This is preparation for using TF to create builtins that handle variable number of
arguments and have to remove these arguments dynamically from the stack upon
return.
The gist of the changes:
- Added a second argument to the Return node which specifies the number of stack
slots to pop upon return in addition to those specified by the Linkage of the
compiled function.
- Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
handles all tail-call cases except where the return value type differs, this fallback
was not really useful and in fact caused unexpected behavior with variable
sized argument popping, since it wasn't possible to materialize a Return node
with the right pop count from the TailCall without additional context.
- Modified existing Return generation to pass a constant zero as the additional
pop argument since the variable pop functionality
LOG=N
Review-Url: https://codereview.chromium.org/2446543002
Cr-Commit-Position: refs/heads/master@{#40678}
This enables Ignition unconditionally for all code that is destined for
optimization with TurboFan. This ensures all optimization attempts will
go through the BytecodeGraphBuilder and that the AstGraphBuilder pipe is
dried out in practice.
patch from issue 2427953002 at patchset 120001 (http://crrev.com/2427953002#ps120001)
R=mvstanton@chromium.org,rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2453973004
Cr-Commit-Position: refs/heads/master@{#40663}
These are added to the sampler stack trace when RCS are
enabled.
Resource name for a RCS frame is reported as "V8Runtime".
Counter names match ones from src/counters.h
BUG=chromium:660428
Review-Url: https://codereview.chromium.org/2461003002
Cr-Commit-Position: refs/heads/master@{#40658}
The majority of context slot accesses are to the local context (current context
register and depth 0), so this adds bytecodes to optimise for that case.
This cuts down bytecode size by roughly 1% (measured on Octane and Top25).
Review-Url: https://codereview.chromium.org/2459513002
Cr-Commit-Position: refs/heads/master@{#40641}
The reasons are:
1) Type feedback vectors are not shared between different native contexts and
therefore the IC handler created for one native context will not be reused
in other native context.
2) Access rights revocation is not supported at all, therefore given (1) once
we pass the access check we don't have to check access rights again.
BUG=v8:5561
Review-Url: https://codereview.chromium.org/2455953002
Cr-Commit-Position: refs/heads/master@{#40627}
This prepares the code-base so that Ignition can be enabled on a certain
subset of compilations without setting the {FLAG_ignition} flag (which
enables Ignition on all compilations). We should not check the flag in
question explicitly anywhere outside of the compiler heuristics.
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2443573002
Cr-Commit-Position: refs/heads/master@{#40617}
This is a new bytecode which behaves (for now) exactly like Call,
except that in turbofan graph building we can set the
ConvertReceiverMode to NotNullOrUndefined.
I observe a 1% improvement on Box2D, I'd expect a similar improvement on
other OOP heavy code.
Review-Url: https://codereview.chromium.org/2450243002
Cr-Commit-Position: refs/heads/master@{#40610}
- Modifies RegisterConfiguration to specify complex aliasing on ARM 32.
- Modifies RegisterAllocator to consider aliasing.
- Modifies ParallelMove::PrepareInsertAfter to handle aliasing.
- Modifies GapResolver to split wider register moves when interference
with smaller moves is detected.
- Modifies MoveOptimizer to handle aliasing.
- Adds ARM 32 macro-assembler pseudo move instructions to handle cases where
split moves don't correspond to actual s-registers.
- Modifies CodeGenerator::AssembleMove and AssembleSwap to handle moves of
different widths, and moves involving pseudo-s-registers.
- Adds unit tests for FP operand interference checking and PrepareInsertAfter.
- Adds more tests of FP for the move optimizer and register allocator.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2410673002
Cr-Commit-Position: refs/heads/master@{#40597}
Native setters (see AccessorInfo in accessors.h) didn't have the ability
to return a result value. As a consequence of this, for instance, Reflect.set
on the length property of arrays had the wrong behavior:
var y = [];
Object.defineProperty(y, 0, {value: 42, configurable: false})
Reflect.set(y, 'length', 0)
The Reflect.set call used to return true. Now it returns false as
required by the spec.
BUG=v8:5401
Review-Url: https://codereview.chromium.org/2397603003
Cr-Commit-Position: refs/heads/master@{#40579}
Object.create(null) is most likely to be used for dictionary-like objects.
Hence it would be beneficial to directly create a slow-mode object and avoid
additional overhead later-on.
BUG=
Review-Url: https://codereview.chromium.org/2430273007
Cr-Commit-Position: refs/heads/master@{#40551}
Reason for revert:
Causes regressions: https://bugs.chromium.org/p/chromium/issues/detail?id=658711
Original issue's description:
> [compiler] Prepare for partially shipping Ignition.
>
> This prepares the code-base so that Ignition can be enabled on a certain
> subset of compilations without setting the {FLAG_ignition} flag (which
> enables Ignition on all compilations). We should not check the flag in
> question explicitly anywhere outside of the compiler heuristics.
>
> R=mvstanton@chromium.org
BUG=chromium:658711
TBR=mvstanton@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
Review-Url: https://codereview.chromium.org/2448443002
Cr-Commit-Position: refs/heads/master@{#40534}
This patch moves management of marking deque backing store into the
MarkingDeque class, which will simplify unmapping of backing store in
concurrent task.
BUG=
Review-Url: https://codereview.chromium.org/2439063002
Cr-Commit-Position: refs/heads/master@{#40523}
This prepares the code-base so that Ignition can be enabled on a certain
subset of compilations without setting the {FLAG_ignition} flag (which
enables Ignition on all compilations). We should not check the flag in
question explicitly anywhere outside of the compiler heuristics.
R=mvstanton@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2443573002
Cr-Commit-Position: refs/heads/master@{#40507}
Additionally, remove all code related to the old-style slots filtering and black area end markers.
BUG=chromium:648568
Review-Url: https://chromiumcodereview.appspot.com/2440683002
Cr-Commit-Position: refs/heads/master@{#40494}
Reason for revert:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Android%20Arm64%20-%20builder/builds/4851
Original issue's description:
> Update implementation of atomics with latest Chromium version but use compiler builtin atomics
>
> Ideally, we would use the standard library. However, when we are compiling against an older version of the standard library the atomic implementation may be slow.
>
> BUG=
TBR=mlippautz@chromium.org,ulan@chromium.org,jarin@chromium.org,hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://chromiumcodereview.appspot.com/2438983002
Cr-Commit-Position: refs/heads/master@{#40489}
Ideally, we would use the standard library. However, when we are compiling against an older version of the standard library the atomic implementation may be slow.
BUG=
Review-Url: https://chromiumcodereview.appspot.com/2425963002
Cr-Commit-Position: refs/heads/master@{#40488}
Move hole check logic from full-codegen into scope analysis, and store the
"needs hole check" bit on VariableProxy. This makes it easy to re-use in
any backend: it will be trivial to extend the use of this logic in, e.g.,
full-codegen variable stores.
While changing the signatures of the variable loading/storing methods in
Ignition, I took the liberty of replacing the verb "Visit" with "Build", since these
are not part of AST visiting.
BUG=v8:5460
Review-Url: https://chromiumcodereview.appspot.com/2411873004
Cr-Commit-Position: refs/heads/master@{#40479}
The wasm specification does not fully specify the binary representation
of NaN: the sign bit can be non-deterministic. The wasm-code fuzzer
found a test case where the wasm interpreter and the compiled code
produce a different sign bit for a NaN, and as a consequence they
produce different results.
With this CL the interpreter tracks whether it executed an instruction
which can produce a NaN, which are div and sqrt instructions. The
fuzzer uses this information and compares the result of the interpreter
with the result of the compiled code only if there was no instruction
which could have produced a NaN.
R=titzer@chromium.org
TEST=cctest/test-run-wasm-interpreter/TestMayProduceNaN
BUG=chromium:657481
Review-Url: https://chromiumcodereview.appspot.com/2438603003
Cr-Commit-Position: refs/heads/master@{#40474}
This CL also introduces IsSetWord<T>(..) and IsSetWord32<T>(..) operations
to ease checking if the bit field is set or not.
BUG=
Review-Url: https://chromiumcodereview.appspot.com/2436893003
Cr-Commit-Position: refs/heads/master@{#40466}
This enables Ignition unconditionally for all code that is destined for
optimization with TurboFan. This ensures all optimization attempts will
go through the BytecodeGraphBuilder and that the AstGraphBuilder pipe is
dried out in practice.
R=mvstanton@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2427953002
Cr-Commit-Position: refs/heads/master@{#40462}
This CL refactors the handling of metadata associated with WebAssembly
modules to reduce the duplicate marshalling of data from the C++ world
to the JavaScript world. It does this by wrapping the C++ WasmModule*
object in a Foreign that is rooted from the on-heap WasmCompiledModule
(which is itself just a FixedArray). Upon serialization, the C++ object
is ignored and the original WASM wire bytes are serialized. Upon
deserialization, the C++ object is reconstituted by reparsing the bytes.
This is motivated by increasing complications in implementing the JS
API, in particular WebAssembly.Table, which must perform signature
canonicalization across instances.
Additionally, this CL implements the proper base + offset initialization
behavior for tables.
R=rossberg@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org,yangguo@chromium.org
BUG=v8:5507, chromium:575167, chromium:657316
Review-Url: https://chromiumcodereview.appspot.com/2424623002
Cr-Commit-Position: refs/heads/master@{#40434}
* introduced v8::DebugInterface::ChangeBreakOnException(Isolate*,ExceptionBreakState);
* migrated inspector to new API;
* added cctest for new API;
* added inspector test for setPauseOnExceptionState.
BUG=chromium:652939,v8:5510
R=dgozman@chromium.org,yangguo@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2396193002
Cr-Commit-Position: refs/heads/master@{#40413}
BranchIf and helpers were introduced when exporting the schedule from the RawMachineAssembler was not ensuring that the CFG was well-form. These methods, that were used to introduce blocks to ensure edge-split form, are now unnecessary.
BUG=
Review-Url: https://codereview.chromium.org/2426923002
Cr-Commit-Position: refs/heads/master@{#40402}
Consistently collect CallIC feedback in fullcodegen and Ignition, even
for possibly direct eval calls, that were treated specially so far, for
no apparent reason. With the upcoming SharedFunctionInfo based CallIC
feedback, we might be able to even inline certain direct eval calls, if
they manage to hit the eval cache. More importantly, this patch
simplifies the collection and dealing with CallIC feedback (and as a
side effect fixes an inconsistency with feedback for super constructor
calls).
R=mvstanton@chromium.org, mythria@chromium.org
BUG=v8:2206,v8:4280,v8:5267
Review-Url: https://codereview.chromium.org/2426693002
Cr-Commit-Position: refs/heads/master@{#40397}
This adds more useful information to the v8-heap-stats tool.
BUG=v8:5489
Review-Url: https://codereview.chromium.org/2394213003
Cr-Commit-Position: refs/heads/master@{#40361}
Use sparingly!
This doesn't add any really new functionality, other than making it more
convenient to do this.
This will primarily be used to wrap a WasmModule to be referenced from a
JSObject that represents an instance. There is one WasmModule C++ object
per parsed WasmModule, so this should not be more than a handful or a few
dozen in well-behaved programs.
R=rossberg@chromium.org,mlippautz@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2409173005
Cr-Commit-Position: refs/heads/master@{#40346}
This makes optimization of all class constructors (i.e. both base and
derived) go through TurboFan. Note some class constructors containing
Harmony language features (e.g. super constructor calls or accesses to
the new.target value) were already going through TurboFan before.
R=bmeurer@chromium.org
BUG=v8:5458
Review-Url: https://codereview.chromium.org/2397723002
Cr-Commit-Position: refs/heads/master@{#40342}
In order to optimize super constructor calls with ES6 classes, we need
some feedback for both the JSCallConstruct and the resulting JSCreate
nodes in TurboFan. Both already optimize perfectly when the see nodes
with JSFunction constants, so utilizing the existing CallIC machinery
here, enables us to optimize the super constructor calls right now w/o
a lot of effort.
Note that there are probably better ways to track this information,
for example we could do some tracking on the constructor functions;
this will however require serious changes in TurboFan and the runtime,
and would block progress on more important tasks.
R=mythria@chromium.org
BUG=v8:5517
Review-Url: https://codereview.chromium.org/2419423002
Cr-Commit-Position: refs/heads/master@{#40337}
A test where the deserialization data has a header, but the
header is invalid. This is in addition to the current test
where we have empty deserialization data.
BUG=
Review-Url: https://codereview.chromium.org/2418483002
Cr-Commit-Position: refs/heads/master@{#40321}
It doesn't need to have this logic.
ParseLazyFunctionLiteralBody is basically just ParseStatementList
+ log the function position. But PreParser doesn't need to have
the "which functions to log" logic, since logging the function is
always done exactly when Parser falls back to PreParser. (See
PreParseLazyFunction.)
So in the current state, PreParser would log several functions in
a SingletonLogger, and only the last one would take
effect (that's the one Parser also logs in SkipLazyFunctionBody).
Also updated test-parsing/Regress928 to produce the preparse data
the way we do now (i.e., not running the PreParser directly, but
running the Parser).
Error reporting: when PreParser finds an error, it doesn't need
to ReportUnexpectedToken in PreParseLazyFunction, since it
already has reported the error whenever it found it.
BUG=v8:5515
Review-Url: https://codereview.chromium.org/2421833002
Cr-Commit-Position: refs/heads/master@{#40315}
Now that all accesses to the last match info are in C++ and TF code, we can
finally turn the last match info into a FixedArray. Similar to the ArrayList,
it uses its first field to store its length and grows dynamically in amortized
O(1) time.
Unlike previously, this means that the last match info pointer stored on the
context can actually change (in case the FixedArray needs to grow).
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2415103002
Cr-Commit-Position: refs/heads/master@{#40308}
When the test is executed in user mode qemu for mips64, it fails because
the buffer is too small. Increasing the buffer fixes the problem.
BUG=
TEST=cctest/test-mark-compact/RegressJoinThreadsOnIsolateDeinit
Review-Url: https://codereview.chromium.org/2416573002
Cr-Commit-Position: refs/heads/master@{#40278}
This ports RegExpInitialize, IsRegExp, InternalMatch and InternalReplace to C++
/ TurboFan. InternalMatch is in TurboFan because it calls RegExpExecStub and
needs to construct a RegExpResult (which are, respectively, a PlatformStub and
a CodeStubAssembler function).
Except for LastMatchInfo (and GetSubstitution, which could be moved to string.js
anytime), regexp.js is now completely empty.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2409513003
Cr-Commit-Position: refs/heads/master@{#40277}
This moves the implementation of @@replace from regexp.js to builtins-regexp.cc
(the TurboFan fast path) and runtime-regexp.cc (slow path). The fast path
handles all cases in which the regexp itself is an unmodified JSRegExp
instance, the given 'replace' argument is not callable and does not contain any
'$' characters (i.e. we are doing a string replacement).
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2398423002
Cr-Commit-Position: refs/heads/master@{#40253}
This incorporates recent feedback:
- simpler deserialization API by dropping the std::unique_ptr.
The only purpose there was communicating to the caller that they
own the buffer, and that the deserializer won't delete it. The new
design communicates that through a naming choice.
- renamed *UncompiledBytes to *WasmWireBytes
BUG=
Review-Url: https://codereview.chromium.org/2411263004
Cr-Commit-Position: refs/heads/master@{#40238}
The state sampling was implemented in chrome, we had an interface for it
V8 but it was not implemented yet.
The chrome version version has been removed in
https://codereview.chromium.org/2406703002/
Therefore following up with its removal in V8 as well.
This CL can land independent of the Chromium related CL.
R=primiano@chromium.org,alph@chromium.org
Review-Url: https://codereview.chromium.org/2410523002
Cr-Commit-Position: refs/heads/master@{#40232}
Because of the planned improvements of IC system it does not make sense to
keep the old platform version of the stub around.
Review-Url: https://codereview.chromium.org/2413653003
Cr-Commit-Position: refs/heads/master@{#40216}
Because of the planned improvements of IC system it does not make sense to
keep the old platform version of the stub around.
Review-Url: https://codereview.chromium.org/2418513002
Cr-Commit-Position: refs/heads/master@{#40211}
The only way to get a minus zero result from subtraction is
(-0) - (+0) = -0, hence checking for minus zero on the RHS is
redundant. This is causing some unnecessary deoptimisations
in Box2D from Octane on 32-bit platforms.
BUG=
Review-Url: https://codereview.chromium.org/2410883003
Cr-Commit-Position: refs/heads/master@{#40207}
This is a re-land of https://codereview.chromium.org/2393303002/ with
an additional call to DisposeModuleEmbedderData() added to fix lsan failures.
Unifies the approaches used for storing the specifier -> module mapping
and the module -> directory mapping, using std::unordered_maps for both
and storing them per-Context.
This requires adding a method to the v8::Module API to get a hash code
for a Module, but allows slimming down the API in return: gone are
SetEmbedderData/GetEmbedderData, along with the fourth argument
to ResolveModuleCallback.
Besides a simpler API, this allows d8 to get closer to the HTML loader,
which requires each Realm to have a persistent module map (though this
capability is not yet exercised by any tests).
BUG=v8:1569
TBR=neis@chromium.org,jochen@chromium.org
Review-Url: https://codereview.chromium.org/2405313002
Cr-Commit-Position: refs/heads/master@{#40186}
This is needed for the asm.js -> WASM pipeline. A single exported
function is exported as __single_function__, but we still want to see
the correct function name on the stack, so the underlying wasm function
has to carry the original name.
R=ahaas@chromium.org, titzer@chromium.org
BUG=v8:4203
Review-Url: https://codereview.chromium.org/2406133003
Cr-Commit-Position: refs/heads/master@{#40159}
Reason for revert:
Fails under LeakSanitizer on auto-roll fyi bot:
https://build.chromium.org/p/client.v8.fyi/builders/Auto-roll%20-%20release%20process/builds/49447
Original issue's description:
> [modules] Store Module metadata in per-Context EmbedderData
>
> Unifies the approaches used for storing the specifier -> module mapping
> and the module -> directory mapping, using std::unordered_maps for both
> and storing them per-Context.
>
> This requires adding a method to the v8::Module API to get a hash code
> for a Module, but allows slimming down the API in return: gone are
> SetEmbedderData/GetEmbedderData, along with the fourth argument
> to ResolveModuleCallback.
>
> Besides a simpler API, this allows d8 to get closer to the HTML loader,
> which requires each Realm to have a persistent module map (though this
> capability is not yet exercised by any tests).
>
> BUG=v8:1569
>
> Committed: https://crrev.com/9cf8fce74cf6e7afd6aea3f3545f6bb61572f277
> Cr-Commit-Position: refs/heads/master@{#40133}
TBR=jochen@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2406973003
Cr-Commit-Position: refs/heads/master@{#40145}
Unifies the approaches used for storing the specifier -> module mapping
and the module -> directory mapping, using std::unordered_maps for both
and storing them per-Context.
This requires adding a method to the v8::Module API to get a hash code
for a Module, but allows slimming down the API in return: gone are
SetEmbedderData/GetEmbedderData, along with the fourth argument
to ResolveModuleCallback.
Besides a simpler API, this allows d8 to get closer to the HTML loader,
which requires each Realm to have a persistent module map (though this
capability is not yet exercised by any tests).
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2393303002
Cr-Commit-Position: refs/heads/master@{#40133}
This CL ports RegExp.prototype.test, RegExp.prototype.match
and RegExp.prototype.search to C++.
Performance regressions are expected but should be improved
in an upcoming CL.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2394713003
Cr-Commit-Position: refs/heads/master@{#40122}
The CL #39795 (https://codereview.chromium.org/2345593003 ) added MultiReturnSelect_f32/MultiReturnSelect_f64 tests.
Because those tests need 2 float point return registers and x87 only has 1 FP return register, Those tests failed at x87 port.
This CL skips MultiReturnSelect_f32/MultiReturnSelect_f64 tests for x87.
BUG=
Review-Url: https://codereview.chromium.org/2405743002
Cr-Commit-Position: refs/heads/master@{#40113}
There were once plans to generate cross-context code with TurboFan,
however that doesn't fit into the model anymore, and so all of this
is essentially dead untested code (and thus most likely already broken
in subtle ways). With this mode still in place it would also be a lot
harder to make inlining based on SharedFunctionInfo work.
BUG=v8:2206,v8:5499
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2406803002
Cr-Commit-Position: refs/heads/master@{#40109}
Updated the deserialization API to avoid copying uncompiled
bytes.
BUG=
Review-Url: https://codereview.chromium.org/2404673002
Cr-Commit-Position: refs/heads/master@{#40108}
Reason for revert:
Needed to revert https://codereview.chromium.org/2400343002/
Original issue's description:
> [parser] Deprecate ParseInfo constructor taking closure.
>
> This removes the {ParseInfo} constructor consuming a closure, replacing
> all uses to pass only the shared function info. The goal is to make the
> fact that parsing is independent of a concrete closure explicit.
>
> R=jochen@chromium.org
> BUG=v8:2206
>
> Committed: https://crrev.com/3de42b3f224217ec88e4c609d3cf23fe06806dca
> Cr-Commit-Position: refs/heads/master@{#40083}
TBR=jochen@chromium.org,bmeurer@chromium.org,marja@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2206
Review-Url: https://codereview.chromium.org/2406623002
Cr-Commit-Position: refs/heads/master@{#40097}
This implements namespace imports (import * as foo from "bar"), except for the
@@iterator property on namespace objects (to be done later).
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2388153003
Cr-Commit-Position: refs/heads/master@{#40096}
(GcStress failure was unrelated.)
At one time, we hoped to generate the same code for different
native contexts. But in truth, much performance comes from optimizing
on the native context. Now we abandon this pathway.
BUG=
TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
Review URL: https://codereview.chromium.org/2402663002 .
Cr-Commit-Position: refs/heads/master@{#40086}
This removes the {ParseInfo} constructor consuming a closure, replacing
all uses to pass only the shared function info. The goal is to make the
fact that parsing is independent of a concrete closure explicit.
R=jochen@chromium.org
BUG=v8:2206
Review-Url: https://codereview.chromium.org/2396963003
Cr-Commit-Position: refs/heads/master@{#40083}
This reverts commit 7db0ecdec3.
Manual revert since automatic revert is too large for the web interface.
BUG=
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,ahaas@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
Review-Url: https://codereview.chromium.org/2396353002
Cr-Commit-Position: refs/heads/master@{#40082}
Reason for revert:
Possible GCSTRESS failure, investigating.
Original issue's description:
> [turbofan] Discard the shared code entry in the optimized code map.
>
> At one time, we hoped to generate the same code for different
> native contexts. But in truth, much performance comes from optimizing
> on the native context. Now we abandon this pathway.
>
> BUG=
>
> Committed: https://crrev.com/55af3c44c99a6e4cd6d53df775023d760ad2b2c3
> Cr-Commit-Position: refs/heads/master@{#40079}
TBR=mstarzinger@chromium.org,ishell@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2403453002
Cr-Commit-Position: refs/heads/master@{#40081}
