Adds a CheckString to all operand inputs of JSStringConcat. The operands are
already known to be strings, so this will get eliminated in almost all cases,
however, if there is a yield within the concatenation then we lose the
knowledge that the previous operands are strings since the values are loaded
from the generator object. Adds a test for this case.
BUG=v8:6243
Change-Id: I1601a316e6efbed1c53486f1027cb0ea023ff030
Reviewed-on: https://chromium-review.googlesource.com/549301
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46243}
This reverts commit 72b88fdab8.
Reason for revert: Changes a layout test:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/16595
Original change's description:
> [runtime] Make all built-in functions strict.
>
> According to ES#sec-built-in-function-objects all built-in functions
> must be strict.
>
> This is a preliminary CL before changing the way we define built-in
> functions in native JS files.
>
> Bug: v8:6459
> Change-Id: I8e60b342f04ea1b0843fe1990334cbb9b26ebac4
> Reviewed-on: https://chromium-review.googlesource.com/546215
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46237}
TBR=adamk@chromium.org,ishell@chromium.org,verwaest@chromium.org
Change-Id: Ic458b478b2dd23aae7ea2a51aa6052c1f5931c56
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6459
Reviewed-on: https://chromium-review.googlesource.com/549322
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46242}
Bug: chromium:736758
Change-Id: If49fda42618c27be1472a98399e440ad26b7f199
Reviewed-on: https://chromium-review.googlesource.com/548401
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46241}
According to ES#sec-built-in-function-objects all built-in functions
must be strict.
This is a preliminary CL before changing the way we define built-in
functions in native JS files.
Bug: v8:6459
Change-Id: I8e60b342f04ea1b0843fe1990334cbb9b26ebac4
Reviewed-on: https://chromium-review.googlesource.com/546215
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46237}
The Construct bytecode is always passed a valid feedback slot (just like
the Call bytecode), so no need to check for invalid feedback slot anymore.
Also perform the call count increment initially for both bytecodes instead
of delaying it, which decreases live range for the feedback vector and slot
registers.
R=mythria@chromium.org, rmcilroy@chromium.org
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2955063002
Cr-Commit-Position: refs/heads/master@{#46232}
Uninitialized property accesses are replaced with SOFT deopts in
TurboFan, but uninitialized JSCall nodes are not, and instead they
just stick around and are also not being inlined because the heurstic
in TurboFan doesn't consider those candidates since their call frequency
is below the threshold. This unifies the behavior and also replaces
uninitialized calls with SOFT deopts, addressing some inconsistency in
optimization behavior as discovered by Brian White of Node for example
here: https://twitter.com/mscdexdotexe/status/879005026202640385R=jarin@chromium.org
BUG=v8:4551, v8:5267
Review-Url: https://codereview.chromium.org/2956843002
Cr-Commit-Position: refs/heads/master@{#46231}
This is towards closing the perf gap between the MSVC build (which uses link-
time optimization) and Clang (where LTO isn't ready on Windows yet). We did
a study (see bug) to see which non-inlined functions are hit a lot during render
start-up, and which would be inlined during LTO. This should benefit performance
in all builds which currently don't use LTO (Android, Linux, Mac) as well as
the Win/Clang build.
The binary size of chrome_child.dll increases by 2KB with this.
BUG=chromium:728324
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.mac:mac_chromium_compile_dbg_ng
Review-Url: https://codereview.chromium.org/2950993002
Cr-Commit-Position: refs/heads/master@{#46229}
If a String object contains unicode, the returned {ToCString()} may
actually longer than the {length()} of the String.
But it's always null-terminated, so we can just print it without
explicitly passing a length.
R=ahaas@chromium.org
Change-Id: I3398f151d70ed459ecd8093ea18409670a7374c7
Reviewed-on: https://chromium-review.googlesource.com/548058
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46225}
This removes support for code-stub to tail-call into the runtime via the
deoptimizer. The Hydrogen code-stubs would trigger a deopt in order to
materialize a trampoline frame, which would then continue execution in a
runtime function associated with each stub. This is no longer needed for
code-stubs built with the CSA.
R=jarin@chromium.org
BUG=v8:6408
Change-Id: I1ff8dc03ac716200b28e962259a3e233aeda1234
Reviewed-on: https://chromium-review.googlesource.com/548375
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46223}
The implication was actually in the wrong direction: If there is no
memory start address, then the size must be 0.
If the size is 0 though, we might allocate nevertheless to have guard
pages around the accessible memory.
R=ahaas@chromium.org
BUG=chromium:736584
Change-Id: I297dece658d5eaf69c58ecb109ff21d3ca0b8a8d
Reviewed-on: https://chromium-review.googlesource.com/548635
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46221}
Test that unicode identifiers can be used for imports and exports, and
that unicode function names appear correctly in error messages.
R=ahaas@chromium.org
Change-Id: Ic6ac77159c275845886b2eb779cf59edb8cba9ea
Reviewed-on: https://chromium-review.googlesource.com/548315
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46220}
Instead of calling {TryAllocateBackingStore} with
{enable_guard_regions==false}, we just directly call
{array_buffer_allocator->Allocate}.
Drive-by optimization: Don't allocate if the size is 0.
R=titzer@chromium.org
Change-Id: Iabf7af7e0f1bc970c03efcd9ee4c23e5307a7095
Reviewed-on: https://chromium-review.googlesource.com/548398
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46218}
This prepares switching the gcov coverage bot to GN.
We skip instrumenting test executables explicitly in gn configs.
In gyp, we did the same through an extra compiler wrapper script.
NOTRY=true
Bug: chromium:645890
Change-Id: I663fb479347063ae9228598d356bb654ca2a496c
Reviewed-on: https://chromium-review.googlesource.com/548275
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46217}
This removes specialized support for materializing arguments objects.
For TurboFan we use the generic escape analysis mechanism when such
objects are materialized already, only Crankshaft used this deprecated
mechanism.
R=jarin@chromium.org
BUG=v8:6408
Change-Id: Ibed52a028752e667b05a60fa7cf0275a6a372897
Reviewed-on: https://chromium-review.googlesource.com/548595
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46215}
The only difference between GetNextUncompiledFunctionId +
CompileAndSchedule and FetchAndExecuteCompilationUnit is that
FetchAndExecuteCompilationUnit potentially calls a callback if
it detects that no finishing task is executing. With this CL
I replace the two functions again with
FetchAndExecuteCompilationUnit. I add a flag so that no callback
is called when the flag is not set. If no callback is called,
FetchAndExecuteCompilationUnit behaves exactly the same
as the other two functions together.
R=clemensh@chromium.org
Change-Id: I17318381eec2d17b13d0902984f2620b909c7ea0
Reviewed-on: https://chromium-review.googlesource.com/544954
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46210}
If the data to be stored in a BitVector is small enough (less than the
pointer size), it can be stored directly on the BitVector instead of the
pointer. This patch makes the data field of the BitVector a union
between a pointer and uintptr_t, and uses the latter is the data length
is 0.
Change-Id: I24c1920f2c16373c883cf69b123bf59812fef28e
Reviewed-on: https://chromium-review.googlesource.com/541307
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46209}
This is mainly to enable optimization of case-insensitive maps, where
we see the pattern
if (m.has(key.toLowerCase())) { return m.get(key.toLowerCase()) } ...
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I8c78a185401c51e8a53ae2932a158eaafa169495
Reviewed-on: https://chromium-review.googlesource.com/547057
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46206}
There were only two uses. Replace them by [[noreturn]] directly.
R=jarin@chromium.org
BUG=v8:6474
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I965f74f5b3493cfef9efd698f24bf00216442fd8
Reviewed-on: https://chromium-review.googlesource.com/544845
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46205}
Previously any object with maps INTERNALIZED_STRING_TYPE or
ONE_BYTE_INTERNALIZED_STRING_TYPE would be typed as kInternalizedString.
This meant that non-empty constants weren't typed as such. This causes the
following issues:
- StringConcat couldn't be typed lowered to inline cons string allocation
if there were string constants after the first two operands, since these
constants would be typed as possibly empty (even if known not to be).
- When inlining, a heap constant could end up becoming the input to a
ToPrimitiveToString operand. If the ToPrimitiveToString is speculatively
lowered to a CheckNonEmpty, then the verifier would fail since the
typer can't deal well with intersecting a bitset type (NonEmpty) with
a HeapConstantType - the end result type would be (None | HeapConstant..)
but the HeapConstantType would retain it's LUB of kInternalizedSeqString,
(which includes the EmptyString type) and so the verifier would fail
since the output of CheckNonEmpty would still include the EmptyString.
To address this, when typing an actual object, check for the empty
string and return EmptyString if it is, otherwise type as normal but
remove the EmptyString bit since we know it's non-empty.
BUG=v8:6243
Change-Id: I2b34ca24e9b488199dce0d2c092d2701c2b22791
Reviewed-on: https://chromium-review.googlesource.com/544988
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46204}
This is a regression test that will ensure that follow-up CLs that will
touch native function definitions will not brake anything.
Bug: v8:6459
Change-Id: Iceafd38462f2d9de14e119b6aa48be2b9bff1d33
Reviewed-on: https://chromium-review.googlesource.com/545935
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46200}
Reason for revert:
Blocks roll:
https://codereview.chromium.org/2954833002/
E.g.:
https://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_compile_dbg_ng/builds/449680https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_compile_dbg_ng/builds/324953
Please include those chromium trybots on reland. Maybe missing symbol export?
Original issue's description:
> Make some functions that are hit during renderer startup available for inlining
>
> This is towards closing the perf gap between the MSVC build (which uses link-
> time optimization) and Clang (where LTO isn't ready on Windows yet). We did
> a study (see bug) to see which non-inlined functions are hit a lot during render
> start-up, and which would be inlined during LTO. This should benefit performance
> in all builds which currently don't use LTO (Android, Linux, Mac) as well as
> the Win/Clang build.
>
> The binary size of chrome_child.dll increases by 2KB with this.
>
> BUG=chromium:728324
>
> Review-Url: https://codereview.chromium.org/2950993002
> Cr-Commit-Position: refs/heads/master@{#46191}
> Committed: d00d52be1fTBR=jochen@chromium.org,mstarzinger@chromium.org,rmcilroy@chromium.org,vogelheim@chromium.org,marja@chromium.org,mlippautz@chromium.org,thakis@chromium.org,hans@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:728324
NOTRY=true
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2955793002
Cr-Commit-Position: refs/heads/master@{#46195}