Adds a profiling counter to each BytecodeArray object, and adds
code to Jump and Return bytecode handlers to update this
counter by the size of the jump or the distance from the return
to the start of the function. This is more accurate than fullcodegen's
approach since it takes forward jumps into account as well as back-edges.
Modifies RuntimeProfiler to track ticks for interpreted frames.
Currently we use the SharedFunctionInfo::profiler_ticks() instead
of adding another to tick field to avoid adding another field to
BytecodeArray since SharedFunctionInfo::profiler_ticks() is only
used by Crankshaft otherwise so we shouldn't need both for
BUG=v8:4689
LOG=N
Review URL: https://codereview.chromium.org/1707693003
Cr-Commit-Position: refs/heads/master@{#34166}
We cannot omit flag check with kPointersToHereAreInterestingMask for maps because incremental marker dynamically sets and clears the flag.
BUG=chromium:587004
LOG=NO
Review URL: https://codereview.chromium.org/1714513003
Cr-Commit-Position: refs/heads/master@{#34165}
--pool-type=int and double have now been merged into number.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1717633002
Cr-Commit-Position: refs/heads/master@{#34164}
FLAG_legacy_const and FLAG_harmony_do_expressions can now be toggled
both through the command line and through the option header.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1716793002
Cr-Commit-Position: refs/heads/master@{#34160}
This CL introduces an import section that names functions to be imported
as well as a CallImport bytecode to call imports from this table.
R=binji@chromium.org,bradnelson@chromium.org
LOG=Y
BUG=chromium:575167
Review URL: https://codereview.chromium.org/1709653002
Cr-Commit-Position: refs/heads/master@{#34157}
This experimentally implements taring/untaring the test data
for test262 on the v8-side before test isolation and when
running the tests.
It archives on demand only if the tar is outdated compared
to the contained files. This comes with a cost of ~1s extra
to run gyp on linux and ~6s extra on windows. Ninja is
lightning fast afterwards in detecting changes. Also, we
archive only when test_isolation_mode is set and when
the test262_run target is required.
The archiving itself costs ~30s on all platforms. But as the
files will change seldom this shouldn't have a big impact.
Extraction on the test runner side is below 2s on mac and
linux. The speedup is enormous. Around 5 minutes were spent
on download on swarming slaves before, which is now only
a few seconds. So total test time for release (no variants),
e.g. goes from 8 to 3 minutes.
BUG=chromium:535160
LOG=n
Review URL: https://codereview.chromium.org/1713993002
Cr-Commit-Position: refs/heads/master@{#34155}
A few options and features have been added to the tool:
* an output file might be specified using --output=file.name
* a shortcut when the output file is also the input, which is handy
when fixing golden files, --rebaseline.
* the input snippet might be optionally not wrapped in a top function,
or not executed after compilation (--no-wrap and --no-execute).
* the name of the wrapper can be configured using --wrapper-name=foo
The same options can be configured via setters on the usual
BytecodeExpectationsPrinter.
The output file now includes all the relevant flags to reproduce it
when running again through the tool (usually with --rebaseline).
In particular, when running in --rebaseline mode, options from the
file header will override options specified in the command line.
A couple of other fixes and improvements:
* description of the handlers is now emitted (closing the TODO).
* the snippet is now correctly unquoted when double quotes are used.
* special registers (closure, context etc.) are now emitted as such,
instead of displaying their numeric value.
* the tool can now process top level code as well.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1698403002
Cr-Commit-Position: refs/heads/master@{#34152}
Reason for revert:
Tanks benchmarks (e.g., Octane box2d TF).
Original issue's description:
> [turbofan] Connect ObjectIsNumber to effect and control chains.
>
> In theory, we could connect the nodes when doing
> the schedule-in-the-middle pass, but that would require creating two
> versions of the operator (effectful and pure). I believe we do not
> lose anything by wiring the node up eagerly.
>
> Committed: https://crrev.com/2894e80a0a4a51a0d72e72aa48fcd01968f7949f
> Cr-Commit-Position: refs/heads/master@{#34141}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1718483002
Cr-Commit-Position: refs/heads/master@{#34147}
The DataView constructor calls into C++ anyway, and is easier to deal
with this way, especially since we don't have the half initialized
object floating through JavaScript.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1712163002
Cr-Commit-Position: refs/heads/master@{#34145}
This CL also enhances a "tail-call-megatest" which now tests product of the following cases:
1) tail caller is inlined/not-inlined
2) tail callee is inlined/not-inlined
3) tail caller has an arguments adaptor frame above or not
4) tail callee has an arguments adaptor frame above or not
5) tail callee is a sloppy/strict/possibly eval/bound/proxy function
6) tail calling via normal call/function.apply/function.call
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1711863002
Cr-Commit-Position: refs/heads/master@{#34143}
In theory, we could connect the nodes when doing
the schedule-in-the-middle pass, but that would require creating two
versions of the operator (effectful and pure). I believe we do not
lose anything by wiring the node up eagerly.
Review URL: https://codereview.chromium.org/1709093002
Cr-Commit-Position: refs/heads/master@{#34141}
This reducer doesn't really add value, because:
(a) it is only concerned with JSCallFunction and JSToNumber, but when
we get to it, all JSCallFunction nodes will have been replaced by
Call nodes, and in the not so far future, we will also have
replaced almost all JSToNumber nodes with better code,
(b) and the reducer tries to be smart and use one of the outermost
contexts, but that might not be beneficial always; actually it
might even create longer live ranges and lead to more spilling
in some cases.
But most importantly, the JSContextRelaxation currently blocks inlining
based on SharedFunctionInfo, because it requires the inliner to check
the native context, which in turn requires JSFunction knowledge. So I'm
removing this reducer for now to unblock the more important inliner
changes.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1715633002
Cr-Commit-Position: refs/heads/master@{#34139}
Various syntactic forms now cause functions to have names where they
didn't before. Per the upcoming changes to the toString spec, only
a name that was literally part of a function's expression or declaration
is meant to be reflected in toString. This also happens to be the same
set of names that V8 currently outputs (without the --harmony-function-name
flag).
This required distinguishing anonymous FunctionExpressions from other sorts
of function definitions (like methods and getters/setters) in the AST, parser,
and at runtime.
The patch also takes the opportunity to remove one more argument (and enum)
from FunctionLiteral, as well as adding a special factory method for the
case of a FunctionLiteral representing toplevel or eval'd code.
BUG=v8:4760
LOG=n
Review URL: https://codereview.chromium.org/1712833002
Cr-Commit-Position: refs/heads/master@{#34132}
In ES2015, Date.prototype.toGMTString is simply an alias of
Date.prototype.toUTCString, so it has the same identity as a function and
doesn't have its own name. Firefox has already shipped this behavior.
Previously, we copied JSC behavior by making it a separate function.
This change makes an addition test262 test pass.
BUG=v8:4708
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1709373002
Cr-Commit-Position: refs/heads/master@{#34131}
Reason for revert:
See Domenic's comment on the V8 bug.
Original issue's description:
> Use displayName in Error.stack rendering if present.
>
> BUG=v8:4761
> LOG=y
>
> Committed: https://crrev.com/953874e974037e7e96ef282a7078760ccc905878
> Cr-Commit-Position: refs/heads/master@{#34105}
TBR=jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4761
Review URL: https://codereview.chromium.org/1713663002
Cr-Commit-Position: refs/heads/master@{#34129}
This frees up one bit in FunctionKind, which I plan to make slightly
more syntactic info about functions available in SharedFunctionInfo
(needed for ES2015 Function.name support).
BUG=v8:3956, v8:4760
LOG=n
Review URL: https://codereview.chromium.org/1704223002
Cr-Commit-Position: refs/heads/master@{#34125}
This cleans up and makes the tests easier to write and understand.
Also prepares for adding the WASM interpreter which needs a
different initialization sequence in tests.
R=ahaas@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1707403002
Cr-Commit-Position: refs/heads/master@{#34123}
I extended the Int64Lowering to lower calls, loads, stores, returns, and
parameters and apply the lowering on both the test function TF graph and
the WasmRunner TF graph.
The lowering of calls also requires an adjustment of the call descriptor.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1704033002
Cr-Commit-Position: refs/heads/master@{#34121}
Moves the accumulator value on-heap to be restored in the
InterpreterNotifyDeopt handler rather than explicitly
setting the accumulator register. This allows it to be
materialized correctly if required.
BUG=v8:4678
LOG=N
Review URL: https://codereview.chromium.org/1707133003
Cr-Commit-Position: refs/heads/master@{#34113}
Implements iterator finalisation by desugaring for-of loops with an additional try-finally wrapper. See comment in parser.cc for details.
Also improved some AST printing facilities while there.
@Ross, I had to disable the bytecode generation test for for-of, because it got completely out of hand after this change (the new bytecode has 150+ lines). See the TODO that I assigned to you.
Patch set 1 is WIP patch by Georg (http://crrev.com/1695583003), patch set 2 relative changes.
@Georg, FYI, I changed the following:
- Moved try-finally out of the loop body, for performance, and in order to be able to handle `continue` correctly.
- Fixed scope management in ParseForStatement, which was the cause for the variable allocation failure.
- Fixed pre-existing zone initialisation bug in rewriter, which caused the crashes.
- Enabled all tests, adjusted a few others, added a couple more.
BUG=v8:2214
LOG=Y
Review URL: https://codereview.chromium.org/1695393003
Cr-Commit-Position: refs/heads/master@{#34111}
In case when F inlined normal call to G which tail calls H we should not write translation for G for the tail call site.
Otherwise we will see G in a stack trace inside H.
This CL also adds a "megatest" which tests product of the following cases:
1) tail caller is inlined/not-inlined
2) tail callee is inlined/not-inlined
3) tail caller has an arguments adaptor frame above or not
4) tail callee has an arguments adaptor frame above or not
5) tail callee is a normal/bound/proxy function
Note that tests for not yet supported cases are not run for now.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1709583002
Cr-Commit-Position: refs/heads/master@{#34108}
The BufferedRawMachineAssemblerTester caused problems for the
Int64Lowering. Instead we construct a TF graph now which is compiled by
Pipeline::GenerateCodeForTesting.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1702023002
Cr-Commit-Position: refs/heads/master@{#34107}
The reason:
Similar to the CL 31552 (https://codereview.chromium.org/1419573007).
The CL 33972 (https://codereview.chromium.org/1698783002) optimized some JS function in regress-crbug-242924 test case by TurboFan compiler.
But it will hit the known issue that X87 will change a sNaN to qNaN by default. And then it will fail when comparing the source (sNaN) Hole NaN and
the result (qNaN) which was expected to be a (sNaN) Hole NaN too.
BUG=
Review URL: https://codereview.chromium.org/1704313003
Cr-Commit-Position: refs/heads/master@{#34104}
This is not currently implemented in the simulator, just the assembler and
disassembler.
BUG=v8:4614
LOG=y
Review URL: https://codereview.chromium.org/1699173003
Cr-Commit-Position: refs/heads/master@{#34093}
This patch adds the newly added support for contexts in V8 Tracing, as well
as use it to mark all the entry points for a V8 Isolate.
BUG=v8:4565
LOG=N
Review URL: https://codereview.chromium.org/1686233002
Cr-Commit-Position: refs/heads/master@{#34092}
This CL introduces two new bytecodes TailCall and TailCallWide.
BUG=v8:4698,v8:4687
LOG=N
Review URL: https://codereview.chromium.org/1698273003
Cr-Commit-Position: refs/heads/master@{#34083}
This removes the language mode parameter from all JSCall operators. The
information is no longer used anywhere and is not threaded through the
interpreter bytecode. We should only thread it through the bytecode if
it has a semantic impact on the compilation.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1709493002
Cr-Commit-Position: refs/heads/master@{#34073}
If sweeping is in progress then we need to filter out slots in free space after
array trimming, because the sweeper will add the free space into free list.
This CL also fixes a bug in SlotSet::RemoveRange.
BUG=chromium:587004
LOG=NO
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1701963003
Cr-Commit-Position: refs/heads/master@{#34071}
This avoids spending lots of time in Scope::RemoveUnresolved for very long
variable declaration lists.
BUG=v8:4699
LOG=n
Review URL: https://codereview.chromium.org/1655313003
Cr-Commit-Position: refs/heads/master@{#34047}
Removes some cctest and mjsunit test skips on Ignition for tests that now pass.
BUG=v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1703563002
Cr-Commit-Position: refs/heads/master@{#34045}
Various places assume that GetExpression returns the locals for a frame.
Modify InterpretedFrames such that GetExpression(0) returns the first
local, not the fixed parts of the interpreter frame.
BUG=v8:4690,v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1697223003
Cr-Commit-Position: refs/heads/master@{#34040}
This CL splits up some long-running bytecode graph builder tests.
There's a lot of working going on here that probably should be split
up into smaller tests and/or mjsunit tests once we have the full
ignition pipeline. This one just targets the top offenders for now.
R=rmcilroy@chromium.org, oth@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1699113002
Cr-Commit-Position: refs/heads/master@{#34039}
Reduces time for ConstantArrayBuilderTest.AllocateAllEntries from 21000ms to 106ms in
debug mode.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1696363002
Cr-Commit-Position: refs/heads/master@{#34038}
Drive-by-fix: Remove the (now) unused %_SetValueOf and %_JSValueGetValue
intrinsics from the various compilers and the runtime.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1698343002
Cr-Commit-Position: refs/heads/master@{#34037}
Replaces the push of the dispatch table on the interpreted stack frame with a
push of the bytecode array. This enables the debugger to replace the bytecode
array with a patched version containing breakpoints.
BUG=v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1699013002
Cr-Commit-Position: refs/heads/master@{#34032}
Support SBFX in the instruction selector for sign-extension patterns like
Sar(Shl(x, a), b), where a and b are immediate values.
BUG=
Review URL: https://codereview.chromium.org/1695293002
Cr-Commit-Position: refs/heads/master@{#34029}
Fixes a bug in Ignition on Arm64 where lr gets trashed in StaContextSlot
which causes the stack walker to get confused and crash.
BUG=v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1694263002
Cr-Commit-Position: refs/heads/master@{#34016}
This functionality is useful for stubs that need to walk the stack. The new
machine operator, LoadParentFramePointer dosn't force the currently compiling
method to have a frame in contrast to LoadFramePointer. Instead, it adapts
accordingly when frame elision is possible, making efficient stack walks
possible without incurring a performance penalty for small stubs that can
benefit from frame elision.
R=bmeurer@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1695313002
Cr-Commit-Position: refs/heads/master@{#34014}
Harvesting maps from the stub cache for megamorphic ICs is both slow
(linear in the size of the stub cache) and imprecise (as it finds all
maps that have a cached handler for the given property name).
In the canonical megamorphic situation, this type feedback is useless
anyway. The interesting case is when we can filter it down to a single
map; however in these cases it is often possible to derive this map
just by looking at the HGraph, which is both faster and more reliable.
Review URL: https://codereview.chromium.org/1669213003
Cr-Commit-Position: refs/heads/master@{#33998}
Now the tool produces a far more readable output format, which bears a
lot of resemblance to YAML. In fact, the output should be machine
parseable as such, one document per testcase. However, the output format
may be subject to changes in future, so don't rely on this property.
In general, the output format has been optimized for producing a meaningful
textual diff, while keeping a decent readability as well. Therefore, not
everything is as compact as it could be, e.g. for an empty const pool we get:
constant pool: [
]
instead of:
constant pool: []
Also, trailing commas are always inserted in lists.
Additionally, now the tool accepts its output format as input. When
operating in this mode, all the snippets are extracted, processed and
the output is then emitted as usual. If nothing has changed, the output
should match the input. This is very useful for catching bugs in the
bytecode generation by running a textual diff against a known-good file.
The core (namely bytecode-expectations.cc) has been extracted from the
original cc file, which provides the utility as usual. The definitions
in the matching header of the library have been moved into the
v8::internal::interpreter namespace.
The library exposes a class ExpectationPrinter, with a method
PrintExpectation, which takes a test snippet as input, and writes the
formatted expectation to the supplied stream. One might then use a
std::stringstream to retrieve the results as a string and run it through
a diff utility.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1688383003
Cr-Commit-Position: refs/heads/master@{#33997}
for the special case where the same register is used as both left and
right input.
Review URL: https://codereview.chromium.org/1695283002
Cr-Commit-Position: refs/heads/master@{#33996}
Passing floating point params to/from C has never quite worked correctly,
but we've never enforced the restriction early in the CallDescriptor
creation process because of unittests. Fix unittests to make their own
simple call descriptors and not rely on the C ones.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1701593003
Cr-Commit-Position: refs/heads/master@{#33993}
This is to enable deduplicating performance tests. We'll
create a hash of all relevant files and send it to perf bots
alongside the other swarming hashes (follow up on infra
side).
This will not actually run on swarming yet, but could at
some later point.
This splits off the cctest executable from other verification
test files, as those are not needed in performance tests.
BUG=chromium:535160
LOG=n
Review URL: https://codereview.chromium.org/1695243002
Cr-Commit-Position: refs/heads/master@{#33989}
Improve instruction selector for mask and shift operations by using cheaper
instructions where possible, in preference to UBFX.
Reverted because it was suspected of causing a couple of flaky tests to fail,
but investigation suggests this is unlikely.
Original review: https://codereview.chromium.org/1677023002
BUG=
Review URL: https://codereview.chromium.org/1684073006
Cr-Commit-Position: refs/heads/master@{#33988}
Add a section identifier for declaring a start function as an index into
the function table. (This could also be done as a decl flag on the
function, but don't feel strongly here, since we probably want to redo
this when adding an import/export section.)
The start function must accept no parameters. Its return value is
currently ignored.
R=binji@chromium.org,bradnelson@chromium.org
BUG=chromium:575167
LOG=Y
Review URL: https://codereview.chromium.org/1692173002
Cr-Commit-Position: refs/heads/master@{#33978}
Adds support for ES6 super keyword and performing loads, stores, and
calls to super class members.
Implements SetHomeObject and enables ThisFunctionVariable.
BUG=v8:4280,v8:4682
LOG=N
Review URL: https://codereview.chromium.org/1689573004
Cr-Commit-Position: refs/heads/master@{#33977}
This is mostly preparation for allowing the function closure to be materialized.
As a drive-by fix, I have added ignition source position support to the frame inspector (this fixed some ignition test failures).
Review URL: https://codereview.chromium.org/1698743002
Cr-Commit-Position: refs/heads/master@{#33975}
This adds initial support for inline allocation of object and array
literals to the JSCreateLowering pass. It's basically identical to
what Crankshaft does.
This also unstages the TurboFan escape analysis, as the lowering seems
to trigger a bunch of bugs in it; those bugs will be fixed separately,
and we will re-enable escape analysis afterwards.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1698783002
Cr-Commit-Position: refs/heads/master@{#33972}
Older versions of Emscripten appear to emit Asm.js containing:
HEAP8[x] with x in int
As opposed to the spec legal construct:
HEAP8[x>>0] with x in int
As older programs and even benchmarks such as Embenchen
include these constructs, support them for compatibility.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator,mjsunit/asm-wasm
R=aseemgarg@chromium.org,titzer@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1692713006
Cr-Commit-Position: refs/heads/master@{#33964}
This is hopefully the last in a series of cleanup patches around
destructuring assignment. It simplifies the ParseAssignmentExpression
API, making the callers call CheckDestructuringElement() where appropriate.
CheckDestructuringElement has been further simplified to only emit the
errors that the parser depends on it emitting.
I've also beefed up the test coverage in test-parsing.cc to
handling all the destructuring flags being on, which caught an oddity
in how we disallow initializers in spreads in patterns (we need to treat
RewritableAssignmentExpressions as Assignments for the purpose of
error checking).
Finally, I added a few helper methods to ParserBase to handle a few
classes of expressions (assignments and literals-as-patterns).
Review URL: https://codereview.chromium.org/1696603002
Cr-Commit-Position: refs/heads/master@{#33961}
This change expands allocation sampling to include old, map, code, and large object spaces. This involved refactoring much of the observation logic out of NewSpace into Space and overriding as needed in sub-classes.
Additionally, the sampling heap profiler now maintains a pair of heap observers. One observer is used for observing new space and resetting the inline allocation limit to be periodically notified of allocations. The other observes allocation across the other spaces where there is no additional work required to observe allocations.
Tests have been updated to ensure that allocations are observed correctly for Paged and LargeObject spaces.
R=ofrobots@google.com, hpayer@chromium.org, ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1625753002
Cr-Commit-Position: refs/heads/master@{#33959}
Recent flake happened bacause all the samples landed into native code.
The patch makes sure we collect enough JS samples.
BUG=v8:4751
LOG=N
Review URL: https://codereview.chromium.org/1695663002
Cr-Commit-Position: refs/heads/master@{#33953}
Adds JumpIfNotHoleConstant and JumpIfNotHoleConstantWide bytecodes
and removes JumpIfHole bytecode.
In situations with large numbers of constants, the generator would
fail because an 8-bit constant could not be reserved for
JumpIfHole/JumpIfNotHole and so a 16-bit constant would be reserved.
Then when patching the bytecode the patcher would discover there was
no wide constant variant of the emitted jump.
BUG=v8:4280,v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1697473002
Cr-Commit-Position: refs/heads/master@{#33952}
There are only two uses of %_ObjectEquals left, which should actually
use strict equality instead, so there's no need to keep this special
logic at all.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1692193002
Cr-Commit-Position: refs/heads/master@{#33948}
This removes support for the %Arguments and %ArgumentsLength runtime
entries and their intrinsic counterparts. If you need variable arguments
in any builtin, either use (strict) arguments object or rest parameters,
which are both compositional across inlining (in TurboFan), and not that
much slower compared to the %_Arguments hackery.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1688163004
Cr-Commit-Position: refs/heads/master@{#33943}
The tests in question have been disabled because throwing into lazy
deoptimized code was borked. After recent fixes landed these tests
should now pass again.
R=jarin@chromium.org
TEST=cctest/test-run-deopt/DeoptExceptionHandler
BUG=v8:4195
LOG=n
Review URL: https://codereview.chromium.org/1692873002
Cr-Commit-Position: refs/heads/master@{#33937}
The idea here is to perform the handler lookup in the deoptimizer, and then take the information from the handler table to build the catch handler frame in the deoptimizer. Specifically, we use the pc offset, context location and stack height (in full-code) to tweak the output frame.
Sadly, this still requires nasty voodoo for the liveness analyzer so that it keeps variables alive if they are used in the catch handler.
Review URL: https://codereview.chromium.org/1416543006
Cr-Commit-Position: refs/heads/master@{#33936}
This was causing code like:
REX.W cmpq r9,r8
setzl r8l
movzxbl r8,r8
REX.W cmpq r8,0x0
jz 185
(note the cmpq instead of cmpl above) on x64 instead of:
REX.W cmpq r9,r8
jnz 149
http://crrev.com/1677503002 is now obsolete and has been reverted.
Review URL: https://codereview.chromium.org/1685183003
Cr-Commit-Position: refs/heads/master@{#33934}
Reason for revert:
No fix needed, original CL was perfectly fine!
Original issue's description:
> Revert of [interpreter] Correctly thread through catch prediction. (patchset #1 id:1 of https://codereview.chromium.org/1690973002/ )
>
> Reason for revert:
> Depends on the reverted https://codereview.chromium.org/1691723002
>
> Original issue's description:
> > [interpreter] Correctly thread through catch prediction.
> >
> > This change correctly sets the {CatchPrediction} field in exception
> > handler tables for bytecode and optimized code. It also adds tests
> > independent of promise handling for this prediction, to ensure all our
> > backends are in sync on their prediction.
> >
> > R=rmcilroy@chromium.org,yangguo@chromium.org
> > TEST=mjsunit/compiler/debug-catch-prediction
> > BUG=v8:4674
> > LOG=n
> >
> > Committed: https://crrev.com/ba55f5594cb0b4a1a1e9b35d87fe54afe2d93f3b
> > Cr-Commit-Position: refs/heads/master@{#33906}
>
> TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4674
>
> Committed: https://crrev.com/c5229b311968fd638a6cd537c341b1055eb7be97
> Cr-Commit-Position: refs/heads/master@{#33922}
TBR=rmcilroy@chromium.org,yangguo@chromium.org,adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4674
Review URL: https://codereview.chromium.org/1689113004
Cr-Commit-Position: refs/heads/master@{#33933}
Remove some Ignition skips in mjsunit and cctest, and replace a few
others with fails now that the there is more debugger support.
BUG=v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1689993002
Cr-Commit-Position: refs/heads/master@{#33932}
The FastNewStrictArgumentsStub is very similar to the recently added
FastNewRestParameterStub, it's actually almost a copy of it, except that
it doesn't have the fast case we have for the empty rest parameter. This
patch improves strict arguments in TurboFan and fullcodegen by up to 10x
compared to the previous version.
Also introduce proper JSSloppyArgumentsObject and JSStrictArgumentsObject
for the in-object properties instead of having them as constants in the
Heap class.
Drive-by-fix: Use this stub and the FastNewRestParameterStub in the
interpreter to avoid the runtime call overhead for strict arguments
and rest parameter creation.
R=jarin@chromium.orgTBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1693513002
Cr-Commit-Position: refs/heads/master@{#33925}
Reason for revert:
Depends on the reverted https://codereview.chromium.org/1691723002
Original issue's description:
> [interpreter] Correctly thread through catch prediction.
>
> This change correctly sets the {CatchPrediction} field in exception
> handler tables for bytecode and optimized code. It also adds tests
> independent of promise handling for this prediction, to ensure all our
> backends are in sync on their prediction.
>
> R=rmcilroy@chromium.org,yangguo@chromium.org
> TEST=mjsunit/compiler/debug-catch-prediction
> BUG=v8:4674
> LOG=n
>
> Committed: https://crrev.com/ba55f5594cb0b4a1a1e9b35d87fe54afe2d93f3b
> Cr-Commit-Position: refs/heads/master@{#33906}
TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4674
Review URL: https://codereview.chromium.org/1695613002
Cr-Commit-Position: refs/heads/master@{#33922}
This fact is depended upon by, at least, Parser::ParseLazy, and quite
likely by other code. There was already code in %FunctionSetName
enforcing this invariant. This patch adds similar code to
Factory::NewSharedFunctionInfo().
BUG=v8:4659
LOG=n
Review URL: https://codereview.chromium.org/1686193003
Cr-Commit-Position: refs/heads/master@{#33914}
Instead of doing a full function body traversal we collect return expressions and mark them after function parsing.
And since we rewrite do-expressions so that the result is explicitly assigned to a result variable the statements marking will never hit so I removed it from the AST.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1693523002
Cr-Commit-Position: refs/heads/master@{#33911}
Apparently, this BytecodeArrayIterator method was missed during the
previous refactor. No other (collateral) change was done.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1691433002
Cr-Commit-Position: refs/heads/master@{#33909}
This replaces the bytecode in question with a runtime call within the
bytecode stream. The tradeoff is to safe one bytecode opcode for more
expensive encoding of lookup slot deletion.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1690913002
Cr-Commit-Position: refs/heads/master@{#33907}
This change correctly sets the {CatchPrediction} field in exception
handler tables for bytecode and optimized code. It also adds tests
independent of promise handling for this prediction, to ensure all our
backends are in sync on their prediction.
R=rmcilroy@chromium.org,yangguo@chromium.org
TEST=mjsunit/compiler/debug-catch-prediction
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1690973002
Cr-Commit-Position: refs/heads/master@{#33906}
Reason for revert:
[Sheriff] Breaks the tree:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20builder/builds/13892
Blamelists are wrong because of overloaded master. The trybots on this CL might have been outdated by the time of commit... Please rebase and retry.
Original issue's description:
> [Interpreter] Rename GetCountOperand to GetRegisterCountOperand.
>
> Apparently, this BytecodeArrayIterator method was missed during the
> previous refactor. No other (collateral) change was done.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/3781ca79f5c48b55d7f0bf6df370ec11515a1466
> Cr-Commit-Position: refs/heads/master@{#33897}
TBR=oth@chromium.org,rmcilroy@chromium.org,mstarzinger@chromium.org,ssanfilippo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review URL: https://codereview.chromium.org/1690963002
Cr-Commit-Position: refs/heads/master@{#33900}
Apparently, this BytecodeArrayIterator method was missed during the
previous refactor. No other (collateral) change was done.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1691433002
Cr-Commit-Position: refs/heads/master@{#33897}
In the case of a simple fast-mode receiver without fancy properties, we
can just walk over the descriptor array to find all its initial property
names. As long as the map stays the same, we can also use that
descriptor array to figure out how to handle the properties.
This speeds up
https://github.com/kpdecker/six-speed/tree/master/tests/object-assign by
~2x.
BUG=
Review URL: https://codereview.chromium.org/1688953004
Cr-Commit-Position: refs/heads/master@{#33895}
This is a follow-up to https://crrev.com/1671863002, adding the
capability to print the contents of the constant pool. The expected
type of the pool is taken from command line, and it's either:
* string/int/double: assume all constants have the specified type.
This way, we can emit a meaningful representation, e.g. a quoted
string for type string and so on. All the constants in the pool must
have the same type, otherwise one or more CHECK() will fail and the
program will eventually crash.
* mixed: print the InstanceType tag instead of the actual value.
This is the choice for those tests where the type of the constants in
the pool is not uniform, however only a type tag is printed, not the
actual value of the entries. SMIs are an exception, since they do not
have an InstanceType tag, so kInstanceTypeDontCare is printed instead.
In addition to that, functions Print{ExpectedSnippet,BytecodeSequence}
have been extracted with no functional change. It's just for improving
readability, since the code is becoming quite long.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1686963002
Cr-Commit-Position: refs/heads/master@{#33888}
1) Update profiling counters in Full codegen.
2) Call Runtime::kTraceTailCall when tracing is on
test/mjsunit/es6/tail-call-simple.js is disabled for now, because Turbofan does not fully support TCO yet.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1670133002
Cr-Commit-Position: refs/heads/master@{#33886}
Add dedicated %LoadLookupSlot, %LoadLookupSlotInsideTypeof,
%LoadLookupSlotForCall, %StoreLookupSlot_Sloppy and
%StoreLookupSlot_Strict runtime entry points and use them
appropriately in the various compilers. This way we can
finally drop the machine operators from the JS graph level
completely in TurboFan.
Also drop the funky JSLoadDynamic operator from TurboFan,
which was by now just a small wrapper around the runtime
call to %LoadLookupSlot.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1683103002
Cr-Commit-Position: refs/heads/master@{#33880}
The previous implementation used GetRawOperand(), which allows a nicely
unified handling of all scalar types, but returns an unsigned type.
Because of this, generate-bytecode-expectations couldn't properly handle
negative numbers.
This commit differentiate between different types of scalar operands and
uses the appropriate getter from i::interpreter::BytecodeArrayIterator,
thus correctly handling signed types where needed.
Two new helpers have been added to i::interpreter::Bytecodes:
* IsImmediateOperandType()
* IsIndexOperandType()
with the intuitive semantic.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1684113002
Cr-Commit-Position: refs/heads/master@{#33874}
Moves InterpreterAssembler out of the compiler directory and into the
interpreter directory. Makes InterpreterAssembler as subclass of
CodeStubAssembler.
As part of this change, the special bytecode dispatch linkage type
is removed and instead we use a InterfaceDispatchDescriptor and
a normal CodeStub linkage type.
Removes a bunch of duplicated logic in InterpreterAssembler and
instead uses the CodeStubAssembler logic. Refactors Interpreter
with these changes.
Modifies CodeStubAssembler to add the extra operations required
by the Interpreter (extra call types, raw memory access and some extra
binary ops). Also adds the ability for subclasses to add extra
prologue and epilogue operations around calls, which is required
for the Interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1673333004
Cr-Commit-Position: refs/heads/master@{#33873}
generate-bytecode-expectations is a tool intended to work together
with test/cctest/test-bytecode-generator.cc in order to produce a
meaningful diff between testcases and the actual bytecode being emitted.
It does so by parsing and compiling Javascript to bytecode,
constructing the same data structure in the testcase and then running a
textual diff between the expected (i.e. the one encoded in the unit test)
and actual (i.e. the one built from the compiler output) representation.
This commit is a first step in this direction, achieving just the first
half of what we desire. At the moment, bytecodechecker can:
* take a code snippet from the command line and emit the expected structure.
* adhere to the same formatting rules of the test cases
(this one is important for text diff and for copy and pasting too)
Still to do:
* parse unit tests:
+ extract code snippets
+ indent the code to match the input test case
+ allow flexibility in the input format
+ try to recognize and work around some macro magic (i.e. REPEAT_127)
* emit the representation of the constant pool and handlers vector
* run a textual diff
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1671863002
Cr-Commit-Position: refs/heads/master@{#33863}
The field in question is only needed when the optimizing compiler is
triggered via OSR. All other paths (e.g. from bytecode stream) should
not rely on the unoptimized code being present.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1685633002
Cr-Commit-Position: refs/heads/master@{#33860}
Marking as undetectable makes abstract equality of null, undefined, and
other undetectable objects easier. Supporting it in the generic compare
IC significantly speeds up dynamic comparison between those values and
JSReceivers by not falling back to the runtime.
MIPS port contributed by Balazs Kilvady <balazs.kilvady@imgtec.com>
Review URL: https://codereview.chromium.org/1683643002
Cr-Commit-Position: refs/heads/master@{#33858}
Preparing the young generation for (real) non-contiguous backing memory, this
change removes object masks that are used to compute containment in semi and new
space. The masks are replaced by lookups for object tags and page headers, where
possible.
Details:
- Use the fast checks (page header lookups) for containment in regular code.
- Use the slow version that masks out the page start adress and iterates all
pages of a space for debugging/verification.
- The slow version works for off-heap/unmapped memory.
- Encapsulate all checks for the old->new barrier in Heap::RecordWrite().
BUG=chromium:581412
LOG=N
Review URL: https://codereview.chromium.org/1632913003
Cr-Commit-Position: refs/heads/master@{#33857}
This makes sure we can run through the TurboFan pipeline without having
to parse the source when using the bytecode stream as input. This path
is now being tested by the BytecodeGraphTester helper.
R=titzer@chromium.org,rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1679313002
Cr-Commit-Position: refs/heads/master@{#33856}
Reason for revert:
Possibly causing Mozilla test failures - will investigate.
Original issue's description:
> [turbofan] ARM: Improve AND instruction selection
>
> Improve instruction selector for mask and shift operations by using cheaper
> instructions where possible, in preference to UBFX.
>
> BUG=
>
> Committed: https://crrev.com/53d9c12977f07f55b6f2a72128b8d02c4c857845
> Cr-Commit-Position: refs/heads/master@{#33843}
TBR=bmeurer@chromium.org,jarin@chromium.org,danno@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1681953003
Cr-Commit-Position: refs/heads/master@{#33850}
This adds test cases for exception handlers that require a context
switch when entering the catch-block or the finally-block, triggered
through nested contexts within the try-block.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1681933002
Cr-Commit-Position: refs/heads/master@{#33845}
Improve instruction selector for mask and shift operations by using cheaper
instructions where possible, in preference to UBFX.
BUG=
Review URL: https://codereview.chromium.org/1677023002
Cr-Commit-Position: refs/heads/master@{#33843}
When doing advance at the start of an unanchored unicode regexp,
we do not have to care about surrogate pairs. If we actually advance
into the middle of a surrogate pair, the only choice is to also
consume trail surrogate as nothing else can match from there.
This reduces the emitted code slightly. By not having choice in the
loop, we do not have to push backtrack onto the stack, preventing
stack overflow.
R=erik.corry@gmail.com, erikcorry@chromium.org
Review URL: https://codereview.chromium.org/1676293003
Cr-Commit-Position: refs/heads/master@{#33838}
By now only the default %TypedArray%.prototype.sort compare function
and the JS implementation of SameValueZero were still using the odd
%_IsMinusZero intrinsic, whose semantics both included a number check
(actually HeapNumber test) plus testing if the heap number stores the
special -0 value. In both cases we already know that we deal with
number so we can reduce it to a simple number test for -0, which can
be expressed via dividing 1 by that value and checking the sign of
the result. In case of the compare function, we can be even smarter
and work with the reciprocal values in case x and y are equal to 0
(although long term we should probably rewrite the fast case for
the typed array sorting function in C++ anyway, which will be way,
way faster than our handwritten callback-style, type-feedback
polluted JS implementation).
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1680783002
Cr-Commit-Position: refs/heads/master@{#33833}
This patch moves Symbol.species support to the "experimental JavaScript
features" flag. While @@species is still a performance hit, it doesn't seem
like it would make the web unusably slow; shipping would still have to
wait on fixing the performance regression, but staging this version should
yield valuable web compatibility information.
R=cbruni
BUG=v8:4093
LOG=Y
Review URL: https://codereview.chromium.org/1678143002
Cr-Commit-Position: refs/heads/master@{#33827}
ES2016 TypedArray subclassing semantics break the Node.js Buffer module,
also used on the web. I wrote a pull request against the web and Node
versions to fix the issue, but the pull request has not yet been granted,
and this is blocking shipping the change. For now, this patch extends the
web compatibility workaround to the --harmony-species flag, so that
Symbol.species and associated subclassing semantics can ship independently.
R=cbruni
BUG=v8:4665
LOG=Y
Review URL: https://codereview.chromium.org/1678123002
Cr-Commit-Position: refs/heads/master@{#33826}
Do not rely on elapsed time to collect enough samples.
Use CollectSample API function instead.
Remove checks for extra functions present in a profile, as
there in fact can be lots of native support functions.
BUG=v8:2999
LOG=N
Review URL: https://codereview.chromium.org/1665303004
Cr-Commit-Position: refs/heads/master@{#33822}
Also replace SKIPS by FAIL to ensure tests are reenabled once they work.
BUG=v8:4680
LOG=N
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm64_dbg,v8_linux_arm_dbg
Review URL: https://codereview.chromium.org/1667323002
Cr-Commit-Position: refs/heads/master@{#33821}
This allows us to remove the somewhat awkward BuildLoadObjectField
from the BytecodeGraphBuilder and also allows us to simplify the
bytecode stream for class literals.
R=oth@chromium.org
Review URL: https://codereview.chromium.org/1678103002
Cr-Commit-Position: refs/heads/master@{#33820}
Adds implementation and tests to support const/let variables in the
interpreter.
BUG=v8:4280,v8:4679
LOG=N
Review URL: https://codereview.chromium.org/1634153002
Cr-Commit-Position: refs/heads/master@{#33819}
Previously, Object.values() and Object.entries() were piggy-backing on
Object.keys(). This meant that they would pre-filter non-enumerable properties,
violating the runtime behaviour of the methods. Unfortunately, this does not
match the current proposal text.
Also incorporates several tests verifying this behaviour based on tests included
in the ChakraCore implementation.
In this reland, the new patch fills up the longer-lasting FixedArray with
`undefined` to avoid the crash in Heap::Verify().
Originally reviewed at https://codereview.chromium.org/1637753004
BUG=v8:4663
LOG=N
R=adamk@chromium.org, rossberg@chromium.org, littledan@chromium.org
Review URL: https://codereview.chromium.org/1673673002
Cr-Commit-Position: refs/heads/master@{#33818}
The flag in question is a debug-only flag supported by full-codegen and
Crankshaft only. In it's current form there are some unresolved issues:
- The flag is defeated by inlining in Crankshaft.
- The flag is not supported by TurboFan.
- The flag is not supported by Ignition.
Instead of addressing the above issues and increasing maintenance cost
for all backends and also given the "slim" test coverage, this CL fully
removes the support from all backends.
R=bmeurer@chromium.org,jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1676263002
Cr-Commit-Position: refs/heads/master@{#33817}
This moves the JSCreate related functionality from JSTypedLowering into
a dedicated JSCreateLowering reducer. This is in preparation of landing
the support for optimized literals in TurboFan, which would blow up
JSTypedLowering quite seriously otherwise.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1678833002
Cr-Commit-Position: refs/heads/master@{#33813}
