Instead of always inlining the polymorphic map checks, this CL
introduces a builtin to perform these polymorphic map checks
when the IC is monomorphic at compile time.
This reduces the time we spend compiling and code bloat while trading it
for performance.
Bug: v8:10582, v8:9684
Change-Id: I7aea698988f8ead3cbf3f4a836218f53223f0f98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2398525
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70200}
There were two problems:
1. v8_builtins_profiling_log_file was not declared in "sources" or
"inputs", so Ninja wouldn't re-run mksnapshot if it changed.
2. v8_builtins_profiling_log_file was passed directly to mksnapshot
without rebasing the path, which makes it awkward and inconsistent
with how most other gn arguments work.
Bug: v8:10470
Change-Id: Id8edba325b867e8d9561d3c76f28e121641d0dd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434103
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#70199}
This is the first step to support debug evaluate on wasm call frames.
This CL enables calling evaluateOnCallFrame when a wasm frame is
selected, which before always returned undefined. The CL mirrors global
evaluation, and actually enabling inspecting the wasm frame will be part
of a second change.
Bug: chromium:1127914
Change-Id: If0ad0be7c402d85ab2a8e95376398f4f4ef94948
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436338
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70198}
There's no builtin implementation code here, the two functions should
live in builtins.cc.
Change-Id: Ie3cff4f1a22c86984a99a3b5d1b82c0f9f9a1f5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436458
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70196}
Removes the arguments adaptor frame during optimization (for x64) and deoptimization.
Change-Id: Ica78ebbb9216555dd3f1adf05d6b293e8add0050
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410195
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70194}
Here is an alternate fix for chromium:1123379, which addresses a
TODO. A callback is provided to the GraphAssembler when it's working
on an unscheduled graph. In such cases, changed nodes in the main
graph need to be revisited after change. The callback ensures that
the GraphAssembler kicks that process off when necessary.
Bug: chromium:1123379
Change-Id: I9d864c3390fbe670ee450152a67555dcbfa8f581
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2433924
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70192}
V8 can no longer produce the data this script used to consume.
Bug: v8:10933
Change-Id: Ia78f24b34ce84e19a1a0bf98c75f1ca5de36618e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435228
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70189}
Reverted:
* FixedDoubleArray
* BigInt
* HeapNumber
* Partial work of JSDataView
Bug: v8:7790
Change-Id: I075e1d6d50129771f6208f198911797c6db3b7cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2431944
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70187}
Functions with Simd128 in their signature will be lowered to 4 Word32.
Later for Int64 lowering, it needs to use the lowered signature.
Otherwise we will have weird parameter and signature mismatch, since it
expects Parameter[1] to be == signature()->GetParam(0).
Bug: v8:10507
Change-Id: Ia9417ecd46c1768344ed1fb3ebfe4e8dd9c3e397
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2432626
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70185}
If return's input counts did not change, there is no need to change the
node at all.
Bug: chromium:1127620
Change-Id: I16d14a273d44b9fcd0b5a8af74b7a5a2eda569ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434998
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70183}
Changes:
- Add current global index argument to consume_init_expr.
- Inline DecodeGlobalInModule. Move the check for undefined global
indexes into into consume_init_expr. Note: This fixes a bug where the
index wasn't checked for nested global.get.
- Under --experimental-wasm-gc, allow global initializers to reference
already defined globals in the same module.
- Rename ModuleDecoderImpl::DecodeInitExpr -> DecodeInitExprForTesting.
Remove redundant "start" argument.
- Add tests for global initializers. Remove a redundant test.
Bug: v8:7748
Change-Id: Ieb4a768f8cfdd423e5f439bb3467700068f240b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2428596
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70181}
This additionally combines --future with all other standard testing
variants.
This also enables using concurrent_marking in status files to skip
tests in this variant.
This also marks a slow test that times out in the new config.
Bug: v8:10875
Change-Id: Id904f6a2c51b814eecfccb523a897de2f5d96f56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2423719
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70180}
These are either resolved (in which case I've removed them),
or never will be done (in which case I've reworded them in non-TODO terms).
Bug: v8:10933
Change-Id: I2e36df770cf2109974a790916172b6e1bace06fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2432069
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70179}
This test likely did something in 2013 when we still had legacy const,
but now it seems like it's mostly a poor unittest of when
optimization/deoptimization happens.
Bug: v8:10933
Change-Id: Ib816e0eddf9224a4ad37096591da9032740d5e7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2432313
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70178}
The vast majority of operations increases the stack size by at most one.
Many opcode (e.g. all unary and binary operations) never grow the stack
at all. Still, for every "push" operation, they check whether the
storage for the vector that holds the stack values needs to grow.
This CL avoids those redundant checks by ensuring that there is space
for at least one more stack element before decoding each instruction.
By centralizing this check, we not only improve performance, but also
reduce code size significantly (~49 kB on x64 release).
R=thibaudm@chromium.org
Bug: chromium:1096565, v8:10933
Change-Id: I986dcac734b986d1ce953b7ec3bde8ad31b4f2b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2431525
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70177}
A Wasm module's start function might be imported from JavaScript, and
as such might contain calls to Blink. For such a case, we must make
sure that an "incumbent context" is available. Usually, having any
JavaScript function on the stack is enough to ensure that; but in the
special case of async compilation, the "success" task is executed
directly from the event loop, so we have to manually enter a context.
Additionally, we need to ensure that such a start function's own context
is properly entered: in addition to setting it as the current context
on the isolate (as the function call sequence is doing), we have to
register it in the list of entered contexts, as if v8::Context::Enter
had been used.
Bug: chromium:1096558
Change-Id: I12679ab49ee764572e3742da24889dcd55c29160
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2292248
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70175}
Control-flow aware allocation has been enabled by default for a long
time now. This removes the unused code paths related to splintering.
R=neis@chromium.org
Bug: v8:10933
Change-Id: I19d9eb448c3912b24a1ad16030e7dd556b13accc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434328
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70172}
For loads like Array.prototype.push, using dynamic map checks for
loading loading "push" from array prototype would prevent constant
folding of the push builtin. This would prevent inlining of these
builtins in the later phases. So, disable dynamic map checks when
loading fields from array prototype.
Bug: v8:10582
Change-Id: I8b44392a81194a3a5bd9b5ced6b1175658cec1f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435367
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70171}
Rolling v8/build: c8dc0f5..693ed52
Rolling v8/third_party/aemu-linux-x64: laU2vAii09mMfCaTLtA8O6UYjPdUXy0B-0zzOR0OPekC..H7hrpKGUlOVzq9skYXcIJ0DSDdaFuCLaA8hiD5ii0fEC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0de9874..3cd3b4e
Rolling v8/third_party/depot_tools: d1580d5..77397c4
Rolling v8/third_party/icu: 83b2ac6..aef20f0
Rolling v8/third_party/jsoncpp/source: 645250b..9059f5c
Rolling v8/third_party/zlib: f8517bd..4668feaTBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I30380df349519ea77ede52e51ec902af386992f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435601
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#70170}
This CL also adds some unit tests, locally tested under x64.
The double support is based on this original CL by Gus Caplan
(snek@chromium.org):
https://chromium-review.googlesource.com/c/v8/v8/+/2264612
Bug: chromium:1052746
Change-Id: Ibdf631689b01ab619a72005226bfc015b4737dde
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416028
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70168}
Fixes the following compilation error:
'atomic_uint8_t' in namespace 'std' does not name a type
Change-Id: Ie231b544cafc694271f50f4841b823e8cff3ec1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434390
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70165}
Previously ToNumber could be called with an empty context. In a previous
CL (https://crrev.com/c/v8/v8/+/2078580) we added DCHECKS to make sure
that some paths were not using the empty context. Now we are doing the
next step of adding a primitive to separate the cases.
Small update from delphick@ to get the builtin descriptor right.
Bug: v8:6949, v8:10933
Change-Id: Ie40b169f680f60a08eb26fac1fcfcef7d6169e65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2428863
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70162}
The compilation cache doesn't know about REPL mode. This means that
non-REPL mode compiled scripts are successfully found for their
REPL mode equivalent and vice versa.
This CL disables the compilation cache for REPL mode scripts.
Performance is not really a concern as DevTools console inputs
are usually very small.
R=leszeks@chromium.org
Bug: chromium:1108021
Change-Id: If396c7aa004188730762e4f6bd01dae2fc141181
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434333
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70160}
The tool has been outdated for a while and replaced by profview for
most use-cases.
The last version is still hosted under
https://v8.github.io/tools/v8.4/profviz/profviz.html
Bug: v8:9260, v8:10667
Change-Id: I54888640a627ee8e4d8ad2ab63bd91e04e6fb98f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434335
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70159}
This prepares moving the build directory on bots to out/build. For a
smooth transition, the performance runner will dynamically check
for the build in several locations.
This prepares:
https://crrev.com/c/2426643
NOTREECHECKS=true
Bug: chromium:1132088
Change-Id: Ia12fcdedec0f4ac2bfe087e8154c0acb8771a43f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2431364
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70158}
These tests were incorrectly declaring the number of parameters the
generated function would take by omitting the receiver and
PopAndReturnVariable was accessing the wrong parameter.
Also updated a passed in parameter to not match the constant that was
being returned in case that led to the test passing accidentally.
Bug: v8:10933
Change-Id: Ia354e4e30b464a333039ab6bc54198acd16a4789
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434334
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70157}
Currently, the generic wrapper is used for i32, i64, f32 and f64 params
and 0 or 1 i32, i64, f32, f64 return value.
Bug: v8:10701
Change-Id: I3776de617aa4a384fdff5154ddad8ff405001a33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2429266
Commit-Queue: Eva Herencsárová <evih@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70156}
Fixes test-torque/TestBitFieldStore to read the Smi parameter passed in
rather than the receiver which was always the global object.
Change-Id: Ie6b343ad7ef9393c211b0e7c8e1b7c1427e0aeb4
Bug: v8:10933
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434327
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70154}
When an Isolate in a multi-threaded environment is being debugged
and a thread does a Step Over (StepNext internally) one-shot
breaks are created in the code at the stack frame where the
StepNext occurred. However, if the stepped-over statement had
a function call and the called function (or some function that
it called) unlocked the Isolate (via a C++ function call) and
another thread then locked the Isolate, an ArchiveDebug would
be done which would save the fact that a StepNext is active and
the call frame depth of the StepNext. The one-shot breaks would
then be cleared to avoid stopping the now running thread.
When the original thread that did the StepNext relocks the Isolate,
a RestoreDebug is done which, seeing that a StepNext was active
calls PrepareDebug which assumes that the StepNext must be for
the current JS frame which is usually correct, but not in this
case. This results in the StepNext break actually occurring in the
function that called the C++ function not in the function where
the StepNext was originally done. In addition, the function where
the break now happens must necessarily be deoptimized if
optimized, and debug code and a source map table created if one
doesn't already exists though this is largely invisible to the
user.
Occasionally, a crash/core dump also occurs because the stack
guard is restored after the debugging environment is restored in
the RestoreThread code which can prevent the compiler from being
called to generate the source map table (for the incorrect
function) since the stack guard is another thread's stack guard,
and so might appear that the stack guard has been gone past so
the compiler is not called, resulting in there being no source
map table. But PrepareStep ends up calling the BreakIterator
(via the DebugInfo constructor) which assumes there is a source
map table so we get a crash.
The fix is to have PrepareStep to skip to the frame where the
StepNext was done before doing its thing. Since the only
PrepareStepcaller that requires a frame other than the current
frame, is RestoreDebug, a target frame parameter was added to
PrepareStep that's set by RestoreDebug and defaults to -1
indicating to use the current frame for all other callers.
While this made the order of the debug environment and stack
guard no longer cause an obvious problem, it still felt wrong
to defer restoration of the stack guard until after something
as potentially complex as PrepareStep might be called, so the
order of RestoreDebug and RestoreStackGuard calls were reversed.
Bug: v8:10902
Change-Id: I174e254e72414c827e113aec142f1d329ebe73d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2405932
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70152}
MemOperand's immediate offset is int32_t value, but some offsets
in liftoff are uint32_t, we should load the offsets to registers.
And assemble instructions like lw/sw/daddiu could't handle operand
with large immediate value. So we should use macro assemble instrs
like Lw/Sw/Daddu instead, unless we can make sure the operands are
proper for those assemble instructions.
Bug: v8:10925
Change-Id: I122d35a6857461791999b603f0150311bfc6343e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434985
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#70151}
