... and use it in the implementation of array literal spreads,
replacing calls to %AppendElement.
Array spreads in destructuring will be taken care of in a separate CL.
Bug: v8:5940, v8:7446
Change-Id: Idec52398902a7fd3c1244852cf73246f142404f0
Reviewed-on: https://chromium-review.googlesource.com/915364
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51709}
There are some unused bits in a BigInt's bit field. We never read their
their values explicitly, but whenever the entire object is moved around
(for serialization, or GC), this uninitialized memory is accessed. This
patch fixes that by initializing the entire field after allocation of a
BigInt, not just the bits we actually use.
Bug: chromium:818109
Change-Id: I5a4d24c3240242157b902c696fa9bb779799280d
Reviewed-on: https://chromium-review.googlesource.com/946676
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51708}
This patch removes the ProxyConstructor_ConstructStub builtin,
merging its functionality into the refactored ProxyConstructor
TurboFan builtin.
This brings us closer to our goal of deprecating the `construct_stub`
field in `SharedFunctionInfo`.
Bug: v8:7503, v8:7518
Change-Id: Iee76ba1a116ba61a543da529ec55149df333dcca
Reviewed-on: https://chromium-review.googlesource.com/946488
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51707}
Change-Id: I8f842187d9a02657474c47f5ea1c3257a7ec9317
Reviewed-on: https://chromium-review.googlesource.com/916143
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51706}
Unfortunately, different runtime libraries and/or compilers differ on
whether a class without any copy constructor, move constructor, copy
assignment and move assignment operator is considered trivially
copyable.
See discussion on https://crrev.com/c/941521.
This CL adds a comment about this, and deletes a test for this specific
case.
R=mstarzinger@chromium.orgCC=jyan@ca.ibm.com, ivica.bogosavljevic@mips.com
Change-Id: Ie07adda370e5e955b782e72356b50121477d4623
Reviewed-on: https://chromium-review.googlesource.com/944081
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51704}
This changes the BytecodeGraphBuilder to connect runtime calls that
don't return normally, but always throw exceptions, to End (via a Throw
node), instead of inserting Phis on the return values. This unblocks
the new optimization approach for array iteration.
Bug: v8:7510, v8:7514
Change-Id: Ic78216cc27034f191c4850e476f24e598c17deca
Reviewed-on: https://chromium-review.googlesource.com/946250
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51702}
Folding _ + NaN => NaN can widen type None to a constant type, which leads to floating DeadValue nodes. This CL fixes this by removing the optimization. Alternatively, we should consider removing all nodes of type None in simplified lowering.
Bug: chromium:817225
Change-Id: I2a126b360d70d3626f8a3c5e73ac72dc980ac8b3
Reviewed-on: https://chromium-review.googlesource.com/946129
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51699}
This CL removes the last method taking a raw callback as argument.
Bug: chromium:782550
Change-Id: Ia7f19120be7dcb2648f11cd3cdb8880f8818490d
Reviewed-on: https://chromium-review.googlesource.com/822198
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51695}
This patch removes the NumberConstructor_ConstructStub builtin,
merging its functionality into the refactored NumberConstructor
TurboFan builtin.
This brings us closer to our goal of deprecating the `construct_stub`
field in `SharedFunctionInfo`.
Bug: v8:7503, v8:7518
Change-Id: Ia407a2d43cda9fc7b26e13274fd79f110b6232ca
Reviewed-on: https://chromium-review.googlesource.com/946008
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51694}
- Add B/KiB/MiB units to histograms
- Auto select fileReader to open dialog when pressing enter
Bug: v8:7266
Change-Id: I6fa56d2fa112f6ddbd541304cd26a1f6bd9322ce
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/946128
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51693}
This prevents us from accidentally overwriting the default map of the
empty_fixed_array since NewFixedArray might just return that.
Change-Id: Id2fd20db1c07ec0289905ce5b0e12b5530a60229
Reviewed-on: https://chromium-review.googlesource.com/942923
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51692}
This is a reland of b8bc26d099
Original change's description:
> [turbofan] Preserve order of compares in switches
>
> This CL makes sure that control flow optimization does
> not change the order of switches that ultimately get
> lowered to a series of comparisons anyway.
>
> Bug: v8:7326
> Change-Id: If004de6b71a7e9504d37754c847ca108a64e49db
> Reviewed-on: https://chromium-review.googlesource.com/941952
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51679}
Bug: v8:7326
Change-Id: Ifbe61dece499c98bbd49fa3ae9b99ccf4e955ddc
Reviewed-on: https://chromium-review.googlesource.com/945770
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51691}
This makes sure that the object can be identified by a unique instance
type and hence is not accidentally confused with other FixedArrays on
the heap.
R=clemensh@chromium.org
BUG=v8:7509
Change-Id: Ib3dcdb4559821d0ad9ca8cced37754e0e3c1d578
Reviewed-on: https://chromium-review.googlesource.com/943781
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51687}
Table inits can contain imported functions, hence their code will be a
wasm-to-wasm wrapper.
Fix a DCHECK and add a regression test.
R=ahaas@chromium.org
Bug: chromium:817380
Change-Id: I836be589e1ae66839ccd470154c8dea488e6bc1f
Reviewed-on: https://chromium-review.googlesource.com/943107
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51685}
Previously the array iterator protector only guarded the lookup of the
@@iterator symbol on the initial Array.prototype, and we had to use an
additional map check on the %ArrayIteratorPrototype% to ensure that no
one messed with the next() method. This CL extends the array iterator
protector to also guard the lookup of %ArrayIteratorPrototype%.next.
This simplifies the code quite a bit and makes it more robust for cases
where someone has to install additional methods on the iterator
prototype, i.e. a custom async iterator.
Bug: v8:7510, v8:7514
Change-Id: Ie6080bb837a91a2b60b224597121470614210660
Reviewed-on: https://chromium-review.googlesource.com/945728
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51684}
This reverts commit 93fc3841c3.
Reason for revert: may break node.js integration
Original change's description:
> [parsing] inline ArrayLiteral creation for spread calls
>
> Instead of using runtime calls to generate the Array Literal passed to
> %reflect_call / %reflect_construct, we create an ArrayLiteral from the
> list of arguments, and perform spreads using the interpreter mechanism for
> spreading in ArrayLiterals (thus, the spreading becomes inline). This
> array literal is still passed to %reflect_call / %reflect_construct as
> before.
>
> This cuts the runtime for bench-spread-call.js -> testSpread roughly in
> half, and will likely improve further once
> https://chromium-review.googlesource.com/c/v8/v8/+/915364 has landed.
>
> BUG=v8:7446
> R=neis@chromium.org, adamk@chromium.org
>
> Change-Id: I74a6acd3a60aad422e4ac575275c7b567659d8ad
> Reviewed-on: https://chromium-review.googlesource.com/939587
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51678}
TBR=adamk@chromium.org,neis@chromium.org,caitp@igalia.com,bmeurer@chromium.org
Change-Id: I4730077591bce0e5e7b2ce7d59678e8b7135cc08
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7446
Reviewed-on: https://chromium-review.googlesource.com/945769
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51682}
This reverts commit b8bc26d099.
Reason for revert: may break node.js integration
Original change's description:
> [turbofan] Preserve order of compares in switches
>
> This CL makes sure that control flow optimization does
> not change the order of switches that ultimately get
> lowered to a series of comparisons anyway.
>
> Bug: v8:7326
> Change-Id: If004de6b71a7e9504d37754c847ca108a64e49db
> Reviewed-on: https://chromium-review.googlesource.com/941952
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51679}
TBR=jarin@chromium.org,sigurds@chromium.org,bmeurer@chromium.org
Change-Id: Ideb551e0831c686dc7c247b77f59ff3485c30181
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7326
Reviewed-on: https://chromium-review.googlesource.com/945768
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51681}
This CL will temporarily regress memory since we will store the name
both on the SFI and the ScopInfo. Future CLs will do the following:
- Collapse the name field on SFI with the scopeInfo field
- Store the ScopeInfo on the Context instead of the closure so we
don't strongly hold on to the closure unnecessary
Drive-by-fix:
- Mark ScopeInfo accessors as const
Bug: v8:7066
Change-Id: I7ef47d858352bb0bb76ad105f194eabce06938ed
Reviewed-on: https://chromium-review.googlesource.com/939476
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51680}
This CL makes sure that control flow optimization does
not change the order of switches that ultimately get
lowered to a series of comparisons anyway.
Bug: v8:7326
Change-Id: If004de6b71a7e9504d37754c847ca108a64e49db
Reviewed-on: https://chromium-review.googlesource.com/941952
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51679}
Instead of using runtime calls to generate the Array Literal passed to
%reflect_call / %reflect_construct, we create an ArrayLiteral from the
list of arguments, and perform spreads using the interpreter mechanism for
spreading in ArrayLiterals (thus, the spreading becomes inline). This
array literal is still passed to %reflect_call / %reflect_construct as
before.
This cuts the runtime for bench-spread-call.js -> testSpread roughly in
half, and will likely improve further once
https://chromium-review.googlesource.com/c/v8/v8/+/915364 has landed.
BUG=v8:7446
R=neis@chromium.org, adamk@chromium.org
Change-Id: I74a6acd3a60aad422e4ac575275c7b567659d8ad
Reviewed-on: https://chromium-review.googlesource.com/939587
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51678}
Avoid generating ADDs when concatenating the empty string with other
template parts. This prevents the creation of useless feedback slots,
and reduces the number of extra dispatches.
The impact on performance is negligible.
BUG=v8:7415
Change-Id: I7ef3806b53f7252f3a86f7007ae7050ac697c1e3
Reviewed-on: https://chromium-review.googlesource.com/938145
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#51669}
The memory gains were significant, so despite the bluebird-doxbee
regression, we think it's better to have this patch than not.
See the attached Chromium bug for more discussion.
This is a reland of 20e346bd08.
Original change's description:
> [parser] Remove pretenuring of closures assigned to properties
>
> This pretenuring was added in https://codereview.chromium.org/5220007,
> back when it was necessary in order to allow use of the closure
> as a "constant function" property. This should no longer be the case,
> and the pretenuring causes some unfortunate downstream effects.
>
> This patch removes the parser's setting of this bit. If it doesn't
> cause regressions on the perf bots, followup CLs will remove the
> rest of the support for this feature.
>
> Bug: v8:7442
> Change-Id: I27c43dd4293ce5de921be6c78571e712778d138a
> Reviewed-on: https://chromium-review.googlesource.com/914610
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51254}
Bug: v8:7442, chromium:814182
Change-Id: I228c59dccef3844803f115749e72ae6c5f286eda
Reviewed-on: https://chromium-review.googlesource.com/938241
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51668}
This makes sure that the object can be identified by a unique instance
type and hence is not accidentally confused with other FixedArrays on
the heap.
R=clemensh@chromium.org
BUG=v8:7509
Change-Id: I66e3d779ff9a323b64f5464bdd5fe02aefe468c6
Reviewed-on: https://chromium-review.googlesource.com/943442
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51665}
This is a first step towards using Maps as store transition handlers.
It is expected for this CL to noticeably regress memory consumption
but most of it should be recovered by the next CL.
Bug: v8:5988
Change-Id: Ic2e301f9ccebc36e699383ded8c8cd284a906ce1
Reviewed-on: https://chromium-review.googlesource.com/928646
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51663}
Follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/941442.
"background" refers to a priority and is inappropriate to refer to
worker threads as many tasks posted to worker threads by v8 are in
fact high priority.
Also took advantage of this rename to make NumberOfWorkerThreads()
return an int instead of size_t. While it is never negative, int is
simpler and Google C++ style guide states to avoid unsigned integers in
such cases (ref. "On Unsigned Integers" @
https://google.github.io/styleguide/cppguide.html#Integer_Types).
The Chromium embedder for that call provided an int which was converted
to size_t for this override and most often casted back down to int on the
v8 side, adding churn, and readability overhead.
R=ahaas@chromium.org
Bug: v8:7310
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib5280df73d2846b111d985be65a10b049995ea6a
Reviewed-on: https://chromium-review.googlesource.com/941944
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51662}
This patch removes the StringConstructor_ConstructStub builtin,
merging its functionality into the refactored StringConstructor
TurboFan builtin.
This brings us closer to our goal of deprecating the `construct_stub`
field in `SharedFunctionInfo`.
Bug: v8:7503
Change-Id: Ie98520c652f49dda91eff2fc51263611f29e0ebe
Reviewed-on: https://chromium-review.googlesource.com/942882
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51660}
