Push cp in EnterFrame for CONSTRUCT type frames, in order to align the stack op,
and adapt the users (Generate_JSBuiltinConstructStub*) to account for it.
Then align the rest of the stack operations in
Generate_JSBuiltinConstructStubHelper.
Bug: v8:6644
Change-Id: I4ffca329d5838902f787a52ac0d362dfbf9174c6
Reviewed-on: https://chromium-review.googlesource.com/746923
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#49063}
The parser now throws for literals that are too big for the runtime
to support, thus avoiding CHECK-failures further down the line.
Tbr: rmcilroy@chromium.org
Bug: v8:6791
Change-Id: Ie45ddebb8aa9e7a30e8b6b74f99916b700e38e4a
Reviewed-on: https://chromium-review.googlesource.com/747682
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49059}
Currently, dynamic `import()` throws the following SyntaxError when
used without a specifier:
> import();
< Uncaught SyntaxError: Unexpected token )
From the error message, it seems this the result of the code snippet
being seen as static `import` followed by parens, as opposed to
`import()` with no specifier.
This patch makes this error message more clear:
> import();
< SyntaxError: import() requires a specifier
BUG=v8:7020,v8:6513
Change-Id: I3519dfd0029f38d23da858a5499f1d226e794935
Reviewed-on: https://chromium-review.googlesource.com/747141
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49058}
Objects with both dictionary and non-dictionary maps can store their
hash in the {properties} field when they have no other properties.
Bug: chromium:778952
Change-Id: I8ac8c31eaac32116415e3c65cef8dee260dca2c9
Reviewed-on: https://chromium-review.googlesource.com/747272
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49056}
Takes too long on bots to run
Bug:
Change-Id: Ia99717fe943ff6437497425abd3a3cb9999d7564
Reviewed-on: https://chromium-review.googlesource.com/746533
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#49055}
When closing untagged template string literals, create a single n-ary
addition operation, instead of a tree of binary operations.
As a clean-up, this also entirely removes the "second" field from n-ary
operations. This was proving to be too confusing an API when building
an n-ary operation incrementally from a single expression (rather than
converting a binary operation).
Bug: v8:6964
Change-Id: I8f2a395d413cf345bab0a1a347b47f412cde83b1
Reviewed-on: https://chromium-review.googlesource.com/739821
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49054}
Also replaced kTrue/kFalse with a kBoolean type, and remove now-unused
IsTypeX() methods (leaving ones that are called frequently).
Bug: v8:6984
Change-Id: I0cbffc37efaa391981d8dce564051ce43257ed8a
Reviewed-on: https://chromium-review.googlesource.com/745023
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49053}
We have a check on maximum number of levels that can be inlined. This
in some cases causes performance cliffs, when we cannot inline a small
function because it has exceeded the number of levels. This cl removes
that check. The intuition is that, having gone down several levels in
a particular line stopping inlining that chain and exploring a new
call site may not be beneficial. This cl also introduces a absolute
limit on the number of nodes that can be inlined (including the small
functions).
Bug: v8:6871, chromium:779509
Change-Id: Id29639ff2fd85b84d8746da3fb78a82d4e9852e8
Reviewed-on: https://chromium-review.googlesource.com/743727
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49050}
This adds support to the KeyedLoadIC to ignore out of bounds accesses
for Strings and return undefined instead. We add a dedicated bit to the
Smi handler to encode the OOB state and have TurboFan generate appropriate
code for that case as well. This is mostly useful when programs
accidentially access past the length of a string, which was observed and
fixed for example in Babel recently, see
https://github.com/babel/babel/pull/6589
for details. The idea is to also extend this mechanism to Arrays and
maybe other receivers, as reading beyond the length is also often used
in jQuery and other popular libraries.
Note that this is considered a mitigation for a performance cliff and
not a general optimization of OOB accesses. These should still be
avoided and handled properly instead.
This seems to further improve the babel test on the web-tooling-benchmark
by around 1%, because the OOB access no longer turns the otherwise
MONOMORPHIC access into MEGAMORPHIC state.
Bug: v8:6936, v8:7014
Change-Id: I9df03304e056d7001a65da8e9621119f8e9bb55b
Reviewed-on: https://chromium-review.googlesource.com/744022
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49049}
This both simplifies the code, and brings it in-line with
what we need for wasm on the native heap.
Bug: v8:6876
Change-Id: Ia48aed86ddcd94e85c0aecc053c327dfacb795d6
Reviewed-on: https://chromium-review.googlesource.com/744593
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49048}
Create new state before parsing FormalParameter because we don't
want to use any of the parameters as an inferred function name.
Previously the stacktrace was:
test.js:3: Error: boom
throw new Error('boom');
^
Error: boom
at param (test.js:3:11)
at test.js:4:5
at test.js:6:3
The stacktrace with this patch:
test.js:3: Error: boom
throw new Error('boom');
^
Error: boom
at test.js:3:11
at test.js:4:5
at test.js:6:3
Bug: v8:6822, v8:6513
Change-Id: Ifbadc660fc4e85248af405acd67c025f11662bd4
Reviewed-on: https://chromium-review.googlesource.com/742657
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49042}
With the existing platform API it is not possible to post foreground
tasks from background tasks. This is, however, required to implement
asynchronous compilation for WebAssembly. With this CL we add the
concept of a TaskRunner to the platform API. The TaskRunner contains
all data needed to post a foreground task and can be used both from a
foreground task and a background task. Eventually the TaskRunner should
replace the existing API.
In addition, this CL contains a default implementation of the
TaskRunner. This implementation has tempory workaround for platforms
which do not provide a TaskRunner implementation yet. This default
implementation should be deleted again when all platforms provide a
TaskRunner implementation.
R=rmcilroy@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6ea4a1c9da1eb9a19e8ce8f2163000dbc2598802
Reviewed-on: https://chromium-review.googlesource.com/741588
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49041}
This CL contains the base implementation for logging function events.
Currently only compiler events are support (compile, compile-lazy...),
future CLs will enable log events for parsing and first-time exeuction
of functions.
Bug: chromium:757467
Change-Id: Ia705979190a3ebc1009989610483a7a141bc504b
Reviewed-on: https://chromium-review.googlesource.com/743921
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49040}
This reverts commit ecd3a2ea3e.
Reason for revert: Bug 779509, a crash with chrome.
Original change's description:
> [TurboFan] Remove maximum inlining levels check from inlining heuristics
>
> We have a check on maximum number of levels that can be inlined. This
> in some cases causes performance cliffs, when we cannot inline a small
> function because it has exceeded the number of levels. This cl removes
> that check. The intuition is that, having gone down several levels in
> a particular line stopping inlining that chain and exploring a new
> call site may not be beneficial.
>
> Bug: v8:6871
> Change-Id: I120056db38e78ce48dff010b6cf994259238582a
> Reviewed-on: https://chromium-review.googlesource.com/741705
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49009}
TBR=mythria@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:6871
Change-Id: I4766f911cb326c224af110be5c0dd7a44362a880
Reviewed-on: https://chromium-review.googlesource.com/743785
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49037}
Test that console.time/End/Stamp properly show up in the log file.
Change-Id: I99904e20fc98811ed3e3b5e5a9d186b459b8d4be
Reviewed-on: https://chromium-review.googlesource.com/743020
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49035}
This proceeds the experiment using the legacy bots, since luci bots
are blocked on https://crbug.com/776734.
NOTRY=true
Bug: chromium:772816, chromium:776734
Change-Id: I7532e04e98a96d69dbeefcd6edf66fb0cddbe111
Reviewed-on: https://chromium-review.googlesource.com/743365
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49034}
Following up on adding n-ary nodes, this extends the parser and
interpreter to support n-ary logical operations.
Bug: v8:6964
Bug: chromium:731861
Change-Id: Ife2141c389b9abccd917ab2aaddf399c436ef777
Reviewed-on: https://chromium-review.googlesource.com/735497
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49029}
The bytecode interpreter nor TF rely on the explicit return value of store ICs anymore, so we can just return whatever is in the result slot. It won't be visible to JS anyway.
Bug:
Change-Id: I389615d1d77c5b050832f23a08e3d3bc07d9cbc6
Reviewed-on: https://chromium-review.googlesource.com/743366
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49027}
This is preparation for supporting OOB loads from strings, which
requires the KeyedLoadIC to track this information.
Bug: v8:6936, v8:7014
Change-Id: Ide132244ee523397dd418d21fe3377976f6633fd
Reviewed-on: https://chromium-review.googlesource.com/743481
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49026}
This reverts commit 32141e93ff.
Reason for revert: Got merged to stable end of last week.
Original change's description:
> Disable --turbo-inline-array-builtins by default.
>
> Current chrome stable has a high number of crashes due to bugs in
> this feature. These bugs are already fixed but the fixes are hard
> to merge back. Therefore we decided to disable the feature in stable.
> This CL is intended to be merged to stable and then reverted in tot.
>
> Bug: chromium:762020
> Change-Id: Ibd5a08e3b303a204fb84a408271a1c0f97cc5b7b
> Reviewed-on: https://chromium-review.googlesource.com/738176
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48931}
TBR=jarin@chromium.org,neis@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:762020
Change-Id: Id1fe2f417e09a7b451484fc16710b09469cdb74d
Reviewed-on: https://chromium-review.googlesource.com/743321
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49025}
The CheckSeqString operator unnecessarily materialized two bits for the
separate conditions, but we can actually check for SeqString with just a
single mask instead, which saves the intermediate computations and two
registers.
Bug: v8:5267
Change-Id: Ib937a5a4eebdc271a2bbbc6f074f5992e06b2fa9
Reviewed-on: https://chromium-review.googlesource.com/741702
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49023}
This was discovered on the babel test of the web-tooling-benchmark,
which suffers from a high %KeyedGetProperty overhead, and most of
these calls come from the fact that the KeyedLoadIC_Megamorphic bails
out to the runtime call for all String instance types. Just handling
in-bound accesses to characters reduces the overhead incurred by
%KeyedGetProperty from roughly 9% to roughly 2% only.
This reduces the number of runs per second on the babel test by around
7-8% on average.
Bug: v8:6936, v8:7014
Change-Id: I0dc247d7d6457c7032636d2852cb54cef1b24979
Reviewed-on: https://chromium-review.googlesource.com/743012
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49021}
Interpreter entries may be called from wasm functions, when debugging.
That means that, when moving on the native heap, interpreter entries
need to be native, too. That means they cannot reference movable GC
objects.
The only such reference was to the instance object, which is needed
in the WasmRunInterpreter runtime function. We can fetch the instance
using GetWasmInstanceOnTop() instead.
Bug: v8:6876
Change-Id: I7198a849cc0e441b057537a570a3dfa6f3197149
Reviewed-on: https://chromium-review.googlesource.com/742391
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49019}
