Since JumpLoop is always backwards, and other jumps are always forwards,
we can store the jump offset as an always positive integer and decide on
the jump direction based on the bytecode. This will save a small amount
of space for large-ish for loops (>128 bytecodes).
Review-Url: https://codereview.chromium.org/2641443002
Cr-Commit-Position: refs/heads/master@{#42638}
Speculative reason for issue 684481.
BUG=chromium:684481
TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,
Original issue's description:
> [Parse] ParseInfo owns the parsing Zone.
>
> Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
> in preperation for enabling background compilation jobs for inner functions
> share the AST in the outer-function's parse zone memory (read-only), with the
> and zone being released when all compilation jobs have completed.
>
> BUG=v8:5203, v8:5215
> Review-Url: https://codereview.chromium.org/2632123006
> Cr-Commit-Position: refs/heads/master@{#42562}
> Committed: 4b0101d369
Review-Url: https://codereview.chromium.org/2648383005
Cr-Commit-Position: refs/heads/master@{#42633}
We can share almost all of the architecture-specific builtin code with super-call-with-spread.
Info to port-writers: The code in CheckSpreadAndPushToStack has changed slightly from what was in Generate_ConstructWithSpread, in that we take the length of the spreaded parameters from the JSArray rather than the FixedArray backing store.
BUG=v8:5511
Review-Url: https://codereview.chromium.org/2649143002
Cr-Commit-Position: refs/heads/master@{#42632}
The "sloppy eval in default param" cases will be useful for the future
tests which assert that parser and preparser produce the same scopes.
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2644333002
Cr-Commit-Position: refs/heads/master@{#42625}
Implement stepping by remembering the current step action in the wasm
interpreter handle in WasmDebugInfo, and using it when continuing
execution in the interpreter.
The control flow is as follows: After module compilation, the user sets
a breakpoint in wasm. The respective function is redirected to the
interpreter and the breakpoint is set on the interpreter. When it is
hit, we notify all debug event listeners, which might prepare stepping.
When returning from these listeners, before continuing execution, we
check whether stepping was requested and continue execution in the
interpreter accordingly.
Stepping from Wasm to JS and vice versa will be implemented and tested
in a follow-up CL. Testing this requires breakpoints and stepping in
Wasm to be exposed via the inspector interface, such that we can write
an inspector test. This mixed JS-Wasm-execution is hard to set up in a
cctest.
R=titzer@chromium.org, yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2649533002
Cr-Commit-Position: refs/heads/master@{#42624}
Check that number of properties < Code:kMaxArguments when object
destructuring with a rest property otherwise throw an error.
BUG=v8:5549
Review-Url: https://codereview.chromium.org/2650863002
Cr-Commit-Position: refs/heads/master@{#42613}
Also introduces FFIType separate from MachineType for express ffi
signatures.
BUG=v8:4456
Review-Url: https://codereview.chromium.org/2639163004
Cr-Commit-Position: refs/heads/master@{#42612}
Atomics.wait is a function which may block, which is not allowed on the
main thread. Since V8 doesn't know whether a particular isolate is the
"main thread", this CL adds an option to Isolate::CreateParams to choose
whether this function is allowed.
Review-Url: https://codereview.chromium.org/2642293002
Cr-Commit-Position: refs/heads/master@{#42611}
Manipulating the signaling NaN used for the hole and uninitialized double
field sentinel in C++, e.g. with bit_cast or HeapNumber::value()/set_value(),
will change its value on ia32 (the x87 stack is used to return values and
stores to the stack silently clear the signalling bit).
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2652553003
Cr-Commit-Position: refs/heads/master@{#42609}
Also fixes check for table segments to be performed against actual size not declared one.
Makes us pass memory.wast and linking.wast tests (modulo issue 5860).
R=titzer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2649553002
Cr-Commit-Position: refs/heads/master@{#42607}
Port the fast path for accessor inlining to cached property names from
Crankshaft to TurboFan. This constant-folds accesses to document in a
script.
R=jochen@chromium.org
BUG=v8:5548
Review-Url: https://codereview.chromium.org/2646363003
Cr-Commit-Position: refs/heads/master@{#42600}
We do not want to reserve space in the backing store for index keys.
Count index keys during creation of the BoilerplateDescription, and
substract them for the backing store size.
Correctly count index keys after encountering a property with
a computed name during object literal creation.
R=verwaest@chromium.org
BUG=v8:5625
Review-Url: https://codereview.chromium.org/2651523002
Cr-Commit-Position: refs/heads/master@{#42598}
The CL #42545 (https://codereview.chromium.org/2639353002 ) add SignallingNanSurvivesI32ReinterpretF32/SignallingNanSurvivesI64ReinterpretF64 tests.
Those tests failed at x87 port as X87 FPU hardware will convert a sNaN to qNaN automatically.
This CL skips SignallingNanSurvivesI32ReinterpretF32/SignallingNanSurvivesI64ReinterpretF64 tests for x87.
BUG=
Review-Url: https://codereview.chromium.org/2649843002
Cr-Commit-Position: refs/heads/master@{#42591}
Property backing store size for object literals is
the number of constant and named properties (possibly
over-allocating for the same names).
We do not reserve space in the backing store for __proto__.
We do not reserve space in the backing store for index keys.
Currently, we account for index keys in the runtime when iterating
over the boilerplate properties. Since the boilerplate properties
only include the properties up to the first computed property
name, the property backing store size includes space for index keys
if seen after the first computed property.
R=verwaest@chromium.org
BUG=v8:5625
Review-Url: https://codereview.chromium.org/2650593002
Cr-Commit-Position: refs/heads/master@{#42584}
Reason for revert:
Blocks roll https://codereview.chromium.org/2647183002/
Original issue's description:
> [build] Introduce an embedder version string
>
> Sometimes, the embedder might want to merge a fix to an abandoned branch
> or to a supported branch but the fix is not relevant to Chromium.
> This adds a new version string that the embedder can set on compile time
> and that will be appended to the official V8 version.
> The separator must be provided in the string. For instance, to have a
> full version string like "5.5.372.37.custom.1", the embedder must set
> V8_EMBEDDER_STRING to ".custom.1".
>
> Related Node.js issue: https://github.com/nodejs/node/pull/9754
>
> BUG=v8:5740
> R=machenbach@chromium.org,hablich@chromium.com,ofrobots@google.com
>
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
>
> Review-Url: https://codereview.chromium.org/2619213002
> Cr-Original-Commit-Position: refs/heads/master@{#42175}
> Committed: fc86d4329b
> Review-Url: https://codereview.chromium.org/2619213002
> Cr-Commit-Position: refs/heads/master@{#42582}
> Committed: 2c1d1e6088TBR=hablich@chromium.com,machenbach@chromium.org,ofrobots@google.com,mic.besace@gmail.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5740
Review-Url: https://codereview.chromium.org/2643393004
Cr-Commit-Position: refs/heads/master@{#42583}
Sometimes, the embedder might want to merge a fix to an abandoned branch
or to a supported branch but the fix is not relevant to Chromium.
This adds a new version string that the embedder can set on compile time
and that will be appended to the official V8 version.
The separator must be provided in the string. For instance, to have a
full version string like "5.5.372.37.custom.1", the embedder must set
V8_EMBEDDER_STRING to ".custom.1".
Related Node.js issue: https://github.com/nodejs/node/pull/9754
BUG=v8:5740
R=machenbach@chromium.org,hablich@chromium.com,ofrobots@google.com
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
Review-Url: https://codereview.chromium.org/2619213002
Cr-Original-Commit-Position: refs/heads/master@{#42175}
Committed: fc86d4329b
Review-Url: https://codereview.chromium.org/2619213002
Cr-Commit-Position: refs/heads/master@{#42582}
E.g., ast/ast.h uses Label but shouldn't need to include assembler.h for that. With
this change, we can hope for proper layering in the future (not quite there
yet).
Also includes minor random include lowering and relevant IWYU fixes.
BUG=v8:5294
Review-Url: https://codereview.chromium.org/2645063002
Cr-Commit-Position: refs/heads/master@{#42563}
Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
in preperation for enabling background compilation jobs for inner functions
share the AST in the outer-function's parse zone memory (read-only), with the
and zone being released when all compilation jobs have completed.
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2632123006
Cr-Original-Commit-Position: refs/heads/master@{#42539}
Committed: 839b06b64f
Review-Url: https://codereview.chromium.org/2632123006
Cr-Commit-Position: refs/heads/master@{#42562}
Test that setting breakpoints works for wasm, and that they are hit
correctly.
This basically tests all the layers involved: Compiling and running
wasm interpreter entries, passing arguments to the interpreter, storing
break point infos in wasm objects, getting the right BreakLocation from
wasm frames, and getting stack information from interpreted frames.
BUG=v8:5822
R=titzer@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2629883002
Cr-Commit-Position: refs/heads/master@{#42560}
The index input of load and store nodes has to be of type int32. However
it is still possible that this index input was lowered by the
Int64Lowering, for example if the index was a kTruncateInt64ToInt32
node. With this CL we check if there exists a replacement of the index
and if so, use the replacement instead of the original index as the
input for the lowered load and store nodes.
BUG=v8:5874
R=titzer@chromium.org, eholk@chromium.org
Review-Url: https://codereview.chromium.org/2644603004
Cr-Commit-Position: refs/heads/master@{#42559}
This particular test case is a hack that abuses Turbofan to
generate code that contains a switch table. Now that some
builtins use the CodeStubAssembler to implement switch tables
we don't need this test case anymore.
TBR=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2645943003
Cr-Commit-Position: refs/heads/master@{#42553}
The %_ValueOf intrinsic is not used anymore and the runtime call
%ValueOf will also disappear once all the self hosted builtins are
migrated.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2642303003
Cr-Commit-Position: refs/heads/master@{#42544}
Reason for revert:
Crashes on Windows in:
CompilerDispatcherJobTest.CompileFailureToFinalize
CompilerDispatcherJobTest.ScopeChain
Original issue's description:
> [Parse] ParseInfo owns the parsing Zone.
>
> Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
> in preperation for enabling background compilation jobs for inner functions
> share the AST in the outer-function's parse zone memory (read-only), with the
> and zone being released when all compilation jobs have completed.
>
> BUG=v8:5203,v8:5215
>
> Review-Url: https://codereview.chromium.org/2632123006
> Cr-Commit-Position: refs/heads/master@{#42539}
> Committed: 839b06b64fTBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2645613008
Cr-Commit-Position: refs/heads/master@{#42542}
Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
in preperation for enabling background compilation jobs for inner functions
share the AST in the outer-function's parse zone memory (read-only), with the
and zone being released when all compilation jobs have completed.
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2632123006
Cr-Commit-Position: refs/heads/master@{#42539}
- builtins-ic.cc takes the place of the AccessorAssembler shim
- AccessorAssemblerImpl can then be renamed
- some cleanup in code-factory.cc
- drop old _TF name suffixes
- fix Generate##Name##Impl in TF_BUILTIN macro
Review-Url: https://codereview.chromium.org/2647493002
Cr-Commit-Position: refs/heads/master@{#42520}
Make wasm code generation (including deserialization) aware of
allow_codegen_callback - if one were set by the host - akin to what we
do for `eval`.
This allows web pages that opt out of unsafe-eval to also opt out of
wasm scenarios.
BUG=v8:5869
Review-Url: https://codereview.chromium.org/2646713002
Cr-Commit-Position: refs/heads/master@{#42519}
Reason for revert:
compilation problems on mips
Original issue's description:
> [wasm] Fix I32ReinterpretF32 and I64ReinterpretF64 on ia32.
>
> On ia32 return statements in C++ automatically convert signalling NaNs
> to quiet NaNs, even when bit_cast is used. This CL removes all uses of
> bit_cast<float> and bit_cast<double> in the wasm compiler and wasm
> interpreter.
>
> R=titzer@chromium.org, clemensh@chromium.org
>
> Review-Url: https://codereview.chromium.org/2639353002
> Cr-Commit-Position: refs/heads/master@{#42512}
> Committed: 7739affa5bTBR=clemensh@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2645693003
Cr-Commit-Position: refs/heads/master@{#42514}
Also update a call in cctest to check the result.
BUG=chromium:681843
Review-Url: https://codereview.chromium.org/2647573003
Cr-Commit-Position: refs/heads/master@{#42513}
On ia32 return statements in C++ automatically convert signalling NaNs
to quiet NaNs, even when bit_cast is used. This CL removes all uses of
bit_cast<float> and bit_cast<double> in the wasm compiler and wasm
interpreter.
R=titzer@chromium.org, clemensh@chromium.org
Review-Url: https://codereview.chromium.org/2639353002
Cr-Commit-Position: refs/heads/master@{#42512}
Currently PropertyConstness is still in sync with PropertyLocation.
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2591233002
Cr-Commit-Position: refs/heads/master@{#42497}
Since the script origin is part of the key used in the compilation
cache, this ensures that the cache never confuses a module with a
non-module script.
BUG=v8:1569,v8:5685
Review-Url: https://codereview.chromium.org/2611643002
Cr-Commit-Position: refs/heads/master@{#42490}
The IA32AddPair and IA32SubPair instructions were using an input register as a
temporary value, which led to registers sometimes being clobbered when they
shouldn't have been. This led to problems, for example, in calling printf to
format doubles:
printf("%f", 1.2345) => 0.61725 (on x86)
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5800
Review-Url: https://codereview.chromium.org/2637583002
Cr-Commit-Position: refs/heads/master@{#42486}
This CL implements ldrex, ldrexb, ldrexh, strex, strexb, and strexh in the
Simulator. These instructions provide "exclusive" access, which provides mutual
exclusion for concurrent threads of execution.
The ARM specification gives some leeway to implementors, but essentially
describes each processor as having Local Monitor and Global Monitor. The Local
Monitor is used to check the exclusivity state without having to synchronize
with other processors. The Global Monitor is shared between processors. We
model both to make it easier to match behavior with the spec.
When running with multiple OS threads, each thread has its own isolate, and
each isolate has its own Simulator. The Local Monitor is stored directly on the
Simulator, and the Global Monitor is stored as a lazy singleton. The Global
Monitor maintains a linked-list of all Simulators.
All loads/stores (even non-exclusive) are guarded by the Global Monitor's mutex.
BUG=v8:4614
Review-Url: https://codereview.chromium.org/2006183004
Cr-Commit-Position: refs/heads/master@{#42481}
Reason for revert:
Causes a few bugs caught by clusterfuzz.
Original issue's description:
> [Ignition/turbo] Add a CallWithSpread bytecode.
>
> Also, emit a NewWithSpread bytecode for CallNew AST nodes where possible, rather than desugaring in the parser.
>
> BUG=v8:5511
>
> Review-Url: https://codereview.chromium.org/2629363002
> Cr-Commit-Position: refs/heads/master@{#42455}
> Committed: 4bae43471dTBR=bmeurer@chromium.org,rmcilroy@chromium.org,verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5511
Review-Url: https://codereview.chromium.org/2642843002
Cr-Commit-Position: refs/heads/master@{#42470}
Also, emit a NewWithSpread bytecode for CallNew AST nodes where possible, rather than desugaring in the parser.
BUG=v8:5511
Review-Url: https://codereview.chromium.org/2629363002
Cr-Commit-Position: refs/heads/master@{#42455}
Non-capturing groups so far did not have any effect, so we elided
them in the regexp parser. However, they do affect how lookarounds
are parsed: in unicode mode, lookarounds are not quantifiable. They
are however if wrapped in a group.
BUG=v8:5845
Review-Url: https://codereview.chromium.org/2636883002
Cr-Commit-Position: refs/heads/master@{#42436}
This rewrites the rest property into a runtime call which sets up the
correct properties in the newly created object.
- Changes flag to --harmony-object-rest-spread
- Changes pattern rewriter to desugar rest property
- Adds new runtime function CopyDataPropertiesWithExcludedProperties
BUG=v8:5549
Review-Url: https://codereview.chromium.org/2620943002
Cr-Commit-Position: refs/heads/master@{#42430}
Reduce duplication of the inner function declaration + now we get the
test for inner arrow functions for free (if we later implement lazy
inner arrow functions).
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2637003005
Cr-Commit-Position: refs/heads/master@{#42412}
Background: the first page of each space is implicitly immovable.
Recently, our builtin code objects have reached a size at which we
fill up the first page of code space during initialization. Once
that occurs, newly requested allocations of immovable code are
allocated in a large object space page of 512K.
This CL mitigates these effects by simply marking pages as immovable
during snapshot creation instead of going into LO space.
On snapshot builds, this should just work: deserialized pages are
trimmed and marked immovable when deserialization finishes.
However, non-snapshot builds and allocations of immovable CEntryStub
code at runtime are still affected.
BUG=v8:5831
Review-Url: https://codereview.chromium.org/2635973002
Cr-Commit-Position: refs/heads/master@{#42411}
The resume trampolin used to call the generator function with the context of the
last suspension rather than the closure's context. While that was fine for
Ignition, Turbofan got utterly confused. With this CL, the resume trampolin
always passes in the closure's context (like in the very first call of the
generator function). The generator function itself then restores its previously
current context by reading it from the generator object and doing a
PushContext.
BUG=chromium:681171
Review-Url: https://codereview.chromium.org/2639533002
Cr-Commit-Position: refs/heads/master@{#42407}
Instead, it is supposed to just return an empty context if it failed.
Also don't invoke interceptors (we don't for the parts that deserialize
from the snapshot anyways).
BUG=v8:5830
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2636903002
Cr-Commit-Position: refs/heads/master@{#42404}
Creates an AstStringConstants container which pre-initializes the
string constants used by AstValueFactory. This ensures that all
AstValueFactories will produce the same AstValue objects for constants,
and so they can be used by the BytecodeGenerator without having to pass
the AstValueFactory to it, enabling construction off-thread.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2630343002
Cr-Original-Commit-Position: refs/heads/master@{#42381}
Committed: d611496b8e
Review-Url: https://codereview.chromium.org/2630343002
Cr-Commit-Position: refs/heads/master@{#42394}
- Adds vmin, vmax for FP and integer vectors, both signed and unsigned.
- Regularizes switching logic in disasm and simulator for special codes
4 and 6.
- Factors vrecpe, vrsqrte, vrecps, vrsqrts into helper fns.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2623993006
Cr-Commit-Position: refs/heads/master@{#42385}
Reason for revert:
Seems to break modules-namespace2 on gcstress.
Original issue's description:
> [Parser] Introduce AstStringConstants to share constants across AstValueFactory
>
> Creates an AstStringConstants container which pre-initializes the
> string constants used by AstValueFactory. This ensures that all
> AstValueFactories will produce the same AstValue objects for constants,
> and so they can be used by the BytecodeGenerator without having to pass
> the AstValueFactory to it, enabling construction off-thread.
>
> BUG=v8:5203
>
> Review-Url: https://codereview.chromium.org/2630343002
> Cr-Commit-Position: refs/heads/master@{#42381}
> Committed: d611496b8eTBR=ahaas@chromium.org,marja@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2638783002
Cr-Commit-Position: refs/heads/master@{#42382}
Creates an AstStringConstants container which pre-initializes the
string constants used by AstValueFactory. This ensures that all
AstValueFactories will produce the same AstValue objects for constants,
and so they can be used by the BytecodeGenerator without having to pass
the AstValueFactory to it, enabling construction off-thread.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2630343002
Cr-Commit-Position: refs/heads/master@{#42381}
- Generalize the sloppy block function data structures to allow
PreParser adding and hoisting sloppy block funcs.
- This completes PreParser scope analysis.
BUG=v8:5501, v8:5516
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2636543002
Cr-Commit-Position: refs/heads/master@{#42368}
Now we can add a constness bit to the PropertyDetails.
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2629423002
Cr-Commit-Position: refs/heads/master@{#42366}
With this CL, context loads and stores are "strengthened" by reducing
the incoming context chain and decreasing the depth accordingly,
whenever possible. This enables more opportunities for specialization
and will let us easily add module context specialization later.
BUG=
Review-Url: https://codereview.chromium.org/2559173003
Cr-Commit-Position: refs/heads/master@{#42334}
The simulator implements these exactly, but on ARM hardware,
the estimates are not exact, so CHECK_EQ will fail. This CL adds
a tolerance to the checks.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2628153003
Cr-Commit-Position: refs/heads/master@{#42320}
Reason for revert:
OK, the failure really does seem to be due to this patch: It triggers Clang to crash
FAILED: obj/test/unittests/unittests/function-body-decoder-unittest.obj
E:\b\build\slave\cache\cipd\goma/gomacc.exe ../../third_party/llvm-build/Release+Asserts/bin/clang-cl.exe /nologo /showIncludes /FC @obj/test/unittests/unittests/function-body-decoder-unittest.obj.rsp /c ../../test/unittests/wasm/function-body-decoder-unittest.cc /Foobj/test/unittests/unittests/function-body-decoder-unittest.obj /Fd"obj/test/unittests/unittests_cc.pdb"
Assertion failed: (NumGaps == 0 || Bias < MaxDefRange) && "large ranges should not have gaps", file E:\b\build\slave\win_upload_clang\build\src\third_party\llvm\lib\MC\MCCodeView.cpp, line 531
Wrote crash dump file "C:\Users\CHROME~2\AppData\Local\Temp\goma_temp.5068\clang-cl.exe-563144.dmp"
Let's leave it out for now.
Original issue's description:
> Reland of [wasm] Enforce that function bodies end with the \"end\" opcode. (patchset #1 id:1 of https://codereview.chromium.org/2628883006/ )
>
> Reason for revert:
> Try a reland; this might not have been the source of tree-closing.
>
> Original issue's description:
> > Revert of [wasm] Enforce that function bodies end with the \"end\" opcode. (patchset #3 id:40001 of https://codereview.chromium.org/2630553002/ )
> >
> > Reason for revert:
> > Caused tree to close by failing compilation:
> >
> > https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20clang/builds/4451
> >
> > Original issue's description:
> > > [wasm] Enforce that function bodies end with the \"end\" opcode.
> > >
> > > R=rossberg@chromium.org
> > > BUG=chromium:575167
> > >
> > > Review-Url: https://codereview.chromium.org/2630553002
> > > Cr-Commit-Position: refs/heads/master@{#42286}
> > > Committed: fcc6e85ec6
> >
> > TBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
> > # Skipping CQ checks because original CL landed less than 1 days ago.
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=chromium:575167
> >
> > Review-Url: https://codereview.chromium.org/2628883006
> > Cr-Commit-Position: refs/heads/master@{#42287}
> > Committed: 1d32a3989b
>
> TBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:575167
>
> Review-Url: https://codereview.chromium.org/2628203003
> Cr-Commit-Position: refs/heads/master@{#42296}
> Committed: e539bd8e0eTBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:575167
Review-Url: https://codereview.chromium.org/2633583002
Cr-Commit-Position: refs/heads/master@{#42298}
Reason for revert:
Try a reland; this might not have been the source of tree-closing.
Original issue's description:
> Revert of [wasm] Enforce that function bodies end with the \"end\" opcode. (patchset #3 id:40001 of https://codereview.chromium.org/2630553002/ )
>
> Reason for revert:
> Caused tree to close by failing compilation:
>
> https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20clang/builds/4451
>
> Original issue's description:
> > [wasm] Enforce that function bodies end with the \"end\" opcode.
> >
> > R=rossberg@chromium.org
> > BUG=chromium:575167
> >
> > Review-Url: https://codereview.chromium.org/2630553002
> > Cr-Commit-Position: refs/heads/master@{#42286}
> > Committed: fcc6e85ec6
>
> TBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:575167
>
> Review-Url: https://codereview.chromium.org/2628883006
> Cr-Commit-Position: refs/heads/master@{#42287}
> Committed: 1d32a3989bTBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:575167
Review-Url: https://codereview.chromium.org/2628203003
Cr-Commit-Position: refs/heads/master@{#42296}
Before, in `var p1 = p.then(() => {}) we would trigger the
before/after callbacks with p as the associated promise, but we must
call it with p1.
Also removes promise from PromiseReactionJobInfo.
Review-Url: https://codereview.chromium.org/2633443002
Cr-Commit-Position: refs/heads/master@{#42295}
This function was only needed for extrasUtils. Since it was simply
calling a builtin function, just expose that builtin instead. This
requires an arguments adapter frame for the builtin. As a drive-by
fix, also added an arguments adapter for the extrasUtils.resolvePromise
(and a regression test).
Other cleanup: removed unused native context slot for PROMISE_SET_AND_CREATE.
R=gsathya@chromium.org
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2626793003
Cr-Commit-Position: refs/heads/master@{#42284}
This is a necessary cleanup before introducing PropertyConstness bit.
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2624903003
Cr-Commit-Position: refs/heads/master@{#42277}
Reason for revert:
Blocks roll, ASan detects leaking ExternalStrings.
Original issue's description:
> Internalize strings in-place (reland^2)
>
> using newly introduced ThinStrings, which store a pointer to the actual,
> internalized string they represent.
>
> BUG=v8:4520
>
> (Previously landed as #42168 / af51befe69)
> (Previously landed as #42193 / 4c699e349a)
>
> Review-Url: https://codereview.chromium.org/2549773002
> Cr-Commit-Position: refs/heads/master@{#42235}
> Committed: ec45e6ed2eTBR=ishell@chromium.org,hpayer@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4520
Review-Url: https://codereview.chromium.org/2626893005
Cr-Commit-Position: refs/heads/master@{#42271}
Literal arrays and feedback vectors for a function can be garbage
collected if we don't have a rooted closure for the function, which
happens often. It's expensive to come back from this (recreating
boilerplates and gathering feedback again), and the cost is
disproportionate if the function was inlined into optimized code.
To guard against losing these arrays when we need them, we'll now
create literal arrays when creating the feedback vector for the outer
closure, and root them strongly in that vector.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2620753003
Cr-Original-Commit-Position: refs/heads/master@{#42258}
Committed: 3188780410
Review-Url: https://codereview.chromium.org/2620753003
Cr-Commit-Position: refs/heads/master@{#42264}
Reason for revert:
gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/8105
also on mac
Original issue's description:
> [TypeFeedbackVector] Root literal arrays in function literals slots
>
> Literal arrays and feedback vectors for a function can be garbage
> collected if we don't have a rooted closure for the function, which
> happens often. It's expensive to come back from this (recreating
> boilerplates and gathering feedback again), and the cost is
> disproportionate if the function was inlined into optimized code.
>
> To guard against losing these arrays when we need them, we'll now
> create literal arrays when creating the feedback vector for the outer
> closure, and root them strongly in that vector.
>
> BUG=v8:5456
>
> Review-Url: https://codereview.chromium.org/2620753003
> Cr-Commit-Position: refs/heads/master@{#42258}
> Committed: 3188780410TBR=bmeurer@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,mvstanton@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2626863004
Cr-Commit-Position: refs/heads/master@{#42260}
Literal arrays and feedback vectors for a function can be garbage
collected if we don't have a rooted closure for the function, which
happens often. It's expensive to come back from this (recreating
boilerplates and gathering feedback again), and the cost is
disproportionate if the function was inlined into optimized code.
To guard against losing these arrays when we need them, we'll now
create literal arrays when creating the feedback vector for the outer
closure, and root them strongly in that vector.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2620753003
Cr-Commit-Position: refs/heads/master@{#42258}
using newly introduced ThinStrings, which store a pointer to the actual,
internalized string they represent.
BUG=v8:4520
(Previously landed as #42168 / af51befe69)
(Previously landed as #42193 / 4c699e349a)
Review-Url: https://codereview.chromium.org/2549773002
Cr-Commit-Position: refs/heads/master@{#42235}
for debugging. This function is needed to pass increased heap limit
from the main DevTools isolate to the worker isolates it spawns.
BUG=chromium:675911
Review-Url: https://codereview.chromium.org/2624973003
Cr-Commit-Position: refs/heads/master@{#42228}
This API will allow DevTools to intercept out-of-memory condition,
increase the heap limit and schedule heap snapshot.
BUG=chromium:675911
Review-Url: https://codereview.chromium.org/2621873003
Cr-Commit-Position: refs/heads/master@{#42225}
Most notably, the interpreter now calls this stub instead of the
runtime.
BUG=
Review-Url: https://codereview.chromium.org/2619163004
Cr-Commit-Position: refs/heads/master@{#42218}
Reason for revert:
blocks roll, see: https://codereview.chromium.org/2628733002/
Debug mode runs into an Abort("External string expected, but not found").
Original issue's description:
> Internalize strings in-place (reland)
>
> using newly introduced ThinStrings, which store a pointer to the actual,
> internalized string they represent.
>
> BUG=v8:4520
>
> (Previously landed as #42168 / af51befe69.
>
> Review-Url: https://codereview.chromium.org/2549773002
> Cr-Commit-Position: refs/heads/master@{#42193}
> Committed: 4c699e349aTBR=ishell@chromium.org,hpayer@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4520
Review-Url: https://codereview.chromium.org/2625073002
Cr-Commit-Position: refs/heads/master@{#42212}
using newly introduced ThinStrings, which store a pointer to the actual,
internalized string they represent.
BUG=v8:4520
(Previously landed as #42168 / af51befe69.
Review-Url: https://codereview.chromium.org/2549773002
Cr-Commit-Position: refs/heads/master@{#42193}
- Refactor Dispatch tables to have separate function, signature tables
- New Relocation type for WasmFunctionTableReference, assembler, compiler support.
- RelocInfo helper functions for Wasm references
Review-Url: https://codereview.chromium.org/2627543003
Cr-Commit-Position: refs/heads/master@{#42192}
Reason for revert:
Seems to break the Chromium build: https://codereview.chromium.org/2619193005/
Message:
[1832/9671] CXX obj/v8/v8_base/version.o
FAILED: obj/v8/v8_base/version.o
/b/c/cipd/goma/gomacc ../../third_party/llvm-build/Release+Asserts/bin/clang++ -MMD -MF obj/v8/v8_base/version.o.d -DV8_DEPRECATION_WARNINGS -DDCHECK_ALWAYS_ON=1 -DUSE_UDEV -DUI_COMPOSITOR_IMAGE_TRANSPORT -DUSE_AURA=1 -DUSE_PANGO=1 -DUSE_CAIRO=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -DUSE_PROPRIETARY_CODECS -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD -DSAFE_BROWSING_DB_LOCAL -DCHROMIUM_BUILD -DENABLE_MEDIA_ROUTER=1 -DFIELDTRIAL_TESTING_ENABLED -DCR_CLANG_REVISION=289944-2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DV8_I18N_SUPPORT -DENABLE_HANDLE_ZAPPING -DV8_USE_EXTERNAL_STARTUP_DATA -DV8_TARGET_ARCH_X64 -DDEBUG -DU_USING_ICU_NAMESPACE=0 -DU_ENABLE_DYLOAD=0 -DU_STATIC_IMPLEMENTATION -DICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_FILE -I../.. -Igen -I../../v8 -I../../v8/include -I../../third_party/icu/source/common -I../../third_party/icu/source/i18n -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -funwind-tables -fPIC -pipe -B../../third_party/binutils/Linux_x64/Release/bin -fcolor-diagnostics -fdebug-prefix-map=/b/c/b/linux/src=. -m64 -march=x86-64 -pthread -g1 --sysroot=../../build/linux/debian_wheezy_amd64-sysroot -fvisibility=hidden -Xclang -load -Xclang ../../third_party/llvm-build/Release+Asserts/lib/libFindBadConstructs.so -Xclang -add-plugin -Xclang find-bad-constructs -Xclang -plugin-arg-find-bad-constructs -Xclang check-ipc -Wheader-hygiene -Wstring-conversion -Wtautological-overlap-compare -Werror -Wall -Wno-unused-variable -Wno-missing-field-initializers -Wno-unused-parameter -Wno-c++11-narrowing -Wno-covered-switch-default -Wno-deprecated-register -Wno-unneeded-internal-declaration -Wno-inconsistent-missing-override -Wno-shift-negative-value -Wno-undefined-var-template -Wno-nonportable-include-path -Wno-address-of-packed-member -Wsign-compare -Winconsistent-missing-override -Wshorten-64-to-32 -O3 -fno-ident -fdata-sections -ffunction-sections -fno-threadsafe-statics -fvisibility-inlines-hidden -std=gnu++11 -fno-rtti -fno-exceptions -Wno-deprecated -c ../../v8/src/version.cc -o obj/v8/v8_base/version.o
../../v8/src/version.cc:42:34: error: use of undeclared identifier 'V8_EMBEDDER_STRING'
const char* Version::embedder_ = V8_EMBEDDER_STRING;
^
1 error generated.
Original issue's description:
> [build] Introduce an embedder version string
>
> Sometimes, the embedder might want to merge a fix to an abandoned branch
> or to a supported branch but the fix is not relevant to Chromium.
> This adds a new version string that the embedder can set on compile time
> and that will be appended to the official V8 version.
> The separator must be provided in the string. For instance, to have a
> full version string like "5.5.372.37.custom.1", the embedder must set
> V8_EMBEDDER_STRING to ".custom.1".
>
> Related Node.js issue: https://github.com/nodejs/node/pull/9754
>
> BUG=v8:5740
> R=machenbach@chromium.org,hablich@chromium.com,ofrobots@google.com
>
> Review-Url: https://codereview.chromium.org/2619213002
> Cr-Commit-Position: refs/heads/master@{#42175}
> Committed: fc86d4329bTBR=hablich@chromium.com,machenbach@chromium.org,ofrobots@google.com,mic.besace@gmail.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5740
Review-Url: https://codereview.chromium.org/2621033002
Cr-Commit-Position: refs/heads/master@{#42182}
Sometimes, the embedder might want to merge a fix to an abandoned branch
or to a supported branch but the fix is not relevant to Chromium.
This adds a new version string that the embedder can set on compile time
and that will be appended to the official V8 version.
The separator must be provided in the string. For instance, to have a
full version string like "5.5.372.37.custom.1", the embedder must set
V8_EMBEDDER_STRING to ".custom.1".
Related Node.js issue: https://github.com/nodejs/node/pull/9754
BUG=v8:5740
R=machenbach@chromium.org,hablich@chromium.com,ofrobots@google.com
Review-Url: https://codereview.chromium.org/2619213002
Cr-Commit-Position: refs/heads/master@{#42175}
Now we have declarations too, so it doesn't matter whether preparser
produces the same unresolved variables as the parser.
BUG=v8:5501, v8:5516
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2623583004
Cr-Commit-Position: refs/heads/master@{#42174}
This adds tracking the following:
- Let / var declarations in for loops
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2616393002
Cr-Commit-Position: refs/heads/master@{#42169}
using newly introduced ThinStrings, which store a pointer to the actual,
internalized string they represent.
BUG=v8:4520
Review-Url: https://codereview.chromium.org/2549773002
Cr-Commit-Position: refs/heads/master@{#42168}
Reason for revert:
F32x4Add / Sub are still failing. I'll have to investigate on ARM hardware when I get back.
Original issue's description:
> [WASM] Fix failing Wasm SIMD F32x4 tests.
> - Perform lane checks using FP compare instead of reinterpret casts. 0 and -0
> will be different under I32 compare.
> - Some arithmetic operations can generate NaN results, such as adding -Inf
> and +Inf. Skip these tests until we have a way to do more sophisticated
> FP comparisons in the SIMD tests.
> - Eliminate a redundant F32x4 parameter for FP SIMD vector checking. We will only have this one FP type.
>
> LOG=N
> BUG=v8:4124
>
> Review-Url: https://codereview.chromium.org/2594043002
> Cr-Commit-Position: refs/heads/master@{#42154}
> Committed: 5560bbb498TBR=titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2624713002
Cr-Commit-Position: refs/heads/master@{#42162}
Deferred function call validation is required to support out of order
asm.js function declaration. Unfortunately, since we've started interleaving
validation and asm-wasm building, we don't check names are resolved until
the end.
Fortunately, undefined names can be detected from their CallType.
Check this at asm-typer time.
BUG=676797
R=aseemgarg@chromium.org,titzer@chromium.org
Review-Url: https://codereview.chromium.org/2615443003
Cr-Commit-Position: refs/heads/master@{#42158}
The original TF port didn't maintain the same semantics as the CS/runtime implementation, and in fact introduced a bug that grew capacity too slowly on
32-bit platforms.
R=ishell@chromium.org
LOG=N
Review-Url: https://codereview.chromium.org/2617393002
Cr-Commit-Position: refs/heads/master@{#42155}
- Perform lane checks using FP compare instead of reinterpret casts. 0 and -0
will be different under I32 compare.
- Some arithmetic operations can generate NaN results, such as adding -Inf
and +Inf. Skip these tests until we have a way to do more sophisticated
FP comparisons in the SIMD tests.
- Eliminate a redundant F32x4 parameter for FP SIMD vector checking. We will only have this one FP type.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2594043002
Cr-Commit-Position: refs/heads/master@{#42154}
This changes the NewClosure interface descriptor, but ignores
the additional vector/slot arguments for now. The feedback vector
gets larger, as it holds a space for each literal array. A follow-on
CL will constructively use this space.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2614373002
Cr-Commit-Position: refs/heads/master@{#42146}
Downside: this adds all kinds of weird includes in the .cc files.
(See design doc linked in the bug.)
BUG=v8:5402
Review-Url: https://codereview.chromium.org/2622503002
Cr-Commit-Position: refs/heads/master@{#42140}
This adds tracking the following:
- Declarations created by catch (potentially destructuring)
- Declarations created by for-each (potentially destructuring)
- Class declarations
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2617923003
Cr-Commit-Position: refs/heads/master@{#42129}
1) Fix confusion between for of and for in.
2) If a for loop doesn't declare its variables, no new variables
are introduced (the outer scope variables are used).
3) Add more cases for destructuring for and destructuring catch.
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2614023004
Cr-Commit-Position: refs/heads/master@{#42125}
Previously the message was "this is not defined" which is nonsensical.
BUG=v8:4407
Review-Url: https://codereview.chromium.org/2614053002
Cr-Commit-Position: refs/heads/master@{#42114}
Also moves most of the runtime function into TF. There are lots of
runtime calls but they happen only for the debug case so it's fine.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2611083002
Cr-Commit-Position: refs/heads/master@{#42109}
This patch adds parsing of spread object property.
-- Changes ParsePropertyName to parse Token::ELLIPSIS.
-- Throws if rest is encountered by setting a pattern error.
-- Adds a new PropertyKind enum (SPREAD)
-- Adds a new ObjectLiteralProperty::kind (SPREAD)
-- Adds a new harmony-object-spread flag and protects the parser code
with it.
-- Adds a new runtime function called CopyDataProperties
-- Does not add any support for this feature in fullcodegen.
-- Ignition calls out to a runtime function CopyDataProperties to
perform spread operation.
-- Move FastAssign from builtins-objects.cc to objects.cc
-- Refactor Builtin_ObjectAssign to use SetOrCopyDataProperties
Object rest will be implemented in a follow on patch.
BUG=v8:5549
Review-Url: https://codereview.chromium.org/2606833002
Cr-Commit-Position: refs/heads/master@{#42102}
Add a more efficient encoding for state values that have a large number of
optimized-out inputs.
Review-Url: https://codereview.chromium.org/2509623002
Cr-Commit-Position: refs/heads/master@{#42088}
This makes the context allocation less pessimistic in case of name
clash.
This is also required for being able to skip inner functions.
BUG=v8:5501, v8:5516
Review-Url: https://codereview.chromium.org/2610823003
Cr-Commit-Position: refs/heads/master@{#42087}
Add a feedback vector slot for computed property names in object
and class literals. Introduce new slot kind for storing
computed property names.
Change StaDataPropertyInLiteral to use the accumulator (again), so
we don't exceed Bytecodes::kMaxOperands.
We assume that most computed property names are
symbols. Therefore we should see performance
improvements, even if we deal with monomorphic ICs only.
This CL only collects feedback but does not use
it in Reduce() yet.
BUG=v8:5624
Review-Url: https://codereview.chromium.org/2587393006
Cr-Commit-Position: refs/heads/master@{#42082}
This moves the initialization of [[HomeObject]] for constructors from
the %DefineClass runtime function into the bytecode generator, and
makes it conditional (resolving an old TODO). As part of this refactor,
avoid a load of "prototype" by returning the class prototype from
%DefineClass.
This is one of many steps in moving more of class definition into
bytecode.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2610683003
Cr-Commit-Position: refs/heads/master@{#42072}
This removes all the promise allocation related methods from the CSA
and moves them PromiseBuiltinsAssembler with some edits.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2604273003
Cr-Commit-Position: refs/heads/master@{#42070}
This CL simplifies the relation between the wasm graph builder, the
wasm decoder, and the wasm module they work on.
BUG=
Review-Url: https://codereview.chromium.org/2612643002
Cr-Commit-Position: refs/heads/master@{#42056}
-- Removes remaning debug from promise.js and moves it to c++
-- Changes debug_id to be a smi in PromiseReactionJobInfo and
PromiseResolveThenableJobInfo.
-- Changes debug_name to be a smi in PromiseReactionJobInfo and
PromiseResolveThenableJobInfo.
-- Adds PromiseDebugActionName and PromiseDebugActionType enums
-- Adds PromiseDebugActionNameToString and
PromiseDebugActionTypeToString helper methods
-- Changes variable `status` to be int in runtime functions.
-- Changes debug_id to start from 1, not 0 for easier bookkeeping.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2606093002
Cr-Commit-Position: refs/heads/master@{#42052}
(Missing includes discovered during the objects.h splitting work.)
BUG=v8:5402
Review-Url: https://codereview.chromium.org/2610643002
Cr-Commit-Position: refs/heads/master@{#42029}
- Adds CodeAssembler::ConstructJS() to simplify calling JS functions as
constructors, used by NewPromiseCapability()
- Defines PromiseCapability as a special JSObject subclass, with a
non-exensible Map, and read-only non-configurable DataDescriptors which
point to its in-object fields. This allows its fields to be used by JS
builtins until there is no longer any need.
Currently, the performance benefit comes from
https://codereview.chromium.org/2567033003/, but does not appear to
regress performance in any significant way.
BUG=v8:5343
TBR=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2567333002
Cr-Commit-Position: refs/heads/master@{#42014}
Add machinery to Ignition and TurboFan to collect and consume
InternalizedString feedback for abstract and strict equality
comparisons. Here we can turn the comparison into a simple
pointer equality check.
R=jarin@chromium.org
BUG=v8:5786
Review-Url: https://codereview.chromium.org/2609013002
Cr-Commit-Position: refs/heads/master@{#42008}
This patch fixes OOM crash that happens for large heap where
the total size of edges exceeds 2GB, which is the hard limit
for v8::internal::List allocated using tcmalloc.
BUG=chromium:675911
Review-Url: https://codereview.chromium.org/2595003002
Cr-Commit-Position: refs/heads/master@{#42004}
This patch stores the promise, resolve, reject properties of the
deferred object created by CreateInternalPromiseCapability and
NewPromiseCapability directly on the promise (if the promise hasn't
been fulfilled), otherwise they are stored on the
PromiseReactionJobInfo.
This patch removes the currently unused
CreateInternalPromiseCapability and inlines the call to create the
deferred promise object.
NewPromiseCapability is the only function that works with a deferred.
This patch results in a 8.5% improvement in benchmarks over 5 runs.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2590563003
Cr-Commit-Position: refs/heads/master@{#41991}
Add test as well.
Add regression test for passing uninitialized promises to init hook
BUG=v8:4643
Review-Url: https://codereview.chromium.org/2578173004
Cr-Commit-Position: refs/heads/master@{#41982}
This syntax was formerly legal per ECMAScript, but has been a
SyntaxError for some time now. V8 deviates from spec in that it
is instead a runtime error; we'd like to know if we can get
away with removing it (at least in sloppy mode) or if the spec
should be changed.
c.f. https://github.com/tc39/ecma262/issues/257#issuecomment-195106880
Also add self to authors file
BUG=v8:4480
Review-Url: https://codereview.chromium.org/2599253002
Cr-Commit-Position: refs/heads/master@{#41960}
ECMA 402 v2 made Intl constructors more strict in terms of how they would
initialize objects, refusing to initialize objects which have already
been constructed. However, when Chrome tried to ship these semantics,
we ran into web compatibility issues.
This patch tries to square the circle and implement the simpler v2 object
semantics while including a compatibility workaround to allow objects to
sort of be initialized later, storing the real underlying Intl object
in a symbol-named property.
The new semantics are described in this PR against the ECMA 402 spec:
https://github.com/tc39/ecma402/pull/84
BUG=v8:4360, v8:4870
LOG=Y
Review-Url: https://codereview.chromium.org/2582993002
Cr-Commit-Position: refs/heads/master@{#41943}
Ignoring this linker warning will enable Chromium builds to start
treating all linker warnings as errors in Windows builds.
BUG=676417, 659007
Review-Url: https://codereview.chromium.org/2594013004
Cr-Commit-Position: refs/heads/master@{#41931}
Reason for revert:
Speculative revert because of blocked roll: https://codereview.chromium.org/2596013002/
Original issue's description:
> [TypeFeedbackVector] Root literal arrays in function literals slots
>
> Literal arrays and feedback vectors for a function can be garbage
> collected if we don't have a rooted closure for the function, which
> happens often. It's expensive to come back from this (recreating
> boilerplates and gathering feedback again), and the cost is
> disproportionate if the function was inlined into optimized code.
>
> To guard against losing these arrays when we need them, we'll now
> create literal arrays when creating the feedback vector for the outer
> closure, and root them strongly in that vector.
>
> BUG=v8:5456
>
> Review-Url: https://codereview.chromium.org/2504153002
> Cr-Commit-Position: refs/heads/master@{#41893}
> Committed: 93df094081TBR=bmeurer@chromium.org,mlippautz@chromium.org,mvstanton@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2597163002
Cr-Commit-Position: refs/heads/master@{#41917}
Odd numbered floating-point register shouldn't be used as compare register
on mips32r6 architecture. In case cpu switches to FRE mode, writes to odd
numbered single-precision fp register will update upper part of even
double-precision register, which will corrupt the even register.
BUG=
Review-Url: https://codereview.chromium.org/2591063003
Cr-Commit-Position: refs/heads/master@{#41916}
Reason for revert:
speculative revert: https://codereview.chromium.org/2596013002/
Original issue's description:
> [regexp] Remove IsRegExp intrinsic
>
> The two remaining uses of this intrinsic in debug.js and mirrors.js now
> simply rely on the runtime function.
>
> BUG=v8:5339
>
> Review-Url: https://codereview.chromium.org/2591923003
> Cr-Commit-Position: refs/heads/master@{#41892}
> Committed: c9cb94a06fTBR=bmeurer@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2592383002
Cr-Commit-Position: refs/heads/master@{#41915}
Change bytecode-expectations-printer.cc in the cctest application so
that intrinsic function names are printed rather than their native
context index.
This minimizes the amount of unnecessary changes to the bytecode
expectations that need to happen whenever the context fields are
changed.
BUG=v8:5769
R=neis@chromium.org, rmcilroy@chromium.org, adamk@chromium.org
Review-Url: https://codereview.chromium.org/2593823002
Cr-Commit-Position: refs/heads/master@{#41900}
On ARM Neon at least, denormals flush to zero, which may not match
regular FP behavior.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2598583002
Cr-Commit-Position: refs/heads/master@{#41895}
Literal arrays and feedback vectors for a function can be garbage
collected if we don't have a rooted closure for the function, which
happens often. It's expensive to come back from this (recreating
boilerplates and gathering feedback again), and the cost is
disproportionate if the function was inlined into optimized code.
To guard against losing these arrays when we need them, we'll now
create literal arrays when creating the feedback vector for the outer
closure, and root them strongly in that vector.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2504153002
Cr-Commit-Position: refs/heads/master@{#41893}
The two remaining uses of this intrinsic in debug.js and mirrors.js now
simply rely on the runtime function.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2591923003
Cr-Commit-Position: refs/heads/master@{#41892}
This is more renaming work to comply with the naming in the public
design repository. E.g. types are called "value types" and we no longer
refer to ASTs.
R=clemensh@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2594993002
Cr-Commit-Position: refs/heads/master@{#41891}
The new object will hold information which is shared by all clones of a
WasmCompiledModule, e.g. the decoded asm.js offset table, and in the
future also breakpoints. From there, we can set them on each new
instantiation of any clone.
While already changing lots of the code base, I also renamed all
getters from "get_foo" to "foo", to conform to the style guide.
R=titzer@chromium.org, yangguo@chromium.org
BUG=v8:5732
Review-Url: https://codereview.chromium.org/2591653002
Cr-Commit-Position: refs/heads/master@{#41862}
Currently, to find out a Promise's status and result, one has to use the
debug context. This is for example done in Node.js. This new API is a
better replacement, also in the context of the debug context being
deprecated eventually.
R=franzih@chromium.org, gsathya@chromium.org, jochen@chromium.org
BUG=v8:5764
Review-Url: https://codereview.chromium.org/2589113002
Cr-Commit-Position: refs/heads/master@{#41855}
Previously, the Intl.DateTimeFormat constructor and other related paths had
a bug where the options bag passed in would be modified in place. This patch
makes V8's Intl implementation follow the specification's logic to avoid
such a modification.
BUG=v8:4219
Review-Url: https://codereview.chromium.org/2587703002
Cr-Commit-Position: refs/heads/master@{#41826}
This CL implements GetPossibleBreakpoints for wasm, by iterating over
all functions in the requested range and returning the location of all
instructions within that range.
The connection to the inspector will be added later, when setting
breakpoint also works for wasm: http://crrev.com/2536763002
BUG=chromium:613110
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2588763002
Cr-Commit-Position: refs/heads/master@{#41818}
Encode the PropertyAttribute and whether the function
names must be set as a flag instead of setting two registers.
BUG=v8:5624
Review-Url: https://codereview.chromium.org/2586463002
Cr-Commit-Position: refs/heads/master@{#41812}
When executing wasm code for testing, we did not create a
WasmInstanceObject and link it to the generated code. This required
some special handling at runtime (mainly for stack trace generation).
This CL always provides the WasmInstanceObject, such that e.g. function
names can be resolved the usual way.
The module bytes referenced by the WasmCompiledModule linked with the
WasmInstanceObject do not hold a valid wasm module yet. Instead, we
just add the bytes we need, and make the objects in WasmModule point to
those bytes (currently only used for function names). Those bytes will
not be parsed at runtime anyway.
R=titzer@chromium.orgCC=jgruber@chromium.org
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2551053002
Cr-Commit-Position: refs/heads/master@{#41809}
The inspector cannot deal with breaking inside of debug-evaluate.
There is therefore no point in supporting that in the debugger.
The optional additional context parameter for debug-evaluate also
can be removed since it's not being used.
R=jgruber@chromium.org
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2580323002
Cr-Commit-Position: refs/heads/master@{#41791}
This is so that a NotSuperConstructor error is thrown before evaluating the
arguments to the super constructor. Besides updating the runtime function, a
new bytecode GetSuperConstructor is introduced.
BUG=v8:5336
Review-Url: https://codereview.chromium.org/2504553003
Cr-Commit-Position: refs/heads/master@{#41788}
This adds kInit, kResolve, kBefore and kAfter lifecycle hooks to promises.
This also exposes an API to set the PromiseHook.
BUG=v8:4643
Review-Url: https://codereview.chromium.org/2575313002
Cr-Commit-Position: refs/heads/master@{#41775}
Transform LdaNull/LdaUndefined followed by StrictEquality to TestNull/TestUndefined.
This would avoid a call to the compare IC. In the bytecode-graph builder these are
mapped to StrictEqual javascript operator. When reducing this operator, we already
optimize the cases for null/undefined.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2554723004
Cr-Commit-Position: refs/heads/master@{#41768}
Many websites use simple calls to String.prototype.indexOf with either a
one character ASCII needle or needles bigger than the search string. This
CL adds a TFJ builtin for these simple cases, giving up to factor 5 speedup.
Drive-by-fix: Add default Object type to Arguments.at
BUG=
Review-Url: https://codereview.chromium.org/2539093002
Cr-Commit-Position: refs/heads/master@{#41760}
If a context snapshot includes the global proxy constructor function, we
expect the incoming global proxy to have the correct instance size so
that we can reinitialize it with said constructor. However, when the
bootstrapper allocates a new global proxy, we need to know the expected
size.
We solve this by storing the size on the to-be-serialized isolate.
R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892
Review-Url: https://codereview.chromium.org/2585693002
Cr-Commit-Position: refs/heads/master@{#41756}
This introduces an explicit struct for the communication channel between
the {ArrayLiteral} AST node and the corresponding runtime methods. Those
methods take a pair of {ElementsKind} as well as an array (can either be
a FixedArray or a FixedDoubleArray) of constant values.
For bonus points it also reduces the size of the involved heap object by
one word (i.e. length field of FixedArray not needed anymore).
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2581683003
Cr-Commit-Position: refs/heads/master@{#41752}
The WasmRunner now always holds a TestingModule, and allows to add
several functions to it. The prepares a change to always run wasm code
with a full module behind it, removing the special handling for "no wasm
instance" at runtime (http://crrev.com/2551053002).
This CL here also templatizes the WasmRunner such that the Call method must
be called with the same signature specified for the WasmRunner. This
already catched several mismatches there.
R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2551043002
Cr-Original-Commit-Position: refs/heads/master@{#41728}
Committed: 2ff5906231
Review-Url: https://codereview.chromium.org/2551043002
Cr-Commit-Position: refs/heads/master@{#41747}
Reason for revert:
Win64 dbg failures
Original issue's description:
> [wasm] Make WasmRunner the central test structure
>
> The WasmRunner now always holds a TestingModule, and allows to add
> several functions to it. The prepares a change to always run wasm code
> with a full module behind it, removing the special handling for "no wasm
> instance" at runtime (http://crrev.com/2551053002).
> This CL here also templatizes the WasmRunner such that the Call method must
> be called with the same signature specified for the WasmRunner. This
> already catched several mismatches there.
>
> R=titzer@chromium.org, ahaas@chromium.org
> BUG=v8:5620
>
> Review-Url: https://codereview.chromium.org/2551043002
> Cr-Commit-Position: refs/heads/master@{#41728}
> Committed: 2ff5906231TBR=ahaas@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2583543002
Cr-Commit-Position: refs/heads/master@{#41732}
Instead of unconditionally setting maybe_assigned for parameters, treat
parameters like other variables except that at the end we set maybe_assigned if
the function has a sloppy arguments object.
R=adamk@chromium.org, mstarzinger@chromium.org
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2578103002
Cr-Commit-Position: refs/heads/master@{#41731}
The WasmRunner now always holds a TestingModule, and allows to add
several functions to it. The prepares a change to always run wasm code
with a full module behind it, removing the special handling for "no wasm
instance" at runtime (http://crrev.com/2551053002).
This CL here also templatizes the WasmRunner such that the Call method must
be called with the same signature specified for the WasmRunner. This
already catched several mismatches there.
R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2551043002
Cr-Commit-Position: refs/heads/master@{#41728}
If an accessor property is non-configurable, one should not be able
to re-declare it as a function. This specifically applies to special properties like window.location.
BUG=chromium:670596
Review-Url: https://codereview.chromium.org/2582493002
Cr-Commit-Position: refs/heads/master@{#41725}
Some instructions in WebAssembly trap for some inputs, which means that the
execution is terminated and (at least at the moment) a JavaScript exception is
thrown. Examples for traps are out-of-bounds memory accesses, or integer
divisions by zero.
Without the TrapIf and TrapUnless operators trap check in WebAssembly introduces 5
TurboFan nodes (branch, if_true, if_false, trap-reason constant, trap-position
constant), in addition to the trap condition itself. Additionally, each
WebAssembly function has four TurboFan nodes (merge, effect_phi, 2 phis) whose
number of inputs is linear to the number of trap checks in the function.
Especially for functions with high numbers of trap checks we observe a
significant slowdown in compilation time, down to 0.22 MiB/s in the sqlite
benchmark instead of the average of 3 MiB/s in other benchmarks. By introducing
a TrapIf common operator only a single node is necessary per trap check, in
addition to the trap condition. Also the nodes which are shared between trap
checks (merge, effect_phi, 2 phis) would disappear. First measurements suggest a
speedup of 30-50% on average.
This CL only implements TrapIf and TrapUnless on x64. The implementation is also
hidden behind the --wasm-trap-if flag.
Please take a special look at how the source position is transfered from the
instruction selector to the code generator, and at the context that is used for
the runtime call.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2562393002
Cr-Commit-Position: refs/heads/master@{#41720}
MIPS[64]R6 supports only fusion multiply-accumulate instructions, and using
these causes failures of several tests that expect exact floating-point
results. Therefore we disable fusion multiply-accumulate in both emitted and
compiled code on R6.
TEST=cctest/test-run-machops/RunFloat64MulAndFloat64Add1,mjsunit/es6/math-expm1.js
mjsunit/es6/math-fround.js,mjsunit/compiler/multiply-add.js
BUG=
Review-Url: https://codereview.chromium.org/2569683002
Cr-Commit-Position: refs/heads/master@{#41717}
Allocate the registers used as arguments to a call on-demand after visiting the
argument (or reciever). This means that the visited expression can use registers
that would otherwise have been allocated for arguments which haven't been
visited yet.
The reason for doing this is to avoid keeping things live in registers
unecessarily for chained function calls, which avoids a memory leak for
functions which chain a large number of calls with large temporary arguments /
recievers.
BUG=chromium:672027
Review-Url: https://codereview.chromium.org/2557173004
Cr-Commit-Position: refs/heads/master@{#41714}
Reason for revert:
LiveEdit is broken in some cases.
Original issue's description:
> Store SharedFunctionInfos of a Script in a FixedArray indexed by their ID
>
> Now that SharedFunctionInfos have a unique ID (and the IDs are dense),
> we can use them as an index into an array, instead of using a
> WeakFixedArray where we have to do a linear scan.
>
> Hooking up liveedit is a bit more involved, see
> https://docs.google.com/presentation/d/1FtNa3U7WsF5bPhY9uGoJG5Y9hnz5VBDabfOWpb4unWI/edit
> for an overview
>
> BUG=v8:5589
> R=verwaest@chromium.org,jgruber@chromium.org
>
> Committed: https://crrev.com/6595e7405769dc9d49e9568d61485efc6d468baf
> Cr-Commit-Position: refs/heads/master@{#41600}
TBR=jgruber@chromium.org,verwaest@chromium.org,yangguo@chromium.org,jochen@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5589,chromium:673950
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2578433002
Cr-Commit-Position: refs/heads/master@{#41684}
The assignment in default parameters (e.g., function foo(a = somedefault) { }
doesn't flow through PreParserFactory::NewAssignment even if the comment claims so.
Thus, piping through the variables is not needed.
Kudos to neis@ for pointing this out.
BUG=v8:5501
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2569983003
Cr-Commit-Position: refs/heads/master@{#41670}
Reason for revert:
Still flakes on ARM.
Original issue's description:
> [deoptimizer] Enable test that should no longer fail.
>
> R=jarin@chromium.org
> TEST=cctest/test-cpu-profiler/CollectDeoptEvents
>
> Committed: https://crrev.com/3f9c2c590d687562d6adb531d1159738c07013f4
> Cr-Commit-Position: refs/heads/master@{#41664}
TBR=jarin@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2568403003
Cr-Commit-Position: refs/heads/master@{#41667}
Generalize Messages to include an error level.
Add a parameter to AddMessageHandler to select which error levels to receive, using a mask (default being just errors, i.e. the current behavior).
BUG=v8:4203
R=dgozman@chromium.org,machenbach@chromium.org,danno@chromium.org,bmeurer@chromium.org,jochen@chromium.org
Review-Url: https://codereview.chromium.org/2526703002
Cr-Commit-Position: refs/heads/master@{#41648}
The evaluation order of this argument was accidentally changed when the
special-case was added for super calls with a final spread argument.
Review-Url: https://codereview.chromium.org/2563423002
Cr-Commit-Position: refs/heads/master@{#41633}
This fixes the corner-case where the method in question failed to lookup
the very last deoptimization bailout without subsequent entries within
the relocation info. Also enable a test covering this.
R=tebbi@chromium.org
TEST=cctest/test-cpu-profiler/CollectDeoptEvents
Review-Url: https://codereview.chromium.org/2565733002
Cr-Commit-Position: refs/heads/master@{#41623}
In the asm.js code translated to wasm, we call imported functions via a
WASM_TO_JS stub, which first calls the function and then calls ToNumber
on the return value. Exceptions can happen in both calls.
We were only ever reporting the location of the function call, whereas
asm.js code executed via turbofan reported the location of the type
coercion operator ("+" on "+foo()" or "|" on "foo()|0").
This CL implements the same behaviour for asm.js code translated to
wasm. The following is changed:
- the AsmWasmBuilder records the parent node when descending on a binary
operator (also "+foo()" is represented by a binary operation).
- it stores not one location per call in the source position side
table, but two (one for the call, one for the parent which does the
type coercion).
- the wasm compiler annotates the source positions "0" and "1" to the
two calls in the WASM_TO_JS wrapper (only if the module origin is
asm.js).
- the StackFrame::State struct now also holds the callee_pc_address,
which is set in ComputeCallerState. The WASM frame uses this
information to determine whether the callee frame is WASM_TO_JS, and
whether that frame is at the ToNumber conversion call.
- the same information is also stored in the FrameArray which is used
to reconstruct the stack trace later.
R=titzer@chromium.org, bradnelson@chromium.orgCC=jgruber@chromium.org
BUG=v8:4203,v8:5724
Committed: https://crrev.com/94cd46b55e24fa2bb7b06b3da4d5ba7f029bc262
Review-Url: https://codereview.chromium.org/2555243002
Cr-Original-Commit-Position: refs/heads/master@{#41599}
Cr-Commit-Position: refs/heads/master@{#41613}
The deserialization of the {Scope::asm_module} predicate relies on a
context being present for such modules. This ensures we always allocate
such a context, even in cases where no variables are allocated in it.
R=neis@chromium.org
TEST=cctest/test-parsing/AsmModuleFlag
BUG=v8:5653
Review-Url: https://codereview.chromium.org/2561103004
Cr-Commit-Position: refs/heads/master@{#41611}
This will be used in CSA to check if any promisehook is set.
-- Adds a is_promisehook_enabled_ field to the isolate and helper methods.
-- Adds this field to the ExternalReference table.
-- Adds a helper method to access this from CSA
Note -- this patch doesn't actually add the ability to attach the hook
yet.
BUG=v8:4643
Review-Url: https://codereview.chromium.org/2566483002
Cr-Commit-Position: refs/heads/master@{#41607}
Reason for revert:
gc-stress failures
Original issue's description:
> [wasm] Fix location for error in asm.js ToNumber conversion
>
> In the asm.js code translated to wasm, we call imported functions via a
> WASM_TO_JS stub, which first calls the function and then calls ToNumber
> on the return value. Exceptions can happen in both calls.
> We were only ever reporting the location of the function call, whereas
> asm.js code executed via turbofan reported the location of the type
> coercion operator ("+" on "+foo()" or "|" on "foo()|0").
>
> This CL implements the same behaviour for asm.js code translated to
> wasm. The following is changed:
> - the AsmWasmBuilder records the parent node when descending on a binary
> operator (also "+foo()" is represented by a binary operation).
> - it stores not one location per call in the source position side
> table, but two (one for the call, one for the parent which does the
> type coercion).
> - the wasm compiler annotates the source positions "0" and "1" to the
> two calls in the WASM_TO_JS wrapper (only if the module origin is
> asm.js).
> - during stack trace generation (in the StackTraceIterator), when we
> move from the WASM_TO_JS frame to the WASM frame, we remember at which
> call inside the WASM_TO_JS wrapper we are, and encode this information
> in the generated caller state, used for the WASM frame.
> - the same information is also stored in the FrameArray which is used
> to reconstruct the stack trace later.
>
> R=titzer@chromium.org, bradnelson@chromium.org
> CC=jgruber@chromium.org
> BUG=v8:4203,v8:5724
>
> Committed: https://crrev.com/94cd46b55e24fa2bb7b06b3da4d5ba7f029bc262
> Cr-Commit-Position: refs/heads/master@{#41599}
TBR=bradnelson@chromium.org,mstarzinger@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4203,v8:5724
Review-Url: https://codereview.chromium.org/2563613003
Cr-Commit-Position: refs/heads/master@{#41601}
In the asm.js code translated to wasm, we call imported functions via a
WASM_TO_JS stub, which first calls the function and then calls ToNumber
on the return value. Exceptions can happen in both calls.
We were only ever reporting the location of the function call, whereas
asm.js code executed via turbofan reported the location of the type
coercion operator ("+" on "+foo()" or "|" on "foo()|0").
This CL implements the same behaviour for asm.js code translated to
wasm. The following is changed:
- the AsmWasmBuilder records the parent node when descending on a binary
operator (also "+foo()" is represented by a binary operation).
- it stores not one location per call in the source position side
table, but two (one for the call, one for the parent which does the
type coercion).
- the wasm compiler annotates the source positions "0" and "1" to the
two calls in the WASM_TO_JS wrapper (only if the module origin is
asm.js).
- during stack trace generation (in the StackTraceIterator), when we
move from the WASM_TO_JS frame to the WASM frame, we remember at which
call inside the WASM_TO_JS wrapper we are, and encode this information
in the generated caller state, used for the WASM frame.
- the same information is also stored in the FrameArray which is used
to reconstruct the stack trace later.
R=titzer@chromium.org, bradnelson@chromium.orgCC=jgruber@chromium.org
BUG=v8:4203,v8:5724
Review-Url: https://codereview.chromium.org/2555243002
Cr-Commit-Position: refs/heads/master@{#41599}
Fix 7a6f294ffe.
The first correction enables correct execution DoMathMinMax when two
input registers are the same register.
The second correction adds NOP instructions after branch instructions
in tests macro_float_minmaxf(32|64).
TEST=cctest/test-macro-assembler-mips[64]/macro_float_minmax_f32
cctest/test-macro-assembler-mips[64]/macro_float_minmax_f64
mjsunit/regress/math-min
BUG=
Review-Url: https://codereview.chromium.org/2556793003
Cr-Commit-Position: refs/heads/master@{#41596}
Aside from the default snapshot, there is no need for additional context
snapshots to have the ability to replace the global proxy and global object
after deserialization. Changes include:
- Changes to the API to better distinguish default context snapshot from
additional context snapshots.
- Disallow global handles when creating snapshots.
- Allow extensions when creating snapshots.
This solves the issue of not being able to having accessors and interceptors on
the global object of contexts to be serialized.
R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892
Review-Url: https://codereview.chromium.org/2557743003
Cr-Commit-Position: refs/heads/master@{#41588}
The patch was reverted due to a bug - we failed to evict OSR-optimized
code in the case where the SharedFunctionInfo OptimizedCodeMap was
empty/cleared.
Since we OSR code rarely, it makes sense to store it and look for it on the native context rather than the SharedFunctionInfo. This makes the OptimizedCodeMap data structure more space efficient, as it doesn't have to store an ast ID for the OSR entry point.
Review-Url: https://codereview.chromium.org/2561083002
Cr-Commit-Position: refs/heads/master@{#41584}
This CL attempts to set the maybe-assigned flag for variables that are written
to as part of a destructuring or loop header.
For instance, in the following two cases we now mark x as maybe-assigned.
a) [x] = [1];
b) for (x of [1,2,3]) {};
There's more work to do here, this is just a first step.
R=adamk@chromium.org, mstarzinger@chromium.org
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2562443003
Cr-Commit-Position: refs/heads/master@{#41582}
Currently when the number passed to TryNumberToSize is 1 << 64,
it gets away with a bug caused by rounding of mantissa.
Then the number will be casted to 0 and TryNumberToSize
will return true. This patch fix this by making the range check
more accurate.
BUG=v8:5712
Review-Url: https://codereview.chromium.org/2548243004
Cr-Commit-Position: refs/heads/master@{#41578}
-- Moves promiseHasHandlerSymbol to inobject property
-- Ports PromiseResolveClosure to TF
-- Fix a non spec async-await test which fails now because we do a map
check for native promise check (instead of IsPromise). Changing the
constructor (in the test) invalidates the map check.
This patch results in a 7.1% performance improvement in the bluebird
benchmark (over 5 runs).
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2541283002
Cr-Commit-Position: refs/heads/master@{#41569}
jasongin@ created this patch.
dcc50445a3
This patch adds the support to emit a trace event by using a comma-separated
list of categories, so that the trace event will be emitted if there is at least
one category is enabled in the categories list.
TBR=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2558193002
Cr-Commit-Position: refs/heads/master@{#41567}
When v8 fails an access check, it invokes a helper to try to see if it
can service the request via an access check interceptor. Invoking the
access check interceptor can throw an exception (e.g. a SecurityError).
Unfortunately, the failed access check property helpers and the
interceptor helpers don't agree on how to propagate the exception: if
the interceptor helper detects a scheduled exception, it promotes the
exception to a pending exception and returns to the failed access check
property helper.
The failed access check property helper also has an early return in
case of a scheduled exception. However, this doesn't work, as the
previously thrown exception is no longer scheduled, as it's been
promoted to a pending exception. Thus, the failed access check property
helper always end up calling the failed access check callback as well.
Since Blink's implementation of the failed access check callback also
throws an exception, this conflicts with the previously-thrown,
already-pending exception.
With this patch, the failed access check property helpers check for a
pending exception rather than a scheduled exception after invoking the
interceptor, so the exception can be propagated correctly.
BUG=v8:5715
R=yangguo@chromium.org,jochen@chromium.org
Review-Url: https://codereview.chromium.org/2550423002
Cr-Commit-Position: refs/heads/master@{#41556}
Introduces:
- a new AST node representing the GetIterator() algorithm in the specification, to be used by ForOfStatement, YieldExpression (in the case of delegating yield*), and the future `for-await-of` loop proposed in http://tc39.github.io/proposal-async-iteration/#sec-async-iterator-value-unwrap-functions.
- a new opcode (JumpIfJSReceiver), which is useful for `if Type(object) is not Object` checks which are common throughout the specification. This node is easily eliminated by TurboFan.
The AST node is desugared specially in bytecode, rather than manually when building the AST. The benefit of this is that desugaring in the BytecodeGenerator is much simpler and easier to understand than desugaring the AST.
This also reduces parse time very slightly, and allows us to use LoadIC rather than KeyedLoadIC, which seems to have better baseline performance. This results in a ~20% improvement in test/js-perf-test/Iterators micro-benchmarks, which I believe owes to the use of the slightly faster LoadIC as opposed to the KeyedLoadIC in the baseline case. Both produce identical optimized code via TurboFan when the type check can be eliminated, and the load can be replaced with a constant value.
BUG=v8:4280
R=bmeurer@chromium.org, rmcilroy@chromium.org, adamk@chromium.org, neis@chromium.org, jarin@chromium.orgTBR=rossberg@chromium.org
Review-Url: https://codereview.chromium.org/2557593004
Cr-Commit-Position: refs/heads/master@{#41555}
Since we OSR code rarely, it makes sense to store it and look for it on the native context rather than the SharedFunctionInfo. This makes the OptimizedCodeMap data structure more space efficient, as it doesn't have to store an ast ID for the OSR entry point.
BUG=
Review-Url: https://codereview.chromium.org/2549753002
Cr-Commit-Position: refs/heads/master@{#41554}
The flag must be used only by CodeStubAssemblerGraphsCorrectness cctest for now
and once all the verification issues are fixed the flag will be enabled in debug
mode by default.
This CL also relaxes some checks for code stub graphs and fixes some issues in the stubs.
BUG=
Review-Url: https://codereview.chromium.org/2558653002
Cr-Commit-Position: refs/heads/master@{#41547}
This allows to detect a static property also named 'name', and also makes sure 'name' is added last, to be standards-compliant.
BUG=v8:4199
Review-Url: https://codereview.chromium.org/2423053002
Cr-Commit-Position: refs/heads/master@{#41546}
Removing elements from stub cache by Major key only does not always work.
BUG=
Review-Url: https://codereview.chromium.org/2551353003
Cr-Commit-Position: refs/heads/master@{#41544}
This just calls into a runtime function for implementation currently.
Intermediate step in speeding up constructor calls containing a spread.
The NewWithSpread bytecode will probably end up having different arguments with future CLs - the constructor and the new.target should have their own regs. For now we are calling into the runtime function, so we need the regs together.
BUG=v8:5659
Review-Url: https://codereview.chromium.org/2541113004
Cr-Commit-Position: refs/heads/master@{#41542}
The flag must be used only by CodeStubAssemblerGraphsCorrectness cctest for now
and once all the verification issues are fixed the flag will be enabled in debug
mode by default.
BUG=
Review-Url: https://codereview.chromium.org/2551933002
Cr-Commit-Position: refs/heads/master@{#41531}
The asm-wasm-builder started allocating SharedFunctionInfos,
this makes it bad we'd passed Script by pointer (due to ignorance).
Switching to Handle<Script>.
R=clemensh@chromium.org,titzer@chromium.org
BUG=v8:5716
Review-Url: https://codereview.chromium.org/2552873003
Cr-Commit-Position: refs/heads/master@{#41529}
come from the runtime.
This patch fixes an issue of heap growing to max capacity when incremental
marking is finished but cannot finalize due to GC stack guard not triggering.
It can happen if all allocations come from the runtime, for example,
from JSON parser or compiler.
Now before expanding the heap we check if we are above the allocation limit
and the incremental marking needs to be finalized. If so we do not expand
the heap and force GC, which will finalize the incremental marking.
The check is performed for paged spaces and large-object space.
BUG=chromium:670675
Review-Url: https://codereview.chromium.org/2552613004
Cr-Commit-Position: refs/heads/master@{#41524}
This makes the context allocation less pessimistic in the following cases:
function outer() {
var a; // Won't be context allocated
function inner1() { var a; a; }
function inner2(a) { a; }
function inner3([a]) { a; }
function inner4({ a: b}) { a; }
}
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2407163003
Cr-Commit-Position: refs/heads/master@{#41521}
Equality with null/undefined is equivalent to a check on the undetectable bit
on the map of the object. This would be more efficient than performing the entire
comparison operation.
This cl introduces:
1. A new bytecode called TestUndetectable that checks if the object is null/undefined.
2. Updates peeophole optimizer to emit TestUndetectable when a LdaNull/Undefined
precedes equality check.
4. TestUndetectable is transformed to ObjectIsUndetectable operator when building
turbofan graph.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2547043002
Cr-Commit-Position: refs/heads/master@{#41514}
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/11861
See:
https://github.com/v8/v8/wiki/Blink-layout-tests
Original issue's description:
> Object
> -- New JSObject for promises: JSPromise
>
> Builtins
> -- PromiseThen TFJ
> -- PromiseCreateAndSet TFJ for internal use
> -- PerformPromiseThen TFJ for internal use
> -- PromiseInit for initial promise setup
> -- SpeciesConstructor for use in PromiseThen
> -- ThrowIfNotJSReceiver for use in SpeciesConstructor
> -- AppendPromiseCallback to update FixedArray with new callback
> -- InternalPerformPromiseThen
>
> Promises.js
> -- Cleanup unused symbols
> -- Remove PerformPromiseThen
> -- Remove PromiseThen
> -- Remove PromiseSet
> -- Remove PromiseAttachCallbacks
>
> Runtime
> -- PromiseSet to set promise inobject values
> -- Refactor functions to use FixedArrays for callbacks instead of
> JSArray
> -- Runtime_PromiseStatus to return promise status
> -- Runtime_PromiseResult to return promise result
> -- Runtime_PromiseDeferred to return deferred attached to promise
> -- Runtime_PromiseRejectReactions to return reject reactions attached
> to promise
>
> This CL results in a 13.07% improvement in the promises benchmark
> (over 5 runs).
>
> BUG=v8:5343
>
> Committed: https://crrev.com/30b564c76f490f8f6b311a74b25b26cf0a96be2d
> Cr-Commit-Position: refs/heads/master@{#41503}
TBR=bmeurer@chromium.org,jgruber@chromium.org,caitp@igalia.com,gsathya@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2554013002
Cr-Commit-Position: refs/heads/master@{#41512}
This allows us to forward declare Label and Variable classes without including the
code-assembler.h.
BUG=
Review-Url: https://codereview.chromium.org/2551163003
Cr-Commit-Position: refs/heads/master@{#41509}
-- New JSObject for promises: JSPromise
Builtins
-- PromiseThen TFJ
-- PromiseCreateAndSet TFJ for internal use
-- PerformPromiseThen TFJ for internal use
-- PromiseInit for initial promise setup
-- SpeciesConstructor for use in PromiseThen
-- ThrowIfNotJSReceiver for use in SpeciesConstructor
-- AppendPromiseCallback to update FixedArray with new callback
-- InternalPerformPromiseThen
Promises.js
-- Cleanup unused symbols
-- Remove PerformPromiseThen
-- Remove PromiseThen
-- Remove PromiseSet
-- Remove PromiseAttachCallbacks
Runtime
-- PromiseSet to set promise inobject values
-- Refactor functions to use FixedArrays for callbacks instead of
JSArray
-- Runtime_PromiseStatus to return promise status
-- Runtime_PromiseResult to return promise result
-- Runtime_PromiseDeferred to return deferred attached to promise
-- Runtime_PromiseRejectReactions to return reject reactions attached
to promise
This CL results in a 13.07% improvement in the promises benchmark
(over 5 runs).
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2536463002
Cr-Commit-Position: refs/heads/master@{#41503}
Don't unconditionally assume that Tagged->Word32 changes are always
truncating independent of the type of the input. Work-around the
remaining issues with for-in by properly renaming the index if it's
not already of appropriate type (happens with generators or OSR).
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2545393002
Cr-Commit-Position: refs/heads/master@{#41484}
The changes are:
1) Pass lambdas as const references to avoid unnecessary copying.
2) Remove CodeStubAssembler* parameter from loop bodies and let the lambdas
capture the right assembler instead. It makes the loop body code look
uniform with the surrounding code and unblocks splitting of a CSA
into different classes.
BUG=
Review-Url: https://codereview.chromium.org/2535753012
Cr-Commit-Position: refs/heads/master@{#41482}
Tests were falling in qemu because of inexact computation in tests.
After correcting tests, simulator also had to be fixed.
Review-Url: https://codereview.chromium.org/2539133002
Cr-Commit-Position: refs/heads/master@{#41447}
Fix compilation failure in test-macro-assembler[64].cc
caused by 8fcfe66f94
due to warning `lambda-expression in unevaluated context`.
TEST=cctest/test-macro-assembler-mips[64]
BUG=
Review-Url: https://codereview.chromium.org/2543643005
Cr-Commit-Position: refs/heads/master@{#41433}
Debugging API is still in use by Node.
Revert "[debug] remove deprecated debug command message queue."
This reverts commit abdbfc953d.
Revert "[debug] mark more unused debug API as deprecated."
This reverts commit d5ada19ce7.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2537313005
Cr-Commit-Position: refs/heads/master@{#41427}
Trampolines are generated when the value of pc_offset is greater than
next_buffer_check_ (attribute from Assembler class). This value
shouldn't be incremented in bind_to() method when internal reference
label is bound, because it is not decremented when the switch table is
generated (dd() method from Assemler class).
This patch fixes this problem. Regression test are also included for
mips and mips64 arch.
BUG=
Review-Url: https://codereview.chromium.org/2530143002
Cr-Commit-Position: refs/heads/master@{#41423}
Unfortunately we have to split this up into two cases: those with exactly one spread argument as the final argument, and all others, due to any side-effects of evaluation being visible.
This is in preparation for a new bytecode which handles super calls.
BUG=v8:5659
Review-Url: https://codereview.chromium.org/2540593003
Cr-Commit-Position: refs/heads/master@{#41415}
Attempt to fix or get insight into failing vswp test on V8 ARM bot.
LOG=N
BUG=
Review-Url: https://codereview.chromium.org/2539533005
Cr-Commit-Position: refs/heads/master@{#41397}
JS operators always have an implicit context input, so just use that instead.
BUG=
Review-Url: https://codereview.chromium.org/2541813002
Cr-Commit-Position: refs/heads/master@{#41392}
These byte pointers (module_start and module_end) were only valid
during decoding. During instantiation or execution, they can get
invalidated by garbage collection.
This CL removes them from the WasmModule struct, and introduces a new
ModuleStorage struct as interface to the wasm wire bytes.
Since the storage is often needed together with the ModuleEnv, a new
ModuleStorageEnv struct holds both a ModuleEnv and a ModuleStorage.
The pointers in the ModuleStorage should never escape the live range of
this struct, as they might point into a SeqOneByteString or ArrayBuffer.
Therefore, the WasmInterpreter needs to create its own copy of the
whole module.
Runtime functions that previously used the raw pointers in WasmModule
(leading to memory errors) now have to use the SeqOneByteString in the
WasmCompiledModule.
R=titzer@chromium.org
BUG=chromium:669518
Review-Url: https://codereview.chromium.org/2540133002
Cr-Commit-Position: refs/heads/master@{#41388}
Make the AsmWasmBuilder drive the process of typing and potentially parsing
function bodies. This will allow us to keep only a single asm.js function's
AST in memory as we convert to WebAssembly.
This is needed to keep our memory footprint low.
Add some additional output to a few tests that's helpful to see which stage they fail at.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
LOG=N
R=marja@chromium.org,adamk@chromium.org,aseemgarg@chromium.org,titzer@chromium.org
Review-Url: https://codereview.chromium.org/2398023002
Cr-Commit-Position: refs/heads/master@{#41372}
Improves performance in simple, single element case by 5% and in multiple
elements cases by 2%.
BUG=chromium:608675
LOG=N
Review-Url: https://codereview.chromium.org/2497243002
Cr-Commit-Position: refs/heads/master@{#41368}
Adds a bytecode_age field to BytecodeArray objects. This is incremented each
time the bytecode array is marked by GC, and reset to zero if the bytecode
is executed.
This is used to enable the CompilationCache for interpreted functions,
where Interpreted entries are evicted once the bytecode becomes old.
BUG=chromium:666275,v8:4680
Review-Url: https://codereview.chromium.org/2534763003
Cr-Commit-Position: refs/heads/master@{#41356}
MarkingParity was used to avoid performing an operation on an object if it was
marked multiple times. We no longer mark things multiple times, so this concept
is no longer required.
BUG=chromium:666275
Review-Url: https://codereview.chromium.org/2529173002
Cr-Commit-Position: refs/heads/master@{#41354}
This introduces three new types OtherCallable, CallableProxy (and OtherProxy),
and BoundFunction to make it possible to express Callable in the Type system.
It also forces all undetectable receivers to be Callable, which matches the
use case for undetectable, namely document.all (guarded by proper checks and
tests).
It also uses these new types to properly optimize instanceof (indirectly via
OrdinaryHasInstance) based on the type of the constructor and the object. So
we are able to constant-fold certain instanceof expressions based on types
and completely avoid the builtin call.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2535753004
Cr-Commit-Position: refs/heads/master@{#41345}
FunctionTemplateInfo::SetPrototypeProviderTemplate adds support for sharing
prototypes between several function templates. This is used to properly set up
Image.prototype and HTMLImageElement.protoype which should be equal according
to the spec.
BUG=chromium:2969
Review-Url: https://codereview.chromium.org/2531653002
Cr-Commit-Position: refs/heads/master@{#41343}
Removed a redundant check: If completion is not normal, then #iterator cannot be undefined.
Review-Url: https://codereview.chromium.org/2533803002
Cr-Commit-Position: refs/heads/master@{#41321}
If code is flushed on a SFI, we can still use the bytecode if it was compiled,
since this never gets flushed.
This fixes a DCHECK where we were trying to compile the bytecode multiple
times after the baseline code was flushed.
BUG=chromium:668133
Review-Url: https://codereview.chromium.org/2526243002
Cr-Commit-Position: refs/heads/master@{#41274}
The deprecated pipeline is used for asm.js only, where we forcibly
disable inlining anyways (for performance reasons), so inlining via
the AstGraphBuilder is essentially dead code by now, thus there's no
point in trying to keep that around in the code base.
Also nuke the test-run-inlining.cc file, which would require some heavy
surgery (for probably little benefit), and move the useful tests for
mjsunit tests instead.
BUG=v8:2206,v8:5657
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2527053002
Cr-Commit-Position: refs/heads/master@{#41245}
The handwritten-assembly implementations of both dispatcher and
generic stub have been replaced by Turbofan-generated stubs.
Review-Url: https://codereview.chromium.org/2523473002
Cr-Commit-Position: refs/heads/master@{#41188}
The new SourcePosition class allows for precise tracking of source positions including the stack of inlinings. This CL makes the cpu profiler use this new information. Before, the cpu profiler used the deoptimization data to reconstruct the inlining stack. However, optimizing compilers (especially Turbofan) can hoist out checks such that the inlining stack of the deopt reason and the inlining stack of the position the deoptimizer jumps to can be different (the old cpu profiler tests and the ones introduced in this cl produce such situations for turbofan). In this case, relying on the deoptimization info produces paradoxical results, where the reported position is before the function responsible is called. Even worse, https://codereview.chromium.org/2451853002/ combines the precise position with the wrong inlining stack from the deopt info, leading to completely wrong results.
Other changes in this CL:
- DeoptInlinedFrame is no longer needed, because we can compute the correct inlining stack up front.
- I changed the cpu profiler tests back to test situations where deopt checks are hoisted out in Turbofan and made them robust enough to handle the differences between Crankshaft and Turbofan.
- I reversed the order of SourcePosition::InliningStack to make it match the cpu profiler convention.
- I removed CodeDeoptEvent::position, as it is no longer used.
R=alph@chromium.org
BUG=v8:5432
Review-Url: https://codereview.chromium.org/2503393002
Cr-Commit-Position: refs/heads/master@{#41168}
By now the compilation pipeline is flexible enough to run module tests
against all variants, we should no longer choose unsupported compilers
for modules. It also fixes the predicate checking for functions being
"resumable" in the {AstNumberingVisitor} heuristic.
R=neis@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2517143002
Cr-Commit-Position: refs/heads/master@{#41144}
Some minifiers use the pattern !function ... () for JS code that should
be immediately executed. This change recognizes that pattern and treats
it equally to parenthesized functions.
A bit more background info is in the referenced bug.
R=verwaest@chromium.org
BUG=v8:5643
Review-Url: https://codereview.chromium.org/2509143003
Cr-Commit-Position: refs/heads/master@{#41114}
It originates from the era where we used to run a separate preparse step
before parsing and store the function data. Now the usage of preparser
is something completely different, so this flag doesn't make sense any
more.
In addition, this way we get more test coverage for preparser (for small
scripts).
BUG=
Review-Url: https://codereview.chromium.org/2513563002
Cr-Commit-Position: refs/heads/master@{#41110}
Adds the marking logic to mark the young generation.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2498583002
Cr-Commit-Position: refs/heads/master@{#41104}
Add bytecode for defining data properties, which initially just calls the runtime function.
BUG=v8:5624
Review-Url: https://codereview.chromium.org/2510743002
Cr-Commit-Position: refs/heads/master@{#41101}
This fixes the bogus implementation of the function in question and adds
test coverage for the deserialization of the corresponding flags from
the serialized scope info. Note that the tests so far only cover cases
where the module and the function contain context-allocated variables.
R=verwaest@chromium.org
TEST=cctest/test-parsing/AsmFunctionFlag
BUG=v8:5653
Review-Url: https://codereview.chromium.org/2507063004
Cr-Commit-Position: refs/heads/master@{#41093}
With this change, WebAssembly.Memory objects have backing stores allocated as an
8GB region where everything beyond the size of the Wasm heap is inaccessible.
GrowMemory is now implemented by changing the protection on the guard regions to
make the new portions of the heap accessible.
Guard pages are not enabled by default, but this change adds a flag and a test
variant to make sure we get test coverage on them.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2396433008
Cr-Commit-Position: refs/heads/master@{#41089}
Collect string feedback for compare operations. Without this,
functions which have a lot of string compare operations end up with
a high generic type percentage, and don't get optimized until very
late.
Currently TurboFan doesn't use this String feedback for compare
operations, but this could be done in future work if it is useful.
BUG=chromium:660947
Review-Url: https://codereview.chromium.org/2506013005
Cr-Commit-Position: refs/heads/master@{#41078}
The reasons are:
1) The names dictionaries in the feedback metadata seems to consume a lot of memory
and the idea didn't payoff.
2) The absence of a name parameter blocks data handlers support in LoadGlobalIC.
This CL reverts a part of r37278 (https://codereview.chromium.org/2096653003/).
BUG=chromium:576312, v8:5561
Review-Url: https://codereview.chromium.org/2510653002
Cr-Commit-Position: refs/heads/master@{#41046}
The new AccessorAssembler encapsulates all the functionality that's
specific to building LoadIC/StoreIC stubs.
There are two header files (accessor-assembler.h and
accessor-assembler-impl.h) so that clients of the assembler can include
the one, and subclassing assemblers can include the other.
Review-Url: https://codereview.chromium.org/2507733002
Cr-Commit-Position: refs/heads/master@{#41037}
This is in preparation for introducing more specialized
CodeStubAssembler subclasses. The state object can be handed
around, while the Assembler instances are temporary-scoped.
BUG=v8:5628
Original review: https://codereview.chromium.org/2498073002/
Review-Url: https://codereview.chromium.org/2502293002
Cr-Commit-Position: refs/heads/master@{#41028}
This brings the two utf-8 decoders (bulk + incremental) in line.
Technically, either behaviour was correct, since the utf-8 spec
demands incomplete utf-8 be handled, but does not specify how.
Unicode recommends that "the maximal subpart at that offset
should be replaced by a single U+FFFD," and with this change we
consistently do that. More details + spec references in the bug.
BUG=chromium:662822
Review-Url: https://codereview.chromium.org/2493143003
Cr-Commit-Position: refs/heads/master@{#41025}
Properties can be defined inside the object literal (ES6) or after
object creation. The behavior differes if there are accessors, interceptors
or proxies in the Object prototype chain.
These test cases assure we preserve correct behavior as we
improve performance of definitions in literals.
BUG=v8:5624
Review-Url: https://codereview.chromium.org/2501553002
Cr-Commit-Position: refs/heads/master@{#41024}
Adds a bytecode to set and retrieve the pending message. This avoids a
runtime call in finally blocks, and also ensures that TurboFan builds a
graph using the SetMessage / LoadMessage nodes instead of inserting a
runtime call.
BUG=chromium:662334
Review-Url: https://codereview.chromium.org/2501503005
Cr-Commit-Position: refs/heads/master@{#41023}
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared doesn't want to compile. Missing export annotation?
Original issue's description:
> [refactoring] Split CodeAssemblerState out of CodeAssembler
>
> This is in preparation for introducing more specialized
> CodeStubAssembler subclasses. The state object can be handed
> around, while the Assembler instances are temporary-scoped.
>
> BUG=v8:5628
TBR=ishell@chromium.org,mstarzinger@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5628
Review-Url: https://codereview.chromium.org/2504913002
Cr-Commit-Position: refs/heads/master@{#41018}
This is in preparation for introducing more specialized
CodeStubAssembler subclasses. The state object can be handed
around, while the Assembler instances are temporary-scoped.
BUG=v8:5628
Review-Url: https://codereview.chromium.org/2498073002
Cr-Commit-Position: refs/heads/master@{#41015}
This was causing array buffer views created by ValueDeserializer to have
uninitialized internal fields, which lead to crashes in layout tests when
Blink tried to read those fields.
For array buffers, JSArrayBuffer::Setup is responsible for this logic
(as well as initializing the V8 fields); this is similar to that.
The runtime already seems to correctly initialize these for script-created
array buffer views as well, which is why this issue was not detected sooner.
Review-Url: https://codereview.chromium.org/2498413002
Cr-Commit-Position: refs/heads/master@{#41014}
Inferred names are currently generated for FunctionLiterals but not generated
for ClassLiterals. Without them, DevTools does not have enough information to
make descriptive descriptions.
E.g.
var x = {y: class{}};
var a = new x.y();
console.log(a);
This shows "Object{}" when it could be more descriptive "x.y {}"
BUG=v8:5621
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
Review-Url: https://codereview.chromium.org/2488193003
Cr-Commit-Position: refs/heads/master@{#41013}
Avoid using the iterator for arrays with fast elements where the iterator has
not been modified.
Only deals with the case where there is a single spread argument.
Improves the six-speed "spread" benchmark to 1.5x slower than baseline es5 implementation, compared to 19x slower previously.
BUG=v8:5511
Review-Url: https://codereview.chromium.org/2465253011
Cr-Commit-Position: refs/heads/master@{#40998}