FullCodeGen does not include CallICs in the total ic count. Fix it by
making calls to CallIC to go through CallIC function, which keeps track
of the total number of ICs.
BUG=
Review-Url: https://codereview.chromium.org/2451703002
Cr-Commit-Position: refs/heads/master@{#40889}
Ignition does not collect information about lhs and rhs types. It collects
information about the combined type of lhs, rhs and result types. Since ignition
combines the feedback, sometimes we may collect less precise information than
FCG. This impacts performance of some benchmarks like audio-beat-detection. This
cl tries to mitigate this affect by passing only full-codegen feedback when the
combined FCG feedback is same as the feedback collected by ignition.
BUG=
Review-Url: https://codereview.chromium.org/2488983002
Cr-Commit-Position: refs/heads/master@{#40888}
This changes {FrameState} nodes modeling "after" states to use bytecode
offsets pointing to the deoptimizing bytecode. This is in sync with the
normal execution, as the bytecode offset is advanced after operations
complete in regular bytecode handlers.
The change is necessary to ensure lazy deoptimized frames contain an
accurate bytecode offset while they are on the stack. Such frames can be
inspected by various stack walks. The continuation builtin will advance
the bytecode offset upon return.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-660379
BUG=chromium:660379
Review-Url: https://codereview.chromium.org/2487173002
Cr-Commit-Position: refs/heads/master@{#40887}
TurboFan can create ConsStrings with empty first parts (for history on
this decision, see da27e0c886). Add a
fast-path for such cases in String::SlowFlatten.
BUG=
Review-Url: https://codereview.chromium.org/2489273002
Cr-Commit-Position: refs/heads/master@{#40885}
We are removing use of the debugger context. When the debugger triggers
compilation, we may not have a context from which to create a JSArray.
R=ishell@chromium.org
Review-Url: https://codereview.chromium.org/2479123002
Cr-Commit-Position: refs/heads/master@{#40884}
We seem to get some small wins from avoiding the Ldr bytecodes, probably due
to reduced icache pressure since there are less bytecode handlers. Replace
the Ldr bytecodes with Star lookahead inlined into the Lda versions.
Also fixes IsAccumulatorLoadWithoutEffects to include LdaContextSlot and
LdaCurrentContextSlot
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2489513005
Cr-Commit-Position: refs/heads/master@{#40883}
With this CL, the bytecode graph builder no longer translates module
loads/stores as runtime calls but in terms of two new JS operators. These are
lowered in typed-lowering to a sequence of LoadField's.
R=bmeurer@chromium.orgCC=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2489863003
Cr-Commit-Position: refs/heads/master@{#40881}
Also remove the flag scavenge_reclaim_unmodified_objects which has been
defaulted to true for quite some time now.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2486173002
Cr-Commit-Position: refs/heads/master@{#40878}
line_ends is either undefined (if uninitialized) or a fixed array (after
Script::InitLineEnds). All accesses from JS have been removed, therefore
we can skip assigning a COW map and remove the accessor.
Review-Url: https://codereview.chromium.org/2490903002
Cr-Commit-Position: refs/heads/master@{#40876}
This adds information about an exception's caught/uncaught status to the
Runtime.paused event in the data parameter:
{
"method": "Debugger.paused",
"params": {
"callFrames": [
[...]
],
"data": {
"description": "666",
"type": "number",
"uncaught": true, <---
"value": 666
},
"hitBreakpoints": [],
"reason": "exception"
}
}
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2488733003
Cr-Commit-Position: refs/heads/master@{#40875}
Previously we created a duplicate map because we couldn't set the
correct ElementsKind when we created the function. This patch updates
the ElementsKind field of the existing map directly instead of
creating a new one.
This patch also correctly sets the instance_size when we create the
map the first time.
Review-Url: https://codereview.chromium.org/2486193003
Cr-Commit-Position: refs/heads/master@{#40872}
When we use unique_ptr on tracing controller and release it to platform,
unique_ptr will crash when we try to start tracing with trace config, this patch
replaces it with raw pointer and delete it explicitly at the end when needed.
TBR=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2488003002
Cr-Commit-Position: refs/heads/master@{#40871}
- Track representations of virtual registers in InstructionSequence.
- Skip extra aliasing work when no floats or SIMD registers are used.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2468233004
Cr-Commit-Position: refs/heads/master@{#40870}
... and make them applicable outside of CSA.
Nice bonus is that the assert condition instructions will now appear inside [Assert / ]Assert brackets.
BUG=
Review-Url: https://codereview.chromium.org/2489743002
Cr-Commit-Position: refs/heads/master@{#40869}
Adds an IsInterpreted() function to both SharedFunctionInfo and JSFunction.
This is used to fix the test-heap code-aging tests since Ignition doesn't
age code.
BUG=v8:4680
Review-Url: https://codereview.chromium.org/2481433002
Cr-Commit-Position: refs/heads/master@{#40868}
In tracing we collect runtime statistics data based on top level trace events,
in this patch we force to clear the whole runtime statistics stack when we
enter top level trace events.
Review-Url: https://codereview.chromium.org/2483583002
Cr-Commit-Position: refs/heads/master@{#40867}
With the very same SMIs making up a big chunk
of the parser zone (especially for asm.js) it
makes sense to cache the AstValues for them.
This is not ideal yet, but already saves
hundreds (sic!) MBs of memory for Unity games.
Review-Url: https://codereview.chromium.org/2485423002
Cr-Commit-Position: refs/heads/master@{#40866}
Currently function like "() => 239" contains offset 3 as begin of function and 8 as end of function.
This CL changes this to 6 and 9 respectively.
BUG=chromium:566801
R=yangguo@chromium.org,dgozman@chromium.org
TBR=adamk@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
Review-Url: https://codereview.chromium.org/2488493003
Cr-Commit-Position: refs/heads/master@{#40864}
Test InstructionSequenceTest has been initialized with a testing RegisterConfiguration
instance defined in instruction-sequence-unittest.h, whereas class ExplicitOperand which
is being tested used RegisterConfiguration from instruction.cc. In case these two
instances are different, the tests would fail. The issue is fixed by using the same
instance of RegisterConfiguration both for test code and code under test.
Additionally, the tests in register-allocator-unittest.cc use hardcoded values
for register and begin failing is the hardcoded register is not available for
allocation. Fix by forcing the use of allocatable registers only.
TEST=unittests.MoveOptimizerTest.RemovesRedundantExplicit,unittests.RegisterAllocatorTest.SpillPhi
BUG=
Review-Url: https://codereview.chromium.org/2433093002
Cr-Commit-Position: refs/heads/master@{#40862}
This adds a new NumberToUint8Clamped simplified operator that does the
round ties to even + clamping necessary to store to Uint8ClampedArrays.
BUG=v8:4470,v8:5267,v8:5615
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2489563004
Cr-Commit-Position: refs/heads/master@{#40861}
The Ldr[Named/Keyed]Property bytecodes are problematic for the deoptimizer when
inlining accessors in TurboFan. Remove them and replace with a Star lookahead
in the bytecode handlers for Lda[Named/Keyed]Property.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2485383002
Cr-Commit-Position: refs/heads/master@{#40860}
This stages escape analysis by implying --turbo-escape by the --turbo
flag. It broadens the exposure of the optimization in question.
R=jarin@chromium.org
BUG=v8:4586,v8:5267
Review-Url: https://codereview.chromium.org/1992913005
Cr-Commit-Position: refs/heads/master@{#40859}
We cannot generate debug events if JS execution is disallowed since
vital debugging logic is still implemented in JS. Return early from
Debug::OnException if that is the case.
BUG=chromium:662674
Review-Url: https://codereview.chromium.org/2491443002
Cr-Commit-Position: refs/heads/master@{#40858}
This fixes a race between the sweeper and the array buffer tracker
that causes the sweeper to skip unswept pages.
The scenario:
1. Mark-compact GC adds page p to the sweeping_list_ of the sweeper.
2. GC finishes, the main thread starts executinng JS.
3. The main thread takes p->mutex to unregister an array buffer.
4. A sweeper thread removes p from the sweeping_list_ and tries to
take p->mutex. The try fails. The sweeper drops p and continues
to the next page.
5. During selection of evacuation candidate in the next GC we hit
page->SweepingDone() assert.
BUG=chromium:650314
Review-Url: https://codereview.chromium.org/2484153004
Cr-Commit-Position: refs/heads/master@{#40857}
The bounds check in LoadDataSegment was off by one. I also improved the
error message, and fixed an issue where data was initialized even if
the bounds check failed.
In InstantiateModuleForTesting I allow instantiation of modules without
exports. This check was legacy code from the time where instantiation
and execution was still combined in a single function.
R=titzer@chromium.org, rossberg@chromium.org
TEST=cctest/test-run-wasm-module/InitDataAtTheUpperLimit
Review-Url: https://codereview.chromium.org/2486183002
Cr-Commit-Position: refs/heads/master@{#40856}
The problem is that writes to nested objects do not lead to a copy of a referencing VirtualObject, and that each VirtualObjects maintains a cache of an ObjectState node. Together, this leads to inappropriate reuse of ObjectState nodes.
This fix simply always copies all virtual objects when a new VirtualState is created. This is clearly not optimal to avoid clones, but determining precisely which virtual objects are affected by a write is a transitive closure computation on the virtual objects of a virtual state. Alternatively, one could change the semantics of the node cache.
BUG=v8:5611
Review-Url: https://codereview.chromium.org/2488713002
Cr-Commit-Position: refs/heads/master@{#40854}
The spec defines that indirect calls in WebAssembly code should cause a
validation error if no function table exists.
The CL contains the following changes:
1) Throw a validation error for indirect calls if the function table
not exist.
2) Do not create TF nodes to throw a runtime error for indirect calls
if the function table does not exist.
3) Fix existing unit tests by creating a dummy function table.
4) Add new a new test which tests that indirect calls without function
table cause a validation error.
R=rossberg@chromium.orgCC=titzer@chromium.org
TEST=unittests/AstDecoderTest.IndirectCallsWithoutTableCrash
Review-Url: https://codereview.chromium.org/2484623002
Cr-Commit-Position: refs/heads/master@{#40852}
If an exception is thrown when there is a Promise being created, the Promise
catch prediction code would call into a part implemented in JavaScript to see if
the Promise has a catch handler. If it is not possible to call back into JS,
e.g., due to a stack overflow, then this would lead to a crash. This patch
"speculates" that, if it's impossible to call back into JavaScript, then the
error is unhandled, avoding the issue. In a future patch, the catch prediction
logic should be entirely written in C++, but this patch adds a minimal fix to
be more friendly to backports.
BUG=chromium:662935
R=jgruber
Review-Url: https://codereview.chromium.org/2487833002
Cr-Commit-Position: refs/heads/master@{#40851}
We recently allowed global constants in asm.js validated code.
When used in a return statement, these need to be of an allowed type.
BUG=660813
R=jpp@chromium.org,aseemgarg@chromium.org
Review-Url: https://codereview.chromium.org/2481103002
Cr-Commit-Position: refs/heads/master@{#40850}
Don't rely on carry flags you didn't set yourself.
BUG=chromium:663402
Review-Url: https://codereview.chromium.org/2484283002
Cr-Commit-Position: refs/heads/master@{#40848}
It looks like waiting for 4 ticks before optimizing from interpreted
code is hurting performance in sunspider after turning on Ignition
for all TurboFan code. Set it back to 2 ticks.
BUG=chromium:661556
Review-Url: https://codereview.chromium.org/2488703002
Cr-Commit-Position: refs/heads/master@{#40845}
We handle this case specially because otherwise we would have to do
complicated overflow detection.
R=titzer@chromium.org
TEST=cctest/test-run-wasm/RunWasmCompiled_LoadMaxUint32Offset
Review-Url: https://codereview.chromium.org/2490533003
Cr-Commit-Position: refs/heads/master@{#40844}
Workes by accident when using the JSObject descriptor as it also implements
strong semantics.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2485163003
Cr-Commit-Position: refs/heads/master@{#40842}
