This flag is aiming at shipping the ability to generate optimized code
directly from bytecode (without re-parsing source code). All features
needed to ship such a configuration will be staged behind this flag.
R=hablich@chromium.org,rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2174333002
Cr-Commit-Position: refs/heads/master@{#38040}
This test fails because WasmGraphBuilder::BuildCFuncInstruction allocates
space for doubles using StackSlot turbofan operator, but this space is not
guaranteed to be 8 bytes aligned if SP itself is not 8 bytes aligned (which
is the case on 32-bit architectures).
BUG=mjsunit/wasm/embenchen/box2d
Review-Url: https://codereview.chromium.org/2177863002
Cr-Commit-Position: refs/heads/master@{#38039}
When we eliminate nodes during truncation analysis that have no value
uses, we must make sure that we do not eliminate speculative number
operations that would have side effects depending on the inputs, i.e.
for example a SpeculativeNumberMultiply(x,y) does ToNumber(x) and
ToNumber(y) first, so if either x or y could throw an exception during
ToNumber conversion, we must not eliminate the multiplication, even if
it has no value uses (some later pass may kill the actual machine
multiplication, but the checks on the inputs have to remain still).
So we check whether both x and y are PlainPrimitive, i.e. neither
Receiver nor Symbol, which could raise exceptions for ToNumber, and
only in that case we propagate the "unusedness" of the node to its
inputs.
This also uncovered a bug with the type of Dead, which must be None,
as this represents an impossible value, so we had to fix that too.
Also the dead code removal will not work correctly for constants (i.e.
pure nodes with no value inputs), as those might be cached and hence
we might resurrect them for an unrelated node lowering during
SimplifiedLowering and only later kill the actual node (replacing its
uses with Dead), which would then also replace the new use with Dead.
So that was fixed as well. This shouldn't change anything for the
result, as unused constants automagically disappear from the graph later
on anyways.
R=yangguo@chromium.org
BUG=chromium:631318
Review-Url: https://codereview.chromium.org/2182003002
Cr-Commit-Position: refs/heads/master@{#38038}
Reason for revert:
This bug has an error in the toolchain.gypi file, the conditions clause is repeated. This has broken the DrMemory builder - see first failing chromium build https://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20Windows%20Builder%20%28DrMemory%29/builds/17857 which included a v8 roll.
For reference the errors are:
gyp: Key 'conditions' repeated at level 11 with key path 'target_defaults.conditions.6.1.target_conditions.0.1.conditions.0.1' while reading C:\b\build\slave\drm-cr\build\src\v8\gypfiles\toolchain.gypi while reading includes of C:\b\build\slave\drm-cr\build\src\v8\src\d8.gyp
gyp: Key 'conditions' repeated at level 11 with key path 'target_defaults.conditions.6.1.target_conditions.0.1.conditions.0.1' while reading C:\b\build\slave\drm-cr\build\src\v8\gypfiles\toolchain.gypi while reading includes of C:\b\build\slave\drm-cr\build\src\v8\src\v8.gyp
gyp: Key 'conditions' repeated at level 11 with key path 'target_defaults.conditions.6.1.target_conditions.0.1.conditions.0.1' while reading C:\b\build\slave\drm-cr\build\src\v8\gypfiles\toolchain.gypi while reading includes of C:\b\build\slave\drm-cr\build\src\v8\samples\samples.gyp
Original issue's description:
> MIPS: Fix '[turbofan] Prevent storing signalling NaNs into holey double arrays.'
>
> Port 6470ddadf9
>
> On MIPS different signaling NaN values must be used for hardware and simulator targets, even at snapshot generation when always simulator is used.
>
> Original commit message:
> This introduces SilenceNaN operator, which makes sure that we only
> store quiet NaNs into holey arrays. We omit the NaN silencing code
> at instruction selection time if the input is an operation that
> cannot possibly produce signalling NaNs.
>
> BUG=
>
> Committed: https://crrev.com/52f2ceb052f63324050c7a098e4398f510b54763
> Cr-Commit-Position: refs/heads/master@{#38030}
TBR=jarin@chromium.org,machenbach@google.com,akos.palfi@mattakis.com,ivica.bogosavljevic@imgtec.com,marija.antic@imgtec.com,ilija.pavlovic.imgtec@gmail.com,akos.palfi@imgtec.com,machenbach@chromium.org,balazs.kilvady@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
TBR=machenbach
Review-Url: https://codereview.chromium.org/2184573002
Cr-Commit-Position: refs/heads/master@{#38037}
Rolling v8/build to cce24bcaab6481f479f4baf00b5ea36d78268bcd
Rolling v8/tools/mb to 11aa1bbe1b4fbae3694d14eb59b4eb98550bcbee
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2181913002
Cr-Commit-Position: refs/heads/master@{#38036}
This slightly simplifies scope handling. It also makes it possible to
implement some potential future changes to classes purely in the parser
by adding additional code to the DoExpression.
This is a portion of https://codereview.chromium.org/2142333002/, which
probably isn't going through in full.
Review-Url: https://codereview.chromium.org/2176653003
Cr-Commit-Position: refs/heads/master@{#38035}
Port 6470ddadf9
On MIPS different signaling NaN values must be used for hardware and simulator targets, even at snapshot generation when always simulator is used.
Original commit message:
This introduces SilenceNaN operator, which makes sure that we only
store quiet NaNs into holey arrays. We omit the NaN silencing code
at instruction selection time if the input is an operation that
cannot possibly produce signalling NaNs.
BUG=
Review-Url: https://codereview.chromium.org/2171303002
Cr-Commit-Position: refs/heads/master@{#38030}
The testcase allocates JSArraybuffer on 2 separate pages which should be
on the New space. In the testcase semi space size is set to 2MB.
Since page size on PPC is 4MB the semi new space size defaults to 4MB.
Therefore when allocating 2nd buffer, scavenge GC kicks in as from-space is
filled up and copies 1st buffer to to-space. Now, the 2nd buffer also gets
allocated on the same to-space, therefore both buffer end up being on the
same page. This fix should allocate enough semi new space to contain 2
pages (for all platform).
The testcase was added as part of https://codereview.chromium.org/2036643002R=mlippautz@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2167853002
Cr-Commit-Position: refs/heads/master@{#38028}
If you dragged the node out of the bounding box, this commit allows you to see
it again after you zoom. The zoom looks jittery, but I think it's better than
not being able to see it at all.
BUG=
R=danno
Review-Url: https://codereview.chromium.org/2168713005
Cr-Commit-Position: refs/heads/master@{#38024}
Failure is due to different endianness on big endian. The test now passes on
both big-endian and little-endian architectures.
TEST=cctest/test-code-stubs-mips64/ConvertDToI
BUG=
Review-Url: https://codereview.chromium.org/2157373002
Cr-Commit-Position: refs/heads/master@{#38022}
For GYP build, V8 configures gtest and gmock in its //testing, and OTOH for
GN build, it imports BUILD.gn from chromium and uses other configurations
from its own. However, a recent chromium change on the BUILD.gn requires
//testing update too. That prevents //build roll of V8.
BUG=chromium:630299
Review-Url: https://codereview.chromium.org/2179743002
Cr-Commit-Position: refs/heads/master@{#38021}
ToName was always generated with a subsequent Star, fuse them.
Requires a few changes in the peephole optimizer as ToName cannot be
elided as easily, but must be replaced by Star.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2169813002
Cr-Commit-Position: refs/heads/master@{#38019}
This adds a new field to the header of every BytecodeArray which stores
the current nesting level up to which loop back edges are armed as OSR
points. The intention is to arm OSR points incrementally from outermost
to innermost until one fires (similar to OSR from FullCodegen).
R=rmcilroy@chromium.org
BUG=v8:4764
Review-Url: https://codereview.chromium.org/2172583002
Cr-Commit-Position: refs/heads/master@{#38017}
After multiplying two integers we emit code like:
if (result == 0) {
if (OR_OPERATION(rhs, lhs) < 0) {
DEOPT;
}
}
This CL allows us to eliminate the OR and comparison if either rhs or
lhs is a negative number, reducing the code to:
if (result == 0) DEOPT;
BUG=
Review-Url: https://codereview.chromium.org/2167643002
Cr-Commit-Position: refs/heads/master@{#38016}
Turn the LoadElimination into a proper graph Reducer so that it can run
together with ValueNumbering and RedundancyElimination to a fixpoint
for maximum load/check elimination. This also adds initial support for
eliminating redundant LoadElement/StoreElement nodes.
BUG=v8:4930,v8:5141
Review-Url: https://codereview.chromium.org/2164253002
Cr-Commit-Position: refs/heads/master@{#38015}
Fix failure in mjsunit/regress/regress-5213. When bailout happens,
the double registers are not properly loaded if exponent_type() is
INTEGER (this happens in optimized version of code only).
BUG=mjsunit/regress/regress-5213
Review-Url: https://codereview.chromium.org/2175633003
Cr-Commit-Position: refs/heads/master@{#38013}
Move the logic for allocating the global declaration pair array
from VisitDeclarations to a later step. This is required for
concurrent bytecode generation.
This change requires adding support for reserving fixed
constant pool array entries, which can be later updated
with the value of the literal.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2167763003
Cr-Commit-Position: refs/heads/master@{#38010}
Introducing machine operators early causes trouble for the typing,
truncation analysis and representation selection, so we should rather
stick to simplified operators instead. Now there's only the for-in case
left, which is not clear how we can handle this in a better way.
Drive-by-fix: Also don't introduce Int32Constant and Word32Shl in
JSTypedLowering, but use NumberConstant and proper NumberShiftLeft
operators instead.
R=jarin@chromium.org
BUG=chromium:630951
Review-Url: https://codereview.chromium.org/2182453002
Cr-Commit-Position: refs/heads/master@{#38008}
Reason for revert:
Suspected to cause crbug.com/630969
Original issue's description:
> [heap] Remove black pages and use black areas instead.
>
> BUG=630386
> LOG=n
>
> Committed: https://crrev.com/b008a0d5a3db80a854cb93d9c94d67bf2d780f2c
> Cr-Commit-Position: refs/heads/master@{#37967}
TBR=ulan@chromium.org,hpayer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=630386
Review-Url: https://codereview.chromium.org/2176133002
Cr-Commit-Position: refs/heads/master@{#38006}
- Remove duplicated CSS.
- Expand landing area of upload button.
- Give the toolbox a transparent white background.
- Make the phase-select box look nicer before file load.
- Remove the margin at the top of the screen.
The height of the margin was exactly the height of span#graph-toolbox,
and due to the semantics of position:relative, space was reserved for it
at the top of div#middle.
BUG=
R=danno
Review-Url: https://codereview.chromium.org/2164373002
Cr-Commit-Position: refs/heads/master@{#38003}
Always use the BytecodeGraphBuilder when the --turbo-from-bytecode
is enabled, assuming the function should be compiled for Ignition.
Adds a new MaybeOptimizeIgnition function to runtime-profiler
which is called if the function should be optimized from bytecode
rather than going via full-codegen.
BUG=v8:4280
Committed: https://crrev.com/9ca7db914be88e6792a88eab4a1988ee031d70c4
Review-Url: https://codereview.chromium.org/2156753002
Cr-Original-Commit-Position: refs/heads/master@{#37921}
Cr-Commit-Position: refs/heads/master@{#38002}
Skip test-run-load-store/RunUnalignedLoadStoreUnalignedAccess on ARM until
UnalignedLoad and UnalignedStore operators get implemented
NOTRY=true
Review-Url: https://codereview.chromium.org/2182433002
Cr-Commit-Position: refs/heads/master@{#38001}
The third attempt never landed :). This attempt completely reworks
the logic to attempt to be clearer and more obviously correct. This
attempt also actually had unit tests written for it (see bug 625353).
R=machenbach@chromium.org
BUG=625353, 629825
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_compile_x86_dbg,android_compile_mips_dbg,android_arm64_dbg_recipe
Review-Url: https://codereview.chromium.org/2173343002
Cr-Commit-Position: refs/heads/master@{#37999}
This patch parametrizes AstTraversalVisitor by the actual subclass,
in a similar way as AstVisitor is parametrized. This allows a
subclass to, e.g., override the Visit method and still use the
traversal mechanism. It also allows the subclass to override the
specific visiting methods, without them being virtual.
This patch also removes AstExpressionVisitor, subsuming its
functionality in AstTraversalVisitor.
R=adamk@chromium.org, verwaest@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2169833002
Cr-Commit-Position: refs/heads/master@{#37998}
The dead code elimination in SimplifiedLowering can eliminate pure nodes
if they don't have value uses. But some of those can indeed have control
inputs, i.e. Phi nodes do of course have a control input.
R=jarin@chromium.org
BUG=chromium:630923
Review-Url: https://codereview.chromium.org/2177133002
Cr-Commit-Position: refs/heads/master@{#37995}
In PrependElementIndicesImpl we sort a FixedArray of indices potentially
containing HeapNumbers. During the string conversion we might trigger a GC.
This in turn might try to read a slot where we previously had a HeapNumber
but the sort sneaked a SMI in there which is not a valid pointer.
BUG=chromium:630561
Review-Url: https://codereview.chromium.org/2173653003
Cr-Commit-Position: refs/heads/master@{#37993}
Rolling v8/build to 2c67d4d74b6b3673228fab191918500a582ef3b0
Rolling v8/third_party/android_tools to e4d61eb8f463e6cb8d1e1269a15c22f7c9bbd122
Rolling v8/tools/clang to 496622ab4aaa5be7e5a9b80617013cb02f45dc87
Rolling v8/tools/mb to 0c4dc43c454f26936ddf3074ab8e9a41e3dc03a3
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2173293002
Cr-Commit-Position: refs/heads/master@{#37992}
Port ba092fb09a
Original commit message:
So far we don't have a useful way to inline Math.max or Math.min in
TurboFan optimized code. This adds new operators NumberMax and NumberMin
and changes the Float64Max/Float64Min operators to have JavaScript
semantics instead of the C++ semantics that it had previously.
This also removes support for recognizing the tenary case in the
CommonOperatorReducer, since that doesn't seem to have any positive
impact (and actually doesn't show up in regular JavaScript, where
people use Math.max/Math.min instead).
Drive-by-fix: Also nuke the unused Float32Max/Float32Min operators.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2179503003
Cr-Commit-Position: refs/heads/master@{#37991}