External string resources of length {0} have a {nullptr} data since
https://crrev.com/c/1424861.
This CL fixes allocation of an external one-byte string from such a
resource.
R=ishell@chromium.org
Bug: chromium:995108
Change-Id: Ic8ef507d808583c1b529085d990d705058953f03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781051
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63543}
Use the position of commas in async arrow expressions to mark the
initializer position of any parameters that might have been set in the
preceding parameter.
This extends https://chromium-review.googlesource.com/c/v8/v8/+/1710671
to async arrow heads.
Bug: v8:8510, chromium:997320
Change-Id: I98e0ac817c7f53fbf1dced98fb6891a386ee7803
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781057
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63542}
The implementation on wasm-bigint has been done, as far as I can tell.
There are no spec tests yet, only an out-dated copy of the original
spec tests which don't pass anymore. Therefore I disabled all the tests
for now and created a tracking bug at https://crbug.com/v8/9673.
R=adamk@chromium.org
Bug: v8:7741, v8:9673
Change-Id: I015846cc6008ad266402b6835e634723a1a076da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781050
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63541}
This CL adds an overloaded function PerfJitLogger::LogWriteDebugInfo
for writing JIT_DEBUG_INFO record into jitdump file. With this CL,
perf-annotate can display profiling information of JITted code with
the corresponding source code interleaved.
Change-Id: Ie1271e08b69712c81129335825467d83674d7938
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672531
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Zhiguo Zhou <zhiguo.zhou@intel.com>
Cr-Commit-Position: refs/heads/master@{#63539}
AllocatePages (used to allocate the embedded blob's backing store
during mksnapshot) has allocation address, size, and alignment
parameters. Both address and size are expected to be aligned, but we
were only aligning size properly. This CL also aligns the address (and
adds a bunch of comments as well).
Bug: v8:9677
Change-Id: Ia739682236c74278bcaf1c9b7c9c4b3e0b0c5582
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784277
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63538}
This reverts commit 8b89a7c32d.
Reason for revert: GC Stress tests timing out.
See https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/24272
Original change's description:
> Update GetIterator bytecode to load and call object[Symbol.iterator]
>
> The functionality of the GetIterator bytecode introduced previously is
> now extended from loading the @@iterator property to calling the property
> as well. This change basically absorbs the functionality of additional
> two bytecodes - Star, CallProperty0 in the GetIterator bytecode.
> Importantly, this change handles the cases of eager and lazy deoptimization
> in the middle of the bytecode, i.e., lazy deopt for LdaNamedProperty and
> eager deopt of the CallProperty0 bytecode, using the continuation builtins.
> This mechanism can work as a template for the future bytecode that require
> handling such inter-bytecode deopt scenario. The tests evaluating the eager
> and lazy deopt scenarios are also included.
>
> Bug: v8:9489
> Change-Id: I93eb022bbc3d37582407820aa8482a343cac6c12
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758313
> Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63528}
TBR=rmcilroy@chromium.org,neis@chromium.org,leszeks@chromium.org,tebbi@chromium.org,swapnilgaikwad@google.com
Change-Id: I9ae475f71275f71f1b9e60b8bf0578e21ce2704b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9489
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783736
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63536}
This reverts commit 93063ade0f.
Reason for revert: Clusterfuzz found issue.
Original change's description:
> [heap] Remove size from invalidated slots
>
> Slots are always valid inside an invalidated area when outside the
> respective object's current size. This allows us to remove the size
> from the InvalidatedSlots data structure.
>
> This change was enabled by https://crrev.com/c/1771793.
>
> Bug: v8:9454
> Change-Id: I2b5a7234d47227cb6ad8d67de20e9b5a2028ae83
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1773242
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63510}
TBR=ulan@chromium.org,sigurds@chromium.org,tebbi@chromium.org,dinfuehr@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9454
Change-Id: I7daf96cf50aaedd4dbdab48fd550182df94e54bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783106
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63535}
memcpy doesn't like being called with dest=nullptr and size=0.
Change-Id: Ie01991834a867991ff51287cbe43d22f636b800e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781695
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63529}
The functionality of the GetIterator bytecode introduced previously is
now extended from loading the @@iterator property to calling the property
as well. This change basically absorbs the functionality of additional
two bytecodes - Star, CallProperty0 in the GetIterator bytecode.
Importantly, this change handles the cases of eager and lazy deoptimization
in the middle of the bytecode, i.e., lazy deopt for LdaNamedProperty and
eager deopt of the CallProperty0 bytecode, using the continuation builtins.
This mechanism can work as a template for the future bytecode that require
handling such inter-bytecode deopt scenario. The tests evaluating the eager
and lazy deopt scenarios are also included.
Bug: v8:9489
Change-Id: I93eb022bbc3d37582407820aa8482a343cac6c12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758313
Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63528}
This CL makes ThreadManager::InitThread *the* place that's responsible
for initializing metadata for a new thread, and ensures that all new
threads actually go through there. This was previously not the case,
and e.g. test-lockers/LockerUnlocker exposed a case where some threads
were trying to use another thread's simulator instance because the
ThreadLocalTop on the Isolate was in inconsistent state.
Change-Id: I302c643f420457f6ba73897fd45eb87969e1331c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781688
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63527}
to avoid undefined behavior on signed integer overflow.
Change-Id: Ib55b427723a81dddc26f3ce4b2b3b8cc69c9c017
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782166
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63526}
This is a reland of d82600ecc8
Added missing builtin serializations that were breaking Clusterfuzz,
layout tests and Speedometer.
Original change's description:
> [turbofan] Serialize missing objects
>
> Added a few objects to the standard objects list, as well as specific
> builtins when the corresponding runtime calls are detected in the
> serializer. Now JSHeapCopyReducer is needed only when concurrent
> inlining is disabled.
>
> Bug: v8:7790
> Change-Id: I91d933611b0352df8ede4fded665f13669591fef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781053
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63509}
Bug: v8:7790, chromium:1000136
Change-Id: I4775014bfe8100fb76f60e4088f1bdf2a8da64a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781681
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63525}
NativeContext will soon outgrow the limits of the fixed sized map.
This CL simply moves NativeContext back to the variable sized map.
Bug: v8:9463
Change-Id: I477dc5f19ed22b5b2b8d3415daad9d87e785bdcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1774185
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63524}
The important bit is using MachineType::TaggedSigned instead of AnyTagged
in CSA. Everything else, it's just the result of adding types to variables.
SloppyTNode-ify LoadAndUntagToWord32ObjectField.
Both LoadAndUntagSmi and StoreAndTagSmi were only used once, and their
names were not clear. Inline those where they were used.
TNodify:
* ReloadBytecodeOffset
* LoadAndUntagRegister
* GetInterpretedFramePointer
* Advance (the three variants)
* SaveBytecodeOffset
* BytecodeOffset
Type variables:
* interpreted_frame_pointer_
* bytecode_offset_
Create macros:
* TYPED_VARIABLE_CONSTRUCTOR
* TVARIABLE_CONSTRUCTOR
which are similar to their non-typed counterparts.
Bug: v8:7703, v8:6949
Change-Id: I776e3fe16ca642f868bb635b8bcd5b8b78ca6fea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758308
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63522}
The regexp species protector was recently moved from the isolate onto
the native context to avoid cross-context pollution of the regexp fast
path state.
The implementation was incomplete. We unconditionally used the isolate's
current native context, but it is possible for the object we are looking
at to come from a different context (= its creation context).
The fix is two-fold. 1. when speed is not too important (e.g. when
invalidating the protector), grab the creation context off the object.
2. in the regexp fast path check, just document how our current solution
is sufficient: although we may initially look at the wrong protector
cell, we'd later bail out when comparing the object's map against the
initial regexp map (stored on the current native context).
Bug: v8:9463
Change-Id: I653732b573f2dd456b3c6b723653dcacf9ead591
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776078
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63520}
Also extend load poisoning testing for arm and arm64.
This is a port of I1ef202296744a39054366f2bc424d6952c3bbe9d,
originally introduced for arm.
Change-Id: I7d317bba6be633dd1e563daa7231d3c5e930f8e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691032
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63519}
The `Instruction::IsValidImmPCOffset()` method was taking an `offset` argument
in numbers of *instructions* while we were passing it numbers of *bytes*. See
`Instruction::IsTargetInImmPCOffsetRange()` and
`MacroAssembler::NeedExtraInstructionsOrRegisterBranch()`.
As a result, we were 4 times too conservative when computing branch ranges going
backwards, forcing us to generate the following sequence for TBZ more often than
needed:
```
TBNZ <skip>
B <target>
skip:
```
This happened rarely for loops, but a lot when doing an early return from
out-of-line calls to write barriers. Since out-of-line code is easily out of
range of 8K, although the real range of TBZ is 32K.
This fixes it by changing this method to take a byte offset instead of
instructions, as this is more intuitive and in line with similar methods. For
instance, `Instruction::ImmPcOffset()` returns an offset in bytes.
The tests are adapted so that they would have caught such a bug:
* TEST(far_branch_backward):
This test used to only check the code worked if the branch was very far away,
but it didn't test the range was correct. So this test was changed to check
each branch type separately, and test in-range and out-of-range cases
separately too.
* TEST(far_branch_veneer_broken_link_chain):
Because of the backwards range bug, this test wasn't actually testing what it
should. The idea of the test is to make sure the MacroAssembler can still cope
when the chain of links is broken after a veneer was emitted. But no veneers
were ever emitted.
Change-Id: Iddb5c683a71147455175f38fa7ae57da0a3e7337
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781058
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63518}
This reverts commit ab089c7864.
Reason for revert: Breaking GC stress (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/27523)
Original change's description:
> [turbofan] Prepare for moving part of CreateGraph into the background
>
> - Pass Refs, not Handles, to graph builder, and drop bytecode array argument
> (get it from SFI instead).
> - Add some fields to FeedbackVectorRef that are needed to avoid heap access
> in BytecodeGraphBuilderPhase.
> - Rename FeedbackVectorRef's SerializeSlots to Serialize, since it's more
> than just the feedback slots.
> - Rearrange the last steps in PipelineCompilationJob::PrepareJobImpl such
> that CreateGraph is last.
>
> Bug: v8:7790
> Change-Id: I4b17790d1d74da41ba63ee68e3a33968662fc398
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781682
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63515}
TBR=neis@chromium.org,mslekova@chromium.org
Change-Id: I4dc95907657597d12cbe1ce6a8ebb694ef44e915
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7790
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781687
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63517}
In https://crrev.com/c/1768581 I only enabled the --wasm-staging flag,
but that is useless without the implications defined in
flag-definitions.h. With this CL I now just set each flag one by one.
R=clemensh@chromium.org
Bug: v8:9601
Change-Id: Ie0e16f9516aa32b8c958cf58c8c9d4d6cb6f3b22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781060
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63516}
- Pass Refs, not Handles, to graph builder, and drop bytecode array argument
(get it from SFI instead).
- Add some fields to FeedbackVectorRef that are needed to avoid heap access
in BytecodeGraphBuilderPhase.
- Rename FeedbackVectorRef's SerializeSlots to Serialize, since it's more
than just the feedback slots.
- Rearrange the last steps in PipelineCompilationJob::PrepareJobImpl such
that CreateGraph is last.
Bug: v8:7790
Change-Id: I4b17790d1d74da41ba63ee68e3a33968662fc398
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781682
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63515}
This reverts commit d82600ecc8.
Reason for revert: Blocking the roll, see https://ci.chromium.org/p/chromium/builders/try/linux-rel/181725
Original change's description:
> [turbofan] Serialize missing objects
>
> Added a few objects to the standard objects list, as well as specific
> builtins when the corresponding runtime calls are detected in the
> serializer. Now JSHeapCopyReducer is needed only when concurrent
> inlining is disabled.
>
> Bug: v8:7790
> Change-Id: I91d933611b0352df8ede4fded665f13669591fef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781053
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63509}
TBR=neis@chromium.org,mslekova@chromium.org
Change-Id: I5eb8a8371994822debb852fc2a090ba585826d4a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7790
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782157
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63514}
"--print-scopes" uses the {function_} variable to print the function
name and locals of a function scope. In case of a pre-parsed function,
the function variable of the scope lives in a zone which is nuked after
pre-parsing, while the scope lives on. This leaves the {function_}
variable pointer in the scope in a state where it points to
invalid memory, causing "--print-scopes" to crash.
This CL fixes the crash by properly resetting the {function_}
pointer.
TBR=verwaest@chromium.org
Change-Id: Id24dbb605bec883317f676265a920fe0ca662301
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776094
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63513}
Those object types can carry embedder fields as they are generated from
embedder-provided function templates.
Bug: v8:9672
Change-Id: Iaea794ba8bea2ffec3559131eecfe1941479759a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781048
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63511}
Slots are always valid inside an invalidated area when outside the
respective object's current size. This allows us to remove the size
from the InvalidatedSlots data structure.
This change was enabled by https://crrev.com/c/1771793.
Bug: v8:9454
Change-Id: I2b5a7234d47227cb6ad8d67de20e9b5a2028ae83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1773242
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63510}
Added a few objects to the standard objects list, as well as specific
builtins when the corresponding runtime calls are detected in the
serializer. Now JSHeapCopyReducer is needed only when concurrent
inlining is disabled.
Bug: v8:7790
Change-Id: I91d933611b0352df8ede4fded665f13669591fef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781053
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63509}
.. and use it for generating faster loads of external references. This
changes the stack check instruction sequence from
mov ecx,0x567651dc // The address of the stack limit.
cmp esp,[ecx]
to
cmp esp,[ebx+0x3c]
This addressing mode was likely forgotten when we recently added root
register support on ia32.
Bug: chromium:998751,v8:9534
Change-Id: I3521519da1e9d373dfcd83831b3e399e0e9c895b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781056
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63508}
Similar to https://crrev.com/c/1781047, WordEqual already does the right
truncation in the instruction selector.
Bug: v8:8948
Change-Id: I92e74bafab6a467aeca1570494e9044f9cf18c46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781049
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63504}
This CL adds initial tests for the tier-up logic.
Change-Id: I6e6ff69604b14387e81b08d178f98d2227b4f496
Bug: v8:9566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776080
Commit-Queue: Ana Pesko <anapesko@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63503}
Allow the backward spilling heuristic to look and spill before the start
of the current range.
This solves a common scenario where control-flow aware allocation
cannot apply the heuristic as efficiently as splintering because it
creates smaller live ranges.
Bug: v8:9088
Change-Id: I7f8af8bb9c82849fbae0c652baa5011fd890690e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776085
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63502}
... which already does good the right job of generating 32-bit comparisons
while Word32Equal() seems to break some optimizations in TurboFan and produce
a little bit slower code.
Bug: v8:8948
Change-Id: I288656479fa32c34a7253c4879cb3566d7470a6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781047
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63501}
If a bytecode mismatch occurs, the original and new bytecode are now
printed along with the position of the bytecode mismatch.
Bug: v8:8510
Change-Id: Ia3b016fb4e0edde46944533a6a768499b20678d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1774722
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63500}
This is a reland of 0736599a69.
This is a reland of 7e1fbe8f34.
Original change description:
> [ic] In-place Double -> Tagged transitions
>
> With no more MutableHeapNumber, we can make Double -> Tagged transitions
> in-place, at the cost of an extra map check when accessing double fields
> to make sure they are still doubles.
>
> Bug: v8:9606
> Change-Id: I74ff39ed6fba62ee223cd37dfe761f7d73020e1c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743973
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63374}
TBR=verwaest@chromium.org, tebbi@chromium.org
Bug: v8:9606
Change-Id: I2d1b7416064d743582f4983fb868316b7e8a4cf2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1777661
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63499}
Print the file name instead of the function name, as the
function name can be ambiguous.
Bug: v8:7790
Change-Id: I079eb0e5a0012aff1d241618d132ecd2d3d93c8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781043
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63498}
- Add serialization for CallNoFeedback, which was missing.
- Extend serialization for CallJSRuntime.
- Serialize for calls to higher-order Array builtins.
- Serialize for calls to Function#apply and Function#call.
- Serialize for calls to Reflect.apply and Reflect.construct.
- Serialize for calls to Promise constructor.
- Fix ConvertReceiverMode in serialization for CallProperty.
Bug: v8:7790
Change-Id: I4bba6f45f9b7948ed2ba9c70bd423a23ec29ecf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763530
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63497}
When creating a new JSRegExp for a literal, we sometimes create a
boilerplate and store it in the feedback vector. Then for future
creations, we can copy the boilerplate instead of re-creating the
regexp from scratch.
When we don't have a feedback vector, we currently create a
boilerplate, copy it and return the copy, and then throw out the
boilerplate, which is unnecessary. We can just return the first
JSRegExp we create.
Change-Id: I98b4e3a3082654ea989e0e6ba1524ce080b0125c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776086
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63496}
The sanity checks never really worked since the file was missing in the
output dir. Runs bailed out with "Error loading file".
As both configurations bailed out in the same way, the correctness fuzzer
treated it as pass.
NOTRY=true
Bug: chromium:933076
Change-Id: Id3a2f7e8e3fa8c6654e3e08654d2e9e6b7010484
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1778289
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63495}
This also ignores the line number for type errors.
NOTRY=true
Bug: chromium:995075
Change-Id: I9d9a91842383eba60db858c2c2e02df7dda1a9e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1778287
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63494}
