Only FullCodegen code ever gets flushed by code flushing. Since we are
deprecating the old pipeline, the added complexity introduced by code
flushing is no longer worth it. This CL removes it (but keeps code aging,
which is used to unlink SFIs from the compilation cache).
BUG=v8:6389,v8:6379,v8:6409
Change-Id: I90de113a101f86dbeaaf0511c61a090ef12aa365
Reviewed-on: https://chromium-review.googlesource.com/507388
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45446}
This adds a bunch of assertions to CSA, mostly about documenting and checking
parameter types.
Drive-by-change: Removed unused function.
BUG=v8:6325
Review-Url: https://codereview.chromium.org/2847923003
Cr-Original-Commit-Position: refs/heads/master@{#45398}
Committed: b14a981496
Review-Url: https://codereview.chromium.org/2847923003
Cr-Commit-Position: refs/heads/master@{#45443}
Currently SIMD integer comparison ops are implemented using Lt/Le, this is
sub-optimal on Intel, because all compares are done using pcmpgt(d/w/b) that
clobber the destination register, and will need additional instructions to
when using Lt/Le as the base implementation. This CL proposes moving to Gt/Ge
as the underlying implementation as this will only require swapping operands
on MIPS and is consistent with x86/ARM instructions.
BUG=v8:6020
R=bbudge@chromium.org, bmeurer@chromium.org, bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2874403002
Cr-Commit-Position: refs/heads/master@{#45440}
Bug:v8:6055
Change-Id: Ifeac048e5bee2d1782cdaaabe9f5257129b7be0e
Reviewed-on: https://chromium-review.googlesource.com/508528
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Loo Rong Jie <loorongjie@gmail.com>
Cr-Commit-Position: refs/heads/master@{#45437}
The WebAssembly code now uses these new APIs to allocate memory with guard
regions. Guarded array buffers are no longer always external, which eliminates
a lot of special cases around WebAssembly memory.
Bug: chromium:720302
Change-Id: I355b74ac30a05a18c8b363bd256d57458742849f
Reviewed-on: https://chromium-review.googlesource.com/505715
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45436}
All targets (at least on sanitizer builds) unconditionally depend
on //build/config/sanitizers:deps.
It is necessary for bug 593874 that all targets now also depend
on //buildtools/third_party/libc++:libcxx_proxy. This requires
adding a new "global dependency": //build/config:exe_and_shlib_deps.
This CL updates references to sanitizers:deps to instead refer to
//build/config:exe_and_shlib_deps.
BUG=chromium:723069
R=bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2894013003
Cr-Commit-Position: refs/heads/master@{#45435}
GeneratorClose is pretty simple, we can handle it in the interpreter.
BUG=v8:6351
Review-Url: https://codereview.chromium.org/2891353002
Cr-Commit-Position: refs/heads/master@{#45434}
This CL enforces passing an AssemblerDebugInfo object to Bind, most convently
acheived by the BIND macro.
Change-Id: I092714f10803f529d01d2fe716b96275b2bee806
Reviewed-on: https://chromium-review.googlesource.com/508729
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45433}
Call the templated handle(T) function instead of
Handle<T>() as it's slighly simpler to read.
Bug:
Change-Id: I7d8dc6ffae1dc1c609cd6bce230adbe62aaf451b
Reviewed-on: https://chromium-review.googlesource.com/509568
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45430}
This fixes crashes during validation when trying to construct modules
with excessively large function tables. The {WasmModuleBuilder} now
gracefully checks against existing WebAssembly implementation limits.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-715455
BUG=chromium:715455
Change-Id: Ia9738cb0b49a1eb4caf073b75301c0303f295699
Reviewed-on: https://chromium-review.googlesource.com/509530
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45429}
In the current implementation the decision to inline polymorphic function
calls applies to all functions. Either we inline all of them or none of
them. Also, we decide to inline if the size of one of function is less
than the FLAG_max_inlined_nodes.
This cl changes it to a decision on individual functions. In the case of
polymorphic calls, we might inline some of the functions and not inline
others.
Bug:
Change-Id: I2f4049b5e55445b4858b260d289c96090c6aaa74
Reviewed-on: https://chromium-review.googlesource.com/508668
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45428}
On map change of an object this patch checks that
- either GC was notified about this change,
- or the change leaves the slot set of the object the same.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2886223002
Cr-Commit-Position: refs/heads/master@{#45427}
This is in order to avoid triggering the generation of deopt entries
later during code assembly.
R=jarin@chromium.org
Bug: v8:6048
Change-Id: I51fb508cfc5d715b6a5b2fded90b19c9f21d4d9f
Reviewed-on: https://chromium-review.googlesource.com/508789
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45426}
Task creation often dominates the actual work that is being done.
Bug: chromium:722989
Change-Id: Ibdd6ffa6f3154f17dc6ccbd30475710b97e802e7
Reviewed-on: https://chromium-review.googlesource.com/508783
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45425}
This adds reporting of linking failures (i.e. module instantiation)
similar to the existing reporting for validation failures. Note that
the messages in question are deterministic and can be tested.
R=clemensh@chromium.org
Change-Id: Ibecebefb86f1d878f626702c05fd0cb21189dc2a
Reviewed-on: https://chromium-review.googlesource.com/507488
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45421}
Reason for revert:
Going a different way with this, as Chromium don't want the additional files.
Original issue's description:
> Add DEPS.chromium for recursive DEPS tracking.
>
> DEPS.chromium allows the Chromium build system's DEPS to recurse into V8's own
> dependencies. Initially, this is populated with some tests files for the ARM64
> simulator.
>
> BUG=chromium:718439
>
> Review-Url: https://codereview.chromium.org/2880293002
> Cr-Commit-Position: refs/heads/master@{#45310}
> Committed: f8a6c6c48eTBR=machenbach@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:718439
Review-Url: https://codereview.chromium.org/2891323002
Cr-Commit-Position: refs/heads/master@{#45420}
This simplifies the growing strategy used in {ZoneBuffer} and also tunes
the initial sizes used for various instances of these buffers. Note that
such a {ZoneBuffer} is used for entire modules and individual function
bodies.
R=clemensh@chromium.org
Change-Id: I99a0898589984e1830c681845fabb0ed5f8317ab
Reviewed-on: https://chromium-review.googlesource.com/508711
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45419}
In a recent CL I moved the corpus of the wasm fuzzer and of the
wasm-asmjs fuzzer to a different directory
(wasm_corpus and wasm_asmjs_corpus) so that the corpus is not executed
on the try-bots. With this CL I remove the old corpus from the
.gitignore file.
In addition I removed the hooks for wasm_corpus and
wasm_asmjs_corpus from the V8 DEPS file, because in a V8 checkout
they are not used anyway.
I also added code to the test runner to delete all *.wasm files
from the directories test/fuzzer/wasm and test/fuzzer/wasm_asmjs.
This code should be removed in a week, but it will help my coworkers
to cleanup their V8 checkout.
R=bradnelson@chromium.orgCC=machenbach@chromium.org
Change-Id: I9fdf9d77b71b133f84f7e744763d65fdf127d624
Reviewed-on: https://chromium-review.googlesource.com/505614
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45417}
In crrev.com/2856103002 sentinel frequency values were introduced, using
NaN as the sentinel. However the comparison function was not *fully*
updated to support these - comparing two NaNs would give ambiguous
results. This caused test failures when building with VS 2017, probably
because of subtle changes in the arrangement of nodes in the tree.
This change uses the the node ID to break ties. An alternative would be
to use a non-NaN sentinel value.
R=bmeurer@chromium.org
BUG=chromium:722480
Review-Url: https://codereview.chromium.org/2894433004
Cr-Commit-Position: refs/heads/master@{#45415}
Introduce a flag --max-inlined-nodes-absolute that is used to limit the
number of nodes that we inline even in the presence of small function
inlining, so that TurboFan graphs don't grow arbitrary large.
BUG=chromium:724084,v8:6395,v8:6278,v8:6344,v8:6394
TBR=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2894523005
Cr-Commit-Position: refs/heads/master@{#45414}
This refactoring makes it easier to write advanced tests and
gives full control over what's happening to the test code.
It also forces description for every test.
BUG=none
Review-Url: https://codereview.chromium.org/2891213002
Cr-Commit-Position: refs/heads/master@{#45412}
As per spec, (https://github.com/WebAssembly/design/pull/1068), we
don't have compile/instantiate overloads anymore, instead, we
have explicitly named members.
This change introduces the new APIs, implements instantiateStreaming
based on compileStreaming, and uses the existing embedder mechanism.
It does not yet remove the functionality from compile/instantiate -
we do that after we adopt the new APIs on the blink side.
Also, it temporarily handles exceptions on the v8 side, which is also
something we'll move to the blink side.
Bug:
Change-Id: I77673b1c0d395dfcf13b2f25464fd5dfd99c8d82
Reviewed-on: https://chromium-review.googlesource.com/508852
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45411}
Port 73d21080c9
Original Commit Message:
Now that the optimized code hangs off the feedback vector, it is possible
to check whether a function has optimized code available every time it's
called in the interpreter entry trampoline. If optimized code exists, the
interpreter entry trampoline 'self-heals' the closure to point to the
optimized code and links the closure into the optimized code list.
R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:6246
LOG=N
Review-Url: https://codereview.chromium.org/2897483002
Cr-Commit-Position: refs/heads/master@{#45410}
- moved all extensions to inspector_test.cc;
- properly supported multiple context groups and sessions;
- better isolation between components;
- better infrastructure in protocol-test.
BUG=chromium:590878
Review-Url: https://codereview.chromium.org/2890463004
Cr-Commit-Position: refs/heads/master@{#45409}
If the new Free function is not implemented, but we are freeing a Normal
allocation, as opposed to one with guard regions, we can fall back on the
existing Free function.
Because guard regions are not yet used in normal circumstances, this will let
embedders who have not implemented the improve ArrayBuffer::Allocator interface
to continue working.
Bug:
Change-Id: I2e30b523ef7493ab288110b90d8f994bfcfbc9b7
Reviewed-on: https://chromium-review.googlesource.com/508897
Commit-Queue: Eric Holk <eholk@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45408}
WebAssembly needs to be able to allocate memory with guard regions, which
requires more functionality from the array buffer allocator. This change adds
functions for reserving memory regions and changing the memory protection.
This CL also includes some minor refactoring of the code to free array buffers.
Bug: chromium:720302
Change-Id: Iab9a266003043b0d36592a79668d1eea53952abf
Reviewed-on: https://chromium-review.googlesource.com/506377
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45407}
Split BytecodeGenerator::VisitSuspend into two pieces, one for
building the suspension code and one for resumption (these
are split into separate Build methods for convenience).
Each gets its own RegisterAllocationScope, which allows us to
reduce the register file size of the empty generator by 1.
For consistency, rename VisitGeneratorPrologue() to
BuildGeneratorPrologue() to match the names of the two
newly-created methods.
This relands the patch originally committed in
98927ea51b, as the test failure
due to that change was a code flushing bug. Code flushing was
disabled in de4a4095cf.
R=rmcilroy@chromium.org
Bug: v8:6379
Change-Id: Ifb4deafea99693c0a4e8646cf4e9884c7374cfc6
Reviewed-on: https://chromium-review.googlesource.com/508814
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45406}
Varblock scopes can be treated as the "same scope" as their surrounding
function scope for the purposes of hole check elimination, as
source position comparison is sufficient to determine statically that
uses in the varblock scope are after initialization in the function scope.
This allows the elimination of hole checks of lexically-bound parameter
variables in functions with complex parameters, including rest parameters.
The pre-existing code compared DeclarationScopes for legacy reasons:
varblock scopes (and Scope::GetClosureScope()) did not exist at the
time this code was originally written.
R=neis@chromium.org
Bug: v8:6344, v8:6414
Change-Id: Ie787d58d1ea172e893788a9c716d3b6868980ab8
Reviewed-on: https://chromium-review.googlesource.com/508242
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45405}
This reverts commit ce538f70c1.
Reason for revert: breaks BOM handling (thus breaking Outlook web apps).
Original change's description:
> [parser] Refactor streaming scanner streams.
>
> Unify, simplify logic, reduce UTF8 specific handling.
>
> Intend of this is also to have stream views.
> Stream views can be used concurrently by multiple threads, but
> only one thread may fetch new data from the underlying source.
> This together with unified stream view creation is intended to be
> used for parse tasks.
>
> BUG=v8:6093
>
> Change-Id: Ied8e93090c506d4735080298f0fdaeed32043915
> Reviewed-on: https://chromium-review.googlesource.com/501789
> Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45336}
TBR=marja@chromium.org,vogelheim@chromium.org,jochen@chromium.org,wiktorg@google.com
BUG=v8:6093, chromium:724166
Change-Id: I022a23b8052d20d83a640c07b7864c622548bf90
Reviewed-on: https://chromium-review.googlesource.com/508888
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45404}
This patch adds HeapObject::set_map_after_allocation method that
initializes the map of the object without object layout checks.
All other map setters now check that transitions unsafe for
concurrent marking properly notify the GC.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2885883004
Cr-Commit-Position: refs/heads/master@{#45403}
Port bfa319e5d3
Original Commit Message:
We already had an optimization to turn Function.prototype.apply with
arguments object, i.e.
function foo() { return bar.apply(this, arguments); }
into a special operator JSCallForwardVarargs, which avoids the
allocation and deconstruction of the arguments object, but just passes
along the incoming parameters. We can do the same for rest parameters
and spread calls/constructs, i.e.
class A extends B {
constructor(...args) { super(...args); }
}
or
function foo(...args) { return bar(1, 2, 3, ...args); }
where we basically pass along the parameters (plus maybe additional
statically known parameters).
For this, we introduce a new JSConstructForwardVarargs operator and
generalize the CallForwardVarargs builtins that are backing this.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:6407,v8:6278,v8:6344
LOG=N
Review-Url: https://codereview.chromium.org/2887153004
Cr-Commit-Position: refs/heads/master@{#45402}
Generators were previously treated as "top level" for preparsing purposes,
since all their variables are context-allocated. But doing so isn't quite
correct: the allocation of the "arguments" variable for a generator
depends on whether it's referenced, and so an inner arrow function
which references "arguments" won't properly trigger allocation of
"arguments" since the reference will not be noticed in the preparser.
The same problem exists for "this" since commit 68f0a47b28a96a4966e7b747bfa304b555e726d1;
before that commit, all generators implicitly referenced their "this" argument
as part of the desugaring. With that implicit reference gone, "this"
falls into the same problem as arguments.
This patch restricts the special "top level" treatment to modules,
which have only a trivial "this" binding (it's always undefined), and no
arguments binding. Moreover, all code inside modules is strict, meaning
that unresolved references to "this" will also result in undefined.
R=marja@chromium.org
Bug: chromium:723132
Change-Id: I814d145fb8f3f1a65abb48e4e35595428d063051
Reviewed-on: https://chromium-review.googlesource.com/508055
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45399}
