Simplify zone discarding for preparsed functions by simply giving the preparser
its own zone that we reset whenever we finish preparsing something.
Change-Id: I3135fbbcd6caefa4654b1ae2b2207377e51bee26
Reviewed-on: https://chromium-review.googlesource.com/1238614
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56146}
... which are generated from ALLOCATION_SITE_LIST and DATA_HANDLER_LIST respectively.
Bug: v8:8015
Change-Id: Ib729628e6b65ad98ff50234572f8edf2854f83ad
Reviewed-on: https://chromium-review.googlesource.com/1238517
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56143}
This also makes the {AddCodeCopy} method more specific to only apply to
import wrappers, otherwise the use of {set_code} would be unprotected.
R=clemensh@chromium.org
BUG=v8:8015
Change-Id: I62561560f57e4cc235a338c0e769e50ff55ec42d
Reviewed-on: https://chromium-review.googlesource.com/1238477
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56137}
Remove the following runtime functions, which are not used throughout
the code base anymore:
- %GetWeakMapEntries
- %GetWeakSetValues
- %MapIteratorClone
- %SetIteratorClone
- %StringNotEqual
- %FunctionGetName
- %IsConstructor
- %SetCode
Bug: v8:8015
Change-Id: Iaf441d58e9b9bc77ef5bf93cb82ada87fb1ff5a7
Reviewed-on: https://chromium-review.googlesource.com/1238574
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56136}
This did unnecessarily much work, part of it even didn't make sense
due to my misunderstanding of the different ownership notions.
Bug: v8:7790
Change-Id: I8f630b544d2fa9d583ceb7e496e88b9a655385a7
Reviewed-on: https://chromium-review.googlesource.com/1236955
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56135}
Rather than allocating one in the zone and swapping them on discardable zone
swap, we simply swap the zone in the inferrer and allow the stacks to grow in
the outer zone. The inner segments will be dropped anyway.
This also introduces a PreParserFuncNameInferrer that just has dummy
implementations. That way we can avoid checking whether fni_ is nullptr at
runtime.
Change-Id: I0ff41b16d31571fc4606fd46b705d80b423343eb
Reviewed-on: https://chromium-review.googlesource.com/1238573
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56132}
When constructing a TypedArray by length, only actually setup the
JSTypedArray instance once the buffer is allocated, as only at that
time it's known whether the byte length is fine. Otherwise we confuse
the heap verifier.
Bug: chromium:887891
Change-Id: I407ff9a2a053dd11ef764e4e32f482abb27eb0a8
Reviewed-on: https://chromium-review.googlesource.com/1238494
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56131}
Remove %ToPrimitive, %ToPrimitive_Number, %SameValue and %SameValueZero,
as these runtime functions were only used from tests. For the %SameValue
we use Object.is() to test the internal algorithm (the actual one even),
and for %SameValueZero we use Set#has() - this was already the case for
most uses anyways.
Also drop %IsDate and %ValueOf, which didn't have uses at all.
Bug: v8:8015
Change-Id: Ice26d25e68aed4d5d8adac0547c56aedf9826b13
Reviewed-on: https://chromium-review.googlesource.com/1237677
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56127}
The JSToInteger operator is not used anywhere in TurboFan nowadays, so
no point in keeping the dead code in the tree.
Bug: v8:8015
Change-Id: If03ba63c4b932ba0aac60b9bbc89fee3909a93c6
Reviewed-on: https://chromium-review.googlesource.com/1238238
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56126}
The order in which ToNumber(left) and ToPrimitive(right,hint Number)
is called when performing an abstract relational comparison is
observable, and we need to make sure to trigger the conversions in
the correct order.
Bug: chromium:687063
Change-Id: Idc9edb99643c4cf1774b89dcdc319ed5dc7cdc8a
Reviewed-on: https://chromium-review.googlesource.com/1236557
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56125}
This test is currently flaky on TSAN and blocks the roll.
Bug: v8:8209
Change-Id: I0ca32d39f5570b458d56801b9a72ff3c428678d5
Reviewed-on: https://chromium-review.googlesource.com/1237676
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56122}
Properly test the abstract equality - both JSEqual and JSNotEqual - for
the case of symbols. Also add tests for the corner cases of the
JSObjectIsArray operator, which is used to implement Array.isArray()
builtin.
Bug: v8:8015
Change-Id: Ib008e85553d04527a5992a904ec77774761f872e
Reviewed-on: https://chromium-review.googlesource.com/1238237
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56121}
Handlers were recently moved to the builtins table, and we never added
full support for this flag. It doesn't add much value and lazy
deserialization is scheduled for mid-term removal anyways, so let's
just delete it.
--lazy-deserialization now controls both builtin- and
handler-deserialization behavior.
Bug: v8:6624
Change-Id: Iffb7286a00157966abf99158ba629ce4765536d6
Reviewed-on: https://chromium-review.googlesource.com/1238235
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56117}
Improve the lowering of CheckedInt32Div and CheckedUint32Div for the
case that the right hand side is a known (positive) power of two, as
in that case it's sufficient to just check the relevant bits on the
left hand side and then shift by the appropriate amount of bits.
This is significantly faster than what TurboFan is able to generate
from the general lowering, even with all the MachineOperatorReducer
magic (it even shows as a steady ~1.5% overall improvement on the
Kraken crypto ccm benchmark).
Also turn the general CheckedInt32Div lowering into readable code again,
and make sure that all the bailout cases are properly covered by mjsunit
tests (i.e. the "division by zero" bailout was not covered properly).
Bug: v8:8015
Change-Id: Ibfdd367a6ee5d70dcaa48801858042c5029b7004
Reviewed-on: https://chromium-review.googlesource.com/1236954
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56115}
The previous tests didn't cover the case Number.isSafeInteger(x)
where TurboFan was unable to tell that `x` is always a Number and
thus had to use the ObjectIsSafeInteger operator instead.
Bug: v8:8015
Change-Id: I9bdbfa602fe0bf8c5fb2bc6c160ace7ab0bc0aaa
Reviewed-on: https://chromium-review.googlesource.com/1238234
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56114}
Again in the spirit of https://chromium-review.googlesource.com/1226033
we can simplify the handling of NumberDivide and decide the lowering
based on the feedback type.
Drive-by-fix: Add test coverage for the relevant corner cases of the
NumberDivide handling in SimplifiedLowering.
Bug: v8:8015
Change-Id: I0edaca0fddb31d64d2c269268e87a32a687a0b26
Reviewed-on: https://chromium-review.googlesource.com/1236262
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56113}
The ObjectIsArrayBuffer simplified operator, which is used to implement
the ArrayBuffer.isView() builtin, didn't have any test coverage.
Bug: v8:8015
Change-Id: Ia15e35bc4ae61627137f7a89976560a8d3db771f
Reviewed-on: https://chromium-review.googlesource.com/1238215
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56112}
Even in the embedded bytecode handler configuration, there's currently
no guarantee that all handlers are eager. Specifically, on ia32
handlers are currently not embedded and thus lazy.
We need to keep lazy deserialization logic around until that is no
longer the case.
Bug: v8:6624
Change-Id: Ie4ec5f0fcd9890ed96a5df3bf3654e85379f92ae
Reviewed-on: https://chromium-review.googlesource.com/1236261
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56110}
Without this the call to `formatFailureText` in `test-async.js`
fails but goes unnoticed since the promise change is rejects
which is not handled. And d8 silently ignores the the unhandled
rejections.
Once `formatFailureText` was added it reveals a but where several
tests were expecting `.equal` to be a deepEquals. Specifically:
test/mjsunit/es6/promise-all.js
test/mjsunit/harmony/async-generators-resume-return.js
test/mjsunit/harmony/async-generators-return.js
test/mjsunit/harmony/async-generators-yield.js
Making equals call `deepEquals` fixed that issue.
Change-Id: I350c7d916147eaa7cf873bdaf273aebbaaa833c5
Reviewed-on: https://chromium-review.googlesource.com/1236852
Commit-Queue: Sam Clegg <sbc@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56107}
GCC 7.x doesn't like it (-Werror=subobject-linkage) when a class
either derives from a class or has a member field of a type that
was declared in an anonymous namespace.
It is also opposed (-Werror=attributes) to visibility attributes
being defined at explicit template instantiations.
GCC 8.x further has reservations (-Werror=class-memaccess) about
letting memset/memcpy modify areas within non-POD objects.
Change-Id: Ic5107bb5ee3af6233e3741e3ef78d03a0a84005a
Reviewed-on: https://chromium-review.googlesource.com/1208306
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56106}
Previously, Atomics.notify was just an alias to Atomics.wake, which
doesn't quite let us add a use counter for these individual builtins.
This patch refactors the existing Atomics.wake into a separate
function that is called from two separate builtins.
Bug: v8:7883
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: If54c8f769b7949d88d327cfb2f70db394f32a0b7
Reviewed-on: https://chromium-review.googlesource.com/1234581
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56105}
This CL extracts the branch into a new function. Previously, the branch
is only used to copy a FixedArray to a new FixedArray. The new function
generalizes this to allow copying from a FixedDoubleArray to a
FixedArray also. This function will be useful in a follow-up CL to copy
a FixedDoubleArray with holes into a FixedArray where holes are replaced
by undefined.
Bug: chromium:881273, v8:7980
Change-Id: I8a0e5f933fc152a12d67810f4cbcfdce094d44af
Reviewed-on: https://chromium-review.googlesource.com/1230913
Commit-Queue: Hai Dang <dhai@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56101}
They both do the same thing, and UnoptimizedCompileJobTest.CompileFailureToFinalize was
failing on arm due to stack size parameters.
BUG=v8:8041
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I2506aed026420c2634d5cd41b0dc268debb512eb
Reviewed-on: https://chromium-review.googlesource.com/1236814
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56099}
