The operator in question is guaranteed to produce a tagged value that is
not equal to the-hole, it however does not guarantee the value to be a
HeapObject. The correct representation hence is {kTagged}.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-665587
BUG=chromium:665587
Review-Url: https://codereview.chromium.org/2504183002
Cr-Commit-Position: refs/heads/master@{#41032}
The reason is that non-configurability still allows a writable property to become read-only.
BUG=chromium:663750
Review-Url: https://codereview.chromium.org/2508873002
Cr-Commit-Position: refs/heads/master@{#41029}
This is in preparation for introducing more specialized
CodeStubAssembler subclasses. The state object can be handed
around, while the Assembler instances are temporary-scoped.
BUG=v8:5628
Original review: https://codereview.chromium.org/2498073002/
Review-Url: https://codereview.chromium.org/2502293002
Cr-Commit-Position: refs/heads/master@{#41028}
This brings the two utf-8 decoders (bulk + incremental) in line.
Technically, either behaviour was correct, since the utf-8 spec
demands incomplete utf-8 be handled, but does not specify how.
Unicode recommends that "the maximal subpart at that offset
should be replaced by a single U+FFFD," and with this change we
consistently do that. More details + spec references in the bug.
BUG=chromium:662822
Review-Url: https://codereview.chromium.org/2493143003
Cr-Commit-Position: refs/heads/master@{#41025}
Adds a bytecode to set and retrieve the pending message. This avoids a
runtime call in finally blocks, and also ensures that TurboFan builds a
graph using the SetMessage / LoadMessage nodes instead of inserting a
runtime call.
BUG=chromium:662334
Review-Url: https://codereview.chromium.org/2501503005
Cr-Commit-Position: refs/heads/master@{#41023}
Object::GetProperty fails if the given name is a valid array index.
This CL switches to Object::GetPropertyOrElement for lookups of imports.
The new tests check that we now accept numbers as module name or
function name in FFI.
R=ahaas@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2503313002
Cr-Commit-Position: refs/heads/master@{#41022}
We don't need to check for neutered array buffers unless at least one
JSArrayBuffer has been neutered (i.e. detached in TC39 speak). For this
we introduce a protector cell that get's invalidated on first call to
the JSArrayBuffer::Neuter() method.
R=jarin@chromium.org,ulan@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2504163002
Cr-Commit-Position: refs/heads/master@{#41021}
This CL further extends the debug wrapper, migrates around 60 tests, and
removes a few tests that use functionality we will not support anymore.
In more detail:
* Removed tests that use:
* enable/disable individual breakpoints
* invocationText()
* the ScriptCollected event
* showBreakPoints
* evalFromScript (and similar)
* mirror.constructedBy and mirror.referencedBy
* event_data.promise()
* Some frame.evaluate uses were adapted since due to differences between
remote objects (inspector) and mirrors. For instance, exceptions are
currently not recreated exactly, since the inspector protocol does not
give us the stack and message separately. Other objects (such as
'this' in debug-evaluate-receiver-before-super) need to be explicitly
converted to a string before the test works correctly.
* Ensure that inspector stores the script before sending ScriptParsed and
ScriptFailedToParse events in order to be able to use the script from
within those events.
* Better remote object reconstruction (e.g. for undefined and arrays).
* New functionality in wrapper:
* debuggerFlags().breakPointsActive.setValue()
* scripts()
* execState.setVariableValue()
* execState.scopeObject().value()
* execState.scopeObject().property()
* execState.frame().allScopes()
* eventData.exception()
* eventData.script()
* setBreakPointsActive()
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2497973002
Cr-Commit-Position: refs/heads/master@{#41019}
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared doesn't want to compile. Missing export annotation?
Original issue's description:
> [refactoring] Split CodeAssemblerState out of CodeAssembler
>
> This is in preparation for introducing more specialized
> CodeStubAssembler subclasses. The state object can be handed
> around, while the Assembler instances are temporary-scoped.
>
> BUG=v8:5628
TBR=ishell@chromium.org,mstarzinger@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5628
Review-Url: https://codereview.chromium.org/2504913002
Cr-Commit-Position: refs/heads/master@{#41018}
When we have a known JSTypedArray instance at optimization time, i.e. as
in asm.js-like use cases and also when there are global typed arrays that
are tracked via global object property constant tracking, we can generate
more efficient code in that case by specializing to the immutable internal
fields of the JSTypedArray (and the JSArrayBuffer backing it).
R=jarin@chromium.org
BUG=v8:4470,v8:5267
Review-Url: https://codereview.chromium.org/2510553002
Cr-Commit-Position: refs/heads/master@{#41017}
When we don't have a base, and the displacement returned by the
BaseWithIndexAndDisplacement64Matcher cannot be encoded as immediate,
we can still try to utilize the scale factor matching by just using
the displacement as base. This happens when we do indexed memory
accesses to known addresses.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2504123002
Cr-Commit-Position: refs/heads/master@{#41016}
This is in preparation for introducing more specialized
CodeStubAssembler subclasses. The state object can be handed
around, while the Assembler instances are temporary-scoped.
BUG=v8:5628
Review-Url: https://codereview.chromium.org/2498073002
Cr-Commit-Position: refs/heads/master@{#41015}
This was causing array buffer views created by ValueDeserializer to have
uninitialized internal fields, which lead to crashes in layout tests when
Blink tried to read those fields.
For array buffers, JSArrayBuffer::Setup is responsible for this logic
(as well as initializing the V8 fields); this is similar to that.
The runtime already seems to correctly initialize these for script-created
array buffer views as well, which is why this issue was not detected sooner.
Review-Url: https://codereview.chromium.org/2498413002
Cr-Commit-Position: refs/heads/master@{#41014}
Inferred names are currently generated for FunctionLiterals but not generated
for ClassLiterals. Without them, DevTools does not have enough information to
make descriptive descriptions.
E.g.
var x = {y: class{}};
var a = new x.y();
console.log(a);
This shows "Object{}" when it could be more descriptive "x.y {}"
BUG=v8:5621
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
Review-Url: https://codereview.chromium.org/2488193003
Cr-Commit-Position: refs/heads/master@{#41013}
In case of an allocation failure in for-in over holey elements, use precise
number of elements to allocate a smaller buffer for the collected indices.
Drive-by-fix: make is_the_hole accept the isolate for faster checks.
BUG=chromium:609761
Review-Url: https://codereview.chromium.org/2041963003
Cr-Commit-Position: refs/heads/master@{#41010}
ICU now supports uppercasing in Greek via its regular uppercasing API.
So, there's no need to use a slow transliteration API for uppercasing
in Greek.
This CL includes rolling ICU to ICU 58.1.
Besides, drop intl402/Intl/getCanonicalLocales/weird-cases from
test262.status because it passes now with ICU 58.1.
BUG=chromium:637001,v8:5012
Review-Url: https://codereview.chromium.org/2491333003
Cr-Commit-Position: refs/heads/master@{#41009}
Previously, we also used to treat the link as strong, when iterating a promoted
JSFunction.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2506633002
Cr-Commit-Position: refs/heads/master@{#41008}
This CL defines move semantics for String16, and fixes issues with the
hash code not being set correctly on swap or copy.
It also extends the interface by a few handy templates.
All this functionality will be used for the wasm translations, where
String16s are often concatenated and used as keys in hash tables.
BUG=chromium:659715
R=yangguo@chromium.org, kozyatinskiy@chromium.org
Review-Url: https://codereview.chromium.org/2493723003
Cr-Commit-Position: refs/heads/master@{#41007}
Before, we allocated one script per function per instance, and each
script referenced the wasm instance and the function index. Now we only
allocate one script per compiled wasm module, so the script also only
references this WasmCompiledModule, which causes changes to many interfaces.
Instead of fixing the disassemble API only used via debug.js, I decided
to drop it for now. Some later CL will reintroduce it via
DebugInterface.
BUG=v8:5530,chromium:659715
R=yangguo@chromium.org, titzer@chromium.orgCC=jgruber@chromium.org
Review-Url: https://codereview.chromium.org/2493823003
Cr-Commit-Position: refs/heads/master@{#41004}
It always throws an exception in the cases that it fails, so throwing another
doesn't help things.
BUG=chromium:664416
Review-Url: https://codereview.chromium.org/2495393002
Cr-Commit-Position: refs/heads/master@{#40999}
Avoid using the iterator for arrays with fast elements where the iterator has
not been modified.
Only deals with the case where there is a single spread argument.
Improves the six-speed "spread" benchmark to 1.5x slower than baseline es5 implementation, compared to 19x slower previously.
BUG=v8:5511
Review-Url: https://codereview.chromium.org/2465253011
Cr-Commit-Position: refs/heads/master@{#40998}
When generating snapshot on a machine with a different page size than
the target machine, we can run into problems as the v8 page area size
changes. This is because v8 has page guards which depend on os page
size, so if the target has larger os page, v8 page area is smaller and
may not fit the contents.
The solution proposed here is adding a flag, v8_os_page_size, that
would, if used, override local os page size and use the one specified
during snapshot generation.
BUG=
Review-Url: https://codereview.chromium.org/2488403003
Cr-Commit-Position: refs/heads/master@{#40997}
Since the liveness analysis's non-live value clearing rebuilds the state
value trees, we don't need to be smart when creating state values in the
initial graph building. This simplifies both the building and the
iteration over the state values by the liveness analyzer.
Review-Url: https://codereview.chromium.org/2495413003
Cr-Commit-Position: refs/heads/master@{#40996}
This reverses the printing scheme for the flag in question to make it
print the "positive" analysis results (i.e. variable never assigned)
instead of the "negative" results (i.e. variable maybe assigned). This
helps to spot false-positives which are much more dangerous in practice
compared to missed optimization opportunities.
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2498353002
Cr-Commit-Position: refs/heads/master@{#40993}
The patch optimizes the generation of code for kMips[64]Tst in code-generator-mips[64].cc.
We allow usage of immediate for kMips[64]Tst in VisitWordCompare in order to remove
an unnecessary immediate load to register. This fix is motivated by Richards benchark
in Octane benchmark suite, since it is used a lot there.
BUG=
Review-Url: https://codereview.chromium.org/2503833002
Cr-Commit-Position: refs/heads/master@{#40992}
Makes FunctionTemplate::HasInstance follow the hidden prototype chain
for a global proxy object and return true if the global object passes
the test.
BUG=
Review-Url: https://codereview.chromium.org/2500363002
Cr-Commit-Position: refs/heads/master@{#40989}
Currently, we are using the following sequence for load/store
with large offset (offset > 16b):
lui at, 0x1234
ori at, at, 0x5678
add at, s0, at
lw a0, 0(at)
This sequence can be optimized in the following way:
lui at, 0x1234
add at, s0, at
lw a0, 0x5678(at)
BUG=
Review-Url: https://codereview.chromium.org/2503493002
Cr-Commit-Position: refs/heads/master@{#40988}
Port 0322c20d17
Original commit message:
When storing an immediate integer or floating point zero, use the zero register
as the source value. This avoids the need to sometimes allocate a new register.
BUG=
Review-Url: https://codereview.chromium.org/2470133005
Cr-Commit-Position: refs/heads/master@{#40987}
This is to fix the performance regression by avoiding creation of a frame
in LoadIC dispatcher caused by complicated logic of CSA::EmitLoadICProtoArrayCheck().
BUG=v8:5561, chromium:660795
Review-Url: https://codereview.chromium.org/2496333002
Cr-Commit-Position: refs/heads/master@{#40986}
This shares the pending_error_handler from the parser to the preparser, allowing the preparser to directly log errors to it. This removes LogMessage from the loggers. ParserLogger::LogMessage was already unused, so this also removes error info from the preparse data altogether.
BUG=
Review-Url: https://codereview.chromium.org/2502633002
Cr-Commit-Position: refs/heads/master@{#40984}
Extract CSA::HandleLoadICSmiHandlerCase() from CSA::HandleLoadICHandlerCase() and
CSA::EmitLoadICProtoArrayCheck() from CSA::HandleLoadICProtoHandler().
This is a preliminary step for extracting LoadICProtoArrayCheck to a separate stub
which is necesary to fix the preformance regression caused by proto array
handlers support.
BUG=v8:5561, chromium:660795
Review-Url: https://codereview.chromium.org/2498013002
Cr-Commit-Position: refs/heads/master@{#40983}
A small change that brings a lot of benefit since it is used in a lot
of places.
BUG=
Review-Url: https://codereview.chromium.org/2477453005
Cr-Commit-Position: refs/heads/master@{#40982}
Fix two bugs with the runtime-profiler optimization heuristics for
interpreted code:
- Reset shared->tick_count for interpreted functions when optimizing
- Update ticks after checking whether to optimize functions, to be the
same as the FCG profiler checks (where updates are done to the code
ticks after deciding whether to optimize).
BUG=chromium:662071
Review-Url: https://codereview.chromium.org/2497933002
Cr-Commit-Position: refs/heads/master@{#40978}
This CL adds the function verification option to the module decoder.
Therefore we can remove the verification in wasm-module-runner.cc
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2496203002
Cr-Commit-Position: refs/heads/master@{#40977}
SourcePosition::InliningId() refers to a the new table DeoptimizationInputData::InliningPositions(), which provides the following data for every inlining id:
- The inlined SharedFunctionInfo as an offset into DeoptimizationInfo::LiteralArray
- The SourcePosition of the inlining. Recursively, this yields the full inlining stack.
Before the Code object is created, the same information can be found in CompilationInfo::inlined_functions().
If SourcePosition::InliningId() is SourcePosition::kNotInlined, it refers to the outer (non-inlined) function.
So every SourcePosition has full information about its inlining stack, as long as the corresponding Code object is known. The internal represenation of a source position is a positive 64bit integer.
All compilers create now appropriate source positions for inlined functions. In the case of Turbofan, this required using AstGraphBuilderWithPositions for inlined functions too. So this class is now moved to a header file.
At the moment, the additional information in source positions is only used in --trace-deopt and --code-comments. The profiler needs to be updated, at the moment it gets the correct script offsets from the deopt info, but the wrong script id from the reconstructed deopt stack, which can lead to wrong outputs. This should be resolved by making the profiler use the new inlining information for deopts.
I activated the inlined deoptimization tests in test-cpu-profiler.cc for Turbofan, changing them to a case where the deopt stack and the inlining position agree. It is currently still broken for other cases.
The following additional changes were necessary:
- The source position table (internal::SourcePositionTableBuilder etc.) supports now 64bit source positions. Encoding source positions in a single 64bit int together with the difference encoding in the source position table results in very little overhead for the inlining id, since only 12% of the source positions in Octane have a changed inlining id.
- The class HPositionInfo was effectively dead code and is now removed.
- SourcePosition has new printing and information facilities, including computing a full inlining stack.
- I had to rename compiler/source-position.{h,cc} to compiler/compiler-source-position-table.{h,cc} to avoid clashes with the new src/source-position.cc file.
- I wrote the new wrapper PodArray for ByteArray. It is a template working with any POD-type. This is used in DeoptimizationInputData::InliningPositions().
- I removed HInlinedFunctionInfo and HGraph::inlined_function_infos, because they were only used for the now obsolete Crankshaft inlining ids.
- Crankshaft managed a list of inlined functions in Lithium: LChunk::inlined_functions. This is an analog structure to CompilationInfo::inlined_functions. So I removed LChunk::inlined_functions and made Crankshaft use CompilationInfo::inlined_functions instead, because this was necessary to register the offsets into the literal array in a uniform way. This is a safe change because LChunk::inlined_functions has no other uses and the functions in CompilationInfo::inlined_functions have a strictly longer lifespan, being created earlier (in Hydrogen already).
BUG=v8:5432
Review-Url: https://codereview.chromium.org/2451853002
Cr-Commit-Position: refs/heads/master@{#40975}
CodeAssembler::CallRuntime() with 5 arguments was declared but
not implemented.
BUG=
Review-Url: https://codereview.chromium.org/2503523002
Cr-Commit-Position: refs/heads/master@{#40973}
In captured stack traces, all lines and columns must be 1-based.
Even though this makes things a bit ugly, we have to comply also for
wasm locations, where line and column encode function index and byte
offset (both are originally 0-based).
If we don't comply, the frontend might complain, as e.g. DevTools does.
BUG=chromium:659715
R=yangguo@chromium.org, kozyatinskiy@chromium.orgCC=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2493943002
Cr-Commit-Position: refs/heads/master@{#40971}
Using indices rather than pointers to probe the hashmap lets us
unconditionally mask the index to ensure it wraps around, rather than
branching on the pointer value. This produces slightly more optimal
code.
Review-Url: https://codereview.chromium.org/2488423003
Cr-Commit-Position: refs/heads/master@{#40967}
This removes the POSSIBLY_EVAL_CALL call type, and instead uses OTHER_CALL
or WITH_CALL to decide whether to do the special LOOKUP_SLOT_CALL runtime
call to find the callee and possibly update the receiver with the with-object.
This means that eval calls out of 'with' blocks can now just do a normal
LdaLookupGlobalSlot operation, which can check the context chain for eval
extentions and fast-path the lookup if none exist.
BUG=661556
Review-Url: https://codereview.chromium.org/2487483004
Cr-Commit-Position: refs/heads/master@{#40965}
Reason for revert:
It's probably needed after all but we're lacking tests.
Original issue's description:
> [ast] Simplify FetchFreeVariables.
>
> This CL removes the ParseInfo argument from FetchFreeVariables, since it seems
> to have become unnecessary.
>
> R=verwaest@chromium.org
> BUG=
TBR=verwaest@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review-Url: https://codereview.chromium.org/2495293002
Cr-Commit-Position: refs/heads/master@{#40964}
This fixes the bogus {Word32Equal} comparison in the ToString builtin
implementing Object.prototype.toString to be a pointer-size {WordEqual}
comparison instead. Comparing just the lower half-word is insufficient
on 64-bit architectures.
R=jgruber@chromium.org
TEST=mjsunit/regress/regress-crbug-664506
BUG=chromium:664506
Review-Url: https://codereview.chromium.org/2496043003
Cr-Commit-Position: refs/heads/master@{#40963}
This replaces LOOKUP_SLOT_CALL with WITH_CALL, and relies on regular lookup-slot handling in variable load to support other lookup slots (variables resolved in the context of sloppy eval). This allows optimizations for such variable loads to kick in for calls as well. We only need special handling for function calls in the context of with, since it changes the receiver of the call from undefined/global to the with-object.
This currently doesn't yet make it work for the direct eval call itself, since the POSSIBLY_EVAL_CALL flag is also used to deal with direct eval later.
BUG=
Review-Url: https://codereview.chromium.org/2480253006
Cr-Commit-Position: refs/heads/master@{#40962}
Reason for revert:
Seems to break GC stress.
Original issue's description:
> [turbofan] Fix deoptimization of boolean bit constants.
>
> BUG=chromium:664490
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:664490
Review-Url: https://codereview.chromium.org/2502613002
Cr-Commit-Position: refs/heads/master@{#40961}
Reason for revert:
Breaks CQ trybots now, i.e. https://build.chromium.org/p/tryserver.v8/builders/v8_linux_mipsel_compile_rel/builds/24703/steps/compile%20with%20ninja/logs/stdio
Original issue's description:
> MIPS: Optimize load/store with large offset
>
> Currently, we are using the following sequence for load/store with large offset (offset > 16b):
>
> lui at, 0x1234
> ori at, at, 0x5678
> add at, s0, at
> lw a0, 0(at)
>
> This sequence can be optimized in the following way:
>
> lui at, 0x1234
> add at, s0, at
> lw a0, 0x5678(at)
>
> BUG=
TBR=ivica.bogosavljevic@imgtec.com,miran.karic@imgtec.com,v8-mips-ports@googlegroups.com,dusan.simicic@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2500863003
Cr-Commit-Position: refs/heads/master@{#40959}
This helps if the polymorhpic case has other maps with fast accesses.
In box2d (with high number of iterations and warm-up), we spend about 2.7% of running time in StoreIC; after this change it is only 0.2%.
Review-Url: https://codereview.chromium.org/2494673002
Cr-Commit-Position: refs/heads/master@{#40957}
We are removing use of the debugger context. When the debugger triggers
compilation, we may not have a context from which to create a JSArray.
R=ishell@chromium.org
BUG=chromium:664577
Review-Url: https://codereview.chromium.org/2479123002
Cr-Commit-Position: refs/heads/master@{#40956}
Currently, we are using the following sequence for load/store with large offset (offset > 16b):
lui at, 0x1234
ori at, at, 0x5678
add at, s0, at
lw a0, 0(at)
This sequence can be optimized in the following way:
lui at, 0x1234
add at, s0, at
lw a0, 0x5678(at)
BUG=
Review-Url: https://codereview.chromium.org/2486283003
Cr-Commit-Position: refs/heads/master@{#40953}
Changes include:
- Adding V8_EXPORT macro for SnapshotCreator
- Removing outdated DCHECKs.
- Allow nullptr as external reference. This required a...
- Refactoring of hashmaps used by the serializer.
- Remove external references for counters. These are not used
anywhere for isolates that are being serialized.
- Put template infos into the partial snapshot cache.
- Remove unnecessary presubmit check for external references.
mksnapshot crashes if external references are missing.
R=jochen@chromium.org, vogelheim@chromium.org
BUG=chromium:617892
Review-Url: https://codereview.chromium.org/2490783004
Cr-Commit-Position: refs/heads/master@{#40949}
Port 1915762cc8
Original commit message:
These JavaScript operators were special hacks to ensure that we always
operate on Smis for the magic for-in index variable, but this never
really worked in the OSR case, because the OsrValue for the index
variable didn't have the proper information (that we have for the
JSForInPrepare in the non-OSR case).
Now that we have loop induction variable analysis and binary operation
hints, we can just use JSLessThan and JSAdd instead with appropriate
Smi hints, which handle the OSR case by inserting Smi checks (that are
always true). Thanks to OSR deconstruction and loop peeling these Smi
checks will be hoisted so they don't hurt the OSR case too much.
Drive-by-change: Rename the ForInDone bytecode to ForInContinue, since
we have to lower it to JSLessThan to get the loop induction variable
goodness.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2502503002
Cr-Commit-Position: refs/heads/master@{#40947}
Several weeks have now passed since it was deprecated; Chromium does not
call it.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2478863002
Cr-Commit-Position: refs/heads/master@{#40945}
- Creates a new promise-utils.{h, cc} which refactors out the
logic to create resolving functions. This is shared between the
runtime functions and builtins.
- Changes PromiseResolveThenableJobInfo to store the context
since we no longer create the resolving functions in JS.
- Changes EnqueuPromiseResolveThenableJob to take in the promise and
not the callbacks.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2487053002
Cr-Commit-Position: refs/heads/master@{#40941}
- Adds VmovExtended, VswpExtended methods to MacroAssembler. These methods
use only VFP registers to perform s-register moves.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2497483002
Cr-Commit-Position: refs/heads/master@{#40939}
GetSharedFunctionInfo will compile inner functions if we get the
compile-eager hint, even if the shared function info already exists, and
the function already has been compiled. This breaks suspended generator
objects.
R=mstarzinger@chromium.org, neis@chromium.org
BUG=v8:5575
Review-Url: https://codereview.chromium.org/2494043002
Cr-Commit-Position: refs/heads/master@{#40936}
Methods in the runtime that enumerate over properties should never deal with private symbols. Most commonly such methods only loop over enumerable properties. This fix avoids accidentally handling private symbols in methods that only deal with enumerable properties. Methods that need to look at non-enumerable properties as well still have to manually filter private symbols (e.g., the KeyAccumulator).
BUG=chromium:664411
Review-Url: https://codereview.chromium.org/2499593002
Cr-Commit-Position: refs/heads/master@{#40932}
Fixes incorrect checks for handle validity when checking the compiled
code, as well as incorrect uses of tst in arm and ppc flag checking
code. Also adds a test that the tier-up works correctly.
Reland of https://codereview.chromium.org/2448933002
BUG=v8:5512
Review-Url: https://codereview.chromium.org/2497573003
Cr-Commit-Position: refs/heads/master@{#40930}
Reason for revert:
Revert because it depends on https://codereview.chromium.org/2478323002/ which has been reverted.
Original issue's description:
> [compiler] Enable shared function marking by default
>
> BUG=v8:5512
TBR=bmeurer@chromium.org,leszeks@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5512
Review-Url: https://codereview.chromium.org/2491643006
Cr-Commit-Position: refs/heads/master@{#40926}
ToName conversion, i.e., ToPropertykey() is the
identify for strings and symbols.
BUG=v8:5623
Review-Url: https://codereview.chromium.org/2494073002
Cr-Commit-Position: refs/heads/master@{#40924}
This adds a new ExternalPointer type, which is an Internal type that is
used for ExternalReferences and other pointer values, like the pointers
into the asm.js heap. It also adds a PointerConstant operator, which we
use to represents these raw constants (we can probably remove that
particular operator again once WebAssembly ships with the validator).
R=mvstanton@chromium.org
BUG=v8:5267,v8:5270
Review-Url: https://codereview.chromium.org/2494753003
Cr-Commit-Position: refs/heads/master@{#40923}
According to the spec data segments are allowed even if the memory size
is zero. However, if one of the data segments has a length greater than
0, then module instantiation should fail.
I also changed the exception type in LoadDataSegments to TypeError,
because that's the exception type for all exceptions which can happen
during instantiation.
R=titzer@chromium.org, rossberg@chromium.org
TEST=cctest/test-run-wasm-module/EmptyMemoryEmptyDataSegment, cctest/test-run-wasm-module/EmptyMemoryNonEmptyDataSegment
Review-Url: https://codereview.chromium.org/2483053005
Cr-Commit-Position: refs/heads/master@{#40922}
A SmiUntag() was missing when loading the old backing store's length.
BUG=chromium:664469
Review-Url: https://codereview.chromium.org/2492783004
Cr-Commit-Position: refs/heads/master@{#40921}
Fixes incorrect checks for handle validity when checking the compiled
code, as well as incorrect uses of tst in arm and ppc flag checking
code. Also adds a test that the tier-up works correctly.
Review-Url: https://codereview.chromium.org/2478323002
Cr-Commit-Position: refs/heads/master@{#40915}
This CL moves all heap-allocated WASM data structures, both ones
that are bonafide JSObjects and ones that are FixedArrays only, into a
consistent place with consistent layout. Note that not all accessors are complete, and I haven't fully spread the new static typing goodness
to all places in the code.
R=ahaas@chromium.org,rossberg@chromium.org
CC=gdeepti@chromium.org,mtrofin@chromium.org,clemensh@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2490663002
Cr-Commit-Position: refs/heads/master@{#40913}
And decouple hydrogen-instructions.h from code-stubs.h. This avoids
all of Crankshaft being recompiled when code-stub-assembler.h changes.
Review-Url: https://codereview.chromium.org/2498563002
Cr-Commit-Position: refs/heads/master@{#40912}
This enables the on-stack replacement mechanism from Ignition bytecode
to TurboFan optimized code by default. The runtime profiler is now
allowed to arm OSR points in bytecode.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2432413004
Cr-Commit-Position: refs/heads/master@{#40911}
Fast case the monomorphic case, by marking the additional checks as deferred
blocks. This increases the code size by about 50 bytes, but the monmorphic
case requires one fewer jump and the all the code is contiguous, so may help
caching.
Also cleanup call and new bytecode handlers by changing some of the Branches
to GotoIf/Unless for better readability.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2487573005
Cr-Commit-Position: refs/heads/master@{#40910}
Utilize the string length protector to deoptimize if the resulting
string length for string addition overflows. This way we generate
less code here and avoid holding on to the lazy frame state, and
thus potentially reduce the number live ranges.
BUG=v8:5267,v8:5404
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2491943004
Cr-Commit-Position: refs/heads/master@{#40909}
The contract for TurboFan is that we use NumberConstants for any kind
of number value until the representation selection picks concrete
representations, i.e. Int32Constant or Float64Constant. We will soon
be able to also guard this contract with DCHECKs.
BUG=v8:5267
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2499573002
Cr-Commit-Position: refs/heads/master@{#40908}
Record feedback for moved pages. Aligns the behavior of the copying and moving
evacuator.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2494723002
Cr-Commit-Position: refs/heads/master@{#40905}
- A new runtime function (%create_resolving_functions) is installed to
call the CreateResolvingFunctions builtin from JS.
- Three new builtins are created - resolve and reject functions and a
third function that creates a new JSFunctions from these
resolve/reject builtins.
- The promise reject function is installed on the context temporarily
as internal_promise_reject. This should go away once we remove
PromiseSet.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2459283004
Cr-Commit-Position: refs/heads/master@{#40903}
According to the spec, import wrappers are only generated for JavaScript
functions, not for WebAssembly function. If an imported WebAssembly
function does not have the expected type, then a type error is thrown.
R=titzer@chromium.org, rossberg@chromium.org
TEST=mjsunit/wasm/test-import-export-wrapper
Review-Url: https://codereview.chromium.org/2486943005
Cr-Commit-Position: refs/heads/master@{#40901}
Port 93c6595200
Original commit message:
This changes {FrameState} nodes modeling "after" states to use bytecode
offsets pointing to the deoptimizing bytecode. This is in sync with the
normal execution, as the bytecode offset is advanced after operations
complete in regular bytecode handlers.
The change is necessary to ensure lazy deoptimized frames contain an
accurate bytecode offset while they are on the stack. Such frames can be
inspected by various stack walks. The continuation builtin will advance
the bytecode offset upon return.
R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2486393005
Cr-Commit-Position: refs/heads/master@{#40898}
This is mostly a performance experiment. If it provides no speedup,
it can be reverted to keep IC miss events in timeline plots.
Otherwise, the RuntimeCallStats system is the replacement tool for
investigating performance issues related to IC misses.
This effectively reverts 1f8adc15 / r21736.
Review-Url: https://codereview.chromium.org/2480343002
Cr-Commit-Position: refs/heads/master@{#40893}
FullCodeGen does not include CallICs in the total ic count. Fix it by
making calls to CallIC to go through CallIC function, which keeps track
of the total number of ICs.
BUG=
Review-Url: https://codereview.chromium.org/2451703002
Cr-Commit-Position: refs/heads/master@{#40889}
Ignition does not collect information about lhs and rhs types. It collects
information about the combined type of lhs, rhs and result types. Since ignition
combines the feedback, sometimes we may collect less precise information than
FCG. This impacts performance of some benchmarks like audio-beat-detection. This
cl tries to mitigate this affect by passing only full-codegen feedback when the
combined FCG feedback is same as the feedback collected by ignition.
BUG=
Review-Url: https://codereview.chromium.org/2488983002
Cr-Commit-Position: refs/heads/master@{#40888}
This changes {FrameState} nodes modeling "after" states to use bytecode
offsets pointing to the deoptimizing bytecode. This is in sync with the
normal execution, as the bytecode offset is advanced after operations
complete in regular bytecode handlers.
The change is necessary to ensure lazy deoptimized frames contain an
accurate bytecode offset while they are on the stack. Such frames can be
inspected by various stack walks. The continuation builtin will advance
the bytecode offset upon return.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-660379
BUG=chromium:660379
Review-Url: https://codereview.chromium.org/2487173002
Cr-Commit-Position: refs/heads/master@{#40887}
TurboFan can create ConsStrings with empty first parts (for history on
this decision, see da27e0c886). Add a
fast-path for such cases in String::SlowFlatten.
BUG=
Review-Url: https://codereview.chromium.org/2489273002
Cr-Commit-Position: refs/heads/master@{#40885}
We are removing use of the debugger context. When the debugger triggers
compilation, we may not have a context from which to create a JSArray.
R=ishell@chromium.org
Review-Url: https://codereview.chromium.org/2479123002
Cr-Commit-Position: refs/heads/master@{#40884}
We seem to get some small wins from avoiding the Ldr bytecodes, probably due
to reduced icache pressure since there are less bytecode handlers. Replace
the Ldr bytecodes with Star lookahead inlined into the Lda versions.
Also fixes IsAccumulatorLoadWithoutEffects to include LdaContextSlot and
LdaCurrentContextSlot
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2489513005
Cr-Commit-Position: refs/heads/master@{#40883}
With this CL, the bytecode graph builder no longer translates module
loads/stores as runtime calls but in terms of two new JS operators. These are
lowered in typed-lowering to a sequence of LoadField's.
R=bmeurer@chromium.orgCC=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2489863003
Cr-Commit-Position: refs/heads/master@{#40881}
Also remove the flag scavenge_reclaim_unmodified_objects which has been
defaulted to true for quite some time now.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2486173002
Cr-Commit-Position: refs/heads/master@{#40878}
line_ends is either undefined (if uninitialized) or a fixed array (after
Script::InitLineEnds). All accesses from JS have been removed, therefore
we can skip assigning a COW map and remove the accessor.
Review-Url: https://codereview.chromium.org/2490903002
Cr-Commit-Position: refs/heads/master@{#40876}
This adds information about an exception's caught/uncaught status to the
Runtime.paused event in the data parameter:
{
"method": "Debugger.paused",
"params": {
"callFrames": [
[...]
],
"data": {
"description": "666",
"type": "number",
"uncaught": true, <---
"value": 666
},
"hitBreakpoints": [],
"reason": "exception"
}
}
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2488733003
Cr-Commit-Position: refs/heads/master@{#40875}
