This reverts commit 57af681191.
This adds the checkpoint between the call and the polymorphic load.
I thought that JSCall with constant target cannot cause eager deopt,
but Canary seems to disagree (http://crbug.com/718019).
Bug: v8:5267,chromium:718019
Change-Id: I552b850db6beb93e733b371ad0e7204513da1dc4
Reviewed-on: https://chromium-review.googlesource.com/622867
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47521}
Perf sheriffs: this is going to increase GC time in v8.runtimestats
benchmarks. That time was not accounted before.
Change-Id: I656aed7ec7f4fd9f29dd4a2eff44eb25a60f21ad
Reviewed-on: https://chromium-review.googlesource.com/626636
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47520}
This reverts commit fe50e8178f.
Reason for revert: Too close to branch point
Original change's description:
> [parser] Tentative: turn on FLAG_preparser_scope_analysis.
>
> The main motivation is to get bug reports / crashes from Canary.
>
> This commit is expected to break all kinds of things! The most typical failure
> modes are crashes, CHECK failures and JavaScript executing incorrectly.
>
> BUG=v8:5516
>
> Change-Id: Ifa02b420ad4e8eda46002b334bed2665c8ceeeb2
> Reviewed-on: https://chromium-review.googlesource.com/623751
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47502}
TBR=adamk@chromium.org,marja@chromium.org,cbruni@chromium.org
Change-Id: I98d2d186cbde6e185b05ef0d3460115a654b6b45
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5516
Reviewed-on: https://chromium-review.googlesource.com/626796
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47519}
Also remove a few bits of related dead code in Parser.
Bug: v8:6092
Change-Id: I310936341fe3e6193e36983723985a190d5d278b
Reviewed-on: https://chromium-review.googlesource.com/621958
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47518}
In a parallel marker world the recursion just avoids proper work
stealing.
It is removed in a separate CL to see the impact of recursive marking on
the benchmarks.
Bug: chromium:750084
Change-Id: Id37ae029e386b45c94e5fecbf349b31d2573d5c0
Reviewed-on: https://chromium-review.googlesource.com/625881
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47516}
Since we don't create an AllocationSite for the empty object literal, the
TF lowering bailed out early and used the slow runtime call as a fallback.
Bug: chromium:757596, v8:6211
Change-Id: I68307ff2d0870c35f07c3aad4cd10cf08e378686
Reviewed-on: https://chromium-review.googlesource.com/625619
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47514}
Reland of https://chromium-review.googlesource.com/c/v8/v8/+/623790
Add a --read-from-tcp flag to d8, which makes file reads (including
reading files from arguments, and the load and read builtins) read the
file contents off a TCP socket using a simple request/response protocol.
On top of this, add a script for transparently running d8 on an android
device using adb. The script loads d8 onto the device, starts a file
server providing the above protocol, and uses the above flag to run a d8
which loads javascript sources off the computer rather than off the
device.
Change-Id: I82a25be900c7608ed4c3a35828757a870ca2e115
Reviewed-on: https://chromium-review.googlesource.com/626396
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47513}
This reverts commit 29ad123568.
Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/19576
Original change's description:
> [d8] Allow reading files from a TCP socket
>
> Add a --read-from-tcp flag to d8, which makes file reads (including
> reading files from arguments, and the load and read builtins) read the
> file contents off a TCP socket using a simple request/response protocol.
>
> On top of this, add a script for transparently running d8 on an android
> device using adb. The script loads d8 onto the device, starts a file
> server providing the above protocol, and uses the above flag to run a d8
> which loads javascript sources off the computer rather than off the
> device.
>
> Change-Id: Icaa0577beb9bcd4f93476faa3ad8fb8b0a165e6e
> Reviewed-on: https://chromium-review.googlesource.com/623790
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47511}
TBR=rmcilroy@chromium.org,leszeks@chromium.org
Change-Id: I2de4a12aa8cb0d228df3e5793d997b9145f4da42
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/626017
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47512}
Add a --read-from-tcp flag to d8, which makes file reads (including
reading files from arguments, and the load and read builtins) read the
file contents off a TCP socket using a simple request/response protocol.
On top of this, add a script for transparently running d8 on an android
device using adb. The script loads d8 onto the device, starts a file
server providing the above protocol, and uses the above flag to run a d8
which loads javascript sources off the computer rather than off the
device.
Change-Id: Icaa0577beb9bcd4f93476faa3ad8fb8b0a165e6e
Reviewed-on: https://chromium-review.googlesource.com/623790
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47511}
This CL:
- removes the trampoline pc from deoptimization input
data and deoptimization state. This is no longer needed given
that we added this information to the safepoint table in
https://chromium-review.googlesource.com/c/v8/v8/+/596027).
This should also fixed the regression mentioned in
https://bugs.chromium.org/p/chromium/issues/detail?id=752873
- searches for the exception handler in the safepoint table.
- removes the code used for patching which is no longer needed.
Bug: v8:6563
Change-Id: I6cedc18c371f5707b7e0e1a8da409375ce1ebe5e
Reviewed-on: https://chromium-review.googlesource.com/595547
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47507}
CSA::AllocateSeq{One,Two}ByteString used its own home-grown handling to
allocate very large strings. This CL refactors both methods to use
AllocationFlags::kAllowLargeObjectAllocation instead. Callers now need
to specify explicitly if large-object allocation is possible or not.
Bug: chromium:636391
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I0b7ffb0b083f4e977cea42c500f8f2ee1c60519f
Reviewed-on: https://chromium-review.googlesource.com/625738
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47504}
LengthAndHashOffset describes the value stored in the offset better.
Bug: v8:6404
Change-Id: Ie5ea2a362c54aa03e0a4e314d1adb8b91d74a044
Reviewed-on: https://chromium-review.googlesource.com/624458
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47503}
The main motivation is to get bug reports / crashes from Canary.
This commit is expected to break all kinds of things! The most typical failure
modes are crashes, CHECK failures and JavaScript executing incorrectly.
BUG=v8:5516
Change-Id: Ifa02b420ad4e8eda46002b334bed2665c8ceeeb2
Reviewed-on: https://chromium-review.googlesource.com/623751
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47502}
Code aging is no longer supported by any remaining compilers now
that full codegen has been removed. This CL removes all vestiges of
code aging.
BUG=v8:6409
Change-Id: I945ebcc20c7c55120550c8ee36188bfa042ea65e
Reviewed-on: https://chromium-review.googlesource.com/619153
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47501}
Instead of creating a new character stream to re-parse the asm.js module,
use the existing stream which was used by the parser. By doing this, we
avoid accessing the heap if the original character stream is a streaming
source or an external string, which will enable asm.js verification to run
off-thread in those situations.
BUG=v8:5203
Change-Id: I5dbf83c993512eb2f3dd709120e152e3f9900bdf
Reviewed-on: https://chromium-review.googlesource.com/616723
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47500}
Does a couple of cleanups on interpreter assembler:
- Adding naming to the variable fields to improve debugability
- Grouping functions which deal with loading the state passed between
bytecode handlers (e.g. bytecode array / offset / etc.).
- Fix some comments in interpreter-generator.cc
Change-Id: I9decefebbdf7830a7ce75dd46e8a69a1db3c4cc8
Reviewed-on: https://chromium-review.googlesource.com/625797
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47499}
This makes sure that shift expressions (not wrapped in parentheses) can
appear as part of the index in a valid heap access expression. Only the
last operand of a sequence of shift expressions is taken into account
when validating the heap access.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-6700
BUG=v8:6700,chromium:754751
Change-Id: Icc7a71bd64461da4d3daea41b995964e3dfc6dc6
Reviewed-on: https://chromium-review.googlesource.com/623811
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47497}
If the elements fixed array is large enough, it must be allocated in
large-object space. This fixes two cases in which we'd incorrectly
assume elements fits into new space.
There are potentially quite a few other spots affected by a similar
issue, and we should find a more robust solution. See also:
crbug.com/636391.
Bug: v8:6716
Change-Id: I91f09355ac6b7cf399e13cc21d34113a506e58fb
Reviewed-on: https://chromium-review.googlesource.com/623808
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47495}
This reverts commit 9e839fce32.
Reason for revert: Wrong fix as we are not allowed to cache wrappers.
Original change's description:
> [heap] Fix incremental wrapper tracing toggle
>
> The flag is always on and support for turning it off is broken with
> conservative barriers.
>
> Bug:
> Change-Id: I1ff548f95d220bf0fcb6df7a1bf5f8a342163696
> Reviewed-on: https://chromium-review.googlesource.com/624494
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47482}
TBR=ulan@chromium.org,mlippautz@chromium.org
Change-Id: I90bc547a88cb8220c7261c607ef359df38e3bdf2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/623868
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47494}
There's no need for this code to be completely architecture specific.
Bug: v8:6563
Change-Id: I90aa1aa76fa266a247d8f374459a6eb6469c8c75
Reviewed-on: https://chromium-review.googlesource.com/612340
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47493}
Now that we no longer store the hash in the hash_code_symbol, we can
do a fast lookup on the kPropertiesOrHash offset instead.
Bug: v8:5717
Change-Id: I8724db3c9eb82c3f98aef650b54ae36b76fd12fd
Reviewed-on: https://chromium-review.googlesource.com/624377
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47491}
There's no need for these to be static.
Bug: v8:5717
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia704cdcb9ee9666c7724b78d58c56217cd5876ae
Reviewed-on: https://chromium-review.googlesource.com/624869
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47490}
This no longer causes allocation, so it's safe to unhandlify.
This will allow us to use directly call into C++ (via CallCFunction)
to calculate the hash instead of going through the runtime (via
%GenericHash).
Bug: v8:5717
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia561efb4d89d7a3d10c28913537b45b3ce477bb3
Reviewed-on: https://chromium-review.googlesource.com/624519
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47489}
PPC instr has 16bits to represent an imm, load constant
in register if imm is not in the range [-2^15, 2^15)
R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
Log=N
Bug:
Change-Id: Id9aa97538b1f93f01d5a297b6256e1b082f06ca1
Reviewed-on: https://chromium-review.googlesource.com/624714
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#47487}
This feature is a stage 3 proposal implemented as a
wrapper around ICU that categorizes singular/plural/etc
grammatical forms based on a number and locale.
Based on littledan's work started here:
https://codereview.chromium.org/2736543002/
Bug: v8:5601
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I4107cd28be72413ec43aa1ff0f4fe6e181a290f4
Reviewed-on: https://chromium-review.googlesource.com/562298
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47485}
This is a performance experiment. We will revert it if it causes
regressions.
The idea is that many map transitions are only performed once; but if
they are done by a non-UNINITIALIZED StoreIC, we would always create
a handler for them. With this CL, handler creation is postponed until
the second time a given transition is done. The first time, the IC
simply remains in its previous state.
Change-Id: I0fb2989bb675a09ed7b329520346048ad2049f94
Reviewed-on: https://chromium-review.googlesource.com/622147
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47483}
The flag is always on and support for turning it off is broken with
conservative barriers.
Bug:
Change-Id: I1ff548f95d220bf0fcb6df7a1bf5f8a342163696
Reviewed-on: https://chromium-review.googlesource.com/624494
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47482}
Some C libraries, notably Musl, define the regs member as a void pointer,
hence we need to use the gp_regs member instead.
Change-Id: I1ca2dbdba79a03ff81c25438c87c767d7a7cece4
Reviewed-on: https://chromium-review.googlesource.com/602327
Reviewed-by: Jaideep Bajwa <bjaideep@ca.ibm.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47481}
This API generates inspectRequested call with hints.queryObjects flag.
It's not possible to expose this method by itself since command line
API methods can leak.
R=pfeldman@chromium.org
Bug: v8:6732
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3c582186f65d84a25eed910925a1b6ab36966a72
Reviewed-on: https://chromium-review.googlesource.com/622370
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47480}
The new node behave the same as its counterpart, CallCFunction, with the
additional saving and restoring caller saved registers before and after
the function call.
Bug: chromium:749486
Change-Id: I0a1dfb2e4e55f7720541a00e6d16fd20220f39ed
Reviewed-on: https://chromium-review.googlesource.com/620709
Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47479}
Runtime.queryObjects method:
1. force gc,
2. iterate through heap and get all objects with passed constructorName
or with passed constructor name in prototype chain,
3. return these objects as JSArray.
Main use case is regression tests for memory leaks.
R=pfeldman@chromium.org,alph@chromium.org,ulan@chromium.org
Bug: v8:6732
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I52f0803366f14bb24376653615d870a4f21f83e7
Reviewed-on: https://chromium-review.googlesource.com/619594
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47478}
When merging effect phis, we currently do not try to merge information
for any variables that are merged by phis on the same control merge.
This CL implements a very limited version of merging map information
for nodes: If all the map information for all inputs of the phi
is the same, we assign that map information to the phi itself. This
is somewhat consistent with merging map information for a node:
there we also combine the information only if in all incoming
paths we have teh same set of maps.
In theory, we could union the sets of maps. Also, we could consider
merging other information (such as abstract fields).
This yields some small improvement (~2%) on the Octane deltablue
benchmark.
Bug: v8:5267
Change-Id: I9447732e3f0d06eb44632db492782fa35529f9fd
Reviewed-on: https://chromium-review.googlesource.com/622792
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47475}
Changes the contract of the parser to have a valid character stream passed
in the ParseInfo rather than the current situation where either:
- it is passed explicitly (e.g., for streaming scripts)
- a Script is passed and a character stream is created for this
- or a source and encoding is passed in ParseInfo and the character stream
is created from this.
The parse info also now owns the character stream (in a unique_ptr). It
can be destroyed using a new ResetCharacterStream() function. This will
enable the character stream to be kept live if any functions are asm.js
modules which were parsed, in order to be reused by the asm.js parser.
BUG=v8:5203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ifda167391b2eadb38ebf9fcb2f565d2ed9ea3c6f
Reviewed-on: https://chromium-review.googlesource.com/616767
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47474}
This reverts commit a241576fa1.
Bytecode array visitor has a side-effect of incrementing the age counter.
This patch makes the increment atomic and thus safe for the concurrent
marker.
Bug: chromium:694255
Change-Id: Ibe1d75714a5911385b06e52ed50b5f152ec6b73d
Reviewed-on: https://chromium-review.googlesource.com/622432
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47472}
