This CL implements a streaming decoder which takes the bytes
of a wasm module as an input, potentially split into multiple
chunks, and decodes them into segments. Each segment either
contains the payload of a whole section, or the code of a
single function. The goal is that the streaming decoder is
used for streaming compilation. That's where the interface
comes from, see
(https://cs.chromium.org/chromium/src/v8/include/v8.h?q=OnBytesReceived&sq=package:chromium&l=4060)
Error positions are not reported correctly at the moment. I
plan to do this in a separate CL.
Change-Id: I6e3df6a91945c7baec2dc4f5de2e5f47636083df
Reviewed-on: https://chromium-review.googlesource.com/471350
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45250}
That's cleaner than having every target depending on v8 include icu
itself.
BUG=none
R=machenbach@chromium.org
Change-Id: Icaa9e8670718664041a6efe2622366c89b733f81
Reviewed-on: https://chromium-review.googlesource.com/500127
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45196}
With this CL we share code among the wasm fuzzers which construct a
module and run it in the interpreter and as compiled code.The fuzzers
themselves only contain the code now which creates the module and the
parameters.
BUG=v8:6325
R=eholk@chromium.org
Change-Id: I1c2d8b013531c86cb27837f1b8ec89d2688c536b
Reviewed-on: https://chromium-review.googlesource.com/490048
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45156}
This CL migrates the CPP builtin to CSA with fast paths for strings
that can be unpacked to direct one-byte strings. Short strings are
handled directly in CSA, others need to call into C for conversion.
Microbenchmarks for "abcd".toLowerCase() show speedups of 2.5x.
BUG=v8:6353,v8:6344
Review-Url: https://codereview.chromium.org/2859203002
Cr-Commit-Position: refs/heads/master@{#45141}
This flag generates false positives, since gcc inlines functions and
propagates constants, and then applies the check.
Drive-by: Refactor the checks that triggered the error to avoid
explicit casts.
R=jochen@chromium.org, machenbach@chromium.org
BUG=v8:6341
Change-Id: I86aebf402cbd2502ef17622a000a5bb777fd4b43
Reviewed-on: https://chromium-review.googlesource.com/494474
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45096}
This reverts commit 7683df248a.
Reason for revert: doesn't help with gcc, so removing
Original change's description:
> Disable -Werror=attributes on gcc
>
> The warning triggers even if the attributes don't change - it's enough
> to declare them multiple times. Given that the other compilers don't
> complain, just disable the warning on gcc for now.
>
> R=jkummerow@chromium.org,mtrofin@chromium.org
> BUG=v8:6339
> NOTRY=true
>
> Change-Id: Ie0fcc4feeb8568d4ab74ac65f6887523f3cdcbf9
> Reviewed-on: https://chromium-review.googlesource.com/494106
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45045}
TBR=jkummerow@chromium.org,machenbach@chromium.org,mtrofin@chromium.org,gsathya@chromium.org,jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6339
Change-Id: I581e4f0499ae0d7e3bc791fd6fa9988aabe64c5e
Reviewed-on: https://chromium-review.googlesource.com/494469
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45052}
The warning triggers even if the attributes don't change - it's enough
to declare them multiple times. Given that the other compilers don't
complain, just disable the warning on gcc for now.
R=jkummerow@chromium.org,mtrofin@chromium.org
BUG=v8:6339
NOTRY=true
Change-Id: Ie0fcc4feeb8568d4ab74ac65f6887523f3cdcbf9
Reviewed-on: https://chromium-review.googlesource.com/494106
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45045}
This patch adds a concurrent marking deque that exposes the same interface
for the main thread as the existing marking deque.
The matching interface makes the concurrent marking deque a drop-in
replacement for the sequential marking deque without any change in
mark-compactor and incremental marker.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2810893002
Cr-Commit-Position: refs/heads/master@{#45042}
Remains to port these fixes over to gyp.
R=machenbach@chromium.org, jkummerow@chromium.org, mstarzinger@chromium.org
BUG=v8:6325
Change-Id: I3bebbc6d0ec52fcb60e3d51acd27e616f51d3dbb
Reviewed-on: https://chromium-review.googlesource.com/490108
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45026}
This reverts commit 4968b2c4d1.
Reason for revert: Speculative revert for severe perf regression
https://bugs.chromium.org/p/chromium/issues/detail?id=716468#c3
Original change's description:
> [intl] Switch to using declared accessors
>
> This patch cleans up the Intl code by switching to using declared
> accessors, rather than embedder fields, for holding references to
> ICU objects. Additionally:
> - Rename classes to be more similar to how other classes are named
> - Make some unreachable paths into check-fails, rather than throwing
> JS exceptions
> - Move some macros from objects-inl.h into object-macros.h, to allow
> the implementation here to not touch objects.h
> - Some setup logic is moved from runtime-i18n.cc to i18n.cc.
>
> This patch leaves type tags as they are; a future patch should move
> from a special Intl type tagging system to object types as other system
> objects use. Future patches should also move more logic to i18n.cc
>
> BUG=v8:5402,v8:5751,v8:6057
> CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
>
> Change-Id: Ia9cbb25cf8f52662e3deb15e64179d792c10842c
> Reviewed-on: https://chromium-review.googlesource.com/479651
> Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44804}
TBR=adamk@chromium.org,marja@chromium.org,mstarzinger@chromium.org,littledan@chromium.org,jwolfe@igalia.com
# Not skipping CQ checks because original CL landed > 1 day ago.
BUG=v8:5402,v8:5751,v8:6057
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I7a45d7def1f1de0f21e3efb7de9b31f6bcfea46d
Reviewed-on: https://chromium-review.googlesource.com/490328
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44992}
This patch adds a new interface called RootVisitor and changes the root
iteration functions to accept a RootVisitor instead of an ObjectVisitor.
Future CLs will change ObjectVisitor to provide the host object to all
visiting functions, which will bring it in sync with static visitors.
Having separate visitors for roots and objects removes ambiguity in
VisitPointers and reduces chances of forgetting to record slots.
This is intended as pure refactoring. All places that require behavior
change are marked with TODO and will addressed in future CLs.
BUG=chromium:709075
Review-Url: https://codereview.chromium.org/2801073006
Cr-Commit-Position: refs/heads/master@{#44852}
This header file is only used from tests.
Also, move the LoadStoreOpcodeOf method (only used in tests) from
wasm-opcodes.h to wasm-macro-gen.h.
R=ahaas@chromium.org
Change-Id: I8d4691be494b5c1fbe3084441329850930bad647
Reviewed-on: https://chromium-review.googlesource.com/486861
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44845}
wasm-macro-gen.h is mainly used from tests, but LocalDeclEncoder is
also used from various other places.
This CL moves the LocalDeclEncoder to an own compilation unit. We want
to later move wasm-macro-gen.h to the tests folder.
It also refactors the LocalDeclEncoder to reuse the
LEBHelper::write_u32v and LEBHelper::sizeof_u32v methods instead of
reimplementing it.
R=ahaas@chromium.org
Change-Id: Ia4651436f0544578da7c1c43596d343571942e97
Reviewed-on: https://chromium-review.googlesource.com/486724
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44838}
This patch cleans up the Intl code by switching to using declared
accessors, rather than embedder fields, for holding references to
ICU objects. Additionally:
- Rename classes to be more similar to how other classes are named
- Make some unreachable paths into check-fails, rather than throwing
JS exceptions
- Move some macros from objects-inl.h into object-macros.h, to allow
the implementation here to not touch objects.h
- Some setup logic is moved from runtime-i18n.cc to i18n.cc.
This patch leaves type tags as they are; a future patch should move
from a special Intl type tagging system to object types as other system
objects use. Future patches should also move more logic to i18n.cc
BUG=v8:5402,v8:5751,v8:6057
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ia9cbb25cf8f52662e3deb15e64179d792c10842c
Reviewed-on: https://chromium-review.googlesource.com/479651
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44804}
- Split out code for Intl objects into src/objects/
- Rename i18n to intl (except for the name of the build flag)
- Use build system more broadly to turn on/off Intl code
- Delete a little bit of dead code
Bug: v8:5751
Change-Id: I41bf2825a5cb0df20824922b17c24cae637984da
Reviewed-on: https://chromium-review.googlesource.com/481284
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44801}
A lot of web sites around the world has hack which replaces native console.assert by function with fast return.
Current console.assert is slow because we need to run CPP builtin but we should enter this builtin iff condition is false or omitted.
BUG=v8:6175
R=ishell@chromium.org,dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2828933002
Cr-Commit-Position: refs/heads/master@{#44752}
This patch retires runtime.js:
- Removes some dead code from runtime.js (ToPositiveInteger, ToIndex),
- Moves Array.prototype initialization to prologue.js
- Moves SpeciesConstructor to the only file that calls it (typedarray.js)
- Renames the remainder to reflect its only inhabitants ({Max,Min}Simple)
Change-Id: If9048a30c4f6b86396bfd647bb637b4175880fc3
Reviewed-on: https://chromium-review.googlesource.com/478579
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44730}
What will we get:
- console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
- it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
- console calls are ~ 15% faster.
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
BUG=v8:6175
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2785293002
Cr-Original-Original-Original-Commit-Position: refs/heads/master@{#44353}
Committed: 55905f85d6
Review-Url: https://codereview.chromium.org/2785293002
Cr-Original-Original-Commit-Position: refs/heads/master@{#44355}
Committed: cc74ea0bc4
Review-Url: https://codereview.chromium.org/2785293002
Cr-Original-Commit-Position: refs/heads/master@{#44416}
Committed: f5dc738cda
Review-Url: https://codereview.chromium.org/2785293002
Cr-Commit-Position: refs/heads/master@{#44702}
Change-Id: I9973858f2596a9bc4d66afbb26612189fbded7f3
Reviewed-on: https://chromium-review.googlesource.com/478413
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44658}
This reverts commit cc047635ff.
The CL was reverted due to a missing DEPS mirror.
Original issue's description:
> ARM64: Add NEON support
>
> Add assembler, disassembler and simulator support for NEON in the ARM64 backend.
>
> BUG=
>
> Review-Url: https://codereview.chromium.org/2622643005
> Cr-Commit-Position: refs/heads/master@{#44306}
BUG=
Review-Url: https://codereview.chromium.org/2812573003
Cr-Commit-Position: refs/heads/master@{#44652}
The BytecodePipeline is no longer used by any optimizers, so remove it and
connect the BytecodeArrayBuilder directly to the BytecodeWriter.
Also remove some functions from BytecodeNode which are no longer used.
BUG=v8:6194
Change-Id: Id2ec94ff1d4db41b108a778100459283fbb2256c
Reviewed-on: https://chromium-review.googlesource.com/471528
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44619}
Since --trace-ignition now has to be enabled at snapshot-building time,
this patch adds it as a gn build option.
Change-Id: I5d55339a7be7eef4e1f9da46ec44fbfd431325b7
Reviewed-on: https://chromium-review.googlesource.com/474905
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44583}
Move dead bytecode elimination from a seperate bytecode pipeline optimizer
into the BytecodeArrayWriter. This removes the last bytecode pipeline
optimizer, which means we can remove the Bytecode pipeline which,
which should increase compile speed.
BUG=v8:6194
Change-Id: I47fb3c3463b2b8a92e02cf7a6b608683fcfa5261
Reviewed-on: https://chromium-review.googlesource.com/471407
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44568}
All the optimizations have now been moved to either the BytecodeGenerator
or the BytecodeArrayWriter/Builder.
BUG=v8:6194
Change-Id: Ie5c5d55e824c94ffb503af376c72bc64ad1f6f81
Reviewed-on: https://chromium-review.googlesource.com/469349
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44564}
and out of the main library. This saves about 5% of binary size
(800KB on x64, 373KB on android_arm).
Only the GN build is supported; the GYP build is maintained working
but does not support the feature.
Previously landed as 4782bc0df8 / r44412.
BUG=v8:6055
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_nosnap_rel;
Review-Url: https://codereview.chromium.org/2760233005
Cr-Commit-Position: refs/heads/master@{#44489}
Reason for revert:
I think that this CL breaks chromium compilation on windows with clang (). All other CLs in the list looks trivial and don't change test/unittest/BUILD.gn.
[42456/47924] CXX obj/v8/test/unittests/unittests/value-serializer-unittest.obj
[42457/47924] LINK unittests.exe unittests.exe.pdb
FAILED: unittests.exe unittests.exe.pdb
E:/b/depot_tools/python276_bin/python.exe ../../build/toolchain/win/tool_wrapper.py link-wrapper environment.x64 False link.exe /nologo /OUT:./unittests.exe /PDB:./unittests.exe.pdb @./unittests.exe.rsp
bitmap-unittest.obj : error LNK2019: unresolved external symbol "public: void __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::Add(class v8::internal::AllocationObserver * const &,class v8::internal::FreeStoreAllocationPolicy)" (?Add@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAAXAEBQEAVAllocationObserver@23@VFreeStoreAllocationPolicy@23@@Z) referenced in function "public: virtual void __cdecl v8::internal::Space::AddAllocationObserver(class v8::internal::AllocationObserver *)" (?AddAllocationObserver@Space@internal@v8@@UEAAXPEAVAllocationObserver@23@@Z)
slot-set-unittest.obj : error LNK2001: unresolved external symbol "public: void __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::Add(class v8::internal::AllocationObserver * const &,class v8::internal::FreeStoreAllocationPolicy)" (?Add@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAAXAEBQEAVAllocationObserver@23@VFreeStoreAllocationPolicy@23@@Z)
bitmap-unittest.obj : error LNK2019: unresolved external symbol "public: bool __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::RemoveElement(class v8::internal::AllocationObserver * const &)" (?RemoveElement@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAA_NAEBQEAVAllocationObserver@23@@Z) referenced in function "public: virtual void __cdecl v8::internal::Space::RemoveAllocationObserver(class v8::internal::AllocationObserver *)" (?RemoveAllocationObserver@Space@internal@v8@@UEAAXPEAVAllocationObserver@23@@Z)
slot-set-unittest.obj : error LNK2001: unresolved external symbol "public: bool __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::RemoveElement(class v8::internal::AllocationObserver * const &)" (?RemoveElement@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAA_NAEBQEAVAllocationObserver@23@@Z)
./unittests.exe : fatal error LNK1120: 2 unresolved externals
Original issue's description:
> [snapshot] Move builtins generation into mksnapshot
>
> and out of the main library. This saves about 5% of binary size
> (800KB on x64, 373KB on android_arm).
>
> Only the GN build is supported; the GYP build is maintained working
> but does not support the feature.
>
> BUG=v8:6055
> CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_nosnap_rel;
>
> Review-Url: https://codereview.chromium.org/2760233005
> Cr-Commit-Position: refs/heads/master@{#44412}
> Committed: 4782bc0df8TBR=jgruber@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2803903002
Cr-Commit-Position: refs/heads/master@{#44422}
What will we get:
- console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
- it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
- console calls are ~ 15% faster.
BUG=v8:6175
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2785293002
Cr-Original-Original-Commit-Position: refs/heads/master@{#44353}
Committed: 55905f85d6
Review-Url: https://codereview.chromium.org/2785293002
Cr-Original-Commit-Position: refs/heads/master@{#44355}
Committed: cc74ea0bc4
Review-Url: https://codereview.chromium.org/2785293002
Cr-Commit-Position: refs/heads/master@{#44416}
and out of the main library. This saves about 5% of binary size
(800KB on x64, 373KB on android_arm).
Only the GN build is supported; the GYP build is maintained working
but does not support the feature.
BUG=v8:6055
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_nosnap_rel;
Review-Url: https://codereview.chromium.org/2760233005
Cr-Commit-Position: refs/heads/master@{#44412}
Reason for revert:
http://crbug.com/v8/6198
Original issue's description:
> [inspector] move console to builtins
>
> What will we get:
> - console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
> - it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
> - console calls are ~ 15% faster.
>
> BUG=v8:6175
> R=dgozman@chromium.org
>
> Review-Url: https://codereview.chromium.org/2785293002
> Cr-Original-Commit-Position: refs/heads/master@{#44353}
> Committed: 55905f85d6
> Review-Url: https://codereview.chromium.org/2785293002
> Cr-Commit-Position: refs/heads/master@{#44355}
> Committed: cc74ea0bc4TBR=dgozman@chromium.org,kozyatinskiy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6175
Review-Url: https://codereview.chromium.org/2790343002
Cr-Commit-Position: refs/heads/master@{#44358}
What will we get:
- console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
- it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
- console calls are ~ 15% faster.
BUG=v8:6175
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2785293002
Cr-Original-Commit-Position: refs/heads/master@{#44353}
Committed: 55905f85d6
Review-Url: https://codereview.chromium.org/2785293002
Cr-Commit-Position: refs/heads/master@{#44355}
Reason for revert:
console.toString() should return "[object Object]"
Original issue's description:
> [inspector] move console to builtins
>
> What will we get:
> - console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
> - it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
> - console calls are ~ 15% faster.
>
> BUG=v8:6175
> R=dgozman@chromium.org
>
> Review-Url: https://codereview.chromium.org/2785293002
> Cr-Commit-Position: refs/heads/master@{#44353}
> Committed: 55905f85d6TBR=dgozman@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6175
Review-Url: https://codereview.chromium.org/2795003003
Cr-Commit-Position: refs/heads/master@{#44354}
What will we get:
- console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
- it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
- console calls are ~ 15% faster.
BUG=v8:6175
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2785293002
Cr-Commit-Position: refs/heads/master@{#44353}
This reverts commit 4506382dce.
We don't allow DEPS'ing things outside googlesource. This requires a
mirror. Also .gitignore entry is missing.
NOTRY=true
NOTREECHECKS=true
NOPRESUBMIT=true
TBR=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2785183005
Cr-Commit-Position: refs/heads/master@{#44307}
Add assembler, disassembler and simulator support for NEON in the ARM64 backend.
BUG=
Review-Url: https://codereview.chromium.org/2622643005
Cr-Commit-Position: refs/heads/master@{#44306}
The source set only contained a header file, which caused problems
when compiling a static library with VS.
R=machenbach@chromium.org
BUG=v8:6158
Change-Id: I3eed4a888e72cf6a2917190e4a1db7b38006cd0c
Reviewed-on: https://chromium-review.googlesource.com/463027
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44263}
- Introduce new struct AsyncGeneratorRequest, which holds
information pertinent to resuming execution of an
AsyncGenerator, such as the Promise associated with the async
generator request. It is intended to be used as a singly
linked list, and holds a pointer to the next item in te queue.
- Introduce JSAsyncGeneratorObject (subclass of
JSGeneratorObject), which includes several new internal fields
(`queue` which contains a singly linked list of
AsyncGeneratorRequest objects, and `await_input` which
contains the sent value from an Await expression (This is
necessary to prevent function.sent (used by yield*) from
having the sent value observably overwritten during
execution).
- Modify SuspendGenerator to accept a set of Flags, which
indicate whether the suspend is for a Yield or Await, and
whether it takes place on an async generator or ES6
generator.
- Introduce interpreter intrinsics and TF intrinsic lowering for
accessing the await input of an async generator
- Modify the JSGeneratorStore operator to understand whether or
not it's suspending for a normal yield, or an AsyncGenerator
Await. This ensures appropriate registers are stored.
- Add versions of ResumeGeneratorTrampoline which store the
input value in a different field depending on wether it's an
AsyncGenerator Await resume, or an ordinary resume. Also modifies
whether debug code will assert that the generator object is a
JSGeneratorObject or a JSAsyncGeneratorObject depending on the
resume type.
BUG=v8:5855
R=bmeurer@chromium.org, rmcilroy@chromium.org, jgruber@chromium.org,
littledan@chromium.org, neis@chromium.orgTBR=marja@chromium.org
Change-Id: I9d58df1d344465fc937fe7eed322424204497187
Reviewed-on: https://chromium-review.googlesource.com/446961
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44240}
Move builtin definitions (i.e. BUILTIN_LIST and family) to a separate header
in preparation for auto-generation of TFS interface descriptors.
BUG=v8:6116
Review-Url: https://codereview.chromium.org/2784793002
Cr-Commit-Position: refs/heads/master@{#44221}
Add the --fast-validate-asm option, which directs asm.js code
to a new parser + validator + wasm code generator,
which is then compiled using WebAssembly.
This parser takes advantage of asm.js structure to linearly parse
asm.js code, keeping a scope stack + a few additional tables to track
varibles.
BUG=v8:6090
BUG=v8:4203
R=mstarzinger@chromium.org,marja@chromium.org,vogelheim@chromium.org,kschimpf@chromium.org
Review-Url: https://codereview.chromium.org/2757693003
Cr-Commit-Position: refs/heads/master@{#44084}
Move ICU case conversion utility functions to a common location.
BUG=v8:5751
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
Review-Url: https://codereview.chromium.org/2728763006
Cr-Commit-Position: refs/heads/master@{#44050}
This CL also
1) turns (Add/Subtract)WithFeedbackStub into builtins
2) makes interpreter use BinaryOpAssembler directly
3) drops unused (Multipy/Divide/Modulus)WithFeedbackStubs
BUG=v8:6116
Change-Id: I994aba6442f173535c13dfbaaafae1033de3f2ce
Reviewed-on: https://chromium-review.googlesource.com/458438
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44042}
... which is a TF_BUILTIN-like wrapper for defining code stubs.
BUG=v8:6116
Change-Id: Iad599dfc71a50c5082d9e3fba2a7b553b9912207
Reviewed-on: https://chromium-review.googlesource.com/458476
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44022}
This frees up the InterpreterAssembler for no longer being linked
into the main library.
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2759093004
Cr-Commit-Position: refs/heads/master@{#43979}
as InterpreterGenerator. This is in preparation for no longer including
the bytecode handler generation code in the main library.
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2765433003
Cr-Commit-Position: refs/heads/master@{#43949}
This is a first bulk of changes.
BUG=v8:6116
Change-Id: I9308129bd032c0bf5b60c8e0413ee2cb710891ea
Reviewed-on: https://chromium-review.googlesource.com/456556
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43930}
Default to the chromium-internal build config (instead of the more
permissive no_chromium_code config).
BUG=v8:5878
Review-Url: https://codereview.chromium.org/2758563002
Cr-Commit-Position: refs/heads/master@{#43909}
Adding a custom lexer for asm.js parsing.
It takes advantage of a number of asm.js properties to simply things:
* Assumes 'use asm' is the only string.
* Does not handle unicode for now (tools don't emit it).
* Combines global + local string table with lexer.
R=marja@chromium.org,vogelheim@chromium.org,kschimpf@chromium.org
BUG=v8:4203
BUG=v8:6090
Review-Url: https://codereview.chromium.org/2751693002
Cr-Commit-Position: refs/heads/master@{#43874}
The current incarncation of DuplicateFinder does work that
AstValueFactory already does. All that remains is that
DuplicateFinder wraps a container.
Adding const-ness changes were necessary to have IsDuplicateSymbol
be const.
BUG=v8:6092
Change-Id: I8081cfeef363717405d5b6325e290fe7725390dc
Reviewed-on: https://chromium-review.googlesource.com/456317
Commit-Queue: Marja Hölttä <marja@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43872}
This is another step towards making calls to builtins more convenient.
Builtins::CallableFor is an automatically generated Callable accessor for TFS
builtins (whereas previously we had to manually add an accessor to
code-factory.{h,cc}).
CSA::CallBuiltin is a convenience wrapper around CallStub for TFS builtins.
We can begin removing accessors for TFS builtins from CodeFactory in an
upcoming commit.
BUG=v8:5737
Review-Url: https://codereview.chromium.org/2752213002
Cr-Commit-Position: refs/heads/master@{#43865}
This is in preparation for linking the former only into mksnapshot.
Just shuffling code around, no changes in functionality.
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2752143004
Cr-Commit-Position: refs/heads/master@{#43858}
When a FunctionEntryHook parameter was passed to isolate creation,
we ignored any existing snapshots anyway. Since the ability to
bootstrap from scratch will be removed from snapshot builds, the
FunctionEntryHook feature must depend on a no-snapshot build.
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2733203002
Cr-Commit-Position: refs/heads/master@{#43779}
As the code isn't used, but would have to be ported from hand-written
assembly to CodeStubAssembler anyways, I propose to remove it and
restore it if we decide that we actually need it.
R=vogelheim@chromium.org
BUG=
Change-Id: Iffd7fc6ec534b1dd7a9144da900424355c8a7a02
Reviewed-on: https://chromium-review.googlesource.com/453461
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43763}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Original-Commit-Position: refs/heads/master@{#43523}
Committed: a5af7fe9ee
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Commit-Position: refs/heads/master@{#43755}
Committed: 338622d7ca
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43759}
This reverts the previous revert, commit
5a04f4fd68.
Previously reverted changes:
> Revert "[SAB] Move Atomics builtins to C++"
>
> This reverts commit 2b9840d86f.
>
> Revert "[SAB] Remove unreachable Uint8Clamped atomics paths"
>
> This reverts commit d1160fb14f.
>
> Revert "Remove tiny unit test for MinSimple/MaxSimple"
>
> This reverts commit 837760ecb7.
>
> Revert "Remove infrastructure for experimental JS natives"
>
> This reverts commit 8cfe45b6f1.
These changes were reverted to improve a perf regression on a Chrome
bot. Since then, the regression has reappeared, then disappeared again
all from seemingly unrelated changes.
BUG=v8:6033
TBR=adamk@chromium.org,hpayer@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2732213005
Cr-Commit-Position: refs/heads/master@{#43758}
Reason for revert:
ASAN breakage, such as https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/19111/steps/Check/logs/grow-memory
Original issue's description:
> [wasm] Initial signal handler
>
> This is basically the minimum viable signal handler for Wasm bounds checks.
> It includes the TLS check and the fine grained instructions checks. These
> two checks provide most of the safety for the signal handler. Future CLs will
> add code range and data range checks for more robustness.
>
> The trap handling code and data structures are all in src/trap-handler, with
> the code that actually runs in the signal handler confined to
> src/trap-handler/signal-handler.cc.
>
> This changes adds a new V8 API that the embedder should call from a signal
> handler that will give V8 the chance to handle the fault first. For hosts that
> do not want to implement their own signal handler, we include the option to
> install a simple one. This simple handler is also used for the tests.
>
> When a Wasm module is instantiated, information about each function is passed
> to the trap handler, which is used to classify faults. These are removed during
> the instance finalizer.
>
> Several future enhancements are planned before turning this on by default.
> Obviously, the additional checks will be added to MaybeHandleFault. We are
> also planning to add a two-level CodeObjectData table that is grouped by
> isolates to make cleanup easier and also reduce potential for contending on
> a single data structure.
>
> BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
>
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Original-Commit-Position: refs/heads/master@{#43523}
> Committed: a5af7fe9ee
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Commit-Position: refs/heads/master@{#43755}
> Committed: 338622d7caTBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2744383002
Cr-Commit-Position: refs/heads/master@{#43757}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Commit-Position: refs/heads/master@{#43523}
Committed: a5af7fe9ee
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43755}
Otherwise, v8 embedders need to depend on targets in src.
BUG=chromium:688155
Change-Id: Idea90d8f550cd4d0141b92a7bdd18f4df664d11b
Reviewed-on: https://chromium-review.googlesource.com/447845
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43631}
This patch adds a trivial ConcurrentMarking class that can start
background tasks.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2728363002
Cr-Commit-Position: refs/heads/master@{#43615}
This refactoring is preparatory work to enable ICU to be the backend
for timezone information rather than system calls. In the process, a
bit of code duplication that was inserted in the Solaris port patch is
eliminated here among modern POSIX backends.
One possible performance downside of this patch is that it introduces
a virtual method call for operations which were previously not virtual
methods. However, a couple factors mitigate this effect:
- The DateCache minimizes the need for calls into the TimezoneCache
- These calls were already not very high performance, as they included
a system call which requires an RPC to get out of the sandbox, and
they are surrounded by C++ builtins, which require a JS to C++
transition.
- A future transition to ICU, enabled by this refactoring, may improve
performance by eliminating the system call.
BUG=v8:6031
Review-Url: https://codereview.chromium.org/2731463003
Cr-Commit-Position: refs/heads/master@{#43588}
Reason for revert:
Breaks tree, i.e. https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/18928/steps/Check/logs/grow-memory
Original issue's description:
> [wasm] Initial signal handler
>
> This is basically the minimum viable signal handler for Wasm bounds checks.
> It includes the TLS check and the fine grained instructions checks. These
> two checks provide most of the safety for the signal handler. Future CLs will
> add code range and data range checks for more robustness.
>
> The trap handling code and data structures are all in src/trap-handler, with
> the code that actually runs in the signal handler confined to
> src/trap-handler/signal-handler.cc.
>
> This changes adds a new V8 API that the embedder should call from a signal
> handler that will give V8 the chance to handle the fault first. For hosts that
> do not want to implement their own signal handler, we include the option to
> install a simple one. This simple handler is also used for the tests.
>
> When a Wasm module is instantiated, information about each function is passed
> to the trap handler, which is used to classify faults. These are removed during
> the instance finalizer.
>
> Several future enhancements are planned before turning this on by default.
> Obviously, the additional checks will be added to MaybeHandleFault. We are
> also planning to add a two-level CodeObjectData table that is grouped by
> isolates to make cleanup easier and also reduce potential for contending on
> a single data structure.
>
> BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
>
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Commit-Position: refs/heads/master@{#43523}
> Committed: a5af7fe9eeTBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org,eholk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2723133003
Cr-Commit-Position: refs/heads/master@{#43525}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43523}
This will be useful for sharing the implementation with
SharedArrayBuffer.prototype.slice.
BUG=v8:5897
Review-Url: https://codereview.chromium.org/2697013009
Cr-Commit-Position: refs/heads/master@{#43503}
perf regression. See crbug.com/695653 for more info.
Revert "[SAB] Move Atomics builtins to C++"
This reverts commit 2b9840d86f.
Revert "[SAB] Remove unreachable Uint8Clamped atomics paths"
This reverts commit d1160fb14f.
Revert "Remove tiny unit test for MinSimple/MaxSimple"
This reverts commit 837760ecb7.
Revert "Remove infrastructure for experimental JS natives"
This reverts commit 8cfe45b6f1.
BUG=695653
TBR=hablich@chromium.org
Review-Url: https://codereview.chromium.org/2715223003
Cr-Commit-Position: refs/heads/master@{#43462}
Now that no harmony-flagged features are implemented in experimental
JS, most of this is simply dead code.
As PostExperimentals() is no longer needed, I also removed the use of
Import() in the debug context, allowing the deletion of PostDebug()
along with PostExperimentals(); cleanup code is moved to the
end of PostNatives.
Also gets rid of some longer-dead code in prologue.js related to
TypedArrays, and some duplicate code for setting up SharedArrayBuffer
builtins.
Review-Url: https://codereview.chromium.org/2705293004
Cr-Commit-Position: refs/heads/master@{#43418}
This is a preliminary cleanup necessary for the actual fix of the associated issue.
BUG=chromium:688734
Change-Id: Iecd39ed4cef34c6cc5d9652c5569e048f0db46af
Reviewed-on: https://chromium-review.googlesource.com/446341
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43410}
Native resources allocated by v8, as internal implementation detail,
and held by a Foreign object, must be released when the Isolate is
torn down. Example: wasm::WasmModule allocated by wasm compile, and
held throughout the lifetime of the WebAssembly.Module object.
This change:
- Extends Managed<CppType> with a mechanism for doing just that
- Separates the role of Managed<CppType> to be strictly an owner of
the lifetime of the native resource. For cases where that's not
desirable, we can polymorphically use Foregin.
- moves managed.h out of wasm, since it's not wasm-specific.
BUG=680065
Review-Url: https://codereview.chromium.org/2676513008
Cr-Commit-Position: refs/heads/master@{#43350}
This patch refactors the Atomics builtins so that they are implemented
as C++ builtins rather than experimental JS builtins. Previously, each
of these functions called out to a runtime function, so no significant
change in performance is anticipated. The goal of this patch is to
remove the last user of experimental JS builtins so that the mechanism
can be removed, for performance reasons. The patch includes a drive-by
fix of a check-fail. For the most part, the patch is just moving code
without modification from runtime-atomics.cc to
builtins-sharedarraybuffer.cc .
BUG=v8:5880
Review-Url: https://codereview.chromium.org/2698813004
Cr-Commit-Position: refs/heads/master@{#43335}
All patching logic is now bundled in one compilation unit.
The CodeSpecialization object is set up by all relocation and patching
that should be applied, and then be run on individual code objects or
the whole instance in one go. We hence only need to iterate all
relocation tables exactly once at instantiation.
Also, we do not patch contexts any more since we do not embed them in
generated code any more.
R=titzer@chromium.org
BUG=v8:5991
Review-Url: https://codereview.chromium.org/2696143006
Cr-Commit-Position: refs/heads/master@{#43324}
This is the beginning of a new fuzzer that generates
correct-by-construction Wasm modules. This should allow us to better
exercise the compiler and correctness aspects of fuzzing. It is based off
of ahaas' original Wasm fuzzer.
At the moment, it can generate expressions made up of most binops, and
also nested blocks with unconditional breaks. Future CLs will add
additional constructs, such as br_if, loops, memory access, etc.
The way the fuzzer works is that it starts with an array of arbitrary
data provided by libfuzzer. It uses the data to generate an expression.
Care is taken to make use of the entire string. Basically, the
generator has a bunch of grammar-like rules for how to construct an
expression of a given type. For example, an i32 can be made by adding
two other i32s, or by wrapping an i64. The process then continues
recursively until all the data is consumed.
We generate an expression from a slice of data as follows:
* If the slice is less than or equal to the size of the type (e.g. 4
bytes for i32), then it will emit the entire slice as a constant.
* Otherwise, it will consume the first 4 bytes of the slice and use
this to select which rule to apply. Each rule then consumes the
remainder of the slice in an appropriate way. For example:
* Unary ops use the remainder of the slice to generate the argument.
* Binary ops consume another four bytes and mod this with the length
of the remaining slice to split the slice into two parts. Each of
these subslices are then used to generate one of the arguments to
the binop.
* Blocks are basically like a unary op, but a stack of block types is
maintained to facilitate branches. For blocks that end in a break,
the first four bytes of a slice are used to select the break depth
and the stack determines what type of expression to generate.
The goal is that once this generator is complete, it will provide a one
to one mapping between binary strings and valid Wasm modules.
Review-Url: https://codereview.chromium.org/2658723006
Cr-Commit-Position: refs/heads/master@{#43289}
Instead of placing a runtime call to StackGuard in the compiled wasm
code, we just call the builtin, which is cheaper. By passing Smi::kZero
as context, we save even more code space and avoid embedding the
context in the code.
The WasmStackGuard builtin then calls the new WasmStackGuard runtime
function, which gets the context from the instance attached to the
calling wasm code, and then does the usual StackGuard logic.
For the unity benchmark in asm-wasm mode, generated code size reduces
from 63.0 to 61.6 MB (-2.1%).
R=titzer@chromium.org, ahaas@chromium.org, mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2691993004
Cr-Commit-Position: refs/heads/master@{#43277}
These experimental natives previously only installed functions to the
appropriate parent. In this patch, the exports container is retained
so that the bootstrapper may install the functions instead. This
change is intended to reduce startup time. SharedArrayBuffer retains
some experimental natives exported from JS; this may be addressed
in a follow-on patch. The patch includes some minor cleanup of the
bootstrap process by removing "experimental exports", which was unused.
R=yangguo@chromium.org
BUG=v8:5880
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
Review-Url: https://codereview.chromium.org/2683083003
Cr-Commit-Position: refs/heads/master@{#43221}
This allows part of typed lowering that is solely based on type-hints to
run as part of the graph construction. The lowering in question does not
inspect types and hence doesn't require the typer to have run before. We
insert the speculative simplied-level operations in favor of the generic
JavaScript-level variants.
R=bmeurer@chromium.org
Change-Id: I5f0549fc1e4ff607622ee9059e6232a32f77db2e
Reviewed-on: https://chromium-review.googlesource.com/442584
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43208}
It's needed by code-stubs.h and it was defined in objects-inl.h.
That cannot work without violating the include rules.
BUG=v8:5402
R=mstarzinger@chromium.org
Change-Id: Icb84b97de5622df8cf76e9fc4d117982901c99d9
Reviewed-on: https://chromium-review.googlesource.com/441845
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43195}
Windows won't create empty .lib files, and will subsequently fail to
find the library other rules expect
R=machenbach@chromium.org
BUG=
Change-Id: I8b848834a6957c2164f0eafc853587d39ccb6ca9
Reviewed-on: https://chromium-review.googlesource.com/440244
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43141}
Collect code coverage from the available invocation counts.
The granularity is at function level, and invocation counts may
be lost to GC.
Coverage::Collect returns a std::vector of Coverage::ScriptData.
Each ScriptData contains a script ID and a std::vector of
Coverage::RangeEntry.
Each RangeEntry consists of a end position and the invocation
count. The start position is implicit from the end position of
the previous RangeEntry, or 0 if it's the first RangeEntry.
R=jgruber@chromium.org
BUG=v8:5808
Review-Url: https://codereview.chromium.org/2689493002
Cr-Commit-Position: refs/heads/master@{#43072}
Includes the port of these three builtins: FastNewStrictArguments,
FastNewSloppyArguments and FastNewRestParameter. Also inline
the implementation of these into the corresponding interpreter
byte codes.
BUG=v8:5269
LOG=N
R=ishell@chromium.org, rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2645743002
Cr-Commit-Position: refs/heads/master@{#43002}
... and TypeFeedbackMetadata to FeedbackMetadata.
BUG=
Change-Id: I2556d1c2a8f37b8cf3d532cc98d973b6dc7e9e6c
Reviewed-on: https://chromium-review.googlesource.com/439244
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#42999}
This adds optional multi-architecture builds, allowing to compile
x86 and x64 in one build. The correctness fuzzer can be configured to
compare the two executables, e.g. to compare x86 to x64 run the
launcher with: --second-d8=clang_x86/d8 in an x64 build.
Configuring the executable's architecture is now simplified and
inferred from the gn build configuration.
Building for clusterfuzz has now a new canonical target that can be
used by the infrastructure (defaults to d8).
The clusterfuzz release builder is now defined to compile
multi-arch builds, which will have an effect as soon as the
infrastructure refers to the new clusterfuzz target.
BUG=chromium:673246
NOTRY=true
TBR=mstarzinger,jarin
Review-Url: https://codereview.chromium.org/2649133010
Cr-Commit-Position: refs/heads/master@{#42884}
This is essentially a port of http://crrev.com/2403003002 to TurboFan,
adding support for fast access to JSGlobalObject properties through the
current native contexts' JSGlobalProxy.
It's a slightly bigger change, since JSNativeContextSpecialization and
JSGlobalObjectSpecialization needs merging for this to work, as due to
different type feedback layout we cannot just turn a JSLoadNamed into
JSLoadGlobal operator (and same for JSStoreNamed vs. JSStoreGlobal).
This part of the change is mostly mechanical.
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
R=ishell@chromium.org, jochen@chromium.org
BUG=chromium:634276,v8:5267
Review-Url: https://codereview.chromium.org/2664853002
Cr-Commit-Position: refs/heads/master@{#42805}
They have the same lifetime. It's a match!
Both structures are native context dependent and dealt with (creation,
clearing, gathering feedback) at the same time. By treating the spaces used
for literal boilerplates as feedback vector slots, we no longer have to keep
track of the materialized literal count elsewhere.
A follow-on CL removes even more parser infrastructure related to this count.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2655853010
Cr-Commit-Position: refs/heads/master@{#42771}
Chrome now uses the default_args system for specifying its own definitions of
these variables so the separate file in build_overrides is no longer necessary.
BUG=684096
Review-Url: https://codereview.chromium.org/2652263003
Cr-Commit-Position: refs/heads/master@{#42712}
The data produced at the moment only contains information about scope type +
positions, and only the most trivial tests pass.
Upcoming CLs will extend the data to contain information about variables (once
PreParser can produce it) and add more test cases.
BUG=v8:5516
Review-Url: https://codereview.chromium.org/2650703003
Cr-Commit-Position: refs/heads/master@{#42656}
We're converting the build_overrides system to the new default_args list of
overrides that can be listed in the toplevel .gn file. This will allow args to
be set on a per-repo basis.
This change conditionally adds the variables currently defined in
build_overrides/v8.gni to build args. This allows V8's build to be used in both
the new and old systems. Once all Chrome and pdfium have been updated, v8's
build overrides and the conditional checks around the new args can be removed.
BUG=684096
Review-Url: https://codereview.chromium.org/2654663003
Cr-Commit-Position: refs/heads/master@{#42639}
Reason for revert:
Blocks roll https://codereview.chromium.org/2647183002/
Original issue's description:
> [build] Introduce an embedder version string
>
> Sometimes, the embedder might want to merge a fix to an abandoned branch
> or to a supported branch but the fix is not relevant to Chromium.
> This adds a new version string that the embedder can set on compile time
> and that will be appended to the official V8 version.
> The separator must be provided in the string. For instance, to have a
> full version string like "5.5.372.37.custom.1", the embedder must set
> V8_EMBEDDER_STRING to ".custom.1".
>
> Related Node.js issue: https://github.com/nodejs/node/pull/9754
>
> BUG=v8:5740
> R=machenbach@chromium.org,hablich@chromium.com,ofrobots@google.com
>
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
>
> Review-Url: https://codereview.chromium.org/2619213002
> Cr-Original-Commit-Position: refs/heads/master@{#42175}
> Committed: fc86d4329b
> Review-Url: https://codereview.chromium.org/2619213002
> Cr-Commit-Position: refs/heads/master@{#42582}
> Committed: 2c1d1e6088TBR=hablich@chromium.com,machenbach@chromium.org,ofrobots@google.com,mic.besace@gmail.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5740
Review-Url: https://codereview.chromium.org/2643393004
Cr-Commit-Position: refs/heads/master@{#42583}
Sometimes, the embedder might want to merge a fix to an abandoned branch
or to a supported branch but the fix is not relevant to Chromium.
This adds a new version string that the embedder can set on compile time
and that will be appended to the official V8 version.
The separator must be provided in the string. For instance, to have a
full version string like "5.5.372.37.custom.1", the embedder must set
V8_EMBEDDER_STRING to ".custom.1".
Related Node.js issue: https://github.com/nodejs/node/pull/9754
BUG=v8:5740
R=machenbach@chromium.org,hablich@chromium.com,ofrobots@google.com
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
Review-Url: https://codereview.chromium.org/2619213002
Cr-Original-Commit-Position: refs/heads/master@{#42175}
Committed: fc86d4329b
Review-Url: https://codereview.chromium.org/2619213002
Cr-Commit-Position: refs/heads/master@{#42582}
This moves AsyncFunctionAwait{Caught,Uncaught} to CSA, and removes
async-await.js.
BUG=v8:5639
Review-Url: https://codereview.chromium.org/2643023002
Cr-Commit-Position: refs/heads/master@{#42579}
E.g., ast/ast.h uses Label but shouldn't need to include assembler.h for that. With
this change, we can hope for proper layering in the future (not quite there
yet).
Also includes minor random include lowering and relevant IWYU fixes.
BUG=v8:5294
Review-Url: https://codereview.chromium.org/2645063002
Cr-Commit-Position: refs/heads/master@{#42563}
- builtins-ic.cc takes the place of the AccessorAssembler shim
- AccessorAssemblerImpl can then be renamed
- some cleanup in code-factory.cc
- drop old _TF name suffixes
- fix Generate##Name##Impl in TF_BUILTIN macro
Review-Url: https://codereview.chromium.org/2647493002
Cr-Commit-Position: refs/heads/master@{#42520}
Reason for revert:
Blocks roll: https://codereview.chromium.org/2633463002/
Original issue's description:
> Pull define for version out into v8-version.h and separate build target
>
> This is part of removing the dependency of the Chromium browser DLL on
> Windows on V8.
>
> R=jochen@chromium.org
> BUG=chromium:581766
>
> Review-Url: https://codereview.chromium.org/2621983002
> Cr-Commit-Position: refs/heads/master@{#42243}
> Committed: 4593845417TBR=jochen@chromium.org,machenbach@chromium.org,scottmg@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:581766
Review-Url: https://codereview.chromium.org/2627713008
Cr-Commit-Position: refs/heads/master@{#42257}
Including a fix: object-macros.h needs to be the last include: otherwise
we'll have a problem when a file does this:
#include "object-macros.h"
#include "x.h" // x.h also includes object-macros.h
BUG=v8:5402
Review-Url: https://codereview.chromium.org/2623573003
Cr-Commit-Position: refs/heads/master@{#42187}
Reason for revert:
Seems to break the Chromium build: https://codereview.chromium.org/2619193005/
Message:
[1832/9671] CXX obj/v8/v8_base/version.o
FAILED: obj/v8/v8_base/version.o
/b/c/cipd/goma/gomacc ../../third_party/llvm-build/Release+Asserts/bin/clang++ -MMD -MF obj/v8/v8_base/version.o.d -DV8_DEPRECATION_WARNINGS -DDCHECK_ALWAYS_ON=1 -DUSE_UDEV -DUI_COMPOSITOR_IMAGE_TRANSPORT -DUSE_AURA=1 -DUSE_PANGO=1 -DUSE_CAIRO=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -DUSE_PROPRIETARY_CODECS -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD -DSAFE_BROWSING_DB_LOCAL -DCHROMIUM_BUILD -DENABLE_MEDIA_ROUTER=1 -DFIELDTRIAL_TESTING_ENABLED -DCR_CLANG_REVISION=289944-2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DV8_I18N_SUPPORT -DENABLE_HANDLE_ZAPPING -DV8_USE_EXTERNAL_STARTUP_DATA -DV8_TARGET_ARCH_X64 -DDEBUG -DU_USING_ICU_NAMESPACE=0 -DU_ENABLE_DYLOAD=0 -DU_STATIC_IMPLEMENTATION -DICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_FILE -I../.. -Igen -I../../v8 -I../../v8/include -I../../third_party/icu/source/common -I../../third_party/icu/source/i18n -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -funwind-tables -fPIC -pipe -B../../third_party/binutils/Linux_x64/Release/bin -fcolor-diagnostics -fdebug-prefix-map=/b/c/b/linux/src=. -m64 -march=x86-64 -pthread -g1 --sysroot=../../build/linux/debian_wheezy_amd64-sysroot -fvisibility=hidden -Xclang -load -Xclang ../../third_party/llvm-build/Release+Asserts/lib/libFindBadConstructs.so -Xclang -add-plugin -Xclang find-bad-constructs -Xclang -plugin-arg-find-bad-constructs -Xclang check-ipc -Wheader-hygiene -Wstring-conversion -Wtautological-overlap-compare -Werror -Wall -Wno-unused-variable -Wno-missing-field-initializers -Wno-unused-parameter -Wno-c++11-narrowing -Wno-covered-switch-default -Wno-deprecated-register -Wno-unneeded-internal-declaration -Wno-inconsistent-missing-override -Wno-shift-negative-value -Wno-undefined-var-template -Wno-nonportable-include-path -Wno-address-of-packed-member -Wsign-compare -Winconsistent-missing-override -Wshorten-64-to-32 -O3 -fno-ident -fdata-sections -ffunction-sections -fno-threadsafe-statics -fvisibility-inlines-hidden -std=gnu++11 -fno-rtti -fno-exceptions -Wno-deprecated -c ../../v8/src/version.cc -o obj/v8/v8_base/version.o
../../v8/src/version.cc:42:34: error: use of undeclared identifier 'V8_EMBEDDER_STRING'
const char* Version::embedder_ = V8_EMBEDDER_STRING;
^
1 error generated.
Original issue's description:
> [build] Introduce an embedder version string
>
> Sometimes, the embedder might want to merge a fix to an abandoned branch
> or to a supported branch but the fix is not relevant to Chromium.
> This adds a new version string that the embedder can set on compile time
> and that will be appended to the official V8 version.
> The separator must be provided in the string. For instance, to have a
> full version string like "5.5.372.37.custom.1", the embedder must set
> V8_EMBEDDER_STRING to ".custom.1".
>
> Related Node.js issue: https://github.com/nodejs/node/pull/9754
>
> BUG=v8:5740
> R=machenbach@chromium.org,hablich@chromium.com,ofrobots@google.com
>
> Review-Url: https://codereview.chromium.org/2619213002
> Cr-Commit-Position: refs/heads/master@{#42175}
> Committed: fc86d4329bTBR=hablich@chromium.com,machenbach@chromium.org,ofrobots@google.com,mic.besace@gmail.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5740
Review-Url: https://codereview.chromium.org/2621033002
Cr-Commit-Position: refs/heads/master@{#42182}
... including property reconfiguring, elements kind change and migration
of a map to an up-to-date non-deprecated version.
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2601643002
Cr-Commit-Position: refs/heads/master@{#42177}
Sometimes, the embedder might want to merge a fix to an abandoned branch
or to a supported branch but the fix is not relevant to Chromium.
This adds a new version string that the embedder can set on compile time
and that will be appended to the official V8 version.
The separator must be provided in the string. For instance, to have a
full version string like "5.5.372.37.custom.1", the embedder must set
V8_EMBEDDER_STRING to ".custom.1".
Related Node.js issue: https://github.com/nodejs/node/pull/9754
BUG=v8:5740
R=machenbach@chromium.org,hablich@chromium.com,ofrobots@google.com
Review-Url: https://codereview.chromium.org/2619213002
Cr-Commit-Position: refs/heads/master@{#42175}
This adds the correctness fuzzer harness files to the output
directory guarded by a gn arg.
The switch will be turned on on the builder uploading builds to
clusterfuzz.
BUG=chromium:673246
NOTRY=true
TBR=tandrii@chromium.org,jochen@chromium.org
Review-Url: https://codereview.chromium.org/2623843002
Cr-Commit-Position: refs/heads/master@{#42166}
The attached chromium bug suggests that turning this on via a flag
regressed a perf test. Having previously run into slowdowns due
to experimental JS natives, my suspicion is that this regression
can be fixed by including the new builtins in the snapshot.
My intention is to land this patch to see if the regression
goes away on the bots.
Given the nature of this feature, it seems low-risk to remove
the runtime flag. If need be, it would be trivial to craft
a patch to remove these two methods from String.prototype
if we run into web compat issues during the release (note
that no release branch has yet picked up this feature).
BUG=v8:4954, chromium:677444
Review-Url: https://codereview.chromium.org/2610853010
Cr-Commit-Position: refs/heads/master@{#42111}
Store maps on the CheckMaps operator instead of burning inputs for
the individual maps. Use the same data structure (the ZoneHandleSet)
in the LoadElimination to track multiple maps per object.
BUG=v8:5267
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2431563002
Cr-Commit-Position: refs/heads/master@{#42010}
This removes RegExpPrototypeSpeciesGetter and IteratorPrototypeIterator and
uses ReturnReceiver builtin instead.
This patch also ports the PromiseSpecies to TF by reusing this
builtin.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2590373002
Cr-Commit-Position: refs/heads/master@{#41879}
This moves the platform-specific distinction to one place, and allows
to just include assembler-inl.h instead of macro-assembler.h to get the
correct inline functions defined in assembler.h (e.g.
RelocInfo::set_target_address).
R=mstarzinger@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2587113002
Cr-Commit-Position: refs/heads/master@{#41843}
Use FastAsciiConvert (as used by Unibrow) for i18n-aware
case conversion with --icu_case_mapping.
Move FastAsciiConvert to src/string-case.cc so that it can be used
by both runtime-{string,i18n}.
Add more tests.
BUG=v8:4477,v8:4476
TEST=intl/general/case*
Review-Url: https://codereview.chromium.org/2533983006
Cr-Commit-Position: refs/heads/master@{#41821}
This patch introduces:
1. ICStats class to store ic statistics items produced by V8,
2. A disabled by default tracing category v8.ic_stats,
3. An trace event V8.ICStats that contains ic statistics items in args,
We store ic statistics items in an array until the array is full to reduce
the number of trace events.
TBR=jkummerow@chromium.org,ishell@chromium.org
Review-Url: https://codereview.chromium.org/2503183002
Cr-Commit-Position: refs/heads/master@{#41559}
This CL adds a new header src/debug/interface-types.h, moves the
definition of Location from the debug-interface.h to this new header,
and adds a new definition for the WasmDisassembly types.
This allows to use the types in other implementation files or headers
without having to include the entire debug-interface.h, reducing build
dependencies and compile time (especially for incremental builds).
The WasmDisassembly type replaces the old
std::pair<std::string, std::vector<std::tuple<...>>>, which was a bit
hard to unravel.
R=yangguo@chromium.org, kozyatinskiy@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2529383002
Cr-Commit-Position: refs/heads/master@{#41488}
This allows us to optimise the bytecode liveness analysis to jump
directly to previously seen indices. The analysis is optimised to store
a stack of loop ends (JumpLoop bytecode indices), and iterate through
these indices directly rather than looping through the bytecode array to
find them.
Review-Url: https://codereview.chromium.org/2536653003
Cr-Commit-Position: refs/heads/master@{#41485}
Replaces the graph-based liveness analyzer in the bytecode graph builder
with an initial bytecode-based liveness analysis pass, which is added to
the existing loop extent analysis.
Now the StateValues in the graph have their inputs initialised to
optimized_out, rather than being modified after the graph is built.
Review-Url: https://codereview.chromium.org/2523893003
Cr-Commit-Position: refs/heads/master@{#41355}
Reason for revert:
Breaks the build:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/14886
Original issue's description:
> [ignition/turbo] Perform liveness analysis on the bytecodes
>
> Replaces the graph-based liveness analyzer in the bytecode graph builder
> with an initial bytecode-based liveness analysis pass, which is added to
> the existing loop extent analysis.
>
> Now the StateValues in the graph have their inputs initialised to
> optimized_out, rather than being modified after the graph is built.
>
> Committed: https://crrev.com/1852300954c216c29cf93444430681d213e87925
> Cr-Commit-Position: refs/heads/master@{#41344}
TBR=jarin@chromium.org,rmcilroy@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2541443002
Cr-Commit-Position: refs/heads/master@{#41346}
Replaces the graph-based liveness analyzer in the bytecode graph builder
with an initial bytecode-based liveness analysis pass, which is added to
the existing loop extent analysis.
Now the StateValues in the graph have their inputs initialised to
optimized_out, rather than being modified after the graph is built.
Review-Url: https://codereview.chromium.org/2523893003
Cr-Commit-Position: refs/heads/master@{#41344}
They're supposed to be stable across several parse passes, so we'll also
store them in the associated SharedFunctionInfos
To achieve this, the PreParser and Parser need to generated the same number of
FunctionLiterals. To achieve this, we teach the PreParser about desuggaring of
class literals.
For regular functions, the function IDs are assigned in the order they occur in
the source. For arrow functions, however, we only know that it's an arrow function
after parsing the parameter list, and so the ID assigned to the arrow function is
larger than the IDs assigned to functions defined in the parameter list. This
implies that we have to reset the function ID counter to before the parameter list
when re-parsing an arrow function. To be able to do this, we store the number of
function literals found in the parameter list of arrow functions as well.
BUG=v8:5589
Review-Url: https://codereview.chromium.org/2481163002
Cr-Commit-Position: refs/heads/master@{#41309}
The AstGraphBuilder pipeline is only used for asm.js now, so the whole
type feedback mechanism is essentially dead code currently, thus we
better nuke it.
BUG=v8:5267,v8:5657
Review-Url: https://codereview.chromium.org/2523953002
Cr-Commit-Position: refs/heads/master@{#41201}
Now that we have a JumpLoop bytecode, we can heavily simplify the
branch/loop analysis by assuming that only JumpLoop bytecodes are
backwards edges, and performing the loop analysis as a single
(backwards) pass.
This allows us to get rid of the branch analysis entirely, and builds a
framework to do liveness analysis in the same pass.
Review-Url: https://codereview.chromium.org/2519983002
Cr-Commit-Position: refs/heads/master@{#41194}
The handwritten-assembly implementations of both dispatcher and
generic stub have been replaced by Turbofan-generated stubs.
Review-Url: https://codereview.chromium.org/2523473002
Cr-Commit-Position: refs/heads/master@{#41188}
When disassembling functions for the inspector, we used an internal
text representation before. This CL implements the official text
format like it is understood by the spec interpreter.
Example output:
func $main (param i32) (result i32)
block i32
get_local 0
i32.const 2
i32.lt_u
if
i32.const -2
return
end
get_local 0
call_indirect 0
end
R=rossberg@chromium.org, titzer@chromium.org
BUG=chromium:659715
Review-Url: https://codereview.chromium.org/2520943002
Cr-Commit-Position: refs/heads/master@{#41172}
Instead of directly using v8_enable_inspector_override from
build_overrides/v8.gni in all the GN configs, set a v8_enable_inspector
variable based on v8_enable_inspector_override and use that everywhere.
This is the more common pattern seen in over projects, and reduces the
need to include //build_overrides/v8.gni in many files.
Review-Url: https://codereview.chromium.org/2520683002
Cr-Commit-Position: refs/heads/master@{#41156}
This pre-calculates and stores a vector of bytecode offsets, and then allows
one to iterate over it backwards. This could probably be adapted to a
bidirectional/random access iterator if we wanted to, but for now reverse
is all we need.
Review-Url: https://codereview.chromium.org/2518003002
Cr-Commit-Position: refs/heads/master@{#41153}
Refactors the bytecode array iterator to separate the iteration and the
bytecode parameter access, placing the latter into a separate
super-class. This will allow us to have other forms of access, e.g.
reverse iteration.
Review-Url: https://codereview.chromium.org/2519923002
Cr-Commit-Position: refs/heads/master@{#41152}
In component build, fuzzer did not link with icu libraries, causing
errors. By adding icu libraries to dependencies fuzzer links correctly.
BUG=
TEST=fuzzer/*
Review-Url: https://codereview.chromium.org/2510063002
Cr-Commit-Position: refs/heads/master@{#41098}
The new AccessorAssembler encapsulates all the functionality that's
specific to building LoadIC/StoreIC stubs.
There are two header files (accessor-assembler.h and
accessor-assembler-impl.h) so that clients of the assembler can include
the one, and subclassing assemblers can include the other.
Review-Url: https://codereview.chromium.org/2507733002
Cr-Commit-Position: refs/heads/master@{#41037}
When generating snapshot on a machine with a different page size than
the target machine, we can run into problems as the v8 page area size
changes. This is because v8 has page guards which depend on os page
size, so if the target has larger os page, v8 page area is smaller and
may not fit the contents.
The solution proposed here is adding a flag, v8_os_page_size, that
would, if used, override local os page size and use the one specified
during snapshot generation.
BUG=
Review-Url: https://codereview.chromium.org/2488403003
Cr-Commit-Position: refs/heads/master@{#40997}
SourcePosition::InliningId() refers to a the new table DeoptimizationInputData::InliningPositions(), which provides the following data for every inlining id:
- The inlined SharedFunctionInfo as an offset into DeoptimizationInfo::LiteralArray
- The SourcePosition of the inlining. Recursively, this yields the full inlining stack.
Before the Code object is created, the same information can be found in CompilationInfo::inlined_functions().
If SourcePosition::InliningId() is SourcePosition::kNotInlined, it refers to the outer (non-inlined) function.
So every SourcePosition has full information about its inlining stack, as long as the corresponding Code object is known. The internal represenation of a source position is a positive 64bit integer.
All compilers create now appropriate source positions for inlined functions. In the case of Turbofan, this required using AstGraphBuilderWithPositions for inlined functions too. So this class is now moved to a header file.
At the moment, the additional information in source positions is only used in --trace-deopt and --code-comments. The profiler needs to be updated, at the moment it gets the correct script offsets from the deopt info, but the wrong script id from the reconstructed deopt stack, which can lead to wrong outputs. This should be resolved by making the profiler use the new inlining information for deopts.
I activated the inlined deoptimization tests in test-cpu-profiler.cc for Turbofan, changing them to a case where the deopt stack and the inlining position agree. It is currently still broken for other cases.
The following additional changes were necessary:
- The source position table (internal::SourcePositionTableBuilder etc.) supports now 64bit source positions. Encoding source positions in a single 64bit int together with the difference encoding in the source position table results in very little overhead for the inlining id, since only 12% of the source positions in Octane have a changed inlining id.
- The class HPositionInfo was effectively dead code and is now removed.
- SourcePosition has new printing and information facilities, including computing a full inlining stack.
- I had to rename compiler/source-position.{h,cc} to compiler/compiler-source-position-table.{h,cc} to avoid clashes with the new src/source-position.cc file.
- I wrote the new wrapper PodArray for ByteArray. It is a template working with any POD-type. This is used in DeoptimizationInputData::InliningPositions().
- I removed HInlinedFunctionInfo and HGraph::inlined_function_infos, because they were only used for the now obsolete Crankshaft inlining ids.
- Crankshaft managed a list of inlined functions in Lithium: LChunk::inlined_functions. This is an analog structure to CompilationInfo::inlined_functions. So I removed LChunk::inlined_functions and made Crankshaft use CompilationInfo::inlined_functions instead, because this was necessary to register the offsets into the literal array in a uniform way. This is a safe change because LChunk::inlined_functions has no other uses and the functions in CompilationInfo::inlined_functions have a strictly longer lifespan, being created earlier (in Hydrogen already).
BUG=v8:5432
Review-Url: https://codereview.chromium.org/2451853002
Cr-Commit-Position: refs/heads/master@{#40975}
In component build, unittests did not link with icu libraries, which
caused errors. By adding icu libraries to dependencies unittests links
correctly.
BUG=
TEST=unittests/*
Review-Url: https://codereview.chromium.org/2479863002
Cr-Commit-Position: refs/heads/master@{#40955}
- Creates a new promise-utils.{h, cc} which refactors out the
logic to create resolving functions. This is shared between the
runtime functions and builtins.
- Changes PromiseResolveThenableJobInfo to store the context
since we no longer create the resolving functions in JS.
- Changes EnqueuPromiseResolveThenableJob to take in the promise and
not the callbacks.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2487053002
Cr-Commit-Position: refs/heads/master@{#40941}
This CL moves all heap-allocated WASM data structures, both ones
that are bonafide JSObjects and ones that are FixedArrays only, into a
consistent place with consistent layout. Note that not all accessors are complete, and I haven't fully spread the new static typing goodness
to all places in the code.
R=ahaas@chromium.org,rossberg@chromium.org
CC=gdeepti@chromium.org,mtrofin@chromium.org,clemensh@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2490663002
Cr-Commit-Position: refs/heads/master@{#40913}
- A new runtime function (%create_resolving_functions) is installed to
call the CreateResolvingFunctions builtin from JS.
- Three new builtins are created - resolve and reject functions and a
third function that creates a new JSFunctions from these
resolve/reject builtins.
- The promise reject function is installed on the context temporarily
as internal_promise_reject. This should go away once we remove
PromiseSet.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2459283004
Cr-Commit-Position: refs/heads/master@{#40903}
This patch removes TracingCategoryObserver API and moves the creation of
observer inside platform initialization, by assuming that either
Platform::AddTraceStateObserver is implemented correctly to add observer to
tracing controller that implemented by embedders, or default tracing controller
has already been set up and attached to platform before
v8::V8::InitializePlatform is called.
BUG=v8:5590
Review-Url: https://codereview.chromium.org/2471583004
Cr-Commit-Position: refs/heads/master@{#40739}
This patch implements TracingCategoryObserver to set global flag when a V8
specific category is enabled. Previously, we set a global flag each time when we
encounter a top level trace event, and use it as a global check. With this
patch, we can set a group of flags when tracing is enabled; besides, we make
V8 tracing feature use V8 flags instead of defining its own flag in a messy way.
With this patch, whatever V8 flag we want to imply in tracing, we define another
integer flag, and the original V8 flag will set it to 0x01 when passing by
commandline, tracing will set it to 0x10 when we start tracing and reset the bit
when we stop tracing.
Review-Url: https://codereview.chromium.org/2436273002
Cr-Commit-Position: refs/heads/master@{#40659}
This patch moves promise specific runtime functions
to runtime-promise.cc from runtime-internal.cc
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2452833003
Cr-Commit-Position: refs/heads/master@{#40618}
Since ZoneLists are essentially non-standard ZoneVectors and have a bad
growing behaviour (ZoneList-allocations make up ~50% of website parse
zone memory) we should stop using them. The zone-containers are merely
a clean-up, with none of them actually better suited to be used with
zones. This new datastructure allows most operations of a LinkedList (
except pop_first and insertAt/removeAt) but uses about the same memory
as a well-initialized ZoneVector/ZoneList (<3% overhead with reasonably
large lists). It also never attempts to free memory again (which would
not work in zones anyway).
The ZoneChunkList is essentially a doubly-linked-list of arrays of
variable size.
Some test-results where I tried storing 16k pointers in different list
types (lists themselves also zone-allocated):
List type Zone memory used Time taken
-----------------------------------------------------------------------
Zone array (for comparison) 131072 B
Ideally initialized ZoneList 131088 B 0.062ms
ChunkZoneList 134744 B 0.052ms <--new thing
ZoneDeque 141744 B
ZoneLinkedList 393264 B
Initially empty ZoneList 524168 B 0.171ms <--right now
ChunkZoneList only push_front 524320 B
Review-Url: https://codereview.chromium.org/2449383002
Cr-Commit-Position: refs/heads/master@{#40602}
The meaning of the HValue::kAllowUndefinedAsNaN is actually ToNumber
conversion (except for the uses in HBranch and HCompareHoleAndBranch,
which were confusing and useless anyways), so fix the naming to match
that.
Also properly integrate the handling of this flag with the existing
truncation analysis that is run as part of the representation changes
phase (i.e. where we already deal with truncating to int32 and smi).
This is done in preparation of allowing Crankshaft to handle any kind
of Oddball in the ToNumber truncation, instead of just undefined for
truncation ToNumber and undefined or boolean for ToInt32. It also helps
to make Crankshaft somewhat more compatible with the (saner)
implementation in TurboFan.
R=yangguo@chromium.org
BUG=v8:5400
Review-Url: https://codereview.chromium.org/2449353002
Cr-Commit-Position: refs/heads/master@{#40577}
This CL removes code that is now unused since the port of regexp.js has been
completed. Removed functions / classes are:
* regexp.js (GetSubstitution moved to string.js)
* RegExpConstructResult stub
* RegExpFlags intrinsic
* RegExpSource intrinsic
* RegExpInitializeAndCompile runtime function
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2448463002
Cr-Commit-Position: refs/heads/master@{#40547}
Depending on the inputs the fuzzer creates multiple functions. These
functions can have signatures with an int32 return value and up to three
parameters of type int32, int64, float32, or float64.
R=titzer@chromium.org, clemensh@chromium.org
Review-Url: https://codereview.chromium.org/2447643002
Cr-Commit-Position: refs/heads/master@{#40530}
Additionally, remove all code related to the old-style slots filtering and black area end markers.
BUG=chromium:648568
Review-Url: https://chromiumcodereview.appspot.com/2440683002
Cr-Commit-Position: refs/heads/master@{#40494}
Reason for revert:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Android%20Arm64%20-%20builder/builds/4851
Original issue's description:
> Update implementation of atomics with latest Chromium version but use compiler builtin atomics
>
> Ideally, we would use the standard library. However, when we are compiling against an older version of the standard library the atomic implementation may be slow.
>
> BUG=
TBR=mlippautz@chromium.org,ulan@chromium.org,jarin@chromium.org,hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://chromiumcodereview.appspot.com/2438983002
Cr-Commit-Position: refs/heads/master@{#40489}
Ideally, we would use the standard library. However, when we are compiling against an older version of the standard library the atomic implementation may be slow.
BUG=
Review-Url: https://chromiumcodereview.appspot.com/2425963002
Cr-Commit-Position: refs/heads/master@{#40488}
Implements the variations of CreateArrayIterator() in TFJ builtins
(ArrayPrototypeValues, ArrayPrototypeEntries and ArrayPrototypeKeys), and
provides two new Object types with numerous maps which identify certain
behaviours, which will be useful for inlining.
Removes src/js/array-iterator.js entirely
Also adds support for printing Symbol literals inserted by the Parser during
desugaring when FLAG_print_builtin_ast is set to true.
BUG=v8:5388
R=bmeurer@chromium.org, cbruni@chromium.orgTBR=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2405253006
Cr-Commit-Position: refs/heads/master@{#40373}
Use sparingly!
This doesn't add any really new functionality, other than making it more
convenient to do this.
This will primarily be used to wrap a WasmModule to be referenced from a
JSObject that represents an instance. There is one WasmModule C++ object
per parsed WasmModule, so this should not be more than a handful or a few
dozen in well-behaved programs.
R=rossberg@chromium.org,mlippautz@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2409173005
Cr-Commit-Position: refs/heads/master@{#40346}
... to keep all the pieces in one place for easier modifications.
This CL also adds a new runtime call stats bucket: KeyedLoadIC_LoadElementDH.
BUG=
Review-Url: https://codereview.chromium.org/2412983008
Cr-Commit-Position: refs/heads/master@{#40314}
This CL is in preparation for the upcoming port of
RegExp.prototype.replace, which will need use these methods in
runtime-regexp.cc. Moving them in advance makes that diff less noisy.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2398413002
Cr-Commit-Position: refs/heads/master@{#40229}
Introduce AccessCompilerData which hangs off the Isolate, and initialize
it when the first PropertyAccessCompiler is instantiated. This avoids
TSAN failures when trying to access load/store calling convention arrays.
BUG=v8:5427
Review-Url: https://codereview.chromium.org/2389313002
Cr-Commit-Position: refs/heads/master@{#40055}
Reason for revert:
Speculative revert due to very strange-looking win/dbg failures
which reference SignedDivisionByConstant:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/12736
Original issue's description:
> Reland "Turn libbase into a component"
>
> Original issue's description:
> > Turn libbase into a component
> >
> > This is a precondition for turning libplatform into a component
> >
> > BUG=v8:5412
> > R=jgruber@chromium.org,machenbach@chromium.org
> > CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_
> dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
> >
> > Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104
> > Cr-Commit-Position: refs/heads/master@{#39950}
>
> BUG=v8:5412
> TBR=jgruber@chromium.org,machenbach@chromium.org
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe;master.tryserver.chromium.mac:mac_chromium_compile_dbg_ng
>
> Committed: https://crrev.com/17cb51254cafa932025e9980b60f89f756d411cb
> Cr-Commit-Position: refs/heads/master@{#39969}
TBR=jgruber@chromium.org,machenbach@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5412
Review-Url: https://codereview.chromium.org/2396933002
Cr-Commit-Position: refs/heads/master@{#40009}
It is currently being rolled behind the --turbo_verify_machine_graph flag.
BUG=
Review-Url: https://codereview.chromium.org/2388313003
Cr-Commit-Position: refs/heads/master@{#39976}
Original issue's description:
> Turn libbase into a component
>
> This is a precondition for turning libplatform into a component
>
> BUG=v8:5412
> R=jgruber@chromium.org,machenbach@chromium.org
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_
dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
>
> Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104
> Cr-Commit-Position: refs/heads/master@{#39950}
BUG=v8:5412
TBR=jgruber@chromium.org,machenbach@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe;master.tryserver.chromium.mac:mac_chromium_compile_dbg_ng
Review-Url: https://codereview.chromium.org/2395553002
Cr-Commit-Position: refs/heads/master@{#39969}
Reason for revert:
Main suspect for roll block:
https://codereview.chromium.org/2387403002/
Original issue's description:
> Turn libbase into a component
>
> This is a precondition for turning libplatform into a component
>
> BUG=v8:5412
> R=jgruber@chromium.org,machenbach@chromium.org
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
>
> Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104
> Cr-Commit-Position: refs/heads/master@{#39950}
TBR=jgruber@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5412
Review-Url: https://codereview.chromium.org/2393603002
Cr-Commit-Position: refs/heads/master@{#39960}
This is a precondition for turning libplatform into a component
BUG=v8:5412
R=jgruber@chromium.org,machenbach@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
Review-Url: https://codereview.chromium.org/2381273002
Cr-Commit-Position: refs/heads/master@{#39950}
There are only a few occasions where we allocate a register in an outer
expression allocation scope, which makes the costly free-list approach
of the BytecodeRegisterAllocator unecessary. This CL replaces all
occurrences with moves to the accumulator and stores to a register
allocated in the correct scope. By doing this, we can simplify the
BytecodeRegisterAllocator to be a simple bump-pointer allocator
with registers released in the same order as allocated.
The following changes are also made:
- Make BytecodeRegisterOptimizer able to use registers which have been
unallocated, but not yet reused
- Remove RegisterExpressionResultScope and rename
AccumulatorExpressionResultScope to ValueExpressionResultScope
- Introduce RegisterList to represent consecutive register
allocations, and use this for operands to call bytecodes.
By avoiding the free-list handling, this gives another couple of
percent on CodeLoad.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2369873002
Cr-Commit-Position: refs/heads/master@{#39905}
This ports RegExp.prototype.exec to a TurboFan builtin.
LastMatchInfo is now stored on the context in order to be able to access
it from the stub.
Unmodified RegExp instances go through a fast path of accessing the
lastIndex property as an in-object field, while modified instances call
into runtime for lastIndex loads and stores.
Octane/regexp shows slight improvements (between 0 and 5%) with this CL.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2375953002
Cr-Commit-Position: refs/heads/master@{#39899}
Tracing CPU profiler allows V8 to automatically collect CPU profile when tracing
is started with category v8.cpu_profile2 enabled.
BUG=chromium:406277
Review-Url: https://codereview.chromium.org/2378143003
Cr-Commit-Position: refs/heads/master@{#39855}
V8 is collecting a growing amount of fuzzers, all of which take substantial
space on the bots and in chromium build archives. This CL improves that
situation by allowing component (shared library) builds for almost all fuzzers.
The parser fuzzer is handled as an exception since it would require exporting a
large number of additional functions.
A component build results in about a 50-100x improvement in file size for each
fuzzer (~50M-100M to around 1.1M).
BUG=chromium:648864
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
Review-Url: https://codereview.chromium.org/2360983002
Cr-Commit-Position: refs/heads/master@{#39709}
The file formerly known as src/js/harmony-async-await.js does not
expose anything directly to JavaScript code; it just makes a few
functions available on the native context for the parser desugaring
to expand into. Experimental natives have various issues with
larger amounts of code, so this patch moves the JS builtins to
support async functions out of experimental natives and into the
core snapshot. The change would be done eventually anyway, but this
patch does it before removing the flag to support shipping the
feature while avoiding the pitfalls of experimental natives.
Drive by cleanup: remove more unused functions from the whitelist for experimental natives.
BUG=v8:5427,v8:4483
Review-Url: https://codereview.chromium.org/2365123002
Cr-Commit-Position: refs/heads/master@{#39706}
This CL optimizes the code in BytecodeArrayBuilder and
BytecodeArrayWriter by making the following main changes:
- Move operand scale calculation out of BytecodeArrayWriter to the
BytecodeNode constructor, where the decision on which operands are
scalable can generally be statically decided by the compiler.
- Move the maximum register calculation out of BytecodeArrayWriter
and into BytecodeRegisterOptimizer (which is the only place outside
BytecodeGenerator which updates which registers are used). This
avoids the BytecodeArrayWriter needing to know the operand types
of a node as it writes it.
- Modify EmitBytecodes to use individual push_backs rather than
building a buffer and calling insert, since this turns out to be faster.
- Initialize BytecodeArrayWriter's bytecode vector by reserving 512
bytes,
- Make common functions in Bytecodes constexpr so that they
can be statically calculated by the compiler.
- Move common functions and constructors in Bytecodes and
BytecodeNode to the header so that they can be inlined.
- Change large static switch statements in Bytecodes to const array
lookups, and move to the header to allow inlining.
I also took the opportunity to remove a number of unused helper
functions, and rework some others for consistency.
This reduces the percentage of time spent in making BytecodeArrays
in CodeLoad from ~15% to ~11% according to perf. The
CoadLoad score increase by around 2%.
BUG=v8:4280
Committed: https://crrev.com/b11a8b4d41bf09d6b3d6cf214fe3fb61faf01a64
Review-Url: https://codereview.chromium.org/2351763002
Cr-Original-Commit-Position: refs/heads/master@{#39599}
Cr-Commit-Position: refs/heads/master@{#39637}
Reason for revert:
Prime suspect for roll blocker: https://codereview.chromium.org/2362503002/
Original issue's description:
> [Interpreter] Optimize BytecodeArrayBuilder and BytecodeArrayWriter.
>
> This CL optimizes the code in BytecodeArrayBuilder and
> BytecodeArrayWriter by making the following main changes:
>
> - Move operand scale calculation out of BytecodeArrayWriter to the
> BytecodeNode constructor, where the decision on which operands are
> scalable can generally be statically decided by the compiler.
> - Move the maximum register calculation out of BytecodeArrayWriter
> and into BytecodeRegisterOptimizer (which is the only place outside
> BytecodeGenerator which updates which registers are used). This
> avoids the BytecodeArrayWriter needing to know the operand types
> of a node as it writes it.
> - Modify EmitBytecodes to use individual push_backs rather than
> building a buffer and calling insert, since this turns out to be faster.
> - Initialize BytecodeArrayWriter's bytecode vector by reserving 512
> bytes,
> - Make common functions in Bytecodes constexpr so that they
> can be statically calculated by the compiler.
> - Move common functions and constructors in Bytecodes and
> BytecodeNode to the header so that they can be inlined.
> - Change large static switch statements in Bytecodes to const array
> lookups, and move to the header to allow inlining.
>
> I also took the opportunity to remove a number of unused helper
> functions, and rework some others for consistency.
>
> This reduces the percentage of time spent in making BytecodeArrays
> in CodeLoad from ~15% to ~11% according to perf. The
> CoadLoad score increase by around 2%.
>
> BUG=v8:4280
>
> Committed: https://crrev.com/b11a8b4d41bf09d6b3d6cf214fe3fb61faf01a64
> Cr-Commit-Position: refs/heads/master@{#39599}
TBR=mythria@chromium.org,leszeks@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2360193003
Cr-Commit-Position: refs/heads/master@{#39612}
This CL optimizes the code in BytecodeArrayBuilder and
BytecodeArrayWriter by making the following main changes:
- Move operand scale calculation out of BytecodeArrayWriter to the
BytecodeNode constructor, where the decision on which operands are
scalable can generally be statically decided by the compiler.
- Move the maximum register calculation out of BytecodeArrayWriter
and into BytecodeRegisterOptimizer (which is the only place outside
BytecodeGenerator which updates which registers are used). This
avoids the BytecodeArrayWriter needing to know the operand types
of a node as it writes it.
- Modify EmitBytecodes to use individual push_backs rather than
building a buffer and calling insert, since this turns out to be faster.
- Initialize BytecodeArrayWriter's bytecode vector by reserving 512
bytes,
- Make common functions in Bytecodes constexpr so that they
can be statically calculated by the compiler.
- Move common functions and constructors in Bytecodes and
BytecodeNode to the header so that they can be inlined.
- Change large static switch statements in Bytecodes to const array
lookups, and move to the header to allow inlining.
I also took the opportunity to remove a number of unused helper
functions, and rework some others for consistency.
This reduces the percentage of time spent in making BytecodeArrays
in CodeLoad from ~15% to ~11% according to perf. The
CoadLoad score increase by around 2%.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2351763002
Cr-Commit-Position: refs/heads/master@{#39599}
This also adds sources missing for PPC and x87, fixes a few
missing files in gyp due to wrong quotation and a few that
were simply not included.
The gn files are now authoritative, but the gcmole gyp and
gn source lists are enforced to match exactly.
This additional enforcement helped finding the bugs above
and will be removed when we deprecate the gyp files.
BUG=614645
NOTRY=true
Review-Url: https://codereview.chromium.org/2352103002
Cr-Commit-Position: refs/heads/master@{#39592}
This is some initial cleanup to keep /src clean. The
AccountingAllocator is actually exclusively used by zones and this
common subfolder makes that more clear.
BUG=v8:5409
Review-Url: https://codereview.chromium.org/2344143003
Cr-Commit-Position: refs/heads/master@{#39558}
Full code uses patching ICs for this feedback, and the interpreter uses
the type feedback vector. It's a good idea to code the vector slots
appropriately as ICs so that the runtime profiler can better gauge if
the function is ready for tiering up from Ignition to TurboFan.
As is, the feedback is stored in "general" slots which can't be
characterized by the runtime profiler into feedback states.
This CL addresses that problem. Note that it's also important to
carefully exclude these slots from the profiler's consideration when
determining if you want to optimize from Full code.
BUG=
Review-Url: https://codereview.chromium.org/2342853002
Cr-Commit-Position: refs/heads/master@{#39555}
Adds template parameters for the TemplateHashMapImpl for the key and
value type, to allow them to be something other than pointers. To keep
the impact of this patch low, uses of TemplateHashMapImpl set these
types to void* to emulate the previous behaviour.
This is part of a wider set of changes discussed in:
https://groups.google.com/forum/#!topic/v8-dev/QLsC0XPYLeM
Review-Url: https://codereview.chromium.org/2343123002
Cr-Commit-Position: refs/heads/master@{#39530}
Reason for revert:
Unblocking roll
Original issue's description:
> [d8] Fix the shared-library build
>
> This commit ensures that the d8 shared library build uses the same logic as
> the standard static build by exporting relevant functions and classes.
>
> BUG=chromium:646337
>
> Committed: https://crrev.com/2c10ca8086a4d595ecf9aa843d2031b068470d65
> Cr-Commit-Position: refs/heads/master@{#39503}
TBR=jochen@chromium.org,vogelheim@chromium.org,bmeurer@chromium.org,titzer@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:646337
Review-Url: https://codereview.chromium.org/2356703003
Cr-Commit-Position: refs/heads/master@{#39526}
This commit ensures that the d8 shared library build uses the same logic as
the standard static build by exporting relevant functions and classes.
BUG=chromium:646337
Review-Url: https://codereview.chromium.org/2342563002
Cr-Commit-Position: refs/heads/master@{#39503}
This flag has been flipped off since 52, so it is due for removal.
R=adamk@chromium.org,caitp@igalia.com
BUG=v8:3785
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
Review-Url: https://codereview.chromium.org/2268633002
Cr-Commit-Position: refs/heads/master@{#39435}
This CL adds fuzzers for the wasm module sections 'types', 'names',
'globals', 'imports', 'function signatures', 'memory', and 'data', one
fuzzer per section. No fuzzers are added for the other sections because
either there already exists a fuzzer (e.g. wasm-code), or there exist
inter-section dependencies.
To avoid introducing a bunch executables which would make compilation
with make slow, I introduce a single executable
'v8_simple_wasm_section_fuzzer' which calls the fuzzers mentioned above.
This executable is run by the trybots and ensures that the fuzzers
actually compile. For debugging I introduce commandline parameters which
allow to execute the specific fuzzers from 'v8_simple_wasm_section_fuzzer'.
R=titzer@chromium.org, jochen@chromium.org, mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2336603002
Cr-Commit-Position: refs/heads/master@{#39413}
The wasm-module-runner is used both in cctests and in fuzzers. As
discussed offline, it is weird to include cctest header files in
fuzzers, so I introduce a new test/common directory which contains the
common files.
R=titzer@chromium.org, jochen@chromium.org
Review-Url: https://codereview.chromium.org/2335193002
Cr-Commit-Position: refs/heads/master@{#39411}
With this CL the wasm-code-fuzzer first decodes and interprets the test
case generated by the fuzzer. It then compiles the test case, but only
executes the compiled instance if the interpretation of the test case
was successful. If the compiled instance is executed, then the result of
the execution is compared with the result of the interpretation.
Additionally this CL refactors the CompileAndRunWasmModule function in
wasm-module.cc to resuse code in the call to the interpreter.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2321443002
Cr-Commit-Position: refs/heads/master@{#39351}
- inspector becomes a dependency of v8_base;
- generated public protocol files are placed to gen/v8/include/inspector/<Domain.h>;
- added v8_enable_inspector_override to be used in embedders (gn only);
- combined public headers into v8-inspector.h and v8-inspector-protocol.h.
BUG=chromium:635948
Review-Url: https://codereview.chromium.org/2292053003
Cr-Commit-Position: refs/heads/master@{#39226}
Spec discussion: https://github.com/tc39/ecma402/issues/30
It's in stage 4 and Firefox has already implemented it.
For now, it's added to HARMONY_IN_PROGRESS bucket behind
'--datetime-format-to-parts' flag.
BUG=v8:5244
TEST=intl/date-format/date-format-to-parts.js
TEST=test262/intl402/DateTimeFormat/prototype/formatToParts/*
Review-Url: https://codereview.chromium.org/2273953003
Cr-Commit-Position: refs/heads/master@{#39225}
Reason for revert:
Performance regressions: crbug.com/644087
Clusterfuzz: crbug.com/644074
We'll reland all regexp changes at once when the port is complete and at least performance-neutral, since the partial port requires slow workarounds.
Original issue's description:
> [regexp] Port RegExpConstructor
>
> BUG=v8:5339
>
> Committed: https://crrev.com/0aa80be16b8d876999066545c2922e1291e09610
> Cr-Commit-Position: refs/heads/master@{#39074}
TBR=bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2312743002
Cr-Commit-Position: refs/heads/master@{#39177}
This makes for slightly faster rebuilds when touching parser-base.h
(which changes frequently!). Also takes care of an old TODO,
moving CompileTimeValue into its own file under ast/, where it
properly belongs.
BUG=v8:5294
Review-Url: https://codereview.chromium.org/2305883002
Cr-Commit-Position: refs/heads/master@{#39141}
Our Type class has a semantic and representational dimension.
Much code in src/ast, Crankshaft and Turbofan is based on it.
Going forward in Turbofan we'd like to remove representational information
entirely. To that end, new type AstType has been created to preserve
existing behavior for the benefit of Crankshaft and the AST.
BUG=
Review-Url: https://codereview.chromium.org/2302283002
Cr-Commit-Position: refs/heads/master@{#39135}
Correct a small bug which throws a compile-time assertion for ARMv8
builds since this change:
https://codereview.chromium.org/2223433002
This does not add full support for ARMv8 instructions; it simply sets
the CAN_USE_ARMV7_INSTRUCTIONS define on ARMv8 builds.
BUG=
Review-Url: https://codereview.chromium.org/2293253004
Cr-Commit-Position: refs/heads/master@{#39087}
This way, many files which only need CompilationInfo but not compiler.h
and its dependencies can include just compilation-info.h.
BUG=
Review-Url: https://codereview.chromium.org/2284313003
Cr-Commit-Position: refs/heads/master@{#39038}
For asm.js we now have a dedicated AsmTyper, that uses it's own type
system (which is tailored towards asm.js), and so we don't need the
special asm.js types anymore in the TypeCache. This also moves the
TypeCache into the src/compiler directory, because it doesn't make
sense to use outside anyways.
TBR=ahaas@chromium.orgR=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2289573002
Cr-Commit-Position: refs/heads/master@{#38964}
Reason for revert:
Significantly tanks parsing. We probably should just keep on doing what we're doing: partially deserialize while resolving variables. If we do scope-info backed resolution after regular resolution based on remaining free variables, we can probably reduce the time-frame of that part. We soon after anyway need to sync with the main thread.
Original issue's description:
> Always deserialize scope infos for parsing
>
> When looking up variables in the ScopeInfo, we did a linear scan of the
> ScopeInfo. Since that's unacceptably slow, a context slot cache was added
> that would speed up repeated lookups of the same variable.
>
> Instead, just always fully convert the ScopeInfo into scopes, so they can
> lookup variables without scanning the ScopeInfo.
>
> This also allows for removing the now unused ContextSlotCache.
>
> R=adamk@chromium.org,verwaest@chromium.org,marja@chromium.org
> BUG=v8:5315
>
> Committed: https://crrev.com/81f824cad18e4dc873a8838943217eb9c9f0c1f0
> Cr-Commit-Position: refs/heads/master@{#38953}
TBR=adamk@chromium.org,marja@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5315
Review-Url: https://codereview.chromium.org/2287783003
Cr-Commit-Position: refs/heads/master@{#38958}
When looking up variables in the ScopeInfo, we did a linear scan of the
ScopeInfo. Since that's unacceptably slow, a context slot cache was added
that would speed up repeated lookups of the same variable.
Instead, just always fully convert the ScopeInfo into scopes, so they can
lookup variables without scanning the ScopeInfo.
This also allows for removing the now unused ContextSlotCache.
R=adamk@chromium.org,verwaest@chromium.org,marja@chromium.org
BUG=v8:5315
Review-Url: https://codereview.chromium.org/2280933002
Cr-Commit-Position: refs/heads/master@{#38953}
Introduce a new TypedOptimization reducer that contains the type
based optimization reduction steps, which are not (directly)
related to lowering JavaScript operators based on types (which is
what JSTypedLowering is supposed to do).
This also addresses a chicken-and-egg problem that we see in the
Octane/Mandreel benchmark where type based constant folding isn't
applied to the numeric comparison operators introduced by the
JSTypedLowering itself, and thus gives up to 10% speedup for the
benchmark.
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2280673003
Cr-Commit-Position: refs/heads/master@{#38928}
DuplicateFinder isn't actually used by the Scanner, except for one
convenience function which we should probably remove, also.
BUG=
Review-Url: https://codereview.chromium.org/2281443002
Cr-Commit-Position: refs/heads/master@{#38904}
This flag was shipped on in 52, so it's due for removal. The patch includes
removing the deprecated and unused-in-Blink API Promise::Chain, and many
test updates.
R=adamk@chromium.org
BUG=v8:4633
Review-Url: https://codereview.chromium.org/2267033002
Cr-Commit-Position: refs/heads/master@{#38804}
When doing a component build, some test binaries link against the object
files directly, bypassing the components. This results, however, and
rightly so, in linker warnings. In gyp, we just suppressed them. During
the transition to gn, this was dropped for two binaries.
Here I add the suppressions back in.
Long term, we should either change the tests to go through the public
API, or export the required symbols.
BUG=chromium:633688
R=jkummerow@chromium.org
Review-Url: https://codereview.chromium.org/2261123003
Cr-Commit-Position: refs/heads/master@{#38793}
This makes us able to get rid of dependencies to parser.h from places
which only need the ParseInfo, and also gets rid of the curious Parser
<-> Compiler circular dependency.
Also IWYUd where necessary.
BUG=
Review-Url: https://codereview.chromium.org/2268513002
Cr-Commit-Position: refs/heads/master@{#38777}
Adds support for dumping the stack on Windows. Also enables in-process
stack dumping in d8 to dump the stack on exceptions and signals.
This CL changes the format of stack dumps from:
1: V8_Fatal
2: 0x1ac6ba5
3: v8::internal::interpreter::BytecodeGenerator::Visit(v8::internal::AstNode*)
4: v8::internal::interpreter::BytecodeGenerator::VisitForAccumulatorValue(v8::internal::Expression*)
...
To:
./out/x64.debug/d8(v8::base::debug::StackTrace::StackTrace()+0x1e) [0x1c6ee5e]
./out/x64.debug/d8() [0x1c6ede5]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x10330) [0x7fa01193e330]
./out/x64.debug/d8(v8::base::OS::Abort()+0x12) [0x1c6cea2]
./out/x64.debug/d8() [0x1c67538]
./out/x64.debug/d8() [0x1ac80b5]
./out/x64.debug/d8(v8::internal::interpreter::BytecodeGenerator
::Visit(v8::internal::AstNode*)+0x3cb) [0x1ac323b]
./out/x64.debug/d8(v8::internal::interpreter::BytecodeGenerator
::VisitForAccumulatorValue(v8::internal::Expression*)+0x40) [0x1ac2570]
Review-Url: https://codereview.chromium.org/2248393002
Cr-Commit-Position: refs/heads/master@{#38717}
Adds TestResultScope and uses it to directly jump/fall through to the
correct branch in expressions used as branch conditions.
Should enable nicer TurboFan-graphs for easier control-flow
transformations in the future.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2242463002
Cr-Commit-Position: refs/heads/master@{#38634}
This adds a gyp/gn variable to control printing to stdout
on Android. This is false by default and true for all
v8 stand-alone android bots.
BUG=chromium:629806
Review-Url: https://codereview.chromium.org/2183063002
Cr-Commit-Position: refs/heads/master@{#38253}
Reason for revert:
Breaks roll: https://codereview.chromium.org/2182043004/
Original issue's description:
> [gn] Don't use PIE for host executables
>
> Using PIE switches on ASLR. With mksnapshot, this can lead
> to non-deterministic snapshots.
>
> BUG=v8:5233
>
> Committed: https://crrev.com/4ca39b53245619d94a80a93939613774e68e4649
> Cr-Commit-Position: refs/heads/master@{#38084}
TBR=jochen@chromium.org,vogelheim@chromium.org,yangguo@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5233
Review-Url: https://codereview.chromium.org/2187613003
Cr-Commit-Position: refs/heads/master@{#38092}
Using PIE switches on ASLR. With mksnapshot, this can lead
to non-deterministic snapshots.
BUG=v8:5233
Review-Url: https://codereview.chromium.org/2179303003
Cr-Commit-Position: refs/heads/master@{#38084}
The new phase will detect loop variable, infer bounds and bake them into
the type.
Review-Url: https://codereview.chromium.org/2164263003
Cr-Commit-Position: refs/heads/master@{#38077}
Reason for revert:
Revert this CL due to V8 Arm Builder failure and V8 Mips Builder failure.
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20builder/builds/2456https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/2506
Original issue's description:
> [Tracing] V8 Tracing Controller
>
> V8 has had a trace event macro interface for while, but without a tracing
> controller a standalone V8 would be unable to collect traces.
>
> This CL introduces a complete Tracing Controller system for V8.
> It is fully function except that it does not yet store trace event args.
>
> This CL has a few components,
> The tracing controller itself, contributed by the author of this CL
> The Trace config (including the parser), contributed by lpy@
> The Trace Object, Trace Writer, and Trace Buffer are all contributed by rksang@
>
> BUG=v8:4561
> LOG=N
>
> Committed: https://crrev.com/3d598452679ce208ad9b2f48e0fb3fae352ce375
> Cr-Commit-Position: refs/heads/master@{#38073}
TBR=jochen@chromium.org,mattloring@google.com,rskang@google.com,yangguo@chromium.org,fmeawad@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4561
Review-Url: https://codereview.chromium.org/2183943002
Cr-Commit-Position: refs/heads/master@{#38074}
V8 has had a trace event macro interface for while, but without a tracing
controller a standalone V8 would be unable to collect traces.
This CL introduces a complete Tracing Controller system for V8.
It is fully function except that it does not yet store trace event args.
This CL has a few components,
The tracing controller itself, contributed by the author of this CL
The Trace config (including the parser), contributed by lpy@
The Trace Object, Trace Writer, and Trace Buffer are all contributed by rksang@
BUG=v8:4561
LOG=N
Review-Url: https://codereview.chromium.org/2137013006
Cr-Commit-Position: refs/heads/master@{#38073}
This patch parametrizes AstTraversalVisitor by the actual subclass,
in a similar way as AstVisitor is parametrized. This allows a
subclass to, e.g., override the Visit method and still use the
traversal mechanism. It also allows the subclass to override the
specific visiting methods, without them being virtual.
This patch also removes AstExpressionVisitor, subsuming its
functionality in AstTraversalVisitor.
R=adamk@chromium.org, verwaest@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2169833002
Cr-Commit-Position: refs/heads/master@{#37998}
This ports a large portion of Error methods to C++,
including the constructor, stack setter and getter,
and Error.prototype.toString.
BUG=
Review-Url: https://codereview.chromium.org/2142933003
Cr-Commit-Position: refs/heads/master@{#37870}
Original issue's description:
> [interpeter] Move to table based peephole optimizer.
>
> Introduces a lookup table for peephole optimizations.
>
> Fixes some tests using BytecodePeepholeOptimizer::Write() that should
> have been update to use BytecodePeepholeOptimizer::WriteJump().
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/f4234422b93b21a286b0f31799009bcbe8b90b9e
> Cr-Commit-Position: refs/heads/master@{#37819}
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2164583002
Cr-Commit-Position: refs/heads/master@{#37866}
So far TurboFan wasn't adding the deoptimization reasons for eager/soft
deoptimization exits that can be used by either the DevTools profiler or
the --trace-deopt flag. This adds basic support for deopt reasons on
Deoptimize, DeoptimizeIf and DeoptimizeUnless nodes and threads through
the reasons to the code generation.
Also moves the DeoptReason to it's own file (to resolve include cycles)
and drops unused reasons.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2161543002
Cr-Commit-Position: refs/heads/master@{#37823}
Reason for revert:
Break MIPS port.
Original issue's description:
> [interpeter] Move to table based peephole optimizer.
>
> Introduces a lookup table for peephole optimizations.
>
> Fixes some tests using BytecodePeepholeOptimizer::Write() that should
> have been update to use BytecodePeepholeOptimizer::WriteJump().
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/f4234422b93b21a286b0f31799009bcbe8b90b9e
> Cr-Commit-Position: refs/heads/master@{#37819}
TBR=rmcilroy@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2161563002
Cr-Commit-Position: refs/heads/master@{#37821}
Introduces a lookup table for peephole optimizations.
Fixes some tests using BytecodePeepholeOptimizer::Write() that should
have been update to use BytecodePeepholeOptimizer::WriteJump().
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2118183002
Cr-Commit-Position: refs/heads/master@{#37819}
This change makes the architecture that we target generated
v8 code for a property of the current toolchain, rather than a
global setting that applies to every toolchain.
This will allow us to properly build two snapshots for two different
architectures in a single build, which is needed for android
webview/monochrome builds.
R=brettw@chromium.org, jochen@chromium.org, michaelbai@chromium.org
BUG=625383
Review-Url: https://codereview.chromium.org/2116913002
Cr-Commit-Position: refs/heads/master@{#37805}
This commit introduces support for writing unwinding tables in the
.eh_frame format, to be inserted in the jitdump read by Linux perf and
emitted with FLAG_perf_prof and FLAG_perf_prof_unwinding_info enabled.
x64 is fully implemented and tested, arm and arm64 are untested and the
unwinding information needs to be expanded, but the mechanism is ready.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/2026313002
Cr-Commit-Position: refs/heads/master@{#37799}
This sets default values for v8_enable_gdbjit and
v8_imminent_deprecation_warnings, while allowing to override
them as gn args.
Without this patch the project-specific overrides have no
effect.
BUG=chromium:474921, chromium:626064
Review-Url: https://codereview.chromium.org/2153753002
Cr-Commit-Position: refs/heads/master@{#37797}
- Add Simd128 type to Wasm AST types
- Add a pass that converts SIMD machine ops to runtime calls
- Sample opcodes Int32x4Splat, Int32x4ExtractLane and test
- Separate out generic SIMD Machine ops as these cannot be
handled by runtime functions just yet.
LOG=N
BUG=v8:4124
R=bradnelson@chromium.org, bbudge@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/1991143002
Cr-Commit-Position: refs/heads/master@{#37789}
Original commit message:
Also, CodeGenerator::MakeCodeEpilogue now accepts an optional pointer
to a EhFrameWriter and will attach unwinding information to the code
object when passed one.
Reason for reverting:
The STATIC_CONST_MEMBER_DEFINITION in eh-frame-writer-unittest.cc
causes a compiler error on V8 Win64 - clang buildbot.
Removing that bit.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/2023503002
Cr-Commit-Position: refs/heads/master@{#37754}
Reason for revert:
Breaks the roll, possibly win gn:
https://codereview.chromium.org/2148863002/
Original issue's description:
> [interpreter] Reduce dependencies in bytecodes.{h,cc}
>
> This CL reduces the number of dependencies bytecodes.{h,cc} to facilitate
> generating the bytecode peephole optimizer table during build. Specifically,
> it avoids depending on v8_base.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/4edebb1cd870ae6c1359ad54f83e618e185883b1
> Cr-Commit-Position: refs/heads/master@{#37715}
TBR=mstarzinger@chromium.org,rmcilroy@chromium.org,oth@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2151693003
Cr-Commit-Position: refs/heads/master@{#37743}
This CL reduces the number of dependencies bytecodes.{h,cc} to facilitate
generating the bytecode peephole optimizer table during build. Specifically,
it avoids depending on v8_base.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2135273002
Cr-Commit-Position: refs/heads/master@{#37715}
Original commit message:
Also, CodeGenerator::MakeCodeEpilogue now accepts an optional pointer
to a EhFrameWriter and will attach unwinding information to the code
object when passed one.
Reason for reverting:
The STATIC_CONST_MEMBER_DEFINITION in eh-frame-writer-unittest.cc
causes a compiler error on V8 Win64 - clang buildbot.
Removing that bit.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/2023503002
Cr-Commit-Position: refs/heads/master@{#37707}
Reason for revert:
The STATIC_CONST_MEMBER_DEFINITION in eh-frame-writer-unittest.cc causes a compiler error on V8 Win64 - clang buildbot. Removing that bit should be sufficient.
Original issue's description:
> Implement .eh_frame writer and disassembler.
>
> Also, CodeGenerator::MakeCodeEpilogue now accepts an optional pointer
> to a EhFrameWriter and will attach unwinding information to the code
> object when passed one.
>
> BUG=v8:4899
> LOG=N
>
> Committed: https://crrev.com/27d810e63b744b5b3d9aa28ff21413247773e6c2
> Cr-Commit-Position: refs/heads/master@{#37683}
TBR=rmcilroy@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4899
Review-Url: https://codereview.chromium.org/2143033002
Cr-Commit-Position: refs/heads/master@{#37688}
Also, CodeGenerator::MakeCodeEpilogue now accepts an optional pointer
to a EhFrameWriter and will attach unwinding information to the code
object when passed one.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/2023503002
Cr-Commit-Position: refs/heads/master@{#37683}
Drive-by-fix: hydrogen code does not blindly return the
byteLength offset, instead it executes what is defined
in the byteLength getter.
BUG=
Review-Url: https://codereview.chromium.org/2123263002
Cr-Commit-Position: refs/heads/master@{#37595}
We don't explicitly switch off v8_use_external_startup_data
when not using a snapshot. Therefore we also shouldn't assert
this.
BUG=chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/2127633002
Cr-Commit-Position: refs/heads/master@{#37542}
This executes an action as part of the build, writing a json
configuration that includes all build flags relevant to v8
testing.
The test runner will derive all build-dependent flags from
the file if it detects it.
BUG=chromium:474921
Review-Url: https://codereview.chromium.org/2106423002
Cr-Commit-Position: refs/heads/master@{#37446}
The functions related to code statistics are a part of spaces currently.
This is not very intutive and hence refactored these functions to a new
CodeStatistics class.
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2082863003
Cr-Commit-Position: refs/heads/master@{#37440}
the .eh_frame format as part of the jitdump generated when
FLAG_perf_prof is enabled. The final goal is allowing precise unwinding
of callchains that include JITted code when profiling V8 using perf.
Unwinding information is stored in the body of code objects after the
code itself, prefixed with its length and aligned to a 8-byte boundary.
A boolean flag in the header signals its presence, resulting in zero
memory overhead when the generation of unwinding info is disabled or
no such information was attached to the code object.
A new jitdump record type (with id 4) is introduced for specifying
optional unwinding information for code load records. The EhFrameHdr
struct is also introduced, together with a constructor to initialise it
from the associated code object.
At this stage no unwinding information is written to the jitdump, but
the infrastructure for doing so is ready in place.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/1993653003
Cr-Commit-Position: refs/heads/master@{#37296}
The redundancy elimination is currently a graph reducer that tries to
combine redundant checks in the effect chain. It does this by
propagating the checks that happened along effect paths, which is pretty
similar to what the BranchElimination does on the control chain. We run
this reducer together with the other optimizations right after the
representation selection.
An upcoming CL will extend the redundancy elimination to also eliminate
redundant loads (and eventually map checks).
R=jarin@chromium.org
BUG=v8:5141
Review-Url: https://codereview.chromium.org/2091503003
Cr-Commit-Position: refs/heads/master@{#37208}
Currently CpuProfiler is a subclass of CodeEventListener, it listens code events
from Logger, constructs and stores CodeEventsContainer. This patch is part of
the effort to split the logic of CodeEventListener as ProfilerListener out of
the profiling functionality logic in CpuProfiler. A ProfilerListener will listen
to code events, construct code event to CodeEventsContainer and pass it to code
event handler.
The reason we refactor CpuProfiler is that eventually we want to move
CpuProfiler as part of sampler library and code event listener should stay
inside V8.
Main changes:
1. Refactored CpuProfiler into two parts, the CpuProfiler with profling
functionality and the ProfilerListener listening to code events from Logger.
2. Created CodeEventObserver and made CpuProfiler inherit from it.
ProfilerListener will have a list of observers and call CodeEventHandler once a
code event is created.
3. Moved code entry list from CodeEntry to ProfilerListener.
Minor changes:
1. Moved static code entry as part of CodeEntry.
2. Added ProfilerListener to Logger.
BUG=v8:4789
Committed: https://crrev.com/cb59fc1facc9b390e2c7544b4da56a4e0a9b3222
Review-Url: https://codereview.chromium.org/2053523003
Cr-Original-Commit-Position: refs/heads/master@{#37112}
Cr-Commit-Position: refs/heads/master@{#37195}
Adds back simple dead code elimination to the bytecode pipeline.
BUG=v8:4280,chromium:616064
Review-Url: https://codereview.chromium.org/2038083002
Cr-Commit-Position: refs/heads/master@{#37147}
This brings some more flags in line with the GYP build on Windows. In particular, this ads the SSE2 flag on x86, and the stack linker flag on x64.
Review-Url: https://codereview.chromium.org/2077173002
Cr-Commit-Position: refs/heads/master@{#37114}
Reason for revert:
MIPS compilation error.
Original issue's description:
> Refactor CpuProfiler.
>
> Currently CpuProfiler is a subclass of CodeEventListener, it listens code events
> from Logger, constructs and stores CodeEventsContainer. This patch is part of
> the effort to split the logic of CodeEventListener as ProfilerListener out of
> the profiling functionality logic in CpuProfiler. A ProfilerListener will listen
> to code events, construct code event to CodeEventsContainer and pass it to code
> event handler.
>
> The reason we refactor CpuProfiler is that eventually we want to move
> CpuProfiler as part of sampler library and code event listener should stay
> inside V8.
>
> Main changes:
> 1. Refactored CpuProfiler into two parts, the CpuProfiler with profling
> functionality and the ProfilerListener listening to code events from Logger.
> 2. Created CodeEventObserver and made CpuProfiler inherit from it.
> ProfilerListener will have a list of observers and call CodeEventHandler once a
> code event is created.
> 3. Moved code entry list from CodeEntry to ProfilerListener.
>
> Minor changes:
> 1. Moved static code entry as part of CodeEntry.
> 2. Added ProfilerListener to Logger.
>
> BUG=v8:4789
>
> Committed: https://crrev.com/cb59fc1facc9b390e2c7544b4da56a4e0a9b3222
> Cr-Commit-Position: refs/heads/master@{#37112}
TBR=alph@chromium.org,jochen@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4789
Review-Url: https://codereview.chromium.org/2079273003
Cr-Commit-Position: refs/heads/master@{#37113}
Currently CpuProfiler is a subclass of CodeEventListener, it listens code events
from Logger, constructs and stores CodeEventsContainer. This patch is part of
the effort to split the logic of CodeEventListener as ProfilerListener out of
the profiling functionality logic in CpuProfiler. A ProfilerListener will listen
to code events, construct code event to CodeEventsContainer and pass it to code
event handler.
The reason we refactor CpuProfiler is that eventually we want to move
CpuProfiler as part of sampler library and code event listener should stay
inside V8.
Main changes:
1. Refactored CpuProfiler into two parts, the CpuProfiler with profling
functionality and the ProfilerListener listening to code events from Logger.
2. Created CodeEventObserver and made CpuProfiler inherit from it.
ProfilerListener will have a list of observers and call CodeEventHandler once a
code event is created.
3. Moved code entry list from CodeEntry to ProfilerListener.
Minor changes:
1. Moved static code entry as part of CodeEntry.
2. Added ProfilerListener to Logger.
BUG=v8:4789
Review-Url: https://codereview.chromium.org/2053523003
Cr-Commit-Position: refs/heads/master@{#37112}
Import base::ieee754::tan() from fdlibm and introduce Float64Tan TurboFan
operator based on that, similar to what we do for Float64Cos and Float64Sin.
Rewrite Math.tan() as TurboFan builtin and use those operators to also
inline Math.tan() into optimized TurboFan functions.
Drive-by-fix: Kill the %_ConstructDouble intrinsics, and provide only
the %ConstructDouble runtime entry for writing tests.
BUG=v8:5086,v8:5126
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2083453002
Cr-Commit-Position: refs/heads/master@{#37087}
All debugging-related information is now stored inside a dedicated
object, which is only allocated if debugging support is needed.
This is also where later a reference to the interpreter will be stored
for executing to-be-debugged functions and providing stack inspection.
R=titzer@chromium.org, ahaas@chromium.org
BUG=chromium:613110
Review-Url: https://codereview.chromium.org/2050953003
Cr-Commit-Position: refs/heads/master@{#37055}
The patch introduces a dedicated dispatching class for JIT code events. It is
set as a helper on the isolate.
This allows classes across v8 to break their dependency on Logger and CpuProfiler.
These two became just regular clients of the dispatcher.
BUG=v8:4789
Review-Url: https://codereview.chromium.org/2061623002
Cr-Commit-Position: refs/heads/master@{#37005}
This moves common configs used by all v8 targets into
common templates.
This also fixes using v8_optimized_debug correctly in
executables and components.
BUG=chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/2054803003
Cr-Commit-Position: refs/heads/master@{#36956}
This CL introduces the new type system for the ASM
type-checker/validator.
BUG=
Review-Url: https://codereview.chromium.org/2045703007
Cr-Commit-Position: refs/heads/master@{#36942}
We were able to achieve our goals for register allocation independent of
the allocation algorithm. Performance data so far is inconclusive re. the
value of the Greedy algorithm, compared to the particular Linear Scan
implementation we're currently using, and the performance measurement
techniques we currently use are too imprecise to help with this matter.
Retiring the algorithm to lower maintenance and evolution cost (e.g. lower
cost of adding aliasing support). Once we improve benchmarking stability,
and establish a suite sensitive enough for codegen improvement studies,
we may revive the algorithm, should the need arise.
BUG=
Review-Url: https://codereview.chromium.org/2060673002
Cr-Commit-Position: refs/heads/master@{#36912}
This switches Math.log to use an fdlibm based version of log, imported
as base::ieee754::log, and use that consistently everywhere, i.e. change
the Float64Log TurboFan operators on Intel to use the C++ implementation
as well (same for Crankshaft).
R=yangguo@chromium.org
BUG=v8:5065,v8:5086
Review-Url: https://codereview.chromium.org/2053893003
Cr-Commit-Position: refs/heads/master@{#36880}
We ported hashmap.h into libsampler as a workaround before, so the main focus of
this patch is to reduce code duplication. This patch moves the hashmap into
src/base as well as creates DefaultAllocationPolicy using malloc and free.
BUG=v8:5050
LOG=n
Review-Url: https://codereview.chromium.org/2010243003
Cr-Commit-Position: refs/heads/master@{#36873}
This allows using icu data, bundled in the icudtl.dat file,
to be loaded automatically from a default location
side-by-side with the executable.
The v8 stand-alone default is still to use statically
linked ICU data, but this will be switched in a separate
follow-up CL.
BUG=chromium:616033
LOG=y
Review-Url: https://codereview.chromium.org/2042253002
Cr-Commit-Position: refs/heads/master@{#36823}
This declares v8_enable_slow_dchecks and v8_optimized_debug
as gn args. It adds support for dcheck_always_on and
debugging with v8_optimized_debug = false.
BUG=chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/2024833002
Cr-Commit-Position: refs/heads/master@{#36789}
This avoids the inclusion of inline headers (i.e. vm-state-inl.h in this
case) in a normal header. There are three more such violations left in
the code-base after this change.
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2039913002
Cr-Commit-Position: refs/heads/master@{#36781}
Many executables are missing embedded manifest files when built with gn.
This causes OS compatibility information to be omitted which can lead
to strange behavior. This change adds a manifest to:
v8_simple_json_fuzzer.exe
v8_simple_parser_fuzzer.exe
v8_simple_regexp_fuzzer.exe
v8_simple_wasm_asmjs_fuzzer.exe
v8_simple_wasm_fuzzer.exe
BUG=chromium:602505
Review-Url: https://codereview.chromium.org/2040623003
Cr-Commit-Position: refs/heads/master@{#36725}
This moves processing of jumps out of bytecode array builder and into
bytecode array writer. This simplifies the pipeline by avoiding having
to flush for offset and patch up offsets in bytecode array builder based
on what was emitted by the bytecode array writer.
This also enables future refactorings to add dead code elimination back
into the pipeline, and move processing of scalable operand sizes to the
end of the pipeline (in the bytecode array writer) rather than having to
deal with scalable operand types throughout pipeline.
BUG=v8:4280,chromium:616064
Review-Url: https://codereview.chromium.org/2035813002
Cr-Commit-Position: refs/heads/master@{#36716}
This adds corresponding *_run targets for all swarming
isolate actions existing in gyp. This also wires all
targets together under gn_all.
BUG=chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/2033813004
Cr-Commit-Position: refs/heads/master@{#36714}
This adds the v8-side fuzzer executables for smoke testing.
This also renames the old gyp targets to stay consistent
with chromium.
Naming convention for type X after the rename:
library: X_fuzzer (gn), X_fuzzer_lib (gyp)
executable v8: v8_simple_X_fuzzer
executable chromium: v8_X_fuzzer
BUG=chromium:474921
Review-Url: https://codereview.chromium.org/2032363002
Cr-Commit-Position: refs/heads/master@{#36713}
This introduces optimized number operations based on type feedback.
Summary of changes:
1. Typed lowering produces SpeculativeNumberAdd/Subtract for JSAdd/Subtract if
there is suitable feedback. The speculative nodes are connected to both the
effect chain and the control chain and they retain the eager frame state.
2. Simplified lowering now executes in three phases:
a. Propagation phase computes truncations by traversing the graph from uses to
definitions until checkpoint is reached. It also records type-check decisions
for later typing phase, and computes representation.
b. The typing phase computes more precise types base on the speculative types (and recomputes
representation for affected nodes).
c. The lowering phase performs lowering and inserts representation changes and/or checks.
3. Effect-control linearization lowers the checks to machine graphs.
Notes:
- SimplifiedLowering will be refactored to have handling of each operation one place and
with clearer input/output protocol for each sub-phase. I would prefer to do this once
we have more operations implemented, and the pattern is clearer.
- The check operations (Checked<A>To<B>) should have some flags that would affect
the kind of truncations that they can handle. E.g., if we know that a node produces
a number, we can omit the oddball check in the CheckedTaggedToFloat64 lowering.
- In future, we want the typer to reuse the logic from OperationTyper.
BUG=v8:4583
LOG=n
Review-Url: https://codereview.chromium.org/1921563002
Cr-Commit-Position: refs/heads/master@{#36674}
This sets the default for the feature, as chromium expects
it: It is turned on for all platforms except ios.
Chromium's build_override can be removed after this.
This will also allow to override the value as a gn arg.
BUG=chromium:474921,chromium:616034
NOTRY=true
Review-Url: https://codereview.chromium.org/2025803003
Cr-Commit-Position: refs/heads/master@{#36666}
This adds a very simplistic reduction of {CheckPoint} nodes via the new
{CheckpointElimination}, eliminating redundant check points that appear
in an effect chain of operations that are all {kNoWrite}. Such a chain
allows an arbitrary check point to be chosen. The current approach will
end up choosing the first one for all deopts in the chain.
R=bmeurer@chromium.org
TEST=unittests/CheckpointEliminationTest.CheckPointChain
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2022913003
Cr-Commit-Position: refs/heads/master@{#36634}
Reason for revert:
Breaking
http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20avx2/builds/7972
Original issue's description:
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
> are processed by the sweeper concurrently.
>
> BUG=chromium:611688
> LOG=N
> TEST=cctest/test-array-buffer-tracker/*
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/089da007bb990b5b29aab257aa836fdd3f3b8ce0
> Cr-Commit-Position: refs/heads/master@{#36608}
TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688
Review-Url: https://codereview.chromium.org/2028503003
Cr-Commit-Position: refs/heads/master@{#36609}
backing store.
Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
are processed by the sweeper concurrently.
BUG=chromium:611688
LOG=N
TEST=cctest/test-array-buffer-tracker/*
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/2024063002
Cr-Commit-Position: refs/heads/master@{#36608}
Reason for revert:
Investigating new arm simulator failure:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim/builds/851/steps/Check%20-%20novfp3/logs/box2d
Original issue's description:
> Reland "[heap] Fine-grained JSArrayBuffer tracking"
>
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
> are processed by the sweeper concurrently.
>
> BUG=chromium:614730, chromium:611688
> LOG=N
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c
> Cr-Commit-Position: refs/heads/master@{#36592}
TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:614730, chromium:611688
Review-Url: https://codereview.chromium.org/2021893002
Cr-Commit-Position: refs/heads/master@{#36593}
Track based on JSArrayBuffer addresses on pages instead of the attached
backing store.
Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
are processed by the sweeper concurrently.
BUG=chromium:614730, chromium:611688
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/2026463002
Cr-Commit-Position: refs/heads/master@{#36592}
This patch does five things:
1. Extracts sampler as libsampler to provide sampling functionality support.
2. Makes SampleStack virtual so embedders can override the behaviour of sample collecting.
3. Removes sampler.[h|cc].
4. Moves sampling thread into log.cc as workaround to keep the --prof functionality.
5. Creates SamplerManager to manage the relationship between samplers and threads.
The reason we port hashmap.h is that in debug mode, STL containers are using
mutexes from a mutex pool, which may lead to deadlock when using asynchronously
signal handler.
Currently libsampler is used in V8 temporarily.
BUG=v8:4789
LOG=n
Committed: https://crrev.com/06cc9b7c176a6223971deaa9fbcafe1a05058c7b
Cr-Commit-Position: refs/heads/master@{#36527}
Review-Url: https://codereview.chromium.org/1922303002
Cr-Commit-Position: refs/heads/master@{#36532}
Reason for revert:
Premature revert. Chromium roll included an earlier version.
Original issue's description:
> Revert of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #3 id:80001 of https://codereview.chromium.org/2007253002/ )
>
> Reason for revert:
> Breaks webgl2 conformance tests
> https://bugs.chromium.org/p/chromium/issues/detail?id=614730
>
> Original issue's description:
> > Reland of "[heap] Fine-grained JSArrayBuffer tracking"
> >
> > Track based on JSArrayBuffer addresses on pages instead of the attached
> > backing store.
> >
> > Details of tracking:
> > - Scavenge: New space pages are processes in bulk on the main thread
> > - MC: Unswept pages are processed in bulk in parallel. All other pages
> > are processed by the sweeper concurrently.
> >
> > This reverts commit 93fe04afa9.
> >
> > R=hpayer@chromium.org
> > BUG=chromium:611688
> > LOG=N
> > CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
> >
> > Committed: https://crrev.com/863d015e573798e263b35b31d2ab979739706533
> > Cr-Commit-Position: refs/heads/master@{#36513}
>
> TBR=hpayer@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:611688
>
> Committed: https://crrev.com/b9b0868ec49a52c9a80c9beea862a61707b292e5
> Cr-Commit-Position: refs/heads/master@{#36524}
TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688
Review-Url: https://codereview.chromium.org/2009383002
Cr-Commit-Position: refs/heads/master@{#36530}
Reason for revert:
V8 Linux64 TSAN failure because ThreadSanitizer indicated data race.
Original issue's description:
> Create libsampler as V8 sampler library.
>
> This patch does five things:
>
> 1. Extracts sampler as libsampler to provide sampling functionality support.
> 2. Makes SampleStack virtual so embedders can override the behaviour of sample collecting.
> 3. Removes sampler.[h|cc].
> 4. Moves sampling thread into log.cc as workaround to keep the --prof functionality.
> 5. Creates SamplerManager to manage the relationship between samplers and threads.
>
> The reason we port hashmap.h is that in debug mode, STL containers are using
> mutexes from a mutex pool, which may lead to deadlock when using asynchronously
> signal handler.
>
> Currently libsampler is used in V8 temporarily.
>
> BUG=v8:4789
> LOG=n
>
> Committed: https://crrev.com/06cc9b7c176a6223971deaa9fbcafe1a05058c7b
> Cr-Commit-Position: refs/heads/master@{#36527}
TBR=jochen@chromium.org,alph@chromium.org,fmeawad@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4789
Review-Url: https://codereview.chromium.org/2000323007
Cr-Commit-Position: refs/heads/master@{#36529}
This patch does five things:
1. Extracts sampler as libsampler to provide sampling functionality support.
2. Makes SampleStack virtual so embedders can override the behaviour of sample collecting.
3. Removes sampler.[h|cc].
4. Moves sampling thread into log.cc as workaround to keep the --prof functionality.
5. Creates SamplerManager to manage the relationship between samplers and threads.
The reason we port hashmap.h is that in debug mode, STL containers are using
mutexes from a mutex pool, which may lead to deadlock when using asynchronously
signal handler.
Currently libsampler is used in V8 temporarily.
BUG=v8:4789
LOG=n
Review-Url: https://codereview.chromium.org/1922303002
Cr-Commit-Position: refs/heads/master@{#36527}
Reason for revert:
Breaks webgl2 conformance tests
https://bugs.chromium.org/p/chromium/issues/detail?id=614730
Original issue's description:
> Reland of "[heap] Fine-grained JSArrayBuffer tracking"
>
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
> are processed by the sweeper concurrently.
>
> This reverts commit 93fe04afa9.
>
> R=hpayer@chromium.org
> BUG=chromium:611688
> LOG=N
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/863d015e573798e263b35b31d2ab979739706533
> Cr-Commit-Position: refs/heads/master@{#36513}
TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688
Review-Url: https://codereview.chromium.org/2011563003
Cr-Commit-Position: refs/heads/master@{#36524}
Track based on JSArrayBuffer addresses on pages instead of the attached
backing store.
Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
are processed by the sweeper concurrently.
This reverts commit 93fe04afa9.
R=hpayer@chromium.org
BUG=chromium:611688
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/2007253002
Cr-Commit-Position: refs/heads/master@{#36513}
This interpreter directly decodes and executes WASM binary code for
the purpose of supporting low-level debugging. It is not currently
integrated into the main WASM implementation.
R=ahaas@chromium.org,clemensh@chromium.org,rossberg@chromium.org,binji@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/1972153002
Cr-Commit-Position: refs/heads/master@{#36497}
Track based on JSArrayBuffer addresses on pages instead of the attached
backing store.
Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
are processed by the sweeper concurrently.
This reverts commit d2dff0320b.
R=hpayer@chromium.org
BUG=chromium:611688
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/2005723005
Cr-Commit-Position: refs/heads/master@{#36495}
This moves setting the v8_target_arch default to the shared
v8.gni, so that it's available in build_overrides for
stand-alone mode.
BUG=chromium:605732, chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/2006213002
Cr-Commit-Position: refs/heads/master@{#36465}
There are bots on the chromium.lkgr waterfall that need to
be able to set v8_target_arch to "arm" while the rest of
the target build is "x86". This CL makes that argument
a declare_arg(), so that we can do that.
BUG=chromium:605732,chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/2007843002
Cr-Commit-Position: refs/heads/master@{#36464}
Reason for revert:
Revert it.
Original issue's description:
> [heap] Fine-grained JSArrayBuffer tracking
>
> Track based on JSArrayBuffer addresses instead of the attached backing store.
> This way we can later on iterate buffers on a single page. The reland also
> switches to a page-based implementation where a page contains the set of its
> contained (live and dead) buffers.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
> are processed by the sweeper concurrently.
>
> BUG=chromium:611688
> LOG=N
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/b2d8bfc7931eef49d527605ba485950dea41cde3
> Cr-Commit-Position: refs/heads/master@{#36437}
TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688
Review-Url: https://codereview.chromium.org/2006183003
Cr-Commit-Position: refs/heads/master@{#36461}
Track based on JSArrayBuffer addresses instead of the attached backing store.
This way we can later on iterate buffers on a single page. The reland also
switches to a page-based implementation where a page contains the set of its
contained (live and dead) buffers.
Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
are processed by the sweeper concurrently.
BUG=chromium:611688
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/1964023002
Cr-Commit-Position: refs/heads/master@{#36437}
This patch re-lands #36341 with another fix to make
the amd64-generic build work as well.
R=machenbach@chromium.org, hablich@chromium.org, adamk@chromium.org
BUG=608596, 595653
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:chromeos_daisy_chromium_compile_only_ng,chromeos_amd64-generic_chromium_compile_only_ng,chromeos_x86-generic_chromium_compile_only_ng,linux_chromium_gn_chromeos_rel,linux_chromium_gn_chromeos_dbg
Review-Url: https://codereview.chromium.org/1996513005
Cr-Commit-Position: refs/heads/master@{#36390}
use_icu_data_file from //third_party/icu should be used.
//third_party/icu also defines ICU_UTIL_DATA_IMPL.
BUG=chromium:610673,chromium:474921
Review-Url: https://codereview.chromium.org/1996033002
Cr-Commit-Position: refs/heads/master@{#36371}
This patch re-lands #36193 with a couple of minor tweaks
including updating the BUILD.gn file to use the new
variable name and incorporating thakis' request to support
cross-compiling the win snapshot from a mac.
R=thakis@chromium.org, jochen@chromium.org, machenbach@chromium.org
BUG=608596, 595653
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:chromeos_daisy_chromium_compile_only_ng
Review-Url: https://codereview.chromium.org/1979883002
Cr-Commit-Position: refs/heads/master@{#36342}
Repackage encodeURI and encodeURIComponent as builtin functions
and install them in the bootstrapper.
Crude benchmark on 351 encodeURI and encodeURIComponent tests averaged
over five runs:
* builtin functions
real 0m8.01s
user 0m18.00s
sys 0m7.37s
* JS functions calling into the runtime e.g., for %NewString
real 0m8.44s
user 0m19.52s
sys 0m7.49s
By running:
$ time tools/run-tests.py --arch=x64 --mode=Release --buildbot
mjsunit/uri test262/built-ins/encodeURI*
>>> Running tests for x64.Release
BUG=v8:4912
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1983593002
Cr-Commit-Position: refs/heads/master@{#36273}
Since we are going to move Sampler as library, we creates tick-sample.[h|cc] for
TickSample, in order to maintain legacy code.
BUG=v8:4994
LOG=n
Review-Url: https://codereview.chromium.org/1952393002
Cr-Commit-Position: refs/heads/master@{#36267}
Expression::bounds_ is used only by a subset of compile passes, but the
data structure occupies space for every Expression node ever parsed. This
unneccessarily increases memory consumption. Particularly, peak memory
consumption during startup, which may cause out-of-memory errors.
This CL
- removes Expression::bounds_;
- introduces an AstTypeBounds container, which mappes Expression* to Bounds;
- modifies the code that actually requires bounds information, namely
Crankshaft compile and AsmWasmBuilder, to instantiate such an AstTypeBounds
container before typing and to pass it to the code that consumes this
information; and
- modifies all accesses to Expression::bounds_ to instead access the bounds
via the container instead.
Additionally, this rewrites test-ast-expression-visitor. The reason is that
this code attempted to test AstExpressionVisitor but did so exclusively
through its subclass ExpressionTypeCollector, meaning that the test dealt
almost exclusively with type bounds despite the class-under-test having
no knowledge or functionality related to it. Worse, the test was written
in a way to assume that type bounds were available outside & after
compilation, which is something this change changes.
BUG=v8:4947
Review-Url: https://codereview.chromium.org/1968383002
Cr-Commit-Position: refs/heads/master@{#36222}
This change introduces a pipeline for the final stages of
bytecode generation.
The peephole optimizer is made distinct from the BytecodeArrayBuilder.
A new BytecodeArrayWriter is responsible for writing bytecode. It
also keeps track of the maximum register seen and offers a potentially
smaller frame size.
R=rmcilroy@chromium.org
LOG=N
BUG=v8:4280
Review-Url: https://codereview.chromium.org/1947403002
Cr-Commit-Position: refs/heads/master@{#36220}
This patch removes the following properties, as their use count is
very low, they are V8-only, and not on a standards track.
- v8Parse
- resolved
- pattern
v8BreakIterator is left in as it has significantly more usage.
BUG=v8:3785
R=adamk,jshin@chromium.org
Review-Url: https://codereview.chromium.org/1968893002
Cr-Commit-Position: refs/heads/master@{#36190}
When I18N is enabled, use ICU's case conversion API and transliteration
API [1] to implement String.prototype.to{Upper,Lower}Case and
String.prototype.toLocale{Upper,Lower}Case.
* ICU-based case conversion was implemented in runtime-i18n.cc/i18n.js
* The above 4 functions are overridden with those in i18n.js when
--icu_case_mapping flag is turned on. To control the override by the flag,
they're overriden in icu-case-mapping.js
Previously, toLocale{U,L}Case just called to{U,L}Case so that they didn't
support locale-sensitive case conversion for Turkic languages (az, tr),
Greek (el) and Lithuanian (lt).
Before ICU APIs for the most general case are called, a fast-path for Latin-1
is tried. It's taken from Blink and adopted as necessary. This fast path
is always tried for to{U,L}Case. For toLocale{U,L}Case, it's only taken
when a locale (explicitly specified or default) is not in {az, el, lt, tr}.
With these changes, a build with --icu_case_mapping=true passes a bunch
of tests in test262/intl402/Strings/* and intl/* that failed before.
Handling of pure ASCII strings (aligned at word boundary) are not as fast
as Unibrow's implementation that uses word-by-word case conversion. OTOH,
Latin-1 input handling is faster than Unibrow. General Unicode input
handling is slower but more accurate.
See https://docs.google.com/spreadsheets/d/1KJCJxKc1FxFXjwmYqABS0_2cNdPetvnd8gY8_HGSbrg/edit?usp=sharing for the benchmark.
This CL started with http://crrev.com/1544023002#ps200001 by littledan@,
but has changed significantly since.
[1] See why transliteration API is needed for uppercasing in Greek.
http://bugs.icu-project.org/trac/ticket/10582
R=yangguo
BUG=v8:4476,v8:4477
LOG=Y
TEST=test262/{built-ins,intl402}/Strings/*, webkit/fast/js/*, mjsunit/string-case,
intl/general/case*
Review-Url: https://codereview.chromium.org/1812673005
Cr-Commit-Position: refs/heads/master@{#36187}
This code was used exclusively by its own unit test and can be safely removed.
BUG=v8:4947
LOG=N
Review-Url: https://codereview.chromium.org/1965373002
Cr-Commit-Position: refs/heads/master@{#36180}
This makes sure that targets depending on v8_libplatform
apply the required config.
BUG=chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/1962423003
Cr-Commit-Position: refs/heads/master@{#36170}
This adds a new pass MemoryOptimizer that walks over the effect chain
from Start and lowers all Allocate, LoadField, StoreField, LoadElement,
and StoreElement nodes, trying to fold allocations into allocation
groups and eliminate write barriers on StoreField and StoreElement if
possible (i.e. if the object belongs to the current allocation group and
that group allocates in new space).
R=hpayer@chromium.org, jarin@chromium.org
BUG=v8:4931, chromium:580959
LOG=n
Review-Url: https://codereview.chromium.org/1963583004
Cr-Commit-Position: refs/heads/master@{#36128}
atomic-utils.h only uses functionality from base/, and also by moving it into
base/, code outside of v8_base can benefit from it.
BUG=v8:4991
LOG=n
Review-Url: https://codereview.chromium.org/1954603002
Cr-Commit-Position: refs/heads/master@{#36114}
gn builds are missing Windows manifests for d8.exe and
mksnapshot.exe. These manifests are necessary in order to get
predictable behavior on Windows.
LOG=N
BUG=602505
Review-Url: https://codereview.chromium.org/1941433002
Cr-Commit-Position: refs/heads/master@{#35943}
This commit introduces IgnitionStatisticsExtension, which provides
methods for accessing Ignition statistics and counters from JavaScript.
The extension is registered when FLAG_ignition and
FLAG_trace_ignition_dispatches are both enabled.
For the moment, the only exposed function is
getIgnitionDispatchCounters(), which allows to retrieve Ignition
dispatch counters as a JavaScript object.
BUG=v8:4899
LOG=N
Review URL: https://codereview.chromium.org/1899133004
Cr-Commit-Position: refs/heads/master@{#35816}
Reason for revert:
Appears to break Android crbug.com/604422
Original issue's description:
> [GN] Define USE_EABI_HARDFLOAT=1 when arm_float_abi=="hard".
>
> Add this define to the config used for mksnapshot. This fixes a bug
> where certain applications would fail at runtime on Chromecast.
>
> BUG=592660
> LOG=Y
> Bug: internal b/27495984
>
> Test: Formerly broken Cast apps load and run as expected.
>
> Committed: https://crrev.com/86357d5235ceba61c151f0b6e509bcb365860454
> Cr-Commit-Position: refs/heads/master@{#35183}
TBR=dpranke@chromium.org,alokp@chromium.org,titzer@chromium.org,slan@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=592660,604422
LOG=n
Review URL: https://codereview.chromium.org/1906373002
Cr-Commit-Position: refs/heads/master@{#35725}
The feature was deprecated in M49 and flagged off in M50.
This patch removes it entirely from the codebase.
Review URL: https://codereview.chromium.org/1909433003
Cr-Commit-Position: refs/heads/master@{#35714}
This separation is needed to make two goals possible simultaneously:
* is should be possible to offer V8 components a simple, clean
interface to TurboFan's low-level code generation that doesn't
expose details about the TF.
* it should be possible to easily create new CodeAssembler "macros"
that don't require a review from an OWNER of the compiler directory.
Review URL: https://codereview.chromium.org/1875583003
Cr-Commit-Position: refs/heads/master@{#35576}
This introduces a compiler pass that schedules the graph and re-wires effect chain according to the schedule. It also connects allocating representation changes to the effect chain, and removes the BeginRegion and EndRegion nodes - they should not be needed anymore because all effectful nodes should be already wired-in.
This is an intermediate CL - the next step is to move lowering of the Change*ToTaggedEffect nodes to StateEffectIntroduction so that we do not have to introduce the effectful versions of nodes.
Review URL: https://codereview.chromium.org/1849603002
Cr-Commit-Position: refs/heads/master@{#35565}
This change implements switch as a balanced if/else tree or break table or
hybrid. A lot of asm.js modules are expected to extensively use switch
alongside function tables that can benefit from a better implementation.
BUG=v8:4203
TEST=mjsunit/asm-wasm
R=titzer@chromium.org,bradnelson@chromium.org,ahaas@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1838973002
Cr-Commit-Position: refs/heads/master@{#35455}
The usage of __attribute__((format(x, y)) was either wrong or missing from multiple functions, leading to erroneous formats. This CL:
- Imports PRINTF_FORMAT macro from Chrome's src/base/compiler-specific.h.
- Uses it appropriately.
- Imports Chrome's base/format_macros.h mainly to fix size_t formats (further cleanup could be done).
- Fixes a bunch of incorrect formats.
Original CL: https://codereview.chromium.org/1869433004
Reverted in: https://codereview.chromium.org/1867383002
Reverted again in: https://codereview.chromium.org/1877823003
Reverts due to non-CQ bots:
- First: v8_win_dbg, v8_win64_dbg, v8_mac_dbg
- Second: gc mole (added to v8_linux_rel_ng for this patch)
R= jochen@chromium.org
TBR= ahaas@chromium.org,bmeurer@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1872203005
Cr-Commit-Position: refs/heads/master@{#35423}
Makes browser_tests --gtest_filter=CrSettingsBrowserTest.CrSettingsTest
complete in a little over 8 seconds instead of timing out after 45s
on my box. Without this patch, the test is much slower in gn builds
than in gyp builds.
v8/ part, goes with https://codereview.chromium.org/1880693003
BUG=chromium:586511
LOG=n
Review URL: https://codereview.chromium.org/1882453002
Cr-Commit-Position: refs/heads/master@{#35415}
Reason for revert:
One small issue easily fixed here: https://codereview.chromium.org/1867333003/
But it looks like MSVS 2013 doesn't like some of the formats and exists with the unhelpful:
Stderr:
f:\dd\vctools\crt\crtw32\stdio\output.c(1125) : Assertion failed: ("Incorrect
format specifier", 0)
It's easier to revert for now, I'll dig more into the docs:
https://msdn.microsoft.com/en-us/library/56e442dc(v=vs.120).aspxhttps://msdn.microsoft.com/en-us/library/tcxf1dw6(v=vs.120).aspx
And then resubmit, making sure I run these bots.
Original issue's description:
> Fix printf formats
>
> The usage of __attribute__((format(x, y)) was either wrong or missing from multiple functions, leading to erroneous formats. This CL:
>
> - Imports PRINTF_FORMAT macro from Chrome's src/base/compiler-specific.h.
> - Uses it appropriately.
> - Imports Chrome's base/format_macros.h mainly to fix size_t formats (further cleanup could be done).
> - Fixes a bunch of incorrect formats.
>
> R= jochen@chromium.org, bmeurer@chromium.org, yangguo@chromium.org, ahaas@chromium.org
>
> Committed: https://crrev.com/6ebf9fbb93d31f9be41156a3325d58704ed4933d
> Cr-Commit-Position: refs/heads/master@{#35365}
TBR=jochen@chromium.org,bmeurer@chromium.org,yangguo@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1867383002
Cr-Commit-Position: refs/heads/master@{#35366}
The usage of __attribute__((format(x, y)) was either wrong or missing from multiple functions, leading to erroneous formats. This CL:
- Imports PRINTF_FORMAT macro from Chrome's src/base/compiler-specific.h.
- Uses it appropriately.
- Imports Chrome's base/format_macros.h mainly to fix size_t formats (further cleanup could be done).
- Fixes a bunch of incorrect formats.
R= jochen@chromium.org, bmeurer@chromium.org, yangguo@chromium.org, ahaas@chromium.org
Review URL: https://codereview.chromium.org/1869433004
Cr-Commit-Position: refs/heads/master@{#35365}
Aside from v8_imminent_deprecation_warnings, all of these existed
already but were not configurable as GN args.
BUG=chromium:542853
LOG=n
Review URL: https://codereview.chromium.org/1867963002
Cr-Commit-Position: refs/heads/master@{#35362}
1) I moved the implementations of the wrapper functions into a new cc
file so that I can use these wrapper functions in tests.
2) I made a generic test for all tests in
test-run-calls-to-external-references.cc. In the new test we only
compare the result of a function call through an external reference with
the result of a direct function call. This is sufficient because we only
want to test function calls through external references work here.
The implementation of these functions are tested somewhere else.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1853123002
Cr-Commit-Position: refs/heads/master@{#35289}
Introduce a ResumeGeneratorTrampoline, which does the actual stack state
reconstruction (currently always restores a fullcodegen frame), and
introduce appropriate TurboFan builtins for %GeneratorPrototype%.next,
%GeneratorPrototype%.return and %GeneratorPrototype%.throw based on
this native builtin.
Also unify the flooding in case of step-in to always work based on
JSFunction and remove the special casing for JSGeneratorObject.
R=mstarzinger@chromium.org, neis@chromium.orgTBR=rossberg@chromium.org
BUG=chromium:513471
LOG=n
Review URL: https://codereview.chromium.org/1865833002
Cr-Commit-Position: refs/heads/master@{#35283}
We expect that the majority of malloc'd memory held by V8 is allocated
in Zone objects. Introduce an Allocator class that is used by Zones to
manage memory, and allows for querying the current usage.
BUG=none
R=titzer@chromium.org,bmeurer@chromium.org,jarin@chromium.org
LOG=n
TBR=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1847543002
Cr-Commit-Position: refs/heads/master@{#35196}
Add this define to the config used for mksnapshot. This fixes a bug
where certain applications would fail at runtime on Chromecast.
BUG=592660
LOG=Y
Bug: internal b/27495984
Test: Formerly broken Cast apps load and run as expected.
Review URL: https://codereview.chromium.org/1839763003
Cr-Commit-Position: refs/heads/master@{#35183}
Change x64 to use the external references like all other platforms.
BUG=chromium:581076
LOG=N
Review URL: https://codereview.chromium.org/1844283002
Cr-Commit-Position: refs/heads/master@{#35160}
Difference from --perf-basic-prof:
- correctly attributes samples when code space gets reused (when unused code object dies and a new code objects is allocated at the same place).
- outputs compiled machine code for instruction-level profile.
Just like --perf-basic-prof, the file writer is not synchronized (even worse, there is a per-isolate file handle), so we will run into trouble with multiple isolates. However, this patch is still an improvement on --perf-basic-prof, and it should be fine to replace ll-prof.
The patch also introduces experimental support for debug info, but it does not seem to be picked by the perf tool.
Usage:
You need the perf tool from Linux kernel >4.5. Then run:
$ perf record -k mono d8 --perf-prof <your JS file>
$ perf inject -j -i perf.data -o perf.data.jitted
$ perf report -i perf.data.jitted
Some explanations:
The "-k mono" switch from "perf record" tells the perf tool to use the monotonic clock for perf sample timestamping. The "perf inject -j" command injects the collected code events into the perf data file, writing the output into perf.data.jitted. The perf report command then creates the report.
Review URL: https://codereview.chromium.org/1809203007
Cr-Commit-Position: refs/heads/master@{#35091}
It's been on since M49. Also moved tests from harmony -> es6,
one of which was merged with another test of the same name.
While moving stuff over to regexp.js, I also noticed that there
were unused calls to %FunctionSetName and %SetNativeFlag (those
calls are already handled by InstallGetter()).
Review URL: https://codereview.chromium.org/1838563003
Cr-Commit-Position: refs/heads/master@{#35076}
This patch implements ES2015 RegExp subclassing semantics, namely the
hardest part where RegExp.prototype.exec and certain flag getters can
be overridden in order to provide different behavior. This change is
hidden behind a new flag, --harmony-regexp-exec. The flag guards the
behavior by installing entirely different implementations of the
methods which follow the new semantics.
Preliminary performance tests show a 3-4x regression in the Octane
RegExp benchmark. The new code doesn't call out into several fast
paths that the old code supported, so this is expected.
The patch is tested mostly by test262, where most RegExp tests are fixed,
with the exception of deliberate spec violations for web compatibility,
and for the 'sticky' flag, which is not dynamically read by this patch
in all cases but rather statically compiled into the RegExp. The latter
will require a follow-on patch to implement. A small additional set of
tests verifies one particular case, mostly to check whether the flag
mechanism works.
R=adamk,yangguo@chromium.org
LOG=Y
BUG=v8:4602
Review URL: https://codereview.chromium.org/1596483005
Cr-Commit-Position: refs/heads/master@{#35068}
Reason for revert:
Makes nosnap bots timeout due to having to rebuild bytecode handlers.
Original issue's description:
> [Interpreter] Remove separate Ignition snapshot.
>
> Removes the seperate Ignition snapshot and build the Ignition bytecode
> handlers in the default snapshot.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/1798f3fe84faff32ba44e09f6aed79245dd98d80
> Cr-Commit-Position: refs/heads/master@{#35058}
TBR=machenbach@google.com,yangguo@chromium.org,mstarzinger@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review URL: https://codereview.chromium.org/1827143002
Cr-Commit-Position: refs/heads/master@{#35059}
Removes the seperate Ignition snapshot and build the Ignition bytecode
handlers in the default snapshot.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1833643002
Cr-Commit-Position: refs/heads/master@{#35058}
Introduces a bytecode whose handler executes the equivalent of %_IsArray and %_IsJSReceiver without a runtime call.
BUG=v8:4822
LOG=y
Review URL: https://codereview.chromium.org/1645763003
Cr-Commit-Position: refs/heads/master@{#34983}
Both of them shipped in Chrome 49 without incident.
Also move relevant tests from harmony/ to es6/.
Review URL: https://codereview.chromium.org/1815773002
Cr-Commit-Position: refs/heads/master@{#34964}
This change introduces wide prefix bytecodes to support wide (16-bit)
and extra-wide (32-bit) operands. It retires the previous
wide-bytecodes and reduces the number of operand types.
Operands are now either scalable or fixed size. Scalable operands
increase in width when a bytecode is prefixed with wide or extra-wide.
The bytecode handler table is extended to 256*3 entries. The
first 256 entries are used for bytecodes with 8-bit operands,
the second 256 entries are used for bytecodes with operands that
scale to 16-bits, and the third group of 256 entries are used for
bytecodes with operands that scale to 32-bits.
LOG=N
BUG=v8:4747,v8:4280
Review URL: https://codereview.chromium.org/1783483002
Cr-Commit-Position: refs/heads/master@{#34955}
Bounds check hoisting was known to be buggy and has never been turned on.
Since Crankshaft is deprecated, nobody is going to spend time fixing it,
so let's just get rid of it.
BUG=v8:4155,v8:4849
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1823623002
Cr-Commit-Position: refs/heads/master@{#34948}
(The goal is to have CodeStubAssembler be the sole assembler-like user of
the TF compiler pipeline; with RMA being a private implementation detail
and FAA being a client.)
BUG=chromium:508898
LOG=Y
Review URL: https://codereview.chromium.org/1674633002
Cr-Commit-Position: refs/heads/master@{#34852}
Introducing the KeyAccumulator accidentally removed some crucial fast-paths.
This CL starts rewriting the KeyAccumulator, step-by-step introducing the
special cases again.
BUG=chromium:545503, v8:4758
LOG=y
Review URL: https://codereview.chromium.org/1707743002
Cr-Commit-Position: refs/heads/master@{#34532}
On 32-bit systems FXXXConvertI64 instructions are compiled to calls to
C functions. The TF node for the function call is already generated in
the wasm compiler, the lowering of the I64 parameter is done in the
Int64Lowering.
R=titzer@chromium.org, yangguo@chromium.org
Review URL: https://codereview.chromium.org/1738623003
Cr-Commit-Position: refs/heads/master@{#34487}
The CompilationPhase helper class is only used in Crankshaft and is not
suitable for use in other compilers. This factors is out into a separate
file and moves it into the "crankshaft" directory.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1758773002
Cr-Commit-Position: refs/heads/master@{#34441}
Initial implementation of S390 specific debug and IC functions.
R=danno@chromium.org,jkummerow@chromium.org,jochen@chromium.org,jyan@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1743263003
Cr-Commit-Position: refs/heads/master@{#34400}
Initial commit with the bulk of the src/s390/* changes
along with associated changes to the build toolchain for
the new files.
A minor update to V8PRIuPTR definition for Mac OS X
affecting 32-bit S390 sim compilations.
R=danno@chromium.org,jkummerow@chromium.org,jochen@chromium.org,jyan@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1725243004
Cr-Commit-Position: refs/heads/master@{#34331}
This reverts commit 9146bc5e20.
This contains a fix for the following crash:
1. We record slots for a fixed array.
2. We trim the fixed array, so that some recorded slots are now in free space.
3. During mark-compact we sweep the page with the fixed array. Now free list items contain memory with recorded slots.
4. We evacuate a byte array using the new free list items.
5. We iterate slots that are now inside the byte array and crash.
BUG=chromium:589413,chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1735523002
Cr-Commit-Position: refs/heads/master@{#34302}
Reason for revert:
Revert because of canary crashes: crbug.com/589413
Original issue's description:
> Replace slots buffer with remembered set.
>
> Slots pointing to evacuation candidates are now recorded in the new RememberedSet<OLD_TO_OLD>.
>
> The remembered set is extended to support typed slots.
>
> During parallel evacuation all migration slots are recorded in local slots buffers.
> After evacuation all local slots are added to the remembered set.
>
> BUG=chromium:578883
> LOG=NO
>
> Committed: https://crrev.com/2285a99ef6f7d52f4f0c4d88a7db4224443ee152
> Cr-Commit-Position: refs/heads/master@{#34212}
TBR=jochen@chromium.org,hpayer@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:578883
Review URL: https://codereview.chromium.org/1725073003
Cr-Commit-Position: refs/heads/master@{#34238}
Slots pointing to evacuation candidates are now recorded in the new RememberedSet<OLD_TO_OLD>.
The remembered set is extended to support typed slots.
During parallel evacuation all migration slots are recorded in local slots buffers.
After evacuation all local slots are added to the remembered set.
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1703823002
Cr-Commit-Position: refs/heads/master@{#34212}
The Proxy enumerate trap and Reflect.enumerate are removed from the
ES2016 draft specification. This patch removes the Reflect.enumerate
function, and a follow-on patch will be responsible for the Proxy
trap changes.
R=adamk
LOG=Y
BUG=v8:4768
Review URL: https://codereview.chromium.org/1721453002
Cr-Commit-Position: refs/heads/master@{#34196}
This reducer doesn't really add value, because:
(a) it is only concerned with JSCallFunction and JSToNumber, but when
we get to it, all JSCallFunction nodes will have been replaced by
Call nodes, and in the not so far future, we will also have
replaced almost all JSToNumber nodes with better code,
(b) and the reducer tries to be smart and use one of the outermost
contexts, but that might not be beneficial always; actually it
might even create longer live ranges and lead to more spilling
in some cases.
But most importantly, the JSContextRelaxation currently blocks inlining
based on SharedFunctionInfo, because it requires the inliner to check
the native context, which in turn requires JSFunction knowledge. So I'm
removing this reducer for now to unblock the more important inliner
changes.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1715633002
Cr-Commit-Position: refs/heads/master@{#34139}
This new class provides a unified interface for recording and iterating slots in store and slots buffers:
RememberedSet<OLD_TO_NEW>::Insert(page, slot);
RememberedSet<OLD_TO_OLD>::Insert(page, slot);
RememberedSet<OLD_TO_NEW>::Iterate(heap, callback);
RememberedSet<OLD_TO_OLD>::Iterate(heap, callback);
After this change the store buffer is responsible only for collecting slots from the generated code.
Subsequent CLs will remove the slots buffer.
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1683653002
Cr-Commit-Position: refs/heads/master@{#34031}
Moves InterpreterAssembler out of the compiler directory and into the
interpreter directory. Makes InterpreterAssembler as subclass of
CodeStubAssembler.
As part of this change, the special bytecode dispatch linkage type
is removed and instead we use a InterfaceDispatchDescriptor and
a normal CodeStub linkage type.
Removes a bunch of duplicated logic in InterpreterAssembler and
instead uses the CodeStubAssembler logic. Refactors Interpreter
with these changes.
Modifies CodeStubAssembler to add the extra operations required
by the Interpreter (extra call types, raw memory access and some extra
binary ops). Also adds the ability for subclasses to add extra
prologue and epilogue operations around calls, which is required
for the Interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1673333004
Cr-Commit-Position: refs/heads/master@{#33873}
This moves the JSCreate related functionality from JSTypedLowering into
a dedicated JSCreateLowering reducer. This is in preparation of landing
the support for optimized literals in TurboFan, which would blow up
JSTypedLowering quite seriously otherwise.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1678833002
Cr-Commit-Position: refs/heads/master@{#33813}
This replaces the global remembered set with per-page remembered sets.
Each page in the old space, map space, and large object space keeps track of
the set of slots in the page pointing to the new space.
The data structure for storing slot sets is a two-level bitmap, which allows
us to remove the store buffer overflow and SCAN_ON_SCAVENGE logic.
Design doc: https://goo.gl/sMKCf7
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1608583002
Cr-Commit-Position: refs/heads/master@{#33806}
The goal of the Int64Reducer is to replace all int64 nodes in a tf graph
with a set of int32 nodes such that 64 bit tf functions can be executed
on 32 bit platforms. At the moment the Int64Reducer only replaces
Int64Constants, TruncateInt64ToInt32, and Word64And.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1655883002
Cr-Commit-Position: refs/heads/master@{#33721}
This CL removes the Config templatization from the types. It is not
necessary anymore, after the HeapTypes have been removed.
The CL also changes the type hierarchy - the specific type kinds are
not inner classes of the Type class and they do not inherit from Type.
This is partly because it seems impossible to make this work without
templates. Instead, a new TypeBase class is introduced and all the
structural (i.e., non-bitset) types inherit from it.
The bitset type still requires the bit-munging hack and some nasty
reinterpret-casts to pretend bitsets are of type Type*. Additionally,
there is now the same hack for TypeBase - all pointers to the sub-types
of TypeBase are reinterpret-casted to Type*. This is to keep the type
constructors in inline method definitions (although it is unclear how
much that actually buys us).
In future, we would like to move to a model where we encapsulate Type*
into a class (or possibly use Type where we used to use Type*). This
would loosen the coupling between bitset size and pointer size, and
eventually we would be able to have more bits.
TBR=bradnelson@chromium.org
Review URL: https://codereview.chromium.org/1655833002
Cr-Commit-Position: refs/heads/master@{#33656}
This reverts commit 85ba94f28c.
All parallelism can be turned off using --predictable, or --noparallel-compaction.
This patch completely parallelizes
- semispace copy: from space -> to space (within newspace)
- newspace evacuation: newspace -> oldspace
- oldspace compaction: oldspace -> oldspace
Previously newspace has been handled sequentially (semispace copy, newspace
evacuation) before compacting oldspace in parallel. However, on a high level
there are no dependencies between those two actions, hence we parallelize them
altogether. We base the number of evacuation tasks on the overall set of
to-be-processed pages (newspace + oldspace compaction pages).
Some low-level details:
- The hard cap on number of tasks has been lifted
- We cache store buffer entries locally before merging them back into the global
StoreBuffer in a finalization phase.
- We cache AllocationSite operations locally before merging them back into the
global pretenuring storage in a finalization phase.
- AllocationSite might be compacted while they would be needed for newspace
evacuation. To mitigate any problems we defer checking allocation sites for
newspace till merging locally buffered data.
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_asan_rel,v8_linux64_tsan_rel,v8_mac64_asan_rel
BUG=chromium:524425
LOG=N
R=hpayer@chromium.org, ulan@chromium.org
Review URL: https://codereview.chromium.org/1640563004
Cr-Commit-Position: refs/heads/master@{#33552}
Reason for revert:
[Sheriff] Leads to crashes on all webrtc chromium testers, e.g.:
https://build.chromium.org/p/chromium.webrtc/builders/Mac%20Tester/builds/49664
Original issue's description:
> [heap] Parallel newspace evacuation, semispace copy, and compaction \o/
>
> All parallelism can be turned off using --predictable, or --noparallel-compaction.
>
> This patch completely parallelizes
> - semispace copy: from space -> to space (within newspace)
> - newspace evacuation: newspace -> oldspace
> - oldspace compaction: oldspace -> oldspace
>
> Previously newspace has been handled sequentially (semispace copy, newspace
> evacuation) before compacting oldspace in parallel. However, on a high level
> there are no dependencies between those two actions, hence we parallelize them
> altogether. We base the number of evacuation tasks on the overall set of
> to-be-processed pages (newspace + oldspace compaction pages).
>
> Some low-level details:
> - The hard cap on number of tasks has been lifted
> - We cache store buffer entries locally before merging them back into the global
> StoreBuffer in a finalization phase.
> - We cache AllocationSite operations locally before merging them back into the
> global pretenuring storage in a finalization phase.
> - AllocationSite might be compacted while they would be needed for newspace
> evacuation. To mitigate any problems we defer checking allocation sites for
> newspace till merging locally buffered data.
>
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_asan_rel,v8_linux64_tsan_rel,v8_mac64_asan_rel
> BUG=chromium:524425
> LOG=N
> R=hpayer@chromium.org, ulan@chromium.org
>
> Committed: https://crrev.com/8f0fd8c0370ae8c5aab56491b879d7e30c329062
> Cr-Commit-Position: refs/heads/master@{#33523}
TBR=hpayer@chromium.org,ulan@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425
Review URL: https://codereview.chromium.org/1643473002
Cr-Commit-Position: refs/heads/master@{#33539}
All parallelism can be turned off using --predictable, or --noparallel-compaction.
This patch completely parallelizes
- semispace copy: from space -> to space (within newspace)
- newspace evacuation: newspace -> oldspace
- oldspace compaction: oldspace -> oldspace
Previously newspace has been handled sequentially (semispace copy, newspace
evacuation) before compacting oldspace in parallel. However, on a high level
there are no dependencies between those two actions, hence we parallelize them
altogether. We base the number of evacuation tasks on the overall set of
to-be-processed pages (newspace + oldspace compaction pages).
Some low-level details:
- The hard cap on number of tasks has been lifted
- We cache store buffer entries locally before merging them back into the global
StoreBuffer in a finalization phase.
- We cache AllocationSite operations locally before merging them back into the
global pretenuring storage in a finalization phase.
- AllocationSite might be compacted while they would be needed for newspace
evacuation. To mitigate any problems we defer checking allocation sites for
newspace till merging locally buffered data.
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_asan_rel,v8_linux64_tsan_rel,v8_mac64_asan_rel
BUG=chromium:524425
LOG=N
R=hpayer@chromium.org, ulan@chromium.org
Review URL: https://codereview.chromium.org/1577853007
Cr-Commit-Position: refs/heads/master@{#33523}
This increases the size of register operands to be 16-bit.
Not all bytecodes have wide register variants, so when they are
needed a register translator will copy them into a small area
reserved at the top of the 8-bit register range and these registers
are supplied as arguments to the bytecode with 8-bit operands.
This is non-intrusive for typical bytecode where the number of
registers is less than 120. For bytecodes with wide register
operands (above the window) their index needs to be translated
to avoid the reserved translation window.
Enables splay.js to run in Octane and a handful of mjsunit tests.
BUG=v8:4280,v8:4675
LOG=NO
Review URL: https://codereview.chromium.org/1613163002
Cr-Commit-Position: refs/heads/master@{#33516}
Reason for revert:
The random nature of the tests caused the following buildbot to fail: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20gcc%204.8/builds/4724/steps/Check/logs/stdio
Original issue's description:
> [profiler] Implement POC Sampling Heap Profiler
>
> This implements a proof-of-concept sampling based heap profiler inspired by
> tcmalloc's heap profiler [1] and Go's mprof/memprofile [2].
>
> The basic idea is the sample allocations using a randomized Poisson process. At
> any point in time we can cheaply request the set of live sample objects that
> should be a representative sample of heap. Samples include stack-traces from the
> allocation sites, making this an effective tool for memory leak debugging.
>
> Unlike AllocationTracking, this is intended to be cheap and usable online in
> production.
>
> The proof-of-concept is only sampling new-space allocations at this point.
> Support for sampling paged space and native allocations is anticipated in the
> future.
>
> [1] http://goog-perftools.sourceforge.net/doc/heap_profiler.html
> [2] http://blog.golang.org/profiling-go-programs
>
> Committed: https://crrev.com/e5a9947811db9c9e23557dbad27f8b8a349b3262
> Cr-Commit-Position: refs/heads/master@{#33448}
TBR=jochen@chromium.org,alph@chromium.org,hpayer@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1615173002
Cr-Commit-Position: refs/heads/master@{#33449}
This implements a proof-of-concept sampling based heap profiler inspired by
tcmalloc's heap profiler [1] and Go's mprof/memprofile [2].
The basic idea is the sample allocations using a randomized Poisson process. At
any point in time we can cheaply request the set of live sample objects that
should be a representative sample of heap. Samples include stack-traces from the
allocation sites, making this an effective tool for memory leak debugging.
Unlike AllocationTracking, this is intended to be cheap and usable online in
production.
The proof-of-concept is only sampling new-space allocations at this point.
Support for sampling paged space and native allocations is anticipated in the
future.
[1] http://goog-perftools.sourceforge.net/doc/heap_profiler.html
[2] http://blog.golang.org/profiling-go-programs
Review URL: https://codereview.chromium.org/1555553002
Cr-Commit-Position: refs/heads/master@{#33448}
This implements a first version of exception handler table construction
within the interpreter. Note that the local control flow for try-catch
and try-finally statements is still off, and also stack unwinding does
not yet respect interpreter frames. But generated handler tables should
be populated correctly already.
R=oth@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1607433005
Cr-Commit-Position: refs/heads/master@{#33400}
This splits out the SourcePosition class into a separate header file.
Reason for this refactoring is that said class is mostly used by the
Crankshaft compiler and not needed for all compilers. Also having the
assembler depend on the class creates a dependency cycle.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1581083009
Cr-Commit-Position: refs/heads/master@{#33325}
This is the first of several commits to contribute Linux on z Systems
(s390/s390x) port of V8. We will be breaking up the changes into several
(hopefully) logical commits.
This commit contains the changes to V8 Makefile and build toolchains to
introduce S390 macros and compiler options. Just for awareness for reviewers
is that s390 is 31-bit (not 32!) big-endian platform on Linux on z. (MSB of address
is used to distinguish between 24-bit vs 31-bit addressing!) s390x is
64-bit Linux on z. Names follow the general linux convention on the platform.
A quick roadmap on upcoming commits:
- Add \#include of S390 header files in common files
- S390 related tests + tooling changes
- printf macro for printing size_t values.
- S390 platform-specific code generation code (bulk of changes!)
R=danno@chromium.org,svenpanne@chromium.org,michael_dawson@ca.ibm.com,jyan@ca.ibm.com,mtbrandyberry@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1585813002
Cr-Commit-Position: refs/heads/master@{#33304}
Split RegisterAllocationScope out of ExpressionResult and allocate one
for each statement. This ensures that we always have an outer register
allocation scope for statement code (used in CountOperation and
RegisterExecutionResult). Also refactored the register allocator code to
move it to it's own file and rename from TemporaryRegisterScope to
BytecodeRegisterAllocator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1587033002
Cr-Commit-Position: refs/heads/master@{#33296}
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.
R=yangguo@chromium.org
BUG=chromium:576574
LOG=n
Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
Cr-Commit-Position: refs/heads/master@{#33228}
Review URL: https://codereview.chromium.org/1579613002
Cr-Commit-Position: refs/heads/master@{#33231}
Reason for revert:
[Sheriff] Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/5711
Original issue's description:
> [builtins] Refactor the remaining Date builtins.
>
> This migrates the remaining Date builtins to C++ and removes obsolete
> intrinsics and JavaScript wrappers. This reduces the overhead imposed
> by the Date builtins, and will allow us to optimize them later in the
> TurboFan compiler, while the interpreter doesn't need to worry about
> them.
>
> R=yangguo@chromium.org
> BUG=chromium:576574
> LOG=n
>
> Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
> Cr-Commit-Position: refs/heads/master@{#33228}
TBR=yangguo@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:576574
Review URL: https://codereview.chromium.org/1574223002
Cr-Commit-Position: refs/heads/master@{#33230}
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.
R=yangguo@chromium.org
BUG=chromium:576574
LOG=n
Review URL: https://codereview.chromium.org/1579613002
Cr-Commit-Position: refs/heads/master@{#33228}
This increases the size of addressable constant pool entries for jumps
to match other bytecodes using operands indexing the constant pool.
This change also introduces reservations for constant pool entries.
Reservations are used for forward jumps to ensure a constant pool entry
will be available when the jump target (label) is bound and the jump is
patched up in the bytecode array.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1546683002
Cr-Commit-Position: refs/heads/master@{#33125}
This patch adds the basis for subclassing TypedArrays, Arrays and
ArrayBuffers through the @@species hook, added in ES2015. This is
the first patch in a series. This patch simply defines the
@@species Symbol and installs it on the appropriate constructors.
The behavior is guarded behind the --harmony-species flag.
R=cbruni
BUG=v8:4093
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1558543002
Cr-Commit-Position: refs/heads/master@{#33095}
When the 'y' flag was shipped, the property RegExp.prototype.unicode was
accidentally also shipped. However, the existence of this property should
be a usable feature testing point. This patch adds the 'unicode' getter on
RegExp.prototype only if the --harmony-regexp-unicode flag is turned on.
R=cbruni
CC=yangguo
BUG=v8:4644
LOG=Y
Review URL: https://codereview.chromium.org/1550713002
Cr-Commit-Position: refs/heads/master@{#33049}
This is based on the Skia Implementation.
More on the project can be found here:
https://docs.google.com/a/chromium.org/document/d/1_4LAnInOB8tM_DLjptWiszRwa4qwiSsDzMkO4tU-Qes/edit#heading=h.p97rw6yt8o2j
The V8 Tracing platform will replace the isolate->event_logger().
But since the current embedders (namely chromium) currently use the isolate->event_logger, I made the default implementation (event-tracer) call into isolate->event_logger if an event_logger was set.
Once the embedders properly implement the interface (for example in chromium it would look like this: https://codereview.chromium.org/707273005/), the default implementation will be doing nothing.
Once the embedders side is fixed, we will change how V8 uses the tracing framework beyond the call from Logger:CallEventLogger. (which would also include a d8 implementation)
BUG=v8:4560
LOG=N
Review URL: https://codereview.chromium.org/988893003
Cr-Commit-Position: refs/heads/master@{#32959}
This change adds support for local control flow when building graphs
from bytecode. The change ensures loop emitted from the bytecode
generator are in natural order so the only back branches are for loops.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1502243002
Cr-Commit-Position: refs/heads/master@{#32911}
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
The patch is being relanded after being reverted due to an
unrelated bug. This version is slightly different as promise_chain
is installed on the context regardless of the flag value, so that
the Promise::Chain API continues to work until it is deprecated.
BUG=v8:3237
R=rossberg
LOG=Y
Review URL: https://codereview.chromium.org/1513873002
Cr-Commit-Position: refs/heads/master@{#32772}
Reason for revert:
Meeh. Now "V8 Linux - gcmole" bot has issues; apparently due to a somewhat exotic builder configuration.
Original issue's description:
> Re-land FastAccessorBuilder.
>
> ... using the RawMachineAssembler and the work in crrev.com/1407313004.
>
> The original change collided with crrev.com/1513543003.
>
> BUG=chromium:508898
> LOG=Y
>
> Committed: https://crrev.com/515d9ccd8e6df7bf2ca01e2a55aaad30226399e1
> Cr-Commit-Position: refs/heads/master@{#32742}
>
> patch from issue 1474543004 at patchset 260001 (http://crrev.com/1474543004#ps260001)
>
> Committed: https://crrev.com/ee5c38d7db907ff86dd4049721c0cb4bc90a6c4d
> Cr-Commit-Position: refs/heads/master@{#32753}
TBR=epertoso@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:508898
Review URL: https://codereview.chromium.org/1517683002
Cr-Commit-Position: refs/heads/master@{#32754}
... using the RawMachineAssembler and the work in cl/1407313004
BUG=chromium:508898
LOG=Y
Review URL: https://codereview.chromium.org/1474543004
Cr-Commit-Position: refs/heads/master@{#32742}
* Add a sibling interface to InterpreterAssembler called
CodeStubAssembler which provides a wrapper around the
RawMachineAssembler and is intented to make it easy to build
efficient cross-platform code stubs. Much of the implementation
of CodeStubAssembler is shamelessly stolen from the
InterpreterAssembler, and the idea is to eventually merge the
two interfaces somehow, probably moving the
InterpreterAssembler interface over to use the
CodeStubAssembler. Short-term, however, the two interfaces
shall remain decoupled to increase our velocity developing the
two systems in parallel.
* Implement the StringLength stub in TurboFan with the new
CodeStubAssembler. Replace and remove the old Hydrogen-stub
version.
* Remove a whole slew of machinery to support JavaScript-style
code stub generation, since it ultimately proved unwieldy,
brittle and baroque. This cleanup includes removing the shared
code stub context, several example stubs and a tangle of build
file changes.
BUG=v8:4587
LOG=n
Review URL: https://codereview.chromium.org/1475953002
Cr-Commit-Position: refs/heads/master@{#32508}
This is the first part of escape analysis for turbofan.
At the moment, there is no deopt support, and support
for loops is partial (only binary Phis are handled).
The CL includes 4 unittests.
There are also 8 new mjsunit tests, some of which are
skiped as they require features not yet implemented.
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1457683003
Cr-Commit-Position: refs/heads/master@{#32498}
This is the initial support for binary operation hints on javascript
binary operators, i.e. JSAdd, JSSubtract and so on. The hints are
extracted from the fullcodegen code object before graph building and the
AstGraphBuilder puts those hints on the operators if available.
R=jarin@chromium.org
BUG=v8:4583
LOG=n
Review URL: https://codereview.chromium.org/1487973002
Cr-Commit-Position: refs/heads/master@{#32443}
Moves all files related to AST and scopes into ast/,
and all files related to scanner & parser to parsing/.
Also eliminates a couple of spurious dependencies.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1481613002
Cr-Commit-Position: refs/heads/master@{#32351}
Reason for revert:
Unsound use of types in the MachineOperatorReducer. Will work on a sound solution with Fedor.
Original issue's description:
> [compiler] merge binary-operator-reducer
>
> Merge BinaryOperatorReducer into the MachineOperatorReducer class.
> It does not need `Revisit()` calls, because the newly inserted nodes are
> visited anyway, and there are no other methods that need AdvancedReducer
> there.
>
> BUG=
> R=titzer@chromium.org
>
> Committed: https://crrev.com/993ba9d2529a6401b3040b9263f8d06db7dbb4f1
> Cr-Commit-Position: refs/heads/master@{#32298}
TBR=titzer@chromium.org,fedor@indutny.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1476763006
Cr-Commit-Position: refs/heads/master@{#32310}
Merge BinaryOperatorReducer into the MachineOperatorReducer class.
It does not need `Revisit()` calls, because the newly inserted nodes are
visited anyway, and there are no other methods that need AdvancedReducer
there.
BUG=
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1473073004
Cr-Commit-Position: refs/heads/master@{#32298}
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
BUG=v8:3237
R=rossberg
LOG=Y
Review URL: https://codereview.chromium.org/1469543003
Cr-Commit-Position: refs/heads/master@{#32194}
1) Body descriptors moved to their own header files.
2) Missing body descriptors added.
3) Template versions of HeapObject::Iterate*() methods added.
4) Body descriptors support new kind of queries: IsValidSlot(offset) which can be used for invalid slots filtering.
This is a first step towards virtual and static visitors unification and support in-object properties in built-in (sub-)classes.
Review URL: https://codereview.chromium.org/1440243002
Cr-Commit-Position: refs/heads/master@{#31980}
The JSCallReducer runs together with inlining and tries to strength
reduce JSCallFunction nodes; currently it can fold
Function.prototype.call and Function.prototype.apply (with arguments),
and make it possible to inline across them.
In the case of Function.prototype.apply with arguments we still have to
leave the JSCreateArguments node in the graph because there might be
other (frame state) uses. Once escape analysis is ready, it will take
care of removing these nodes and adding appropriate transitions for the
deoptimizer.
R=jarin@chromium.org
BUG=v8:4551
LOG=n
Review URL: https://codereview.chromium.org/1445513002
Cr-Commit-Position: refs/heads/master@{#31979}
Changing this value is not guaranteed to work yet, but it needs to be
an arg in order to experiment with it.
Review URL: https://codereview.chromium.org/1427343003
Cr-Commit-Position: refs/heads/master@{#31932}
The new GN rule will enable removal of code which copies natives_blob.bin and
snapshot_blob.bin in Android GN code (for instance "copy_content_shell_assets").
BUG=547162
LOG=Y
Review URL: https://codereview.chromium.org/1412333005
Cr-Commit-Position: refs/heads/master@{#31835}
The "harmony"-prefixed files have been included in the snapshot for
several releases now, and were only separate originally to enable
loading them via a runtime flag. This patch simply merges them into
the main implementation files for Arrays and TypedArrays, respectively.
Review URL: https://codereview.chromium.org/1416243007
Cr-Commit-Position: refs/heads/master@{#31767}
The JSNativeContextSpecialization class is getting rather huge with all
the stuff related to property and element access going in. Splitting off
the global object related stuff into JSGlobalObjectSpecialization seems
like a natural separation, especially since the global object
specialization is sort of separate issue anyway. This is neutral
functionality- and performance-wise.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1417043006
Cr-Commit-Position: refs/heads/master@{#31748}
This adds some initial support for keyed element access to fast,
non-holey JSArray objects.
Also renames PropertyAccessInfoFactory to AccessInfoFactory and
PropertyAccessMode to AccessMode.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1418213010
Cr-Commit-Position: refs/heads/master@{#31717}
Also changed the way that transitioning stores are represented in
a PropertyAccessInfo: There's no dedicated kind, but DataFields
have an optional transition map.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1416973014
Cr-Commit-Position: refs/heads/master@{#31692}
Rename ZoneTypeCache to TypeCache and use a single shared (immutable)
instance consistently to cache the most commonly used types. Also serves
as a chokepoint for defining those types, so we don't repeat the
definition (and possible bugs) in various places.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1409763004
Cr-Commit-Position: refs/heads/master@{#31631}
Both the JSTypeFeedbackSpecializer and the JSTypeFeedbackLowering is
dead code by now, since the more general JSNativeContextSpecialization
deals with the property/global load/store type feedback in a way that
also interacts properly with inlining.
BUG=v8:4470
LOG=n
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1407913003 .
Cr-Commit-Position: refs/heads/master@{#31462}
When eagerly parsing arrow functions, expressions in default
parameter initializers are parsed in the enclosing scope,
rather than in the function's scope (since that scope does not
yet exist). This leads to VariableProxies being added to the
wrong scope, and scope chains for FunctionLiterals being incorrect.
This patch addresses these problems by adding a subclass of
AstExpressionVisitor that moves VariableProxies to the proper
scope and fixes up scope chains of FunctionLiterals.
This is a revert of the revert https://crrev.com/e41614a058426fb6102e4ab2dd4f98997f00c0fc
with a much-improved (though not yet perfect) Scope::ResetOuterScope
method which properly fixes not only the outer_scope_ pointer but also
fixes the inner_scope_ list in the relevant outer_scopes.
More work likely still needs to be done to make this work completely,
but it's very close to correct.
BUG=v8:4395
LOG=y
Review URL: https://codereview.chromium.org/1414283002
Cr-Commit-Position: refs/heads/master@{#31435}
Reason for revert:
Breaks nosnap: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug%20-%202/builds/2407/steps/Check/logs/regress-4395
Original issue's description:
> [es6] Fix scoping for default parameters in arrow functions
>
> When eagerly parsing arrow functions, expressions in default
> parameter initializers are parsed in the enclosing scope,
> rather than in the function's scope (since that scope does not
> yet exist). This leads to VariableProxies being added to the
> wrong scope, and scope chains for FunctionLiterals being incorrect.
>
> This patch addresses these problems by adding a subclass of
> AstExpressionVisitor that moves VariableProxies to the proper
> scope and fixes up scope chains of FunctionLiterals.
>
> More work likely still needs to be done to make this work completely,
> but it's very close to correct.
>
> BUG=v8:4395
> LOG=y
>
> Committed: https://crrev.com/cf72aad39e51de9b7074ea039377c1812f4a2c6b
> Cr-Commit-Position: refs/heads/master@{#31402}
TBR=rossberg@chromium.org,caitpotter88@gmail.com,adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4395
Review URL: https://codereview.chromium.org/1417463004
Cr-Commit-Position: refs/heads/master@{#31404}
When eagerly parsing arrow functions, expressions in default
parameter initializers are parsed in the enclosing scope,
rather than in the function's scope (since that scope does not
yet exist). This leads to VariableProxies being added to the
wrong scope, and scope chains for FunctionLiterals being incorrect.
This patch addresses these problems by adding a subclass of
AstExpressionVisitor that moves VariableProxies to the proper
scope and fixes up scope chains of FunctionLiterals.
More work likely still needs to be done to make this work completely,
but it's very close to correct.
BUG=v8:4395
LOG=y
Review URL: https://codereview.chromium.org/1405313002
Cr-Commit-Position: refs/heads/master@{#31402}
Removes a branch that checks for a condition that has been checked on dominators of the branch.
This introduces a new reducer that propagates the list of checked conditions (and their boolean values) through the control flow graph. If it encounters a branch checking a condition with a known value, the branch is eliminated.
The analysis relies on loops being reducible: if a condition has been checked on all paths to loop entry, then it is checked in the loop (regardless what of the conditions checked inside the loop).
The implementation is fairly naive and could be improved:
- all the operation on the condition lists could be made allocation-free when revisited.
- we could try to use a map structure rather than a linked list (to make
lookups faster).
- the merging of control flow could be changed to take into account
conditions from non-dominating paths (as long as all paths check
the condition).
Review URL: https://codereview.chromium.org/1376293005
Cr-Commit-Position: refs/heads/master@{#31347}
This moves JavaScript source files that are bundled with V8 into a
separate directory. The goal is to improve code readability and also
being able to formalize ideal reviewers by subsequently adding the
OWNERS file. These files almost exclusively contain implementations
of methods fully specified by ES6.
Note that files in the "debug" directory as well as the "d8.js" file
aren't affected by this change.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1398733002
Cr-Commit-Position: refs/heads/master@{#31230}
This separates the core machinery and the heuristics involved with
inlining functions calls. So far the heuristic only respects our
%SetForceInlineFlag hint, but it will the place where general inlining
heuristics can live without impeding clarity of the core machinery.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1391903002
Cr-Commit-Position: refs/heads/master@{#31150}
Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context. Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.
Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations. Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
Cr-Commit-Position: refs/heads/master@{#31139}
Review URL: https://codereview.chromium.org/1387393002
Cr-Commit-Position: refs/heads/master@{#31148}
Reason for revert:
Breaks GC stress: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/1984/steps/Bisect%20c5528ac1.Retry/logs/regress-crbug-450960
Original issue's description:
> [turbofan] Add initial support for global specialization.
>
> Introduce a new JSGlobalSpecialization advanced reducer that runs
> during the initial inlining and context specialization, and specializes
> the graph to the globals of the native context. Currently we assume
> that we do not inline cross native context, but long-term we will grab
> the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
> new global load/store ICs that are currently in the workings), and then
> this whole specialization will be fully compositional even across
> cross-context inlining.
>
> Note that we cannot really handle most of the stores to global object
> property cells because TurboFan doesn't have a mechanism to enforce
> certain representations. Also note that we cannot yet fully benefit
> from the type feedback collected on the global object property cells,
> because the type system cannot deal with maps in a reasonable way.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
> R=jarin@chromium.org
> BUG=v8:4470
> LOG=n
>
> Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
> Cr-Commit-Position: refs/heads/master@{#31139}
TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4470
Review URL: https://codereview.chromium.org/1390073004
Cr-Commit-Position: refs/heads/master@{#31144}
Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context. Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.
Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations. Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1387393002
Cr-Commit-Position: refs/heads/master@{#31139}
This removes the lookup-inl.h header file, which actually would break
compilation if included more than once in the codebase. It only holds
methods used solely in the lookup.cc compilation unit.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1375843004
Cr-Commit-Position: refs/heads/master@{#31104}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}
Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
Cr-Commit-Position: refs/heads/master@{#31075}
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#31087}
Reason for revert:
Failures on MIPS
Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
> so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
> different platforms is now shared.
> * The list of allocatable registers on each platform is declared
> as a list rather than implicitly via the register index <->
> code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
>
> Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
> Cr-Commit-Position: refs/heads/master@{#31075}
TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1380863004
Cr-Commit-Position: refs/heads/master@{#31083}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#31075}
Adds support for short operands, starting with kIdx16. Introduces
BytecodeTraits to enable compile time determination of various traits for a
bytecode, such as size, operands, etc. Reworks BytecodeIterator,
BytecodeArrayBuilder and Bytecodes::Decode to support 16 bit operands. Adds
support to Interpreter to load 16 bit operands.
Also fixes a bug with ToBoolean where it wouldn't get emitted at the start
of a block, and added a test.
BytecodeTraits template magic inspired by oth@chromium.org.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1370893002
Cr-Commit-Position: refs/heads/master@{#31058}
Improve bytecode generation for if when there's no else clause.
Display target addresses for jump instructions in
Bytecode::Disassemble().
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1373903005
Cr-Commit-Position: refs/heads/master@{#31052}
The comparison operators and ToBoolean are implemented by calling into
the runtime. There are new runtime methods are prefixed with Interpreter
to make use case clear.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1369123002
Cr-Commit-Position: refs/heads/master@{#30983}
Reason for revert:
Failures on greedy RegAlloc, Fuzzer
Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
> so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
> different platforms is now shared.
> * The list of allocatable registers on each platform is declared
> as a list rather than implicitly via the register index <->
> code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1365073002
Cr-Commit-Position: refs/heads/master@{#30914}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#30913}
We need to build parts of v8 with a toolchain that might be different
from both the default (target) toolchain and the regular host toolchain,
because we need the snapshot to have the same bit-width as the target.
V8's build defines a 'snapshot_toolchain' setting for this.
It turns out that we need the value of this toolchain to be exposed
to the Chromium build because some of the test targets (in browser_tests)
depend on d8 and need to be able to built using the same toolchain.
R=brett@chromium.org, jochen@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1350223004
Cr-Commit-Position: refs/heads/master@{#30854}
It's been enabled since M45, which is now well into its stable period,
with no problems reported.
Review URL: https://codereview.chromium.org/1356793002
Cr-Commit-Position: refs/heads/master@{#30835}
The previous code took advantage of the fact that a group's deps are implicitly public, but I'm trying to fix that. This also cleans up some duplicated code between component and non-component builds.
Review URL: https://codereview.chromium.org/1356723002
Cr-Commit-Position: refs/heads/master@{#30820}
The conditionals were added to facilitate a two-sided build GN config update
where the default optimization config was renamed. This is complete so the
transitional code can be removed.
Review URL: https://codereview.chromium.org/1338163003
Cr-Commit-Position: refs/heads/master@{#30733}
This moves scavenging functionality into a separate component so that
neither the scavenger nor objects-visiting need to be exposed outside
the heap.
R=hpayer@chromium.org,mlippautz@chromium.org
Review URL: https://codereview.chromium.org/1323993004
Cr-Commit-Position: refs/heads/master@{#30712}
The GN default optimization flag is changing from being specific to the
debug/release status of the build to always being "default_optimization" so
it's easier to override without being conditional on the exact setup in
BUILDCONFIG.gn. See https://codereview.chromium.org/1324623005/
Since V8 is DEPS-ed in, it will need to support both modes to allow a landing.
This patch uses a temporary transitional flag I added to BUILDCONFIG to
indicate which variant should be used. After the patch is landed, we can remove
the new conditions and just remove default_optimization.
Review URL: https://codereview.chromium.org/1333963002
Cr-Commit-Position: refs/heads/master@{#30703}
Replace the ADD, SUB, etc. builtins with proper runtime implementations,
and expose them as runtime calls that can be used by the code stubs and
the interpreter (for now).
Also remove all the support runtime functions for ADD, SUB and friends,
namely %NumberAdd, %NumberSub, and so on.
R=mstarzinger@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
Review URL: https://codereview.chromium.org/1333843002
Cr-Commit-Position: refs/heads/master@{#30680}
This moves incremental marking steps from gc-idle-time-handler and heap to the new incremental marking task.
BUG=chromium:490559
LOG=NO
Review URL: https://codereview.chromium.org/1265423002
Cr-Commit-Position: refs/heads/master@{#30641}
- Modify js2c to accept --js and --nojs,
- modify mksnapshot to accept --startup_src
(instead of a positional parameter, so that it can be omitted),
- modify v8.gyp to use the above so that no target has multiple
output dependencies, and
- update GN to use the switches above.
(I have not succeeded in fixing the GYP->make translator to properly map
multi-output rules, so that they work as expected in all edge cases.
This CL signals defeat on that front, and instead I rewrite the GYP
file to avoid that situation in the first place.)
R=jochen@chromium.org
BUG=v8:4382
LOG=N
Review URL: https://codereview.chromium.org/1310273009
Cr-Commit-Position: refs/heads/master@{#30640}
The is_*san flags are moving from the master build config file into this
.gni file. This patch will allow V8 to continue compiling when that change
is landed.
Review URL: https://codereview.chromium.org/1330713003
Cr-Commit-Position: refs/heads/master@{#30623}
{AtomicValue}: A simple integer value that can be atomically
read/set/incremented.
{AtomicEnumSet}: Similar to EnumSet this set basically represents an atomic
bitfield based on enums. Atomic operations guarantee that setting one bit does
not race with setting other bits.
{AtomicEnumFlag}: A flag that is based on an enum that can be read and
(attempted to be) changed atomically.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1310993004
Cr-Commit-Position: refs/heads/master@{#30560}
Note that this is only pulling out the bookkeeping side of things, the
marking visitor that actually records the statistics should also move
into the ObjectStats class. That will be done as a follow-up.
R=mlippautz@chromium.org
Review URL: https://codereview.chromium.org/1326793002
Cr-Commit-Position: refs/heads/master@{#30547}
The arm64 build is missing a few recently-added files.
Compiling with msan requires that v8 be compiled in arm64 mode. Hook this up.
Review URL: https://codereview.chromium.org/1316233005
Cr-Commit-Position: refs/heads/master@{#30528}
Walk asm.js module ASTs, attach concrete type information
in preparation for generating a WASM module.
cctest test coverage (mjsunit coming in later CL).
Expressions, function tables, and foreign functions have coverage.
Statement coverage to be expanded in a later CL.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=rossberg@chromium.org,titzer@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1322773002
Cr-Commit-Position: refs/heads/master@{#30520}
This CL us a pure refactoring that makes an empty compilation unit
including just "isolate.h" or "contexts.h" but not "objects-inl.h"
compile without warnings or errors. This is needed to further reduce
the header dependency tangle.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1322883002
Cr-Commit-Position: refs/heads/master@{#30500}
This data structure uses the public heap API only and is not specific
to any heap internals. It should be usable throughout V8 and inclusion
of the header file should not be restricted.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1320503004
Cr-Commit-Position: refs/heads/master@{#30443}
This change encompasses what is necessary to enable stack checks in loops without suffering large regressions.
Primarily, it consists of a new mechanism for dealing with deferred blocks by "splintering", rather than splitting, inside deferred blocks.
My initial change was splitting along deferred block boundaries, but the regression introduced by stackchecks wasn't resolved conclusively. After investigation, it appears that just splitting ranges along cold block boundaries leads to a greater opportunity for moves on the hot path, hence the suboptimal outcome.
The alternative "splinters" ranges rather than splitting them. While splitting creates 2 ranges and links them (parent-child), in contrast, splintering creates a new independent range with no parent-child relation to the original. The original range appears as if it has a liveness hole in the place of the splintered one. All thus obtained ranges are then register allocated with no change to the register allocator.
The splinters (cold blocks) do not conflict with the hot path ranges, by construction. The hot path ones have less pressure to split, because we remove a source of conflicts. After allocation, we merge the splinters back to their original ranges and continue the pipeline. We leverage the previous changes made for deferred blocks (determining where to spill, for example).
Review URL: https://codereview.chromium.org/1305393003
Cr-Commit-Position: refs/heads/master@{#30357}
Adding an AstExpressionVisitor to touch each expression node in
an AST.
Adding TypingReseter to clear the slate after a failed asm.js
validation that has set partial typing information.
Adding a ExpressionTypeCollector to walk the expressions
in an AST and emit them as a string for testing.
Adding tests of the above.
LOG=N
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-typing-reset,test-ast-expression-visitor
R=rossberg@chromium.org,titzer@chromium.org
Review URL: https://codereview.chromium.org/1288773007
Cr-Commit-Position: refs/heads/master@{#30336}
This make inclusion of unicode-inl.h in object.h absolete. Now most
compilation units don't require that header. It also breaks a cycle
within declarations of the scanner.h header.
This tries to remove includes of "-inl.h" headers from normal ".h"
headers, thereby reducing the chance of any cyclic dependencies and
decreasing the average size of our compilation units.
Note that this change still leaves 3 violations of that rule in the
code, checked with the "tools/check-inline-includes.sh" tool.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1287893006
Cr-Commit-Position: refs/heads/master@{#30268}
Embedders would use these for features which must be able to be turned
off at runtime, despite being compiled into V8. They can be turned on
and off by the embedder using the --experimental_extras flag, e.g. via
v8::SetFlagsFromString.
R=yangguo@chromium.org, mlippautz@chromium.org, hpayer@chromium.org
BUG=chromium:507137
LOG=Y
Review URL: https://codereview.chromium.org/1284413002
Cr-Commit-Position: refs/heads/master@{#30260}
