If possible, take the constant map from the (known) native context for
JSCreateIterResultObject, so that subsequent map checks can be
eliminated in case of iterator inlining.
R=jarin@chromium.org
BUG=v8:3822
Review-Url: https://codereview.chromium.org/2394783002
Cr-Commit-Position: refs/heads/master@{#39974}
Reason for revert:
Patch problem
Original issue's description:
> [wasm] Call a runtime function for a MemorySize instruction.
>
> The implementation of MemorySize with RelocatableInt32Constants is
> problematic if MemorySize is placed close to a GrowMemory instruction in
> the code. The use of a runtime function guarantees that the order in
> which MemorySize and GrowMemory is executed is correct.
>
> R=titzer@chromium.org
> BUG=chromium:651961
> TEST=mjsunit/regress/wasm/regression-651961
>
> Committed: https://crrev.com/2c12a9a42d454a36fcd2931fa458d72832eeb689
> Cr-Commit-Position: refs/heads/master@{#39972}
TBR=titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:651961
Review-Url: https://codereview.chromium.org/2391223002
Cr-Commit-Position: refs/heads/master@{#39973}
The implementation of MemorySize with RelocatableInt32Constants is
problematic if MemorySize is placed close to a GrowMemory instruction in
the code. The use of a runtime function guarantees that the order in
which MemorySize and GrowMemory is executed is correct.
R=titzer@chromium.org
BUG=chromium:651961
TEST=mjsunit/regress/wasm/regression-651961
Review-Url: https://codereview.chromium.org/2386183004
Cr-Commit-Position: refs/heads/master@{#39972}
This introduces a new OsrGuard node that is inserted during graph building
to guard the inferred type of the OSR value.
The type of the OSR value is inferred by running the typer before OSR
deconstruction, and then taking the type from the phi that takes the
OSR value. After the deconstruction, we throw the types away.
At the moment we only support the SignedSmall OSR type and we always
pick the tagged representation. Later, we might want to support more
types (such as Number) and pick better representations (int32/float64).
This CL also removes the OSR deconstruction tests because they build
unrealistic graph (no effect chain, no loop termination). I considered
adding the effect chains to the tests, but this would make the tests
even more brittle.
Review-Url: https://codereview.chromium.org/2384113002
Cr-Commit-Position: refs/heads/master@{#39971}
Original issue's description:
> Turn libbase into a component
>
> This is a precondition for turning libplatform into a component
>
> BUG=v8:5412
> R=jgruber@chromium.org,machenbach@chromium.org
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_
dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
>
> Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104
> Cr-Commit-Position: refs/heads/master@{#39950}
BUG=v8:5412
TBR=jgruber@chromium.org,machenbach@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe;master.tryserver.chromium.mac:mac_chromium_compile_dbg_ng
Review-Url: https://codereview.chromium.org/2395553002
Cr-Commit-Position: refs/heads/master@{#39969}
Memory infra in tracing currently uses Isolate::GetHeapStatistics to fetch
object statistics from V8 at certain frequency, which is not accurate and will
have redundant result. This path adds a trace event as well as a trace category
at where we collect object statistics after marking before sweeping, and dumps
all information to the trace event.
In order to use this functionality, we need to enable two flags:
--track-gc-object-stats and --noincremental-marking.
BUG=v8:5453
Review-Url: https://codereview.chromium.org/2379823004
Cr-Commit-Position: refs/heads/master@{#39966}
Debug-time tracing for module instances, to aid diagnosing
potential bugs.
BUG=
Review-Url: https://codereview.chromium.org/2390393002
Cr-Commit-Position: refs/heads/master@{#39965}
This fixes a gc stress bug. We cannot rely on an ordering of
clearing of the weak cells, so we explicitly reset the weak
link to the owning instance, when finalizing a compiled
module. In turn, this serves as a reliable signal when GCs
happen while instantiating, allowing us to correctly link the
new instance.
BUG=chromium:652425
Review-Url: https://codereview.chromium.org/2393443003
Cr-Commit-Position: refs/heads/master@{#39964}
Previously, b6e9f625c1 fixed self-assignment
in parameters to throw. But it failed to deal with the case of
destructuring with defaults. This patch extends that previous approach
to always treat the end of a parameter as its initializer position,
whether it has an initializer or not.
This is the minimal change to make it easy to merge; a follow-up
will rename the field of Parameter from "initializer_end_position"
to "end_position".
BUG=v8:5454
Review-Url: https://codereview.chromium.org/2390943002
Cr-Commit-Position: refs/heads/master@{#39962}
Reason for revert:
Main suspect for roll block:
https://codereview.chromium.org/2387403002/
Original issue's description:
> Turn libbase into a component
>
> This is a precondition for turning libplatform into a component
>
> BUG=v8:5412
> R=jgruber@chromium.org,machenbach@chromium.org
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
>
> Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104
> Cr-Commit-Position: refs/heads/master@{#39950}
TBR=jgruber@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5412
Review-Url: https://codereview.chromium.org/2393603002
Cr-Commit-Position: refs/heads/master@{#39960}
The correctness fuzzer executes the input array in two different
execution engines and compares the results. If the results don't match,
the correctness fuzzer crashes.
Since the crash signature is always the same if the results don't match,
cluster fuzz would group all inputs which lead to non-matching results.
To avoid the grouping a base64 hash has to be appended to the crash
signature. This CL changes the text which is appended to the crash
signature to a base64 hash.
Note that I do not create a base64 hash directly because the base64
class is not available in V8. Instead I create a string which looks
like a base64 hash.
R=mmoroz@chromium.org, aarya@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2390233002
Cr-Commit-Position: refs/heads/master@{#39953}
The old hydrogen stub (and runtime fallback) are still needed while they are
used in regexp.js. These will go away once affected code has been ported.
Drive-by-fix: Fixed typo in GetFixedA{a,}rrayAllocationSize.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2384473002
Cr-Commit-Position: refs/heads/master@{#39952}
This is a precondition for turning libplatform into a component
BUG=v8:5412
R=jgruber@chromium.org,machenbach@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
Review-Url: https://codereview.chromium.org/2381273002
Cr-Commit-Position: refs/heads/master@{#39950}
In some (rare) cases, the context depth passed to a dynamic variable lookup can
be zero. In these cases, the fast path for the lookup (i.e. load from context or
global) can always be taken, as there is no need to search the current context.
However, with no slow path checks, the bytecode graph builder had a null
environment for the slow path, causing segfaults when this graph was built.
This patch adds a null check for the slow path environment, and skips building
the slow path if the environment is null.
BUG=chromium:652186
Review-Url: https://codereview.chromium.org/2385123002
Cr-Commit-Position: refs/heads/master@{#39949}
Clear also frees the memory, which isn't useful in the case of a zonelist. If we later want to use the list (e.g., because of aborting), that will cause additional allocations.
BUG=
Review-Url: https://codereview.chromium.org/2391953002
Cr-Commit-Position: refs/heads/master@{#39948}
If an inner function only declares a variable but doesn't use it, Parser
and PreParser produced different unresolved variables, and that confused
the pessimistic context allocation.
BUG=chromium:650969
Review-Url: https://codereview.chromium.org/2388183003
Cr-Commit-Position: refs/heads/master@{#39947}
- Changes tests to canonicalize FP slot/register moves, to simplify
testing any implementations that may fragment FP register moves.
- Adds code to generate correct ParallelMoves (e.g. no slot sources
of different reps overlapping.)
- Refactors test functions, so we can add manually generated tests
to current fuzzed tests.
- Adds SIMD operands, since these can be tested here now.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2365983002
Cr-Commit-Position: refs/heads/master@{#39943}
Added a test that Runtime.getProperties doesn't truncate Set and Map properties in [[Entries]] in internalProperties.
BUG=chromium:650729
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2376863002
Cr-Commit-Position: refs/heads/master@{#39940}
Recent changes to the wasm format prevent you from knowing
the function index of a direct call until you know how many
imports you have (the index spaces have been merged).
Asm.js validation can't know this until all callsites have been
visited if you want to avoid materializing the entire AST / parsing twice.
Instead, keep a list of fixups to perform for all direct callsites,
then update these with the imports count added when emitting the module.
BUG=v8:4203
R=aseemgarg@chromium.org,titzer@chromium.org
Review-Url: https://codereview.chromium.org/2384623003
Cr-Commit-Position: refs/heads/master@{#39937}
- Coalesced all anonymous namespaces into one, and moved it to the
top of the file, to match elsewhere in the v8 codebase.
- Deleted dead code.
- Moved functions that turned out to be local to wasm-module.cc to
the anonymous namespace.
BUG=
Review-Url: https://codereview.chromium.org/2384183002
Cr-Commit-Position: refs/heads/master@{#39936}
Currently the parameter is first parsed as a reference, and then translated into a parameter. The reference stays around though, and gets resolved to the parameter. That automatically creates a use. Now that I drop all unresolved references when we abort preparsing, that also drops the unresolved reference.
Instead, mark the variable as used when its marked as forced context allocation. That's what happens in almost all other cases.
This raises the question: does it really make sense to parse parameters this ways? It seems pretty generic, but neither fast nor memory-efficient ... Did I misunderstand something?
Just land if you think the CL looks good as is.
BUG=chromium:651613
Review-Url: https://codereview.chromium.org/2386623002
Cr-Commit-Position: refs/heads/master@{#39935}
Re-enable marking functions for optimized compilation on the next call
when using OSR. We would previously do this for all functions. However,
it only benefits functions marked for concurrent recompilation. These
would potentially run unoptimized again and be OSRed again.
In addition any function that already was optimized concurrently had
it's optimized code removed and would have been recompiled. Functions to
be baselined would skip that and possibly deopt.
BUG=chromium:651042
Review-Url: https://codereview.chromium.org/2391533002
Cr-Commit-Position: refs/heads/master@{#39934}
Hashmaps with a simple key equality method (comparing pointers) don't
need to waste cycles (and branches) comparing hash values, as the key
comparison is cheap.
This patch modifies the hashmap's MatchFun to take the hashes as well as
the keys, thus allowing the MatchFun to ignore the hashes. This allows
slightly cleaner generated code, especially when the MatchFun is
inlined.
BUG=
Review-Url: https://codereview.chromium.org/2381303002
Cr-Commit-Position: refs/heads/master@{#39932}
Calculate memory size from the available heap. This avoids
the bugs due to some numbers being stored as objects (by-ref)
and thus needing special handling when cloning.
This leaves all the rest of the numbers as read-only.
Further simplified by representing globals size as a Smi.
BUG=
Committed: https://crrev.com/7ced1bdc9df2315ccc07dd17c12736aebf40cb57
Review-Url: https://codereview.chromium.org/2381393002
Cr-Original-Commit-Position: refs/heads/master@{#39923}
Cr-Commit-Position: refs/heads/master@{#39925}
