A sloppy function in a block scope implicitily creates a var in the outer
declaration scope if it's not blocked. The assignment created reads the local
lexical declaration for the function. The reference introduced automatically
takes part in NeedsHoleCheck, requiring the reference to have a valid position.
Since the assignment will happen after the local declaration, we give the
end_position() of the closure as the position of the reference, so hole checks
can be omitted.
Bug: chromium:917755
Change-Id: Iee0e042b2463f97f05075f9eec09dac8c6eaf539
Reviewed-on: https://chromium-review.googlesource.com/c/1408991
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58823}
With this CL we support importing mutable anyref globals. The CL
contains the following changes:
* We store a reference to the buffer of the imported global in
`WasmInstance::imported_mutable_globals_buffer`. This FixedArray is
already used to keep the ArrayBuffers of value-typed imported
mutable globals alive but was not accessed otherwise.
* We store the offset in the buffer of the imported global in
`WasmInstance::imported_mutable_globals`. This `Address`-array is
used for value-typed imported mutalbe globals to store direct
pointers into the backing store of the ArrayBuffer of the imported
global.
* In wasm-compiler.cc we generate code to load these fields and then
load or store globals.
* in module-compiler.cc I removed the counter variable
`next_imported_mutable_global_index`. The variable was only used for
a DCHECK. I replaced the DCHECK with a slightly weaker DCHECK now.
* Tests.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I11f0f4d8637c98eded5fb2eec44bc8ead8ed5c7b
Reviewed-on: https://chromium-review.googlesource.com/c/1409169
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58822}
V8 testrunner is loading every test it has to run into memory greedily in order
to sort by slowness of the test case. The memory and CPU overhead for loading
the test-suites are non-trivial.
This CL restructures it by changing the sorting method.
R=machenbach@chromium.org
CC=sergiyb@chromium.org,yangguo@chromium.org
Bug: v8:8174
Change-Id: I08331182147b92cf4ac54823eea0e2b472f51e84
Reviewed-on: https://chromium-review.googlesource.com/c/1406684
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58821}
--jitless -> --no-opt
-> --no-validate-asm
-> --wasm-interpret-all -> --no-asm-wasm-lazy-compilation
-> --no-wasm-lazy-compilation
Note that wasm still isn't supported in jitless mode since it generates
code at runtime even with --wasm-interpret-all.
Drive-by: Fail early when trying to compile irregexp code in jitless
mode.
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Bug: v8:7777
Change-Id: I7f0421f71efeaaeb030ed9ec268d12a659667acf
Reviewed-on: https://chromium-review.googlesource.com/c/1406677
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58820}
EnumSet currently lives in src/utils.h, which is a conglomerate of many
different helper functions and classes. In order to remove unneeded
include, move the EnumSet to its own header.
R=titzer@chromium.org
Bug: v8:7490, v8:8562
Change-Id: I979814167e87b914e9807b03e342d8b34e514331
Reviewed-on: https://chromium-review.googlesource.com/c/1409430
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58818}
The table.drop bytecode "drops" the backing storage for an element
initializer. In the V8 implementation, this is a nop, other than
updating a per-instance boolean array so that two drops of the same
segment or a drop of an active segment will trap.
This is implemented with inline code in TurboFan in order to be symmetric
to memory.drop, but could as easily be a runtime call to be supported in
Liftoff.
R=mstarzinger@chromium.org
CC=binji@chromium.org
BUG=v8:7747
Change-Id: Ic017398eaa764dd3a9ff19523453ff7142c9abf6
Reviewed-on: https://chromium-review.googlesource.com/c/1408996
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58817}
This allows to reset the layout to the the inital layout of the graph,
which only contains the control nodes.
Change-Id: I7ab9fb1615057df99983369cd0fcdd42a68e1924
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1409436
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58814}
This enables per-phase toolbox items, which makes the toolbar easier
to understand and use.
Change-Id: I1b44d28595c118f0ba55dd64eea54415b51b93aa
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1409435
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58813}
As a follow-up of https://crrev.com/c/1372857 that repordered
the parameters of JSEntry, this CL updates JSEntry for S390 for new
ordering.
Bug: v8:8124
Change-Id: I7cd3b03b4000b40b157527174946af6d79f67065
Reviewed-on: https://chromium-review.googlesource.com/c/1405962
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58809}
It is slightly faster than Page::FromAddress(o->address()) (saves
one instruction), and more concise than Page::FromAddress(o->ptr()).
Same for MemoryChunk::FromHeapObject().
Bug: v8:8562
Change-Id: I9dc2b787aed5cad2d4087850dfa2e8eb157ad225
Reviewed-on: https://chromium-review.googlesource.com/c/1405031
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58806}
The raw wasm printer was not printing the last entry of the
locals declarations. Now it does.
Bug: v8:8562
Change-Id: Ib51c674b747f95079c544131f18462d203f0933f
Reviewed-on: https://chromium-review.googlesource.com/c/1409364
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58805}
Fuchsia VMOs will be non-executable by default in the future (SEC-42),
so we'll need to use zx_vmo_replace_as_executable to make it possible
to map them into memory as executable. And in the mean time, this call
is a no-op.
SEC-42
TBR: mlippautz
Change-Id: I4521559b163519ded4afa6b55e99f983e38b1de5
Reviewed-on: https://chromium-review.googlesource.com/c/1281824
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Wez <wez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58804}
This way we're not down to a single OWNER while hpayer is unavailable.
Change-Id: Ic6a2b86a684b159d6349b39bf2ba0719672a5aaf
Reviewed-on: https://chromium-review.googlesource.com/c/1407238
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58803}
This reverts commit 138bcfc396.
Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20TSAN/24434
Original change's description:
> [cpu-profiler] Add more logging to find flaky failure
>
> There is a flaky 5x failure in the tree which I can't reproduce locally.
> This extra logging will help flush out what the problem is.
>
> Bug: v8:8649
>
> Change-Id: If36d2ce0f4feb398d7d746d69b417bb55a714422
> Reviewed-on: https://chromium-review.googlesource.com/c/1402787
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58796}
TBR=cbruni@chromium.org,petermarshall@chromium.org
Change-Id: Iea4a950ddbbbbc753cffc605f0c0da049cdad03d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8649
Reviewed-on: https://chromium-review.googlesource.com/c/1409433
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58800}
The URL must not have a leading slash, and the file needs to be included
in the deployment script.
TBR=neis@chromium.org
Change-Id: Idd3fc25c052cb720d4956f630a8ddca7e5d36a1a
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1409432
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58799}
This refactoring CL moves all instantiation logic in its own file,
separating it from the module compiler.
R=ahaas@chromium.org
Change-Id: I5a721c7357022dd7bf32f776b2ab0153f7dd68fc
Reviewed-on: https://chromium-review.googlesource.com/c/1409429
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58797}
There is a flaky 5x failure in the tree which I can't reproduce locally.
This extra logging will help flush out what the problem is.
Bug: v8:8649
Change-Id: If36d2ce0f4feb398d7d746d69b417bb55a714422
Reviewed-on: https://chromium-review.googlesource.com/c/1402787
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58796}
This removes the iteration protocol from the parser entirely, and opens
up future possibilities for more bytecodes implementing the various
functions of the protocol.
Change-Id: I316b8a92434d3b5f47927408a235ddaecd65d5bb
Reviewed-on: https://chromium-review.googlesource.com/c/1403125
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58795}
The background compile tasks should not access the NativeModule during
the main compile phase.
This CL moves on of the accessed fields into the {CompilationEnv}. It
is initialized from the existing field on the {NativeModule}.
R=titzer@chromium.org
Bug: v8:8689
Change-Id: I9738e2fb4681a035cbacf3c9e00b9e5cc9419416
Reviewed-on: https://chromium-review.googlesource.com/c/1409423
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58793}
When we run TurboFan compilation for WebAssembly on worker threads with
default priority, we see in bug reports (https://crbug.com/914757) and
in experiments that TurboFan compilation can block other, higher
priority tasks. Therefore we want to post TurboFan compilation tasks
with lower priority.
A quick prototype showed that if we run all WebAssembly compilation with
low priority, the problem described in https://crbug.com/914757 is
fixed.
R=adamk@chromium.orgCC=rmcilroy@chromium.org
Bug: chromium:920181
Change-Id: I85e2c0c6a96ff9ef165a23ef8eb531944b20f2b0
Reviewed-on: https://chromium-review.googlesource.com/c/1402790
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58792}
The --perf-prof flag generates unwanted .dump files, while the
--perf-prof-unwinding-info flag enables the functionality under test here.
R=jgruber@chromium.org
BUG=chromium:913844
Change-Id: Ie5ee374977d6105854f42065600dac1bc5ba6df7
Reviewed-on: https://chromium-review.googlesource.com/c/1409363
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58791}
This is a first step towards support for opening more than one
turbolizer json file at once.
Change-Id: Id51ce47c59492ba63de03eceb0163fa1701ea500
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1407057
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58790}
..as mentioned in the info tab.
Change-Id: I9ddbe1ad7eb3242ad7839650aecc7305a902fb0d
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1407056
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58789}
..instead of wrongly keeping the location from the previous view if
the selection became empty after attaching it.
Change-Id: I606010ad86034c2ec06e00c82143a22ca2d88274
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1407055
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58788}
This reverts commit 68a8bdd829.
Reason for revert: memory regression: crbug.com/921239
Original change's description:
> [heap] Remove bailout marking worklist.
>
> The concurrent marker can now process all objects.
> This patch also eagerly visits the objects that undergo layout
> changes. This is because previously such objects were pushed
> onto the bailout worklist, which is gone now.
> To preserve the incremental step accounting, the patch introduces
> a new GC tracer scope called MC_INCREMENTAL_LAYOUT_CHANGE.
>
> Bug: v8:8486
> Change-Id: Ic1c2f0d4e2ac0602fc945f3258af9624247bd65f
> Reviewed-on: https://chromium-review.googlesource.com/c/1386486
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58712}
TBR=ulan@chromium.org,mlippautz@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:8486, chromium:921239
Change-Id: I1f851b948f4ce403316e469999f0b16e8dfdb62d
Reviewed-on: https://chromium-review.googlesource.com/c/1408990
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58787}
This CL adds two new runtime calls for table operations:
- Runtime_WasmTableInit
- Runtime_WasmTableCopy
These runtime calls (will) implement the semantics for the corresponding
bytecodes from the bulk memory proposal. The actual implementation
of these runtime calls will be done in further CLs.
The third table operation, table.drop, will be implemented with inline
code, similar to memory.drop. This is also be done in a further CL.
R=mstarzinger@chromium.org
CC=binji@chromium.org
BUG=v8:7747
Change-Id: I498aa054329baf9f72ae55d245b12c3ccd4157b7
Reviewed-on: https://chromium-review.googlesource.com/c/1408994
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58786}
This is a reland of e2d44ede95
Original change's description:
> [parser] Inline byte scope data into PreparseData object
>
> Each PreparseData object had at least one pointer to a PodArray for its
> serialized scope data. These objects usually have only tens of bytes of
> payload. By inlining the byte data we save 3 words per PreparseData object.
> This optimization saves 140KB of data on cnn.com.
>
>
> - Store data_length and inner_length as int32 saving a words on 64bit
> - Inline store byte data into PreparseData
> - OnHeapConsumedPreparseData directly uses the PreparseData object
> - get_inner, set_inner no longer allow Null sentinels
>
> Change-Id: I1f62154d05ea2f98a6574efa738b32a8a84319d5
> Reviewed-on: https://chromium-review.googlesource.com/c/1406673
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58751}
Change-Id: I1f0a22c641d0d67f435b01c82daf8da7f144bff4
Reviewed-on: https://chromium-review.googlesource.com/c/1407066
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58785}
..and display them in the extended node title (on hover).
Notry: true
Bug: v8:7327
Change-Id: Ic9cd6207269686edb42ecf1bee8f7ef7b6caa035
Reviewed-on: https://chromium-review.googlesource.com/c/1407054
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58783}
Restrict the special handling of constant keys in ReduceKeyedAccess
to unique names. This eliminates two hurdles for concurrent optimization,
namely the need for ToName conversion and for string internalization.
Bug: v8:7790
Change-Id: Ifa2ff6ab1d5f3da1d27cca4dae3567733564801c
Reviewed-on: https://chromium-review.googlesource.com/c/1409168
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58779}
This reverts commit f5729f1cda.
Reason for revert: GC Stress failures, e.g. https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/23549
Original change's description:
> [GC] Ensure JSFunctions with flushed bytecode are flushed during GC.
>
> When bytecode is flushed from a SFI, the JSFunctions still retain their
> FeedbackVector's and point to the interpreter entry trampoline. They are
> reset if re-executed, however if not they could hold onto the feedback
> vector indefinetly. This CL adds a pass the GC to detect JSFunctions that
> need to be reset, and performs the reset at the end of GC.
>
> BUG=v8:8395
>
> Change-Id: I3de8655aff9ff80f912b4fd51dee43eb98cfd519
> Reviewed-on: https://chromium-review.googlesource.com/c/1393292
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58775}
TBR=ulan@chromium.org,rmcilroy@chromium.org
Change-Id: I1ba0a190e54bb84b9e2c52ae73d19eb5afc02a4b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8395
Reviewed-on: https://chromium-review.googlesource.com/c/1408993
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58778}
Instead, pass it as a parameter to the compilation.
This makes compilation units slimmer with the end goal of them being
just the function index and execution tier.
It also makes ownership handling of the NativeModule easier.
R=titzer@chromium.org
Bug: v8:8343, v8:7921
Change-Id: I0522c894569c71d8b7245f5ed5612ab2a249e1ad
Reviewed-on: https://chromium-review.googlesource.com/c/1406668
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58776}
When bytecode is flushed from a SFI, the JSFunctions still retain their
FeedbackVector's and point to the interpreter entry trampoline. They are
reset if re-executed, however if not they could hold onto the feedback
vector indefinetly. This CL adds a pass the GC to detect JSFunctions that
need to be reset, and performs the reset at the end of GC.
BUG=v8:8395
Change-Id: I3de8655aff9ff80f912b4fd51dee43eb98cfd519
Reviewed-on: https://chromium-review.googlesource.com/c/1393292
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58775}
