The following aspects were changed for the reland:
* The DeferredHandleScope is supposed with a specific pattern,
i.e. allocate handles in a normal HandleScope and then
reopen them in the DeferredHandleScope.
* Set the native_context when it is used in a task.
Change-Id: Ia42c46ec6bc73179cb1f458e36658414ff85cc23
Reviewed-on: https://chromium-review.googlesource.com/468809
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44434}
This CL introduces SloppyArgumentsElements to encapsulate all the constants
for SLOW_ and FAST_SLOPPY_ARGUMENTS_KINDS. This will serve as a better
documentation and reduces the use of undocumented constants.
Change-Id: I7a5b4e79f02573161d8a83aaf6f69fc490883aa5
Reviewed-on: https://chromium-review.googlesource.com/467666
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44433}
Was disabled in the case we use allocation folding, i.e., always...
Sheriffs: This might flush out missed write barriers. In that case: Lets revert
and investigate.
BUG=
Review-Url: https://codereview.chromium.org/2798843004
Cr-Commit-Position: refs/heads/master@{#44432}
Moves the ToName elision out of the peephole optimizer and into the
BytecodeGenerator.
BUG=v8:6194
Change-Id: Ic355adbe21f967dc5d52babdd37100a260c62c26
Reviewed-on: https://chromium-review.googlesource.com/467466
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44427}
Perhaps it would be better to always start the timer, but that
would require some refactoring of tests.
Review-Url: https://codereview.chromium.org/2786493006
Cr-Commit-Position: refs/heads/master@{#44425}
We have a weird performance cliff, where using an object literal for
allocation is way slower than using a constructor function, or starting
from the empty object literal and using transitioning stores. The reason
is that we limit the inlining of JSCreateLiteralObject nodes in TurboFan
to max. 8 fast properties. So as soon as you get above 8, you'll get a
runtime function call to %CreateObjectLiteral, which is a lot slower
than the inlined allocation and initialization. Still not ideal, but
less unpredictable (hopefully).
R=jarin@chromium.org
BUG=v8:6211
Review-Url: https://codereview.chromium.org/2805613002
Cr-Commit-Position: refs/heads/master@{#44424}
Reason for revert:
I think that this CL breaks chromium compilation on windows with clang (). All other CLs in the list looks trivial and don't change test/unittest/BUILD.gn.
[42456/47924] CXX obj/v8/test/unittests/unittests/value-serializer-unittest.obj
[42457/47924] LINK unittests.exe unittests.exe.pdb
FAILED: unittests.exe unittests.exe.pdb
E:/b/depot_tools/python276_bin/python.exe ../../build/toolchain/win/tool_wrapper.py link-wrapper environment.x64 False link.exe /nologo /OUT:./unittests.exe /PDB:./unittests.exe.pdb @./unittests.exe.rsp
bitmap-unittest.obj : error LNK2019: unresolved external symbol "public: void __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::Add(class v8::internal::AllocationObserver * const &,class v8::internal::FreeStoreAllocationPolicy)" (?Add@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAAXAEBQEAVAllocationObserver@23@VFreeStoreAllocationPolicy@23@@Z) referenced in function "public: virtual void __cdecl v8::internal::Space::AddAllocationObserver(class v8::internal::AllocationObserver *)" (?AddAllocationObserver@Space@internal@v8@@UEAAXPEAVAllocationObserver@23@@Z)
slot-set-unittest.obj : error LNK2001: unresolved external symbol "public: void __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::Add(class v8::internal::AllocationObserver * const &,class v8::internal::FreeStoreAllocationPolicy)" (?Add@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAAXAEBQEAVAllocationObserver@23@VFreeStoreAllocationPolicy@23@@Z)
bitmap-unittest.obj : error LNK2019: unresolved external symbol "public: bool __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::RemoveElement(class v8::internal::AllocationObserver * const &)" (?RemoveElement@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAA_NAEBQEAVAllocationObserver@23@@Z) referenced in function "public: virtual void __cdecl v8::internal::Space::RemoveAllocationObserver(class v8::internal::AllocationObserver *)" (?RemoveAllocationObserver@Space@internal@v8@@UEAAXPEAVAllocationObserver@23@@Z)
slot-set-unittest.obj : error LNK2001: unresolved external symbol "public: bool __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::RemoveElement(class v8::internal::AllocationObserver * const &)" (?RemoveElement@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAA_NAEBQEAVAllocationObserver@23@@Z)
./unittests.exe : fatal error LNK1120: 2 unresolved externals
Original issue's description:
> [snapshot] Move builtins generation into mksnapshot
>
> and out of the main library. This saves about 5% of binary size
> (800KB on x64, 373KB on android_arm).
>
> Only the GN build is supported; the GYP build is maintained working
> but does not support the feature.
>
> BUG=v8:6055
> CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_nosnap_rel;
>
> Review-Url: https://codereview.chromium.org/2760233005
> Cr-Commit-Position: refs/heads/master@{#44412}
> Committed: 4782bc0df8TBR=jgruber@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2803903002
Cr-Commit-Position: refs/heads/master@{#44422}
What will we get:
- console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
- it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
- console calls are ~ 15% faster.
BUG=v8:6175
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2785293002
Cr-Original-Original-Commit-Position: refs/heads/master@{#44353}
Committed: 55905f85d6
Review-Url: https://codereview.chromium.org/2785293002
Cr-Original-Commit-Position: refs/heads/master@{#44355}
Committed: cc74ea0bc4
Review-Url: https://codereview.chromium.org/2785293002
Cr-Commit-Position: refs/heads/master@{#44416}
Move the ToBoolean elision in the BytecodeGenerator instead of the
peephole optimizer. Adds a TypeHint mechanism to the ExpressionResult
to enable passing of type hints through the ast visitor.
BUG=v8:6194
Change-Id: Ic55506ba11b213f7459250004d3f18cab04ee9b3
Reviewed-on: https://chromium-review.googlesource.com/467208
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44415}
This fixes a corner case which allowed warnings during the asm.js
instantiation to be promoted to actual exceptions. Even instantiation
attempts that fail are not allowed to throw exceptions observable by
JavaScript, but need to fall back to JavaScript execution.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-6203
BUG=v8:6203
Change-Id: I86f5a3adda4bcfe63b5cddc42d8ae1c3dbb88147
Reviewed-on: https://chromium-review.googlesource.com/468808
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44414}
and out of the main library. This saves about 5% of binary size
(800KB on x64, 373KB on android_arm).
Only the GN build is supported; the GYP build is maintained working
but does not support the feature.
BUG=v8:6055
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_nosnap_rel;
Review-Url: https://codereview.chromium.org/2760233005
Cr-Commit-Position: refs/heads/master@{#44412}
There's no need to set it so early - it's only needed when the function has
really been parsed. This way we don't need to produce and store it for skipped
inner functions.
BUG=v8:5516
Change-Id: Ibf59a8acb886ea3de9be140431a334a03b408f5b
Reviewed-on: https://chromium-review.googlesource.com/461827
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44410}
This extends the test coverage for source position tracking of ToNumber
conversion to also test conversion to "double" type. It also fixes the
discovered inconsistencies. Note that the conversion to "float" remains
untested as imported functions are not allowed have "float" return type.
R=clemensh@chromium.org
TEST=mjsunit/wasm/asm-wasm-exception-in-tonumber
BUG=v8:6127
Change-Id: I6c59b7a24456a585a814f19a86eb9447ac5098ab
Reviewed-on: https://chromium-review.googlesource.com/467251
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44409}
In the C++ wasm interpreter, we decode LEB encoded immediates each time
we execute the respective instruction. The whole instruction sequence
was validated before, thus we know that all integers are valid.
This CL refactors several Decoder methods to allow for either checked
or unchecked decoding. In the checked case, an error is set if a check
fails, in the unchecked case, a DCHECK will fail.
This improves performance of the interpreter by 20.5%.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: If69efd4f6fbe19d84bfc2f4aa000f429a8e22bf5
Reviewed-on: https://chromium-review.googlesource.com/468786
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44406}
Both methods decoded a LEB128 encoded integer, but only consume_leb
incremented the pc pointer accordingly.
This CL implements consume_leb by using checked_read_leb.
It also refactors a few things:
1) It removes error_pt, which was only avaible in checked_read_leb.
2) It renames the error method to errorf, since it receives a format
string. This also avoids a name clash.
3) It implements sign extension directly in checked_read_leb instead of
doing this in the caller.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: I8058f57418493861e5df26d4949041f6766d5138
Reviewed-on: https://chromium-review.googlesource.com/467150
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44405}
IdentifierStart::Is and IdentifierContinue::Is both return true for '\'.
The reason for this is lost to history.
Special-case '\' in the regexp parser to handle this.
BUG=v8:5437,v8:5868
Review-Url: https://codereview.chromium.org/2795093003
Cr-Commit-Position: refs/heads/master@{#44396}
Better demarcation between what's mutable because it is code-
specialization specific, and what is provided at initialization.
BUG=
Review-Url: https://codereview.chromium.org/2784233004
Cr-Commit-Position: refs/heads/master@{#44395}
Remove destructuring assignments (parsed during arrow function formal
parameters) from queue for rewriting if parsing a lazy top-level arrow function.
Built ontop of https://chromium-review.googlesource.com/c/464769/
BUG=chromium:706234, chromium:706761, v8:6182
R=marja@chromium.org, adamk@chromium.org, vogelheim@chromium.org
Change-Id: Ib35196b907350d1d78e4c3fcbf4cc971bf200948
Reviewed-on: https://chromium-review.googlesource.com/465415
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44393}
This enables clients like IndexedDB to know when the data format version has
decreased (i.e. the user has switched to an earlier version) and deal with the
resulting incompatibility up front.
BUG=chromium:704293
Review-Url: https://codereview.chromium.org/2772723005
Cr-Commit-Position: refs/heads/master@{#44391}
After discussion with Chrome reviewers for UMA, it was decided that we
would report array buffer allocation sizes in megabytes (not the log).
They also wanted to wait until there is proof that small array buffer
allocations would flood the histogram. Hence, all allocation sizes are
sampled.
There were several ways we could have added the notion of megabyte
samples to V8 code. None of them are a great fit. This code simply
provides a local function within the code that needs it.
Other possible solutions but rejected were:
a) Use a subclass of histogram to collect data at the megabyte level.
It has it's own Add() method that converts the size from bytes to
megabytes, and then call the generic add method AddSample(). This
solution appears to follow the conventions of subclasses of class
Histogram.
b) Use Chrome macros - Rejected because it involves changing the
counter representation of V8.
c) Add a method AddMegabyteSample() to base class Histogram. Rejected
because it may get confusing if a lot of different measures are
added the the base class of histograms.
d) Make method AddSample() virtual and override in the derived
class. Rejected in that sampling is supposed to be fast, and adding
a virtual call may be breaking that contract.
d) Do not add a derived class. Rather just do the conversions at the
call sites. Rejected because this duplicates code, and also makes
it hard to change assumptions on how to calculate.
For Chromes UMA changes see:
CL: https://codereview.chromium.org/2795463002
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
Review-Url: https://codereview.chromium.org/2795763002
Cr-Commit-Position: refs/heads/master@{#44388}
This reflects both the contract in blink, as well as what we
plan to do in streamed compilation, where we'll want to lay out
bytes received such that each section and each function body is
contiguous, but they may all be separate - which entails a copy.
BUG=chromium:697028
Review-Url: https://codereview.chromium.org/2797653002
Cr-Commit-Position: refs/heads/master@{#44387}
The past re-factoring inadvertently increased memory consumption for
AstConsString. This implements a micro-optimization to revert and slightly
improve beyond the original state.
Example, Zone size for parsing closure.js:
- 20,999,848 B (before refactoring)
- 21,651,056 B (after refactoring patch; 3.1% regression)
- 20,641,320 B (after this CL; 1.7% improvement over original)
(Reason: ZoneLinkedList requires 4 pointers to support
the std::list functionality (Zone*, head/tail ptr, payload ptr).
But since we only append and iterate in order and have the Zone*
available in the context, a super simple linked list (value + next ptr)
saves a bit of memory, especially for the common case of having 0 or 1
string segments.)
BUG=v8:6902, chromium:706935
Review-Url: https://codereview.chromium.org/2792353002
Cr-Commit-Position: refs/heads/master@{#44385}
When emitting a frame, we always push the old frame pointer at offset 0 relative
to the new frame pointer. However, we didn't emit DWARF opcodes to inform perf
of this.
BUG=
Review-Url: https://codereview.chromium.org/2795253002
Cr-Commit-Position: refs/heads/master@{#44384}
The unwinding information we emit wrongly encodes code locations as relative
offsets. If we look at the .eh_frame section of shared object generated by "perf
inject" using "objdump -g":
~~~
00000000 0000000000000018 00000000 CIE
(snip)
0000001c 0000000000000028 00000020 FDE cie=00000000 pc=fffffffffffffee8..00000000000017f8
(snip)
00000048 ZERO terminator
~~~
We can see the range that the FDE entry covers is incorrect, it should point to
where the .text section is, at address 0x40 on a 64-bit architecture.
The reason for this was that the PerfJitLogger logs a code size that is
different from the one we've used when encoding the unwinding information. The
logger will ignore the safepoint table while the unwinding info assumes it is
part of the code.
BUG=
Review-Url: https://codereview.chromium.org/2790403002
Cr-Commit-Position: refs/heads/master@{#44378}
This makes it easier to match VariableProxys against variables in
Scopes (allocation-based prints such as local[0] or context[0] are not
unique).
R=vogelheim@chromium.org
Bug:
Change-Id: I8f86504f5e1657633286561e032805a8f6cff06e
Reviewed-on: https://chromium-review.googlesource.com/467486
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44376}
Support arbitrary arguments in %ArrayBufferNeuter without aborting for
future exposure in ClusterFuzz.
Change-Id: I3053a2139af215c9d417356bdeeda58d594d16aa
Reviewed-on: https://chromium-review.googlesource.com/465830
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44374}
Update according to new spec change at
https://github.com/tc39/ecma262/pull/856
- Call ToNumber only once in BUILTIN
- Remove unused FillNumberSlowPath
- FillImpl assumes obj_value->IsNumber() is true
- Update test
Bug:v8:5929,chromium:702902
Change-Id: Ic83e6754d043582955b81c76e68f95e1c6b7e901
Reviewed-on: https://chromium-review.googlesource.com/465646
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44373}
Getting elements, querying length or copying elements
are now const functions.
Drive-by fix: Noticed a few more getters that should be const.
Add a comment to ArrayList functions that are static functions.
BUG=
Change-Id: I5de1aed97510dea4e47cb974b3259da51ae663af
Reviewed-on: https://chromium-review.googlesource.com/467249
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44372}
Make sure that we call the destructors on all embedded object by
replacing the WasmInterpreterInternals::Delete method by an actual
destructor. This way, the compiler automatically calls destructors on
all embedded objects, in particular the IdentityMap in the CodeMap.
This change also requires to release managed objects *before*
tearing down the heap, because the wasm interpreter, referenced via
Managed<>, contains global handles. When those are destroyed, the
isolate still needs to be intact.
Drive-by: Fix include guard in managed.h.
R=ahaas@chromium.org, ulan@chromium.org, mvstanton@chromium.org
BUG=v8:5822
Change-Id: I9a067f037e013c84e4d697a1e913b27c683bb529
Reviewed-on: https://chromium-review.googlesource.com/466187
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44368}
This makes temporary variables nestable and fixes borked nesting with
function table calls by introducing a {TemporaryVariableScope} helper.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-6196
BUG=v8:6196
Change-Id: Ie760f27ce9ede3d4d5dacdebdc295c56cc666970
Reviewed-on: https://chromium-review.googlesource.com/467327
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44367}
Fix ff8b1abb1a
This fixes the problem with the alignment of typed arrays in turbofan. Namely,
Float64 typed arrays weren't properly aligned on 32bit architectures,
and this causes crashes on those architectures that do not support misaligned
memory access.
TEST=mjsunit/es6/typedarray-*
BUG=v8:6075
Review-Url: https://codereview.chromium.org/2784253002
Cr-Commit-Position: refs/heads/master@{#44366}
ArrayList is a FixedArray where kFirstIndex is > 0. The
Elements() methods returns a copy of the elements starting at
kFirstIndex, i.e., without the length that is stored in the first
slot.
Drive-by fix: Rename some variables.
BUG=
Change-Id: Ia1de73c4780a179301007f2ab9080fd08e8ea99d
Reviewed-on: https://chromium-review.googlesource.com/466186
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44365}
Return a structured objet with the type profile
information.
Move the test from message to mjsunit.
BUG=v8:5933
Change-Id: I3e1c592697924d87f82d46b0ddbdb6d82d9c8467
Reviewed-on: https://chromium-review.googlesource.com/464847
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44364}
For sloppy arguments in functions with declared formal parameters, the
apply with arguments optimization in TurboFan wouldn't kick in
currently, because so far there was no guard to see if using the
arguments from the stack or the frame state is safe. One easy to check
guard here is to just check that there's no observable side-effect
between the actual arguments creation and the call to apply.
BUG=v8:5267,v8:6200
R=danno@chromium.org
Review-Url: https://codereview.chromium.org/2789113004
Cr-Commit-Position: refs/heads/master@{#44363}
This fixes the name stored with functions where the declaration was
hoisted above the actual function definition. It also extends test
coverage and emits proper source position mapping for such cases.
R=clemensh@chromium.org
TEST=mjsunit/wasm/asm-wasm-stack
BUG=v8:6127
Change-Id: I675a98b244fe2157925e799b5c46b7f6bd53c9da
Reviewed-on: https://chromium-review.googlesource.com/466247
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44361}
Reason for revert:
http://crbug.com/v8/6198
Original issue's description:
> [inspector] move console to builtins
>
> What will we get:
> - console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
> - it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
> - console calls are ~ 15% faster.
>
> BUG=v8:6175
> R=dgozman@chromium.org
>
> Review-Url: https://codereview.chromium.org/2785293002
> Cr-Original-Commit-Position: refs/heads/master@{#44353}
> Committed: 55905f85d6
> Review-Url: https://codereview.chromium.org/2785293002
> Cr-Commit-Position: refs/heads/master@{#44355}
> Committed: cc74ea0bc4TBR=dgozman@chromium.org,kozyatinskiy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6175
Review-Url: https://codereview.chromium.org/2790343002
Cr-Commit-Position: refs/heads/master@{#44358}
What will we get:
- console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
- it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
- console calls are ~ 15% faster.
BUG=v8:6175
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2785293002
Cr-Original-Commit-Position: refs/heads/master@{#44353}
Committed: 55905f85d6
Review-Url: https://codereview.chromium.org/2785293002
Cr-Commit-Position: refs/heads/master@{#44355}
Reason for revert:
console.toString() should return "[object Object]"
Original issue's description:
> [inspector] move console to builtins
>
> What will we get:
> - console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
> - it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
> - console calls are ~ 15% faster.
>
> BUG=v8:6175
> R=dgozman@chromium.org
>
> Review-Url: https://codereview.chromium.org/2785293002
> Cr-Commit-Position: refs/heads/master@{#44353}
> Committed: 55905f85d6TBR=dgozman@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6175
Review-Url: https://codereview.chromium.org/2795003003
Cr-Commit-Position: refs/heads/master@{#44354}
What will we get:
- console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
- it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
- console calls are ~ 15% faster.
BUG=v8:6175
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2785293002
Cr-Commit-Position: refs/heads/master@{#44353}
Add newline at the start of the function body.
BUG=v8:6190, v8:4958
R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com
Change-Id: I10db088ac9807a503382fd5080ad955e418d8b45
Reviewed-on: https://chromium-review.googlesource.com/466566
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Cr-Commit-Position: refs/heads/master@{#44352}
Seems to have been missed in this cleanup: crrev.com/2741683004.
Also updates a comment referring to internal fields.
Change-Id: I44b5fd49f5fb4b67b5288a6af959e4e963544368
Reviewed-on: https://chromium-review.googlesource.com/466147
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44349}
This adds test coverage for the source position tracking of function
table calls in asm.js and fixes the discovered issues. It also fixes
function start positions (used by errors thrown at stack checks).
R=clemensh@chromium.org
TEST=mjsunit/wasm/asm-wasm-stack
BUG=v8:6127,v8:6166
Change-Id: Id6ab6dc72bcedb0d838eed315e2a05fbc59039f4
Reviewed-on: https://chromium-review.googlesource.com/465949
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44348}
Since byteOffset is configurable, we need to access byteOffset by
%_ArrayBufferViewGetByteOffset, instead of accessing .byteOffset
property.
BUG=v8:6120
Review-Url: https://codereview.chromium.org/2761673003
Cr-Commit-Position: refs/heads/master@{#44347}
When calling imported functions, we were always using the global object
as receiver. This is incorrect for strict functions, which should have
undefined as receiver.
This CL fixes this also for the interpreter, making us pass
test/mjsunit/wasm/receiver.js with --wasm-interpret-all.
R=ahaas@chromium.org
BUG=v8:5822
TEST=test/mjsunit/wasm/receiver
Change-Id: Ib7d637083245f67b668c11540e3c3473bc167129
Reviewed-on: https://chromium-review.googlesource.com/465986
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44346}
For OOB checks on memory accesses, we first subtracted the size of the
type to load/store from the memory size, and then compared against this
effective_size. If the memory size is smaller than the size of the type,
this would lead to an integer underflow, and we would try to load the
value.
This CL fixes this, and adds a test case for this.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: I26fcba0be7343c88b8459d029b0c0af095d2466a
Reviewed-on: https://chromium-review.googlesource.com/465946
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44345}
JSObject is slow: creating strings for keys and storing values by these keys after takes significant amount of time.
With this CL console methods (most of them collect top stack frame to calculate source location) are ~33% faster.
V8Debugger::captureStackTrace is ~50% faster.
BUG=v8:6189
R=yangguo@chromium.orgTBR=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2789073002
Cr-Commit-Position: refs/heads/master@{#44344}
Bool flags can be as small as one byte, so testing an IntPtr-sized value
is incorrect.
BUG=v8:6172
Review-Url: https://codereview.chromium.org/2792963002
Cr-Commit-Position: refs/heads/master@{#44343}
Translates code of the form 'if (x === undefined)' into the JumpIfUndefined
bytecode, and similarly for comparisons with null. Also adds bytecodes for
JumpIfNotUndefined / Null.
Moves the peephole optimization for CompareUndefined out of the peephole
optimizer and into the BytecodeGenerator, having the side-effect of enabling
it for comparisons with undefined on both side of the compare operation.
BUG=v8:6107
Review-Url: https://codereview.chromium.org/2793923002
Cr-Commit-Position: refs/heads/master@{#44341}
With --harmony-function-tostring enabled (now enabled by --harmony),
CompileFunctionInContext would produce incorrect results whenever called
with 1 or more argument parameters, due to specifying an incorrect end
position for the parameters.
BUG=v8:6190, v8:4958
R=littledan@chromium.org, adamk@chromium.org, jwolfe@igalia.com
Change-Id: Ied2bcba44116311ebcae3967963472b4e1058fd3
Reviewed-on: https://chromium-review.googlesource.com/465515
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44340}
The byte_length field of the TypedArray is not set to 0 on neutering,
but JSArrayBufferView::byte_length() returns 0 if WasNeutered() is
true. We should use the length property here instead.
We can just short-circuit if the length is 0. Added checks to the
memcpy path that assert length and neutered status are sane.
Bug:chromium:707472,chromium:707595,chromium:707364,chromium:707410
Change-Id: Ia1dec53f175357673012cbbc5e2fc40207e03623
Reviewed-on: https://chromium-review.googlesource.com/465987
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44336}
This adds support for tracking token positions in the asm.js scanner and
uses these positions to emit a mapping from WASM to asm.js positions.
Note that the mapping is still incomplete (some call sites are not yet
covered).
R=clemensh@chromium.org
TEST=debugger/debug/wasm/asm-debug
BUG=v8:6127
Change-Id: Ic8aad1a85e7d9e19da2eec523fcc73d4984afcc8
Reviewed-on: https://chromium-review.googlesource.com/466046
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44335}
A DCHECK was failing if we unwind an activation which is not the
bottom-most. This CL fixes this and adds a test for this.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: Ib69116b4c45a7b2a0d6cab97ad984dfdcda55918
Reviewed-on: https://chromium-review.googlesource.com/464788
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44332}
For speculative number comparisons with SignedSmall feedback, we always
enforce either TaggedSigned or Word32 comparisons. But this is not
really beneficial if one of the inputs is already in Float64
representation; in that case it's cheaper to just convert the other
input to a Float64.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2790833004
Cr-Commit-Position: refs/heads/master@{#44327}
The "perf inject" command will place the generated function into a .text
section, placed directly after the ELF header. As a result, source position
addresses need to be adjusted according to the size of the ELF header, which is
0x40 for 64 bit architectures and 0x34 on 32 bit architectures.
We would previously adjust the addresses with 0x40 regardless of the
architecture.
BUG=
Review-Url: https://codereview.chromium.org/2783203005
Cr-Commit-Position: refs/heads/master@{#44325}
Previously, named captures (and related functionality) were restricted to
unicode-mode regexps.
This CL extends that support to non-unicode patterns. Named groups are
supported regardless of the mode, and named back-references are supported if
the regexp is in unicode mode or if it contains a named capture (otherwise '\k'
is treated as an identity escape).
BUG=v8:5437,v8:6192
Review-Url: https://codereview.chromium.org/2788873002
Cr-Commit-Position: refs/heads/master@{#44324}
This was missed when Latin-1 encoding replaced UTF-8 encoding when one-byte
strings (like most keys) are serialized.
BUG=chromium:686159
Review-Url: https://codereview.chromium.org/2784423002
Cr-Commit-Position: refs/heads/master@{#44320}
Records histogram of ArrayBuffer/SharedArrayBuffer new allocations
that failed because it couldn't allocate space for the
buffer. Histogram is based on the buffer size requested.
This counter is intended to give some clue as to how often, and what sizes are being requested. Unfortunately, the how often can't be answered with the current counter. The problem is that V8 doesn't currently support this possibility yet. Hence, for now, introducing a counter that at least counts the number/size of failing requests.
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
Review-Url: https://codereview.chromium.org/2786913004
Cr-Commit-Position: refs/heads/master@{#44318}
Adds a counter for large array buffers. Used to give an indication of
how common large array buffers are allocated in V8.
For the moment, we assume a 1Mb cutoff for the notion of large array
buffers. We also use log2(length) to cleanly bucket sizes into a
histogram.
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
Review-Url: https://codereview.chromium.org/2792623002
Cr-Commit-Position: refs/heads/master@{#44317}
Currently x instanceof RegExp checks cannot take the fast path, since
the RegExp constructor has dictionary properties. To avoid that, just
forcibly migrate the RegExp constructor to fast properties again once
it's fully setup in the bootstrapper. This yields a 10x improvement for
x instanceof RegExp checks.
R=yangguo@chromium.org
BUG=v8:5902
Review-Url: https://codereview.chromium.org/2786143004
Cr-Commit-Position: refs/heads/master@{#44316}
Looking at UMA results, we are getting a fair number of modules with
more than 10,000 functions (5.2%) that are being lumped into the
maximal entry. To get more visibility into what values are being
lumped, this CL lifts the maximum to 100,000.
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2787163002
Cr-Commit-Position: refs/heads/master@{#44314}
Looking at UMA results, we are geting a number of instantiations (4%)
that are being lumped into the 1 second (plus) maximum entry. To get
more visibility into the values in this bucket, this CL lift the
maximun to 10 seconds.
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2780353004
Cr-Commit-Position: refs/heads/master@{#44313}
Looking at UMA results, we are getting a lot of compilations (over 5%)
that are being lumped into the 1 second (plus) maximum entry. To get
more visibility into this, this CL lifts the maxiumum to 10 seconds.
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2785313002
Cr-Commit-Position: refs/heads/master@{#44312}
Fixes a crash found by clusterfuzz caused by a call to
std::vector::reserve with a huge capacity, and reverts to ZoneList
handling as a tentative fix for performance regressions on the slow
@@replace path.
BUG=chromium:707187,chromium:706748,v8:5437
Review-Url: https://codereview.chromium.org/2787343002
Cr-Commit-Position: refs/heads/master@{#44311}
some arch like s390 has native instr can benefit from this.
see ~10% improvement on MathAbs on s390
Review-Url: https://codereview.chromium.org/2785773002
Cr-Commit-Position: refs/heads/master@{#44310}
Check that a register used as a local is within the bytecode array's
local count.
BUG=chromium:706234
Change-Id: I51f6a0a8be065b93b9a4e1dca623e98c51685b51
Reviewed-on: https://chromium-review.googlesource.com/464768
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44308}
This reverts commit 4506382dce.
We don't allow DEPS'ing things outside googlesource. This requires a
mirror. Also .gitignore entry is missing.
NOTRY=true
NOTREECHECKS=true
NOPRESUBMIT=true
TBR=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2785183005
Cr-Commit-Position: refs/heads/master@{#44307}
Add assembler, disassembler and simulator support for NEON in the ARM64 backend.
BUG=
Review-Url: https://codereview.chromium.org/2622643005
Cr-Commit-Position: refs/heads/master@{#44306}
This CL uses the same logic as spread calls to check whether the
iteration over an array would produce different results to simply
accessing the backing store directly. Skipping the full iteration
protocol for normal arrays gives us a ~10x speedup on the
construct-typedarray benchmark.
BUG=v8:5977,v8:5699,v8:4782,chromium:698173
Change-Id: Ib878d39691e99b739afef0dd05a6a6efc5b6b5d4
Reviewed-on: https://chromium-review.googlesource.com/463367
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44304}
Numbered back-references that occur before the referenced capture
trigger an internal mini-parser that looks ahead in the pattern and
counts capturing groups.
This updates the mini-parser to correctly handle named captures.
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2792523002
Cr-Commit-Position: refs/heads/master@{#44303}
Reason for revert:
This results in a deadlock when the scavenger decides to perform sweeping and re-grabs the same mutex.
Original issue's description:
> [heap] Take page lock when scavenging old to new references in Scavenger.
>
> BUG=v8:5807
>
> Review-Url: https://codereview.chromium.org/2781363002
> Cr-Commit-Position: refs/heads/master@{#44268}
> Committed: 4024e6a1bbTBR=ulan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5807
Review-Url: https://codereview.chromium.org/2786313003
Cr-Commit-Position: refs/heads/master@{#44302}
The last CL https://chromium-review.googlesource.com/c/456707/ caused
some pretty heavy performance regressions. After experimenting, it
seems the easiest and most straight-forward way to copy the elements
into the new typed array is to do it in JS.
Adds a fast path for typed arrays, where the source typed array has
the same elements kind, in which case we can just copy the backing
store using memcpy.
This CL also removes regression test 319120 which is from a pwn2own
vulnerability. The old code path enforced a maximum byte_length
that was too low, which this change removes. The length property of
the typed array must be a Smi, but the byte_length, which can be up
to 8x larger than length for a Float64Array, can be a heap number.
We can also re-use some of the logic from ConstructByLength when
deciding whether to allocate the buffer on- or off-heap, so that
is factored out into InitializeBasedOnLength. We can also re-use
the DoInitialize helper instead of calling into the runtime,
meaning we can remove InitializeFromArrayLike.
BUG=v8:5977,chromium:705503,chromium:705394
Change-Id: I63372652091d4bdf3a9491acef9b4e3ac793a755
Reviewed-on: https://chromium-review.googlesource.com/459621
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44301}
The original CL was reverted because regression test used i18n stuff,
which was not available in the no-i18n bot.
The regression test turned out to be flaky, because I cannot even
reproduce the crash now without the fix. I think the reason is that for
the crash to happen a stack check has to fail within the rejection of
a promise. Small changes can cause the stack check to fail somewhere
else. Investigations showed though that the crash should still be
possible. I propose therefore to land the fix now without the
regression test.
Original message:
We check that if we do not get a result, or if we get a negative result,
then there has to be a scheduled exception.
R=clemensh@chromium.org
BUG=chromium:704127
Change-Id: Iaf355249686412a636074a476687413b621aac68
Reviewed-on: https://chromium-review.googlesource.com/464846
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44300}
Add the source position to variables if they are parameters.
Collect type information for parameters and return values.
Index the types by their corresponding source position. For the
types of return values, use the function end as source position.
Sample output for a function with 2 parameters (at source
position 252 and 258, and function end at 443)
*************
Function: testFunction
252:
Object
number
string
number
258:
undefined
boolean
undefined
undefined
443:
Object
number
string
number
*************
BUG=v8:5933
Change-Id: I3b8749afcac706c1834146abf1b5b4a3fd130fb6
Reviewed-on: https://chromium-review.googlesource.com/461919
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44299}
This fixes printing of {CallRuntime} nodes that are backed by JavaScript
functions. Issues with the printing that was in place:
- Crash because it was accessing {context} instead of {native_context}
- Printout was not comparable, raw heap pointer different between runs
R=bmeurer@chromium.org
Change-Id: I941944b46550bd908ec14a324bc255d6c8f96fbe
Reviewed-on: https://chromium-review.googlesource.com/464766
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44298}
grow_memory was working from test cases, but not in combination with
compiled code. This CL makes the effect of grow_memory executed either
in the interpreter or compiled code always be reflected in both
execution environments.
It also adds a %RedirectToWasmInterpreter runtime function for testing
this interaction.
R=ahaas@chromium.orgCC=gdeepti@chromium.org
BUG=v8:5822
Change-Id: I3e7c184c42ef655d1c30d2e0dddad7fb783455fc
Reviewed-on: https://chromium-review.googlesource.com/463506
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44297}
Add a limit to the number of nested call frames in the C++ wasm
interpreter.
Both the size of the value stack as well as the size of the block stack
are limited per call frame. Thus, a limit on only the call frame stack
is enough to limit the overall memory consumption of one interpreter
instance.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: If9f7e547cd1d003bc2ae3c7586ece6b3cf3be587
Reviewed-on: https://chromium-review.googlesource.com/463486
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44296}
The dotAll flag changes behavior of the dot '.' character to match every
possible single character instead of excluding certain line terminators.
The implementation is staged behind --harmony-regexp-dotall.
Spec proposal: https://github.com/mathiasbynens/es-regexp-dotall-flag
BUG=v8:6172
Review-Url: https://codereview.chromium.org/2780173002
Cr-Commit-Position: refs/heads/master@{#44295}
This CL cleans up a few things:
- It removes two dead declarations: WasmMemoryObject::Grow and
wasm::GrowInstanceMemory.
- It removes the unneeded wasm::GetInstanceMemory function (use
instance->memory_buffer() directly).
- It moves wasm::GetInstanceMemorySize to
WasmInstanceObject::GetMemorySize.
- It moves wasm::GrowInstanceMemory to WasmInstanceObject::GrowMemory.
- It moves wasm::GrowWebAssemblyMemory to WasmMemoryObject::Grow.
R=ahaas@chromium.orgCC=gdeepti@chromium.org
Change-Id: I19781ca9784f1a8e7b60955bef82e341c4f75550
Reviewed-on: https://chromium-review.googlesource.com/463167
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44293}
Rewrite returns in derived constructors to only replace undefined with
this, and otherwise just return the value, and let the construct stub
builtin throw an exception if the result is a primitive instead of a
JSReceiver.
R=yangguo@chromium.orgTBR=marja@chromium.org
BUG=chromium:706642
Review-Url: https://codereview.chromium.org/2788033002
Cr-Commit-Position: refs/heads/master@{#44288}
This will allow V8 extra consumers to track promise state without
using a side-table. This is used by streams as of
173f9f67be.
BUG=chromium:658144
Review-Url: https://codereview.chromium.org/2784213002
Cr-Commit-Position: refs/heads/master@{#44287}
Reason for revert:
Too many simulatenously landed CLs, this one should be rebased first.
Original issue's description:
> [inspector] convert V8Console static methods into members
>
> This step is required to implement console as builtin which calls console delegate methods.
>
> BUG=v8:6168
> R=dgozman@chromium.org
>
> Review-Url: https://codereview.chromium.org/2783073002
> Cr-Commit-Position: refs/heads/master@{#44283}
> Committed: fe27dccd87TBR=dgozman@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6168
Review-Url: https://codereview.chromium.org/2793443002
Cr-Commit-Position: refs/heads/master@{#44284}
In inspector code everywhere except V8StackTraceImpl we get pointer to isolate from inspector object or v8::FunctionCallbackInfo. We can avoid usage of v8::Isolate::GetCurrent in V8StackTraceImpl too. It will simplify a little embedder code by removing requirement to have v8::Isolate::Scope before calling to V8InspectorSession::dispatchProtocolMessage.
BUG=v8:5907
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2789593002
Cr-Commit-Position: refs/heads/master@{#44282}
Currently, async generators are stringified the same way normal
Generators are. This change prefixes async generator methods with
"async *", and other async generator functions with
"async function* ".
BUG=v8:5855
R=adamk@chromium.org, littledan@chromium.org, jwolfe@igalia.com
Change-Id: Ia809fad64caac4464dbc9f7fa7728584d0f67832
Reviewed-on: https://chromium-review.googlesource.com/463526
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44278}
It makes no sense to check if unaligned accesses of bytes in memory are
allowed, since these accesses are always aligned. There was a problem
on mips that we created an UnalignedLoad(Int8), which was, however, not
implemented in the mips instruction selector.
R=clemensh@chromium.org
Change-Id: I20369e078e3c24942aa90c2bd3333d9881de0072
Reviewed-on: https://chromium-review.googlesource.com/463006
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44277}
BUG=v8:4958
Change-Id: Id02d36fce76eed54a5a3d348dbac2ea7d43f4ef3
Reviewed-on: https://chromium-review.googlesource.com/462336
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44275}
HasOrigin() can allocate. Make sure to wrap vulnerable raw pointers
in handles.
BUG=
Review-Url: https://codereview.chromium.org/2788663002
Cr-Commit-Position: refs/heads/master@{#44271}
- Add new address markers:
T: tagged pointer in the minidump
C: address into a module in the minidump
S: pointer into the exception stack in the minidump
*: other address in the minidump
- Show ASCII decoding of address in dd
- Display potential frame markers on the exception stack:
00000032212fdae8: 0000000300000000 ........ Smi(3) EXIT frame marker
- Display relative addresses, useful to detect stack frames:
00000032212fdb68: 00000032212fdb98 S ........ [+6]=00000032212fdcb0 S
00000032212fdb70: 0000010ff5ca0a84 ........
00000032212fdb78: 000001064c1fa881 ........
00000032212fdb80: 0000016a8e52fcb1 ........
00000032212fdb88: 0000010ff5ca0981 ........
00000032212fdb90: 0000000d00000000 ........ Smi(13) INTERNAL frame marker
00000032212fdb98: 00000032212fdcb0 S ........ [+35]=00000032212fdd61 S
Change-Id: I56bd7e6723a34bcb668719246dd5ff2898224928
Reviewed-on: https://chromium-review.googlesource.com/461862
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44269}
GetProperty(result, groups) needs to be called iff the
harmony-regexp-named-captures flag is enabled.
Also add a couple of DCHECKS.
BUG=v8:5437,chromium:706748
Review-Url: https://codereview.chromium.org/2786933002
Cr-Commit-Position: refs/heads/master@{#44267}
Compiler-generated copy constructor does not generate
correct code for this class, so make it move-only type.
Review-Url: https://codereview.chromium.org/2781993005
Cr-Commit-Position: refs/heads/master@{#44266}
The inlining logic doesn't account for the fact that the derived
constructor could return a primitive, thus leaking the implicit
receiver (which is the hole).
R=jarin@chromium.org
BUG=chromium:706642
Review-Url: https://codereview.chromium.org/2788603002
Cr-Commit-Position: refs/heads/master@{#44264}
The parameter indices are shifted by 1 in BytecodeArrayBuilder
because the receiver is variable at index 0 and not -1.
Split BytecodeArrayBuilder::Parameter(index) method into
Receiver() (same as Parameter(-1)) and
Parameter(index).
This way we avoid confusing (index+1) counting in BytecodeGenerator().
BUG=
Change-Id: Id87ec7c708cecfc3108011994f3177f483772bcc
Reviewed-on: https://chromium-review.googlesource.com/461904
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44262}
We need to split creating of console and installing memory getter and remove console.assert hack before migration to builtin. We can implement super fast console.assert after migration.
BUG=chromium:588893
R=dgozman@chromium.orgTBR=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2781883003
Cr-Commit-Position: refs/heads/master@{#44256}
With this CL we don't need to store reference to InspectedContext inside of JavaScript console object and able to get all required information from callback data.
It allows us to implement console methods without taking in account how and where we create and store these methods:
- later we can move console object implementation to builtins..
- ..and install command line API methods smarter.
BUG=chromium:588893
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2784713002
Cr-Original-Original-Commit-Position: refs/heads/master@{#44212}
Committed: 908cd38123
Review-Url: https://codereview.chromium.org/2784713002
Cr-Original-Commit-Position: refs/heads/master@{#44238}
Committed: 88f71126a5
Review-Url: https://codereview.chromium.org/2784713002
Cr-Commit-Position: refs/heads/master@{#44251}
The regression comes from attempting to serialize a module with memory
requirements after instantiation - which is what happens in common emscripten
scenarios, where the module is obtained from WebAssembly.instantiate(buffer). We then try and serialize the JSArrayBuffer
representing the instance memory. That operation fails.
Added regression test and also extended the test to cover the other 2
instance-specific values - globals and tables.
Added a discussion on WasmCompiledModule (comments) explaining design decisions.
BUG=chromium:705562
Review-Url: https://codereview.chromium.org/2784453002
Cr-Commit-Position: refs/heads/master@{#44250}
This removes the debug information (i.e. direct references to the parser
source file) from the message, hence making messages consistent between
release and debug mode. The debug information can now be printed via the
new --trace-asm-parser flag.
Also adds two message test cases, showcasing that expected output can
now be tested. More tests might be added to the message test suite later
whenever it makes sense.
R=clemensh@chromium.org
BUG=v8:6127
Change-Id: I348044356896442ff9be2d638a564c82fec7a51c
Reviewed-on: https://chromium-review.googlesource.com/461942
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44248}
Port bf463c4dc0
Original Commit Message:
- Introduce new struct AsyncGeneratorRequest, which holds
information pertinent to resuming execution of an
AsyncGenerator, such as the Promise associated with the async
generator request. It is intended to be used as a singly
linked list, and holds a pointer to the next item in te queue.
- Introduce JSAsyncGeneratorObject (subclass of
JSGeneratorObject), which includes several new internal fields
(`queue` which contains a singly linked list of
AsyncGeneratorRequest objects, and `await_input` which
contains the sent value from an Await expression (This is
necessary to prevent function.sent (used by yield*) from
having the sent value observably overwritten during
execution).
- Modify SuspendGenerator to accept a set of Flags, which
indicate whether the suspend is for a Yield or Await, and
whether it takes place on an async generator or ES6
generator.
- Introduce interpreter intrinsics and TF intrinsic lowering for
accessing the await input of an async generator
- Modify the JSGeneratorStore operator to understand whether or
not it's suspending for a normal yield, or an AsyncGenerator
Await. This ensures appropriate registers are stored.
- Add versions of ResumeGeneratorTrampoline which store the
input value in a different field depending on wether it's an
AsyncGenerator Await resume, or an ordinary resume. Also modifies
whether debug code will assert that the generator object is a
JSGeneratorObject or a JSAsyncGeneratorObject depending on the
resume type.
R=caitp@igalia.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:5855
LOG=N
Review-Url: https://codereview.chromium.org/2780283002
Cr-Commit-Position: refs/heads/master@{#44247}
Reason for revert:
One more failed layout test.
Original issue's description:
> [inspector] console get all information from inspector when needed
>
> With this CL we don't need to store reference to InspectedContext inside of JavaScript console object and able to get all required information from callback data.
> It allows us to implement console methods without taking in account how and where we create and store these methods:
> - later we can move console object implementation to builtins..
> - ..and install command line API methods smarter.
>
> BUG=chromium:588893
> R=dgozman@chromium.org
>
> Review-Url: https://codereview.chromium.org/2784713002
> Cr-Original-Commit-Position: refs/heads/master@{#44212}
> Committed: 908cd38123
> Review-Url: https://codereview.chromium.org/2784713002
> Cr-Commit-Position: refs/heads/master@{#44238}
> Committed: 88f71126a5TBR=dgozman@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:588893
Review-Url: https://codereview.chromium.org/2778743007
Cr-Commit-Position: refs/heads/master@{#44246}
This hopefully shrinks binary size a bit, at the cost of (slightly)
increasing the complexity of the ResumeGenerator stub. Includes ia32,
x64, mips, mips64, arm and arm64 ports.
BUG=v8:5855
R=rmcilroy@chromium.org, paul.lind@imgtec.com, bmeurer@chromium.org, neis@chromium.org
Change-Id: I848ce08afd828091a11e03c89d5be065ff557ef3
Reviewed-on: https://chromium-review.googlesource.com/461303
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44244}
- Introduce new struct AsyncGeneratorRequest, which holds
information pertinent to resuming execution of an
AsyncGenerator, such as the Promise associated with the async
generator request. It is intended to be used as a singly
linked list, and holds a pointer to the next item in te queue.
- Introduce JSAsyncGeneratorObject (subclass of
JSGeneratorObject), which includes several new internal fields
(`queue` which contains a singly linked list of
AsyncGeneratorRequest objects, and `await_input` which
contains the sent value from an Await expression (This is
necessary to prevent function.sent (used by yield*) from
having the sent value observably overwritten during
execution).
- Modify SuspendGenerator to accept a set of Flags, which
indicate whether the suspend is for a Yield or Await, and
whether it takes place on an async generator or ES6
generator.
- Introduce interpreter intrinsics and TF intrinsic lowering for
accessing the await input of an async generator
- Modify the JSGeneratorStore operator to understand whether or
not it's suspending for a normal yield, or an AsyncGenerator
Await. This ensures appropriate registers are stored.
- Add versions of ResumeGeneratorTrampoline which store the
input value in a different field depending on wether it's an
AsyncGenerator Await resume, or an ordinary resume. Also modifies
whether debug code will assert that the generator object is a
JSGeneratorObject or a JSAsyncGeneratorObject depending on the
resume type.
BUG=v8:5855
R=bmeurer@chromium.org, rmcilroy@chromium.org, jgruber@chromium.org,
littledan@chromium.org, neis@chromium.orgTBR=marja@chromium.org
Change-Id: I9d58df1d344465fc937fe7eed322424204497187
Reviewed-on: https://chromium-review.googlesource.com/446961
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44240}
- Fix opcode names to be consistent with opcodes as in wasm-opcodes.h
- Fix Ordering of Ops, inconsistencies
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2776753004
Cr-Commit-Position: refs/heads/master@{#44239}
With this CL we don't need to store reference to InspectedContext inside of JavaScript console object and able to get all required information from callback data.
It allows us to implement console methods without taking in account how and where we create and store these methods:
- later we can move console object implementation to builtins..
- ..and install command line API methods smarter.
BUG=chromium:588893
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2784713002
Cr-Original-Commit-Position: refs/heads/master@{#44212}
Committed: 908cd38123
Review-Url: https://codereview.chromium.org/2784713002
Cr-Commit-Position: refs/heads/master@{#44238}
Apart from that this patch adds kVisitJSObjectFast for JSObjects that
do not have any unboxed double fields and can be visited without
run-time layout check.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2763413007
Cr-Commit-Position: refs/heads/master@{#44237}
There's no need to set it so early - it's only needed when the function has
really been parsed. This way we don't need to produce and store it for skipped
inner functions.
BUG=v8:5516
Change-Id: Ida2abd44b494030771b5663a8eb326edb0a53b72
Reviewed-on: https://chromium-review.googlesource.com/461160
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44235}
The int64-lowering lowers return nodes which return one int64 value into
a return node which returns two int32 values. For this lowering it has
to adjust the input count of the return operator.
The existing code assumed that if the signature of a function said that
the return type is int64, then all return nodes have int64 inputs.
However, with a recent CL we also introduced void returns. With this CL
I check if the number of inputs of a return node changes with the
DefaultLowering, and only if the number of inputs changes, then I check
if I also have to change the operator of the return node.
R=mstarzinger@chromium.org
TEST=mjsunit/regress/wasm/regression-6164
BUG=v8:6164
Change-Id: I004ab1b4be942cc045719f306705d95b48707a1c
Reviewed-on: https://chromium-review.googlesource.com/461941
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44232}
Up until now, the debug name of a WebAssembly function was "unknown"
if no name was provided in the name section. With this CL we use the
function index to generate the name "wasm#index" as the debug name.
This debug name is used e.g. for --print-wasm-code or
--trace-turbo-graph
R=clemensh@chromium.org
Change-Id: Ie9b14437fbdef8fd6602eab0d89e415599445099
Reviewed-on: https://chromium-review.googlesource.com/461923
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44230}
A recent CL enabled pipeline statistics for WebAssembly. This caused a
problem with the --trace-turbo flag because in the pipeline statistics
code --trace-turbo wanted to access the parse_info, which is not
available for WebAssembly. With this CL I guard the trace-turbo code
behind a parse_info check to avoid this problem.
R=clemensh@chromium.org
Change-Id: I9d628c7dec5b456e0ff9178ad989c41ac1e0237e
Reviewed-on: https://chromium-review.googlesource.com/461902
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44229}
Even in optimized code we can utilize the various load and store IC
trampolines to save code space when it's an IC in the outermost
function, as in that case the trampoline can just take the vector
from the parent's frame.
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2776073005
Cr-Commit-Position: refs/heads/master@{#44226}
Move builtin definitions (i.e. BUILTIN_LIST and family) to a separate header
in preparation for auto-generation of TFS interface descriptors.
BUG=v8:6116
Review-Url: https://codereview.chromium.org/2784793002
Cr-Commit-Position: refs/heads/master@{#44221}
Now that Ignition has the dedicated TestTypeOf operator, there's not
really a point in doing the typeof with abstract/strict equal combining
in TurboFan anymore. In fact it's counter-productive to do so, as it
might try to cover typeof comparisons in cases where it's better to just
compute the typeof once, i.e.:
let x = typeof a, y = typeof b;
if (x === y) {
if (x === 'string') {
...
}
}
Here we would combine the second comparison into an ObjectIsString, and
still compute the typeof a.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2780953003
Cr-Commit-Position: refs/heads/master@{#44220}
When we call from TurboFan to a CSA or C++ builtin, we can avoid the
ArgumentsAdaptorFrame in case of a parameter arity mismatch by just
filling up missing arguments with undefined or removing additional
arguments on the call site already. This is safe for CSA/C++ builtins,
since those that care about variable arguments are marked with the
kDontAdaptArgumentsSentinel.
R=danno@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2684963002
Cr-Commit-Position: refs/heads/master@{#44218}
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14569
Original issue's description:
> [inspector] console get all information from inspector when needed
>
> With this CL we don't need to store reference to InspectedContext inside of JavaScript console object and able to get all required information from callback data.
> It allows us to implement console methods without taking in account how and where we create and store these methods:
> - later we can move console object implementation to builtins..
> - ..and install command line API methods smarter.
>
> BUG=chromium:588893
> R=dgozman@chromium.org
>
> Review-Url: https://codereview.chromium.org/2784713002
> Cr-Commit-Position: refs/heads/master@{#44212}
> Committed: 908cd38123TBR=dgozman@chromium.org,kozyatinskiy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:588893
Review-Url: https://codereview.chromium.org/2784603003
Cr-Commit-Position: refs/heads/master@{#44217}
Compare bytecode handlers does several checks to collect feedback and
repeats these checks when actually performing the operation. This cl
changes it perform the actual comparison for smi / number along with
collecting feedback.
BUG=v8:4280
Change-Id: If0954b68dd232461e08e94a90ccc17604c235b27
Reviewed-on: https://chromium-review.googlesource.com/458420
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44216}
Compilation can fail e.g. on stack overflow. This ensures that we exit
early from StringReplaceGlobalRegExpWithString in that case.
BUG=v8:5437,chromium:705934
Review-Url: https://codereview.chromium.org/2778953004
Cr-Commit-Position: refs/heads/master@{#44215}
With this CL we don't need to store reference to InspectedContext inside of JavaScript console object and able to get all required information from callback data.
It allows us to implement console methods without taking in account how and where we create and store these methods:
- later we can move console object implementation to builtins..
- ..and install command line API methods smarter.
BUG=chromium:588893
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2784713002
Cr-Commit-Position: refs/heads/master@{#44212}
Currently, V8 uses the same size counter to measure module sizes for both asm.js
and WASM. This CL separates the counter into two separate counters, and then
uses the appropriate counter when decoding.
BUG=chromium:704922
R=mtrofin@chromium.org,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2777203005
Cr-Commit-Position: refs/heads/master@{#44211}
Currently, V* uses the same size counter to measure the maximum number
of memory pages allocated by a module for both asm.js and WASM. This
CL separates the counter into two separate counters, and then uses the
appropriate counter when measuring.
BUG=chromium:704922
R=mtrofin@chromium.org,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2783713002
Cr-Commit-Position: refs/heads/master@{#44210}
A couple bugs had led code in one Context to be able to lead to
estimated memory usage in another Context, even in cases that should be
easy to detect.
- Ensure that the pointer to the next context is nulled out while
recursing over the portion of the heap. It seems like there was
previously some code to do this partway, but the nulling part
was left out.
- Skip including maps in the understanding of the Context estimated
size, as the maps are shared between Contexts and may be reachable
from other Contexts
Review-Url: https://codereview.chromium.org/2780773002
Cr-Commit-Position: refs/heads/master@{#44208}
Currently, V8 uses the same counter to measue module decoding peak memory bytes
for both asm.js and WASM. This CL separates the counter into two separate
counters, and then uses the appropriate counter when decoding a module.
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
Review-Url: https://codereview.chromium.org/2778973003
Cr-Commit-Position: refs/heads/master@{#44207}
Currently, V8 uses the same size counter to measure function byte sizes for both
asm.js and WASM. This CL separates the counter into two separate counters, and
then uses the appropriate counter when decoding.
BUG=chromium:704922
R=bbudge@google.com,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2780783003
Cr-Commit-Position: refs/heads/master@{#44205}
Currently, V8 uses the same size counter to measure the minimum number of memory pages allocated by a module for both asm.js and WASM. This CL separates the counter into two separate counters, and then uses the appropriate counter when measuring.
BUG=chromium:704922
R=mtrofin@chromium.org,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2781453004
Cr-Commit-Position: refs/heads/master@{#44204}
Fix a few items broken during review of scanner + parser:
* Make the scanner retain stale newline state on a rewind (as otherwise it must be able to correctly rewind that too, though it doesn't need it). (Probably should revisit).
* Change StashCode in the builder skip to the zero case, as it crashes for some reason (added TODO).
Also fix:
* Drop test based on constant expression evaluation in main parser
* Support constant defined based on existing constant.
* Type constants as signed.
* Added a check that all used functions are defined eventually.
* Zone allocate strings for simplicity (TODOs to refactor better).
BUG=v8:6090
BUG=v8:4203
R=mstarzinger@chromium.org,marja@chromium.org,vogelheim@chromium.org
Review-Url: https://codereview.chromium.org/2771183002
Cr-Original-Commit-Position: refs/heads/master@{#44200}
Committed: be0dbdd679
Review-Url: https://codereview.chromium.org/2771183002
Cr-Commit-Position: refs/heads/master@{#44203}
Reason for revert:
Fails on gc-stress.
Original issue's description:
> [wasm][asm.js] Fix and enable several asm.js tests with the new parser.
>
> Fix a few items broken during review of scanner + parser:
> * Make the scanner retain stale newline state on a rewind (as otherwise it must be able to correctly rewind that too, though it doesn't need it). (Probably should revisit).
> * Change StashCode in the builder skip to the zero case, as it crashes for some reason (added TODO).
>
> Also fix:
> * Drop test based on constant expression evaluation in main parser
> * Support constant defined based on existing constant.
> * Type constants as signed.
> * Added a check that all used functions are defined eventually.
> * Zone allocate strings for simplicity (TODOs to refactor better).
>
> BUG=v8:6090
> BUG=v8:4203
> R=mstarzinger@chromium.org,marja@chromium.org,vogelheim@chromium.org
>
> Review-Url: https://codereview.chromium.org/2771183002
> Cr-Commit-Position: refs/heads/master@{#44200}
> Committed: be0dbdd679TBR=clemensh@chromium.org,bradnelson@google.com,marja@chromium.org,mstarzinger@chromium.org,vogelheim@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6090
Review-Url: https://codereview.chromium.org/2782613002
Cr-Commit-Position: refs/heads/master@{#44201}
Fix a few items broken during review of scanner + parser:
* Make the scanner retain stale newline state on a rewind (as otherwise it must be able to correctly rewind that too, though it doesn't need it). (Probably should revisit).
* Change StashCode in the builder skip to the zero case, as it crashes for some reason (added TODO).
Also fix:
* Drop test based on constant expression evaluation in main parser
* Support constant defined based on existing constant.
* Type constants as signed.
* Added a check that all used functions are defined eventually.
* Zone allocate strings for simplicity (TODOs to refactor better).
BUG=v8:6090
BUG=v8:4203
R=mstarzinger@chromium.org,marja@chromium.org,vogelheim@chromium.org
Review-Url: https://codereview.chromium.org/2771183002
Cr-Commit-Position: refs/heads/master@{#44200}
This extends the existing insertion of soft deopts during early lowering
from loads to stores (both named and keyed). It now covers all property
access operations. Next we will handle monomorphic type feedback when
applicable.
R=bmeurer@chromium.org
Change-Id: I6138744682cdbdbdb7274851aa81fb075229c309
Reviewed-on: https://chromium-review.googlesource.com/459482
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44198}
Currently, V8 uses the same counter to collect decoding time for both asm.js and
WASM. This separates the function decoding counter into two separate counters,
and then uses the appropriate counter when decoding a module.
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2772363002
Cr-Commit-Position: refs/heads/master@{#44197}
Don't put internalized parser handles in a DeferredHandleScope if we aren't
going to compile concurrently since this has a performance cost.
BUG=chromium:686658
Change-Id: Id89d197b863569346895583e6df79134e79a5d4b
Reviewed-on: https://chromium-review.googlesource.com/461879
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44196}
