The inlined version of Array.At was only checking the kind of the
maps, rather than the maps themselves. When the feedback was
containing an array map that "supports_fast_array_iteration", then its
kind was added to the list of supported kinds. If this Array.at was
later called with a non-array map with the same kind, then the object
would be wrongly treated as an array.
This is now fixed: inlining Array.at checks the maps directly rather
than only their kinds.
Fixed: chromium:1377775
Change-Id: I6669ffdc04df04a7c9d00d6b9f8bac82dc9cd235
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3981554
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83946}
The newly added cast instructions can cast from {any} type, resulting
in the cast instructions with a concrete type having to also check if
an object actually is a wasm object (and not e.g. a JS object) before
loading the WasmTypeInfo from its map.
Bug: v8:7748
Change-Id: Ia9c1d35fb9de016af4984883f1374fd5238ce6ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3981858
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83945}
After concurrent OSR was enabled, JS execution may stop not at OSR entry
when concurrent OSR compilation finish. If no more feedback change,
without reset profiler ticks, OSR urgency is increased from 0 by 1 per
profiler tick after concurrent OSR compilation finish, it makes new
OSR compilation can be quickly triggered, reset profiler ticks after OSR
compilation for triggering the later OSR compilation under the same
condition with the first OSR compilation. For example:
for (;;) {
for (;;) {
} // OSR entry
for (;;) {
<- Executing JS code here when the OSR compilation finish
}
}
1. We start executing the nesting loop.
2. We reset profiler ticks once feedback change.
3. If the first inner loop happens to be executing after accumulating
enough no feedback change profiler ticks, we start concurrent OSR whose
entry belongs to the first inner loop.
4. We continue executing the nesting loop, if no new feedback change,
increasing profiler ticks again.
5. Concurrent OSR whose entry belongs to the first inner loop completes.
6. If the second inner loop happens to be executing, without reset
profiler ticks, we immediately start concurrent OSR whose entry belongs
to the second inner loop.
The second OSR code is almost same quality with the first OSR code.
This CL can reduce OSR compilation amount by ~3.9% (2311 -> 2224) when
running JetStream2.1.
Change-Id: I4d64cd8963fd2b99d88a3c218841fe5d7c4dc34f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3819421
Commit-Queue: Tao Pan <tao.pan@intel.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83944}
This is a reland of commit 31edec6406
Original change's description:
> [heap] Update young nodes of traced handles
>
> Fix regressions caused by
> https://crrev.com/c/3966952
>
> Update and clear the list of young nodes which would otherwise be
> repeatedly processed during Scavenge and full GCs.
>
> Bug: v8:13372, chromium:1378097
> Change-Id: I1b302f75f970385e9e0259fa4b1719d9262c1f2a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3981273
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83922}
Bug: v8:13372, chromium:1378097
Change-Id: I254e1c5c40b5c1cfa06ddd435d5a6610d84e36bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3984605
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83943}
Rolling v8/build: adcb306..4e03165
Rolling v8/buildtools: 4c4e17b..ddc9513
Rolling v8/buildtools/linux64: git_revision:7a6231e3e43845d9aa298bb040f11dd1953e966f..git_revision:3e98c606ed0dff59fa461fbba4892c0b6de1966e
Rolling v8/buildtools/third_party/libc++/trunk: 0487904..baa43f8
Rolling v8/third_party/depot_tools: 1f51102..6f2321d
Rolling v8/third_party/fuchsia-sdk/sdk: version:10.20221025.2.1..version:10.20221026.0.1
Rolling v8/tools/clang: 863e4bb..87d0b8c
Change-Id: Ieeb9465bd17974caba7cd8f6d1448b5bd7f2b402
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3982514
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83940}
In order to be able to iterate all objects in the heap (including
SHARED_SPACE), all LABs in the shared space need to be iterable. For this reason the HeapObjectIterator needs to perform a global safepoint for the shared heap isolate.
Bug: v8:13267
Change-Id: I2b7583fac0564f8b98b74607404be851fde1281f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3978091
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83939}
It is important that the Context's microtask queue matches what the
embedder thinks it is. Android WebView has some interop functionality
where the Agent changes but the context must not be cleared. Ensuring the microtask queue for the context matches the Agent by adding a
setter that the embedder can call.
BUG=chromium:961186
Change-Id: Id99644fbfc84b8a1676162261444c02d07b238a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976350
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83937}
This extends crrev.com/c/3948663 (ref.cast) by adding the new
"ref.cast null" which only behaves different for null for which
it doesn't trap but instead casts the null value to the target
(null)type.
Bug: v8:7748
Change-Id: I3ac85d83cc06c95af8830c1c60ae2f28414e2570
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3960329
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83934}
It looks like a map can become a migration target between
graph building and codegen.
Bug: v8:7700
Change-Id: I88562d69ae62ce5e6c168c73d8ad5eb19099c03b
Fixes: v8:13419
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3982113
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83933}
The DCHECK is not correct: if we're marking a not-fully-initialized
object, then the handle can change from its uninitialized value (zero)
to a valid handle prior to this DCHECK, therefore causing it to fail.
This scenario is fine though, since the new entry will already be marked
as alive as it has just been allocated.
To fix that, the DCHECK now allows the two values to mismatch iff the
handle is zero.
Bug: v8:13297
Change-Id: If640d457da1d78a3d1666ffa930c27116a6080c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3981553
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83931}
In the constant branch, we need to check if char code is
bigger than zero.
In the generic branch, we do the `andl` before the
comparison.
This also fixes issues with aliasing the code char with
the result register.
Bug: v8:7700
Change-Id: I41a8a22a1acf3feabdee34a61d77c53bcda6892b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3981276
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83930}
They do have a meaning as well: there are no unstable maps. When we need
to clear unstable maps (and drop related stable maps), we can avoid
doing this for empty unstable map sets since no unstable maps can have
transitioned to new stable maps.
Bug: v8:7700
Change-Id: Ie74f62b6bff81dff8118a46e22a2ea81550d09c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3981278
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83929}
This is a reland of commit 95eece3068
Original change's description:
> [heap] Fix racy OOM in new space concurrent sweeping
>
> Some tests are flakily failing due to a timing issue between new space
> concurrent sweeping and allocations.
> When new spaces and other spaces are also swept, each concurrent thread
> will take one new space page. If a young allocation happens right after
> the atomic pause finished, it's possible that all new space pages are
> held by concurrent threads. The main thread will try to contribute to
> sweeping but get no pages, and fail to allocate.
>
> Fix by restoring the round robin order of sweeping, such that not all
> threads start with new space.
>
> Bug: v8:12612, v8:13413
> Change-Id: I3b448199b4678c339f9e59f7ca31d9e1e0e76011
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976043
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83918}
Bug: v8:12612, v8:13413
Change-Id: Idbd5cbb53c9f43290e02d10d85ee4199ea9a4136
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3980756
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83927}
Unstable maps can transition to stable ones after a side effect,
therefore we cannot trust the set of stable maps. The CL nukes
from the set from stable_maps, equivalent of setting it to
the universal set.
Bug: v8:7700
Change-Id: I457f76efd48ec7eec747233ec063ebe265d3085a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3978169
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83923}
Fix regressions caused by
https://crrev.com/c/3966952
Update and clear the list of young nodes which would otherwise be
repeatedly processed during Scavenge and full GCs.
Bug: v8:13372, chromium:1378097
Change-Id: I1b302f75f970385e9e0259fa4b1719d9262c1f2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3981273
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83922}
The deadlock occurs when the Isolate is destroyed before a wasm compile
job is finished causing the `WasmEngine::LogCode` to deadlock itself
when the TaskRunner is already in the terminated state.
Change-Id: I36dc68aecbcb2054d7da61d22defd0eff3130f62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976515
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83921}
Update the free list implementation for new space to set a larger
minimum size and skip redundant step in the allocation logic.
Bug: v8:12612
Change-Id: I480fe99cf4cfad7c25d687540b7841cd56d41d47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976508
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83920}
This reverts commit 95eece3068.
Reason for revert: Broke single generation bot
Original change's description:
> [heap] Fix racy OOM in new space concurrent sweeping
>
> Some tests are flakily failing due to a timing issue between new space
> concurrent sweeping and allocations.
> When new spaces and other spaces are also swept, each concurrent thread
> will take one new space page. If a young allocation happens right after
> the atomic pause finished, it's possible that all new space pages are
> held by concurrent threads. The main thread will try to contribute to
> sweeping but get no pages, and fail to allocate.
>
> Fix by restoring the round robin order of sweeping, such that not all
> threads start with new space.
>
> Bug: v8:12612, v8:13413
> Change-Id: I3b448199b4678c339f9e59f7ca31d9e1e0e76011
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976043
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83918}
Bug: v8:12612, v8:13413
Change-Id: Id65358e55721b98d10f6737adaf057482aef103b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3981275
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83919}
Some tests are flakily failing due to a timing issue between new space
concurrent sweeping and allocations.
When new spaces and other spaces are also swept, each concurrent thread
will take one new space page. If a young allocation happens right after
the atomic pause finished, it's possible that all new space pages are
held by concurrent threads. The main thread will try to contribute to
sweeping but get no pages, and fail to allocate.
Fix by restoring the round robin order of sweeping, such that not all
threads start with new space.
Bug: v8:12612, v8:13413
Change-Id: I3b448199b4678c339f9e59f7ca31d9e1e0e76011
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976043
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83918}
This is an extension to the fix landed in https://crrev.com/c/3295348.
We should also throw the exception when we are paused in a module.
This is a constellation that can only happen with debug-evaluate as
'eval's in modules are always indirect, whereas debug-evaluate uses
direct, sloppy eval.
R=bmeurer@chromium.org, leszeks@chromium.org
Bug: chromium:1352303
Change-Id: I7373462dc6ae419e0a1a05a385ab81f204ff03ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976510
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83917}
Rolling v8/build: 35368b6..adcb306
Rolling v8/buildtools: 32851f2..4c4e17b
Rolling v8/buildtools/reclient: re_client_version:0.69.0.458df98-gomaip..re_client_version:0.81.1.0853992-gomaip
Rolling v8/buildtools/third_party/libc++/trunk: 166132d..0487904
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/cf46d16..2f63d55
Rolling v8/third_party/fuchsia-sdk/sdk: version:10.20221024.1.1..version:10.20221025.2.1
Rolling v8/third_party/instrumented_libraries: 459048b..f764ffc
Rolling v8/tools/clang: bc55ae7..863e4bb
Change-Id: I512c7139152f29e67a8b7c665b67bdd5eca5a96a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3978533
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83916}
Because Data's ctor is not defined, debug info optimization will
generate empty debug info for it. Adding standalone_debug attribute for
it to have complete debug info for this class.
Bug:
Change-Id: I0ca023518b1f5142a63686ba5a41007ac067c1f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3963719
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Zequan Wu <zequanwu@google.com>
Auto-Submit: Zequan Wu <zequanwu@google.com>
Cr-Commit-Position: refs/heads/main@{#83915}
This reverts commit 05bd7d9cd6.
Reason for revert: Still looks like a reason for rollout tests failure https://ci.chromium.org/ui/p/chromium/builders/try/linux-rel/1179312/overview
Original change's description:
> Reland "[turbofan] Optimize rab/gsab-backed TypedArrays and DataViews"
>
> This reverts commit 4b28d53011.
>
> Original change's description:
> > [turbofan] Optimize rab/gsab-backed TypedArrays and DataViews
> >
> > This CL adds TurboFan optimizations for length and element access
> > of TypedArrays and DataViews that are rab/gsab-backed.
> >
> > To enable this optimization, this CL builds the necessary machinery
> > required to allow machine operators at the front of the pipeline
> > (before simplified lowering). Some key changes to allow this are:
> > - Introduce Type::Machine() to allow the typer and the verifier to
> > provide a type to those machine operators in parts of the pipeline
> > that require nodes to be typed.
> > - Add EnterMachineGraph and ExitMachineGraph operators that define
> > the boundary between early machine graphs and the normal graph with
> > JS semantics.
> > - Give Branch operators a BranchSemantics parameter to distinguish
> > between machine branches (condition is a machine level value) and
> > JS branches (condition is a JS boolean value) and have phases that
> > handle branches decide on the branch's semantics based on this
> > parameter instead of the position in the pipeline.
> > - Extend SimplifiedLowering and SimplifiedLoweringVerifier to handle
> > machine graphs. In particular, constants required special handling,
> > because they are cached in the graph but they may have uses in both
> > a machine and the JS graph, which prevents consistent typing of
> > them.
> > - Moved lots of logic from JSCallReducerAssembler into
> > [JS]GraphAssembler such that functionality can be shared between
> > different phases (e.g. JSNativeContextSpecialization and
> > JSCallReducer need to generate logic to compute a TypedArray's
> > byte length). Extended assembler interface in general with
> > additional TNode<> overloads.
> >
> >
> > Bug: v8:11111, chromium:1358505
> > Change-Id: Ife006b8c38a83045cd3b8558acbfdcb66408891f
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898690
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#83881}
>
> Bug: v8:11111, chromium:1358505, v8:13412
> Change-Id: I61664e18a9dba1741bcb70ec22ba6342521f500a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976512
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83904}
Bug: v8:11111, chromium:1358505, v8:13412
Change-Id: I960a34cfdb861feddf51cbcd759218f39b26cd56
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3980313
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Ilya Rezvov <irezvov@chromium.org>
Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83914}
This CL simplifies safepoint scopes, there are now three kinds of
safepoint scopes:
1) IsolateSafepointScope - performs an isolate local safepoint
2) GlobalSafepointScope - a global safepoint across multiple isolates
3) SafepointScope - chooses based on condition between local/global
This CL is not supposed to change current safepointing behavior in
any way. The CL renames the current SafepointScope to
IsolateSafepointScope and changes GlobalSafepointScope to always
perform a global safepoint. It then also introduces the new
SafepointScope and makes use of it for snapshotting and in heap.cc.
Bug: v8:13267
Change-Id: Ie7e1f81b6158c98d3d98552ba735cc73c9b869c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3973310
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83912}
kLiftoffFrameSetupFunctionReg is using r15 which needs it
to be part of the LO cache registers.
Change-Id: I5b2510124d8c5a688decd3874b2fa8c85d40d728
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3975382
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83911}
Keep track of simple field loads and stores in NodeInfo, and try to
reuse them where possible instead of recalculating them.
Bug: v8:7700
Change-Id: I1f5eb3cb37ac76bcbc1ce75f243a36a31e71c907
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3974888
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83909}
We need to update the ZoneHandleSet reference.
Bug: v8:7700
Change-Id: I7908f033170b8d698383bddc10ac55f7bbc7d25e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976042
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83908}
If the lookup-start-object is a constant and we're loading a constant
property, return a constant.
Bug: v8:7700
Change-Id: I260cbb0c69e362bef7ccad3ec8d2ada55fb56bfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976514
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83907}
Improve testing shards on windows, which is the second slowest
configuration.
On the slowest config (linux32) we can't do much as the bottleneck
is gcmole. But the collection of gcmole data is now moved to the
end, which should save ~30 seconds per build at least. That's what
it costs to collect the other tests that run before.
Bug: v8:11428
Change-Id: I0a4f484b37396d4883b4f1d937a476e125c84c00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3978090
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83906}
- Fixes the operand index for the first argument of the builtin.
- Adds fast paths for constant code point.
Bug: v8:7700
Change-Id: I0bf398a7b6410f900b602218c79558af73f42e66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976509
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83905}
This reverts commit 4b28d53011.
Original change's description:
> [turbofan] Optimize rab/gsab-backed TypedArrays and DataViews
>
> This CL adds TurboFan optimizations for length and element access
> of TypedArrays and DataViews that are rab/gsab-backed.
>
> To enable this optimization, this CL builds the necessary machinery
> required to allow machine operators at the front of the pipeline
> (before simplified lowering). Some key changes to allow this are:
> - Introduce Type::Machine() to allow the typer and the verifier to
> provide a type to those machine operators in parts of the pipeline
> that require nodes to be typed.
> - Add EnterMachineGraph and ExitMachineGraph operators that define
> the boundary between early machine graphs and the normal graph with
> JS semantics.
> - Give Branch operators a BranchSemantics parameter to distinguish
> between machine branches (condition is a machine level value) and
> JS branches (condition is a JS boolean value) and have phases that
> handle branches decide on the branch's semantics based on this
> parameter instead of the position in the pipeline.
> - Extend SimplifiedLowering and SimplifiedLoweringVerifier to handle
> machine graphs. In particular, constants required special handling,
> because they are cached in the graph but they may have uses in both
> a machine and the JS graph, which prevents consistent typing of
> them.
> - Moved lots of logic from JSCallReducerAssembler into
> [JS]GraphAssembler such that functionality can be shared between
> different phases (e.g. JSNativeContextSpecialization and
> JSCallReducer need to generate logic to compute a TypedArray's
> byte length). Extended assembler interface in general with
> additional TNode<> overloads.
>
>
> Bug: v8:11111, chromium:1358505
> Change-Id: Ife006b8c38a83045cd3b8558acbfdcb66408891f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898690
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83881}
Bug: v8:11111, chromium:1358505, v8:13412
Change-Id: I61664e18a9dba1741bcb70ec22ba6342521f500a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976512
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83904}
With the blocklist re-use experiment we now handle locals near the
script/global scope correctly.
This CL lands the regression test of @bmeurer since it passes now.
R=bmeurer@chromium.org
Fixed: chromium:1209117
Change-Id: I2cb0ec1689b4fd32501886cc8bdd49486beef4dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976513
Commit-Queue: Simon Zünd <szuend@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83903}
Replace the template parameter by a parameter list, so we can also pass
zero observers.
This removes nullptr checks and the {EmptyImmediateObserver}
implementation.
R=jkummerow@chromium.org
Change-Id: Ia10bf319039c2b3af9376deb6613b9b683c40d11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3973268
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83902}
Follow-up to commit 6168782925
With this change 0x14 now also consumes a sig index immediate.
This will allow users to switch from 0x17 back to 0x14 without
breaking changes. After another grace period, 0x17 can be removed.
Reland of commit I65fe8b5bceb70323dd5e6450ec7bcc02696b15fa adapted by the concurrent changes in 35cc93aa42.
(This reverts commit 01379ba6d65371b70908da8e8386a9d9993aa2f9.)
Change-Id: I699095afb85d460e1fef8bd88abfd4c748090eda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3977828
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83900}