Port eb84126923
Original commit message:
One caveat: the Crankshaft stub used to preserve callee-clobbered double
registers, which is contrary to any real platform ABI that we support. Since the
only current use of this stub is in Crankshaft, the instruction there now must
be marked as double-clobbering. This might result in a small performance
regression. However, when this stub is eventually used in TF-generated code, it
will be called from deferred code that can save doubles only on the rarely-taken
path... something that Crankshaft can't do.
R=danno@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=chromium:608675
LOG=N
Review-Url: https://codereview.chromium.org/2227673003
Cr-Commit-Position: refs/heads/master@{#38444}
This removes the test-download method for all but
promises-aplus. They all only contain legacy code for
deleting old archives.
Only test262 needs to prepare sources on swarming, which is
moved to a new method, called unconditionally.
All references to --download-data and --download-data-only
in the infrastructure can be removed after this.
BUG=
Review-Url: https://codereview.chromium.org/2227613002
Cr-Commit-Position: refs/heads/master@{#38439}
This allows us to consume the type hints gathered by the CompareIC
for the strict equality and inequality operators. Similar to abstract
equality We need to distinguish Number and NumberOrOddball feedback,
as strict equality doesn't truncate Oddball to Number.
R=epertoso@chromium.org
BUG=v8:4583
Review-Url: https://codereview.chromium.org/2222993003
Cr-Commit-Position: refs/heads/master@{#38438}
This CL changes the semantics of FloatXXSub to match the semantics of
the semantics of FloatXXSubPreserveNan. Therefore there is no need
anymore for the FloatXXSubPreserveNan operators.
The optimizations in VisitFloatXXSub which are removed in this CL have
already been moved to machine-operator-reducer.cc in
https://codereview.chromium.org/2226663002R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2220973002
Cr-Commit-Position: refs/heads/master@{#38437}
This CL applies the same optimization already present for calling API-function.
Execution::New and Execution::Call now both check whether the target is an
API-function and avoid calling out into the construct/call stub.
BUG=chromium:630217
Review-Url: https://codereview.chromium.org/2203353002
Cr-Commit-Position: refs/heads/master@{#38433}
This allows us to consume the type hints gathered by the CompareIC for
the abstract equality and inequality operators. We need to distinguish
Number and NumberOrOddball feedback now, as abstract equality doesn't
truncate null and undefined to Number.
R=epertoso@chromium.org
BUG=v8:4583
Review-Url: https://codereview.chromium.org/2222983002
Cr-Commit-Position: refs/heads/master@{#38432}
Introduces a new VariableLocation MODULE for variables that live in a
module's export table. Scope analysis sets this for the approriate variables.
Not yet supported by any backend.
Also, treats all imports as CONST bindings (including namespace imports), rather
than having new special variable modes.
BUG=
Review-Url: https://codereview.chromium.org/2199283002
Cr-Commit-Position: refs/heads/master@{#38426}
Pass in zone() explicitly to SloppyBlockFunctionMap::Declare and VariableMap::Declare instead.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2223773002
Cr-Commit-Position: refs/heads/master@{#38424}
The outer scope of the scope we are compiling doesn't need analysis. Either we're compiling top-level code in which case there is no outer scope. Or we are compiling code at the top-level (eval, function, module), and there won't be anything to resolve in the outer scope. Lastly we could also be compiling with a deserialized scope. In that case the outer scope is already resolved.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2224593002
Cr-Commit-Position: refs/heads/master@{#38419}
Introduce a dedicated MaybeGrowFastElements simplified operator, which
tries to grow a fast elements backing store for a given element that
should be added to an array/object. Use that to lower a growing keyed
store to a sequence of
1) check index is a valid array index,
2) check stored value,
3) maybe grow elements backing store (and deoptimize if it would
normalize), and
4) store the actual element.
The actual growing is done by two dedicated GrowFastDoubleElements
and GrowFastSmiOrObjectElements builtins, which are very similar to
the GrowArrayElementsStub that is used by Crankshaft.
Drive-by-fix: Turn CopyFixedArray into CopyFastSmiOrObjectElements
builtin, similar to the new growing builtins, so we don't need to
inline the store+write barrier for the elements into all optimized
code objects anymore.
Also fix a bug in the OperationTyper for NumberSilenceNaN, which was
triggered by this change.
BUG=v8:5272
Review-Url: https://codereview.chromium.org/2227493002
Cr-Commit-Position: refs/heads/master@{#38418}
Up until now "-0.0 - x" was lowered in the instruction selector. I moved
the lowering now to the MachineOperatorReducer.
I did not remove the lowering from the instruction selector yet, I would
prefer to do that in a separate CL.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2226663002
Cr-Commit-Position: refs/heads/master@{#38417}
Properly figure out NaN and -0 cases even for non-integer inputs. This
helps to reduce the number of checks we have to perform in case we try
to go back to int32 after a floating point operation.
R=epertoso@chromium.org
Review-Url: https://codereview.chromium.org/2221863002
Cr-Commit-Position: refs/heads/master@{#38415}
Reason for revert:
We can revert this now that it's landed on 5.3.
Original issue's description:
> Fix an OOB read through CallSite.GetFunctionName
>
> The func_index parameter passed to GetWasmFunctionNameFromTable can be
> user-controlled through the CallSite constructor. Catch out-of-bounds
> reads and return null as the function name in such cases.
>
> This applies to the 5.3 branch and will be reverted on TOT in a bit.
>
> BUG=632965
>
> Committed: https://crrev.com/8592c450a68581d7257c1b2002983c0092cd749a
> Cr-Commit-Position: refs/heads/master@{#38276}
TBR=ahaas@chromium.org,yangguo@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=632965
Review-Url: https://codereview.chromium.org/2225773002
Cr-Commit-Position: refs/heads/master@{#38414}
Properly figure out NaN and -0 cases even for non-integer inputs. This
helps to reduce the number of checks we have to perform in case we try
to go back to int32 after a floating point operation.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2227533002
Cr-Commit-Position: refs/heads/master@{#38413}
Reason for revert:
Leaks block chromium roll:
https://codereview.chromium.org/2219083003/
Example build:
https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_asan_rel_ng/builds/205435
You can add the trybot from tryserver.chromium.linux, linux_chromium_asan_rel_ng, on reland.
Original issue's description:
> [Reland][Tracing] Embed V8 runtime call stats into tracing.
>
> Currently we have V8 RuntimeCallStats that is independently from tracing when
> running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
> stats into tracing, by having a global table of runtime call counters each
> isolate, resetting the table each time we enter a top level trace event, and
> dumping the table for each top level trace event. This will make trace file more
> compat, as well as enable runtime call stats in tracing system.
>
> This patch adds ~5% overhead to V8 when the category is enabled, we measure the
> overhead by running a script when category is enabled.
>
> BUG=v8:5089
>
> Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
> Committed: https://crrev.com/1ca3b73bba4a7253ca8eeef39321d70e7d414331
> Committed: https://crrev.com/3f936a5b17754783e92d2146eaf66c88a78ee45b
> Cr-Original-Original-Commit-Position: refs/heads/master@{#38270}
> Cr-Original-Commit-Position: refs/heads/master@{#38314}
> Cr-Commit-Position: refs/heads/master@{#38403}
TBR=cbruni@chromium.org,fmeawad@chromium.org,bmeurer@chromium.org,adamk@chromium.org,rmcilroy@chromium.org,lpy@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5089
NOTRY=true
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2221853002
Cr-Commit-Position: refs/heads/master@{#38412}
Introduce a dedicated NumberOperationHint enum that represents the
feedback we can use for speculative number operations.
BUG=v8:4930
Review-Url: https://codereview.chromium.org/2220573002
Cr-Commit-Position: refs/heads/master@{#38411}
Rolling v8/build to 0aef44ff3987075f96208a8418c9f92038e7cf52
Rolling v8/tools/clang to c08b639033e7eca409e7d61c8384b7e328aabe8f
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2227473002
Cr-Commit-Position: refs/heads/master@{#38409}
Assign feedback slots in the type feedback vector for binary operations.
Update bytecode-generator to use these slots and add them as an operand
to binary operations.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2209633002
Cr-Commit-Position: refs/heads/master@{#38408}
AtomicNumber should make dealing with atomic counters easier. This is not the
case with size_t, as we cannot properly use the Increment() method for negative
numbers.
With this CL we can use AtomicNumber<size_t> and have proper decrements.
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2215693002
Cr-Commit-Position: refs/heads/master@{#38407}
This patch folds --optimize-for-size flag and check for low-memory device
into Heap::ShouldOptimizeForMemoryUsage() predicate.
It has the following side effects:
- the heap growing factor for low-memory devices is capped at 1.3 (old value was 2.0).
- the memory reducer will be more aggressive for low-memory devices.
BUG=chromium:634900
Review-Url: https://codereview.chromium.org/2218703004
Cr-Commit-Position: refs/heads/master@{#38406}
Rolling v8/build to 4f92210342e455123c37ad2040085b84a8ab6274
Rolling v8/buildtools to e4aa960cb9cd2c7dbaa69655efa85b3d7dff13dd
Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to 470265c2fd38206eb1ca36fbe8a50931c1b8f83d
Rolling v8/tools/clang to 36887a18177854dec069b5dc0e14b4274fc0c709
Rolling v8/tools/gyp to 93cc6e2c23e4d5ebd179f388e67aa907d0dfd43d
Rolling v8/tools/mb to 98a61eae883d6e59651c5a2af141cd45f754aa71
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2213393003
Cr-Commit-Position: refs/heads/master@{#38405}
- Don't read .constructor when returning a Promise from an async function.
Instead, call out to the internals of Promise.resolve directly.
This is done by adding back in an "optimization" from an earlier form of
the async/await code written by Caitlin Potter.
- Async functions always return a new Promise with a distinct identity,
even if they simply return another Promise.
R=caitp@igalia.com
BUG=v8:4483
Review-Url: https://codereview.chromium.org/2219623002
Cr-Commit-Position: refs/heads/master@{#38404}