Collect type feedback in the bytecode handler for 'new' bytecode. The
earlier cl (https://codereview.chromium.org/2153433002/) was reverted
because that implementation did not collect allocation site feedback.
This regressed delta blue by an order of magnitude. This implementation
includes collection of allocation site feedback.
Reland of https://codereview.chromium.org/2190293003/ with a bug fix.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2225923003
Cr-Commit-Position: refs/heads/master@{#39120}
When deciding whether to nuke an element entry from the state table,
base the decision for the index only on the type information, and
don't even try to run it through the alias analyzer.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2301943002
Cr-Commit-Position: refs/heads/master@{#39116}
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/9470
Original issue's description:
> Allow lexically declared "arguments" in function scope in sloppy mode.
>
> Lexically declared "arguments" in sloppy mode will throw redeclaration error
> currently, this patch fixes it by delaying the declaration of arguments until we
> fully parse parameter list and function body.
>
> BUG=v8:4577
> LOG=N
>
> Committed: https://crrev.com/70a613dd0a5f5d205b46559b55702764464851fa
> Cr-Commit-Position: refs/heads/master@{#39109}
TBR=adamk@chromium.org,mythria@chromium.org,lpy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4577
Review-Url: https://codereview.chromium.org/2304853002
Cr-Commit-Position: refs/heads/master@{#39115}
So far we used the minimum of the length instead of the maximum to
compute the output type of the CheckBounds, but at the same time
we never really used the output type yet.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2306443003
Cr-Commit-Position: refs/heads/master@{#39114}
This allows the constructors which simply fill in a missing parameter to do
so without duplicating the constructor body.
Review-Url: https://codereview.chromium.org/2294093008
Cr-Commit-Position: refs/heads/master@{#39110}
Lexically declared "arguments" in sloppy mode will throw redeclaration error
currently, this patch fixes it by delaying the declaration of arguments until we
fully parse parameter list and function body.
BUG=v8:4577
LOG=N
Review-Url: https://codereview.chromium.org/2290753003
Cr-Commit-Position: refs/heads/master@{#39109}
We really just need representation information from the CallInterfaceDescriptor. This change allows us to keep that, get away from Type, and it's Zone-based allocation as well.
BUG=
Review-Url: https://codereview.chromium.org/2301883002
Cr-Commit-Position: refs/heads/master@{#39105}
We removed some TRACE_EVENT0 instrumentation when we landed runtime call stats
tracing, however some of them are used in metrics, this patch adds these
TRACE_EVENT0 back.
BUG=642373
LOG=N
Review-Url: https://codereview.chromium.org/2301743002
Cr-Commit-Position: refs/heads/master@{#39104}
The ParserTypes class has typedefs provided by the preparser or the
parser (e.g. PreParserExpression vs Expression*). Some of those typedefs
had gotten stale and were getting in the way, especially on gcc. We
also were making inconsistent use of aliases in parser-base.h; now their
use is much more consistent.
Review-Url: https://codereview.chromium.org/2305523002
Cr-Commit-Position: refs/heads/master@{#39101}
Reason for revert:
Regressed GC times in v8.infinite_scroll_tbmv2 benchmarks.
Original issue's description:
> [heap] Simplify heuristics for incremental step size.
>
> This patch removes the code for speeding up marking.
>
> Now the step size depends on allocated bytes and
> invoked write barriers.
>
> We also ensure that the step size is large enough to
> justify the overhead of interrupting the generated code.
>
> BUG=chromium:616434
> LOG=NO
>
> Committed: https://crrev.com/71a793e4b1026e69d4009df0a419fe260fe1a235
> Cr-Commit-Position: refs/heads/master@{#39067}
TBR=mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:616434
Review-Url: https://codereview.chromium.org/2304613002
Cr-Commit-Position: refs/heads/master@{#39098}
This unblocks avoiding the separate code template.
In the upcoming CL doing away with code templates, We need to track instances
through the module object, which needs to be separate from the compiled module
data, which is then shared with the first instance.
This CL ensures we have the object available in the asm.js scenario, too.
Note that this CL also unifies the error messaging when module
decoding fails.
BUG=v8:5316
Review-Url: https://codereview.chromium.org/2299873002
Cr-Commit-Position: refs/heads/master@{#39097}
Reason for revert:
Suspected to cause webgl_conformance_tests failures:
WebglConformance_conformance_textures_misc_tex_image_with_format_and_type (gpu_tests.webgl_conformance_integration_test.WebGLConformanceIntegrationTest) ... [21956:1299:0901/082859:INFO:CONSOLE(11)] "Uncaught TypeError: Cannot read property 'charCodeAt' of undefined", source: (11)
[21956:1299:0901/082859:INFO:CONSOLE(174)] "Uncaught TypeError: Cannot read property 'charCodeAt' of undefined", source: http://127.0.0.1:56892/js/pnglib.js (174)
Original issue's description:
> [stubs] Port KeyedLoadIC_Generic stub to TurboFan
>
> And also handle dictionary elements loads in the dispatcher.
>
> Committed: https://crrev.com/fd5fe3b2a40cc7a9b044416798c3c2aa734469ff
> Cr-Commit-Position: refs/heads/master@{#39070}
TBR=verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2303793002
Cr-Commit-Position: refs/heads/master@{#39096}
Reason for revert:
Breaks cctest/test-api-interceptors/QueryInterceptor on the waterfall
Original issue's description:
> [api] Add interceptor for defineProperty().
>
> With the Indexed/GenericNamedPropertyDefinerCallback it is possible to intercept Object.defineProperty() calls.
>
> Requests that call JSReceiver::OrdinaryDefineOwnProperty() internally, also trigger the interceptor. This includes Object.freeze(), Object.preventExtensions(), and Object.seal().
>
> BUG=
>
> Committed: https://crrev.com/b9d985975cf3bab0ded0cec9fafd3799f9bde29a
> Cr-Commit-Position: refs/heads/master@{#39094}
TBR=jochen@chromium.org,franzih@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2303533004
Cr-Commit-Position: refs/heads/master@{#39095}
With the Indexed/GenericNamedPropertyDefinerCallback it is possible to intercept Object.defineProperty() calls.
Requests that call JSReceiver::OrdinaryDefineOwnProperty() internally, also trigger the interceptor. This includes Object.freeze(), Object.preventExtensions(), and Object.seal().
BUG=
Review-Url: https://codereview.chromium.org/2272383002
Cr-Commit-Position: refs/heads/master@{#39094}
The plan is to also use it for With and Catch scopes, so all kinds of
contexts have a pointer back to their ScopeInfo
R=neis@chromium.org,marja@chromium.org
BUG=v8:5215
Review-Url: https://codereview.chromium.org/2301913002
Cr-Commit-Position: refs/heads/master@{#39092}
Up until now, the passed attributes were completely ignored and we
defaulted to DONT_ENUM every time.
BUG=
Review-Url: https://codereview.chromium.org/2297193005
Cr-Commit-Position: refs/heads/master@{#39091}
This enables PreParser to declare variables in the future without
duplicating the parsing logic.
BUG=
Review-Url: https://codereview.chromium.org/2297563007
Cr-Commit-Position: refs/heads/master@{#39079}
For two FinishRegion nodes, the alias analysis returned "may alias" even
without properly looking through them.
Drive-by-fix: Add meaningful output for --trace-turbo-load-elimination.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2301903002
Cr-Commit-Position: refs/heads/master@{#39075}
This patch refactors the scanner bookmark in SkipLazyFunctionBody,
so that it is only used locally, instead of being passed to several
other methods. It is replaced by a "may_abort" parameter and an
appropriate result denoting whether lazy parsing has been aborted.
It also applies the hack of aborting lazy parsing for arrow
functions that are considered to be "initialization functions".
R=adamk@chromium.org, vogelheim@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2297733002
Cr-Commit-Position: refs/heads/master@{#39072}
This patch removes the explicit classifier parameters from all
parsing methods and makes expression classifiers implicit in
the (pre)parser's implementation. In this way, the implementation
is simplified and a proper stack of classifiers is enforced.
R=adamk@chromium.org,littledan@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2289663002
Cr-Commit-Position: refs/heads/master@{#39068}
This patch removes the code for speeding up marking.
Now the step size depends on allocated bytes and
invoked write barriers.
We also ensure that the step size is large enough to
justify the overhead of interrupting the generated code.
BUG=chromium:616434
LOG=NO
Review-Url: https://codereview.chromium.org/2290333002
Cr-Commit-Position: refs/heads/master@{#39067}
The main goal is to have the opcode number on the stack, so that we can
extract it from minidumps.
Review-Url: https://codereview.chromium.org/2301853002
Cr-Commit-Position: refs/heads/master@{#39066}
This furthers our goal of avoiding using the representation dimension of
the Type class.
BUG=v8:5270
Review-Url: https://codereview.chromium.org/2295883004
Cr-Commit-Position: refs/heads/master@{#39064}
Now that the hole NaN is no longer represented as Float64Constant early
on, we should never see such a constant node in any JS-level graph, but
we will only see them after representation selection. Change Typer and
SimplifiedLowering appropriately (and fix the invalid tests).
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2299883003
Cr-Commit-Position: refs/heads/master@{#39063}
We use a signaling NaN to represent the hole in
FAST_HOLEY_DOUBLE_ELEMENTS backing stores, but on Intel processors, the
C++ compiler may decide to (or be forced to due to calling conventions)
use X87 registers for double values. However transfering to X87
registers automatically quietens the NaNs and there's no way to disable
this. Therefore we should just always load the hole NaN from the canonical
place identified by the address_of_hole_nan external reference instead,
which might even be more efficient in some cases.
R=jarin@chromium.org, jkummerow@chromium.org
BUG=v8:5332
Review-Url: https://codereview.chromium.org/2303643002
Cr-Commit-Position: refs/heads/master@{#39062}
Port 7516fe1eaa
Original commit message:
The only remaining use of this VariableMode is for the names of sloppy
named function expressions. This patch instead uses CONST for such
bindings (just as we do in strict mode) and instead marks those
Variables specially. During code generation a new helper method,
Variable::throw_on_const_assignment(), is called to decide whether
to throw or silently ignore the assignment.
R=adamk@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=
Review-Url: https://codereview.chromium.org/2299043002
Cr-Commit-Position: refs/heads/master@{#39060}
port 7516fe1eaa (r39052)
original commit message:
The only remaining use of this VariableMode is for the names of sloppy
named function expressions. This patch instead uses CONST for such
bindings (just as we do in strict mode) and instead marks those
Variables specially. During code generation a new helper method,
Variable::throw_on_const_assignment(), is called to decide whether
to throw or silently ignore the assignment.
BUG=
Review-Url: https://codereview.chromium.org/2299103002
Cr-Commit-Position: refs/heads/master@{#39059}
This patch arranges that property names are parsed in a single pass,
reporting the name as well as the type of the property, instead of
parsing qualifiers like 'static' or 'get' initially as names and then
re-parsing. This change is easier to reason about, very slightly (4%)
faster in some cases (although slower in other, less common ones, though
this slowdown will be fixed in an upcoming patch), and is a prerequisite
for separating the parsing of object and class literal properties, which
will become increasingly important as ECMAScript adds more class features.
This is a reland of https://codereview.chromium.org/2278153004/,
which fixes the issue causing the revert and adds more tests.
Review-Url: https://codereview.chromium.org/2300503002
Cr-Commit-Position: refs/heads/master@{#39056}
The event is used by DevTools to mark microtask execution intervals.
To reduces the overhead the event is only emitted when there are
microtasks to run.
BUG=642228
Review-Url: https://codereview.chromium.org/2289593005
Cr-Commit-Position: refs/heads/master@{#39055}
The only remaining use of this VariableMode is for the names of sloppy
named function expressions. This patch instead uses CONST for such
bindings (just as we do in strict mode) and instead marks those
Variables specially. During code generation a new helper method,
Variable::throw_on_const_assignment(), is called to decide whether
to throw or silently ignore the assignment.
Review-Url: https://codereview.chromium.org/2233673003
Cr-Commit-Position: refs/heads/master@{#39052}
Previously, fast holey elements accessors would detect element presence
by simply doing a hole check on any slot within the backing store's
capacity. This relied on the (mostly-true but brittle) assumption that
slots beyond the length are always correctly zapped with The Hole.
Review-Url: https://codereview.chromium.org/2297253002
Cr-Commit-Position: refs/heads/master@{#39051}
This introduces a new heap object ModuleInfo, which is to ModuleDescriptor
what ScopeInfo is to Scope. When deserializing a scope info that contains
a module info, we deserialize the module info into a module descriptor and
put it into the synthesized module scope.
Currently, module infos only store exports.
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2277253003
Cr-Commit-Position: refs/heads/master@{#39049}
Ignition OSR to turbofan seems to cause instruction selector crashes
(where instructions selector gets simplified operators, probably
because we break the effect chain somehow).
BUG=chromium:641893
Review-Url: https://codereview.chromium.org/2298613003
Cr-Commit-Position: refs/heads/master@{#39045}
When we try to further fold previously folded allocations in Crankshaft
GVN we don't properly transform the allocations involved, which causes
the mechanism to leave holes in the new/old space (and thereby violate
the iterability property of the new/old space).
BUG=chromium:621868
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2297983003
Cr-Commit-Position: refs/heads/master@{#39040}
The last user was propagating asm_module_ to inner function scopes as asm_function_. asm_function_ is already set upon scope creation when the outer scope IsAsmModule(). With default parameter it's possible that inner scopes are created before set_asm_module() is called. To keep current behavior we'll eagerly mark inner scopes as asm_function_ upon set_asm_module().
There's only one special case that used to be marked asm_function_ which is now no longer marked as such: asm functions in block scopes that are 'Finalized'. PropagateScopeInfo used to mark them as asm_function_ as well, whereas the new version would not mark them upon construction of the inner scope.
I presume both above cornercases aren't actually intended valid asm.js use-cases anyway. The second we can now easily identify in the verifier and mark as invalid asm, since we'll have an asm module with non-asm-function inner functions. If we want to disallow the first, we can also not mark them as asm_functions_ (by removing the loop I added in set_asm_module), which will reveal this structure to the validator.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2270743003
Cr-Commit-Position: refs/heads/master@{#39039}
This way, many files which only need CompilationInfo but not compiler.h
and its dependencies can include just compilation-info.h.
BUG=
Review-Url: https://codereview.chromium.org/2284313003
Cr-Commit-Position: refs/heads/master@{#39038}
This is the first step towards unifying ParseVariableDeclarations.
BUG=
Review-Url: https://codereview.chromium.org/2297643002
Cr-Commit-Position: refs/heads/master@{#39036}
The way we use FinishRegion for transitioning stores makes them eligible
for elimination by TypedOptimization, which is unintended and removes
the atomicity of the transitioning stores. This is a quickfix to ensure
that we don't remove the FinishRegion nodes during TypedOptimization;
the real fix is probably to have separate region operators for value
(producing) regions (i.e. allocations) and for effect-only regions (i.e.
transitioning stores).
R=jarin@chromium.org
BUG=v8:5303
Review-Url: https://codereview.chromium.org/2293023003
Cr-Commit-Position: refs/heads/master@{#39033}
If the type of a tracked field or element value is less precise than the
advertised type of the field or element load, then we replace the load
operation with a TypeGuard that guards the advertised type.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2295643002
Cr-Commit-Position: refs/heads/master@{#39032}
We (mis)used Type::Class to track stable field maps in the past. But
that always more or less unsupport and wrong for various reasons, mostly
because the class types do not really present static information and
thus it is possible to violate fundamental assumptions of the type
system (i.e. intersecting class types and other types produces
"interesting" results).
Now it is possible to finally nuke the class types completely and thus
simplify (and ideally correctify) the type system further.
Note to performance sheriff: We do expect to see some performance
regressions from this change. This is because we do not yet have a sane
replacement mechanism to track known field maps and utilize them during
LoadElimination. This will be accomplished in a follow up CL.
BUG=v8:5270,v8:5267
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2293343002
Cr-Commit-Position: refs/heads/master@{#39031}
This removes two bits of duplication:
- Parsing of each AssignmentExpression, which previously was called
first outside the loop and then inside the loop.
- Parsing of arrow rest parameters, which previously was handled
separately for the one-arg and N-arg cases.
The only change in behavior is in a few error messages.
Review-Url: https://codereview.chromium.org/2279363002
Cr-Commit-Position: refs/heads/master@{#39030}
Reason for revert:
Fails to reject "{*foo: 1}" as an object literal, found
by the fuzzer:
https://build.chromium.org/p/client.v8/builders/V8%20Fuzzer/builds/12315/steps/Fuzz%20on%20Ubuntu-12.04/logs/stdio
Original issue's description:
> Refactor object/class literal property name parsing
>
> This patch arranges that property names are parsed in a single pass,
> reporting the name as well as the type of the property, instead of
> parsing qualifiers like 'static' or 'get' initially as names and then
> re-parsing. This change is easier to reason about, very slightly (4%)
> faster in some cases (although slower in other, less common ones, though
> this slowdown will be fixed in an upcoming patch), and is a prerequisite
> for separating the parsing of object and class literal properties, which
> will become increasingly important as ECMAScript adds more class features.
>
> Committed: https://crrev.com/6dd26c729584024e17a05a2a76b319d4aecdc138
> Cr-Commit-Position: refs/heads/master@{#39027}
TBR=littledan@chromium.org,marja@chromium.org,bakkot@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2295743003
Cr-Commit-Position: refs/heads/master@{#39029}
This patch arranges that property names are parsed in a single pass,
reporting the name as well as the type of the property, instead of
parsing qualifiers like 'static' or 'get' initially as names and then
re-parsing. This change is easier to reason about, very slightly (4%)
faster in some cases (although slower in other, less common ones, though
this slowdown will be fixed in an upcoming patch), and is a prerequisite
for separating the parsing of object and class literal properties, which
will become increasingly important as ECMAScript adds more class features.
Review-Url: https://codereview.chromium.org/2278153004
Cr-Commit-Position: refs/heads/master@{#39027}
Increasingly, we avoid using the representation dimension of Type,
and set it explicitly ourselves.
BUG=
Review-Url: https://codereview.chromium.org/2290233002
Cr-Commit-Position: refs/heads/master@{#39026}
When changing from Tagged to Float64 representation, it's not unlikely
to see a HeapNumber (or if feedback says so, an Oddball), so we
shouldn't penalize the code that deals with this case by marking it as
deferred.
R=mvstanton@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2295933003
Cr-Commit-Position: refs/heads/master@{#39025}
When FieldType::None() returns a cast Smi::FromInt(0), which translates
as nullptr, the FieldType::IsNone() check becomes equivalent to
`this == nullptr` which is not allowed by the standard and
therefore optimized away as a false constant by GCC 6.
This has lead to crashes when invoking methods on FieldType::None().
Using a different Smi constant for FieldType::None() makes the compiler
always include a comparison against that value. The choice of these
constants has no effect as they are effectively arbitrary.
BUG=https://github.com/nodejs/node/issues/8310
Review-Url: https://codereview.chromium.org/2292953002
Cr-Commit-Position: refs/heads/master@{#39023}
If the input of grow-memory was not representable as a SMI, then the
input was not passed correctly to the runtime, which caused a crash.
With this CL the input of grow-memory is checked before the runtime is
called.
R=titzer@chromium.org, gdeepti@chromium.org
TEST=mjsunit/wasm/grow-memory.js:testGrowMemoryTrapsWithNonSmiInput()
Review-Url: https://codereview.chromium.org/2288773002
Cr-Commit-Position: refs/heads/master@{#39022}
Now incremental marking tracing outputs isolate and timestamp:
[41894:0x21efec0] 17253 ms: [IncrementalMarking] Start (old space step)
This patch also adds walltime duration of incremental marking to GC trace output.
BUG=
Review-Url: https://codereview.chromium.org/2293883002
Cr-Commit-Position: refs/heads/master@{#39016}
This commit introduces several new types:
* JSStackFrame and WasmStackFrame are wrapper classes around a single frame
in a FrameArray.
* They both inherit from StackFrameBase, which uses virtual dispatch to call
the correct implementation.
* FrameArrayIterator contains a static instance of JSStackFrame and
WasmStackFrame and returns a pointer to the corresponding type for each
frame.
* The JS callsite object now contains the frame array and frame index
as internal fields.
Internal stack formatting now relies completely on FrameArrayIterator and the
{JS,Wasm}StackFrame types. JS callsite instances are allocated only for custom
user formatting through Error.prepareStackTrace.
BUG=
Review-Url: https://codereview.chromium.org/2275233002
Cr-Commit-Position: refs/heads/master@{#39015}
With this CL we use isolate->native_context() to provide a context for
the CEntryStub of the runtime call. The native_context() is sufficient
here because Runtime::kWasmThrowTypeError does not use the context.
R=titzer@chromium.org
TEST=mjsunit/wasm/ffi-error.js
BUG=chromium:639492
Review-Url: https://codereview.chromium.org/2291043002
Cr-Commit-Position: refs/heads/master@{#39014}
For arch variants loongson and r1 neg instruction does not change the
sign for NaN-like operands, the same as r2 neg. This fix adjusts macro
assembler Neg_s and Neg_d arch variant logic so the correct code would
be generated for loongson and r1.
BUG=
Review-Url: https://codereview.chromium.org/2287333002
Cr-Commit-Position: refs/heads/master@{#39007}
Put the types for the Date builtins into the TypeCache, and add
support for Date.prototype.getDay and Date.prototype.getMinutes.
R=epertoso@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2296593002
Cr-Commit-Position: refs/heads/master@{#39005}
This replaces the target-selection options (such as "--enable-vfp3")
with a simpler, absolute "--arm-arch" option. This eliminates inferences
and avoids surprising behaviour in impossible situations (such as
"--enable-vfp3 --no-enable-armv7").
The available options are:
--arm-arch=armv6 ARMv6 + VFPv2
--arm-arch=armv7 ARMv7 + VFPv3-D32 + NEON
--arm-arch=armv7+sudiv ARMv7 + VFPv4-D32 + NEON + SUDIV
--arm-arch=armv8 ARMv8 (+ all of the above)
For now, the default setting is "armv8", which results in behaviour very
similar to the existing defaults.
BUG=v8:5077
Review-Url: https://codereview.chromium.org/2223433002
Cr-Commit-Position: refs/heads/master@{#39004}
This CL is a prequisite for the stack machine changes, which will need
to use temporaries in various places due to the stack height requirements
on blocks.
R=ahaas@chromium.org,bradnelson@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2280063002
Cr-Commit-Position: refs/heads/master@{#39001}
It emits spurious -Wmaybe-uninitialized warnings. Initializing these variables
shouldn't do any harm (with an optimizing compiler), so this seems the quickest
way to mollify gcc.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2290653003
Cr-Commit-Position: refs/heads/master@{#39000}
Otherwise, we'd hold on to the resources until the embedder frees them
which might take a long time
R=marja@chromium.org,verwaest@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2297523002
Cr-Commit-Position: refs/heads/master@{#38999}
This was exposed on win64 and manifested as a negative offset during
stack frame collection, i.e. pc < Code::instruction_start() for a
BUILTIN frame.
This happened because StackFrame::LookupCode returns the wrong code
object when call is the last instruction in a code object:
* pc is actually the return address for all but the topmost frame.
* pc points at the next instruction after the call.
* This is beyond the current code object if call is the last
instruction.
* Lookup itself is naive in that it just returns the first code object
for which (next_code_obj_addr > pc). It does not check that pc is
actually within [instruction_start, instruction_end[.
* In this specific case, the pc (== return address) actually pointed
at the beginning of the header of the next code object.
* We finally calculated offset as (code->instruction_start() - pc),
but with the wrong code object.
This should be followed up by a proper fix at some point. For instance,
this could be setting pc to (return address - 1) for all but the topmost
frame.
BUG=v8:5311
Review-Url: https://codereview.chromium.org/2284673002
Cr-Commit-Position: refs/heads/master@{#38996}
port 56429fc146 (r38978)
original commit message:
Introduced MachineType::TaggedSigned() and TaggedPointer().
The idea is to quit using the representational dimension of Type, and
instead encode this information in the MachineRepresentation (itself
lightly wrapped in MachineType, along with MachineSemantic).
There are three parts to the whole change:
1) Places that set the machine representation - constant nodes, loads nad
stores, global object and native context specialization.
2) Places that propagate type/representation - this is representation
inference (aka simplified lowering). At the end of this process we
expect to have a MachineRepresentation for every node. An interesting
part of this is phi merging.
3) Places that examine representation - WriteBarrier elimination does this.
Currently it's looking at the Type representation dimension, but as
a part of this change (or in a soon-to-follow change) it can simply
examine the MachineRepresentation.
BUG=
Review-Url: https://codereview.chromium.org/2293603003
Cr-Commit-Position: refs/heads/master@{#38993}
port 1915762cc8 (r38968)
original commit message:
These JavaScript operators were special hacks to ensure that we always
operate on Smis for the magic for-in index variable, but this never
really worked in the OSR case, because the OsrValue for the index
variable didn't have the proper information (that we have for the
JSForInPrepare in the non-OSR case).
Now that we have loop induction variable analysis and binary operation
hints, we can just use JSLessThan and JSAdd instead with appropriate
Smi hints, which handle the OSR case by inserting Smi checks (that are
always true). Thanks to OSR deconstruction and loop peeling these Smi
checks will be hoisted so they don't hurt the OSR case too much.
Drive-by-change: Rename the ForInDone bytecode to ForInContinue, since
we have to lower it to JSLessThan to get the loop induction variable
goodness.
BUG=
Review-Url: https://codereview.chromium.org/2286353003
Cr-Commit-Position: refs/heads/master@{#38992}
This unblocks moving off having to hold on to a compiled module
template.
Once we don't have the template, when we have a single instance, the
instance and wasm module share the same compiled code. We will want
to clear that code off instance-specific stuff, when the instance is
unreferenced and should be GC-ed (stuff like the instance heap, for
instance). However, the deopt data will maintain a strong reference,
blocking the GC: the module object strongly references the compiled
code, which strongly references the instance object through the deopt
data.
This change addresses that by making that last reference weak.
BUG=v8:5316
Review-Url: https://codereview.chromium.org/2284683005
Cr-Commit-Position: refs/heads/master@{#38990}
This adds:
* A script (tools/update-wasm-fuzzers.sh), which creates a new fuzzing seed
corpus and uploads to google storage (you must have the right credentials).
* A new pair of DEPS entries to pull in the current version of the corpus
based on a checked in pair of hash files.
BUG=None
TEST=None
R=ahaas@chromium.org,kcc@chromium.org,mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2273303002
Cr-Commit-Position: refs/heads/master@{#38987}
Tail calls don't make sense from async functions and generators, as
each activation of these functions needs to make a new, distnict,
non-reused generator object. These tail calls are not required per
spec. This patch disables both syntactic and implicit tail calls
in async functions and generators.
R=neis
BUG=v8:5301,chromium:639270
Review-Url: https://codereview.chromium.org/2278413003
Cr-Commit-Position: refs/heads/master@{#38986}
The format of this is a little strange, and has to do with the previous
implementation maintaining a "stack" of objects as it works. As a result,
the format writes the array buffer before giving any hint that the reason
for doing so is to obtain a view wrapping it. Handling this without creating
an explicit on-heap stack requires checking whether the next tag is 'V'
after obtaining an array buffer.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2287653002
Cr-Commit-Position: refs/heads/master@{#38984}
These DCHECKs are executed when a wasm module is instantiated. However,
invalid load/store offsets should trigger runtime traps, not
instantiation-time errors.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2285223002
Cr-Commit-Position: refs/heads/master@{#38981}
This additionally gets rid of old approach to global shortcuts.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2287173002
Cr-Commit-Position: refs/heads/master@{#38980}
Parser::Declare has a lot of Scope-related logic inside; especially it
does Lookup in Scope. Scope should be the class which knows how to
declare variables in different kinds of Scopes, not Parser.
BUG=
Review-Url: https://codereview.chromium.org/2280033002
Cr-Commit-Position: refs/heads/master@{#38979}
Introduced MachineType::TaggedSigned() and TaggedPointer().
The idea is to quit using the representational dimension of Type, and
instead encode this information in the MachineRepresentation (itself
lightly wrapped in MachineType, along with MachineSemantic).
There are three parts to the whole change:
1) Places that set the machine representation - constant nodes, loads nad
stores, global object and native context specialization.
2) Places that propagate type/representation - this is representation
inference (aka simplified lowering). At the end of this process we
expect to have a MachineRepresentation for every node. An interesting
part of this is phi merging.
3) Places that examine representation - WriteBarrier elimination does this.
Currently it's looking at the Type representation dimension, but as
a part of this change (or in a soon-to-follow change) it can simply
examine the MachineRepresentation.
BUG=
Review-Url: https://codereview.chromium.org/2258073002
Cr-Commit-Position: refs/heads/master@{#38978}
This removes test/webkit/fast/js/stack-overflow-arrity-catch.js, which tests that the stack overflows in a very particular way. It doesn't seem to test anything important, and only used to work because we didn't inline into try-blocks.
BUG=
R=jarin
Review-Url: https://codereview.chromium.org/2216353002
Cr-Commit-Position: refs/heads/master@{#38976}
If we know statically that x and y are both in Unsigned32 or NaN or -0,
and we have SignedSmall or Signed32 feedback for x % y, then we can take
the feedback on the inputs and lower to Uint32Mod.
Drive-by-fix: Refactor this logic into a separate method.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2287303002
Cr-Commit-Position: refs/heads/master@{#38975}
Infer exact types for the various Date getter builtins, and also inline
the Date.prototype.getTime() builtin, which just returns the Date value
and thus doesn't need to check the cache stamp.
R=epertoso@chromium.org
Review-Url: https://codereview.chromium.org/2285213002
Cr-Commit-Position: refs/heads/master@{#38973}
Drop the typing rules for the machine operators and replace them
with UNREACHABLE. These typing rules were never correct and there's
also no need to have those rules at all.
Drive-by-fix: Remove the extremely annoying test-simplified-lowering.cc
file, which is not very useful, but consumes a large amount of time to
keep it compiling and passing. Instead we should introduce appropriate
tests for the SimplifiedLowering that also test something meaningful
w/o just cementing the implementation.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2292463002
Cr-Commit-Position: refs/heads/master@{#38970}
These JavaScript operators were special hacks to ensure that we always
operate on Smis for the magic for-in index variable, but this never
really worked in the OSR case, because the OsrValue for the index
variable didn't have the proper information (that we have for the
JSForInPrepare in the non-OSR case).
Now that we have loop induction variable analysis and binary operation
hints, we can just use JSLessThan and JSAdd instead with appropriate
Smi hints, which handle the OSR case by inserting Smi checks (that are
always true). Thanks to OSR deconstruction and loop peeling these Smi
checks will be hoisted so they don't hurt the OSR case too much.
Drive-by-change: Rename the ForInDone bytecode to ForInContinue, since
we have to lower it to JSLessThan to get the loop induction variable
goodness.
R=epertoso@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2289613002
Cr-Commit-Position: refs/heads/master@{#38968}
For asm.js we now have a dedicated AsmTyper, that uses it's own type
system (which is tailored towards asm.js), and so we don't need the
special asm.js types anymore in the TypeCache. This also moves the
TypeCache into the src/compiler directory, because it doesn't make
sense to use outside anyways.
TBR=ahaas@chromium.orgR=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2289573002
Cr-Commit-Position: refs/heads/master@{#38964}
There's no need to preserve the exact callee for lazy bailouts
from JSCallFunction in the AstGraphBuilder, as fullcodegen code
will never look at that value after the callee returns. So we
just push optimized_out instead.
BUG=v8:5267
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2285183002
Cr-Commit-Position: refs/heads/master@{#38963}
Reason for revert:
Tanks pretty much alle metrics across the board. Probably LO space limit too low but needs investigation.
Original issue's description:
> [heap] Switch to 500k pages
>
> Decrease regular heap object size to 400k. In a follow up, we can now get rid of
> the new space border page while keeping the 1M minimum new space size.
>
> This reverts commit 1617043c10.
>
> BUG=chromium:636331
>
> Committed: https://crrev.com/2101e691caeef656eb91f1c98620b3955d337c83
> Cr-Commit-Position: refs/heads/master@{#38916}
TBR=ulan@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:636331
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2289493002
Cr-Commit-Position: refs/heads/master@{#38960}
Reason for revert:
Significantly tanks parsing. We probably should just keep on doing what we're doing: partially deserialize while resolving variables. If we do scope-info backed resolution after regular resolution based on remaining free variables, we can probably reduce the time-frame of that part. We soon after anyway need to sync with the main thread.
Original issue's description:
> Always deserialize scope infos for parsing
>
> When looking up variables in the ScopeInfo, we did a linear scan of the
> ScopeInfo. Since that's unacceptably slow, a context slot cache was added
> that would speed up repeated lookups of the same variable.
>
> Instead, just always fully convert the ScopeInfo into scopes, so they can
> lookup variables without scanning the ScopeInfo.
>
> This also allows for removing the now unused ContextSlotCache.
>
> R=adamk@chromium.org,verwaest@chromium.org,marja@chromium.org
> BUG=v8:5315
>
> Committed: https://crrev.com/81f824cad18e4dc873a8838943217eb9c9f0c1f0
> Cr-Commit-Position: refs/heads/master@{#38953}
TBR=adamk@chromium.org,marja@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5315
Review-Url: https://codereview.chromium.org/2287783003
Cr-Commit-Position: refs/heads/master@{#38958}
As part of the work to implement catch prediction for async functions,
the resulting Promise that is the output of the function needs to be
available earlier for a couple reasons:
- To be able to do %DebugPushPromise/%DebugPopPromise over the body
of the async function
- To be able to pass the resulting promise into AsyncFunctionAwait
in order to set up the dependency chains
This patch creates the Promise earlier and pushes it onto the debug
stack; a later patch will set up the dependency chain. Although the
debug stack is set up, it's not anticipated that this will change
the catch prediction helpfully yet, as everything will still likely
be predicted as 'caught' for now, as before.
R=caitp@igalia.com,yangguo@chromium.org
CC=neis@chromium.org,gsathya@chromium.org
BUG=v8:5167
Review-Url: https://codereview.chromium.org/2233923003
Cr-Commit-Position: refs/heads/master@{#38957}
By removing the copy flag, we reduce the amount of strings to be copied each
time.
BUG=v8:5089
LOG=N
Review-Url: https://codereview.chromium.org/2233993002
Cr-Commit-Position: refs/heads/master@{#38955}
When looking up variables in the ScopeInfo, we did a linear scan of the
ScopeInfo. Since that's unacceptably slow, a context slot cache was added
that would speed up repeated lookups of the same variable.
Instead, just always fully convert the ScopeInfo into scopes, so they can
lookup variables without scanning the ScopeInfo.
This also allows for removing the now unused ContextSlotCache.
R=adamk@chromium.org,verwaest@chromium.org,marja@chromium.org
BUG=v8:5315
Review-Url: https://codereview.chromium.org/2280933002
Cr-Commit-Position: refs/heads/master@{#38953}
The embedder is expected to arrange for the array buffer contents to be
transferred into a v8::ArrayBuffer in the receiving context (generally by
assuming ownership of the externalized backing store).
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2275033003
Cr-Commit-Position: refs/heads/master@{#38948}
The accumulator is always part of the translation for every interpreted
frame. The assumption is that all frames are in {TOS_REGISTER} state.
This however is not supported for non-topmost frames and we need to
avoid pushing the accumulator onto the machine stack.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2271153003
Cr-Commit-Position: refs/heads/master@{#38945}
These DCHECKs were causing several test failures or r6. They should not
be here because only NEG.PS format was removed in r6, NEG.S and NEG.D
instructions remain.
BUG=
Review-Url: https://codereview.chromium.org/2276563006
Cr-Commit-Position: refs/heads/master@{#38944}
Floating point negate instructions are still present in release 6, only
one format of neg is removed, NEG.PS. Others formats can be used and in
r6 they also change the sign of NaN-like operands as well. This makes r6
generated code simpler for Neg_d and Neg_s macroassembler functions.
BUG=
Review-Url: https://codereview.chromium.org/2285703002
Cr-Commit-Position: refs/heads/master@{#38943}
New space evaucation in MC supports, similar to scavenges, fall back allocation
in old space.
For new space evacuation we support stick and non-sticky modes for fallback. The
sticky mode essentially removes the capability to allocate in new space while
the non-sticky mode only falls back for a single allocation.
We use the non-sticky mode for allocations that are too large for a LAB but
should still go in new space. When such an allocation fails in new space, we
allocate in old space in non-sticky mode as we would still like to reuse the
remainder memory in new space. However, in such a case we fail to properly
report the space allocated in resulting in a missed recorded slot.
BUG=chromium:641270
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2280943002
Cr-Commit-Position: refs/heads/master@{#38940}
This CL fixes the first bug I found with the new fuzzing. The problem is
that the number of locals is unbounded. This CL bounds the number of
locals of one type with 8000000, an arbitrary number.
R=titzer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2271803004
Cr-Commit-Position: refs/heads/master@{#38936}
Using the dedicated simplified operator we are able to eliminate
redundant neuterung checks as long as there is no call in the
effect chain. This yields a nice speed up for the Octane Mandreel
benchmark (and TypedArray-heavy workloads in general).
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2279213002
Cr-Commit-Position: refs/heads/master@{#38932}
Introduce a new TypedOptimization reducer that contains the type
based optimization reduction steps, which are not (directly)
related to lowering JavaScript operators based on types (which is
what JSTypedLowering is supposed to do).
This also addresses a chicken-and-egg problem that we see in the
Octane/Mandreel benchmark where type based constant folding isn't
applied to the numeric comparison operators introduced by the
JSTypedLowering itself, and thus gives up to 10% speedup for the
benchmark.
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2280673003
Cr-Commit-Position: refs/heads/master@{#38928}
This patch:
1. Removes the unecessary inheritance of ParserBaseTraits<Impl>
in ParserBase<Impl>.
2. Flattens ParserBaseTraits<Impl> and renames it to
ParserTypes<Impl>. The Traits parameter/member is renamed to
Types.
3. Removes unecessary v8::internal:: qualifications from parser
types.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2279773002
Cr-Commit-Position: refs/heads/master@{#38927}
This interleaves setting names and values in the scope info. It's a little messy since globals and locals are interleaved, but afaiu globals is going away.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2272293004
Cr-Commit-Position: refs/heads/master@{#38925}
They are both accumulated at the same time, and either one already triggered
an error in ValidateExpression. Basically, there were no disjoint uses of
these two error types.
Review-Url: https://codereview.chromium.org/2268173005
Cr-Commit-Position: refs/heads/master@{#38922}
If the parser creates a catch scope, the variable is also added to
ordered_variables_ so just always do that.
Otherwise, it's not possible to create a ScopeInfo for that catch scope
R=verwaest@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2278963002
Cr-Commit-Position: refs/heads/master@{#38921}
Previously the calls to ExpressionClassifier::Accumulate() each chose
slightly different sets of productions to accumulate, and it turned
out that these were in some cases broader than needed and in some
cases less broad.
The existence of some grab-bag production bitmasks like
ExpressionClassifier::ExpressionProductions made this situation more
error-prone (for example, that production was missing AsyncArrowFormalParametersProduction).
This patch removes all "grab-bags" besides AllProductions. In some of
the places where code was using those grab-bags for convenience, it
switches them to use negation of AllProductions. In other, specifically
those having to do with expressions that are disallowed anywhere in
a sub-expression of a parameter list, I've added a new method on
ExpressionClassifier to centralize the logic.
The aforementioned centralization/addition of
AsyncArrowFormalParametersProduction fixes several cases where we were
failing to report an error for 'await' in some contexts; I've added
those test cases.
The patch also narrows all cases to exactly the set or productions
necessary, with a comment on each explaining the choice.
BUG=v8:4483
Review-Url: https://codereview.chromium.org/2271063002
Cr-Commit-Position: refs/heads/master@{#38918}
Decrease regular heap object size to 400k. In a follow up, we can now get rid of
the new space border page while keeping the 1M minimum new space size.
This reverts commit 1617043c10.
BUG=chromium:636331
Review-Url: https://codereview.chromium.org/2278653003
Cr-Commit-Position: refs/heads/master@{#38916}
Suitably scary warnings attached, as this will yet evolve (notably to handle
host objects, which are not currently handled).
Unit tests adjusted to use the public version of ValueSerializer, eliminating
any need they have to access v8::internal.
With this, Blink can begin using this code experimentally behind a flag as it
develops.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2274693002
Cr-Commit-Position: refs/heads/master@{#38915}
Transferral is not included in this CL, nor is SharedArrayBuffer.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2264403004
Cr-Commit-Position: refs/heads/master@{#38913}
Record details, such as cumulative duration, number of steps, and longest steps
in IncrementalMarkingDetails which get populated at a single callsite
(AddScopeSample). Remove member fields that thus become obsolete (unfortunately
not all of them).
Additional remove some dead code and refactor printing. Printing in a single
statement allows for using logcat on Android.
This should also address the regression in chromium:640524.
BUG=chromium:639818,chromium:640524
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2269093002
Cr-Commit-Position: refs/heads/master@{#38912}
I could only test this with FreeBSD and OSX
(on the Node.js CI).
I don't know if the fix is correct for other BSD platforms.
Review-Url: https://codereview.chromium.org/2251603004
Cr-Commit-Position: refs/heads/master@{#38905}
DuplicateFinder isn't actually used by the Scanner, except for one
convenience function which we should probably remove, also.
BUG=
Review-Url: https://codereview.chromium.org/2281443002
Cr-Commit-Position: refs/heads/master@{#38904}
Unlike Crankshaft, Turbofan does not provide a context when trying to grow
elements. Depending on the code path we might end up updating transitioning
elements kinds in allocation sites for which we need access to the current
context. Unlike GrowCapacityAndConvert, the newly introduced GrowCapacity simply
returns false in cases where map transitions are involved.
BUG=chromium:637279
Patch by Camillo Bruni <cbruni@chromium.org>,
originally reviewed at https://codereview.chromium.org/2244983004/
Review-Url: https://codereview.chromium.org/2252393002
Cr-Commit-Position: refs/heads/master@{#38901}
During finalization, we create SharedFunctionInfos which in turn
will create ScopeInfos for the Scopes in the AST. The Scopes then
cache a handle to the ScopeInfos. However, once the scope is closed,
all those handles get zapped, and it's no longer possible to access
the scopes (even though we actually still need the AST).
R=rmcilroy@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2278933002
Cr-Commit-Position: refs/heads/master@{#38898}
Adds compile operations to the CompilerDispatcherJob interface. As such,
introduces Compiler::PrepareUnoptimizedCompilationJob and updates the
unoptimized compilation path to use CompilationJobs. Also unifies
FinalizeCompilationJob to deal with both optimized and unoptimized
compilation jobs.
A dummy FullCodegenCompilationJob is also introduced, where all the work
is done in the ExecuteJob phase, which cannot be run on a
background thread.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2251713002
Cr-Commit-Position: refs/heads/master@{#38897}
Try to narrow types of Phis further during JSTypedLowering, because
lowering based on types might create further opportunities for improving
the types.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2278903002
Cr-Commit-Position: refs/heads/master@{#38895}
Existing uses are correct but the return type was misleading.
Also clarify some related comments to make the difference between Bits
and BitField more obvious.
BUG=
Review-Url: https://codereview.chromium.org/2275973002
Cr-Commit-Position: refs/heads/master@{#38894}
Reason for revert:
Octane/Mandreel aborts with an exception now:
TypeError: __FUNCTION_TABLE__[(r2 >> 2)] is not a function
Original issue's description:
> [turbofan] Insert dummy values when changing from None type.
>
> Currently we choose the MachineRepresentation::kNone representation for
> values of Type::None, and when converting values from the kNone representation
> we use "impossible" conversions that will crash at runtime. This
> assumes that the impossible conversions should never be hit (the only
> way to produce the impossible values is to perform an always-failing
> runtime check on a value, such as Smi-checking a string). Note that
> this assumes that the runtime check is executed before the impossible
> convesrion.
>
> Introducing BitwiseOr type feedback broke this in two ways:
>
> - we always pick Word32 representation for bitwise-or, so the
> impossible conversion does not trigger (it only triggers with
> None representation), and we could end up with unsupported
> conversions from Word32.
>
> - even if we inserted impossible conversions, they are pure conversions.
> Since untagging, bitwise-or operations are also pure, we could hoist
> all these before the smi check of the inputs and we could hit the
> impossible conversions before we get to the smi check.
>
> This CL addresses this by just providing dummy values for conversions
> from the Type::None type. It also removes the impossible-to-* conversions.
>
> BUG=chromium:638132
>
> Committed: https://crrev.com/c83b21ab755f1420b6da85b3ff43d7e96ead9bbe
> Cr-Commit-Position: refs/heads/master@{#38883}
TBR=mstarzinger@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:638132
Review-Url: https://codereview.chromium.org/2280613002
Cr-Commit-Position: refs/heads/master@{#38893}
This patch moves the following methods from the traits objects to
the (pre)parser implementation objects:
- AddFormalParameter
- AddParameterInitializationBlock
- DeclareFormalParameter
- ExpressionListToExpression
- GetNonPatternList
- GetReportedErrorList
- IsTaggedTemplate
- MaterializeUnspreadArgumentsLiterals
- NoTemplateTag
- ParseArrowFunctionFormalParameterList
- ReindexLiterals
- SetFunctionNameFromIdentifierRef
- SetFunctionNameFromPropertyName
It moves the Void method from the preparser traits object to the
preparser implementation object. It also removes the traits zone
method and replaces it with that of ParserBase, which it turns to
public.
After all this, the traits objects contain just typedefs and the
delegate methods are no more necessary.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2277843002
Cr-Commit-Position: refs/heads/master@{#38892}
Used a BitField to for Variable fields instead of relying on the compiler, saving some memory probably.
This reduces sizeof(Variable) from 64 to 40 on x64
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2257493002
Cr-Commit-Position: refs/heads/master@{#38891}
This patch moves the following methods from the traits objects to
the (pre)parser implementation objects:
- ExpressionFromIdentifier
- ExpressionFromLiteral
- ExpressionFromString
- FunctionSentExpression
- GetNextSymbol
- GetNumberAsSymbol
- GetSymbol
- NewExpressionList
- NewPropertyList
- NewStatementList
- NewSuperCallReference
- NewSuperPropertyReference
- NewTargetExpression
- ThisExpression
Also, the method GetIterator is specific only to the parser and is
removed from the preparser's implementation.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2274113002
Cr-Commit-Position: refs/heads/master@{#38890}
There's no point in running the LoadElimination on asm.js functions and
it would take serious amount of effort to actually make it correct for
the deprecated parts of the pipeline.
R=jarin@chromium.org
BUG=v8:5308
Review-Url: https://codereview.chromium.org/2276273002
Cr-Commit-Position: refs/heads/master@{#38884}
Currently we choose the MachineRepresentation::kNone representation for
values of Type::None, and when converting values from the kNone representation
we use "impossible" conversions that will crash at runtime. This
assumes that the impossible conversions should never be hit (the only
way to produce the impossible values is to perform an always-failing
runtime check on a value, such as Smi-checking a string). Note that
this assumes that the runtime check is executed before the impossible
convesrion.
Introducing BitwiseOr type feedback broke this in two ways:
- we always pick Word32 representation for bitwise-or, so the
impossible conversion does not trigger (it only triggers with
None representation), and we could end up with unsupported
conversions from Word32.
- even if we inserted impossible conversions, they are pure conversions.
Since untagging, bitwise-or operations are also pure, we could hoist
all these before the smi check of the inputs and we could hit the
impossible conversions before we get to the smi check.
This CL addresses this by just providing dummy values for conversions
from the Type::None type. It also removes the impossible-to-* conversions.
BUG=chromium:638132
Review-Url: https://codereview.chromium.org/2266823002
Cr-Commit-Position: refs/heads/master@{#38883}
For concurrent recompilation we created the CompilationHandleScope after
the CanonicalHandleScope, which basically disabled the canonicalization
because the deferred handle creation doesn't pay attention to the
canonicalization mode then. This meant that we did not canonicalize
handles properly as soon as concurrent recompilation was enabled.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2276953004
Cr-Commit-Position: refs/heads/master@{#38882}
According to our style guide on Copyable and Movable Types,
copy/move operators should be disabled in the public: section, not
in the private: section. If disabled with a macro such as
DISALLOW_COPY_AND_ASSIGN, it should be at the end of the private: section,
and should be the last thing in the class.
BUG=
Review-Url: https://codereview.chromium.org/2271043003
Cr-Commit-Position: refs/heads/master@{#38878}
This patch fixes up one last case of redundant ExceptionEvents being
triggered in the debugger for Promises--it makes the default reject
handler for Promises (e.g., if the second argument for
Promise.prototype.then is missing) appear to the debugger as a
rethrow.
R=adamk@chromium.org,jgruber@chromium.org
BUG=v8:5167
Review-Url: https://codereview.chromium.org/2278643002
Cr-Commit-Position: refs/heads/master@{#38876}
Mark deopt's input alive till the end of the deopt instruction so
they cannot be reused as output.
BUG=v8:5158
Review-Url: https://codereview.chromium.org/2247303007
Cr-Commit-Position: refs/heads/master@{#38875}
Unfortunately, I was unable to produce a repro without asm.js. In normal
JavaScript, the bounds check renaming saves us.
I have not done anything about the index variable aliasing and handling
of differently sized elements yet!
BUG=chromium:639210, v8:5266
Review-Url: https://codereview.chromium.org/2270793004
Cr-Commit-Position: refs/heads/master@{#38874}
This makes some information passed implicitly (e.g. the ForceConstructor
flag used to be a special symbol passed as the receiver) explicit.
BUG=
Review-Url: https://codereview.chromium.org/2274823002
Cr-Commit-Position: refs/heads/master@{#38870}
The value returned via the int* argument was actually never used.
Also remove has_rest_parameter() in favor of returning nullptr from
rest_parameter(). This is in line with similar accessors and simplifies my
changes.
BUG=
Review-Url: https://codereview.chromium.org/2276923002
Cr-Commit-Position: refs/heads/master@{#38868}
This preserves the original shared code of the underlying function when
bytecode is provided. The method in question should only ensure bytecode
is present, but should avoid switching compilation tiers of the given
function. It might be that the function was fast-tracked to baseline by
inlining without going through the interpreted tier first.
R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-635923
BUG=chromium:635923
Review-Url: https://codereview.chromium.org/2278543002
Cr-Commit-Position: refs/heads/master@{#38866}
Don't bother using %_IsJSReceiver, which immediately gets lowered to
ObjectIsReceiver anyways (by the JSIntrinsicLowering), but requires
some complicated rewiring of effect/control chains.
R=mstarzinger@chromium.org
BUG=chromium:640369
Review-Url: https://codereview.chromium.org/2271973003
Cr-Commit-Position: refs/heads/master@{#38864}
The CL #38858 (https://codereview.chromium.org/2269293004) removed the parameter assignment code
in rest_parameter(int* index) function in Class DeclarationScope.
This caused the Gcc compilation fail at the following code in src/compiler/ast-graph-builder.cc, line 576.
int rest_index;
Variable* rest_parameter = scope->rest_parameter(&rest_index);
BuildRestArgumentsArray(rest_parameter, rest_index);
The error message was:
../src/compiler/ast-graph-builder.cc: In member function ‘void v8::internal::compiler::AstGraphBuilder::CreateGraphBody(bool)’:
../src/compiler/ast-graph-builder.cc:578:54: error: ‘rest_index’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
BuildRestArgumentsArray(rest_parameter, rest_index);
^
This CL fixed this issue by intializing rest_index to 0.
BUG=
Review-Url: https://codereview.chromium.org/2270363003
Cr-Commit-Position: refs/heads/master@{#38863}
For O instanceof C, we only need to check the instance type while
iterating the prototypes of O instead of checking both the instance
type and the access check bit of the map. This is because we have
the explicit range of "special object types", which include both
JSProxy as well as the global object and proxy and all API objects
that might have access checks or interceptors. Also restructure the
loop exits somewhat to ensure that the branch cloning gets a chance
to actually eliminate the bit materialization for the results.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2263273003
Cr-Commit-Position: refs/heads/master@{#38860}
With scopes: Don't call the ctor which wants a ScopeInfo if we
don't want to pass it, instead call a ctor which doesn't need it.
In addition, remove inner_scope from ctors and adjust it
explicitly afterwards. It's confusing that some ctors get passed
inner scopes and some outer scopes.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2270743002
Cr-Commit-Position: refs/heads/master@{#38859}
rest_index_ is implicitly params_.length() - 1, since it can only be the last.
Add dchecks that no parameters are added after the rest parameter.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2269293004
Cr-Commit-Position: refs/heads/master@{#38858}
port 2027b0bed1 (r38784)
original commit message:
The new operators are implemented similar to the Float64(Max|Min) which
already exist. The purpose of the new operators is the implementation
of the F32Max and F32Min instructions in WebAssembly.
BUG=
Review-Url: https://codereview.chromium.org/2270193003
Cr-Commit-Position: refs/heads/master@{#38857}
port 4598d9139e (r38747)
original commit message:
This fixes the self-healing mechanism for closures in the interpreter
entry trampoline not that bytecode can be preserved even when baseline
code is already available.
BUG=
Review-Url: https://codereview.chromium.org/2273503003
Cr-Commit-Position: refs/heads/master@{#38856}
Now that ordered_variables_ is used to find non-dynamic variables, and NonLocals are always stored in the scope that introduces them, we can rely on variables_ to also cache non-locals. This has 2 advantages:
1) we don't need DynamicScopePart anymore, reducing all scopes by a pointer
2) upon second lookup of a non-local we don't need to walk the entire chain anymore. The cached value will immediately be found.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2276483003
Cr-Commit-Position: refs/heads/master@{#38855}
This recovers about 50% of the regression in compilation time.
BUG=chromium:638208
Review-Url: https://codereview.chromium.org/2274053002
Cr-Commit-Position: refs/heads/master@{#38854}
A FrameArray encodes information about a set of stack frames into a fixed
array.
This commit is a pure refactoring to make the structure of fixed array-encoded
frames explicit.
BUG=
Review-Url: https://codereview.chromium.org/2270783002
Cr-Commit-Position: refs/heads/master@{#38852}
When compiling a wasm module, we initially generate placeholders for
imports, which store the index corresponding to that import. Later,
at instantiation time, we use that index to correctly link the
provided import.
In this scheme, supporting multiple instantiations requires we
preserve a template (set of unlinked compiled wasm functions) which
we clone for each instance. To avoid holding on to this template,
which may be large (wasm compiled code should be expected to be in
the order of tens of MB), we must enable cloning from an instance's
linked wasm functions.
This change is a step in that direction. Instead of assuming the wasm
functions reference placeholders, we store a table of the code objects
used for imports together with the compiled module, and use that
information to determine the index of the import. Initially, that
table contains placeholders. For instances, however, that table contains
their actual imports.
BUG=
Review-Url: https://codereview.chromium.org/2269323002
Cr-Commit-Position: refs/heads/master@{#38848}
To make async/await catch prediction work well, this patch regularizes
the exception events sent to DevTools from various places in the Promise
lifecycle. The core is that there should be an exception event when the
rejection first starts, rather than when it is propagated.
- Several cases within Promise code which propagate errors are
modified to not trigger a new ExceptionEvent in that case, such
as .then on a rejected Promise and returning a rejected Promise
from .then, as well as Promise.race and Promise.all.
- Make Promise.reject() create an ExceptionEvent, subject to catch
prediction based on the Promise stack. This is important
so that, e.g., if "await Promise.reject()" will trigger a new
throw (rather than a silent rethrow of something that never
triggered an event in the first place).
BUG=v8:5167
Review-Url: https://codereview.chromium.org/2244003003
Cr-Commit-Position: refs/heads/master@{#38847}
This gets rid of the BindingsKind flag. It replaces the factory argument with a bool that indicates whether free variables should be resolved as well.
BUG=
Review-Url: https://codereview.chromium.org/2262393004
Cr-Commit-Position: refs/heads/master@{#38844}
"ExpressionProductions" was missing the plural. I don't think this
changed any behavior, but I'd rather be safe than sorry. Also
removed redundant mention of TailCall production.
A future patch will attempt to make calls to Accumulate make more sense,
in general.
R=littledan@chromium.org
Review-Url: https://codereview.chromium.org/2270153002
Cr-Commit-Position: refs/heads/master@{#38842}
The only two places where these Forgive methods were called
was in ParseAssignmentExpression just at the time we were
calling Accumulate(). So instead of Forgiving, we can simply
not accumulate the bits that would have been forgiven.
Also slightly restructures the nearby code in
ParseAssignmentExpression, and removes the use of non-const
references in ExpressionClassifier.
Review-Url: https://codereview.chromium.org/2267223002
Cr-Commit-Position: refs/heads/master@{#38839}
This patch removes 26 elements of the (pre)parser traits objects.
Some methods are removed completely and called directly from the
implementation objects:
- ParseAsyncFunctionExpression
- ParseClassLiteral
- ParseDoExpression
- ParseEagerFunctionBody
- ParseFunctionLiteral
- ParseV8Intrinsic
Some methods have to be moved to at least one implementation object:
- AddTemplateExpression
- AddTemplateSpan
- CheckConflictingVarDeclarations
- CloseTemplateLiteral
- MarkCollectedTailCallExpressions
- MarkTailPosition
- OpenTemplateLiteral
- ParseAsyncArrowSingleExpressionBody
- PrepareSpreadArguments
- QueueDestructuringAssignmentForRewriting
- QueueNonPatternForRewriting
- RewriteAssignExponentiation
- RewriteAwaitExpression
- RewriteDestructuringAssignments
- RewriteExponentiation
- RewriteNonPattern
- RewriteYieldStar
- SkipLazyFunctionBody
- SpreadCall
- SpreadCallNew
Also, the inner class/struct TemplateLiteralState is moved to the
implementation objects.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2267783002
Cr-Commit-Position: refs/heads/master@{#38837}
We anyway have its index in params_, so just always access through params_.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2275573002
Cr-Commit-Position: refs/heads/master@{#38836}
Before this patch all tracing scopes in incremental marking would be reset
during a gc tracer start/stop cycle. This patch handles scopes the same way it
does other incremental marking metrics.
Also:
- Align finalization metric with regular marking metric.
- Smaller cleanups
BUG=chromium:639818
Review-Url: https://codereview.chromium.org/2273673002
Cr-Commit-Position: refs/heads/master@{#38834}
Drive-by fix: the order of parameters in the BinaryOpWithFeedback TurboFan code stubs now reflects the convention of having the context at the end.
BUG=v8:5273
Review-Url: https://codereview.chromium.org/2263253002
Cr-Commit-Position: refs/heads/master@{#38832}
On FreeBSD, sem_t is a struct with a couple of uint32_t fields. It only
needs dword alignment on 64 bits architectures, not the qword (pointer)
alignment that the CHECK currently enforces.
BUG=
Review-Url: https://codereview.chromium.org/2268993002
Cr-Commit-Position: refs/heads/master@{#38829}
This flag was only set on receiver scopes (declaration scopes) already. This makes it statically obvious.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2268333002
Cr-Commit-Position: refs/heads/master@{#38828}
- The static method CopyChars was actually used and has been extracted.
- It was used in tests, where it's been replaced w/ ExternalOneByteString...
- Only one test actually relied on Utf8 handling (as opposed to ASCII only),
and that was the test testing Utf8ToUtf16CharacterStream itself.
+66 -277 LOC :)
BUG=v8:4947
Review-Url: https://codereview.chromium.org/2256273002
Cr-Commit-Position: refs/heads/master@{#38824}
Before this patch all tracing scopes in incremental marking would be reset
during a gc tracer start/stop cycle. This patch handles scopes the same way it
does other incremental marking metrics.
Also:
- Align finalization metric with regular marking metric.
- Smaller cleanups
BUG=chromium:639818
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2264033002
Cr-Commit-Position: refs/heads/master@{#38822}
This makes sure the check of the return value of an inlined constructor
call is properly wired into the control chain. The check only happens on
successful completion of the underlying call and hence is wired into the
success latch of the control projections.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2272633002
Cr-Commit-Position: refs/heads/master@{#38820}
This patch applies an adaptation of the Curiously Recurring Template
Pattern to the parser objects. The result is roughly:
// Common denominator, needed to avoid cyclic dependency.
// Instances of this template will end up with very minimal
// definitions, ideally containing just typedefs.
template <typename Impl>
class ParserBaseTraits;
// The parser base object, which should just implement pure
// parser behavior. The Impl parameter is the actual derived
// class (according to CRTP), which implements impure parser
// behavior.
template <typename Impl>
class ParserBase : public ParserBaseTraits<Impl> { ... };
// And then, for each parser variant:
class Parser;
template <>
class ParserBaseTraits<Parser> { ... };
class Parser : public ParserBase<Parser> { ... };
Using the CRTP, we will ultimately achieve two goals:
(1) clean up the traits objects, but most importantly
(2) clearly separate pure/impure parser implementation and facilitate
experimentation with different parser variants.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2267663002
Cr-Commit-Position: refs/heads/master@{#38819}
Rebuilding (after touching certain files) is crazy slow because
includes are out of control.
Fixing it:
- Don't include stuff in headers unless necessary.
- Include the stuff you need, not some other stuff that happens to include the
stuff you need.
BUG=v8:5294
Review-Url: https://codereview.chromium.org/2268303002
Cr-Commit-Position: refs/heads/master@{#38818}
When preparing compilation, we can't delay error reporting either.
Also put handles during internalization into a deferred handle scope.
BUG=v8:5215
R=marja@chromium.org,rmcilory@chromium.org
Review-Url: https://codereview.chromium.org/2268983002
Cr-Commit-Position: refs/heads/master@{#38817}
This makes sure the deoptimizer picks bytecode prepared for debugging
when materializing an interpreted frame if one is available. This is
normally done by the interpreter entry trampoline and hence needs to be
replicated by the deoptimizer.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2271443003
Cr-Commit-Position: refs/heads/master@{#38815}
