This was exposed on win64 and manifested as a negative offset during
stack frame collection, i.e. pc < Code::instruction_start() for a
BUILTIN frame.
This happened because StackFrame::LookupCode returns the wrong code
object when call is the last instruction in a code object:
* pc is actually the return address for all but the topmost frame.
* pc points at the next instruction after the call.
* This is beyond the current code object if call is the last
instruction.
* Lookup itself is naive in that it just returns the first code object
for which (next_code_obj_addr > pc). It does not check that pc is
actually within [instruction_start, instruction_end[.
* In this specific case, the pc (== return address) actually pointed
at the beginning of the header of the next code object.
* We finally calculated offset as (code->instruction_start() - pc),
but with the wrong code object.
This should be followed up by a proper fix at some point. For instance,
this could be setting pc to (return address - 1) for all but the topmost
frame.
BUG=v8:5311
Review-Url: https://codereview.chromium.org/2284673002
Cr-Commit-Position: refs/heads/master@{#38996}
port 56429fc146 (r38978)
original commit message:
Introduced MachineType::TaggedSigned() and TaggedPointer().
The idea is to quit using the representational dimension of Type, and
instead encode this information in the MachineRepresentation (itself
lightly wrapped in MachineType, along with MachineSemantic).
There are three parts to the whole change:
1) Places that set the machine representation - constant nodes, loads nad
stores, global object and native context specialization.
2) Places that propagate type/representation - this is representation
inference (aka simplified lowering). At the end of this process we
expect to have a MachineRepresentation for every node. An interesting
part of this is phi merging.
3) Places that examine representation - WriteBarrier elimination does this.
Currently it's looking at the Type representation dimension, but as
a part of this change (or in a soon-to-follow change) it can simply
examine the MachineRepresentation.
BUG=
Review-Url: https://codereview.chromium.org/2293603003
Cr-Commit-Position: refs/heads/master@{#38993}
port 1915762cc8 (r38968)
original commit message:
These JavaScript operators were special hacks to ensure that we always
operate on Smis for the magic for-in index variable, but this never
really worked in the OSR case, because the OsrValue for the index
variable didn't have the proper information (that we have for the
JSForInPrepare in the non-OSR case).
Now that we have loop induction variable analysis and binary operation
hints, we can just use JSLessThan and JSAdd instead with appropriate
Smi hints, which handle the OSR case by inserting Smi checks (that are
always true). Thanks to OSR deconstruction and loop peeling these Smi
checks will be hoisted so they don't hurt the OSR case too much.
Drive-by-change: Rename the ForInDone bytecode to ForInContinue, since
we have to lower it to JSLessThan to get the loop induction variable
goodness.
BUG=
Review-Url: https://codereview.chromium.org/2286353003
Cr-Commit-Position: refs/heads/master@{#38992}
This unblocks moving off having to hold on to a compiled module
template.
Once we don't have the template, when we have a single instance, the
instance and wasm module share the same compiled code. We will want
to clear that code off instance-specific stuff, when the instance is
unreferenced and should be GC-ed (stuff like the instance heap, for
instance). However, the deopt data will maintain a strong reference,
blocking the GC: the module object strongly references the compiled
code, which strongly references the instance object through the deopt
data.
This change addresses that by making that last reference weak.
BUG=v8:5316
Review-Url: https://codereview.chromium.org/2284683005
Cr-Commit-Position: refs/heads/master@{#38990}
This adds:
* A script (tools/update-wasm-fuzzers.sh), which creates a new fuzzing seed
corpus and uploads to google storage (you must have the right credentials).
* A new pair of DEPS entries to pull in the current version of the corpus
based on a checked in pair of hash files.
BUG=None
TEST=None
R=ahaas@chromium.org,kcc@chromium.org,mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2273303002
Cr-Commit-Position: refs/heads/master@{#38987}
Tail calls don't make sense from async functions and generators, as
each activation of these functions needs to make a new, distnict,
non-reused generator object. These tail calls are not required per
spec. This patch disables both syntactic and implicit tail calls
in async functions and generators.
R=neis
BUG=v8:5301,chromium:639270
Review-Url: https://codereview.chromium.org/2278413003
Cr-Commit-Position: refs/heads/master@{#38986}
The format of this is a little strange, and has to do with the previous
implementation maintaining a "stack" of objects as it works. As a result,
the format writes the array buffer before giving any hint that the reason
for doing so is to obtain a view wrapping it. Handling this without creating
an explicit on-heap stack requires checking whether the next tag is 'V'
after obtaining an array buffer.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2287653002
Cr-Commit-Position: refs/heads/master@{#38984}
These DCHECKs are executed when a wasm module is instantiated. However,
invalid load/store offsets should trigger runtime traps, not
instantiation-time errors.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2285223002
Cr-Commit-Position: refs/heads/master@{#38981}
This additionally gets rid of old approach to global shortcuts.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2287173002
Cr-Commit-Position: refs/heads/master@{#38980}
Parser::Declare has a lot of Scope-related logic inside; especially it
does Lookup in Scope. Scope should be the class which knows how to
declare variables in different kinds of Scopes, not Parser.
BUG=
Review-Url: https://codereview.chromium.org/2280033002
Cr-Commit-Position: refs/heads/master@{#38979}
Introduced MachineType::TaggedSigned() and TaggedPointer().
The idea is to quit using the representational dimension of Type, and
instead encode this information in the MachineRepresentation (itself
lightly wrapped in MachineType, along with MachineSemantic).
There are three parts to the whole change:
1) Places that set the machine representation - constant nodes, loads nad
stores, global object and native context specialization.
2) Places that propagate type/representation - this is representation
inference (aka simplified lowering). At the end of this process we
expect to have a MachineRepresentation for every node. An interesting
part of this is phi merging.
3) Places that examine representation - WriteBarrier elimination does this.
Currently it's looking at the Type representation dimension, but as
a part of this change (or in a soon-to-follow change) it can simply
examine the MachineRepresentation.
BUG=
Review-Url: https://codereview.chromium.org/2258073002
Cr-Commit-Position: refs/heads/master@{#38978}
This removes test/webkit/fast/js/stack-overflow-arrity-catch.js, which tests that the stack overflows in a very particular way. It doesn't seem to test anything important, and only used to work because we didn't inline into try-blocks.
BUG=
R=jarin
Review-Url: https://codereview.chromium.org/2216353002
Cr-Commit-Position: refs/heads/master@{#38976}
If we know statically that x and y are both in Unsigned32 or NaN or -0,
and we have SignedSmall or Signed32 feedback for x % y, then we can take
the feedback on the inputs and lower to Uint32Mod.
Drive-by-fix: Refactor this logic into a separate method.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2287303002
Cr-Commit-Position: refs/heads/master@{#38975}
Infer exact types for the various Date getter builtins, and also inline
the Date.prototype.getTime() builtin, which just returns the Date value
and thus doesn't need to check the cache stamp.
R=epertoso@chromium.org
Review-Url: https://codereview.chromium.org/2285213002
Cr-Commit-Position: refs/heads/master@{#38973}
Drop the typing rules for the machine operators and replace them
with UNREACHABLE. These typing rules were never correct and there's
also no need to have those rules at all.
Drive-by-fix: Remove the extremely annoying test-simplified-lowering.cc
file, which is not very useful, but consumes a large amount of time to
keep it compiling and passing. Instead we should introduce appropriate
tests for the SimplifiedLowering that also test something meaningful
w/o just cementing the implementation.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2292463002
Cr-Commit-Position: refs/heads/master@{#38970}
These JavaScript operators were special hacks to ensure that we always
operate on Smis for the magic for-in index variable, but this never
really worked in the OSR case, because the OsrValue for the index
variable didn't have the proper information (that we have for the
JSForInPrepare in the non-OSR case).
Now that we have loop induction variable analysis and binary operation
hints, we can just use JSLessThan and JSAdd instead with appropriate
Smi hints, which handle the OSR case by inserting Smi checks (that are
always true). Thanks to OSR deconstruction and loop peeling these Smi
checks will be hoisted so they don't hurt the OSR case too much.
Drive-by-change: Rename the ForInDone bytecode to ForInContinue, since
we have to lower it to JSLessThan to get the loop induction variable
goodness.
R=epertoso@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2289613002
Cr-Commit-Position: refs/heads/master@{#38968}
For asm.js we now have a dedicated AsmTyper, that uses it's own type
system (which is tailored towards asm.js), and so we don't need the
special asm.js types anymore in the TypeCache. This also moves the
TypeCache into the src/compiler directory, because it doesn't make
sense to use outside anyways.
TBR=ahaas@chromium.orgR=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2289573002
Cr-Commit-Position: refs/heads/master@{#38964}
There's no need to preserve the exact callee for lazy bailouts
from JSCallFunction in the AstGraphBuilder, as fullcodegen code
will never look at that value after the callee returns. So we
just push optimized_out instead.
BUG=v8:5267
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2285183002
Cr-Commit-Position: refs/heads/master@{#38963}
Reason for revert:
Tanks pretty much alle metrics across the board. Probably LO space limit too low but needs investigation.
Original issue's description:
> [heap] Switch to 500k pages
>
> Decrease regular heap object size to 400k. In a follow up, we can now get rid of
> the new space border page while keeping the 1M minimum new space size.
>
> This reverts commit 1617043c10.
>
> BUG=chromium:636331
>
> Committed: https://crrev.com/2101e691caeef656eb91f1c98620b3955d337c83
> Cr-Commit-Position: refs/heads/master@{#38916}
TBR=ulan@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:636331
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2289493002
Cr-Commit-Position: refs/heads/master@{#38960}
Reason for revert:
Significantly tanks parsing. We probably should just keep on doing what we're doing: partially deserialize while resolving variables. If we do scope-info backed resolution after regular resolution based on remaining free variables, we can probably reduce the time-frame of that part. We soon after anyway need to sync with the main thread.
Original issue's description:
> Always deserialize scope infos for parsing
>
> When looking up variables in the ScopeInfo, we did a linear scan of the
> ScopeInfo. Since that's unacceptably slow, a context slot cache was added
> that would speed up repeated lookups of the same variable.
>
> Instead, just always fully convert the ScopeInfo into scopes, so they can
> lookup variables without scanning the ScopeInfo.
>
> This also allows for removing the now unused ContextSlotCache.
>
> R=adamk@chromium.org,verwaest@chromium.org,marja@chromium.org
> BUG=v8:5315
>
> Committed: https://crrev.com/81f824cad18e4dc873a8838943217eb9c9f0c1f0
> Cr-Commit-Position: refs/heads/master@{#38953}
TBR=adamk@chromium.org,marja@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5315
Review-Url: https://codereview.chromium.org/2287783003
Cr-Commit-Position: refs/heads/master@{#38958}
As part of the work to implement catch prediction for async functions,
the resulting Promise that is the output of the function needs to be
available earlier for a couple reasons:
- To be able to do %DebugPushPromise/%DebugPopPromise over the body
of the async function
- To be able to pass the resulting promise into AsyncFunctionAwait
in order to set up the dependency chains
This patch creates the Promise earlier and pushes it onto the debug
stack; a later patch will set up the dependency chain. Although the
debug stack is set up, it's not anticipated that this will change
the catch prediction helpfully yet, as everything will still likely
be predicted as 'caught' for now, as before.
R=caitp@igalia.com,yangguo@chromium.org
CC=neis@chromium.org,gsathya@chromium.org
BUG=v8:5167
Review-Url: https://codereview.chromium.org/2233923003
Cr-Commit-Position: refs/heads/master@{#38957}
By removing the copy flag, we reduce the amount of strings to be copied each
time.
BUG=v8:5089
LOG=N
Review-Url: https://codereview.chromium.org/2233993002
Cr-Commit-Position: refs/heads/master@{#38955}
When looking up variables in the ScopeInfo, we did a linear scan of the
ScopeInfo. Since that's unacceptably slow, a context slot cache was added
that would speed up repeated lookups of the same variable.
Instead, just always fully convert the ScopeInfo into scopes, so they can
lookup variables without scanning the ScopeInfo.
This also allows for removing the now unused ContextSlotCache.
R=adamk@chromium.org,verwaest@chromium.org,marja@chromium.org
BUG=v8:5315
Review-Url: https://codereview.chromium.org/2280933002
Cr-Commit-Position: refs/heads/master@{#38953}
The embedder is expected to arrange for the array buffer contents to be
transferred into a v8::ArrayBuffer in the receiving context (generally by
assuming ownership of the externalized backing store).
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2275033003
Cr-Commit-Position: refs/heads/master@{#38948}
The accumulator is always part of the translation for every interpreted
frame. The assumption is that all frames are in {TOS_REGISTER} state.
This however is not supported for non-topmost frames and we need to
avoid pushing the accumulator onto the machine stack.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2271153003
Cr-Commit-Position: refs/heads/master@{#38945}
These DCHECKs were causing several test failures or r6. They should not
be here because only NEG.PS format was removed in r6, NEG.S and NEG.D
instructions remain.
BUG=
Review-Url: https://codereview.chromium.org/2276563006
Cr-Commit-Position: refs/heads/master@{#38944}
Floating point negate instructions are still present in release 6, only
one format of neg is removed, NEG.PS. Others formats can be used and in
r6 they also change the sign of NaN-like operands as well. This makes r6
generated code simpler for Neg_d and Neg_s macroassembler functions.
BUG=
Review-Url: https://codereview.chromium.org/2285703002
Cr-Commit-Position: refs/heads/master@{#38943}
New space evaucation in MC supports, similar to scavenges, fall back allocation
in old space.
For new space evacuation we support stick and non-sticky modes for fallback. The
sticky mode essentially removes the capability to allocate in new space while
the non-sticky mode only falls back for a single allocation.
We use the non-sticky mode for allocations that are too large for a LAB but
should still go in new space. When such an allocation fails in new space, we
allocate in old space in non-sticky mode as we would still like to reuse the
remainder memory in new space. However, in such a case we fail to properly
report the space allocated in resulting in a missed recorded slot.
BUG=chromium:641270
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2280943002
Cr-Commit-Position: refs/heads/master@{#38940}
This CL fixes the first bug I found with the new fuzzing. The problem is
that the number of locals is unbounded. This CL bounds the number of
locals of one type with 8000000, an arbitrary number.
R=titzer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2271803004
Cr-Commit-Position: refs/heads/master@{#38936}
Using the dedicated simplified operator we are able to eliminate
redundant neuterung checks as long as there is no call in the
effect chain. This yields a nice speed up for the Octane Mandreel
benchmark (and TypedArray-heavy workloads in general).
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2279213002
Cr-Commit-Position: refs/heads/master@{#38932}
Introduce a new TypedOptimization reducer that contains the type
based optimization reduction steps, which are not (directly)
related to lowering JavaScript operators based on types (which is
what JSTypedLowering is supposed to do).
This also addresses a chicken-and-egg problem that we see in the
Octane/Mandreel benchmark where type based constant folding isn't
applied to the numeric comparison operators introduced by the
JSTypedLowering itself, and thus gives up to 10% speedup for the
benchmark.
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2280673003
Cr-Commit-Position: refs/heads/master@{#38928}
This patch:
1. Removes the unecessary inheritance of ParserBaseTraits<Impl>
in ParserBase<Impl>.
2. Flattens ParserBaseTraits<Impl> and renames it to
ParserTypes<Impl>. The Traits parameter/member is renamed to
Types.
3. Removes unecessary v8::internal:: qualifications from parser
types.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2279773002
Cr-Commit-Position: refs/heads/master@{#38927}
This interleaves setting names and values in the scope info. It's a little messy since globals and locals are interleaved, but afaiu globals is going away.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2272293004
Cr-Commit-Position: refs/heads/master@{#38925}
They are both accumulated at the same time, and either one already triggered
an error in ValidateExpression. Basically, there were no disjoint uses of
these two error types.
Review-Url: https://codereview.chromium.org/2268173005
Cr-Commit-Position: refs/heads/master@{#38922}
If the parser creates a catch scope, the variable is also added to
ordered_variables_ so just always do that.
Otherwise, it's not possible to create a ScopeInfo for that catch scope
R=verwaest@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2278963002
Cr-Commit-Position: refs/heads/master@{#38921}
Previously the calls to ExpressionClassifier::Accumulate() each chose
slightly different sets of productions to accumulate, and it turned
out that these were in some cases broader than needed and in some
cases less broad.
The existence of some grab-bag production bitmasks like
ExpressionClassifier::ExpressionProductions made this situation more
error-prone (for example, that production was missing AsyncArrowFormalParametersProduction).
This patch removes all "grab-bags" besides AllProductions. In some of
the places where code was using those grab-bags for convenience, it
switches them to use negation of AllProductions. In other, specifically
those having to do with expressions that are disallowed anywhere in
a sub-expression of a parameter list, I've added a new method on
ExpressionClassifier to centralize the logic.
The aforementioned centralization/addition of
AsyncArrowFormalParametersProduction fixes several cases where we were
failing to report an error for 'await' in some contexts; I've added
those test cases.
The patch also narrows all cases to exactly the set or productions
necessary, with a comment on each explaining the choice.
BUG=v8:4483
Review-Url: https://codereview.chromium.org/2271063002
Cr-Commit-Position: refs/heads/master@{#38918}
Decrease regular heap object size to 400k. In a follow up, we can now get rid of
the new space border page while keeping the 1M minimum new space size.
This reverts commit 1617043c10.
BUG=chromium:636331
Review-Url: https://codereview.chromium.org/2278653003
Cr-Commit-Position: refs/heads/master@{#38916}
Suitably scary warnings attached, as this will yet evolve (notably to handle
host objects, which are not currently handled).
Unit tests adjusted to use the public version of ValueSerializer, eliminating
any need they have to access v8::internal.
With this, Blink can begin using this code experimentally behind a flag as it
develops.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2274693002
Cr-Commit-Position: refs/heads/master@{#38915}
Transferral is not included in this CL, nor is SharedArrayBuffer.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2264403004
Cr-Commit-Position: refs/heads/master@{#38913}
Record details, such as cumulative duration, number of steps, and longest steps
in IncrementalMarkingDetails which get populated at a single callsite
(AddScopeSample). Remove member fields that thus become obsolete (unfortunately
not all of them).
Additional remove some dead code and refactor printing. Printing in a single
statement allows for using logcat on Android.
This should also address the regression in chromium:640524.
BUG=chromium:639818,chromium:640524
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2269093002
Cr-Commit-Position: refs/heads/master@{#38912}
I could only test this with FreeBSD and OSX
(on the Node.js CI).
I don't know if the fix is correct for other BSD platforms.
Review-Url: https://codereview.chromium.org/2251603004
Cr-Commit-Position: refs/heads/master@{#38905}
DuplicateFinder isn't actually used by the Scanner, except for one
convenience function which we should probably remove, also.
BUG=
Review-Url: https://codereview.chromium.org/2281443002
Cr-Commit-Position: refs/heads/master@{#38904}
Unlike Crankshaft, Turbofan does not provide a context when trying to grow
elements. Depending on the code path we might end up updating transitioning
elements kinds in allocation sites for which we need access to the current
context. Unlike GrowCapacityAndConvert, the newly introduced GrowCapacity simply
returns false in cases where map transitions are involved.
BUG=chromium:637279
Patch by Camillo Bruni <cbruni@chromium.org>,
originally reviewed at https://codereview.chromium.org/2244983004/
Review-Url: https://codereview.chromium.org/2252393002
Cr-Commit-Position: refs/heads/master@{#38901}
During finalization, we create SharedFunctionInfos which in turn
will create ScopeInfos for the Scopes in the AST. The Scopes then
cache a handle to the ScopeInfos. However, once the scope is closed,
all those handles get zapped, and it's no longer possible to access
the scopes (even though we actually still need the AST).
R=rmcilroy@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2278933002
Cr-Commit-Position: refs/heads/master@{#38898}
Adds compile operations to the CompilerDispatcherJob interface. As such,
introduces Compiler::PrepareUnoptimizedCompilationJob and updates the
unoptimized compilation path to use CompilationJobs. Also unifies
FinalizeCompilationJob to deal with both optimized and unoptimized
compilation jobs.
A dummy FullCodegenCompilationJob is also introduced, where all the work
is done in the ExecuteJob phase, which cannot be run on a
background thread.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2251713002
Cr-Commit-Position: refs/heads/master@{#38897}
Try to narrow types of Phis further during JSTypedLowering, because
lowering based on types might create further opportunities for improving
the types.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2278903002
Cr-Commit-Position: refs/heads/master@{#38895}
Existing uses are correct but the return type was misleading.
Also clarify some related comments to make the difference between Bits
and BitField more obvious.
BUG=
Review-Url: https://codereview.chromium.org/2275973002
Cr-Commit-Position: refs/heads/master@{#38894}
Reason for revert:
Octane/Mandreel aborts with an exception now:
TypeError: __FUNCTION_TABLE__[(r2 >> 2)] is not a function
Original issue's description:
> [turbofan] Insert dummy values when changing from None type.
>
> Currently we choose the MachineRepresentation::kNone representation for
> values of Type::None, and when converting values from the kNone representation
> we use "impossible" conversions that will crash at runtime. This
> assumes that the impossible conversions should never be hit (the only
> way to produce the impossible values is to perform an always-failing
> runtime check on a value, such as Smi-checking a string). Note that
> this assumes that the runtime check is executed before the impossible
> convesrion.
>
> Introducing BitwiseOr type feedback broke this in two ways:
>
> - we always pick Word32 representation for bitwise-or, so the
> impossible conversion does not trigger (it only triggers with
> None representation), and we could end up with unsupported
> conversions from Word32.
>
> - even if we inserted impossible conversions, they are pure conversions.
> Since untagging, bitwise-or operations are also pure, we could hoist
> all these before the smi check of the inputs and we could hit the
> impossible conversions before we get to the smi check.
>
> This CL addresses this by just providing dummy values for conversions
> from the Type::None type. It also removes the impossible-to-* conversions.
>
> BUG=chromium:638132
>
> Committed: https://crrev.com/c83b21ab755f1420b6da85b3ff43d7e96ead9bbe
> Cr-Commit-Position: refs/heads/master@{#38883}
TBR=mstarzinger@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:638132
Review-Url: https://codereview.chromium.org/2280613002
Cr-Commit-Position: refs/heads/master@{#38893}
This patch moves the following methods from the traits objects to
the (pre)parser implementation objects:
- AddFormalParameter
- AddParameterInitializationBlock
- DeclareFormalParameter
- ExpressionListToExpression
- GetNonPatternList
- GetReportedErrorList
- IsTaggedTemplate
- MaterializeUnspreadArgumentsLiterals
- NoTemplateTag
- ParseArrowFunctionFormalParameterList
- ReindexLiterals
- SetFunctionNameFromIdentifierRef
- SetFunctionNameFromPropertyName
It moves the Void method from the preparser traits object to the
preparser implementation object. It also removes the traits zone
method and replaces it with that of ParserBase, which it turns to
public.
After all this, the traits objects contain just typedefs and the
delegate methods are no more necessary.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2277843002
Cr-Commit-Position: refs/heads/master@{#38892}
Used a BitField to for Variable fields instead of relying on the compiler, saving some memory probably.
This reduces sizeof(Variable) from 64 to 40 on x64
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2257493002
Cr-Commit-Position: refs/heads/master@{#38891}
This patch moves the following methods from the traits objects to
the (pre)parser implementation objects:
- ExpressionFromIdentifier
- ExpressionFromLiteral
- ExpressionFromString
- FunctionSentExpression
- GetNextSymbol
- GetNumberAsSymbol
- GetSymbol
- NewExpressionList
- NewPropertyList
- NewStatementList
- NewSuperCallReference
- NewSuperPropertyReference
- NewTargetExpression
- ThisExpression
Also, the method GetIterator is specific only to the parser and is
removed from the preparser's implementation.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2274113002
Cr-Commit-Position: refs/heads/master@{#38890}
There's no point in running the LoadElimination on asm.js functions and
it would take serious amount of effort to actually make it correct for
the deprecated parts of the pipeline.
R=jarin@chromium.org
BUG=v8:5308
Review-Url: https://codereview.chromium.org/2276273002
Cr-Commit-Position: refs/heads/master@{#38884}
Currently we choose the MachineRepresentation::kNone representation for
values of Type::None, and when converting values from the kNone representation
we use "impossible" conversions that will crash at runtime. This
assumes that the impossible conversions should never be hit (the only
way to produce the impossible values is to perform an always-failing
runtime check on a value, such as Smi-checking a string). Note that
this assumes that the runtime check is executed before the impossible
convesrion.
Introducing BitwiseOr type feedback broke this in two ways:
- we always pick Word32 representation for bitwise-or, so the
impossible conversion does not trigger (it only triggers with
None representation), and we could end up with unsupported
conversions from Word32.
- even if we inserted impossible conversions, they are pure conversions.
Since untagging, bitwise-or operations are also pure, we could hoist
all these before the smi check of the inputs and we could hit the
impossible conversions before we get to the smi check.
This CL addresses this by just providing dummy values for conversions
from the Type::None type. It also removes the impossible-to-* conversions.
BUG=chromium:638132
Review-Url: https://codereview.chromium.org/2266823002
Cr-Commit-Position: refs/heads/master@{#38883}
For concurrent recompilation we created the CompilationHandleScope after
the CanonicalHandleScope, which basically disabled the canonicalization
because the deferred handle creation doesn't pay attention to the
canonicalization mode then. This meant that we did not canonicalize
handles properly as soon as concurrent recompilation was enabled.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2276953004
Cr-Commit-Position: refs/heads/master@{#38882}
According to our style guide on Copyable and Movable Types,
copy/move operators should be disabled in the public: section, not
in the private: section. If disabled with a macro such as
DISALLOW_COPY_AND_ASSIGN, it should be at the end of the private: section,
and should be the last thing in the class.
BUG=
Review-Url: https://codereview.chromium.org/2271043003
Cr-Commit-Position: refs/heads/master@{#38878}
This patch fixes up one last case of redundant ExceptionEvents being
triggered in the debugger for Promises--it makes the default reject
handler for Promises (e.g., if the second argument for
Promise.prototype.then is missing) appear to the debugger as a
rethrow.
R=adamk@chromium.org,jgruber@chromium.org
BUG=v8:5167
Review-Url: https://codereview.chromium.org/2278643002
Cr-Commit-Position: refs/heads/master@{#38876}
Mark deopt's input alive till the end of the deopt instruction so
they cannot be reused as output.
BUG=v8:5158
Review-Url: https://codereview.chromium.org/2247303007
Cr-Commit-Position: refs/heads/master@{#38875}
Unfortunately, I was unable to produce a repro without asm.js. In normal
JavaScript, the bounds check renaming saves us.
I have not done anything about the index variable aliasing and handling
of differently sized elements yet!
BUG=chromium:639210, v8:5266
Review-Url: https://codereview.chromium.org/2270793004
Cr-Commit-Position: refs/heads/master@{#38874}
This makes some information passed implicitly (e.g. the ForceConstructor
flag used to be a special symbol passed as the receiver) explicit.
BUG=
Review-Url: https://codereview.chromium.org/2274823002
Cr-Commit-Position: refs/heads/master@{#38870}
The value returned via the int* argument was actually never used.
Also remove has_rest_parameter() in favor of returning nullptr from
rest_parameter(). This is in line with similar accessors and simplifies my
changes.
BUG=
Review-Url: https://codereview.chromium.org/2276923002
Cr-Commit-Position: refs/heads/master@{#38868}
This preserves the original shared code of the underlying function when
bytecode is provided. The method in question should only ensure bytecode
is present, but should avoid switching compilation tiers of the given
function. It might be that the function was fast-tracked to baseline by
inlining without going through the interpreted tier first.
R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-635923
BUG=chromium:635923
Review-Url: https://codereview.chromium.org/2278543002
Cr-Commit-Position: refs/heads/master@{#38866}
Don't bother using %_IsJSReceiver, which immediately gets lowered to
ObjectIsReceiver anyways (by the JSIntrinsicLowering), but requires
some complicated rewiring of effect/control chains.
R=mstarzinger@chromium.org
BUG=chromium:640369
Review-Url: https://codereview.chromium.org/2271973003
Cr-Commit-Position: refs/heads/master@{#38864}
The CL #38858 (https://codereview.chromium.org/2269293004) removed the parameter assignment code
in rest_parameter(int* index) function in Class DeclarationScope.
This caused the Gcc compilation fail at the following code in src/compiler/ast-graph-builder.cc, line 576.
int rest_index;
Variable* rest_parameter = scope->rest_parameter(&rest_index);
BuildRestArgumentsArray(rest_parameter, rest_index);
The error message was:
../src/compiler/ast-graph-builder.cc: In member function ‘void v8::internal::compiler::AstGraphBuilder::CreateGraphBody(bool)’:
../src/compiler/ast-graph-builder.cc:578:54: error: ‘rest_index’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
BuildRestArgumentsArray(rest_parameter, rest_index);
^
This CL fixed this issue by intializing rest_index to 0.
BUG=
Review-Url: https://codereview.chromium.org/2270363003
Cr-Commit-Position: refs/heads/master@{#38863}
For O instanceof C, we only need to check the instance type while
iterating the prototypes of O instead of checking both the instance
type and the access check bit of the map. This is because we have
the explicit range of "special object types", which include both
JSProxy as well as the global object and proxy and all API objects
that might have access checks or interceptors. Also restructure the
loop exits somewhat to ensure that the branch cloning gets a chance
to actually eliminate the bit materialization for the results.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2263273003
Cr-Commit-Position: refs/heads/master@{#38860}
With scopes: Don't call the ctor which wants a ScopeInfo if we
don't want to pass it, instead call a ctor which doesn't need it.
In addition, remove inner_scope from ctors and adjust it
explicitly afterwards. It's confusing that some ctors get passed
inner scopes and some outer scopes.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2270743002
Cr-Commit-Position: refs/heads/master@{#38859}
rest_index_ is implicitly params_.length() - 1, since it can only be the last.
Add dchecks that no parameters are added after the rest parameter.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2269293004
Cr-Commit-Position: refs/heads/master@{#38858}
port 2027b0bed1 (r38784)
original commit message:
The new operators are implemented similar to the Float64(Max|Min) which
already exist. The purpose of the new operators is the implementation
of the F32Max and F32Min instructions in WebAssembly.
BUG=
Review-Url: https://codereview.chromium.org/2270193003
Cr-Commit-Position: refs/heads/master@{#38857}
port 4598d9139e (r38747)
original commit message:
This fixes the self-healing mechanism for closures in the interpreter
entry trampoline not that bytecode can be preserved even when baseline
code is already available.
BUG=
Review-Url: https://codereview.chromium.org/2273503003
Cr-Commit-Position: refs/heads/master@{#38856}
Now that ordered_variables_ is used to find non-dynamic variables, and NonLocals are always stored in the scope that introduces them, we can rely on variables_ to also cache non-locals. This has 2 advantages:
1) we don't need DynamicScopePart anymore, reducing all scopes by a pointer
2) upon second lookup of a non-local we don't need to walk the entire chain anymore. The cached value will immediately be found.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2276483003
Cr-Commit-Position: refs/heads/master@{#38855}
This recovers about 50% of the regression in compilation time.
BUG=chromium:638208
Review-Url: https://codereview.chromium.org/2274053002
Cr-Commit-Position: refs/heads/master@{#38854}
A FrameArray encodes information about a set of stack frames into a fixed
array.
This commit is a pure refactoring to make the structure of fixed array-encoded
frames explicit.
BUG=
Review-Url: https://codereview.chromium.org/2270783002
Cr-Commit-Position: refs/heads/master@{#38852}
When compiling a wasm module, we initially generate placeholders for
imports, which store the index corresponding to that import. Later,
at instantiation time, we use that index to correctly link the
provided import.
In this scheme, supporting multiple instantiations requires we
preserve a template (set of unlinked compiled wasm functions) which
we clone for each instance. To avoid holding on to this template,
which may be large (wasm compiled code should be expected to be in
the order of tens of MB), we must enable cloning from an instance's
linked wasm functions.
This change is a step in that direction. Instead of assuming the wasm
functions reference placeholders, we store a table of the code objects
used for imports together with the compiled module, and use that
information to determine the index of the import. Initially, that
table contains placeholders. For instances, however, that table contains
their actual imports.
BUG=
Review-Url: https://codereview.chromium.org/2269323002
Cr-Commit-Position: refs/heads/master@{#38848}
To make async/await catch prediction work well, this patch regularizes
the exception events sent to DevTools from various places in the Promise
lifecycle. The core is that there should be an exception event when the
rejection first starts, rather than when it is propagated.
- Several cases within Promise code which propagate errors are
modified to not trigger a new ExceptionEvent in that case, such
as .then on a rejected Promise and returning a rejected Promise
from .then, as well as Promise.race and Promise.all.
- Make Promise.reject() create an ExceptionEvent, subject to catch
prediction based on the Promise stack. This is important
so that, e.g., if "await Promise.reject()" will trigger a new
throw (rather than a silent rethrow of something that never
triggered an event in the first place).
BUG=v8:5167
Review-Url: https://codereview.chromium.org/2244003003
Cr-Commit-Position: refs/heads/master@{#38847}
This gets rid of the BindingsKind flag. It replaces the factory argument with a bool that indicates whether free variables should be resolved as well.
BUG=
Review-Url: https://codereview.chromium.org/2262393004
Cr-Commit-Position: refs/heads/master@{#38844}
"ExpressionProductions" was missing the plural. I don't think this
changed any behavior, but I'd rather be safe than sorry. Also
removed redundant mention of TailCall production.
A future patch will attempt to make calls to Accumulate make more sense,
in general.
R=littledan@chromium.org
Review-Url: https://codereview.chromium.org/2270153002
Cr-Commit-Position: refs/heads/master@{#38842}
The only two places where these Forgive methods were called
was in ParseAssignmentExpression just at the time we were
calling Accumulate(). So instead of Forgiving, we can simply
not accumulate the bits that would have been forgiven.
Also slightly restructures the nearby code in
ParseAssignmentExpression, and removes the use of non-const
references in ExpressionClassifier.
Review-Url: https://codereview.chromium.org/2267223002
Cr-Commit-Position: refs/heads/master@{#38839}
This patch removes 26 elements of the (pre)parser traits objects.
Some methods are removed completely and called directly from the
implementation objects:
- ParseAsyncFunctionExpression
- ParseClassLiteral
- ParseDoExpression
- ParseEagerFunctionBody
- ParseFunctionLiteral
- ParseV8Intrinsic
Some methods have to be moved to at least one implementation object:
- AddTemplateExpression
- AddTemplateSpan
- CheckConflictingVarDeclarations
- CloseTemplateLiteral
- MarkCollectedTailCallExpressions
- MarkTailPosition
- OpenTemplateLiteral
- ParseAsyncArrowSingleExpressionBody
- PrepareSpreadArguments
- QueueDestructuringAssignmentForRewriting
- QueueNonPatternForRewriting
- RewriteAssignExponentiation
- RewriteAwaitExpression
- RewriteDestructuringAssignments
- RewriteExponentiation
- RewriteNonPattern
- RewriteYieldStar
- SkipLazyFunctionBody
- SpreadCall
- SpreadCallNew
Also, the inner class/struct TemplateLiteralState is moved to the
implementation objects.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2267783002
Cr-Commit-Position: refs/heads/master@{#38837}
We anyway have its index in params_, so just always access through params_.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2275573002
Cr-Commit-Position: refs/heads/master@{#38836}
Before this patch all tracing scopes in incremental marking would be reset
during a gc tracer start/stop cycle. This patch handles scopes the same way it
does other incremental marking metrics.
Also:
- Align finalization metric with regular marking metric.
- Smaller cleanups
BUG=chromium:639818
Review-Url: https://codereview.chromium.org/2273673002
Cr-Commit-Position: refs/heads/master@{#38834}
Drive-by fix: the order of parameters in the BinaryOpWithFeedback TurboFan code stubs now reflects the convention of having the context at the end.
BUG=v8:5273
Review-Url: https://codereview.chromium.org/2263253002
Cr-Commit-Position: refs/heads/master@{#38832}
On FreeBSD, sem_t is a struct with a couple of uint32_t fields. It only
needs dword alignment on 64 bits architectures, not the qword (pointer)
alignment that the CHECK currently enforces.
BUG=
Review-Url: https://codereview.chromium.org/2268993002
Cr-Commit-Position: refs/heads/master@{#38829}
This flag was only set on receiver scopes (declaration scopes) already. This makes it statically obvious.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2268333002
Cr-Commit-Position: refs/heads/master@{#38828}
- The static method CopyChars was actually used and has been extracted.
- It was used in tests, where it's been replaced w/ ExternalOneByteString...
- Only one test actually relied on Utf8 handling (as opposed to ASCII only),
and that was the test testing Utf8ToUtf16CharacterStream itself.
+66 -277 LOC :)
BUG=v8:4947
Review-Url: https://codereview.chromium.org/2256273002
Cr-Commit-Position: refs/heads/master@{#38824}
Before this patch all tracing scopes in incremental marking would be reset
during a gc tracer start/stop cycle. This patch handles scopes the same way it
does other incremental marking metrics.
Also:
- Align finalization metric with regular marking metric.
- Smaller cleanups
BUG=chromium:639818
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2264033002
Cr-Commit-Position: refs/heads/master@{#38822}
This makes sure the check of the return value of an inlined constructor
call is properly wired into the control chain. The check only happens on
successful completion of the underlying call and hence is wired into the
success latch of the control projections.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2272633002
Cr-Commit-Position: refs/heads/master@{#38820}
This patch applies an adaptation of the Curiously Recurring Template
Pattern to the parser objects. The result is roughly:
// Common denominator, needed to avoid cyclic dependency.
// Instances of this template will end up with very minimal
// definitions, ideally containing just typedefs.
template <typename Impl>
class ParserBaseTraits;
// The parser base object, which should just implement pure
// parser behavior. The Impl parameter is the actual derived
// class (according to CRTP), which implements impure parser
// behavior.
template <typename Impl>
class ParserBase : public ParserBaseTraits<Impl> { ... };
// And then, for each parser variant:
class Parser;
template <>
class ParserBaseTraits<Parser> { ... };
class Parser : public ParserBase<Parser> { ... };
Using the CRTP, we will ultimately achieve two goals:
(1) clean up the traits objects, but most importantly
(2) clearly separate pure/impure parser implementation and facilitate
experimentation with different parser variants.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2267663002
Cr-Commit-Position: refs/heads/master@{#38819}
Rebuilding (after touching certain files) is crazy slow because
includes are out of control.
Fixing it:
- Don't include stuff in headers unless necessary.
- Include the stuff you need, not some other stuff that happens to include the
stuff you need.
BUG=v8:5294
Review-Url: https://codereview.chromium.org/2268303002
Cr-Commit-Position: refs/heads/master@{#38818}
When preparing compilation, we can't delay error reporting either.
Also put handles during internalization into a deferred handle scope.
BUG=v8:5215
R=marja@chromium.org,rmcilory@chromium.org
Review-Url: https://codereview.chromium.org/2268983002
Cr-Commit-Position: refs/heads/master@{#38817}
This makes sure the deoptimizer picks bytecode prepared for debugging
when materializing an interpreted frame if one is available. This is
normally done by the interpreter entry trampoline and hence needs to be
replicated by the deoptimizer.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2271443003
Cr-Commit-Position: refs/heads/master@{#38815}
This patch const-qualifies some methods of ParserBase.
It also unqualifies some methods of Parser and Preparser.
The reason for the latter is that, in principle, the methods
of AstNodeFactory should be allowed to change the factory's
state, therefore should not be const and should not be used
from const-qualified parser/pre-parser methods.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2263973003
Cr-Commit-Position: refs/heads/master@{#38813}
This avoids checking for outer_scope == nullptr in Scope::Scope
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2266973002
Cr-Commit-Position: refs/heads/master@{#38812}
Port 28e3467a72 (r38361)
original commit message:
Adding new methods to the code stub assembler and interpreter
assembler to combine loading and untagging SMIs, so that on 64-bit
architectures we can avoid loading the full 64 bits and load the
32 interesting bits directly instead.
BUG=
Review-Url: https://codereview.chromium.org/2265043002
Cr-Commit-Position: refs/heads/master@{#38811}
This avoids needing to allocate a zonelist on the fly later, sorting variables_, for which we also need to keep track of order in the hashmap.
In a later phase we can make sure that Variable is always uniquely in either of params_, temps_ and ordered_variables_. In that case we can use a linked list through Variable.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2264053003
Cr-Commit-Position: refs/heads/master@{#38810}
This changes the compilation pipeline so that mixed stacks are allowed
when bytecode is preserved. This means there can be activations of both,
"baseline" as well as "unoptimized" code active on the stack at the same
time for any single given function.
R=rmcilroy@chromium.org
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2267693002
Cr-Commit-Position: refs/heads/master@{#38809}
Clone the indirect function table(s) when instantiating.
This is in preparation to avoiding having a compiled code
template.
BUG=
Review-Url: https://codereview.chromium.org/2273483002
Cr-Commit-Position: refs/heads/master@{#38807}
Make use of %IsAsmWasmCode in place of Wasm.instantiateModuleFromAsm,
in order to reduce the surface area of the Wasm object,
and to focus on testing asm.js coming in via the parser.
Ignore extra CONST_LEGACY assignment introduced by the parser
when modules have the form:
(function Foo(a, b, c) {..});
This requires both a validator and AsmWasmBuilder change.
Move stdlib use collection to import time,
to reject modules that import a function, even if not used.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
LOG=N
R=jpp@chromium.org,titzer@chromium.org
Review-Url: https://codereview.chromium.org/2264913002
Cr-Commit-Position: refs/heads/master@{#38806}
This flag was shipped on in 52, so it's due for removal. The patch includes
removing the deprecated and unused-in-Blink API Promise::Chain, and many
test updates.
R=adamk@chromium.org
BUG=v8:4633
Review-Url: https://codereview.chromium.org/2267033002
Cr-Commit-Position: refs/heads/master@{#38804}
The following code was previously accepted:
async function f() {
let g = (await) => {};
}
But per the spec, using 'await' is disallowed in arrow parameters
by an early error rule (just as 'yield' is disallowed in arrow
params inside generators).
There was special logic in ParseUnaryExpression which seems to have been
there only to allow that case. Having removed it, we get a SyntaxError in
the right cases anyway when ParseUnaryExpression chokes on whatever
illegal token follows 'await' in the cases this code previously handled.
Also removes the unnecessary AsyncBindingPatternProduction enum value.
R=caitp@igalia.com, littledan@chromium.org
BUG=v8:4483
Review-Url: https://codereview.chromium.org/2258313002
Cr-Commit-Position: refs/heads/master@{#38802}
Includes fast paths in the runtime for
DictionaryElementsAccessor, FastSmiOrObjectElementsAccessor,
FastDoubleElementsAccessor, TypedElementsAccessor, and
SloppyArgumentsElementsAccessor.
BUG=
Review-Url: https://codereview.chromium.org/2232063002
Cr-Commit-Position: refs/heads/master@{#38800}
- Now "inner_scope_uses_eval_" is also set of scopes that call eval themselves.
- AllowLazyParsing doesn't check force_eager_compilation_ anymore.
- Both inner_scope_uses_eval_ and force_eager_compilation_ are propagated
outwards immediately when set.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2269603002
Cr-Commit-Position: refs/heads/master@{#38797}
(40B -> 32B, due to alignment rules. Should be neutral on 32b platforms.)
BUG=v8:4947
Review-Url: https://codereview.chromium.org/2256183005
Cr-Commit-Position: refs/heads/master@{#38794}
Now that -0.0 and 0.0 are ordered by Float64Max and Float64Min, these
two operator are both associative and commutative for all numbers. The
operators would not be associative and commutative for NaNs, but
neither JavaScript nor WebAssembly distinguish between NaNs nowadays.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2263163002
Cr-Commit-Position: refs/heads/master@{#38791}
CallPrinter currently has only a single use, namely to print the call
site when throwing CalledNonCallable (ConstructedNonConstructable)
errors. This ensures that unicode call sites such as "あいう"() are
printed correctly by using an IncrementalStringBuilder internally.
BUG=637167
Review-Url: https://codereview.chromium.org/2265073002
Cr-Commit-Position: refs/heads/master@{#38790}
Disable inlining of Cpp to a direct CEntryStub call when a call would
require argument adaption, i.e. when argument adaption is enabled for
the given function and the actual argument count differs from the formal
parameter count.
This is intended to be a temporary fix until we either disable argument
adaption for all Cpp builtins or add adaption logic to inlined Cpp
builtins.
BUG=chromium:639752
Review-Url: https://codereview.chromium.org/2266893002
Cr-Commit-Position: refs/heads/master@{#38788}
Fix getter/setter typo so we use the correct object in DCHECK.
BUG=
Review-Url: https://codereview.chromium.org/2255713002
Cr-Commit-Position: refs/heads/master@{#38787}
In theory the flag could otherwise be set on a blockscope that might be finalized (removed) before PropagateScopeInfo can propagate the flag around. In that case we'd lose the flag.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2267683002
Cr-Commit-Position: refs/heads/master@{#38781}
This is the only user of outer_scope_calls_sloppy_eval. Inlining it simplifies scope analysis.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2263123002
Cr-Commit-Position: refs/heads/master@{#38779}
Adds InterpreterCompilationJob as a sub-class of
CompilationJob, to enable off-thread bytecode
generation. Currently only used in
Interpreter::MakeBytecode.
As part of this change, CompilationJob is modified
to make it less specific to optimized compilation,
renaming the phases as follows:
- CreateGraph -> PrepareJob
- OptimizeGraph -> ExecuteJob
- GenerateCode -> FinalizeJob
RegisterWeakObjectsInOptimizedCode is also moved out
of CompilationJob and instead becomes a static function
on Compiler.
BUG=v8:5203
Committed: https://crrev.com/1fb6a7e697e8bc5b4af51647553741f966e00cdc
Committed: https://crrev.com/785990e9fc0dd9a9d963d25d0bed2909165e4ca9
Committed: https://crrev.com/d7c6195c4c5cdc080caa74dfe2ae9ecab69bea73
Review-Url: https://codereview.chromium.org/2240463002
Cr-Original-Original-Original-Commit-Position: refs/heads/master@{#38662}
Cr-Original-Original-Commit-Position: refs/heads/master@{#38668}
Cr-Original-Commit-Position: refs/heads/master@{#38725}
Cr-Commit-Position: refs/heads/master@{#38778}
This makes us able to get rid of dependencies to parser.h from places
which only need the ParseInfo, and also gets rid of the curious Parser
<-> Compiler circular dependency.
Also IWYUd where necessary.
BUG=
Review-Url: https://codereview.chromium.org/2268513002
Cr-Commit-Position: refs/heads/master@{#38777}
This fixes the uncommon fallback when Compiler::CompileOptimized fails
creating optimized code and also the underlying SharedFunctionInfo is
not compiled. We make sure not to uselessly regenerate the bytecode.
R=rmcilroy@chromium.org
BUG=chromium:639753
Review-Url: https://codereview.chromium.org/2261123002
Cr-Commit-Position: refs/heads/master@{#38776}
AstGraphBuilder overrides Visit(Expression*) to ensure that even if there is a
stack overflow, a value still gets produced. However, if there was no stack
overflow in the overriden function, but calling
AstVisitor<AstGraphBuilder>::Visit(expr) pushes us over the stack limit, then
the stack overflow check in that function will return without visiting the
expression, and the result will never get pushed.
To fix this, we add a new VisitNoStackOverflowCheck function which avoids the
inner stack check, and call that instead.
Since this depends on the size of C++ stack frames, there is no reliable test
I can add, however regress-635429.js exibits this behavior after
https://codereview.chromium.org/2240463002/ lands.
Review-Url: https://codereview.chromium.org/2262703002
Cr-Commit-Position: refs/heads/master@{#38774}
This detects loops with integer decrements.
Drive-by fix: Add lower bounds to lower_bounds
zone vector instead of upper_bounds.
BUG=
Review-Url: https://codereview.chromium.org/2260153002
Cr-Commit-Position: refs/heads/master@{#38772}
Now it just relies on NeedsContext and hence is guaranteed to be in sync.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2262133002
Cr-Commit-Position: refs/heads/master@{#38771}
Rebuilding (after touching certain files) is crazy slow because
includes are out of control.
Fixing it:
- Don't include stuff in headers unless necessary.
- Include the stuff you need, not some other stuff that happens to include the
stuff you need.
BUG=v8:5294
Review-Url: https://codereview.chromium.org/2258603003
Cr-Commit-Position: refs/heads/master@{#38770}
This adds cached versions of the DeoptimizeIf, DeoptimizeUnless and
Deoptimize operators that occur most often in various benchmarks.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2266743002
Cr-Commit-Position: refs/heads/master@{#38769}
parser and the preparser, so that they contain the same set of methods,
with the same signatures. It mainly flags some traits methods as const.
It also contains a small cosmetic change in the definition of CHECK_OK.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2258123002
Cr-Commit-Position: refs/heads/master@{#38767}
This patch simply reorders the elements of classes ParserTraits
and PreParserTraits (mainly method headers), so that in both
classes the elements are defined in the same order. This is
useful for easily verifying the consistency between these two
classes.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2264483003
Cr-Commit-Position: refs/heads/master@{#38766}
This patch subsumes CoverInitializedNameProduction to create an ObjectLiteralProduction which is now used to report the duplicate proto error as well.
This patch also changes ObjectLiteralChecker::CheckProperty
to record an ObjectLiteralProduction error instead of
bailing out immediately. Once we realize that we're in a
pattern, we rewind the error, otherwise we report the
error.
BUG=v8:5121
Review-Url: https://codereview.chromium.org/2255353002
Cr-Commit-Position: refs/heads/master@{#38764}
Also removed the "StandardProductions" enum value as its name is unhelpful
in deciding when to use it (and it only had a single reference).
R=gsathya@chromium.org
Review-Url: https://codereview.chromium.org/2260183003
Cr-Commit-Position: refs/heads/master@{#38763}
Currently when redefining eval or arguments in non-simple parameter list and
destructuring binding, V8 doesn't throw any error, this patch fixes it.
BUG=v8:5201
LOG=N
Review-Url: https://codereview.chromium.org/2185223002
Cr-Commit-Position: refs/heads/master@{#38762}
This is only needed to set a flag on the SharedFunctionInfo generated for a function literal. Hence we only need it in 1 scope, and only read it once. Recursing in that case will be more efficient than always tracking it.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2261693002
Cr-Commit-Position: refs/heads/master@{#38761}
Record which asm.js stdlib members are used and add a check that NaN is actually correctly set. Other stdlib members to be added in a later change.
Also add a stdlib argument to Wasm.instantiateModuleFromAsm, in preparation for that function to be replaced by normal asm.js instantiation.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
LOG=N
R=jpp@chromium.org,titzer@chromium.org
Review-Url: https://codereview.chromium.org/2251433002
Cr-Commit-Position: refs/heads/master@{#38760}
While they have not been observed to slow down real-world use cases,
some blink_layout microbenchmarks feel better with these methods
disabled. In order to be concervative at the launch time, lift
the CFI defense for these methods.
8/10 of these methods will become much faster when an optimization
proposed in https://crbug.com/638056 -- we only need to load vptr
once (before the loop) and have a single CFI check instead of
a check per iteration.
BUG=638056,634139
Review-Url: https://codereview.chromium.org/2258003002
Cr-Commit-Position: refs/heads/master@{#38759}
This isn't the most elegant fix, but I'd prefer to not rework the logic
right now. What happens is:
- Most parts of the Scanner use nullptr to mean, no literal buffer.
- The bookmarking logic may end up with a state where there's a non-nullptr
literal buffer, but it's empty. (length 0)
- These are functionally equivalent, so there's no 'real' bug.
- But it makes it hard to reason. This patch hence checks for length-0
literal buffers, and uses nullptr instead.
R=marja@chromium.org
BUG=chromium:639191 v8:4947
Review-Url: https://codereview.chromium.org/2258073003
Cr-Commit-Position: refs/heads/master@{#38756}
Version 0 dense arrays cannot be deserialized by current Chromium, which
suggests that this is not necessary.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2256413002
Cr-Commit-Position: refs/heads/master@{#38754}
Implement Neg_d and Neg_s in macro-assembler.
Floating point negate instructions are removed in release 6.
On r2, these instructoin do not change the sign of NaN operands.
TEST=cctest/test-run-wasm/RunWasmCompiled_Float32Neg, cctest/test-run-wasm/RunWasmCompiled_Float64Neg
BUG=
Review-Url: https://codereview.chromium.org/2256963003
Cr-Commit-Position: refs/heads/master@{#38749}
This fixes the self-healing mechanism for closures in the interpreter
entry trampoline not that bytecode can be preserved even when baseline
code is already available.
R=rmcilroy@chromium.org
TEST=cctest/test-compiler/IgnitionEntryTrampolineSelfHealing
BUG=chromium:638225
Review-Url: https://codereview.chromium.org/2257143002
Cr-Commit-Position: refs/heads/master@{#38747}
Unify the representation selection rules for NumberAdd/Subtract and
SpeculativeNumberAdd/Subtract wrt. Int32Add/Sub selection. We can
safely use Int32Add/Sub as long as the inputs are in the safe additive
integer range and the output is either truncated to Word32 or provably
in Signed32 or Unsigned32 range.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2253293005
Cr-Commit-Position: refs/heads/master@{#38746}
Changes the control flow builder classes to make use of the
BytecodeLabels helper class.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2254493002
Cr-Commit-Position: refs/heads/master@{#38744}
Rebuilding (after touching certain files) is crazy slow because
includes are out of control.
Fixing it:
- Don't include stuff in headers unless necessary.
- Include the stuff you need, not some other stuff that happens to include the
stuff you need.
BUG=v8:5294
Review-Url: https://codereview.chromium.org/2260483002
Cr-Commit-Position: refs/heads/master@{#38740}
Reason for revert:
Tanks octane
Original issue's description:
> [heap] Improve size profiling for ArrayBuffer tracking
>
> Eagerly account for retained sizes during ArrayBuffer tracking. Following up on this,
> we can now do Scavenges if the amount of memory retained from new space is too large.
>
> BUG=chromium:621829
> R=jochen@chromium.org,hpayer@chromium.org
>
> Committed: https://crrev.com/28e13bd6a75c9467dae43043e7b741a1387d5252
> Cr-Commit-Position: refs/heads/master@{#38731}
TBR=jochen@chromium.org,hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:621829
Review-Url: https://codereview.chromium.org/2261513003
Cr-Commit-Position: refs/heads/master@{#38739}
This patch refactors the traits objects, used by the parser and the
preparser, so that they contain the same set of methods, with the same
signatures.
R=adamk@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2179423002
Cr-Commit-Position: refs/heads/master@{#38736}
The current "dense" format is not expressive enough to distinguish between
an element that is not defined and one that has the value "undefined",
but in this CL the existing behaviour of Blink is used for such cases.
Format changes to fix these issues could be made later on.
Not included in this CL is compatibility with version 0 arrays.
Those will be implemented in a separate CL.
BUG=chromium:148757
Committed: https://crrev.com/2e000127df2e88e31d352ef70af397741d1f2298
Review-Url: https://codereview.chromium.org/2259633002
Cr-Original-Commit-Position: refs/heads/master@{#38729}
Cr-Commit-Position: refs/heads/master@{#38732}
Eagerly account for retained sizes during ArrayBuffer tracking. Following up on this,
we can now do Scavenges if the amount of memory retained from new space is too large.
BUG=chromium:621829
R=jochen@chromium.org,hpayer@chromium.org
Review-Url: https://codereview.chromium.org/2210263002
Cr-Commit-Position: refs/heads/master@{#38731}
Reason for revert:
Broke MIPS compile due to an uninitialization warning:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/3110/steps/compile/logs/stdio
Original issue's description:
> Blink-compatible serialization of arrays, both dense and sparse.
>
> The current "dense" format is not expressive enough to distinguish between
> an element that is not defined and one that has the value "undefined",
> but in this CL the existing behaviour of Blink is used for such cases.
> Format changes to fix these issues could be made later on.
>
> Not included in this CL is compatibility with version 0 arrays.
> Those will be implemented in a separate CL.
>
> BUG=chromium:148757
>
> Committed: https://crrev.com/2e000127df2e88e31d352ef70af397741d1f2298
> Cr-Commit-Position: refs/heads/master@{#38729}
TBR=jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2255313002
Cr-Commit-Position: refs/heads/master@{#38730}
The current "dense" format is not expressive enough to distinguish between
an element that is not defined and one that has the value "undefined",
but in this CL the existing behaviour of Blink is used for such cases.
Format changes to fix these issues could be made later on.
Not included in this CL is compatibility with version 0 arrays.
Those will be implemented in a separate CL.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2259633002
Cr-Commit-Position: refs/heads/master@{#38729}
Reason for revert:
Revert again...
Original issue's description:
> [Interpreter] Introduce InterpreterCompilationJob
>
> Adds InterpreterCompilationJob as a sub-class of
> CompilationJob, to enable off-thread bytecode
> generation. Currently only used in
> Interpreter::MakeBytecode.
>
> As part of this change, CompilationJob is modified
> to make it less specific to optimized compilation,
> renaming the phases as follows:
> - CreateGraph -> PrepareJob
> - OptimizeGraph -> ExecuteJob
> - GenerateCode -> FinalizeJob
>
> RegisterWeakObjectsInOptimizedCode is also moved out
> of CompilationJob and instead becomes a static function
> on Compiler.
>
> BUG=v8:5203
>
> Committed: https://crrev.com/1fb6a7e697e8bc5b4af51647553741f966e00cdc
> Committed: https://crrev.com/785990e9fc0dd9a9d963d25d0bed2909165e4ca9
> Committed: https://crrev.com/d7c6195c4c5cdc080caa74dfe2ae9ecab69bea73
> Cr-Original-Original-Commit-Position: refs/heads/master@{#38662}
> Cr-Original-Commit-Position: refs/heads/master@{#38668}
> Cr-Commit-Position: refs/heads/master@{#38725}
TBR=mstarzinger@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2260583002
Cr-Commit-Position: refs/heads/master@{#38727}
One more bytecode to pass info through to TurboFan.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2260473003
Cr-Commit-Position: refs/heads/master@{#38726}
Adds InterpreterCompilationJob as a sub-class of
CompilationJob, to enable off-thread bytecode
generation. Currently only used in
Interpreter::MakeBytecode.
As part of this change, CompilationJob is modified
to make it less specific to optimized compilation,
renaming the phases as follows:
- CreateGraph -> PrepareJob
- OptimizeGraph -> ExecuteJob
- GenerateCode -> FinalizeJob
RegisterWeakObjectsInOptimizedCode is also moved out
of CompilationJob and instead becomes a static function
on Compiler.
BUG=v8:5203
Committed: https://crrev.com/1fb6a7e697e8bc5b4af51647553741f966e00cdc
Committed: https://crrev.com/785990e9fc0dd9a9d963d25d0bed2909165e4ca9
Review-Url: https://codereview.chromium.org/2240463002
Cr-Original-Original-Commit-Position: refs/heads/master@{#38662}
Cr-Original-Commit-Position: refs/heads/master@{#38668}
Cr-Commit-Position: refs/heads/master@{#38725}
Use bool is_strict_ to encode language_mode in scopes using a single bit.
BUG=
Review-Url: https://codereview.chromium.org/2261463002
Cr-Commit-Position: refs/heads/master@{#38724}
Generates a JSCreateWithContext node for TurboFan to optimize.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2255793002
Cr-Commit-Position: refs/heads/master@{#38723}
V8 doesn't build on Ubuntu 16.04 (with GCC 5.3). Seems to be
a known regression on newer GCC version. It emits incorrect
"error: array subscript is above array bounds" message. Adding
explicit array bound check fixes the issue.
R=hablich@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2256113002
Cr-Commit-Position: refs/heads/master@{#38721}
The machine types were incorrect for the runtime function and argument
count parameters. The latter was introduced in 3e2085eb, while the
former seems to always have been wrong.
This was not an issue so far because GetRuntimeCallDescriptor was only
called after the representation selection phase and thus the machine
type was ignored.
R=jarin@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2250863004
Cr-Commit-Position: refs/heads/master@{#38720}
Initialize Code::builtin_index to -1. This ensures that it is
non-negative for builtin code objects (since it is set by
Builtins::SetUp), and -1 for everything else.
BUG=
Review-Url: https://codereview.chromium.org/2254193002
Cr-Commit-Position: refs/heads/master@{#38719}
As required by the spec, ToJS now throws a TypeError fit I64 values
instead of truncating the I64 value to I32. To throw a TypeError I
introduced a new runtime function because the existing
Runtime::kThrowWasmError does not throw a TypeError. Since we have calls
to two runtime functions now, and an additional one is needed for stack
checks, I extracted the call to runtime functions into a helper function.
R=titzer@chromium.org
TEST=mjsunit/wasm/ffi-error.js:I64InSignatureThrows
Review-Url: https://codereview.chromium.org/2254803002
Cr-Commit-Position: refs/heads/master@{#38718}
Adds support for dumping the stack on Windows. Also enables in-process
stack dumping in d8 to dump the stack on exceptions and signals.
This CL changes the format of stack dumps from:
1: V8_Fatal
2: 0x1ac6ba5
3: v8::internal::interpreter::BytecodeGenerator::Visit(v8::internal::AstNode*)
4: v8::internal::interpreter::BytecodeGenerator::VisitForAccumulatorValue(v8::internal::Expression*)
...
To:
./out/x64.debug/d8(v8::base::debug::StackTrace::StackTrace()+0x1e) [0x1c6ee5e]
./out/x64.debug/d8() [0x1c6ede5]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x10330) [0x7fa01193e330]
./out/x64.debug/d8(v8::base::OS::Abort()+0x12) [0x1c6cea2]
./out/x64.debug/d8() [0x1c67538]
./out/x64.debug/d8() [0x1ac80b5]
./out/x64.debug/d8(v8::internal::interpreter::BytecodeGenerator
::Visit(v8::internal::AstNode*)+0x3cb) [0x1ac323b]
./out/x64.debug/d8(v8::internal::interpreter::BytecodeGenerator
::VisitForAccumulatorValue(v8::internal::Expression*)+0x40) [0x1ac2570]
Review-Url: https://codereview.chromium.org/2248393002
Cr-Commit-Position: refs/heads/master@{#38717}
Removes all accesses to the Isolate during bytecode generation and the
bytecode pipeline. Adds an DisallowIsolateAccessScope which is used to
enforce this invariant within the BytecodeGenerator.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2242193002
Cr-Commit-Position: refs/heads/master@{#38716}
- Avoid unmapping of new space pages while sweeping using a delayed list that
gets emptied upon the next call to the unmapper.
BUG=chromium:628984
R=hpayer@chromium.org
This reverts commit 4a1f2807d6.
Review-Url: https://codereview.chromium.org/2255153002
Cr-Commit-Position: refs/heads/master@{#38715}
Reason for revert:
The barrier in newspace is still needed.
Original issue's description:
> [heap] Don't unmap new space pages while sweeping is active
>
> - The barrier for scavenge only checked for whether new space pages were swept.
> This is not enough as a concurrent task could still hang right before trying to
> lock the page for sweeping. Remove the barrier completely.
> - Avoid unmapping of new space pages while sweeping using a delayed list that
> gets emptied upon the next call to the unmapper.
>
> BUG=chromium:628984
> R=hpayer@chromium.org
>
> Committed: https://crrev.com/982b399423e6bd941cabb2b825031cd8d5eb4980
> Cr-Commit-Position: refs/heads/master@{#38710}
TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:628984
Review-Url: https://codereview.chromium.org/2244233007
Cr-Commit-Position: refs/heads/master@{#38712}
We were missing this optimization in a few cases because TruncateInt64ToInt32 was also interfering.
Also removed the equivalent from simplified-lowering.cc, as the arm64 instruction selector has a similar optimization.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2252333002
Cr-Commit-Position: refs/heads/master@{#38711}
- The barrier for scavenge only checked for whether new space pages were swept.
This is not enough as a concurrent task could still hang right before trying to
lock the page for sweeping. Remove the barrier completely.
- Avoid unmapping of new space pages while sweeping using a delayed list that
gets emptied upon the next call to the unmapper.
BUG=chromium:628984
R=hpayer@chromium.org
Review-Url: https://codereview.chromium.org/2250423002
Cr-Commit-Position: refs/heads/master@{#38710}
This fixes canonicalization of {SharedFunctionInfo} objects in the
{Compiler::GetSharedFunctionInfo} method when bytecode is preserved.
Eager compilation is only triggered when no code is present.
R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-638551
BUG=chromium:638551
Review-Url: https://codereview.chromium.org/2245263006
Cr-Commit-Position: refs/heads/master@{#38709}
Rebuilding (after touching certain files) is crazy slow because
includes are out of control.
Fixing it:
- Don't include stuff in headers unless necessary.
- Include the stuff you need, not some other stuff that happens to include the
stuff you need.
BUG=v8:5294
Review-Url: https://codereview.chromium.org/2246203005
Cr-Commit-Position: refs/heads/master@{#38708}
This moves the module_descriptor_ field to that subclass, as well as other module-only methods.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2252223002
Cr-Commit-Position: refs/heads/master@{#38703}
Reason for revert:
Performance regressions in Gameboy, Life, CodeLoad and others. See crbug.com/638210.
Original issue's description:
> Refactor data structures for simple stack traces
>
> Simple stack traces are captured through Isolate::CaptureSimpleStackTrace.
> Captured frames are stored in a FixedArray, which in turn is stored as a
> property (using a private symbol) on the error object itself. Actual formatting
> of the textual stack trace is done lazily when the user reads the stack
> property of the error object.
>
> This would involve many conversions back and forth between index-encoded raw
> data (receiver, function, offset and code), JS CallSite objects, and C++
> CallSite objects.
>
> This commit refactors the C++ CallSite class into a Struct class called
> StackTraceFrame, which is the new single point of truth frame information.
> Isolate::CaptureSimpleStackTrace stores an array of StackTraceFrames, and JS
> CallSite objects (now created only when the user specifies custom stack trace
> formatting through Error.prepareStackTrace) internally only store a reference
> to a StackTraceFrame.
>
> BUG=
>
> Committed: https://crrev.com/b4c1aefb9c369f1a33a6ca94a5de9b06ea4bf5c4
> Cr-Commit-Position: refs/heads/master@{#38645}
TBR=yangguo@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review-Url: https://codereview.chromium.org/2252783007
Cr-Commit-Position: refs/heads/master@{#38700}
They were not using it for anything. Block and FunctionLiteral need the
Zone, others don't.
BUG=
Review-Url: https://codereview.chromium.org/2249783004
Cr-Commit-Position: refs/heads/master@{#38699}
Ensures SMI values have SMI type even if they have a dot (e.g., 1.0).
Adds SMI_WITH_DOT type to maintain this.
BUG=chromium:638134
Review-Url: https://codereview.chromium.org/2248693005
Cr-Commit-Position: refs/heads/master@{#38698}
Fixed ExtraICStateField which used 1 bits more than were available
BUG=
Review-Url: https://codereview.chromium.org/2258473002
Cr-Commit-Position: refs/heads/master@{#38697}
This fixes the case where a module is instantiated twice via the same
closure when in the meantime another closure has destroyed and removed
the WASM data attached to the SharedFunctionInfo.
R=bradnelson@chromium.org
TEST=mjsunit/asm/asm-validation
BUG=v8:4203
Review-Url: https://codereview.chromium.org/2253613004
Cr-Commit-Position: refs/heads/master@{#38696}
Language tags with Unicode extensions can have multiple subtags
for a key (e.g. -ca-ismalic-civil has 'islamic-civi' for 'ca').
BUG=v8:4749
TEST=intl/date-format/calendar-with-multiple-type-subtags.js
Review-Url: https://codereview.chromium.org/2248563003
Cr-Commit-Position: refs/heads/master@{#38692}
Reason for revert:
WebGL tests have been updated and rolled (at https://codereview.chromium.org/2227023002), so this should no longer fail outdated tests.
Original issue's description:
> Revert of Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex. (patchset #8 id:140001 of https://codereview.chromium.org/2090353003/ )
>
> Reason for revert:
> Speculative revert to unblock roll: https://codereview.chromium.org/2107223003/
>
> Original issue's description:
> > Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex.
> >
> > The spec was modified to relax some requirements which implementors had not been
> > enforcing. Part of this process involved introducing a new abstract operation
> > ToIndex, which had partial overlap with our existing semantics as well as some
> > differences (most notably treating undefined as 0). Test262 tests were introduced to
> > check for the new semantics, some of which we were failing. This patch amends the
> > parts of our implementation corresponding to specification algorithms which use
> > ToIndex to follow its semantics precisely.
> >
> > BUG=v8:4784,v8:5120
> >
> > Committed: https://crrev.com/09720349ea058d178521ec58d0a5676443a5a132
> > Cr-Commit-Position: refs/heads/master@{#37406}
>
> TBR=littledan@chromium.org,adamk@chromium.org,bakkot@google.com
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4784,v8:5120
>
> Committed: https://crrev.com/b1f7f1f4e41a723d5f997738a07e35a031713b8f
> Cr-Commit-Position: refs/heads/master@{#37417}
TBR=littledan@chromium.org,adamk@chromium.org,hablich@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4784,v8:5120
Review-Url: https://codereview.chromium.org/2247073004
Cr-Commit-Position: refs/heads/master@{#38689}
Our previous per-arch instantiation thunks for asm.js
didn't support modules that had or were called with anything other
than 3 arguments. Adding support for this.
Addding a runtime test method to check if asm validation succeeded.
Adding a test of validation with different argument count combinations.
R=mstarzinger@chromium.org
TEST=mjsunit/asm/asm-validator.js
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
Review-Url: https://codereview.chromium.org/2229723002
Cr-Commit-Position: refs/heads/master@{#38688}
The "version 0" format did not deal with references, and used a stack model to
deserialize objects (conceptually, a postorder tree traversal). This requires
an explicit stack, so special logic is added to decode this format.
All subsequent versions also put an object marker at the beginning, which is
equivalent to how the current version serializes.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2248893003
Cr-Commit-Position: refs/heads/master@{#38686}
Async functions are implemented via special generator functions; special in the
sense that they generally do not immediately yield. However, our generators
implementation still assumed that every generator function initially yields
(concretely: before doing the state dispatch in a loop header). This CL fixes
that.
R=littledan@chromium.org, rmcilroy@chromium.org
BUG=chromium:638019
Review-Url: https://codereview.chromium.org/2253033002
Cr-Commit-Position: refs/heads/master@{#38684}
As part of this CL, object reference tracking is implemented (and tested with a
self-referential object). This sort of reference tracking will be shared with
other receivers (array, date, regexp and host objects).
Not included in this CL is compatibility with version-0 objects (which don't
support a non-tree object graph, and require a little stack to correctly
deserialize).
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2246093003
Cr-Commit-Position: refs/heads/master@{#38683}
The Smi case was updating the feedback with a bitwise AND instead of a bitwise OR. This was causing feedback that should have been 'kAny' to be erroneusly reported as 'kSignedSmall'.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2251863004
Cr-Commit-Position: refs/heads/master@{#38682}
We mark an object allocated as uninitialized. If we happen to have a GC before
fields of a map are written, msan will observe access to unitialized memory and
crash.
This also unifies the handling as we now deal with all spaces in the same way.
In future we could parallelize clearing.
BUG=chromium:638226
R=hpayer@chromium.org
Review-Url: https://codereview.chromium.org/2251993002
Cr-Commit-Position: refs/heads/master@{#38681}
Fix 2cf2eef77b
Fix test failures with tests working on external Uint32 arrays. Problem
started to appear because Uint32 value was compared using Int32 compare
operators in ChangeUint32ToTagged. On MIPS64. Uint32 value is not sign-
extended, so upper 32 bits of this value are zero. MIPS64 doesn't have
Word32Compare instructions but uses Word64Compare instructions in
combination with properly sign-extended Int32 values.
BUG=cctest/test-api/Uint32Array,cctest/test-api/SharedUint32Array,
cctest/test-api/FixedUint32Array,mjsunit/compiler/uint32
Review-Url: https://codereview.chromium.org/2231053002
Cr-Commit-Position: refs/heads/master@{#38680}
This removes the representation axis from the type of {Load/StoreField}
operators representing a property load/store. The representation would
be narrowed to {None} which causes problems for all places where we use
the type to reason about the value representation. Instead we should
fully switch to {MachineRepresentation}. This is just a stop-gap fix.
R=jarin@chromium.org
BUG=chromium:636716
Review-Url: https://codereview.chromium.org/2255533003
Cr-Commit-Position: refs/heads/master@{#38678}
1, restrict use of LiteralBuffers to the tokens that actually need it.
- E.g., previously the Token::FUNCTION would have a literal buffer
containing "function", which was never actually used.
- This eliminates copies of the string data for every call to
PeekAhead or SetBookmark.
2, document & enforce the "secret" Scanner API contract w/ DCHECK
- Document & check the correspondence of token value and literal buffer.
- Document & check preconditions for calling PeekAhead, ScanRegExp*,
ScanTemplate*.
BUG=v8:4947
Review-Url: https://codereview.chromium.org/2240513003
Cr-Commit-Position: refs/heads/master@{#38677}
Now that all backends use the source position builder to record source
positions, simplify the code line logging events to take a source
position table on code creation. This means that the source position
table builder no longer needs to access the isolate until the table is
generated. This is required for off-thread bytecode generation.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2248673002
Cr-Commit-Position: refs/heads/master@{#38676}
At the moment, two NumberConstant nodes get different type even if their
value is the same because we always allocate a new heap number for
each number constant. This can lead to replacing a node with a node of
disjoint type in value numbering, which can result in incorrect code
down the line because of inconsistent types.
This fix makes sure that we only replace a node with a sub-type
node. Once we introduce a proper type for number constants, we can
move back to the intersection typing in value numbering.
Unfortunately, it is quite hard to write a repro for this because we cache NumberConstant nodes. We only throw away cached values that have too many conflicts (>5), so the test has to contain values that fall into the same bucket. That's where the magic floating point numbers in the test come from (they have the same low 8-bits of their hashes).
BUG=chromium:633497
Review-Url: https://codereview.chromium.org/2251833002
Cr-Commit-Position: refs/heads/master@{#38675}
This CL removes the optional operator flag of Float64Max and Float64Min.
Additionally it renames the instruction codes on x64 and ia32 because
the old instructions codes (e.g. SSEFloat64Max) do not match the
generated code anymore.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2237813002
Cr-Commit-Position: refs/heads/master@{#38674}
Reason for revert:
Breaks Win64 bot
Original issue's description:
> [Interpreter] Introduce InterpreterCompilationJob
>
> Adds InterpreterCompilationJob as a sub-class of
> CompilationJob, to enable off-thread bytecode
> generation. Currently only used in
> Interpreter::MakeBytecode.
>
> As part of this change, CompilationJob is modified
> to make it less specific to optimized compilation,
> renaming the phases as follows:
> - CreateGraph -> PrepareJob
> - OptimizeGraph -> ExecuteJob
> - GenerateCode -> FinalizeJob
>
> RegisterWeakObjectsInOptimizedCode is also moved out
> of CompilationJob and instead becomes a static function
> on Compiler.
>
> BUG=v8:5203
>
> Committed: https://crrev.com/1fb6a7e697e8bc5b4af51647553741f966e00cdc
> Committed: https://crrev.com/785990e9fc0dd9a9d963d25d0bed2909165e4ca9
> Cr-Original-Commit-Position: refs/heads/master@{#38662}
> Cr-Commit-Position: refs/heads/master@{#38668}
TBR=mstarzinger@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2251673003
Cr-Commit-Position: refs/heads/master@{#38669}
Adds InterpreterCompilationJob as a sub-class of
CompilationJob, to enable off-thread bytecode
generation. Currently only used in
Interpreter::MakeBytecode.
As part of this change, CompilationJob is modified
to make it less specific to optimized compilation,
renaming the phases as follows:
- CreateGraph -> PrepareJob
- OptimizeGraph -> ExecuteJob
- GenerateCode -> FinalizeJob
RegisterWeakObjectsInOptimizedCode is also moved out
of CompilationJob and instead becomes a static function
on Compiler.
BUG=v8:5203
Committed: https://crrev.com/1fb6a7e697e8bc5b4af51647553741f966e00cdc
Review-Url: https://codereview.chromium.org/2240463002
Cr-Original-Commit-Position: refs/heads/master@{#38662}
Cr-Commit-Position: refs/heads/master@{#38668}
Reason for revert:
Failing on Win64 bot:
https://build.chromium.org/p/client.v8/builders/V8%20Win64/builds/12061/steps/Check/logs/regress-635429
Original issue's description:
> [Interpreter] Introduce InterpreterCompilationJob
>
> Adds InterpreterCompilationJob as a sub-class of
> CompilationJob, to enable off-thread bytecode
> generation. Currently only used in
> Interpreter::MakeBytecode.
>
> As part of this change, CompilationJob is modified
> to make it less specific to optimized compilation,
> renaming the phases as follows:
> - CreateGraph -> PrepareJob
> - OptimizeGraph -> ExecuteJob
> - GenerateCode -> FinalizeJob
>
> RegisterWeakObjectsInOptimizedCode is also moved out
> of CompilationJob and instead becomes a static function
> on Compiler.
>
> BUG=v8:5203
>
> Committed: https://crrev.com/1fb6a7e697e8bc5b4af51647553741f966e00cdc
> Cr-Commit-Position: refs/heads/master@{#38662}
TBR=mstarzinger@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2249153002
Cr-Commit-Position: refs/heads/master@{#38663}
Adds InterpreterCompilationJob as a sub-class of
CompilationJob, to enable off-thread bytecode
generation. Currently only used in
Interpreter::MakeBytecode.
As part of this change, CompilationJob is modified
to make it less specific to optimized compilation,
renaming the phases as follows:
- CreateGraph -> PrepareJob
- OptimizeGraph -> ExecuteJob
- GenerateCode -> FinalizeJob
RegisterWeakObjectsInOptimizedCode is also moved out
of CompilationJob and instead becomes a static function
on Compiler.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2240463002
Cr-Commit-Position: refs/heads/master@{#38662}
Port 77c9cb8341.
Original commit message:
This commit fixes wasm little-endian load issue on big-endian platform
by introducing reverse byte operation immediately after a load.
BUG=
Review-Url: https://codereview.chromium.org/2235703002
Cr-Commit-Position: refs/heads/master@{#38660}
There was a weird check in AllocateNonParameterLocal which looked
like ".result" was treated differently from other
temporaries. This couldn't be generalized to other temporaries,
since some temporaries were both in temps_ and params_ (and some,
like ".result" would be only in params_).
Side product: Don't use AstValueFactory in scope analysis. It's
unnecessary (was only used for some DCHECKs which can be replaced
with more general checks). This change also ensures we don't
create new values during scope analysis.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2242783002
Cr-Commit-Position: refs/heads/master@{#38655}
Port d61a5c376b
Original commit message:
As a first step I uncommit the memory on the main thread. Also
to measure impact and stability of that optimization. In a
follow-up CL, the uncommitting should be moved on the concurrent thread.
R=jochen@chromium.org, hpayer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2245703002
Cr-Commit-Position: refs/heads/master@{#38654}
Slots in ConsString/SlicedString can point to an evacutaion candidate.
The MakeExternal function makes in-place conversion to external string.
After the conversion we can have a recorded slot containing an external
pointer. As long as the external pointer is aligned, this is not a
problem. We clear the recorded slots to fix verify-heap checks.
BUG=chromium:631969
LOG=NO
Finalizing CL: https://codereview.chromium.org/2199863002/
Review-Url: https://codereview.chromium.org/2242183003
Cr-Commit-Position: refs/heads/master@{#38653}
Allows us to create a corresponding TurboFan node, so TF can
optimize it.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2248633002
Cr-Commit-Position: refs/heads/master@{#38651}
This moves language-mode initialization for MODULE_SCOPE from Scope::SetDefaults to the single constructor that needs to do it. The CL additionally makes it more obvious that scope-info-backed scopes always initialize language-mode unless WITH_SCOPE.
BUG=
Review-Url: https://codereview.chromium.org/2251683002
Cr-Commit-Position: refs/heads/master@{#38650}
This stages the --ignition-preserve-bytecode flag which preserves the
bytecode even when switching to baseline code. It is now implied by the
combined --ignition-staging flag.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2244303003
Cr-Commit-Position: refs/heads/master@{#38648}
Simple stack traces are captured through Isolate::CaptureSimpleStackTrace.
Captured frames are stored in a FixedArray, which in turn is stored as a
property (using a private symbol) on the error object itself. Actual formatting
of the textual stack trace is done lazily when the user reads the stack
property of the error object.
This would involve many conversions back and forth between index-encoded raw
data (receiver, function, offset and code), JS CallSite objects, and C++
CallSite objects.
This commit refactors the C++ CallSite class into a Struct class called
StackTraceFrame, which is the new single point of truth frame information.
Isolate::CaptureSimpleStackTrace stores an array of StackTraceFrames, and JS
CallSite objects (now created only when the user specifies custom stack trace
formatting through Error.prepareStackTrace) internally only store a reference
to a StackTraceFrame.
BUG=
Review-Url: https://codereview.chromium.org/2230953002
Cr-Commit-Position: refs/heads/master@{#38645}
A test exercising the public APIs for wasm serialization and
simulates the serialization scenario - serialize in one isolate, deserialize
in another.
BUG=v8:5072
Review-Url: https://codereview.chromium.org/2249973002
Cr-Commit-Position: refs/heads/master@{#38644}
Removes dependence on InnerArrayIndexOf/InnerArrayLastIndexOf and
reduces type polution caused by sharing these functions between standard
and typed arrays.
BUG=
Review-Url: https://codereview.chromium.org/2243523002
Cr-Commit-Position: refs/heads/master@{#38637}
This includes UTF-8 strings and two-byte strings, both length-delimited
(in bytes, not characters). Two-byte strings are written/read in host byte
order.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2245753002
Cr-Commit-Position: refs/heads/master@{#38636}
Adds TestResultScope and uses it to directly jump/fall through to the
correct branch in expressions used as branch conditions.
Should enable nicer TurboFan-graphs for easier control-flow
transformations in the future.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2242463002
Cr-Commit-Position: refs/heads/master@{#38634}
Removes Variable::is_possibly_eval() and instead stores whether
a call is possibly eval in the Call node's bitfield.
Also removes HandleDereferenceMode since it's no longer used.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2242583003
Cr-Commit-Position: refs/heads/master@{#38633}
This includes unsigned integers (encoded as base-128 varints), signed integers
(ZigZag-encoded, then varint-encoded) and doubles (written in host byte order).
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2232323004
Cr-Commit-Position: refs/heads/master@{#38630}
Throw 'Range Error: invalid string length' when the result of
case mapping is longer than the max string length (kMaxLength in
objects.h = 1 << 28 - 16).
This is for case mapping with ICU.
A new test (case-mapping-slow.js) is added with PASS,SLOW. It's
configured to skip unless arch=x64 and mode=release and not on
simulator.
This is a reattempt to land
https://codereview.chromium.org/2236593002 that was reverted.
BUG=v8:5271
TEST=intl/general/case-mapping-slow.js with --icu_case_mapping
Review-Url: https://codereview.chromium.org/2236963003
Cr-Commit-Position: refs/heads/master@{#38626}
The hand-written KeyedLoadIC_Megamorphic stub didn't care about JSArray
lengths, which made it lenient towards said lengths being wrong, but it
will soon fix that bug and thereby become more strict.
LiveEdit: factory->NewJSArray(capacity) doesn't set a length, so set it
manually.
RegExp: to avoid having to take care of array length updating in the
RegExpExecStub, just use a JSObject instead.
Review-Url: https://codereview.chromium.org/2244673002
Cr-Commit-Position: refs/heads/master@{#38624}
Reason for revert:
Speculative revert to possible performance regressions.
BUG=chromium:635826,chromium:635930
Original issue's description:
> [interpreter] Inline ForInFilter stub.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/2bf0b8c8ed5d0c93982c8c227e93622aceecea16
> Cr-Commit-Position: refs/heads/master@{#38420}
TBR=oth@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2238283002
Cr-Commit-Position: refs/heads/master@{#38623}
This adds a shortcut to the compilation pipeline that makes sure we are
not regenerating bytecode when it has been preserved from a previous
request. This can happen when code flushing removes baseline code,
thereby clearing the entry trampoline but leaving bytecode intact.
R=yangguo@chromium.org
BUG=v8:5265
Review-Url: https://codereview.chromium.org/2241783002
Cr-Commit-Position: refs/heads/master@{#38620}
Also, re-enables the use of the type feedback in BytecodeGraphBuilder.
BUG=v8:5273
LOG=N
Review-Url: https://codereview.chromium.org/2235133003
Cr-Commit-Position: refs/heads/master@{#38618}
This removes some compiler internals as well as some JavaScript specific
helper from the CodeAssembler, by either hiding or moving the support
into the CodeStubAssembler.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2246463002
Cr-Commit-Position: refs/heads/master@{#38617}
This should be faster and should give the same result.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2243783002
Cr-Commit-Position: refs/heads/master@{#38616}
Properly deoptimize if the left hand side of a CheckedInt32Mod is
negative and the result of the operation is zero.
R=jarin@chromium.org
BUG=v8:5286
Review-Url: https://codereview.chromium.org/2243803002
Cr-Commit-Position: refs/heads/master@{#38615}
With --ignition-preserve-bytecode, we don't have the guarantee that
SharedFunctionInfo::abstract_code() returns the code we deopt to.
R=mstarzinger@chromium.org
BUG=v8:5265
Review-Url: https://codereview.chromium.org/2239773003
Cr-Commit-Position: refs/heads/master@{#38614}
This bug was triggered by a very specific combination:
* A context-allocated variable at script scope.
* OSR optimization.
* A scheduled breakpoint, which triggers at stack checks.
Stack checks differ from other possible breakpoint locations in that
the context (among other things) may be in a register and not on the
stack, making it impossible to recover during deoptimization. The
frame_inspector then returns undefined when asked for the context.
In GetFrameDetails, handle this case by omitting all context-allocated
variables.
BUG=v8:5279
Review-Url: https://codereview.chromium.org/2245603002
Cr-Commit-Position: refs/heads/master@{#38611}
Decrease regular heap object size to 400k. In a follow up, we can now get rid of
the new space border page while keeping the 1M minimum new space size.
BUG=chromium:636331
This reverts commit 555c961990.
Review-Url: https://codereview.chromium.org/2232653003
Cr-Commit-Position: refs/heads/master@{#38608}
Reason for revert:
There is a data race in the initialization of the Isolate::random_number_generator()
Original issue's description:
> [turbofan] Split CodeGenerator::GenerateCode into AssembleCode and FinishCodeObject.
>
> This CL splits CodeGenerator::GenerateCode into two new functions:
> AssembleCode and FinishCodeObject. AssembleCode does not access or
> modify the JS heap, which means that AssembleCode can be executed on
> background threads. FinishCodeObject allocates the generated code object
> on the JS heap and therefore has to be executed on the main thread.
>
> Implementation details:
> The GenerateCode function has been split just before out-of-line code is
> assembled. The reason is that code stubs may be generated when
> out-of-line code is assembled, which potentially allocates these code
> stubs on the heap.
>
> - Parts of initialization of the CodeGenerator has been moved from the
> constructor to an Initialize function so that we can instantiate an empty
> CodeGenerator object in PipelineData.
>
> R=bmeurer@chromium.org, mstarzinger@chromium.org, titzer@chromium.org
>
> Committed: https://crrev.com/03058a2187e32cc4080612181802086527c116a2
> Cr-Commit-Position: refs/heads/master@{#38604}
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2240523003
Cr-Commit-Position: refs/heads/master@{#38605}
This CL splits CodeGenerator::GenerateCode into two new functions:
AssembleCode and FinishCodeObject. AssembleCode does not access or
modify the JS heap, which means that AssembleCode can be executed on
background threads. FinishCodeObject allocates the generated code object
on the JS heap and therefore has to be executed on the main thread.
Implementation details:
The GenerateCode function has been split just before out-of-line code is
assembled. The reason is that code stubs may be generated when
out-of-line code is assembled, which potentially allocates these code
stubs on the heap.
- Parts of initialization of the CodeGenerator has been moved from the
constructor to an Initialize function so that we can instantiate an empty
CodeGenerator object in PipelineData.
R=bmeurer@chromium.org, mstarzinger@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2229243003
Cr-Commit-Position: refs/heads/master@{#38604}
This adds a very first version of inlined Array.prototype.push into
TurboFan optimized code. The current inlined version has a potential
deopt loop, but it's unlikely that we hit it currently (Crankshaft
suffers from an even worse problem). Once we have a way to learn from
deopts we can fix this deopt loops.
It's also probably overly defensive in when it's safe to inline
the call to Array.prototype.push, but we can always extend that
later once we have sufficient trust in the implementation and see
an actual need to extend it.
BUG=v8:2229,v8:3952,v8:5267
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2245533003
Cr-Commit-Position: refs/heads/master@{#38603}
A TransitionElementsKind operation is redundant if we already know that
the object has the target_map (independent of what the source_map might
be).
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2233403003
Cr-Commit-Position: refs/heads/master@{#38597}
Previously, we would both instrument the code, and add/remove
BreakPointInfo objects through BreakLocation. This is bad design and
unsuitable for having two different code kinds.
We would now add/remove BreakPointInfo objects, and use that as source
of truth when instrumenting the code. If we have both bytecode and FCG
code, we would simply apply these break points twice to either.
Notable changes:
- Removed many functionality from BreakLocation.
- Instrumentation (patching code for breaks) happens by applying break
point info onto code.
- Instrumentation (code patching) is done by the BreakIterator. For
bytecode, it's BytecodeArrayBreakIterator. For FCG code, it's
CodeBreakIterator.
- Changes to code instrumentation mostly involves clearing current
instrumentation and then (re-)applying break points.
- DebugInfo can now reference both bytecode and FCG code.
R=jgruber@chromium.org, mstarzinger@chromium.org
BUG=v8:5265
Review-Url: https://codereview.chromium.org/2238893002
Cr-Commit-Position: refs/heads/master@{#38596}
port 51e9d5ad2a (r38577)
original commit message:
Use IsPropertyName in VisitObjectLiteral to decide whether to do
a named property store or call SetProperty.
BUG=
Review-Url: https://codereview.chromium.org/2241693002
Cr-Commit-Position: refs/heads/master@{#38595}
So far we only snapshot the payload data for the deserializer, but
not the data for heap reservation or the code stub keys.
At the same time this change turns some CHECKs that fail in the wild
to DCHECKs. We can try turning them back to CHECKs some other time.
TBR=ahaas@chromium.org
BUG=chromium:636876
Review-Url: https://codereview.chromium.org/2237883002
Cr-Commit-Position: refs/heads/master@{#38594}
An invocation of the ToNumber builtin resulting from lowering the
PlainPrimitiveToNumber cannot have any observable side effects and
thus the builtin call itself is eliminatable.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2239923004
Cr-Commit-Position: refs/heads/master@{#38593}
