This CL reuses the logic to determine if out of bounds loads should be allowed
to determine whether in bounds hole loads should be converted to undefined or
handled as IC misses.
bug: v8:8561
Change-Id: I1da859aba082cf21c67e7202b1e308ac4614b64a
Reviewed-on: https://chromium-review.googlesource.com/c/1465182
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Matt Gardner <magardn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#59540}
Using test generators meant that we had to remove the progress indicator since
the total number of tests weren't known before-hand.
This CL implements a progress indicator using test number estimations.
cctest and unittests progress indicator is accurate, however estimating
means the progress will terminate over 100% in big test suites and sometimes
under 100%.
R=machenbach@chromium.org
CC=sergiyb@chromium.org,yangguo@chromium.org
Bug: v8:8769
Change-Id: I40ca5b40f9b1223376d33707f0945900ea98cea3
Reviewed-on: https://chromium-review.googlesource.com/c/1460471
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59538}
The previous change to JSCallReducer::ReduceCallApiFunction regressed
the case a bit where the optimized graph has some knowledge about the
receiver already, but the API callback didn't need any receiver checks,
as in that case we unnecessarily added a ConvertReceiver node. This
change refactors the code to first see if there's information in the
graph about the receiver, and only if none is found, introduce the
ConvertReceiver node.
It also removes the unnecessary context load from the target function,
since the API callback doesn't care about the concrete context, and
we never inline cross native contexts, so using whatever incoming
context we have is perfectly fine (and saves us from unnecessarily
materializing the target just to load the native context off of it).
Drive-by-fix: Remove bogus comment about CallApiCallbackStub parameters.
Bug: v8:8820
Change-Id: Ide1b283d9e448c3f0ae8f2daf4b1ad0202eae09e
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/1466881
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59536}
Testrunner test-suite doesn't have automated tests for the Fuzzer. A significant
change for the testrunner may break the fuzzers. We don't have a way to catch
even the syntax errors for the fuzzer before landing CLs.
This CL creates a rudimentary test-suite that runs the fuzzer without any tests
to see if APIs still work as intended.
R=machenbach@chromium.orgCC=yangguo@chromium.org,sergiyb@chromium.org
No-Try: true
Bug: v8:8763
Change-Id: Ib4519ca093de2af5279964edd164cee04aae77a8
Reviewed-on: https://chromium-review.googlesource.com/c/1466301
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59535}
Implemented branching and merging of Environments to facilitate handling of
conditional and unconditional jumps in the SerializerForBackgroundCompilation.
Added tests and printing helpers for the Environment. The internal structure
of the hints was changed to ZoneSet to support avoiding of duplicates.
Alternative implementation considerations were documented here:
https://docs.google.com/document/d/1vCQYhtFPqXafSMweSnGD8l0TKEIB6cPV5UGMHJtpy8k/edit?ts=5bf7d341#heading=h.jx4br0df5qzmR=neis@chromium.org
Bug: v8:7790
Change-Id: Ib929c75ddb7f7fb290a5ca28d4422680a1514a4f
Reviewed-on: https://chromium-review.googlesource.com/c/1451847
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59534}
... as there's no search involved and there are never multiple names.
Change-Id: Ice88c4d98195e74f6540926b0a1199df62b42da2
Reviewed-on: https://chromium-review.googlesource.com/c/1466645
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59532}
TypedArrayElementsInfo now represents an element's size as a log 2 and typed as
uintptr. This simplifies and speeds up (avoids possible HeapNumber allocations) a
number of calculations:
- Number of Elements (length) -> Byte Length - is now a WordShl
- Byte Length -> Number of Elements (length) - is now a WordShr
- Testing alignment (byte offset or length) - is now a WordAnd
These element/byte length related calculations are encapsulated in
TypedArrayElementsInfo as struct methods.
This reduces the size of CreateTypedArray by 2.125 KB (24%) on Mac x64.release:
- Before: 9,088
- After: 6,896
This improves the performance of the following microbencmarks
- TypedArrays-ConstructWithBuffer: ~87%
- TypedArrays-SubarrayNoSpecies: ~28%
Bug: v8:7161
Change-Id: I2239fd0e0af9d3ad55cd52318088d3c7c913ae44
Reviewed-on: https://chromium-review.googlesource.com/c/1456299
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59531}
Testrunner runs variants of a test sequentially without taking sharding into
account. A slow test with slow variants slows down the whole test run no matter
the sharding configuration.
This CL implements a test hashing algorithm and variant sharding for test
variants.
R=machenbach@chromium.orgCC=yangguo@chromium.org,sergiyb@chromium.org
Bug: v8:8174
Change-Id: I15f8c547fa2f361fb6c53bf8d5df055d3df38d3e
Reviewed-on: https://chromium-review.googlesource.com/c/1458016
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59530}
This CL contains the following changes:
(1) Allocate memory for WasmTables in the WasmInstance.
- We extend the WasmInstance by a FixedArray which stores
references to the WasmTables.
(2) Rename the name of the backing store of WasmTables from `functions`
to `elements`.
- The name `functions` just does not fit anyref tables.
(3) Generate code with TurboFan for table.get and table.set.
(4) Extend wasm-module-builder.js to be able to generate modules with
multiple tables.
(5) Add mjsunit tests to test table.get and table.set.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I44af4838ee7a37b394841a2f673ecae5734a4d1c
Reviewed-on: https://chromium-review.googlesource.com/c/1463519
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59529}
This reverts commit d8a457cbb7.
Reason for revert: I suspect that this caused the recent spike in the crashes on Canary. So, speculatively reverting this to see if things improve. More details on this bug: chromium:931181
Original change's description:
> [global-handles] Do not clear finalization callback on moving
>
> Bug: chromium:923361
> Change-Id: Id4a0f6515f6b17cec2732df561c1e82080dc29c8
> Reviewed-on: https://chromium-review.googlesource.com/c/1462963
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59498}
TBR=ulan@chromium.org,mlippautz@chromium.org
Change-Id: Id4d2f49be2a6a913f51f35db9877c5b098f9e20a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:923361, chromium:931181
Reviewed-on: https://chromium-review.googlesource.com/c/1466646
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59527}
When calling API functions (i.e. Blink C++ DOM methods and accessors)
directly from TurboFan we currently only optimize that to a fast call
via the CallApiCallback builtin when TurboFan is able to find reliable
map information about the receiver in the graph. This is usually only
the case when the call is preceeded by a monomorphic or polymorphic
property access on the receiver, i.e. something like
```js
element.hasAttribute("bar");
```
will work, since the call to the `hasAttribute` method is immediately
preceeded by a `CheckMaps(element)` in the monomorphic/polymorphic case.
However this no longer works when the responsible LOAD_IC was
megamorphic or the method is called via `Function#call()` for example:
```js
const hasAttribute = Element.prototype.hasAttribute;
// ...
hasAttribute.call(element, "bar");
```
This change allows for more optimizations in two cases:
1. When the method accepts any receiver (i.e. no signature type and no
access checks needed), and
2. when we find information about the receiver in the graph, but that
information is not reliable.
For the first case, when the API method accepts any receiver and doesn't
limit it to specific types of receivers (aka no compatible receiver
check is required), we just insert a ConvertReceiver receiver and pass
the result as both the receiver and the holder to the API callback.
For the second case, we lift the current restriction of only supporting
reliable, stable receiver map information, because we only need to know
two things:
a. The Map::constructor field on the root map satisfies the compatible
receiver check.
b. If the receiver is a JSObject, then the "access check needed" bit
is not set (or the API method accepts any receiver).
Both of these cannot change with map transitions. So if at some point in
the past we knew that this held for a given receiver (by looking into
the TurboFan graph), we definitely know that it's still going to hold at
any later point.
Bug: v8:8820
Change-Id: I2316e8a4e2b3b7560e5c5d2b7d1569ebe1d3a1c8
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/1466562
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59526}
Most of the users of InNewSpace actually mean InYoungGeneration.
Subsequent CL will remove InNewSpace to avoid confusion.
Bug: chromium:852420
Tbr: mlippautz@chromium.org
Change-Id: I6234d162d51c215787972e7ada1cd5b804b60fda
Reviewed-on: https://chromium-review.googlesource.com/c/1463521
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59523}
This avoids confusion with the code that is being generated.
R=sigurds@chromium.org
Change-Id: Icb5bd417ca8502553af201654cca1419b9eac87d
Reviewed-on: https://chromium-review.googlesource.com/c/1462001
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59522}
containing smi value and untags it.
This CL finishes up the parity with x64 with regards to
(https://chromium-review.googlesource.com/c/v8/v8/+/1382740)
Bug: v8:7703
Change-Id: I3c88fbbfd3e47e944a6891171d6555f330cd5fd2
Reviewed-on: https://chromium-review.googlesource.com/c/1463523
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59521}
This CL adds the recursive deps of buildtools to the top-level DEPS which is now
mandatory due to the recent changes in the buildtools repo.
R=machenbach@chromium.orgCC=yangguo@chromium.org,sergiyb@chromium.org
Bug: chromium:930050
Change-Id: I0eba652078de75fb22942dd2f5434cd3bd65ada1
Reviewed-on: https://chromium-review.googlesource.com/c/1466302
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59519}
This is a reland of 8683116e64 without
changes. The previous issues should be gone thanks to
ba1d0f25d5.
Original change's description:
> Reland^3 "[turbofan] Use feedback when reducing global loads/stores."
>
> This is a reland of 2d2c137492 without
> changes. Offending chromium tests have been modified.
>
> Original change's description:
> > Reland^2 "[turbofan] Use feedback when reducing global loads/stores."
> >
> > This reverts commit ac85ab0a3d. A
> > chromium test caused trouble and was taken care of in
> > https://chromium-review.googlesource.com/c/1384064.
> >
> > Original change's description:
> > > [turbofan] Use feedback when reducing global loads/stores.
> > >
> > > We already record the script context location or the property cell
> > > as feedback of the global load/store IC, so Turbofan doesn't need
> > > to do the lookups again.
> >
> > TBR=sigurds@chromium.org
> >
> > Change-Id: I58bcd9bceec2f9cf401f7b0fc4460a6da6cd0abc
> > Reviewed-on: https://chromium-review.googlesource.com/c/1386404
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58393}
>
> Change-Id: Ic6734201a6c45f2752488ab44b16859776802f51
> Reviewed-on: https://chromium-review.googlesource.com/c/1408252
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58769}
TBR=bmeurer@chromium.org
Change-Id: I80890e2605711045ec6997843d031b61ea27d5e4
Reviewed-on: https://chromium-review.googlesource.com/c/1463779
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59518}
This CL moves MicrotasksPolicy from Isolate's HandleScopeImplementer
to MicrotaskQueue for better non-default MicrotaskQueue support.
After this:
* MicrotaskPolicy is per-MicrotaskQueue rather than single global one.
* ENTER_V8 runs MicrotaskQueue associated to the current Context, rather
than the default_microtask_queue().
* SuppressMicrotaskExecutionScope and MicrotasksScope are ready to
take MicrotaskQueue parameter, rather than using the default one.
Note that there's no way to use a non-default microtask queue until we
expose it as a V8 API.
Bug: v8:8124
Change-Id: I79cbc53d26d9f3f4cfb7c64d303b12e395b76815
Reviewed-on: https://chromium-review.googlesource.com/c/1429720
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59517}
Currently, PRIVATE_NAME / PrivateIdentifier is not valid in
ObjectLiterals or other places expecting the PropertyName production.
A SyntaxError here prevents an access violation later on when attempting
to dereference a null property key
BUG=v8:8808
R=gsathya@chromium.org, littledan@chromium.org
Change-Id: Idde9c669cb48c1595b83115351a8fe0caed40eef
Reviewed-on: https://chromium-review.googlesource.com/c/1461161
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#59515}
The line number is associated with each sample along with pointer
to the ProfileNode and timeDelta. Once collected line numbers are
streamed as an array of integers in "ProfileChunk" trace events.
If all the line numbers are zero, the array may be omitted. Otherwise
the array length matches length of samples and timeDeltas arrays.
BUG=chromium:925089
Change-Id: I1ef5cd1b208b03bb127f4d17b1efa74c01959542
Reviewed-on: https://chromium-review.googlesource.com/c/1459739
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59514}
This will happen incrementally.
Bug: v8:8553
Change-Id: If92eacf85044bfcbc30d5551b817725c1fe1a937
Reviewed-on: https://chromium-review.googlesource.com/c/1457436
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#59513}
Given a map, its HasNonInstancePrototype bit in bit_field can differ
from the same bit in that map's root map. If that is the case just
return false from the equivalence check. (Currently, we just assert
that bit_field is the same for a map and its root map.)
Bug: chromium:930486
Change-Id: Ic0eb83f80725fb1224e0f97927127e1cb8ad92e6
Reviewed-on: https://chromium-review.googlesource.com/c/1462004
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59508}
Fixes a segfault that occurs when v8::CpuProfilers are restarted caused
by the reuse of a stale CodeEventObserver.
Bug: chromium:929928
Change-Id: I5d5f7eaf5cd903910130cdb0cfec8c3fd6608edd
Reviewed-on: https://chromium-review.googlesource.com/c/1459740
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59506}
The spec specifies that a non-true return values from the trap functions
should be treated as error in the strict mode. With the new lazy feedback
effort inferring the language mode is expensive and causes regression on
these tests. Since the test doesn't actually need to test this, fixing
them to return true would help test the performance of calling the trap
without the unnecessary overhead of inferring the language mode.
Bug: chromium:925289
Change-Id: Ib650c3210ee260296257ae3b56174099a5492675
Reviewed-on: https://chromium-review.googlesource.com/c/1462959
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59505}
The test says that it is testing dictionary mode, but it is only
creating fast mode arrays.
Bug: chromium:852420
Change-Id: I99ccc997aaa87ecf49bddf02e46b7e543f535374
Reviewed-on: https://chromium-review.googlesource.com/c/1462918
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59504}
tagged fields.
Implemented TurboAssembler::StoreTaggedField for tagged fields's store.
Instead of pushes like x64 does, in arm64 do loads due to doing a
load-poke combination rather than just a push.
See https://chromium-review.googlesource.com/c/v8/v8/+/1382740 for the x64
version.
Bug: v8:7703
Change-Id: I79fbba4b03260c0dba5624e990c5af51290b28c6
Reviewed-on: https://chromium-review.googlesource.com/c/1462956
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59502}
This CL introduces TurboAssembler::LoadTaggedPointerField() and
TurboAssembler::LoadAnyTaggedField(), which respectively loads a field
containing a HeapObject, or any tagged value, and decompresses it if necessary.
Bug: v8:7703
Change-Id: I71ace74d7433a3a78d56bdcef6d2ec041df630e4
Reviewed-on: https://chromium-review.googlesource.com/c/1456098
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59501}
Port 9e060e47c6
Original Commit Message:
When BUILDING_V8_SHARED in release builds __declspec(dllexport)
causes generation of implicit constructors in the forwarding class
while its deleted in TurboAssemblerBase, which leads to compilation
errors like:
In file included from gen/v8/v8_base_jumbo_6.cc:41:
In file included from .\../../v8/src/interface-descriptors.cc:7:
In file included from ../../v8\src/macro-assembler.h:40:
../../v8\src/x64/macro-assembler-x64.h(92,9): error: call to deleted constructor of 'v8::internal::TurboAssemblerBase'
: TurboAssemblerBase(std::forward<Args>(args)...) {}
^ ~~~~~~~~~~~~~~~~~~~~~~~~
../../v8\src/x64/macro-assembler-x64.h(536,25): note: in instantiation of function template specialization 'v8::internal::TurboAssembler::TurboAssembler<v8::internal::TurboAssembler>' requested here
class V8_EXPORT_PRIVATE MacroAssembler : public TurboAssembler {
^
../../v8\src/turbo-assembler.h(127,34): note: 'TurboAssemblerBase' has been explicitly marked deleted here
DISALLOW_IMPLICIT_CONSTRUCTORS(TurboAssemblerBase);
^
1 error generated.
The original changes were made in https://chromium-review.googlesource.com/c/v8/v8/+/1414913R=hop2deep@gmail.com, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I2a6e555b028583b89402b257e40757f34f3301c1
Reviewed-on: https://chromium-review.googlesource.com/c/1463179
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#59499}
Then the various methods that take receiver maps don't need to
worry about deprecated maps.
Change-Id: I09c53939275b1af19d54430bfecb23809a4257c2
Reviewed-on: https://chromium-review.googlesource.com/c/1458243
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59496}
When executing the interpreter, we should not try to create compiled
code. Otherwise we cannot implement and test a feature in the
interpreter in isolation.
R=ahaas@chromium.orgCC=fgm@chromium.org
Change-Id: I2074de31650a52b38b2f6e530e20b427d2d1db65
Reviewed-on: https://chromium-review.googlesource.com/c/1462876
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59493}
This CL prepares stack trace capturing for the switch from using
plain StackFrameInfos to StackTraceFrames backed by a FrameArray.
To reuse the caching mechanism, the relevant code is extracted into
a helper, as the CaptureStackTraceHelper class will be removed
in a future CL.
R=jgruber@chromium.org
Bug: v8:8742
Change-Id: I794faac09f414daf7946625606af7d7aa1630cde
Reviewed-on: https://chromium-review.googlesource.com/c/1460473
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59492}
