Use the DEFINE_FIELD_OFFSET_CONSTANTS macro to define the fields in the
BytecodeArray layout description.
Change-Id: I89ff2d7cd967aa1a503cbedd5d95dcd80f4d038c
Reviewed-on: https://chromium-review.googlesource.com/643130
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47713}
Lazy deserialization needs to determine the underlying builtin by looking at
the SharedFunctionInfo.
This packs the builtin_id into the SFI::function_data field, and adds
convenience functions to Code as a drive-by addition.
Bug: v8:6624
Change-Id: I59093815aa6937342302153ebc95dd60edb0064e
Reviewed-on: https://chromium-review.googlesource.com/641490
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47712}
Introduce a proper empty_descriptor_array, which has the proper layout
(length is 2 and the two fields are set properly). Also add a special
EnumCache class and a matching empty_enum_cache. The contract now is
that we only need to check the EnumLength on the map to know whether we
are allowed to use the enum cache. This greatly simplifies the handling
of the enum cache (and also the descriptor arrays), especially for the
future work on optimizing keyed access via the enum cache indices.
Bug: v8:6702
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I5ef517a3041163cd65ef003f691139ea52233e83
Reviewed-on: https://chromium-review.googlesource.com/641030
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47697}
Instead of using a word to store the status of the promise, this
patch uses 2 bit on flags.
Bug: v8:5046
Change-Id: Ic651338230dbe1704c68de8652676f236a3298f0
Reviewed-on: https://chromium-review.googlesource.com/634623
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47628}
This moves Module and other module-related classes and definitions out
of src/objects{.h,-inl.h,.cc} into src/objects/module{.h,-inl.h,.cc}.
Also moves the contents of src/objects/module-info.h there.
R=marja@chromium.org
Bug: v8:1569, v8:5402
Change-Id: I49064bb4a5c5a6f409274c287e06e8dda351d615
Reviewed-on: https://chromium-review.googlesource.com/626818
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47540}
The initialization code of all modules must have been run
before running any module's main code. This should have been
fixed quite a while ago as part of another CL but somehow
wasn't.
In the process of fixing it now, I'm also moving the initialization
phase out of Evaluate into Instantiatiate. This corresponds more
closely to the specification and avoids confusion.
Bug: v8:1569
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I3ea5d6be0f5d371e6a4c641778c51762f1867dc8
Reviewed-on: https://chromium-review.googlesource.com/620653
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47537}
This CL:
- removes the trampoline pc from deoptimization input
data and deoptimization state. This is no longer needed given
that we added this information to the safepoint table in
https://chromium-review.googlesource.com/c/v8/v8/+/596027).
This should also fixed the regression mentioned in
https://bugs.chromium.org/p/chromium/issues/detail?id=752873
- searches for the exception handler in the safepoint table.
- removes the code used for patching which is no longer needed.
Bug: v8:6563
Change-Id: I6cedc18c371f5707b7e0e1a8da409375ce1ebe5e
Reviewed-on: https://chromium-review.googlesource.com/595547
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47507}
LengthAndHashOffset describes the value stored in the offset better.
Bug: v8:6404
Change-Id: Ie5ea2a362c54aa03e0a4e314d1adb8b91d74a044
Reviewed-on: https://chromium-review.googlesource.com/624458
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47503}
Code aging is no longer supported by any remaining compilers now
that full codegen has been removed. This CL removes all vestiges of
code aging.
BUG=v8:6409
Change-Id: I945ebcc20c7c55120550c8ee36188bfa042ea65e
Reviewed-on: https://chromium-review.googlesource.com/619153
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47501}
There's no need for these to be static.
Bug: v8:5717
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia704cdcb9ee9666c7724b78d58c56217cd5876ae
Reviewed-on: https://chromium-review.googlesource.com/624869
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47490}
This no longer causes allocation, so it's safe to unhandlify.
This will allow us to use directly call into C++ (via CallCFunction)
to calculate the hash instead of going through the runtime (via
%GenericHash).
Bug: v8:5717
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia561efb4d89d7a3d10c28913537b45b3ce477bb3
Reviewed-on: https://chromium-review.googlesource.com/624519
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47489}
Change-Id: Icd5dcb9fe58fec7d405e03ca09648d2e426bd204
Reviewed-on: https://chromium-review.googlesource.com/452458
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47465}
This is a reland of decf5750c6
This patch fixes the hash code migration in the backing store
transition case from Smi to PropertyArray in the IC system and
Turbofan. Also, adds tests.
Bug: v8:6413, v8:6404
Original change's description:
> [runtime] Store hash code in length field
>
> Store the hash code in 21 bits of the length field.
>
> Change the GetIdentityHash API to be unhandlified, since there's no
> property lookup anymore.
>
> Update js/ and test/ to match new API and expections.
>
> Bug:
> Change-Id: I8dc75de4021f59e79b45f3f38ec997c3b3687b24
> Reviewed-on: https://chromium-review.googlesource.com/589688
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47259}
Change-Id: I69289113c4b7978c46f6f9373cc972086ecb6822
Bug:
Reviewed-on: https://chromium-review.googlesource.com/614903
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47459}
This removes:
- CodeBreakIterator for FCG code.
- RelocModes for debug breaks.
- Code generator for debug break slots.
- GC support for debug break slots.
- Code flag to indicate code with debug break slots.
- Builtin type DBG.
- Mechanisms to replace FCG code in the debugger and LiveEdit.
- Runtime entry to the debugger from debug break slots.
R=bmeurer@chromium.org, rmcilroy@chromium.org, ulan@chromium.org
Bug: v8:6409
Change-Id: I5662c8800e3ef1b1584ad107bfe0aae26c9d8abb
Reviewed-on: https://chromium-review.googlesource.com/613263
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47364}
Removes the new.target slot from the interpreter's fixed frame. Instead
adds a field to BytecodeArray to get the bytecode's incoming
new.target or generator object register. The InterpreterEntryTrampoline
then sets this register with the incoming new.target (or generator object)
when the function is called. This register can be directly the new.target
or generator object variable if they are LOCAL location, otherwise it is a
temporary register which is then moved to the variable's location during the
function prologue.
This fixes a hack in the deoptimizer where we would set the new.target fixed
slot to undefined in order to avoid extending it's lifetime through the
optimized code - now it's just a standard register and can be optimized away
as normal.
Bug=v8:6644
Change-Id: Ieb8cc34cccefd9fb6634a90cbc77c6002a54f2ae
Reviewed-on: https://chromium-review.googlesource.com/608966
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47320}
Removes the pathways to use Full-Codegen from compiler.cc. Also removes all
paths to optimize using AstGraphBuilder, which relies on Full-codegen.
Cleans up ast-numbering, runtime-profiler and some runtime functions to
remove now dead code.
This makes Full-codegen and AstGraphBuilder dead, but doesn't remove their
code yet, that will be done in a followup CL to keep things reviewable.
BUG=v8:6409
Change-Id: I3901ff17d960b2bb084cef0cb39fa16cb8419881
Reviewed-on: https://chromium-review.googlesource.com/583328
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47277}
The heuristic for deciding whether to normalize elements in a JSArray
should not depend on the current old generation size, for the sake of
predictability. This also wouldn't work when we start inlining this
into optimized code, where we'd bake in the max old generation size
value at the time of optimization.
Bug: v8:6399
Change-Id: Ie30d8855953b8fa97b86b18d9eac6e5de87e5aa9
Reviewed-on: https://chromium-review.googlesource.com/609013
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47272}
Previously we could not support these due to their unique memory layout
including off-heap backing store allocations. We now serialize these
allocations and then fix-up references to them in the PostProcess step
of deserialization.
Bug: v8:6691
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ic215049c06e6ee655bd17c11dfab0d8630568a84
Reviewed-on: https://chromium-review.googlesource.com/597709
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47271}
This reverts commit decf5750c6.
Reason for revert: broken layout tests
Original change's description:
> [runtime] Store hash code in length field
>
> Store the hash code in 21 bits of the length field.
>
> Change the GetIdentityHash API to be unhandlified, since there's no
> property lookup anymore.
>
> Update js/ and test/ to match new API and expections.
>
> Bug:
> Change-Id: I8dc75de4021f59e79b45f3f38ec997c3b3687b24
> Reviewed-on: https://chromium-review.googlesource.com/589688
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47259}
TBR=ulan@chromium.org,jkummerow@chromium.org,mstarzinger@chromium.org,cbruni@chromium.org,gsathya@chromium.org
Change-Id: I32db9c20a51b2401464924cafea502628a0d0b92
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/609322
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47260}
Store the hash code in 21 bits of the length field.
Change the GetIdentityHash API to be unhandlified, since there's no
property lookup anymore.
Update js/ and test/ to match new API and expections.
Bug:
Change-Id: I8dc75de4021f59e79b45f3f38ec997c3b3687b24
Reviewed-on: https://chromium-review.googlesource.com/589688
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47259}
This reverts commit 15ef03cbf3.
Reason for revert: Found the following bugs
Bug: chromium:752846, chromium:752712, chromium:752850
Original change's description:
> Reland "[builtins] Port getting property from Proxy to CSA"
>
> This reland is after fix in [heap] Delete wrong DCHECK.
> It includes moving ProxyGetProperty to its own stub to reduce
> binary size.
>
> This is a reland of 47a97aa53b
> Original change's description:
> > [builtins] Port getting property from Proxy to CSA
> >
> > Bug: v8:6559, v8:6557
> > Change-Id: If6c51f5483adb73ddd2495cede5d85e887a3c298
> > Reviewed-on: https://chromium-review.googlesource.com/589212
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Commit-Queue: Maya Lekova <mslekova@google.com>
> > Cr-Commit-Position: refs/heads/master@{#47113}
>
> Bug: v8:6559, v8:6557
> Change-Id: I76acd97ba1acb62b7e7983db1741441d997050f0
> Reviewed-on: https://chromium-review.googlesource.com/600215
> Commit-Queue: Maya Lekova <mslekova@google.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47159}
TBR=jkummerow@chromium.org,mstarzinger@chromium.org,franzih@chromium.org,jgruber@chromium.org,ishell@chromium.org,bmeurer@chromium.org,mslekova@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I51bef25a031b02cf4deab11282473acae57f1ed3
Reviewed-on: https://chromium-review.googlesource.com/603708
Commit-Queue: Maya Lekova <mslekova@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47200}
The interpreter was not able to call imported wasm functions (hitting
UNIMPLEMENTED). This CL fixes this by creating a "CWasmEntry", which is
signature-specific. It has JS linkage and receives the wasm code object
to call and a buffer containing all arguments (similar to the
interpreter entry). It loads all arguments from the buffer and calls the
given code object.
The c-wasm-entry code objects are cached per instance, such that we
only create them once per signature.
These wasm entry stubs will also allow us to call back to compiled code
from the interpreter, which we might want to do to reduce the slowdown
of executing wasm for debugging.
R=titzer@chromium.org
Bug: chromium:735792
Change-Id: I7fecec3a7bec62a9de40fff115b684759b12a28b
Reviewed-on: https://chromium-review.googlesource.com/600308
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47195}
As of https://chromium-review.googlesource.com/600968 the CallIC no
longer supports AllocationSite feedback for [[Call]], so we can drop
the TurboFan bits that deal with AllocationSites for JSCall nodes as
well. This further simplifies the handling of the Array constructor.
Drive-by-fix: Rename Builtins::kArrayCode to Builtins::kArrayConstructor
for sake of consistency.
Bug: v8:6399
Change-Id: I9e6a684fc00dd72e25f925db5f407c3f3f715873
Reviewed-on: https://chromium-review.googlesource.com/602354
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47194}
This reland is after fix in [heap] Delete wrong DCHECK.
It includes moving ProxyGetProperty to its own stub to reduce
binary size.
This is a reland of 47a97aa53b
Original change's description:
> [builtins] Port getting property from Proxy to CSA
>
> Bug: v8:6559, v8:6557
> Change-Id: If6c51f5483adb73ddd2495cede5d85e887a3c298
> Reviewed-on: https://chromium-review.googlesource.com/589212
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@google.com>
> Cr-Commit-Position: refs/heads/master@{#47113}
Bug: v8:6559, v8:6557
Change-Id: I76acd97ba1acb62b7e7983db1741441d997050f0
Reviewed-on: https://chromium-review.googlesource.com/600215
Commit-Queue: Maya Lekova <mslekova@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47159}
The predicate in question used to report true on both, Crankshaft and
TurboFan code. It has hence become obsolete and can be replaced by the
existing {Code::is_turbofanned} predicate. This also frees up a bit in
the second kind-specific bit field.
R=jarin@chromium.org
BUG=v8:6408
Change-Id: I204d7dd78a639c752c9749fd305c7006c6b6aca3
Reviewed-on: https://chromium-review.googlesource.com/599868
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47125}
My goal was to move breakpoint API to native with minimal changes around, so on inspector side we use v8::debug::BreakpointId instead of String16, on v8::internal::Debug we use i::BreakPoint object instead of break point object created inside of debug.js.
There are a lot of opportunities how we can improve breakpoints (at least we can avoid some of linear lookups to speedup implementation) but I think that as first step we need to remove mirrors/debug.js APIs.
Drive by: debugger-script.js and usage of debugger context in inspector code base.
R=yangguo@chromium.org,jgruber@chromium.org,clemensh@chromium.org
Bug: v8:5510,chromium:652939
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I0b17972c39053dd4989bbe26db2bb0b88ca378f7
Reviewed-on: https://chromium-review.googlesource.com/593156
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47091}
This is to ensure the snapshot is deterministic.
R=mstarzinger@chromium.org
Bug: v8:4886, v8:3645
Change-Id: I79c8e54ba6b4810f005bc1ece61890790c815cea
Reviewed-on: https://chromium-review.googlesource.com/595740
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47082}
Replacing pc with trampoline on stack
This CL is the follow up of https://chromium-review.googlesource.com/c/586707/
which used to crash when running the gc-stress bots.
It seems to be working now. We now keep the trampoline PC in the Safepoint
table and use that information to find SafepointEntries.
There's some refactoring that can be done, such as changing the code for
exceptions in a similar way and removing the trampoline from the
DeoptimizationInputData. Will take care of this in the next CL.
Bug: v8:6563
Change-Id: I8c0a2489de19e6d5fb4ebf1de7da1933726265b4
Reviewed-on: https://chromium-review.googlesource.com/596027
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47066}
This reverts commit a01ac7cbd9.
Reason for revert: Causes flakes on gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/14218
Original change's description:
> Replacing pc with trampoline on stack
>
> This CL is the follow up of https://chromium-review.googlesource.com/c/586707/
> which used to crash when running the gc-stress bots.
> It seems to be working now. We now keep the trampoline PC in the Safepoint
> table and use that information to find SafepointEntries.
>
> There's some refactoring that can be done, such as changing the code for
> exceptions in a similar way and removing the trampoline from the
> DeoptimizationInputData. Will take care of this in the next CL.
>
> Bug: v8:6563
> Change-Id: I02565297093620023a1155b55d76a4dafcb54794
> Reviewed-on: https://chromium-review.googlesource.com/593622
> Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47030}
TBR=jarin@chromium.org,bmeurer@chromium.org,jupvfranco@google.com
Change-Id: Ie9929c9acae321a91014b76b9008f8835313e67d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6563
Reviewed-on: https://chromium-review.googlesource.com/595927
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47038}
