This adds the missing support for HOLEY_DOUBLE_ELEMENTS to both
`Array#find()` and `Array#findIndex()`. The implementation just deopts
whenever it hits a double hole. In order to prevent deoptimization
loops we add feedback to the CheckFloat64Hole operator, which also
addresses the TODO in the `%ArrayIteratorPrototype%.next()` lowering.
This provides a speed-up of up to 8x in microbenchmarks when using
`Array#find()` or `Array#findIndex()` on HOLEY_DOUBLE_ELEMENTS arrays.
Bug: chromium:791045, v8:1956, v8:6587, v8:7165, v8:8015
Change-Id: I1be22d3fcba56c676a81dc31a9042f8123ef3a55
Reviewed-on: https://chromium-review.googlesource.com/1183906
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55321}
This feature is still far from doing what its name suggests, but we want
to get test coverage.
R=hablich@chromium.org, jarin@chromium.org
Bug: v8:7790
Change-Id: I93c5c312e3dc84d04eb311ac17e078dc940471c8
Reviewed-on: https://chromium-review.googlesource.com/1185095
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55319}
We should probably discourage random access given that it isn't
constant time for this data structure. You can always still do it
via the Find() function if you really need to - at least the weird
interface tells you that something strange is going on.
Change-Id: I5e20cf9172afaa9265f1a6e38f619543b65614f2
Reviewed-on: https://chromium-review.googlesource.com/1184916
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55317}
This is a reland of 8fa7f9ed93
Original change's description:
> [runtime] Improve for-in performance
>
> - Add fast-path String conversion for Smi (which is the most common case)
> This improves for-in by ~10% on non-initialized enum-caches
> - Don't use the NumberStringCache for large indices to not overflow the cache
> during key collection. This improves worst-case performance by ~2.5x
> - Drop number_to_string_native and number_to_string_runtime counters
>
> Bug: v8:7717
> Change-Id: Ic1ff385e3374e6a7e7e7bdb9ae75fb8c238105d1
> Reviewed-on: https://chromium-review.googlesource.com/1167049
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55233}
Bug: v8:7717
Change-Id: Ie29041b20ca4a06b8e74a4378e7c1118373072ae
Reviewed-on: https://chromium-review.googlesource.com/1183721
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55316}
We use a ZoneVector because we do a fair amount of random access e.g.
in ExpressionClassifier::Accumulate() so the vector is better suited
than ZoneChunkList as it has constant time random access.
Bug: v8:6333
Change-Id: I83e1de60ee8fe319cfa5ce77fc5f5f86beb5307d
Reviewed-on: https://chromium-review.googlesource.com/1054672
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55315}
This flag causes turbofan to generate more detailed line information
for optimized code. This might have caused regressions in Sunspider and
and Jetstream. This speculative revert will help us find out.
Bug: chromium:875677, chromium:875723
Change-Id: I26cf68e94b66b9bd2c024c5f4be427f3033a59da
Reviewed-on: https://chromium-review.googlesource.com/1185018
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55313}
The conditions checked by the CSA IsFastJSArrayWithNoCustomIteration is actually
stronger than that of the runtime IterableToListCanBeElided. In particular,
while IterableToListCanBeElided only checks that the prototype has no element
when the array is holey, IsFastJSArrayWithNoCustomIteration always requires
that the prototype has no element.
Bug: v8:7980
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I28b086428d79682392413fb4182923184d7c1836
Reviewed-on: https://chromium-review.googlesource.com/1183671
Commit-Queue: Hai Dang <dhai@google.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55312}
As far as I understand the TODO, it has been resolved already some lines
below:
if (kEnableDebug) {
VerifyCodeRangeIsDisjoint(data);
}
bug: v8:8015
R=titzer@chromium.org
Change-Id: I3686ad609b7c04e56b14ad2d1ccb265ac260bac7
Reviewed-on: https://chromium-review.googlesource.com/1185012
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55311}
This adds a kRuntimeCallArgvRegister definition in platform-specific
macro assemblers and unifies interface descriptor initialization.
Bug: v8:6666
Change-Id: I6fd98bf9ac46083dd2e557ab558d0a5117dd7b94
Reviewed-on: https://chromium-review.googlesource.com/1185003
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55310}
This is a reland of 957854dd60
Relanding now that pdfium has been fixed when non-standard flags are used.
Original change's description:
> Reland "[cleanup] Reland: Remove deprecated functions"
>
> This reverts commit 717b93852b.
>
> Reason for revert: Cast build is now fixed
>
> Original change's description:
> > Revert "[cleanup] Reland: Remove deprecated functions"
> >
> > This reverts commit c8376b0069.
> >
> > Reason for revert: Still borked: https://ci.chromium.org/p/chromium/builders/luci.chromium.try/cast_shell_linux/114796
> >
> > Original change's description:
> > > [cleanup] Reland: Remove deprecated functions
> > >
> > > This is reland of https://chromium-review.googlesource.com/c/v8/v8/+/1154915
> > > with no changes since the break in chromium for ChromeOS is now fixed.
> > >
> > > Removes all V8_DEPRECATED functions that weren't recently marked as well
> > > any V8_DEPRECATE_SOON function that relied on using using the address of
> > > an object to get hold of the Isolate.
> > >
> > > Reviewed-on: https://chromium-review.googlesource.com/1172350TBR=yangguo@chromium.org
Bug: v8:7786
Change-Id: Ic877155da3e4b280cc48e7dca9dc8dd78667a3d8
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.chromium.try:linux-chromeos-dbg;luci.chromium.try:linux-chromeos-rel
Reviewed-on: https://chromium-review.googlesource.com/1177861
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55309}
Even in the restricted config, we can still end up having to print
certain non-allocatable registers, e.g. if required by a FIXED_REGISTER
policy. The names list needs to contain all general register names.
Change-Id: I70104d6ba02779437de14eca01dc1900c159aa6a
Reviewed-on: https://chromium-review.googlesource.com/1184846
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55308}
This reverts commit 7dc828b256.
Reason for revert: breaks no-i18n build:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20noi18n%20-%20debug/22340
Original change's description:
> Stop logging Builtin functions as LazyCompile.
>
> Builtin functions were being logged via both LogCodeObjects and
> LogCompiledFunctions. The latter assumes the code in question has a
> Name and so would end up logging an unattributable entry. This patch
> stops logging that entry.
>
> Bug: v8:8061
> Change-Id: I20e5a853b8a214a91191fa644083bac7af9dc2c4
> Reviewed-on: https://chromium-review.googlesource.com/1177759
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Bret Sepulveda <bsep@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55302}
TBR=bsep@chromium.org,jgruber@chromium.org,petermarshall@chromium.org
Change-Id: I27e1ed75fea95914640f9618b1fd0c1fd7d8f6a7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8061
Reviewed-on: https://chromium-review.googlesource.com/1184981
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55305}
Builtin functions were being logged via both LogCodeObjects and
LogCompiledFunctions. The latter assumes the code in question has a
Name and so would end up logging an unattributable entry. This patch
stops logging that entry.
Bug: v8:8061
Change-Id: I20e5a853b8a214a91191fa644083bac7af9dc2c4
Reviewed-on: https://chromium-review.googlesource.com/1177759
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Bret Sepulveda <bsep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55302}
This reverts commit 1b3b808a54.
Reason for revert: Speculatively reverting because of https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064%20(dbg)/13264
Original change's description:
> inspector: find magic comment using V8 scanner
>
> Inspector tries to provide sourceURL and sourceMappingURL for scripts
> with parser errors. Without this CL we convert source of each script
> to inspector string and search for magic comment there. Some web sites
> use pattern when they get some data from network and constantly try to
> parse this data as JSON, in this case we do a lot of useless work.
>
> So we can parse magic comments on V8 side only for compilation errors
> (excluding parse JSON errors), to do it we can reuse scanner by running
> it on each potential comment.
>
> R=alph@chromium.org,verwaest@chromium.org,yangguo@chromium.org
>
> Bug: chromium:873865,v8:7731
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I77c270fd0e95cd7b2c9ee4b7f72ef344bc1fa104
> Reviewed-on: https://chromium-review.googlesource.com/1182446
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Alexei Filippov <alph@chromium.org>
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55280}
TBR=alph@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org,verwaest@chromium.org
Change-Id: I60ab243107d5fcce100064232d0e278a51f38db9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:873865, v8:7731
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1184921
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55300}
Introduce a CompilationDependency that let's us optimize the lookup of
a function's "prototype" property. This is basically the same as
InitialMapDependency, except that if the function's initial map doesn't
exist yet, it is created after compilation.
Bug: v8:7790, chromium:875175
Change-Id: I62834f1815b3cef282fa67e6d64a6ee0e3777929
Reviewed-on: https://chromium-review.googlesource.com/1184714
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55299}
Some builtins, so-called wasm runtime stubs, are copied off-heap to
ensure reachability through near jumps. These builtins must be
individually position-independent. In particular, they may not contain
pc-relative calls to other builtins.
Drive-by: Set hard_abort mode for all wasm runtime stubs to avoid Abort
calls.
Bug: v8:6666
Change-Id: Ie5bc9fc539d6a043dcf7dff66c3b4643baec69ab
Reviewed-on: https://chromium-review.googlesource.com/1183236
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55296}
We would return the wrong chunk for the first element past the chunk
boundary, e.g. if the first chunk was size=8, then Find(8) would
return an address in the first block rather than the second one.
Bug: v8:8077
Change-Id: I90281f853dd7ca68dc065ed773d0ae9787f00988
Reviewed-on: https://chromium-review.googlesource.com/1183483
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55294}
Change-Id: I319496294fe5b560ac6189c178fa047879093729
Reviewed-on: https://chromium-review.googlesource.com/1184701
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55293}
This is useful even if there are other uses of the
arithmetic result, because it moves dependencies further back.
Change-Id: I6136a657b547198cb4ec92f38b89ddf5df334124
Reviewed-on: https://chromium-review.googlesource.com/1179662
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Bogdan Lazarescu <bogdan.lazarescu@arm.com>
Cr-Commit-Position: refs/heads/master@{#55292}
This reverts commit e987606a8a.
Reason for revert: Speculatively reverting due to possible failure: https://ci.chromium.org/p/v8/builders/luci.v8.ci/Android%20Builder/8641
Original change's description:
> inspector: do not convert and store String16 for script source
>
> We need script source for:
> - calculating hash to report as part of scriptParsed event,
> - reporting it as response on getScriptSource request,
> - searching inside as response on searchInContent request,
> - breakpoints hints.
>
> In all cases there is no need to store source on inspector side.
>
> R=alph@chromium.org
>
> Bug: chromium:873865,v8:7731
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: Ice24ddc72cfff36fb9a2dff2d7c4543defe3f668
> Reviewed-on: https://chromium-review.googlesource.com/1182603
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Alexei Filippov <alph@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55286}
TBR=alph@chromium.org,kozyatinskiy@chromium.org
Change-Id: I38d744dc811a5b747c1fcf27d88bdf770acf5c18
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:873865, v8:7731
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1184742
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55290}
This reverts commit cdaaa31151.
Reason for revert: chromium:876445 chromium:876453 chromium:876443
Original change's description:
> [builtins] Reland Array.prototype.splice() Torque implementation.
>
> Before, splice was implemented with a C++ fast path and a
> comprehensive JavaScript version.
>
> This impl. is entirely in Torque with a fastpath for SMI,
> DOUBLE and OBJECT arrays, and a comprehensive slow path.
> The same level of "sparse" array support as given by the
> array.js implementation is included.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ia7334a30b401988309e9909cfa0069da0bb6fb9f
> Reviewed-on: https://chromium-review.googlesource.com/1169466
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55263}
TBR=mvstanton@chromium.org,jgruber@chromium.org,tebbi@chromium.org
Change-Id: I5b750a98e671b7284474ffcabc6b4d37a9d1219e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1184741
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55289}
Also update comments that'd gotten unnecessarily verbose over
ten years of language development.
Bug: v8:8015
Change-Id: I6688ce22e4aa92f66f937159d890b9922f109d43
Reviewed-on: https://chromium-review.googlesource.com/1180357
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55288}
We need script source for:
- calculating hash to report as part of scriptParsed event,
- reporting it as response on getScriptSource request,
- searching inside as response on searchInContent request,
- breakpoints hints.
In all cases there is no need to store source on inspector side.
R=alph@chromium.org
Bug: chromium:873865,v8:7731
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ice24ddc72cfff36fb9a2dff2d7c4543defe3f668
Reviewed-on: https://chromium-review.googlesource.com/1182603
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55286}
This call can be used by embedder to request a GC for testing reasons.
The GC also takes the current embedder stack state as an argument that
is forwarded to the embedder when entering the atomic pause.
This way embedders can request garbage collections for testing and set
how the embedder should treat the stack.
Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id10604565b4457dd0fca402afeb5f8e592fa0bae
Reviewed-on: https://chromium-review.googlesource.com/1183431
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55285}
Refactor the ArrayIteratorPrototypeNext CSA builtin to handle the
JSArray element access in a dedicated helper macro, very similar
to how it's done for JSTypedArray's. Also add support for dictionary
elements to this helper macro using the existing dictionary access
logic in the CodeStubAssembler.
This improves the readability of the builtin significantly and the
performance of iterating arrays with dictionary elements goes up by
a factor of ~3.5x.
Bug: v8:8015, v8:8070
Change-Id: Ibfee760ea1e4bc0fffb42b232fb1d097b706bd1f
Reviewed-on: https://chromium-review.googlesource.com/1183305
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55283}
This patch splits the log file into a vector of std::strings when
logging is stopped, so verifying that lines are present can be done in
terms of std library functions. Verifications are now done by simple
substring matching instead of via a prefix or suffix, in preparation for
a new test that needs to match the middle of a line.
This patch also deletes some dead/debugging code.
Change-Id: I5c6b75b0807c41312d35208deda26546dc0f7216
Reviewed-on: https://chromium-review.googlesource.com/1183187
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Bret Sepulveda <bsep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55281}
Inspector tries to provide sourceURL and sourceMappingURL for scripts
with parser errors. Without this CL we convert source of each script
to inspector string and search for magic comment there. Some web sites
use pattern when they get some data from network and constantly try to
parse this data as JSON, in this case we do a lot of useless work.
So we can parse magic comments on V8 side only for compilation errors
(excluding parse JSON errors), to do it we can reuse scanner by running
it on each potential comment.
R=alph@chromium.org,verwaest@chromium.org,yangguo@chromium.org
Bug: chromium:873865,v8:7731
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I77c270fd0e95cd7b2c9ee4b7f72ef344bc1fa104
Reviewed-on: https://chromium-review.googlesource.com/1182446
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55280}
This removes a couple of intrinsics/runtime functions/macros that are no
longer needed at all (or not in TurboFan for performance reasons).
Bug: v8:8015
Change-Id: I08ae8de7cc63019eb30d3b71dd1c824d6392076a
Reviewed-on: https://chromium-review.googlesource.com/1183481
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55277}
This adds new CSA helpers ThrowIfArrayBufferIsDetached() and
ThrowIfArrayBufferViewBufferIsDetached() which check whether
ArrayBuffers or ArrayBufferViews have been detached. This
improves readability of the code that has to deal with typed
arrays.
Bug: v8:8015
Change-Id: Iafab86c418bd0e12bb7d7ec803151a1f6b786400
Reviewed-on: https://chromium-review.googlesource.com/1183422
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55273}
