In Debug mode, V8 disallows executing JavaScript during
`ScriptCompiler::CompileUnbound()` calls. This restriction
makes sense during compilation, but not really for the post-compile
notification, and currently at least one Node.js test
(`test/inspector/test-contexts.js`) fails because of this in debug mode.
Bug:
Change-Id: I930b5f06083c0e87f1613414da3dfe2bcdf0f386
Reviewed-on: https://chromium-review.googlesource.com/706943
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48421}
This reverts commit 7c80f9ce69.
Reason for revert: arm64 msan failures: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/17455/steps/Check/logs/copy_slots_up
Original change's description:
> [arm64] Add slot copier to masm and use in builtins
>
> Abstract some stack slot copies through a macro assembler function. This
> eliminates some non-paired stack operations.
>
> This is a reland of 1cc93be0f1 with
> additional tests, originally reviewed on
> https://chromium-review.googlesource.com/685238 and reverted due to an
> unrelated intermittent x64 failure.
>
> Bug: v8:6644
> Change-Id: If22b359dbda4bab1cb83cd8c44a2af5801012c37
> Reviewed-on: https://chromium-review.googlesource.com/707247
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#48419}
TBR=rmcilroy@chromium.org,martyn.capewell@arm.com,bmeurer@chromium.org
Change-Id: I8a8aeff89b6995d5fffaab1f2e4e45f478c28bed
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6644
Reviewed-on: https://chromium-review.googlesource.com/708814
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48420}
Abstract some stack slot copies through a macro assembler function. This
eliminates some non-paired stack operations.
This is a reland of 1cc93be0f1 with
additional tests, originally reviewed on
https://chromium-review.googlesource.com/685238 and reverted due to an
unrelated intermittent x64 failure.
Bug: v8:6644
Change-Id: If22b359dbda4bab1cb83cd8c44a2af5801012c37
Reviewed-on: https://chromium-review.googlesource.com/707247
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#48419}
This makes sure that frames representing builtin stub continuations not
only materialize all stack slots, but also spilled register values. Note
that this also applies when the stub frame is not the top-most frame.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-6907
BUG=v8:6907
Change-Id: I01a2edf5629de6aac61ceea350d1ab5f91dc2dc1
Reviewed-on: https://chromium-review.googlesource.com/707245
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48415}
The new deopt stress is implemented for x64 only.
NOTRY=true
TBR=sergiyb@chromium.org
Bug: v8:6900
Change-Id: I542cb89de643c477875893f6b0b73ced44108b9e
Reviewed-on: https://chromium-review.googlesource.com/708259
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48414}
This flag was originally added as a staging mechanism to let us land and test
guard regions without the full trap handler feature landing. Additionally, we
thought we might enable guard regions without trap handlers on some systems.
Trap handlers are now supported, and there's not a real compelling reason for
why we need guard regions without trap handlers. Keeping the separate flag leads
to confusion, since some code treats guard regions and trap handlers the same,
while other code treats them as independent.
Removing this flag and its associated special cases makes everything more
uniform and predictable.
R=gdeepti@chromium.org
Change-Id: Icebab91d1f1e0c55e7a35c75b880085d37fa14ae
Reviewed-on: https://chromium-review.googlesource.com/706570
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48411}
The RuntimeCallStats object happen to be created on the main thread,
but then got used in a worker. Make sure the thread checks do not
fire false positives in this case.
BUG=chromium:760649
Change-Id: I8f2a2b4d1da1bc48416987ea378688ec15b9d955
Reviewed-on: https://chromium-review.googlesource.com/706181
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48409}
This was causing trouble with Fuchsia, since mksnapshot was built and run on
Linux which supports trap handlers, while Fuchsia does not yet. This change
causes the external references to match between Fuchsia and Linux.
Bug: chromium:772057
Change-Id: I8e8f3539e3f5c4b798c364101ef2d16b5137f16d
Reviewed-on: https://chromium-review.googlesource.com/706109
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48408}
This reverts commit 6ddb5e7da7.
Reason for revert: chromium:772873 chromium:772872
Original change's description:
> Reland^2 "[turbofan] eagerly prune None types and deadness from the graph"
>
> Now, the EffectControlLinearizer connects all occurrences of Unreachable to the
> graph end. This fixes issues with later phases running DeadCodeElimination and
> introducing new DeadValue nodes when processing uses of Unreachable.
>
> This is a reland of 3c4bc27f13
> Original change's description:
> > Reland "[turbofan] eagerly prune None types and deadness from the graph"
> >
> > This is a reland of e1cdda2512
> > Original change's description:
> > > [turbofan] eagerly prune None types and deadness from the graph
> > >
> > > In addition to using the {Dead} node to prune dead control nodes and nodes that
> > > depend on them, we introduce a {DeadValue} node representing an impossible value
> > > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > > of a node with type {None} as dead.
> > >
> > > Bug: chromium:741225
> > > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > > Reviewed-on: https://chromium-review.googlesource.com/641250
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#48208}
> >
> > Bug: chromium:741225
> > Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> > Reviewed-on: https://chromium-review.googlesource.com/692034
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48232}
>
> Bug: chromium:741225
> Change-Id: I5702ec34856c075717162153adc765774453c45f
> Reviewed-on: https://chromium-review.googlesource.com/702264
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48366}
TBR=jarin@chromium.org,tebbi@chromium.org
Change-Id: Ib0f59b8463681abf6a9158112515aefae3c76b5f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:741225
Reviewed-on: https://chromium-review.googlesource.com/707275
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48407}
We don't need an explicit diamond in JSBuiltinReducer to produce a
Boolean. The NumberEqual operator already produces a Boolean, so we
just need to negate the result.
Change-Id: I442b0d98a4ab83002757906d6cc104682b87a853
Reviewed-on: https://chromium-review.googlesource.com/707434
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48406}
This ensures that platform is initialized before the isolate and
properly restores the previous platform at the end of the test.
Bug:
Change-Id: I2771b7538362c400c5ff61411222beb7d7e62b02
Reviewed-on: https://chromium-review.googlesource.com/707111
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48405}
Rename the MapLookupHashIndex builtin to FindOrderedHashMapEntry and
also rename the TurboFan operators LookupHashStorageIndex and
LookupSigned32HashStorageIndex to FindOrderedHashMapEntry and
FindOrderedHashMapEntryForInt32Key respectively. This way the naming is
more consistent and it's immediately obvious from the operator name that
this operator deals with OrderedHashMaps, which wasn't clear before.
Also fix the result of the operation to be either -1 or the index of
the entry relative to the hash table start (that is, no longer eagerly
add hash table start plus value offset to the entry index). This removes
this non-foldable integer additon from TurboFan code for both Map#get
and Map#has.
Drive-by-fix: Also provide more concrete types for the
FindOrderedHashMapEntry operators.
Bug: v8:5049
Change-Id: I418d107b806f3031a52a525cffc20456dc2342db
Reviewed-on: https://chromium-review.googlesource.com/707414
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48404}
We use the naming convention <Constructor>Prototype<Method> for builtins
that implement methods on a certain builtin constructors prototype. Fix
the collection builtins (Map and Set) to match this naming convention.
Bug: v8:5049
Change-Id: I8ced50c2ac9ebc8f4390bcbbc6aec426a0026813
Reviewed-on: https://chromium-review.googlesource.com/707318
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48403}
The contract in TurboFan is that "the hole" is never passed to "user
JavaScript", which we unfortunately still don't check strictly. Now
the inlined code for Array#forEach properly checks for "the hole",
but the type of the element Node passed to the callback function
doesn't reflect that. So introduce a proper TypeGuard here to reflect
this check.
This will also improve code generation for iteration of HOLEY arrays
better and might improve performance a bit.
Bug: v8:1956
Change-Id: Ib6b3c444b16fcf44551bda1b39f976d66b9362ab
Reviewed-on: https://chromium-review.googlesource.com/705954
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48400}
We no longer use the terminology "fast elements", so drop the "Fast"
from both NewFastSmiOrObjectElements and NewFastDoubleElements operator
names.
Bug: v8:6399, v8:6901
Tbr: jarin@chromium.org
Change-Id: Icc204623f2b459b0d0e172e26ddd73e29fe6c884
Reviewed-on: https://chromium-review.googlesource.com/707246
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48399}
The marked bytes counter needs to be updated before decrementing the
pending task counter.
Bug: chromium:694255
Change-Id: I19c4dfbdccfb32ded5b7bb707dc93d53e188e34a
Reviewed-on: https://chromium-review.googlesource.com/707140
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48390}
We can improve performance of inlined Array.prototype.map if we statically
know the type of the callback return result is a SignedSmall. Indeed,
we no longer need bother with transitioning the output array, because we
can store a SignedSmall (aka "Smi") anywhere.
Bug: v8:6896
Change-Id: I140ce9a7c15ff77d05afeda6cda58f0560d922c8
Reviewed-on: https://chromium-review.googlesource.com/707139
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48387}
This ensures the JSFunction objects materialized by the deoptimizer have
the correct instance size (depending on the given map). There are corner
cases where the instance size might vary due to in-object properties.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-772610
BUG=chromium:772610
Change-Id: I4808c7260db1adbd1cdc3871c2a946475e4934f2
Reviewed-on: https://chromium-review.googlesource.com/707109
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48383}
Avoid the zero-extensions required for int32 based addressing on 64-bit
architectures by restructuring the initialization loops to work on
words. This recovers a bit of the regression on the Kraken audio-fft and
audio-beat-detection benchmarks that was introduced by the initial CL.
Bug: chromium:772669, v8:6399, v8:6901
Change-Id: I4753c254be89f2bcc7b0ea5073e469e3507408bd
Reviewed-on: https://chromium-review.googlesource.com/707098
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48377}
In call reductions for Array.prototype.map and forEach, loads weren't
wired appropriately into the effect chain, hampering the efficacy of
load elimination.
Bug:
Change-Id: If5a386b66669d7173d5cadc6d8d3ff023daed810
Reviewed-on: https://chromium-review.googlesource.com/707073
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48376}
Each concurrent marking task maintains task_state[i]->marked_bytes.
When a task finishes, its local counter is flushed into global
total_marked_bytes_ atomic counter.
Bug: chromium:694255
Change-Id: I629467385e80bf229e06a4231673ceb5ef8e4aea
Reviewed-on: https://chromium-review.googlesource.com/704823
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48374}
Missing arguments are identical to undefined, and are converted to the
integer 0 by ECMAScript {ToInteger()}.
Add more tests, and enable previously disabled tests.
There is a follow-up refactoring here: https://crrev.com/c/704586R=titzer@chromium.org, mstarzinger@chromium.org
Change-Id: I89cc259aaf5975ec2f6f51ff002e7d1b32adba5e
Reviewed-on: https://chromium-review.googlesource.com/704658
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48373}
