Empty function names are allowed and are output as such, unnamed
functions or functions with no valid UTF-8 name are output as
"<WASM UNNAMED>", while the CallSite object returns null as the
function name.
R=titzer@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1970503004
Cr-Commit-Position: refs/heads/master@{#36348}
Remove kMakeHeapIterableMask since the heap is always iterable.
BUG=chromium:580959
LOG=n
Review-Url: https://codereview.chromium.org/1961373003
Cr-Commit-Position: refs/heads/master@{#36333}
This patch ensures that Intl bound method getters can't be retargeted
to other Intl types. If that were to happen, then a RUNTIME_ASSERT
would trigger later. This patch throws a TypeError instead, as the
specification requires.
BUG=v8:4870
Review-Url: https://codereview.chromium.org/1986763003
Cr-Commit-Position: refs/heads/master@{#36330}
This promotes the escape analysis from an experimental feature to be a
fully supported feature. The main goal is to unleach ClusterFuzz on the
implementation so that we can stabilize it.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1989833002
Cr-Commit-Position: refs/heads/master@{#36324}
When setting a generator function's "prototype" property to a non-object, the
prototype of new generator instances should be %GeneratorPrototype%, not
%ObjectPrototype%.
R=verwaest@chromium.org
BUG=v8:5011
Review-Url: https://codereview.chromium.org/1982203003
Cr-Commit-Position: refs/heads/master@{#36313}
In order to support compiling to baseline on return we need to be able to
return to the actual return address. With this change this is what the
Return bytecode now does, removing the need for the
InterpreterExitTrampoline.
This change also removes the InterpreterNotifyDeoptXXX builtins and
unifies FCG and Igntion to both use NotifyDeoptXXX. As part of this
change, FullCodegenerator::State is moved to Deoptimize::BailoutState.
BUG=v8:4280
LOG=N
Committed: https://crrev.com/34c9626e2ee56fe805de549697ca5323aed7cb66
Cr-Commit-Position: refs/heads/master@{#36288}
Review-Url: https://codereview.chromium.org/1969423002
Cr-Commit-Position: refs/heads/master@{#36310}
Remove dead code to optimize Int64Constants as branch/select conditions,
because we either have tagged booleans or bits represented as word32.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1994533002
Cr-Commit-Position: refs/heads/master@{#36308}
The type guard should never be used after the effect/control
linearization pass, so making it a simplified operator better
expresses the intended use. Also this way none of the common
operators actually has any dependency on the type system.
Drive-by-fix: Properly print the type parameter to a TypeGuard operator.
BUG=chromium:612142
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1994503002
Cr-Commit-Position: refs/heads/master@{#36304}
These guards are useless anyways once you make it throw the
effect/control linearizer because all memory operations and
calls are connected to the control and/or effect chain anyways
afterwards.
Drive-by-fix: Fail in the InstructionSelector if we ever see
a Guard node.
R=jarin@chromium.org
BUG=chromium:612142
Review-Url: https://codereview.chromium.org/1980383002
Cr-Commit-Position: refs/heads/master@{#36302}
Some IdentifierNames are only included in the set of FutureReservedWords
for strict mode code. Outside of strict mode, these IdentifierNames may
be used as Identifiers. Notably, this includes their use as
BindingIdentifiers in LexicalBindings.
From ES2015 12.1.1 Static Semantics: Early Errors (Identifiers):
> It is a Syntax Error if this phrase is contained in strict mode code
> and the StringValue of IdentifierName is: "implements", "interface",
> "let", "package", "private", "protected", "public", "static", or
> "yield".
http://www.ecma-international.org/ecma-262/6.0/#sec-identifiers-static-semantics-early-errors
Due to a error in its heuristic for disambiguating the `let` token, V8
does not currently allow any of the strict-mode-only FutureReservedWords
to be used as a BindingIdentifier outside of strict mode.
Update V8's heuristic for disambiguating the `let` keyword to account
for strict mode, enabling these IdentifierNames to be used
BUG=v8:4918
LOG=N
R=adamk@chromium.org
Review-Url: https://codereview.chromium.org/1891453005
Cr-Commit-Position: refs/heads/master@{#36296}
Makes LogicalNot bytecode not do the ToBoolean operation, and add support in the
peephole optimizer to choose between the appropriate bytecode depending upon
whether the previous bytecode emitted a boolean or not.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1985033002
Cr-Commit-Position: refs/heads/master@{#36295}
Reason for revert:
Breaks
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim/builds/619
Might only affect pure release builds?
Original issue's description:
> [Interpreter] Remove InterpreterExitTrampoline and replace with returning to the entry trampoline.
>
> In order to support compiling to baseline on return we need to be able to
> return to the actual return address. With this change this is what the
> Return bytecode now does, removing the need for the
> InterpreterExitTrampoline.
>
> This change also removes the InterpreterNotifyDeoptXXX builtins and
> unifies FCG and Igntion to both use NotifyDeoptXXX. As part of this
> change, FullCodegenerator::State is moved to Deoptimize::BailoutState.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/34c9626e2ee56fe805de549697ca5323aed7cb66
> Cr-Commit-Position: refs/heads/master@{#36288}
TBR=mstarzinger@chromium.org,oth@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/1986353002
Cr-Commit-Position: refs/heads/master@{#36294}
In order to support compiling to baseline on return we need to be able to
return to the actual return address. With this change this is what the
Return bytecode now does, removing the need for the
InterpreterExitTrampoline.
This change also removes the InterpreterNotifyDeoptXXX builtins and
unifies FCG and Igntion to both use NotifyDeoptXXX. As part of this
change, FullCodegenerator::State is moved to Deoptimize::BailoutState.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1969423002
Cr-Commit-Position: refs/heads/master@{#36288}
There's a script for finding them (tools/check-unused-bailouts.sh), but make
sure you don't have an old .bailout-reason.h.swp or such around when using it...
R=mstarzinger@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/1986173004
Cr-Commit-Position: refs/heads/master@{#36287}
This makes escape analysis treat all guard nodes in the graph as an
escaping use. We eventually want to properly handle guard nodes, this
just serves as a temporary workaround to get things going.
R=bmeurer@chromium.org
BUG=v8:602595
LOG=n
Review-Url: https://codereview.chromium.org/1972323004
Cr-Commit-Position: refs/heads/master@{#36286}
1) Create fast objects so that they stay fast after creation.
2) Run combination "test_function vs {test_objects}" as a benchmark during 1 second.
This CL changes benchmark's base score.
Review-Url: https://codereview.chromium.org/1988673002
Cr-Commit-Position: refs/heads/master@{#36277}
This adds back the instanceof operator support in the backends and
introduces a @@hasInstance protector cell on the isolate that guards the
fast path for the InstanceOfStub. This way we recover the ~10%
regression on Octane EarleyBoyer in Crankshaft and greatly improve
TurboFan and Ignition performance of instanceof.
R=ishell@chromium.orgTBR=hpayer@chromium.org,rossberg@chromium.org
BUG=chromium:597249, v8:4447
LOG=n
Review-Url: https://codereview.chromium.org/1980483003
Cr-Commit-Position: refs/heads/master@{#36275}
If the RegExp doesn't parse, then ES2015 specifies that
RegExp.prototype.compile does not mutate it. This patch changes
our RegExp implementation to follow that logic.
R=yangguo
Review-Url: https://codereview.chromium.org/1972093003
Cr-Commit-Position: refs/heads/master@{#36268}
Since we are going to move Sampler as library, we creates tick-sample.[h|cc] for
TickSample, in order to maintain legacy code.
BUG=v8:4994
LOG=n
Review-Url: https://codereview.chromium.org/1952393002
Cr-Commit-Position: refs/heads/master@{#36267}
Ordinary arrow functions have 'undefined' in their frame's receiver.
Generators restore the receiver to the frame based on one passed in
when they are constructed in CreateJSGeneratorObject.
This patch makes async arrow functions pass in 'undefined' for their
receiver so that they have the same behavior as ordinary arrow
functions, which avoids the issue of encountering TDZ when calling
an async arrow function in a subclass constructor before a super
call has returned.
BUG=v8:4483
Review-Url: https://codereview.chromium.org/1976813002
Cr-Commit-Position: refs/heads/master@{#36264}
This reverts commit 41d571dfe8.
Reason for revert: This patch breaks the correctness of the typedarray
properties such as length, byteOffset, byteLength.
The accessor check optimization code is dead code eliminated. A follow
up patch will fix this optimization correctly.
BUG=chromium:593634
Review-Url: https://codereview.chromium.org/1977983002
Cr-Commit-Position: refs/heads/master@{#36254}
Reason for revert:
Not the culprit sorry.
Original issue's description:
> Revert of [Reland] Implement CPU time for OS X and POSIX. (patchset #1 id:1 of https://codereview.chromium.org/1966183003/ )
>
> Reason for revert:
> Blocks roll: https://codereview.chromium.org/1972303002/
>
> Original issue's description:
> > [Reland] Implement CPU time for OS X and POSIX.
> >
> > V8 tracing controller uses 2 clocks: wall clock and cpu clock. This patch
> > implements CPU time for OS X and POSIX to provide more accurate
> > accounting of CPU time used by each thread.
> >
> > BUG=v8:4984
> > LOG=n
> >
> > Committed: https://crrev.com/efa27fb25e1fa5b8465f4af710086b73b0cba660
> > Cr-Commit-Position: refs/heads/master@{#36213}
>
> TBR=fmeawad@chromium.org,jochen@chromium.org,rsesek@chromium.org,bmeurer@chromium.org,lpy@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4984
>
> Committed: https://crrev.com/31b9ba3bc8fb93601cc73c83213b30e639d448b3
> Cr-Commit-Position: refs/heads/master@{#36225}
TBR=fmeawad@chromium.org,jochen@chromium.org,rsesek@chromium.org,bmeurer@chromium.org,lpy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4984
Review-Url: https://codereview.chromium.org/1976603005
Cr-Commit-Position: refs/heads/master@{#36233}
This completely removes any potential for a side-channel between the
various compiler backends and the profiler. The CompilationInfo is no
longer passed.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1970193002
Cr-Commit-Position: refs/heads/master@{#36230}
This is a first step to removing the support for the OldFunctions
section altogether, which will greatly simplify the encoder and remove
the need to do local variable remapping in asm->wasm.
R=bradnelson@chromium.org,aseemgarg@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/1974933002
Cr-Commit-Position: refs/heads/master@{#36228}
This patch adds support for the `Operand2_R_LSL_I` addressing mode to
loads and stores. This allows merging a shift instruction into a
MemoryOperand. Since the shift immediate is restricted to the log2 of
the operation width, the opportunities to hit this are slim. However,
Ignition's bytecode handlers hit this case all the time:
kind = BYTECODE_HANDLER
name = Star
compiler = turbofan
Instructions (size = 44)
0x23e67280 0 add x1, x19, #0x1 (1)
0x23e67284 4 ldrsb x1, [x20, x1]
0x23e67288 8 sxtw x1, w1
0x23e6728c 12 mov x2, fp
0x23e67290 16 str x0, [x2, x1, lsl #3]
^^^^^^^^^^^^^^^^^^^^^
0x23e67294 20 add x19, x19, #0x2 (2)
0x23e67298 24 ldrb w1, [x20, x19]
0x23e6729c 28 ldr x1, [x21, x1, lsl #3]
^^^^^^^^^^^^^^^^^^^^^
0x23e672a0 32 br x1
Additionally, I noticed the optimisation occurs once in both the
`StringPrototypeCharAt` and `StringPrototypeCharCodeAt` turbofan stubs.
BUG=
Review-Url: https://codereview.chromium.org/1972103002
Cr-Commit-Position: refs/heads/master@{#36227}
Reason for revert:
Blocks roll: https://codereview.chromium.org/1972303002/
Original issue's description:
> [Reland] Implement CPU time for OS X and POSIX.
>
> V8 tracing controller uses 2 clocks: wall clock and cpu clock. This patch
> implements CPU time for OS X and POSIX to provide more accurate
> accounting of CPU time used by each thread.
>
> BUG=v8:4984
> LOG=n
>
> Committed: https://crrev.com/efa27fb25e1fa5b8465f4af710086b73b0cba660
> Cr-Commit-Position: refs/heads/master@{#36213}
TBR=fmeawad@chromium.org,jochen@chromium.org,rsesek@chromium.org,bmeurer@chromium.org,lpy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4984
Review-Url: https://codereview.chromium.org/1977753002
Cr-Commit-Position: refs/heads/master@{#36225}
Expression::bounds_ is used only by a subset of compile passes, but the
data structure occupies space for every Expression node ever parsed. This
unneccessarily increases memory consumption. Particularly, peak memory
consumption during startup, which may cause out-of-memory errors.
This CL
- removes Expression::bounds_;
- introduces an AstTypeBounds container, which mappes Expression* to Bounds;
- modifies the code that actually requires bounds information, namely
Crankshaft compile and AsmWasmBuilder, to instantiate such an AstTypeBounds
container before typing and to pass it to the code that consumes this
information; and
- modifies all accesses to Expression::bounds_ to instead access the bounds
via the container instead.
Additionally, this rewrites test-ast-expression-visitor. The reason is that
this code attempted to test AstExpressionVisitor but did so exclusively
through its subclass ExpressionTypeCollector, meaning that the test dealt
almost exclusively with type bounds despite the class-under-test having
no knowledge or functionality related to it. Worse, the test was written
in a way to assume that type bounds were available outside & after
compilation, which is something this change changes.
BUG=v8:4947
Review-Url: https://codereview.chromium.org/1968383002
Cr-Commit-Position: refs/heads/master@{#36222}
This change introduces a pipeline for the final stages of
bytecode generation.
The peephole optimizer is made distinct from the BytecodeArrayBuilder.
A new BytecodeArrayWriter is responsible for writing bytecode. It
also keeps track of the maximum register seen and offers a potentially
smaller frame size.
R=rmcilroy@chromium.org
LOG=N
BUG=v8:4280
Review-Url: https://codereview.chromium.org/1947403002
Cr-Commit-Position: refs/heads/master@{#36220}
We eagerly inserted Int32Mul for Math.imul during builtin lowering and
messed up with the types, which confused the representation selection.
This adds a proper NumberImul operator, and fixes the builtin reducer to
do the right thing according to the spec.
R=mstarzinger@chromium.org
BUG=v8:5006
LOG=n
Review-Url: https://codereview.chromium.org/1971163002
Cr-Commit-Position: refs/heads/master@{#36219}
The usat instruction is available from ARMv6, so there's no need to
check for the ARMv7 feature before using it. ARMv6 is the oldest
supported architecture in V8.
Correcting this allows the removal of a special case for predictable
code size.
BUG=
Review-Url: https://codereview.chromium.org/1974903002
Cr-Commit-Position: refs/heads/master@{#36218}
V8 tracing controller uses 2 clocks: wall clock and cpu clock. This patch
implements CPU time for OS X and POSIX to provide more accurate
accounting of CPU time used by each thread.
BUG=v8:4984
LOG=n
Review-Url: https://codereview.chromium.org/1966183003
Cr-Commit-Position: refs/heads/master@{#36213}
Names passed for imports and exports are checked during decoding,
leading to errors if they are no valid UTF-8. Function names are not
checked during decode, but rather lead to undefined being returned at
runtime if they are not UTF-8.
We need to do these checks on the Wasm side, since the factory
methods assume to get valid UTF-8 strings.
R=titzer@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1967023004
Cr-Commit-Position: refs/heads/master@{#36208}
With this CL it is possible to compile a wasm module with multiple
threads in parallel. Parallel compilation works as follows:
1) The main thread allocates a compilation unit for each wasm function.
2) The main thread spawns WasmCompilationTasks which run on the
background threads.
3.a) The background threads and the main thread pick one compilation unit
at a time and execute the parallel phase of the compilation unit.
After finishing the execution of the parallel phase, the compilation
unit is stored in a result queue.
3.b) If the result queue contains a compilation unit, the main thread
dequeues it and finishes its compilation.
4) After the execution of the parallel phase of all compilation units has
started, the main thread waits for all WasmCompilationTasks to finish.
5) The main thread finalizes the compilation of the module.
I'm going to add some additional tests before committing this CL.
R=titzer@chromium.org, bmeurer@chromium.org, mlippautz@chromium.org, mstarzinger@chromium.org
Committed: https://crrev.com/17215438659d8ff2d7d55f95226bf8a1477ccd79
Cr-Commit-Position: refs/heads/master@{#36178}
Review-Url: https://codereview.chromium.org/1961973002
Cr-Commit-Position: refs/heads/master@{#36207}
Currently we do not check for @@isConcatSpreadable properly. If the Symbol is
set on the Array.prototype or Object.prototype the current fast paths fail.
This CL adds a fix to globally invalidate a isConcatSpreadable_protector.
Drive-by-fix: use named accessors for context variables
LOG=N
BUG=chromium:542504, v8:903
Review-Url: https://codereview.chromium.org/1409123003
Cr-Commit-Position: refs/heads/master@{#36201}
We got the condition wrong and actually deoptimized when the typed array
was not neutered. This fixes the deopt loop in Math.random and actually
many programs that use typed arrays.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1970123002
Cr-Commit-Position: refs/heads/master@{#36194}
This patch removes the following properties, as their use count is
very low, they are V8-only, and not on a standards track.
- v8Parse
- resolved
- pattern
v8BreakIterator is left in as it has significantly more usage.
BUG=v8:3785
R=adamk,jshin@chromium.org
Review-Url: https://codereview.chromium.org/1968893002
Cr-Commit-Position: refs/heads/master@{#36190}
Reason for revert:
Buildbot is failing on Mac release build.
Original issue's description:
> Implement CPU time for OS X and POSIX.
>
> V8 tracing controller uses 2 clocks: wall clock and cpu clock. This patch
> implements CPU time for OS X and POSIX to provide more accurate
> accounting of CPU time used by each thread.
>
> BUG=v8:4984
> LOG=n
>
> Committed: https://crrev.com/025f3d262bab2748362374f1b90ac723a9655ee4
> Cr-Commit-Position: refs/heads/master@{#36188}
TBR=jochen@chromium.org,bmeurer@chromium.org,fmeawad@chromium.org,rsesek@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4984
Review-Url: https://codereview.chromium.org/1966173003
Cr-Commit-Position: refs/heads/master@{#36189}
V8 tracing controller uses 2 clocks: wall clock and cpu clock. This patch
implements CPU time for OS X and POSIX to provide more accurate
accounting of CPU time used by each thread.
BUG=v8:4984
LOG=n
Review-Url: https://codereview.chromium.org/1959103004
Cr-Commit-Position: refs/heads/master@{#36188}
When I18N is enabled, use ICU's case conversion API and transliteration
API [1] to implement String.prototype.to{Upper,Lower}Case and
String.prototype.toLocale{Upper,Lower}Case.
* ICU-based case conversion was implemented in runtime-i18n.cc/i18n.js
* The above 4 functions are overridden with those in i18n.js when
--icu_case_mapping flag is turned on. To control the override by the flag,
they're overriden in icu-case-mapping.js
Previously, toLocale{U,L}Case just called to{U,L}Case so that they didn't
support locale-sensitive case conversion for Turkic languages (az, tr),
Greek (el) and Lithuanian (lt).
Before ICU APIs for the most general case are called, a fast-path for Latin-1
is tried. It's taken from Blink and adopted as necessary. This fast path
is always tried for to{U,L}Case. For toLocale{U,L}Case, it's only taken
when a locale (explicitly specified or default) is not in {az, el, lt, tr}.
With these changes, a build with --icu_case_mapping=true passes a bunch
of tests in test262/intl402/Strings/* and intl/* that failed before.
Handling of pure ASCII strings (aligned at word boundary) are not as fast
as Unibrow's implementation that uses word-by-word case conversion. OTOH,
Latin-1 input handling is faster than Unibrow. General Unicode input
handling is slower but more accurate.
See https://docs.google.com/spreadsheets/d/1KJCJxKc1FxFXjwmYqABS0_2cNdPetvnd8gY8_HGSbrg/edit?usp=sharing for the benchmark.
This CL started with http://crrev.com/1544023002#ps200001 by littledan@,
but has changed significantly since.
[1] See why transliteration API is needed for uppercasing in Greek.
http://bugs.icu-project.org/trac/ticket/10582
R=yangguo
BUG=v8:4476,v8:4477
LOG=Y
TEST=test262/{built-ins,intl402}/Strings/*, webkit/fast/js/*, mjsunit/string-case,
intl/general/case*
Review-Url: https://codereview.chromium.org/1812673005
Cr-Commit-Position: refs/heads/master@{#36187}
Reason for revert:
The ThreadSanitizer finds data races.
Original issue's description:
> [wasm] Implement parallel compilation.
>
> With this CL it is possible to compile a wasm module with multiple
> threads in parallel. Parallel compilation works as follows:
>
> 1) The main thread allocates a compilation unit for each wasm function.
> 2) The main thread spawns WasmCompilationTasks which run on the
> background threads.
> 3.a) The background threads and the main thread pick one compilation unit
> at a time and execute the parallel phase of the compilation unit.
> After finishing the execution of the parallel phase, the compilation
> unit is stored in a result queue.
> 3.b) If the result queue contains a compilation unit, the main thread
> dequeues it and finishes its compilation.
> 4) After the execution of the parallel phase of all compilation units has
> started, the main thread waits for all WasmCompilationTasks to finish.
> 5) The main thread finalizes the compilation of the module.
>
> I'm going to add some additional tests before committing this CL.
>
> R=titzer@chromium.org, bmeurer@chromium.org, mlippautz@chromium.org, mstarzinger@chromium.org
>
> Committed: https://crrev.com/17215438659d8ff2d7d55f95226bf8a1477ccd79
> Cr-Commit-Position: refs/heads/master@{#36178}
TBR=bmeurer@chromium.org,mlippautz@chromium.org,mstarzinger@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/1965243003
Cr-Commit-Position: refs/heads/master@{#36182}
The previous approach taken by FastNew[Sloppy,Strict,Rest]ArgumentsStub
looked at the function slot in order to skip stub frames
and find the JS frame. However, stub frames do not have a
function slot (in fact their fixed frame ends one slot
before the JS frame's function slot). Therefore, if this
location in the stub frame happens to have the function
object the create arguments stubs won't skip this frame
correctly.
Replace this approach with one where the stub is
specialized to either skip a frame if required (since
there will only ever be one extra frame on Ignition
the loop approach isn't necessary).
BUG=v8:4928
LOG=N
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
Review-Url: https://codereview.chromium.org/1949023003
Cr-Commit-Position: refs/heads/master@{#36181}
This code was used exclusively by its own unit test and can be safely removed.
BUG=v8:4947
LOG=N
Review-Url: https://codereview.chromium.org/1965373002
Cr-Commit-Position: refs/heads/master@{#36180}
When instantiating a subclassed API function, the instance cache is avoided. There is currently no direct API yet to instantiate a Template while passing in a new.target. It probably makes sense to extend ObjectTemplate::NewInstance to accept a new.target, in line with Reflect.construct.
BUG=v8:3330, v8:5001
Review-Url: https://codereview.chromium.org/1972613002
Cr-Commit-Position: refs/heads/master@{#36179}
With this CL it is possible to compile a wasm module with multiple
threads in parallel. Parallel compilation works as follows:
1) The main thread allocates a compilation unit for each wasm function.
2) The main thread spawns WasmCompilationTasks which run on the
background threads.
3.a) The background threads and the main thread pick one compilation unit
at a time and execute the parallel phase of the compilation unit.
After finishing the execution of the parallel phase, the compilation
unit is stored in a result queue.
3.b) If the result queue contains a compilation unit, the main thread
dequeues it and finishes its compilation.
4) After the execution of the parallel phase of all compilation units has
started, the main thread waits for all WasmCompilationTasks to finish.
5) The main thread finalizes the compilation of the module.
I'm going to add some additional tests before committing this CL.
R=titzer@chromium.org, bmeurer@chromium.org, mlippautz@chromium.org, mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/1961973002
Cr-Commit-Position: refs/heads/master@{#36178}
Prints source position information alongside bytecode.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1963663002
Cr-Commit-Position: refs/heads/master@{#36171}
By now the runtime entry function in question is a duplicate of the
existing Runtime_ToFastProperties function. This just gets rid of the
duplication.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/1963973003
Cr-Commit-Position: refs/heads/master@{#36161}
Up until now we had two places where we did the function prototype
folding, once in the Typer and once in JSTypedLowering. Put this logic
into JSNativeContextSpecialization instead.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1965293002
Cr-Commit-Position: refs/heads/master@{#36157}
Make JSCreateArguments eliminatable, and remove the need for frame
states on JSCreateArguments nodes being lowered to (optimized) stub
calls. Only the runtime fallback needs a frame state, because in that
case we need to ask the deoptimizer for arguments to inlined functions.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1965013005
Cr-Commit-Position: refs/heads/master@{#36154}
The data from UseCounters are in--V8's custom Promise methods are not
in wide use on the web (<.002%). Therefore, this patch removes them.
That includes:
- Promise.prototype.chain
- Promise.defer -- the most widely used of the bunch
- Promise.accept
For now, those methods are still available by checking the "disable
latest stable JavaScript features" flag, or --promise-extra at the
command line, but I expect them to be fully removable.
R=adamk
CC=rossberg
BUG=v8:3238,v8:4633
Review-Url: https://codereview.chromium.org/1965183002
Cr-Commit-Position: refs/heads/master@{#36152}
Old code failed to walk over deleted elements, instead treating
deleted elements as "undefined" in the output array.
This is the Map equivalent of commit 2d9bfe9ad5.
Also micro-optimized the loops to avoid an extra call to KeyAt()
and used a direct hole comparison instead of calling IsTheHole().
R=cbruni@chromium.org
BUG=v8:4946
LOG=y
Review-Url: https://codereview.chromium.org/1965593002
Cr-Commit-Position: refs/heads/master@{#36149}
Renames IsDouble* predicates to IsFP*.
Adds specific IsFloat*, IsDouble*, and IsSimd128* predicates.
Adds specific GetFloatRegister, GetDoubleRegister, and
GetSimd128Register methods.
This is mostly a mechanical renaming of IsDouble* to IsFP* methods.
This shouldn't change code generation at all. All fp registers are still
treated as double registers.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/1959763002
Cr-Commit-Position: refs/heads/master@{#36146}
Rather than pushing zero for the initial bytecode offset, we should push the
offset of the first bytecode handler, Smi tagged. This fixes the line number
for the top stack frame on overflow errors.
BUG=v8:4981
LOG=N
Review-Url: https://codereview.chromium.org/1950913004
Cr-Commit-Position: refs/heads/master@{#36137}
Trying to re-land http://crrev.com/1948453002 after fixing assembler-x64.cc in http://crrev.com/1962563003.
Before this patch, we would emit a cmp or test with a memory operand only if both of the operands in the IR were loads. Now if either of them is a load and the other one is an immediate, we can use a memory operand if the load representation machine size is wide enough to represent the latter.
Review-Url: https://codereview.chromium.org/1968453002
Cr-Commit-Position: refs/heads/master@{#36136}
In the bytecode graphbuilder, translate the two generator-specific
bytecodes as a couple of runtime calls for now.
BUG=v8:4907
LOG=n
Review-Url: https://codereview.chromium.org/1957393004
Cr-Commit-Position: refs/heads/master@{#36134}
This adds a new pass MemoryOptimizer that walks over the effect chain
from Start and lowers all Allocate, LoadField, StoreField, LoadElement,
and StoreElement nodes, trying to fold allocations into allocation
groups and eliminate write barriers on StoreField and StoreElement if
possible (i.e. if the object belongs to the current allocation group and
that group allocates in new space).
R=hpayer@chromium.org, jarin@chromium.org
BUG=v8:4931, chromium:580959
LOG=n
Review-Url: https://codereview.chromium.org/1963583004
Cr-Commit-Position: refs/heads/master@{#36128}
This implements declaration of lookup slots for variables and functions
within optimized code. Such a declaration only appears with top-level
eval code, which we only recently started handling in TurboFan.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1962723002
Cr-Commit-Position: refs/heads/master@{#36125}
This patch installs %TypedArray% and its prototype on the native
context, and wires them up to each TypedArray subclass. This is later
used to check the holder of length, byteLength and byteOffset is
%Typedarray% and apply the appropriate optimizations.
BUG=chromium:593634
LOG=Y
Review-Url: https://codereview.chromium.org/1949863002
Cr-Commit-Position: refs/heads/master@{#36116}
Fixes 4 compile errors on Mac due to specifiers not matching type casts.
LOG=N
BUG=
Review-Url: https://codereview.chromium.org/1960113002
Cr-Commit-Position: refs/heads/master@{#36115}
atomic-utils.h only uses functionality from base/, and also by moving it into
base/, code outside of v8_base can benefit from it.
BUG=v8:4991
LOG=n
Review-Url: https://codereview.chromium.org/1954603002
Cr-Commit-Position: refs/heads/master@{#36114}
Assembler::testw(Register, Immediate) and Assembler::testw(const Operand&, Immediate) were emitting only the first 8 bits of a 16-bit immediate, causing unexpected crashes.
This went unnoticed because before http://crrev.com/1948453002 no compiler was using them.
Review-Url: https://codereview.chromium.org/1962563003
Cr-Commit-Position: refs/heads/master@{#36110}
The bailout points for named and keyed property loads when doing super
property calls are not being prepared by full-codegen, even though we
are using them in TurboFan for deopts and stack traces.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-4971
BUG=v8:4971
LOG=n
Review-Url: https://codereview.chromium.org/1960083002
Cr-Commit-Position: refs/heads/master@{#36109}
This catches malformed code like the following example:
<expr>
<block begin>
<expr>
<binop>
<end>
Which is illegal because the inputs to the binop cross the block boundary.
R=rossberg@chromium.org,ahaas@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/1961853002
Cr-Commit-Position: refs/heads/master@{#36103}
The flag in question used to fall-back to Crankshaft whenever an OSR
request couldn't be handled by TurboFan. By now OSR in TurboFan is
sufficiently stabilized that one single --use-osr flag should do it.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/1960043002
Cr-Commit-Position: refs/heads/master@{#36102}
mjsunit/es6/mirror-collections fails with ignition because dead registers
may hold references to objects. This prevents GC from collecting
otherwise dead objects. Dead registers are not cleared because the cost
of clearing them outweighs its benefits. Hence, modifying this test to
work around this problem.
BUG=v8:4280,v8:4853
LOG=N
Review-Url: https://codereview.chromium.org/1945223002
Cr-Commit-Position: refs/heads/master@{#36098}
Handles of this type are automatically reset by the garbage collector
when their objects are not longer reachable.
The motivation is to reduce pause time of external.weak_global_handles
phase of the garbage collector by not maintaing the list of pending
callbacks and not calling the callbacks.
Local testing on discourse page of the v8.inifinite_scroll benchmark
shows 7x improvement for this GC phase.
Before:
external.weak_global_handles
len: 21
min: 0.0
max: 4.5
avg: 0.757142857143
After:
external.weak_global_handles
len: 21
min: 0.0
max: 0.5
avg: 0.109523809524
A follow-up patch will enable the new phantom handles in Chromium.
BUG=chromium:608333
LOG=NO
Review-Url: https://codereview.chromium.org/1950963002
Cr-Commit-Position: refs/heads/master@{#36095}
Add comments explaining how to iterate over an OrderedHashTable.
Use the correct strategy for iteration in Set::AsArray().
Add a DCHECK bounds check in OrderedHashTable::KeyAt().
BUG=v8:4946
LOG=y
Review-Url: https://codereview.chromium.org/1952093002
Cr-Commit-Position: refs/heads/master@{#36091}
Some tests which fail with '--ignition --turbo --turbo-from-bytecode' pass with
just '--ignition'. Unskip these tests. Also group other tests with related
bugs.
BUG=v8:4680
LOG=N
Review-Url: https://codereview.chromium.org/1944413002
Cr-Commit-Position: refs/heads/master@{#36083}
This changes different locations to extract the reference to the wasm
object and the function index from the stack trace, and make it
available through all the APIs which process stack traces.
The javascript CallSite object now has the new methods isWasm(),
getWasmObject() and getWasmFunctionIndex(); the byte offset is
available via getPosition().
Function names of wasm frames should be fully functional with this
commit, position information works reliably for calls, but not for
traps like unreachable or out-of-bounds accesses.
R=titzer@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1909353002
Cr-Commit-Position: refs/heads/master@{#36067}
This operator was initially designed to handle arbitrary effect merging
for effect relaxation, but we don't do that (at least currently). So no
need to keep the dead operator around.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1954983002
Cr-Commit-Position: refs/heads/master@{#36063}
port 117a56b7c2 (r36044)
original commit message:
- Add new RelocInfo mode WASM_MEMORY_SIZE_REFERENCE in the assembler and add relocation information to immediates in compare instructions.
- Use relocatable constants for MemSize/BoundsCheck in the wasm compiler
BUG=
Review-Url: https://codereview.chromium.org/1947413003
Cr-Commit-Position: refs/heads/master@{#36058}
Scope analysis is over-conservative when treating variable resolutions
as possibly-shadowed by a sloppy eval. In the attached bug, this comes
into play since catch scopes have different behavior with respect to
the "calls eval" in eager vs lazy compilation (in the latter, they
are never marked as "calls eval" because CatchContexts don't have
an associated ScopeInfo).
This patch changes the scope-type check to also eliminate a few other
cases where shadowing isn't possible, such as non-declaration block scopes.
BUG=chromium:608279
LOG=n
Review-Url: https://codereview.chromium.org/1950803002
Cr-Commit-Position: refs/heads/master@{#36046}
A load instruction will implicitely clear the top 32 bits when writing to a W
register. This patch avoids generating a `mov` instruction to zero-extend the
result in this case.
For example, this occurs in the generated code for dispatching to the next
bytecode in the interpreter:
kind = BYTECODE_HANDLER
name = LdaZero
compiler = turbofan
Instructions (size = 36)
0x32e64c60 0 add x19, x19, #0x1 (1)
0x32e64c64 4 ldrb w0, [x20, x19]
0x32e64c68 8 mov w0, w0
^^^^^^^^^^
0x32e64c6c 12 lsl x0, x0, #3
0x32e64c70 16 ldr x1, [x21, x0]
0x32e64c74 20 movz x0, #0x0
0x32e64c78 24 br x1
BUG=
Review-Url: https://codereview.chromium.org/1950013003
Cr-Commit-Position: refs/heads/master@{#36038}
Previously, the species protector was invalidated whenever the __proto__ of
an Array instance was manipulated. Then, if the map's new_target_is_base field
remained set, it was correct to conclude that GetPrototypeOf(array) was
%ArrayPrototype%. However, this choice caused the popular D3 framework to
invalidate the species protector, causing many functions to become slower.
This patch eliminates that aspect of the species protector. Instead, the check
is to look at the instance->map()->prototype(). It is valid to look directly
at the map's prototype slot, ignoring hidden prototypes and proxies, because
- This is only called on Array instances, so the receiver cannot be a Proxy.
- For hidden prototypes, any inaccuracy would only result in conservatively
taking the slow path.
Theoretically, this patch could make methods applied to arrays from other
contexts slower. However, the slowdown would only affect a particular array
instance and not have a global spill-over effect. Further, the slowdown could
be addressed by tracking, either in the instance's map or in the actual
prototype object, whether it is a %ArrayPrototype% from any context, in a way
which is cheap to query, and use that rather than comparing to the currently
executing native context.
In interactive testing, this patch led the OnShape CAD system to experience
faster load times (110+s -> 40s).
BUG=chromium:606207
LOG=Y
Review-Url: https://codereview.chromium.org/1936393002
Cr-Commit-Position: refs/heads/master@{#36033}
This method provides ability to get all properties of the object with passed filter in addition to existing GetOwnPropertyNames(context) method that returns only enumerable properties.
BUG=v8:3861,chromium:581495
R=yangguo@chromium.org
LOG=Y
Review-Url: https://codereview.chromium.org/1943773002
Cr-Commit-Position: refs/heads/master@{#36031}
We sometimes used to continue by jumping _back_ to the condition check at the
top of the loop. After my recent generator-related changes, that check is no
longer at the loop header, so a continue could create an additional loop. In
order to avoid this, we now always set the continue target to be the first
instruction following the loop body.
BUG=
Review-Url: https://codereview.chromium.org/1943383003
Cr-Commit-Position: refs/heads/master@{#36029}
Unlike previous implementation where the 'continue' keyword was a feature of a return statement the keyword is now recognized as a part of expression. Error reporting was significantly improved.
--harmony-explicit-tailcalls option is now orthogonal to --harmony-tailcalls so we can test both modes at the same time.
This CL also adds %GetExceptionDetails(exception) that fetches hidden |start_pos| and |end_pos| values from the exception object.
BUG=v8:4915
LOG=N
Review-Url: https://codereview.chromium.org/1928203002
Cr-Commit-Position: refs/heads/master@{#36024}
Now that everything is properly wired to the effect chain when we get to
ChangeLowering, we can safely inline the allocation fast path and only
need to consule the slow path stub fallback when bump pointer allocation
fails.
R=jarin@chromium.org
BUG=v8:4931
LOG=n
Review-Url: https://codereview.chromium.org/1951853002
Cr-Commit-Position: refs/heads/master@{#36022}
This fixes a bug where returning from a class literal inside
a try-finally didn't restore the context properly when
entering the finally clause.
BUG=v8:4965
LOG=n
Review-Url: https://codereview.chromium.org/1952633002
Cr-Commit-Position: refs/heads/master@{#36021}
It is already effectively disabled by --scavenge_reclaim_unmodified_objects.
BUG=
Review-Url: https://codereview.chromium.org/1944793002
Cr-Commit-Position: refs/heads/master@{#36018}
This allows for top-level eval code to be parsed properly before doing
optimization. It uses the same kind of re-parsing we already perform
when compiling code for debugging.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/1884143003
Cr-Commit-Position: refs/heads/master@{#36014}
When storing an immediate integer or floating point zero, use the zero register
as the source value. This avoids the need to sometimes allocate a new register.
BUG=
Review-Url: https://codereview.chromium.org/1945783002
Cr-Commit-Position: refs/heads/master@{#36013}
The inline allocation sequence in the optimizing compilers cannot deal
well with funky types like JSRegExp, which have some magic fields in
addition to the inobject properties. In Crankshaft we already use the
FastNewObjectStub for %_NewObject in general, so fix TurboFan to the same.
Hopefully one day we can kill %_NewObject completely.
R=jarin@chromium.org
BUG=chromium:609029
LOG=n
Review-Url: https://codereview.chromium.org/1943403004
Cr-Commit-Position: refs/heads/master@{#36006}
Compiler backends get their language mode from the current
function, but should instead be deriving it from the current scope.
This allows proper handling of the always-strictness of class declarations
and expressions, and in particular the treatment of 'eval' calls in an
extends clause as a strict eval.
Also fix the parser's RecordEvalCall logic to only reach out to the
DeclarationScope in sloppy mode, which fixes the strange case of a
sloppy function thinking it contains a sloppy eval when in fact
it contains only a strict eval.
BUG=v8:4970
LOG=n
Review-Url: https://codereview.chromium.org/1931003003
Cr-Commit-Position: refs/heads/master@{#36001}
The problem is actually not related to try-catch, so here is a test
without try-catch.
BUG=chromium:607493
LOG=n
Review-Url: https://codereview.chromium.org/1943883002
Cr-Commit-Position: refs/heads/master@{#35985}
Reason for revert:
Jakob found the actual issue with the CL and is going to land the fix after relanding the WB elimination.
Original issue's description:
> Revert of [turbofan] Restore basic write barrier elimination. (patchset #2 id:20001 of https://codereview.chromium.org/1938993002/ )
>
> Reason for revert:
> Breaks WBs that should be there ;)
>
> https://uberchromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/3305
>
> Will open repro bug asap.
>
> Original issue's description:
> > [turbofan] Restore basic write barrier elimination.
> >
> > Restore the basic write barrier elimination that we used to run as part
> > of the simplified lowering phase (in ChangeLowering actually) before, by
> > moving the write barrier computation to SimplifiedLowering where we can
> > still look at types and consider the heap/isolate, and just update the
> > WriteBarrierKind in the FieldAccess/ElementAccess that we later use when
> > lowering to a machine Load/Store.
> >
> > CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
> > R=mstarzinger@chromium.org
> > BUG=v8:4969,chromium:608636
> > LOG=n
> >
> > Committed: https://crrev.com/7dcb6ad379fbacbc8bdc8e11a6e50d680ffa3f62
> > Cr-Commit-Position: refs/heads/master@{#35969}
>
> TBR=mstarzinger@chromium.org,bmeurer@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4969,chromium:608636
>
> Committed: https://crrev.com/a782e93c617e728cded5ad878de11137a67891b7
> Cr-Commit-Position: refs/heads/master@{#35983}
TBR=mstarzinger@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4969,chromium:608636
Review-Url: https://codereview.chromium.org/1943323002
Cr-Commit-Position: refs/heads/master@{#35984}
Reason for revert:
Breaks WBs that should be there ;)
https://uberchromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/3305
Will open repro bug asap.
Original issue's description:
> [turbofan] Restore basic write barrier elimination.
>
> Restore the basic write barrier elimination that we used to run as part
> of the simplified lowering phase (in ChangeLowering actually) before, by
> moving the write barrier computation to SimplifiedLowering where we can
> still look at types and consider the heap/isolate, and just update the
> WriteBarrierKind in the FieldAccess/ElementAccess that we later use when
> lowering to a machine Load/Store.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
> R=mstarzinger@chromium.org
> BUG=v8:4969,chromium:608636
> LOG=n
>
> Committed: https://crrev.com/7dcb6ad379fbacbc8bdc8e11a6e50d680ffa3f62
> Cr-Commit-Position: refs/heads/master@{#35969}
TBR=mstarzinger@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4969,chromium:608636
Review-Url: https://codereview.chromium.org/1943743003
Cr-Commit-Position: refs/heads/master@{#35983}
Restore the basic write barrier elimination that we used to run as part
of the simplified lowering phase (in ChangeLowering actually) before, by
moving the write barrier computation to SimplifiedLowering where we can
still look at types and consider the heap/isolate, and just update the
WriteBarrierKind in the FieldAccess/ElementAccess that we later use when
lowering to a machine Load/Store.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
R=mstarzinger@chromium.org
BUG=v8:4969,chromium:608636
LOG=n
Review-Url: https://codereview.chromium.org/1938993002
Cr-Commit-Position: refs/heads/master@{#35969}
Yield expressions are not allowed in formal parameter initializers of
generators, but we weren't properly catching the case where the yield
expression appeared in the 'extends' clause of a class expression.
They also aren't allowed in arrow functions, which we were failing to
catch due to not looking at the obscurely-named "FormalParameterInitializerError"
bit of ExpressionClassifier.
This patch passes along an ExpressionClassifier when parsing class
expressions and accumulates the proper error for that case.
For the arrow function case, the fix is simply to check for the
"formal parameter initializer" error once we know we've parsed
an arrow function. The error message used for this has also
been made specific to yield expressions.
Tests are added both for the error case and the non-error cases (where
yield is used in such a position inside the class body).
BUG=v8:4966, v8:4968, v8:4974
LOG=n
Review-Url: https://codereview.chromium.org/1941823003
Cr-Commit-Position: refs/heads/master@{#35957}
The ECMA 402 implementation previously pushed directly to real
Arrays, which risks having observably incorrect behavior in the
presence of monkey patching. This patch uses InternalArrays instead
to avoid that hazard.
R=jshin@chromium.org,yangguo@chromium.org
BUG=chromium:604299
LOG=N
Review-Url: https://codereview.chromium.org/1923803002
Cr-Commit-Position: refs/heads/master@{#35949}
Our implementation of the spec got one comparison wrong, at
step 19.d.iii (we were comparing against 'q' instead of 'p').
R=littledan@chromium.org
BUG=chromium:607566
LOG=n
Review-Url: https://codereview.chromium.org/1940643002
Cr-Commit-Position: refs/heads/master@{#35947}
The compilation pipeline is correctly guarding against accidental
tier-ups by now, the tests in question should no longer fail.
R=yangguo@chromium.org
BUG=v8:4961
LOG=n
Review-Url: https://codereview.chromium.org/1938983002
Cr-Commit-Position: refs/heads/master@{#35934}
Now ChangeLowering is only concerned with lowering memory access and
allocation operations, and all changes are consistently lowered during
the effect/control linearization pass. The next step is to move the
left over lowerings to a pass dedicated to eliminate redundant loads and
stores, eliminate write barriers, fold and inline allocations.
Drive-by-fix: Rename ChangeBitToBool to ChangeBitToTagged,
ChangeBoolToBit to ChangeTaggedToBit, and ChangeInt31ToTagged to
ChangeInt31ToTaggedSigned for consistency.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
Committed: https://crrev.com/ceca5ae308bddda166651c654f96d71d74f617d0
Cr-Commit-Position: refs/heads/master@{#35924}
Review-Url: https://codereview.chromium.org/1941673002
Cr-Commit-Position: refs/heads/master@{#35929}
Reason for revert:
[Sheriff] Breaks mac gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/5821
Original issue's description:
> [turbofan] Remove left-over change bits from ChangeLowering.
>
> Now ChangeLowering is only concerned with lowering memory access and
> allocation operations, and all changes are consistently lowered during
> the effect/control linearization pass. The next step is to move the
> left over lowerings to a pass dedicated to eliminate redundant loads and
> stores, eliminate write barriers, fold and inline allocations.
>
> Also remove the atomic regions now that we wire everything into the
> effect chain properly. This is an important step towards allocation
> inlining.
>
> Drive-by-fix: Rename ChangeBitToBool to ChangeBitToTagged,
> ChangeBoolToBit to ChangeTaggedToBit, and ChangeInt31ToTagged to
> ChangeInt31ToTaggedSigned for consistency.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
>
> Committed: https://crrev.com/ceca5ae308bddda166651c654f96d71d74f617d0
> Cr-Commit-Position: refs/heads/master@{#35924}
TBR=ishell@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/1942733002
Cr-Commit-Position: refs/heads/master@{#35927}
This adds ignition to the testing variants that are run on all
bots.
Failing tests can only be skipped with the NO_IGNITION
keyword in status files. Existing expectations for the
ignition_turbofan variant are all duplicated and use the
NO_IGNITION keyword as well now.
BUG=v8:4280
LOG=N
Committed: https://crrev.com/132c09ed619f23fb7c6d26a4e3552c703389eabd
Cr-Commit-Position: refs/heads/master@{#35865}
Review-Url: https://codereview.chromium.org/1804003002
Cr-Commit-Position: refs/heads/master@{#35926}
Now ChangeLowering is only concerned with lowering memory access and
allocation operations, and all changes are consistently lowered during
the effect/control linearization pass. The next step is to move the
left over lowerings to a pass dedicated to eliminate redundant loads and
stores, eliminate write barriers, fold and inline allocations.
Also remove the atomic regions now that we wire everything into the
effect chain properly. This is an important step towards allocation
inlining.
Drive-by-fix: Rename ChangeBitToBool to ChangeBitToTagged,
ChangeBoolToBit to ChangeTaggedToBit, and ChangeInt31ToTagged to
ChangeInt31ToTaggedSigned for consistency.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
Review-Url: https://codereview.chromium.org/1941673002
Cr-Commit-Position: refs/heads/master@{#35924}
When exporting `shared-library` in profile log, additionally export a
slide offset. This is required to parse profile logs generated on
systems with ASLR (OS X), otherwise it is impossible to assign C++
symbol names to their addresses in the log.
See: https://github.com/nodejs/node/issues/6466
BUG=
Review-Url: https://codereview.chromium.org/1934453003
Cr-Commit-Position: refs/heads/master@{#35921}
Further refactor the pipeline to even run the first scheduler (part of
the effect control linearization) concurrently. This temporarily
disables most of the write barrier elimination, but we will get back to
that later.
Drive-by-fix: Remove the dead code from ChangeLowering, and stack
allocate the Typer in the pipeline. Also migrate the AllocateStub to a
native code builtin, so that we have the code object + a handle to it
available all the time.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
R=mstarzinger@chromium.org
BUG=v8:4969
LOG=n
Review-Url: https://codereview.chromium.org/1926023002
Cr-Commit-Position: refs/heads/master@{#35918}
Restrict the use of the `await` token as an identifier when parsing
source text as module code.
From
http://www.ecma-international.org/ecma-262/6.0/#sec-future-reserved-words:
> 11.6.2.2 Future Reserved Words
>
> The following tokens are reserved for used as keywords in future
> language extensions.
>
> Syntax
>
> FutureReservedWord ::
> enum
> await
>
> await is only treated as a FutureReservedWord when Module is the goal
> symbol of the syntactic grammar.
BUG=v8:4767
LOG=N
R=adamk@chromium.org
Review-Url: https://codereview.chromium.org/1723313002
Cr-Commit-Position: refs/heads/master@{#35914}
- Move the concurrent unmapping to MemoryAllocator
- Hide (private) members where possible
- MemoryAllocator:Free is now the bottleneck for freeing
- Pooled pages are either allocated from a set of pooled pages are obtained
through work stealing from the concurrent unmapper
BUG=chromium:605866, chromium:581412
LOG=N
This reverts commit 25ff296c4c.
Review-Url: https://codereview.chromium.org/1929503002
Cr-Commit-Position: refs/heads/master@{#35910}
Adapts FastCloneShallowObjectStub to enable it to be used by the
CreateObjectLiteral bytecode.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1922523002
Cr-Commit-Position: refs/heads/master@{#35909}
In order to have a wasm object (as JSObject), this adds a method to
instantiate the TestingModule. In order for this to work, the bytecode
and the function names of the TestingModule are stored for usage during
instantiation.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/1916403002
Cr-Commit-Position: refs/heads/master@{#35906}
This ensures that the TurboFan pipeline is respecting the flag on the
CompilationInfo controlling whether to use the BytecodeGraphBuilder or
the AstGraphBuilder when ensuring deoptimization support.
R=rmcilroy@chromium.org
BUG=chromium:607871
LOG=n
Review-Url: https://codereview.chromium.org/1934563002
Cr-Commit-Position: refs/heads/master@{#35904}
This prepares for pulling chromium's build as dependency for
gn. After this, the files in build and gypfiles need to stay
in sync until chromium is updated.
BUG=chromium:474921
LOG=n
Review-Url: https://codereview.chromium.org/1848553003
Cr-Commit-Position: refs/heads/master@{#35898}
[wasm] Binary 11: Swap the order of section name / section length.
[wasm] Binary 11: Shorter section names.
[wasm] Binary 11: Add a prefix for function type declarations.
[wasm] Binary 11: Function types encoded as pcount, p*, rcount, r*
[wasm] Fix numeric names for functions.
R=rossberg@chromium.org,jfb@chromium.org,ahaas@chromium.org
BUG=chromium:575167
LOG=Y
Review-Url: https://codereview.chromium.org/1896863003
Cr-Commit-Position: refs/heads/master@{#35897}
[wasm] Binary 11: br_table takes a value.
[wasm] Binary 11: Add implicit blocks to if arms.
[wasm] Binary 11: Add arities to call, return, and breaks
[wasm] Binary 11: Add experimental version.
This CL changes the encoder, decoder, and tests to use a postorder
encoding of the AST, which is more efficient in decode time and
space.
R=bradnelson@chromium.org,rossberg@chromium.org,binji@chromium.org
BUG=chromium:575167
LOG=Y
Review-Url: https://codereview.chromium.org/1830663002
Cr-Commit-Position: refs/heads/master@{#35896}
This adds a dedicated flag for enabling the BytecodeGraphBuilder. The
intention is to be explicit when this variant is being tested and to
avoid unnecessary overhead in production code for a configuration that
is not yet shipping.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/1925123002
Cr-Commit-Position: refs/heads/master@{#35892}
Reason for revert:
[Sheriff] Looks like this breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/6442
Original issue's description:
> Remove more dead code after Object.observe removal
>
> This moves __{define,lookup}{Getter,Setter}__ to builtins.cc to free up the JavaScript implementation of DefineOwnProperty for deletion.
TBR=verwaest@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/1929293002
Cr-Commit-Position: refs/heads/master@{#35886}
These checks ensure that a TypeError is thrown, per spec, rather than
a runtime assert failure.
BUG=v8:4964
R=adamk
LOG=Y
Review-Url: https://codereview.chromium.org/1929123002
Cr-Commit-Position: refs/heads/master@{#35885}
This moves __{define,lookup}{Getter,Setter}__ to builtins.cc to free up the JavaScript implementation of DefineOwnProperty for deletion.
Review-Url: https://codereview.chromium.org/1904313004
Cr-Commit-Position: refs/heads/master@{#35876}
Reason for revert:
Will resubmit with proper fix and more test skips.
Original issue's description:
> [Ignition] Test ignition on all bots.
>
> This adds ignition to the testing variants that are run on all
> bots.
>
> Failing tests can only be skipped with the NO_IGNITION
> keyword in status files. Existing expectations for the
> ignition_turbofan variant are all duplicated and use the
> NO_IGNITION keyword as well now.
>
> BUG=v8:4280
> LOG=N
> NOTRY=true
TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,mythria@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/1930943002
Cr-Commit-Position: refs/heads/master@{#35871}
This adds ignition to the testing variants that are run on all
bots.
Failing tests can only be skipped with the NO_IGNITION
keyword in status files. Existing expectations for the
ignition_turbofan variant are all duplicated and use the
NO_IGNITION keyword as well now.
BUG=v8:4280
LOG=N
NOTRY=true
Review-Url: https://codereview.chromium.org/1804003002
Cr-Commit-Position: refs/heads/master@{#35865}
DevTools uses the debug interrupt to trap on function entry. Without
source position at the stack check, we would get bogus source positions.
R=mstarzinger@chromium.org
BUG=chromium:595646
LOG=N
Review-Url: https://codereview.chromium.org/1925063002
Cr-Commit-Position: refs/heads/master@{#35864}
Further refactor the pipeline to even run the first scheduler (part of
the effect control linearization) concurrently. This temporarily
disables most of the write barrier elimination, but we will get back to
that later.
Review-Url: https://codereview.chromium.org/1926023002
Cr-Commit-Position: refs/heads/master@{#35861}
Return the empty string from StringPad if the filler argument is the empty
string, effectively returning the string unchanged in StringPadStart and
StringPadEnd.
```
"foo".padStart(100000, "") -> "foo"
```
BUG=v8:4957, v8:4954
LOG=N
R=littledan@chromium.org
Review-Url: https://codereview.chromium.org/1926773003
Cr-Commit-Position: refs/heads/master@{#35837}
The legacy function declaration locations from Annex B 3.2 and 3.4 do not
apply for generator declarations. This patch cracks down on those usages,
which is tested for by new incoming test262 tests.
BUG=v8:4824
LOG=Y
R=adamk
Review-Url: https://codereview.chromium.org/1900033003
Cr-Commit-Position: refs/heads/master@{#35835}
This is needed by Blink to implement the Custom Elements spec.
BUG=v8:4261
LOG=y
Review-Url: https://codereview.chromium.org/1910253005
Cr-Commit-Position: refs/heads/master@{#35833}
This makes sure that the testing pipeline withing the FunctionTester
class only performs AST analysis and deoptimization preparation when
graphs are generated from the AST (as opposed to from bytecode).
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1928523002
Cr-Commit-Position: refs/heads/master@{#35827}
This is necessary to eventually build a turbofan graph.
BUG=v8:4907
LOG=n
Review URL: https://codereview.chromium.org/1901713003
Cr-Commit-Position: refs/heads/master@{#35820}
Reason for revert:
Creates a spike of OOM(v8) crashers on Win32.
Original issue's description:
> [heap] Uncommit pooled pages concurrently
>
> - Move the concurrent unmapping to MemoryAllocator
> - Hide (private) members where possible
> - MemoryAllocator:Free is now the bottleneck for freeing
> - Pooled pages are either allocated from a set of pooled pages are obtained
> through work stealing from the concurrent unmapper
>
> BUG=chromium:605866, chromium:581412
> LOG=N
>
> Committed: https://crrev.com/2158df87116906160cebc3ad20c97f454822da03
> Cr-Commit-Position: refs/heads/master@{#35797}
TBR=hpayer@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:605866, chromium:581412
Review URL: https://codereview.chromium.org/1925563003
Cr-Commit-Position: refs/heads/master@{#35819}
This commit introduces IgnitionStatisticsExtension, which provides
methods for accessing Ignition statistics and counters from JavaScript.
The extension is registered when FLAG_ignition and
FLAG_trace_ignition_dispatches are both enabled.
For the moment, the only exposed function is
getIgnitionDispatchCounters(), which allows to retrieve Ignition
dispatch counters as a JavaScript object.
BUG=v8:4899
LOG=N
Review URL: https://codereview.chromium.org/1899133004
Cr-Commit-Position: refs/heads/master@{#35816}
Between the miss and patching, we run user code. That may already patch the same code. IC refactoring broke this (again), so including a regression test this time around.
BUG=chromium:601392
LOG=n
Review URL: https://codereview.chromium.org/1925583002
Cr-Commit-Position: refs/heads/master@{#35811}
- Move the concurrent unmapping to MemoryAllocator
- Hide (private) members where possible
- MemoryAllocator:Free is now the bottleneck for freeing
- Pooled pages are either allocated from a set of pooled pages are obtained
through work stealing from the concurrent unmapper
BUG=chromium:605866, chromium:581412
LOG=N
Review URL: https://codereview.chromium.org/1913083002
Cr-Commit-Position: refs/heads/master@{#35797}
This adds a new ignition_turbofan testing variant that'll
allow switching turbofan off in the other ignition variant.
The switch will happen in a follow up after reconfiguring
the bots.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1922623003
Cr-Commit-Position: refs/heads/master@{#35790}
The first version of --harmony-for-in avoided throwing PreParser
errors in order to retain use counting. This patch threads
use_counts_ through to the PreParser to allow use counting in
the PreParser while also throwing errors for this case.
Also slightly refactored the Parser code to do a little less
code duplication.
BUG=v8:4942
LOG=y
Review URL: https://codereview.chromium.org/1913203002
Cr-Commit-Position: refs/heads/master@{#35780}
If the target is deprecated, the object will be updated on first store. If the source for that store equals the target, this will invalidate the cached representation of the source. Preventively upgrade the target.
BUG=chromium:604300
LOG=n
Review URL: https://codereview.chromium.org/1905933002
Cr-Commit-Position: refs/heads/master@{#35770}
These also lower to subgraphs that have to be connected to the effect
and control chains, otherwise removing the atomic regions around heap
allocations would still be unsound.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1916763003
Cr-Commit-Position: refs/heads/master@{#35762}
This will allow to pull in gyp as a deps to the same location
as chromium (tools/gyp not build/gyp), needed for gn switch.
This is the first step of a 3-way move.
1) Copy v8.gyp in v8
2) Update references in embedders (follow up)
3) Remove old v8.gyp (follow up)
BUG=chromium:474921
LOG=n
NOTRY=true
Review URL: https://codereview.chromium.org/1920793002
Cr-Commit-Position: refs/heads/master@{#35760}
Use the FastNewSloppyArgumentsStub in the interpreter when function doesn't have
duplicate parameters.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1909903003
Cr-Commit-Position: refs/heads/master@{#35754}
This allows us to get rid of the "push TruncateFloat64ToInt32 into Phi"
trick that was used in the MachineOperatorReducer to combine the
ChangeTaggedToFloat64 and TruncateFloat64ToInt32 operations. Instead of
doing that later, we can just introduce the proper operator during the
representation selection directly.
Also separate the TruncateFloat64ToInt32 machine operator, which had two
different meanings depending on a flag (either JavaScript truncation or
C++ style round to zero). Now there's a TruncateFloat64ToWord32 which
represents the JavaScript truncation (implemented via TruncateDoubleToI
macro + code stub) and the RoundFloat64ToInt32, which implements the C++
round towards zero operation (in the same style as the other WebAssembly
driven Round* machine operators).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1919513002
Cr-Commit-Position: refs/heads/master@{#35743}
Reason for revert:
Need to fix the #undef logic.
Original issue's description:
> Fix interpreter unittest for embedded constant pools.
>
> The offset from fp to the register file is based on the frame size
> -- which is one slot larger when embedded constant pools are enabled.
>
> TEST=unittests/DecodeBytecodeAndOperands
> R=rmcilroy@chromium.org, bmeurer@chromium.org, oth@chromium.org, mstarzinger@chromium.org
> BUG=
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,oth@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1909323003
Cr-Commit-Position: refs/heads/master@{#35736}
Removes some control edges added from the RawMachineAssembler to the end of the graph.
Adds a parameter that tells the Verifier to ignore effect and control inputs.
Review URL: https://codereview.chromium.org/1912853003
Cr-Commit-Position: refs/heads/master@{#35731}
Refactor the Scope object to automatically enable strict mode when
initialized as a "module" scope, relieving the caller of this
responsibility.
BUG=v8:4941
LOG=N
R=adamk@chromium.org
Review URL: https://codereview.chromium.org/1906923002
Cr-Commit-Position: refs/heads/master@{#35730}
