Move builtin definitions (i.e. BUILTIN_LIST and family) to a separate header
in preparation for auto-generation of TFS interface descriptors.
BUG=v8:6116
Review-Url: https://codereview.chromium.org/2784793002
Cr-Commit-Position: refs/heads/master@{#44221}
This implements support for named captures in
RegExp.prototype[@@replace] for when the replaceValue is not callable.
Named captures can be referenced from replacement strings by using the
"$<name>" syntax. A couple of examples:
let re = /(?<fst>.)(?<snd>.)/u;
"abcd".replace(re, "$<snd>$<fst>") // "bacd"
"abcd".replace(re, "$2$1") // "bacd" (numbered refs work as always)
"abcd".replace(re, "$<snd") // SyntaxError (unterminated named ref)
"abcd".replace(re, "$<42$1>") // "cd" (invalid name)
"abcd".replace(re, "$<thd>") // "cd" (non-existent name)
"abcd".replace(/(?<fst>.)|(?<snd>.)/u, "$<snd>") // "cd" (non-matched capture)
Support is currently behind the --harmony-regexp-named-captures flag.
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2775303002
Cr-Original-Commit-Position: refs/heads/master@{#44171}
Committed: 17f13863b6
Review-Url: https://codereview.chromium.org/2775303002
Cr-Commit-Position: refs/heads/master@{#44182}
Reason for revert:
Invalid DCHECKs for non-matched groups.
Original issue's description:
> [regexp] Named capture support for string replacements
>
> This implements support for named captures in
> RegExp.prototype[@@replace] for when the replaceValue is not callable.
>
> Named captures can be referenced from replacement strings by using the
> "$<name>" syntax. A couple of examples:
>
> let re = /(?<fst>.)(?<snd>.)/u;
> "abcd".replace(re, "$<snd>$<fst>") // "bacd"
> "abcd".replace(re, "$2$1") // "bacd" (numbered refs work as always)
> "abcd".replace(re, "$<snd") // SyntaxError (unterminated named ref)
> "abcd".replace(re, "$<42$1>") // "cd" (invalid name)
> "abcd".replace(re, "$<thd>") // "cd" (non-existent name)
> "abcd".replace(/(?<fst>.)|(?<snd>.)/u, "$<snd>") // "cd" (non-matched capture)
>
> Support is currently behind the --harmony-regexp-named-captures flag.
>
> BUG=v8:5437
>
> Review-Url: https://codereview.chromium.org/2775303002
> Cr-Commit-Position: refs/heads/master@{#44171}
> Committed: 17f13863b6TBR=yangguo@chromium.org,littledan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2776293003
Cr-Commit-Position: refs/heads/master@{#44180}
This implements support for named captures in
RegExp.prototype[@@replace] for when the replaceValue is not callable.
Named captures can be referenced from replacement strings by using the
"$<name>" syntax. A couple of examples:
let re = /(?<fst>.)(?<snd>.)/u;
"abcd".replace(re, "$<snd>$<fst>") // "bacd"
"abcd".replace(re, "$2$1") // "bacd" (numbered refs work as always)
"abcd".replace(re, "$<snd") // SyntaxError (unterminated named ref)
"abcd".replace(re, "$<42$1>") // "cd" (invalid name)
"abcd".replace(re, "$<thd>") // "cd" (non-existent name)
"abcd".replace(/(?<fst>.)|(?<snd>.)/u, "$<snd>") // "cd" (non-matched capture)
Support is currently behind the --harmony-regexp-named-captures flag.
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2775303002
Cr-Commit-Position: refs/heads/master@{#44171}
This implements support for named captures in
RegExp.prototype[@@replace] for when the replaceValue is callable.
In that case, the result.groups object is passed to the replacer
function as the last argument.
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2764343004
Cr-Commit-Position: refs/heads/master@{#44142}
Since we no longer support the ignition-staging configuration
any longer, we can retire the three tier pipeline and the
CompileBaseline functionallity.
We still need support for JSFunction self healing due to
liveedit (which for --no-turbo might end up replacing a
forced Ignition function with a FCG function) - we can
remove this once we remove --no-turbo support.
BUG=v8:4280
Change-Id: I5482abd17785324654e022affd6bdb555b19b181
Reviewed-on: https://chromium-review.googlesource.com/452620
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44141}
Currently BodyDescriptorBase::IterateBodyImpl does a run-time check
for obj->map()->HasFastPointerLayout(), which is redundant for all
non-JSObject heap objects.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2774553003
Cr-Commit-Position: refs/heads/master@{#44111}
The former will handle stores to global variables, lets and undeclared
variables. The latter will handle named stores to explicit receiver.
BUG=chromium:576312, v8:5561
Change-Id: I335fa21db47c3d001da8cc79fa8cb6f8abcbb7e2
Reviewed-on: https://chromium-review.googlesource.com/458639
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44085}
With precise binary code coverage, the reported count is either 0 or 1.
We only report 1 the first time we collect coverage data after the
function has been executed.
Since we do not care about the accurate execution count, we can optimize
the function once it has been executed once.
Also change best effort coverage to be implicitly binary.
R=caseq@chromium.org, jgruber@chromium.org, pfeldman@chromium.org
BUG=v8:5808
Review-Url: https://codereview.chromium.org/2766573003
Cr-Commit-Position: refs/heads/master@{#44074}
Default to the chromium-internal build config (instead of the more
permissive no_chromium_code config).
BUG=v8:5878
Review-Url: https://codereview.chromium.org/2758563002
Cr-Commit-Position: refs/heads/master@{#43909}
The data needed to be modified a bit to actually allow skipping over functions
based on it. In particular, we need to allow skipping over an unknown inner
scope structure (in the previous stage, we just had tests comparing the data
against some baseline truth, so it wasn't needed).
also removing the current "skip functions based on preparse data" logic,
since preparser data is not used any more. At a later stage, I'll consider
plugging the preparser-scope-analysis-data into that pipeline (so I don't want
to remove the full code yet).
Integration to the various forms of compilation is still incomplete; this CL
integrates just enough to get the minimal example to pass:
(function foo() {
function preparsed() {
var var1 = 10;
function skip_me() {
print(var1);
}
return skip_me;
}
return preparsed;
})()()();
BUG=v8:5516
Change-Id: I0d24b4c3b338f7e6b6c3bf7cf2c1ceb29608e2f2
Reviewed-on: https://chromium-review.googlesource.com/446336
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43908}
This CL renames all occurrences of "internal field" to "embedder field"
to prevent confusion. As it turns out, these fields are not internal to
V8, but are actually embedder provided fields that should not be mucked
with by the internal implementation of V8.
Note that WASM does use these fields, and it should not.
BUG=v8:6058
Review-Url: https://codereview.chromium.org/2741683004
Cr-Commit-Position: refs/heads/master@{#43900}
The WasmCompileLazy builtin creates an internal frame, thus the garbage
collector will visit all pointers in the stack frame.
However, we will call this builtin from compiled wasm code, and it
receives raw (untagged) arguments. This is because this builtin is
later exchanged by compiled wasm code, so the ABI needs to be
compatible.
This CL introduces the has_tagged_params code flag, which is true by
default and false for each WASM_FUNCTION, JS_TO_WASM_FUNCTION and
the WasmCompileLazy builtin.
The gargabe collector just ignores the parameters for each frame
whose code object has this flag set to false. For internal frames,
all pointers in the whole stack frame are ignored if the flag is set.
R=titzer@chromium.org, mstarzinger@chromium.org
BUG=v8:5991
Change-Id: I12a15157db344725bcc280e2041fd5bcad2ba700
Reviewed-on: https://chromium-review.googlesource.com/451400
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43884}
This moves most of the logic contained in RegExpExecStub to CSA. Benefits are
mostly easier readability and hackability, and removal of a large chunk of
platform-specific assembly.
Exit frame construction and the final call remain in RegExpExecStub.
BUG=v8:5339,v8:592
Review-Url: https://codereview.chromium.org/2738413002
Cr-Commit-Position: refs/heads/master@{#43844}
That way, we don't need to create a context-less constructor function.
Instead, we use the constructor_or_backpointer (or null) field, and
rename it to constructor_or_fti_or_backpointer so nobody is confused.
Note that technically, we still have JSFunctions without contexts, as
they're temporarily created in the deoptimizer.
BUG=v8:6084
R=dcheng@chromium.org,bmeurer@chromium.org,verwaest@chromium.org
Change-Id: I084f052533c317f2cbfb9c35e1acf40263c6257b
Reviewed-on: https://chromium-review.googlesource.com/454636
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43834}
Marking shared functions for tier-up was optimizing the functions
non-concurrently, to avoid the case where the same shared function is
optimized concurrently by multiple JS functions. This was particularly a
problem for small functions, which (if called in a loop) could get
marked for optimisation quite quickly.
In this CL, the shared function is instead marked as having an active
optimization job running, and these do not spawn a compilation job.
BUG=chromium:693590
BUG=chromium:700863
BUG=chromium:701665
Change-Id: I2b1c5af8e7aa8d779f86814c22c65c78bee0630f
Reviewed-on: https://chromium-review.googlesource.com/455779
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43833}
This reverts commit 822aef290f.
Reason for revert: Makes getters-on-elements flaky on many bots. E.g.:
https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/16848/steps/Check%20-%20isolates%20%28flakes%29/logs/getters-on-elements
Bisected locally and tested with:
tools/run-tests.py --gn --variants=asm_wasm mjsunit/getters-on-elements --isolates --random-seed-stress-count=500
Original change's description:
> [compiler] Mark shared functions which have an optimization job
>
> Marking shared functions for tier-up was optimizing the functions
> non-concurrently, to avoid the case where the same shared function is
> optimized concurrently by multiple JS functions. This was particularly a
> problem for small functions, which (if called in a loop) could get
> marked for optimisation quite quickly.
>
> In this CL, the shared function is instead marked as having an active
> optimization job running, and these do not spawn a compilation job.
>
> BUG=693590
>
> Change-Id: I3df93fbf9cec7eda8229fcf416d7c429c06bec86
> Reviewed-on: https://chromium-review.googlesource.com/446836
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#43778}
TBR=mvstanton@chromium.org,leszeks@chromium.org,hablich@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=693590
Change-Id: If7dbdf3de302ec595c44e7f4795554db7674f22f
Reviewed-on: https://chromium-review.googlesource.com/454042
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43787}
Marking shared functions for tier-up was optimizing the functions
non-concurrently, to avoid the case where the same shared function is
optimized concurrently by multiple JS functions. This was particularly a
problem for small functions, which (if called in a loop) could get
marked for optimisation quite quickly.
In this CL, the shared function is instead marked as having an active
optimization job running, and these do not spawn a compilation job.
BUG=693590
Change-Id: I3df93fbf9cec7eda8229fcf416d7c429c06bec86
Reviewed-on: https://chromium-review.googlesource.com/446836
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43778}
In Isolate::CaptureSimpleStackTrace, we were ignoring interpreter entry
frames so far. This CLs changes this to gets the interpreted stack from
the wasm interpreter and add the frames to the FrameArray.
R=ahaas@chromium.org, titzer@chromium.org
BUG=v8:5822
Change-Id: I705909532ff28af412ff809da94522866eaa1c0d
Reviewed-on: https://chromium-review.googlesource.com/452378
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43772}
As the code isn't used, but would have to be ported from hand-written
assembly to CodeStubAssembler anyways, I propose to remove it and
restore it if we decide that we actually need it.
R=vogelheim@chromium.org
BUG=
Change-Id: Iffd7fc6ec534b1dd7a9144da900424355c8a7a02
Reviewed-on: https://chromium-review.googlesource.com/453461
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43763}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Original-Commit-Position: refs/heads/master@{#43523}
Committed: a5af7fe9ee
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Commit-Position: refs/heads/master@{#43755}
Committed: 338622d7ca
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43759}
Reason for revert:
ASAN breakage, such as https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/19111/steps/Check/logs/grow-memory
Original issue's description:
> [wasm] Initial signal handler
>
> This is basically the minimum viable signal handler for Wasm bounds checks.
> It includes the TLS check and the fine grained instructions checks. These
> two checks provide most of the safety for the signal handler. Future CLs will
> add code range and data range checks for more robustness.
>
> The trap handling code and data structures are all in src/trap-handler, with
> the code that actually runs in the signal handler confined to
> src/trap-handler/signal-handler.cc.
>
> This changes adds a new V8 API that the embedder should call from a signal
> handler that will give V8 the chance to handle the fault first. For hosts that
> do not want to implement their own signal handler, we include the option to
> install a simple one. This simple handler is also used for the tests.
>
> When a Wasm module is instantiated, information about each function is passed
> to the trap handler, which is used to classify faults. These are removed during
> the instance finalizer.
>
> Several future enhancements are planned before turning this on by default.
> Obviously, the additional checks will be added to MaybeHandleFault. We are
> also planning to add a two-level CodeObjectData table that is grouped by
> isolates to make cleanup easier and also reduce potential for contending on
> a single data structure.
>
> BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
>
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Original-Commit-Position: refs/heads/master@{#43523}
> Committed: a5af7fe9ee
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Commit-Position: refs/heads/master@{#43755}
> Committed: 338622d7caTBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2744383002
Cr-Commit-Position: refs/heads/master@{#43757}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Commit-Position: refs/heads/master@{#43523}
Committed: a5af7fe9ee
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43755}
Reason for revert:
Breaks tree, i.e. https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/18928/steps/Check/logs/grow-memory
Original issue's description:
> [wasm] Initial signal handler
>
> This is basically the minimum viable signal handler for Wasm bounds checks.
> It includes the TLS check and the fine grained instructions checks. These
> two checks provide most of the safety for the signal handler. Future CLs will
> add code range and data range checks for more robustness.
>
> The trap handling code and data structures are all in src/trap-handler, with
> the code that actually runs in the signal handler confined to
> src/trap-handler/signal-handler.cc.
>
> This changes adds a new V8 API that the embedder should call from a signal
> handler that will give V8 the chance to handle the fault first. For hosts that
> do not want to implement their own signal handler, we include the option to
> install a simple one. This simple handler is also used for the tests.
>
> When a Wasm module is instantiated, information about each function is passed
> to the trap handler, which is used to classify faults. These are removed during
> the instance finalizer.
>
> Several future enhancements are planned before turning this on by default.
> Obviously, the additional checks will be added to MaybeHandleFault. We are
> also planning to add a two-level CodeObjectData table that is grouped by
> isolates to make cleanup easier and also reduce potential for contending on
> a single data structure.
>
> BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
>
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Commit-Position: refs/heads/master@{#43523}
> Committed: a5af7fe9eeTBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org,eholk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2723133003
Cr-Commit-Position: refs/heads/master@{#43525}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43523}
This will be useful for sharing the implementation with
SharedArrayBuffer.prototype.slice.
BUG=v8:5897
Review-Url: https://codereview.chromium.org/2697013009
Cr-Commit-Position: refs/heads/master@{#43503}
BUG=v8:6022
Change-Id: I54205cb3ecc2dd31ed62e55726f0ec5fcd202c30
Reviewed-on: https://chromium-review.googlesource.com/446349
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43500}
This is more useful than always returning undefined.
BUG=v8:1569,v8:5978
Change-Id: Id10cf87f7865db1a85de412460eaead4e4bf3b62
Reviewed-on: https://chromium-review.googlesource.com/446846
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43498}
The order in which things were done wasn't quite correct and lead
to wrong behaviour for certain circular module graphs.
BUG=v8:1569,chromium:694566
Change-Id: I291186e261268c853a30ad891ff362904e0b28ef
Reviewed-on: https://chromium-review.googlesource.com/447399
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43497}
- If no comparison function is given for %TypedArray%.prototype.sort,
sort the typedarray using std::sort in C++. This gets 20 times more
benchmark score in Float64Array.
- Move ValidateTypedArray in builtin-typedarray.cc to static inline
method of JSTypedArray class.
BUG=v8:5953
Review-Url: https://codereview.chromium.org/2693043009
Cr-Commit-Position: refs/heads/master@{#43427}
During concurrent marking we need special handling of object layout
changes that remove tagged in-object fields or replaces them with
untagged in-object fields.
This patch adds a function for notifying object layout changes and
verification code that is triggered on each map change in runtime.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2702303002
Cr-Commit-Position: refs/heads/master@{#43342}
For functions declared in source code, the .toString() representation
will be an excerpt of the source code.
* For functions declared with the "function" keyword, the excerpt
starts at the "function" or "async" keyword and ends at the final "}".
The previous behavior would start the excerpt at the "(" of the
parameter list, and prepend a canonical `"function " + name` or
similar, which would discard comments and formatting surrounding the
function's name. Anonymous functions declared as function expressions
no longer get the name "anonymous" in their toString representation.
* For methods, the excerpt starts at the "get", "set", "*" (for
generator methods), or property name, whichever comes first.
Previously, the toString representation for methods would use a
canonical prefix before the "(" of the parameter list. Note that any
"static" keyword is omitted.
* For arrow functions and class declarations, the excerpt is unchanged.
For functions created with the Function, GeneratorFunction, or
AsyncFunction constructors:
* The string separating the parameter text and body text is now
"\n) {\n", where previously it was "\n/*``*/) {\n" or ") {\n".
* At one point, newline normalization was required by the spec here,
but that was removed from the spec, and so this CL does not do it.
Included in this CL is a fix for CreateDynamicFunction parsing. ')'
and '`' characters in the parameter string are no longer disallowed,
and Function("a=function(", "}){") is no longer allowed.
BUG=v8:4958, v8:4230
Review-Url: https://codereview.chromium.org/2156303002
Cr-Commit-Position: refs/heads/master@{#43262}
... and don't clear ICs during GC. The IC clearing used to prevent memory
leaks but it's not necessary anymore because all the handlers that need
to embed objects already use weak cells.
This CL unblocks inlining of IC dispatchers into bytecode handlers.
BUG=v8:5917
Change-Id: I229b9ba8dba44f431dfbe8ac5370d855e3e84dd6
Reviewed-on: https://chromium-review.googlesource.com/442127
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43209}
It's needed by code-stubs.h and it was defined in objects-inl.h.
That cannot work without violating the include rules.
BUG=v8:5402
R=mstarzinger@chromium.org
Change-Id: Icb84b97de5622df8cf76e9fc4d117982901c99d9
Reviewed-on: https://chromium-review.googlesource.com/441845
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43195}
Use private symbols to mark default promise handler, instead of calling out to default
handlers defined in JS. We check for this symbol in PromiseHandle and perform the
appropriate behavior as the default handlers.
Catch prediction logic is updated to account for a symbol.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2695593002
Cr-Commit-Position: refs/heads/master@{#43135}
Removes handles from bytecode generation, instead storing
un-internalized AstValues (and other, similar values such as Scopes and
AstRawStrings) in the constant array builder.
This will allow us in the future to generate the bytecode before
internalizing the AST.
BUG=v8:5832
Change-Id: I3b8be8f7329a484eb1e5d12808b001d3475239da
Reviewed-on: https://chromium-review.googlesource.com/439326
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43115}
Collecting precise invocation counts need to be explicitly
enabled. Once enabled, we disable optimization (optimized
code does not increment invocation count, and may inline
callees), and make sure feedback vectors interesting for
code coverage is not garbage-collected.
R=hpayer@chromium.org, jgruber@chromium.org
BUG=v8:5808
Review-Url: https://codereview.chromium.org/2686063002
Cr-Commit-Position: refs/heads/master@{#43082}
This CL includes runtime and IC parts of the tracking. It is controlled by
compile-time flag FLAG_constant_field_tracking and currently disabled.
Transition from kConst to kMutable still involves map deprecation.
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2598543003
Cr-Commit-Position: refs/heads/master@{#43081}
Installing a feedback vector in a closure is a multi-step process.
The closure actually points to a Cell that points to a feedback
vector or undefined if we haven't created one yet.
This happens because we often create closures before we've compiled
the code.
JSFunction::EnsureLiterals is the bottleneck in our system that
creates a feedback vector if necessary. The predicates it used to
determine what to do were arcane. This CL allows it to think it
terms of state, and clarifies the reading of that useful
bottleneck.
I also did a few renamings in parts of the code that referred
to a "literals array," which we don't have any more.
BUG=
Review-Url: https://codereview.chromium.org/2681773004
Cr-Commit-Position: refs/heads/master@{#43035}
Now we can inline vector-based IC dispatchers to bytecode handlers.
BUG=v8:5917
Change-Id: Ie81750f252a730240097e514e69b348f410a48b7
Reviewed-on: https://chromium-review.googlesource.com/439265
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43028}
... and TypeFeedbackMetadata to FeedbackMetadata.
BUG=
Change-Id: I2556d1c2a8f37b8cf3d532cc98d973b6dc7e9e6c
Reviewed-on: https://chromium-review.googlesource.com/439244
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#42999}
- entries preview available even if debugger agent is disabled,
- less deprecated mirrors usage in debugger-script.js
- no usage of debugger context - zero probability of leaking it.
- better test coverage.
BUG=v8:5510
R=yangguo@chromium.org,jgruber@chromium.org,alph@chromium.org,luoe@chromium.org
Review-Url: https://codereview.chromium.org/2672213002
Cr-Commit-Position: refs/heads/master@{#42978}
This adapts the inlining logic to allow for inlining based solely on a
statically known underlying SharedFunctionInfo instead of a concrete
closure of the call target.
In cases where the closure is known, its bound context is constant
promoted just as before. In the new cases where only the SFI for an
entire class of closures is known, we use the dynamic SSA-value of the
bound context.
R=bmeurer@chromium.org
BUG=v8:2206
Review-Url: https://codereview.chromium.org/2626783003
Cr-Commit-Position: refs/heads/master@{#42968}
TypeFeedbackVectors are strongly rooted by a closure. However, in modern
JavaScript closures are created and abandoned more freely. An important
closure may not be present in the root-set at time of garbage collection,
even though we've cached optimized code and use it regularly. For
example, consider leaf functions in an event dispatching system. They may
well be "hot," but tragically non-present when we collect the heap.
Until now, we've relied on a weak root to cache the feedback vector in
this case. Since there is no way to signal intent or relative importance,
this weak root is as susceptible to clearing as any other weak root at
garbage collection time.
Meanwhile, the feedback vector has become more important. All of our
ICs store their data there. Literal and regex boilerplates are stored there.
If we lose the vector, then we not only lose optimized code built from
it, we also lose the very feedback which allowed us to create that optimized
code. Therefore it's vital to express that dependency through the root
set.
This CL does this by creating a strong link to a feedback
vector at the instantiation site of the function closure.
This instantiation site is in the code and feedback vector
of the outer closure.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2674593003
Cr-Commit-Position: refs/heads/master@{#42953}
We don't need Code::CALL_IC for anything now that the CallICStub is
migrated and no longer hooks into the traditional IC system.
R=yangguo@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2669193002
Cr-Commit-Position: refs/heads/master@{#42890}
They have the same lifetime. It's a match!
Both structures are native context dependent and dealt with (creation,
clearing, gathering feedback) at the same time. By treating the spaces used
for literal boilerplates as feedback vector slots, we no longer have to keep
track of the materialized literal count elsewhere.
A follow-on CL removes even more parser infrastructure related to this count.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2655853010
Cr-Commit-Position: refs/heads/master@{#42771}
- kDebugPromiseCreated(task, parent_task)
This event occurs when promise is created (PromiseHookType::Init). V8Debugger uses this event to maintain task -> parent task map.
- kDebugEnqueueAsyncFunction(task)
This event occurs when first internal promise for async function is created. V8Debugger collects stack trace at this point.
- kDebugEnqueuePromiseResolve(task),
This event occurs when Promise fulfills with resolved status. V8Debugger collects stack trace at this point.
- kDebugEnqueuePromiseReject(task),
This event occurs when Promise fulfills with rejected status. V8Debugger collects stack trace at this point.
- kDebugPromiseCollected,
This event occurs when Promise is collected and no other chained callbacks can be added. V8Debugger removes information about async task for this promise.
- kDebugWillHandle,
This event occurs when chained promise function (either resolve or reject handler) is called. V8Debugger installs parent promise's stack (based on task -> parent_task map) as current if available or current promise's scheduled stack otherwise.
- kDebugDidHandle,
This event occurs after chained promise function has finished. V8Debugger restores asynchronous call chain to previous one.
With this change all instrumentation calls are related to current promise (before WillHandle and DidHandle were related to next async task).
Before V8Debugger supported only the following:
- asyncTaskScheduled(task1)
- asyncTaskStarted(task1)
- asyncTaskFinished(task1)
Now V8Debugger supports the following:
- asyncTaskScheduled(parent_task)
..
- asyncTaskCreated(task, parent_task),
- asyncTaskStarted(task), uses parent_task scheduled stack
- asyncTaskScheduled(task)
- asyncTaskFinished(task)
Additionally: WillHandle and DidHandle were migrated to PromiseHook API.
More details: https://docs.google.com/document/d/1u19N45f1gSF7M39mGsycJEK3IPyJgIXCBnWyiPeuJFE
BUG=v8:5738
R=dgozman@chromium.org,gsathya@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2650803003
Cr-Commit-Position: refs/heads/master@{#42644}
V8 has internal mechanism to ignore steps and breaks inside internal scripts, in this CL it's reused for blackboxing implementation.
Advantages:
- much faster blackboxing implementation (before we at least wrap and collect current call stack for each step),
- get rid of StepFrame action and potential pause in blackboxed code after N StepFrame steps,
- simplification of debugger agent logic.
Disadvtanges:
- currently when user was paused in blackboxed code (e.g. on breakpoint) and then makes step action, debugger ignores blackboxed state of the script and allows to use step actions as usual - this behavior is regressed, we still able to support it on frontend side.
Current state and proposed changes for blackboxing: https://docs.google.com/document/d/1hnzaXPAN8_QC5ENxIgxgMNDbXLraM_OXT73rAyijTF8/edit?usp=sharing
BUG=v8:5842
R=yangguo@chromium.org,dgozman@chromium.org,alph@chromium.org
Review-Url: https://codereview.chromium.org/2633803002
Cr-Commit-Position: refs/heads/master@{#42614}
Manipulating the signaling NaN used for the hole and uninitialized double
field sentinel in C++, e.g. with bit_cast or HeapNumber::value()/set_value(),
will change its value on ia32 (the x87 stack is used to return values and
stores to the stack silently clear the signalling bit).
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2652553003
Cr-Commit-Position: refs/heads/master@{#42609}
We are planning to add a few more debugger related bits, and are running
out of compiler hints bits. The new bit field is going to be part of the
debug info struct. If the debug info is not available, we store the bit
field in its place on the shared function info.
Review-Url: https://codereview.chromium.org/2649873002
Cr-Commit-Position: refs/heads/master@{#42594}
Convert strings to numbers if possible in the runtime call and store
in excluded property list.
BUG=v8:5549
Review-Url: https://codereview.chromium.org/2639333004
Cr-Commit-Position: refs/heads/master@{#42581}
Allocate space in the backing store for computed property names.
The property backing store was pre-allocated for the constant
properties up to the first non-constant (computed name) property.
To use lowering for storing data properties in literals
with computed property names effectively, a fast store is needed, i.e.,
available space in the property backing store for properties
with computed names.
backing_store_size is the number of all properties (including
computed names, but without __proto__)
that is calculated in the ast and passed to the runtime function that allocates
the property backing store. backing_store_size and
constant_properties constitute a BoilerplateDescription.
backing_store_size might be slightly too high because computed names
can evaluate to the same name, but that should be a rare
case so over-allocating is OK.
If a property is __proto__, we don't store it as a regular
property, because the map changes. Keep track of
has_seen_proto in the parser to calculate the
backing store size correctly.
BUG=v8:5625
Review-Url: https://codereview.chromium.org/2632503003
Cr-Commit-Position: refs/heads/master@{#42576}
Let the Typer assign proper types to Map, Set, WeakMap and WeakSet
builtins. Also assign a proper type to Array.isArray, Object.assign
and Object.create.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2640783006
Cr-Commit-Position: refs/heads/master@{#42535}
Also update a call in cctest to check the result.
BUG=chromium:681843
Review-Url: https://codereview.chromium.org/2647573003
Cr-Commit-Position: refs/heads/master@{#42513}
Since the script origin is part of the key used in the compilation
cache, this ensures that the cache never confuses a module with a
non-module script.
BUG=v8:1569,v8:5685
Review-Url: https://codereview.chromium.org/2611643002
Cr-Commit-Position: refs/heads/master@{#42490}
A future linear version of the hash table will only need the element count and
deleted element count. Hence moving them to the beginning of the underlying
fixed array makes the transition easier.
BUG=v8:5717
Review-Url: https://codereview.chromium.org/2630373002
Cr-Commit-Position: refs/heads/master@{#42459}
This rewrites the rest property into a runtime call which sets up the
correct properties in the newly created object.
- Changes flag to --harmony-object-rest-spread
- Changes pattern rewriter to desugar rest property
- Adds new runtime function CopyDataPropertiesWithExcludedProperties
BUG=v8:5549
Review-Url: https://codereview.chromium.org/2620943002
Cr-Commit-Position: refs/heads/master@{#42430}
In the ideal case, this will speed up Object.create(null) by ~10x.
Drive-by-fix: Spread usage of new IsSpecialReceiverMap() and
IsSpecialReceiverInstanceType(InstanceType) helpers.
BUG=v8:5788
Review-Url: https://codereview.chromium.org/2622723003
Cr-Commit-Position: refs/heads/master@{#42336}
In the ideal case, this will speed up Object.create(null) by ~10x.
Drive-by-fix: Spread usage of new IsSpecialReceiverMap() and
IsSpecialReceiverInstanceType(InstanceType) helpers.
BUG=v8:5788
Review-Url: https://codereview.chromium.org/2622723003
Cr-Commit-Position: refs/heads/master@{#42321}
Before, in `var p1 = p.then(() => {}) we would trigger the
before/after callbacks with p as the associated promise, but we must
call it with p1.
Also removes promise from PromiseReactionJobInfo.
Review-Url: https://codereview.chromium.org/2633443002
Cr-Commit-Position: refs/heads/master@{#42295}
The constant field tracking implies data constants to be stored
in fields instead of descriptor arrays. This CL does necessary
modifications to the JSModuleNamespace map setup.
BUG=v8:1569, v8:5495
Review-Url: https://codereview.chromium.org/2625093005
Cr-Commit-Position: refs/heads/master@{#42294}
This is a necessary cleanup before introducing PropertyConstness bit.
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2624903003
Cr-Commit-Position: refs/heads/master@{#42277}
Reason for revert:
Blocks roll, ASan detects leaking ExternalStrings.
Original issue's description:
> Internalize strings in-place (reland^2)
>
> using newly introduced ThinStrings, which store a pointer to the actual,
> internalized string they represent.
>
> BUG=v8:4520
>
> (Previously landed as #42168 / af51befe69)
> (Previously landed as #42193 / 4c699e349a)
>
> Review-Url: https://codereview.chromium.org/2549773002
> Cr-Commit-Position: refs/heads/master@{#42235}
> Committed: ec45e6ed2eTBR=ishell@chromium.org,hpayer@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4520
Review-Url: https://codereview.chromium.org/2626893005
Cr-Commit-Position: refs/heads/master@{#42271}
Literal arrays and feedback vectors for a function can be garbage
collected if we don't have a rooted closure for the function, which
happens often. It's expensive to come back from this (recreating
boilerplates and gathering feedback again), and the cost is
disproportionate if the function was inlined into optimized code.
To guard against losing these arrays when we need them, we'll now
create literal arrays when creating the feedback vector for the outer
closure, and root them strongly in that vector.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2620753003
Cr-Original-Commit-Position: refs/heads/master@{#42258}
Committed: 3188780410
Review-Url: https://codereview.chromium.org/2620753003
Cr-Commit-Position: refs/heads/master@{#42264}
Reason for revert:
gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/8105
also on mac
Original issue's description:
> [TypeFeedbackVector] Root literal arrays in function literals slots
>
> Literal arrays and feedback vectors for a function can be garbage
> collected if we don't have a rooted closure for the function, which
> happens often. It's expensive to come back from this (recreating
> boilerplates and gathering feedback again), and the cost is
> disproportionate if the function was inlined into optimized code.
>
> To guard against losing these arrays when we need them, we'll now
> create literal arrays when creating the feedback vector for the outer
> closure, and root them strongly in that vector.
>
> BUG=v8:5456
>
> Review-Url: https://codereview.chromium.org/2620753003
> Cr-Commit-Position: refs/heads/master@{#42258}
> Committed: 3188780410TBR=bmeurer@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,mvstanton@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2626863004
Cr-Commit-Position: refs/heads/master@{#42260}
Literal arrays and feedback vectors for a function can be garbage
collected if we don't have a rooted closure for the function, which
happens often. It's expensive to come back from this (recreating
boilerplates and gathering feedback again), and the cost is
disproportionate if the function was inlined into optimized code.
To guard against losing these arrays when we need them, we'll now
create literal arrays when creating the feedback vector for the outer
closure, and root them strongly in that vector.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2620753003
Cr-Commit-Position: refs/heads/master@{#42258}
using newly introduced ThinStrings, which store a pointer to the actual,
internalized string they represent.
BUG=v8:4520
(Previously landed as #42168 / af51befe69)
(Previously landed as #42193 / 4c699e349a)
Review-Url: https://codereview.chromium.org/2549773002
Cr-Commit-Position: refs/heads/master@{#42235}
and rename WasmFrame to WasmCompiledFrame.
The WasmToInterpreterFrames are not used yet; this will follow in a
follow-up CL (see tracking bug for the overall picture).
Those frames will represent frames for WASM_TO_INTERPRETER stubs, which
call from wasm code to the wasm interpreter, implemented in C++.
They will support the Summarize method to inspect the stack frames in
the wasm interpreter.
R=yangguo@chromium.org, titzer@chromium.org
BUG=v8:5822
Review-Url: https://codereview.chromium.org/2623773004
Cr-Commit-Position: refs/heads/master@{#42213}
Reason for revert:
blocks roll, see: https://codereview.chromium.org/2628733002/
Debug mode runs into an Abort("External string expected, but not found").
Original issue's description:
> Internalize strings in-place (reland)
>
> using newly introduced ThinStrings, which store a pointer to the actual,
> internalized string they represent.
>
> BUG=v8:4520
>
> (Previously landed as #42168 / af51befe69.
>
> Review-Url: https://codereview.chromium.org/2549773002
> Cr-Commit-Position: refs/heads/master@{#42193}
> Committed: 4c699e349aTBR=ishell@chromium.org,hpayer@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4520
Review-Url: https://codereview.chromium.org/2625073002
Cr-Commit-Position: refs/heads/master@{#42212}
using newly introduced ThinStrings, which store a pointer to the actual,
internalized string they represent.
BUG=v8:4520
(Previously landed as #42168 / af51befe69.
Review-Url: https://codereview.chromium.org/2549773002
Cr-Commit-Position: refs/heads/master@{#42193}
Including a fix: object-macros.h needs to be the last include: otherwise
we'll have a problem when a file does this:
#include "object-macros.h"
#include "x.h" // x.h also includes object-macros.h
BUG=v8:5402
Review-Url: https://codereview.chromium.org/2623573003
Cr-Commit-Position: refs/heads/master@{#42187}
... including property reconfiguring, elements kind change and migration
of a map to an up-to-date non-deprecated version.
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2601643002
Cr-Commit-Position: refs/heads/master@{#42177}
using newly introduced ThinStrings, which store a pointer to the actual,
internalized string they represent.
BUG=v8:4520
Review-Url: https://codereview.chromium.org/2549773002
Cr-Commit-Position: refs/heads/master@{#42168}
The pattern IsNull(isolate) || IsUndefined(isolate) is used in many places all
over the code base.
Review-Url: https://codereview.chromium.org/2601503002
Cr-Commit-Position: refs/heads/master@{#42138}
This patch adds parsing of spread object property.
-- Changes ParsePropertyName to parse Token::ELLIPSIS.
-- Throws if rest is encountered by setting a pattern error.
-- Adds a new PropertyKind enum (SPREAD)
-- Adds a new ObjectLiteralProperty::kind (SPREAD)
-- Adds a new harmony-object-spread flag and protects the parser code
with it.
-- Adds a new runtime function called CopyDataProperties
-- Does not add any support for this feature in fullcodegen.
-- Ignition calls out to a runtime function CopyDataProperties to
perform spread operation.
-- Move FastAssign from builtins-objects.cc to objects.cc
-- Refactor Builtin_ObjectAssign to use SetOrCopyDataProperties
Object rest will be implemented in a follow on patch.
BUG=v8:5549
Review-Url: https://codereview.chromium.org/2606833002
Cr-Commit-Position: refs/heads/master@{#42102}
-- Removes remaning debug from promise.js and moves it to c++
-- Changes debug_id to be a smi in PromiseReactionJobInfo and
PromiseResolveThenableJobInfo.
-- Changes debug_name to be a smi in PromiseReactionJobInfo and
PromiseResolveThenableJobInfo.
-- Adds PromiseDebugActionName and PromiseDebugActionType enums
-- Adds PromiseDebugActionNameToString and
PromiseDebugActionTypeToString helper methods
-- Changes variable `status` to be int in runtime functions.
-- Changes debug_id to start from 1, not 0 for easier bookkeeping.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2606093002
Cr-Commit-Position: refs/heads/master@{#42052}
Migrate Date.prototype.valueOf and Date.prototype[ @@toPrimitive ]
to use the CodeStubAssembler, to avoid going through C++ always
when comparing or subtracting two dates.
R=epertoso@chromium.org
Review-Url: https://codereview.chromium.org/2608143003
Cr-Commit-Position: refs/heads/master@{#42030}
- Adds CodeAssembler::ConstructJS() to simplify calling JS functions as
constructors, used by NewPromiseCapability()
- Defines PromiseCapability as a special JSObject subclass, with a
non-exensible Map, and read-only non-configurable DataDescriptors which
point to its in-object fields. This allows its fields to be used by JS
builtins until there is no longer any need.
Currently, the performance benefit comes from
https://codereview.chromium.org/2567033003/, but does not appear to
regress performance in any significant way.
BUG=v8:5343
TBR=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2567333002
Cr-Commit-Position: refs/heads/master@{#42014}
This patch stores the promise, resolve, reject properties of the
deferred object created by CreateInternalPromiseCapability and
NewPromiseCapability directly on the promise (if the promise hasn't
been fulfilled), otherwise they are stored on the
PromiseReactionJobInfo.
This patch removes the currently unused
CreateInternalPromiseCapability and inlines the call to create the
deferred promise object.
NewPromiseCapability is the only function that works with a deferred.
This patch results in a 8.5% improvement in benchmarks over 5 runs.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2590563003
Cr-Commit-Position: refs/heads/master@{#41991}
In certain corner-cases we would grow a FAST_ELEMENTS packed backing store of a
JS_ARGUMENTS_TYPE object without converting to holey elements kinds. As a side
effect you could then read out the_hole.
BUG=v8:5772
Review-Url: https://codereview.chromium.org/2597013004
Cr-Commit-Position: refs/heads/master@{#41921}
Reason for revert:
Speculative revert because of blocked roll: https://codereview.chromium.org/2596013002/
Original issue's description:
> [TypeFeedbackVector] Root literal arrays in function literals slots
>
> Literal arrays and feedback vectors for a function can be garbage
> collected if we don't have a rooted closure for the function, which
> happens often. It's expensive to come back from this (recreating
> boilerplates and gathering feedback again), and the cost is
> disproportionate if the function was inlined into optimized code.
>
> To guard against losing these arrays when we need them, we'll now
> create literal arrays when creating the feedback vector for the outer
> closure, and root them strongly in that vector.
>
> BUG=v8:5456
>
> Review-Url: https://codereview.chromium.org/2504153002
> Cr-Commit-Position: refs/heads/master@{#41893}
> Committed: 93df094081TBR=bmeurer@chromium.org,mlippautz@chromium.org,mvstanton@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2597163002
Cr-Commit-Position: refs/heads/master@{#41917}
This CL includes several small bug fixes for trap handlers. Among the changes:
* Use the correct representation for ProtectedLoads, enabling protected loads of
floating point types.
* Including the protected instruction list in what gets serialized for Code
objects. This is needed to allow deserialization for Wasm modules to work.
* Get the context needed to through and exception from the Isolate rather than
getting it as a parameter to the Protected instructions. Passing it in as an
argument is problematic when code is compiled ahead of time, as the context
may not be known yet. The new approach is similar to how it works for TrapIf
and TrapUnless.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2591903002
Cr-Commit-Position: refs/heads/master@{#41907}
Literal arrays and feedback vectors for a function can be garbage
collected if we don't have a rooted closure for the function, which
happens often. It's expensive to come back from this (recreating
boilerplates and gathering feedback again), and the cost is
disproportionate if the function was inlined into optimized code.
To guard against losing these arrays when we need them, we'll now
create literal arrays when creating the feedback vector for the outer
closure, and root them strongly in that vector.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2504153002
Cr-Commit-Position: refs/heads/master@{#41893}
Add inlineable fast-paths for Object::ToPropertyKey, Object::ToLength and
Object::ToIndex for the most common argument types.
BUG=
Review-Url: https://codereview.chromium.org/2587013002
Cr-Commit-Position: refs/heads/master@{#41856}
Add inlineable fast-paths for Object::ToPropertyKey, Object::ToLength and
Object::ToIndex for the most common argument types.
BUG=
Review-Url: https://codereview.chromium.org/2587013002
Cr-Commit-Position: refs/heads/master@{#41839}
STRUCT_LIST and INSTANCE_TYPE_LIST are now forced to have the same order
as the InstanceType enum.
Drive-by-fix 1: Move type check and cast functions closer together in objects-inl.h
Drive-by-fix 2: Remove unused instance types SIGNATURE_INFO_TYPE and TYPE_SWITCH_INFO_TYPE.
BUG=
Review-Url: https://codereview.chromium.org/2578573002
Cr-Commit-Position: refs/heads/master@{#41804}
This CL adds inlineable fast-cases for the above conversion functions in
objects-inl.h and a slower conversion function in objects.cc.
BUG=
Review-Url: https://codereview.chromium.org/2579023002
Cr-Commit-Position: refs/heads/master@{#41766}
Many websites use simple calls to String.prototype.indexOf with either a
one character ASCII needle or needles bigger than the search string. This
CL adds a TFJ builtin for these simple cases, giving up to factor 5 speedup.
Drive-by-fix: Add default Object type to Arguments.at
BUG=
Review-Url: https://codereview.chromium.org/2539093002
Cr-Commit-Position: refs/heads/master@{#41760}
This introduces an explicit struct for the communication channel between
the {ArrayLiteral} AST node and the corresponding runtime methods. Those
methods take a pair of {ElementsKind} as well as an array (can either be
a FixedArray or a FixedDoubleArray) of constant values.
For bonus points it also reduces the size of the involved heap object by
one word (i.e. length field of FixedArray not needed anymore).
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2581683003
Cr-Commit-Position: refs/heads/master@{#41752}
Reason for revert:
LiveEdit is broken in some cases.
Original issue's description:
> Store SharedFunctionInfos of a Script in a FixedArray indexed by their ID
>
> Now that SharedFunctionInfos have a unique ID (and the IDs are dense),
> we can use them as an index into an array, instead of using a
> WeakFixedArray where we have to do a linear scan.
>
> Hooking up liveedit is a bit more involved, see
> https://docs.google.com/presentation/d/1FtNa3U7WsF5bPhY9uGoJG5Y9hnz5VBDabfOWpb4unWI/edit
> for an overview
>
> BUG=v8:5589
> R=verwaest@chromium.org,jgruber@chromium.org
>
> Committed: https://crrev.com/6595e7405769dc9d49e9568d61485efc6d468baf
> Cr-Commit-Position: refs/heads/master@{#41600}
TBR=jgruber@chromium.org,verwaest@chromium.org,yangguo@chromium.org,jochen@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5589,chromium:673950
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2578433002
Cr-Commit-Position: refs/heads/master@{#41684}
Splits PromiseHandle into two TF builtins to account for catch
prediction. An exception in PromiseHandleReject builtin results in a
"caught" prediction whereas an expception in PromiseHandle results in a
"promise rejection" prediction.
An extra is_exception_caught bit is added to Code to mark this catch
prediction behavior.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2572623002
Cr-Commit-Position: refs/heads/master@{#41683}
