Takes too long on bots to run
Bug:
Change-Id: Ia99717fe943ff6437497425abd3a3cb9999d7564
Reviewed-on: https://chromium-review.googlesource.com/746533
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#49055}
When closing untagged template string literals, create a single n-ary
addition operation, instead of a tree of binary operations.
As a clean-up, this also entirely removes the "second" field from n-ary
operations. This was proving to be too confusing an API when building
an n-ary operation incrementally from a single expression (rather than
converting a binary operation).
Bug: v8:6964
Change-Id: I8f2a395d413cf345bab0a1a347b47f412cde83b1
Reviewed-on: https://chromium-review.googlesource.com/739821
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49054}
Also replaced kTrue/kFalse with a kBoolean type, and remove now-unused
IsTypeX() methods (leaving ones that are called frequently).
Bug: v8:6984
Change-Id: I0cbffc37efaa391981d8dce564051ce43257ed8a
Reviewed-on: https://chromium-review.googlesource.com/745023
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49053}
We have a check on maximum number of levels that can be inlined. This
in some cases causes performance cliffs, when we cannot inline a small
function because it has exceeded the number of levels. This cl removes
that check. The intuition is that, having gone down several levels in
a particular line stopping inlining that chain and exploring a new
call site may not be beneficial. This cl also introduces a absolute
limit on the number of nodes that can be inlined (including the small
functions).
Bug: v8:6871, chromium:779509
Change-Id: Id29639ff2fd85b84d8746da3fb78a82d4e9852e8
Reviewed-on: https://chromium-review.googlesource.com/743727
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49050}
This adds support to the KeyedLoadIC to ignore out of bounds accesses
for Strings and return undefined instead. We add a dedicated bit to the
Smi handler to encode the OOB state and have TurboFan generate appropriate
code for that case as well. This is mostly useful when programs
accidentially access past the length of a string, which was observed and
fixed for example in Babel recently, see
https://github.com/babel/babel/pull/6589
for details. The idea is to also extend this mechanism to Arrays and
maybe other receivers, as reading beyond the length is also often used
in jQuery and other popular libraries.
Note that this is considered a mitigation for a performance cliff and
not a general optimization of OOB accesses. These should still be
avoided and handled properly instead.
This seems to further improve the babel test on the web-tooling-benchmark
by around 1%, because the OOB access no longer turns the otherwise
MONOMORPHIC access into MEGAMORPHIC state.
Bug: v8:6936, v8:7014
Change-Id: I9df03304e056d7001a65da8e9621119f8e9bb55b
Reviewed-on: https://chromium-review.googlesource.com/744022
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49049}
This both simplifies the code, and brings it in-line with
what we need for wasm on the native heap.
Bug: v8:6876
Change-Id: Ia48aed86ddcd94e85c0aecc053c327dfacb795d6
Reviewed-on: https://chromium-review.googlesource.com/744593
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49048}
Create new state before parsing FormalParameter because we don't
want to use any of the parameters as an inferred function name.
Previously the stacktrace was:
test.js:3: Error: boom
throw new Error('boom');
^
Error: boom
at param (test.js:3:11)
at test.js:4:5
at test.js:6:3
The stacktrace with this patch:
test.js:3: Error: boom
throw new Error('boom');
^
Error: boom
at test.js:3:11
at test.js:4:5
at test.js:6:3
Bug: v8:6822, v8:6513
Change-Id: Ifbadc660fc4e85248af405acd67c025f11662bd4
Reviewed-on: https://chromium-review.googlesource.com/742657
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49042}
With the existing platform API it is not possible to post foreground
tasks from background tasks. This is, however, required to implement
asynchronous compilation for WebAssembly. With this CL we add the
concept of a TaskRunner to the platform API. The TaskRunner contains
all data needed to post a foreground task and can be used both from a
foreground task and a background task. Eventually the TaskRunner should
replace the existing API.
In addition, this CL contains a default implementation of the
TaskRunner. This implementation has tempory workaround for platforms
which do not provide a TaskRunner implementation yet. This default
implementation should be deleted again when all platforms provide a
TaskRunner implementation.
R=rmcilroy@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6ea4a1c9da1eb9a19e8ce8f2163000dbc2598802
Reviewed-on: https://chromium-review.googlesource.com/741588
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49041}
This CL contains the base implementation for logging function events.
Currently only compiler events are support (compile, compile-lazy...),
future CLs will enable log events for parsing and first-time exeuction
of functions.
Bug: chromium:757467
Change-Id: Ia705979190a3ebc1009989610483a7a141bc504b
Reviewed-on: https://chromium-review.googlesource.com/743921
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49040}
This reverts commit ecd3a2ea3e.
Reason for revert: Bug 779509, a crash with chrome.
Original change's description:
> [TurboFan] Remove maximum inlining levels check from inlining heuristics
>
> We have a check on maximum number of levels that can be inlined. This
> in some cases causes performance cliffs, when we cannot inline a small
> function because it has exceeded the number of levels. This cl removes
> that check. The intuition is that, having gone down several levels in
> a particular line stopping inlining that chain and exploring a new
> call site may not be beneficial.
>
> Bug: v8:6871
> Change-Id: I120056db38e78ce48dff010b6cf994259238582a
> Reviewed-on: https://chromium-review.googlesource.com/741705
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49009}
TBR=mythria@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:6871
Change-Id: I4766f911cb326c224af110be5c0dd7a44362a880
Reviewed-on: https://chromium-review.googlesource.com/743785
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49037}
Test that console.time/End/Stamp properly show up in the log file.
Change-Id: I99904e20fc98811ed3e3b5e5a9d186b459b8d4be
Reviewed-on: https://chromium-review.googlesource.com/743020
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49035}
This proceeds the experiment using the legacy bots, since luci bots
are blocked on https://crbug.com/776734.
NOTRY=true
Bug: chromium:772816, chromium:776734
Change-Id: I7532e04e98a96d69dbeefcd6edf66fb0cddbe111
Reviewed-on: https://chromium-review.googlesource.com/743365
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49034}
Following up on adding n-ary nodes, this extends the parser and
interpreter to support n-ary logical operations.
Bug: v8:6964
Bug: chromium:731861
Change-Id: Ife2141c389b9abccd917ab2aaddf399c436ef777
Reviewed-on: https://chromium-review.googlesource.com/735497
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49029}
The bytecode interpreter nor TF rely on the explicit return value of store ICs anymore, so we can just return whatever is in the result slot. It won't be visible to JS anyway.
Bug:
Change-Id: I389615d1d77c5b050832f23a08e3d3bc07d9cbc6
Reviewed-on: https://chromium-review.googlesource.com/743366
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49027}
This is preparation for supporting OOB loads from strings, which
requires the KeyedLoadIC to track this information.
Bug: v8:6936, v8:7014
Change-Id: Ide132244ee523397dd418d21fe3377976f6633fd
Reviewed-on: https://chromium-review.googlesource.com/743481
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49026}
This reverts commit 32141e93ff.
Reason for revert: Got merged to stable end of last week.
Original change's description:
> Disable --turbo-inline-array-builtins by default.
>
> Current chrome stable has a high number of crashes due to bugs in
> this feature. These bugs are already fixed but the fixes are hard
> to merge back. Therefore we decided to disable the feature in stable.
> This CL is intended to be merged to stable and then reverted in tot.
>
> Bug: chromium:762020
> Change-Id: Ibd5a08e3b303a204fb84a408271a1c0f97cc5b7b
> Reviewed-on: https://chromium-review.googlesource.com/738176
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48931}
TBR=jarin@chromium.org,neis@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:762020
Change-Id: Id1fe2f417e09a7b451484fc16710b09469cdb74d
Reviewed-on: https://chromium-review.googlesource.com/743321
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49025}
The CheckSeqString operator unnecessarily materialized two bits for the
separate conditions, but we can actually check for SeqString with just a
single mask instead, which saves the intermediate computations and two
registers.
Bug: v8:5267
Change-Id: Ib937a5a4eebdc271a2bbbc6f074f5992e06b2fa9
Reviewed-on: https://chromium-review.googlesource.com/741702
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49023}
This was discovered on the babel test of the web-tooling-benchmark,
which suffers from a high %KeyedGetProperty overhead, and most of
these calls come from the fact that the KeyedLoadIC_Megamorphic bails
out to the runtime call for all String instance types. Just handling
in-bound accesses to characters reduces the overhead incurred by
%KeyedGetProperty from roughly 9% to roughly 2% only.
This reduces the number of runs per second on the babel test by around
7-8% on average.
Bug: v8:6936, v8:7014
Change-Id: I0dc247d7d6457c7032636d2852cb54cef1b24979
Reviewed-on: https://chromium-review.googlesource.com/743012
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49021}
Interpreter entries may be called from wasm functions, when debugging.
That means that, when moving on the native heap, interpreter entries
need to be native, too. That means they cannot reference movable GC
objects.
The only such reference was to the instance object, which is needed
in the WasmRunInterpreter runtime function. We can fetch the instance
using GetWasmInstanceOnTop() instead.
Bug: v8:6876
Change-Id: I7198a849cc0e441b057537a570a3dfa6f3197149
Reviewed-on: https://chromium-review.googlesource.com/742391
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49019}
This eliminates the AstValue class, effectively moving its
implementation into the Literal AstNode. This should cause
no difference in behavior, but it does signal some shifts
in the underlying system. Biggest changes include:
- Reduction in AST memory usage
- No duplicate HeapNumbers in Ignition constant pools
- Non-String values are allocated either at constant pool
creation time (or at boilerplate creation time for literals),
rather than at AstValueFactory::Internalize() time.
There are a variety of test-only/debug-only changes due to these
switches as well.
Bug: v8:6984
Change-Id: I5f178040ce2796d4e7370c24d1063419e1c843a1
Reviewed-on: https://chromium-review.googlesource.com/731111
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49013}
This happens when RCS are enabled dynamically and the callsite is inside
the background parser.
BUG=chromium:760649
Change-Id: I216b955ed91d9c663ce3027aaa8ffb515bfe13ab
Reviewed-on: https://chromium-review.googlesource.com/740911
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49010}
We have a check on maximum number of levels that can be inlined. This
in some cases causes performance cliffs, when we cannot inline a small
function because it has exceeded the number of levels. This cl removes
that check. The intuition is that, having gone down several levels in
a particular line stopping inlining that chain and exploring a new
call site may not be beneficial.
Bug: v8:6871
Change-Id: I120056db38e78ce48dff010b6cf994259238582a
Reviewed-on: https://chromium-review.googlesource.com/741705
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49009}
Instead of creating a runtime call for the static class field
initializer in the AST, we do it in the bytecode generator.
This adds the initializer function to the ClassLiteral AST node.
Bug: v8:5367
Change-Id: Iffaa6531511023812011ee19fc96cea9e5c9d3f3
Reviewed-on: https://chromium-review.googlesource.com/736315
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49008}
To avoid accessing the heap during asm.js compilation, use the pending
error handler to store the pending warnings such that they can be reported
later during finalization.
As part of this change, refactor PendingCompilationErrorHandler to have a
MessageDetails class holding details of either error or warning messages.
BUG=v8:5203
Change-Id: I5b09254f8899b8dc57d94f1986c7183da847eae3
Reviewed-on: https://chromium-review.googlesource.com/735607
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49007}
