Move the object and array literal flag and depth initialization to when
they are visited by the bytecode generator. This avoids issues with
doing this initialization before we know whether the (syntactic) literal
is actually a literal value or a destructuring assignment.
Bug: chromium:795922
Bug: v8:7178
Change-Id: I022178ab4bc9e71f80560f3b78a759d95d4d0584
Reviewed-on: https://chromium-review.googlesource.com/833882
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50204}
This reverts commit 6633ad56d8.
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/18850
Original change's description:
> [wasm] Stop decoding operands after error.
>
> When we decode operands of WebAssembly instructions, we do not use the
> current pc but a pc of the instruction plus some offset. However, the
> pc of the instruction + offset can become invalid in case of a decoder
> error. Therefore we have to stop decoding operands explicitly in case
> of an error.
>
> R=clemensh@chromium.org
>
> Bug: chromium:795131
> Change-Id: I3b7b45782c71a70364adf930bee3e94a1be88fea
> Reviewed-on: https://chromium-review.googlesource.com/832867
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50196}
TBR=ahaas@chromium.org,clemensh@chromium.org
Change-Id: I5a67f77285fdedc7f4645f8efaaf0087b4046011
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:795131
Reviewed-on: https://chromium-review.googlesource.com/832650
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50199}
The fast paths aren't pure and have side effects like calling out to
the debugger and runtime calls. Note: These aren't "fast" paths per se,
but just *native promise* code paths.
Forcing the slow path omits these calls to the debugger and runtime
causing test failures.
Bug: v8:7148
Change-Id: Idf46a33622a6edf03d69fefa4c6bfb7efc8ea625
Reviewed-on: https://chromium-review.googlesource.com/824102
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50197}
When we decode operands of WebAssembly instructions, we do not use the
current pc but a pc of the instruction plus some offset. However, the
pc of the instruction + offset can become invalid in case of a decoder
error. Therefore we have to stop decoding operands explicitly in case
of an error.
R=clemensh@chromium.org
Bug: chromium:795131
Change-Id: I3b7b45782c71a70364adf930bee3e94a1be88fea
Reviewed-on: https://chromium-review.googlesource.com/832867
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50196}
It's still unused there but now at least it ends up in the
feedback vector.
Bug: v8:6791
Change-Id: I0114d317830b80be4715c74dc5a8950fff4d3485
Reviewed-on: https://chromium-review.googlesource.com/829136
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50194}
There was an issue when the caller of a function with multiple returns
did not use all values which were returned over the stack. The caller
used only the used returns to calculate the offsets on the stack,
whereas the callee used all returns to calculate the offsets.
With this CL also the caller uses all returns to calculate the stack
offsets and thereby agrees again with the callee on the location of
all returns.
In addition I fixed an issue on x64: A quad word is reserved on the
stack frame to spill callee-saved FP registers, which is not pointer
size.
R=titzer@chromium.org
Change-Id: Ibe56b4b57e4b6e59071a868805b1237412344f93
Reviewed-on: https://chromium-review.googlesource.com/824043
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50193}
This is the counterpart of https://crrev.com/c/822471.
It implements asm.js bounds checks for loads using normal branch nodes
and removes the need for CheckedLoad, improving maintainability at some
small cost to compilation time.
R=ahaas@chromium.orgCC=mstarzinger@chromium.org, titzer@chromium.org
Change-Id: I7a2716f364b9e4d7beb9cc460eb028c3bd1c3a99
Reviewed-on: https://chromium-review.googlesource.com/832457
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50192}
The memory size is always stored as 32 bit value, so the comparison
should always be done in 32 bit space.
R=ahaas@chromium.org
Change-Id: Ic059e63bf1dc9e8bf568dbb5f8d7ccde1da4761a
Reviewed-on: https://chromium-review.googlesource.com/832473
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50187}
Even inside an "#ifdef DEBUG", we still want to use the DCHECK macro
instead of CHECK in order to get the "correct" error message.
Drive-by: Remove "#ifdef DEBUG" around DCHECKS in macro-assembler-x64.cc
R=ahaas@chromium.orgCC=mtrofin@chromium.org
Change-Id: I5b92c87fa9b10e5751cc2704d6218bee292cfb8f
Reviewed-on: https://chromium-review.googlesource.com/832687
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50184}
Remove comment about usage of FATAL, UNREACHABLE and UNIMPLEMENTED,
which was deprecated since https://crrev.com/1410713006.
Also, refactor the FATAL macro and use it for implementing UNREACHABLE
and UNIMPLEMENTED, and in more code. The benefit over printf +
CHECK(false) is that the compiler knows that FATAL will never return.
R=bmeurer@chromium.org
Change-Id: I8c2ab3b4e6edfe8eff5ec6fdf3d92b15d0ed7126
Reviewed-on: https://chromium-review.googlesource.com/832726
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50183}
Update tests to work with new behavior.
This feature is shipping in Firefox 54, so compatibility risk is low.
R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel
Bug: v8:4958
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ib16d19468cf935f961d7bcd856ebbeb5692d3e61
Reviewed-on: https://chromium-review.googlesource.com/546941
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50178}
We should not report promise created for async function as candidate
for stepping. Regular StepInto works fine in this case.
TBR=dgozman@chromium.org
Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I8dafec5417df0de593cb2a1c06d6a11093e7c64b
Reviewed-on: https://chromium-review.googlesource.com/828024
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50176}
I also added a test for movdqa, which was already implemented.
R=bmeurer@chromium.org
Change-Id: I6dd5cba072f1439dcdfb5f975de116e4534c7581
Reviewed-on: https://chromium-review.googlesource.com/832466
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50175}
The WasmCompiledModule is kept alive from the Script, which again is
kept alive then the debugger is enabled. This, however, should not keep
the whole context alive, including the global object.
Hence, we only store a weak reference to the native context.
R=ahaas@chromium.org
Bug: chromium:750256
Change-Id: Ia409995c40fb3e90665534fbc94c6eafc081c4e5
Reviewed-on: https://chromium-review.googlesource.com/832126
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50174}
The interface of {WasmCompiledModule} currently mostly receives and
provides handles to the contained data. Other interfaces don't (see
{object-macros.h}.
This leads to performance and memory overhead for chained accesses like
{instance->compiled_module()->shared()->script()}, because intermediate
accessors allocate Handles for no reason. It also breaks the
constraints that lower-case accessors should be trivial to execute, but
allocating a handle is not trivial (should not be done in a loop if not
needed).
It also silences gcmole errors, as documented in
https://crrev.com/c/832268.
R=ahaas@chromium.org, mtrofin@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ib82fb295977a47b4a8ab9bae9c9b6e2b235ad5e5
Reviewed-on: https://chromium-review.googlesource.com/832387
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50173}
This CL passes feedback from the element kind deopt points
in Array.push to the deoptimizer. If the deopt points are
triggered, further speculation on Array.push is disallowed.
Bug: v8:7127, v8:7204
Change-Id: Ie91dee598bd8b8797110c8f468406327226893a4
Reviewed-on: https://chromium-review.googlesource.com/831523
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50171}
Move the one remaining optimization disabling in AST numbering (native
function literals) to be in the parser.
Bug: v8:7178
Change-Id: Icd96020622cbe64afa11b42c5831618247e3e021
Reviewed-on: https://chromium-review.googlesource.com/814399
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50170}
Make sure that a continue still executed the increment part of a for
loop by adding another nested block for the body, which is the break
target for a continue in the body. The increment code lives outside
this block, in the original loop.
R=bradnelson@chromium.orgCC=mstarzinger@chromium.org
Bug: chromium:788916
Change-Id: I178b874ffac16d9237a0f4da097d2742bd93335a
Reviewed-on: https://chromium-review.googlesource.com/832447
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50169}
Move literal initialization out of AST numbering and into the parser.
The initialization includes setting the depth and flags of Object and
Array literals, and calculating the emit store of object literals.
Bug: v8:7178
Change-Id: I9af59a2fea44f8a1adcc5a0261f29ce97fa8da92
Reviewed-on: https://chromium-review.googlesource.com/814634
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50168}
This change is quite invasive, because CheckSmi is lowered
through representation change depending on UseInfo to several
different checked conversion operators. This CL adds feedback
to every checked conversion operator to Int32.
Bug: v8:7127, v8:7204
Change-Id: Icb780e5a69d321c2ec161c3c2a32984bdcf101f1
Reviewed-on: https://chromium-review.googlesource.com/831521
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50167}
This makes --print-code and --print-wasm-code also print code emitted
on the native wasm heap.
It also extends code printing to include the code kind and the index.
R=mtrofin@chromium.org
Change-Id: I39c23f4b65168c059f23477ec5d264924ca83e82
Reviewed-on: https://chromium-review.googlesource.com/831987
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50166}
The pattern "handle->foo(factory->NewXX())" is unsafe, because the
evaluation order of the receiver (dereferencing the handle) and the
argument (allocating something on the heap) is undefined. If the
receiver is evaluated first, then the allocation in the evaluation of
the argument might invalidate the receiver.
In general, gcmole should catch these errors, but sadly, if the
method "foo" receives a Handle, it seems to not catch them.
We should generally refactor our getters and setters to receive and
return raw pointers instead of handles, just like most other code in
our code base.
R=mtrofin@chromium.org, ahaas@chromium.org
Bug: v8:7224
Change-Id: If9e84e4ca7efe02c40b97a8c5c549c222947d6bb
Reviewed-on: https://chromium-review.googlesource.com/832268
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50165}
... by "inlining" the Tuple2 object into the data handler.
Bug: v8:7206, v8:5561
Change-Id: I8517b2faa8d13bd16b8ec99c7ea8ab97c73a5f2a
Reviewed-on: https://chromium-review.googlesource.com/819233
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50164}
Add additional protection against OOB accesses by masking the
index to access by a mask precomputed from the memory size.
R=clemensh@chromium.org, bradnelson@chromium.org
Change-Id: I1d5875121e1904074b115a2c88ca773b6c1c1a66
Reviewed-on: https://chromium-review.googlesource.com/830394
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50162}
We had a number of accessors defined on {WasmCompiledModule}, which
redirected to {WasmSharedModuleData}. This is uncommon in the code base
and hides where information is really stored.
This CL removes them and accesses information directly from the
{WasmSharedModuleData} instead.
R=ahaas@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I54fce75dbf7dcb2f16dcf13e4634b5618225a429
Reviewed-on: https://chromium-review.googlesource.com/831510
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50157}
Many methods currently defined in WasmCompiledModule actually only use
shared information from WasmSharedModuleData. Hence, move them to this
class.
R=ahaas@chromium.org
Bug: chromium:750256
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia298306c3757fca8e2d93eaaf3424d6f91150212
Reviewed-on: https://chromium-review.googlesource.com/831509
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50156}
See https://github.com/tc39/proposal-regexp-named-groups/pull/40.
The spec is being changed to always create a 'groups' property on
regexp result objects. Its value is undefined if no named captures
exist, and the object containing named captures otherwise.
Bug: v8:7192, v8:5437
Change-Id: I1fb00ffc186c7effd84b5692dcbed420581855c3
Reviewed-on: https://chromium-review.googlesource.com/829137
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50154}
Instruction selector computes the range of case statement labels
to choose between a table or lookup based switch. We need to special
case this when there are no case statements.
Bug: chromium:794825
Change-Id: I46ef57d17f5e2b99a3570f7f3c4ff06e75d78fab
Reviewed-on: https://chromium-review.googlesource.com/830013
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50153}
Once this CL lands and is included in Node.js, we can
- run `tools/node/fetch_deps.py <v8_path>` to fetch necessary deps.
- run `tools/node/build_gn.py <build mode> <v8_path> <out_dir>` to build.
- use new v8_monolith target in v8.gyp to call build_gn.py.
R=machenbach@chromium.org
Bug: v8:6105
Change-Id: I482bfddb40f77df62394a913335bd43627cc0c43
Reviewed-on: https://chromium-review.googlesource.com/792944
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50152}
This changes the implementation of
v8::ScriptCompiler::CompileFunctionInContext
See design doc: https://goo.gl/ppkK6QR=adamk@chromium.org, marja@chromium.org, mstarzinger@chromium.org
Bug: v8:7172, chromium:70895
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iab0b6e879c1a3b33b623bfa2af9c706643c06fa7
Reviewed-on: https://chromium-review.googlesource.com/810946
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50148}
The irregexp compiler expects RegExpCharacterClass instances to
contain at least one range. This preserves that invariant when parsing
the negated \P{Any} unicode property.
Bug: chromium:793588
Change-Id: If71fdce014a7e64d8af559084ee88108303d694b
Reviewed-on: https://chromium-review.googlesource.com/827010
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Erik Corry <erikcorry@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50146}
Add feedback to GrowFastElements operator and thread it
through to the deoptimize node it the lowering. The CL
uses the feedback to allow Array.push to disable speculation
if the grow operation deopts.
Bug: v8:7127, v8:7204
Change-Id: Ib5850a93759b9194c0fc2f191f6adf5d49cb7f55
Reviewed-on: https://chromium-review.googlesource.com/827128
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50145}
This reverts commit bcf1172992.
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/16791
The test cctest/test-run-tail-calls/FuzzStackParamCount hangs on
the nosnap debug bot and times out.
Original change's description:
> [arm64] Preparation for padding of arguments
>
> As part of JSSP removal, we need to align the arguments passed to functions
> on the stack, by adding a padding slot when the total number of arguments
> is odd.
>
> This patch introduces the kPadArguments flag (which is currently set to
> false for all architectures), which will control padding of arguments in
> architecture-independent parts of the code (deoptimizer, instruction
> selector).
>
> It also adds some executable tests for tail calls with various stack
> parameter counts on the caller and callee sides.
>
> This will be turned on for arm64 together with arm64-specific changes to
> the code generator, the MacroAsembler and the builtins, in a later patch.
>
> Bug: v8:6644
> Change-Id: I79a5c149123fe8130cedd1ccffec3d9b50361e08
> Reviewed-on: https://chromium-review.googlesource.com/806554
> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50134}
TBR=rmcilroy@chromium.org,jarin@chromium.org,georgia.kouveli@arm.com
Change-Id: Iff4d7da418204834822842b160eacb8980058172
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6644
Reviewed-on: https://chromium-review.googlesource.com/830847
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50144}
- Creates a memory management API in v8::internal, which corresponds
to the existing one in base::OS.
- Implements the new API in terms of the old one.
- Changes all usage of the base::OS API to the one in v8::internal. This
includes all tests, except platform and OS tests.
- Makes OS:: methods private.
- Moves all LSAN calls into the v8::internal functions.
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iaa3f022e3e12fdebf937f3c76b6c6455014beb8a
Reviewed-on: https://chromium-review.googlesource.com/794856
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50139}
This gets rid of all the RewriteNonPattern gunk in the parser and
expression classifier, and removes one use of RewritableExpression.
This borrows pieces from several other CLs of mine which are currently
open, and includes a new and modernized abstraction for dealing with
iterators in BytecodeGenerator (so, this CL adds that, moves code from
BuildGetIterator around, and makes some minor changes to yield* which
should maintain compatability with the old behaviour).
This also implements a portion of the changes to the iteration protocol
(implemented fully in
https://chromium-review.googlesource.com/c/v8/v8/+/687997), but only for
the spread operator in Array Literals (the rest will follow).
BUG=v8:5940, v8:3018
R=rmcilroy@chromium.org, marja@chromium.org, adamk@chromium.orgTBR=adamk@chromium.org
Change-Id: Ifc494d663d8e46066a439c3541c33f0243726234
Reviewed-on: https://chromium-review.googlesource.com/804396
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50138}
Bytecode jump table for switch statements can have holes when
the corresponding case statements do not exist (either because
the case was missing or was eliminated because it was dead code).
The iterator deals with this by skipping over the holes and setting
the iterator to the next valid entry. Bounds check was missing during
this skipping over if the last element is a hole.
Bug: chromium:794825
Change-Id: Ifdb63257e2997d2fd2868467a56da72b68feb47e
Reviewed-on: https://chromium-review.googlesource.com/829774
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50137}
As part of JSSP removal, we need to align the arguments passed to functions
on the stack, by adding a padding slot when the total number of arguments
is odd.
This patch introduces the kPadArguments flag (which is currently set to
false for all architectures), which will control padding of arguments in
architecture-independent parts of the code (deoptimizer, instruction
selector).
It also adds some executable tests for tail calls with various stack
parameter counts on the caller and callee sides.
This will be turned on for arm64 together with arm64-specific changes to
the code generator, the MacroAsembler and the builtins, in a later patch.
Bug: v8:6644
Change-Id: I79a5c149123fe8130cedd1ccffec3d9b50361e08
Reviewed-on: https://chromium-review.googlesource.com/806554
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50134}
Support inlining Array.prototype.findIndex in Turbofan.
Depending on array size, quick benchmarks show a >2x
improvement: https://github.com/peterwmwong/v8-perf/blob/master/array-find-findIndex-tf/README.md
Bug: chromium:791045, v8:1956, v8:7165
Change-Id: I250554885f924c97b0072e09ee289713df5cbe63
Reviewed-on: https://chromium-review.googlesource.com/824382
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50133}
The function assumes that the area of a page after the high watermark
is not in the free list. This does not hold if allocation observer are
active during deserialization.
Change-Id: I1f8d0586be6dc535e85d9da5b0fb2791f1de1031
Reviewed-on: https://chromium-review.googlesource.com/829573
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50132}
The unicode property escape syntax restricts unicode property names and
unicode property values to consist only of characters taken from the
[a-zA-Z0-9_] character class. See the spec at:
https://tc39.github.io/proposal-regexp-unicode-property-escapes/
In most cases, we do not actually need to validate that this is the
case, since subsequent property lookup in ICU will fail (and throw a
SyntaxError) if the given property does not exist.
However, there one special case. The ICU lookup takes the property name
as a null-terminated string, so it will accept carefully malformed
property names (e.g. '\p{Number\0[}'). This can end up confusing the
regexp parser.
With this CL, we explicitly restrict potential property names / values
to the character set as specified.
Bug: v8:4743, chromium:793793
Change-Id: Ic97deea8602571ec6793b79c4bb858e1c7597405
Reviewed-on: https://chromium-review.googlesource.com/824272
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50130}
In a generator containing loops, there are always certain control flow
paths that are impossible, due to the way we represent generators at the
bytecode level. Unfortunately, the graph builder can't tell that these
paths are impossible. In combination with dead code, it can then happen
that we build a subgraph (for unreachable code) whose incoming context
is the undefined oddball. JSContextSpecialization did not expect that.
Bug: chromium:794822
Change-Id: I259be5ae6c5f5adc8fca19c64bf71285ee922b7a
Reviewed-on: https://chromium-review.googlesource.com/828954
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50129}
This makes sure the builtin lowering of Object.create doesn't invalidate
any previously taken dependencies. Aborting compilation after such cases
would lead to repeating optimization attempts without learning, hence we
disallow such situations.
R=verwaest@chromium.org
BUG=chromium:794394,chromium:786723
Change-Id: I6b6928cab19692bbbe3cd241ade862a2306eb0c7
Reviewed-on: https://chromium-review.googlesource.com/827066
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50128}
- Added ObjectPrototypeToLocaleString TFJ
- Remove v8natives.js
- Move GetMethod and GetIterator into prologue.js
TBR=adamk@chromium.org
Bug: v8:6005
Change-Id: I2b5b65892304e62bf64375458f8ffb9473b2c9b7
Reviewed-on: https://chromium-review.googlesource.com/826479
Reviewed-by: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#50120}
This reverts commit 917b9cb9fc.
In this CL, we canonicalize the fixed array when allocating storage for
empty fixed array. During initialization, we also make sure that we do
not write to the empty fixed array. This is quite hacky, but it
seems to be the least intrusive change.
Bug: chromium:793863
Change-Id: I1449ebac7c1e390467566a759bf70e7e2fabda31
Reviewed-on: https://chromium-review.googlesource.com/827013
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50119}
Even though IsWasmCompileAllowed function in runtime/runtime-test.cc can
be invoked only when native calls are allowed, so this is not an
actual bug, fuzzing or random testing can call this function and make a
false positive. Thus, add a checking if the given argument is actually
an array buffer.
Bug: v8:5981
Change-Id: I3918c4d68b67a507c93865effa490d7259d63cb1
Reviewed-on: https://chromium-review.googlesource.com/732383
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50116}
Finishing a chunk of data during streaming compilation caused background
tasks to be restarted unconditionally. However, restarting background
tasks is not possible after compilation has already finished. With this
CL we do not allow anymore to restart background tasks after they have
been finished.
R=clemensh@chromium.orgCC=mtrofin@chromium.org
Change-Id: I4c0a9761fb627f04b254f72e05873e29e7647eb0
Reviewed-on: https://chromium-review.googlesource.com/827008
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50115}
This CL also adds support for "lookup on dictionary receivers" to store ICs.
Bug: v8:7206, v8:5561
Change-Id: Icebbc2d52c71f5d25b43f2f2a8adf674e4ec2cbc
Reviewed-on: https://chromium-review.googlesource.com/819232
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50113}
This CL adds a performace counter similar to
https://www.chromestatus.com/metrics/feature/timeline/popularity/2238
to estimate how often speculation is disabled in the wild.
Bug: v8:7216, v8:7127
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I421637b386534da4a3aed549a9665870e3b97eb1
Reviewed-on: https://chromium-review.googlesource.com/827012
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50112}
The IsPromise brand check is now replaced with an IsObject check.
The spec was changed here:
a1628886f8
Bug: v8:7095
Change-Id: I5668083c888f9efcdfc1491c919c810c75d73ac7
Reviewed-on: https://chromium-review.googlesource.com/826606
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50108}
This makes sure that breaking dependencies during compilation is also
caught properly in release mode (not only in debug mode). When this
happens the generated code would be invalid from the beginning and we
need to prevent using such code.
R=bmeurer@chromium.org
BUG=chromium:794394,chromium:786723
Change-Id: I76fd85786c16807389f69a9c44b9f893004b1c6f
Reviewed-on: https://chromium-review.googlesource.com/826635
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50105}
This CL also removes LoadICProtoArray* builtins which are no longer necessary.
Bug: v8:7206, v8:5561
Change-Id: Ic5d9a3d4d21c4bd5e5e1cd110bd029ced157a000
Reviewed-on: https://chromium-review.googlesource.com/819252
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50104}
Given that we already treat feedback vector as a source of truth for
language mode of other store operations and given that the StoreGlobalIC
dispatcher does not depend on the language more anymore, we can just combine
these two bytecodes.
Bug: v8:7206
Change-Id: I27f03f2102ff79ec20fa997eb18dde816f376b00
Reviewed-on: https://chromium-review.googlesource.com/823846
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50102}
... instead of checking if the property cell is still empty when loading/storing
through JSGlobalObject prototype.
Also invalidate the validity cell when new global lexical variables appear in the
script.
Bug: v8:5561
Change-Id: Iaf122dffe76d57b32e2b69291dee079e772b271c
Reviewed-on: https://chromium-review.googlesource.com/819230
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50100}
Add support for disallowing speculation upon deoptimize from
a CheckBound node, and use this in the case of array builtins
in js-call-reducer to prevent deoptimization loops.
Bug: v8:7127
Change-Id: I04cf655b10178d2938d2f0ee6b336601fab6463b
Reviewed-on: https://chromium-review.googlesource.com/822195
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50097}
Adds static_cast<int> to a number of return values in disasm-arm64.cc.
The implicit conversion from size_t (unsigned long) to int was causing
compilation warnings/errors when upgrading to Android NDK r16.
Bug: chromium:771171
Change-Id: I9a5f80d65565e1a9ab4caf2cf874240f04f406a1
Reviewed-on: https://chromium-review.googlesource.com/826254
Commit-Queue: Brian Sheedy <bsheedy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50094}
This would help separate such API misuses from other Invoke() crashes
which indicate crashes in generated code.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6c596fb63950d7306fab1b689dd913a61764d257
Reviewed-on: https://chromium-review.googlesource.com/825942
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50092}
Port bd732f7ddd
Original Commit Message:
The original CL introduced a test which uses a random number generator.
I disable the test for now, which is okay because this CL adds to a
work-in-progress feature anyways, and I will fix the problem in another
CL.
Original description:
Add the ability to return (multiple) return values on the stack:
- Extend stack frames with a new buffer region for return slots.
This region is located at the end of a caller's frame such that
its slots can be indexed as caller frame slots in a callee
(located beyond its parameters) and assigned return values.
- Adjust stack frame constructon and deconstruction accordingly.
- Extend linkage computation to support register plus stack returns.
- Reserve return slots in caller frame when respective calls occur.
- Introduce and generate architecture instructions ('peek') for
reading back results from return slots in the caller.
- Aggressive tests.
- Some minor clean-up.
So far, only ia32 and x64 are implemented.
R=ahaas@chromium.org, joransiu@ca.ibm.com, jbarboza@ca.ibm.com
BUG=
LOG=N
Change-Id: I8d63286aa5af5f52cc2eeaf2adeee13d0ff19e7d
Reviewed-on: https://chromium-review.googlesource.com/823084
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50091}
In a certain scenario streaming compilation got stuck and did never
finish. This CL fixes this issue.
Scenario:
* Streaming compilation starts
* The compilation tasks execute all compiation units in the working
queue and set the finished_ flag to true.
* New data arrives over streaming
* The compilation tasks compile so fast that the executed_units_ queue
gets full. The compilation tasks stop executing and wait for the
finisher task to restart them.
* The finisher task does not restart the compilation tasks because the
finished_ flag is set.
With this CL I remove the finished flag and instead look at the size
of the working queue directly.
In addition I added a test which does not actually reproduce this
scenario but seems good to have anyways.
R=mtrofin@chromium.org
Change-Id: I44560c43e51be13c4461208368e21137b115656c
Reviewed-on: https://chromium-review.googlesource.com/824523
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50090}
top_on_previous_step_ can only be valid when Allocation Observers are
active. Add some assertions in the code to ensure this holds.
Use AllocationObserversActive() more pervasively. Remove some code based
on the established invariant.
Bug:
Change-Id: I7f0d4c4f617ed9fa05c6b94202a90953fbc33cfd
Reviewed-on: https://chromium-review.googlesource.com/823576
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#50088}
- Makes ArrayBufferAllocatorBase forward all operations to default
ArrayBufferAllocator.
- ShellArrayBufferAllocator uses VM for allocations over a threshold.
Bug: chromium:793750,v8:7146
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I62d8f9281b744e987223a16fbb762bd77747bf39
Reviewed-on: https://chromium-review.googlesource.com/822764
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50087}
This ensures that MigrateFastToFast does not overflow the length of the
property array.
Bug: chromium:789393
Change-Id: I77adc319c1c8c469ea482bad35ead8661d535192
Reviewed-on: https://chromium-review.googlesource.com/824167
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50086}
The k value passed to NumberAdd was outside the integer range, which
meant it had to choose Double as the only valid representation. The
other array builtins pass the result of CheckBounds here to specifically
force the types into integer range, which allows the representation
selection to pick Word32 instead of Float64 representation.
Drive-by-fix: Pass kind to AccessBuilder::ForJSArrayLength() as well.
Bug: chromium:791045, v8:1956
Change-Id: I357e1ba0dc52be544e631e4d554ab772b9b4c9bb
Reviewed-on: https://chromium-review.googlesource.com/823968
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50084}
The dispatcher is responsible for handling stores to lexical environment
variables and for storing directly to the JSGlobalObject. In the latter
case the dispatcher also ensures that JSGlobalProxy is provided as
a receiver if a setter function has to be called.
Unlike StoreIC the calling convention for the StoreGlobalIC does not include
receiver.
Bug: v8:7206, chromium:576312, v8:5561
Change-Id: Ifa896c7b41bf440785b757c2272ec91211e79c98
Reviewed-on: https://chromium-review.googlesource.com/818965
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50081}
Revision 5bc1d29 introduced a bug in the case when the filler is in
the unmapped region, which leads to CHECK failure.
Change-Id: I013e4386f6d5e9cdad22c11e1a7a9f1a088375ae
Reviewed-on: https://chromium-review.googlesource.com/823845
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50080}
So far we generated source positions and safepoint information, but we
never actually attached it to the generated code objects. This CL adds
that.
R=titzer@chromium.org
Bug: v8:6600, chromium:793694
Change-Id: I8f4c6d8752f4c31a1df51c4893c262ea5925f3b5
Reviewed-on: https://chromium-review.googlesource.com/824266
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50077}
The intel manual knows "short jumps", "near jumps" and "far jumps",
where our Label::kNear corresponds to short jumps and Label::kFar
corresponds to near jumps.
Add some words to document this.
R=mstarzinger@chromium.org
Change-Id: I2b41cc770ee2c1fecff5e7363cede264ca3cd033
Reviewed-on: https://chromium-review.googlesource.com/824270
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50075}
This refactors the list of redirections of runtime call targets that
simulators maintain to be process-wide (as opposed to be per Isolate).
Such redirections are used for static C++ call targets which themselves
are process-wide, which makes this model a closer fit. Access is already
properly synchronized via a mutex.
Along the way this also introduces the {SimulatorBase} class as a common
base class for all simulator implementations.
R=clemensh@chromium.org
Change-Id: Iae8602c44b1b34cb916dde2b22c9403b0496b3d4
Reviewed-on: https://chromium-review.googlesource.com/823966
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50074}
RegisterLists should only be allocated via the register allocator. To ensure
this, make the RegisterList constructor private and only expose it to tests
and the BytecodeRegisterAllocator.
Change-Id: I09ebfc5c0f1baecfb1333fd672b96d462fd26fcf
Reviewed-on: https://chromium-review.googlesource.com/822196
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50073}
LiftoffAssembler::ReserveStackSpace expected number of bytes, not
number of stack slots. Also, make this clear in the naming of the
parameter, and remove a dead field.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ic4c7167cfa26a169b2936acdde865863141f441d
Reviewed-on: https://chromium-review.googlesource.com/823967
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50072}
We really just need one check instead of three. This also unifies the
error message to be the same on 32 and 64 bit systems.
Drive-by: Fix potential overflow in {validate_size}.
R=titzer@chromium.org
Bug: chromium:794353
Change-Id: I63c1f5ef53c1f245b9e82bcbf86a5d9ac0d2725e
Reviewed-on: https://chromium-review.googlesource.com/824082
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50071}
This includes adding a padding slot to the stack handler, which is done for all
architectures for consistency.
Bug: v8:6644
Change-Id: I8a6379a82e2a9d1819069850b6734489bd6071a6
Reviewed-on: https://chromium-review.googlesource.com/822477
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#50070}
This disallows speculation after deoptimization from any of
Array.{forEach,map,filter,find} due to CheckMap fails. Such
CheckMap fails happen if the builtins' function argument
causes the map of the array to change. The js-call-lowering
refrains from optimizing builtins for which speculation was
disallowed.
Bug: v8:6898, v8:7127
Change-Id: Ied6696f8fb023ee404fb82e9d37bfb061f293854
Reviewed-on: https://chromium-review.googlesource.com/819354
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50069}
Add support for loading and storing i32 values to and from memory.
Support for f32 and for non-traphandler configurations (i.e. emitting
bounds checks) will be added in a follow-up CL.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I43c44ce61f5acbac325261212374eb0f48c6ee89
Reviewed-on: https://chromium-review.googlesource.com/809164
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50068}
I also used the opportunity to clean up the loop peeler a bit by making the
class stateful, to avoid passing long argument lists around.
Bug: v8:5864
Change-Id: I2e034c6eabd381b01e15cf3e6aa3ce7b14e7b3d8
Reviewed-on: https://chromium-review.googlesource.com/822933
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50067}
For eager deopts within builtin stub frames we skiped marking the
underlying function as deoptimized. This avoided deopt loops where
we would just generate the same optimized code all over again.
Bug: v8:6898
Change-Id: Ie3d7ee4dfcbeb63e6087112d5740a423c4730599
Reviewed-on: https://chromium-review.googlesource.com/822491
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50066}
This CL adds support to the deoptimizer for setting the no speculation
bit on a provided feedback vector if desired.
Bug: v8:7127
Change-Id: I31fd1ea306cf5a4e919faeb896a83c1afdfccd63
Reviewed-on: https://chromium-review.googlesource.com/819370
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50064}
This reverts commit 7d699b938c.
Reason for revert: Actually we like the trampolines. Slight reduction in code size, and prevents spanning the icache.
Original change's description:
> [ICs] Eliminate trampoline ICs in TurboFan generic lowering
>
> Trampoline ICs differ from normal ICs only in that they
> load the feedback vector from the stack instead of accepting it
> as an argument. We created them for FullCodeGen, where you always
> have the feedback vector on the stack, and can reduce the amount
> of code required to invoke an ICs by hiding the stack load down
> in the trampoline IC.
>
> Now the concept isn't really necessary, and we can achieve a
> nice cleanup of our idea-space by removing it. The first step is
> to remove their usage in TurboFan.
>
> Bug: v8:7199
> Change-Id: I08aefa5de199b1f19adea261b7086a84338c0805
> Reviewed-on: https://chromium-review.googlesource.com/822193
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50038}
TBR=mvstanton@chromium.org,tebbi@chromium.org
Change-Id: I63dcd98b799739d1d6ea55508b1ea5cfad9e3292
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7199
Reviewed-on: https://chromium-review.googlesource.com/822420
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50063}
The new frame type is inteneded to represent native C++ stack frames.
JS code may sometimes make calls to helper native functions that do not
provide any special stack layout besides the return address and frame pointer.
Currently the stack iterator bails out when it sees an unknown frame.
The patch allows the iterator to unwind stacks having such frames.
BUG=chromium:768540
Change-Id: I9c273c7015695a6733c0a0c52b522fca7b25de0d
Reviewed-on: https://chromium-review.googlesource.com/794991
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50058}
These enums capture the "type" of a load and store in one value, with
accessors to get the value type, memory type, memory size etc.
This will simplify implementing memory operations in Liftoff.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ief673e90fe63292853f97e5e95b5c39da1296730
Reviewed-on: https://chromium-review.googlesource.com/822476
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50054}
Turbofan does not always maintain source positions. Since the profiler
is best-effort only, this is ok and we should not assert it.
Source positions for stack traces are computed with an independent
mechanism: the stack walker. It's impossible to use the stack walker
here since it assumes that the frames actually exist.
Bug: chromium:787959
Change-Id: I43c3c4e6de0a9b5f76b05c53af238cb1df6ea1c5
Reviewed-on: https://chromium-review.googlesource.com/822930
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50053}
* DisableInlineAllocationSteps was a blunt hammer added to work around
tests that needed to avoid artificially lower limits imposed by
observers. PauseAllocationObserversScope can properly disable step on
a temporary basis.
* Modify tests. Remove DisableInlineAllocationSteps.
This exposed a bug in allocation observers: we were not doing a step
when a fresh page is added.
Fix this by moving the step into UpdateAllocationInfo. We should be
doing a step (and keeping top_on_previous_step_ consistent) whenever
we move move top(). UpdateAllocationInfo is the correct place for this
rather than the callers of UpdateAllocationInfo.
Bug:
Change-Id: I2edc238dc2e73bf9a2e9738c2a9b50efcac5cbf0
Reviewed-on: https://chromium-review.googlesource.com/821052
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50052}
If an initializer is a NaryOperation, its position ends up as a start position
of a Scope, and a DCHECK used to fire.
Interestingly, this was not caught by our existing tests.
BUG=chromium:791256
Change-Id: Id47f850c7ad17ca580352f9bd56c9567b485c3b8
Reviewed-on: https://chromium-review.googlesource.com/822093
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50051}
This is a reland of fa18e78dc7.
Mips compile error is fixed.
Original change's description:
> [wasm] [cleanup] Only pass information really needed
>
> Instead of always passing the MachineType, we can often just pass the
> accessed memory size or the MachineRepresentation, which is less
> information to pass and will simplify the upcoming refactoring for
> memory operations in Liftoff.
>
> R=titzer@chromium.org
>
> Bug: v8:6600
> Change-Id: I8748f8e00dcfdbc4082893143fe88bdafde99053
> Reviewed-on: https://chromium-review.googlesource.com/822194
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50041}
TBR=titzer@chromium.org
Bug: v8:6600
Change-Id: I3dff3072d6ceebd74873ace0c7dce7cccc3055d5
Reviewed-on: https://chromium-review.googlesource.com/822851
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50050}
This reverts commit ee106cb907.
Reason for revert: Still failing on big endian mips.
Original change's description:
> Reland "[wasm] [cleanup] Only pass information really needed"
>
> This is a reland of fa18e78dc7.
>
> Mips compile error is fixed.
>
> Original change's description:
> > [wasm] [cleanup] Only pass information really needed
> >
> > Instead of always passing the MachineType, we can often just pass the
> > accessed memory size or the MachineRepresentation, which is less
> > information to pass and will simplify the upcoming refactoring for
> > memory operations in Liftoff.
> >
> > R=titzer@chromium.org
> >
> > Bug: v8:6600
> > Change-Id: I8748f8e00dcfdbc4082893143fe88bdafde99053
> > Reviewed-on: https://chromium-review.googlesource.com/822194
> > Reviewed-by: Ben Titzer <titzer@chromium.org>
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#50041}
>
> TBR=titzer@chromium.org
>
> Bug: v8:6600
> Change-Id: Ia2c47464277a7c7a70099e7f7d6e32003e34d87e
> Reviewed-on: https://chromium-review.googlesource.com/822342
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50047}
TBR=titzer@chromium.org,clemensh@chromium.org
Change-Id: I448e3ad433451fb468c2db66b4b297e8c72a8c69
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6600
Reviewed-on: https://chromium-review.googlesource.com/822696
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50048}
This is a reland of fa18e78dc7.
Mips compile error is fixed.
Original change's description:
> [wasm] [cleanup] Only pass information really needed
>
> Instead of always passing the MachineType, we can often just pass the
> accessed memory size or the MachineRepresentation, which is less
> information to pass and will simplify the upcoming refactoring for
> memory operations in Liftoff.
>
> R=titzer@chromium.org
>
> Bug: v8:6600
> Change-Id: I8748f8e00dcfdbc4082893143fe88bdafde99053
> Reviewed-on: https://chromium-review.googlesource.com/822194
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50041}
TBR=titzer@chromium.org
Bug: v8:6600
Change-Id: Ia2c47464277a7c7a70099e7f7d6e32003e34d87e
Reviewed-on: https://chromium-review.googlesource.com/822342
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50047}
This operation was used to implement asm.js stores, but is obsolete
with asm.js stores now being lowered to normal graph nodes.
R=mstarzinger@chromium.orgCC=jarin@chromium.org
Bug:
Change-Id: Iea90b1a62be2e273c0562058642adc5b63ae2cf8
Reviewed-on: https://chromium-review.googlesource.com/822570
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50046}
This is a reland of c3bd741efd
Original change's description:
> Fix "this" value in lazily-parsed module functions.
>
> When preparsing top-level functions in a module, we didn't track
> unresolved variables. Consequently, "this" ended up referencing
> the global "this", which has the wrong value (in a module "this"
> is supposed to be the undefined value).
>
> This patch fixes that. This also lets us stop forcing context
> allocation of all variables in module scopes, which the patch
> takes care of as well.
>
> Bug: chromium:791334
> Change-Id: Ifac1f1adc033f3facfb3d29dd4bca32ee27bffcf
> Reviewed-on: https://chromium-review.googlesource.com/808938
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50025}
TBR=adamk@chromium.orgTBR=kozyatinskiy@chromium.org
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Bug: chromium:791334
Change-Id: I57acc7b84a345565b36cbb55924fa2ff9b449eec
Reviewed-on: https://chromium-review.googlesource.com/822341
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50045}
The CheckedLoad and CheckedStore machine operators are a form of
macro node used in the backend of TurboFan. They express bounds-checked
accesses to typed arrays in the asm.js style. While their semantics
can be expressed as normal machine operations and branches in the
graph, they were originally used to save compile time when graphs
were very big. ASM->WASM->TF graphs are smaller.
This CL implements asm.js bounds checks for stores using normal
branch nodes and removes the need for CheckedStore, improving
maintainability at some small cost to compilation time.
R=mstarzinger@chromium.org
CC=bradnelson@chromium.org
Bug:
Change-Id: I928689cfe33acac5a422f32cb014850ba09196f1
Reviewed-on: https://chromium-review.googlesource.com/822471
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50044}
This reverts commit fa18e78dc7.
Reason for revert:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/14055
Original change's description:
> [wasm] [cleanup] Only pass information really needed
>
> Instead of always passing the MachineType, we can often just pass the
> accessed memory size or the MachineRepresentation, which is less
> information to pass and will simplify the upcoming refactoring for
> memory operations in Liftoff.
>
> R=titzer@chromium.org
>
> Bug: v8:6600
> Change-Id: I8748f8e00dcfdbc4082893143fe88bdafde99053
> Reviewed-on: https://chromium-review.googlesource.com/822194
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50041}
TBR=titzer@chromium.org,clemensh@chromium.org
Change-Id: I3c85e3bc9b37c97b373b5e51a094be9561767f86
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6600
Reviewed-on: https://chromium-review.googlesource.com/822850
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50043}
Instead of always passing the MachineType, we can often just pass the
accessed memory size or the MachineRepresentation, which is less
information to pass and will simplify the upcoming refactoring for
memory operations in Liftoff.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I8748f8e00dcfdbc4082893143fe88bdafde99053
Reviewed-on: https://chromium-review.googlesource.com/822194
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50041}
Currently Page::ShrinkToHighWaterMark checks that there is only one
filler in the to-be-freed area at the end of the page. This does not
hold if an allocation observer is active.
We should instead check that the to-be-freed area does not contain
allocated objects and will not contain allocated objects:
1) Following chain of fillers we arrive at the end of the page.
2) The free list of the page is empty.
This patch also changes PagedSpace::ResetFreeList to evict free list
entries of each page, instead of just reseting the global free list.
It also removes invalidation of free list categories.
Now FreeList::EvictFreeListItems simply evicts free list entries without
invalidating free list categories.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6051578ec2c91c9614d14c7a6ce188d2db5ace3b
Reviewed-on: https://chromium-review.googlesource.com/822571
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50040}
Instead of specializing {DecodeLoadMem} and {DecodeStoreMem} for
prefixed opcodes, just pass the offset as parameter.
R=titzer@chromium.org
Change-Id: I0581f6e9cb562885709aaa0317bb550b175ad160
Reviewed-on: https://chromium-review.googlesource.com/822391
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50039}
Trampoline ICs differ from normal ICs only in that they
load the feedback vector from the stack instead of accepting it
as an argument. We created them for FullCodeGen, where you always
have the feedback vector on the stack, and can reduce the amount
of code required to invoke an ICs by hiding the stack load down
in the trampoline IC.
Now the concept isn't really necessary, and we can achieve a
nice cleanup of our idea-space by removing it. The first step is
to remove their usage in TurboFan.
Bug: v8:7199
Change-Id: I08aefa5de199b1f19adea261b7086a84338c0805
Reviewed-on: https://chromium-review.googlesource.com/822193
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50038}
Corrected mips code generation for WASM_CALL and JS_TO_WASM_CALL.
The logic for fetching raw call sites needed changing, too, in light
of mips' 2-instruction calls, where using target_address_address is
incorrect. The CL adds platform-specific accessors.
Bug: chromium:793292 chromium:793282
Change-Id: I879ea6bffdad60791d88a6f5ea15087cdcd3f2e9
Reviewed-on: https://chromium-review.googlesource.com/818460
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50037}
This reverts commit c3bd741efd.
Reason for revert: Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/20384
Original change's description:
> Fix "this" value in lazily-parsed module functions.
>
> When preparsing top-level functions in a module, we didn't track
> unresolved variables. Consequently, "this" ended up referencing
> the global "this", which has the wrong value (in a module "this"
> is supposed to be the undefined value).
>
> This patch fixes that. This also lets us stop forcing context
> allocation of all variables in module scopes, which the patch
> takes care of as well.
>
> Bug: chromium:791334
> Change-Id: Ifac1f1adc033f3facfb3d29dd4bca32ee27bffcf
> Reviewed-on: https://chromium-review.googlesource.com/808938
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50025}
TBR=adamk@chromium.org,marja@chromium.org,neis@chromium.org,kozyatinskiy@chromium.org
Change-Id: I81f69334ed2ce104c00e6205d50001e4bdf07d15
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:791334
Reviewed-on: https://chromium-review.googlesource.com/822258
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50036}
This makes the code dealing with type feedback more concise and uniform
(at the cost of a few redundant comparisons).
Bug:
Change-Id: If6b98bd1f0dddd392d7b00d65b600127bd30ff7e
Reviewed-on: https://chromium-review.googlesource.com/818984
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50035}
The original CL introduced a test which uses a random number generator.
I disable the test for now, which is okay because this CL adds to a
work-in-progress feature anyways, and I will fix the problem in another
CL.
Original description:
Add the ability to return (multiple) return values on the stack:
- Extend stack frames with a new buffer region for return slots.
This region is located at the end of a caller's frame such that
its slots can be indexed as caller frame slots in a callee
(located beyond its parameters) and assigned return values.
- Adjust stack frame constructon and deconstruction accordingly.
- Extend linkage computation to support register plus stack returns.
- Reserve return slots in caller frame when respective calls occur.
- Introduce and generate architecture instructions ('peek') for
reading back results from return slots in the caller.
- Aggressive tests.
- Some minor clean-up.
So far, only ia32 and x64 are implemented.
Change-Id: I8b03fc4e53946daaa0e14a34603f4824a04fad7e
Reviewed-on: https://chromium-review.googlesource.com/819557
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50031}
I tested it with 30000 tests in the wasm spec test suite, and they all
pass.
Change-Id: Ice0fb64f56685f67521431213e3fc8fbc263750e
Reviewed-on: https://chromium-review.googlesource.com/822111
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50026}
When preparsing top-level functions in a module, we didn't track
unresolved variables. Consequently, "this" ended up referencing
the global "this", which has the wrong value (in a module "this"
is supposed to be the undefined value).
This patch fixes that. This also lets us stop forcing context
allocation of all variables in module scopes, which the patch
takes care of as well.
Bug: chromium:791334
Change-Id: Ifac1f1adc033f3facfb3d29dd4bca32ee27bffcf
Reviewed-on: https://chromium-review.googlesource.com/808938
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50025}
Use large zone segments for CSA builin generation when serializer is
active. Turbofan backend uses pointer comparison of zone allocated
objects. Large zone segments ensure determistic order of objects.
Bug: v8:7188
Change-Id: I18e1e18fa79cded561563de1329bc3d9a8c364fb
Reviewed-on: https://chromium-review.googlesource.com/817601
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50023}
If we have several scripts with the same url (see many <script> tags in
one page), then we try to set breakpoint only in script with given
lineNumber inside and ignore all other scripts. We should follow the
same logic when we capture hint for later breakpoint restore.
R=yangguo@chromium.org
Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I44a332ac64f62ec9a0d24d5fe4688f8ced125e39
Reviewed-on: https://chromium-review.googlesource.com/821053
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50019}
Port 52ff3ae48b
Original Commit Message:
- Implement RunMicrotasks in CSA to prevent a potentially large number
of jumps between C++ and JS code while consuming te queue. Appears to
provide a ~60% speedup in microtask-heavy code, which from limited
testing appears to scale linearly.
The code-stub microtask pump bails out to the old C++ microtask pump
if it encounters a CallHandlerInfo microtask, and remains in C++ for
the remainder of the queue (returning to the JS/stub implementation
after the bailed out queue is exhausted).
- Add a variation of JSEntryStub which enters the new RunMicrotasks code
stub.
- Add a new RunMicrotasks helper to Execution, which uses the
RunMicrotasks entry stub.
R=caitp@igalia.com, joransiu@ca.ibm.com, jbarboza@ca.ibm.com
BUG=
LOG=N
Change-Id: Ifa15ca19312bb92758e82d19c3e3fc0a8b908d82
Reviewed-on: https://chromium-review.googlesource.com/820197
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#50018}
This is a separation of the DFA Unicode Decoder from
https://chromium-review.googlesource.com/c/v8/v8/+/789560
I attempted to make the DFA's table a bit more explicit in this CL. Still, the
linter prevents me from letting me present the array as a "table" in source
code. For a better representation, please refer to
https://docs.google.com/spreadsheets/d/1L9STtkmWs-A7HdK5ZmZ-wPZ_VBjQ3-Jj_xN9c6_hLKA
- - - - -
Now for a big copy-paste from 789560:
Essentially, reworks a standard FSM (imagine an
array of structs) and flattens it out into a single-dimension array.
Using Table 3-7 of the Unicode 10.0.0 standard (page 126 of
http://www.unicode.org/versions/Unicode10.0.0/ch03.pdf), we can nicely
map all bytes into one of 12 character classes:
00. 0x00-0x7F
01. 0x80-0x8F (split from general continuation because this range is not
valid after a 0xF0 leading byte)
02. 0x90-0x9F (split from general continuation because this range is not
valid after a 0xE0 nor a 0xF4 leading byte)
03. 0xA0-0xBF (the rest of the continuation range)
04. 0xC0-0xC1, 0xF5-0xFF (the joined range of invalid bytes, notice this
includes 255 which we use as a known bad byte during hex-to-int
decoding)
05. 0xC2-0xDF (leading bytes which require any continuation byte
afterwards)
06. 0xE0 (leading byte which requires a 0xA0-0xBF afterwards then any
continuation byte after that)
07. 0xE1-0xEC, 0xEE-0xEF (leading bytes which requires any continuation
afterwards then any continuation byte after that)
08. 0xED (leading byte which requires a 0x80-0x9F afterwards then any
continuation byte after that)
09. 0xF1-F3 (leading bytes which requires any continuation byte
afterwards then any continuation byte then any continuation byte)
10. 0xF0 (leading bytes which requires a 0x90-0xBF afterwards then any
continuation byte then any continuation byte)
11. 0xF4 (leading bytes which requires a 0x80-0x8F afterwards then any
continuation byte then any continuation byte)
Note that 0xF0 and 0xF1-0xF3 were swapped so that fewer bytes were
needed to represent the transition state ("9, 10, 10, 10" vs.
"10, 9, 9, 9").
Using these 12 classes as "transitions", we can map from one state to
the next. Each state is defined as some multiple of 12, so that we're
always starting at the 0th column of each row of the FSM. From each
state, we add the transition and get a index of the new row the FSM is
entering.
If at any point we encounter a bad byte, the state + bad-byte-transition
is guaranteed to map us into the first row of the FSM (which contains no
valid exiting transitions).
The key differences from Björn's original (or his self-modified) DFA is
the "bad" state is now mapped to 0 (or the first row of the FSM) instead
of 12 (the second row). This saves ~50 bytes when gzipping, and also
speeds up determining if a string is properly encoded (see his sample
code at http://bjoern.hoehrmann.de/utf-8/decoder/dfa/#performance).
Finally, I've replace his ternary check with an array access, to make
the algorithm branchless. This places a requirement on the caller to 0
out the code point between successful decodings, which it could always
have done because it's already branching.
R=marja@google.com
Bug:
Change-Id: I574f208a84dc5d06caba17127b0d41f7ce1a3395
Reviewed-on: https://chromium-review.googlesource.com/805357
Commit-Queue: Justin Ridgewell <jridgewell@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50012}
Includes drive-by fix of a small BigInt bug, as caught by
test262/built-ins/BigInt/constructor-from-string-syntax-errors
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ic3b78310912f84bbf904a1fcb7ddf2d7eb2df013
Reviewed-on: https://chromium-review.googlesource.com/817775
Reviewed-by: Sathya Gunasekaran (ooo until 12/12) <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50010}
