Commit Graph

58226 Commits

Author SHA1 Message Date
Primiano Tucci
096d9c5663 [tracing] Roll perfetto @ 28b633cd
This catches up with [1] that make the proto include path
relative to the project root rather than ./protos/

[1] https://android-review.googlesource.com/c/platform/external/perfetto/+/1108421

Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: I1f2dec93120142ea61cee864e4bf76a6947d958d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776088
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Primiano Tucci <primiano@chromium.org>
Auto-Submit: Primiano Tucci <primiano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63584}
2019-09-05 16:09:09 +00:00
Clemens Hammacher
fba03abcfa Correctly handlify two frame {Summarize} methods
{JavaScriptFrame::GetParameters} allocates a new {FixedArray}, hence
all object references need to be handified to survive that allocation.

R=mstarzinger@chromium.org

Bug: chromium:1000635
Change-Id: I76df5ac109bdb6999fe897bdafaf2175344ecca4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787429
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63583}
2019-09-05 15:42:59 +00:00
Leszek Swirski
470e68570e Reland^2 "[ic] In-place Double -> Tagged transitions""
This is a reland of 981aafaf97

It adds double checks to LoadFieldByIndex in the optimizing compiler, which
are likely the source of the crashes.

Original change's description:
> Reland "[ic] In-place Double -> Tagged transitions"
>
> This is a reland of 0736599a69.
> This is a reland of 7e1fbe8f34.
>
> Original change description:
> > [ic] In-place Double -> Tagged transitions
> >
> > With no more MutableHeapNumber, we can make Double -> Tagged transitions
> > in-place, at the cost of an extra map check when accessing double fields
> > to make sure they are still doubles.
> >
> > Bug: v8:9606
> > Change-Id: I74ff39ed6fba62ee223cd37dfe761f7d73020e1c
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743973
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#63374}
>
> TBR=verwaest@chromium.org, tebbi@chromium.org
>
> Bug: v8:9606
> Change-Id: I2d1b7416064d743582f4983fb868316b7e8a4cf2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1777661
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63499}

TBR=verwaest@chromium.org

Bug: v8:9606
Bug: chromium:997989
Change-Id: Iccfff8e5c6306c9ee4f6c62767dce883b1c6f743
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784288
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63582}
2019-09-05 15:20:19 +00:00
Joshua Litt
8c79beadbf Reland "[regexp] Implement the match indices proposal"
Implements match indices for regexp, as specified by
https://github.com/tc39/proposal-regexp-match-indices,
a stage 3 TC39 proposal. This implementation is hidden
behind the '--harmony-regexp-match-indices' flag.

Regexp match indices extends the JSRegExpResult object
with an array of indices of matches, as well as a
dictionary of capture names to match indices.

Bug: v8:9548
Change-Id: Ia9efcee00d997dda6158539b8d0f4c4e5965e5e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771379
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63581}
2019-09-05 15:13:39 +00:00
Santiago Aboy Solanes
6192ecb0d1 [CSA] TNodify methods related to stores and loads
Bug: v8:6949
Change-Id: I8f0de9e202f41c78e24c4d73c54b198a52122dac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784296
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63580}
2019-09-05 14:45:34 +00:00
Dan Elphick
a35a705983 [parser] Don't mark const variables as assigned
Since const variables are  immutable, ignore SetMaybeAssigned for them.

Bug: chromium:999450, chromium:1000170, v8:8510
Change-Id: Idc1b71677b3d03bb63cc025017c119710b8f392d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782170
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63579}
2019-09-05 14:44:29 +00:00
Santiago Aboy Solanes
9a6f23c258 [CSA] TNodified methods related to Jump
TNodified:
 * Jump (both versions)
 * JumpBackward
 * JumpIfTaggedEqual
 * JumpIfTaggedNotEqual
 * JumpConditional
 * LoadOsrNestingLevel

Removed slopiness from Advance's parameter.

Renamed "delta" to jump_offset for JumpXXX arguments. They were called
jump_offset in .h and delta in .cc.

Bug: v8:6949
Change-Id: I6b34391dcb2ee881670d04edac9382258f6bcb51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782821
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63578}
2019-09-05 13:49:39 +00:00
Santiago Aboy Solanes
ff24879ae8 [CSA] TNodify dispatch, RegisterFile and context methods
TNodified:
 * code-assembler
   * TailCallBytecodeDispatch
 * interpreter-assembler
   * GetContextAtDepth
   * ExportParametersAndRegisterFile
   * ImportRegisterFile
   * Dispatch
   * DispatchToBytecode
   * DispatchToBytecodeHandlerEntry
   * DispatchWide
   * return type of Jump (Jumps are coming in another CL)
   * LoadBytecode

Removed DispatchToBytecodeHandler since it was unused.
Removed target_bytecode parameter of DispatchToBytecodeHandlerEntry
since it was unused.

Bug: v8:6949
Change-Id: Icd3ded28cc1fd1dc528219dd83cf646e67c9b878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782838
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63577}
2019-09-05 13:34:39 +00:00
Santiago Aboy Solanes
f56b923665 [CSA] TNodify Bytecode operands and constant pool loading
TNodified from interpreter-generator:
 * SwitchOnSmiNoFeedback
 * CreateFunctionContext
 * CreateEvalContext
 * SwitchOnGeneratorState
since they were using some of the interpreter-assembler now TNodified
methods.

Bug: v8:6949
Change-Id: I0055100428232e8bdc79cb4356954bac52f4a30d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781689
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63576}
2019-09-05 12:14:59 +00:00
Andreas Haas
69719dd42b Reland [wasm] Stage wasm-bigint
There was no problem with the original CL. I just had a problem with
my local git branches.

Original message:

The implementation on wasm-bigint has been done, as far as I can tell.
There are no spec tests yet, only an out-dated copy of the original
spec tests which don't pass anymore. Therefore I disabled all the tests
for now and created a tracking bug at https://crbug.com/v8/9673.

TBR=adamk@chromium.org

Bug: v8:7741, v8:9673
Change-Id: Ida7ccda4547cf3fdcdff151d8b02946b7aa534ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787420
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63575}
2019-09-05 12:02:19 +00:00
Michael Hablich
e20a95d119 Bump V8 version
TBR=machenbach@chromium.org
NOTRY=true

Change-Id: I2873acd03b9673dedf587d21e35101ad163fd580
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787425
Commit-Queue: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63574}
2019-09-05 11:54:39 +00:00
Santiago Aboy Solanes
a917b1cb93 [CSA] TNodify the rest of the member variables in interpreter assembler
TNodify related methods:
 * BytecodeArrayTaggedPointer
 * DispatchTablePointer (renamed from DispatchTableRawPointer)
 * GetAccumulatorUnchecked

SloppyTNodify SetAccumulator's argument.

Marking some tests as slow, due to TNodification.

Bug: v8:6949
Change-Id: I3a56c47247828ec1313ce69ce76064efedf57776
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782162
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63573}
2019-09-05 11:49:59 +00:00
Clemens Hammacher
26b3649695 [base] Remove special-casing for gcc < 5
Node now requires gcc >=6.3, and we do not test on gcc <5.4 any more.
Thus remove a special case for gcc <5.

R=machenbach@chromium.org

Bug: v8:9686
Change-Id: Ifffddec611c15b704aa292a65e87cd770d85ea7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1786283
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63572}
2019-09-05 11:46:44 +00:00
Michael Achenbach
00061793b0 [build] Lift c++11 restriction
Bug: v8:9687
Change-Id: Ia9e82e1565d2dca595f5a231281d415f423b3421
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787421
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63571}
2019-09-05 11:40:35 +00:00
Tobias Tebbi
9ce6792630 [turbofan] temporarily disable const-based load elimination
This is a safe to merge hot-fix to tackle https://crbug.com/983764.
To be reverted after merging to M77.

Bug: chromium:983764
Change-Id: I3cd27481f224b352ef6bcf9dde21a8f77616acff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1786285
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63570}
2019-09-05 11:36:45 +00:00
Clemens Hammacher
029e8ab9b0 [base] Remove hack for gcc < 5
Node now requires gcc >=6.3, and we do not test on gcc <5.4 any more.
Thus remove a hack for gcc <5.

R=machenbach@chromium.org

Bug: v8:9686
Change-Id: I503c6b76d40499bbe45fb83996e0dfebf86f3395
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1786281
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63569}
2019-09-05 10:56:44 +00:00
Michael Starzinger
b096eb5552 [wasm] Avoid reserving buffer if no memory declared.
This makes sure no underlying ArrayBuffer is reserved for modules that
don't declare a module. For the case where a memory is declared but the
initial size is 0, we still reserve a buffer in case of trap handlers.

R=ahaas@chromium.org
BUG=v8:9678

Change-Id: I837b8f257b63eb4111646806b899074babd7c9f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784290
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63568}
2019-09-05 10:08:24 +00:00
Clemens Hammacher
89115625a0 [wasm][arm] Optimize runtime stub slots
This reduces the size per runtime stub slot by using the same sequence
we plan to use for far jumps.
Note that alignment is not an issue here, since runtime stub slots are
never patched.

R=mstarzinger@chromium.org
CC=joey.gouly@arm.com

Bug: v8:9477
Change-Id: Ib8f0f7b4930617b9c16dc54f6773572c70b681c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784292
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63567}
2019-09-05 09:48:04 +00:00
Ross McIlroy
719bc030c0 [Compiler] Use existing inferred name when adding preparse data to SFI.
The inferred name in the function literal might not be as accurate as the one
already on the shared function info, so use the existing one instead.

BUG=chromium:995813

Change-Id: Ie06eb964934fc039e56ebf9452f706e1192b7ab0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782169
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63566}
2019-09-05 09:46:34 +00:00
Mu Tao
610facedaf [mips][wasm] Stage type reflection support
On mips, NaN bit patterns is not same as WASM's definitions.

Port e101dfb708

R=clemensh@chromium.org

Change-Id: I134cd6289b7cf5d1a366345fe0a79cbecc9a6f73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782234
Auto-Submit: Mu Tao <pamilty@gmail.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63565}
2019-09-05 09:28:34 +00:00
Clemens Hammacher
04ce2f0981 [wasm] Optimize runtime stub slots on x64 and ia32
This reduces the size per runtime stub slot by using the same sequence
we plan to use for far jumps.
Note that alignment is not an issue here, since runtime stub slots are
never patched.

R=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: Ida73896bfc26d01f2a3fbccde785928d1ac92380
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784291
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63564}
2019-09-05 09:21:54 +00:00
Mu Tao
8e317c950b [mips][wasm-simd] F32x4Div for mips
Port 85e2dbb32a

Change-Id: I59fbd2eb10469179def9bc6332543f5fc406d1c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784417
Auto-Submit: Mu Tao <pamilty@gmail.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63563}
2019-09-05 08:18:39 +00:00
Jakob Gruber
fbf351cf21 [compiler] Remove implementation details from store-store header
Refactor-only: This moves declaration of implementation details into
the .cc file. No logic changes.

Bug: v8:9574
Change-Id: I985ce17138e65f18dbb629b9f6660009e034fbf0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1786279
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63562}
2019-09-05 07:59:20 +00:00
Sigurd Schneider
3b0f89d0a1 [debugger] Fix code coverage for async functions
Async functions were not correctly fixed up for code coverage, which
caused an additional uncovered range to be reported between a return
statement and the closing bracket.

This CL adds code that detects such ranges, and removes them, similarly
to how the ranges are removed for normal functions. The removal process
is different, because the parser rewrites async functions to contain a
try-catch handling promise rejection.

Change-Id: I73b08d64be74d26c32f2f9652d027430d4671251

Bug: chromium:981313, v8:8381
Change-Id: I82a7f0c54d3a48609ef5255a7659d9557e163566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782837
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63561}
2019-09-05 06:33:10 +00:00
v8-ci-autoroll-builder
5c73803368 Update V8 DEPS.
Rolling v8/build: 693faed..e030d8a

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/e7c719c..06605b0

Rolling v8/third_party/depot_tools: f38bc17..624bf6e

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I19a17babd06d9cac9c9e8225ae322fba62f1b5c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1786899
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63560}
2019-09-05 03:41:42 +00:00
Tom Tan
61d6db0715 Renaming variables which conflict with macro definition in Windows SDK
Windows SDK defines `near` and `far` as macro in minwindef.h, so they cannot be
used as variable name if Windows SDK header file is included for Windows build.

Bug: chromium:893460
Change-Id: I5ed1076b965979b8e4e09958c1b6f0a698ec8d4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783839
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Tom Tan <Tom.Tan@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#63559}
2019-09-04 20:37:48 +00:00
Joey Gouly
b7ade8536e [arm64][wasm] Implement I64x2 multiply
Implement I64x2 multiply using 32-bit multiplies.

This approach uses two fewer cycles (0.88x) on Cortex-A53 and three fewer cycles (0.86x)
on Cortex-A72, compared to moving to general purpose registers and doing two 64-bit multiplies.

Based on a patch by Zhi An Ng.

Bug: v8:8460
Change-Id: I9c8d3bb77f0d751eec2d85823522558b7f173628
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781696
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63558}
2019-09-04 19:22:08 +00:00
Dominik Inführ
a14e2f1278 [heap] Reduce old-to-new invalidations
Reduce number of old-to-new invalidations. MigrateFastToFast,
MigrateFastToSlow and DeleteObjectPropertyFast only need to invalidate
objects in some cases but not in all.

Bug: v8:9454
Change-Id: I901eecb9409c6dfa30cf6b4ee0bdd597862fc229
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781042
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63557}
2019-09-04 15:41:46 +00:00
Seth Brenith
e4e86b53cf Convert UncompiledData class to Torque
I removed the padding field because I couldn't see a reason why we would
want to pad to system pointer size. I'm guessing that the intent was to
pad to tagged pointer size, which was once relevant but isn't anymore
since one of the int32 fields got removed.

Bug: v8:8952
Change-Id: Ic191d783efd8d686f6920e6e7ce2d3dacba883c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776847
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#63556}
2019-09-04 14:57:23 +00:00
Clemens Hammacher
2314928b3a [cleanup] Remove dead {AllocatePage} function
R=mlippautz@chromium.org

Bug: v8:9396
Change-Id: If197687b6208257be18f91b4b172ec41600c21b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784287
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63555}
2019-09-04 13:37:33 +00:00
Tobias Tebbi
eb443e1f64 Revert "[compiler] improve inlining heuristics: call frequency per executed bytecodes"
This reverts commit 352a154e88.

Reason for revert: https://crbug.com/999972

Original change's description:
> [compiler] improve inlining heuristics: call frequency per executed bytecodes
> 
> TLDR: Inline less, but more where it matters. ~10% decrease in Turbofan
> compile time including off-thread, while improving Octane scores by ~2%.
> 
> How things used to work:
> 
> There is a flag FLAG_min_inlining_frequency that limits inlining by
> the callsite being sufficiently frequently executed. This call frequency
> was measured relative to invocations of the parent (= the function we
> originally optimize). At the same time, the limit was very low (0.15),
> meaning we mostly relied on the total amount of inlined code
> (FLAG_max_inlined_bytecode_size_cumulative) to limit inlining.
> 
> How things work now:
> 
> Instead of measuring call frequency relative to parent invocations, we
> should have a measure that predicts how often the callsite in question
> will be executed in the future. An obvious attempt at that would be to
> measure how often the callsite was executed in absolute numbers in the
> past. But depending on how fast feedback stabilizes, it can take more
> or less time until we optimize a function. If we just take the absolute
> call frequency up to the point in time when we optimize, we would
> inline more for functions that stabilize slowly, which doesn't make
> sense. So instead, we measure absolute call count per KB of executed
> bytecodes of the parent function.
> Since inlining big functions is more expensive, this threshold is
> additionally scaled linearly with the bytecode-size of the inlinee.
> The resulting formula is:
> call_frequency >
> FLAG_min_inlining_frequency *
>   (bytecode.length() - FLAG_max_inlined_bytecode_size_small) /
>   (FLAG_max_inlined_bytecode_size - FLAG_max_inlined_bytecode_size_small)
> 
> The new threshold is chosen in a way that it effectively limits
> inlining, which allows us to increase
> FLAG_max_inlined_bytecode_size_cumulative without increasing inlining
> in general.
> 
> The reduction in compile time (x64 build) of ~10% was observed in Octane,
> ARES-6, web-tooling-benchmark, and the standalone TypeScript benchmark.
> The hope is that this will reduce CPU-time in real-world situations
> too.
> The Octane improvements come from inlining more in places where it
> matters.
> 
> Bug: v8:6682
> 
> Change-Id: I99baa17dec85b71616a3ab3414d7e055beca39a0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1768366
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63449}

TBR=rmcilroy@chromium.org,neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org,mslekova@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:6682 chromium:999972
Change-Id: Iffca63d4bef81afa0f66e34d35fb72f3b5baf517
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784281
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63554}
2019-09-04 13:16:23 +00:00
Joshua Litt
abf8e579c3 [protectors] Migrate ArraySpeciesProtector to Protectors
Bug: v8:9463
Change-Id: I4d9d35222597925a289a6c3055ef0ca0aaa43a2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1775926
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63553}
2019-09-04 13:13:13 +00:00
Maya Lekova
0502ae33f8 [turbofan] Turn a never executing condition into a CHECK
Graph creation used to handle exception throwing gracefully, but this
seems to never happen, so turned it into a CHECK instead.

Change-Id: I90f8471fe77eb66402fd8abe0d5b15dcffee49bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784286
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63552}
2019-09-04 13:11:33 +00:00
Georg Neis
64bf07054e [turbofan] Ignore deprecated maps for named accesses
We already do this (if we can't migrate them) when processing the
feedback but it could still happen that we find a deprecated map in the
graph later on.

Bug: chromium:996819, v8:7790
Change-Id: I3b9acc8bc21b5a9812235145b726ba3e53cc8957
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784284
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63551}
2019-09-04 12:30:15 +00:00
Leszek Swirski
b293533ed8 Revert "Reland "[ic] In-place Double -> Tagged transitions""
This reverts commit 981aafaf97.

Reason for revert: Still crashing on Canary.

Original change's description:
> Reland "[ic] In-place Double -> Tagged transitions"
>
> This is a reland of 0736599a69.
> This is a reland of 7e1fbe8f34.
>
> Original change description:
> > [ic] In-place Double -> Tagged transitions
> >
> > With no more MutableHeapNumber, we can make Double -> Tagged transitions
> > in-place, at the cost of an extra map check when accessing double fields
> > to make sure they are still doubles.
> >
> > Bug: v8:9606
> > Change-Id: I74ff39ed6fba62ee223cd37dfe761f7d73020e1c
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743973
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#63374}
>
> TBR=verwaest@chromium.org, tebbi@chromium.org
>
> Bug: v8:9606
> Change-Id: I2d1b7416064d743582f4983fb868316b7e8a4cf2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1777661
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63499}

TBR=leszeks@chromium.org, verwaest@chromium.org, tebbi@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:9606
Bug: chromium:997989
Change-Id: Ic95166e67df68e84a524dffd8155121c3ff6aa13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784283
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63550}
2019-09-04 11:39:43 +00:00
Clemens Hammacher
e6cc1fc025 Rename some "address" to "hint"
The "address" pointer we pass to {Allocate} and {AllocatePages}
functions is actually just a hint. The actual address of the
reservation is returned by the function.
This CL renames the {address} argument of those functions to {hint} to
make this semantic more clear.

R=mlippautz@chromium.org

Bug: v8:9396
Change-Id: I9ff3785ea4e6f9b7d77f26f224445f3f92e11f22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784280
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63549}
2019-09-04 11:16:23 +00:00
Patrick Thier
019fa2b531 [regexp] Minor performance improvements and cleanups
Instead of checking code flags to decide if the irregexp code object is
an off-heap trampoline, we now directly load the builtin index offset
and treat the code as on-heap if the offset is -1.

In addition the regexp stack now has its own external reference for top
of stack address. This prevents calculating the top of stack address
using the base address and size at every invocation.

Bug: chromium:999993
Change-Id: I23649e8b410a56276f26846b0b12ad29310c3db7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782565
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@google.com>
Cr-Commit-Position: refs/heads/master@{#63548}
2019-09-04 11:05:03 +00:00
Andreas Haas
00ef19d859 [wasm][fuzzer] Teach the fuzzers to deal with anyref and co
I don't know if there is another problem, but this change fixes all
problems in the test case. The fuzzer will eventually tell us if there
is another problem.

R=clemensh@chromium.org

Bug: chromium:1000503
Change-Id: I2f3ca9132e1b9e3f01e9b32604fb39b2272723f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784278
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63547}
2019-09-04 10:55:13 +00:00
Andreas Haas
725a0a9076 Revert "[wasm] Stage wasm-bigint"
This reverts commit bf78435b2c.

Reason for revert: This CL is not what I wanted to land. I mixed up my local branches.

Original change's description:
> [wasm] Stage wasm-bigint
> 
> The implementation on wasm-bigint has been done, as far as I can tell.
> There are no spec tests yet, only an out-dated copy of the original
> spec tests which don't pass anymore. Therefore I disabled all the tests
> for now and created a tracking bug at https://crbug.com/v8/9673.
> 
> R=​adamk@chromium.org
> 
> Bug: v8:7741, v8:9673
> Change-Id: I015846cc6008ad266402b6835e634723a1a076da
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781050
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63541}

TBR=adamk@chromium.org,ahaas@chromium.org

Change-Id: I5e8a42ad01200c01446efe4ea50f8ae6fef2c174
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7741, v8:9673
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784279
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63546}
2019-09-04 10:12:35 +00:00
Georg Neis
086efd8781 Reland "[turbofan] Prepare for moving part of CreateGraph into the background"
This is a reland of ab089c7864, after
making a flaky test more robust.

Original change's description:
> [turbofan] Prepare for moving part of CreateGraph into the background
>
> - Pass Refs, not Handles, to graph builder, and drop bytecode array argument
>   (get it from SFI instead).
> - Add some fields to FeedbackVectorRef that are needed to avoid heap access
>   in BytecodeGraphBuilderPhase.
> - Rename FeedbackVectorRef's SerializeSlots to Serialize, since it's more
>   than just the feedback slots.
> - Rearrange the last steps in PipelineCompilationJob::PrepareJobImpl such
>   that CreateGraph is last.
>
> Bug: v8:7790
> Change-Id: I4b17790d1d74da41ba63ee68e3a33968662fc398
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781682
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63515}

Bug: v8:7790
Change-Id: Ia6f4c1ebd82dea93c14437514d0e25b730523f75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781694
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63545}
2019-09-04 09:35:13 +00:00
Georg Neis
72946aa804 Make more use of NativeContext type in CSA and Torque
Change-Id: I29a4d20656727e6ec1e1fd052a840bd5aefe3cd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781052
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63544}
2019-09-04 09:33:33 +00:00
Clemens Hammacher
6c06e62eeb [api] Fix external strings of length 0
External string resources of length {0} have a {nullptr} data since
https://crrev.com/c/1424861.
This CL fixes allocation of an external one-byte string from such a
resource.

R=ishell@chromium.org

Bug: chromium:995108
Change-Id: Ic8ef507d808583c1b529085d990d705058953f03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781051
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63543}
2019-09-04 09:19:53 +00:00
Dan Elphick
afca89f848 [parser] Improve hole check elision in async arrow funcs
Use the position of commas in async arrow expressions to mark the
initializer position of any parameters that might have been set in the
preceding parameter.

This extends https://chromium-review.googlesource.com/c/v8/v8/+/1710671
to async arrow heads.

Bug: v8:8510, chromium:997320
Change-Id: I98e0ac817c7f53fbf1dced98fb6891a386ee7803
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781057
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63542}
2019-09-04 09:13:03 +00:00
Andreas Haas
bf78435b2c [wasm] Stage wasm-bigint
The implementation on wasm-bigint has been done, as far as I can tell.
There are no spec tests yet, only an out-dated copy of the original
spec tests which don't pass anymore. Therefore I disabled all the tests
for now and created a tracking bug at https://crbug.com/v8/9673.

R=adamk@chromium.org

Bug: v8:7741, v8:9673
Change-Id: I015846cc6008ad266402b6835e634723a1a076da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781050
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63541}
2019-09-04 08:52:03 +00:00
Georg Neis
bd397c4e73 [turbofan] Remove unnecessary code from frame state creation helpers
Change-Id: I65c1c5a75cde738f8fce33d2230fd12338f55154
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783000
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63540}
2019-09-04 08:50:03 +00:00
Zhou, Zhiguo
2737dfca21 Log debug info of WASM for Linux Perf tool
This CL adds an overloaded function PerfJitLogger::LogWriteDebugInfo
for writing JIT_DEBUG_INFO record into jitdump file. With this CL,
perf-annotate can display profiling information of JITted code with
the corresponding source code interleaved.

Change-Id: Ie1271e08b69712c81129335825467d83674d7938
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672531
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Zhiguo Zhou <zhiguo.zhou@intel.com>
Cr-Commit-Position: refs/heads/master@{#63539}
2019-09-04 08:38:24 +00:00
Jakob Gruber
cabe5fa9b2 [snapshot] Align allocation address for the embedded blob
AllocatePages (used to allocate the embedded blob's backing store
during mksnapshot) has allocation address, size, and alignment
parameters. Both address and size are expected to be aligned, but we
were only aligning size properly. This CL also aligns the address (and
adds a bunch of comments as well).

Bug: v8:9677
Change-Id: Ia739682236c74278bcaf1c9b7c9c4b3e0b0c5582
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784277
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63538}
2019-09-04 06:50:30 +00:00
v8-ci-autoroll-builder
929440f868 Update V8 DEPS.
Rolling v8/build: 4fa36b1..693faed

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5198ea1..e7c719c

Rolling v8/third_party/depot_tools: 355e97e..f38bc17

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I07b2661ff208bf920cc751ebea258c02a3e112b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783170
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63537}
2019-09-04 03:44:20 +00:00
Francis McCabe
af04a51efd Revert "Update GetIterator bytecode to load and call object[Symbol.iterator]"
This reverts commit 8b89a7c32d.

Reason for revert: GC Stress tests timing out.
See https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/24272

Original change's description:
> Update GetIterator bytecode to load and call object[Symbol.iterator]
> 
> The functionality of the GetIterator bytecode introduced previously is
> now extended from loading the @@iterator property to calling the property
> as well. This change basically absorbs the functionality of additional
> two bytecodes - Star, CallProperty0 in the GetIterator bytecode.
> Importantly, this change handles the cases of eager and lazy deoptimization
> in the middle of the bytecode, i.e., lazy deopt for LdaNamedProperty and
> eager deopt of the CallProperty0 bytecode, using the continuation builtins.
> This mechanism can work as a template for the future bytecode that require
> handling such inter-bytecode deopt scenario. The tests evaluating the eager
> and lazy deopt scenarios are also included.
> 
> Bug: v8:9489
> Change-Id: I93eb022bbc3d37582407820aa8482a343cac6c12
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758313
> Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63528}

TBR=rmcilroy@chromium.org,neis@chromium.org,leszeks@chromium.org,tebbi@chromium.org,swapnilgaikwad@google.com

Change-Id: I9ae475f71275f71f1b9e60b8bf0578e21ce2704b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9489
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783736
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63536}
2019-09-03 23:19:12 +00:00
Dominik Inführ
d4e168a3b5 Revert "[heap] Remove size from invalidated slots"
This reverts commit 93063ade0f.

Reason for revert: Clusterfuzz found issue.

Original change's description:
> [heap] Remove size from invalidated slots
> 
> Slots are always valid inside an invalidated area when outside the
> respective object's current size. This allows us to remove the size
> from the InvalidatedSlots data structure.
> 
> This change was enabled by https://crrev.com/c/1771793.
> 
> Bug: v8:9454
> Change-Id: I2b5a7234d47227cb6ad8d67de20e9b5a2028ae83
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1773242
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63510}

TBR=ulan@chromium.org,sigurds@chromium.org,tebbi@chromium.org,dinfuehr@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:9454
Change-Id: I7daf96cf50aaedd4dbdab48fd550182df94e54bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783106
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63535}
2019-09-03 23:14:10 +00:00