This is mostly about DCHECKs. Enabling some requires a few
changes to tests that were not careful about types.
BUG=
Review-Url: https://codereview.chromium.org/2033703002
Cr-Commit-Position: refs/heads/master@{#36734}
This calls the action that archives test262 in gn. In gn
we can't specify an action output outside the product
directory. This works around it with an extra action
stamp file in the product directory, while the archive
remains in the test directory.
We don't want to generate the archive in the product
directory, as some legacy archiving scripts might include
it and it's too large. It should only be included in the
swarming tasks that are going to use it for testing.
BUG=chromium:474921
Review-Url: https://codereview.chromium.org/2034713005
Cr-Commit-Position: refs/heads/master@{#36731}
This change requires a single pass over the register set during
bytecode pipeline flushes.
A few bytecode tests are updated too because the order of register
flushes is different.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2033013002
Cr-Commit-Position: refs/heads/master@{#36726}
This moves processing of jumps out of bytecode array builder and into
bytecode array writer. This simplifies the pipeline by avoiding having
to flush for offset and patch up offsets in bytecode array builder based
on what was emitted by the bytecode array writer.
This also enables future refactorings to add dead code elimination back
into the pipeline, and move processing of scalable operand sizes to the
end of the pipeline (in the bytecode array writer) rather than having to
deal with scalable operand types throughout pipeline.
BUG=v8:4280,chromium:616064
Review-Url: https://codereview.chromium.org/2035813002
Cr-Commit-Position: refs/heads/master@{#36716}
This adds corresponding *_run targets for all swarming
isolate actions existing in gyp. This also wires all
targets together under gn_all.
BUG=chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/2033813004
Cr-Commit-Position: refs/heads/master@{#36714}
This adds the v8-side fuzzer executables for smoke testing.
This also renames the old gyp targets to stay consistent
with chromium.
Naming convention for type X after the rename:
library: X_fuzzer (gn), X_fuzzer_lib (gyp)
executable v8: v8_simple_X_fuzzer
executable chromium: v8_X_fuzzer
BUG=chromium:474921
Review-Url: https://codereview.chromium.org/2032363002
Cr-Commit-Position: refs/heads/master@{#36713}
- Adds names for float registers to RegisterConfiguration and uses them
when we have the MachineRepresentation.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2030143002
Cr-Commit-Position: refs/heads/master@{#36712}
Add intrinsics for IsSmi, IsTypedArray, IsRegExp and IsJSProxy,
all of which are intrinsics in Full-Codegen.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2034493002
Cr-Commit-Position: refs/heads/master@{#36707}
These speculative binary operators are simplified operators and should
not need a frame state themselves. These eager bailout points can by now
be found via checkpoints in the graph, whereas frame states attached to
nodes directly should always represent lazy bailout points.
R=jarin@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2037673002
Cr-Commit-Position: refs/heads/master@{#36705}
Introduce a dedicated Float64Log machine operator, that is either
implemented by a direct C call or by platform specific code, i.e.
using the FPU on x64 and ia32.
This operator is used to implement Math.log as a proper TurboFan
builtin on top of the CodeStubAssembler.
Also introduce a NumberLog simplified operator on top of Float64Log
and use that for the fast inline path of Math.log inside TurboFan
optimized code.
BUG=v8:5065
Review-Url: https://codereview.chromium.org/2029413005
Cr-Commit-Position: refs/heads/master@{#36703}
This removes the frame state input representing the before-state from
nodes performing property accesses. These frame states can by now be
found via checkpoints in the graph.
R=jarin@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2034673002
Cr-Commit-Position: refs/heads/master@{#36699}
A value in unittests/Bytecodes.DecodeBytecodeAndOperands was 16 bit
instead of 8 bit. This was causing test to fail on big endian machines.
BUG=
Review-Url: https://codereview.chromium.org/2030063002
Cr-Commit-Position: refs/heads/master@{#36698}
VC++ complains about truncation of integer constants despite use of
static_cast. This isn't very helpful as it gives no way of suppressing
the warning in code, so this change suppresses it on the command line.
Additionally, the linker complains about importing of locally defined
functions in component builds. Until this is fixed the warnings should
be suppressed.
NOTRY=true
Review-Url: https://codereview.chromium.org/2028353004
Cr-Commit-Position: refs/heads/master@{#36695}
Previously, CodeAssembler Variables declared in an explicit C++ scope would
continue to be merged into future labels beyond that scope, causing
asserts. This CL ensures that Variables are properly ignored when they go out of
scope.
Review-Url: https://codereview.chromium.org/2035683002
Cr-Commit-Position: refs/heads/master@{#36690}
Previously, turbofan selected the gap use from first predecessor block when
hinting a phi, unless that block was deferred, in which case the gap move from
the first non-deferred predecessor block was chosen.
This strategy didn't guarantee that an important invariant was maintained: the
predecessor blocks chosen for hinting phis must preceed the phi's block in the
rpo ordering. In most cases the strategy worked, since graphs generated by the
AstGraphBuilder and existing stubs just happened to always generate schedules
where this rpo ordering property for the first predecessor block, but it is
quite possible to generate a code stub by hand that doesn't have this property
(see included test case).
After this CL, the allocator chooses either the the first non-deferred
"rpo-preceeding" block to be the hinting block, or the first deferred
"rpo-preceeding" block if that doesn't exist. In all previously-existing code,
this behavior is the same as the original algorithm, but has the benefit of not
failing in the register allocator in hand-crafted stubs where all the
"rpo-preceeding" predecessors are all in deferred code.
Review-Url: https://codereview.chromium.org/2030463003
Cr-Commit-Position: refs/heads/master@{#36689}
... since CodeStubAssembler does not belong to v8::internal::compiler namespace anymore.
Review-Url: https://codereview.chromium.org/2035533003
Cr-Commit-Position: refs/heads/master@{#36683}
Most maps have a small code cache (often only one entry), so this patch
optimizes memory consumption of such cases by using plain FixedArrays,
only switching to CodeCacheHashTables when the number of cached entries
gets so large that linear-scan lookups get too slow.
On loading inbox.google.com, this gets the aggregate size of all maps'
code caches (there are about 13,600 of them) from 4300 KB to 970 KB.
Review-Url: https://codereview.chromium.org/2021373002
Cr-Commit-Position: refs/heads/master@{#36681}
This introduces optimized number operations based on type feedback.
Summary of changes:
1. Typed lowering produces SpeculativeNumberAdd/Subtract for JSAdd/Subtract if
there is suitable feedback. The speculative nodes are connected to both the
effect chain and the control chain and they retain the eager frame state.
2. Simplified lowering now executes in three phases:
a. Propagation phase computes truncations by traversing the graph from uses to
definitions until checkpoint is reached. It also records type-check decisions
for later typing phase, and computes representation.
b. The typing phase computes more precise types base on the speculative types (and recomputes
representation for affected nodes).
c. The lowering phase performs lowering and inserts representation changes and/or checks.
3. Effect-control linearization lowers the checks to machine graphs.
Notes:
- SimplifiedLowering will be refactored to have handling of each operation one place and
with clearer input/output protocol for each sub-phase. I would prefer to do this once
we have more operations implemented, and the pattern is clearer.
- The check operations (Checked<A>To<B>) should have some flags that would affect
the kind of truncations that they can handle. E.g., if we know that a node produces
a number, we can omit the oddball check in the CheckedTaggedToFloat64 lowering.
- In future, we want the typer to reuse the logic from OperationTyper.
BUG=v8:4583
LOG=n
Review-Url: https://codereview.chromium.org/1921563002
Cr-Commit-Position: refs/heads/master@{#36674}
This removes the frame state input representing the before-state from
nodes having the {JSCallFunction} or {JSCallConstruct} operator. These
frame states can by now be found via checkpoints in the graph.
R=bmeurer@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2025573003
Cr-Commit-Position: refs/heads/master@{#36669}
We use StringFromCharCode to optimize calls to String.fromCharCode with
a single Number argument for now. We will use it to also implement the
charAt method on the String prototype.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2037453003
Cr-Commit-Position: refs/heads/master@{#36668}
Reason for revert:
Also failing with the new implementation:
https://build.chromium.org/p/chromium.gpu/builders/Linux%20Debug%20%28NVIDIA%29/builds/62646
Will do a local repro now.
Original issue's description:
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
> are processed by the sweeper concurrently.
>
> BUG=chromium:611688
> LOG=N
> TEST=cctest/test-array-buffer-tracker/*
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/279e274eccf95fbb4bd41d908b9153acf6ec118a
> Cr-Commit-Position: refs/heads/master@{#36653}
TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688
Review-Url: https://codereview.chromium.org/2032973002
Cr-Commit-Position: refs/heads/master@{#36663}
Eliminating dead code in the bytecode array builder doesn't play nice
with the register elimination optimizer. We should move it to it's own
stage in the optimization pipeline, however doing so would require
refactoring of how we deal with jumps, so for now just remove the dead
code elimination optimization.
BUG=chromium:616064
Review-Url: https://codereview.chromium.org/2030583002
Cr-Commit-Position: refs/heads/master@{#36660}
Reason for revert:
There are crashes on Win32 and Win64 bots.
Original issue's description:
> Extend HasProperty stub with dictionary-mode, string wrapper and double-elements objects support.
>
> This CL also replaces some Branch() usages with GotoIf/GotoUnless.
>
> BUG=v8:2743
> LOG=Y
>
> Committed: https://crrev.com/24066b6df4259b302edfa1db884c479008776a7e
> Cr-Commit-Position: refs/heads/master@{#36657}
TBR=verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2743
Review-Url: https://codereview.chromium.org/2028333002
Cr-Commit-Position: refs/heads/master@{#36659}
This CL also replaces some Branch() usages with GotoIf/GotoUnless.
BUG=v8:2743
LOG=Y
Review-Url: https://codereview.chromium.org/1995453002
Cr-Commit-Position: refs/heads/master@{#36657}
We already implemented CPU time for OS X and POSIX, this path is a
follow up for the implementation on Windows.
BUG=v8:5000
LOG=n
Review-Url: https://codereview.chromium.org/1977983003
Cr-Commit-Position: refs/heads/master@{#36656}
backing store.
Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
are processed by the sweeper concurrently.
BUG=chromium:611688
LOG=N
TEST=cctest/test-array-buffer-tracker/*
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/2026633003
Cr-Commit-Position: refs/heads/master@{#36653}
This CL also updates the elements kind transition lookup logic:
1) First we go back to the root map,
2) Follow elements kind transitions,
3) Replay the property transitions.
BUG=v8:5009
LOG=Y
TBR=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2015513002
Cr-Commit-Position: refs/heads/master@{#36652}
GenerateSmiToDouble on ia32 assumes that it is called from a JSFrame and can restore
the context from the StandardFrameConstants::kContextObject. In the case of the
interpreter it is called from a interpreter handler stub frame which doesn't
push the context onto it's frame. Instead, push and pop esi to explicitly restore it
correctly.
BUG=chromium:612386
Review-Url: https://codereview.chromium.org/2011313003
Cr-Commit-Position: refs/heads/master@{#36649}
A few values were missing use of a macro causing test to fail on big
endian machines.
BUG=
Review-Url: https://codereview.chromium.org/2024123002
Cr-Commit-Position: refs/heads/master@{#36645}
Reason for revert:
Triggers crashes on the deopt fuzzer:
https://build.chromium.org/p/client.v8/builders/V8%20Deopt%20Fuzzer/builds/10608
Repro:
out/Release/d8 --test --random-seed=849179141 --deopt-every-n-times 149 --nohard-abort --nodead-code-elimination --nofold-constants --noconcurrent-recompilation test/webkit/resources/standalone-pre.js test/webkit/dfg-arguments-mixed-alias.js test/webkit/resources/standalone-post.js
Original issue's description:
> [crankshaft] Only exclude explicit 'arguments' (and 'this') from liveness analysis.
>
> Currently, we do not emit EnvironmentMarkers if the hydrogen value
> in the environment is arguments object. As the hydrogen value can change
> for local variables, we emit only some environment markers. That can
> cause environment liveness analysis to mark part of live range as live
> and part as dead. The zapping phase then only inserts zaps in
> live->dead transitions, potentially zapping a live value.
>
> With this CL, we only emit EnvironmentMarkers for 'this' and
> 'arguments' local variables, disregarding the hydrogen value.
>
> BUG=chromium:612146
> LOG=n
>
> Committed: https://crrev.com/1428fbe224dc2df0cb6f59e4959430f7aa614064
> Cr-Commit-Position: refs/heads/master@{#36641}
TBR=jkummerow@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:612146
Review-Url: https://codereview.chromium.org/2029563002
Cr-Commit-Position: refs/heads/master@{#36644}
It happens that a scavenger runs during incremental marking. Currently scavenger does not care about MarkCompact's mark bits. When an object is alive and marked, and at least one scavenge happens during incremental marking, the object will be copied once to the other semispace in the new_space, and then once to the old_space. For surviving objects this is useless extra work.
In our current attempts (https://codereview.chromium.org/1988623002) to ensure marked objects are scavenged, all marked objects will survive therefore there will be many objects which will be uselessly copied.
This cl modifies our promotion logic so when incremental marking is in progress, and the object is marked, we promote it unconditionally.
BUG=
LOG=no
Review-Url: https://codereview.chromium.org/2005173003
Cr-Commit-Position: refs/heads/master@{#36643}
Currently, we do not emit EnvironmentMarkers if the hydrogen value
in the environment is arguments object. As the hydrogen value can change
for local variables, we emit only some environment markers. That can
cause environment liveness analysis to mark part of live range as live
and part as dead. The zapping phase then only inserts zaps in
live->dead transitions, potentially zapping a live value.
With this CL, we only emit EnvironmentMarkers for 'this' and
'arguments' local variables, disregarding the hydrogen value.
BUG=chromium:612146
LOG=n
Review-Url: https://codereview.chromium.org/2026173003
Cr-Commit-Position: refs/heads/master@{#36641}
This adds a very simplistic reduction of {CheckPoint} nodes via the new
{CheckpointElimination}, eliminating redundant check points that appear
in an effect chain of operations that are all {kNoWrite}. Such a chain
allows an arbitrary check point to be chosen. The current approach will
end up choosing the first one for all deopts in the chain.
R=bmeurer@chromium.org
TEST=unittests/CheckpointEliminationTest.CheckPointChain
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2022913003
Cr-Commit-Position: refs/heads/master@{#36634}
