Changes the ValueNumberingReducer to grow when at 80% capacity, rather
than at 50% capacity. This matches the behaviour of base/hashmap.
Review-Url: https://codereview.chromium.org/2474873003
Cr-Commit-Position: refs/heads/master@{#40734}
This makes sure the test in question does not rely on specific lifetime
characteristics for local variables within a function. Note that these
lifetimes are not specified by JavaScript and are not observable within
JavaScript proper. The natives syntax however makes it observable.
BUG=v8:5345
TEST=mjsunit/wasm/compiled-module-management
R=mtrofin@chromium.org
Review-Url: https://codereview.chromium.org/2474053002
Cr-Commit-Position: refs/heads/master@{#40733}
Load the correct 32-bit word to determine if the buffer is shared by
using kBitFieldOffset instead of kBitFieldSlot.
R=ishell@chromium.org,mstarzinger@chromium.org,jkummerow@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2470023003
Cr-Commit-Position: refs/heads/master@{#40730}
If a WebAssembly function is exported, its js-to-wasm wrapper has a
field which contains a reference to the WebAssembly function.
Originally this reference was an index into the export table, which
then contains an index into the function table, which then contains
the metadata of the WebAssembly function.
With this CL we use the index into the function table directly as
the reference to the WebAssembly function.
TEST=mjsunit/wasm/test-import-export-wrapper
R=rossberg@chromium.org, mtrofin@chromium.orgCC=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2472103002
Cr-Commit-Position: refs/heads/master@{#40729}
With an instance of CodeStubArguments, builtin stub generators can generate code
that accesses the receiver passed to the builtin, as well as access and iterate
over the variable number of arguments that are passed in.
Review-Url: https://codereview.chromium.org/2469273003
Cr-Commit-Position: refs/heads/master@{#40726}
For lowering CheckHeapObject, always report TaggedPointer representation
and let the RepresentationChanger come up with a reasonable conversion from
whatever input representation to TaggedPointer. This way we no longer insert
the useless ChangeSomethingToTagged and then check the result for HeapObject,
i.e. mostly reduces the amount of useless code being generated.
Note there are now two operators ChangeFloat64ToTaggedPointer and the old
ChangeFloat64ToTagged, because their semantics different wrt. the strength
reduction in the SimplifiedOperatorReducer.
Also set the output MachineRepresentation::kTaggedPointer properly in
SimplifiedLowering whenever we know that we produce a HeapObject.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2476593002
Cr-Commit-Position: refs/heads/master@{#40725}
Removed a wrong condition test in TwoByteExternalBufferedStream. This changed fixes errors that may occur under some conditions.
Review-Url: https://codereview.chromium.org/2469723002
Cr-Commit-Position: refs/heads/master@{#40722}
Reason: We're planning to drop support for Linux Precise for layout tests.
BUG=chromium:660580
NOTRY=true
Review-Url: https://codereview.chromium.org/2475563002
Cr-Commit-Position: refs/heads/master@{#40717}
This disables the usage of the {maybe_assigned} flag that the variable
resolution computes for each variable on non-asm.js code. Note that the
analysis is fundamentally broken for destructuring and top-level lexical
variables. Also note that this still uses the analysis for asm.js code
even though it is not validated. One can still trigger the bug by using
invalid constructs within a function marked with "use asm". The fix is
intentionally minimal so that it can be merged to release branches.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-659915
BUG=chromium:659915
Review-Url: https://codereview.chromium.org/2471523005
Cr-Commit-Position: refs/heads/master@{#40716}
This removes the first stack check in inlined functions in the bytecode
graph builder, to match the behaviour of the AST graph builder.
I measure a ~1% statistically significant (p < 0.01) improvement on
Mandreel with --ignition-staging --turbo (on my x64 machine, YMMV).
Review-Url: https://codereview.chromium.org/2392333002
Cr-Commit-Position: refs/heads/master@{#40715}
This turns the ZoneList with minimum 6 words overhead into a linked list through variables, using 2 words for the empty list. Additionally the average number of pointers per entry goes down to the optimal 1 per variable that's in a list.
This does introduce 1 pointer unnecessary overhead for dynamic variables. If that becomes a problem we could distinguish between variables in lists and variables not in lists. We can distinguish them at construction-time.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2475433002
Cr-Commit-Position: refs/heads/master@{#40714}
Reason for revert:
Performance regression on Octane and V8 runtime stats.
Original issue's description:
> [heap] Invoke incremental marking step before allocation.
>
> This ensures that the newly allocated object immediatly precedes the
> linear allocation area, which is needed for allocation folding.
>
> For more info see:
> https://bugs.chromium.org/p/chromium/issues/detail?id=659165#c13
>
> BUG=chromium:659165
TBR=hpayer@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:659165
Review-Url: https://codereview.chromium.org/2472043002
Cr-Commit-Position: refs/heads/master@{#40713}
'a' and 'w' are mutually exclusive and just 'a' is what we actually
want. Linux doesn't care (it just takes the first one) but Windows
throws a ValueError.
R=machenbach@chromium.org
BUG=None
Review-Url: https://codereview.chromium.org/2467363002
Cr-Commit-Position: refs/heads/master@{#40711}
Reason for revert:
speculative revert to address regressions on cnn.com benchmark.
Original issue's description:
> [tools] Support custom script injection for callstats.py
>
> This is a poor-man's solution to trigger page interactions.
>
> BUG=
TBR=jochen@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review-Url: https://codereview.chromium.org/2464053005
Cr-Commit-Position: refs/heads/master@{#40710}
Make RuntimeCallTimer::parent_ and RuntimeCallStats::current_timer_
fields atomic as they are accessed from the signal handler.
BUG=chromium:660428
Review-Url: https://codereview.chromium.org/2464973002
Cr-Commit-Position: refs/heads/master@{#40709}
The wasm interpreter crashed because it interpreted the table of
br_table as a table of uint8, but according to the spec it is a table of
varint32. Therefore the wasm interpreter misinterpreted 0x80 0x00 as 128
and not as 0, which caused a crash.
R=tizer@chromium.org
BUG=chromium:660262
TEST=cctest/test-run-wasm/RunWasmInterpreted_Regression_660262
Review-Url: https://codereview.chromium.org/2463063002
Cr-Commit-Position: refs/heads/master@{#40708}
Apparently the previous clean up has regressed performance in some
cases. This is an attempt to recover these regressions.
R=ulan@chromium.org
BUG=chromium:661567
Review-Url: https://codereview.chromium.org/2471493003
Cr-Commit-Position: refs/heads/master@{#40707}
This reduces per-scope overhead from minimally 6 words to 2 words, with one additional pointer per entry, rather than an average of 2 per entry for larger-than-4 element lists. For temp zone parsed functions it additionally makes the declaration-list actually freeable.
This introduces ThreadedList to implement the details of dealing with such a list.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2457393003
Cr-Commit-Position: refs/heads/master@{#40703}
To enable the global object prototype chain to be frozen, all objects
in the chain need to be marked as immutable prototype exotic objects.
However, a bug in the previous implementation of immutable prototype
exotic objects left the check in place when initially setting up the
object, which made it impossible to allow inheritance chains. This
patch removes that mistaken check.
BUG=v8:5149
Review-Url: https://codereview.chromium.org/2449163004
Cr-Commit-Position: refs/heads/master@{#40702}
Reason for revert:
Causes performance regressions (up to 10% on the "IC" bucket). :-(
Original issue's description:
> [ic] Experiment: disable map-specific handler cache.
>
> IC data handlers support most of the hot cases nowdays. Let's see if
> the map-specific code cache still help us to improve things.
>
> BUG=v8:5561
TBR=ishell@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5561
Review-Url: https://codereview.chromium.org/2474653002
Cr-Commit-Position: refs/heads/master@{#40701}
In the process, add a more general mechanism for passing around
and amending list of CodeStubAssembler Variables. That change
makes it possible to more easily add Variables to loops that are
generated by utility functions, e.g. BuildFastLoop.
LOG=N
Review-Url: https://codereview.chromium.org/2461363002
Cr-Commit-Position: refs/heads/master@{#40700}
This is preparation for using TF to create builtins that handle variable number of
arguments and have to remove these arguments dynamically from the stack upon
return.
The gist of the changes:
- Added a second argument to the Return node which specifies the number of stack
slots to pop upon return in addition to those specified by the Linkage of the
compiled function.
- Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
handles all tail-call cases except where the return value type differs, this fallback
was not really useful and in fact caused unexpected behavior with variable
sized argument popping, since it wasn't possible to materialize a Return node
with the right pop count from the TailCall without additional context.
- Modified existing Return generation to pass a constant zero as the additional
pop argument since the variable pop functionality
LOG=N
Review-Url: https://codereview.chromium.org/2446543002
Cr-Commit-Position: refs/heads/master@{#40699}
Delayed chunks in the unmapper are chunks that should be unmapped but could
potentially still be accessed by the sweeper (page header), hence their
unmapping is delayed.
During TearDown, however, we need to properly unmap those pages, i.e., check
that they can now be unmapped (should always hold) and properly unmap them.
BUG=chromium:656537
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2472573003
Cr-Commit-Position: refs/heads/master@{#40698}
Only ARM should have fixed live range arrays for float / simd128.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2471533002
Cr-Commit-Position: refs/heads/master@{#40696}
port 5ef1bddf80 (r40690)
original commit message:
All vector ICs use the TypeFeedbackVector::ComputeCounts method now,
while the remaining patching ICs still use the traditional way of
counting on the TypeFeedbackInfo hanging off the fullcodegen code
object. This fixes the problem that counts were sometimes off.
BUG=
Drive-by-fix: Move FullCodeGenerator::CallIC to fullcodegen.cc.
Review-Url: https://codereview.chromium.org/2470063002
Cr-Commit-Position: refs/heads/master@{#40692}
Reason for revert:
Seems to break arm64 sim debug and blocks roll:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/builds/3294
Original issue's description:
> [turbofan] Support variable size argument removal in TF-generated functions
>
> This is preparation for using TF to create builtins that handle variable number of
> arguments and have to remove these arguments dynamically from the stack upon
> return.
>
> The gist of the changes:
> - Added a second argument to the Return node which specifies the number of stack
> slots to pop upon return in addition to those specified by the Linkage of the
> compiled function.
> - Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
> handles all tail-call cases except where the return value type differs, this fallback
> was not really useful and in fact caused unexpected behavior with variable
> sized argument popping, since it wasn't possible to materialize a Return node
> with the right pop count from the TailCall without additional context.
> - Modified existing Return generation to pass a constant zero as the additional
> pop argument since the variable pop functionality
>
> LOG=N
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,epertoso@chromium.org,danno@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2473643002
Cr-Commit-Position: refs/heads/master@{#40691}
All vector ICs use the TypeFeedbackVector::ComputeCounts method now,
while the remaining patching ICs still use the traditional way of
counting on the TypeFeedbackInfo hanging off the fullcodegen code
object. This fixes the problem that counts were sometimes off.
Drive-by-fix: Move FullCodeGenerator::CallIC to fullcodegen.cc.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2472653002
Cr-Commit-Position: refs/heads/master@{#40690}
IC data handlers support most of the hot cases nowdays. Let's see if
the map-specific code cache still help us to improve things.
BUG=v8:5561
Review-Url: https://codereview.chromium.org/2462973003
Cr-Commit-Position: refs/heads/master@{#40685}