This allows us to consume the type hints gathered by the CompareIC
for the strict equality and inequality operators. Similar to abstract
equality We need to distinguish Number and NumberOrOddball feedback,
as strict equality doesn't truncate Oddball to Number.
R=epertoso@chromium.org
BUG=v8:4583
Review-Url: https://codereview.chromium.org/2222993003
Cr-Commit-Position: refs/heads/master@{#38438}
This CL changes the semantics of FloatXXSub to match the semantics of
the semantics of FloatXXSubPreserveNan. Therefore there is no need
anymore for the FloatXXSubPreserveNan operators.
The optimizations in VisitFloatXXSub which are removed in this CL have
already been moved to machine-operator-reducer.cc in
https://codereview.chromium.org/2226663002R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2220973002
Cr-Commit-Position: refs/heads/master@{#38437}
This CL applies the same optimization already present for calling API-function.
Execution::New and Execution::Call now both check whether the target is an
API-function and avoid calling out into the construct/call stub.
BUG=chromium:630217
Review-Url: https://codereview.chromium.org/2203353002
Cr-Commit-Position: refs/heads/master@{#38433}
This allows us to consume the type hints gathered by the CompareIC for
the abstract equality and inequality operators. We need to distinguish
Number and NumberOrOddball feedback now, as abstract equality doesn't
truncate null and undefined to Number.
R=epertoso@chromium.org
BUG=v8:4583
Review-Url: https://codereview.chromium.org/2222983002
Cr-Commit-Position: refs/heads/master@{#38432}
Introduces a new VariableLocation MODULE for variables that live in a
module's export table. Scope analysis sets this for the approriate variables.
Not yet supported by any backend.
Also, treats all imports as CONST bindings (including namespace imports), rather
than having new special variable modes.
BUG=
Review-Url: https://codereview.chromium.org/2199283002
Cr-Commit-Position: refs/heads/master@{#38426}
Pass in zone() explicitly to SloppyBlockFunctionMap::Declare and VariableMap::Declare instead.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2223773002
Cr-Commit-Position: refs/heads/master@{#38424}
The outer scope of the scope we are compiling doesn't need analysis. Either we're compiling top-level code in which case there is no outer scope. Or we are compiling code at the top-level (eval, function, module), and there won't be anything to resolve in the outer scope. Lastly we could also be compiling with a deserialized scope. In that case the outer scope is already resolved.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2224593002
Cr-Commit-Position: refs/heads/master@{#38419}
Introduce a dedicated MaybeGrowFastElements simplified operator, which
tries to grow a fast elements backing store for a given element that
should be added to an array/object. Use that to lower a growing keyed
store to a sequence of
1) check index is a valid array index,
2) check stored value,
3) maybe grow elements backing store (and deoptimize if it would
normalize), and
4) store the actual element.
The actual growing is done by two dedicated GrowFastDoubleElements
and GrowFastSmiOrObjectElements builtins, which are very similar to
the GrowArrayElementsStub that is used by Crankshaft.
Drive-by-fix: Turn CopyFixedArray into CopyFastSmiOrObjectElements
builtin, similar to the new growing builtins, so we don't need to
inline the store+write barrier for the elements into all optimized
code objects anymore.
Also fix a bug in the OperationTyper for NumberSilenceNaN, which was
triggered by this change.
BUG=v8:5272
Review-Url: https://codereview.chromium.org/2227493002
Cr-Commit-Position: refs/heads/master@{#38418}
Up until now "-0.0 - x" was lowered in the instruction selector. I moved
the lowering now to the MachineOperatorReducer.
I did not remove the lowering from the instruction selector yet, I would
prefer to do that in a separate CL.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2226663002
Cr-Commit-Position: refs/heads/master@{#38417}
Properly figure out NaN and -0 cases even for non-integer inputs. This
helps to reduce the number of checks we have to perform in case we try
to go back to int32 after a floating point operation.
R=epertoso@chromium.org
Review-Url: https://codereview.chromium.org/2221863002
Cr-Commit-Position: refs/heads/master@{#38415}
Reason for revert:
We can revert this now that it's landed on 5.3.
Original issue's description:
> Fix an OOB read through CallSite.GetFunctionName
>
> The func_index parameter passed to GetWasmFunctionNameFromTable can be
> user-controlled through the CallSite constructor. Catch out-of-bounds
> reads and return null as the function name in such cases.
>
> This applies to the 5.3 branch and will be reverted on TOT in a bit.
>
> BUG=632965
>
> Committed: https://crrev.com/8592c450a68581d7257c1b2002983c0092cd749a
> Cr-Commit-Position: refs/heads/master@{#38276}
TBR=ahaas@chromium.org,yangguo@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=632965
Review-Url: https://codereview.chromium.org/2225773002
Cr-Commit-Position: refs/heads/master@{#38414}
Properly figure out NaN and -0 cases even for non-integer inputs. This
helps to reduce the number of checks we have to perform in case we try
to go back to int32 after a floating point operation.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2227533002
Cr-Commit-Position: refs/heads/master@{#38413}
Reason for revert:
Leaks block chromium roll:
https://codereview.chromium.org/2219083003/
Example build:
https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_asan_rel_ng/builds/205435
You can add the trybot from tryserver.chromium.linux, linux_chromium_asan_rel_ng, on reland.
Original issue's description:
> [Reland][Tracing] Embed V8 runtime call stats into tracing.
>
> Currently we have V8 RuntimeCallStats that is independently from tracing when
> running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
> stats into tracing, by having a global table of runtime call counters each
> isolate, resetting the table each time we enter a top level trace event, and
> dumping the table for each top level trace event. This will make trace file more
> compat, as well as enable runtime call stats in tracing system.
>
> This patch adds ~5% overhead to V8 when the category is enabled, we measure the
> overhead by running a script when category is enabled.
>
> BUG=v8:5089
>
> Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
> Committed: https://crrev.com/1ca3b73bba4a7253ca8eeef39321d70e7d414331
> Committed: https://crrev.com/3f936a5b17754783e92d2146eaf66c88a78ee45b
> Cr-Original-Original-Commit-Position: refs/heads/master@{#38270}
> Cr-Original-Commit-Position: refs/heads/master@{#38314}
> Cr-Commit-Position: refs/heads/master@{#38403}
TBR=cbruni@chromium.org,fmeawad@chromium.org,bmeurer@chromium.org,adamk@chromium.org,rmcilroy@chromium.org,lpy@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5089
NOTRY=true
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2221853002
Cr-Commit-Position: refs/heads/master@{#38412}
Introduce a dedicated NumberOperationHint enum that represents the
feedback we can use for speculative number operations.
BUG=v8:4930
Review-Url: https://codereview.chromium.org/2220573002
Cr-Commit-Position: refs/heads/master@{#38411}
Rolling v8/build to 0aef44ff3987075f96208a8418c9f92038e7cf52
Rolling v8/tools/clang to c08b639033e7eca409e7d61c8384b7e328aabe8f
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2227473002
Cr-Commit-Position: refs/heads/master@{#38409}
Assign feedback slots in the type feedback vector for binary operations.
Update bytecode-generator to use these slots and add them as an operand
to binary operations.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2209633002
Cr-Commit-Position: refs/heads/master@{#38408}
AtomicNumber should make dealing with atomic counters easier. This is not the
case with size_t, as we cannot properly use the Increment() method for negative
numbers.
With this CL we can use AtomicNumber<size_t> and have proper decrements.
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2215693002
Cr-Commit-Position: refs/heads/master@{#38407}
This patch folds --optimize-for-size flag and check for low-memory device
into Heap::ShouldOptimizeForMemoryUsage() predicate.
It has the following side effects:
- the heap growing factor for low-memory devices is capped at 1.3 (old value was 2.0).
- the memory reducer will be more aggressive for low-memory devices.
BUG=chromium:634900
Review-Url: https://codereview.chromium.org/2218703004
Cr-Commit-Position: refs/heads/master@{#38406}
Rolling v8/build to 4f92210342e455123c37ad2040085b84a8ab6274
Rolling v8/buildtools to e4aa960cb9cd2c7dbaa69655efa85b3d7dff13dd
Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to 470265c2fd38206eb1ca36fbe8a50931c1b8f83d
Rolling v8/tools/clang to 36887a18177854dec069b5dc0e14b4274fc0c709
Rolling v8/tools/gyp to 93cc6e2c23e4d5ebd179f388e67aa907d0dfd43d
Rolling v8/tools/mb to 98a61eae883d6e59651c5a2af141cd45f754aa71
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2213393003
Cr-Commit-Position: refs/heads/master@{#38405}
- Don't read .constructor when returning a Promise from an async function.
Instead, call out to the internals of Promise.resolve directly.
This is done by adding back in an "optimization" from an earlier form of
the async/await code written by Caitlin Potter.
- Async functions always return a new Promise with a distinct identity,
even if they simply return another Promise.
R=caitp@igalia.com
BUG=v8:4483
Review-Url: https://codereview.chromium.org/2219623002
Cr-Commit-Position: refs/heads/master@{#38404}
Currently we have V8 RuntimeCallStats that is independently from tracing when
running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
stats into tracing, by having a global table of runtime call counters each
isolate, resetting the table each time we enter a top level trace event, and
dumping the table for each top level trace event. This will make trace file more
compat, as well as enable runtime call stats in tracing system.
This patch adds ~5% overhead to V8 when the category is enabled, we measure the
overhead by running a script when category is enabled.
BUG=v8:5089
Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
Committed: https://crrev.com/1ca3b73bba4a7253ca8eeef39321d70e7d414331
Review-Url: https://codereview.chromium.org/2187693002
Cr-Original-Original-Commit-Position: refs/heads/master@{#38270}
Cr-Original-Commit-Position: refs/heads/master@{#38314}
Cr-Commit-Position: refs/heads/master@{#38403}
Drive-by-fix: improve threading test log output by also showing the names of the
tests when they start and end.
Review-Url: https://codereview.chromium.org/2218033002
Cr-Commit-Position: refs/heads/master@{#38402}
Reason for revert:
asan failures are caused by a flaky stack-verflow (see https://codereview.chromium.org/2218033002 for a fix).
Original issue's description:
> Revert of [api] Clean up scopes and precheck instantiations cache (patchset #3 id:40001 of https://codereview.chromium.org/2206773003/ )
>
> Reason for revert:
> [Sheriff] Leads to mac asan failures:
> https://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/7835
>
> Original issue's description:
> > [api] Clean up scopes and precheck instantiations cache
> >
> > Make sure all the scopes used in api-natives.cc have inlineable constructors
> > and destructors. Additionally directly precheck the instantiations cache before
> > trying to enter the InvokeScope which sets the save_context.
> >
> > BUG=chromium:630217
> >
> > Committed: https://crrev.com/a2496b942cad524f0f3144b107936eaa9a7c9fd5
> > Cr-Commit-Position: refs/heads/master@{#38346}
>
> TBR=yangguo@chromium.org,cbruni@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:630217
>
> Committed: https://crrev.com/e1b5cb43a9b90546ff5d6cea89ba17c485e842fb
> Cr-Commit-Position: refs/heads/master@{#38356}
TBR=yangguo@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:630217
Review-Url: https://codereview.chromium.org/2217353002
Cr-Commit-Position: refs/heads/master@{#38401}
This also gets rid of the pending_error_handler field on DeclarationScope which wasn't actually used.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2218083002
Cr-Commit-Position: refs/heads/master@{#38400}
The old code was using VariableMode, but that signal is both
over-pessimistic (some CONST and LET variables need no hole-initialization)
and inconsistent with other uses of the InitializationFlag enum (such
as %LoadLookupSlot).
This changes no observable behavior, but removes unnecessary hole
initialization and hole checks in a few places, including
block-scoped function declarations, super property lookups,
and new.target.
R=bmeurer@chromium.org, neis@chromium.org
Review-Url: https://codereview.chromium.org/2201193004
Cr-Commit-Position: refs/heads/master@{#38395}
ForInPrepare checked whether the receiver object was null, undefined or
converted to a JSObject. This is already done by the generated bytecode.
BUG=v8:4820
LOG=n
Review-Url: https://codereview.chromium.org/2208043002
Cr-Commit-Position: refs/heads/master@{#38394}
This extends JSNativeContextSpecialization with support for stores to
fast object/smi element backing stores that are marked as copy-on-write.
In this case we first call the CopyFixedArray builtin to take a copy of
the elements backing store, and then store the new elements back to the
object, and finally perform the actual element store.
R=epertoso@chromium.org
BUG=v8:4470
Committed: https://crrev.com/ac98ad22f049a59c48387f1bab1590f135d219c6
Review-Url: https://codereview.chromium.org/2218703003
Cr-Original-Commit-Position: refs/heads/master@{#38370}
Cr-Commit-Position: refs/heads/master@{#38392}
If we infer loop variable bounds, we need to insert a type rename node
(sigma) to make sure that simplified lowering can choose representations
consistently.
Review-Url: https://codereview.chromium.org/2222513002
Cr-Commit-Position: refs/heads/master@{#38391}
