Keep track of loop nesting depth on FunctionState and use that to decide
whether to mark var as assigned. That also fixes the weird cornercase where a
loop body can have multiple expressions due to multiple declarations with
independent initializers in a single var-statement.
Change-Id: Ia24affde29e22e9464448fd390062f6dd983faf2
Reviewed-on: https://chromium-review.googlesource.com/c/1405037
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58707}
For desrtucturing assignments from null/undefined, we throw an error
that references the destructuring object literal's property name, e.g.
for
var { x } = null;
we report that we cannot destructure 'x' from null.
Rather than calculating this property during bytecode generation (and
including it in the bytecode as an argument to the type error
constructor), we can calculate it at exception throwing time, by
re-parsing the source in a similar way to the existing call site
rendering.
This slightly decreases bytecode size and slightly decreases the amount
of work the bytecode compiler needs to do. In the future, it could also
allow us to give more detailed error messages, as we now have access to
the entire AST and are on the slow path anyway.
Bug: v8:6499
Change-Id: Icdbd4667db548b4e5e62ef97797a3771b5c1bf72
Reviewed-on: https://chromium-review.googlesource.com/c/1396080
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58706}
Class declarations support structured heap data that is a subtype of
HeapObject. Only fields of Object subtypes (both strong and weak)
are currently supported (no scalar fields yet).
With this CL, both the field list macro used with the C++
DEFINE_FIELD_OFFSET_CONSTANTS macro (to make field offset constants) as
well as the Torque "operator '.field'" macros are generated for the
classes declared in Torque. This is a first step to removing the
substantial amount of duplication and boilerplate code
needed to declare heap object classes.
As a proof of concept, and handful of class field definitions,
including those for non trivial classes like JSFunction, have been
moved to Torque.
Bug: v8:7793
Change-Id: I2fa0b53db65fa6f5fe078fb94e1db3418f908753
Reviewed-on: https://chromium-review.googlesource.com/c/1373971
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58704}
Originally, the NativeModule and the WasmModuleObject were created
together, and the streaming decoder was notified after the
WasmModuleObject was created. A recent CL (https://crrev.com/c/1402544),
however, changed that. The NativeModule gets created before compilation
starts, the WasmModuleObject, however, gets created after compilation.
The streaming decoder only needs the NativeModule to register a callback
before compilation. Therefore this CL we change the notification of the
streaming decoder to receive only the NativeModule, not the
WasmModuleObject, before starting compilation.
R=clemensh@chromium.orgCC=bbudge@chromium.org
Bug: chromium:719172
Change-Id: I4ad879e4ebd2d88174d7e2a0c6359f2836926763
Reviewed-on: https://chromium-review.googlesource.com/c/1404442
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58703}
Mostly signed integer overflows, and a few cases of double
division by zero (which is defined by IEEE-754 to return
Infinity (or NaN for 0/0) but is UB in C++).
In base/ieee754.cc, use constants for NaN and Infinity instead
of computing these values.
In spaces-unittest.cc, ensure that a large enough allocation
is used.
Bug: v8:3770
Change-Id: I50d9a77dc860ef9993b7b269a5f8c117b0f62f9d
Reviewed-on: https://chromium-review.googlesource.com/c/1403454
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58701}
Pipeline::GenerateCodeForWasmNativeStub() currently does not pass
an Isolate to the PipelineData it creates, to ensure that compiled
code does not accidentally depend on a given Isolate. However, this
prevents the assembler from converting ExternalReference accesses to
RootArray offsets. This patch sets the corresponding AssemblerOption.
Bug: v8:3770
Change-Id: Ia4d5269e2e884a0af8abc6d122734f47db045ac0
Reviewed-on: https://chromium-review.googlesource.com/c/1404447
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58700}
Since all categories are now statically defined, there's no need to warm
any of them up explicitly in order for the categories to show up in the
tracing UI.
Depends on https://chromium-review.googlesource.com/c/chromium/src/+/1401273.
Bug: chromium:914579
Change-Id: I8ae8977130ae89d6ee3351194ad258d13f3c14f4
Reviewed-on: https://chromium-review.googlesource.com/c/1402779
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Sami Kyöstilä <skyostil@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58699}
This will make it easier to separate out parameter declaration from other other
parameter scope information tracking.
Change-Id: I8712dd7fc589c84bc1e1a1eab9038af6047b21cd
Reviewed-on: https://chromium-review.googlesource.com/c/1403118
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58698}
This reverts commit 5dee355fe6.
Reason for revert: https://ci.chromium.org/p/v8-internal/builders/luci.v8-internal.ci/v8_linux64_perf_1/4282
Original change's description:
> [test] add perf tests for String.p.startsWith
>
> Add performance tests for String.prototype.startsWith ahead of port to
> torque in order to keep track of how performance is affected.
>
> Bug: v8:8400
> Change-Id: Ifc753a6f13da20c1760e545a99fd693717e3acc6
> Reviewed-on: https://chromium-review.googlesource.com/c/1402934
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58685}
TBR=jgruber@chromium.org,usharma1998@gmail.com
Change-Id: I5855b08fa5e55ab8594185a0a84a26f567e2b9d3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8400
Reviewed-on: https://chromium-review.googlesource.com/c/1404446
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58697}
Mostly signed integer overflows, and a few cases of double
division by zero (which is defined by IEEE-754 to return
Infinity (or NaN for 0/0) but is UB in C++).
Bug: v8:3770
Change-Id: Id92725b0ac57cb357978124a3dc6f477430bc97d
Reviewed-on: https://chromium-review.googlesource.com/c/1403133
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58696}
The 'done' setting dance in BuildFillArrayWithIterator turned out to
not be useful, as the StoreInArrayLiteral call could not ever throw an
exception. Since iterator exceptions count as done, we are guarnteed to
be done as soon as we enter the loop.
Change-Id: Ibe2ba1fcbe383bfcfedb185169890b6931cc7884
Reviewed-on: https://chromium-review.googlesource.com/c/1402792
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58695}
The IteratorClose spec specifies that exceptions in
%GetMethod(iterator.return) are not suppressed by exceptions in the
given continuation (body of a loop, assignments in destructuring),
while exceptions in the execution of iterator.return() are.
This means that we have to split out the property access + a typeof
check to be outside the try-catch, and keep the call inside of it.
The non-split version is only for cases when there is no 'throws'
continuation (as is the case for yield* calling IteratorClose), so
the existing BuildIteratorClose can be renamed to reflect this.
Change-Id: Id71aea4fddd6ffb986bd9aaa09d29615a8800f71
Reviewed-on: https://chromium-review.googlesource.com/c/1402789
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58694}
Mostly signed integer overflows, and a few cases of double
division by zero (which is defined by IEEE-754 to return
Infinity (or NaN for 0/0) but is UB in C++).
Bug: v8:3770
Change-Id: I8007987594ff534ca697c1c3247215a72a001343
Reviewed-on: https://chromium-review.googlesource.com/c/1403132
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58693}
This CL disables RX (read and execute) permissions for Code memory
when in jitless mode. All memory that was previously allocated RX
is now read-only.
Bug: v8:7777
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Change-Id: I52d6ed785d244ec33168a02293c5506d26f36fe8
Reviewed-on: https://chromium-review.googlesource.com/c/1390122
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58692}
As a follow up of https://crrev.com/c/1372857, this merges Windows
cases into others by using Move() and arg_reg_{1,2,3,4}.
Bug: v8:8124
Change-Id: Iff015089fd2bfce29565ab213c8e41c8ef1cd68f
Reviewed-on: https://chromium-review.googlesource.com/c/1404774
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58691}
This reverts commit d024b9a1f5.
Reason for revert: Left-over static counter in the code.
Original change's description:
> [regalloc] Introduce LiveRangeBundles
>
> The idea behind this change is to restore some information about
> pre-ssa values to aid register allocation in sharing spill slots and
> reusing registers for connected live ranges.
>
> By itself, this change does not improve much but it allows upcoming
> changes to freely spill and reload ranges without worrying about
> keeping the assignment stable.
>
> Change-Id: I9320522592546655cc8fd0236d45fe075276a49e
> Reviewed-on: https://chromium-review.googlesource.com/c/1375665
> Commit-Queue: Stephan Herhut <herhut@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58688}
TBR=sigurds@chromium.org,herhut@chromium.org
Change-Id: Id4f84a0e418e17729a301c848a7b9694f0eb9931
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1404439
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58690}
The idea behind this change is to restore some information about
pre-ssa values to aid register allocation in sharing spill slots and
reusing registers for connected live ranges.
By itself, this change does not improve much but it allows upcoming
changes to freely spill and reload ranges without worrying about
keeping the assignment stable.
Change-Id: I9320522592546655cc8fd0236d45fe075276a49e
Reviewed-on: https://chromium-review.googlesource.com/c/1375665
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58688}
Minor refactoring to introduce kMaxRegisters instead of relying on
the fact that kMaxGpRegisters <= kMaxFpRegisters.
Bug: v8:8562
Change-Id: If8221a799199c62d5262cfad762489a5088351c7
Reviewed-on: https://chromium-review.googlesource.com/c/1403120
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58687}
Add performance tests for String.prototype.startsWith ahead of port to
torque in order to keep track of how performance is affected.
Bug: v8:8400
Change-Id: Ifc753a6f13da20c1760e545a99fd693717e3acc6
Reviewed-on: https://chromium-review.googlesource.com/c/1402934
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58685}
This moves |root_register_value| parameter of JSEntryFunction to the
first. I.e. the type of entry function will be changed from
Object*(Object* new_target, Object* target, Object* receiver,
int argc, Object*** args,
Address root_register_value)
to
Object*(Address root_register_value,
Object* new_target, Object* target, Object* receiver,
int argc, Object*** args),
and moves all parameter handling except for |root_register_value| from
JSEntryVariant to JSEntryTrampolineHelper.
This is a preparation to add another JS entry point for RunMicrotasks,
whose type will be
Object*(Address root_register_value, MicrotaskQueue*).
The new entry point requires |root_register_value| to be the first to
share the implementation of the EntryFrame setup with existing ones.
Bug: v8:8124
Change-Id: I675376a2ccd240f61cf04eea6fe9a91031e06ede
Reviewed-on: https://chromium-review.googlesource.com/c/1372857
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58683}
If the key of the u-ext has no value it will return error so
we should just return undefined for that case.
Bug: v8:8663
Change-Id: I7446ad74c8d0609ad268385b6f4d986060424ce9
Reviewed-on: https://chromium-review.googlesource.com/c/1404194
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58682}
This is the analogue to CanInlineArrayIteratingBuiltin.
Change-Id: Ic96a8e230f50493d2482d5990d190ac2e7483fe9
Reviewed-on: https://chromium-review.googlesource.com/c/1400405
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58680}
Now that we no longer have ObjectPtr and Object* return types,
one way to load the slot's contents is enough.
Bug: v8:3770
Change-Id: I5acaeed22e68595b0e0ba036fcc4ac3d15c57462
Reviewed-on: https://chromium-review.googlesource.com/c/1400416
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58678}
Instead of spawning several foreground tasks, execute the work in a
single chunk.
This will allow us in a follow-up step to remove the deferred handle
scope and pass the handles directly.
R=ahaas@chromium.org
Bug: v8:7921, v8:8423
Change-Id: I4dae6241e2a33e89e304a04cb67c2229c34f7b99
Reviewed-on: https://chromium-review.googlesource.com/c/1402545
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58677}
Since register can be used multiple times on the stack, they can also
be spilled into multiple stack slots. At merge points, we then might
have to reload the spilled slots. A DCHECK currently checks that each
register is only loaded once. Instead of failing, just load the first
stack slot, the others are statically known to contain the same value
anyways.
R=ahaas@chromium.org
Bug: v8:6600, chromium:919533
Change-Id: Ic0c806238b2997f006829b4b509a50468a55befa
Reviewed-on: https://chromium-review.googlesource.com/c/1403124
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58676}
The unwinding info writer was assuming that a block that had no initial
state must be the start or end block. It was trying to check if the
block was the start or end by asserting that the block had either
no predecessors or no successors. Loop rotation breaks this assumption,
since it can move a block from inside a loop to before the loop
header, and the block can then be the "start" block. But since
such a block has both predecessor(s) and a successor, the check was
wrong.
R=clemensh@chromium.org
BUG=chromium:913844
Change-Id: Ic24c67a822d510cb082f25608089d313c3459be8
Reviewed-on: https://chromium-review.googlesource.com/c/1373770
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58675}
Emit a single destructuring assignment for destructuring declarations,
which can be desugared by the bytecode generator. This allows us to
remove destructuring desugaring from the parser (specifically, the
pattern rewriter) entirely.
The pattern "rewriter" is now only responsible for walking the
destructuring pattern to declare variables, mark them assigned, and
potentially rewrite scopes for the edge case of parameters with a sloppy
eval.
Note that since the rewriter is no longer rewriting, we have to flip the
VariableProxy copying logic for var re-lookup, so that we now pass the
new VariableProxy to the variable declaration and leave the original
unresolved (rather than passing the original through and rewriting to a
new unresolved VariableProxy).
This change does have some effect on breakpoint locations, due to some
of the available information changing between the parser and bytecode
generator, however the new locations appear to be more consistent
between assignments and declarations.
Change-Id: I3a58dd0a387d2bfb8e5e9e22dde0acc5f440cb82
Reviewed-on: https://chromium-review.googlesource.com/c/1382462
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58670}
When adding the new heuristic to allocate registers that do not
take part in hinting first, I managed to break hinting for most
cases. This change makes hinting operational again.
Bug: chromium:920106
Change-Id: I0f460a66196087266dcb70a7a0e5569124bdd2ff
Reviewed-on: https://chromium-review.googlesource.com/c/1402791
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58669}
It's anyway only read in case of simple parameters. In that case pattern is
guaranteed to be a VariableProxy, from which we can read the name as well.
Change-Id: Ie340064453594ab4f84b1d0223506801635c289d
Reviewed-on: https://chromium-review.googlesource.com/c/1402782
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58668}
Ivica Bogosavljevic is no longer part of MIPS V8 team, and therefore his
name is removed from OWNERS.
TBR=mstarzinger@chromium.org
NOTRY=true
No-Presubmit: true
Change-Id: I1ea6745b795573a17362dfd869528ddf78b8ab41
Reviewed-on: https://chromium-review.googlesource.com/c/1402775
Commit-Queue: Predrag Rudic <prudic@wavecomp.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58667}
This is a leftover of the previous CL.
https://chromium-review.googlesource.com/c/v8/v8/+/1402305.
noexcept keyword needs to be consistent between the declaration and
implementation in C++17.
Bug: v8:8616, chromium:752720
Change-Id: I8a21426e550d666bd84c1a6e7bc36d1eec495333
Reviewed-on: https://chromium-review.googlesource.com/c/1402305
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58665}
This reverts commit 556ef4c387.
Reason for revert: Seems to cause hangs in tests.
Original change's description:
> [wasm] Inline CompileFailed step
>
> The {CompileFailed} just calls {AsyncCompileFailed}, which also does
> not do much. Thus just inline directly call a function instead of
> spawning a foreground task. This saves one instance of DeferredHandles.
>
> R=ahaas@chromium.org
>
> Bug: v8:7921, v8:8423
> Change-Id: Ia8fb72a3ce2efd1f9a069c1a3b0b670b15fd8bce
> Reviewed-on: https://chromium-review.googlesource.com/c/1402714
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58662}
TBR=ahaas@chromium.org,clemensh@chromium.org
Change-Id: I3430fb304b8df72b93330d104c09b0a144bbd069
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7921, v8:8423
Reviewed-on: https://chromium-review.googlesource.com/c/1402786
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58663}
The {CompileFailed} just calls {AsyncCompileFailed}, which also does
not do much. Thus just inline directly call a function instead of
spawning a foreground task. This saves one instance of DeferredHandles.
R=ahaas@chromium.org
Bug: v8:7921, v8:8423
Change-Id: Ia8fb72a3ce2efd1f9a069c1a3b0b670b15fd8bce
Reviewed-on: https://chromium-review.googlesource.com/c/1402714
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58662}
The incremental migration required several pairs of functionally
equivalent macros. This patch consolidates everything onto the
respective new version and drops the obsolete versions.
Bug: v8:3770
Change-Id: I4fb05ff223e8250c83a13f46840810b0893f410b
Reviewed-on: https://chromium-review.googlesource.com/c/1398223
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58659}
