One caveat: the Crankshaft stub used to preserve callee-clobbered double
registers, which is contrary to any real platform ABI that we support. Since the
only current use of this stub is in Crankshaft, the instruction there now must
be marked as double-clobbering. This might result in a small performance
regression. However, when this stub is eventually used in TF-generated code, it
will be called from deferred code that can save doubles only on the rarely-taken
path... something that Crankshaft can't do.
BUG=chromium:608675
Review-Url: https://codereview.chromium.org/2206333003
Cr-Commit-Position: refs/heads/master@{#38371}
This extends JSNativeContextSpecialization with support for stores to
fast object/smi element backing stores that are marked as copy-on-write.
In this case we first call the CopyFixedArray builtin to take a copy of
the elements backing store, and then store the new elements back to the
object, and finally perform the actual element store.
R=epertoso@chromium.org
BUG=v8:4470
Review-Url: https://codereview.chromium.org/2218703003
Cr-Commit-Position: refs/heads/master@{#38370}
Reason for revert:
[Sheriff] Fails on nosnap debug:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/8403
Original issue's description:
> [Interpreter] Collect type feedback for 'new' in the bytecode handler
>
> Collect type feedback in the bytecode handler for 'new' bytecode. The
> earlier cl (https://codereview.chromium.org/2153433002/) was reverted
> because that implementation did not collect allocation site feedback.
> This regressed delta blue by an order of magnitude. This implementation
> includes collection of allocation site feedback.
>
> BUG=v8:4280, v8:4780
> LOG=N
>
> Committed: https://crrev.com/9d5e6129c4c7f9cbfe81a5fad2a470f219fe137c
> Cr-Commit-Position: refs/heads/master@{#38364}
TBR=bmeurer@chromium.org,rmcilroy@chromium.org,balazs.kilvady@imgtec.com,mythria@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4780
Review-Url: https://codereview.chromium.org/2212343002
Cr-Commit-Position: refs/heads/master@{#38368}
This reduces peak zone memory usage by ~10% on codeload and ~5% on mandreel.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2209573002
Cr-Commit-Position: refs/heads/master@{#38367}
Changes ConstantPoolArrayBuilder to do object lookups using the location
of the handles, rather than dereferencing the handles and comparing the
objects. This also updates CanonicalHandleScope when internalizing AST
nodes to ensure that duplicate objects share the same handles and so are
only added to the constant pool once.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2204243003
Cr-Commit-Position: refs/heads/master@{#38366}
Collect type feedback in the bytecode handler for 'new' bytecode. The
earlier cl (https://codereview.chromium.org/2153433002/) was reverted
because that implementation did not collect allocation site feedback.
This regressed delta blue by an order of magnitude. This implementation
includes collection of allocation site feedback.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2190293003
Cr-Commit-Position: refs/heads/master@{#38364}
Adding new methods to the code stub assembler and interpreter
assembler to combine loading and untagging SMIs, so that on 64-bit
architectures we can avoid loading the full 64 bits and load the
32 interesting bits directly instead.
Review-Url: https://codereview.chromium.org/2183923003
Cr-Commit-Position: refs/heads/master@{#38361}
This fixes the runtime profiler to no longer assume that seeing an
optimized frame on the stack implies the underlying function is not
being interpreted when entered normally. This no longer holds with code
generated for OSR directly from bytecode (not installed on function).
R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-632800
BUG=chromium:632800
Review-Url: https://codereview.chromium.org/2208603005
Cr-Commit-Position: refs/heads/master@{#38360}
This makes sure we prevent a tier-up for function which also have an
optimized activation of OSR code on the stack. In case the OSR code
deoptimizes, it needs the bytecode to still be around.
R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-5262
BUG=v8:5262
Review-Url: https://codereview.chromium.org/2206363004
Cr-Commit-Position: refs/heads/master@{#38359}
Reason for revert:
[Sheriff] Leads to mac asan failures:
https://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/7835
Original issue's description:
> [api] Clean up scopes and precheck instantiations cache
>
> Make sure all the scopes used in api-natives.cc have inlineable constructors
> and destructors. Additionally directly precheck the instantiations cache before
> trying to enter the InvokeScope which sets the save_context.
>
> BUG=chromium:630217
>
> Committed: https://crrev.com/a2496b942cad524f0f3144b107936eaa9a7c9fd5
> Cr-Commit-Position: refs/heads/master@{#38346}
TBR=yangguo@chromium.org,cbruni@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:630217
Review-Url: https://codereview.chromium.org/2216903003
Cr-Commit-Position: refs/heads/master@{#38356}
We don't need to add stability dependencies on JSObject prototypes when
storing to an element, because we do the map check (and thereby guard
the elements kind) and we also properly deoptimize on holes if the array
protector is not usable.
R=verwaest@chromium.org
BUG=chromium:616709
Review-Url: https://codereview.chromium.org/2198833002
Cr-Commit-Position: refs/heads/master@{#38355}
Rolling v8/build to f0243d787961584ac95a86e7dae897b9b60ea674
Rolling v8/buildtools to 9c6ad6f5cbc2f30989edc3504ec7f9d360542512
Rolling v8/tools/clang to 0b06ba9e49a0cba97f6accd71a974c1623d69e16
Rolling v8/tools/mb to 60b89880ddfbccdc978f3c1562b2431119aea3d4
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2211333002
Cr-Commit-Position: refs/heads/master@{#38354}
When parsing a eagerly-parsed-but-lazily-compiled function, we
used to put some of its AST nodes into a discardable Zone. This
CL puts the function Scope, its inner Scopes and the related AST
nodes (Declarations, VariableProxys) into the temporary Zone
too. This reduces peak memory usage and enables future work to
keep the temporary Zone around for later compilation.
BUG=
Review-Url: https://codereview.chromium.org/2210243002
Cr-Commit-Position: refs/heads/master@{#38348}
Make sure all the scopes used in api-natives.cc have inlineable constructors
and destructors. Additionally directly precheck the instantiations cache before
trying to enter the InvokeScope which sets the save_context.
BUG=chromium:630217
Review-Url: https://codereview.chromium.org/2206773003
Cr-Commit-Position: refs/heads/master@{#38346}
The contract is that the method is only invoked when there are no elements on
the prototype, and this elements type forbids accessor elements. So it is safe
to limit the search to the end of the backing store.
BUG=chromium:634269, v8:5162
R=cbruni@chromium.org, mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2209273002
Cr-Commit-Position: refs/heads/master@{#38344}
This adds the possibility to address test cases in the
status file with the variant under which the test is running.
This is only allowed in top-level sections.
Example:
[{
'test-case': [PASS, SLOW],
}]
['variant == foo', {
'test-case': [FAIL],
}]
The test case "test-case" is marked as slow in all variants.
Additionally, in variant foo, it'll be expected to fail.
This CL also exemplifies the new feature with test cases
running under the ignition_turbofan variant. The
corresponding legacy flag is deprecated.
BUG=v8:5238
Review-Url: https://codereview.chromium.org/2203013002
Cr-Commit-Position: refs/heads/master@{#38342}
Only basic things for now, but enough, for example, to emit
mov rax, [rax+0xc]
instead of
mov rax, 0x3
mov rdx, [rdx+rax*4]
on x64.
BUG=
Review-Url: https://codereview.chromium.org/2211633003
Cr-Commit-Position: refs/heads/master@{#38338}
This adds the missing lazy bailout point when defining accessor pairs
within object literals via Runtime::kDefineAccessorPropertyUnchecked.
The runtime function in question can indeed trigger a lazy deopt due
to a DependentCode::kPrototypeCheckGroup dependency.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-633585
BUG=chromium:633585
Review-Url: https://codereview.chromium.org/2207413002
Cr-Commit-Position: refs/heads/master@{#38336}
References in code objects to new-space embedded objects have to be
recorded in a remembered set so that they get updated by the garbage
collector.
TEST=cctest/test-serialize/CodeSerializerEmbeddedObject
R=ulan@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2200333004
Cr-Commit-Position: refs/heads/master@{#38335}
Compilation breaks when compiling v8 through Chromium using GYP. The isssue
started to appear after https://codereview.chromium.org/2190973003 landed.
It happens because trace_event_common.h header is on different location if we
are compiling v8 through Chromium compared to when we are compiling v8 standalone.
BUG=
Review-Url: https://codereview.chromium.org/2207943002
Cr-Commit-Position: refs/heads/master@{#38333}
This will allow for using DoParseLazy on a background thread, so we can
also parse inner functions on the background thread.
BUG=v8:5215
R=adamk@chromium.org,marja@chromium.org
Review-Url: https://codereview.chromium.org/2201423002
Cr-Commit-Position: refs/heads/master@{#38332}
This removes the ability to specify a catch prediction for exception
handler tables that are based on return addresses. The encoding for
handlers still looks the same to keep it in sync with tables based on
ranges, just no payload is stored in the respective bits.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2205893002
Cr-Commit-Position: refs/heads/master@{#38327}
An infinite recursion can be triggered when NoSideEffectToString is
called on an error object with its name property set to itself.
BUG=633998
Review-Url: https://codereview.chromium.org/2206313002
Cr-Commit-Position: refs/heads/master@{#38325}
Thrown exceptions must be handled before another exception is thrown.
This fixes all remaining test failures exposed by not clearing pending
exceptions in JSEntryStub.
BUG=v8:5259
Review-Url: https://codereview.chromium.org/2207923002
Cr-Commit-Position: refs/heads/master@{#38324}
These tests all called assertUnreachable within a try/catch block.
BUG=v8:5246
Review-Url: https://codereview.chromium.org/2209663003
Cr-Commit-Position: refs/heads/master@{#38323}
