Whenever tracing is activated we disable concurrent compilation. Hence
all tracing functions can safely dereference all handles. This fixes the
tracing functionality by annotating tracing functions with proper scopes.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/1976123002
Cr-Commit-Position: refs/heads/master@{#36241}
Tweaks the generated code for a number of bytecode handlers. In particular, uses
deferred labels (now that they exist) to ensure that fast-paths don't build frames
where possible. This improves the codegen for StackCheck, Jump, Return and ForInNext.
Also tweak the codegen for CreateArguments, LogicalNot, ForInDone.
Seems to give ~5-8% performance boost on Octane.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1973873004
Cr-Commit-Position: refs/heads/master@{#36236}
Hidden prototypes are merely an implementation detail. Properties on an object + hidden prototype should look like properties on the object. Hence we should always perform a hidden prototype lookup. This CL removes the option to ignore hidden prototypes to avoid bugs that leak this implementation detail.
Also, the only previously valid cases were either places were we knew we didn't have a hidden prototype; or because we knew we (in the optimizing compiler) would only handle properties from the non-hidden object.The first case is already handled by directly tagging whether a receiver has a hidden prototype. In the second case we can just filter out properties from hidden prototypes.
Review-Url: https://codereview.chromium.org/1975763002
Cr-Commit-Position: refs/heads/master@{#36235}
Reason for revert:
Blocks roll https://codereview.chromium.org/1972303002/
Repro:
- build chromium with this CL
- out/Default/content_browsertests --gtest_filter=AccessibilityHitTestingBrowserTest.HitTestingInIframes
Original issue's description:
> Add V8.Execute histogram to measure time spent executing JS code.
>
> Adds a V8.Execute histogram to measure the amount of time spent executing
> JS code.
>
> BUG=v8:4865
> LOG=N
>
> Committed: https://crrev.com/e8f5a2723cf54576b84322ac2ee6ef7abc9df056
> Cr-Commit-Position: refs/heads/master@{#36217}
TBR=cbruni@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4865
Review-Url: https://codereview.chromium.org/1970193003
Cr-Commit-Position: refs/heads/master@{#36234}
Reason for revert:
Not the culprit sorry.
Original issue's description:
> Revert of [Reland] Implement CPU time for OS X and POSIX. (patchset #1 id:1 of https://codereview.chromium.org/1966183003/ )
>
> Reason for revert:
> Blocks roll: https://codereview.chromium.org/1972303002/
>
> Original issue's description:
> > [Reland] Implement CPU time for OS X and POSIX.
> >
> > V8 tracing controller uses 2 clocks: wall clock and cpu clock. This patch
> > implements CPU time for OS X and POSIX to provide more accurate
> > accounting of CPU time used by each thread.
> >
> > BUG=v8:4984
> > LOG=n
> >
> > Committed: https://crrev.com/efa27fb25e1fa5b8465f4af710086b73b0cba660
> > Cr-Commit-Position: refs/heads/master@{#36213}
>
> TBR=fmeawad@chromium.org,jochen@chromium.org,rsesek@chromium.org,bmeurer@chromium.org,lpy@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4984
>
> Committed: https://crrev.com/31b9ba3bc8fb93601cc73c83213b30e639d448b3
> Cr-Commit-Position: refs/heads/master@{#36225}
TBR=fmeawad@chromium.org,jochen@chromium.org,rsesek@chromium.org,bmeurer@chromium.org,lpy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4984
Review-Url: https://codereview.chromium.org/1976603005
Cr-Commit-Position: refs/heads/master@{#36233}
The data-structure in question is only used by Crankshaft, it can safely
be moved into the backend to avoid exposure through the CompilationInfo.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/1977473002
Cr-Commit-Position: refs/heads/master@{#36232}
This completely removes any potential for a side-channel between the
various compiler backends and the profiler. The CompilationInfo is no
longer passed.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1970193002
Cr-Commit-Position: refs/heads/master@{#36230}
This makes the profiler reconstruct inlined function frames at eager
deopt points from the deoptimization data. The main goal of this is to
remove the last side-channel where Crankshaft communicates directly to
the profiler. This is the last preparatory step towards deprecating the
side-channel in question.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1973993002
Cr-Commit-Position: refs/heads/master@{#36229}
This is a first step to removing the support for the OldFunctions
section altogether, which will greatly simplify the encoder and remove
the need to do local variable remapping in asm->wasm.
R=bradnelson@chromium.org,aseemgarg@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/1974933002
Cr-Commit-Position: refs/heads/master@{#36228}
This patch adds support for the `Operand2_R_LSL_I` addressing mode to
loads and stores. This allows merging a shift instruction into a
MemoryOperand. Since the shift immediate is restricted to the log2 of
the operation width, the opportunities to hit this are slim. However,
Ignition's bytecode handlers hit this case all the time:
kind = BYTECODE_HANDLER
name = Star
compiler = turbofan
Instructions (size = 44)
0x23e67280 0 add x1, x19, #0x1 (1)
0x23e67284 4 ldrsb x1, [x20, x1]
0x23e67288 8 sxtw x1, w1
0x23e6728c 12 mov x2, fp
0x23e67290 16 str x0, [x2, x1, lsl #3]
^^^^^^^^^^^^^^^^^^^^^
0x23e67294 20 add x19, x19, #0x2 (2)
0x23e67298 24 ldrb w1, [x20, x19]
0x23e6729c 28 ldr x1, [x21, x1, lsl #3]
^^^^^^^^^^^^^^^^^^^^^
0x23e672a0 32 br x1
Additionally, I noticed the optimisation occurs once in both the
`StringPrototypeCharAt` and `StringPrototypeCharCodeAt` turbofan stubs.
BUG=
Review-Url: https://codereview.chromium.org/1972103002
Cr-Commit-Position: refs/heads/master@{#36227}
Reason for revert:
Blocks roll: https://codereview.chromium.org/1972303002/
Original issue's description:
> [Reland] Implement CPU time for OS X and POSIX.
>
> V8 tracing controller uses 2 clocks: wall clock and cpu clock. This patch
> implements CPU time for OS X and POSIX to provide more accurate
> accounting of CPU time used by each thread.
>
> BUG=v8:4984
> LOG=n
>
> Committed: https://crrev.com/efa27fb25e1fa5b8465f4af710086b73b0cba660
> Cr-Commit-Position: refs/heads/master@{#36213}
TBR=fmeawad@chromium.org,jochen@chromium.org,rsesek@chromium.org,bmeurer@chromium.org,lpy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4984
Review-Url: https://codereview.chromium.org/1977753002
Cr-Commit-Position: refs/heads/master@{#36225}
Expression::bounds_ is used only by a subset of compile passes, but the
data structure occupies space for every Expression node ever parsed. This
unneccessarily increases memory consumption. Particularly, peak memory
consumption during startup, which may cause out-of-memory errors.
This CL
- removes Expression::bounds_;
- introduces an AstTypeBounds container, which mappes Expression* to Bounds;
- modifies the code that actually requires bounds information, namely
Crankshaft compile and AsmWasmBuilder, to instantiate such an AstTypeBounds
container before typing and to pass it to the code that consumes this
information; and
- modifies all accesses to Expression::bounds_ to instead access the bounds
via the container instead.
Additionally, this rewrites test-ast-expression-visitor. The reason is that
this code attempted to test AstExpressionVisitor but did so exclusively
through its subclass ExpressionTypeCollector, meaning that the test dealt
almost exclusively with type bounds despite the class-under-test having
no knowledge or functionality related to it. Worse, the test was written
in a way to assume that type bounds were available outside & after
compilation, which is something this change changes.
BUG=v8:4947
Review-Url: https://codereview.chromium.org/1968383002
Cr-Commit-Position: refs/heads/master@{#36222}
This change introduces a pipeline for the final stages of
bytecode generation.
The peephole optimizer is made distinct from the BytecodeArrayBuilder.
A new BytecodeArrayWriter is responsible for writing bytecode. It
also keeps track of the maximum register seen and offers a potentially
smaller frame size.
R=rmcilroy@chromium.org
LOG=N
BUG=v8:4280
Review-Url: https://codereview.chromium.org/1947403002
Cr-Commit-Position: refs/heads/master@{#36220}
We eagerly inserted Int32Mul for Math.imul during builtin lowering and
messed up with the types, which confused the representation selection.
This adds a proper NumberImul operator, and fixes the builtin reducer to
do the right thing according to the spec.
R=mstarzinger@chromium.org
BUG=v8:5006
LOG=n
Review-Url: https://codereview.chromium.org/1971163002
Cr-Commit-Position: refs/heads/master@{#36219}
The usat instruction is available from ARMv6, so there's no need to
check for the ARMv7 feature before using it. ARMv6 is the oldest
supported architecture in V8.
Correcting this allows the removal of a special case for predictable
code size.
BUG=
Review-Url: https://codereview.chromium.org/1974903002
Cr-Commit-Position: refs/heads/master@{#36218}
Adds a V8.Execute histogram to measure the amount of time spent executing
JS code.
BUG=v8:4865
LOG=N
Review-Url: https://codereview.chromium.org/1974003002
Cr-Commit-Position: refs/heads/master@{#36217}
This adds the --validate-asm flag which will trigger validation of all
asm.js modules before they are being compiled. In case a module doesn't
pass validation, a warning will be printed, but compilation as well as
execution will continue unhampered.
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/1972593002
Cr-Commit-Position: refs/heads/master@{#36216}
Also make all AstVisitors consistently visit all the relevant parts
of ForOfStatement. PrettyPrinter no longer fares well, but given
how much desugaring happens to ForOf in the parser, any pretty-printed
view of it isn't going to be human readable. AstPrinter, on the other
hand, now gives a realistic view of what's been generated for for-of.
Review-Url: https://codereview.chromium.org/1968753004
Cr-Commit-Position: refs/heads/master@{#36215}
V8 tracing controller uses 2 clocks: wall clock and cpu clock. This patch
implements CPU time for OS X and POSIX to provide more accurate
accounting of CPU time used by each thread.
BUG=v8:4984
LOG=n
Review-Url: https://codereview.chromium.org/1966183003
Cr-Commit-Position: refs/heads/master@{#36213}
Names passed for imports and exports are checked during decoding,
leading to errors if they are no valid UTF-8. Function names are not
checked during decode, but rather lead to undefined being returned at
runtime if they are not UTF-8.
We need to do these checks on the Wasm side, since the factory
methods assume to get valid UTF-8 strings.
R=titzer@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1967023004
Cr-Commit-Position: refs/heads/master@{#36208}
With this CL it is possible to compile a wasm module with multiple
threads in parallel. Parallel compilation works as follows:
1) The main thread allocates a compilation unit for each wasm function.
2) The main thread spawns WasmCompilationTasks which run on the
background threads.
3.a) The background threads and the main thread pick one compilation unit
at a time and execute the parallel phase of the compilation unit.
After finishing the execution of the parallel phase, the compilation
unit is stored in a result queue.
3.b) If the result queue contains a compilation unit, the main thread
dequeues it and finishes its compilation.
4) After the execution of the parallel phase of all compilation units has
started, the main thread waits for all WasmCompilationTasks to finish.
5) The main thread finalizes the compilation of the module.
I'm going to add some additional tests before committing this CL.
R=titzer@chromium.org, bmeurer@chromium.org, mlippautz@chromium.org, mstarzinger@chromium.org
Committed: https://crrev.com/17215438659d8ff2d7d55f95226bf8a1477ccd79
Cr-Commit-Position: refs/heads/master@{#36178}
Review-Url: https://codereview.chromium.org/1961973002
Cr-Commit-Position: refs/heads/master@{#36207}
Currently we do not check for @@isConcatSpreadable properly. If the Symbol is
set on the Array.prototype or Object.prototype the current fast paths fail.
This CL adds a fix to globally invalidate a isConcatSpreadable_protector.
Drive-by-fix: use named accessors for context variables
LOG=N
BUG=chromium:542504, v8:903
Review-Url: https://codereview.chromium.org/1409123003
Cr-Commit-Position: refs/heads/master@{#36201}
Clear the list of shared function infos attached to a script before
compiling for live edit in order to avoid duplicates. This was lost in
058deb2713. Additionally, we restore the
original list of shared function infos once we're done with live edit
work.
R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/1969293003
Cr-Commit-Position: refs/heads/master@{#36200}
port 40f345416f (r36181)
original commit message:
The previous approach taken by FastNew[Sloppy,Strict,Rest]ArgumentsStub
looked at the function slot in order to skip stub frames
and find the JS frame. However, stub frames do not have a
function slot (in fact their fixed frame ends one slot
before the JS frame's function slot). Therefore, if this
location in the stub frame happens to have the function
object the create arguments stubs won't skip this frame
correctly.
Replace this approach with one where the stub is
specialized to either skip a frame if required (since
there will only ever be one extra frame on Ignition
the loop approach isn't necessary).
BUG=
Review-Url: https://codereview.chromium.org/1976483002
Cr-Commit-Position: refs/heads/master@{#36197}
We now have all the required eager bailout points in place, so we can
remove the defensive programming in JSNativeContextSpecialization.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1973773003
Cr-Commit-Position: refs/heads/master@{#36196}
We got the condition wrong and actually deoptimized when the typed array
was not neutered. This fixes the deopt loop in Math.random and actually
many programs that use typed arrays.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1970123002
Cr-Commit-Position: refs/heads/master@{#36194}
It is likely that CrOS and other distros will want to be
able to build the v8 snapshot with a custom toolchain.
This CL makes snapshot_toolchain a declared build arg, and
renames it to v8_snapshot_toolchain to minimize the risk
of a name collision.
R=machenbach@chromium.org, jochen@chromium.org
BUG=608596
Review-Url: https://codereview.chromium.org/1969693002
Cr-Commit-Position: refs/heads/master@{#36193}