This is a reland of 6afd25fff0
Original change's description:
> [builtins] Execute binary-embedded builtin code
>
> This CL creates trampolines into binary-embedded builtins on
> isolate-creation, if --stress-off-heap-code is passed.
>
> Note that this still overwrites existing code objects with the
> off-heap trampoline, and that off-heap builtins still exist both in
> the snapshot and the binary. Addressing these points are the next
> steps.
>
> Drive-by-change: More efficient off-heap code lookups now that the
> off-heap memory area has a contiguous and static layout.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
> Bug: v8:6666
> Change-Id: I7e7ef0aa2cd7b8184ae3a13fa02bdcbb4f2c9f86
> Reviewed-on: https://chromium-review.googlesource.com/947969
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51809}
TBR=mstarzinger@chromium.org
Bug: v8:6666
Change-Id: I4e0684de90733e5f18f6f0ea4832e327d03dfbf7
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/955595
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51835}
Some compilers complain that ConvertReturn is private in SimulatorBase,
but used in the arm64 Simulator. This CL fixes this by making
ConvertReturn protected.
R=ulan@chromium.org
Bug: v8:7541
Change-Id: I9326b2c746829e9c37c58c14561811b32929c615
Reviewed-on: https://chromium-review.googlesource.com/955689
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51834}
This reverts commit daa224d4d0.
Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=819873
Original change's description:
> [builtins] Remove CheckOptimizationMarker builtin
>
> This was a shim for the non-I+TF codepath, which is now the only
> codepath (that still uses this tier-up mechanism anyway). There were a
> couple of places we were accidentally using it due to CompileLazy or
> deopts, so this also fixes those.
>
> Change-Id: I00a7fdf9fb5cf74844138dac62d01ceaaf192e17
> Reviewed-on: https://chromium-review.googlesource.com/951490
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51786}
TBR=rmcilroy@chromium.org,machenbach@chromium.org,leszeks@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I80765eb18aaf5086e6db5d5df96f608a317c999f
Reviewed-on: https://chromium-review.googlesource.com/957022
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51829}
This test depends on lack of randomness in the allocation path so it is
not compatible with stress_incremental_marking. Extract it into a
standalone tests which runs with the stress flag disabled.
Revert "[cctests] Disable flaky cctest test-heap-profiler/SamplingHeapProfiler"
This reverts commit 3ea2d6b06f.
Bug: v8:7444
Change-Id: Id246bca4699a61e6b9ff4b5b5d2ff1ce4ebbd0da
Reviewed-on: https://chromium-review.googlesource.com/953865
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#51826}
This updates the scanner to use the correct error message when it
encounters an octal escape sequence in a template literal. Previously,
the error message referred to strict mode, even when the template
literal was not in strict mode code.
Bug: v8:7502
Change-Id: I37bb1338cf796c471108bc10f35f824cdf3ce0b7
Reviewed-on: https://chromium-review.googlesource.com/945411
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51823}
The number of embedder fields grows dynamically, but reading these
fields do not perform bounds checks. The naming is taken from a similar
method on v8::Isolate.
Also changed the growing strategy for the backing store to not
over-allocate.
R=adamk@chromium.org, bmeurer@chromium.org
Bug: v8:7533
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I70beab124a32296c940ffabd897a7790bc8ff47a
Reviewed-on: https://chromium-review.googlesource.com/952923
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51822}
Stack slots store the type of the respective value, so we can always
get the reg class from that type.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I60ca21daa4cc1505562c344367c7586bcd272c9b
Reviewed-on: https://chromium-review.googlesource.com/950948
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51820}
This is to better pinpoint win64 failures.
TBR=bmeurer@chromium.org
Bug: v8:178
Change-Id: If778352cad1f209927067a12d5684e62c4ead8d2
Reviewed-on: https://chromium-review.googlesource.com/955687
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51818}
On 32-bit systems, the computation {count + type_list->size()} can
overflow, leading to memory corruption later on.
R=titzer@chromium.org
Bug: chromium:819869
Change-Id: Ic81d201e58211e3989b4e945cd52e98dc951fbda
Reviewed-on: https://chromium-review.googlesource.com/955025
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51817}
This reverts commit 6afd25fff0.
Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug%20-%20fyi/builds/1437
Original change's description:
> [builtins] Execute binary-embedded builtin code
>
> This CL creates trampolines into binary-embedded builtins on
> isolate-creation, if --stress-off-heap-code is passed.
>
> Note that this still overwrites existing code objects with the
> off-heap trampoline, and that off-heap builtins still exist both in
> the snapshot and the binary. Addressing these points are the next
> steps.
>
> Drive-by-change: More efficient off-heap code lookups now that the
> off-heap memory area has a contiguous and static layout.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
> Bug: v8:6666
> Change-Id: I7e7ef0aa2cd7b8184ae3a13fa02bdcbb4f2c9f86
> Reviewed-on: https://chromium-review.googlesource.com/947969
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51809}
TBR=mstarzinger@chromium.org,jgruber@chromium.org
Change-Id: I18276541b468b9d2b2a1366ccd287822e96b6df7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/956042
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51816}
This adds a global protector to guard the lookup of "resolve" on the
%Promise% intrinsic object (the initial Promise constructor), making
sure that Promise.resolve yields the initial builtin method. We use
this protector to avoid the lookup of "resolve" all the time inside
of Promise.all and Promise.race, when called with constructor being
the %Promise% intrinsic object.
This improves the performance on the parallel-async-es2017-native
benchmark by roughly 2-3%.
Bug: v8:7253
Change-Id: Ida93b88afbaeae61f17be4cd30ea6a78b4267cea
Reviewed-on: https://chromium-review.googlesource.com/955564
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51810}
This CL creates trampolines into binary-embedded builtins on
isolate-creation, if --stress-off-heap-code is passed.
Note that this still overwrites existing code objects with the
off-heap trampoline, and that off-heap builtins still exist both in
the snapshot and the binary. Addressing these points are the next
steps.
Drive-by-change: More efficient off-heap code lookups now that the
off-heap memory area has a contiguous and static layout.
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:6666
Change-Id: I7e7ef0aa2cd7b8184ae3a13fa02bdcbb4f2c9f86
Reviewed-on: https://chromium-review.googlesource.com/947969
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51809}
JSCallReducer runs at the same time as DeadCodeElimination and hence can observe an incompletely propagated DeadValue in place of a StateValue node holding the arguments to materialize for JSCreateArguments.
This CL fixes this by aborting the lowring of JSCreateArguments in this case.
Bug: chromium:819311 v8:7536
Change-Id: I42c4a1923e3dbe470db1a16c5069aaa7c38659ac
Reviewed-on: https://chromium-review.googlesource.com/955306
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51808}
The PromiseResolve builtin was missing it's fast-path for when we can
skip the "constructor" lookup due to a typo.
Bug: v8:7253
Change-Id: Icca033af5d4f7fe8b43ebf49c9315b4c80d52cbc
Reviewed-on: https://chromium-review.googlesource.com/955483
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51807}
Test started failing after commit `[Liftoff] Remove Get{Unary,Binary}OpTargetRegister`.
Optimization shouldn't be done if dst == rhs in i32_set_cond instruction.
This CL fixes the issue.
Change-Id: I67cd1ca4692fcf69202ef25f7aa58756a5ddddca
Reviewed-on: https://chromium-review.googlesource.com/952963
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51806}
When optimizing SpeculativeToNumber we need to pay attention to the
hint, otherwise we optimize away a Signed32 conversion, based on the
fact that the input is a Number.
Bug: chromium:819298
Change-Id: I2ac7b0dac708fee9083eca2880bd5674a82daaa3
Reviewed-on: https://chromium-review.googlesource.com/955423
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51805}
... and use Smi Map::kPrototypeChainValid for the cases where direct receiver's
prototype is not JSObject instead of creating a new valid cell for each such
case. This will make a validity cell checking code simpler.
Bug: v8:5988
Change-Id: I52cf55797171cc8021d80e4e441615d0c8fc8bd4
Reviewed-on: https://chromium-review.googlesource.com/951384
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51803}
UnalignedLoad is the only kind of load operation that defines its own
UnalignedLoadRepresentation type alias and LoadRepresentationOf function.
This is a problem because it means we cannot use the LOAD_MATCHER
infrastructure without defining all of this boilerplate for all the other
kinds of load operations. Since these aliases serve no real purpose,
it is best to unify UnalignedLoad to how its peers are handled.
Change-Id: I51a591eb82fb85edee66512136b23276e851f767
Reviewed-on: https://chromium-review.googlesource.com/951683
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51802}
The debugger script implementation had its own way to write
uint32_t values to a string as hex values. This removes the
custom code and uses a shared implementation in String16Builder
instead.
The observable effect is that script hashes are now lower-case
and the character sequence is reversed for each 8-character
pair.
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib21769fbe10c24055fbd3fa9573bc5c2d72f6a74
Reviewed-on: https://chromium-review.googlesource.com/951303
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51801}
- Make it explicit that the field marks are supposed to be all-false after each
object.
- Remove unused param from MarkVisitedField.
BUG=v8:7534
Change-Id: Ibc226290bb09daca60b92819944e0049bb33e594
Reviewed-on: https://chromium-review.googlesource.com/951725
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51799}
The tricky part here is to take away one register from register
allocation for the mask. The only problem is with calls that need
an input operand to be passed in the poison register. For such calls,
we change the register constraint in the instruction selector
to pass the value in whatever place the register allocator sees fit.
During code generation, we then copy the value from that place
to the poison register. By that time, the mask is not necessary
(once we bake the mask into the target, it should be done before
this move).
For the branches, the mask update does not use cmov (unlike x64)
because cmov does not take an immediate and we do not have
a scratch register. Instead we use bit-twiddling tricks
(suggested by @tebbi). For example, here is the code for masking
register update after a bailout on non-zero:
jnz deopt_bailout ;; Bailout branch
setnz bl ;; These three instructions update the mask
add ebx, 255
sar ebx, 31
(On x64, the sequence is:
jnz deopt_bailout
mov r10, 0 ;; We have a scratch register for zero
cmovnz r9, r10 ;; Set to zero if we execute this branch
;; in branch mis-speculation
)
This CL also fixes a bug in register configuration, where we used
to wrongly restrict the array of register name.
Change-Id: I5fceff2faf8bdc527d9934afc284b749574ab69e
Bug: chromium:798964
Reviewed-on: https://chromium-review.googlesource.com/946251
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51798}
icu-timezone-data was enabled before but reverted due to a perf issue.
(sunspider/date-format-totfe regressed; crbug.com/769706 ).
However, my in-Chrome test of the same test [1] shows that there's virtually
no perf difference. See https://goo.gl/GX1jt6 .
This will introduce a new behavior on POSIX(-like) platforms. Timezone
names inside parentheses after GMT offset will not be 3-4 letter
abbreviation any longer. They'll be human-readable names in the current
default locale. This matches the current Windows behavior.
new Date(2017, 5, 22).toString()
new Date(2017, 11, 22).toString()
Current:
Thu Jun 22 2017 00:00:00 GMT-0700 (PDT)
Fri Dec 22 2017 00:00:00 GMT-0800 (PST)
New:
Thu Jun 22 2017 00:00:00 GMT-0700 (Pacific Daylight Time)
Fri Dec 22 2017 00:00:00 GMT-0800 (Pacific Standard Time)
This CL will be followed by
https://chromium-review.googlesource.com/c/v8/v8/+/572148 to
implement https://github.com/tc39/ecma262/pull/778 .
[1] http://jungshik.github.io/v8/cr769706.html
BUG=v8:6031, v8:2137, v8:6076, chromium:769706
TEST=mjsunit/icu-date-lord-howe.js, mjsunit/icu-date-to-string.js
Change-Id: I22203670c3307a57fbf99e5f0a271dcbfbbef8fd
Reviewed-on: https://chromium-review.googlesource.com/857333
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51791}
The next CL will add an actual WeakFixedArray which contains in-place weak
references.
Also removes FLAG_trace_weak_arrays which is not super useful.
BUG=v8:7308
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I016880ecc66b03b406f7184b7f72ab514cb65428
Reviewed-on: https://chromium-review.googlesource.com/951730
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51789}
Just copies the StringConcat tests and refactors them to exercise
template literals rather than simple string addition.
BUG=v8:7415
R=rmcilroy@chromium.org
Change-Id: I79cf24ee33e64b1d57221eb0291d9958634130ec
Reviewed-on: https://chromium-review.googlesource.com/951968
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#51788}
Shrink number of instruction in ByteSwap macro for some cases.
Allow that input and output registers can be the same.
Extend test to cover all test cases.
Change-Id: I7e0b86988fb73eed604751ffd89657cdff4abc3c
Reviewed-on: https://chromium-review.googlesource.com/951726
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51787}
