This should speed up trace generation for cpu profile as it eliminates
creation of temporary std::string objects.
Review-Url: https://codereview.chromium.org/2555043003
Cr-Commit-Position: refs/heads/master@{#41736}
Original commit message:
[wasm] Introduce the TrapIf and TrapUnless operators to generate trap code.
Some instructions in WebAssembly trap for some inputs, which means that the
execution is terminated and (at least at the moment) a JavaScript exception is
thrown. Examples for traps are out-of-bounds memory accesses, or integer
divisions by zero.
Without the TrapIf and TrapUnless operators trap check in WebAssembly introduces 5
TurboFan nodes (branch, if_true, if_false, trap-reason constant, trap-position
constant), in addition to the trap condition itself. Additionally, each
WebAssembly function has four TurboFan nodes (merge, effect_phi, 2 phis) whose
number of inputs is linear to the number of trap checks in the function.
Especially for functions with high numbers of trap checks we observe a
significant slowdown in compilation time, down to 0.22 MiB/s in the sqlite
benchmark instead of the average of 3 MiB/s in other benchmarks. By introducing
a TrapIf common operator only a single node is necessary per trap check, in
addition to the trap condition. Also the nodes which are shared between trap
checks (merge, effect_phi, 2 phis) would disappear. First measurements suggest a
speedup of 30-50% on average.
This CL only implements TrapIf and TrapUnless on x64. The implementation is also
hidden behind the --wasm-trap-if flag.
Please take a special look at how the source position is transfered from the
instruction selector to the code generator, and at the context that is used for
the runtime call.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2571813002
Cr-Commit-Position: refs/heads/master@{#41735}
.. by using variadic templates in CodeAssembler and RawMachineAssembler.
BUG=
Review-Url: https://codereview.chromium.org/2580823002
Cr-Commit-Position: refs/heads/master@{#41733}
Reason for revert:
Win64 dbg failures
Original issue's description:
> [wasm] Make WasmRunner the central test structure
>
> The WasmRunner now always holds a TestingModule, and allows to add
> several functions to it. The prepares a change to always run wasm code
> with a full module behind it, removing the special handling for "no wasm
> instance" at runtime (http://crrev.com/2551053002).
> This CL here also templatizes the WasmRunner such that the Call method must
> be called with the same signature specified for the WasmRunner. This
> already catched several mismatches there.
>
> R=titzer@chromium.org, ahaas@chromium.org
> BUG=v8:5620
>
> Review-Url: https://codereview.chromium.org/2551043002
> Cr-Commit-Position: refs/heads/master@{#41728}
> Committed: 2ff5906231TBR=ahaas@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2583543002
Cr-Commit-Position: refs/heads/master@{#41732}
Instead of unconditionally setting maybe_assigned for parameters, treat
parameters like other variables except that at the end we set maybe_assigned if
the function has a sloppy arguments object.
R=adamk@chromium.org, mstarzinger@chromium.org
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2578103002
Cr-Commit-Position: refs/heads/master@{#41731}
The WasmRunner now always holds a TestingModule, and allows to add
several functions to it. The prepares a change to always run wasm code
with a full module behind it, removing the special handling for "no wasm
instance" at runtime (http://crrev.com/2551053002).
This CL here also templatizes the WasmRunner such that the Call method must
be called with the same signature specified for the WasmRunner. This
already catched several mismatches there.
R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2551043002
Cr-Commit-Position: refs/heads/master@{#41728}
This was kind of hard to read due to the nesting. Refactor it using short-circuit
a bit more and add some comments to each bit.
Review-Url: https://codereview.chromium.org/2573283003
Cr-Commit-Position: refs/heads/master@{#41727}
If an accessor property is non-configurable, one should not be able
to re-declare it as a function. This specifically applies to special properties like window.location.
BUG=chromium:670596
Review-Url: https://codereview.chromium.org/2582493002
Cr-Commit-Position: refs/heads/master@{#41725}
Similar to object grouping, we cannot trace through blink (and back to V8) after
making weak roots strong because phantom callbacks have already been scheduled
and the handles been zapped.
This is a short-term solution (mimicing what object grouping currently does). It
is not correct in general because we should fully process the subgraph that was
discovered by making some of the weak roots strong. In long term we need a
separate handle type on the API level for traced references that have their
handles zapped at a different stage.
Reproduction:
- Initial marking is done, i.e., both marking deques are empty.
- We make weak roots needed for regular finalizers strong.
- We collect phantom callback data and zap handles that are not reachable so far.
- Through new roots we discover wrappables on the blink side that would also keep
objects that were already scheduled for phantom callbacks alive.
- Since the handle was already zapped we crash during dereferencing.
BUG=chromium:668060,chromium:468240
Review-Url: https://codereview.chromium.org/2580813002
Cr-Commit-Position: refs/heads/master@{#41724}
If the eval contains a let, we need to know whether an inner function
refers to the variable to be able to decide its context allocation
status.
The added test needs https://codereview.chromium.org/2435023002/ too
in order to pass.
BUG=v8:5736
Review-Url: https://codereview.chromium.org/2574753002
Cr-Commit-Position: refs/heads/master@{#41723}
The error reported by the graph verifier looks like:
#
# Fatal error in ../src/compiler/machine-graph-verifier.cc, line 638
# TypeError: node #54:ChangeInt32ToInt64 uses node #53:ChangeUint32ToUint64 which doesn't have an int32-compatible representation.
#
# Specify option --csa-trap-on-node=test,54 for debugging.
#
BUG=
Review-Url: https://codereview.chromium.org/2574353002
Cr-Commit-Position: refs/heads/master@{#41721}
Some instructions in WebAssembly trap for some inputs, which means that the
execution is terminated and (at least at the moment) a JavaScript exception is
thrown. Examples for traps are out-of-bounds memory accesses, or integer
divisions by zero.
Without the TrapIf and TrapUnless operators trap check in WebAssembly introduces 5
TurboFan nodes (branch, if_true, if_false, trap-reason constant, trap-position
constant), in addition to the trap condition itself. Additionally, each
WebAssembly function has four TurboFan nodes (merge, effect_phi, 2 phis) whose
number of inputs is linear to the number of trap checks in the function.
Especially for functions with high numbers of trap checks we observe a
significant slowdown in compilation time, down to 0.22 MiB/s in the sqlite
benchmark instead of the average of 3 MiB/s in other benchmarks. By introducing
a TrapIf common operator only a single node is necessary per trap check, in
addition to the trap condition. Also the nodes which are shared between trap
checks (merge, effect_phi, 2 phis) would disappear. First measurements suggest a
speedup of 30-50% on average.
This CL only implements TrapIf and TrapUnless on x64. The implementation is also
hidden behind the --wasm-trap-if flag.
Please take a special look at how the source position is transfered from the
instruction selector to the code generator, and at the context that is used for
the runtime call.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2562393002
Cr-Commit-Position: refs/heads/master@{#41720}
Adds assignment tracking to the bytecode analysis pass, and updates
bytecode graph builder to only create LoopExitValues for assigned
values.
Review-Url: https://codereview.chromium.org/2558093005
Cr-Commit-Position: refs/heads/master@{#41719}
MIPS[64]R6 supports only fusion multiply-accumulate instructions, and using
these causes failures of several tests that expect exact floating-point
results. Therefore we disable fusion multiply-accumulate in both emitted and
compiled code on R6.
TEST=cctest/test-run-machops/RunFloat64MulAndFloat64Add1,mjsunit/es6/math-expm1.js
mjsunit/es6/math-fround.js,mjsunit/compiler/multiply-add.js
BUG=
Review-Url: https://codereview.chromium.org/2569683002
Cr-Commit-Position: refs/heads/master@{#41717}
This splits branch ref creation and landing. The ref now directly uses
heads (without pending) and for landing we use depot_tools.
For simplicity, the check for existing tags is removed, as it now
is very unlikely to happen again without gnumbd.
BUG=chromium:674448
NOTRY=true
TBR=tandrii@chromium.org
Review-Url: https://codereview.chromium.org/2584523002
Cr-Commit-Position: refs/heads/master@{#41716}
Allocate the registers used as arguments to a call on-demand after visiting the
argument (or reciever). This means that the visited expression can use registers
that would otherwise have been allocated for arguments which haven't been
visited yet.
The reason for doing this is to avoid keeping things live in registers
unecessarily for chained function calls, which avoids a memory leak for
functions which chain a large number of calls with large temporary arguments /
recievers.
BUG=chromium:672027
Review-Url: https://codereview.chromium.org/2557173004
Cr-Commit-Position: refs/heads/master@{#41714}
This fixes a corner case where the {FastCloneShallowArrayStub} was used
for literals that are backed by a double backing store and would exceed
limits for new-space allocations on 32-bit architectures. The stub in
question does not support such literals, callers must use the runtime.
Note that this fix is for Ignition as well as FullCodeGenerator.
R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-672792
BUG=chromium:672792
Review-Url: https://codereview.chromium.org/2570843002
Cr-Commit-Position: refs/heads/master@{#41713}
Templatizes the AccumulatorUsage and OperandType for BytecodeNode creation and
BytecodeRegisterOptimizer::PrepareForBytecode. This allows the compiler to
statically know whether the bytecode being created accesses the accumulator
and what operand types need scaling, avoiding runtime checks in the code.
Also removes BytecodeNode::set_bytecode methods.
Review-Url: https://codereview.chromium.org/2542903003
Cr-Commit-Position: refs/heads/master@{#41706}
Determine if the scope of the function to be serialized includes asm-
wasm, and if so, bypass serialization, since we do not support it in
that scenario.
In this change, we do so regardless of whether the asm-wasm path was
successful. This is so we keep the design simple, since the guidance
to developers, moving forward, is to use wasm.
BUG=643595
Review-Url: https://codereview.chromium.org/2573193002
Cr-Commit-Position: refs/heads/master@{#41704}
Promise catch prediction no longer has to be threaded through the
parser since the code using %catch has been moved to TF codestubs.
This is currently dead code.
BUG=v8:5343,v8:5741
Review-Url: https://codereview.chromium.org/2575133002
Cr-Commit-Position: refs/heads/master@{#41701}
Printing an asm.js success message and timings is useful,
but also non-deterministic. Making the message stable unless a flag is passed.
This will avoid making it a hassle in the future to create LayoutTests
that use asm.js and verify console output.
BUG=v8:4203
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2574273002
Cr-Commit-Position: refs/heads/master@{#41700}
Avoid needless resizing of the StateValueList's fields vector by
reserving its (already known) size.
Review-Url: https://codereview.chromium.org/2572683005
Cr-Commit-Position: refs/heads/master@{#41698}
This reverts commit 5c1babcc16.
This seems to regress a range of benchmarks on ia32:
Emscripten for Fannkuch, Zlib, MemOps, Life, Bullet
AreWeFastYet for BulletLoadTime, Fasta, Fannkuch
JetStream for towers.c, quicksort.c, gcc-loops.cpp, bigfib.cpp
BUG=673861
R=jarin@chromium.org,shiyu.zhang@intel.com
Review-Url: https://codereview.chromium.org/2573983003
Cr-Commit-Position: refs/heads/master@{#41696}
Adding timing info going to the console about asm.js
Rename ConvertAsmToWasm -> CompileAsmViaWasm, to be more precise.
Add enum for wasm data elements.
BUG=v8:4203
R=titzer@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2577453003
Cr-Commit-Position: refs/heads/master@{#41695}
Without this patch, the tests on lines 410, 414, 418 and 422 in
function testNonStaticName of test/mjsunit/es6/function-name.js
would all fail. The bug caused non-static "name" methods and
properties to be mistaken for static ones.
R=adamk@chromium.org, verwaest@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2567343004
Cr-Commit-Position: refs/heads/master@{#41692}
WASM exported functions have additional internal fields which change the instance
size. Adding a getter or setter to such an exported function results in its map
becoming normalized. The normalized map cache, however, finds a different map
with a different instance size, and thus BOOM.
R=verwaest@chromium.org,cbruni@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2554343002
Cr-Commit-Position: refs/heads/master@{#41691}
The least two bits of the owner field of a Page are used to determine
whether the Page is part of a large object. If these bits are not equal
to 0x11, the page is part of a large object and needs special handling
e.g. in MemoryChunk::FromAnyPointerAddress to determine which chunk it
belongs to.
This CL fixes an issue in which the store buffer overflows after
a large object space allocation but before the object has been fully
initialized. Store buffer overflow handling attempts to look up the
chunk of a page, but fails to do so correctly since the page's owner
field has not yet been initialized.
This CL ensures that the owner field of all pages belonging to a large
object allocation are initialized to a value that is interpreted
correctly.
BUG=chromium:672041
Committed: https://crrev.com/9b6808bfb5366beebe3af30a06f9851edb2039d4
Review-Url: https://codereview.chromium.org/2565713002
Cr-Original-Commit-Position: refs/heads/master@{#41641}
Cr-Commit-Position: refs/heads/master@{#41687}
