Store 'length' and 'formal_parameter_count' fields as raw ints.
Also fixed a couple of issues on the way.
TBR=verwaest@chromium.org
Bug: v8:6470
Change-Id: I74ecd87cb0f041e61dab50d8bc29e3604dd1d09c
Reviewed-on: https://chromium-review.googlesource.com/527156
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45774}
This CL extracts the classes CompilationHelper, InstantiationHelper,
and AsyncCompileJob from wasm-module.cc and puts them into
module-compiler.{h|cc}. This is necessary to introduce a
WasmCompilationManager which is known to the isolate and manages the
lifetime of all AsyncCompileJobs.
In addition to the mechanical changes of copying the code and splitting
class declaration from instantiation, I did the following changes:
* I renamed the CompilationHelper to ModuleCompiler.
* A finalizer function is passed to the InstantiationHelper as a
parameter.
* Adjusted UpdateDispatchTable in wasm-module.cc to make it available in
wasm-module.h, also with the internal signature.
* Duplicate the ResolvePromise/RejectPromise helper functions.
I did not rename InstantiationHelper because I could not come up with a
good name, and it could benefit from a small special refactoring anyways.
BUG=v8:6436
R=clemensh@chromium.org, mtrofin@chromium.org
Change-Id: I4abe854c36dfc995b34c9d7b3e7ec0f4f0aa562e
Reviewed-on: https://chromium-review.googlesource.com/525572
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45773}
The two variants "turbofan" and "turbofan_opt" are not part of any of
the default sets of variants that run-tests.py uses. The only way to
trigger execution would be via the --variants flag directly, which our
infrastructure is not doing.
R=machenbach@chromium.org
Change-Id: Ifa58cb4a83a3760ffba73e8b40b417a845f53506
Reviewed-on: https://chromium-review.googlesource.com/526637
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45772}
Use the new ToString_Inline function instead, which performs a quick
IsString check and calls the ToString builtin to handled conversion.
This reduces builtins code size by 3K.
BUG=v8:5737
Change-Id: I103e628b905aed9d74dd7b4c4a98c5b0a16fd476
Reviewed-on: https://chromium-review.googlesource.com/527133
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45768}
BytecodeArrayBreakIterator doesn't iterate through locations in position() order. SkipToPosition is looking for closest break_index to passed one. So we should iterate through all breakable locations in function to get all of them.
R=jgruber@chromium.org
Bug: v8:6469
Change-Id: Ida0b849e9df40458a13e0a0f7af6a00349088228
Reviewed-on: https://chromium-review.googlesource.com/527135
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45765}
This CL contains a few pieces:
- A new mechanism to create "BuiltinContinuation" checkpoints in TurboFan
graphs, which--when triggered--swizzle the values in the the FrameState to be
parameters to a typically TF-generated builtin that resumes execution to finish
the slow-case functionality.
- Continuation builtins that have special handling in the deoptimizer and their own
new frame type to ensure that the values they need to begin executing can be stashed
away and restored immediately before the builtin is called via a trampoline that runs
when the continuation builtin's frame execution resumes.
- An implementation of Array.prototype.forEach in TurboFan that can be used to
inline it. The inlined forEach implementation uses the checkpoints mechanism
described above to deopt in the middle of the forEach in the cases that optimization
invariants are violated. There is a slightly different continuation stub for each
deopt point in the forEach implementation to ensure the correct side-effects, i.e.
that the deopt of the builtin isn't programmatically observable.
Review-Url: https://codereview.chromium.org/2803853005
Cr-Commit-Position: refs/heads/master@{#45764}
This patch also changes String body descriptor to use synchronized
length and adds atomic live_bytes accessor.
BUG=chromium:694255
Change-Id: I41233b2097ec5c6a4ea2c45d4b8febf7ffca155e
Reviewed-on: https://chromium-review.googlesource.com/527093
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45761}
Adds support for Speculatively lower ToPrimitiveToString to CheckString
where the type hint shows the value has always been a string.
BUG=v8:6243
Change-Id: I7f36deb8c2bc309e6d0546e099c76ac518c6be09
Reviewed-on: https://chromium-review.googlesource.com/521123
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45760}
When the slow path for Array.prototype.indexOf calls a Proxy's "has"
trap, it must check afterwards whether an exception was thrown.
BUG=chromium:728813
Change-Id: I998bba6ddcd65adfed2eefb63b3285da60d2a43c
Reviewed-on: https://chromium-review.googlesource.com/527173
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45759}
This removes the test suite variant for stressing Crankshaft from the
list of supported variants. Other stress variants remain untouched.
R=machenbach@chromium.org
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Iad236c2b80a1dea21b8be9b931e6a4e88f3ebcc5
Reviewed-on: https://chromium-review.googlesource.com/527094
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45758}
This cl: https://chromium-review.googlesource.com/509613 changed
CheckNotTaggedHole to not produce any value output. This would mean that
in some cases, we could leak hole on value edges. This violates the
assumption that we cannot see a hole on several operators. Fixing this
back to the original state.
Bug: chromium:730254
Change-Id: I3512930e88dbe15e9d9b4b0d276868f354cc2ae2
Reviewed-on: https://chromium-review.googlesource.com/527033
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45757}
Adds support for lowering of ToPrimitiveToString and StringConcat bytecodes
to the corresponding builtins. As part of this, moves the interpreter
implementation of these operations into the appropriate builtin generators
and add builtin support for them.
Also adds TailCallRuntimeN operator to code-assembler which enables tail calling
a runtime function when the arguments have already been pushed onto the stack.
BUG=v8:6243
Change-Id: Id5c851bc42e4ff490d9a23a8990ae331c7eac73e
Reviewed-on: https://chromium-review.googlesource.com/515362
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45756}
NEON loads and stores need notifiers for the local and global memory
access monitors. Add these whilst removing the address argument from the
notifier, making implementation simpler.
BUG=
Review-Url: https://codereview.chromium.org/2916853002
Cr-Commit-Position: refs/heads/master@{#45755}
The old implementation of Table.Set in wasm-js.cc accessed information
which should be hidden from this level of abstraction, e.g. the internal
structure of a WasmTableObject. With this CL, all that is done in
wasm-js.cc is the extraction of parameters. The actual logic is happening
in wasm-module.{h|cc}. This CL will also make refactoring wasm-module.cc
easier.
R=clemensh@chromium.org, mtrofin@chromium.org
Change-Id: Ifbce6f739459dffc9f9d47e4cd8227638867f3e9
Reviewed-on: https://chromium-review.googlesource.com/525694
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45754}
It's possible to build circular objects through the reviver function in
JSON.parse. Recursion needs to check for stack overflows and throw as
needed.
BUG=chromium:729671
Change-Id: I52ccd9ed9fea5829810879f8dd8207043fa6d910
Reviewed-on: https://chromium-review.googlesource.com/525812
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45752}
The inlining of Function.prototype.bind can lead to escape analyzed
bound functions, which weren't handled by the Deoptimizer previously.
BUG=chromium:729573
R=jarin@chromium.org,cbruni@chromium.org
Review-Url: https://codereview.chromium.org/2931483003
Cr-Commit-Position: refs/heads/master@{#45751}
... as opposite to a global per-isolate one.
Also streamlined multiple checks into a single acceptsPause() method.
BUG=chromium:590878
Review-Url: https://codereview.chromium.org/2925903002
Cr-Commit-Position: refs/heads/master@{#45749}
Properly propagate the fact that the function has a statically known name from
parser to SharedFunctionInfo objects. The empty string that has been set as
name before this CL does not help to distinguish cases like:
var o1 = { ''(){} };
var o1 = { [foo()](){} };
or
var o2 = { get ''(){} };
var o2 = { get [foo()](){} };
This is a preliminary step for using different layouts for closure objects with
and without computed names.
TBR=bmeurer@chromium.org, marja@chromium.org
Bug: v8:6459
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I10afa6f4bda7881c3714711a75f720f83c1d875d
Reviewed-on: https://chromium-review.googlesource.com/522073
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45744}
Fixes issues raised in CL https://codereview.chromium.org/2887193002.
That is:
1) Remove using mutex in Isolate::InitializeCounters().
2) Use counters_shared_.get() instead of counters_ (and hence, also
remove field counters_).
BUG=v8:6361
Review-Url: https://codereview.chromium.org/2919953003
Cr-Commit-Position: refs/heads/master@{#45743}
Found multiple issues (added TODOs for them):
- isPaused() check is global, so one can resume from another session/context group
without receiving 'paused' notification;
- setBreakpointsActive flag is global affecting all sessions and context groups;
- max async call stack depth is global, and should be per context group.
BUG=chromium:590878
Review-Url: https://codereview.chromium.org/2921373002
Cr-Commit-Position: refs/heads/master@{#45742}
OrderedHashSet doesn't need a ::Get, so we can move it to
OrderedHashMap.
Bug: v8:5717
Change-Id: I9606d8c4608473f9daecf8a87b4dd2e3b9570246
Reviewed-on: https://chromium-review.googlesource.com/522348
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45740}
The regression is already fixed. This just adds a regression test to
ensure it will never be reintroduced.
R=ahaas@chromium.org
BUG=chromium:729991
Change-Id: I5cf960cc756cbb7723041bc06a78d6a14c66e241
Reviewed-on: https://chromium-review.googlesource.com/525538
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45739}
There's no point in using our own implemention of List for this.
Bug:v8:6325
Change-Id: Ibe9a5c65df3c9ae577ece93616bcfa47f332c212
Reviewed-on: https://chromium-review.googlesource.com/489542
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45738}
This CL implements general infrastructure for block coverage together with
initial support for if-statements.
Coverage output can be generated in lcov format by d8 as follows:
$ d8 --block-coverage --lcov=$(echo ~/simple-if.lcov) ~/simple-if.js
$ genhtml ~/simple-if.lcov -o ~/simple-if
$ chrome ~/simple-if/index.html
A high level overview of the implementation follows:
The parser now collects source ranges unconditionally for relevant AST nodes.
Memory overhead is very low and this seemed like the cleanest and simplest
alternative.
Bytecode generation uses these ranges to allocate coverage slots and insert
IncBlockCounter instructions (e.g. at the beginning of then- and else blocks
for if-statements). The slot-range mapping is generated here and passed on
through CompilationInfo, and is later accessible through the
SharedFunctionInfo.
The IncBlockCounter bytecode fetches the slot-range mapping (called
CoverageInfo) from the shared function info and simply increments the counter.
We don't collect native-context-specific counts as they are irrelevant to our
use-cases.
Coverage information is finally generated on-demand through Coverage::Collect.
The only current consumer is a d8 front-end with lcov-style output, but the
short-term goal is to expose this through the inspector protocol.
BUG=v8:6000
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
Review-Url: https://codereview.chromium.org/2882973002
Cr-Commit-Position: refs/heads/master@{#45737}
Inline SMI checks in ICs are performed with a TBZ/TBNZ instruction, which has a
32 kB range. To allow patching the SMI check, the location of the TBZ/TBNZ
instruction is stored after the call to the IC using a MOVZ instruction, in
particular using 11 bits of the immediate (so the number of instructions
between the inline data and the SMI check must be encodable in 11 bits).
To make sure we do not exceed these ranges, we need to block pool emission
between the check, the patch info, and the label the check branches to.
BUG=
Review-Url: https://codereview.chromium.org/2917403002
Cr-Commit-Position: refs/heads/master@{#45735}
This takes into account the type of the type guard when choosing
representation for a node. To make the representation changes
unambiguous, we pass the restricted type to the changer.
BUG=chromium:726554
Review-Url: https://codereview.chromium.org/2920193004
Cr-Commit-Position: refs/heads/master@{#45734}
This reverts commit 0d06e42b69.
Reason for revert: clusterfuzz and canary crashes.
BUG=chromium:729209,v8:6456
Original change's description:
> [heap] Use partial free when shrinking instead of uncommitting
>
> This fixes the counter inconsistencies while leaving the memory in an
> inaccessible state.
>
> Bug: chromium:724947
> Change-Id: I431eb6fda84922a52dfb9380c6b482ada55bccee
> Reviewed-on: https://chromium-review.googlesource.com/519164
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45647}
TBR=hpayer@chromium.org,mlippautz@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:724947
Change-Id: I6c52b478b89a858ba984fe17f86cdf15fcfa974c
Reviewed-on: https://chromium-review.googlesource.com/525716
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45733}
Previously Ignition would collect precise Number feedback for binary
operators, but TurboFan would just ignore that and treat it the same as
NumberOrOddball. That however generates a lot of unnecessary code, plus
it defeats redundancy elimination if the same input is also used by
compare operations, which do properly distinguish feedback Number and
NumberOrOddball.
This CL adds the missing bits to connect the existing functionality
properly, i.e. adding the missing BinaryOperationHint and using the
NumberOperationHint::kNumber in the representation selection for tagged
inputs.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2923543003
Cr-Commit-Position: refs/heads/master@{#45732}
The boundary cells of the mark-bitmap can be access concurrently,
so they need to be updated with atomic CAS.
BUG=chromium:694255
Change-Id: Ibe85f00c8b4ccc61edc43b400c5b08a6d0ba620e
Reviewed-on: https://chromium-review.googlesource.com/521103
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45731}
When optimizing stores to data properties in literals, we need to first
migrate deprecated maps before we lookup the property access infos for
those.
BUG=chromium:724608
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2930433003
Cr-Commit-Position: refs/heads/master@{#45727}
This reverts commit 7fa071a48b.
Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=729482
Original change's description:
> Reland [parser] Refactor streaming scanner streams.
>
> Unify, simplify logic, reduce UTF8 specific handling.
>
> Intend of this is also to have stream views.
> Stream views can be used concurrently by multiple threads, but
> only one thread may fetch new data from the underlying source.
> This together with unified stream view creation is intended to be
> used for parse tasks.
>
> BUG=v8:6093
>
> Change-Id: I3bce48185fa2c986d16619a9a8ece3ff4c4f5e60
> Reviewed-on: https://chromium-review.googlesource.com/509489
> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
> Cr-Commit-Position: refs/heads/master@{#45688}
TBR=marja@chromium.org,vogelheim@chromium.org,wiktorg@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
BUG=v8:6093
Change-Id: Iefa7c43a2f6ae3a7f3ef0f77d87b6ae36ae4be99
Reviewed-on: https://chromium-review.googlesource.com/525712
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45725}
