With this change, WebAssembly.Memory objects have backing stores allocated as an
8GB region where everything beyond the size of the Wasm heap is inaccessible.
GrowMemory is now implemented by changing the protection on the guard regions to
make the new portions of the heap accessible.
Guard pages are not enabled by default, but this change adds a flag and a test
variant to make sure we get test coverage on them.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2396433008
Cr-Commit-Position: refs/heads/master@{#41089}
SourcePosition::InliningId() refers to a the new table DeoptimizationInputData::InliningPositions(), which provides the following data for every inlining id:
- The inlined SharedFunctionInfo as an offset into DeoptimizationInfo::LiteralArray
- The SourcePosition of the inlining. Recursively, this yields the full inlining stack.
Before the Code object is created, the same information can be found in CompilationInfo::inlined_functions().
If SourcePosition::InliningId() is SourcePosition::kNotInlined, it refers to the outer (non-inlined) function.
So every SourcePosition has full information about its inlining stack, as long as the corresponding Code object is known. The internal represenation of a source position is a positive 64bit integer.
All compilers create now appropriate source positions for inlined functions. In the case of Turbofan, this required using AstGraphBuilderWithPositions for inlined functions too. So this class is now moved to a header file.
At the moment, the additional information in source positions is only used in --trace-deopt and --code-comments. The profiler needs to be updated, at the moment it gets the correct script offsets from the deopt info, but the wrong script id from the reconstructed deopt stack, which can lead to wrong outputs. This should be resolved by making the profiler use the new inlining information for deopts.
I activated the inlined deoptimization tests in test-cpu-profiler.cc for Turbofan, changing them to a case where the deopt stack and the inlining position agree. It is currently still broken for other cases.
The following additional changes were necessary:
- The source position table (internal::SourcePositionTableBuilder etc.) supports now 64bit source positions. Encoding source positions in a single 64bit int together with the difference encoding in the source position table results in very little overhead for the inlining id, since only 12% of the source positions in Octane have a changed inlining id.
- The class HPositionInfo was effectively dead code and is now removed.
- SourcePosition has new printing and information facilities, including computing a full inlining stack.
- I had to rename compiler/source-position.{h,cc} to compiler/compiler-source-position-table.{h,cc} to avoid clashes with the new src/source-position.cc file.
- I wrote the new wrapper PodArray for ByteArray. It is a template working with any POD-type. This is used in DeoptimizationInputData::InliningPositions().
- I removed HInlinedFunctionInfo and HGraph::inlined_function_infos, because they were only used for the now obsolete Crankshaft inlining ids.
- Crankshaft managed a list of inlined functions in Lithium: LChunk::inlined_functions. This is an analog structure to CompilationInfo::inlined_functions. So I removed LChunk::inlined_functions and made Crankshaft use CompilationInfo::inlined_functions instead, because this was necessary to register the offsets into the literal array in a uniform way. This is a safe change because LChunk::inlined_functions has no other uses and the functions in CompilationInfo::inlined_functions have a strictly longer lifespan, being created earlier (in Hydrogen already).
BUG=v8:5432
Review-Url: https://codereview.chromium.org/2451853002
Cr-Commit-Position: refs/heads/master@{#40975}
Adds an IsInterpreted() function to both SharedFunctionInfo and JSFunction.
This is used to fix the test-heap code-aging tests since Ignition doesn't
age code.
BUG=v8:4680
Review-Url: https://codereview.chromium.org/2481433002
Cr-Commit-Position: refs/heads/master@{#40868}
This enables Ignition unconditionally for all code that is destined for
optimization with TurboFan. This ensures all optimization attempts will
go through the BytecodeGraphBuilder and that the AstGraphBuilder pipe is
dried out in practice.
patch from issue 2427953002 at patchset 120001 (http://crrev.com/2427953002#ps120001)
R=mvstanton@chromium.org,rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2453973004
Cr-Commit-Position: refs/heads/master@{#40663}
This enables Ignition unconditionally for all code that is destined for
optimization with TurboFan. This ensures all optimization attempts will
go through the BytecodeGraphBuilder and that the AstGraphBuilder pipe is
dried out in practice.
R=mvstanton@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2427953002
Cr-Commit-Position: refs/heads/master@{#40462}
The CL #39795 (https://codereview.chromium.org/2345593003 ) added MultiReturnSelect_f32/MultiReturnSelect_f64 tests.
Because those tests need 2 float point return registers and x87 only has 1 FP return register, Those tests failed at x87 port.
This CL skips MultiReturnSelect_f32/MultiReturnSelect_f64 tests for x87.
BUG=
Review-Url: https://codereview.chromium.org/2405743002
Cr-Commit-Position: refs/heads/master@{#40113}
This makes sure we run the module tests against all variants using
Ignition as the first compilation tier. It will henceforth extend the
test coverage to the BytecodeGraphBuilder as well.
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2397733002
Cr-Commit-Position: refs/heads/master@{#39992}
Ignition collects type feedback for binary and compare operations in type
feedback vector and FCG uses Binary/CompareOpICs to collect type feedback.
The feedback collected by ignition is not used by crankshaft. This hits the
performance, when trying to optimize functions that did not tier upto FCG.
This cl merges the feedback collected by ignition and FCG when passing to
crankshaft.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2361043002
Cr-Commit-Position: refs/heads/master@{#39753}
This patch gives the ability for the embedder to ask for the
module requests of a module, and to pass a ResolveCallback
into Module::Instantiate().
In d8, I've implemented a simple module_map that's used
along with this API to allow loading, compiling, instantiating,
and evaluating a whole tree of modules.
No path resolution is yet implemented, meaning that all
import paths are relative to whatever directory d8 runs
in. And no imports are linked to the exports of the
requested module.
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2351113004
Cr-Commit-Position: refs/heads/master@{#39569}
This is a first implementation of inlining into graphs that have been
created using the {BytecodeGraphBuilder}. Note that inlining sticks to
graphs of the same kind, we only ever inline AstGraph into AstGraph or
BytecodeGraph into BytecodeGraph, no mixed inlining.
R=bmeurer@chromium.org,rmcilroy@chromium.org
TEST=cctest/test-run-inlining
BUG=v8:5251
Review-Url: https://codereview.chromium.org/2262033003
Cr-Commit-Position: refs/heads/master@{#39439}
Adds support to collect allocation site feedback for Array function calls
to the call bytecode handler.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2307903002
Cr-Commit-Position: refs/heads/master@{#39283}
This is analogous to the variable liveness analysis we do in the AstGraphBuilder, but on the bytecode registers.
BUG=
Review-Url: https://codereview.chromium.org/2307863002
Cr-Commit-Position: refs/heads/master@{#39248}
In ignition, allocation site mementos were disabled when creating array
literals. Enabled them in this cl.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2294913006
Cr-Commit-Position: refs/heads/master@{#39234}
Also disable four cpu-profiler tests under asan that fail
with the GN setup.
BUG=chromium:474921,v8:5243
Review-Url: https://codereview.chromium.org/2309263002
Cr-Commit-Position: refs/heads/master@{#39171}
Our Type class has a semantic and representational dimension.
Much code in src/ast, Crankshaft and Turbofan is based on it.
Going forward in Turbofan we'd like to remove representational information
entirely. To that end, new type AstType has been created to preserve
existing behavior for the benefit of Crankshaft and the AST.
BUG=
Review-Url: https://codereview.chromium.org/2302283002
Cr-Commit-Position: refs/heads/master@{#39135}
Collect type feedback in the bytecode handler for 'new' bytecode. The
earlier cl (https://codereview.chromium.org/2153433002/) was reverted
because that implementation did not collect allocation site feedback.
This regressed delta blue by an order of magnitude. This implementation
includes collection of allocation site feedback.
Reland of https://codereview.chromium.org/2190293003/ with a bug fix.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2225923003
Cr-Commit-Position: refs/heads/master@{#39120}
There's no need to preserve the exact callee for lazy bailouts
from JSCallFunction in the AstGraphBuilder, as fullcodegen code
will never look at that value after the callee returns. So we
just push optimized_out instead.
BUG=v8:5267
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2285183002
Cr-Commit-Position: refs/heads/master@{#38963}
Reason for revert:
[Sheriff] Fails on nosnap debug:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/8403
Original issue's description:
> [Interpreter] Collect type feedback for 'new' in the bytecode handler
>
> Collect type feedback in the bytecode handler for 'new' bytecode. The
> earlier cl (https://codereview.chromium.org/2153433002/) was reverted
> because that implementation did not collect allocation site feedback.
> This regressed delta blue by an order of magnitude. This implementation
> includes collection of allocation site feedback.
>
> BUG=v8:4280, v8:4780
> LOG=N
>
> Committed: https://crrev.com/9d5e6129c4c7f9cbfe81a5fad2a470f219fe137c
> Cr-Commit-Position: refs/heads/master@{#38364}
TBR=bmeurer@chromium.org,rmcilroy@chromium.org,balazs.kilvady@imgtec.com,mythria@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4780
Review-Url: https://codereview.chromium.org/2212343002
Cr-Commit-Position: refs/heads/master@{#38368}
Collect type feedback in the bytecode handler for 'new' bytecode. The
earlier cl (https://codereview.chromium.org/2153433002/) was reverted
because that implementation did not collect allocation site feedback.
This regressed delta blue by an order of magnitude. This implementation
includes collection of allocation site feedback.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2190293003
Cr-Commit-Position: refs/heads/master@{#38364}
This adds the possibility to address test cases in the
status file with the variant under which the test is running.
This is only allowed in top-level sections.
Example:
[{
'test-case': [PASS, SLOW],
}]
['variant == foo', {
'test-case': [FAIL],
}]
The test case "test-case" is marked as slow in all variants.
Additionally, in variant foo, it'll be expected to fail.
This CL also exemplifies the new feature with test cases
running under the ignition_turbofan variant. The
corresponding legacy flag is deprecated.
BUG=v8:5238
Review-Url: https://codereview.chromium.org/2203013002
Cr-Commit-Position: refs/heads/master@{#38342}
So far we treated SignedSmall and Signed32 feedback the same for number
operations. However it would be beneficial to generate (a lot) less code
if we only do a Smi check on the inputs instead of doing the full Smi +
HeapNumber + conversion check that we need to do for Signed32 feedback.
R=epertoso@chromium.org
BUG=v8:4583
Review-Url: https://codereview.chromium.org/2207893002
Cr-Commit-Position: refs/heads/master@{#38290}
Without this fix, two rules [PASS, MODIFIER] and [FAIL]
would be joined as [PASS, MODIFIER, FAIL], undermining the
intention of the second rule to mark a test as failing.
BUG=v8:4680,v8:4900
Review-Url: https://codereview.chromium.org/2201033002
Cr-Commit-Position: refs/heads/master@{#38238}
This switches our inlining tests (i.e. cctest/test-run-inlining) to rely
on global object instead of function context specialization, which is
more in sync with what we are actually shipping. It will also allow us
to test inlining with the BytecodeGraphBuilder without having to add
support for function context specialization just for testing purposes.
R=bmeurer@chromium.org
TEST=cctest/test-run-inlining
BUG=v8:5251
Review-Url: https://codereview.chromium.org/2200673002
Cr-Commit-Position: refs/heads/master@{#38209}
The flag was introduced for ignition development. It can only
be used when running ignition tests in isolation on the bots.
The bots only use ignition_turbo in isolation since a while
and don't pass the --ignition flag anymore.
BUG=v8:5238
Review-Url: https://codereview.chromium.org/2197123002
Cr-Commit-Position: refs/heads/master@{#38206}
The test was calling OptimizeFunctionOnNextCall on a function before
ever executing it - crankshaft therefore didn't have any type info and
was generating a soft deoptimization bailout. Make sure we execute the
function before calling OptimizeFunctionOnNextCall to avoid this issue.
BUG=
Review-Url: https://codereview.chromium.org/2168603003
Cr-Commit-Position: refs/heads/master@{#38171}
Port 580fdf3c05
This also reverses the MachineType stored for partial unaligned access support
such that it records the unsupported types, rather than supported types.
BUG=
Review-Url: https://codereview.chromium.org/2182493003
Cr-Commit-Position: refs/heads/master@{#38065}
Always use the BytecodeGraphBuilder when the --turbo-from-bytecode
is enabled, assuming the function should be compiled for Ignition.
Adds a new MaybeOptimizeIgnition function to runtime-profiler
which is called if the function should be optimized from bytecode
rather than going via full-codegen.
BUG=v8:4280
Committed: https://crrev.com/9ca7db914be88e6792a88eab4a1988ee031d70c4
Review-Url: https://codereview.chromium.org/2156753002
Cr-Original-Commit-Position: refs/heads/master@{#37921}
Cr-Commit-Position: refs/heads/master@{#38002}
Skip test-run-load-store/RunUnalignedLoadStoreUnalignedAccess on ARM until
UnalignedLoad and UnalignedStore operators get implemented
NOTRY=true
Review-Url: https://codereview.chromium.org/2182433002
Cr-Commit-Position: refs/heads/master@{#38001}
Reason for revert:
Breaks tsan:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/10758
Original issue's description:
> [Intepreter] Always use BytecodeGraphBuilder when --turbo-from-bytecode
>
> Always use the BytecodeGraphBuilder when the --turbo-from-bytecode
> is enabled, assuming the function should be compiled for Ignition.
> Adds a new MaybeOptimizeIgnition function to runtime-profiler
> which is called if the function should be optimized from bytecode
> rather than going via full-codegen.
>
> BUG=v8:4280
>
> Committed: https://crrev.com/9ca7db914be88e6792a88eab4a1988ee031d70c4
> Cr-Commit-Position: refs/heads/master@{#37921}
TBR=mstarzinger@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2165223002
Cr-Commit-Position: refs/heads/master@{#37925}
Always use the BytecodeGraphBuilder when the --turbo-from-bytecode
is enabled, assuming the function should be compiled for Ignition.
Adds a new MaybeOptimizeIgnition function to runtime-profiler
which is called if the function should be optimized from bytecode
rather than going via full-codegen.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2156753002
Cr-Commit-Position: refs/heads/master@{#37921}
Reason for revert:
This cl causes a large regression in octane (https://chromeperf.appspot.com/group_report?bug_id=629503). I have to investigate the reason before I can reland this.
Original issue's description:
> [Interpreter] Collect type feedback for 'new' in the bytecode handler
>
> Collect type feedback in the bytecode handler for 'new' bytecode. The
> current implementation does not collect allocation site feedback.
>
> BUG=v8:4280, v8:4780
> LOG=N
>
> Committed: https://crrev.com/1eadc76419b323fb2e55ae9953142f801704aa59
> Cr-Commit-Position: refs/heads/master@{#37862}
TBR=rmcilroy@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4780
Review-Url: https://codereview.chromium.org/2165633003
Cr-Commit-Position: refs/heads/master@{#37872}
Collect type feedback in the bytecode handler for 'new' bytecode. The
current implementation does not collect allocation site feedback.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2153433002
Cr-Commit-Position: refs/heads/master@{#37862}
This allows to pass deoptimization reasons to the profiler without the
requirement of always providing a source position. The absence of deopt
reasons is now communicated via a sentinel as the deopt id value. The
deoptimization reasons recently added to TurboFan are now passed to the
profiler.
R=bmeurer@chromium.org
TEST=cctest/test-cpu-profiler
Review-Url: https://codereview.chromium.org/2159793002
Cr-Commit-Position: refs/heads/master@{#37852}
Collect type feedback in the call bytecode handler. The current
implementation only collects feedback for JS function objects. The other
objects and Array functions do not collect any feedback. They will be
marked Megamorphic.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2122183002
Cr-Commit-Position: refs/heads/master@{#37700}
This extends pretenuring decisions based on allocation sites to heap
numbers that are allocated as part of object literals. It ensures memory
locality of a bigger enclosure of the deep copy of an object literal.
R=bmeurer@chromium.org
TEST=cctest/test-heap/OptimizedPretenuringMixedInObjectProperties
Review-Url: https://codereview.chromium.org/2135933002
Cr-Commit-Position: refs/heads/master@{#37645}
This enables tests which verify allocation site feedback is used and
influences pretenuring decisions. By now TurboFan is respecting such
feedback. Ignition however doesn't provide such feedback yet.
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2135563003
Cr-Commit-Position: refs/heads/master@{#37628}
The reason:
In CreateRandomOperand(), It used the register index 1 for ExplicitOperand(LocationOperand::REGISTER, rep,
GetRegisterCode(rep, 1)).
For x87 turbofan compiler, there's only 1 allocatable Float/Double register, i.e.: register index 0. the
GetRegisterCode(rep, 1) in ExplicitOperand() always return false when rep is MachineRepresentation::kFloat32/kFloat64.
It caused the test-gap-resolver/FuzzResolver failed at DCHECK_IMPLIES(kind == REGISTER && rep == MachineRepresentation::kFloat32,
FloatRegister::from_code(index).IsAllocatable(RegisterConfiguration::TURBOFAN)), src/compiler/instruction.cc, line 259, under
debug mode.
This CL disable test-gap-resolver/FuzzResolver test case for x87.
BUG=
Review-Url: https://codereview.chromium.org/2120203002
Cr-Commit-Position: refs/heads/master@{#37515}
A pointer comparison on the effect path states is not sufficient to
guarantee termination; we really need to check the actual nodes to
make sure we terminate properly, similar to what BranchElimination
does.
R=jarin@chromium.org
BUG=v8:5161
Review-Url: https://codereview.chromium.org/2112463002
Cr-Commit-Position: refs/heads/master@{#37389}
Reland of https://codereview.chromium.org/2034093002 (reverted by
https://codereview.chromium.org/2080153002).
Original commit message:
Implement WASM support on big-endian platforms. WASM has
an implicit requirement that it is running on little-endian
machine. We achieve WASM support on BE by keeping data
in memory in little-endian order, and changing data
endianness before storing to memory and after loading from
memory.
BUG=
Review-Url: https://codereview.chromium.org/2083523002
Cr-Commit-Position: refs/heads/master@{#37373}
The reason:
All RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan/Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases
use the C++ function to generate the expected value or result. So for x87, all those expected value or result are
extended double precision as the extended double precision is default for x87 Gcc compiler and std lib on linux platform.
The issue is:
For RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan test cases, the expected values generated by C++ function
are extended double precision, the results generated by X87 jitted code are double precision according to the ECMA standard.
The comparison of different precisons caused some of those test cases failed.
For Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases, the expected values are pre-defined double precision values, the results
generated by C++ function are extended double precision. The comparison of different precisons caused some of those test cases
failed too.
This CL disables RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan/Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases for x87.
BUG=
Review-Url: https://codereview.chromium.org/2111493002
Cr-Commit-Position: refs/heads/master@{#37371}
Reason for revert:
[Sheriff] Speculative revert for crashes on chrubuntu chromebooks:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm/builds/320
Original issue's description:
> Implement WASM big-endian support.
>
> Implement WASM support on big-endian platforms. WASM has
> an implicit requirement that it is running on little-endian
> machine. We achieve WASM support on BE by keeping data
> in memory in little-endian order, and changing data
> endianness before storing to memory and after loading from
> memory.
>
> BUG=
>
> Committed: https://crrev.com/d3f3f6c8186b2a53f0c539f7bba0c3708c4d83f9
> Cr-Commit-Position: refs/heads/master@{#37065}
TBR=titzer@chromium.org,akos.palfi@imgtec.com,balazs.kilvady@imgtec.com,jyan@ca.ibm.com,ivica.bogosavljevic@imgtec.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review-Url: https://codereview.chromium.org/2080153002
Cr-Commit-Position: refs/heads/master@{#37091}
Implement WASM support on big-endian platforms. WASM has
an implicit requirement that it is running on little-endian
machine. We achieve WASM support on BE by keeping data
in memory in little-endian order, and changing data
endianness before storing to memory and after loading from
memory.
BUG=
Review-Url: https://codereview.chromium.org/2034093002
Cr-Commit-Position: refs/heads/master@{#37065}
The previous approach taken by FastNew[Sloppy,Strict,Rest]ArgumentsStub
looked at the function slot in order to skip stub frames
and find the JS frame. However, stub frames do not have a
function slot (in fact their fixed frame ends one slot
before the JS frame's function slot). Therefore, if this
location in the stub frame happens to have the function
object the create arguments stubs won't skip this frame
correctly.
Replace this approach with one where the stub is
specialized to either skip a frame if required (since
there will only ever be one extra frame on Ignition
the loop approach isn't necessary).
BUG=v8:4928
LOG=N
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
Review-Url: https://codereview.chromium.org/1949023003
Cr-Commit-Position: refs/heads/master@{#36181}
Some tests which fail with '--ignition --turbo --turbo-from-bytecode' pass with
just '--ignition'. Unskip these tests. Also group other tests with related
bugs.
BUG=v8:4680
LOG=N
Review-Url: https://codereview.chromium.org/1944413002
Cr-Commit-Position: refs/heads/master@{#36083}
This adds ignition to the testing variants that are run on all
bots.
Failing tests can only be skipped with the NO_IGNITION
keyword in status files. Existing expectations for the
ignition_turbofan variant are all duplicated and use the
NO_IGNITION keyword as well now.
BUG=v8:4280
LOG=N
Committed: https://crrev.com/132c09ed619f23fb7c6d26a4e3552c703389eabd
Cr-Commit-Position: refs/heads/master@{#35865}
Review-Url: https://codereview.chromium.org/1804003002
Cr-Commit-Position: refs/heads/master@{#35926}
Reason for revert:
Will resubmit with proper fix and more test skips.
Original issue's description:
> [Ignition] Test ignition on all bots.
>
> This adds ignition to the testing variants that are run on all
> bots.
>
> Failing tests can only be skipped with the NO_IGNITION
> keyword in status files. Existing expectations for the
> ignition_turbofan variant are all duplicated and use the
> NO_IGNITION keyword as well now.
>
> BUG=v8:4280
> LOG=N
> NOTRY=true
TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,mythria@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/1930943002
Cr-Commit-Position: refs/heads/master@{#35871}
This adds ignition to the testing variants that are run on all
bots.
Failing tests can only be skipped with the NO_IGNITION
keyword in status files. Existing expectations for the
ignition_turbofan variant are all duplicated and use the
NO_IGNITION keyword as well now.
BUG=v8:4280
LOG=N
NOTRY=true
Review-Url: https://codereview.chromium.org/1804003002
Cr-Commit-Position: refs/heads/master@{#35865}
This adds a new ignition_turbofan testing variant that'll
allow switching turbofan off in the other ignition variant.
The switch will happen in a follow up after reconfiguring
the bots.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1922623003
Cr-Commit-Position: refs/heads/master@{#35790}
Port 3518e492c0
Original commit message:
Short external strings do not cache the resource data, and may be used
for compressible strings. The assumptions about their lengths is
invalid and may lead to oob reads.
R=bmeurer@chromium.org
BUG=v8:4923,chromium:604897
LOG=N
Review URL: https://codereview.chromium.org/1902393004
Cr-Commit-Position: refs/heads/master@{#35683}
Short external strings do not cache the resource data, and may be used
for compressible strings. The assumptions about their lengths is
invalid and may lead to oob reads.
R=jkummerow@chromium.org
BUG=v8:4923,chromium:604897
LOG=N
Review URL: https://codereview.chromium.org/1901573003
Cr-Commit-Position: refs/heads/master@{#35660}
Adds code to call FunctionEntryHook on entry to the InterpreterEntryTrampoline.
This should give SyzyProf enough information to build non-discontinous profile
graphs, however since interpreter functions aren't uniquely identified they will
all get lumped into one bucket. This should be good enough for SyzyProf's current
use-case.
BUG=v8:4763
LOG=N
Review URL: https://codereview.chromium.org/1884133002
Cr-Commit-Position: refs/heads/master@{#35568}
Visit the Optimized Code Map on first call rather than closure creation.
This is useful for escape analysis, and helps upcoming changes to
type feedback gathering.
Adding notry due to crashed builders:
NOTRY=true
BUG=
Committed: https://crrev.com/9336f4cc6d25d39a128176679a70dbd13a6d946e
Cr-Commit-Position: refs/heads/master@{#35395}
Review URL: https://codereview.chromium.org/1670143002
Cr-Commit-Position: refs/heads/master@{#35440}
Reason for revert:
Blocks roll. See https://codereview.chromium.org/1877003002/ for detailed messages.
You should be able to repro this with Linux ASAN.
Original issue's description:
> Visit the Optimized Code Map on first call rather than closure creation.
>
> This is useful for escape analysis, and helps upcoming changes to
> type feedback gathering.
>
> BUG=
>
> Committed: https://crrev.com/9336f4cc6d25d39a128176679a70dbd13a6d946e
> Cr-Commit-Position: refs/heads/master@{#35395}
TBR=mstarzinger@chromium.org,bmeurer@chromium.org,mvstanton@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1878063004
Cr-Commit-Position: refs/heads/master@{#35404}
This is useful for escape analysis, and helps upcoming changes to
type feedback gathering.
BUG=
Review URL: https://codereview.chromium.org/1670143002
Cr-Commit-Position: refs/heads/master@{#35395}
This makes sure the SharedFunctionInfo is available whenever we evaluate
the UseIgnition predicate. This makes sure we can apply filters properly
even when the interpreter causes eager compilation (instead of lazy).
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1860943002
Cr-Commit-Position: refs/heads/master@{#35263}
Makes --ignition cause eager compilation if we aren't building the startup
snapshot.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1811553003
Cr-Commit-Position: refs/heads/master@{#35066}
Fixes CopyBytecodeArray to set the interrupt_budget field.
BUG=v8:4280,v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1809123003
Cr-Commit-Position: refs/heads/master@{#34982}
The trigger point in question is by now obsolete. The optimized compile
job will itself ensure that deoptimization support is present on the
incoming SharedFunctionInfo, this will make sure to produce baseline
code when necessary. The ScopeInfo is also installed at that point in
time.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1816513002
Cr-Commit-Position: refs/heads/master@{#34887}
Immortal immovable roots must be allocated on the first page of the space.
If serializing the root list exceeds the first page, immortal immovable root
objects might end up outside of the first page. That could cause missing
write barriers.
We now iterate the root list twice. The first time we only serialize immortal
immovable root objects. The second time we serialize the rest.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1811913002
Cr-Commit-Position: refs/heads/master@{#34859}
The feature was removed from the bots a while ago. It was
superseeded by the flaky-test detection which reruns tests.
Remaining tests still marked as flaky most certainly pass
since a while.
Referencing all the bugs whose expectations lines get
removed by this.
BUG=v8:3838,v8:3525,v8:3125
LOG=n
Review URL: https://codereview.chromium.org/1802983002
Cr-Commit-Position: refs/heads/master@{#34804}
Updates InlineTwice to declare a function and then return a function
instead of using function expressions by wrapping a function with '('
and ')'. The earlier implementation would cause the function to
compile immediately instead of lazy compile. Also updates cctest.status
BUG=v8:4280,v8:4837,v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1800073002
Cr-Commit-Position: refs/heads/master@{#34790}
Updates cctest.status and also updates the test
cctest/test-serialize/SerializeInternalReference to return success when
FLAG_ignition is true. This test tests for internal references and is not
relevant for interpreter.
BUG=v8:4280,v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1782893002
Cr-Commit-Position: refs/heads/master@{#34723}
FullCodegen generates 2 statement positions for the loop init block, like so:
for(var i = 0; i....
^ ^
This change removes the first of those, updates unit tests,
and removes text expectations for Ignition.
---
An alternative would be to emulate the existing behaviour in Ignition, but:
- The new behaviour seems more logical,
- Ignition generates no bytecodes for the 'var', meaning there is no code position to attach the break position to.
BUG=v8:4690
LOG=Y
Review URL: https://codereview.chromium.org/1784883002
Cr-Commit-Position: refs/heads/master@{#34717}
This ensures the interpreter is not tasked with compiling generator
functions. It currently does not support suspending activations at
yielding points, but we still want to be able to activate it for the
rest of JavaScript in the meantime.
R=rmcilroy@chromium.org
BUG=v8:4681
LOG=n
Review URL: https://codereview.chromium.org/1782013002
Cr-Commit-Position: refs/heads/master@{#34672}
Changes include:
- better test coverage for builds with snapshot
- write snapshot blobs to buffer instead of test serialization files
- renamed tests
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/1777213002
Cr-Commit-Position: refs/heads/master@{#34657}
The CL #34376 (https://codereview.chromium.org/1740073002 ) added the Inlining test case and X87 failed at it.
The reason is:
For TEST(Inlining) test case, when level3 function is inlined, the key optimized crankshaft code will like below code normally:
............
0x21d53b7f 63 ff571b call [edi+0x1b] <----------- should call action() here
;;; <@32,#27> lazy-bailout
;;; <@36,#31> ---- B3 ----
;;; <@37,#31> gap
0x21d53b82 66 89c1 mov ecx,eax <----------- Both the inlined function’s pc_offset from DeoptimizationInputData and the pc_offset from sample stack points to here, the same pc address
............
So the TEST(Inlining) test case can get the expected inlined code entry and pass..
In fact, the exact code sequence should like the following in crankshaft:
............
0x21d53b7f 63 ff571b call [edi+0x1b] <----------- should call action()
0xxxxxxxxx xxxx GenerateBodyInstructionPost() <----------- the pc_offset from sample stack points to here
;;; <@32,#27> lazy-bailout
;;; <@36,#31> ---- B3 ----
;;; <@37,#31> gap
0x21d53b82 66 89c1 mov ecx,eax <----------- the inlined function’s pc_offset from DeoptimizationInputData points to here.
............
For most of architectures in V8, the GenerateBodyInstructionPost() is empty, so both the inlined function’s pc_offset from DeoptimizationInputData and the pc_offset from sample stack points to the same pc address .
But if some architecture has special requirement and need to put some instruction after call instruction, the GenerateBodyInstructionPost() will do that work and generate instructions, the inlined function’s pc_offset from DeoptimizationInputData and The pc_offset from sample stack will points to the different pc address, the TEST(Inlining) test case can’t get the expected inlined code entry and failed.
For all current architectures in v8, only x87 have this requirement.
After communicated with Alexei Filippov <alph@chromium.org> in E-mail, we decided to disable the Inlining test case for x87 now and try to find a solution.
BUG=
Review URL: https://codereview.chromium.org/1766263002
Cr-Commit-Position: refs/heads/master@{#34544}
This relaxes the constraints of the optimized code map in order to be
able to update existing entries. It also simplifies the interface a
little bit. We can now insert an entry for a newly allocated literals
array together with previously cached context-independent code.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1753213002
Cr-Commit-Position: refs/heads/master@{#34427}
The macro is currently used by AllocateHeapNumberStub and AllocateMutableHeapNumberStub, which are now turbofan code stubs.
It can be used to allocate objects in the new or old space, optionally with double alignment.
BUG=588692
LOG=y
Review URL: https://codereview.chromium.org/1735803003
Cr-Commit-Position: refs/heads/master@{#34424}
Add support to log source position offsets to the profiler. As part of
this change PositionsRecorder is split into two, with the subset needed
by log.cc moved into log.h and the remainder kept in assembler.h as
AssemblerPositionsRecorder. The interpreter's source position table
builder is updated to log positions when the profiler is active.
BUG=v8:4766
LOG=N
Review URL: https://codereview.chromium.org/1737043002
Cr-Commit-Position: refs/heads/master@{#34416}
In ia32 PushArgsAndConstruct builtin, we run out of registers and need to
temporarily store the data in the stack. In the earlier implementation,
a location outside the esp was used. This causes a problem if there is a
interrupt/signals which would use the same stack and corrupt the data that
is above the esp. This cl fixes it by pushing it onto the stack so that
the stack pointer is updated and hence the corruption will not happen. We
reuse the slot meant for receiver as a temporary store.
TBR=rmcilroy@chromium.org
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1750373002
Cr-Commit-Position: refs/heads/master@{#34397}
Adds the translation from optimized frame to bytecode offset
in FrameSummary. For interpreter, the bailout id represents the bytecode
array offset. So we can directly use the bailout id as the code offset
in the FrameSummary. Also updates mjsunit.status with more information
about failing tests.
BUG=v8:4280, v8:4689
LOG=N
Review URL: https://codereview.chromium.org/1740753002
Cr-Commit-Position: refs/heads/master@{#34393}
We used to emit debug break location on block entry. This cannot be
ported to the interpreted as we do not emit bytecode for block entry.
This made no sense to begin with though, but accidentally added
break locations for var declarations.
With this change, the debugger no longer breaks at var declarations
without initialization. This is in accordance with the fact that the
interpreter does not emit bytecode for uninitialized var declarations.
Also fix the bytecode to match full-codegen's behavior wrt return
positions:
- there is a break location before the return statement, with the source
position of the return statement.
- right before the actual return, there is another break location. The
source position points to the end of the function.
R=rmcilroy@chromium.org, vogelheim@chromium.orgTBR=rossberg@chromium.org
BUG=v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1744123003
Cr-Commit-Position: refs/heads/master@{#34388}
Adds support for cpu profiler logging to the interpreter. Modifies the
the API to be passed AbstractCode objects instead of Code objects, and
adds extra functions to AbstractCode which is required by log.cc and
cpu-profiler.cc.
The main change in sampler.cc is to determine if a stack frame is an
interpreter stack frame, and if so, use the bytecode address as the pc
for that frame. This allows sampling of bytecode functions. This
requires adding support to SafeStackIterator to determine if a frame is
interpreted, which we do by checking the PC against pre-stored addresses
for the start and end of interpreter entry builtins.
Also removes CodeDeleteEvents which are dead code and haven't
been reported for some time.
Still to do is tracking source positions which will be done in a
followup CL.
BUG=v8:4766
LOG=N
Review URL: https://codereview.chromium.org/1728593002
Cr-Commit-Position: refs/heads/master@{#34321}
This patch moves iterator finalization (calling .return() when a
for-of loop exits early) to shipping. The only part of this feature
which is currently known to be missing is destructuring--.return()
should be also be called when destructuring with an array which
does not end in a rest pattern, but it currently does not. The rest
of this feature, including calling .return() from certain builtins,
is implemented.
R=adamk
BUG=v8:3566
LOG=Y
Review URL: https://codereview.chromium.org/1738463003
Cr-Commit-Position: refs/heads/master@{#34307}
It is possible for JS objects to be allocated while we are retrieving the
profile. These JS objects can in turn end up getting sampled by the profiler.
Adding these to the profile data structures invalidates the iterators that
are presently in flight. This change prevents such concurrent modifications
from affecting the retrieve operation.
BUG=
Review URL: https://codereview.chromium.org/1735733002
Cr-Commit-Position: refs/heads/master@{#34298}
This adds explicit setters for the SharedFunctionInfo::function_data
field. Such setters are safer because they allow for explicit checking
of which values are allowed, and they improve readability because the
intended semantics become clear for each call-site. Also fix a cctest
case along the way.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1730853005
Cr-Commit-Position: refs/heads/master@{#34297}
By now the deprecation of strong mode is far enough along that the
support present in the interpreter matches the support in the other
compilers. Special expectations aren't needed anymore.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1738653003
Cr-Commit-Position: refs/heads/master@{#34293}
Reason for revert:
It is not a good idea to call CallICStub from the builtin. It might be sensitive to the frame structure. Constructing a internal frame might cause problems. It is much better to inline the code related to the type feedback vector into the builtin.
Original issue's description:
> [Interpreter] Implements calls through CallICStub in the interpreter.
>
> Calls are implemented through CallICStub to collect type feedback. Adds
> a new builtin called InterpreterPushArgsAndCallIC that pushes the
> arguments onto stack and calls CallICStub.
>
> Also adds two new bytecodes CallIC and CallICWide to indicate calls have to
> go through CallICStub.
>
> MIPS port contributed by balazs.kilvady.
>
> BUG=v8:4280, v8:4680
> LOG=N
>
> Committed: https://crrev.com/20362a2214c11a0f2ea5141b6a79e09458939cec
> Cr-Commit-Position: refs/heads/master@{#34244}
TBR=rmcilroy@chromium.org,mvstanton@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4680
Review URL: https://codereview.chromium.org/1731253003
Cr-Commit-Position: refs/heads/master@{#34252}
Calls are implemented through CallICStub to collect type feedback. Adds
a new builtin called InterpreterPushArgsAndCallIC that pushes the
arguments onto stack and calls CallICStub.
Also adds two new bytecodes CallIC and CallICWide to indicate calls have to
go through CallICStub.
MIPS port contributed by balazs.kilvady.
BUG=v8:4280, v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1688283003
Cr-Commit-Position: refs/heads/master@{#34244}
Removes some cctest and mjsunit test skips on Ignition for tests that now pass.
BUG=v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1703563002
Cr-Commit-Position: refs/heads/master@{#34045}
Fixes a bug in Ignition on Arm64 where lr gets trashed in StaContextSlot
which causes the stack walker to get confused and crash.
BUG=v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1694263002
Cr-Commit-Position: refs/heads/master@{#34016}
Adds support for ES6 super keyword and performing loads, stores, and
calls to super class members.
Implements SetHomeObject and enables ThisFunctionVariable.
BUG=v8:4280,v8:4682
LOG=N
Review URL: https://codereview.chromium.org/1689573004
Cr-Commit-Position: refs/heads/master@{#33977}
The tests in question have been disabled because throwing into lazy
deoptimized code was borked. After recent fixes landed these tests
should now pass again.
R=jarin@chromium.org
TEST=cctest/test-run-deopt/DeoptExceptionHandler
BUG=v8:4195
LOG=n
Review URL: https://codereview.chromium.org/1692873002
Cr-Commit-Position: refs/heads/master@{#33937}
Remove some Ignition skips in mjsunit and cctest, and replace a few
others with fails now that the there is more debugger support.
BUG=v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1689993002
Cr-Commit-Position: refs/heads/master@{#33932}
Do not rely on elapsed time to collect enough samples.
Use CollectSample API function instead.
Remove checks for extra functions present in a profile, as
there in fact can be lots of native support functions.
BUG=v8:2999
LOG=N
Review URL: https://codereview.chromium.org/1665303004
Cr-Commit-Position: refs/heads/master@{#33822}
Adds implementation and tests to support const/let variables in the
interpreter.
BUG=v8:4280,v8:4679
LOG=N
Review URL: https://codereview.chromium.org/1634153002
Cr-Commit-Position: refs/heads/master@{#33819}
Reason for revert:
Must revert for now due to chromium api natives issues.
Original issue's description:
> Type Feedback Vector lives in the closure
>
> (RELAND: the problem before was a missing write barrier for adding the code
> entry to the new closure. It's been addressed with a new macro instruction
> and test. The only change to this CL is the addition of two calls to
> __ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
> Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
> And Benedikt reviewed it as well.
>
> TBR=hpayer@chromium.org, yangguo@chromium.org, bmeurer@chromium.org
>
> BUG=
>
> Committed: https://crrev.com/bb31db3ad6de16f86a61f6c7bbfd3274e3d957b5
> Cr-Commit-Position: refs/heads/master@{#33741}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1670813005
Cr-Commit-Position: refs/heads/master@{#33766}
There might be several ExternalCallbackScope's created
during the native callback. Remove the assert that is not
aligned with that.
Moreover this iterator must work for any kind of
stacks including corrupted ones.
BUG=v8:4705
LOG=N
Review URL: https://codereview.chromium.org/1663193003
Cr-Commit-Position: refs/heads/master@{#33751}
(RELAND: the problem before was a missing write barrier for adding the code
entry to the new closure. It's been addressed with a new macro instruction
and test. The only change to this CL is the addition of two calls to
__ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
And Benedikt reviewed it as well.
TBR=hpayer@chromium.org, yangguo@chromium.org, bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1668103002
Cr-Commit-Position: refs/heads/master@{#33741}
Removes skips for two tests in cctest that are no longer crashing with ignition.
BUG=v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1668843003
Cr-Commit-Position: refs/heads/master@{#33732}
Moves the stack check from the function entry trampoline to instead be
after function activation using an explicit StackCheck bytecode. Also
add stack checks on back edges of loops.
BUG=v8:4280,v8:4678
LOG=N
Review URL: https://codereview.chromium.org/1665853002
Cr-Commit-Position: refs/heads/master@{#33730}
This removes --harmony-completion, --harmony-concat-spreadable, and
--harmony-tolength and moves the appropriate tests from harmony/ to es6/.
Review URL: https://codereview.chromium.org/1667453002
Cr-Commit-Position: refs/heads/master@{#33712}
Skips cctest/test-heap/NoWeakHashTableLeakWithIncrementalMarking
that is crashing on arm64.
BUG=v8:4280
LOG=N
NOTRY=true
Review URL: https://codereview.chromium.org/1660613005
Cr-Commit-Position: refs/heads/master@{#33708}
Adds implementation and tests for with statement to interprter.
BUG=v8:4280,v8:4684
LOG=N
Review URL: https://codereview.chromium.org/1656863002
Cr-Commit-Position: refs/heads/master@{#33705}
This clears the currently pending message object whenever a try-block or
a finally-block is being entered in interpreted code. The intention is
to avoid memory leaks introduced by the message object. Also the message
object is being restored when a finally-block exits.
R=rmcilroy@chromium.org
TEST=cctest/test-heap/MessageObjectLeak
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1651993002
Cr-Commit-Position: refs/heads/master@{#33704}
Also changes SKIP to FAIL to ensure we know when we have fixed a test.
BUG=v8:4280,v8:4680
LOG=N
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm64_dbg,v8_linux_arm_dbg
Review URL: https://codereview.chromium.org/1656803002
Cr-Commit-Position: refs/heads/master@{#33665}
Set the bytecode array correctly in Runtime_SetCode.
This fixes issues with building the snapshot with ignition enabled.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1647913002
Cr-Commit-Position: refs/heads/master@{#33638}
The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).
So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1641083003
Cr-Commit-Position: refs/heads/master@{#33582}
This translates the exception handler table attached to a bytecode array
correctly into exceptional projections within the TurboFan graph. We
perform an abstract simulation of handlers that are being entered and
exited by the bytecode iteration to track the correct handler for each
node.
R=oth@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1641723002
Cr-Commit-Position: refs/heads/master@{#33580}
Reason for revert:
Bug: failing to use write barrier when writing code entry into closure.
Original issue's description:
> Reland of Type Feedback Vector lives in the closure
>
> (Fixed a bug found by nosnap builds.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
>
> TBR=hpayer@chromium.org
> BUG=
>
> Committed: https://crrev.com/d984b3b0ce91e55800f5323b4bb32a06f8a5aab1
> Cr-Commit-Position: refs/heads/master@{#33548}
TBR=bmeurer@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1643533003
Cr-Commit-Position: refs/heads/master@{#33556}
(Fixed a bug found by nosnap builds.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
TBR=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1642613002
Cr-Commit-Position: refs/heads/master@{#33548}
This ensures that the BytecodeGraphBuilder can generate correct graphs
even when deoptimization has not been enabled. This configuration is not
enabled in production, and we might eventually decide to deprecate it
for good. Until then, this is a quick fix.
R=jarin@chromium.org
TEST=cctest/test-pipeline
Review URL: https://codereview.chromium.org/1640683002
Cr-Commit-Position: refs/heads/master@{#33545}
Reason for revert:
FAilure on win32 bot, need to investigate webkit failures.
Original issue's description:
> Type Feedback Vector lives in the closure
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
>
> TBR=hpayer@chromium.org
>
> BUG=
>
> Committed: https://crrev.com/a5200f7ed4d11c6b882fa667da7a1864226544b4
> Cr-Commit-Position: refs/heads/master@{#33518}
TBR=bmeurer@chromium.org,akos.palfi@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1632993003
Cr-Commit-Position: refs/heads/master@{#33520}
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
TBR=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1563213002
Cr-Commit-Position: refs/heads/master@{#33518}
This fixes the translation of 'throw' bytecodes to TurboFan graphs. The
correct runtime function is being used now, also the frame states are
attached to the correct nodes now.
R=mythria@chromium.org
TEST=cctest/test-run-jsexceptions/ThrowMessageIndirectly
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1636033002
Cr-Commit-Position: refs/heads/master@{#33513}
Adds support for calling native function literals. Moves the logic for building
the native function's SharedFunctionInfo out of full-codegen into compiler.cc
to allow it to be shared between fullcodegen and Ignition.
BUG=v8:4686
LOG=N
Review URL: https://codereview.chromium.org/1635553002
Cr-Commit-Position: refs/heads/master@{#33510}
The current support for try-catch in the interpreter can handle most of
the cases appearing in our test suite. Also the flag in question did not
detect try-finally constructs. This removes the flag and instead extends
the test expectations.
R=rmcilroy@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1631593003
Cr-Commit-Position: refs/heads/master@{#33494}
These tests have been disabled while support for try-finally was work in
progress. By now control flow is connected properly and the tests pass.
R=oth@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1626503002
Cr-Commit-Position: refs/heads/master@{#33474}
This implements a first prototype of stack unwinding for interpreted
frames. The unwinding machinery performs a range-based lookup in the
given handler table and potentially continues dispatching at the handler
offset. Note that this does not yet correctly restore the context to the
correct value when the handler is being entered.
R=rmcilroy@chromium.org,oth@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1605633003
Cr-Commit-Position: refs/heads/master@{#33414}
Newly added tests cctest/test-run-wasm-js/Run_JSSelect_0...6 cause failures
on MIPS bigendian and are skipped until a solution is found.
BUG=
Review URL: https://codereview.chromium.org/1608813003
Cr-Commit-Position: refs/heads/master@{#33387}
Now that we support eval in Ignition, remove the fallback for eval checks
and make the flag only fallback on catch blocks.
BUG=v8:4280,v8:4676
LOG=N
Review URL: https://codereview.chromium.org/1595223004
Cr-Commit-Position: refs/heads/master@{#33384}
This fixes a number of crashes where other code was assuming there would
be at least one deopt point in all optimized functions (i.e., the
StackCheck) but we weren't producing any.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1572333002
Cr-Commit-Position: refs/heads/master@{#33243}
Use the same mechanism that is already available for Crankshaft to not
leak all kinds of things in TurboFan generated code. Long-term we will
support weakness in a better way, but for now, just use the
infrastructure that is already in place to avoid memory leaks via
TurboFan generated code.
R=jarin@chromium.org, ulan@chromium.org
Review URL: https://codereview.chromium.org/1555743003
Cr-Commit-Position: refs/heads/master@{#33073}
The CL https://codereview.chromium.org/1409013004 added / changed some test cases.
Some new test cases use CheckFloatEq(...) and CheckDoubleEq(...) function for result
check. When GCC compiling the CheckFloatEq() and CheckDoubleEq() function, those inlined
functions has different behavior comparing with GCC ia32 build and x87 build. The major
difference is sse float register still has single precision rounding semantic. While X87
register has no such rounding precsion semantic when directly use register value. The V8
turbofan JITTed has exactly same result in both X87 and IA32 port.
So we add the following sentence to do type case to keep the same precision.
float expect = *i * *j; // *i + *j, etc.
For test case "RunFloat64MulAndFloat64Add1 / RunFloat64MulAndFloat64Add2 / RunFloat64MulAndFloat64Sub1
/ RunFloat64MulAndFloat64Sub2", the expected result calcaulated by GCC has difference precsion
when comparing with V8 turbofan result for X87 platform. (Turbofan X87 result is the same as
IA32 GCC and IA32 Turbofan). So we have to disable those four cases for X87 port.
BUG=
Review URL: https://codereview.chromium.org/1430943002
Cr-Commit-Position: refs/heads/master@{#31808}
The callees are expected to properly set the number of actual
arguments passed to the callee, which is now represented correctly
in the TurboFan graphs by a new Parameter right before the context
Parameter. Currently this is only being used for outgoing calls.
Note that this requires disabling two of the TF code stub tests,
because of the JavaScript graphs are not automagically compatible
with abitrary (incoming) code stub interface descriptors. If we
want to support JS code stubs at all, then we need to find a sane
way to feed in this information.
Drive-by-fix: Don't insert a direct call to a classConstructor.
R=mstarzinger@chromium.org
BUG=v8:4413, v8:4428
LOG=n
Review URL: https://codereview.chromium.org/1410633006
Cr-Commit-Position: refs/heads/master@{#31789}
register configurations currently. This CL provides a mechanism so that
optimizing compilers can select different Register Configuration.
BUG=
Review URL: https://codereview.chromium.org/1405673003
Cr-Commit-Position: refs/heads/master@{#31476}
This stages the general purpose inlining mechanism in TurboFan and also
disables the remaining tests that still fail. We do this to get test
coverage early and to avoid regressing inlining as we go along.
R=bmeurer@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1412703002
Cr-Commit-Position: refs/heads/master@{#31386}
Swarming won't support an incremental data file. By just
sorting the lowest hanging fruits to the beginning we
already get a big bang for the buck (>80% of the improvement
we get otherwise).
This will require semi-regular manual updates of the
slowest tests.
BUG=chromium:535160
LOG=n
Review URL: https://codereview.chromium.org/1385443002
Cr-Commit-Position: refs/heads/master@{#31061}
Scoping rules are different on recompile vis-a-vis global loads.
BUG=chromium:514526
LOG=y
NOTREECHECKS=true
Review URL: https://codereview.chromium.org/1256413005
Cr-Commit-Position: refs/heads/master@{#29896}
This change makes possible to save and restore the FP registers
in the Prologue and Return parts for the CallAddress kind functions.
TEST=test-simplified-lowering/RunNumberDivide_2_TruncatingToUint32,
test-simplified-lowering/RunNumberMultiply_TruncatingToUint32
Review URL: https://codereview.chromium.org/1191513003
Cr-Commit-Position: refs/heads/master@{#29378}
This has become necessary as we have more experimental natives
that run after deserializing from the snapshot.
R=hpayer@chromium.org
BUG=v8:4200
LOG=N
Review URL: https://codereview.chromium.org/1218973002
Cr-Commit-Position: refs/heads/master@{#29367}
The failure was been triggered by turning on --harmony-arrays,
maybe because code size was increased or code was added later
in the bootstrap process. Because it doesn't look like a bug
in anything guarded by --harmony-arrays directly, I'd suggest
shipping the flag and disabling the test on the architectures
where it's been observed to fail. It's already disabled on arm64
and this patch disables it on mips64 as well.
BUG=v8:4200
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/1212963004
Cr-Commit-Position: refs/heads/master@{#29361}
Turning the --harmony-array flag on has been delayed behind
unrelated test failures. Now that those tests are disabled,
land the changes.
This patch fixes WebKit tests based on the new change.
R=adamk
LOG=Y
BUG=v8:3578
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1199113003
Cr-Commit-Position: refs/heads/master@{#29209}
This patch includes the following changes.
1, Enable the turbofan backend support for X87 platform. It depends on previous CL: 3fdfebd26.
2, Enable the test cases which are disabled because turbofan for X87 was not enabled.
BUG=v8:4135
LOG=N
Review URL: https://codereview.chromium.org/1179763004
Cr-Commit-Position: refs/heads/master@{#29049}
After https://codereview.chromium.org/1180433003 the code-size exceeeds
the limit for MIPS. We have some optimizations in place for MIPS64 that
will be ported back to MIPS, and will investigate other code-size
improvements so we can re-enable this test.
BUG=
Review URL: https://codereview.chromium.org/1166353005
Cr-Commit-Position: refs/heads/master@{#28913}
This allows any AdvancedReducer to remove exception projections from
graphs. This is the common case when JS-operators are being replaced
with pure values. The old NodeProperties::ReplaceWithValue is being
deprecated in favor of AdvancedReducer::ReplaceWithValue.
R=titzer@chromium.org
TEST=unittests/AdvancedReducerTest
Review URL: https://codereview.chromium.org/1168693002
Cr-Commit-Position: refs/heads/master@{#28810}
This test fails on board, temporarily skip failing test until we resolve this issue.
NOTRY=true
Review URL: https://codereview.chromium.org/1127573002
Cr-Commit-Position: refs/heads/master@{#28201}
When debugging Handle leaks in io.js we found it very convenient to be
able to Seal some specific (root in our case) scope to prevent Handle
allocations in it, and easily find leakage.
R=yangguo
BUG=
Review URL: https://codereview.chromium.org/1079713002
Cr-Commit-Position: refs/heads/master@{#27766}
This makes sure Crankshaft respects interceptors in the global object
even when they shadow a constant global property.
R=verwaest@chromium.org
TEST=cctest/test-api-interceptors/PrePropertyHandler
Review URL: https://codereview.chromium.org/1070803002
Cr-Commit-Position: refs/heads/master@{#27733}
This makes some tests in test-heap.cc more robust against flags, now
that top-level code can be optimized by the --always-opt flag.
R=hpayer@chromium.org
TEST=cctest/test-heap/TestInternalWeakLists
Review URL: https://codereview.chromium.org/1071063004
Cr-Commit-Position: refs/heads/master@{#27699}
This is a follow-up to 2d281e71ac and prevents bailouts on empty
script contexts in Crankshaft, which don't need allocation. Only
non-empty script contexts should cause a bailout.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1063373003
Cr-Commit-Position: refs/heads/master@{#27649}
This enables eager optimization of top-level code with TurboFan and
extends test coverage by triggering it with the --always-opt flag.
Script contexts are now also properly allocated in TurboFan.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1053063003
Cr-Commit-Position: refs/heads/master@{#27633}
cctest/test-log/EquivalenceOfLoggingAndTraversal fails on
AIX because it does not correctly handle the full 64 bit
address space supported by AIX. SKIP until the issue
is resolved.
modified: test/cctest/cctest.status
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1055183002
Cr-Commit-Position: refs/heads/master@{#27608}
This adapts the debugger so that the first break event starting the
stepping process can come from optimized code. TurboFan supports a
debugger statement and hence can be the top-most frame whenever the
Debug::HandleDebugBreak handler is triggered.
R=yangguo@chromium.org
TEST=mjsunit/debug,cctest/test-debug
Review URL: https://codereview.chromium.org/1038613002
Cr-Commit-Position: refs/heads/master@{#27447}
Updated excludes to remove SKIPs where possible. Either
removing if no longer needed or replacing with SLOW where
tests just need more time to run
modified: test/cctest/cctest.status
modified: test/mjsunit/mjsunit.status
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1017073003
Cr-Commit-Position: refs/heads/master@{#27287}
Port 84e90b2d0d
Original commit message:
Four tests are failing due to a problem with no frame ranges.
TEST=cctest/test-cpu-profiler/CollectDeoptEvents
BUG=
Review URL: https://codereview.chromium.org/1000723002
Cr-Commit-Position: refs/heads/master@{#27152}
The test/cctest/cctest.status and test/mjsunit/mjsunit.status
tests now pass under the simulator so removing these
excludes
modified: test/cctest/cctest.status
modified: test/mjsunit/mjsunit.status
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/995393003
Cr-Commit-Position: refs/heads/master@{#27145}
Contribution of PowerPC port (continuation of 422063005,
817143002,866843003, and 901083004). This patch updates
the ppc directories to make them current with changes in
common code as of today.
We had to exclude the test test-serialize/SerializeInternalReference
until we agree on the right way to add those changes for PPC as
outlined in the description in the google doc provided earlier.
We also had to exclude a couple of other tests due to new
failures seen since the last uplevel. We excluded as opposed
to waiting until we could investigate to maximize the chance
of getting PPC compiling in the google repos before new
breaking changes are made.
I'll note that before applying any of our changes the
mozilla part of quickcheck was already broken when using
the lastest repo content so I had to run without that
modified: src/compiler/ppc/code-generator-ppc.cc
modified: src/compiler/ppc/instruction-codes-ppc.h
modified: src/compiler/ppc/instruction-selector-ppc.cc
modified: src/ic/ppc/handler-compiler-ppc.cc
modified: src/ic/ppc/ic-compiler-ppc.cc
modified: src/ppc/assembler-ppc-inl.h
modified: src/ppc/assembler-ppc.cc
modified: src/ppc/assembler-ppc.h
modified: src/ppc/builtins-ppc.cc
modified: src/ppc/code-stubs-ppc.cc
modified: src/ppc/codegen-ppc.cc
modified: src/ppc/full-codegen-ppc.cc
modified: src/ppc/lithium-codegen-ppc.cc
modified: src/ppc/macro-assembler-ppc.cc
modified: src/ppc/macro-assembler-ppc.h
modified: test/cctest/cctest.status
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/994533004
Cr-Commit-Position: refs/heads/master@{#27125}
Reason for revert:
Some tests still flaky
Original issue's description:
> CpuProfiler: enable tests except four failing tests.
>
> Four tests are failing due to a problem with no frame ranges.
>
> BUG=
> LOG=n
>
> Committed: https://crrev.com/2be160e726f2be6272b77e53fbd556aded6024f1
> Cr-Commit-Position: refs/heads/master@{#27035}
TBR=yurys@chromium.org,svenpanne@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/987553005
Cr-Commit-Position: refs/heads/master@{#27037}
Four tests are failing due to a problem with no frame ranges.
BUG=
LOG=n
Review URL: https://codereview.chromium.org/976203003
Cr-Commit-Position: refs/heads/master@{#27035}