marking visitors.
This makes incremental and concurrent visitors of share function infos
side-effect free.
BUG=chromium:694255
Change-Id: I85ee7bac17f17bdbc101ef64ecfb46020b5b3458
Reviewed-on: https://chromium-review.googlesource.com/574851
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46796}
This patch implements a recent spec change [1] which increases the
bounds of precision for toFixed, toExponential and toPrecision.
The bounds are a compromise between SpiderMonkey and the other
engines.
[1] https://github.com/tc39/ecma262/pull/857
Bug: v8:6539
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I877aa35e08f3dcda63f5f9181fdecf3c227f2c35
Reviewed-on: https://chromium-review.googlesource.com/553378
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46793}
Apparently the name float.h causes problems on Windows when V8 is
compiled with Visual Studio, see the bug description.
R=clemensh@chromium.org
Bug: v8:6588
Change-Id: Iaa9c1e93e62509a779f1a8ddecbb03a53981cf8a
Reviewed-on: https://chromium-review.googlesource.com/578029
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46791}
The size of parent function is not considered when taking decisions
on which functions to inline. This cl, includes the size of the
parent function to the cumulative count.
Bug:
Change-Id: Ib8f4ec684f8313f7c2e29237580bb3c0403930bd
Reviewed-on: https://chromium-review.googlesource.com/506205
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46789}
... between % and a function name.
Change-Id: I4d06e2623abb6fdd50af748649d0f8e9fae3897d
Reviewed-on: https://chromium-review.googlesource.com/575053
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46788}
The link between the JS weak collection object and its backing store
was missing.
Change-Id: If8293a8d43fb52bc4fc9f156ccda578233a1991c
Reviewed-on: https://chromium-review.googlesource.com/579267
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46787}
CSA::Print() is only used during development and can often be useful
in release builds.
Bug:
Change-Id: Ib6baf5f5275439a468a0f63a00ed446ae11a8de2
Reviewed-on: https://chromium-review.googlesource.com/579190
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46786}
Unscaled memory operations were missing disassembly output for vector registers,
so add support and rewrite as a macro.
Bug:
Change-Id: I6f388952dbe5a3b9f8a9b9c46e69ef63dc6655ba
Reviewed-on: https://chromium-review.googlesource.com/576177
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#46785}
This removes support for dropping arguments adaptor frames as part of
the JSFunction-to-JSFunction tail-call mechanism. The need for having
dedicated {kArchTailCallJSFunctionFromJSFunction} instructions is gone.
R=bmeurer@chromium.org
BUG=v8:4698
Change-Id: Id3d35d06800bee68e06b9554c4315e6ad304de5f
Reviewed-on: https://chromium-review.googlesource.com/575975
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46782}
Scavenger and full MC now rely on the same allocation behavior for their
evacuation.
Bug:
Change-Id: Iddb0affe171187308e5b77ab0d3cfa75211bd8b8
Reviewed-on: https://chromium-review.googlesource.com/575983
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46781}
This inlines the allocation of regexp literals when a boilerplate exists.
Bug: v8:6605,v8:6556
Change-Id: If0f1b9dedf8a7de1ec51c394fe39cf21d2413ac5
Reviewed-on: https://chromium-review.googlesource.com/575240
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46780}
In contrast to other internal fields (data, source, and flags), last_index is
an in-object property. But we can still use the standard accessor macros to
access it.
Bug:
Change-Id: If77f2bb01c6ddccebdde09d7a316c2ddaaf9b277
Reviewed-on: https://chromium-review.googlesource.com/577549
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46779}
It used to be that immortal immovable objects have to be on the first page to
not be moved. This is no longer true since we flag pages wrt whether they are
allowed to move.
R=mlippautz@chromium.org
Change-Id: I5c9c88fa358636df119108e16e871815b126ab27
Reviewed-on: https://chromium-review.googlesource.com/575976
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46777}
Check the receiver_map for the dictionary mode bit instead of
comparing the properties map against the HashTableMap.
Bug:
Change-Id: Iebf3118f00fd0afc8f7f13e88f373282c099f682
Reviewed-on: https://chromium-review.googlesource.com/578324
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46775}
We already have all the functionality available in the
CodeStubAssembler, so this is merely connecting the dots.
Drive-by-fix: Improve code generation for StringCharCodeAt
to properly mark runtime entries as deferred and just use
a single slow-path.
Bug: v8:5049
Change-Id: I76793c823b23f676e65cdb717558473edb6b91cd
Reviewed-on: https://chromium-review.googlesource.com/577533
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46774}
Before the existence of "= delete", we were enforcing that the
DISALLOW_* macros were used in the private: section of classes only.
This is not needed any more, hence remove the comment on the macros.
Also, introduce macros for making types move-only, and use them
instead of our special macro in wasm.
R=bmeurer@chromium.orgCC=titzer@chromium.org
Change-Id: Iceba456fb0a32ae67defe16e35b865db8c8da500
Reviewed-on: https://chromium-review.googlesource.com/577687
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46773}
Inlining heuristics in Turbofan used ast node count. Bytecode size
is a better approximation of the size of the graph than the
ast node count. This cl changes the heuristics to use the bytecode
size instead. Also removing the ast_node_count filed in the shared
function info. It was used only for the inlining heuristics.
Also removed the max_inlined_source_size flag which is no longer used.
Bug:
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I8a2d2509c8e8d2779b33b817bb217de203d54ec3
Reviewed-on: https://chromium-review.googlesource.com/570055
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46771}
Async functions and generator declarations are only permitted as
StatementListItems, not as ExpressionStatements, and therefore not
as the entire body of an if statement, etc. Previously, they were
incorrectly permitted. However, ChakraCore and SpiderMonkey seem
to ban them in this context, and the feature was introduced relatively
recently, so it is likely to be web-compatible to ship the prohibition.
This patch also unifies the error message wording of async functions
and generators to ordinary functions, explaining more clearly what
the issue is.
Bug: v8:4483
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I31ed7818d6ab3e7e325031bfabb933dbf4512143
Reviewed-on: https://chromium-review.googlesource.com/568979
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46770}
There remained a few of regressions and we didn't see any significant
improvement in the real world with this turned on. This CL reverts all the
StringConcat bytecode work which landed.
BUG=v8:6243
Change-Id: I832eb72e880ad41411dbec8fe29f71ef0f2025c8
Reviewed-on: https://chromium-review.googlesource.com/575130
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46769}
This patch adds a new intrinsic: %DebugTrackRetainingPath(object).
Calling the intrinsic in JS code saves a weak reference to the given
object in GC internal table of tracked objects.
Each subsequent full GC prints to stdout the retaining path for each
tracked object (if it is still alive). The retaining path is the real
path that the marker took from the root set to the tracked object.
This is useful for investigating of memory leaks:
1) Add %DebugTrackRetainingPath(leaking_object) in JS code.
For example:
function foo() {
let x = { bar: "bar"};
%DebugTrackRetainingPath(x);
return () => { return x; }
}
let closure = foo();
gc();
2) Run d8 with --allow-natives-syntax --track-retaining-path --expose-gc.
3) Check the retaining path in stdout.
For more detailed inspection, run d8 in gdb and set breakpoint in
v8: :internal::Heap::PrintRetainingPath.
Change-Id: I01a0faac1e009bc6c321fa75613900b49d2b036f
Reviewed-on: https://chromium-review.googlesource.com/575972
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46766}
The outer_zone_ is only used to determine if the graph may be
unverifiable.
R=bmeurer@chromium.org
Change-Id: Idad2bbb0d2a4ba9006c852276651e6780c1128c5
Reviewed-on: https://chromium-review.googlesource.com/566821
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46765}
This patch changes the semi-space size to 512K.
> Original commit message:
> Revert "[heap] Allow a minimum semi-space size of 512K."
> This reverts commit 0d2ed6c328.
> The CL introduced perf regressions: crbug.com/735649.
> We are going to reland the CL in an isolated V8 roll to ensure
> that perf regressions are attributed correctly.
> Original commit message:
> > [heap] Allow a minimum semi-space size of 512K.
> > This CL also reduces the minimum semi-space size to 512K.
> > BUG=chromium:716032
> BUG=chromium:735649
Change-Id: Iabc377cba2911b28d51b98bb5b85134d4e893632
Reviewed-on: https://chromium-review.googlesource.com/575066
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46763}
This relands parts of "[heap] Allow a minimum semi-space size of 512K."
excluding the actual semi-space size change.
This partially reverts commit f341bb0f62
> Original commit message:
> Revert "[heap] Allow a minimum semi-space size of 512K."
> This reverts commit 0d2ed6c328.
> The CL introduced perf regressions: crbug.com/735649.
> We are going to reland the CL in an isolated V8 roll to ensure
> that perf regressions are attributed correctly.
> Original commit message:
> > [heap] Allow a minimum semi-space size of 512K.
> > This CL also reduces the minimum semi-space size to 512K.
> > BUG=chromium:716032
> BUG=chromium:735649
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I5ed66b72104aa877d67fcd20bdadc807ea1551c3
Reviewed-on: https://chromium-review.googlesource.com/575065
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46762}
Also remove UnsafeAcquire from UseScratchRegisterScope, which was only used for
these stubs.
Bug:
Change-Id: Ia8648e53f1165ae489c0475dbb2d10c6978e4e84
Reviewed-on: https://chromium-review.googlesource.com/576181
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#46761}
This adds a copy of tools/ubsan/vptr_blacklist.txt to V8, which is
needed for ubsan compilation.
NOTRY=true
TBR=ishell@chromium.org
Bug: chromium:726584
Change-Id: Ie06a031ce501d7f83121d45b04ac34672eb1ca9e
Reviewed-on: https://chromium-review.googlesource.com/575977
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46760}
This is a reland of b90e83f5da
Original change's description:
> [runtime] Add shortcuts for elements kinds transitions.
>
> The shortcuts ensure that field type generalization is properly
> propagated in the transition graph.
>
> Bug: chromium:738763
> Change-Id: Id701a6f95ed6ea093c707fbe0bac228f1f856e9f
> Reviewed-on: https://chromium-review.googlesource.com/567992
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46622}
Bug: chromium:738763, chromium:742346, chromium:742381, chromium:745844
Change-Id: I93974e3906b2c7710bd525f15037a2dd97f263ad
Reviewed-on: https://chromium-review.googlesource.com/575227
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46759}
This makes {NeedsDebugHookCheck} the default for all invocations, as
there is no call-site left that doesn't perform said check. All other
pieces of the {CallWrapper} are dead since Crankshafts removal.
R=jgruber@chromium.org
Change-Id: I158b816c089ede42972e8a7bdfc6ef0c02053a6b
Reviewed-on: https://chromium-review.googlesource.com/577531
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46758}
This adds handling for exceptional control projections when lowering
calls to {Array.prototype.map} in the call reducer.
R=mvstanton@chromium.org
TEST=mjsunit/optimized-map
BUG=v8:1956
Change-Id: If39ee836bbc3406a7fca4bad0d2c9321130cae2a
Reviewed-on: https://chromium-review.googlesource.com/575928
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46755}
This is a reland of a72b2f88a8
Original change's description:
> [arm] Restrict grouping pushes before a TailCall to registers only
>
> We optimize parallel moves performed before a TailCall by grouping adjacent
> pushes. This way, we may use a single instruction to push multiple registers at
> once. However, we also have support for pushing immediates and stack slots for
> which the benefit is questionnable therefore this patch removes support for
> them.
>
> Concerning immediate pushes, it looks like a mistake since we do not have
> support for this case in `AssembleMove` so this patch removes it. Furthermore,
> if we add a test for this case, we see that a `push ip` instruction is
> generated, effectively pushing whatever was in `ip` at the time instead of
> pushing a constant.
>
> Concerning stack slot pushes, we generate a more or less equivalent sequence of
> instructions.
>
> Finally, grouping floating point pushes is not used anywhere so this patch
> removes support for this also.
>
> Bug: v8:6553
> Change-Id: I9b820d33361fc442dd813f66e1f96cda41009110
> Reviewed-on: https://chromium-review.googlesource.com/567191
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
> Cr-Commit-Position: refs/heads/master@{#46718}
Bug: v8:6553
Change-Id: Ib9a55dae7cc5db6185d163c56088ff23426d04bb
Reviewed-on: https://chromium-review.googlesource.com/576087
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#46754}
Empty Array literals are amongst the most commonly used literal types on our
top25 page list. Using a custom bytecode we can drop the boilerplate for empty
Array literals alltogether. However, we still need a proper AllocationSite to
track ElementsKind transitions.
Bug: v8:6211
Change-Id: Id5dbdac0ea8e24dd474e679c902c6e4a2957af1d
Reviewed-on: https://chromium-review.googlesource.com/567079
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46752}
Temporary check ensuring no regression while we get the wasm code off the GC heap, and
and until we de-contextualize wasm code.
We expect the only embedded objects to be: CEntryStub, undefined, and
the various builtins for throwing exceptions like OOB. These are all immovable
because they are snapshotted. Additionally, we embed references to the FixedArray
that backs WebAssembly.Table. That will be replaced separately with a native data
structure.
Once the Table is native, we can generate Wasm code off the GC heap, as long as the
embedded objects are immutable, which is the property we check for here.
That greatly simplifies a subsequent step, which is to replace those dependencies
with a isolate-independent solution. The source of simplification is that we don't
have to worry about moving pointers.
Bug:
Change-Id: Id1e41863a2619c2afc50f48416f422012f0c9a24
Reviewed-on: https://chromium-review.googlesource.com/574938
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46749}
- Create items for each page containing OLD_TO_NEW references.
- Introduce the flags for parallel scavenge since this forces
us to introduce Tasks.
Bug: chromium:738865
Change-Id: Idad63f4318bdb3786117441e5413eb5e8594b7fb
Reviewed-on: https://chromium-review.googlesource.com/575052
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46748}
This makes all data structures containing non-trivially-copyable fields
move-only, to prevent security and performance bugs.
Drive-by: Fix smaller performance bugs found by this refactoring.
R=titzer@chromium.org
Change-Id: I6802ac3591534c2ab5cacb2ca42b737f3b7fa801
Reviewed-on: https://chromium-review.googlesource.com/576170
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46747}
