Internalizing a key in the KeyedStoreICGeneric avoids an expensive SetProperty runtime call.
This improves the prepack benchmark by ~5%.
In the micro-benchmark copy-object.js attached to the bug, it surfaces as a ~2.5x improvement.
The performance improvement currently relies on the stub cache, since we don't search for
transitions from within the CSA. As this CL puts additional stress on the stub cache,
performance regressions wouldn't be too surprising.
Bug: v8:6936, v8:6997
Change-Id: Id1469499a3ae5450519ff40d3c5a0915c6de0d45
Reviewed-on: https://chromium-review.googlesource.com/749951
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49097}
This extends the support in TurboFan and the ICs for OOB loads to also
apply to typed arrays and receivers whose prototype chain is protected
by the "no elements" protector (aka the Array protector). TurboFan will
generate code to materialize undefined instead when it sees a load that
has the OOB bit set and add an appropriate code dependency on the global
protector. For typed arrays it doesn't even need to check the global
protector since elements are never looked up in the prototype chain
for typed arrays.
In the simple micro-benchmark from the bug we go from
testInBounds: 103 ms.
testOutOfBounds: 289 ms.
to
testInBounds: 103 ms.
testOutOfBounds: 102 ms.
which fixes the 3x slowdown and thus addresses the performance cliff. In
general it's still beneficial to make sure that you don't access out of
bounds, especially once we introduce a bounds check elimination pass to
TurboFan.
This also seems to improve the jQuery benchmark on the Speedometer test
suite by like 1-2% on average. And the SixSpeed rest benchmarks go from
rest-es5: 25 ms.
rest-es6: 23 ms.
to
rest-es5: 6 ms.
rest-es6: 4 ms.
so a solid 5.7x improvement there.
Bug: v8:6936, v8:7014, v8:7027
Change-Id: Ie99699c69cc40057512e72fd40ae28107216c423
Reviewed-on: https://chromium-review.googlesource.com/750089
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49095}
This turns on the existing --internalize_on_the_fly flag for the
MEGAMORPHIC KeyedLoadIC to properly internalize strings before
looking up the property. This avoids the otherwise taken runtime
call to %KeyedGetProperty, which is definitely slower.
Initially the --internalize_on_the_fly flag was turned off because
internalizing strings on the fly causes too much traffic on the
megamorphic stub cache. We avoid this problem here by not probing
the stub cache in that case, which still gives the benefit of not
having to go to the runtime.
This improves the babylon test on the web-tooling-benchmark by around
2-3% and will probably also help with several tests (like React or
Ember) on the Speedometer benchmark.
If this CL causes trouble (i.e. tanks something important), we can
just turn off the --internalize_on_the_fly flag again.
Bug: v8:6936, v8:7026
Change-Id: If295ed3fd013f8b0ff031f9979e7df21dab817b6
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/751464
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49093}
Sweeping a page while currently scavenging it is broken as the scavenger
might override the slot it is currently processing.
Bug: chromium:779503
Change-Id: I224a144b84e97a956bf10ba018132c2713e8f78d
Reviewed-on: https://chromium-review.googlesource.com/752081
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49092}
No more crashes are seen in the RuntimeCallStats::Leave function. So
we can remove the debug info.
BUG=chromium:760649
Change-Id: If0a5f4ebf9ae359e3b8180ef2f8d37cab8659b06
Reviewed-on: https://chromium-review.googlesource.com/747483
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49091}
Reduce code duplication, which breaks jumbo builds. Put the StrictEqual
typing rule into the OperationTyper and share the JSType function,
which is also used by SameValue.
Bug: chromium:779531
Change-Id: If292f319217286fd1c676be04f9de3925ed56965
Reviewed-on: https://chromium-review.googlesource.com/751665
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49088}
During iteration of the optimized code list to process weak slots, we
need to clear the next_code_link in the CodeDataContainer of a dying
code object because the CodeDataContainer can still be alive.
BUG=v8:6792
Change-Id: Iec5f7430a4097cb622de2157bdec2a7d539dbba0
Reviewed-on: https://chromium-review.googlesource.com/751663
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49087}
Phantom handles were processed at the same time as finalizers. This
meant that if a finalizer kept an object alive the phantom handle
was still destroyed.
This becomes a problem in the context of Blink GCs where internal
fields are roots for Blink. Prematurely destroying a phantom handle
can lead to stale pointers.
Bug: chromium:772299
Change-Id: If02365c457be8ce48379ad357cce36baa9617cfb
Reviewed-on: https://chromium-review.googlesource.com/750625
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49086}
We expect no GC between the call to UnwindAndFindHandler and
the call to that handler. We can precalculate the handler entrypoint
and then let the CEntryStub just load and call that address.
The main motivation for this change is the wasm on the native heap
work, and making the CEntryStub able to work with non- Code* values.
Bug: v8:6876
Change-Id: I660f29619edc315afbb537ef3df018865fab7ba4
Reviewed-on: https://chromium-review.googlesource.com/744723
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49084}
This reverts commit 6366a01008.
Reason for revert: Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/19429
Original change's description:
> [ic] Internalize strings on the fly in KeyedLoadICGeneric.
>
> This turns on the existing --internalize_on_the_fly flag for the
> MEGAMORPHIC KeyedLoadIC to properly internalize strings before
> looking up the property. This avoids the otherwise taken runtime
> call to %KeyedGetProperty, which is definitely slower.
>
> Initially the --internalize_on_the_fly flag was turned off because
> internalizing strings on the fly causes too much traffic on the
> megamorphic stub cache. We avoid this problem here by not probing
> the stub cache in that case, which still gives the benefit of not
> having to go to the runtime.
>
> This improves the babylon test on the web-tooling-benchmark by around
> 2-3% and will probably also help with several tests (like React or
> Ember) on the Speedometer benchmark.
>
> If this CL causes trouble (i.e. tanks something important), we can
> just turn off the --internalize_on_the_fly flag again.
>
> Bug: v8:6936, v8:7026
> Change-Id: Ia59a8a3799d9624d831d66b05bae3ecef31cee0a
> Reviewed-on: https://chromium-review.googlesource.com/750821
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49072}
TBR=ishell@chromium.org,bmeurer@chromium.org
Change-Id: I5345eb29016ecd6b7788b1b49b2f53992ea82b58
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6936, v8:7026
Reviewed-on: https://chromium-review.googlesource.com/750904
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49077}
- Add WeakMapPrototypeDelete and WeakSetPrototypeDelete TFJ builtins
- Fast paths when it's not necessary to shrink the table
- Add WeakCollectionDelete TFS
Some quick benchmarks shows 1.4x - 2.15x gains in performance.
https://github.com/peterwmwong/v8-perf/blob/master/weakcollection-delete/README.md
Bug: v8:5049, v8:6604
Change-Id: I14036df153f3a0242f9083d751658b868b16660a
Reviewed-on: https://chromium-review.googlesource.com/743864
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49076}
This turns on the existing --internalize_on_the_fly flag for the
MEGAMORPHIC KeyedLoadIC to properly internalize strings before
looking up the property. This avoids the otherwise taken runtime
call to %KeyedGetProperty, which is definitely slower.
Initially the --internalize_on_the_fly flag was turned off because
internalizing strings on the fly causes too much traffic on the
megamorphic stub cache. We avoid this problem here by not probing
the stub cache in that case, which still gives the benefit of not
having to go to the runtime.
This improves the babylon test on the web-tooling-benchmark by around
2-3% and will probably also help with several tests (like React or
Ember) on the Speedometer benchmark.
If this CL causes trouble (i.e. tanks something important), we can
just turn off the --internalize_on_the_fly flag again.
Bug: v8:6936, v8:7026
Change-Id: Ia59a8a3799d9624d831d66b05bae3ecef31cee0a
Reviewed-on: https://chromium-review.googlesource.com/750821
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49072}
The existing stack check only checked the number of stack frames on the
stack, not the actual size of the stack frames. In the test case, each
stack frame is huge, and the interpreter runs out of memory before the
stack check stops the execution. With this change we take the size of
the value stack and the size of the control stack and compare their sum
to the stack limit of V8. Note that this stack limit is kind of
arbitrary, because the stack space of the interpreter is not on the
actual runtime stack but allocated in zone memory, and the stack check
exists to simulate stack overflows in compiled code, not to prevent
actual stack overflows.
R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regress-778917
Bug: chromium:778917
Change-Id: Ife47631fcb1a178a68facab1e42c0069b12c0155
Reviewed-on: https://chromium-review.googlesource.com/744003
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49071}
This is an experiment to quantify the impact of SlicedStrings on both
performance and memory usage. The intention is to get Canary coverage
for the experiment and then decide how to proceed.
Bug: v8:7025
Change-Id: Ied548cd9e2fab127c1ad2aea3e60b2615d3de663
Reviewed-on: https://chromium-review.googlesource.com/750082
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49070}
Proxy's call trap can be used to cause recursion.
R=bmeurer@chromium.org, tebbi@chromium.org
Bug: chromium:779344
Change-Id: I19c989f618f7230028ebe18c3415bc3f4bd72b93
Reviewed-on: https://chromium-review.googlesource.com/743782
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49069}
This partially reverts commit aaebbbaa59,
which removed the --string-slices flag. We reintroduce the flag as a
build time flag for an experiment to gather information of how much
SliceStrings help with throughput and effective memory use.
Bug: v8:7025
Change-Id: I529da91bb7501fe93d83891abf560710f3ecb9d0
Reviewed-on: https://chromium-review.googlesource.com/750681
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49068}
This CL adds support for two byte string comparisons to the StringEqual
builtin, which so far was bailing out to the generic %StringEqual
runtime function whenever any two-byte string was involved. This made
comparisons that involved two-byte strings, either comparing them to
one-byte strings or comparing two two-byte strings, up to 3x slower than
if only one-byte strings were involved.
With this change, all direct string (SeqString or ExternalString)
equality checks are roughly on par now, and the weird performance cliff
is gone. On the micro-benchmark from the bug we go from
stringEqualBothOneByteSeqString: 162 ms.
stringEqualTwoByteAndOneByteSeqString: 446 ms.
stringEqualOneByteAndTwoByteSeqString: 438 ms.
stringEqualBothTwoByteSeqString: 472 ms.
to
stringEqualBothOneByteSeqString: 151 ms.
stringEqualTwoByteAndOneByteSeqString: 158 ms.
stringEqualOneByteAndTwoByteSeqString: 166 ms.
stringEqualBothTwoByteSeqString: 160 ms.
which is the desired result. On the esprima test of the
web-tooling-benchmark we seem to improve by 1-2%, which corresponds to
the savings of going to the runtime for many StringEqual comparisons.
Drive-by-cleanup: Introduce LoadAndUntagStringLength helper into the CSA
with proper typing to avoid the unnecessary shifts on 64-bit platforms
when keeping the length tagged initially in StringEqual.
Bug: v8:4913, v8:6365, v8:6371, v8:6936, v8:7022
Change-Id: I566f4b80e217513775ffbd35e0480154abf59b27
Reviewed-on: https://chromium-review.googlesource.com/749223
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49067}
Rather than having a single script compilation timer, split it into
multiple timers depending on the state of the (blink-owned) code cache
and (v8-owned) complation cache. This is intended to replace both the
script compilation time timer, and the compilation heuristic enum.
Also keep track of why blink might not want us to produce (or consume) a
code cache, and split the compilation timer on this as well.
Note, there is currently no timer for streaming sources, so these won't
show up in the histograms.
Bug: chromium:582873
Bug: chromium:769203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia32fff044f919e20e3cec73329e62e01e421b72a
Reviewed-on: https://chromium-review.googlesource.com/746922
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49065}
Push cp in EnterFrame for CONSTRUCT type frames, in order to align the stack op,
and adapt the users (Generate_JSBuiltinConstructStub*) to account for it.
Then align the rest of the stack operations in
Generate_JSBuiltinConstructStubHelper.
Bug: v8:6644
Change-Id: I4ffca329d5838902f787a52ac0d362dfbf9174c6
Reviewed-on: https://chromium-review.googlesource.com/746923
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#49063}
The parser now throws for literals that are too big for the runtime
to support, thus avoiding CHECK-failures further down the line.
Tbr: rmcilroy@chromium.org
Bug: v8:6791
Change-Id: Ie45ddebb8aa9e7a30e8b6b74f99916b700e38e4a
Reviewed-on: https://chromium-review.googlesource.com/747682
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49059}
Currently, dynamic `import()` throws the following SyntaxError when
used without a specifier:
> import();
< Uncaught SyntaxError: Unexpected token )
From the error message, it seems this the result of the code snippet
being seen as static `import` followed by parens, as opposed to
`import()` with no specifier.
This patch makes this error message more clear:
> import();
< SyntaxError: import() requires a specifier
BUG=v8:7020,v8:6513
Change-Id: I3519dfd0029f38d23da858a5499f1d226e794935
Reviewed-on: https://chromium-review.googlesource.com/747141
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49058}
Objects with both dictionary and non-dictionary maps can store their
hash in the {properties} field when they have no other properties.
Bug: chromium:778952
Change-Id: I8ac8c31eaac32116415e3c65cef8dee260dca2c9
Reviewed-on: https://chromium-review.googlesource.com/747272
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49056}
When closing untagged template string literals, create a single n-ary
addition operation, instead of a tree of binary operations.
As a clean-up, this also entirely removes the "second" field from n-ary
operations. This was proving to be too confusing an API when building
an n-ary operation incrementally from a single expression (rather than
converting a binary operation).
Bug: v8:6964
Change-Id: I8f2a395d413cf345bab0a1a347b47f412cde83b1
Reviewed-on: https://chromium-review.googlesource.com/739821
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49054}
Also replaced kTrue/kFalse with a kBoolean type, and remove now-unused
IsTypeX() methods (leaving ones that are called frequently).
Bug: v8:6984
Change-Id: I0cbffc37efaa391981d8dce564051ce43257ed8a
Reviewed-on: https://chromium-review.googlesource.com/745023
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49053}
We have a check on maximum number of levels that can be inlined. This
in some cases causes performance cliffs, when we cannot inline a small
function because it has exceeded the number of levels. This cl removes
that check. The intuition is that, having gone down several levels in
a particular line stopping inlining that chain and exploring a new
call site may not be beneficial. This cl also introduces a absolute
limit on the number of nodes that can be inlined (including the small
functions).
Bug: v8:6871, chromium:779509
Change-Id: Id29639ff2fd85b84d8746da3fb78a82d4e9852e8
Reviewed-on: https://chromium-review.googlesource.com/743727
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49050}
This adds support to the KeyedLoadIC to ignore out of bounds accesses
for Strings and return undefined instead. We add a dedicated bit to the
Smi handler to encode the OOB state and have TurboFan generate appropriate
code for that case as well. This is mostly useful when programs
accidentially access past the length of a string, which was observed and
fixed for example in Babel recently, see
https://github.com/babel/babel/pull/6589
for details. The idea is to also extend this mechanism to Arrays and
maybe other receivers, as reading beyond the length is also often used
in jQuery and other popular libraries.
Note that this is considered a mitigation for a performance cliff and
not a general optimization of OOB accesses. These should still be
avoided and handled properly instead.
This seems to further improve the babel test on the web-tooling-benchmark
by around 1%, because the OOB access no longer turns the otherwise
MONOMORPHIC access into MEGAMORPHIC state.
Bug: v8:6936, v8:7014
Change-Id: I9df03304e056d7001a65da8e9621119f8e9bb55b
Reviewed-on: https://chromium-review.googlesource.com/744022
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49049}
This both simplifies the code, and brings it in-line with
what we need for wasm on the native heap.
Bug: v8:6876
Change-Id: Ia48aed86ddcd94e85c0aecc053c327dfacb795d6
Reviewed-on: https://chromium-review.googlesource.com/744593
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49048}
Create new state before parsing FormalParameter because we don't
want to use any of the parameters as an inferred function name.
Previously the stacktrace was:
test.js:3: Error: boom
throw new Error('boom');
^
Error: boom
at param (test.js:3:11)
at test.js:4:5
at test.js:6:3
The stacktrace with this patch:
test.js:3: Error: boom
throw new Error('boom');
^
Error: boom
at test.js:3:11
at test.js:4:5
at test.js:6:3
Bug: v8:6822, v8:6513
Change-Id: Ifbadc660fc4e85248af405acd67c025f11662bd4
Reviewed-on: https://chromium-review.googlesource.com/742657
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49042}
This CL contains the base implementation for logging function events.
Currently only compiler events are support (compile, compile-lazy...),
future CLs will enable log events for parsing and first-time exeuction
of functions.
Bug: chromium:757467
Change-Id: Ia705979190a3ebc1009989610483a7a141bc504b
Reviewed-on: https://chromium-review.googlesource.com/743921
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49040}
This reverts commit ecd3a2ea3e.
Reason for revert: Bug 779509, a crash with chrome.
Original change's description:
> [TurboFan] Remove maximum inlining levels check from inlining heuristics
>
> We have a check on maximum number of levels that can be inlined. This
> in some cases causes performance cliffs, when we cannot inline a small
> function because it has exceeded the number of levels. This cl removes
> that check. The intuition is that, having gone down several levels in
> a particular line stopping inlining that chain and exploring a new
> call site may not be beneficial.
>
> Bug: v8:6871
> Change-Id: I120056db38e78ce48dff010b6cf994259238582a
> Reviewed-on: https://chromium-review.googlesource.com/741705
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49009}
TBR=mythria@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:6871
Change-Id: I4766f911cb326c224af110be5c0dd7a44362a880
Reviewed-on: https://chromium-review.googlesource.com/743785
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49037}
Following up on adding n-ary nodes, this extends the parser and
interpreter to support n-ary logical operations.
Bug: v8:6964
Bug: chromium:731861
Change-Id: Ife2141c389b9abccd917ab2aaddf399c436ef777
Reviewed-on: https://chromium-review.googlesource.com/735497
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49029}
The bytecode interpreter nor TF rely on the explicit return value of store ICs anymore, so we can just return whatever is in the result slot. It won't be visible to JS anyway.
Bug:
Change-Id: I389615d1d77c5b050832f23a08e3d3bc07d9cbc6
Reviewed-on: https://chromium-review.googlesource.com/743366
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49027}
This is preparation for supporting OOB loads from strings, which
requires the KeyedLoadIC to track this information.
Bug: v8:6936, v8:7014
Change-Id: Ide132244ee523397dd418d21fe3377976f6633fd
Reviewed-on: https://chromium-review.googlesource.com/743481
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49026}
This reverts commit 32141e93ff.
Reason for revert: Got merged to stable end of last week.
Original change's description:
> Disable --turbo-inline-array-builtins by default.
>
> Current chrome stable has a high number of crashes due to bugs in
> this feature. These bugs are already fixed but the fixes are hard
> to merge back. Therefore we decided to disable the feature in stable.
> This CL is intended to be merged to stable and then reverted in tot.
>
> Bug: chromium:762020
> Change-Id: Ibd5a08e3b303a204fb84a408271a1c0f97cc5b7b
> Reviewed-on: https://chromium-review.googlesource.com/738176
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48931}
TBR=jarin@chromium.org,neis@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:762020
Change-Id: Id1fe2f417e09a7b451484fc16710b09469cdb74d
Reviewed-on: https://chromium-review.googlesource.com/743321
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49025}
The CheckSeqString operator unnecessarily materialized two bits for the
separate conditions, but we can actually check for SeqString with just a
single mask instead, which saves the intermediate computations and two
registers.
Bug: v8:5267
Change-Id: Ib937a5a4eebdc271a2bbbc6f074f5992e06b2fa9
Reviewed-on: https://chromium-review.googlesource.com/741702
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49023}
This was discovered on the babel test of the web-tooling-benchmark,
which suffers from a high %KeyedGetProperty overhead, and most of
these calls come from the fact that the KeyedLoadIC_Megamorphic bails
out to the runtime call for all String instance types. Just handling
in-bound accesses to characters reduces the overhead incurred by
%KeyedGetProperty from roughly 9% to roughly 2% only.
This reduces the number of runs per second on the babel test by around
7-8% on average.
Bug: v8:6936, v8:7014
Change-Id: I0dc247d7d6457c7032636d2852cb54cef1b24979
Reviewed-on: https://chromium-review.googlesource.com/743012
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49021}
Interpreter entries may be called from wasm functions, when debugging.
That means that, when moving on the native heap, interpreter entries
need to be native, too. That means they cannot reference movable GC
objects.
The only such reference was to the instance object, which is needed
in the WasmRunInterpreter runtime function. We can fetch the instance
using GetWasmInstanceOnTop() instead.
Bug: v8:6876
Change-Id: I7198a849cc0e441b057537a570a3dfa6f3197149
Reviewed-on: https://chromium-review.googlesource.com/742391
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49019}
This eliminates the AstValue class, effectively moving its
implementation into the Literal AstNode. This should cause
no difference in behavior, but it does signal some shifts
in the underlying system. Biggest changes include:
- Reduction in AST memory usage
- No duplicate HeapNumbers in Ignition constant pools
- Non-String values are allocated either at constant pool
creation time (or at boilerplate creation time for literals),
rather than at AstValueFactory::Internalize() time.
There are a variety of test-only/debug-only changes due to these
switches as well.
Bug: v8:6984
Change-Id: I5f178040ce2796d4e7370c24d1063419e1c843a1
Reviewed-on: https://chromium-review.googlesource.com/731111
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49013}
This happens when RCS are enabled dynamically and the callsite is inside
the background parser.
BUG=chromium:760649
Change-Id: I216b955ed91d9c663ce3027aaa8ffb515bfe13ab
Reviewed-on: https://chromium-review.googlesource.com/740911
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49010}
We have a check on maximum number of levels that can be inlined. This
in some cases causes performance cliffs, when we cannot inline a small
function because it has exceeded the number of levels. This cl removes
that check. The intuition is that, having gone down several levels in
a particular line stopping inlining that chain and exploring a new
call site may not be beneficial.
Bug: v8:6871
Change-Id: I120056db38e78ce48dff010b6cf994259238582a
Reviewed-on: https://chromium-review.googlesource.com/741705
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49009}
Instead of creating a runtime call for the static class field
initializer in the AST, we do it in the bytecode generator.
This adds the initializer function to the ClassLiteral AST node.
Bug: v8:5367
Change-Id: Iffaa6531511023812011ee19fc96cea9e5c9d3f3
Reviewed-on: https://chromium-review.googlesource.com/736315
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49008}
To avoid accessing the heap during asm.js compilation, use the pending
error handler to store the pending warnings such that they can be reported
later during finalization.
As part of this change, refactor PendingCompilationErrorHandler to have a
MessageDetails class holding details of either error or warning messages.
BUG=v8:5203
Change-Id: I5b09254f8899b8dc57d94f1986c7183da847eae3
Reviewed-on: https://chromium-review.googlesource.com/735607
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49007}
This moves the handling of the receiver and the final spread argument
into Generate_InterpreterPushArgs and merges the stack allocation to a
single claim operation for the whole argument setup. When we start
padding arguments in TF, we will simply need to claim one extra slot
and store padreg to it in Generate_InterpreterPushArgs (hence the
remaining TODO).
This also replaces the single use of Generate_CheckStackOverflow with
Generate_StackOverflowCheck and removes the former. This change is also
done for arm, ia32 and x64.
Bug: v8:6644
Change-Id: I8d06dda96dbc4a6f219b73c711f894320c2f6cdf
Reviewed-on: https://chromium-review.googlesource.com/738031
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49005}
(This is a reland of cb84b6f624)
This works in the ICs since compiled handlers are not shared anymore.
Bug: chromium:759734
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I3b7d6ae34bb4cfa213f679354fac56fb51bfd5ed
Reviewed-on: https://chromium-review.googlesource.com/739822
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48999}
This should avoid changes in code serializer in a follow-up class literals
improvement CL.
Bug: v8:5799
Change-Id: I4e4386333bcc7abb30399d4e9abba4eee80ca932
Reviewed-on: https://chromium-review.googlesource.com/733037
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48996}
This adds two tests to verify that the --liftoff flag has the indented
effect, and that Liftoff compilation is off by default.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ie7e13184b5068f572b78dbdf7abbcded6d859fc5
Reviewed-on: https://chromium-review.googlesource.com/733561
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48995}
We now represent the SameValue operation explicitly in TurboFan and the
operation can thus participate in all kinds of optimizations. Especially
we get rid of the JSCall node in the general case, which blocks several
optimizations across the call. The general, baseline performance is now
always on par with StrictEqual.
Once the StrictEqual operator is also a simplified operator, we should
start unifying the type based optimizations in SimplifiedLowering.
In the micro-benchmark we go from
testStrictEqual: 1422 ms.
testObjectIs: 1520 ms.
testManualSameValue: 1759 ms.
to
testStrictEqual: 1426 ms.
testObjectIs: 1357 ms.
testManualSameValue: 1766 ms.
which gives the expected result.
Bug: v8:7007
Change-Id: I0de3ff6ff6209ab4c3edb69de6a16e387295a9c8
Reviewed-on: https://chromium-review.googlesource.com/741228
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48994}
... and use them to complete the BigInt function.
Bug: v8:6791
Change-Id: Ia36db86b92d1a0cfcb783516e04d6c0e3750f194
Reviewed-on: https://chromium-review.googlesource.com/737643
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48993}
This is an intermediate CL to move the complete --trace-map infrastructure to
a log-based version.
Change-Id: I0673052b1b87fe338e38dc609434a52af6a0652d
Reviewed-on: https://chromium-review.googlesource.com/738835
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48988}
This is a reland of c34042cc64
Original change's description:
> [heap-profiler] Do not treat WeakMap values as weak.
>
> For the WeakHashTable objects only mark keys as weak while leaving values as strong references.
>
> BUG=chomium:773722
>
> Change-Id: Iabd5ba293d05fe68a2af6503fcdd711ecc182482
> Reviewed-on: https://chromium-review.googlesource.com/730771
> Commit-Queue: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48985}
TBR=ulan@chromium.org
Bug: chomium:773722
Change-Id: Icede16fde528d147cde5c3f6c72f2029876b099f
Reviewed-on: https://chromium-review.googlesource.com/740722
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48987}
For the WeakHashTable objects only mark keys as weak while leaving values as strong references.
BUG=chomium:773722
Change-Id: Iabd5ba293d05fe68a2af6503fcdd711ecc182482
Reviewed-on: https://chromium-review.googlesource.com/730771
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48985}
Add the --trace-feedback-updates flag (disabled by default, enabled by
the v8_enable_trace_feedback_updates gn arg), which traces updates to
feedback slots.
Change-Id: Ib8f02f958e2adf04abda5d4ed680e29fa04895ab
Reviewed-on: https://chromium-review.googlesource.com/725814
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48983}
- Moves base::OS memory management calls into platform-posix.cc,
using preprocessor to adjust for each platform.
Bug: chromium:756050
Change-Id: I2af4dce4379ad1fe9e22e5ab5c6d6a7faa3655b3
Reviewed-on: https://chromium-review.googlesource.com/738890
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48981}
This reverts commit cb84b6f624.
Reason for revert: <INSERT REASONING HERE>
Original change's description:
> [lazy-accessor-pairs] Don't take the fast paths if the context needs to be switched
>
> This works in the ICs since compiled handlers are not shared anymore.
>
> As drive-by cleanup I also removed custom code to deal with compiled handler sharing for primitive and access-checked objects.
>
> Bug: chromium:759734
> Change-Id: Ifb394221c2398f42ea9305acc02845db6004c680
> Reviewed-on: https://chromium-review.googlesource.com/738381
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48979}
TBR=jarin@chromium.org,ishell@chromium.org,verwaest@chromium.org
Change-Id: I9b7424252cbc3f18efd6b6b5b3818651c2863f5c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:759734
Reviewed-on: https://chromium-review.googlesource.com/739487
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48980}
This works in the ICs since compiled handlers are not shared anymore.
As drive-by cleanup I also removed custom code to deal with compiled handler sharing for primitive and access-checked objects.
Bug: chromium:759734
Change-Id: Ifb394221c2398f42ea9305acc02845db6004c680
Reviewed-on: https://chromium-review.googlesource.com/738381
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48979}
Rename |property_attributes| to |initial_property_attributes| and ensure
that it is used as a storage of values only for AccessorInfos installed in
API Templates (i.e. ObjectTemplate and FunctionTemplate).
When an AccessorInfo is installed directly into an existing JS object
(via JSObject::SetAccessor) or into a DescriptorArray (when certain V8
objects' shapes are configured) it is not necessary to thread attributes
being set through the AccessorInfo instance.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ibe61026f08c42549756f694129a286635ffe5769
Reviewed-on: https://chromium-review.googlesource.com/730425
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48978}
This is the first step towards lazy-deserializing bytecode handlers.
Bytecode handler code objects are now serialized into the builtins
snapshot area (which, like many other related concepts, has become
somewhat of a misnomer now that it contains both builtins and
handlers).
Handlers are still eagerly-deserialized upon Isolate creation. This will
change in follow-up CLs.
Bug: v8:6624
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I7b257f76f5e9e90d5f7b183980bae7bc621171fc
Reviewed-on: https://chromium-review.googlesource.com/738030
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48977}
This moves the initialization of the {Code::stub_key} field into the
allocator for {Code} objects, essentially making the field in question
immutable after allocation.
R=verwaest@chromium.org
BUG=v8:6792
Change-Id: I8ba2ffeea792d0d566995c08e3572ae63a7c1e94
Reviewed-on: https://chromium-review.googlesource.com/739141
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48971}
This move the {Code::next_code_link} into the data container, making it
possible to mutate the field even when {Code} objects are protected. It
also introduces a dedicated body descriptor for the container allowing
for tagged fields to be part of the container.
R=ulan@chromium.org
BUG=v8:6792
Change-Id: I56a9d53e8bb35aeb0a7036e3abf3ebee1ba2928d
Reviewed-on: https://chromium-review.googlesource.com/738184
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48966}
This commit changes the pararmeter names in the comment for
NewConsString which currently do not match the actual parameter names in
the function definition or the declaration in code-stub-assembler.cc.
Bug:
Change-Id: I162a2027cc37512de8a09e520a1fb13c9445fa97
Reviewed-on: https://chromium-review.googlesource.com/657017
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48964}
Both the top_ pointer and the top_on_previous_step_ pointer can be one
byte beyond the current page. Page::FromAddress call should take that
into account.
Bug: chromium:777177
Change-Id: I9cbb5bc6eab932afc6d0c915fd70a9a7b20ba62c
Reviewed-on: https://chromium-review.googlesource.com/738204
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48962}
* Mark BytecodeOperands and Bytecodes AllStatic.
* Add BytecodeOperands::kOperandScaleCount.
* Add Bytecodes::ReusesExistingHandler in preparation for adding another
callsite from deserialization.
Bug: v8:6624
Change-Id: Ic8b5d444df5525ef6d14de6931b38afd926b251e
Reviewed-on: https://chromium-review.googlesource.com/738092
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48957}
This attaches a constructor to the bound function map so we can identify the creation context using the map, it chooses the bound-function map from the same realm as the target's creation context (additionally to avoid memory leaks and unnecessary transitions), and finally drops the loop unwrapping bound functions in GetCreationContext.
Bug:
Change-Id: Icb6f4c29287f9cba69f11afbd070f52c0ad1aa16
Reviewed-on: https://chromium-review.googlesource.com/738097
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48956}
The current implementation overapproximates the
possible_nondeterminism_ bit by setting it whenever a NaN value is
reinterpreted as integer, or stored to memory. This hides bugs in the
interpreter that are handled as possible nondeterminism even though
they are not.
This CL fixes this by only setting the bit if a binary floating point
operation is executed and one of the inputs is a NaN.
R=ahaas@chromium.org
Bug: v8:6954
Change-Id: Ib937ae7730dbb140c012d07fae23b40ae7ed3d6b
Reviewed-on: https://chromium-review.googlesource.com/735599
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48954}
The motivation for this is that it greatly reduces the RelocInfo size.
This also results in a small improvement in compile time.
Note: This CL was based on https://codereview.chromium.org/2651833003,
and basically reverts that CL (but handles code changes and some
minor bugs in previous code).
Bug: chromium:772780
Change-Id: I55dd48d3bddd4b3d1c8eec13791b3ee4c485c604
Reviewed-on: https://chromium-review.googlesource.com/730649
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48947}
Abstract equality comparison of a BigInt and a String converts the
latter to BigInt. This conversion can fail; since we do not want to
pass a context to the comparison function, we must signal such failure
without throwing an exception.
This CL uses the existing ShouldThrow enum to configure behavior of
String-to-BigInt conversion, moving it out of Object into globals.h.
Bug: v8:6791, v8:6979
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ibb98675079b8392cf03bbcbbbd5556108500a32d
Reviewed-on: https://chromium-review.googlesource.com/734172
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48946}
This flag has been on by default since Chrome 61.
Bug: v8:5549
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I81c34d1d3a7dbd219acce2cdf0cf4917eb484002
Reviewed-on: https://chromium-review.googlesource.com/738312
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48945}
and use a newly-introduced "enum class Operation" in all
other places that so far passed Token::Values around.
Also delete some related dead code along the way.
Bug: v8:6921
Change-Id: I062f396d304aa62298cfeff202e3132a4a5597c1
Reviewed-on: https://chromium-review.googlesource.com/736851
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48944}
It's been on by default since Chrome 61.
Bug: v8:4806
Change-Id: I748d9008d29997667458649d7bf4999e15ff8615
Reviewed-on: https://chromium-review.googlesource.com/737416
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48943}
This reverts commit 877de37676.
Reason for revert: Looks like this doesn't really move the needle (only w/ high iteration count). So let's not do the extra complexity unless there's a good reason to do so.
Original change's description:
> [turbofan] Introduce FindOrderedHashMapEntryForReceiverKey operator.
>
> This optimizes Map#get and Map#has for the case where the key is known
> to be a JSReceiver. This generalizes the existing logic for the
> FindOrderedHashMapEntryForSigned32Key operator to also deal with
> receivers. This gives a nice 33% boost on the map-set-lookup-es6 test
> of the six-speed benchmark suite.
>
> Drive-by-fix: Rename the FindOrderedHashMapEntryForInt32Key operator to
> FindOrderedHashMapEntryForSigned32Key to match the naming of the types.
>
> R=jarin@chromium.org
>
> Bug: v8:5267, v8:7001
> Change-Id: Ifab8414f26adee7ec833d8cb94ae0ac49f2c3d35
> Reviewed-on: https://chromium-review.googlesource.com/738180
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48938}
TBR=jarin@chromium.org,bmeurer@chromium.org
Change-Id: Icaf9e22cb3412a97342c4e4cdc422d4aaa2d0ef9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5267, v8:7001
Reviewed-on: https://chromium-review.googlesource.com/738052
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48941}
For the tagged case, we never use the Literal AST node, so don't bother
creating them in the first place. Instead, store AstRawStrings directly,
and only wrap with Literals when desugaring untagged templates into
binary ops.
This also makes the upcoming merge of Literal and AstValue simpler.
Bug: v8:6984
Change-Id: I9f12710b05c6d63d7e91f2707cd08093f7ff3f11
Reviewed-on: https://chromium-review.googlesource.com/736151
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48940}
This optimizes Map#get and Map#has for the case where the key is known
to be a JSReceiver. This generalizes the existing logic for the
FindOrderedHashMapEntryForSigned32Key operator to also deal with
receivers. This gives a nice 33% boost on the map-set-lookup-es6 test
of the six-speed benchmark suite.
Drive-by-fix: Rename the FindOrderedHashMapEntryForInt32Key operator to
FindOrderedHashMapEntryForSigned32Key to match the naming of the types.
R=jarin@chromium.org
Bug: v8:5267, v8:7001
Change-Id: Ifab8414f26adee7ec833d8cb94ae0ac49f2c3d35
Reviewed-on: https://chromium-review.googlesource.com/738180
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48938}
Port 266e803ea9
Original Commit Message:
This CL adds a first implementation of Liftoff, the new wasm baseline
compiler, for x64 and ia32. It currently supports the most important
i32 instructions and control instructions. Whenever it encounters an
instruction it does not support yet, it aborts.
In a subsequent CL, Liftoff will be called from the
WasmCompilationUnit, falling back to Turbofan compilation if the
baseline compiler bails out.
R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, clemensh@chromium.org, titzer@chromium.org
BUG=
LOG=N
Change-Id: I35ad2b0230c37f523e24aa90b637a67e5ce59083
Reviewed-on: https://chromium-review.googlesource.com/735784
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48935}
The Float32(uint32_t) constructor should not be public, use
Float32::FromBits explicitly if needed.
R=ahaas@chromium.org
Change-Id: I414e621deebde8cdb474f17e08fcc489dbc083cd
Reviewed-on: https://chromium-review.googlesource.com/738173
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48934}
This makes sure flags on newly allocated {Code} objects are initialized
from within the allocator itself instead of after the object has been
created. It essentially makes these flags immutable.
R=jarin@chromium.org
BUG=v8:6792
Change-Id: I6bef183a25508faf1fec28d347956e766e65aecf
Reviewed-on: https://chromium-review.googlesource.com/737633
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48933}
This extends the WASM_EXEC_TEST to also execute the test in Liftoff
(our new baseline compiler).
Use WASM_COMPILED_EXEC_TEST to execute in both compilers, but not in
the interpreter.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I0b76a5cff9af1b8c4aaec3cceb154ad29ca1b58e
Reviewed-on: https://chromium-review.googlesource.com/733560
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48932}
Current chrome stable has a high number of crashes due to bugs in
this feature. These bugs are already fixed but the fixes are hard
to merge back. Therefore we decided to disable the feature in stable.
This CL is intended to be merged to stable and then reverted in tot.
Bug: chromium:762020
Change-Id: Ibd5a08e3b303a204fb84a408271a1c0f97cc5b7b
Reviewed-on: https://chromium-review.googlesource.com/738176
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48931}
Have JSProxy and JSGlobalProxy use the properties or hash technology
like we use for all other JSReceivers. Also unify and simplify the
code dealing with these hashes.
Bug: v8:6344, v8:6911
Change-Id: Ic995639c74211ba6f33acd73428b8c6d95bf7919
Reviewed-on: https://chromium-review.googlesource.com/737833
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48930}
We have an internal limit of 50000 local variables per wasm function.
This limit is checked when decoding the function body. For asm.js, we
skip function body validation, since by construction the code we
generate is correct. This makes us fail unexpectedly when trying to
(lazily) compile an asm.js function with more than 50000 locals.
Hence, check this limit in the asm parser and bail out if it is
exceeded.
R=mstarzinger@chromium.org
Bug: chromium:775710
Change-Id: I89d2069e133fb0f84947d477ae1ac5eda85571aa
Reviewed-on: https://chromium-review.googlesource.com/732660
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48929}
This is a reland of eeaffa9f33
Original change's description:
> [objects] Introduce {CodeDataContainer} object type.
>
> This introduces the {CodeDataContainer} as a container for all mutable
> fields associated with a {Code} object. For now only the kind-specific
> flags are moved, but more fields can/will be moved gradually. The goal
> is to make all fields in the {Code} header be immutable eventually.
>
> R=jarin@chromium.org
> BUG=v8:6792
>
> Change-Id: I2eeba893afaba877fb6117e1f18371898c3a175e
> Reviewed-on: https://chromium-review.googlesource.com/732987
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48902}
Bug: v8:6792
Change-Id: I31a127df4bb8ee5fedb4d73755df4deae6e1d352
Reviewed-on: https://chromium-review.googlesource.com/738109
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48928}
Following up on adding n-ary nodes, this extends the parser to support
n-ary comma operations, including support for n-ary arrow function
parameters.
Bug: v8:6964
Bug: chromium:777302
Change-Id: Iba9c93b9eaa5a0870815b4fa29e84aa9d0c511e2
Reviewed-on: https://chromium-review.googlesource.com/735156
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48927}
... containing Tuple2 value instead of two properties. This CL reduces the
number of property queries in FunctionToString to one and it is memory-neutral.
Change-Id: Ia6fa267f3e5b6670013f1da3e03cd70bf24dd65a
Reviewed-on: https://chromium-review.googlesource.com/730744
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48926}
A WasmCompilationUnit can now either compile the code in liftoff or with
Turbofan. If liftoff compilation fails (because of unsupported
instructions), we fall back to TF.
This new pipeline is only enabled if the --liftoff flag is enabled.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I63669cfd8b7f0c89b08dcbd4d125d5ed44c7265b
Reviewed-on: https://chromium-review.googlesource.com/733091
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48924}
Expressions of the form
a_0 + a_1 + a_2 + a_3 + ... + a_n
seem to be reasonably common for cases such as building templates.
However, parsing these expressions results in a n-deep expression tree:
...
/
+
/ \
+ a_2
/ \
a_0 a_1
Traversing this tree during compilation can cause a stack overflow when n is
large.
Instead, for left-associate operations such as add, we now build up an
n-ary node in the parse tree, of the form
n-ary +
/ | \
/ | ... \
a_0 a_1 a_n
The bytecode compiler can now iterate through the child expressions
rather than recursing.
This patch only supports arithmetic operations -- subsequent patches
will enable the same optimization for logical tests and comma
expressions.
Bug: v8:6964
Bug: chromium:724961
Bug: chromium:731861
Bug: chromium:752081
Bug: chromium:771653
Bug: chromium:777302
Change-Id: Ie97e4ce42506fe62a7bc4ffbdaa90a9f698352cb
Reviewed-on: https://chromium-review.googlesource.com/733120
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48920}
This reverts commit 37b4b2f1e3.
Reason for revert: Likely breaking canary.
Original change's description:
> [turbofan] Prune control flow based on failed map checks and comparisons.
>
> This introduces unreachable state into load elimination. We mark state
> as unreachable if we know statically that a map check would fail.
> When processing effect phis, we disconnect unreachable state's
> control from the effect phi's merge, and point it to RuntimeAbort.
> The control input to the merge is then updated with Dead. Dead
> code elimination prunes the merge, phis and effect phis.
>
> Bug: v8:6396
> Change-Id: I01874b576e548747a915c7b645b96ebaa6f6700d
> Reviewed-on: https://chromium-review.googlesource.com/730754
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48810}
TBR=jarin@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:6396, chromium:777843
Change-Id: I6fac6f86e138f33756e688ec30424cb940690dae
Reviewed-on: https://chromium-review.googlesource.com/737829
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48918}
We were already handling the case that a called import throws, but if
it returned an error which is not convertible to a number, we failed
with a CHECK error.
This CL fixes this.
R=titzer@chromium.org
Bug: chromium:771970
Change-Id: I6c9983459109d49c43304610b696d49de986a250
Reviewed-on: https://chromium-review.googlesource.com/735354
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48912}
E.g. use TrueConstant() instead of BooleanConstant(true) and
NullConstant() instead of HeapConstant(factory...null_value()).
R=jkummerow@chromium.org
Bug:
Change-Id: I0588d71940d8baf289eb8f8e6c8d20aa717d57f6
Reviewed-on: https://chromium-review.googlesource.com/735681
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48911}
The IsWhite check in the write barrier uses word size memory operations.
It should use 32-bit cell size operation instead.
Bug: v8:6955
Change-Id: I5bbcd99dcd7e3d435f96022a745a6c80c83eb3b3
Reviewed-on: https://chromium-review.googlesource.com/735153
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48910}
All use cases of the RecursiveMutex have been removed.
Bug: v8:6923
Change-Id: I25aeee2447db185dbaacf96ab06a660834a408b7
Reviewed-on: https://chromium-review.googlesource.com/735345
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48908}
Now that https://crrev.com/c/728026 has landed, we can construct the
constexpr RegLists using symbolic register names instead of hard-coding
the register codes.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I21e46aeb5e8598a56f641341bcd7cf718fe4fbf9
Reviewed-on: https://chromium-review.googlesource.com/735548
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48906}
This optimization was disabled because 32-bit builds didn't properly
find certain integer keys in maps anymore. The reason was that the
runtime wasn't using ComputeIntegerHash for the full Signed32 range,
but only for the SignedSmall range.
This change improves the ARES-6 Basic test by around 6-7% on the steady
state.
Bug: chromium:77459, v8:6410, v8:6354, v8:6278, v8:6344
Change-Id: Ifae64e6b23ca8acee4c792be299f64caf951242f
Reviewed-on: https://chromium-review.googlesource.com/737871
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48905}
This reverts commit eeaffa9f33.
Reason for revert: Breaks msan compile (uninitialized value in snapshot):
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/17824
Original change's description:
> [objects] Introduce {CodeDataContainer} object type.
>
> This introduces the {CodeDataContainer} as a container for all mutable
> fields associated with a {Code} object. For now only the kind-specific
> flags are moved, but more fields can/will be moved gradually. The goal
> is to make all fields in the {Code} header be immutable eventually.
>
> R=jarin@chromium.org
> BUG=v8:6792
>
> Change-Id: I2eeba893afaba877fb6117e1f18371898c3a175e
> Reviewed-on: https://chromium-review.googlesource.com/732987
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48902}
TBR=mstarzinger@chromium.org,jarin@chromium.org
Change-Id: I74fe833b074752d640cff4aa4680f250e1bd8780
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6792
Reviewed-on: https://chromium-review.googlesource.com/738029
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48904}
- Make it possible to store quarter-bytes instead of full bytes.
- Don't store is_used; it can be recovered correctly based on the actual full
parse (when a lazy function is eventually called) and
has_forced_scope_allocation.
- With the is_used change, the old testing approach (which compared a scope for
which we didn't do scope allocation to the baseline) no longer made
sense. Replaced it with a new testing approach, which is also closer to the
actual usage.
- First version (reverted): https://chromium-review.googlesource.com/725422
BUG=v8:5516
Change-Id: I1468af6670b689a104bd867377caa1d236070820
Reviewed-on: https://chromium-review.googlesource.com/733123
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48903}
This introduces the {CodeDataContainer} as a container for all mutable
fields associated with a {Code} object. For now only the kind-specific
flags are moved, but more fields can/will be moved gradually. The goal
is to make all fields in the {Code} header be immutable eventually.
R=jarin@chromium.org
BUG=v8:6792
Change-Id: I2eeba893afaba877fb6117e1f18371898c3a175e
Reviewed-on: https://chromium-review.googlesource.com/732987
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48902}
Body descriptors are used by marking and scavenging visitors.
Change-Id: I6912bb5b924755db5750f0a3b1e4909bff5375c7
Reviewed-on: https://chromium-review.googlesource.com/732978
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48901}
Otherwise, the quiet NaN bit might flip already when loading the
float/double from memory or storing it.
This fixes another NaN bit flip which happened on a single bot only.
R=titzer@chromium.org
Bug: v8:6954
Change-Id: Ica9be71db9c5b505302686e9c0a4b1cae020a7e4
Reviewed-on: https://chromium-review.googlesource.com/735320
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48900}
We found this while trying to integrate V8 6.3 into Node.js. One of the
tests started to crash on Windows.
https: //github.com/nodejs/node/pull/16271#issuecomment-337790715
Bug:
Change-Id: I82514ff7b9ca6a2b5c4489fe7388c4beda9931c9
Reviewed-on: https://chromium-review.googlesource.com/735400
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michaël Zasso <mic.besace@gmail.com>
Cr-Commit-Position: refs/heads/master@{#48899}
Elements on typed arrays are never looked up in the prototype chain, so
there's no point in depending on the prototype chain validity cells for
keyed stores to typed arrays. You just risk going megamorphic for
unrelated changes.
Bug: v8:6999
Change-Id: Id831de42a2c9eadfd5317ee9b5dbfaa207f236fe
Reviewed-on: https://chromium-review.googlesource.com/737789
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48898}
as opposed to waiting until state() is PREMONOMORPHIC like named
Load/StoreICs do. Keyed ICs do not have PREMONOMORPHIC state.
Bug: v8:6999
Change-Id: If37705d3301fb93a2fc2bf10fdeb255ff06fdb5e
Reviewed-on: https://chromium-review.googlesource.com/737655
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48895}
I am not committing the regression test from the bug because it takes
ages to run, but I have locally verified that it passes now.
Bug: chromium:776645
Change-Id: Ia7128d9fa3cf864b1c1b646802a973fe41d4c4ae
Reviewed-on: https://chromium-review.googlesource.com/735484
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48893}
This CL makes --trace-maps available in the default build by disabling
certain expensive/intrusive features.
This is an intermediate step to be able to write proper tests for --trace-maps
and the new map-processor.
Change-Id: Ib6a8fc9c77796c106d3af9d741d48abe6c6b9099
Reviewed-on: https://chromium-review.googlesource.com/734648
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48891}
Before, the standard way to create a RegList was either:
RegList list = (1 << 0) | (1 << 1) | ...
or
RegList list = rax.bit() | rdx.bit() | ...
The first way allows to make the RegList constexpr, but needs comments
to document which registers you are referring to, and it has no checks
that all bits you set on the RegList actually belong to valid registers.
The second one uses the symbolic names, hence is much more readable and
makes it harder to construct invalid RegLists. It's not constexpr
though, since the {bit()} method on the register types is not constexpr.
This CL adds a constexpr accessor to get the code and bit of a
constexpr Register, and adds a helper method to create a constexpr
RegList like this:
constexpr RegList list = Register::ListOf<rax, rdx, rdi>();
This new method is used in a number of places to test its
applicability. Other uses of the old pattern remain and can be cleaned
up later.
R=tebbi@chromium.org
Change-Id: Ie7b1d6342dc5f316dcfedd0363b3540ad5e7f413
Reviewed-on: https://chromium-review.googlesource.com/728026
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48887}
Similar to the incremental marker, rename the MarkingState to
MajorMarkingState and avoid using atomics on live byte count as the
concurrent tasks cache its value.
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
Bug: chromium:750084
Change-Id: Id37bb89385d4fbae95542073ea652617e61010d5
Reviewed-on: https://chromium-review.googlesource.com/735399
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48885}
This removes all but one caller of Literal::raw_value(), thus
hiding AstValue from the rest of the codebase. This is in
preparation to move much of AstValue's implementation up
into Literal itself, thus avoiding the overhead of the
underling ZoneObjects and allowing us to remove complexity
such as the cache of Smi-valued AstValues.
Bug: v8:6984
Change-Id: I1b90aa64b9d26db36ef486afe73cda4473ef866e
Reviewed-on: https://chromium-review.googlesource.com/731109
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48884}
Only rewind destructuring assignments if we actually preparsed
the arrow function. For the case of single-expression bodies,
we don't preparse, but we were previously erroneously rewinding.
Bug: v8:6970
Change-Id: I38e15a8a5bdb05abee3bafe7bbd7736b55a6950b
Reviewed-on: https://chromium-review.googlesource.com/733950
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48883}
This is to enable it to also be used for reporting AsmJS errors such that
this can be moved off-thread.
BUG=v8:5203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia46040b14d010702f10c02b8254aea84cba4d54d
Reviewed-on: https://chromium-review.googlesource.com/735606
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48881}
This moves bits that are accessed during a stack-walk out if the first
kind-specific flags field. Such bits are accessed during evacuation
within the GC and hence need to remain directly in the {Code} object,
the other bits in the kind-specific flags are mutable and hence will be
moved into a separate data container object.
R=jarin@chromium.org
BUG=v8:6792
Change-Id: I20b7d307110ca0c0eb6dd4df31a35fab4701c6da
Reviewed-on: https://chromium-review.googlesource.com/735145
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48877}
Our first implementation passed the source position as argument to the
runtime function, which would then generate an Error object, patch the
contained stack trace to point to the position given as argument, and
then throw the Error.
Since all our paths are now changed to call a builtin with proper
source position information, we do not need to patch anything any more.
R=ahaas@chromium.org
Bug: v8:5007
Change-Id: I70dce1b9fcf9966a13865c1c373f3e354908b009
Reviewed-on: https://chromium-review.googlesource.com/732117
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48876}
... mainly by adapting Object::Compare and
CodeStubAssembler::RelationalComparison.
TBR=rmcilroy@chromium.org
Change-Id: I34448d45b4950b9318263c4a667aa9db7d77232d
Bug: v8:6791
Reviewed-on: https://chromium-review.googlesource.com/730730
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48873}
This speeds up insertion and removal by reducing the time taken to hash.
Bug: v8:6992
Change-Id: I4e9e1c97a5503bf5a09c2428980a3c2d6bf4051e
Reviewed-on: https://chromium-review.googlesource.com/735419
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48867}
When lowering a monomorphic load/store, where multiple receiver maps
have been recorded, but the action to be performed is the same (i.e.
yielding undefined because the property is not found), TurboFan used
to ignore the Smi case, leading to a pretty terrible deoptimization
loop, as the LOAD_IC/STORE_IC properly recorded that state and thus
didn't change it's state.
Fixing this issue gives a 18-20% boost on the prettier test of the
web-tooling-benchmark, which was suffering a lot from this problem.
Bug: v8:6936, v8:6991
Change-Id: Id208ec7129a7f6b190d989bda31f936040393226
Reviewed-on: https://chromium-review.googlesource.com/735342
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48865}
Ensure that effect outputs from nodes are used if they have
an effect output. This helps us avoid an easy-to-make error
where we fail to update the effect chain with the result of
effectful operations.
Bug: v8:6929
Change-Id: I585dc627b3c330006ec04717ff9b2f5060dbad6a
Reviewed-on: https://chromium-review.googlesource.com/718107
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48861}
Avoid locking the pages for the scavenger by filtering out pages that require
sweeping and scavenging from the sweeper. This way we preserve the assumption
that processing slots on a page is sequential.
Pages that have been scavenged are re-added to the sweeper to allow them to
be reused for allocation.
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
Bug: v8:6923
Change-Id: I7d159de11792ef16a534f29e31791d06d7fb5221
Reviewed-on: https://chromium-review.googlesource.com/730603
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48859}
Once the KeyedStoreIC was in MEGAMORPHIC state storing to dictionary
mode objects, we'd constantly hit the slow-path implemented via the
%SetProperty runtime function, if the dictionary was created with a
null prototype, i.e. via Object.create(null). This goes against the
advice of using Object.create(null) for dictionaries (compared to
using empty object literal), which is unfortunate.
This CL addresses two issues, starting with
- adding support for null prototypes to LookupPropertyOnPrototypeChain,
which was always hitting the slow path for null prototypes, and
- using the dedicated %AddDictionaryProperty runtime call when we
have to grow the backing store.
These changes combined improve the micro-benchmark from
storeToDictionary: 559 ms.
storeToFast: 95 ms.
to
storeToDictionary: 201 ms.
storeToFast: 94 ms.
which reduces overhead by about 65%. This overall improves the chai test
on the web-tooling-benchmark by about 4%, which still leaves some room
for improvement.
Bug: v8:6936, v8:6985
Change-Id: I97b78961f51edb3a3e198bdb31457fd78bed947f
Reviewed-on: https://chromium-review.googlesource.com/735139
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48858}
The (KEYED_)LOAD/STORE_ICs didn't properly leave the UNINITIALIZED as
long as the receiver was always null/undefined. This leads to
deoptimization loops in TurboFan, because the compiler always put in a
SOFT deoptimization at this point.
Bug: v8:6989
Change-Id: I1a32bfb722f121f8b593e8972e657290d7b0531d
Reviewed-on: https://chromium-review.googlesource.com/735319
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48854}
Previously, V8's slice was implemented in a combination of C++ and a
Javascript fallback. The disadvantage of this approach was that the
fast-path required a call through the CEntryStub, which introduced
considerable overhead for small arrays with fast elements kinds.
Now the implementation primarily uses the CSA to generate both the
full spec-complaint implementation as well as fast paths for argument
objects and arrays with fast elements kinds. The CSA implementation
uses a C++ implementation fallback in select situations where the the
complexity of a CSA implementation would be too great and the
CEntryStub overhead is not decisive (e.g. slices of dictionary
elements arrays).
Performance results on semi-random arrays with small number of
elements (old vs. new):
smi copy: 48.7 ms vs. 12 ms
smi slice: 43.5 ms 14.8 ms
object copy: 35.5 ms 7.7 ms
object slice: 38.7 ms 8.8 ms
dictionary slice: 2398.3 ms vs. 5.4 ms
fast sloppy arguments slice: 9.6 ms vs. 7.2 ms
slow sloppy arguments slice: 28.9 ms vs. 8.5 ms
As a bonus, the new implementation is fully spec-compliant and fixes
at least one existing bug.
The design document for Array.prototype builtin rework can be found
at https://goo.gl/wFHe2n
Bug: v8:1956,v8:6601,v8:6710,v8:6978
Change-Id: Ia0155bedcf39b4577605ff754f416c2af938efb7
Reviewed-on: https://chromium-review.googlesource.com/574710
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48853}
This is in preparation for the new --trace-maps feature which will also log the
current PC.
Change-Id: I20f60c8a1e0104d4497460bafab623840a129f41
Reviewed-on: https://chromium-review.googlesource.com/734463
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48851}
The stack can be cleared with RuntimeCallStats::Reset() call.
Correctly handle the case by silently exit the running timer scopes.
BUG=chromium:760649
Change-Id: I51ecca5591a7af358f3e50779d0f81cb9d76e502
Reviewed-on: https://chromium-review.googlesource.com/734121
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48847}
Support inlining of Array.prototype.filter in TurboFan.
Bug: v8:1956
Change-Id: If50e230d14461063d378c0591dc27dea43371afa
Reviewed-on: https://chromium-review.googlesource.com/733089
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48846}
...its users, the "Negate", "Inc", and "Dec" bytecode handler
generators, to use subclassing and method overriding instead
of passing lambdas around.
Change-Id: Ib3febbb5cb2d763705f902d0324c11290e9513f7
Reviewed-on: https://chromium-review.googlesource.com/731616
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48845}
The tests are generated randomly, using Python's arbitrary-precision
integers as the source of truth.
The generator script is landed as part of this CL. It also supports
a "stress test" mode for on-demand intensive test coverage.
Bug: v8:6791
Change-Id: Idc7a2e90fd8a0a8176283614b33ecd4c3597b1d1
Reviewed-on: https://chromium-review.googlesource.com/731464
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48844}
When TurboFan sees a call to Reflect.get with exactly two parameters,
we can lower that to a direct call to the GetPropertyStub, which is
certainly faster than the general C++ builtin. This gives a nice
7-8% improvement on the chai test in the web-tooling-benchmark.
The micro-benchmark on the issue goes from
reflectGetPresent: 461 ms.
reflectGetAbsent: 470 ms.
to
reflectGetPresent: 141 ms.
reflectGetAbsent: 245 ms.
which is an up to 3.2x improvement.
Bug: v8:5996, v8:6936, v8:6937
Change-Id: Ic439fccb13f1a2f84386bf9fc31b4283d101afc4
Reviewed-on: https://chromium-review.googlesource.com/732988
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48841}
When simplifying the DoubleToI stub
(https://chromium-review.googlesource.com/c/v8/v8/+/720963), I accidentaly
removed support for generating a version of the stub which uses SSE
instructions. Re-enable support for this.
Bug: chromium:777304
Change-Id: I03c14464a2cf288216f59f59c88be7af42ef350b
Reviewed-on: https://chromium-review.googlesource.com/733130
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48840}
Currently we incorrectly show global object as arrow function receiver.
With this CL:
- if this is used inside of function we show correct this value,
- if this is unused and V8 optimizes it out - we show undefined.
Second is known issue which we should address separately.
R=dgozman@chromium.org,yangguo@chromium.org
Bug: chromium:552753
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iac88a07fe622eb9b2f8af7ecbc4a32a56c8cdfaa
Reviewed-on: https://chromium-review.googlesource.com/723840
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48839}
If the buffer associated with WebAssembly.Memory is used as memory
for asm.js modules, throw a range error on Memory.Grow.
Bug: chromium:776677
Change-Id: Iebcd7797fa7724002dd8073d1dbaeb98f080d316
Reviewed-on: https://chromium-review.googlesource.com/731844
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48837}
This patch implements the runtime semantics of static public
class fields.
Adds a new InitializeClassFieldsStatement AST node that contains
all the static class fields and their initializers.
ClassLiteral is now desugared to be included in a do-exp that calls
an initializer function which contains this new AST node.
Bug: v8:5367
Change-Id: I3574e4c685f1c039de42521c122e24f8d28e5d6c
Reviewed-on: https://chromium-review.googlesource.com/714817
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48835}
This reverts commit ddd15cdafb.
Reason for revert: Blocks roll: https://chromium-review.googlesource.com/c/chromium/src/+/732565
Original change's description:
> [turbofan] Instance type tracking in load elimination.
>
> This tracks instance type in load elimination, so that it can be used
> to prune control flow with unreachable states.
>
> (This is a cut down version of https://chromium-review.googlesource.com/c/v8/v8/+/727761),
> the regression should be addressed by the map invalidation fix from
> https://chromium-review.googlesource.com/c/v8/v8/+/730705.)
>
> Bug: v8:6396
> Change-Id: I3acab16ebbc0f1f16c7900a8d307deb84e1cb618
> Reviewed-on: https://chromium-review.googlesource.com/732307
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48812}
TBR=jarin@chromium.org,bmeurer@chromium.org
Change-Id: I1a3fe1d62c05889ea83e2f6cfb31a6ccbe65241d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6396
Reviewed-on: https://chromium-review.googlesource.com/732898
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48833}
This CL adds a first implementation of Liftoff, the new wasm baseline
compiler, for x64 and ia32. It currently supports the most important
i32 instructions and control instructions. Whenever it encounters an
instruction it does not support yet, it aborts.
In a subsequent CL, Liftoff will be called from the
WasmCompilationUnit, falling back to Turbofan compilation if the
baseline compiler bails out.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ifa78fb9d546dce72c241ff01a251dfa13cb31c1d
Reviewed-on: https://chromium-review.googlesource.com/716480
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48832}
In js-call-reducer.cc, we reduce many builtins with similar properties.
This CL contains some abstractions useful also for future methods
we'd like to inline.
Bug:
Change-Id: I41a5a5c549177fc750bc576fbc7616c2b4c41793
Reviewed-on: https://chromium-review.googlesource.com/733099
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48831}
This reverts commit 97ead4338e.
Reason for revert: makes the PreParserScopeAnalysis test much slower.
Original change's description:
> [parser] Skipping inner funcs: Use less memory for variables.
>
> - Make it possible to store quarter-bytes instead of full bytes.
>
> - Don't store is_used; it can be recovered correctly based on the actual full
> parse (when a lazy function is eventually called) and
> has_forced_scope_allocation.
>
> - With the is_used change, the old testing approach (which compared a scope for
> which we didn't do scope allocation to the baseline) no longer made
> sense. Replaced it with a new testing approach, which is also closer to the
> actual usage.
>
> BUG=v8:5516
>
> Change-Id: I02bac24e482126689dcdbabe8b3a04977be29b0c
> Reviewed-on: https://chromium-review.googlesource.com/725422
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48828}
TBR=marja@chromium.org,verwaest@chromium.org
Change-Id: I8cb87bcd55462b1cef4444dabb5cbfa2ecb24c7c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5516
Reviewed-on: https://chromium-review.googlesource.com/732878
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48829}
- Make it possible to store quarter-bytes instead of full bytes.
- Don't store is_used; it can be recovered correctly based on the actual full
parse (when a lazy function is eventually called) and
has_forced_scope_allocation.
- With the is_used change, the old testing approach (which compared a scope for
which we didn't do scope allocation to the baseline) no longer made
sense. Replaced it with a new testing approach, which is also closer to the
actual usage.
BUG=v8:5516
Change-Id: I02bac24e482126689dcdbabe8b3a04977be29b0c
Reviewed-on: https://chromium-review.googlesource.com/725422
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48828}
Also removes can_execute_on_background_thread() since all compilation jobs can now do that.
Part of the work towards enabling off-thread bytecode compilation.
BUG=v8:5203
Change-Id: I6a52c26d599ce74482b5fb49926603cb326f1e31
Reviewed-on: https://chromium-review.googlesource.com/731285
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48826}
Fixes the implementation of step 9 in the Proxy's internal [[Get]]
method:
Let targetDesc be ? target.[[GetOwnProperty]](P)
If P is an accessor, this should not result in a call to the getter.
Likewise in [[Set]] and [[Has]].
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-get-p-receiver
Bug: chromium:776338
Change-Id: I2652ffab2b3e4c38de00a82b8419192fdc768951
Reviewed-on: https://chromium-review.googlesource.com/732897
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48825}
