Handle fall-off returns and returns inside try blocks.
Store the type-profile feedback slot on the FunctionLiteral
rather than on every return statement.
Next steps:
* Store entries in nexus that can be identified as 'return' (rather than parameter or assignment)
* Collect types for parameters and assignments
* Distinguish multiple parameters and assignments correctly
R=mstarzinger@chromium.org
BUG=v8:5935
Review-Url: https://codereview.chromium.org/2764113002
Cr-Commit-Position: refs/heads/master@{#44014}
The old method always returned a Handle<Object>, requiring an explicit
cast in the caller. This CL makes it return Handle<T> if called with a
T* as parameter.
Also, remove now redundant casts from callers.
R=bmeurer@chromium.org
Change-Id: I13cfb2f2e812e8582a9a1d9d6c8a5a24f40d0e79
Reviewed-on: https://chromium-review.googlesource.com/458376
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44012}
Third bulk of changes.
BUG=v8:6116
Change-Id: I26f5c03a44e55a998e71160a42f6e2c1509f41c7
Reviewed-on: https://chromium-review.googlesource.com/458197
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44011}
Currently there are a number of comment in src/v8.h which look like
this: TODO(dcarney): mark V8_WARN_UNUSED_RESULT.
This commit attempts to remove these comments and add the
V8_WARN_UNUSED_RESULT macro to the methods in question.
BUG=
Review-Url: https://codereview.chromium.org/2135973002
Cr-Commit-Position: refs/heads/master@{#44010}
This fixes a corner case where the "instance prototype" diverges from
the "non-instance prototype" that we store on the initial map of a
constructor function.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-703610
BUG=chromium:703610
Change-Id: I30a19ae621e10b512215ffb191ce00d030941440
Reviewed-on: https://chromium-review.googlesource.com/458396
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44008}
The regex was slightly off, meaning the results would not
display properly.
Change-Id: Ie3b2bf54a50bffde9b64663d7b8b8c0ad39a1212
Reviewed-on: https://chromium-review.googlesource.com/458416
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44007}
Add a test case as reminder for future work.
The return statement is in a try
finally and is never used when returning. The type should
not be collected.
R=mstarzinger@chromium.org
BUG=v8:5935
Review-Url: https://codereview.chromium.org/2765863002
Cr-Commit-Position: refs/heads/master@{#44006}
For instance, /\b\b\b\B\B\B/ is folded into the equivalent /\b\B/.
BUG=v8:6126
Review-Url: https://codereview.chromium.org/2768443003
Cr-Commit-Position: refs/heads/master@{#44004}
This saves 72 KiB (approximately 0.1%) of the Chrome APK size of for ARM/Android.
In Counters, each similar group of counters generates a compact data structure,
which a loop then iterates over, rather than having the full loop unrolled
(though the compiler will automatically unroll small ones).
In RuntimeCallStats, the compiler was not being clever enough to avoid
initializing count_ and time_ to zero individually, even after the initialization
of names was moved into a loop. As a result, RuntimeCallCounter was modified
to have a non-initializing constructor for exclusive use by RuntimeCallStats,
which explicitly initializes the counters in a loop. Since v8::base::TimeDelta
does not support an uninitialized state, time_ was changed to be stored as
int64_t microseconds internally, which generates the same code (it's the same
representation as TimeDelta).
BUG=v8:6119
Review-Url: https://codereview.chromium.org/2759033002
Cr-Commit-Position: refs/heads/master@{#43996}
Second bulk of changes.
BUG=v8:6116
Change-Id: I6297c4e3e1c0230a96dc6197691a54c07cc61c88
Reviewed-on: https://chromium-review.googlesource.com/457320
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43995}
Reason for revert:
Temporarily disabled tests on chromium side (https://codereview.chromium.org/2764933002)
Original issue's description:
> Revert of [wasm] Transferrable modules (patchset #13 id:280001 of https://codereview.chromium.org/2748473004/ )
>
> Reason for revert:
> Breaks layout tests:
> https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14312
>
> See https://github.com/v8/v8/wiki/Blink-layout-tests
>
> Original issue's description:
> > [wasm] Transferrable modules
> >
> > We want to restrict structured cloning in Chrome to:
> > - postMessage senders and receivers that are co-located
> > in the same process
> > - indexedDB (just https).
> >
> > For context, on the Chrome side, we will achieve the postMessage part
> > by using a mechanism similar to transferrables: the
> > SerializedScriptValue will have a list of wasm modules, separate from
> > the serialized data stream; and this list won't be copied cross
> > process boundaries. The IDB part is achieved by explicitly opting in
> > reading/writing to the serialization stream. To block attack vectors
> > in IPC cases, the default for deserialization will be to expect data
> > in the wasm transfers list.
> >
> > This change is the V8 side necessary to enabling this design. We
> > introduce TransferrableModule, an opaque datatype exposed to the
> > embedder. Internally, TransferrableModules are just serialized data,
> > because we don't have a better mechanism, at the moment, for
> > de-contextualizing/re-contextualizing wasm modules (wrt Isolate and
> > Context).
> >
> > The chrome defaults will be implemented in the
> > serialization/deserialization delegates on that side. For the v8 side
> > of things, in the absence of a serialization delegate, the V8
> > serializer will write to serialization stream. In the absence of a
> > deserialization delegate, the deserializer won't work. This asymmetry
> > is intentional - it communicates to the embedder the need to make a
> > policy decision, otherwise wasm serialization/deserialization won't
> > work "out of the box".
> >
> > BUG=v8:6079
> >
> > Review-Url: https://codereview.chromium.org/2748473004
> > Cr-Commit-Position: refs/heads/master@{#43955}
> > Committed: 99743ad460
>
> TBR=jbroman@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:6079
>
> Review-Url: https://codereview.chromium.org/2762163002
> Cr-Commit-Position: refs/heads/master@{#43981}
> Committed: e538b70e1aTBR=jbroman@chromium.org,bradnelson@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6079
Review-Url: https://codereview.chromium.org/2762273002
Cr-Commit-Position: refs/heads/master@{#43994}
The problem was that transitioning element stores had a similar shape to
the new StoreGlobal case.
The problem was fixed by https://chromium-review.googlesource.com/c/457341/
BUG=v8:5561
Change-Id: If996e9b37809ba8edf6dcb228b116b77021ce7bc
Reviewed-on: https://chromium-review.googlesource.com/457324
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43992}
- Adds a FinishCode method to CodeGenerator, and implements it for all
platforms. ARM and ARM64 flush constants, all other platforms do nothing.
- Remove old static free function.
LOG=N
BUG=none
Review-Url: https://codereview.chromium.org/2748383004
Cr-Commit-Position: refs/heads/master@{#43990}
This is just a very minor cleanup avoiding unnecessary slow stub usage.
BUG=v8:5561
Change-Id: Ib145606520b5b7019f1e55d3aec7caa956c7e090
Reviewed-on: https://chromium-review.googlesource.com/457337
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43989}
On S390, GCC seems to treat size_t as 'long_unsigned_int'. Which conflicts with the %d format specifier since that expects an 'int'. So changing the macro to PRIuS. This seems to fix the issue while retaining the expected behaviour for all other systems.
R=mlippautz@chromium.org, hpayer@chromium.org
BUG=none
Review-Url: https://codereview.chromium.org/2759963003
Cr-Commit-Position: refs/heads/master@{#43988}
Rebase of https://chromium-review.googlesource.com/446336 was broken.
Didn't fail any tests because the feature is behind a flag.
BUG=
Change-Id: I6009bfac27aa896e20446f002f5db707aab7e34c
Reviewed-on: https://chromium-review.googlesource.com/457040
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43984}
Inspired by bsuite/compare-baseline.py and tools/perf-to-html.py. The main difference
from the latter is that the new script does not require json files preprocessing and it
is able to compare multiple json files at once (just like bsuite/compare-baseline.py).
This CL also makes tools/run_perf.py relative path friendly.
BUG=
Change-Id: I7be796fa920f8360703806f32767b992eec0f9c2
Reviewed-on: https://chromium-review.googlesource.com/456286
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43982}
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14312
See https://github.com/v8/v8/wiki/Blink-layout-tests
Original issue's description:
> [wasm] Transferrable modules
>
> We want to restrict structured cloning in Chrome to:
> - postMessage senders and receivers that are co-located
> in the same process
> - indexedDB (just https).
>
> For context, on the Chrome side, we will achieve the postMessage part
> by using a mechanism similar to transferrables: the
> SerializedScriptValue will have a list of wasm modules, separate from
> the serialized data stream; and this list won't be copied cross
> process boundaries. The IDB part is achieved by explicitly opting in
> reading/writing to the serialization stream. To block attack vectors
> in IPC cases, the default for deserialization will be to expect data
> in the wasm transfers list.
>
> This change is the V8 side necessary to enabling this design. We
> introduce TransferrableModule, an opaque datatype exposed to the
> embedder. Internally, TransferrableModules are just serialized data,
> because we don't have a better mechanism, at the moment, for
> de-contextualizing/re-contextualizing wasm modules (wrt Isolate and
> Context).
>
> The chrome defaults will be implemented in the
> serialization/deserialization delegates on that side. For the v8 side
> of things, in the absence of a serialization delegate, the V8
> serializer will write to serialization stream. In the absence of a
> deserialization delegate, the deserializer won't work. This asymmetry
> is intentional - it communicates to the embedder the need to make a
> policy decision, otherwise wasm serialization/deserialization won't
> work "out of the box".
>
> BUG=v8:6079
>
> Review-Url: https://codereview.chromium.org/2748473004
> Cr-Commit-Position: refs/heads/master@{#43955}
> Committed: 99743ad460TBR=jbroman@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6079
Review-Url: https://codereview.chromium.org/2762163002
Cr-Commit-Position: refs/heads/master@{#43981}
This frees up the InterpreterAssembler for no longer being linked
into the main library.
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2759093004
Cr-Commit-Position: refs/heads/master@{#43979}
For MIPS32, instructions ldc1 and sdc1 are moved into macro-assembler
and renamed as Ldc1 and Sdc1. The reason for placing them into
macro-assembler is that they emmit two or three instructions.
TEST=test/cctest/test-assembler-mips,
test/cctest/test-code-stubs-mips,
test/cctest/test-macro-assembler-mips
BUG=
Review-Url: https://codereview.chromium.org/2751973002
Cr-Commit-Position: refs/heads/master@{#43977}
This CL makes the interpreter reentrant by allowing different
activations to be live at the same time. The wasm interpreter keeps a
list of activations and stores the stack height at the start of each
activation. This information is used to unwind just one activation, or
show the right portion of the interpreter stack for each interpreter
entry frame.
The WasmDebugInfo object stores a mapping from frame pointer (of the
interpreter entry) to the activation id in order to identify the
activation based on the physical interpreter entry frame.
R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5822
Change-Id: Ibbf93f077f907213173a92e0a2f7f3556515e8eb
Reviewed-on: https://chromium-review.googlesource.com/453958
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43976}
In the tick processor, in cases where there are a lot of ticks (e.g.
long running programs), JSON.stringify could throw a range exception
because the created string is too large.
Instead of creating the entire JSON string in memory, we now write the
top-level parts of the JSON manually, writing out the ticks individually
instead of all together.
Review-Url: https://codereview.chromium.org/2754683002
Cr-Commit-Position: refs/heads/master@{#43973}
The called runtime function never returns, thus we don't need to emit
return code afterwards.
R=ahaas@chromium.org
Change-Id: I4adb5492b1d5bcb8f644f9544137e07196ac61e4
Reviewed-on: https://chromium-review.googlesource.com/456507
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43972}
For CheckBounds(index,length) we know that the length must be in
Unsigned31 range. Thus there's no observable difference for index
values in the range [-2^31,-1] and the range [2^31,2^32-1], both
are considered out-of-bounds; also it's safe to truncate -0 to 0
wrt. CheckBounds. Thus we can safely pass Word32 truncation if the
index is in Integral32 \/ MinusZero. Usually this generates the same
code, but some index computations can benefit from the Word32 truncation
and avoid going to double because the result would be outside the valid
Signed32 or Unsigned32 ranges.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2760213003
Cr-Commit-Position: refs/heads/master@{#43969}
When returning from the runtime function, move jssp back to csp. The
csp might have been changed by the runtime function, but jssp should
have been restored to its original value.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: I300263a586ca546a4d7f925730f1f38b680379ca
Reviewed-on: https://chromium-review.googlesource.com/457372
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43967}
