mjsunit/big-object-literal will exhaust the stack in debug builds,
due to different compiler settings. It will work in optdebug.
This disables for both. Adding an 'optdebug' test to .status files
is easy, but I don't want to contribute to the 'mode x variant explosion'.
R=jochen@chromium.orgCC=franzih@chromium.org, machenbach@chromium.org
Review-Url: https://codereview.chromium.org/2609193002
Cr-Commit-Position: refs/heads/master@{#42061}
This CL simplifies the relation between the wasm graph builder, the
wasm decoder, and the wasm module they work on.
BUG=
Review-Url: https://codereview.chromium.org/2612643002
Cr-Commit-Position: refs/heads/master@{#42056}
-- Removes remaning debug from promise.js and moves it to c++
-- Changes debug_id to be a smi in PromiseReactionJobInfo and
PromiseResolveThenableJobInfo.
-- Changes debug_name to be a smi in PromiseReactionJobInfo and
PromiseResolveThenableJobInfo.
-- Adds PromiseDebugActionName and PromiseDebugActionType enums
-- Adds PromiseDebugActionNameToString and
PromiseDebugActionTypeToString helper methods
-- Changes variable `status` to be int in runtime functions.
-- Changes debug_id to start from 1, not 0 for easier bookkeeping.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2606093002
Cr-Commit-Position: refs/heads/master@{#42052}
These maps contain exactly the same information as the strict maps, so
this frees up a few pointers of native context space, gets rid of some
branches in FastNewClosure, and adds missing poisoned properties tests
for async functions.
BUG=v8:2355, v8:4483
R=adamk@chromium.org, bmeurer@chromium.org, littledan@chromium.org
Review-Url: https://codereview.chromium.org/2608333002
Cr-Commit-Position: refs/heads/master@{#42051}
When baselining a function using the BaselineFunctionOnNextCall intrinsic, it is
not always ensured that a function is already compiled. Update the
Runtime_BaselineFunctionOnNextCall function to trigger a compile if it is not already
compiled.
BUG=v8:5768
Review-Url: https://codereview.chromium.org/2594543003
Cr-Commit-Position: refs/heads/master@{#42033}
(Missing includes discovered during the objects.h splitting work.)
BUG=v8:5402
Review-Url: https://codereview.chromium.org/2610643002
Cr-Commit-Position: refs/heads/master@{#42029}
Hook up TurboFan with the existing field type tracking machinery to
eliminate redundant map checks on the results of LoadField operators.
The store side is already implemented in TurboFan for quite some time,
this just adds the load part.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2604393002
Cr-Commit-Position: refs/heads/master@{#42015}
- Adds CodeAssembler::ConstructJS() to simplify calling JS functions as
constructors, used by NewPromiseCapability()
- Defines PromiseCapability as a special JSObject subclass, with a
non-exensible Map, and read-only non-configurable DataDescriptors which
point to its in-object fields. This allows its fields to be used by JS
builtins until there is no longer any need.
Currently, the performance benefit comes from
https://codereview.chromium.org/2567033003/, but does not appear to
regress performance in any significant way.
BUG=v8:5343
TBR=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2567333002
Cr-Commit-Position: refs/heads/master@{#42014}
We need to report cached wrappers within v8 to the embedder after each atomic
phase of v8 marking because the embedder can invalidate the wrappers in-between
v8 marking steps.
E.g., in Chrome, a conservative GC might need to wipe dead wrappables from
the wrapper tracing marking deque.
BUG=chromium:676700, chromium:468240
Review-Url: https://codereview.chromium.org/2610563002
Cr-Commit-Position: refs/heads/master@{#42011}
Add machinery to Ignition and TurboFan to collect and consume
InternalizedString feedback for abstract and strict equality
comparisons. Here we can turn the comparison into a simple
pointer equality check.
R=jarin@chromium.org
BUG=v8:5786
Review-Url: https://codereview.chromium.org/2609013002
Cr-Commit-Position: refs/heads/master@{#42008}
When Crankshaft compiles a keyed load to arguments, it disabled
optimization unless the KEYED_LOAD_IC for the access was monomorphic.
But that's too restrictive, since it will also disable optimization
for this function when the access is on a path that was never executed
so far.
This was spotted in the Node.js core function EventEmitter.prototype.emit,
which was no longer optimizable with Crankshaft using latest V8.
R=jarin@chromium.org
BUG=v8:5790
Review-Url: https://codereview.chromium.org/2607303002
Cr-Commit-Position: refs/heads/master@{#42005}
This patch fixes OOM crash that happens for large heap where
the total size of edges exceeds 2GB, which is the hard limit
for v8::internal::List allocated using tcmalloc.
BUG=chromium:675911
Review-Url: https://codereview.chromium.org/2595003002
Cr-Commit-Position: refs/heads/master@{#42004}
This patch stores the promise, resolve, reject properties of the
deferred object created by CreateInternalPromiseCapability and
NewPromiseCapability directly on the promise (if the promise hasn't
been fulfilled), otherwise they are stored on the
PromiseReactionJobInfo.
This patch removes the currently unused
CreateInternalPromiseCapability and inlines the call to create the
deferred promise object.
NewPromiseCapability is the only function that works with a deferred.
This patch results in a 8.5% improvement in benchmarks over 5 runs.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2590563003
Cr-Commit-Position: refs/heads/master@{#41991}
Add test as well.
Add regression test for passing uninitialized promises to init hook
BUG=v8:4643
Review-Url: https://codereview.chromium.org/2578173004
Cr-Commit-Position: refs/heads/master@{#41982}
... and add explicit CallPrologue/CallEpilogue callbacks to CodeAssemblerState instead.
This will allow IntepreterAssembler to use any other helper assembler.
TBR=rmcilroy@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2600183004
Cr-Commit-Position: refs/heads/master@{#41973}
The TF version of this operation was missing a ToObject coercion, so failed to do
@@toStringTag lookups when passed primitive values.
R=franzih@chromium.org
BUG=v8:5780
Review-Url: https://codereview.chromium.org/2597323002
Cr-Commit-Position: refs/heads/master@{#41961}
This syntax was formerly legal per ECMAScript, but has been a
SyntaxError for some time now. V8 deviates from spec in that it
is instead a runtime error; we'd like to know if we can get
away with removing it (at least in sloppy mode) or if the spec
should be changed.
c.f. https://github.com/tc39/ecma262/issues/257#issuecomment-195106880
Also add self to authors file
BUG=v8:4480
Review-Url: https://codereview.chromium.org/2599253002
Cr-Commit-Position: refs/heads/master@{#41960}
This patch moves the creation of the Intl constructors from JavaScript
to C++ in bootstrapper.cc, to match all of the other builtins exposed
to the web.
BUG=v8:5751
Review-Url: https://codereview.chromium.org/2586763002
Cr-Commit-Position: refs/heads/master@{#41959}
Reason for revert:
Issue https://bugs.chromium.org/p/chromium/issues/detail?id=677055 . I'll send out a follow-on reland, as it should still be possible to eliminate the redundant type system.
Original issue's description:
> [intl] Remove redundant type checking system
>
> Previously, the Intl implementation tracked types two ways:
> - In the intl_initialized_marker_symbol
> - In various named properties of the intl_impl_object_symbol value
>
> As far as I can tell, these will never disagree with each other,
> modulo bugs in Intl itself. This patch removes the second type
> checking system.
>
> BUG=v8:5751
>
> Review-Url: https://codereview.chromium.org/2591203002
> Cr-Commit-Position: refs/heads/master@{#41941}
> Committed: 0d5561b64dTBR=yangguo@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5751
Review-Url: https://codereview.chromium.org/2601783002
Cr-Commit-Position: refs/heads/master@{#41958}
ECMA 402 v2 made Intl constructors more strict in terms of how they would
initialize objects, refusing to initialize objects which have already
been constructed. However, when Chrome tried to ship these semantics,
we ran into web compatibility issues.
This patch tries to square the circle and implement the simpler v2 object
semantics while including a compatibility workaround to allow objects to
sort of be initialized later, storing the real underlying Intl object
in a symbol-named property.
The new semantics are described in this PR against the ECMA 402 spec:
https://github.com/tc39/ecma402/pull/84
BUG=v8:4360, v8:4870
LOG=Y
Review-Url: https://codereview.chromium.org/2582993002
Cr-Commit-Position: refs/heads/master@{#41943}
Previously, the Intl implementation tracked types two ways:
- In the intl_initialized_marker_symbol
- In various named properties of the intl_impl_object_symbol value
As far as I can tell, these will never disagree with each other,
modulo bugs in Intl itself. This patch removes the second type
checking system.
BUG=v8:5751
Review-Url: https://codereview.chromium.org/2591203002
Cr-Commit-Position: refs/heads/master@{#41941}
Reland 0cf5623220
The original patch got reverted because testing RegisterConfiguration was
overwritten by turbofan RegisterConfiguration. This caused some test cases not being
properly tested. The new patch uses correct RegisterConfiguration.
Original commit message:
Test InstructionSequenceTest has been initialized with a testing RegisterConfiguration
instance defined in instruction-sequence-unittest.h, whereas class ExplicitOperand which
is being tested used RegisterConfiguration from instruction.cc. In case these two
instances are different, the tests would fail. The issue is fixed by using the same
instance of RegisterConfiguration both for test code and code under test.
Additionally, the tests in register-allocator-unittest.cc use hardcoded values
for register and begin failing is the hardcoded register is not available for
allocation. Fix by forcing the use of allocatable registers only.
TEST=unittests.MoveOptimizerTest.RemovesRedundantExplicit,unittests.RegisterAllocatorTest.SpillPhi
BUG=
Review-Url: https://codereview.chromium.org/2595293002
Cr-Commit-Position: refs/heads/master@{#41938}
Ignoring this linker warning will enable Chromium builds to start
treating all linker warnings as errors in Windows builds.
BUG=676417, 659007
Review-Url: https://codereview.chromium.org/2594013004
Cr-Commit-Position: refs/heads/master@{#41931}
These methods now return undefined upon finding a data property in the
prototype chain which shadows an accessor property, and when hitting
a Proxy, call the appropriate proxy traps.
R=cbruni@chromium.org, littledan@chromium.org
BUG=v8:5130
Review-Url: https://codereview.chromium.org/2592013003
Cr-Commit-Position: refs/heads/master@{#41929}
Reason for revert:
Causes crashes on Canary: crbug.com/676643
Original issue's description:
> Turn on icu_case_mapping by default
>
> Update string-capitalize expected result because now it
> passes all the tests in the file.
> Mark fast/js/string-capitalization as failing with no_i18n.
>
> Relanding after revert because the failure was taken care of
> by Adam's CL at https://codereview.chromium.org/2597543002 .
>
>
> BUG=v8:4477, v8:4476
> TEST=test262/{built-ins,intl402}/Strings/*, webkit/fast/js/*,
> mjsunit/string-case, intl/general/case*
>
> Cr-Original-Commit-Position: refs/heads/master@{#41834}
> Committed: 7c79e23c34
> Review-Url: https://codereview.chromium.org/2588963002
> Cr-Commit-Position: refs/heads/master@{#41883}
> Committed: a42c8c67deTBR=littledan@chromium.org,yangguo@chromium.org,jshin@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4477, v8:4476, chromium:676643
Review-Url: https://codereview.chromium.org/2601553002
Cr-Commit-Position: refs/heads/master@{#41928}
In certain corner-cases we would grow a FAST_ELEMENTS packed backing store of a
JS_ARGUMENTS_TYPE object without converting to holey elements kinds. As a side
effect you could then read out the_hole.
BUG=v8:5772
Review-Url: https://codereview.chromium.org/2597013004
Cr-Commit-Position: refs/heads/master@{#41921}
Reason for revert:
Speculative revert because of blocked roll: https://codereview.chromium.org/2596013002/
Original issue's description:
> [TypeFeedbackVector] Root literal arrays in function literals slots
>
> Literal arrays and feedback vectors for a function can be garbage
> collected if we don't have a rooted closure for the function, which
> happens often. It's expensive to come back from this (recreating
> boilerplates and gathering feedback again), and the cost is
> disproportionate if the function was inlined into optimized code.
>
> To guard against losing these arrays when we need them, we'll now
> create literal arrays when creating the feedback vector for the outer
> closure, and root them strongly in that vector.
>
> BUG=v8:5456
>
> Review-Url: https://codereview.chromium.org/2504153002
> Cr-Commit-Position: refs/heads/master@{#41893}
> Committed: 93df094081TBR=bmeurer@chromium.org,mlippautz@chromium.org,mvstanton@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2597163002
Cr-Commit-Position: refs/heads/master@{#41917}
Odd numbered floating-point register shouldn't be used as compare register
on mips32r6 architecture. In case cpu switches to FRE mode, writes to odd
numbered single-precision fp register will update upper part of even
double-precision register, which will corrupt the even register.
BUG=
Review-Url: https://codereview.chromium.org/2591063003
Cr-Commit-Position: refs/heads/master@{#41916}
Reason for revert:
speculative revert: https://codereview.chromium.org/2596013002/
Original issue's description:
> [regexp] Remove IsRegExp intrinsic
>
> The two remaining uses of this intrinsic in debug.js and mirrors.js now
> simply rely on the runtime function.
>
> BUG=v8:5339
>
> Review-Url: https://codereview.chromium.org/2591923003
> Cr-Commit-Position: refs/heads/master@{#41892}
> Committed: c9cb94a06fTBR=bmeurer@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2592383002
Cr-Commit-Position: refs/heads/master@{#41915}
This patch also refactors most of PromiseThen into InternalPromiseThen to
be reused with PromiseCatch and also changes InternalResolvePromise to
return and not branch.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2596553002
Cr-Commit-Position: refs/heads/master@{#41902}
Change bytecode-expectations-printer.cc in the cctest application so
that intrinsic function names are printed rather than their native
context index.
This minimizes the amount of unnecessary changes to the bytecode
expectations that need to happen whenever the context fields are
changed.
BUG=v8:5769
R=neis@chromium.org, rmcilroy@chromium.org, adamk@chromium.org
Review-Url: https://codereview.chromium.org/2593823002
Cr-Commit-Position: refs/heads/master@{#41900}
On ARM Neon at least, denormals flush to zero, which may not match
regular FP behavior.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2598583002
Cr-Commit-Position: refs/heads/master@{#41895}
Literal arrays and feedback vectors for a function can be garbage
collected if we don't have a rooted closure for the function, which
happens often. It's expensive to come back from this (recreating
boilerplates and gathering feedback again), and the cost is
disproportionate if the function was inlined into optimized code.
To guard against losing these arrays when we need them, we'll now
create literal arrays when creating the feedback vector for the outer
closure, and root them strongly in that vector.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2504153002
Cr-Commit-Position: refs/heads/master@{#41893}
The two remaining uses of this intrinsic in debug.js and mirrors.js now
simply rely on the runtime function.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2591923003
Cr-Commit-Position: refs/heads/master@{#41892}
This is more renaming work to comply with the naming in the public
design repository. E.g. types are called "value types" and we no longer
refer to ASTs.
R=clemensh@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2594993002
Cr-Commit-Position: refs/heads/master@{#41891}
Update string-capitalize expected result because now it
passes all the tests in the file.
Mark fast/js/string-capitalization as failing with no_i18n.
Relanding after revert because the failure was taken care of
by Adam's CL at https://codereview.chromium.org/2597543002 .
BUG=v8:4477, v8:4476
TEST=test262/{built-ins,intl402}/Strings/*, webkit/fast/js/*,
mjsunit/string-case, intl/general/case*
Cr-Original-Commit-Position: refs/heads/master@{#41834}
Committed: 7c79e23c34
Review-Url: https://codereview.chromium.org/2588963002
Cr-Commit-Position: refs/heads/master@{#41883}
The test depends on tricky stack space requirements, so it stopped
working in some configurations win FLAG_min_preparse_length was removed
in commit 4a5b7e32c4.
As a workaround, pass --no-lazy until the test can be refined to work
on all configurations.
BUG=v8:5729
TBR=marja@chromium.org
Review-Url: https://codereview.chromium.org/2596673002
Cr-Commit-Position: refs/heads/master@{#41878}
This test requires its objects to live in new space, so running it
through gc stress runs just makes it susceptible to flakiness, as
was recently seen when turning on the --harmony-string-padding
flag (which just adds an extra JS file to the bootstrapper sequence).
TBR=ishell@chromium.org, jkummerow@chromium.org
Review-Url: https://codereview.chromium.org/2597543002 .
Cr-Commit-Position: refs/heads/master@{#41876}
eval() may introduce a scope which needs to be represented as a context at
runtime, e.g.,
eval('var x; let y; ()=>y')
introduces a variable y which needs to have a context allocated for it. However,
when traversing upwards to find the declaration context for a variable which leaks,
as the declaration of x does above, this context has to be understood to not be
a declaration context in sloppy mode.
This patch makes that distinction by introducing a different map for eval-introduced
contexts. A dynamic search for the appropriate context will continue past an eval
context to find the appropriate context. Marking contexts as eval contexts rather
than function contexts required updates in each compiler backend.
BUG=v8:5295, chromium:648719
Review-Url: https://codereview.chromium.org/2435023002
Cr-Commit-Position: refs/heads/master@{#41869}
The Intl implementation included manual checks to see if they were
being called as a constructor. However, these checks are redundant,
as %FunctionRemovePrototype has already marked the functions as
un-constructable. This path removes the unnecessary checks.
R=yangguo
Review-Url: https://codereview.chromium.org/2587713002
Cr-Commit-Position: refs/heads/master@{#41867}
The new object will hold information which is shared by all clones of a
WasmCompiledModule, e.g. the decoded asm.js offset table, and in the
future also breakpoints. From there, we can set them on each new
instantiation of any clone.
While already changing lots of the code base, I also renamed all
getters from "get_foo" to "foo", to conform to the style guide.
R=titzer@chromium.org, yangguo@chromium.org
BUG=v8:5732
Review-Url: https://codereview.chromium.org/2591653002
Cr-Commit-Position: refs/heads/master@{#41862}
These benchmarks are intended to compare the overhead of async-await vs.
a naive promise implementation vs. the babel async-await transformation.
The functions in the benchmark don't do any work themselves, so results
should reflect only overhead of the chosen implementation.
Current numbers on my local machine (higher is better):
BaselineES2017-AsyncAwait(Score): 2006
BaselineNaivePromises-AsyncAwait(Score): 7470
Native-AsyncAwait(Score): 3640
BUG=v8:5639
Review-Url: https://codereview.chromium.org/2577393002
Cr-Commit-Position: refs/heads/master@{#41860}
Currently, to find out a Promise's status and result, one has to use the
debug context. This is for example done in Node.js. This new API is a
better replacement, also in the context of the debug context being
deprecated eventually.
R=franzih@chromium.org, gsathya@chromium.org, jochen@chromium.org
BUG=v8:5764
Review-Url: https://codereview.chromium.org/2589113002
Cr-Commit-Position: refs/heads/master@{#41855}
We have the BytecodeIterator with next() and has_next() methods, and
pc_offset() and current() accessors.
This CL adds an interface to iterate over the opcodes or offsets in a
C++ foreach loop.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2587143002
Cr-Commit-Position: refs/heads/master@{#41851}
Previously, the Intl.DateTimeFormat constructor and other related paths had
a bug where the options bag passed in would be modified in place. This patch
makes V8's Intl implementation follow the specification's logic to avoid
such a modification.
BUG=v8:4219
Review-Url: https://codereview.chromium.org/2587703002
Cr-Commit-Position: refs/heads/master@{#41826}
Use FastAsciiConvert (as used by Unibrow) for i18n-aware
case conversion with --icu_case_mapping.
Move FastAsciiConvert to src/string-case.cc so that it can be used
by both runtime-{string,i18n}.
Add more tests.
BUG=v8:4477,v8:4476
TEST=intl/general/case*
Review-Url: https://codereview.chromium.org/2533983006
Cr-Commit-Position: refs/heads/master@{#41821}
This CL implements GetPossibleBreakpoints for wasm, by iterating over
all functions in the requested range and returning the location of all
instructions within that range.
The connection to the inspector will be added later, when setting
breakpoint also works for wasm: http://crrev.com/2536763002
BUG=chromium:613110
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2588763002
Cr-Commit-Position: refs/heads/master@{#41818}
Encode the PropertyAttribute and whether the function
names must be set as a flag instead of setting two registers.
BUG=v8:5624
Review-Url: https://codereview.chromium.org/2586463002
Cr-Commit-Position: refs/heads/master@{#41812}
When executing wasm code for testing, we did not create a
WasmInstanceObject and link it to the generated code. This required
some special handling at runtime (mainly for stack trace generation).
This CL always provides the WasmInstanceObject, such that e.g. function
names can be resolved the usual way.
The module bytes referenced by the WasmCompiledModule linked with the
WasmInstanceObject do not hold a valid wasm module yet. Instead, we
just add the bytes we need, and make the objects in WasmModule point to
those bytes (currently only used for function names). Those bytes will
not be parsed at runtime anyway.
R=titzer@chromium.orgCC=jgruber@chromium.org
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2551053002
Cr-Commit-Position: refs/heads/master@{#41809}
STRUCT_LIST and INSTANCE_TYPE_LIST are now forced to have the same order
as the InstanceType enum.
Drive-by-fix 1: Move type check and cast functions closer together in objects-inl.h
Drive-by-fix 2: Remove unused instance types SIGNATURE_INFO_TYPE and TYPE_SWITCH_INFO_TYPE.
BUG=
Review-Url: https://codereview.chromium.org/2578573002
Cr-Commit-Position: refs/heads/master@{#41804}
The scenario here: the asm function fails asm validation,
so we emit a message. In doing so, we create a JSValue wrapper for
the script object that we cache on the script object. This wrapper
is context-dependent and causes the code serializer to choke.
R=mtrofin@chromium.org, titzer@chromium.org
BUG=chromium:674446,chromium:673321
Review-Url: https://codereview.chromium.org/2586943003
Cr-Commit-Position: refs/heads/master@{#41794}
The inspector cannot deal with breaking inside of debug-evaluate.
There is therefore no point in supporting that in the debugger.
The optional additional context parameter for debug-evaluate also
can be removed since it's not being used.
R=jgruber@chromium.org
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2580323002
Cr-Commit-Position: refs/heads/master@{#41791}
This is so that a NotSuperConstructor error is thrown before evaluating the
arguments to the super constructor. Besides updating the runtime function, a
new bytecode GetSuperConstructor is introduced.
BUG=v8:5336
Review-Url: https://codereview.chromium.org/2504553003
Cr-Commit-Position: refs/heads/master@{#41788}
There are subtle test expectations/nuances that are easy to break.
BUG=
Review-Url: https://codereview.chromium.org/2585583006
Cr-Commit-Position: refs/heads/master@{#41778}
Reason for revert:
This change rendered InstructionSequenceTest::SetNumRegs ineffectual, thus
loosening the tests that were using that API to ensure correct register
allocation under intentionally constrained setups.
For the problem stated in this CL, a solution needs to continue supporting the
intentionally set-up test configuration.
Original issue's description:
> MIPS: Fix bad RegisterConfiguration usage in InstructionSequence unit tests.
>
> Test InstructionSequenceTest has been initialized with a testing RegisterConfiguration
> instance defined in instruction-sequence-unittest.h, whereas class ExplicitOperand which
> is being tested used RegisterConfiguration from instruction.cc. In case these two
> instances are different, the tests would fail. The issue is fixed by using the same
> instance of RegisterConfiguration both for test code and code under test.
>
> Additionally, the tests in register-allocator-unittest.cc use hardcoded values
> for register and begin failing is the hardcoded register is not available for
> allocation. Fix by forcing the use of allocatable registers only.
>
> TEST=unittests.MoveOptimizerTest.RemovesRedundantExplicit,unittests.RegisterAllocatorTest.SpillPhi
> BUG=
>
> Committed: https://crrev.com/0cf56232209d4c9c669b8426680de18806f6c29a
> Cr-Commit-Position: refs/heads/master@{#40862}
TBR=dcarney@chromium.org,bmeurer@chromium.org,mstarzinger@chromium.org,vogelheim@chromium.org,titzer@chromium.org,ivica.bogosavljevic@imgtec.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review-Url: https://codereview.chromium.org/2587593002
Cr-Commit-Position: refs/heads/master@{#41777}
This adds kInit, kResolve, kBefore and kAfter lifecycle hooks to promises.
This also exposes an API to set the PromiseHook.
BUG=v8:4643
Review-Url: https://codereview.chromium.org/2575313002
Cr-Commit-Position: refs/heads/master@{#41775}
Transform LdaNull/LdaUndefined followed by StrictEquality to TestNull/TestUndefined.
This would avoid a call to the compare IC. In the bytecode-graph builder these are
mapped to StrictEqual javascript operator. When reducing this operator, we already
optimize the cases for null/undefined.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2554723004
Cr-Commit-Position: refs/heads/master@{#41768}
Many websites use simple calls to String.prototype.indexOf with either a
one character ASCII needle or needles bigger than the search string. This
CL adds a TFJ builtin for these simple cases, giving up to factor 5 speedup.
Drive-by-fix: Add default Object type to Arguments.at
BUG=
Review-Url: https://codereview.chromium.org/2539093002
Cr-Commit-Position: refs/heads/master@{#41760}
If a context snapshot includes the global proxy constructor function, we
expect the incoming global proxy to have the correct instance size so
that we can reinitialize it with said constructor. However, when the
bootstrapper allocates a new global proxy, we need to know the expected
size.
We solve this by storing the size on the to-be-serialized isolate.
R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892
Review-Url: https://codereview.chromium.org/2585693002
Cr-Commit-Position: refs/heads/master@{#41756}
This introduces an explicit struct for the communication channel between
the {ArrayLiteral} AST node and the corresponding runtime methods. Those
methods take a pair of {ElementsKind} as well as an array (can either be
a FixedArray or a FixedDoubleArray) of constant values.
For bonus points it also reduces the size of the involved heap object by
one word (i.e. length field of FixedArray not needed anymore).
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2581683003
Cr-Commit-Position: refs/heads/master@{#41752}
When mark-shared-funtion-for-tier-up is enabled, a function could be marked for
optimization, then the baseline (FCG) code is flushed by the GC. The next time
the function is executed, we shouldn't optimize the code if there isn't
baseline code.
BUG=chromium:673242
Review-Url: https://codereview.chromium.org/2575333003
Cr-Commit-Position: refs/heads/master@{#41751}
The WasmRunner now always holds a TestingModule, and allows to add
several functions to it. The prepares a change to always run wasm code
with a full module behind it, removing the special handling for "no wasm
instance" at runtime (http://crrev.com/2551053002).
This CL here also templatizes the WasmRunner such that the Call method must
be called with the same signature specified for the WasmRunner. This
already catched several mismatches there.
R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2551043002
Cr-Original-Commit-Position: refs/heads/master@{#41728}
Committed: 2ff5906231
Review-Url: https://codereview.chromium.org/2551043002
Cr-Commit-Position: refs/heads/master@{#41747}
This behavior changed recently. SharedArrayBuffers should not be put in the
transfer list, because they are not detached, and that is the meaning of being
in the transfer list.
This is the V8 side of the change, the Blink side will come next.
Review-Url: https://codereview.chromium.org/2570433005
Cr-Commit-Position: refs/heads/master@{#41740}
Reason for revert:
Win64 dbg failures
Original issue's description:
> [wasm] Make WasmRunner the central test structure
>
> The WasmRunner now always holds a TestingModule, and allows to add
> several functions to it. The prepares a change to always run wasm code
> with a full module behind it, removing the special handling for "no wasm
> instance" at runtime (http://crrev.com/2551053002).
> This CL here also templatizes the WasmRunner such that the Call method must
> be called with the same signature specified for the WasmRunner. This
> already catched several mismatches there.
>
> R=titzer@chromium.org, ahaas@chromium.org
> BUG=v8:5620
>
> Review-Url: https://codereview.chromium.org/2551043002
> Cr-Commit-Position: refs/heads/master@{#41728}
> Committed: 2ff5906231TBR=ahaas@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2583543002
Cr-Commit-Position: refs/heads/master@{#41732}
Instead of unconditionally setting maybe_assigned for parameters, treat
parameters like other variables except that at the end we set maybe_assigned if
the function has a sloppy arguments object.
R=adamk@chromium.org, mstarzinger@chromium.org
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2578103002
Cr-Commit-Position: refs/heads/master@{#41731}
The WasmRunner now always holds a TestingModule, and allows to add
several functions to it. The prepares a change to always run wasm code
with a full module behind it, removing the special handling for "no wasm
instance" at runtime (http://crrev.com/2551053002).
This CL here also templatizes the WasmRunner such that the Call method must
be called with the same signature specified for the WasmRunner. This
already catched several mismatches there.
R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2551043002
Cr-Commit-Position: refs/heads/master@{#41728}
If an accessor property is non-configurable, one should not be able
to re-declare it as a function. This specifically applies to special properties like window.location.
BUG=chromium:670596
Review-Url: https://codereview.chromium.org/2582493002
Cr-Commit-Position: refs/heads/master@{#41725}
If the eval contains a let, we need to know whether an inner function
refers to the variable to be able to decide its context allocation
status.
The added test needs https://codereview.chromium.org/2435023002/ too
in order to pass.
BUG=v8:5736
Review-Url: https://codereview.chromium.org/2574753002
Cr-Commit-Position: refs/heads/master@{#41723}
Some instructions in WebAssembly trap for some inputs, which means that the
execution is terminated and (at least at the moment) a JavaScript exception is
thrown. Examples for traps are out-of-bounds memory accesses, or integer
divisions by zero.
Without the TrapIf and TrapUnless operators trap check in WebAssembly introduces 5
TurboFan nodes (branch, if_true, if_false, trap-reason constant, trap-position
constant), in addition to the trap condition itself. Additionally, each
WebAssembly function has four TurboFan nodes (merge, effect_phi, 2 phis) whose
number of inputs is linear to the number of trap checks in the function.
Especially for functions with high numbers of trap checks we observe a
significant slowdown in compilation time, down to 0.22 MiB/s in the sqlite
benchmark instead of the average of 3 MiB/s in other benchmarks. By introducing
a TrapIf common operator only a single node is necessary per trap check, in
addition to the trap condition. Also the nodes which are shared between trap
checks (merge, effect_phi, 2 phis) would disappear. First measurements suggest a
speedup of 30-50% on average.
This CL only implements TrapIf and TrapUnless on x64. The implementation is also
hidden behind the --wasm-trap-if flag.
Please take a special look at how the source position is transfered from the
instruction selector to the code generator, and at the context that is used for
the runtime call.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2562393002
Cr-Commit-Position: refs/heads/master@{#41720}
Adds assignment tracking to the bytecode analysis pass, and updates
bytecode graph builder to only create LoopExitValues for assigned
values.
Review-Url: https://codereview.chromium.org/2558093005
Cr-Commit-Position: refs/heads/master@{#41719}
MIPS[64]R6 supports only fusion multiply-accumulate instructions, and using
these causes failures of several tests that expect exact floating-point
results. Therefore we disable fusion multiply-accumulate in both emitted and
compiled code on R6.
TEST=cctest/test-run-machops/RunFloat64MulAndFloat64Add1,mjsunit/es6/math-expm1.js
mjsunit/es6/math-fround.js,mjsunit/compiler/multiply-add.js
BUG=
Review-Url: https://codereview.chromium.org/2569683002
Cr-Commit-Position: refs/heads/master@{#41717}
Allocate the registers used as arguments to a call on-demand after visiting the
argument (or reciever). This means that the visited expression can use registers
that would otherwise have been allocated for arguments which haven't been
visited yet.
The reason for doing this is to avoid keeping things live in registers
unecessarily for chained function calls, which avoids a memory leak for
functions which chain a large number of calls with large temporary arguments /
recievers.
BUG=chromium:672027
Review-Url: https://codereview.chromium.org/2557173004
Cr-Commit-Position: refs/heads/master@{#41714}
This fixes a corner case where the {FastCloneShallowArrayStub} was used
for literals that are backed by a double backing store and would exceed
limits for new-space allocations on 32-bit architectures. The stub in
question does not support such literals, callers must use the runtime.
Note that this fix is for Ignition as well as FullCodeGenerator.
R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-672792
BUG=chromium:672792
Review-Url: https://codereview.chromium.org/2570843002
Cr-Commit-Position: refs/heads/master@{#41713}
Templatizes the AccumulatorUsage and OperandType for BytecodeNode creation and
BytecodeRegisterOptimizer::PrepareForBytecode. This allows the compiler to
statically know whether the bytecode being created accesses the accumulator
and what operand types need scaling, avoiding runtime checks in the code.
Also removes BytecodeNode::set_bytecode methods.
Review-Url: https://codereview.chromium.org/2542903003
Cr-Commit-Position: refs/heads/master@{#41706}
Determine if the scope of the function to be serialized includes asm-
wasm, and if so, bypass serialization, since we do not support it in
that scenario.
In this change, we do so regardless of whether the asm-wasm path was
successful. This is so we keep the design simple, since the guidance
to developers, moving forward, is to use wasm.
BUG=643595
Review-Url: https://codereview.chromium.org/2573193002
Cr-Commit-Position: refs/heads/master@{#41704}
Without this patch, the tests on lines 410, 414, 418 and 422 in
function testNonStaticName of test/mjsunit/es6/function-name.js
would all fail. The bug caused non-static "name" methods and
properties to be mistaken for static ones.
R=adamk@chromium.org, verwaest@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2567343004
Cr-Commit-Position: refs/heads/master@{#41692}
WASM exported functions have additional internal fields which change the instance
size. Adding a getter or setter to such an exported function results in its map
becoming normalized. The normalized map cache, however, finds a different map
with a different instance size, and thus BOOM.
R=verwaest@chromium.org,cbruni@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2554343002
Cr-Commit-Position: refs/heads/master@{#41691}
The least two bits of the owner field of a Page are used to determine
whether the Page is part of a large object. If these bits are not equal
to 0x11, the page is part of a large object and needs special handling
e.g. in MemoryChunk::FromAnyPointerAddress to determine which chunk it
belongs to.
This CL fixes an issue in which the store buffer overflows after
a large object space allocation but before the object has been fully
initialized. Store buffer overflow handling attempts to look up the
chunk of a page, but fails to do so correctly since the page's owner
field has not yet been initialized.
This CL ensures that the owner field of all pages belonging to a large
object allocation are initialized to a value that is interpreted
correctly.
BUG=chromium:672041
Committed: https://crrev.com/9b6808bfb5366beebe3af30a06f9851edb2039d4
Review-Url: https://codereview.chromium.org/2565713002
Cr-Original-Commit-Position: refs/heads/master@{#41641}
Cr-Commit-Position: refs/heads/master@{#41687}
Debug mirrors will no longer be supported in the near future.
It will now only be tested by being used by the v8-inspector.
R=jgruber@chromium.org
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2566103002
Cr-Commit-Position: refs/heads/master@{#41686}
Reason for revert:
LiveEdit is broken in some cases.
Original issue's description:
> Store SharedFunctionInfos of a Script in a FixedArray indexed by their ID
>
> Now that SharedFunctionInfos have a unique ID (and the IDs are dense),
> we can use them as an index into an array, instead of using a
> WeakFixedArray where we have to do a linear scan.
>
> Hooking up liveedit is a bit more involved, see
> https://docs.google.com/presentation/d/1FtNa3U7WsF5bPhY9uGoJG5Y9hnz5VBDabfOWpb4unWI/edit
> for an overview
>
> BUG=v8:5589
> R=verwaest@chromium.org,jgruber@chromium.org
>
> Committed: https://crrev.com/6595e7405769dc9d49e9568d61485efc6d468baf
> Cr-Commit-Position: refs/heads/master@{#41600}
TBR=jgruber@chromium.org,verwaest@chromium.org,yangguo@chromium.org,jochen@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5589,chromium:673950
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2578433002
Cr-Commit-Position: refs/heads/master@{#41684}
The fast-path for dynamic local variables was previously checking the
lookup variable rather than the shadowed variable when deciding whether
to add a hole check.
BUG=669540
Review-Url: https://codereview.chromium.org/2551023004
Cr-Commit-Position: refs/heads/master@{#41677}
The assignment in default parameters (e.g., function foo(a = somedefault) { }
doesn't flow through PreParserFactory::NewAssignment even if the comment claims so.
Thus, piping through the variables is not needed.
Kudos to neis@ for pointing this out.
BUG=v8:5501
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2569983003
Cr-Commit-Position: refs/heads/master@{#41670}
Reason for revert:
Still flakes on ARM.
Original issue's description:
> [deoptimizer] Enable test that should no longer fail.
>
> R=jarin@chromium.org
> TEST=cctest/test-cpu-profiler/CollectDeoptEvents
>
> Committed: https://crrev.com/3f9c2c590d687562d6adb531d1159738c07013f4
> Cr-Commit-Position: refs/heads/master@{#41664}
TBR=jarin@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2568403003
Cr-Commit-Position: refs/heads/master@{#41667}
Generalize Messages to include an error level.
Add a parameter to AddMessageHandler to select which error levels to receive, using a mask (default being just errors, i.e. the current behavior).
BUG=v8:4203
R=dgozman@chromium.org,machenbach@chromium.org,danno@chromium.org,bmeurer@chromium.org,jochen@chromium.org
Review-Url: https://codereview.chromium.org/2526703002
Cr-Commit-Position: refs/heads/master@{#41648}
Reason for revert:
Tree closer: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/12409
Original issue's description:
> [heap] Initialize the owner on each page after lospace allocation
>
> The least two bits of the owner field of a Page are used to determine
> whether the Page is part of a large object. If these bits are not equal
> to 0x11, the page is part of a large object and needs special handling
> e.g. in MemoryChunk::FromAnyPointerAddress to determine which chunk it
> belongs to.
>
> This CL fixes an issue in which the store buffer overflows after
> a large object space allocation but before the object has been fully
> initialized. Store buffer overflow handling attempts to look up the
> chunk of a page, but fails to do so correctly since the page's owner
> field has not yet been initialized.
>
> This CL ensures that the owner field of all pages belonging to a large
> object allocation are initialized to a value that is interpreted
> correctly.
>
> BUG=chromium:672041
>
> Committed: https://crrev.com/9b6808bfb5366beebe3af30a06f9851edb2039d4
> Cr-Commit-Position: refs/heads/master@{#41641}
TBR=mlippautz@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:672041
Review-Url: https://codereview.chromium.org/2562273004
Cr-Commit-Position: refs/heads/master@{#41644}
This CL moves all methods related to scripts and eval origin (HasScript,
GetScript, IsEval, GetEvalOrigin) from JSStackFrame to StackFrameBase,
because it also applies to WasmFrames.
This makes the AppendFileLocation method append the same information to
WasmStackFrames and AsmJsWasmStackFrames than to JSStackFrames.
R=titzer@chromium.org, mstarzinger@chromium.org
BUG=v8:4203
Review-Url: https://codereview.chromium.org/2557923005
Cr-Commit-Position: refs/heads/master@{#41642}
The least two bits of the owner field of a Page are used to determine
whether the Page is part of a large object. If these bits are not equal
to 0x11, the page is part of a large object and needs special handling
e.g. in MemoryChunk::FromAnyPointerAddress to determine which chunk it
belongs to.
This CL fixes an issue in which the store buffer overflows after
a large object space allocation but before the object has been fully
initialized. Store buffer overflow handling attempts to look up the
chunk of a page, but fails to do so correctly since the page's owner
field has not yet been initialized.
This CL ensures that the owner field of all pages belonging to a large
object allocation are initialized to a value that is interpreted
correctly.
BUG=chromium:672041
Review-Url: https://codereview.chromium.org/2565713002
Cr-Commit-Position: refs/heads/master@{#41641}
The current logic in Isolate::GetLocationFromStackTrace just ignores
wasm frames, making the computed location point to the first javascript
frame, like this:
test.js:17: RuntimeError: divide by zero
module.exports.main();
^
RuntimeError: divide by zero
at main (<WASM>[1]+5)
at test.js:17:16
This CL not only fixes the location to point to the top-most wasm
frame, but also exposes to the embedder that the script of that location
is a wasm script, allowing for custom printing of wasm locations.
The Shell::ReportException method now checks for this flag, and prints
wasm locations like this:
<WASM>[0]+5: RuntimeError: divide by zero
RuntimeError: divide by zero
at main (<WASM>[0]+5)
at test/message/wasm-trap.js:15:16
R=titzer@chromium.org, yangguo@chromium.org
BUG=chromium:613110
Review-Url: https://codereview.chromium.org/2563673002
Cr-Commit-Position: refs/heads/master@{#41640}
The evaluation order of this argument was accidentally changed when the
special-case was added for super calls with a final spread argument.
Review-Url: https://codereview.chromium.org/2563423002
Cr-Commit-Position: refs/heads/master@{#41633}
--asan test config passes --omit-quit which breaks this test on
failure.
Review-Url: https://codereview.chromium.org/2546093002
Cr-Commit-Position: refs/heads/master@{#41627}
This fixes the corner-case where the method in question failed to lookup
the very last deoptimization bailout without subsequent entries within
the relocation info. Also enable a test covering this.
R=tebbi@chromium.org
TEST=cctest/test-cpu-profiler/CollectDeoptEvents
Review-Url: https://codereview.chromium.org/2565733002
Cr-Commit-Position: refs/heads/master@{#41623}
Because the parser optimizes !123 -> false,
we allow booleans in expressions (but not parameter annotations).
Allow this in asm-wasm-builder.
Turn on an early out case in asm-typer that is fine.
BUG=672784
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2561193003
Cr-Commit-Position: refs/heads/master@{#41622}
By now the predicate in question is an exact negation of %IsAsmWasmCode
as the name intuitively implies. The need for two separate test methods
no longer exists and one of the two can be removed.
R=bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2562003002
Cr-Commit-Position: refs/heads/master@{#41616}
By now the compiler pipeline will not produce optimized code for asm.js
functions unless validation failed (even when --always-opt is enabled).
The related workaround in the testing predicate can be removed.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2549463002
Cr-Commit-Position: refs/heads/master@{#41614}
In the asm.js code translated to wasm, we call imported functions via a
WASM_TO_JS stub, which first calls the function and then calls ToNumber
on the return value. Exceptions can happen in both calls.
We were only ever reporting the location of the function call, whereas
asm.js code executed via turbofan reported the location of the type
coercion operator ("+" on "+foo()" or "|" on "foo()|0").
This CL implements the same behaviour for asm.js code translated to
wasm. The following is changed:
- the AsmWasmBuilder records the parent node when descending on a binary
operator (also "+foo()" is represented by a binary operation).
- it stores not one location per call in the source position side
table, but two (one for the call, one for the parent which does the
type coercion).
- the wasm compiler annotates the source positions "0" and "1" to the
two calls in the WASM_TO_JS wrapper (only if the module origin is
asm.js).
- the StackFrame::State struct now also holds the callee_pc_address,
which is set in ComputeCallerState. The WASM frame uses this
information to determine whether the callee frame is WASM_TO_JS, and
whether that frame is at the ToNumber conversion call.
- the same information is also stored in the FrameArray which is used
to reconstruct the stack trace later.
R=titzer@chromium.org, bradnelson@chromium.orgCC=jgruber@chromium.org
BUG=v8:4203,v8:5724
Committed: https://crrev.com/94cd46b55e24fa2bb7b06b3da4d5ba7f029bc262
Review-Url: https://codereview.chromium.org/2555243002
Cr-Original-Commit-Position: refs/heads/master@{#41599}
Cr-Commit-Position: refs/heads/master@{#41613}