Add a protector cell for string bounds checks that is being used to
protect speculative bounds for String.prototype.charCodeAt and
String.prototype.charAt in TurboFan (and Crankshaft). This way we don't
have the diamond in optimized code, which stands in the way of other
optimizations for charCodeAt that are currently being worked on by
petermarshall@.
BUG=v8:6391
TBR=mlippautz@chromium.orgR=petermarshall@chromium.org
Review-Url: https://codereview.chromium.org/2905623003
Cr-Commit-Position: refs/heads/master@{#45514}
- Create getters for number of tasks for all parallel stages
- Count slots for the minor MC and limit tasks by the overall number of slots.
- Cleanup existing getters.
Bug: chromium:651354
Change-Id: I9f67cca4474cbe1800faff4a549fbec019b096ce
Reviewed-on: https://chromium-review.googlesource.com/512862
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45513}
This removes the need for certain context scopes to skip popping the
context register. For the {incoming_context} the flag was already
obsolete, because its destructor would only run once the basic block
ended with a return. For {local_function_context} the same holds now
by moving handling of implicit returns into the body visitor.
R=rmcilroy@chromium.org
Change-Id: Icceaab1b30d7223b2b2f87a092a6580be7d7d675
Reviewed-on: https://chromium-review.googlesource.com/513963
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45511}
This is safe since we already take the page lock.
Bug:
Change-Id: Id7797ef66c387be150064cda1213c1f2b75d31d3
Reviewed-on: https://chromium-review.googlesource.com/514003
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45510}
There are two break locations at the same source location by desugaring:
- call iterator.next,
- before variable assignment.
Additionally location for for..of loops is moved from before "of" to before each variable expression.
We should not report first implicit call to avoid user confusion. User still able to go into .next function with both scenarios:
- when this call is reached by stepOver or stepInto from previous line,
- when this call is reached because of breakpoint at current line.
BUG=v8:6425
R=dgozman@chromium.org,jgruber@chromium.org
Review-Url: https://codereview.chromium.org/2893313002
Cr-Commit-Position: refs/heads/master@{#45509}
Add a sequential string type to the compiler, and transform
charCodeAt on SeqString into SeqStringCharCodeAt.
SeqStringCharCodeAt can handle one and two byte strings.
Bug: v8:6391
Change-Id: I2785257522c28f3b268c9833f5313e9630cb982a
Reviewed-on: https://chromium-review.googlesource.com/509573
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45508}
This avoids emitting redundant {PopContext} bytecode instructions when
non-local control-flow leaves the method body. It also folds multiple
such {PopContext} instructions into one, in case several scoping levels
are crossed at one. Only the expected context of the target of a local
control-flow transfer matters.
R=rmcilroy@chromium.org
TEST=debugger/regress/regress-crbug-724858
BUG=chromium:724858
Change-Id: Id4a47ae9fea25e75ae1af13619720b16a3975edf
Reviewed-on: https://chromium-review.googlesource.com/512545
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45507}
There are only two users of hidden prototypes left and they both only have 1 level. This slightly simplifies the handcrafted code.
Bug: v8:5561
Change-Id: I674e72f1465ccbe75c0bb63f7eea3525830145cb
Reviewed-on: https://chromium-review.googlesource.com/512745
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45503}
We're now using explicit APIs.
Bug:
Change-Id: I4a4248e44543f6e7dfcbdc66456e610fb98ff5ee
Reviewed-on: https://chromium-review.googlesource.com/513406
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45500}
This doesn't fix the bug, just avoids it.
Bug: v8:6436
Change-Id: I06305a9baf892e4039f2aaf353fa7edf7b7e325d
Reviewed-on: https://chromium-review.googlesource.com/513242
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45499}
This patch also adds sharing of code target entries, which requires
sharing the RelocInfo for those entries as well. The disassembler
is also modified in order to print comments for the RelocInfo that
is now shared.
This improves the snapshot size for arm by about 4%.
BUG=
Review-Url: https://codereview.chromium.org/2869683004
Cr-Commit-Position: refs/heads/master@{#45497}
Asynchronous context tracking mechanisms in Node.js need to store some
state on all promise objects. This change will allow embedders to
configure the number of internal fields on promises as is already done
for ArrayBuffers.
BUG=v8:6435
Review-Url: https://codereview.chromium.org/2889863002
Cr-Commit-Position: refs/heads/master@{#45496}
Perf Sheriffs: This CL may change performance on various benchmarks.
BUG=chromium:716032
Review-Url: https://codereview.chromium.org/2895473003
Cr-Commit-Position: refs/heads/master@{#45495}
A number of improvements in mips64 load immediate macro is added per
suggestions from MIPS ART team. Also fix Subu and Dsubu macro, add a
test for Subu and Dsubu and make minor code adjustments.
BUG=
TEST=cctest/test-assembler-mips/li_macro
cctest/test-assembler-mips/Subu
cctest/test-assembler-mips/Dsubu
Review-Url: https://codereview.chromium.org/2892163002
Cr-Commit-Position: refs/heads/master@{#45493}
Before emitting the safepoint table, remove consecutive identical
entries (idential except for the pc of course). The lookup then
searches for the last entry whose pc is <= the wanted pc.
The lookup procedure can still be optimized to use binary search
laster.
This change decreases code size for wasm by 27.6% (on the unity
benchmark).
BUG=v8:6434
Change-Id: I03481721fe666cd2c50a383380c74b06edf39106
Reviewed-on: https://chromium-review.googlesource.com/512542
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45491}
Keep the live bytes counter in a local hashmap. Merge back the counts
upon task destruction.
Bug: chromium:651354
Change-Id: Idd30e8fde690739d769a34e4650d8c0179fb5a75
Reviewed-on: https://chromium-review.googlesource.com/512642
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45488}
Previously the inlining of accessors into try-blocks (i.e. try/catch,
try/finally, for-of, etc.) was disabled in JSNativeContextSpecialization,
which prevented a couple of interesting optimizations, i.e. we end up
with a LOAD_IC in optimized code for this simple example:
class A { get x() { return 1; } }
function foo(a) {
try {
return a.x;
} catch (e) {
return 0;
}
}
foo(new A)
This is now fixed and the accessors are properly rewired into the
handler chain.
BUG=v8:6278,v8:6344,v8:6424
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2902533003
Cr-Commit-Position: refs/heads/master@{#45485}
- Only mark a single bit (grey)
- Increment live bytes after visiting, avoiding the map lookup for size
in ObjectMarking
Raw speed improvements should be around 20%-30%.
Bug: chromium:651354
Change-Id: Ib58d1aee0b99d8e628a0191f90a2ffad9324b915
Reviewed-on: https://chromium-review.googlesource.com/509548
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45484}
Reason for revert:
Speculative revert for:
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds/8901
Original issue's description:
> [es2015] Precompute the descriptive string for symbols.
>
> Previously the String constructor and the Symbol.prototype.toString
> methods had to compute the descriptive string for a Symbol on the fly,
> which can produce a lot of garbage when this happens a lot, i.e. when
> the String representation of a Symbol is used often. Now instead of
> doing this on-demand we can just do it upfront when creating the Symbol.
>
> That way we also ensure that we won't throw an exception when accessing
> the descriptive string of a Symbol, due to potential String length
> overflow, but have the exception during Symbol creation upfront, which
> is a lot less surprising behavior.
>
> BUG=v8:6278,v8:6344,v8:6350
> TBR=mlippautz@chromium.org
> R=ishell@chromium.org
>
> Review-Url: https://codereview.chromium.org/2900703002
> Cr-Commit-Position: refs/heads/master@{#45479}
> Committed: e87573822eTBR=ishell@chromium.org,mlippautz@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6278,v8:6344,v8:6350
Review-Url: https://codereview.chromium.org/2903533002
Cr-Commit-Position: refs/heads/master@{#45483}
This makes sure that property lookups on the provided imports object are
non-observable to JavaScript. It allows instantiation failures to fall
back to JavaScript proper without accidentally calling accessors twice.
Also accessors might invalidate previous checks done during linking or
throw exceptions.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-719384
BUG=chromium:719384
Change-Id: I3db2672d2a496110f705d02b82878e70cd5d701f
Reviewed-on: https://chromium-review.googlesource.com/509552
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45481}
- Visitors are now part of the tasks.
- There's one visitor extra for the main thread.
Bug: chromium:651354
Change-Id: I6c1d109e9d2a2092c0f06fee5a158d101ac6bc2a
Reviewed-on: https://chromium-review.googlesource.com/512302
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45480}
Previously the String constructor and the Symbol.prototype.toString
methods had to compute the descriptive string for a Symbol on the fly,
which can produce a lot of garbage when this happens a lot, i.e. when
the String representation of a Symbol is used often. Now instead of
doing this on-demand we can just do it upfront when creating the Symbol.
That way we also ensure that we won't throw an exception when accessing
the descriptive string of a Symbol, due to potential String length
overflow, but have the exception during Symbol creation upfront, which
is a lot less surprising behavior.
BUG=v8:6278,v8:6344,v8:6350
TBR=mlippautz@chromium.orgR=ishell@chromium.org
Review-Url: https://codereview.chromium.org/2900703002
Cr-Commit-Position: refs/heads/master@{#45479}
Validation normally happens while generating the turbofan graph of a
wasm function. For lazy compilation (behind the flag
--wasm-lazy-compilation), we skip this graph generation step during
module generation. Thus we need to validate explicitely.
R=ahaas@chromium.org
BUG=chromium:724851
Change-Id: Ic70887c0d823460a272d0bb636dc98b2b7a7e55e
Reviewed-on: https://chromium-review.googlesource.com/509574
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45478}
Add a new "v8_perf_prof_unwinding_info" option to gn that translates to building
the snapshot with "--perf-prof-unwinding-info". It allows unwinding TF generated
code from the snapshot.
Additionally, add a warning if one uses the option along with a snapshot which
was not build with unwinding information.
Running tests in this configuration revealed an issue in the checks performed
when accessing the stub cache. We would assume that the `Code::Flags` bitfield
only contains the `Kind` and `ExtraICState` fields, when there is also a
`HasUnwindingInfo` field which can now be set for stubs.
BUG=
Review-Url: https://codereview.chromium.org/2887783002
Cr-Commit-Position: refs/heads/master@{#45477}
The validation of utf8 strings in WebAssembly modules used the character
kBadChar = 0xFFFD to indicate a validation error. However, this
character can appear in a valid utf8 string. This CL fixes this problem
by duplicating some of the code in {Utf8::CalculateValue} and inlining
it directly into Utf8::Validate. Note that Utf8::Validate is used only
for WebAssembly.
Tests for this change are in the WebAssembly spec tests, which I will
update in a separate CL.
R=vogelheim@chromium.org
Change-Id: I8697b9299f3e98a8eafdf193bff8bdff90efd7dc
Reviewed-on: https://chromium-review.googlesource.com/509534
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45476}
This is to avoid ClusterFuzz picking up and using those calls.
With the proper syntax (no whitespace), they are recognized as runtime
calls and will be checked against a whitelist.
R=mstarzinger@chromium.org
BUG=chromium:724459
Change-Id: I5533f066feeb66f622230b12f79f9d227e2b2465
Reviewed-on: https://chromium-review.googlesource.com/509575
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45475}
After this cl: https://chromium-review.googlesource.com/c/508668/
the decisions on inlining polymorphic functions are done per
function. This regresses Octane/raytrace. Tuning the inlining
heuristics to fix the regression.
Bug: chromium:724924
Change-Id: I027563de84723e4e39af4de49f85507468b96af3
Reviewed-on: https://chromium-review.googlesource.com/509554
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45474}
Bug: v8:6055
Change-Id: Ib14dcef7f30bab88fad92b1a7329163beea50503
Reviewed-on: https://chromium-review.googlesource.com/511682
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Loo Rong Jie <loorongjie@gmail.com>
Cr-Commit-Position: refs/heads/master@{#45473}
TryHandleSignal was originally limited by conditional compilation to only
platforms where the WebAssembly trap handler is supported. This caused build
problems, because not all the macros we needed were defined everywhere.
Instead, we make TryHandleSignal available on all POSIX platforms, but it
unconditionally returns false if the trap handler is not supported.
Bug:
Change-Id: Iab4baf39b1708989edecc4ecfb51b926d8f7fe8d
Reviewed-on: https://chromium-review.googlesource.com/508838
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45468}
Currently the UnreachableObjectsFilter does not work if incremental
marking is in progress since they both use the same markbits.
This patch changes the UnreachableObjectsFilter to use local markbits.
BUG=
Review-Url: https://codereview.chromium.org/2901553002
Cr-Commit-Position: refs/heads/master@{#45467}
If the maximum number of memory pages is raised using
--wasm-max-mem-pages, we might allocate more than kMaxInt bytes for
wasm memory. The byte length is stored as int in JSArrayBuffer, hence
this can lead to failures.
Thus, we now additially check against kMaxInt, and fail instantiation
if this check fails.
Drive-by: Add/fix more bounds checks.
R=ahaas@chromium.org
BUG=chromium:724846
Change-Id: Id8e1a1e13e15f4aa355ab9414b4b950510e5e88a
Reviewed-on: https://chromium-review.googlesource.com/509255
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45465}