Do conditional jump based on the second instruction rather than
generate similar assembly code twice.
Bug:
Change-Id: I8c10f3415f213f88d8222a92671e7104c65befdc
Reviewed-on: https://chromium-review.googlesource.com/634631
Commit-Queue: Jing Bao <jing.bao@intel.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47844}
args.Call() sets a return value on args. Do not reuse the
same args object, otherwise the return value might be from the previous Call().
Bug: v8:6627
Change-Id: I05fb2d8036f94908a492d46cc5d746bc145e419e
Reviewed-on: https://chromium-review.googlesource.com/651407
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47843}
We weren't deleting them correctly - the intention was to delete
them when an instance is finalized; the code was deleting them
only for the last instance in a chain of instances.
Bug:
Change-Id: I177a64ac9f10a4993927d9654c032cb3f22eca51
Reviewed-on: https://chromium-review.googlesource.com/651238
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47841}
Port f0acede9bb
This CL removes the weak-list of JS functions from the context
and all the code that iterares over it. This list was being used
mainly during deoptimization (for code unlinking) and during
garbage collection. Removing it will improve performance of
programs that create many closures and trigger many scavenge GC
cycles.
No extra work is required during garbage collection. However,
given that we no longer unlink code from JS functions during
deoptimization, we leave it as it is, and on its next activation
we check whether the mark_for_deoptimization bit of that code is
set, and if it is, than we unlink it and jump to lazy compiled
code. This check happens in the prologue of every code object.
We needed to change/remove the cctests that used to check
something on this list.
R=bjaideep@ca.ibm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I8007a837d43b6a339789cfd727e81ad7f4ac3ae1
Reviewed-on: https://chromium-review.googlesource.com/651891
Reviewed-by: Jaideep Bajwa <bjaideep@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#47840}
This is a reland of 56772de7f9
Original change's description:
> [api] Add test for EnumeratorCallback and for...in.
>
> If a QueryCallback is present, it is used to
> filter the result from the EnumeratorCallback for
> enumerable properties. This tests assures that
> for...in loops work correctly with these interceptors.
>
> Bug: v8:6627
> Change-Id: I1e568beac1e138a330034492b87bd49c22e0c804
> Reviewed-on: https://chromium-review.googlesource.com/609982
> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47445}
TBR=adamk@chromium.org
Bug: v8:6627
Change-Id: I509016a879d175b01f7cc7918758354fe0df8ebf
Reviewed-on: https://chromium-review.googlesource.com/650906
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47838}
Only the error cases of overwriting readonly properties need the
language_mode to decide whether to throw or be silent. Reading it
from the feedback vector's metadata (just like the C++ code in
ic.cc does) removes the need to duplicate each stub for each
language_mode ("StoreIC" + "StoreICStrict" etc.).
Change-Id: Ic0c67f9d40ca36c65e41b4f162b2ab70d155e549
Reviewed-on: https://chromium-review.googlesource.com/647373
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47836}
AFAICT this doesn't currently change observable behavior, but should
be fixed nonetheless.
Change-Id: I1dce90ae5bcad39d7d54dddd2559bd7f7ccbb095
Reviewed-on: https://chromium-review.googlesource.com/648354
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47835}
The current usage pattern is always to allocate a {ModuleCompiler}, then
call {CompileToModuleObject}, then deallocate the {ModuleCompiler}.
Hence, the method can be made static and allocate the {ModuleCompiler}
internally.
This also gives back a reason for the existence of
{CompileToModuleObjectInternal}.
R=ahaas@chromium.org
Change-Id: Iac1ba28421ade6728046c0b9a6e9fc249a349491
Reviewed-on: https://chromium-review.googlesource.com/650386
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47834}
Also further tighten-up that calling DCHECK in BytecodeGraphBuilder,
and narrow the other caller to IsValidReferenceExpression.
Bug: v8:6092
Change-Id: I432a3d6f5991f2d1adf4f4f86e80d6ed8be5a0e8
Reviewed-on: https://chromium-review.googlesource.com/648196
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47833}
The V8 API provides interceptors. They are not part of the
EcmaScript specification. But their behavior should be consistent.
For example, when an EnumeratorInterceptor is defined, Object.keys(),
Object.entries(), and Object.values() should all have the
same number of entries.
This CL creates consistent behavior among these
functions. If a QueryCallback is present, it is used to
filter the result from the EnumeratorCallback for
enumerable properties.
Bug: v8:6627
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I4f4271ddeb99a5e85918148c5033923c149b9468
Reviewed-on: https://chromium-review.googlesource.com/649786
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47831}
Change-Id: I891ff57b7a3a47e3371269b123705cdf6391499b
Reviewed-on: https://chromium-review.googlesource.com/648513
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47830}
And add the helpfully suggested flag to the GDB re-run of mksnapshot.
NOTRY=true
Change-Id: I52011aa580c8d3e557f869b8306b9b978c73b946
Reviewed-on: https://chromium-review.googlesource.com/647693
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47829}
Add a flag which traces which interrupts are being handled by the
StackGuard's HandleInterrupts function.
Change-Id: I18fcf58b03cf6c255d7457d8a55b0a0dadb00931
Reviewed-on: https://chromium-review.googlesource.com/649530
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47828}
The renames capture what the item being unwrapped is - it's always
a js-to-wasm wrapper, which is more closely captured by "export" rather
than "import".
Bug:
Change-Id: Iffc3d8cb9037afc2d32885301fd13fc12b8277ce
Reviewed-on: https://chromium-review.googlesource.com/648005
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47827}
Always return to the InterpreterEntryTrampoline rather than calling the
InterpreterExitTrampoline from the Return bytecode handler. This fixes a
regression which occured if we upset the call/return stack by skipping the
return to the InterpreterEntryTrampoline from the return bytecode handler.
BUG=chromium:759390,chromium:753705
Change-Id: Ib625654a4a5072ac6c8d8e9611d1b9c0bbced4ca
Reviewed-on: https://chromium-review.googlesource.com/649517
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47826}
Using the Builtins::Name type doesn't give use any range safety benefits
over simply using int id's, and it complicates use sites by always
forcing a static_cast<Builtins::Name>(id).
Bug: v8:6624
Change-Id: Id5fcf6800c781c637145ab1d00d821f9ad473321
Reviewed-on: https://chromium-review.googlesource.com/650247
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47823}
The repo url changed recently in Chromium, which breaks the V8 DEPS roller.
This uses the same url like Chromium again.
TBR=yangguo@chromium.org
Change-Id: Iffb9daa8380d111e77ebcef1da58082e346c1e4a
Reviewed-on: https://chromium-review.googlesource.com/650348
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47821}
Now that FCG is gone, we don't need to have a code-size multiplier to
distinguish Ignition and FCG code sizes.
Bug: v8:6409
Change-Id: I05e5fa2483bfc17e91de22736b66ad27a5aab49b
Reviewed-on: https://chromium-review.googlesource.com/649149
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47819}
This adds support for lazy deserialization of JS-linkage (TFJ) builtins,
still gated behind the --lazy-deserialization flag. If enabled, we
proceed as follows:
During isolate initialization, only eager builtins are deserialized. All
references to lazy builtins are replaced by the DeserializeLazy builtin.
In particular, this happens in the builtin table (Builtins::builtins_)
and in SharedFunctionInfo objects.
When calling into a not-yet deserialized function (i.e. the JSFunction's
code object is the DeserializeLazy builtin), the DeserializeLazy builtin
takes over. It checks the builtin table to see if the target builtin
(determined by looking at the builtin id stored on the
SharedFunctionInfo) has already been deserialized. If so, it simply
copies the builtin code object to the JSFunction and SharedFunctionInfo.
Otherwise, we enter Runtime::kDeserializeLazy to deserialize the
builtin.
With --lazy-deserialization, isolate deserialization is 11% faster
(1.5ms vs. 1.7ms), and code_space->Size() is 33% lower (984K vs.
1475K).
Moving relocation infos & handler tables out of the partial snapshot
cache would additionally let us save up to 30K per isolate. Adding code
stubs to that list increases further potential savings to 262K.
Bug: v8:6624
Change-Id: I0ac7d05d165d2466998269bd431ac076a311cbeb
Reviewed-on: https://chromium-review.googlesource.com/649166
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47818}
This cl: https://chromium-review.googlesource.com/c/538614/ changes the
number of ticks required for tiering up based on the size of function. An
earlier cl: https://chromium-review.googlesource.com/c/529165/ also resets
ticks when type feedback changes. So, it is reasonable to assume that a
function which has necessary number of ticks has the required type feedback
for optimizing. Hence, removing the check for type feedback from the tierinup
decision.
Bug:
Change-Id: Ia350ad4dfba5f93f1a17bdc0c309bf6b41b0c1c9
Reviewed-on: https://chromium-review.googlesource.com/647851
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47816}
I could not find any usage of this struct and it is in the internal
namespace so I though it might be safe to remove it.
Bug:
Change-Id: I85d605712ab1ab3218eb03ed4d3b5fc0e541e21a
Reviewed-on: https://chromium-review.googlesource.com/641270
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47813}
For such a simple predicate, calling a(n inline) function that checks against
the values is faster (*) than maintaining the cache.
(*) When scanning a file that contains only comments, we're basically calling
IsLineTerminator in a loop. Parsing such files is now 7-18% faster in local
experiments.
BUG=v8:6092
Change-Id: I6a8f2aba9669a76152292f4e6c7853638d15aae3
Reviewed-on: https://chromium-review.googlesource.com/645633
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47810}
This CL removes the weak-list of JS functions from the context
and all the code that iterares over it. This list was being used
mainly during deoptimization (for code unlinking) and during
garbage collection. Removing it will improve performance of
programs that create many closures and trigger many scavenge GC
cycles.
No extra work is required during garbage collection. However,
given that we no longer unlink code from JS functions during
deoptimization, we leave it as it is, and on its next activation
we check whether the mark_for_deoptimization bit of that code is
set, and if it is, than we unlink it and jump to lazy compiled
code. This check happens in the prologue of every code object.
We needed to change/remove the cctests that used to check
something on this list.
Working in x64, ia32, arm64, arm, mips64 and mips.
Bug: v8:6637
Change-Id: Ica99a12fd0351ae985e9a287918bf28caf6d2e24
TBR: mstarzinger@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/647596
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47808}
Removed one function that was needed for code patching during
deoptimization, and one function needed for full code gen.
Bug: v8:6563
Change-Id: Iea0c8a3d374cf315ac4903f4e84a7a2f11563b70
Reviewed-on: https://chromium-review.googlesource.com/649747
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47807}
The perf tests results are used by tools/perf-to-html.py to generate
html pages. Since the results are used as divisors to compute
percentages, when the one of them happens to be zero, the script
crashes. This CL prevent the crash and uses the text "NaN" instead of
the percentage.
R=machenbach@chromium.org
CC=ahaas@chromium.org,clemensh@chromium.org
Bug: chromium:761816
Change-Id: I482a85150c8323a7a837e6d589feee88279831cd
Reviewed-on: https://chromium-review.googlesource.com/649626
Commit-Queue: Enrico Bacis <enricobacis@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47806}
Since ignition bakes the interrupt budget into the snapshot (the
bytecode handlers reset the current function's interrupt budget to a
constant value), we should remove the interrupt budget flag, which won't
actually change anything if used.
Change-Id: I9672b73fea7abb6c9b575d3963f107e2397f8e49
Reviewed-on: https://chromium-review.googlesource.com/649148
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47805}
Evalling multiple long strings makes compilation cache the bottleneck: See
https://bugs.chromium.org/p/v8/issues/detail?id=6779 for more information.
BUG=v8:6779
Change-Id: I0014b1aca1258a643cbeb441a82707b163f8166d
Reviewed-on: https://chromium-review.googlesource.com/649146
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47801}
This adds support for the backing store of mapped arguments objects to
escape analysis. It also unifies two simplified operators representing
allocations of these backing stores into a single {NewArgumentsElements}
operator and threads through the "mapped count" to the deoptimizer.
R=tebbi@chromium.org
Change-Id: I1864e29a5703348597b7b2e41deaf5fab73e2c93
Reviewed-on: https://chromium-review.googlesource.com/643208
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47800}
When setting a typed array from an array like object, the
length of the source can only be converted to a unit32 if
it is not too large.
Bug: v8:6704, chromium:761654
Change-Id: I8f89aa348093d8bd4d54aa16d6b5f255d3cb7adc
Reviewed-on: https://chromium-review.googlesource.com/648976
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47798}
In kArchSaveCallerRegisters, PushCallerSaved alone alters stack pointer
without informing `frame_access_state`. This commit compensate the
inconsistency by manually increasing the delta after pushing registers.
This affects systems (currently only ARM64) using stack pointer for
accessing variables stored on stack.
Bug: chromium:749486
Change-Id: Ic6da3826323d4fb1c545ade3d4d2cd4d1fed1843
Reviewed-on: https://chromium-review.googlesource.com/633606
Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47797}
This is a reland of 6daf3c77f1
Original change's description:
> [presubmit] Include test/common and test/fuzzer in cpplint
>
> These directories probably just did not exist when the cpplint paths
> were defined.
>
> R=machenbach@chromium.org
> CC=mstarzinger@chromium.org
>
> Change-Id: Ia6b641b3c106d86ceafb0c70b44ca241b4c80642
> Reviewed-on: https://chromium-review.googlesource.com/647807
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47786}
Change-Id: I15cd1b508cd3c6f5cd58cd5c5129174d8ced40d0
Reviewed-on: https://chromium-review.googlesource.com/649006
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47796}
