This removes some compiler internals as well as some JavaScript specific
helper from the CodeAssembler, by either hiding or moving the support
into the CodeStubAssembler.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2246463002
Cr-Commit-Position: refs/heads/master@{#38617}
Decrease regular heap object size to 400k. In a follow up, we can now get rid of
the new space border page while keeping the 1M minimum new space size.
BUG=chromium:636331
This reverts commit 555c961990.
Review-Url: https://codereview.chromium.org/2232653003
Cr-Commit-Position: refs/heads/master@{#38608}
Previously, we would both instrument the code, and add/remove
BreakPointInfo objects through BreakLocation. This is bad design and
unsuitable for having two different code kinds.
We would now add/remove BreakPointInfo objects, and use that as source
of truth when instrumenting the code. If we have both bytecode and FCG
code, we would simply apply these break points twice to either.
Notable changes:
- Removed many functionality from BreakLocation.
- Instrumentation (patching code for breaks) happens by applying break
point info onto code.
- Instrumentation (code patching) is done by the BreakIterator. For
bytecode, it's BytecodeArrayBreakIterator. For FCG code, it's
CodeBreakIterator.
- Changes to code instrumentation mostly involves clearing current
instrumentation and then (re-)applying break points.
- DebugInfo can now reference both bytecode and FCG code.
R=jgruber@chromium.org, mstarzinger@chromium.org
BUG=v8:5265
Review-Url: https://codereview.chromium.org/2238893002
Cr-Commit-Position: refs/heads/master@{#38596}
This optimization required access to the heap which we can't do off-thread.
There doesn't seem to be a regression without this optmization in anycase,
so just rip it out.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2238853002
Cr-Commit-Position: refs/heads/master@{#38585}
With this CL all kinds of Callable can imported into wasm. Please take a special look at the context that is used now in the WasmToJSWrapper.
BUG=633895
TEST=mjsunit/wasm/ffi.js
Review-Url: https://codereview.chromium.org/2208703002
Cr-Commit-Position: refs/heads/master@{#38569}
1. The third parameter of strncpy should be the length of source string.
2. Value contains " should be valid.
BUG=v8:4561
Review-Url: https://codereview.chromium.org/2232683002
Cr-Commit-Position: refs/heads/master@{#38563}
This changes Scope::function_ (for holding the name binding
for named function expression) from a VariableDeclaration
to a Variable. No work is done when visiting this declaration,
since it's kCreatedInitialized, so we can treat it like
other function-specific variables.
This simplifies a wide variety of code, and centralizes
the logic for constructing the variable inside scopes.cc.
This may one day make it easier to eliminate the CONST_LEGACY
VariableMode.
R=neis@chromium.org, verwaest@chromium.org
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2232633002
Cr-Commit-Position: refs/heads/master@{#38558}
In addition, make use of Variable::binding_needs_init() in addition to
VariableMode when deciding whether to do hole checking in variable assignment.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2227203002
Cr-Commit-Position: refs/heads/master@{#38555}
This patch is based on alph's CL https://codereview.chromium.org/2128613004/.
This patch makes GetStackSample propogate the register state when using
simulator helper, and adds argument to avoid using register state from simulator
when pass the native register state.
BUG=v8:4789
LOG=N
Review-Url: https://codereview.chromium.org/2189513002
Cr-Commit-Position: refs/heads/master@{#38554}
This is to prevent a collision with Expectations class defined in test-field-type-tracking.cc, which happens in Clang under certain conditions (official build + Precise + unknown).
While the original intent was to just workaround the Clang bug, putting types into anonymous namespace seems reasonable anyway (thank you to Benedikt Meurer for the suggestion!)
BUG=630335
Review-Url: https://codereview.chromium.org/2227073002
Cr-Commit-Position: refs/heads/master@{#38552}
Introduces code stubs to collect type feedback for the Add, Mul, Div and Mod operations in the interpreter, and modifies the BytecodeGraphBuilder to make use of it.
BUG=v8:5273
LOG=N
Review-Url: https://codereview.chromium.org/2224343002
Cr-Commit-Position: refs/heads/master@{#38543}
Reason for revert:
Failures on waterfall:
e.g. http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/11134
Original issue's description:
> [heap] Switch to 500k pages
>
> - Decrease regular heap object size to 300k, keeping the same ration (60%)
> between this limit and page size.
>
> In a follow up, we can now get rid of the new space border page while
> keeping the 1M minimum new space size.
>
> Some results (v8.infinite_scroll; 3 runs):
> - evacuate.avg: +15.3% (1.4->1.2)
> - evacuate.max: +24.4% (2.4->1.8)
>
> BUG=chromium:581412
> LOG=N
> R=hpayer@chromium.org, ulan@chromium.org, yangguo@chromium.org
>
> Committed: https://crrev.com/ffe5c670e1559d11e7b252e15fec38765e7dbe4f
> Cr-Commit-Position: refs/heads/master@{#38533}
TBR=hpayer@chromium.org,ulan@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:581412
Review-Url: https://codereview.chromium.org/2229403003
Cr-Commit-Position: refs/heads/master@{#38537}
LoadInternalField performs some redundant checks in the context of
fast accessors.
This improves the speedup from 20% to 60% for next/previousSibling in
the Dromaeo DOM traversal benchmarks.
BUG=chromium:508898
Review-Url: https://codereview.chromium.org/2186593002
Cr-Commit-Position: refs/heads/master@{#38535}
- Decrease regular heap object size to 300k, keeping the same ration (60%)
between this limit and page size.
In a follow up, we can now get rid of the new space border page while
keeping the 1M minimum new space size.
Some results (v8.infinite_scroll; 3 runs):
- evacuate.avg: +15.3% (1.4->1.2)
- evacuate.max: +24.4% (2.4->1.8)
BUG=chromium:581412
LOG=N
R=hpayer@chromium.org, ulan@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2013713003
Cr-Commit-Position: refs/heads/master@{#38533}
Updates a number of AST operations to avoid dereferencing handles
such that they can safely be called off-thread. Also adds a
HandleDereferenceMode argument to some operations where handles are
compared. If handle dereferencing is allowed, the handles are compared
directly, if not then their locations are compared (which relies on the
handles being created in a CanonicalHandleScope).
BUG=v8:5203
TBR=adamk@chromium.org
Review-Url: https://codereview.chromium.org/2223523002
Cr-Commit-Position: refs/heads/master@{#38526}
Implement Bovc and Bnvc instruction macros in macro assembler.
The change 6f920d7d59 revealed an issue with AddBranchOvf for mips R6.
All branching instructions other than BOVC and BNVC are handled by Branch macro, which assures
correct handling of long and short branches. As a consequence, AddBranchOvf for R6 was working correctly
only before trampoline was emitted, but the case of long branch was not handled at all. Implemented
instruction macros enable proper handling of BOVC and BNVC in cases when long branching is needed.
TEST=test/intl/general/case-mapping.js
BUG=
Review-Url: https://codereview.chromium.org/2225323002
Cr-Commit-Position: refs/heads/master@{#38513}
Avoids the always generated Star bytecodes after ObjectLiteral.
BUG=v4:4820
LOG=n
Review-Url: https://codereview.chromium.org/2216023003
Cr-Commit-Position: refs/heads/master@{#38480}
Previously, we would output \x5c to escape a backslash, but this is
invalid JSON and it would crash Turbolizer. Use \u005c instead.
BUG=
Review-Url: https://codereview.chromium.org/2224913002
Cr-Commit-Position: refs/heads/master@{#38479}
These were the final remnants of error code written in JavaScript.
BUG=
Review-Url: https://codereview.chromium.org/2222893002
Cr-Commit-Position: refs/heads/master@{#38475}
Introduces a new VariableLocation MODULE for variables that live in a
module's export table. Scope analysis sets this for the approriate variables.
Not yet supported by any backend.
Also, treats all imports as CONST bindings (including namespace imports), rather
than having new special variable modes.
BUG=
Review-Url: https://codereview.chromium.org/2199283002
Cr-Commit-Position: refs/heads/master@{#38426}
Up until now "-0.0 - x" was lowered in the instruction selector. I moved
the lowering now to the MachineOperatorReducer.
I did not remove the lowering from the instruction selector yet, I would
prefer to do that in a separate CL.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2226663002
Cr-Commit-Position: refs/heads/master@{#38417}
Assign feedback slots in the type feedback vector for binary operations.
Update bytecode-generator to use these slots and add them as an operand
to binary operations.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2209633002
Cr-Commit-Position: refs/heads/master@{#38408}
This patch folds --optimize-for-size flag and check for low-memory device
into Heap::ShouldOptimizeForMemoryUsage() predicate.
It has the following side effects:
- the heap growing factor for low-memory devices is capped at 1.3 (old value was 2.0).
- the memory reducer will be more aggressive for low-memory devices.
BUG=chromium:634900
Review-Url: https://codereview.chromium.org/2218703004
Cr-Commit-Position: refs/heads/master@{#38406}
Drive-by-fix: improve threading test log output by also showing the names of the
tests when they start and end.
Review-Url: https://codereview.chromium.org/2218033002
Cr-Commit-Position: refs/heads/master@{#38402}
This also gets rid of the pending_error_handler field on DeclarationScope which wasn't actually used.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2218083002
Cr-Commit-Position: refs/heads/master@{#38400}
The old code was using VariableMode, but that signal is both
over-pessimistic (some CONST and LET variables need no hole-initialization)
and inconsistent with other uses of the InitializationFlag enum (such
as %LoadLookupSlot).
This changes no observable behavior, but removes unnecessary hole
initialization and hole checks in a few places, including
block-scoped function declarations, super property lookups,
and new.target.
R=bmeurer@chromium.org, neis@chromium.org
Review-Url: https://codereview.chromium.org/2201193004
Cr-Commit-Position: refs/heads/master@{#38395}
ForInPrepare checked whether the receiver object was null, undefined or
converted to a JSObject. This is already done by the generated bytecode.
BUG=v8:4820
LOG=n
Review-Url: https://codereview.chromium.org/2208043002
Cr-Commit-Position: refs/heads/master@{#38394}
Reason for revert:
[Sheriff] Fails on nosnap debug:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/8403
Original issue's description:
> [Interpreter] Collect type feedback for 'new' in the bytecode handler
>
> Collect type feedback in the bytecode handler for 'new' bytecode. The
> earlier cl (https://codereview.chromium.org/2153433002/) was reverted
> because that implementation did not collect allocation site feedback.
> This regressed delta blue by an order of magnitude. This implementation
> includes collection of allocation site feedback.
>
> BUG=v8:4280, v8:4780
> LOG=N
>
> Committed: https://crrev.com/9d5e6129c4c7f9cbfe81a5fad2a470f219fe137c
> Cr-Commit-Position: refs/heads/master@{#38364}
TBR=bmeurer@chromium.org,rmcilroy@chromium.org,balazs.kilvady@imgtec.com,mythria@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4780
Review-Url: https://codereview.chromium.org/2212343002
Cr-Commit-Position: refs/heads/master@{#38368}
This reduces peak zone memory usage by ~10% on codeload and ~5% on mandreel.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2209573002
Cr-Commit-Position: refs/heads/master@{#38367}
Changes ConstantPoolArrayBuilder to do object lookups using the location
of the handles, rather than dereferencing the handles and comparing the
objects. This also updates CanonicalHandleScope when internalizing AST
nodes to ensure that duplicate objects share the same handles and so are
only added to the constant pool once.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2204243003
Cr-Commit-Position: refs/heads/master@{#38366}
Collect type feedback in the bytecode handler for 'new' bytecode. The
earlier cl (https://codereview.chromium.org/2153433002/) was reverted
because that implementation did not collect allocation site feedback.
This regressed delta blue by an order of magnitude. This implementation
includes collection of allocation site feedback.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2190293003
Cr-Commit-Position: refs/heads/master@{#38364}
This adds the possibility to address test cases in the
status file with the variant under which the test is running.
This is only allowed in top-level sections.
Example:
[{
'test-case': [PASS, SLOW],
}]
['variant == foo', {
'test-case': [FAIL],
}]
The test case "test-case" is marked as slow in all variants.
Additionally, in variant foo, it'll be expected to fail.
This CL also exemplifies the new feature with test cases
running under the ignition_turbofan variant. The
corresponding legacy flag is deprecated.
BUG=v8:5238
Review-Url: https://codereview.chromium.org/2203013002
Cr-Commit-Position: refs/heads/master@{#38342}
Only basic things for now, but enough, for example, to emit
mov rax, [rax+0xc]
instead of
mov rax, 0x3
mov rdx, [rdx+rax*4]
on x64.
BUG=
Review-Url: https://codereview.chromium.org/2211633003
Cr-Commit-Position: refs/heads/master@{#38338}
References in code objects to new-space embedded objects have to be
recorded in a remembered set so that they get updated by the garbage
collector.
TEST=cctest/test-serialize/CodeSerializerEmbeddedObject
R=ulan@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2200333004
Cr-Commit-Position: refs/heads/master@{#38335}
Thrown exceptions must be handled before another exception is thrown.
This fixes all remaining test failures exposed by not clearing pending
exceptions in JSEntryStub.
BUG=v8:5259
Review-Url: https://codereview.chromium.org/2207923002
Cr-Commit-Position: refs/heads/master@{#38324}
Add a new bytecode to create a function context. The handler inlines
FastNewFunctionContextStub.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2187523002
Cr-Commit-Position: refs/heads/master@{#38301}
This new API function allows for setting several internal fields at once.
By avoiding crossing the API each time for setting an internal property we
can speed up the wrapper creation which has to set two fields for every new
object.
BUG=chromium:630217
Review-Url: https://codereview.chromium.org/2185963002
Cr-Commit-Position: refs/heads/master@{#38299}
So far we treated SignedSmall and Signed32 feedback the same for number
operations. However it would be beneficial to generate (a lot) less code
if we only do a Smi check on the inputs instead of doing the full Smi +
HeapNumber + conversion check that we need to do for Signed32 feedback.
R=epertoso@chromium.org
BUG=v8:4583
Review-Url: https://codereview.chromium.org/2207893002
Cr-Commit-Position: refs/heads/master@{#38290}
Move all the typing rules for unary and binary number operations to the
OperationTyper and use them for both the regular Typer as well as the
retyper that runs as part of SimplifiedLowering.
R=epertoso@chromium.org
Review-Url: https://codereview.chromium.org/2202883005
Cr-Commit-Position: refs/heads/master@{#38283}
This completely removes the ability from nodes to point directly to the
frame state representing their eager bailout point. All nodes now either
have zero or one frame state inputs. These frame states can by now be
found via checkpoints in the graph.
R=bmeurer@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2020323004
Cr-Commit-Position: refs/heads/master@{#38282}
This removes the frame state input representing the before-state from
nodes having any int32 bitwise operator. Lowering that inserts number
conversions of the inputs has to be disabled when deoptimization is
enabled, because the frame state layout is no longer known.
R=epertoso@chromium.org
BUG=v8:5021,v8:4746
Review-Url: https://codereview.chromium.org/2194383004
Cr-Commit-Position: refs/heads/master@{#38280}
Similarly to how we check whether the entered context has access to the target
context when invoking the function constructor, we should check the involved
contexts before invoking eval().
I forgot to add this in the initial CL that adds the check for the function
constructor. Move the code to a common location, and use it for the GlobalEval
builtin as well.
BUG=chromium:541703
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2199343002
Cr-Commit-Position: refs/heads/master@{#38277}
Without this fix, two rules [PASS, MODIFIER] and [FAIL]
would be joined as [PASS, MODIFIER, FAIL], undermining the
intention of the second rule to mark a test as failing.
BUG=v8:4680,v8:4900
Review-Url: https://codereview.chromium.org/2201033002
Cr-Commit-Position: refs/heads/master@{#38238}
This makes sure we are not inserting {OsrPoll} instructions for any
statements that are not actually loops and have no back edges. Without
back edges the {BytecodeGraphBuilder} is unable to deduce loop ranges
and hence cannot construct a graph for OSR entry.
R=neis@chromium.org
TEST=mjsunit/regress/regress-5252
BUG=v8:5252
Review-Url: https://codereview.chromium.org/2200733002
Cr-Commit-Position: refs/heads/master@{#38233}
introduced in https://crrev.com/72f884a19fa4434bba6fc0e013ec4ea0a2366893
The regression comes from adding the next weak field of AllocationSite
as a hidden reference into the snapshot.
Before 72f884 the reference was implicitly ignored because the body
descriptor of AllocationSite did not include it.
This patch explicitly skip the next weak field of AllocationSite.
BUG=chromium:630027
Review-Url: https://codereview.chromium.org/2189643004
Cr-Commit-Position: refs/heads/master@{#38211}
This switches our inlining tests (i.e. cctest/test-run-inlining) to rely
on global object instead of function context specialization, which is
more in sync with what we are actually shipping. It will also allow us
to test inlining with the BytecodeGraphBuilder without having to add
support for function context specialization just for testing purposes.
R=bmeurer@chromium.org
TEST=cctest/test-run-inlining
BUG=v8:5251
Review-Url: https://codereview.chromium.org/2200673002
Cr-Commit-Position: refs/heads/master@{#38209}
The flag was introduced for ignition development. It can only
be used when running ignition tests in isolation on the bots.
The bots only use ignition_turbo in isolation since a while
and don't pass the --ignition flag anymore.
BUG=v8:5238
Review-Url: https://codereview.chromium.org/2197123002
Cr-Commit-Position: refs/heads/master@{#38206}
This gets rid of the Star bytecodes that were always dispatched to from
ToObject.
ToObject now outputs to register instead of to the accumulator and
ForInPrepare gets the receiver object from an input register.
BUG=v8:4820
LOG=n
Review-Url: https://codereview.chromium.org/2189463006
Cr-Commit-Position: refs/heads/master@{#38177}
