Reorders the jump bytecodes so that the majority of jump checks can be
implemented as range checks (rather than a list of comparisons that get
compiled to a bunch of jumps).
Review-Url: https://codereview.chromium.org/2537123002
Cr-Commit-Position: refs/heads/master@{#41498}
Short living closures are very common in Node.js. This benchmark tracks progress
as we move the optimizations that are currently only behind
--mark_shared_functions_for_tier_up to the default settings.
BUG=v8:5512
Committed: https://crrev.com/f277da2a00cfd27d44a33a70213a65bd82d0bc95
Review-Url: https://codereview.chromium.org/2525053002
Cr-Original-Commit-Position: refs/heads/master@{#41246}
Cr-Commit-Position: refs/heads/master@{#41487}
This allows us to optimise the bytecode liveness analysis to jump
directly to previously seen indices. The analysis is optimised to store
a stack of loop ends (JumpLoop bytecode indices), and iterate through
these indices directly rather than looping through the bytecode array to
find them.
Review-Url: https://codereview.chromium.org/2536653003
Cr-Commit-Position: refs/heads/master@{#41485}
Don't unconditionally assume that Tagged->Word32 changes are always
truncating independent of the type of the input. Work-around the
remaining issues with for-in by properly renaming the index if it's
not already of appropriate type (happens with generators or OSR).
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2545393002
Cr-Commit-Position: refs/heads/master@{#41484}
The changes are:
1) Pass lambdas as const references to avoid unnecessary copying.
2) Remove CodeStubAssembler* parameter from loop bodies and let the lambdas
capture the right assembler instead. It makes the loop body code look
uniform with the surrounding code and unblocks splitting of a CSA
into different classes.
BUG=
Review-Url: https://codereview.chromium.org/2535753012
Cr-Commit-Position: refs/heads/master@{#41482}
In the current implementation, WasmInstanceWrapper is allocated after the imports for the instance are processed, and before the InstanceFinalizer callback is associated with the instance. This raises the possibility of triggering a gc in the middle of the instantiate flow which is incorrect.
BUG=5707
R=titzer@chromium.org, petermarshall@chromium.org
Review-Url: https://codereview.chromium.org/2544273002
Cr-Commit-Position: refs/heads/master@{#41464}
Reason for revert:
Speculative revert for causing timeouts on Win Debug gpu fyi bot
Nothing else looks even remotely relevant in the list of changes.
Will reland if this doesn't fix the issues.
BUG=670396
Original issue's description:
> [typedarrays] remove invalid optimization in NAMEConstructor()
>
> Before, we were treating objects with the builtin ArrayValues iterator
> method as array-like, where the iterator would iterate through to the
> full length of the object.
>
> This optimization was not sound, because it does not ensure that the
> next method hasn't been modified. Even if it hasn't been modified,
> it's entirely possible to be modified during iteration. Thus, this
> optimization has been removed due to its observability.
>
> BUG=v8:5699
> R=littledan@chromium.org, cbruni@chromium.org
>
> Committed: https://crrev.com/77df8c67d9609ada3b7d79e8e6d33f198bbad5a1
> Cr-Commit-Position: refs/heads/master@{#41394}
TBR=cbruni@chromium.org,littledan@chromium.org,caitp@igalia.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5699
Review-Url: https://codereview.chromium.org/2548583003
Cr-Commit-Position: refs/heads/master@{#41461}
This enables {FLAG_debug_code} by default in debug builds. The advantage
is that generated code contained within the snapshot will contain such
debug code. Before we would only get coverage for these pieces with the
no-snapshot builds, which have a meager coverage. One can still pass the
inverse --no-debug-code flag to ensure generated code remains readable
within debug builds as well.
R=machenbach@chromium.org
Review-Url: https://codereview.chromium.org/2528913002
Cr-Commit-Position: refs/heads/master@{#41451}
Tests were falling in qemu because of inexact computation in tests.
After correcting tests, simulator also had to be fixed.
Review-Url: https://codereview.chromium.org/2539133002
Cr-Commit-Position: refs/heads/master@{#41447}
Fix compilation failure in test-macro-assembler[64].cc
caused by 8fcfe66f94
due to warning `lambda-expression in unevaluated context`.
TEST=cctest/test-macro-assembler-mips[64]
BUG=
Review-Url: https://codereview.chromium.org/2543643005
Cr-Commit-Position: refs/heads/master@{#41433}
Debugging API is still in use by Node.
Revert "[debug] remove deprecated debug command message queue."
This reverts commit abdbfc953d.
Revert "[debug] mark more unused debug API as deprecated."
This reverts commit d5ada19ce7.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2537313005
Cr-Commit-Position: refs/heads/master@{#41427}
Trampolines are generated when the value of pc_offset is greater than
next_buffer_check_ (attribute from Assembler class). This value
shouldn't be incremented in bind_to() method when internal reference
label is bound, because it is not decremented when the switch table is
generated (dd() method from Assemler class).
This patch fixes this problem. Regression test are also included for
mips and mips64 arch.
BUG=
Review-Url: https://codereview.chromium.org/2530143002
Cr-Commit-Position: refs/heads/master@{#41423}
This fixes the existing workaround in {BytecodeGraphBuilder} where the
number of elements in an array literal is unknown just from the bytecode
alone and needs to be deduced from the constant elements.
Note that this is just a quick fix to prevent calling the fast-clone
stub for boilerplates that are too big to fit on a regular page. In the
long run we need something more solid here.
R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-crbug-669850
BUG=chromium:669850
Review-Url: https://codereview.chromium.org/2542633002
Cr-Commit-Position: refs/heads/master@{#41420}
Unfortunately we have to split this up into two cases: those with exactly one spread argument as the final argument, and all others, due to any side-effects of evaluation being visible.
This is in preparation for a new bytecode which handles super calls.
BUG=v8:5659
Review-Url: https://codereview.chromium.org/2540593003
Cr-Commit-Position: refs/heads/master@{#41415}
The current CHECK/DCHECK implementation fails statically if a signed
value is compared against an unsigned value. The common solution is to
cast on each caller, which is tedious and error-prone (might hide bugs).
This CL implements signed vs. unsigned comparisons by executing up to
two comparisons. For example, if i is int32_t and u is uint_32_t, a
DCHECK_LE(i, u) would create the check
i <= 0 || static_cast<uint32_t>(i) <= u.
For checks against constants, at least one of the checks can be removed
by compiler optimizations.
The tradeoff we have to make is to sometimes silently execute an
additional comparison. And we increase code complexity of course, even
though the usage is just as easy (or even easier) as before.
The compile time impact seems to be minimal:
I ran 3 full compilations for Optdebug on my local machine, one time on
the current ToT, one time with this CL plus http://crrev.com/2524093002.
Before: 143.72 +- 1.21 seconds
Now: 144.18 +- 0.67 seconds
In order to check that the new comparisons are working, I refactored
some DCHECKs in wasm to use the new magic, and added unit test cases.
R=ishell@chromium.org, titzer@chromium.orgCC=ahaas@chromium.org, bmeurer@chromium.org
Committed: https://crrev.com/5925074a9dab5a8577766545b91b62f2c531d3dc
Review-Url: https://codereview.chromium.org/2526783002
Cr-Original-Commit-Position: refs/heads/master@{#41275}
Cr-Commit-Position: refs/heads/master@{#41411}
This shows around a 2.2x speedup compared to the old JS implementation (and
3.5x compared to CPP) for the fast path.
Adds ToUint32 to CodeStubAssembler.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2532403002
Cr-Commit-Position: refs/heads/master@{#41408}
Incremental parsing of asm.js means we can see function tables that
are unused in the AsmWasmBuilder before they've been initialized.
BUG=669899
R=aseemgarg@chromium.org
Review-Url: https://codereview.chromium.org/2546553002
Cr-Commit-Position: refs/heads/master@{#41403}
If we just call CreateDebugInfo in GetPossibleBreakpoints then we won't call PrepareFunctionForBreakPoints and won't be able to step into this function or pause at breakpoint inside.
BUG=v8:5695
R=dgozman@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2540943002
Cr-Commit-Position: refs/heads/master@{#41401}
Attempt to fix or get insight into failing vswp test on V8 ARM bot.
LOG=N
BUG=
Review-Url: https://codereview.chromium.org/2539533005
Cr-Commit-Position: refs/heads/master@{#41397}
The "writable" property descriptor may legally change during the call to
AnythingToArrayLength(). This change needs to be honoured before calling
JSArray::SetLength(). The change is only honoured when the "length"
property was previously writable, so that changes during a call to
DefineOwnPropertyIgnoreAttributes() is ignored.
BUG=v8:5688
R=cbruni@chromium.org, verwaest@chromium.org, jkummerow@chromium.org
Review-Url: https://codereview.chromium.org/2543553002
Cr-Commit-Position: refs/heads/master@{#41396}
Before, we were treating objects with the builtin ArrayValues iterator
method as array-like, where the iterator would iterate through to the
full length of the object.
This optimization was not sound, because it does not ensure that the
next method hasn't been modified. Even if it hasn't been modified,
it's entirely possible to be modified during iteration. Thus, this
optimization has been removed due to its observability.
BUG=v8:5699
R=littledan@chromium.org, cbruni@chromium.org
Review-Url: https://codereview.chromium.org/2544503002
Cr-Commit-Position: refs/heads/master@{#41394}
JS operators always have an implicit context input, so just use that instead.
BUG=
Review-Url: https://codereview.chromium.org/2541813002
Cr-Commit-Position: refs/heads/master@{#41392}
These byte pointers (module_start and module_end) were only valid
during decoding. During instantiation or execution, they can get
invalidated by garbage collection.
This CL removes them from the WasmModule struct, and introduces a new
ModuleStorage struct as interface to the wasm wire bytes.
Since the storage is often needed together with the ModuleEnv, a new
ModuleStorageEnv struct holds both a ModuleEnv and a ModuleStorage.
The pointers in the ModuleStorage should never escape the live range of
this struct, as they might point into a SeqOneByteString or ArrayBuffer.
Therefore, the WasmInterpreter needs to create its own copy of the
whole module.
Runtime functions that previously used the raw pointers in WasmModule
(leading to memory errors) now have to use the SeqOneByteString in the
WasmCompiledModule.
R=titzer@chromium.org
BUG=chromium:669518
Review-Url: https://codereview.chromium.org/2540133002
Cr-Commit-Position: refs/heads/master@{#41388}
JSFrameSpecialization depends on the layout of the frame and doesn't work
with interpreted frames. Disable it since it is only used for OSR from asmjs code, which shouldn't go through the bytecode graph builder in many cases.
BUG=669517
Review-Url: https://codereview.chromium.org/2538823002
Cr-Commit-Position: refs/heads/master@{#41387}
Defining the subclass within the loop significantly affects subsequent
test results. For instance, the Search benchmark is 50% slower if the
subclass is defined within the loop.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2537253003
Cr-Commit-Position: refs/heads/master@{#41384}
Make the AsmWasmBuilder drive the process of typing and potentially parsing
function bodies. This will allow us to keep only a single asm.js function's
AST in memory as we convert to WebAssembly.
This is needed to keep our memory footprint low.
Add some additional output to a few tests that's helpful to see which stage they fail at.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
LOG=N
R=marja@chromium.org,adamk@chromium.org,aseemgarg@chromium.org,titzer@chromium.org
Review-Url: https://codereview.chromium.org/2398023002
Cr-Commit-Position: refs/heads/master@{#41372}
Improves performance in simple, single element case by 5% and in multiple
elements cases by 2%.
BUG=chromium:608675
LOG=N
Review-Url: https://codereview.chromium.org/2497243002
Cr-Commit-Position: refs/heads/master@{#41368}
