The output of disassemblers was changed to display instruction offsets as
hexadecimal numbers instead of a decimal numbers. Reflect this change in
turbolizer.
BUG=
Review-Url: https://codereview.chromium.org/2885453002
Cr-Commit-Position: refs/heads/master@{#45315}
Introduce a new SwitchSmiTable bytecode for generators, which does a
table lookup for the accumulator value in a jump table stored in the
constant array pool. This removes the if-else chains at resumable
function/loop headers.
As a drive-by, add a scoped environment saving struct to the bytecode
graph builder.
Bug: v8:6351
Bug: v8:6366
Change-Id: I63be15a8b599d6684c7df19dedb8860562678fb0
Reviewed-on: https://chromium-review.googlesource.com/500271
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45314}
This reverts commit 7ef1df858a.
Reason for revert: Breaks inspector/debugger/get-possible-breakpoints-restrict-to-function: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/13191/steps/Check/logs/get-possible-breakpoi..
Original change's description:
> [builtins] port Promise.all to CSA
>
> Introduces CodeStubAssembler helpers for common Iterator operations
> (GetIterator, IteratorStep, IteratorClose).
>
> Moves the Promise.all resolveElement closure and it's caller to
> builtins-promise-gen.cc.
>
> Instead of creating an internal array (and copying its elements into a result
> array), a single JSArray is allocated, and appended with BuildAppendJSArray(),
> falling back to %CreateDataProperty(), and elements are updated in the resolve
> closure the same way. This should always be unobservable.
>
> This CL increases the size of snapshot_blob.bin on an x64.debug build by 11.44kb
>
> BUG=v8:5343
> R=cbruni@chromium.org, gsathysa@chromium.org, jgruber@chromium.org
>
> Change-Id: Id69b7f76866b29caccd97f35870154c4be85f418
> Reviewed-on: https://chromium-review.googlesource.com/497974
> Commit-Queue: Caitlin Potter <caitp@igalia.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45306}
TBR=adamk@chromium.org,cbruni@chromium.org,gsathya@chromium.org,caitp@igalia.com,jgruber@chromium.org,ishell@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5343
Change-Id: I831738003643561fa628266af2bcebbb18000e55
Reviewed-on: https://chromium-review.googlesource.com/506014
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45313}
DEPS.chromium allows the Chromium build system's DEPS to recurse into V8's own
dependencies. Initially, this is populated with some tests files for the ARM64
simulator.
BUG=chromium:718439
Review-Url: https://codereview.chromium.org/2880293002
Cr-Commit-Position: refs/heads/master@{#45310}
Speed up LEB decoding by forcing the decoding loop to be unrolled.
Even though the compiler was free to unroll the loop before, clang did
not do so. We now manually unroll by using a template function which
calls itself recursively, passing the byte index to be decoded next.
For efficient execution, we still depend on the compiler to inline the
recursive calls (which clang does).
This optimization speeds up interpreted execution of the Jetstream
benchmarks by 15 percent.
Speedup on module decoding is negligible though.
Drive-by: Change "unsigned" to "uint32_t".
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: I06d4230f92bfb2a80cdc5029d965fc3bf84ca1cc
Reviewed-on: https://chromium-review.googlesource.com/506188
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45308}
Introduces CodeStubAssembler helpers for common Iterator operations
(GetIterator, IteratorStep, IteratorClose).
Moves the Promise.all resolveElement closure and it's caller to
builtins-promise-gen.cc.
Instead of creating an internal array (and copying its elements into a result
array), a single JSArray is allocated, and appended with BuildAppendJSArray(),
falling back to %CreateDataProperty(), and elements are updated in the resolve
closure the same way. This should always be unobservable.
This CL increases the size of snapshot_blob.bin on an x64.debug build by 11.44kb
BUG=v8:5343
R=cbruni@chromium.org, gsathysa@chromium.org, jgruber@chromium.org
Change-Id: Id69b7f76866b29caccd97f35870154c4be85f418
Reviewed-on: https://chromium-review.googlesource.com/497974
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45306}
- Default constructor scopes won't need the scope data for deciding the scope
allocation of variables inside them. Also, PreParser doesn't construct them. So
they should be just skipped when applying the scope data.
- PreParser needs to declare the class name + have a proper end position for
the class scope.
- This makes all mjsunit tests pass with --experimental-preparser-scope-analysis.
- Also added several DCHECKs which were useful for debugging.
BUG=v8:5516
Change-Id: I5b3e6c60ed79efe25f33576a3547d707c700c6dd
Reviewed-on: https://chromium-review.googlesource.com/503208
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45303}
This timer is disabled since the switch to the new validator.
This CL brings it back.
R=mstarzinger@chromium.org
Change-Id: Ie454af72205564d6fec05dd4b7b44c1e3d0c37d6
Reviewed-on: https://chromium-review.googlesource.com/505610
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45300}
This makes sure that the evaluation result of the first expression in
for-statements is properly dropped, to leave the stack in a balanced
state after the statement. It also makes sure validation failures in
said expression are handled correctly.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-721835
BUG=chromium:721835
Change-Id: I7e6cff4cea0bbf5aad6a3459e27a08ea814dbdbe
Reviewed-on: https://chromium-review.googlesource.com/506148
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45299}
Crankshaft flag and opt flag mostly serve the same purpose. Using
crankshaft to mean use optimizing compiler is a bit confusing.
This cl: https://chromium-review.googlesource.com/c/490206/ fixes
the tests to use opt instead of crankshaft flag.
One difference between --no-crankshaft and --no-opt would be that
--no-opt would mean no optimizations at all where as with --no-crankshaft
would mean we can force optimizations using %OptimizeFunctionOnNextCall.
Bug: v8:6325
Change-Id: If17393ac5b6af4ea6e9a98e092f0261c2e0899c5
Reviewed-on: https://chromium-review.googlesource.com/490307
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45298}
This is the last in the series of simplifying the logic to collect feedback
in compare bytecode handlers. This cl inlines the type feedback collection
for the relational compare (lessthan, lessthan or equal, greater than,
gerater than or equal) bytecode handlers.
Bug: v8:4280
Change-Id: I4a896c9cbe5628c76785882c0632bfa07b18b099
Reviewed-on: https://chromium-review.googlesource.com/500309
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45296}
For a polymorphic access to o.x we would only merge it into a single
PropertyAccessInfo so far, if x is at the same offset in all maps and
the property index of x (in the descriptor arrays) is the same. But that
doesn't matter for code generation and blocks optimizations even.
BUG=v8:6278,v8:6344,v8:6396
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2883883002
Cr-Commit-Position: refs/heads/master@{#45294}
Introduce a flag --max_inlined_nodes_small (defaults to 10), which gives
the upper limit of AST nodes for a function to be considered "small" by
the inlining heuristic. These functions will always be inlined
immediately, independent of the budget.
R=jarin@chromium.org
BUG=v8:6395,v8:6278,v8:6344,v8:6394
Review-Url: https://codereview.chromium.org/2883853002
Cr-Commit-Position: refs/heads/master@{#45291}
No semantic changes, just a readability refactoring that removes
a couple of unnecessary variables and labels.
BUG=v8:6371
Review-Url: https://codereview.chromium.org/2881763003
Cr-Commit-Position: refs/heads/master@{#45290}
250K was probably still too generous and 80K leads to improvements
locally.
BUG=v8:6348
Review-Url: https://codereview.chromium.org/2876413002
Cr-Commit-Position: refs/heads/master@{#45288}
Smis can easily be handled outside the stub call without adding much to code
size.
The ToString inlining adds overhead of repeated instance type loads and checks,
but under the assumption that it is called with mostly string values it should
speed things up (a local RegExp.p[@@replace] microbenchmark shows consistent
1.6% improvements).
Drive-by-fix: Remove duplication in ToString implementations.
BUG=
Review-Url: https://codereview.chromium.org/2874423003
Cr-Commit-Position: refs/heads/master@{#45287}
With this CL SloppyArguments immediately go to dictionary elements on
deletion, keeping the arguments backing store packed.
Bug: v8:6251
Change-Id: I90d1972179447bf6810e7fe2b8e0bc8703b38d9d
Reviewed-on: https://chromium-review.googlesource.com/486921
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45286}
This is almost identical to V8's default array buffer allocator. The only
difference is that 0 byte allocations are changed into 1 byte allocations. We
do not seem to need this behavior, so it does not seem worth maintaining yet
another allocator.
Bug:
Change-Id: I94f45f1276958791be9a6f2405fcfba8fa6eaa38
Reviewed-on: https://chromium-review.googlesource.com/505199
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45282}
This lets us avoid allocating the "this" variable for every
generator, since the BytecodeGenerator can directly read
the receiver via BytecodeArrayBuilder::Receive() when passing
it into %_CreateJSGeneratorObject.
Bug: v8:6351
Change-Id: Ib5e1f3303b6b5d5fc051ce76ea62129fd6afac65
Reviewed-on: https://chromium-review.googlesource.com/500507
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#45281}
Remove FinalizePageSequentially as it had only a single use case that
was tied to the full collector.
Bug: chromium:651354
Change-Id: I03299ddbd439ea273e02dd33f12c005371694130
Reviewed-on: https://chromium-review.googlesource.com/504508
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45280}
We make assumptions that baseline code exists if we run the optimized code
(e.g., to deopt to the baseline code). If the baseline code has been
cleared by code flushing (only full-codegen) then it might not exist
but there is still optimized code in the map.
BUG=v8:6389
Change-Id: Id4db664afee96c2da3a36a177f425293aae9a0a3
Reviewed-on: https://chromium-review.googlesource.com/503010
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45278}
This makes sure that the order of exports as they appear in asm.js
modules is maintained globally (not just per function) while being
translated to a WASM module.
R=clemensh@chromium.org
TEST=mjsunit/asm/asm-validation
BUG=chromium:720586
Change-Id: I8b26d717ae2f88467d41670bced901f196c7b3fc
Reviewed-on: https://chromium-review.googlesource.com/503708
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45277}
No need to call through ConstructJS -> ArrayCode -> ArrayConstructorStub
-> AllocateJSArray if we can call AllocateJSArray directly.
This also moves ArraySpeciesCreate to builtins-array-gen to free
up space in the binary.
BUG=v8:6354
Review-Url: https://codereview.chromium.org/2874833004
Cr-Commit-Position: refs/heads/master@{#45276}
Compilers don't flatten os << const char* for you. Save a bit binary size.
Bug:NO
Change-Id: Iabe0de83fdf6394f223d0423e63bd5aadf1453b3
Reviewed-on: https://chromium-review.googlesource.com/503829
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Loo Rong Jie <loorongjie@gmail.com>
Cr-Commit-Position: refs/heads/master@{#45272}
The current implementation failed when comparing an integral type to a
reference to an integral type of different signedness (see updated
unittest).
This CL fixes the checks to actually test the std::decay<T>::type,
i.e. with all references, const or volatile modifiers stripped.
R=jochen@chromium.org, ishell@chromium.org
TEST=unittests/LoggingTest.CompareWithReferenceType
Change-Id: Ib0ac077a91e0409ada7a80b68150cb98cbdd32f1
Reviewed-on: https://chromium-review.googlesource.com/502814
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45271}
Creation stack trace points to the place where callback was actually chained, scheduled points where parent promise was resolved.
For async tasks without creation stack (e.g. setTimeout) we continue to use scheduled as creation since usually they are the same.
BUG=v8:6189
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2868493002
Cr-Original-Commit-Position: refs/heads/master@{#45198}
Committed: e118462f18
Review-Url: https://codereview.chromium.org/2868493002
Cr-Commit-Position: refs/heads/master@{#45266}
