port 588e15c034 (r37345)
original commit message:
The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.
Adds a regression test.
BUG=
Review-Url: https://codereview.chromium.org/2119793002
Cr-Commit-Position: refs/heads/master@{#37469}
In the current implementation of wasm an unrepresentable input of the
float32-to-int32 conversion is detected by first truncating the input, then
converting the truncated input to int32 and back to float32, and then checking
whether the result is the same as the truncated input.
This input check does not work on arm and arm64 for an input of (INT32_MAX + 1)
because on these platforms the float32-to-int32 conversion results in INT32_MAX
if the input is greater than INT32_MAX. When INT32_MAX is converted back to
float32, then the result is (INT32_MAX + 1) again because INT32_MAX cannot be
represented precisely as float32, and rounding-to-nearest results in (INT32_MAX
+ 1). Since (INT32_MAX + 1) equals the truncated input value, the input appears
to be representable.
With the changes in this CL, the result of the float32-to-int32 conversion is
incremented by 1 if the original result was INT32_MAX. Thereby the detection of
unrepresenable inputs in wasm works. Note that since INT32_MAX cannot be
represented precisely in float32, it can also never be a valid result of the
float32-to-int32 conversion.
@v8-mips-ports, can you do a similar implementation for mips?
R=titzer@chromium.org, Rodolph.Perfetta@arm.com
Review-Url: https://codereview.chromium.org/2105313002
Cr-Commit-Position: refs/heads/master@{#37448}
Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.
Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.
BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel;tryserver.v8:v8_linux_nosnap_dbg
Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
Review-Url: https://codereview.chromium.org/2090723005
Cr-Original-Commit-Position: refs/heads/master@{#37384}
Cr-Commit-Position: refs/heads/master@{#37416}
Perform the following transformation:
| Before | After |
|------------------+---------------------|
| add w2, w0, w1 | adds w2, w0, w1 |
| cmp w2, #0x0 | b.<cond'> <addr> |
| b.<cond> <addr> | |
|------------------+---------------------|
| add w2, w0, w1 | adds w2, w0, w1 |
| cmp #0x0, w2 | b.<cond'> <addr> |
| b.<cond> <addr> | |
and the same for and instructions instead of add. When the result of the
add/and is not used, generate cmn/tst instead. We need to take care with which
conditions we can handle and what new condition we map them to.
BUG=
Review-Url: https://codereview.chromium.org/2065243005
Cr-Commit-Position: refs/heads/master@{#37400}
Reason for revert:
Looks like this breaks on nosnap: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/7626
Original issue's description:
> [builtins] New frame type for exits to C++ builtins
>
> Prior to this commit, calls to C++ builtins created standard exit
> frames, which are skipped when constructing JS stack traces. In order to
> show these calls on traces, we introduce a new builtin exit frame type.
>
> Builtin exit frames contain target and new.target on the stack and are
> not skipped during stack trace construction.
>
> BUG=v8:4815
> R=bmeurer@chromium.org, yangguo@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
> Cr-Commit-Position: refs/heads/master@{#37384}
TBR=yangguo@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4815
Review-Url: https://codereview.chromium.org/2106113002
Cr-Commit-Position: refs/heads/master@{#37394}
A pointer comparison on the effect path states is not sufficient to
guarantee termination; we really need to check the actual nodes to
make sure we terminate properly, similar to what BranchElimination
does.
R=jarin@chromium.org
BUG=v8:5161
Review-Url: https://codereview.chromium.org/2112463002
Cr-Commit-Position: refs/heads/master@{#37389}
This functionality is duplicated with the same functionality in
SimplifiedLowering, which is kinda premature and doesn't seem to
be useful.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2103323003
Cr-Commit-Position: refs/heads/master@{#37386}
Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.
Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.
BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review-Url: https://codereview.chromium.org/2090723005
Cr-Commit-Position: refs/heads/master@{#37384}
There are no useful typing rules for Change and Checked operators, so we
better make sure we don't run them through the Typer at all.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2107783004
Cr-Commit-Position: refs/heads/master@{#37382}
This function should also be callable from a concurrent thread, so we cannot use
the scope here. Instead, provide a test that checks that no handles are created.
R=ulan@chromium.org
TEST=cctest/test-conversions/NoHandlesForTryNumberToSize
BUG=
Review-Url: https://codereview.chromium.org/2106083002
Cr-Commit-Position: refs/heads/master@{#37381}
This changes many interfaces to accept StandardFrames instead of
JavaScriptFrames, and use the StackTraceFrameIterator instead of the
JavaScriptFrameIterator.
Also, the detailed frame information array now contains the script in
addition to the function, as wasm frames are not associated to any
javascript function.
This is a rebase of (https://codereview.chromium.org/2069823003/), since clemensh's internship has ended.
R=yangguo@chromium.org,ahaas@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2109093003
Cr-Commit-Position: refs/heads/master@{#37379}
Reland of https://codereview.chromium.org/2034093002 (reverted by
https://codereview.chromium.org/2080153002).
Original commit message:
Implement WASM support on big-endian platforms. WASM has
an implicit requirement that it is running on little-endian
machine. We achieve WASM support on BE by keeping data
in memory in little-endian order, and changing data
endianness before storing to memory and after loading from
memory.
BUG=
Review-Url: https://codereview.chromium.org/2083523002
Cr-Commit-Position: refs/heads/master@{#37373}
The reason:
All RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan/Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases
use the C++ function to generate the expected value or result. So for x87, all those expected value or result are
extended double precision as the extended double precision is default for x87 Gcc compiler and std lib on linux platform.
The issue is:
For RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan test cases, the expected values generated by C++ function
are extended double precision, the results generated by X87 jitted code are double precision according to the ECMA standard.
The comparison of different precisons caused some of those test cases failed.
For Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases, the expected values are pre-defined double precision values, the results
generated by C++ function are extended double precision. The comparison of different precisons caused some of those test cases
failed too.
This CL disables RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan/Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases for x87.
BUG=
Review-Url: https://codereview.chromium.org/2111493002
Cr-Commit-Position: refs/heads/master@{#37371}
Add a flag harmony_trailing_commas_in_parameters that allows trailing
commas in function parameter declaration lists and function call
parameter lists. Trailing commas are allowed in parenthetical lists like
`(a, b, c,)` only if the next token is `=>`, thereby making it an arrow
function declaration. Only 1 trailing comma is allowed, not `(a,,)`. A
trailing comma must follow a non-rest parameter, so `(,)` and `(...a,)`
are still SyntaxErrors. However, a trailing comma is allowed after a
spread parameter, e.g. `a(...b,);`.
Add parser tests for all of the above.
BUG=v8:5051
LOG=y
Review-Url: https://codereview.chromium.org/2094463002
Cr-Commit-Position: refs/heads/master@{#37355}
Comparisons were allowing asm 'int' values in places
that require strict 'signed' or 'unsigned' but not both.
Fixes crash when these make it to asm-wasm.
BUG=599413
BUG=v8:4203
R=aseemgarg@chromium.org
Review-Url: https://codereview.chromium.org/2106683003
Cr-Commit-Position: refs/heads/master@{#37353}
This reverts commit 1eb1dfabe4.
The original compilation separation change avoided associating a heap
for the wasm instance if memory was not provided, nor needed. The
grow memory CL assumed the old behavior, where a memory buffer was
always present, but may have had a zero size.
The 2CLS landed shortly after one another. We decided to treat the
grow memory as the race condition winner, so this CL here re-lands
compilation separation, plus adjusts grow memory to deal with
the undefined mem buffer.
BUG=
Review-Url: https://codereview.chromium.org/2102193003
Cr-Commit-Position: refs/heads/master@{#37352}
Support for serializing/deserializing the compiled wasm module.
We want to reuse the javascript snapshotting mechanics, at least in the
short term, when we still use the JS heap for the compiled wasm code.
Given that a module may be compiled in one v8 instance and then
instantiated later, in a different instance, whatever information we need
at instantiation time must also be serializable.
We currently hold on to the un-decoded wasm bytes, for enabling
debugging scenarios. This imposes a ~20% penalty on the memory
requirements of the wasm compiled code. We do not need this data
otherwise, for runtime, and it is sensible to consider eventually loading it
on demand. Therefore, I intentionally avoided relying on it and re-
decoding the wasm module data, and instead saved the information
necessary to support instantiation.
Given how whatever we need to persist must be serializable, the CL
uses a structure made out of serializable objects (fixed arrays mostly)
for storing this information. I preferred going this route rather than
adding more wasm-specific support to the serializer, given that we want
to eventually move off the JS heap, and therefore the serializer.
Additionally, it turns out this extra information is relatively not complex:
minimal structure, little nesting depth, mostly simple data like numbers
or byte blobs, or opaque data like compiled functions.
This CL also moves export compilation ahead of instantiation time.
This change added a helper getter to FixedArray, to make typed retrieval
of elements easier.
BUG=
Review-Url: https://codereview.chromium.org/2094563002
Cr-Commit-Position: refs/heads/master@{#37348}
The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.
Adds a regression test.
BUG=621926
Committed: https://crrev.com/efa7095e3e360fbadbe909d831ac11b268ca26b0
Review-Url: https://codereview.chromium.org/2103713003
Cr-Original-Commit-Position: refs/heads/master@{#37339}
Cr-Commit-Position: refs/heads/master@{#37345}
Reason for revert:
Causes "buildbot failure in V8 on V8 Linux gcc 4.8, Check"
Original issue's description:
> [ia32] Fixes a bug in cmpw.
>
> The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.
>
> Adds a regression test.
>
> BUG=621926
>
> Committed: https://crrev.com/efa7095e3e360fbadbe909d831ac11b268ca26b0
> Cr-Commit-Position: refs/heads/master@{#37339}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=621926
Review-Url: https://codereview.chromium.org/2106913002
Cr-Commit-Position: refs/heads/master@{#37342}
The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.
Adds a regression test.
BUG=621926
Review-Url: https://codereview.chromium.org/2103713003
Cr-Commit-Position: refs/heads/master@{#37339}
This part of the snapshot API should not be in use yet, so we can still
change this. The motivation for this change is:
- Use MaybeHandle where reasonable.
- Remove ambiguity: when we use index to create context from snapshot,
we should not have a silent fallback if snapshot is not available.
- Symmetry: rename to Context::FromSnapshot to mirror templates.
R=jochen@chromium.org
BUG=chromium:617892
Review-Url: https://codereview.chromium.org/2100073002
Cr-Commit-Position: refs/heads/master@{#37334}
This cl fixes the long-standing bug for for-in with shadowing properties.
BUG=v8:705
Review-Url: https://codereview.chromium.org/2081733002
Cr-Commit-Position: refs/heads/master@{#37333}
This avoids forgetting to add files for either gyp or gn.
While for most executables, this is detected by compilation
errors, for test executables, it can lead to tests silently
not running.
BUG=chromium:474921
Review-Url: https://codereview.chromium.org/2098313002
Cr-Commit-Position: refs/heads/master@{#37331}
The reason for reverting is: This breaks gc-stress bot:
https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot
Abortion of compaction could cause duplicate entries in the typed-old-to-new remembered set. These duplicates could cause a DCHECK to trigger which checks that slots recorded in the remembered set never point to to-space. This reland-CL allows duplicates in the remembered set by removing the DCHECK, and additionally clears entries in the remembered set if objects are moved.
Original issue's description:
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.
This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js
Review-Url: https://codereview.chromium.org/2097023002
Cr-Commit-Position: refs/heads/master@{#37325}
Introduce a new machine operator Float64Pow that for now is backed by
the existing MathPowStub to start the unification of Math.pow, and at
the same time address the main performance issue that TurboFan still has
with the imaging-darkroom benchmark in Kraken.
Also migrate the Math.pow builtin itself to a TurboFan builtin and
remove a few hundred lines of hand-written platform code for special
handling of the fullcodegen Math.pow version.
BUG=v8:3599,v8:5086,v8:5157
Review-Url: https://codereview.chromium.org/2103733003
Cr-Commit-Position: refs/heads/master@{#37323}
the .eh_frame format as part of the jitdump generated when
FLAG_perf_prof is enabled. The final goal is allowing precise unwinding
of callchains that include JITted code when profiling V8 using perf.
Unwinding information is stored in the body of code objects after the
code itself, prefixed with its length and aligned to a 8-byte boundary.
A boolean flag in the header signals its presence, resulting in zero
memory overhead when the generation of unwinding info is disabled or
no such information was attached to the code object.
A new jitdump record type (with id 4) is introduced for specifying
optional unwinding information for code load records. The EhFrameHdr
struct is also introduced, together with a constructor to initialise it
from the associated code object.
At this stage no unwinding information is written to the jitdump, but
the infrastructure for doing so is ready in place.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/1993653003
Cr-Commit-Position: refs/heads/master@{#37296}
This is a building block for GetPropertyStub. It supports querying fast,
slow and global objects without native accessors and interceptors.
BUG=v8:4911
LOG=Y
Review-Url: https://codereview.chromium.org/2079823002
Cr-Commit-Position: refs/heads/master@{#37291}
The global object can be loaded from the native context and the name can be loaded in the type feedback metadata.
BUG=chromium:576312
Review-Url: https://codereview.chromium.org/2096653003
Cr-Commit-Position: refs/heads/master@{#37278}
We deviate from spec in that, in our implementation, __defineGetter__ on non-
configurable properties returns false instead of throwing a TypeError. This commit
adds a use counter to track how often we would be throwing an error we currently
avoid, to determine if we can change to align with spec or if the spec is not
implementable.
BUG=v8:5070
Review-Url: https://codereview.chromium.org/2089533002
Cr-Commit-Position: refs/heads/master@{#37259}
- Adds the concept of FP register aliasing to RegisterConfiguration.
- Changes RegisterAllocator to distinguish between FP representations
when allocating.
- Changes LinearScanAllocator to detect interference when FP register
aliasing is combining, as on ARM.
- Changes ARM code generation to allow all registers s0 - s31 to be
accessed.
- Adds unit tests for RegisterConfiguration, mostly to test aliasing
calculations.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2086653003
Cr-Commit-Position: refs/heads/master@{#37251}
Port fc59eb8a7a
Original commit message:
Moves between operands with different representations shouldn't happen,
so don't test them. This makes it easier to modify canonicalization to
differentiate between floating point types, which is needed to support
floating point register aliasing for ARM and MIPS.
This change also expands tests to include explicit FP moves (both register and stack slot).
LOG=N
BUG=v8:4124
BUG=chromium:622619
Review-Url: https://codereview.chromium.org/2090993002
Cr-Commit-Position: refs/heads/master@{#37241}
As a result LoadGlobalIC requires different slow stubs for each TypeofMode.
This CL is a prerequisite for not passing variable name to LoadGlobalIC:
the interceptor handler is the only kind of handler that requires a name
and therefore LoadGlobalIC dispatcher does not need a variable name as well.
BUG=chromium:576312
Review-Url: https://codereview.chromium.org/2081143002
Cr-Commit-Position: refs/heads/master@{#37222}
Reason for revert:
This breaks gc-stress bot: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot
#
# Fatal error in ../../src/heap/mark-compact.cc, line 3715
# Check failed: Page::FromAddress(reinterpret_cast<HeapObject*>(*slot)->address()) ->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION).
#
I can reproduce locally, and local revert also fixes it -> revert.
Reproduce with:
out/Debug/d8 --test --random-seed=2140216864 --nohard-abort --nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code --verify-heap --allow-natives-syntax --harmony-tailcalls test/mjsunit/mjsunit.js test/mjsunit/es6/tail-call-megatest-shard2.js --gc-interval=500 --stress-compaction --concurrent-recompilation-queue-length=64 --concurrent-recompilation-delay=500 --concurrent-recompilation
(Maybe run in loop; it's flaky when broken; but passes reliably w/ revert.)
Original issue's description:
> Reland [heap] Avoid the use of cells to point from code to new-space objects.
>
> The reason for reverting was: [Sheriff] Breaks arm debug:
> https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.
>
> The problem was the dereferencing of handles for smi checks. It turned out
> that these smi checks can be removed anyways, both on arm and on mips.
>
> Additionally some rebasing was necessary.
>
> Original issue's description:
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=mlippautz@chromium.org
>
> Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1
> Cr-Commit-Position: refs/heads/master@{#37217}
TBR=mlippautz@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2090983002
Cr-Commit-Position: refs/heads/master@{#37221}
Now we can turn it into a turbofan stub.
Create new instance types JS_ARGUMENTS_TYPE and JS_ERROR_TYPE.
Review-Url: https://codereview.chromium.org/2080243003
Cr-Commit-Position: refs/heads/master@{#37219}
ES2017 draft 19.1.3.6: If @@toStringTag is not a string, Object.prototype.toString()
returns [object Object], except in the following cases:
- Array
- String
- Arguments
- Function
- Error
- Boolean
- Number
- Date
- RegExp.
For anything else, e.g., Maps, Sets, TypedArrays, or the global object, toString() returns
[object Object] if @@toStringTag is absent or not a string. In order to be able to
easily identify the global object in d8, we set @@toStringTag to "global"
for d8.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=
Review-Url: https://codereview.chromium.org/2071343002
Cr-Commit-Position: refs/heads/master@{#37218}
The reason for reverting was: [Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.
The problem was the dereferencing of handles for smi checks. It turned out
that these smi checks can be removed anyways, both on arm and on mips.
Additionally some rebasing was necessary.
Original issue's description:
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.
This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js
R=mlippautz@chromium.org
Review-Url: https://codereview.chromium.org/2091733002
Cr-Commit-Position: refs/heads/master@{#37217}
As part of the page type unification also unify page iterators. Iterating
over a space works the same for all spaces now (new, old, lo).
Iterating over pages of a space follows now the regular C++ iterator pattern:
- for (auto it = space->begin(); it != space->end(); ++it) {}
- for (Page* p : *space) {}
GC only: Loop supporting unlinking/freeing of a Page on the fly:
for (auto it = space->begin(); != space->end();) {
Page* p = *(it++);
p->Unlink();
}
For iteration of a range of new space pages use NewSpacePageRange which
also verifies that the range is actually a proper new space page range.
BUG=chromium:581412
LOG=N
Review-Url: https://codereview.chromium.org/2088223002
Cr-Commit-Position: refs/heads/master@{#37210}
Remove second wasm module compilation and instantiation path that
we had in CompileAndRunWasmModule and reuse the same path used
by user code.
BUG=
Review-Url: https://codereview.chromium.org/2091533002
Cr-Commit-Position: refs/heads/master@{#37203}
Currently CpuProfiler is a subclass of CodeEventListener, it listens code events
from Logger, constructs and stores CodeEventsContainer. This patch is part of
the effort to split the logic of CodeEventListener as ProfilerListener out of
the profiling functionality logic in CpuProfiler. A ProfilerListener will listen
to code events, construct code event to CodeEventsContainer and pass it to code
event handler.
The reason we refactor CpuProfiler is that eventually we want to move
CpuProfiler as part of sampler library and code event listener should stay
inside V8.
Main changes:
1. Refactored CpuProfiler into two parts, the CpuProfiler with profling
functionality and the ProfilerListener listening to code events from Logger.
2. Created CodeEventObserver and made CpuProfiler inherit from it.
ProfilerListener will have a list of observers and call CodeEventHandler once a
code event is created.
3. Moved code entry list from CodeEntry to ProfilerListener.
Minor changes:
1. Moved static code entry as part of CodeEntry.
2. Added ProfilerListener to Logger.
BUG=v8:4789
Committed: https://crrev.com/cb59fc1facc9b390e2c7544b4da56a4e0a9b3222
Review-Url: https://codereview.chromium.org/2053523003
Cr-Original-Commit-Position: refs/heads/master@{#37112}
Cr-Commit-Position: refs/heads/master@{#37195}
Adds support for intrinsics which can be called as stubs. Namely:
- HasProperty
- MathPow
- NewObject
- NumberToString
- RegExpConstructResult
- RegExpExec
- Substring
- ToString
- ToName
- ToLength
- ToNumber
- ToObject
Also adds interface descriptors for stub calls which have arguments
passed on the stack.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2051573002
Cr-Commit-Position: refs/heads/master@{#37185}
We cannot change x - y < 0 to x < y, because it would only be safe if
x - y cannot overflow, which we don't know in general.
R=jarin@chromium.org
BUG=v8:5129
Review-Url: https://codereview.chromium.org/2090493002
Cr-Commit-Position: refs/heads/master@{#37164}
Previously, an async arrow function would be parsed if any valid
ConditionalExpression began with the identifier "async", and its following token
was on the same line.
So for example, `async.bar foo => 1` was parsed as a valid async arrow function.
This patch corrects this behaviour by asserting that the following token is a
valid arrow parameters start.
BUG=v8:4483
R=littledan@chromium.org, henrique.ferreiro@gmail.com
Review-Url: https://codereview.chromium.org/2089733002
Cr-Commit-Position: refs/heads/master@{#37154}
Adds back simple dead code elimination to the bytecode pipeline.
BUG=v8:4280,chromium:616064
Review-Url: https://codereview.chromium.org/2038083002
Cr-Commit-Position: refs/heads/master@{#37147}
Implements:
- WebAssembly object,
- WebAssembly.Module constructor,
- WebAssembly.Instance constructor,
- WebAssembly.compile async method,
- and Module and Instance instance objects.
Also, changes ErrorThrower to support capturing errors in a promise reject.
Since we cannot yet compile without fixing the Wasm memory, and cannot validate a module without compiling, the Module constructor and compile method don't do anything yet but checking that their argument is a suitable BufferSource. Instead of a compiled module, the hidden state of a Module object currently is just that buffer.
BUG=
Review-Url: https://codereview.chromium.org/2084573002
Cr-Commit-Position: refs/heads/master@{#37143}
This runtime function now also works for Ignition generators. It returns the
source position of the yield at which a suspended generator got suspended. This
works by storing the current bytecode offset at suspension and using an existing
mechanism to map it back to a source position.
TBR=littledan@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2079613003
Cr-Commit-Position: refs/heads/master@{#37140}
Reason for revert:
[Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038
Original issue's description:
> [heap] Avoid the use of cells to point from code to new-space objects.
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=ulan@chromium.org
>
> Committed: https://crrev.com/2d2087b79a293a92a6ed34a2775e481ff2173b3c
> Cr-Commit-Position: refs/heads/master@{#37134}
TBR=titzer@chromium.org,ulan@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2087463004
Cr-Commit-Position: refs/heads/master@{#37139}
Make intrinsic ids a contiguous set of ids so that the switch statement can build
a table switch rather than doing a large if/else tree.
BUG=v8:4822
LOG=N
Review-Url: https://codereview.chromium.org/2084623002
Cr-Commit-Position: refs/heads/master@{#37135}
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.
This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2045263002
Cr-Commit-Position: refs/heads/master@{#37134}
Base the fast-path in AdjustAmountOfExternalMemory on a value + limit. To
preserve the behavior the limit is just set using kExternalAllocationLimit.
Redo naming of related members.
R=jochen@chromium.org
BUG=chromium:621829
LOG=N
Review-Url: https://codereview.chromium.org/2085893002
Cr-Commit-Position: refs/heads/master@{#37131}
Yanking out in an effort to reduce dependencies. We probably want to
separate codegen into instance-specific and module-generic purpose -
eventually.
BUG=
Review-Url: https://codereview.chromium.org/2085863003
Cr-Commit-Position: refs/heads/master@{#37126}
Reason for revert:
MIPS compilation error.
Original issue's description:
> Refactor CpuProfiler.
>
> Currently CpuProfiler is a subclass of CodeEventListener, it listens code events
> from Logger, constructs and stores CodeEventsContainer. This patch is part of
> the effort to split the logic of CodeEventListener as ProfilerListener out of
> the profiling functionality logic in CpuProfiler. A ProfilerListener will listen
> to code events, construct code event to CodeEventsContainer and pass it to code
> event handler.
>
> The reason we refactor CpuProfiler is that eventually we want to move
> CpuProfiler as part of sampler library and code event listener should stay
> inside V8.
>
> Main changes:
> 1. Refactored CpuProfiler into two parts, the CpuProfiler with profling
> functionality and the ProfilerListener listening to code events from Logger.
> 2. Created CodeEventObserver and made CpuProfiler inherit from it.
> ProfilerListener will have a list of observers and call CodeEventHandler once a
> code event is created.
> 3. Moved code entry list from CodeEntry to ProfilerListener.
>
> Minor changes:
> 1. Moved static code entry as part of CodeEntry.
> 2. Added ProfilerListener to Logger.
>
> BUG=v8:4789
>
> Committed: https://crrev.com/cb59fc1facc9b390e2c7544b4da56a4e0a9b3222
> Cr-Commit-Position: refs/heads/master@{#37112}
TBR=alph@chromium.org,jochen@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4789
Review-Url: https://codereview.chromium.org/2079273003
Cr-Commit-Position: refs/heads/master@{#37113}
Currently CpuProfiler is a subclass of CodeEventListener, it listens code events
from Logger, constructs and stores CodeEventsContainer. This patch is part of
the effort to split the logic of CodeEventListener as ProfilerListener out of
the profiling functionality logic in CpuProfiler. A ProfilerListener will listen
to code events, construct code event to CodeEventsContainer and pass it to code
event handler.
The reason we refactor CpuProfiler is that eventually we want to move
CpuProfiler as part of sampler library and code event listener should stay
inside V8.
Main changes:
1. Refactored CpuProfiler into two parts, the CpuProfiler with profling
functionality and the ProfilerListener listening to code events from Logger.
2. Created CodeEventObserver and made CpuProfiler inherit from it.
ProfilerListener will have a list of observers and call CodeEventHandler once a
code event is created.
3. Moved code entry list from CodeEntry to ProfilerListener.
Minor changes:
1. Moved static code entry as part of CodeEntry.
2. Added ProfilerListener to Logger.
BUG=v8:4789
Review-Url: https://codereview.chromium.org/2053523003
Cr-Commit-Position: refs/heads/master@{#37112}
Port 481502dad9
Float32SubMinusZero and Float64SubMinusZero tests are failing because MIPS does not preserve NaN payload according to Wasm spec. Implemented macro-assembler methods that check for NaN operands, and return the qNaN value with preserved payload and sign bits.
TEST=cctest/test-run-wasm/Run_WasmFloat32SubMinusZero, cctest/test-run-wasm/Run_WasmFloat64SubMinusZero
BUG=
patch from issue 2019693002 at patchset 140001 (http://crrev.com/2019693002#ps140001)
R=ahaas@chromium.org
Review-Url: https://codereview.chromium.org/2066483008
Cr-Commit-Position: refs/heads/master@{#37105}
Adds an evacuation mode that allows moving pages within new space without
copying objects.
Basic idea:
a) Move page within new space
b) Sweep page to make iterable and process ArrayBuffers
c) Finish sweep till next scavenge
Threshold is currently 70% live bytes, i.e., the same threshold we use
to determine fragmented pages.
This reverts commit 2263ee9bf4.
BUG=chromium:581412
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/2078863002
Cr-Commit-Position: refs/heads/master@{#37104}
Reason for revert:
[Sheriff] Speculative revert for crashes on chrubuntu chromebooks:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm/builds/320
Original issue's description:
> Implement WASM big-endian support.
>
> Implement WASM support on big-endian platforms. WASM has
> an implicit requirement that it is running on little-endian
> machine. We achieve WASM support on BE by keeping data
> in memory in little-endian order, and changing data
> endianness before storing to memory and after loading from
> memory.
>
> BUG=
>
> Committed: https://crrev.com/d3f3f6c8186b2a53f0c539f7bba0c3708c4d83f9
> Cr-Commit-Position: refs/heads/master@{#37065}
TBR=titzer@chromium.org,akos.palfi@imgtec.com,balazs.kilvady@imgtec.com,jyan@ca.ibm.com,ivica.bogosavljevic@imgtec.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review-Url: https://codereview.chromium.org/2080153002
Cr-Commit-Position: refs/heads/master@{#37091}
Import base::ieee754::tan() from fdlibm and introduce Float64Tan TurboFan
operator based on that, similar to what we do for Float64Cos and Float64Sin.
Rewrite Math.tan() as TurboFan builtin and use those operators to also
inline Math.tan() into optimized TurboFan functions.
Drive-by-fix: Kill the %_ConstructDouble intrinsics, and provide only
the %ConstructDouble runtime entry for writing tests.
BUG=v8:5086,v8:5126
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2083453002
Cr-Commit-Position: refs/heads/master@{#37087}
Compilation of wasm functions happens before instantiation. Imports are linked afterwards, at instantiation time. Globals and memory are also
allocated and then tied in via relocation at instantiation time.
This paves the way for implementing Wasm.compile, a prerequisite to
offering the compiled code serialization feature.
Currently, the WasmModule::Compile method just returns a fixed array
containing the code objects. More appropriate modeling of the compiled module to come.
Opportunistically centralized the logic on how to update memory
references, size, and globals, since that logic is the exact same on each
architecture, except for the actual storing of values back in the
instruction stream.
BUG=v8:5072
Review-Url: https://codereview.chromium.org/2056633002
Cr-Commit-Position: refs/heads/master@{#37086}
Import base::ieee754::cos() and base::ieee754::sin() from fdlibm and
introduce Float64Cos and Float64Sin TurboFan operator based on that,
similar to what we do for Float64Log. Rewrite Math.cos() and Math.sin()
as TurboFan builtins and use those operators to also inline Math.cos()
and Math.sin() into optimized TurboFan functions.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
R=mvstanton@chromium.org
BUG=v8:5086,v8:5118
Review-Url: https://codereview.chromium.org/2073123002
Cr-Commit-Position: refs/heads/master@{#37072}
Implement WASM support on big-endian platforms. WASM has
an implicit requirement that it is running on little-endian
machine. We achieve WASM support on BE by keeping data
in memory in little-endian order, and changing data
endianness before storing to memory and after loading from
memory.
BUG=
Review-Url: https://codereview.chromium.org/2034093002
Cr-Commit-Position: refs/heads/master@{#37065}
Disassembler:
added decoding of a few instructions that were previously unsupported, fixed the decoding of pextr.
Assembler:
pmulld(XMMRegister, Operand) was actually emitting a pmuludq.
punpckldq(XMMRegister, XMMRegister) was implemented a second time as punpackldq.
BUG=
Review-Url: https://codereview.chromium.org/2070863002
Cr-Commit-Position: refs/heads/master@{#37059}
Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.exp() as TurboFan builtin and use that operator to also
inline Math.exp() into optimized TurboFan functions.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108,chromium:620786
R=mvstanton@chromium.org
Committed: https://crrev.com/93e26314afc9da9b5b8bd998688262444ed73260
Review-Url: https://codereview.chromium.org/2077533002
Cr-Original-Commit-Position: refs/heads/master@{#37037}
Cr-Commit-Position: refs/heads/master@{#37047}
Reason for revert:
Fragmentation of LABs could result in increasing memory usage (pages) instead of shrinking.
BUG=chromium:620320
LOG=N
Original issue's description:
> [heap] Add page evacuation mode for new->new
>
> Adds an evacuation mode that allows moving pages within new space without
> copying objects.
>
> Basic idea:
> a) Move page within new space
> b) Sweep page to make iterable and process ArrayBuffers
> c) Finish sweep till next scavenge
>
> Threshold is currently 70% live bytes, i.e., the same threshold we use
> to determine fragmented pages.
>
> BUG=chromium:581412
> LOG=N
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/49b23201671b25092a3c22eb85783f39b95a5f87
> Cr-Commit-Position: refs/heads/master@{#36990}
TBR=ulan@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:581412
Review-Url: https://codereview.chromium.org/2063013005
Cr-Commit-Position: refs/heads/master@{#37042}
Reason for revert:
[Sheriff] Leads to some different rounding as it seems in some audio layout tests. Please rebase upstream first if intended:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7508
Original issue's description:
> [builtins] Introduce proper Float64Exp operator.
>
> Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
> TurboFan operator based on that, similar to what we do for Float64Log.
> Rewrite Math.exp() as TurboFan builtin and use that operator to also
> inline Math.exp() into optimized TurboFan functions.
>
> BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
> R=mvstanton@chromium.org
>
> Committed: https://crrev.com/93e26314afc9da9b5b8bd998688262444ed73260
> Cr-Commit-Position: refs/heads/master@{#37037}
TBR=mvstanton@chromium.org,ahaas@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
Review-Url: https://codereview.chromium.org/2070813002
Cr-Commit-Position: refs/heads/master@{#37039}
Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.exp() as TurboFan builtin and use that operator to also
inline Math.exp() into optimized TurboFan functions.
BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2077533002
Cr-Commit-Position: refs/heads/master@{#37037}
We report the byte offset as column number, but devtools assumes them
to be 1-based and subtracts one unconditionally before further
processing it. It's a bit unfortunate, but because of that we have to
just add 1 to the reported column number on the public StackTrace API.
R=ahaas@chromium.org, titzer@chromium.org
BUG=chromium:613110
Review-Url: https://codereview.chromium.org/2071563002
Cr-Commit-Position: refs/heads/master@{#37036}
Those were wrongly translated from gyp with ia32. This should
land before renaming v8_target_arch to v8_target_cpu.
BUG=chromium:620527
NOTRY=true
TBR=vogelheim@chromium.org
Review-Url: https://codereview.chromium.org/2065323004
Cr-Commit-Position: refs/heads/master@{#37027}
The patch introduces a dedicated dispatching class for JIT code events. It is
set as a helper on the isolate.
This allows classes across v8 to break their dependency on Logger and CpuProfiler.
These two became just regular clients of the dispatcher.
BUG=v8:4789
Review-Url: https://codereview.chromium.org/2061623002
Cr-Commit-Position: refs/heads/master@{#37005}
Adds an evacuation mode that allows moving pages within new space without
copying objects.
Basic idea:
a) Move page within new space
b) Sweep page to make iterable and process ArrayBuffers
c) Finish sweep till next scavenge
Threshold is currently 70% live bytes, i.e., the same threshold we use
to determine fragmented pages.
BUG=chromium:581412
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/1957323003
Cr-Commit-Position: refs/heads/master@{#36990}
Named capture groups may be specified using the /(?<name>pattern)/u
syntax, with named backreferences specified as /\k<name>/u. They're
hidden behind the --harmony-regexp-named-captures flag, and are only
enabled for unicode regexps.
R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2050343002
Cr-Commit-Position: refs/heads/master@{#36986}
The last 4 test cases in test/cctest/wasm/test-run-wasm-asmjs.cc added by the CL 36911 (https://codereview.chromium.org/2061583002) use float_t and double_t type for WasmRunner.
For examples: At line 249: WasmRunner<float_t> r(&module, MachineType::Uint32());
But float_t and double_t depends on FLT_EVAL_METHOD macro of compiler. FLT_EVAL_METHOD is variant on different platform, if the FLT_EVAL_METHOD is 2, both float_t and double_t will be long
double and gcc or clang will met error when compiling WasmRunner<long double> r(&module,MachineType::Uint32());
For more details, please refer:
float_t: http://www.cplusplus.com/reference/cmath/float_t/
FLT_EVAL_METHOD: https://en.wikipedia.org/wiki/C99 check the IEEE 754 floating point support section directly.
This CL used float and double to replace float_t and double_t to avoid this issue.
BUG=
Review-Url: https://codereview.chromium.org/2066703003
Cr-Commit-Position: refs/heads/master@{#36982}
Reporting use counts by invoking a callback once per occurrence has
a large overhead cost in certain situations, for example when it needs
to be dispatched to a different thread (which is the case for Web Workers).
Parsing large scripts can produce a lot of occurrences (strict/sloppy mode
once per function).
Chromium (the only known user of UseCounters so far) does not actually care
about number of occurrences, but simply whether they happened at least once.
This commit changes behavior to report features at most once, which dramatically
improves performance for impacted use cases, and should not affect the only
known real world usage.
R=littledan@chromium.org
BUG=chromium:614775
Review-Url: https://codereview.chromium.org/2062203002
Cr-Commit-Position: refs/heads/master@{#36979}
Support for relocatable globals, to facilitate compilation before
instantiation.
BUG=v8:5072
Review-Url: https://codereview.chromium.org/2062003002
Cr-Commit-Position: refs/heads/master@{#36978}
The former will handle loads of predeclared global variables (vars and
functions), lets, consts and undeclared variables. The latter will handle
named loads from explicit receiver. In addition, named loads does not
depend of the TypeofMode.
TypeofMode related cleanup will be done in the follow-up CL.
BUG=chromium:576312
LOG=Y
TBR=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/1912633002
Cr-Commit-Position: refs/heads/master@{#36965}
Moves between operands with different representations shouldn't happen,
so don't test them. This makes it easier to modify canonicalization to
differentiate between floating point types, which is needed to support
floating point register aliasing for ARM and MIPS.
This change also expands tests to include explicit FP moves (both register and stack slot).
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2060273003
Cr-Commit-Position: refs/heads/master@{#36963}
Reason for revert:
Cannot reproduce gc-stress failures locally.
Original issue's description:
> Revert of Replace all remaining Oddball checks with new function (patchset #10 id:180001 of https://codereview.chromium.org/2043183003/ )
>
> Reason for revert:
> failing tests
>
> Original issue's description:
> > Replace all remaining Oddball checks with new function
> >
> > This CL removes the IsUndefined() and Co. methods from Object and HeapObject.
> > The new method all take the isolate as parameter.
> >
> > BUG=
> >
> > Committed: https://crrev.com/ccefb3ae5fe967288d568013fb04e8761eafebc5
> > Cr-Commit-Position: refs/heads/master@{#36921}
>
> TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/33b8bc24a12fb062100c0be84456faeb0b9fa5d1
> Cr-Commit-Position: refs/heads/master@{#36923}
TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2059173002
Cr-Commit-Position: refs/heads/master@{#36957}
This moves common configs used by all v8 targets into
common templates.
This also fixes using v8_optimized_debug correctly in
executables and components.
BUG=chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/2054803003
Cr-Commit-Position: refs/heads/master@{#36956}
Reason for revert:
failing tests
Original issue's description:
> Replace all remaining Oddball checks with new function
>
> This CL removes the IsUndefined() and Co. methods from Object and HeapObject.
> The new method all take the isolate as parameter.
>
> BUG=
>
> Committed: https://crrev.com/ccefb3ae5fe967288d568013fb04e8761eafebc5
> Cr-Commit-Position: refs/heads/master@{#36921}
TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2060213002
Cr-Commit-Position: refs/heads/master@{#36923}
This CL removes the IsUndefined() and Co. methods from Object and HeapObject.
The new method all take the isolate as parameter.
BUG=
Review-Url: https://codereview.chromium.org/2043183003
Cr-Commit-Position: refs/heads/master@{#36921}
Import base::ieee754::atan() and base::ieee754::atan2() from fdlibm and
introduce Float64Atan and Float64Atan2 TurboFan operators based on those,
similar to what we already did for Float64Log and Float64Log1p. Rewrite
Math.atan() and Math.atan2() as TurboFan builtin and use the operators
to also inline Math.atan() and Math.atan2() into optimized TurboFan functions.
R=yangguo@chromium.org
BUG=v8:5086,v8:5095
Review-Url: https://codereview.chromium.org/2065503002
Cr-Commit-Position: refs/heads/master@{#36916}
Import base::ieee754::log1p() from fdlibm and introduce a Float64Log1p
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.log1p() as TurboFan builtin and use that operator to also
inline Math.log1p() into optimized TurboFan functions.
Also unify the handling of the special IEEE 754 functions somewhat in
the TurboFan backends. At some point we can hopefully express this
completely in the InstructionSelector (once we have an idea what to do
with the ST(0) return issue on IA-32/X87).
Drive-by-fix: Add some more test coverage for the log function.
R=yangguo@chromium.org
BUG=v8:5086,v8:5092
Review-Url: https://codereview.chromium.org/2060743002
Cr-Commit-Position: refs/heads/master@{#36914}
MemoryOperands, on IA32. This needed to be fixed so that we can
compile wasm code before creating instances, since the compiled code
needs to be patched up for memory and globals references.
This surfaces in asm-to-wasm scenarios.
Added testing (rather, enhanced existing tests).
Note patch#1 where we fail on ia32, and patch#2 with the fix.
BUG=v8:5072
Review-Url: https://codereview.chromium.org/2061583002
Cr-Commit-Position: refs/heads/master@{#36911}
It is expected that temporarily used strings die while they are
in new heap. So we can avoid to pay a heavy cost to externalize
them. If they are used for times, externalization will happen
when they move to an old heap.
BUG=chrmoium:606093
Review-Url: https://codereview.chromium.org/2046933002
Cr-Commit-Position: refs/heads/master@{#36907}
In commit b3bfc0bd58, I corrected the source
position of yield-exceptions by not setting the "return position" on returns
that correspond to yields. It turns out that this caused a bug with debug
stepping. The proper fix is to keep the return position on those returns but
additionally attach the yield's source position to the Throw emitted in
VisitYield.
R=rmcilroy@chromium.org, yangguo@chromium.org
BUG=v8:4907
Review-Url: https://codereview.chromium.org/2051783002
Cr-Commit-Position: refs/heads/master@{#36896}
after the first GC if time allows and there is memory to be freed.
BUG=chromium:618958
LOG=NO
Review-Url: https://codereview.chromium.org/2057103002
Cr-Commit-Position: refs/heads/master@{#36894}
This should solve the problem with missing checkpoints after JSToNumber
(PlainPrimitiveToNumber is marked no-write, so the frame-state
propagation should see through it.)
Unfortunately, this also duplicates the word32- and float64-truncation
magic that we have for JSToNumber in "simplified lowering".
Review-Url: https://codereview.chromium.org/2059653002
Cr-Commit-Position: refs/heads/master@{#36881}
This switches Math.log to use an fdlibm based version of log, imported
as base::ieee754::log, and use that consistently everywhere, i.e. change
the Float64Log TurboFan operators on Intel to use the C++ implementation
as well (same for Crankshaft).
R=yangguo@chromium.org
BUG=v8:5065,v8:5086
Review-Url: https://codereview.chromium.org/2053893003
Cr-Commit-Position: refs/heads/master@{#36880}
We ported hashmap.h into libsampler as a workaround before, so the main focus of
this patch is to reduce code duplication. This patch moves the hashmap into
src/base as well as creates DefaultAllocationPolicy using malloc and free.
BUG=v8:5050
LOG=n
Review-Url: https://codereview.chromium.org/2010243003
Cr-Commit-Position: refs/heads/master@{#36873}
There are no ICs left that store their state in this field: vector based
ICs use feedback vector and the rest three (BinaryOpIC, CompareIC and
ToBooleanIC) reconstruct their state from the ExtraICState field.
This CL also removes unused InlineCacheState::DEBUG_STUB which was used
mostly in Code::is_debug_stub(). The latter now checks if the code is one
of the debug builtins instead.
BUG=chromium:618701
LOG=Y
Review-Url: https://codereview.chromium.org/2052763003
Cr-Commit-Position: refs/heads/master@{#36871}
This makes sure we do not compile ToNumber stub on demand. This makes it
easier to use during concurrent compilation.
Review-Url: https://codereview.chromium.org/2051113002
Cr-Commit-Position: refs/heads/master@{#36870}
With this change the bytecode array builder only emits expression
positions for bytecodes that can throw. This allows more peephole
optimization opportunities and results in smaller code.
BUG=v8:4280,chromium:615979
LOG=N
Review-Url: https://codereview.chromium.org/2038323002
Cr-Commit-Position: refs/heads/master@{#36863}
The optimization stages in the bytecode generation pipeline must
preserve source position information. Failure to preserve
source position information could result in single stepping
in the debugger misbehaving or mis-reporting in exception stack traces.
This change adds tests intended to check optimizations do not damage
source position info.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2042633002
Cr-Commit-Position: refs/heads/master@{#36855}
Now they use a proper way of checking if the snapshot is available or not.
Review-Url: https://codereview.chromium.org/2054693002
Cr-Commit-Position: refs/heads/master@{#36844}
This allows using icu data, bundled in the icudtl.dat file,
to be loaded automatically from a default location
side-by-side with the executable.
The v8 stand-alone default is still to use statically
linked ICU data, but this will be switched in a separate
follow-up CL.
BUG=chromium:616033
LOG=y
Review-Url: https://codereview.chromium.org/2042253002
Cr-Commit-Position: refs/heads/master@{#36823}
This reverts commit d3a43e47dd.
This patch also adds typed_array_fun and typed_array_protoype to the
native context. These are used in InstallTypedArray to set up the
prototype chain correctly for each typed array sub class. This removes
the need to later monkey patch them prototype chain in typedarray.js.
This mechanism is also used to get hold of the TypedArray in
typedarray.js, removing the need for a global TypedArray.
This patch updates CallRuntime.golden to account for the two extra
native runtime calls. This patch also fixes some formatting issues (by
running git cl format).
BUG=chromium:579905, chromium:593634, v8:4085, v8:5073
Review-Url: https://codereview.chromium.org/2046333002
Cr-Commit-Position: refs/heads/master@{#36811}
Reason for revert:
Needs fixing of slot set.
Original issue's description:
> [heap] Uncommit unused large object page memory.
>
> As a first step I uncommit the memory on the main thread. Also to measure impact and stability of that optimization. In a follow-up CL, the uncommitting should be moved on the concurrent thread.
>
> BUG=
>
> Committed: https://crrev.com/d61a5c376ba51145dc4684e39d5d3a9ce75bcfa6
> Cr-Commit-Position: refs/heads/master@{#36763}
TBR=ulan@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review-Url: https://codereview.chromium.org/2043263002
Cr-Commit-Position: refs/heads/master@{#36807}
backing store.
Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
are processed by the sweeper concurrently.
BUG=chromium:611688
LOG=N
TEST=cctest/test-array-buffer-tracker/*
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/2036643002
Cr-Commit-Position: refs/heads/master@{#36798}
PrimaryStubCache and SecondaryStubCache: resurrected outdated tests (and enabled stub cache counters in the new LoadIC).
TryProbeStubCache: decreased number of code objects created.
Review-Url: https://codereview.chromium.org/2040193002
Cr-Commit-Position: refs/heads/master@{#36794}
In most cases we return a Smi and undefined for the other cases. Hence there
is no need to handlify the result unecessary. Additionally pass in the isolate
for the hash-symbol lookup.
BUG=
Review-Url: https://codereview.chromium.org/2044843002
Cr-Commit-Position: refs/heads/master@{#36790}
As a first step I uncommit the memory on the main thread. Also to measure impact and stability of that optimization. In a follow-up CL, the uncommitting should be moved on the concurrent thread.
BUG=
Review-Url: https://codereview.chromium.org/2032393002
Cr-Commit-Position: refs/heads/master@{#36763}
The stubs do not increase respective counters as they are in the snapshot and --native-code-counters is off during snapshot creation anyway.
Review-Url: https://codereview.chromium.org/2031753003
Cr-Commit-Position: refs/heads/master@{#36754}
Since the generic GetCallingContext is deprecated, but there's still the
use case for the debugger to get the currently debugged context while in
the debug context, add a convenience API for it.
Note that EventDetails already exposes this context, but the embedder
might not necessarily have the EventDetails around.
R=verwaest@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2040853003
Cr-Commit-Position: refs/heads/master@{#36751}
Passing in the isolate and pointer compare the instnance against the
corresponding constant is always faster than decoding the instance types.
BUG=
Review-Url: https://codereview.chromium.org/2028983002
Cr-Commit-Position: refs/heads/master@{#36744}
This is mostly about DCHECKs. Enabling some requires a few
changes to tests that were not careful about types.
BUG=
Review-Url: https://codereview.chromium.org/2033703002
Cr-Commit-Position: refs/heads/master@{#36734}
This change requires a single pass over the register set during
bytecode pipeline flushes.
A few bytecode tests are updated too because the order of register
flushes is different.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2033013002
Cr-Commit-Position: refs/heads/master@{#36726}
This moves processing of jumps out of bytecode array builder and into
bytecode array writer. This simplifies the pipeline by avoiding having
to flush for offset and patch up offsets in bytecode array builder based
on what was emitted by the bytecode array writer.
This also enables future refactorings to add dead code elimination back
into the pipeline, and move processing of scalable operand sizes to the
end of the pipeline (in the bytecode array writer) rather than having to
deal with scalable operand types throughout pipeline.
BUG=v8:4280,chromium:616064
Review-Url: https://codereview.chromium.org/2035813002
Cr-Commit-Position: refs/heads/master@{#36716}
Add intrinsics for IsSmi, IsTypedArray, IsRegExp and IsJSProxy,
all of which are intrinsics in Full-Codegen.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2034493002
Cr-Commit-Position: refs/heads/master@{#36707}
Introduce a dedicated Float64Log machine operator, that is either
implemented by a direct C call or by platform specific code, i.e.
using the FPU on x64 and ia32.
This operator is used to implement Math.log as a proper TurboFan
builtin on top of the CodeStubAssembler.
Also introduce a NumberLog simplified operator on top of Float64Log
and use that for the fast inline path of Math.log inside TurboFan
optimized code.
BUG=v8:5065
Review-Url: https://codereview.chromium.org/2029413005
Cr-Commit-Position: refs/heads/master@{#36703}
VC++ complains about truncation of integer constants despite use of
static_cast. This isn't very helpful as it gives no way of suppressing
the warning in code, so this change suppresses it on the command line.
Additionally, the linker complains about importing of locally defined
functions in component builds. Until this is fixed the warnings should
be suppressed.
NOTRY=true
Review-Url: https://codereview.chromium.org/2028353004
Cr-Commit-Position: refs/heads/master@{#36695}
Previously, CodeAssembler Variables declared in an explicit C++ scope would
continue to be merged into future labels beyond that scope, causing
asserts. This CL ensures that Variables are properly ignored when they go out of
scope.
Review-Url: https://codereview.chromium.org/2035683002
Cr-Commit-Position: refs/heads/master@{#36690}
Previously, turbofan selected the gap use from first predecessor block when
hinting a phi, unless that block was deferred, in which case the gap move from
the first non-deferred predecessor block was chosen.
This strategy didn't guarantee that an important invariant was maintained: the
predecessor blocks chosen for hinting phis must preceed the phi's block in the
rpo ordering. In most cases the strategy worked, since graphs generated by the
AstGraphBuilder and existing stubs just happened to always generate schedules
where this rpo ordering property for the first predecessor block, but it is
quite possible to generate a code stub by hand that doesn't have this property
(see included test case).
After this CL, the allocator chooses either the the first non-deferred
"rpo-preceeding" block to be the hinting block, or the first deferred
"rpo-preceeding" block if that doesn't exist. In all previously-existing code,
this behavior is the same as the original algorithm, but has the benefit of not
failing in the register allocator in hand-crafted stubs where all the
"rpo-preceeding" predecessors are all in deferred code.
Review-Url: https://codereview.chromium.org/2030463003
Cr-Commit-Position: refs/heads/master@{#36689}
... since CodeStubAssembler does not belong to v8::internal::compiler namespace anymore.
Review-Url: https://codereview.chromium.org/2035533003
Cr-Commit-Position: refs/heads/master@{#36683}
Most maps have a small code cache (often only one entry), so this patch
optimizes memory consumption of such cases by using plain FixedArrays,
only switching to CodeCacheHashTables when the number of cached entries
gets so large that linear-scan lookups get too slow.
On loading inbox.google.com, this gets the aggregate size of all maps'
code caches (there are about 13,600 of them) from 4300 KB to 970 KB.
Review-Url: https://codereview.chromium.org/2021373002
Cr-Commit-Position: refs/heads/master@{#36681}
This introduces optimized number operations based on type feedback.
Summary of changes:
1. Typed lowering produces SpeculativeNumberAdd/Subtract for JSAdd/Subtract if
there is suitable feedback. The speculative nodes are connected to both the
effect chain and the control chain and they retain the eager frame state.
2. Simplified lowering now executes in three phases:
a. Propagation phase computes truncations by traversing the graph from uses to
definitions until checkpoint is reached. It also records type-check decisions
for later typing phase, and computes representation.
b. The typing phase computes more precise types base on the speculative types (and recomputes
representation for affected nodes).
c. The lowering phase performs lowering and inserts representation changes and/or checks.
3. Effect-control linearization lowers the checks to machine graphs.
Notes:
- SimplifiedLowering will be refactored to have handling of each operation one place and
with clearer input/output protocol for each sub-phase. I would prefer to do this once
we have more operations implemented, and the pattern is clearer.
- The check operations (Checked<A>To<B>) should have some flags that would affect
the kind of truncations that they can handle. E.g., if we know that a node produces
a number, we can omit the oddball check in the CheckedTaggedToFloat64 lowering.
- In future, we want the typer to reuse the logic from OperationTyper.
BUG=v8:4583
LOG=n
Review-Url: https://codereview.chromium.org/1921563002
Cr-Commit-Position: refs/heads/master@{#36674}
Reason for revert:
Also failing with the new implementation:
https://build.chromium.org/p/chromium.gpu/builders/Linux%20Debug%20%28NVIDIA%29/builds/62646
Will do a local repro now.
Original issue's description:
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
> are processed by the sweeper concurrently.
>
> BUG=chromium:611688
> LOG=N
> TEST=cctest/test-array-buffer-tracker/*
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/279e274eccf95fbb4bd41d908b9153acf6ec118a
> Cr-Commit-Position: refs/heads/master@{#36653}
TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688
Review-Url: https://codereview.chromium.org/2032973002
Cr-Commit-Position: refs/heads/master@{#36663}
Eliminating dead code in the bytecode array builder doesn't play nice
with the register elimination optimizer. We should move it to it's own
stage in the optimization pipeline, however doing so would require
refactoring of how we deal with jumps, so for now just remove the dead
code elimination optimization.
BUG=chromium:616064
Review-Url: https://codereview.chromium.org/2030583002
Cr-Commit-Position: refs/heads/master@{#36660}
Reason for revert:
There are crashes on Win32 and Win64 bots.
Original issue's description:
> Extend HasProperty stub with dictionary-mode, string wrapper and double-elements objects support.
>
> This CL also replaces some Branch() usages with GotoIf/GotoUnless.
>
> BUG=v8:2743
> LOG=Y
>
> Committed: https://crrev.com/24066b6df4259b302edfa1db884c479008776a7e
> Cr-Commit-Position: refs/heads/master@{#36657}
TBR=verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2743
Review-Url: https://codereview.chromium.org/2028333002
Cr-Commit-Position: refs/heads/master@{#36659}
This CL also replaces some Branch() usages with GotoIf/GotoUnless.
BUG=v8:2743
LOG=Y
Review-Url: https://codereview.chromium.org/1995453002
Cr-Commit-Position: refs/heads/master@{#36657}
backing store.
Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
are processed by the sweeper concurrently.
BUG=chromium:611688
LOG=N
TEST=cctest/test-array-buffer-tracker/*
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/2026633003
Cr-Commit-Position: refs/heads/master@{#36653}
This CL also updates the elements kind transition lookup logic:
1) First we go back to the root map,
2) Follow elements kind transitions,
3) Replay the property transitions.
BUG=v8:5009
LOG=Y
TBR=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2015513002
Cr-Commit-Position: refs/heads/master@{#36652}
It happens that a scavenger runs during incremental marking. Currently scavenger does not care about MarkCompact's mark bits. When an object is alive and marked, and at least one scavenge happens during incremental marking, the object will be copied once to the other semispace in the new_space, and then once to the old_space. For surviving objects this is useless extra work.
In our current attempts (https://codereview.chromium.org/1988623002) to ensure marked objects are scavenged, all marked objects will survive therefore there will be many objects which will be uselessly copied.
This cl modifies our promotion logic so when incremental marking is in progress, and the object is marked, we promote it unconditionally.
BUG=
LOG=no
Review-Url: https://codereview.chromium.org/2005173003
Cr-Commit-Position: refs/heads/master@{#36643}
Async functions are built out of generators, but the
SharedFunctionInfo returns false for is_generator. is_resumable is
the broader query. This patch fixes many parts of V8 to refer
to is_resumable as appropriate.
One incidental change is to remove a check for generators extending
classes. This is part of a general check for constructors being the
only thing which can extend classes, so it is removed here and the
error message for the general case is made more accurate.
BUG=v8:4483
Review-Url: https://codereview.chromium.org/1996943002
Cr-Commit-Position: refs/heads/master@{#36621}
This prevents the compiler from optimizing
f64-to-tagged(tagged-to-f64(x)) ==> x
for non-number x (such as undefined).
Review-Url: https://codereview.chromium.org/2027593002
Cr-Commit-Position: refs/heads/master@{#36613}
Reason for revert:
Breaking
http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20avx2/builds/7972
Original issue's description:
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
> are processed by the sweeper concurrently.
>
> BUG=chromium:611688
> LOG=N
> TEST=cctest/test-array-buffer-tracker/*
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/089da007bb990b5b29aab257aa836fdd3f3b8ce0
> Cr-Commit-Position: refs/heads/master@{#36608}
TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688
Review-Url: https://codereview.chromium.org/2028503003
Cr-Commit-Position: refs/heads/master@{#36609}
backing store.
Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
are processed by the sweeper concurrently.
BUG=chromium:611688
LOG=N
TEST=cctest/test-array-buffer-tracker/*
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/2024063002
Cr-Commit-Position: refs/heads/master@{#36608}
Expose more or less the full functionality of the KeyAccumulator in the API:
- use the PropertyFilter introduced for GetOwnPropertyNames
- use KeyCollectionLimit for OWN_ONLY or INLCUDE_PROTOS
- use IndexFilter to eithe SKIP_INDICES or INCLUDE_INDICES
Rewire Object::GetOwnPropertyNames to use GetPropertyNames.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2002203002
Cr-Commit-Position: refs/heads/master@{#36595}
