Track based on JSArrayBuffer addresses on pages instead of the attached
backing store.
Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
are processed by the sweeper concurrently.
This reverts commit 93fe04afa9.
R=hpayer@chromium.org
BUG=chromium:611688
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/2007253002
Cr-Commit-Position: refs/heads/master@{#36513}
Caching nodes with mutable inputs is a bad idea and already blew up
twice now, so in order to avoid further breakage, let's kill the
EmptyFrameState caching on JSGraph completely and only cache the empty
state values there.
We can remove the hacking from JSTypedLowering completely once we have
the PlainPrimitiveToNumber in action.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2006423003
Cr-Commit-Position: refs/heads/master@{#36511}
Previously we first created a temporary graph for the inlinee and then
copied over all the nodes to the actual graph. This however introduces
unnecessary complexity, and we can instead just create the inlinee
inside the target graph.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2006353003
Cr-Commit-Position: refs/heads/master@{#36508}
This change introduces five fused bytecodes for common bytecode
sequences on popular websites. These are LdrNamedProperty,
LdrKeyedProperty, LdrGlobal, LdrContextSlot, and LdrUndefined. These
load values into a destination register operand instead of the
accumulator. They are emitted by the peephole optimizer.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1985753002
Cr-Commit-Position: refs/heads/master@{#36507}
It's always possible to deoptimize to Ignition from TurboFan, and we
don't use Ignition for asm.js code, so there's no need to have the empty
frame state magic in the BytecodeGraphBuilder.
R=mstarzinger@chromium.org
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2008243002
Cr-Commit-Position: refs/heads/master@{#36505}
port 0d22e7e46a (r36482)
original commit message:
Sequences like:
1: Load[kRepWord32|kTypeInt32](<address>, ...)
2: Word32And(1, <constant>)
3: Word32Equal(2, <another constant>)
4: Store[(kRepWord32 : NoWriteBarrier)](<address>, <value>)
5: Branch[None](3, ...) -> B1, B2
where #1 and #4 refer to the same memory location, are problematic because in VisitBranch we assume that 'InstructionSelector::CanCover()' is transitive.
What happens is that CanCover(5, 3) is true (3 is a pure op), and so are CanCover(3, 2), CanCover(2, 1), but the effect level of 5 and 3 never gets checked because 3 is a pure op. Upon VisitBranch, we
mov [address], <value>
test [address], <another constant>
With this patch, it becomes:
mov reg, [address]
mov [address], <value>
test reg, <another constant>
BUG=
Review-Url: https://codereview.chromium.org/2006223004
Cr-Commit-Position: refs/heads/master@{#36501}
Add stack overflow checks to AstTraversalVisitor, and let
AstExpressionVisitor reuse traversal logic from AstTraversalVisitor.
R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2004363002
Cr-Commit-Position: refs/heads/master@{#36500}
This interpreter directly decodes and executes WASM binary code for
the purpose of supporting low-level debugging. It is not currently
integrated into the main WASM implementation.
R=ahaas@chromium.org,clemensh@chromium.org,rossberg@chromium.org,binji@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/1972153002
Cr-Commit-Position: refs/heads/master@{#36497}
Track based on JSArrayBuffer addresses on pages instead of the attached
backing store.
Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
are processed by the sweeper concurrently.
This reverts commit d2dff0320b.
R=hpayer@chromium.org
BUG=chromium:611688
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/2005723005
Cr-Commit-Position: refs/heads/master@{#36495}
All EVALUATE functions for unimplemented instructions will now throw an UNIMPLEMENTED error if called.
R=joransiu@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com,jyan@ca.ibm.com
BUG=
Review-Url: https://codereview.chromium.org/2005493002
Cr-Commit-Position: refs/heads/master@{#36488}
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/6248
Original issue's description:
> [keys] Simplify KeyAccumulator
>
> - Use KeyAccumulator::GetKeys directly instead of JSReceiver::GetKeys
> - Revert KeyAccumulator to single OrderedHashSet implementation.
> - Convert the OrderedHashSet in-place to a FixedArray
> - IndexedInterceptor indices are no longer combined and sorted with the object indices
>
> BUG=
>
> Committed: https://crrev.com/d3324df017046bcde247a5aef6d1b59bfae5908f
> Cr-Commit-Position: refs/heads/master@{#36485}
TBR=jkummerow@chromium.org,verwaest@chromium.org,cbruni@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2010593002
Cr-Commit-Position: refs/heads/master@{#36486}
- Use KeyAccumulator::GetKeys directly instead of JSReceiver::GetKeys
- Revert KeyAccumulator to single OrderedHashSet implementation.
- Convert the OrderedHashSet in-place to a FixedArray
- IndexedInterceptor indices are no longer combined and sorted with the object indices
BUG=
Review-Url: https://codereview.chromium.org/1995263002
Cr-Commit-Position: refs/heads/master@{#36485}
Moved globals offsets calculation to the wasm module decoder, since
this is a property of the module, not of each instance.
Qualified as "const" references to WasmModule outside of the decoder
and some test situations.
BUG=
Review-Url: https://codereview.chromium.org/2005933003
Cr-Commit-Position: refs/heads/master@{#36484}
Since we can't OSR from an function compiled with Ignition, this makes it
impossible to tier up asm.js code as it is running. As such, this CL
bypasses Ignition for asm.js code.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1994223002
Cr-Commit-Position: refs/heads/master@{#36483}
Sequences like:
1: Load[kRepWord32|kTypeInt32](<address>, ...)
2: Word32And(1, <constant>)
3: Word32Equal(2, <another constant>)
4: Store[(kRepWord32 : NoWriteBarrier)](<address>, <value>)
5: Branch[None](3, ...) -> B1, B2
where #1 and #4 refer to the same memory location, are problematic because in VisitBranch we assume that 'InstructionSelector::CanCover()' is transitive.
What happens is that CanCover(5, 3) is true (3 is a pure op), and so are CanCover(3, 2), CanCover(2, 1), but the effect level of 5 and 3 never gets checked because 3 is a pure op. Upon VisitBranch, we ended up materializing:
mov [address], <value>
test [address], <another constant>
With this patch, it becomes:
mov reg, [address]
mov [address], <value>
test reg, <another constant>
BUG=chromium:611976
Review-Url: https://codereview.chromium.org/2008493002
Cr-Commit-Position: refs/heads/master@{#36482}
This fixes the SharedFunctionInfo::num_literals field for global builtin
functions (e.g. {Object} and friends) to be accurate. The field was not
being updated by Runtime_SetCode. It also removes the dangerous and by
now obsolete JSFunction::NumberOfLiterals accessor.
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2007943002
Cr-Commit-Position: refs/heads/master@{#36480}
Moved functionality of Script.{lineCount, lineFromPosition, sourceLine,
locationFromLine, and sourceSlice} into runtime functions.
R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2003303002
Cr-Commit-Position: refs/heads/master@{#36469}
For cross-compiler-compatibility and standards compliance %p
requires a void*, rather than any pointer type.
BUG=chromium:474921
Review-Url: https://codereview.chromium.org/2001073002
Cr-Commit-Position: refs/heads/master@{#36466}
This moves setting the v8_target_arch default to the shared
v8.gni, so that it's available in build_overrides for
stand-alone mode.
BUG=chromium:605732, chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/2006213002
Cr-Commit-Position: refs/heads/master@{#36465}