Allocate the registers used as arguments to a call on-demand after visiting the
argument (or reciever). This means that the visited expression can use registers
that would otherwise have been allocated for arguments which haven't been
visited yet.
The reason for doing this is to avoid keeping things live in registers
unecessarily for chained function calls, which avoids a memory leak for
functions which chain a large number of calls with large temporary arguments /
recievers.
BUG=chromium:672027
Review-Url: https://codereview.chromium.org/2557173004
Cr-Commit-Position: refs/heads/master@{#41714}
Reason for revert:
LiveEdit is broken in some cases.
Original issue's description:
> Store SharedFunctionInfos of a Script in a FixedArray indexed by their ID
>
> Now that SharedFunctionInfos have a unique ID (and the IDs are dense),
> we can use them as an index into an array, instead of using a
> WeakFixedArray where we have to do a linear scan.
>
> Hooking up liveedit is a bit more involved, see
> https://docs.google.com/presentation/d/1FtNa3U7WsF5bPhY9uGoJG5Y9hnz5VBDabfOWpb4unWI/edit
> for an overview
>
> BUG=v8:5589
> R=verwaest@chromium.org,jgruber@chromium.org
>
> Committed: https://crrev.com/6595e7405769dc9d49e9568d61485efc6d468baf
> Cr-Commit-Position: refs/heads/master@{#41600}
TBR=jgruber@chromium.org,verwaest@chromium.org,yangguo@chromium.org,jochen@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5589,chromium:673950
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2578433002
Cr-Commit-Position: refs/heads/master@{#41684}
The assignment in default parameters (e.g., function foo(a = somedefault) { }
doesn't flow through PreParserFactory::NewAssignment even if the comment claims so.
Thus, piping through the variables is not needed.
Kudos to neis@ for pointing this out.
BUG=v8:5501
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2569983003
Cr-Commit-Position: refs/heads/master@{#41670}
Reason for revert:
Still flakes on ARM.
Original issue's description:
> [deoptimizer] Enable test that should no longer fail.
>
> R=jarin@chromium.org
> TEST=cctest/test-cpu-profiler/CollectDeoptEvents
>
> Committed: https://crrev.com/3f9c2c590d687562d6adb531d1159738c07013f4
> Cr-Commit-Position: refs/heads/master@{#41664}
TBR=jarin@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2568403003
Cr-Commit-Position: refs/heads/master@{#41667}
Generalize Messages to include an error level.
Add a parameter to AddMessageHandler to select which error levels to receive, using a mask (default being just errors, i.e. the current behavior).
BUG=v8:4203
R=dgozman@chromium.org,machenbach@chromium.org,danno@chromium.org,bmeurer@chromium.org,jochen@chromium.org
Review-Url: https://codereview.chromium.org/2526703002
Cr-Commit-Position: refs/heads/master@{#41648}
The evaluation order of this argument was accidentally changed when the
special-case was added for super calls with a final spread argument.
Review-Url: https://codereview.chromium.org/2563423002
Cr-Commit-Position: refs/heads/master@{#41633}
This fixes the corner-case where the method in question failed to lookup
the very last deoptimization bailout without subsequent entries within
the relocation info. Also enable a test covering this.
R=tebbi@chromium.org
TEST=cctest/test-cpu-profiler/CollectDeoptEvents
Review-Url: https://codereview.chromium.org/2565733002
Cr-Commit-Position: refs/heads/master@{#41623}
In the asm.js code translated to wasm, we call imported functions via a
WASM_TO_JS stub, which first calls the function and then calls ToNumber
on the return value. Exceptions can happen in both calls.
We were only ever reporting the location of the function call, whereas
asm.js code executed via turbofan reported the location of the type
coercion operator ("+" on "+foo()" or "|" on "foo()|0").
This CL implements the same behaviour for asm.js code translated to
wasm. The following is changed:
- the AsmWasmBuilder records the parent node when descending on a binary
operator (also "+foo()" is represented by a binary operation).
- it stores not one location per call in the source position side
table, but two (one for the call, one for the parent which does the
type coercion).
- the wasm compiler annotates the source positions "0" and "1" to the
two calls in the WASM_TO_JS wrapper (only if the module origin is
asm.js).
- the StackFrame::State struct now also holds the callee_pc_address,
which is set in ComputeCallerState. The WASM frame uses this
information to determine whether the callee frame is WASM_TO_JS, and
whether that frame is at the ToNumber conversion call.
- the same information is also stored in the FrameArray which is used
to reconstruct the stack trace later.
R=titzer@chromium.org, bradnelson@chromium.orgCC=jgruber@chromium.org
BUG=v8:4203,v8:5724
Committed: https://crrev.com/94cd46b55e24fa2bb7b06b3da4d5ba7f029bc262
Review-Url: https://codereview.chromium.org/2555243002
Cr-Original-Commit-Position: refs/heads/master@{#41599}
Cr-Commit-Position: refs/heads/master@{#41613}
The deserialization of the {Scope::asm_module} predicate relies on a
context being present for such modules. This ensures we always allocate
such a context, even in cases where no variables are allocated in it.
R=neis@chromium.org
TEST=cctest/test-parsing/AsmModuleFlag
BUG=v8:5653
Review-Url: https://codereview.chromium.org/2561103004
Cr-Commit-Position: refs/heads/master@{#41611}
This will be used in CSA to check if any promisehook is set.
-- Adds a is_promisehook_enabled_ field to the isolate and helper methods.
-- Adds this field to the ExternalReference table.
-- Adds a helper method to access this from CSA
Note -- this patch doesn't actually add the ability to attach the hook
yet.
BUG=v8:4643
Review-Url: https://codereview.chromium.org/2566483002
Cr-Commit-Position: refs/heads/master@{#41607}
Reason for revert:
gc-stress failures
Original issue's description:
> [wasm] Fix location for error in asm.js ToNumber conversion
>
> In the asm.js code translated to wasm, we call imported functions via a
> WASM_TO_JS stub, which first calls the function and then calls ToNumber
> on the return value. Exceptions can happen in both calls.
> We were only ever reporting the location of the function call, whereas
> asm.js code executed via turbofan reported the location of the type
> coercion operator ("+" on "+foo()" or "|" on "foo()|0").
>
> This CL implements the same behaviour for asm.js code translated to
> wasm. The following is changed:
> - the AsmWasmBuilder records the parent node when descending on a binary
> operator (also "+foo()" is represented by a binary operation).
> - it stores not one location per call in the source position side
> table, but two (one for the call, one for the parent which does the
> type coercion).
> - the wasm compiler annotates the source positions "0" and "1" to the
> two calls in the WASM_TO_JS wrapper (only if the module origin is
> asm.js).
> - during stack trace generation (in the StackTraceIterator), when we
> move from the WASM_TO_JS frame to the WASM frame, we remember at which
> call inside the WASM_TO_JS wrapper we are, and encode this information
> in the generated caller state, used for the WASM frame.
> - the same information is also stored in the FrameArray which is used
> to reconstruct the stack trace later.
>
> R=titzer@chromium.org, bradnelson@chromium.org
> CC=jgruber@chromium.org
> BUG=v8:4203,v8:5724
>
> Committed: https://crrev.com/94cd46b55e24fa2bb7b06b3da4d5ba7f029bc262
> Cr-Commit-Position: refs/heads/master@{#41599}
TBR=bradnelson@chromium.org,mstarzinger@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4203,v8:5724
Review-Url: https://codereview.chromium.org/2563613003
Cr-Commit-Position: refs/heads/master@{#41601}
In the asm.js code translated to wasm, we call imported functions via a
WASM_TO_JS stub, which first calls the function and then calls ToNumber
on the return value. Exceptions can happen in both calls.
We were only ever reporting the location of the function call, whereas
asm.js code executed via turbofan reported the location of the type
coercion operator ("+" on "+foo()" or "|" on "foo()|0").
This CL implements the same behaviour for asm.js code translated to
wasm. The following is changed:
- the AsmWasmBuilder records the parent node when descending on a binary
operator (also "+foo()" is represented by a binary operation).
- it stores not one location per call in the source position side
table, but two (one for the call, one for the parent which does the
type coercion).
- the wasm compiler annotates the source positions "0" and "1" to the
two calls in the WASM_TO_JS wrapper (only if the module origin is
asm.js).
- during stack trace generation (in the StackTraceIterator), when we
move from the WASM_TO_JS frame to the WASM frame, we remember at which
call inside the WASM_TO_JS wrapper we are, and encode this information
in the generated caller state, used for the WASM frame.
- the same information is also stored in the FrameArray which is used
to reconstruct the stack trace later.
R=titzer@chromium.org, bradnelson@chromium.orgCC=jgruber@chromium.org
BUG=v8:4203,v8:5724
Review-Url: https://codereview.chromium.org/2555243002
Cr-Commit-Position: refs/heads/master@{#41599}
Fix 7a6f294ffe.
The first correction enables correct execution DoMathMinMax when two
input registers are the same register.
The second correction adds NOP instructions after branch instructions
in tests macro_float_minmaxf(32|64).
TEST=cctest/test-macro-assembler-mips[64]/macro_float_minmax_f32
cctest/test-macro-assembler-mips[64]/macro_float_minmax_f64
mjsunit/regress/math-min
BUG=
Review-Url: https://codereview.chromium.org/2556793003
Cr-Commit-Position: refs/heads/master@{#41596}
Aside from the default snapshot, there is no need for additional context
snapshots to have the ability to replace the global proxy and global object
after deserialization. Changes include:
- Changes to the API to better distinguish default context snapshot from
additional context snapshots.
- Disallow global handles when creating snapshots.
- Allow extensions when creating snapshots.
This solves the issue of not being able to having accessors and interceptors on
the global object of contexts to be serialized.
R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892
Review-Url: https://codereview.chromium.org/2557743003
Cr-Commit-Position: refs/heads/master@{#41588}
The patch was reverted due to a bug - we failed to evict OSR-optimized
code in the case where the SharedFunctionInfo OptimizedCodeMap was
empty/cleared.
Since we OSR code rarely, it makes sense to store it and look for it on the native context rather than the SharedFunctionInfo. This makes the OptimizedCodeMap data structure more space efficient, as it doesn't have to store an ast ID for the OSR entry point.
Review-Url: https://codereview.chromium.org/2561083002
Cr-Commit-Position: refs/heads/master@{#41584}
This CL attempts to set the maybe-assigned flag for variables that are written
to as part of a destructuring or loop header.
For instance, in the following two cases we now mark x as maybe-assigned.
a) [x] = [1];
b) for (x of [1,2,3]) {};
There's more work to do here, this is just a first step.
R=adamk@chromium.org, mstarzinger@chromium.org
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2562443003
Cr-Commit-Position: refs/heads/master@{#41582}
Currently when the number passed to TryNumberToSize is 1 << 64,
it gets away with a bug caused by rounding of mantissa.
Then the number will be casted to 0 and TryNumberToSize
will return true. This patch fix this by making the range check
more accurate.
BUG=v8:5712
Review-Url: https://codereview.chromium.org/2548243004
Cr-Commit-Position: refs/heads/master@{#41578}
-- Moves promiseHasHandlerSymbol to inobject property
-- Ports PromiseResolveClosure to TF
-- Fix a non spec async-await test which fails now because we do a map
check for native promise check (instead of IsPromise). Changing the
constructor (in the test) invalidates the map check.
This patch results in a 7.1% performance improvement in the bluebird
benchmark (over 5 runs).
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2541283002
Cr-Commit-Position: refs/heads/master@{#41569}
jasongin@ created this patch.
dcc50445a3
This patch adds the support to emit a trace event by using a comma-separated
list of categories, so that the trace event will be emitted if there is at least
one category is enabled in the categories list.
TBR=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2558193002
Cr-Commit-Position: refs/heads/master@{#41567}
When v8 fails an access check, it invokes a helper to try to see if it
can service the request via an access check interceptor. Invoking the
access check interceptor can throw an exception (e.g. a SecurityError).
Unfortunately, the failed access check property helpers and the
interceptor helpers don't agree on how to propagate the exception: if
the interceptor helper detects a scheduled exception, it promotes the
exception to a pending exception and returns to the failed access check
property helper.
The failed access check property helper also has an early return in
case of a scheduled exception. However, this doesn't work, as the
previously thrown exception is no longer scheduled, as it's been
promoted to a pending exception. Thus, the failed access check property
helper always end up calling the failed access check callback as well.
Since Blink's implementation of the failed access check callback also
throws an exception, this conflicts with the previously-thrown,
already-pending exception.
With this patch, the failed access check property helpers check for a
pending exception rather than a scheduled exception after invoking the
interceptor, so the exception can be propagated correctly.
BUG=v8:5715
R=yangguo@chromium.org,jochen@chromium.org
Review-Url: https://codereview.chromium.org/2550423002
Cr-Commit-Position: refs/heads/master@{#41556}
Introduces:
- a new AST node representing the GetIterator() algorithm in the specification, to be used by ForOfStatement, YieldExpression (in the case of delegating yield*), and the future `for-await-of` loop proposed in http://tc39.github.io/proposal-async-iteration/#sec-async-iterator-value-unwrap-functions.
- a new opcode (JumpIfJSReceiver), which is useful for `if Type(object) is not Object` checks which are common throughout the specification. This node is easily eliminated by TurboFan.
The AST node is desugared specially in bytecode, rather than manually when building the AST. The benefit of this is that desugaring in the BytecodeGenerator is much simpler and easier to understand than desugaring the AST.
This also reduces parse time very slightly, and allows us to use LoadIC rather than KeyedLoadIC, which seems to have better baseline performance. This results in a ~20% improvement in test/js-perf-test/Iterators micro-benchmarks, which I believe owes to the use of the slightly faster LoadIC as opposed to the KeyedLoadIC in the baseline case. Both produce identical optimized code via TurboFan when the type check can be eliminated, and the load can be replaced with a constant value.
BUG=v8:4280
R=bmeurer@chromium.org, rmcilroy@chromium.org, adamk@chromium.org, neis@chromium.org, jarin@chromium.orgTBR=rossberg@chromium.org
Review-Url: https://codereview.chromium.org/2557593004
Cr-Commit-Position: refs/heads/master@{#41555}
Since we OSR code rarely, it makes sense to store it and look for it on the native context rather than the SharedFunctionInfo. This makes the OptimizedCodeMap data structure more space efficient, as it doesn't have to store an ast ID for the OSR entry point.
BUG=
Review-Url: https://codereview.chromium.org/2549753002
Cr-Commit-Position: refs/heads/master@{#41554}
The flag must be used only by CodeStubAssemblerGraphsCorrectness cctest for now
and once all the verification issues are fixed the flag will be enabled in debug
mode by default.
This CL also relaxes some checks for code stub graphs and fixes some issues in the stubs.
BUG=
Review-Url: https://codereview.chromium.org/2558653002
Cr-Commit-Position: refs/heads/master@{#41547}
This allows to detect a static property also named 'name', and also makes sure 'name' is added last, to be standards-compliant.
BUG=v8:4199
Review-Url: https://codereview.chromium.org/2423053002
Cr-Commit-Position: refs/heads/master@{#41546}
Removing elements from stub cache by Major key only does not always work.
BUG=
Review-Url: https://codereview.chromium.org/2551353003
Cr-Commit-Position: refs/heads/master@{#41544}
This just calls into a runtime function for implementation currently.
Intermediate step in speeding up constructor calls containing a spread.
The NewWithSpread bytecode will probably end up having different arguments with future CLs - the constructor and the new.target should have their own regs. For now we are calling into the runtime function, so we need the regs together.
BUG=v8:5659
Review-Url: https://codereview.chromium.org/2541113004
Cr-Commit-Position: refs/heads/master@{#41542}
The flag must be used only by CodeStubAssemblerGraphsCorrectness cctest for now
and once all the verification issues are fixed the flag will be enabled in debug
mode by default.
BUG=
Review-Url: https://codereview.chromium.org/2551933002
Cr-Commit-Position: refs/heads/master@{#41531}
The asm-wasm-builder started allocating SharedFunctionInfos,
this makes it bad we'd passed Script by pointer (due to ignorance).
Switching to Handle<Script>.
R=clemensh@chromium.org,titzer@chromium.org
BUG=v8:5716
Review-Url: https://codereview.chromium.org/2552873003
Cr-Commit-Position: refs/heads/master@{#41529}
come from the runtime.
This patch fixes an issue of heap growing to max capacity when incremental
marking is finished but cannot finalize due to GC stack guard not triggering.
It can happen if all allocations come from the runtime, for example,
from JSON parser or compiler.
Now before expanding the heap we check if we are above the allocation limit
and the incremental marking needs to be finalized. If so we do not expand
the heap and force GC, which will finalize the incremental marking.
The check is performed for paged spaces and large-object space.
BUG=chromium:670675
Review-Url: https://codereview.chromium.org/2552613004
Cr-Commit-Position: refs/heads/master@{#41524}
