Also lower JSToBoolean(x) where x is either some detectable receiver or
null, or any kind of receiver, null or undefined. Also fix a couple of
minor issues with the JSToBoolean lowering and tests.
R=yangguo@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2530773002
Cr-Commit-Position: refs/heads/master@{#41241}
Recognize a couple of builtins on the RegExp.prototype in the Typer and
assign useful types to them, so we can optimize various checks on their
results.
R=yangguo@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2531463002
Cr-Commit-Position: refs/heads/master@{#41240}
This fixes a bug where the re-creation of phi nodes leads to divergence. The fix makes sure that once a node created a phi node, it sticks to it and does not forget about it, even if the inputs suddenly agree again. The bug appeared on the trybots in https://codereview.chromium.org/2512733003/.
Also I added a line to mark effect phi nodes on the queue. This is unrelated, but seems to be an obvious ommission.
R=bmeurer@chromium.org
BUG=v8:5633
Review-Url: https://codereview.chromium.org/2522253002
Cr-Commit-Position: refs/heads/master@{#41239}
Descriptions for (typed)arrays will use parenthesis instead of square brackets
"Array(10)" instead of "Array[10]". This CL also adds size hints to descriptions
of maps and sets.
Related CL for DevTools: https://codereview.chromium.org/2524913002/
BUG=405845
Review-Url: https://codereview.chromium.org/2521853003
Cr-Commit-Position: refs/heads/master@{#41237}
Introducing a TF_BUILTIN macro that wraps CodeStubAssembler usage
into a convenient interface (using a subclass under the hood).
Review-Url: https://codereview.chromium.org/2517833005
Cr-Commit-Position: refs/heads/master@{#41236}
Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
- Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
- Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
- MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
- Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
Committed: https://crrev.com/3c98e339599b068f1ed630afb7601ff942424d31
Review-Url: https://codereview.chromium.org/2471883003
Cr-Original-Original-Commit-Position: refs/heads/master@{#41121}
Cr-Original-Commit-Position: refs/heads/master@{#41198}
Cr-Commit-Position: refs/heads/master@{#41234}
Reason for revert:
The test is very flaky on the bots, e.g.:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/17031https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/14776
Original issue's description:
> [counters] RuntimeStats: fix wrong bookkeeping when dynamically changing counters
>
> RuntimeTimerScopes always subtract their own time from the parent timer's
> counter to properly account for the own time. Once a scope is destructed it
> adds it own timer to the current active counter. However, if the current
> counter is changed with CorrectCurrentCounterId we will attribute all the
> subtimers to the previous counter, and add the own time to the new counter.
> This way it is possible to end up with negative times in certain counters but
> the overall would still be correct.
>
> BUG=
>
> Committed: https://crrev.com/f6c74d964d9387df4bed3d8c1ded51eb9e8aa6e8
> Committed: https://crrev.com/491651792d7818aed04eaeffb9890b5a309b543e
> Cr-Original-Commit-Position: refs/heads/master@{#41142}
> Cr-Commit-Position: refs/heads/master@{#41214}
TBR=ishell@chromium.org,fmeawad@chromium.org,lpy@chromium.org,cbruni@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2526843002
Cr-Commit-Position: refs/heads/master@{#41229}
Since we are specializing on the native context, we don't have to load
the vector from the closure. For one thing, this reduces the machinery for
nodes that use a vector in their generic incarnation.
BUG=
R=mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2529463002
Cr-Commit-Position: refs/heads/master@{#41221}
This fixes the message reported via the {TypeError} thrown when trying
to call a non-constructable function as a constructor. Also adds some
more related message tests for similar exceptions.
R=bmeurer@chromium.org
TEST=message/call-non-constructable
BUG=chromium:661579
Review-Url: https://codereview.chromium.org/2523803003
Cr-Commit-Position: refs/heads/master@{#41220}
For dictionary-mode receivers, the KeyedStoreGeneric stub can store
properties directly in most cases. Doing so avoids the need to have
an entry in the stub cache for every map/property combination.
Original review: https://codereview.chromium.org/2504403005/
Review-Url: https://codereview.chromium.org/2524943002
Cr-Commit-Position: refs/heads/master@{#41218}
In order for profiles of optimized code to have accurate source
positions, we need to prepare for this when compiling. If the profiler
is enabled late, this may be missing, leading to inaccurate profile
data. A compromise to solve this is to prepare for accurate positions if
the debugger (and therefore DevTools) is active, even if we are not
currently capturing a profile.
The alternative is to deopt everything upon profiling, but that would
affect the profile significantly.
R=alph@chromium.org, bmeurer@chromium.org, neis@chromium.org, tebbi@chromium.org
Review-Url: https://codereview.chromium.org/2519003002
Cr-Commit-Position: refs/heads/master@{#41217}
Eval calls are tracked by ParserBase::CheckPossibleEvalCall which
doesn't use (Pre)?Parser::IsDirectEvalCall.
Also we no longer seem to care about IsBinaryOperation (Parser didn't
have it either).
BUG=
Review-Url: https://codereview.chromium.org/2528603003
Cr-Commit-Position: refs/heads/master@{#41216}
RuntimeTimerScopes always subtract their own time from the parent timer's
counter to properly account for the own time. Once a scope is destructed it
adds it own timer to the current active counter. However, if the current
counter is changed with CorrectCurrentCounterId we will attribute all the
subtimers to the previous counter, and add the own time to the new counter.
This way it is possible to end up with negative times in certain counters but
the overall would still be correct.
BUG=
Committed: https://crrev.com/f6c74d964d9387df4bed3d8c1ded51eb9e8aa6e8
Review-Url: https://codereview.chromium.org/2511093002
Cr-Original-Commit-Position: refs/heads/master@{#41142}
Cr-Commit-Position: refs/heads/master@{#41214}
This is similar to how the native context has an empty function set up as it's closure field.
BUG=666984
Review-Url: https://codereview.chromium.org/2528603002
Cr-Commit-Position: refs/heads/master@{#41212}
Passing in the isolate to retrieve the heap constants (undefine, the_hole, null)
has a positive performance impact.
BUG=
Review-Url: https://codereview.chromium.org/2517153002
Cr-Commit-Position: refs/heads/master@{#41210}
Reason for revert:
Test crashes after an unrelated revert: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/7189
Reverting because of recommendation from WASM team.
Original issue's description:
> [wasm] WebAssembly.Memory object can be referenced by multiple Instance objects.
>
> Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
> - Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
> - Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
> - MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
> - Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
>
> R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
>
> Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
> Committed: https://crrev.com/3c98e339599b068f1ed630afb7601ff942424d31
> Cr-Original-Commit-Position: refs/heads/master@{#41121}
> Cr-Commit-Position: refs/heads/master@{#41198}
TBR=bradnelson@chromium.org,mtrofin@chromium.org,titzer@chromium.org,gdeepti@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2529573002
Cr-Commit-Position: refs/heads/master@{#41208}
Reason for revert:
Blocks roll: https://codereview.chromium.org/2526573002/
Original issue's description:
> [stubs] KeyedStoreGeneric: inline dictionary property stores
>
> For dictionary-mode receivers, the KeyedStoreGeneric stub can store
> properties directly in most cases. Doing so avoids the need to have
> an entry in the stub cache for every map/property combination.
>
> Committed: https://crrev.com/af168e330e95c4460fd1bb7734f0e9a750f2e748
> Cr-Commit-Position: refs/heads/master@{#41185}
TBR=ishell@chromium.org,rmcilroy@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2528583002
Cr-Commit-Position: refs/heads/master@{#41207}
port 0925554111 (r41135)
original commit message:
This removes the deprecated generator support for resumable functions
from {FullCodeGenerator}. The existing {AstNumbering} heuristic already
triggers Ignition for most resumable functions, with this change we make
said heuristic a hard choice and remove the deprecated code. This also
has the advantage that any suspended {JSGeneratorObject} instance on the
heap is guaranteed to have code based on a bytecode array.
BUG=
Review-Url: https://codereview.chromium.org/2522653003
Cr-Commit-Position: refs/heads/master@{#41204}
port d4f01b8a65 (r41108)
original commit message:
Add fast paths for holey smi and object arrays to
Function.prototype.apply, Reflect.apply and Reflect.construct.
BUG=
Review-Url: https://codereview.chromium.org/2519303002
Cr-Commit-Position: refs/heads/master@{#41203}
The AstGraphBuilder pipeline is only used for asm.js now, so the whole
type feedback mechanism is essentially dead code currently, thus we
better nuke it.
BUG=v8:5267,v8:5657
Review-Url: https://codereview.chromium.org/2523953002
Cr-Commit-Position: refs/heads/master@{#41201}
port 93c6595200 (r40887)
original commit message:
This changes {FrameState} nodes modeling "after" states to use bytecode
offsets pointing to the deoptimizing bytecode. This is in sync with the
normal execution, as the bytecode offset is advanced after operations
complete in regular bytecode handlers.
The change is necessary to ensure lazy deoptimized frames contain an
accurate bytecode offset while they are on the stack. Such frames can be
inspected by various stack walks. The continuation builtin will advance
the bytecode offset upon return.
BUG=
Review-Url: https://codereview.chromium.org/2520203002
Cr-Commit-Position: refs/heads/master@{#41199}
Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
- Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
- Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
- MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
- Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
Review-Url: https://codereview.chromium.org/2471883003
Cr-Original-Commit-Position: refs/heads/master@{#41121}
Cr-Commit-Position: refs/heads/master@{#41198}
Now that we have a JumpLoop bytecode, we can heavily simplify the
branch/loop analysis by assuming that only JumpLoop bytecodes are
backwards edges, and performing the loop analysis as a single
(backwards) pass.
This allows us to get rid of the branch analysis entirely, and builds a
framework to do liveness analysis in the same pass.
Review-Url: https://codereview.chromium.org/2519983002
Cr-Commit-Position: refs/heads/master@{#41194}
Previous fuzzer fix broke the case when the pending assessment came from the same
block. In that case, the assessments table does not have an entry yet for the block,
because we register only when we're done processing a block.
BUG=667745
Review-Url: https://codereview.chromium.org/2519973004
Cr-Commit-Position: refs/heads/master@{#41193}
The GetPositionInfo function only operates on WasmCompiledModule, so it
should be a method of that class.
This CL also splits the method in two, such that I can reuse the
GetContainingFunction method for breakpoint support.
R=titzer@chromium.org
BUG=chromium:613110
Review-Url: https://codereview.chromium.org/2521293002
Cr-Commit-Position: refs/heads/master@{#41191}
Wrapper creation for import functions with i64 return values on 32-bit
platforms crashed because the number of return values of the wrapper
did not match the number of input nodes of the return node.
The issue is fixed by not creating special wrappers for 32-bit platforms
in the first place. This is valid because wrappers with i64 return
values are never actually executed.
R=titzer@chromium.org
BUG=v8:5661
Review-Url: https://codereview.chromium.org/2517173003
Cr-Commit-Position: refs/heads/master@{#41190}
The handwritten-assembly implementations of both dispatcher and
generic stub have been replaced by Turbofan-generated stubs.
Review-Url: https://codereview.chromium.org/2523473002
Cr-Commit-Position: refs/heads/master@{#41188}
For dictionary-mode receivers, the KeyedStoreGeneric stub can store
properties directly in most cases. Doing so avoids the need to have
an entry in the stub cache for every map/property combination.
Review-Url: https://codereview.chromium.org/2504403005
Cr-Commit-Position: refs/heads/master@{#41185}
... but be less pessimistic about context allocation (see below).
We might have just (pessimistically) context-allocated a variable based
on references coming from an inner function, but after that we still
need to set maybe_assigned (pessimistically).
This makes test-parsing/InnerAssignment pass with
FLAG_lazy_inner_functions.
This was undetected until now because we didn't have lazy parsing enabled
for small scripts.
Less pessimistic approach: now that inner functions laziness decisions
are stable (if we have once compiled a piece of code with lazy inner
functions, we never compile the same code with eager inner functions),
we don't need to be as pessimistic with context allocation as before.
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2521513004
Cr-Commit-Position: refs/heads/master@{#41183}
This makes sure the {kScratchRegister} is not used across macro
instructions (e.g. {LeaveFrame}) that would clobber its content.
Generally it is highly unsafe to use such scratch registers with a
life-range spanning macro instructions.
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2521973002
Cr-Commit-Position: refs/heads/master@{#41181}
This makes the test in the bug ~10x faster. It could inadvertently make other things slower, so revert eagerly if included in a range where performance tanks.
BUG=chromium:666852
Review-Url: https://codereview.chromium.org/2525573002
Cr-Commit-Position: refs/heads/master@{#41178}
StepFrame is a combination of StepIn/StepOut, e.g. it breaks to the next
frame change. This is not part of the public API, but we want to keep it
for internal tests.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2514303003
Cr-Commit-Position: refs/heads/master@{#41177}
* Fix setting script-scope variables through inspector by internalizing
their names.
* Reconstruct values of Number, String, and Boolean classes.
* Adapt a couple of tests for API restrictions.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2512963002
Cr-Commit-Position: refs/heads/master@{#41175}
When disassembling functions for the inspector, we used an internal
text representation before. This CL implements the official text
format like it is understood by the spec interpreter.
Example output:
func $main (param i32) (result i32)
block i32
get_local 0
i32.const 2
i32.lt_u
if
i32.const -2
return
end
get_local 0
call_indirect 0
end
R=rossberg@chromium.org, titzer@chromium.org
BUG=chromium:659715
Review-Url: https://codereview.chromium.org/2520943002
Cr-Commit-Position: refs/heads/master@{#41172}
This fixes stack unwinding to always recompute the stack pointer for
interpreted frames. For frames materialized by the deoptimizer we elide
the handler frame in between, hence arguments being pushed on the stack
will no longer be pushed into the handler frame but into the interpreted
frame directly.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-662830
BUG=chromium:662830
Review-Url: https://codereview.chromium.org/2517203003
Cr-Commit-Position: refs/heads/master@{#41170}
The new SourcePosition class allows for precise tracking of source positions including the stack of inlinings. This CL makes the cpu profiler use this new information. Before, the cpu profiler used the deoptimization data to reconstruct the inlining stack. However, optimizing compilers (especially Turbofan) can hoist out checks such that the inlining stack of the deopt reason and the inlining stack of the position the deoptimizer jumps to can be different (the old cpu profiler tests and the ones introduced in this cl produce such situations for turbofan). In this case, relying on the deoptimization info produces paradoxical results, where the reported position is before the function responsible is called. Even worse, https://codereview.chromium.org/2451853002/ combines the precise position with the wrong inlining stack from the deopt info, leading to completely wrong results.
Other changes in this CL:
- DeoptInlinedFrame is no longer needed, because we can compute the correct inlining stack up front.
- I changed the cpu profiler tests back to test situations where deopt checks are hoisted out in Turbofan and made them robust enough to handle the differences between Crankshaft and Turbofan.
- I reversed the order of SourcePosition::InliningStack to make it match the cpu profiler convention.
- I removed CodeDeoptEvent::position, as it is no longer used.
R=alph@chromium.org
BUG=v8:5432
Review-Url: https://codereview.chromium.org/2503393002
Cr-Commit-Position: refs/heads/master@{#41168}
TurboFan can indeed comsume NumberOrOddball feedback for abstract
relational comparisons, so we should just provide it from Ignition.
Drive-by-fix: Add a DCHECK to protect against abstract/strict equality
number comparison accidentially utilizing Oddball feedback.
BUG=v8:5267,v8:5400
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2518283002
Cr-Commit-Position: refs/heads/master@{#41166}
This code should not access bytes out of the permitted range in order to check
the range of a possible UTF-8 value. Instead, the length check should occur
before such checks.
BUG=chromium:667260, chromium:662822
Review-Url: https://codereview.chromium.org/2520053003
Cr-Commit-Position: refs/heads/master@{#41165}
The verifier needs to use the block and assessments in that block corresponding to
a predecessor of a "pending" assessment. Not doing that causes incorrect
assessments when 2 locations are swapped.
BUG=665402
Review-Url: https://codereview.chromium.org/2515803002
Cr-Commit-Position: refs/heads/master@{#41159}
This pre-calculates and stores a vector of bytecode offsets, and then allows
one to iterate over it backwards. This could probably be adapted to a
bidirectional/random access iterator if we wanted to, but for now reverse
is all we need.
Review-Url: https://codereview.chromium.org/2518003002
Cr-Commit-Position: refs/heads/master@{#41153}
Refactors the bytecode array iterator to separate the iteration and the
bytecode parameter access, placing the latter into a separate
super-class. This will allow us to have other forms of access, e.g.
reverse iteration.
Review-Url: https://codereview.chromium.org/2519923002
Cr-Commit-Position: refs/heads/master@{#41152}
Reason for revert:
Wronged it even more.
Original issue's description:
> [counters] RuntimeStats: fix wrong bookkeeping when dynamically changing counters
>
> RuntimeTimerScopes always subtract their own time from the parent timer's
> counter to properly account for the own time. Once a scope is destructed it
> adds it own timer to the current active counter. However, if the current
> counter is changed with CorrectCurrentCounterId we will attribute all the
> subtimers to the previous counter, and add the own time to the new counter.
> This way it is possible to end up with negative times in certain counters but
> the overall would still be correct.
>
> BUG=
>
> Committed: https://crrev.com/f6c74d964d9387df4bed3d8c1ded51eb9e8aa6e8
> Cr-Commit-Position: refs/heads/master@{#41142}
TBR=ishell@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2519073002
Cr-Commit-Position: refs/heads/master@{#41150}
This avoids entering a nested temp zone, and fixes up tracing and runtime callstats names.
BUG=
Review-Url: https://codereview.chromium.org/2514353002
Cr-Commit-Position: refs/heads/master@{#41147}
By now the compilation pipeline is flexible enough to run module tests
against all variants, we should no longer choose unsupported compilers
for modules. It also fixes the predicate checking for functions being
"resumable" in the {AstNumberingVisitor} heuristic.
R=neis@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2517143002
Cr-Commit-Position: refs/heads/master@{#41144}
Add/Shl to Lsa optimization doesn't yield any performance increase in case
one of the operand is immediate, because Lsa cannot use the immediate so
we use an extra instruction to load the immediate to register. On MIPSR2 and
less this optimization leads to performance degradation, since Lsa is not
supported on these architectures and it is emulated using Add/Shl which
do support immediate as operand for Add.
BUG=
Review-Url: https://codereview.chromium.org/2509203003
Cr-Commit-Position: refs/heads/master@{#41143}
RuntimeTimerScopes always subtract their own time from the parent timer's
counter to properly account for the own time. Once a scope is destructed it
adds it own timer to the current active counter. However, if the current
counter is changed with CorrectCurrentCounterId we will attribute all the
subtimers to the previous counter, and add the own time to the new counter.
This way it is possible to end up with negative times in certain counters but
the overall would still be correct.
BUG=
Review-Url: https://codereview.chromium.org/2511093002
Cr-Commit-Position: refs/heads/master@{#41142}
Reason for revert:
Blocks roll https://codereview.chromium.org/2517963002/
Original issue's description:
> [turbofan] Introduce LoadFunctionPrototype simplified operator.
>
> Add a LoadFunctionPrototype simplified operator, similar to what
> Crankshaft has, that loads the prototype property of a constructor
> function.
>
> R=jarin@chromium.org
> BUG=v8:5267
>
> Committed: https://crrev.com/1737b2c74b50168e96ef1263def0eb43505fa80c
> Cr-Commit-Position: refs/heads/master@{#41127}
TBR=jarin@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2514363002
Cr-Commit-Position: refs/heads/master@{#41141}
This renames the {operand_stack} field to {register_file}, to refelct
how said field is used on all {JSGeneratorObject} instances by now. This
is a pure refactoring CL, not changes in semantics.
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2520913002
Cr-Commit-Position: refs/heads/master@{#41140}
This removes some outdated code that allocates a {JSGeneratorObject} for
baseline code. We no longer support such a representation of generators
and can rely on bytecode being available for all generators.
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2515253003
Cr-Commit-Position: refs/heads/master@{#41137}
This removes the deprecated generator support for resumable functions
from {FullCodeGenerator}. The existing {AstNumbering} heuristic already
triggers Ignition for most resumable functions, with this change we make
said heuristic a hard choice and remove the deprecated code. This also
has the advantage that any suspended {JSGeneratorObject} instance on the
heap is guaranteed to have code based on a bytecode array.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2504223002
Cr-Commit-Position: refs/heads/master@{#41135}
Reason for revert:
Turbofan doesn't do proper ToNumber conversions on NumberOrOddball equality conversions.
BUG=v8:5660
Original issue's description:
> [Interpreter] Collect NumberOrOddball feedback in CompareOps.
>
> Collect feedback for oddballs in the interpreter compare operations handlers.
> This is important to ensure that we don't consider oddball comparisons as
> generic, which prevents optimization.
>
> BUG=chromium:660947
>
> Committed: https://crrev.com/721e74d9d942fd4f2e3392ea9626d9d404dbbbd0
> Cr-Commit-Position: refs/heads/master@{#41081}
TBR=bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:660947
Review-Url: https://codereview.chromium.org/2517133002
Cr-Commit-Position: refs/heads/master@{#41134}
Stepping in a generator now behaves similar to stepping inside an
async function. Stepping in or next at a yield expression will result in
a break inside the same generator when we return to the generator.
Behavior of step-out does not change.
R=jgruber@chromium.org, neis@chromium.org
BUG=chromium:496865
Review-Url: https://codereview.chromium.org/2519853002
Cr-Commit-Position: refs/heads/master@{#41132}
Adapted various tests to restrictions of inspector protocol:
* osr-typing-debug-change: Don't set function variable value.
* debug-evaluate-locals: Add variable introduced by eval, run typeof
inside evaluate().
* regress-419663: Don't set duplicate breakpoints.
* regress-crbug-465298: Compare against function name instead of value.
* regress-crbug-621361: Make evaluate return string results.
* debug-script: Various counts were off due to new way tests are called.
Added new inspector script type.
Breakpoints now contain the actual break position, and remote object
reconstruction has been extended a bit.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2505363002
Cr-Commit-Position: refs/heads/master@{#41129}
Add a LoadFunctionPrototype simplified operator, similar to what
Crankshaft has, that loads the prototype property of a constructor
function.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2517913002
Cr-Commit-Position: refs/heads/master@{#41127}
Reason for revert:
Breaks gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/7114
Original issue's description:
> [wasm] WebAssembly.Memory object can be referenced by multiple Instance objects.
>
> Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
> - Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
> - Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
> - MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
> - Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
>
> R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
>
> Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
> Cr-Commit-Position: refs/heads/master@{#41121}
TBR=bradnelson@chromium.org,mtrofin@chromium.org,titzer@chromium.org,gdeepti@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2512323004
Cr-Commit-Position: refs/heads/master@{#41122}
Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
- Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
- Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
- MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
- Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2471883003
Cr-Commit-Position: refs/heads/master@{#41121}
The code which pushes and pops to the function name inference stack
generally checks if the stack is active with the IsOpen method. One
piece of code pertaining to async functions was missing that check.
This patch adds it.
BUG=chromium:658267
R=gsathya,caitp
Review-Url: https://codereview.chromium.org/2514893002
Cr-Commit-Position: refs/heads/master@{#41120}
A simple Print API for debugging assessments in the regalloc
verifier.
BUG=
Review-Url: https://codereview.chromium.org/2512943003
Cr-Commit-Position: refs/heads/master@{#41117}
This patch also cleans up NewPromiseCapability.
This patch results in a 20% improvement over 4 runs with the following micro
benchmark -
var x = Promise.resolve();
async function bar() {
return x;
}
async function foo() {
await bar();
}
var start = performance.now();
var count = 0;
var max = 10000;
for(var i = 0; i <= max; i++) {
foo().then(() => {
count++;
if(count === max) print( performance.now() - start );
})
}
BUG=v8:5639
Review-Url: https://codereview.chromium.org/2512103002
Cr-Commit-Position: refs/heads/master@{#41116}
... at least for the function which will remain after restructuring of
the debug interface. For some methods that will be removed anyway, we
just return zero / null for now.
I also refactored the ScriptLocationFromLine method to make it more
readable and reuse parts in other files (like ScriptLinePosition).
BUG=5655
R=titzer@chromium.org, jgruber@chromium.org
Review-Url: https://codereview.chromium.org/2512833003
Cr-Commit-Position: refs/heads/master@{#41115}
Some minifiers use the pattern !function ... () for JS code that should
be immediately executed. This change recognizes that pattern and treats
it equally to parenthesized functions.
A bit more background info is in the referenced bug.
R=verwaest@chromium.org
BUG=v8:5643
Review-Url: https://codereview.chromium.org/2509143003
Cr-Commit-Position: refs/heads/master@{#41114}
Port a1103a117c
Original commit message:
- Simplify the variable-length pop sequence on entry. (It now uses
smaller code with no branches.)
- Use conditional compare to merge branches where appropriate.
- Make use of Ldrsw + UntagSmiFieldMemOperand to load smis more
efficiently.
- Only load 'undefined' and 'null' once per builtin.
- A few other small improvements.
Review-Url: https://codereview.chromium.org/2507683003
Cr-Commit-Position: refs/heads/master@{#41113}
are created using new Array(N) and setLength(N).
Currently the limit is based on max old generation size, which
will break with the upcoming change that allows large heaps.
BUG=chromium:652721
Review-Url: https://codereview.chromium.org/2513923002
Cr-Commit-Position: refs/heads/master@{#41112}
This is a next step towards removing names table from type feedback metadata.
BUG=chromium:576312, v8:5561
Review-Url: https://codereview.chromium.org/2514453002
Cr-Commit-Position: refs/heads/master@{#41111}
It originates from the era where we used to run a separate preparse step
before parsing and store the function data. Now the usage of preparser
is something completely different, so this flag doesn't make sense any
more.
In addition, this way we get more test coverage for preparser (for small
scripts).
BUG=
Review-Url: https://codereview.chromium.org/2513563002
Cr-Commit-Position: refs/heads/master@{#41110}
This reverts commit 3c96c5e232.
The CL was reverted to see its impact on UMA memory counters.
There was no impact, so we can safely reland the CL.
BUG=
Review-Url: https://codereview.chromium.org/2507293004
Cr-Commit-Position: refs/heads/master@{#41109}
This way we can just process new space strings when needed.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2515643002
Cr-Commit-Position: refs/heads/master@{#41107}
This is a next step towards removing names table from type feedback metadata.
BUG=chromium:576312, v8:5561
Review-Url: https://codereview.chromium.org/2507143003
Cr-Commit-Position: refs/heads/master@{#41106}
Adds the marking logic to mark the young generation.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2498583002
Cr-Commit-Position: refs/heads/master@{#41104}
This makes wasm frames show up nicely in stack traces generated e.g. by
Isolate::PrintStack() and Isolate::PrintCurrentStackTrace().
With this CL, we print the script name, function index, function name,
pc and source position.
R=titzer@chromium.org, ahaas@chromium.org
Review-Url: https://codereview.chromium.org/2509323002
Cr-Commit-Position: refs/heads/master@{#41102}
Add bytecode for defining data properties, which initially just calls the runtime function.
BUG=v8:5624
Review-Url: https://codereview.chromium.org/2510743002
Cr-Commit-Position: refs/heads/master@{#41101}
Instead of having functions for 0 to 5 arguments, we now have a
variadic template, allowing for an arbitrary number of arguments.
I also refactored the internal FmtElm class to only include the type
field if building for debug, because it is only used in this setting.
R=titzer@chromium.org, ahaas@chromium.org
Review-Url: https://codereview.chromium.org/2507093004
Cr-Commit-Position: refs/heads/master@{#41099}
There's a typo in a couple of lithium backends, where we assume that the
array protector on the Isolate is a Cell instead of a PropertyCell. This
could lead to unnecessary deoptimizations.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2512943002
Cr-Commit-Position: refs/heads/master@{#41096}
Ignition skipped collecting NumberOrOddball feedback if the right hand
side of a relational comparison is undefined, thus leading to a
deoptimization loop, because it reported Number feedback to TurboFan.
This was caught on 3d-raytrace test of SunSpider.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2513903002
Cr-Commit-Position: refs/heads/master@{#41094}
This fixes the bogus implementation of the function in question and adds
test coverage for the deserialization of the corresponding flags from
the serialized scope info. Note that the tests so far only cover cases
where the module and the function contain context-allocated variables.
R=verwaest@chromium.org
TEST=cctest/test-parsing/AsmFunctionFlag
BUG=v8:5653
Review-Url: https://codereview.chromium.org/2507063004
Cr-Commit-Position: refs/heads/master@{#41093}
This is the TurboFan counterpart of http://crrev.com/2504263004, but it
is a bit more involved, since in TurboFan we always inline the appropriate
call to the @@hasInstance handler, and by that we can optimize a lot more
patterns of instanceof than Crankshaft, and even yield fast instanceof
for custom @@hasInstance handlers (which we can now properly inline as
well).
Also we now properly optimize Function.prototype[@@hasInstance], even if
the right hand side of an instanceof doesn't have the Function.prototype
as its direct prototype.
For the baseline case, we still rely on the global protector cell, but
we can address that in a follow-up as well, and make it more robust in
general.
TEST=mjsunit/compiler/instanceof
BUG=v8:5640
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2511223003
Cr-Commit-Position: refs/heads/master@{#41092}
With this change, WebAssembly.Memory objects have backing stores allocated as an
8GB region where everything beyond the size of the Wasm heap is inaccessible.
GrowMemory is now implemented by changing the protection on the guard regions to
make the new portions of the heap accessible.
Guard pages are not enabled by default, but this change adds a flag and a test
variant to make sure we get test coverage on them.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2396433008
Cr-Commit-Position: refs/heads/master@{#41089}
With the new wasm object types, the GetCompiledModule and GetWasmBytes
functions are not needed any more. The same functions are already
public on the wasm objects.
In order to use them properly, I changed a few more locations to make
use of the new types.
R=ahaas@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2503403005
Cr-Commit-Position: refs/heads/master@{#41085}
Adds --wasm-no-bounds-checks and --wasm-no-stack-checks which
help in diagnosing potential sources of slowdown in WASM code.
R=ahaas@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2511113002
Cr-Commit-Position: refs/heads/master@{#41083}
Collect feedback for oddballs in the interpreter compare operations handlers.
This is important to ensure that we don't consider oddball comparisons as
generic, which prevents optimization.
BUG=chromium:660947
Review-Url: https://codereview.chromium.org/2506283003
Cr-Commit-Position: refs/heads/master@{#41081}
The ptr_to_* methods do (often unnecessary) type checks, and can
return nullptr. This is problematic since the handlified getter
uses them, and assumes the result to be non-null. So change
them to only to a DCHECK and never return nullptr, and introduce
maybe_ptr_to_* with the old semantics.
R=titzer@chromium.org, ahaas@chromium.org
Review-Url: https://codereview.chromium.org/2509053003
Cr-Commit-Position: refs/heads/master@{#41079}
Collect string feedback for compare operations. Without this,
functions which have a lot of string compare operations end up with
a high generic type percentage, and don't get optimized until very
late.
Currently TurboFan doesn't use this String feedback for compare
operations, but this could be done in future work if it is useful.
BUG=chromium:660947
Review-Url: https://codereview.chromium.org/2506013005
Cr-Commit-Position: refs/heads/master@{#41078}
V8 was applying incorrect optimization to them advancing the start position.
This would cause /foo$/y too match "barfoo", which it should not.
BUG=
Review-Url: https://codereview.chromium.org/2510743003
Cr-Commit-Position: refs/heads/master@{#41077}
There's no need to return anything.
Also add a DCHECK to make sure that we never mark a variable proxy as assigned
that is already resolved (to avoid potential inconsistency with the variable's
maybe_assigned status).
R=littledan@chromium.orgCC=mstarzinger@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2504613002
Cr-Commit-Position: refs/heads/master@{#41072}
The control edges in a TurboFan graph can form a cycle. To break this cycle in the int64-lowering we add special handling for loop nodes. Similar handling already exists for phi nodes and effectphi nodes, which breaks cycles formed by value edges and effect edges, respectively.
Review-Url: https://codereview.chromium.org/2511503002
Cr-Commit-Position: refs/heads/master@{#41071}
Fix c3a6ca68d0
Fix compilation failure on MIPS and GCC cross compile that started to appear
after the CL c3a6ca68d0 landed. The compilation
error is due to:
.././src/objects-inl.h:4129:54: error: assuming signed overflow does not occur
when assuming that (X + c) < X is always false [-Werror=strict-overflow]
DCHECK(index >= 0 && length >= 0 && index + length >= index &&
BUG=
Review-Url: https://codereview.chromium.org/2501963002
Cr-Commit-Position: refs/heads/master@{#41067}
In Crankshaft we can actually do an abstract interpretation of the
@@hasInstance lookup when optimizing instanceof and then use the
normal machinery to protect the result instead of relying on the
global @@hasInstance protector cell for optimizations.
This recovers the 100x performance drop in Node.js v7 reported in
https://github.com/nodejs/node/issues/9634. This patch should be
easily back-mergable to Node.js v7.
BUG=v8:5640
R=yangguo@chromium.org,franzih@chromium.org
Review-Url: https://codereview.chromium.org/2504263004
Cr-Commit-Position: refs/heads/master@{#41059}
Inspector uses this type for all internal scripts, e.g. injected-script-source.js. Scripts with new type are not reported by remote debugging protocol, frames from them are ignored.
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
BUG=none
R=yangguo@chromium.org,dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2499273003
Cr-Commit-Position: refs/heads/master@{#41056}
We do not have to invalidate the abstract state if we are transitioning to
the object's map.
Review-Url: https://codereview.chromium.org/2510843002
Cr-Commit-Position: refs/heads/master@{#41053}
Now we don't need to call collectSample on each V8StackTraceImpl::capture during collecting profile.
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
BUG=none
R=alph@chromium.org,dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2510823002
Cr-Commit-Position: refs/heads/master@{#41051}
The reasons are:
1) The names dictionaries in the feedback metadata seems to consume a lot of memory
and the idea didn't payoff.
2) The absence of a name parameter blocks data handlers support in LoadGlobalIC.
This CL reverts a part of r37278 (https://codereview.chromium.org/2096653003/).
BUG=chromium:576312, v8:5561
Review-Url: https://codereview.chromium.org/2510653002
Cr-Commit-Position: refs/heads/master@{#41046}
The ScriptBreakpoint struct was before just holding line, column and
condition. It now additionally holds the scriptId.
This encapsulates information nicer, and allows for easier translation
of wasm locations, since one struct now holds all information needed
for the translation.
BUG=chromium:659715
R=yangguo@chromium.org, kozyatinskiy@chromium.org
Review-Url: https://codereview.chromium.org/2491133003
Cr-Commit-Position: refs/heads/master@{#41044}
In order to address a performance issue.
BUG=v8:5512, chromium:664937
Review-Url: https://codereview.chromium.org/2506003002
Cr-Commit-Position: refs/heads/master@{#41041}
Reason for revert:
This was a speculative fix for perf regressions on Nexus 10 and ChromeOS. However, perf graphs after this landed show no improvement, so we should go back to the smaller, simpler code before.
Original issue's description:
> [Turbofan] CodeGenerator for ARM avoids moves from VFP to general regs.
> - Adds VmovExtended, VswpExtended methods to MacroAssembler. These methods
> use only VFP registers to perform s-register moves.
>
> LOG=N
> BUG=v8:4124
TBR=bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2505003002
Cr-Commit-Position: refs/heads/master@{#41039}
The new AccessorAssembler encapsulates all the functionality that's
specific to building LoadIC/StoreIC stubs.
There are two header files (accessor-assembler.h and
accessor-assembler-impl.h) so that clients of the assembler can include
the one, and subclassing assemblers can include the other.
Review-Url: https://codereview.chromium.org/2507733002
Cr-Commit-Position: refs/heads/master@{#41037}
Fixes a bug in ast-graph-builder added in r40965
BUG=chromium:665680
Review-Url: https://codereview.chromium.org/2509643002
Cr-Commit-Position: refs/heads/master@{#41034}
If the strings are both onebyte strings, then use memcmp on the underlying data stores.
BUG=chromium:657747
Review-Url: https://codereview.chromium.org/2502323002
Cr-Commit-Position: refs/heads/master@{#41033}
The operator in question is guaranteed to produce a tagged value that is
not equal to the-hole, it however does not guarantee the value to be a
HeapObject. The correct representation hence is {kTagged}.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-665587
BUG=chromium:665587
Review-Url: https://codereview.chromium.org/2504183002
Cr-Commit-Position: refs/heads/master@{#41032}
The reason is that non-configurability still allows a writable property to become read-only.
BUG=chromium:663750
Review-Url: https://codereview.chromium.org/2508873002
Cr-Commit-Position: refs/heads/master@{#41029}
This is in preparation for introducing more specialized
CodeStubAssembler subclasses. The state object can be handed
around, while the Assembler instances are temporary-scoped.
BUG=v8:5628
Original review: https://codereview.chromium.org/2498073002/
Review-Url: https://codereview.chromium.org/2502293002
Cr-Commit-Position: refs/heads/master@{#41028}
This brings the two utf-8 decoders (bulk + incremental) in line.
Technically, either behaviour was correct, since the utf-8 spec
demands incomplete utf-8 be handled, but does not specify how.
Unicode recommends that "the maximal subpart at that offset
should be replaced by a single U+FFFD," and with this change we
consistently do that. More details + spec references in the bug.
BUG=chromium:662822
Review-Url: https://codereview.chromium.org/2493143003
Cr-Commit-Position: refs/heads/master@{#41025}
Adds a bytecode to set and retrieve the pending message. This avoids a
runtime call in finally blocks, and also ensures that TurboFan builds a
graph using the SetMessage / LoadMessage nodes instead of inserting a
runtime call.
BUG=chromium:662334
Review-Url: https://codereview.chromium.org/2501503005
Cr-Commit-Position: refs/heads/master@{#41023}
Object::GetProperty fails if the given name is a valid array index.
This CL switches to Object::GetPropertyOrElement for lookups of imports.
The new tests check that we now accept numbers as module name or
function name in FFI.
R=ahaas@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2503313002
Cr-Commit-Position: refs/heads/master@{#41022}
We don't need to check for neutered array buffers unless at least one
JSArrayBuffer has been neutered (i.e. detached in TC39 speak). For this
we introduce a protector cell that get's invalidated on first call to
the JSArrayBuffer::Neuter() method.
R=jarin@chromium.org,ulan@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2504163002
Cr-Commit-Position: refs/heads/master@{#41021}
This CL further extends the debug wrapper, migrates around 60 tests, and
removes a few tests that use functionality we will not support anymore.
In more detail:
* Removed tests that use:
* enable/disable individual breakpoints
* invocationText()
* the ScriptCollected event
* showBreakPoints
* evalFromScript (and similar)
* mirror.constructedBy and mirror.referencedBy
* event_data.promise()
* Some frame.evaluate uses were adapted since due to differences between
remote objects (inspector) and mirrors. For instance, exceptions are
currently not recreated exactly, since the inspector protocol does not
give us the stack and message separately. Other objects (such as
'this' in debug-evaluate-receiver-before-super) need to be explicitly
converted to a string before the test works correctly.
* Ensure that inspector stores the script before sending ScriptParsed and
ScriptFailedToParse events in order to be able to use the script from
within those events.
* Better remote object reconstruction (e.g. for undefined and arrays).
* New functionality in wrapper:
* debuggerFlags().breakPointsActive.setValue()
* scripts()
* execState.setVariableValue()
* execState.scopeObject().value()
* execState.scopeObject().property()
* execState.frame().allScopes()
* eventData.exception()
* eventData.script()
* setBreakPointsActive()
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2497973002
Cr-Commit-Position: refs/heads/master@{#41019}
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared doesn't want to compile. Missing export annotation?
Original issue's description:
> [refactoring] Split CodeAssemblerState out of CodeAssembler
>
> This is in preparation for introducing more specialized
> CodeStubAssembler subclasses. The state object can be handed
> around, while the Assembler instances are temporary-scoped.
>
> BUG=v8:5628
TBR=ishell@chromium.org,mstarzinger@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5628
Review-Url: https://codereview.chromium.org/2504913002
Cr-Commit-Position: refs/heads/master@{#41018}
When we have a known JSTypedArray instance at optimization time, i.e. as
in asm.js-like use cases and also when there are global typed arrays that
are tracked via global object property constant tracking, we can generate
more efficient code in that case by specializing to the immutable internal
fields of the JSTypedArray (and the JSArrayBuffer backing it).
R=jarin@chromium.org
BUG=v8:4470,v8:5267
Review-Url: https://codereview.chromium.org/2510553002
Cr-Commit-Position: refs/heads/master@{#41017}
When we don't have a base, and the displacement returned by the
BaseWithIndexAndDisplacement64Matcher cannot be encoded as immediate,
we can still try to utilize the scale factor matching by just using
the displacement as base. This happens when we do indexed memory
accesses to known addresses.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2504123002
Cr-Commit-Position: refs/heads/master@{#41016}
This is in preparation for introducing more specialized
CodeStubAssembler subclasses. The state object can be handed
around, while the Assembler instances are temporary-scoped.
BUG=v8:5628
Review-Url: https://codereview.chromium.org/2498073002
Cr-Commit-Position: refs/heads/master@{#41015}
This was causing array buffer views created by ValueDeserializer to have
uninitialized internal fields, which lead to crashes in layout tests when
Blink tried to read those fields.
For array buffers, JSArrayBuffer::Setup is responsible for this logic
(as well as initializing the V8 fields); this is similar to that.
The runtime already seems to correctly initialize these for script-created
array buffer views as well, which is why this issue was not detected sooner.
Review-Url: https://codereview.chromium.org/2498413002
Cr-Commit-Position: refs/heads/master@{#41014}
Inferred names are currently generated for FunctionLiterals but not generated
for ClassLiterals. Without them, DevTools does not have enough information to
make descriptive descriptions.
E.g.
var x = {y: class{}};
var a = new x.y();
console.log(a);
This shows "Object{}" when it could be more descriptive "x.y {}"
BUG=v8:5621
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
Review-Url: https://codereview.chromium.org/2488193003
Cr-Commit-Position: refs/heads/master@{#41013}
In case of an allocation failure in for-in over holey elements, use precise
number of elements to allocate a smaller buffer for the collected indices.
Drive-by-fix: make is_the_hole accept the isolate for faster checks.
BUG=chromium:609761
Review-Url: https://codereview.chromium.org/2041963003
Cr-Commit-Position: refs/heads/master@{#41010}
ICU now supports uppercasing in Greek via its regular uppercasing API.
So, there's no need to use a slow transliteration API for uppercasing
in Greek.
This CL includes rolling ICU to ICU 58.1.
Besides, drop intl402/Intl/getCanonicalLocales/weird-cases from
test262.status because it passes now with ICU 58.1.
BUG=chromium:637001,v8:5012
Review-Url: https://codereview.chromium.org/2491333003
Cr-Commit-Position: refs/heads/master@{#41009}
Previously, we also used to treat the link as strong, when iterating a promoted
JSFunction.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2506633002
Cr-Commit-Position: refs/heads/master@{#41008}
This CL defines move semantics for String16, and fixes issues with the
hash code not being set correctly on swap or copy.
It also extends the interface by a few handy templates.
All this functionality will be used for the wasm translations, where
String16s are often concatenated and used as keys in hash tables.
BUG=chromium:659715
R=yangguo@chromium.org, kozyatinskiy@chromium.org
Review-Url: https://codereview.chromium.org/2493723003
Cr-Commit-Position: refs/heads/master@{#41007}
Before, we allocated one script per function per instance, and each
script referenced the wasm instance and the function index. Now we only
allocate one script per compiled wasm module, so the script also only
references this WasmCompiledModule, which causes changes to many interfaces.
Instead of fixing the disassemble API only used via debug.js, I decided
to drop it for now. Some later CL will reintroduce it via
DebugInterface.
BUG=v8:5530,chromium:659715
R=yangguo@chromium.org, titzer@chromium.orgCC=jgruber@chromium.org
Review-Url: https://codereview.chromium.org/2493823003
Cr-Commit-Position: refs/heads/master@{#41004}
It always throws an exception in the cases that it fails, so throwing another
doesn't help things.
BUG=chromium:664416
Review-Url: https://codereview.chromium.org/2495393002
Cr-Commit-Position: refs/heads/master@{#40999}
Avoid using the iterator for arrays with fast elements where the iterator has
not been modified.
Only deals with the case where there is a single spread argument.
Improves the six-speed "spread" benchmark to 1.5x slower than baseline es5 implementation, compared to 19x slower previously.
BUG=v8:5511
Review-Url: https://codereview.chromium.org/2465253011
Cr-Commit-Position: refs/heads/master@{#40998}
When generating snapshot on a machine with a different page size than
the target machine, we can run into problems as the v8 page area size
changes. This is because v8 has page guards which depend on os page
size, so if the target has larger os page, v8 page area is smaller and
may not fit the contents.
The solution proposed here is adding a flag, v8_os_page_size, that
would, if used, override local os page size and use the one specified
during snapshot generation.
BUG=
Review-Url: https://codereview.chromium.org/2488403003
Cr-Commit-Position: refs/heads/master@{#40997}
Since the liveness analysis's non-live value clearing rebuilds the state
value trees, we don't need to be smart when creating state values in the
initial graph building. This simplifies both the building and the
iteration over the state values by the liveness analyzer.
Review-Url: https://codereview.chromium.org/2495413003
Cr-Commit-Position: refs/heads/master@{#40996}
This reverses the printing scheme for the flag in question to make it
print the "positive" analysis results (i.e. variable never assigned)
instead of the "negative" results (i.e. variable maybe assigned). This
helps to spot false-positives which are much more dangerous in practice
compared to missed optimization opportunities.
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2498353002
Cr-Commit-Position: refs/heads/master@{#40993}
The patch optimizes the generation of code for kMips[64]Tst in code-generator-mips[64].cc.
We allow usage of immediate for kMips[64]Tst in VisitWordCompare in order to remove
an unnecessary immediate load to register. This fix is motivated by Richards benchark
in Octane benchmark suite, since it is used a lot there.
BUG=
Review-Url: https://codereview.chromium.org/2503833002
Cr-Commit-Position: refs/heads/master@{#40992}
Makes FunctionTemplate::HasInstance follow the hidden prototype chain
for a global proxy object and return true if the global object passes
the test.
BUG=
Review-Url: https://codereview.chromium.org/2500363002
Cr-Commit-Position: refs/heads/master@{#40989}
Currently, we are using the following sequence for load/store
with large offset (offset > 16b):
lui at, 0x1234
ori at, at, 0x5678
add at, s0, at
lw a0, 0(at)
This sequence can be optimized in the following way:
lui at, 0x1234
add at, s0, at
lw a0, 0x5678(at)
BUG=
Review-Url: https://codereview.chromium.org/2503493002
Cr-Commit-Position: refs/heads/master@{#40988}
Port 0322c20d17
Original commit message:
When storing an immediate integer or floating point zero, use the zero register
as the source value. This avoids the need to sometimes allocate a new register.
BUG=
Review-Url: https://codereview.chromium.org/2470133005
Cr-Commit-Position: refs/heads/master@{#40987}
This is to fix the performance regression by avoiding creation of a frame
in LoadIC dispatcher caused by complicated logic of CSA::EmitLoadICProtoArrayCheck().
BUG=v8:5561, chromium:660795
Review-Url: https://codereview.chromium.org/2496333002
Cr-Commit-Position: refs/heads/master@{#40986}
This shares the pending_error_handler from the parser to the preparser, allowing the preparser to directly log errors to it. This removes LogMessage from the loggers. ParserLogger::LogMessage was already unused, so this also removes error info from the preparse data altogether.
BUG=
Review-Url: https://codereview.chromium.org/2502633002
Cr-Commit-Position: refs/heads/master@{#40984}
Extract CSA::HandleLoadICSmiHandlerCase() from CSA::HandleLoadICHandlerCase() and
CSA::EmitLoadICProtoArrayCheck() from CSA::HandleLoadICProtoHandler().
This is a preliminary step for extracting LoadICProtoArrayCheck to a separate stub
which is necesary to fix the preformance regression caused by proto array
handlers support.
BUG=v8:5561, chromium:660795
Review-Url: https://codereview.chromium.org/2498013002
Cr-Commit-Position: refs/heads/master@{#40983}
A small change that brings a lot of benefit since it is used in a lot
of places.
BUG=
Review-Url: https://codereview.chromium.org/2477453005
Cr-Commit-Position: refs/heads/master@{#40982}
Fix two bugs with the runtime-profiler optimization heuristics for
interpreted code:
- Reset shared->tick_count for interpreted functions when optimizing
- Update ticks after checking whether to optimize functions, to be the
same as the FCG profiler checks (where updates are done to the code
ticks after deciding whether to optimize).
BUG=chromium:662071
Review-Url: https://codereview.chromium.org/2497933002
Cr-Commit-Position: refs/heads/master@{#40978}
This CL adds the function verification option to the module decoder.
Therefore we can remove the verification in wasm-module-runner.cc
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2496203002
Cr-Commit-Position: refs/heads/master@{#40977}
SourcePosition::InliningId() refers to a the new table DeoptimizationInputData::InliningPositions(), which provides the following data for every inlining id:
- The inlined SharedFunctionInfo as an offset into DeoptimizationInfo::LiteralArray
- The SourcePosition of the inlining. Recursively, this yields the full inlining stack.
Before the Code object is created, the same information can be found in CompilationInfo::inlined_functions().
If SourcePosition::InliningId() is SourcePosition::kNotInlined, it refers to the outer (non-inlined) function.
So every SourcePosition has full information about its inlining stack, as long as the corresponding Code object is known. The internal represenation of a source position is a positive 64bit integer.
All compilers create now appropriate source positions for inlined functions. In the case of Turbofan, this required using AstGraphBuilderWithPositions for inlined functions too. So this class is now moved to a header file.
At the moment, the additional information in source positions is only used in --trace-deopt and --code-comments. The profiler needs to be updated, at the moment it gets the correct script offsets from the deopt info, but the wrong script id from the reconstructed deopt stack, which can lead to wrong outputs. This should be resolved by making the profiler use the new inlining information for deopts.
I activated the inlined deoptimization tests in test-cpu-profiler.cc for Turbofan, changing them to a case where the deopt stack and the inlining position agree. It is currently still broken for other cases.
The following additional changes were necessary:
- The source position table (internal::SourcePositionTableBuilder etc.) supports now 64bit source positions. Encoding source positions in a single 64bit int together with the difference encoding in the source position table results in very little overhead for the inlining id, since only 12% of the source positions in Octane have a changed inlining id.
- The class HPositionInfo was effectively dead code and is now removed.
- SourcePosition has new printing and information facilities, including computing a full inlining stack.
- I had to rename compiler/source-position.{h,cc} to compiler/compiler-source-position-table.{h,cc} to avoid clashes with the new src/source-position.cc file.
- I wrote the new wrapper PodArray for ByteArray. It is a template working with any POD-type. This is used in DeoptimizationInputData::InliningPositions().
- I removed HInlinedFunctionInfo and HGraph::inlined_function_infos, because they were only used for the now obsolete Crankshaft inlining ids.
- Crankshaft managed a list of inlined functions in Lithium: LChunk::inlined_functions. This is an analog structure to CompilationInfo::inlined_functions. So I removed LChunk::inlined_functions and made Crankshaft use CompilationInfo::inlined_functions instead, because this was necessary to register the offsets into the literal array in a uniform way. This is a safe change because LChunk::inlined_functions has no other uses and the functions in CompilationInfo::inlined_functions have a strictly longer lifespan, being created earlier (in Hydrogen already).
BUG=v8:5432
Review-Url: https://codereview.chromium.org/2451853002
Cr-Commit-Position: refs/heads/master@{#40975}
CodeAssembler::CallRuntime() with 5 arguments was declared but
not implemented.
BUG=
Review-Url: https://codereview.chromium.org/2503523002
Cr-Commit-Position: refs/heads/master@{#40973}
In captured stack traces, all lines and columns must be 1-based.
Even though this makes things a bit ugly, we have to comply also for
wasm locations, where line and column encode function index and byte
offset (both are originally 0-based).
If we don't comply, the frontend might complain, as e.g. DevTools does.
BUG=chromium:659715
R=yangguo@chromium.org, kozyatinskiy@chromium.orgCC=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2493943002
Cr-Commit-Position: refs/heads/master@{#40971}
Using indices rather than pointers to probe the hashmap lets us
unconditionally mask the index to ensure it wraps around, rather than
branching on the pointer value. This produces slightly more optimal
code.
Review-Url: https://codereview.chromium.org/2488423003
Cr-Commit-Position: refs/heads/master@{#40967}
This removes the POSSIBLY_EVAL_CALL call type, and instead uses OTHER_CALL
or WITH_CALL to decide whether to do the special LOOKUP_SLOT_CALL runtime
call to find the callee and possibly update the receiver with the with-object.
This means that eval calls out of 'with' blocks can now just do a normal
LdaLookupGlobalSlot operation, which can check the context chain for eval
extentions and fast-path the lookup if none exist.
BUG=661556
Review-Url: https://codereview.chromium.org/2487483004
Cr-Commit-Position: refs/heads/master@{#40965}
Reason for revert:
It's probably needed after all but we're lacking tests.
Original issue's description:
> [ast] Simplify FetchFreeVariables.
>
> This CL removes the ParseInfo argument from FetchFreeVariables, since it seems
> to have become unnecessary.
>
> R=verwaest@chromium.org
> BUG=
TBR=verwaest@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review-Url: https://codereview.chromium.org/2495293002
Cr-Commit-Position: refs/heads/master@{#40964}
This fixes the bogus {Word32Equal} comparison in the ToString builtin
implementing Object.prototype.toString to be a pointer-size {WordEqual}
comparison instead. Comparing just the lower half-word is insufficient
on 64-bit architectures.
R=jgruber@chromium.org
TEST=mjsunit/regress/regress-crbug-664506
BUG=chromium:664506
Review-Url: https://codereview.chromium.org/2496043003
Cr-Commit-Position: refs/heads/master@{#40963}
This replaces LOOKUP_SLOT_CALL with WITH_CALL, and relies on regular lookup-slot handling in variable load to support other lookup slots (variables resolved in the context of sloppy eval). This allows optimizations for such variable loads to kick in for calls as well. We only need special handling for function calls in the context of with, since it changes the receiver of the call from undefined/global to the with-object.
This currently doesn't yet make it work for the direct eval call itself, since the POSSIBLY_EVAL_CALL flag is also used to deal with direct eval later.
BUG=
Review-Url: https://codereview.chromium.org/2480253006
Cr-Commit-Position: refs/heads/master@{#40962}
Reason for revert:
Seems to break GC stress.
Original issue's description:
> [turbofan] Fix deoptimization of boolean bit constants.
>
> BUG=chromium:664490
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:664490
Review-Url: https://codereview.chromium.org/2502613002
Cr-Commit-Position: refs/heads/master@{#40961}
Reason for revert:
Breaks CQ trybots now, i.e. https://build.chromium.org/p/tryserver.v8/builders/v8_linux_mipsel_compile_rel/builds/24703/steps/compile%20with%20ninja/logs/stdio
Original issue's description:
> MIPS: Optimize load/store with large offset
>
> Currently, we are using the following sequence for load/store with large offset (offset > 16b):
>
> lui at, 0x1234
> ori at, at, 0x5678
> add at, s0, at
> lw a0, 0(at)
>
> This sequence can be optimized in the following way:
>
> lui at, 0x1234
> add at, s0, at
> lw a0, 0x5678(at)
>
> BUG=
TBR=ivica.bogosavljevic@imgtec.com,miran.karic@imgtec.com,v8-mips-ports@googlegroups.com,dusan.simicic@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2500863003
Cr-Commit-Position: refs/heads/master@{#40959}
This helps if the polymorhpic case has other maps with fast accesses.
In box2d (with high number of iterations and warm-up), we spend about 2.7% of running time in StoreIC; after this change it is only 0.2%.
Review-Url: https://codereview.chromium.org/2494673002
Cr-Commit-Position: refs/heads/master@{#40957}
We are removing use of the debugger context. When the debugger triggers
compilation, we may not have a context from which to create a JSArray.
R=ishell@chromium.org
BUG=chromium:664577
Review-Url: https://codereview.chromium.org/2479123002
Cr-Commit-Position: refs/heads/master@{#40956}
Currently, we are using the following sequence for load/store with large offset (offset > 16b):
lui at, 0x1234
ori at, at, 0x5678
add at, s0, at
lw a0, 0(at)
This sequence can be optimized in the following way:
lui at, 0x1234
add at, s0, at
lw a0, 0x5678(at)
BUG=
Review-Url: https://codereview.chromium.org/2486283003
Cr-Commit-Position: refs/heads/master@{#40953}
Changes include:
- Adding V8_EXPORT macro for SnapshotCreator
- Removing outdated DCHECKs.
- Allow nullptr as external reference. This required a...
- Refactoring of hashmaps used by the serializer.
- Remove external references for counters. These are not used
anywhere for isolates that are being serialized.
- Put template infos into the partial snapshot cache.
- Remove unnecessary presubmit check for external references.
mksnapshot crashes if external references are missing.
R=jochen@chromium.org, vogelheim@chromium.org
BUG=chromium:617892
Review-Url: https://codereview.chromium.org/2490783004
Cr-Commit-Position: refs/heads/master@{#40949}
Port 1915762cc8
Original commit message:
These JavaScript operators were special hacks to ensure that we always
operate on Smis for the magic for-in index variable, but this never
really worked in the OSR case, because the OsrValue for the index
variable didn't have the proper information (that we have for the
JSForInPrepare in the non-OSR case).
Now that we have loop induction variable analysis and binary operation
hints, we can just use JSLessThan and JSAdd instead with appropriate
Smi hints, which handle the OSR case by inserting Smi checks (that are
always true). Thanks to OSR deconstruction and loop peeling these Smi
checks will be hoisted so they don't hurt the OSR case too much.
Drive-by-change: Rename the ForInDone bytecode to ForInContinue, since
we have to lower it to JSLessThan to get the loop induction variable
goodness.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2502503002
Cr-Commit-Position: refs/heads/master@{#40947}
Several weeks have now passed since it was deprecated; Chromium does not
call it.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2478863002
Cr-Commit-Position: refs/heads/master@{#40945}
- Creates a new promise-utils.{h, cc} which refactors out the
logic to create resolving functions. This is shared between the
runtime functions and builtins.
- Changes PromiseResolveThenableJobInfo to store the context
since we no longer create the resolving functions in JS.
- Changes EnqueuPromiseResolveThenableJob to take in the promise and
not the callbacks.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2487053002
Cr-Commit-Position: refs/heads/master@{#40941}
- Adds VmovExtended, VswpExtended methods to MacroAssembler. These methods
use only VFP registers to perform s-register moves.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2497483002
Cr-Commit-Position: refs/heads/master@{#40939}
GetSharedFunctionInfo will compile inner functions if we get the
compile-eager hint, even if the shared function info already exists, and
the function already has been compiled. This breaks suspended generator
objects.
R=mstarzinger@chromium.org, neis@chromium.org
BUG=v8:5575
Review-Url: https://codereview.chromium.org/2494043002
Cr-Commit-Position: refs/heads/master@{#40936}
Methods in the runtime that enumerate over properties should never deal with private symbols. Most commonly such methods only loop over enumerable properties. This fix avoids accidentally handling private symbols in methods that only deal with enumerable properties. Methods that need to look at non-enumerable properties as well still have to manually filter private symbols (e.g., the KeyAccumulator).
BUG=chromium:664411
Review-Url: https://codereview.chromium.org/2499593002
Cr-Commit-Position: refs/heads/master@{#40932}
Fixes incorrect checks for handle validity when checking the compiled
code, as well as incorrect uses of tst in arm and ppc flag checking
code. Also adds a test that the tier-up works correctly.
Reland of https://codereview.chromium.org/2448933002
BUG=v8:5512
Review-Url: https://codereview.chromium.org/2497573003
Cr-Commit-Position: refs/heads/master@{#40930}
Reason for revert:
Revert because it depends on https://codereview.chromium.org/2478323002/ which has been reverted.
Original issue's description:
> [compiler] Enable shared function marking by default
>
> BUG=v8:5512
TBR=bmeurer@chromium.org,leszeks@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5512
Review-Url: https://codereview.chromium.org/2491643006
Cr-Commit-Position: refs/heads/master@{#40926}
ToName conversion, i.e., ToPropertykey() is the
identify for strings and symbols.
BUG=v8:5623
Review-Url: https://codereview.chromium.org/2494073002
Cr-Commit-Position: refs/heads/master@{#40924}
This adds a new ExternalPointer type, which is an Internal type that is
used for ExternalReferences and other pointer values, like the pointers
into the asm.js heap. It also adds a PointerConstant operator, which we
use to represents these raw constants (we can probably remove that
particular operator again once WebAssembly ships with the validator).
R=mvstanton@chromium.org
BUG=v8:5267,v8:5270
Review-Url: https://codereview.chromium.org/2494753003
Cr-Commit-Position: refs/heads/master@{#40923}
According to the spec data segments are allowed even if the memory size
is zero. However, if one of the data segments has a length greater than
0, then module instantiation should fail.
I also changed the exception type in LoadDataSegments to TypeError,
because that's the exception type for all exceptions which can happen
during instantiation.
R=titzer@chromium.org, rossberg@chromium.org
TEST=cctest/test-run-wasm-module/EmptyMemoryEmptyDataSegment, cctest/test-run-wasm-module/EmptyMemoryNonEmptyDataSegment
Review-Url: https://codereview.chromium.org/2483053005
Cr-Commit-Position: refs/heads/master@{#40922}
A SmiUntag() was missing when loading the old backing store's length.
BUG=chromium:664469
Review-Url: https://codereview.chromium.org/2492783004
Cr-Commit-Position: refs/heads/master@{#40921}
Fixes incorrect checks for handle validity when checking the compiled
code, as well as incorrect uses of tst in arm and ppc flag checking
code. Also adds a test that the tier-up works correctly.
Review-Url: https://codereview.chromium.org/2478323002
Cr-Commit-Position: refs/heads/master@{#40915}
This CL moves all heap-allocated WASM data structures, both ones
that are bonafide JSObjects and ones that are FixedArrays only, into a
consistent place with consistent layout. Note that not all accessors are complete, and I haven't fully spread the new static typing goodness
to all places in the code.
R=ahaas@chromium.org,rossberg@chromium.org
CC=gdeepti@chromium.org,mtrofin@chromium.org,clemensh@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2490663002
Cr-Commit-Position: refs/heads/master@{#40913}
And decouple hydrogen-instructions.h from code-stubs.h. This avoids
all of Crankshaft being recompiled when code-stub-assembler.h changes.
Review-Url: https://codereview.chromium.org/2498563002
Cr-Commit-Position: refs/heads/master@{#40912}
This enables the on-stack replacement mechanism from Ignition bytecode
to TurboFan optimized code by default. The runtime profiler is now
allowed to arm OSR points in bytecode.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2432413004
Cr-Commit-Position: refs/heads/master@{#40911}
Fast case the monomorphic case, by marking the additional checks as deferred
blocks. This increases the code size by about 50 bytes, but the monmorphic
case requires one fewer jump and the all the code is contiguous, so may help
caching.
Also cleanup call and new bytecode handlers by changing some of the Branches
to GotoIf/Unless for better readability.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2487573005
Cr-Commit-Position: refs/heads/master@{#40910}
Utilize the string length protector to deoptimize if the resulting
string length for string addition overflows. This way we generate
less code here and avoid holding on to the lazy frame state, and
thus potentially reduce the number live ranges.
BUG=v8:5267,v8:5404
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2491943004
Cr-Commit-Position: refs/heads/master@{#40909}
The contract for TurboFan is that we use NumberConstants for any kind
of number value until the representation selection picks concrete
representations, i.e. Int32Constant or Float64Constant. We will soon
be able to also guard this contract with DCHECKs.
BUG=v8:5267
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2499573002
Cr-Commit-Position: refs/heads/master@{#40908}
Record feedback for moved pages. Aligns the behavior of the copying and moving
evacuator.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2494723002
Cr-Commit-Position: refs/heads/master@{#40905}
- A new runtime function (%create_resolving_functions) is installed to
call the CreateResolvingFunctions builtin from JS.
- Three new builtins are created - resolve and reject functions and a
third function that creates a new JSFunctions from these
resolve/reject builtins.
- The promise reject function is installed on the context temporarily
as internal_promise_reject. This should go away once we remove
PromiseSet.
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2459283004
Cr-Commit-Position: refs/heads/master@{#40903}
According to the spec, import wrappers are only generated for JavaScript
functions, not for WebAssembly function. If an imported WebAssembly
function does not have the expected type, then a type error is thrown.
R=titzer@chromium.org, rossberg@chromium.org
TEST=mjsunit/wasm/test-import-export-wrapper
Review-Url: https://codereview.chromium.org/2486943005
Cr-Commit-Position: refs/heads/master@{#40901}
