When the instance has imported memory, calling GrowMemory should update the memory object to have a consistent view of the memory. This fixes the failing emscripten test case, added a reduced test that simulates the same behavior.
R=titzer@chromium.org, dschuff@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2438673006
Cr-Commit-Position: refs/heads/master@{#40490}
Reason for revert:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Android%20Arm64%20-%20builder/builds/4851
Original issue's description:
> Update implementation of atomics with latest Chromium version but use compiler builtin atomics
>
> Ideally, we would use the standard library. However, when we are compiling against an older version of the standard library the atomic implementation may be slow.
>
> BUG=
TBR=mlippautz@chromium.org,ulan@chromium.org,jarin@chromium.org,hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://chromiumcodereview.appspot.com/2438983002
Cr-Commit-Position: refs/heads/master@{#40489}
Ideally, we would use the standard library. However, when we are compiling against an older version of the standard library the atomic implementation may be slow.
BUG=
Review-Url: https://chromiumcodereview.appspot.com/2425963002
Cr-Commit-Position: refs/heads/master@{#40488}
* introduced DebugInterface::PrepareStep and DebugInterface::ClearStepping method.
Inspector calls these methods only on pause and not interseted in calling this for not current break_id so we don't need to expose debug interface with break_id argument and can only check that current break_id is valid.
BUG=chromium:652939,v8:5510
R=yangguo@chromium.org,dgozman@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
Review-Url: https://chromiumcodereview.appspot.com/2423153002
Cr-Commit-Position: refs/heads/master@{#40483}
Reason for revert:
Revert, because of crbug.com/656959.
Original issue's description:
> Speedup access to global_proxy.* attributes/accessors.
>
> Using a global proxy (e.g. 'window.f', 'w.f' or 'this.f') is considerably slower than evaluating just 'f'. This CL aims to perform the necessary checks at compile time and inline the accesses.
>
> This is a follow-on CL to crrev.com/2369933005:
> - The initial upload is crrev.com/2369933005 + a rebase.
> - The remaining issues are the fixes requested by the reviewers on that CL.
>
> BUG=chromium:634276, chromium:654716
>
> Committed: https://crrev.com/8f43d748272536117008aa6a1b53ea52126261c1
> Committed: https://crrev.com/041314524952a3c1bc71bd3beafbbb37319f1d22
> Cr-Original-Commit-Position: refs/heads/master@{#40153}
> Cr-Commit-Position: refs/heads/master@{#40365}
TBR=jochen@chromium.org,verwaest@chromium.org
NOTRY=true
NOPRESUBMIT=true
BUG=chromium:634276, chromium:654716
Review-Url: https://chromiumcodereview.appspot.com/2434233002
Cr-Commit-Position: refs/heads/master@{#40481}
Move hole check logic from full-codegen into scope analysis, and store the
"needs hole check" bit on VariableProxy. This makes it easy to re-use in
any backend: it will be trivial to extend the use of this logic in, e.g.,
full-codegen variable stores.
While changing the signatures of the variable loading/storing methods in
Ignition, I took the liberty of replacing the verb "Visit" with "Build", since these
are not part of AST visiting.
BUG=v8:5460
Review-Url: https://chromiumcodereview.appspot.com/2411873004
Cr-Commit-Position: refs/heads/master@{#40479}
Added a size constraint to the configuration to limit the segment pool.
This will likely fix the memory alerts from small android devices.
BUG=chromium:655129
Review-Url: https://chromiumcodereview.appspot.com/2424393002
Cr-Commit-Position: refs/heads/master@{#40476}
The wasm specification does not fully specify the binary representation
of NaN: the sign bit can be non-deterministic. The wasm-code fuzzer
found a test case where the wasm interpreter and the compiled code
produce a different sign bit for a NaN, and as a consequence they
produce different results.
With this CL the interpreter tracks whether it executed an instruction
which can produce a NaN, which are div and sqrt instructions. The
fuzzer uses this information and compares the result of the interpreter
with the result of the compiled code only if there was no instruction
which could have produced a NaN.
R=titzer@chromium.org
TEST=cctest/test-run-wasm-interpreter/TestMayProduceNaN
BUG=chromium:657481
Review-Url: https://chromiumcodereview.appspot.com/2438603003
Cr-Commit-Position: refs/heads/master@{#40474}
When allocating for splinters, we were prematurely reverting to the
hot range behavior, even when the range didn't actually have any
positions requiring a register. This could cause unnecessary moves.
BUG=
Review-Url: https://chromiumcodereview.appspot.com/2436813003
Cr-Commit-Position: refs/heads/master@{#40472}
Add support to collect feedback about oddballs for Bitwise binary operations and
Increment and decrement operations. For the case of Oddballs the code to convert
them to numbers is inlined into the handlers instead of calling the
NonNumberToNumber Stub.
BUG=v8:4280, v8:5400
Review-Url: https://chromiumcodereview.appspot.com/2407103003
Cr-Commit-Position: refs/heads/master@{#40468}
SEB and SEH instructions are not available on MIPS32R1. This caused several failures on
MIPS32R1 in mjsunit/wasm/* and mjsunit/asm test suites.
This fix simulates these instruction in MacroAssembler for those architectures that do not support them.
TEST=mjsunit/asm/sqlite3/sqlite-pointer-masking,mjsunit/wasm/embenchen/lua_binarytrees
BUG=
Review-Url: https://chromiumcodereview.appspot.com/2434973002
Cr-Commit-Position: refs/heads/master@{#40467}
This CL also introduces IsSetWord<T>(..) and IsSetWord32<T>(..) operations
to ease checking if the bit field is set or not.
BUG=
Review-Url: https://chromiumcodereview.appspot.com/2436893003
Cr-Commit-Position: refs/heads/master@{#40466}
Reason for revert:
Performance regression on arm64: crbug.com/657776
Original issue's description:
> [heap] Start sweeper tasks after evacuation.
>
> This allows us to use more tasks for parallel evacuation.
>
> BUG=
TBR=mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://chromiumcodereview.appspot.com/2440693002
Cr-Commit-Position: refs/heads/master@{#40465}
This enables Ignition unconditionally for all code that is destined for
optimization with TurboFan. This ensures all optimization attempts will
go through the BytecodeGraphBuilder and that the AstGraphBuilder pipe is
dried out in practice.
R=mvstanton@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2427953002
Cr-Commit-Position: refs/heads/master@{#40462}
Currently it is possible to get into a cycle of
mark-compact -> memory reducer -> mark-compact -> memory reducer ...
where the memory reducer does not free memory.
This patch ensures that the memory reducer restarts only if the
committed memory increased by sufficient amount after the last run.
BUG=
Review-Url: https://chromiumcodereview.appspot.com/2433933005
Cr-Commit-Position: refs/heads/master@{#40457}
Reason for revert:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/10808https://github.com/v8/v8/wiki/Blink-layout-tests
Original issue's description:
> [inspector] migrate stepping related methods to debug-interface
>
> * introduced DebugInterface::PrepareStep and DebugInterface::ClearStepping method.
> Inspector calls these methods only on pause and not interseted in calling this for not current break_id so we don't need to expose debug interface with break_id argument and can only check that current break_id is valid.
>
> BUG=chromium:652939,v8:5510
> R=yangguo@chromium.org,dgozman@chromium.org
TBR=yangguo@chromium.org,dgozman@chromium.org,kozyatinskiy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:652939,v8:5510
Review-Url: https://chromiumcodereview.appspot.com/2441583002
Cr-Commit-Position: refs/heads/master@{#40455}
port 9902368259 (r40446)
original commit message:
The scheduler expects a trimmed graph, so we have to trim the graph
before scheduling.
BUG=
Review-Url: https://chromiumcodereview.appspot.com/2431213003
Cr-Commit-Position: refs/heads/master@{#40454}
This makes the creation of frame states "before" and "after" node
sequences explicit in the {BytecodeGraphBuilder}. This removes some
complexity and also allows us to ellide redundant {Checkpoint} nodes
before operations that don't actually eager deoptimize.
In this change such redundant {Checkpoint} nodes have been removed for
arguments object and rest array creation bytecodes. The frame states
used in such {Checkpoint} nodes were actually bogus because they would
resume bytecode execution before the {new.target} value is assigned to
its respective variable.
R=jarin@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2437683003
Cr-Commit-Position: refs/heads/master@{#40453}
* introduced DebugInterface::PrepareStep and DebugInterface::ClearStepping method.
Inspector calls these methods only on pause and not interseted in calling this for not current break_id so we don't need to expose debug interface with break_id argument and can only check that current break_id is valid.
BUG=chromium:652939,v8:5510
R=yangguo@chromium.org,dgozman@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2423153002
Cr-Commit-Position: refs/heads/master@{#40450}
We introduced TracedValue into V8 tracing previously, this patch uses it to
build JSON string of runtime statistics instead of using stringstream as buffer.
BUG=v8:5089
LOG=N
Review-Url: https://chromiumcodereview.appspot.com/2418303002
Cr-Commit-Position: refs/heads/master@{#40443}
Moving the rest of the debugging code is blocked on making IsPromise inlinable.
BUG=v8:5343
Review-Url: https://chromiumcodereview.appspot.com/2431793003
Cr-Commit-Position: refs/heads/master@{#40440}
Taking similar approach as ia32 which also has 1 return register
eax (as per ia32's ABI) but uses edx as return register as well.
This will fix some failures on s390x where a function returns 2
values.
R=titzer@chromium.org, bmeurer@chromium.org
BUG=
LOG=N
Review-Url: https://chromiumcodereview.appspot.com/2426233002
Cr-Commit-Position: refs/heads/master@{#40439}
For fullcodegen the RuntimeProfiler has a shortcut that allows it to
tier up small functions earlier, when enough type feedback is available.
Port the same optimization for the Ignition+TurboFan pipeline.
R=mstarzinger@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2427283004
Cr-Commit-Position: refs/heads/master@{#40435}
This CL refactors the handling of metadata associated with WebAssembly
modules to reduce the duplicate marshalling of data from the C++ world
to the JavaScript world. It does this by wrapping the C++ WasmModule*
object in a Foreign that is rooted from the on-heap WasmCompiledModule
(which is itself just a FixedArray). Upon serialization, the C++ object
is ignored and the original WASM wire bytes are serialized. Upon
deserialization, the C++ object is reconstituted by reparsing the bytes.
This is motivated by increasing complications in implementing the JS
API, in particular WebAssembly.Table, which must perform signature
canonicalization across instances.
Additionally, this CL implements the proper base + offset initialization
behavior for tables.
R=rossberg@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org,yangguo@chromium.org
BUG=v8:5507, chromium:575167, chromium:657316
Review-Url: https://chromiumcodereview.appspot.com/2424623002
Cr-Commit-Position: refs/heads/master@{#40434}
For binary operations that collect feedback (in Ignition), don't
canonicalize when the operation itself is already performed in
Float64. This is the first step to fix the performance difference
we still see between TurboFan and TurboFan+Ignition.
R=mythria@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2431363002
Cr-Commit-Position: refs/heads/master@{#40428}
During JSTypedLowering we can decide to insert PlainPrimitiveToNumber
operators on the inputs to still utilize pure Number operators, when
the type feedback on the numeric binary operation is NumberOrOddball.
However that is not beneficial if the inputs can be Strings, that is
we cannot statically rule out String based on input type, as that
inserts a ToNumber stub call into the hot code path.
This repairs the NavierStokes regression with Ignition on Octane.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/2432143003 .
Cr-Commit-Position: refs/heads/master@{#40427}
Similar to http://crrev.com/2410883003 we don't need to do a minus zero
check for the right hand side of CheckedInt32Add, because we already
know that the left hand side cannot be minus zero, and the only way that
addition can yield -0 is (-0) + (-0).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/2431233003 .
Cr-Commit-Position: refs/heads/master@{#40421}
Using uint32 to store the the number of control outputs allows WebAssembly switches to have more than 2^16 case.
BUG=v8:5531
TEST=mjsunit/regress/wasm/regression-5531
R=titzer@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2425983002
Cr-Commit-Position: refs/heads/master@{#40420}
When the input to Number.parseInt is a HeapNumber in Signed32 range, we
can just return the (truncated) input value (i.e. we need to map -0 to
0 due to the ToString conversion).
R=jarin@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2432923002
Cr-Commit-Position: refs/heads/master@{#40419}
port 308788b306 (r40397)
original commit message:
Consistently collect CallIC feedback in fullcodegen and Ignition, even
for possibly direct eval calls, that were treated specially so far, for
no apparent reason. With the upcoming SharedFunctionInfo based CallIC
feedback, we might be able to even inline certain direct eval calls, if
they manage to hit the eval cache. More importantly, this patch
simplifies the collection and dealing with CallIC feedback (and as a
side effect fixes an inconsistency with feedback for super constructor
calls).
BUG=
Review-Url: https://chromiumcodereview.appspot.com/2429623005
Cr-Commit-Position: refs/heads/master@{#40416}
* introduced v8::DebugInterface::ChangeBreakOnException(Isolate*,ExceptionBreakState);
* migrated inspector to new API;
* added cctest for new API;
* added inspector test for setPauseOnExceptionState.
BUG=chromium:652939,v8:5510
R=dgozman@chromium.org,yangguo@chromium.org
Review-Url: https://chromiumcodereview.appspot.com/2396193002
Cr-Commit-Position: refs/heads/master@{#40413}
Port 308788b306
Original commit message:
Consistently collect CallIC feedback in fullcodegen and Ignition, even
for possibly direct eval calls, that were treated specially so far, for
no apparent reason. With the upcoming SharedFunctionInfo based CallIC
feedback, we might be able to even inline certain direct eval calls, if
they manage to hit the eval cache. More importantly, this patch
simplifies the collection and dealing with CallIC feedback (and as a
side effect fixes an inconsistency with feedback for super constructor
calls).
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2425243003
Cr-Commit-Position: refs/heads/master@{#40412}
Add support to collect feedback about oddballs in Add, Mul, Div and Modulus stubs.
Turbofan uses NumberOrOddball feedback to reduce the number of deoptimizations.
BUG=v8:4280, v8:5400
LOG=N
Review-Url: https://codereview.chromium.org/2406263002
Cr-Commit-Position: refs/heads/master@{#40407}
BranchIf and helpers were introduced when exporting the schedule from the RawMachineAssembler was not ensuring that the CFG was well-form. These methods, that were used to introduce blocks to ensure edge-split form, are now unnecessary.
BUG=
Review-Url: https://codereview.chromium.org/2426923002
Cr-Commit-Position: refs/heads/master@{#40402}
These intrinsics are unused now, and so we can drop all the code in
fullcodegen and Crankshaft that deals with those. TurboFan and Ignition
never tried to optimize those.
R=mstarzinger@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2427673004
Cr-Commit-Position: refs/heads/master@{#40401}
MIPS64 doesn't support Word32 compare instructions. Instead it relies
that the values in registers are correctly sign-extended and uses
Word64 comparison instead. This behavior is correct in most cases,
but doesn't work when comparing signed with unsigned operands.
The solution proposed here tries to match a comparison of signed
with unsigned operand, and perform Word32Compare simulation only
in those cases. Unfortunately, the solution is not complete because
it might skip cases where Word32 compare simulation is needed, so
basically it is a hack.
BUG=
TEST=mjsunit/compiler/uint32
Review-Url: https://codereview.chromium.org/2391393003
Cr-Commit-Position: refs/heads/master@{#40398}
Consistently collect CallIC feedback in fullcodegen and Ignition, even
for possibly direct eval calls, that were treated specially so far, for
no apparent reason. With the upcoming SharedFunctionInfo based CallIC
feedback, we might be able to even inline certain direct eval calls, if
they manage to hit the eval cache. More importantly, this patch
simplifies the collection and dealing with CallIC feedback (and as a
side effect fixes an inconsistency with feedback for super constructor
calls).
R=mvstanton@chromium.org, mythria@chromium.org
BUG=v8:2206,v8:4280,v8:5267
Review-Url: https://codereview.chromium.org/2426693002
Cr-Commit-Position: refs/heads/master@{#40397}
When inlining JSCallConstruct in turbofan, receiver is initialized to model
the behaviour of constructor. When an implicit receiver is not required the
receiver value should be set to the hole value instead of undefined value.
When initializing the receiver via super calls, we check that the receiver
is the hole value.
BUG=chromium:653407
Review-Url: https://codereview.chromium.org/2424123002
Cr-Commit-Position: refs/heads/master@{#40396}
The CL #40373 (https://codereview.chromium.org/2405253006 ) caused a Gcc compilation error.
The error message was:
../src/code-stub-assembler.cc: In member function ‘v8::internal::compiler::Node* v8::internal::CodeStubAssembler::CreateArrayIterator(v8::internal::compiler::Node*, v8::internal::compiler::Node*, v8::internal::compiler::Node*, v8::internal::compiler::Node*, v8::internal::IterationKind)’:
../src/code-stub-assembler.cc:7909:7: error: ‘kBaseMapIndex’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
int kBaseMapIndex;
^
cc1plus: all warnings being treated as errors
make[1]: *** [/home/zxli/work/google-v8/v8/out/x87.release/obj.target/v8_base/src/code-stub-assembler.o] Error 1
This CL fixed this issue by initalizing kBaseMapIndex to 0.
BUG=
Review-Url: https://codereview.chromium.org/2423343002
Cr-Commit-Position: refs/heads/master@{#40390}
port 77419488a9 (r40377)
original commit message:
This slot is completely unused and always undefined anyways, so there's
no need to maintain the slot during object construction.
BUG=
Review-Url: https://codereview.chromium.org/2425183002
Cr-Commit-Position: refs/heads/master@{#40389}
The inlined version of Array.prototype.push returned the value that was
pushed instead of the new "length" property value.
R=jarin@chromium.org
BUG=chromium:656037
Review-Url: https://codereview.chromium.org/2425903002
Cr-Commit-Position: refs/heads/master@{#40384}
This CL adds two new fast-paths for RegExp.prototype.replace in the case
that the regexp itself is an unmodified JSRegExp instance and the
replace argument is callable. Such cases call directly into runtime.
This could be improved even further by turning the relevant runtime
functions into inline TurboFan.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2415663007
Cr-Commit-Position: refs/heads/master@{#40381}
In the process:
- Add ToString to the CodeStubAssembler and use it where appropriate
- Add constant-folding versions of IntPtrAdd/IntPtrSub to simplify code
in element offset computation, especially for strings.
BUG=chromium:608675
LOG=N
Review-Url: https://codereview.chromium.org/2407813002
Cr-Commit-Position: refs/heads/master@{#40379}
EffectPhis can cause a cycle in a TurboFan graph. We delay the
processing of EffectPhis in the Int64Lowering to break these cycles. We
do the same already for Phis.
R=titzer@chromium.org
BUG=v8:5518
TEST=unittests/Int64LoweringTest.EffectPhiLoop
Review-Url: https://codereview.chromium.org/2428583002
Cr-Commit-Position: refs/heads/master@{#40378}
This slot is completely unused and always undefined anyways, so there's
no need to maintain the slot during object construction.
R=yangguo@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2423323002
Cr-Commit-Position: refs/heads/master@{#40377}
Implements the variations of CreateArrayIterator() in TFJ builtins
(ArrayPrototypeValues, ArrayPrototypeEntries and ArrayPrototypeKeys), and
provides two new Object types with numerous maps which identify certain
behaviours, which will be useful for inlining.
Removes src/js/array-iterator.js entirely
Also adds support for printing Symbol literals inserted by the Parser during
desugaring when FLAG_print_builtin_ast is set to true.
BUG=v8:5388
R=bmeurer@chromium.org, cbruni@chromium.orgTBR=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2405253006
Cr-Commit-Position: refs/heads/master@{#40373}
Using a global proxy (e.g. 'window.f', 'w.f' or 'this.f') is considerably slower than evaluating just 'f'. This CL aims to perform the necessary checks at compile time and inline the accesses.
This is a follow-on CL to crrev.com/2369933005:
- The initial upload is crrev.com/2369933005 + a rebase.
- The remaining issues are the fixes requested by the reviewers on that CL.
BUG=chromium:634276, chromium:654716
Committed: https://crrev.com/8f43d748272536117008aa6a1b53ea52126261c1
Review-Url: https://codereview.chromium.org/2403003002
Cr-Original-Commit-Position: refs/heads/master@{#40153}
Cr-Commit-Position: refs/heads/master@{#40365}
This makes the character escaping in the graph visualizer less generic
but correct against the JSON spec. The spec has the following definition
for valid characters within a double quoted string:
char ::
any-Unicode-character-except-"-or-\-or-control-character
\"
\\
\/
\b
\f
\n
\r
\t
\u four-hex-digits
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2421313002
Cr-Commit-Position: refs/heads/master@{#40364}
We don't have an Isolate, so we cannot use it for retrieving data or
calling the embedder's OOM handler. So just crash.
BUG=5525
Review-Url: https://codereview.chromium.org/2427623002
Cr-Commit-Position: refs/heads/master@{#40363}
This adds more useful information to the v8-heap-stats tool.
BUG=v8:5489
Review-Url: https://codereview.chromium.org/2394213003
Cr-Commit-Position: refs/heads/master@{#40361}
Adds a boolean flag to the liveness analysis which makes it also analyze
the accumulator. This can help prevent the accumulator escaping loops,
as well as decreasing the number of distinct state values nodes in the
graph.
The flag is a kind of ugly way to hack this in, however it is probably
the simplest to add, and (more importantly) to remove once the AST graph
builder is gone.
I measure a 2.6% improvement on Mandreel on my x64 machine, and a ~2%
improvement on Navier-Stokes. Other improvements are expected.
Review-Url: https://codereview.chromium.org/2428503002
Cr-Commit-Position: refs/heads/master@{#40359}
Once the escape analysis ran, it'll be harder to eliminate a bunch of
checks (for example map checks, which would currently block escape
analysis, but that's about to be fixed). Also the escape analysis will
have a lot less stress after the load elimination, which takes care of
redundant loads and checks already.
R=mstarzinger@chromium.org
BUG=v8:5448
Review-Url: https://codereview.chromium.org/2427533002
Cr-Commit-Position: refs/heads/master@{#40351}
Use sparingly!
This doesn't add any really new functionality, other than making it more
convenient to do this.
This will primarily be used to wrap a WasmModule to be referenced from a
JSObject that represents an instance. There is one WasmModule C++ object
per parsed WasmModule, so this should not be more than a handful or a few
dozen in well-behaved programs.
R=rossberg@chromium.org,mlippautz@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2409173005
Cr-Commit-Position: refs/heads/master@{#40346}
Currently JSCreateLowering drops the type information for object
literals, when inlining the JSCreateLiteralArray/Object nodes,
which means we will not eliminate a couple of checks after the
lowering.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2423913002
Cr-Commit-Position: refs/heads/master@{#40344}
This makes optimization of all class constructors (i.e. both base and
derived) go through TurboFan. Note some class constructors containing
Harmony language features (e.g. super constructor calls or accesses to
the new.target value) were already going through TurboFan before.
R=bmeurer@chromium.org
BUG=v8:5458
Review-Url: https://codereview.chromium.org/2397723002
Cr-Commit-Position: refs/heads/master@{#40342}
When DevTools calls to JavaScript, it often ignores exceptions and just
fails since no value was returned.
The new --print-all-exceptions flag makes it easy to spot the location
and the reason for the thrown exception.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2417743004
Cr-Commit-Position: refs/heads/master@{#40340}
In order to optimize super constructor calls with ES6 classes, we need
some feedback for both the JSCallConstruct and the resulting JSCreate
nodes in TurboFan. Both already optimize perfectly when the see nodes
with JSFunction constants, so utilizing the existing CallIC machinery
here, enables us to optimize the super constructor calls right now w/o
a lot of effort.
Note that there are probably better ways to track this information,
for example we could do some tracking on the constructor functions;
this will however require serious changes in TurboFan and the runtime,
and would block progress on more important tasks.
R=mythria@chromium.org
BUG=v8:5517
Review-Url: https://codereview.chromium.org/2419423002
Cr-Commit-Position: refs/heads/master@{#40337}
There are a couple of operators that can indeed produce Float32
representation, which we might end up using in a TaggedSigned
context, so add the missing conversion (indirectly via Float64).
BUG=chromium:656275
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2421193002
Cr-Commit-Position: refs/heads/master@{#40334}
If the catch prediction machinery in the middle of some async op, we
shouldn't send invalid events to the debugger.
Instead of sending events with an undefined id, we don't send them at
all.
Review-Url: https://codereview.chromium.org/2417093003
Cr-Commit-Position: refs/heads/master@{#40327}
A test where the deserialization data has a header, but the
header is invalid. This is in addition to the current test
where we have empty deserialization data.
BUG=
Review-Url: https://codereview.chromium.org/2418483002
Cr-Commit-Position: refs/heads/master@{#40321}
This allows people writing code stubs to just verify the graph of the stub they're working on, at least until we fix all of the issues we have and enable the verification by default.
Also fixes representations in CodeStubAssembler::SmiOr and InterpreterAssembler::StarDispatchLookahead.
R=bmeurer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2413653006
Cr-Commit-Position: refs/heads/master@{#40320}
It doesn't need to have this logic.
ParseLazyFunctionLiteralBody is basically just ParseStatementList
+ log the function position. But PreParser doesn't need to have
the "which functions to log" logic, since logging the function is
always done exactly when Parser falls back to PreParser. (See
PreParseLazyFunction.)
So in the current state, PreParser would log several functions in
a SingletonLogger, and only the last one would take
effect (that's the one Parser also logs in SkipLazyFunctionBody).
Also updated test-parsing/Regress928 to produce the preparse data
the way we do now (i.e., not running the PreParser directly, but
running the Parser).
Error reporting: when PreParser finds an error, it doesn't need
to ReportUnexpectedToken in PreParseLazyFunction, since it
already has reported the error whenever it found it.
BUG=v8:5515
Review-Url: https://codereview.chromium.org/2421833002
Cr-Commit-Position: refs/heads/master@{#40315}
... to keep all the pieces in one place for easier modifications.
This CL also adds a new runtime call stats bucket: KeyedLoadIC_LoadElementDH.
BUG=
Review-Url: https://codereview.chromium.org/2412983008
Cr-Commit-Position: refs/heads/master@{#40314}
Let AdvanceStringIndex return the incremented index instead of the
increment, and adjust all use sites.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2415383002
Cr-Commit-Position: refs/heads/master@{#40310}
GetCapture can reuse the bool pointer argument of GenericCaptureGetter
instead of duplicating that logic with additional checks.
The check also incorrectly checks for undefined while
GenericCaptureGetter returns the empty string on failure.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2422563002
Cr-Commit-Position: refs/heads/master@{#40309}
Now that all accesses to the last match info are in C++ and TF code, we can
finally turn the last match info into a FixedArray. Similar to the ArrayList,
it uses its first field to store its length and grows dynamically in amortized
O(1) time.
Unlike previously, this means that the last match info pointer stored on the
context can actually change (in case the FixedArray needs to grow).
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2415103002
Cr-Commit-Position: refs/heads/master@{#40308}
Introduce CSA_ASSERT macro that outputs a message, file name and line number to
console before calling DebugBreak.
Review-Url: https://codereview.chromium.org/2419433008
Cr-Commit-Position: refs/heads/master@{#40307}
'RETURN_RESULT(isolate, call, type)' is equivalent to 'return call' in
all current use cases.
BUG=
Review-Url: https://codereview.chromium.org/2415993003
Cr-Commit-Position: refs/heads/master@{#40302}
Inspected context is created in V8InspectorImpl::contextCreated method and destroyed in V8InspectorImpl::contextDestroyed.
Both methods takes valid v8::Local<v8::Context> handle to the same context, it means that context is created before InspectedContext constructor and is always destroyed after InspectedContext destructor therefore context weak callback in inspected context should be never called.
It's possible only if inspector client doesn't call contextDestroyed which is considered an error.
Therefore CHECK(false) is added into context weak callback to be sure that v8::Context always survives inspected context.
BUG=chromium:652548
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2413583002
Cr-Commit-Position: refs/heads/master@{#40290}
It will allow timeline to show JS profile on code evaluated from console.
BUG=chromium:655430
Review-Url: https://codereview.chromium.org/2413943002
Cr-Commit-Position: refs/heads/master@{#40289}
Reason for revert:
As adamk@ pointed out, this is not correct. Some more changes required instead
Original issue's description:
> [turbofan] Enable super constructor inlining.
>
> When we inlined a [[Construct]] call to a subclass constructor, we can
> also inline the super constructor call (either explicit or implicit),
> since we have a concrete JSFunction constant for the subclass and we
> can thus constant-fold the %_GetSuperConstructor intrinsic. We don't
> need any guards here since the prototype of subclass constructors is
> non-writable, non-configurable in ES6.
>
> BUG=v8:5517
> R=jarin@chromium.org
>
> Committed: https://crrev.com/74158b00b3f6a1fc8676dd1f7af4d96131eb5ebe
> Cr-Commit-Position: refs/heads/master@{#40261}
TBR=jarin@chromium.org,adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5517
Review-Url: https://codereview.chromium.org/2413883003
Cr-Commit-Position: refs/heads/master@{#40285}
This CL also adds separate runtime call stats buckets for data handlers.
BUG=
Review-Url: https://codereview.chromium.org/2419513002
Cr-Commit-Position: refs/heads/master@{#40281}
Reason for revert:
Timeout on gc stress bot.
Original issue's description:
> [heap] Cancel tasks before tearing down the heap.
>
> BUG=chromium:654343
>
> Committed: https://crrev.com/9365463d6f1fc11b2369fff63ca0ac825c61eae4
> Cr-Commit-Position: refs/heads/master@{#40272}
TBR=mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:654343
Review-Url: https://codereview.chromium.org/2414073002
Cr-Commit-Position: refs/heads/master@{#40279}
This ports RegExpInitialize, IsRegExp, InternalMatch and InternalReplace to C++
/ TurboFan. InternalMatch is in TurboFan because it calls RegExpExecStub and
needs to construct a RegExpResult (which are, respectively, a PlatformStub and
a CodeStubAssembler function).
Except for LastMatchInfo (and GetSubstitution, which could be moved to string.js
anytime), regexp.js is now completely empty.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2409513003
Cr-Commit-Position: refs/heads/master@{#40277}
This is automatically taken into account in the Parser constructor already
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2409103005
Cr-Commit-Position: refs/heads/master@{#40275}
With --trace-ic flag, the function names and the source positions are
not shown for interpreted functions. Interpreted functions have an extra
frame built by bytecode handlers which has to be skipped to get the
interpreted function's frame. Also the code offsets are computed differently
for interpreted functions.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2405173007
Cr-Commit-Position: refs/heads/master@{#40274}
A decoder error sets builder_ to null, which causes builder_->StackCheck
to segfault.
R=titzer@chromium.org
TEST=mjsunit/regress/wasm/loop-stack-check
Review-Url: https://codereview.chromium.org/2416873002
Cr-Commit-Position: refs/heads/master@{#40271}
This CL fixes the debugger interface to provide correct (high-level)
information for asm.js frames.
It moves the computation of the source position from the FrameInspector
to the individual StackFrame implementations, such that we can easily
specualize it for certain frame types, and can potentially reuse this
in other locations.
Also, we are finalizing the setup of the wasm module earlier, before
executing the start function. This is required for correct stack traces
during the execution of the start function.
R=titzer@chromium.org, yangguo@chromium.org
BUG=v8:4203
Review-Url: https://codereview.chromium.org/2413693003
Cr-Commit-Position: refs/heads/master@{#40268}
AllocateAlignedMemory calls ReserveAlignedMemory which increments size_
value. In some cases AllocateAlignedMemory can return NULL value. Before
returning NULL, AllocateAlignedMemory should decrease size_ value.
TEST=cctest/test-spaces/LargeObjectSpace
BUG=
Review-Url: https://codereview.chromium.org/2418733002
Cr-Commit-Position: refs/heads/master@{#40262}
When we inlined a [[Construct]] call to a subclass constructor, we can
also inline the super constructor call (either explicit or implicit),
since we have a concrete JSFunction constant for the subclass and we
can thus constant-fold the %_GetSuperConstructor intrinsic. We don't
need any guards here since the prototype of subclass constructors is
non-writable, non-configurable in ES6.
BUG=v8:5517
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2409423006
Cr-Commit-Position: refs/heads/master@{#40261}
It belongs there more logically. In addition, this is a pre-step needed
for preparsing the parameters of a preparsed function.
In addition, move the "subtract rest parameter from arity" logic from
Parser to (Pre)?ParserFormalParameters.
BUG=v8:5515
Review-Url: https://codereview.chromium.org/2414003002
Cr-Commit-Position: refs/heads/master@{#40258}
Any context outer to what we're parsing already has proper context allocation, so we don't need to check those scopes.
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2417643003
Cr-Commit-Position: refs/heads/master@{#40256}
In a fuzzer testcase I found locally the ast-decoder spent a lot of time
in the decoding of kExprBrTable after the decoder already found an
error. I did not add a test because the fuzzer test case did not
actually crash. It only run out of memory in the chromium fuzzer.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2413863003
Cr-Commit-Position: refs/heads/master@{#40254}
This moves the implementation of @@replace from regexp.js to builtins-regexp.cc
(the TurboFan fast path) and runtime-regexp.cc (slow path). The fast path
handles all cases in which the regexp itself is an unmodified JSRegExp
instance, the given 'replace' argument is not callable and does not contain any
'$' characters (i.e. we are doing a string replacement).
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2398423002
Cr-Commit-Position: refs/heads/master@{#40253}
This fixes the code-path in RegExpExec in which both the passed exec
argument and regexp.exec are not callable and regexp is a JSRegExp.
In this case, we fall back to the default RegExp.prototype.exec
implementation. The arguments for Execution::call were incorrect.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2415073002
Cr-Commit-Position: refs/heads/master@{#40249}
I don't see a reason why we can't benefit from preparsing such functions. We don't necessarily compile them, so fully parsing them when unnecessary is just additional overhead.
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2413213002
Cr-Commit-Position: refs/heads/master@{#40248}
port c15c58274f (r40206)
original commit message:
This is the next step to unify the Call/Construct feedback collection
and prepare it to be able to collect SharedFunctionInfo feedback. This
also reduces the CallICStub overhead quite a bit since we only need one
stub per mode (and tail call mode), not also one per call arity.
BUG=
Review-Url: https://codereview.chromium.org/2409953005
Cr-Commit-Position: refs/heads/master@{#40244}
This incorporates recent feedback:
- simpler deserialization API by dropping the std::unique_ptr.
The only purpose there was communicating to the caller that they
own the buffer, and that the deserializer won't delete it. The new
design communicates that through a naming choice.
- renamed *UncompiledBytes to *WasmWireBytes
BUG=
Review-Url: https://codereview.chromium.org/2411263004
Cr-Commit-Position: refs/heads/master@{#40238}
The over allocated memory of fixed array type didn't equal to the sum of all
fixed array sub types previously, this patch adds over allocated memory of fixed
array sub types to fixed array type when we record fixed array sub type stats.
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2410083003
Cr-Commit-Position: refs/heads/master@{#40234}
By defining functions with namespace prefix, the compiler checks that
they were previously declared, and checks that the signature matches.
I stumbled across this several times when changing the interface of a
function in the header.
With this change you get a compile error right away instead of a linker
error in the very end.
This change also revealed two functions which could be placed in an
anonymous namespace, saving 5.5kB program size in Debug build, 2.3kB in
Optdebug and 0.3kB in Release. It's also opening more options for
compiler optimizations, as the functions now have internal linkage.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2415603002
Cr-Commit-Position: refs/heads/master@{#40233}
The state sampling was implemented in chrome, we had an interface for it
V8 but it was not implemented yet.
The chrome version version has been removed in
https://codereview.chromium.org/2406703002/
Therefore following up with its removal in V8 as well.
This CL can land independent of the Chromium related CL.
R=primiano@chromium.org,alph@chromium.org
Review-Url: https://codereview.chromium.org/2410523002
Cr-Commit-Position: refs/heads/master@{#40232}
This CL is in preparation for the upcoming port of
RegExp.prototype.replace, which will need use these methods in
runtime-regexp.cc. Moving them in advance makes that diff less noisy.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2398413002
Cr-Commit-Position: refs/heads/master@{#40229}
... because the latter automatically respects the desired calling convention.
BUG=v8:5408
Review-Url: https://codereview.chromium.org/2391043005
Cr-Commit-Position: refs/heads/master@{#40223}
Thus the parameter indices defined in respective CallInterfaceDescriptor can
be used for querying parameters.
BUG=
Review-Url: https://codereview.chromium.org/2389133007
Cr-Commit-Position: refs/heads/master@{#40222}
The race can happen if:
1) Fixed array A is right before object B in new space
2) A slot in object C located in old space points to object B (old to new remembered set entry is created)
3) Object C becomes unreachable which held the only reference to object B which also becomes unreachable
4) Fixed array A gets right trimmed
5) The sweeper will sweep the last word of object A and object B. It will write the free space map into the last word of object A and a size field in the first word of object B.
6) Pointer updating may observe the size field now because the recored slot points to the start of object B and will confuse it with a forwarding pointer.
Note a similar race may happen with left trimming. Array A points to its backing store, the backing store gets left trimmed by 1 element, and array A dies.
BUG=
Review-Url: https://codereview.chromium.org/2416563002
Cr-Commit-Position: refs/heads/master@{#40218}
This should restore the codeload regression when FLAG_lazy_inner_functions is turned off
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2412483005
Cr-Commit-Position: refs/heads/master@{#40217}
Because of the planned improvements of IC system it does not make sense to
keep the old platform version of the stub around.
Review-Url: https://codereview.chromium.org/2413653003
Cr-Commit-Position: refs/heads/master@{#40216}
If we're parsing a script or based on a SharedFunctionInfo marked as toplevel, we can implicitly set it. Only manually set in the background parsing task where we manually set up ParseInfo.
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2405263003
Cr-Commit-Position: refs/heads/master@{#40215}
This is allocating registers in the function for all inner contexts that can be active in that function, so that nested blocks always have O(1) access to all outer contexts. However, currently it's always walking into nested functions, overallocating the number of registers, causing additional register pressure.
BUG=v8:5484
Review-Url: https://codereview.chromium.org/2408303003
Cr-Commit-Position: refs/heads/master@{#40214}
This CL also introduces a NoBarrierAtomicValue with NoBarrier accessors.
BUG=chromium:648568
Review-Url: https://codereview.chromium.org/2408233004
Cr-Commit-Position: refs/heads/master@{#40213}
Because of the planned improvements of IC system it does not make sense to
keep the old platform version of the stub around.
Review-Url: https://codereview.chromium.org/2418513002
Cr-Commit-Position: refs/heads/master@{#40211}
WordIsSmi, by itself, is not that descriptive, as it just ands a word with the heap object tag. With this change, the MachineGraphVerifier can check that the input to TaggedIsSmi actually has a tagged representation.
This CL also introduces a few bitcast operators in the Smi* macros in the CodeStubAssembler.
R=bmeurer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2407303002
Cr-Commit-Position: refs/heads/master@{#40209}
The only way to get a minus zero result from subtraction is
(-0) - (+0) = -0, hence checking for minus zero on the RHS is
redundant. This is causing some unnecessary deoptimisations
in Box2D from Octane on 32-bit platforms.
BUG=
Review-Url: https://codereview.chromium.org/2410883003
Cr-Commit-Position: refs/heads/master@{#40207}
This is the next step to unify the Call/Construct feedback collection
and prepare it to be able to collect SharedFunctionInfo feedback. This
also reduces the CallICStub overhead quite a bit since we only need one
stub per mode (and tail call mode), not also one per call arity.
R=mvstanton@chromium.org
BUG=v8:2206
NOTRY=true
Review-Url: https://codereview.chromium.org/2412453005
Cr-Commit-Position: refs/heads/master@{#40206}
For the asm.js to WASM pipeline, the current stack traces only show
low-level WASM information.
This CL maps this back to asm.js source positions.
It does so by attaching the asm.js source Script to the compiled WASM
module, and emitting a delta-encoded table which maps from WASM byte
offsets to positions within that Script. As asm.js code does not throw
exceptions, we only store a mapping for call instructions.
The new AsmJsWasmStackFrame implementation inherits from
WasmStackFrame, but contains the logic to provide the source script and
the position inside of it.
What is still missing is the JSFunction object returned by
CallSite.getFunction(). We currently return null.
R=jgruber@chromium.org, titzer@chromium.org
BUG=v8:4203
Review-Url: https://codereview.chromium.org/2404253002
Cr-Commit-Position: refs/heads/master@{#40205}
If passing <nullptr, 0> to the decoder and trying to decode something,
it correctly detects the error and sets an error message, but still
returns true on ok(), and returns a valid result.
I triggered this error by passing a null Vector, returned by FindSection(), to
the decoder.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2410913002
Cr-Commit-Position: refs/heads/master@{#40204}
We accidently dropped the effect on the floor that we have for the
polymorphic map check in case of array elements access.
BUG=chromium:655004
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2411273002
Cr-Commit-Position: refs/heads/master@{#40201}
