If a deferred block has multiple predecessors, they have to be
all deferred. Otherwise, we can run into a situation where if a range
that spills only in deferred blocks inserts its spill in the block, and
other ranges need moves inserted by ResolveControlFlow in the predecessors,
the register of the range spilled in the deferred block may be clobbered.
To avoid that, when a deferred block has multiple predecessors, and some
are not deferred, we add a non-deferred block to collect all such edges.
This CL addresses the validator assertion failure the referenced issue, as well
as the greedy allocator failure - which was caused by the situation described
above.
BUG=v8:4940
LOG=n
Review URL: https://codereview.chromium.org/1912093005
Cr-Commit-Position: refs/heads/master@{#35742}
Need to use the kHashFieldSlot rather than kHashFieldOffset for
pointer-sized memory accesses.
(Fix for "[builtins] Migrate String.prototype.charCodeAt and String.prototype.charAt to TurboFan.")
R=bmeurer@chromium.org, epertoso@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1907393002
Cr-Commit-Position: refs/heads/master@{#35741}
Reason for revert:
Need to fix the #undef logic.
Original issue's description:
> Fix interpreter unittest for embedded constant pools.
>
> The offset from fp to the register file is based on the frame size
> -- which is one slot larger when embedded constant pools are enabled.
>
> TEST=unittests/DecodeBytecodeAndOperands
> R=rmcilroy@chromium.org, bmeurer@chromium.org, oth@chromium.org, mstarzinger@chromium.org
> BUG=
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,oth@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1909323003
Cr-Commit-Position: refs/heads/master@{#35736}
This also removes the destructor of the class in question, which removed
any added decorator from the graph. However the adding of the decorator
happens explicitly, so symmetry suggests that removal should also happen
explicitly instead of implicitly in the destructor.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1914473002
Cr-Commit-Position: refs/heads/master@{#35732}
Removes some control edges added from the RawMachineAssembler to the end of the graph.
Adds a parameter that tells the Verifier to ignore effect and control inputs.
Review URL: https://codereview.chromium.org/1912853003
Cr-Commit-Position: refs/heads/master@{#35731}
Refactor the Scope object to automatically enable strict mode when
initialized as a "module" scope, relieving the caller of this
responsibility.
BUG=v8:4941
LOG=N
R=adamk@chromium.org
Review URL: https://codereview.chromium.org/1906923002
Cr-Commit-Position: refs/heads/master@{#35730}
The approximate mode enables taking an approximate stack trace from GC,
where the top frames might be missing if inlined. Note that in that case,
the frame summary will refer to optimized code, so it will not be possible
to take source position. (The user of the summary will have to handle the
case frame_summary.abstract_code()->kind() == AbstractCode::OPTIMIZED_CODE
specially.)
Review URL: https://codereview.chromium.org/1907443002
Cr-Commit-Position: refs/heads/master@{#35728}
There's no point in running the SimplifiedOperatorReducer also during
the late optimization pass, as it will not do any useful work at that
point.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1909363002
Cr-Commit-Position: refs/heads/master@{#35727}
Reason for revert:
Appears to break Android crbug.com/604422
Original issue's description:
> [GN] Define USE_EABI_HARDFLOAT=1 when arm_float_abi=="hard".
>
> Add this define to the config used for mksnapshot. This fixes a bug
> where certain applications would fail at runtime on Chromecast.
>
> BUG=592660
> LOG=Y
> Bug: internal b/27495984
>
> Test: Formerly broken Cast apps load and run as expected.
>
> Committed: https://crrev.com/86357d5235ceba61c151f0b6e509bcb365860454
> Cr-Commit-Position: refs/heads/master@{#35183}
TBR=dpranke@chromium.org,alokp@chromium.org,titzer@chromium.org,slan@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=592660,604422
LOG=n
Review URL: https://codereview.chromium.org/1906373002
Cr-Commit-Position: refs/heads/master@{#35725}
This ensures the InterpreterEntryTrampoline heals code entry fields
inside closures when being called without a valid bytecode array. This
is preparatory work to allow removal of bytecode when switching some
functions to other types of code.
R=rmcilroy@chromium.org
BUG=v8:4280
LOG=n
Review URL: https://codereview.chromium.org/1904093002
Cr-Commit-Position: refs/heads/master@{#35724}
Get rid of further typing checks from ChangeLowering and put them into
the representation selection pass instead (encoding the information in
the operator instead).
Drive-by-change: Rename ChangeSmiToInt32 to ChangeTaggedSignedToInt32
for consistency about naming Tagged, TaggedSigned and TaggedPointer.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1909343002
Cr-Commit-Position: refs/heads/master@{#35723}
Currently we are using UnsafeCurrent in async signal handler to acquire the
isolate of VM thread, but we want to get rid of that since it prevents V8 from
being thread agnostic.
This patch replaces UnsafeCurrent with a static map, where we store a map of
samplers for threads, and makes it accessible by signal handler.
BUG=v8:4889
LOG=n
Review URL: https://codereview.chromium.org/1900473002
Cr-Commit-Position: refs/heads/master@{#35722}
Adds IncStub and DecStub TurboFan code stubs and hooks them up to the
interpreter's Inc and Dec bytecodes (which are used for count
operations, e.g. i++).
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1901083002
Cr-Commit-Position: refs/heads/master@{#35720}
Fixes a mistake made in r35618 for register OperandSize calculations.
BUG=605470
LOG=N
Review URL: https://codereview.chromium.org/1908033002
Cr-Commit-Position: refs/heads/master@{#35719}
The new bytecodes replace two runtime functions. They are still unsupported by the bytecode graphbuilder, though.
BUG=v8:4907
LOG=n
Review URL: https://codereview.chromium.org/1904933002
Cr-Commit-Position: refs/heads/master@{#35716}
This is a follow-up to 58429beb7b
"Fix KeyedStore stub selection for STRING_WRAPPER_ELEMENTS".
BUG=chromium:602184
LOG=n
Review URL: https://codereview.chromium.org/1912443004
Cr-Commit-Position: refs/heads/master@{#35715}
The feature was deprecated in M49 and flagged off in M50.
This patch removes it entirely from the codebase.
Review URL: https://codereview.chromium.org/1909433003
Cr-Commit-Position: refs/heads/master@{#35714}
If we have to convert a float64 value to tagged representation and we
already know that the value is either in Signed31/Signed32 or
Unsigned32 range, then we can just convert the float64 to word32 and
use the fast word32 to tagged conversion. Doing this in
ChangeLowering (or the effect linearization pass) would be unsound, as
the types on the nodes are no longer usable.
This removes all Type uses from effect linearization. There's still some
work to be done for ChangeLowering tho.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1908093002
Cr-Commit-Position: refs/heads/master@{#35713}
GetInstructionBlock shows up in some compile time-intensive profiles.
Changing it to a O(1) operation. The compile benchmark confirms the
improvement.
BUG=
Review URL: https://codereview.chromium.org/1896813003
Cr-Commit-Position: refs/heads/master@{#35711}
This patch introduces new scopes in the preparser, just like they
are introduced by the parser, in the following places:
- blocks
- try statement
- switch statement
- scoped statements, in several places
- for statement
- eager function bodies
R=rossberg@chromium.org
BUG=
LOG=N
Review URL: https://codereview.chromium.org/1906793002
Cr-Commit-Position: refs/heads/master@{#35708}
This way the first scheduler can properly wire them to the effect chain,
as otherwise the second scheduler could schedule them such that they
would be able to read uninitialized memory (once we drop the region
protection in the first scheduler).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1908963002
Cr-Commit-Position: refs/heads/master@{#35707}
Non-vectorized KeyedLoadICs used to remember whether they had seen Names
as keys; Crankshaft uses this information to avoid emitting elements
accesses which would always deopt. This CL restores that functionality
for vector ICs.
BUG=chromium:594183
LOG=y
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1912593002
Cr-Commit-Position: refs/heads/master@{#35706}
This removes the CompilationInfo argument from one of the logging
functions where it is unused. The long-term goal is to not pass around
the CompilationInfo at all. The assumption that the CompilationInfo is
available is incompatible with serialized code, where compilation has
happened during building time of V8 itself.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1901353003
Cr-Commit-Position: refs/heads/master@{#35705}
Fix for execution tests on simulator.
Port 3518e492c0
Original commit message:
Short external strings do not cache the resource data, and may be used
for compressible strings. The assumptions about their lengths is
invalid and may lead to oob reads.
BUG=
Review URL: https://codereview.chromium.org/1904033003
Cr-Commit-Position: refs/heads/master@{#35703}
The JavaScript pipeline now consists of the following steps:
1. Typed lowering.
2. Representation selection (actually SimplifiedLowering).
3. Early optimization pass (incl. JSGenericLowering).
4. Effect control linearization (not for asm.js).
5. Late optimization pass (incl. ChangeLowering).
6. Real scheduling.
We should further cleanup the passes and restrict type and
representation information usage to appropriate parts of the pipeline.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1907963002
Cr-Commit-Position: refs/heads/master@{#35702}
This operator doesn't generate any actual code, but teaches the register
allocator that a certain computed pointer value is tagged. This is
required to safely implement InnerAllocate (and we also use this for
Allocate to be sure that we don't suddenly leak a dangling pointer into
the heap somewhere).
R=epertoso@chromium.org
BUG=v8:4939
LOG=n
Review URL: https://codereview.chromium.org/1905813003
Cr-Commit-Position: refs/heads/master@{#35700}
Adds a Generate method to the stubs that can be used to embed the graph directly in the bytecode handlers.
Review URL: https://codereview.chromium.org/1902823002
Cr-Commit-Position: refs/heads/master@{#35696}
This check whether a function is being debugged is obsolete. For the
optimization path it is covered by a bailout further down. The lookup
within the optimized code map doesn't need to be covered, because that
map is guaranteed to stay empty while break slots are present.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1907923003
Cr-Commit-Position: refs/heads/master@{#35694}
