Up until now we were unable to (re)optimize code when we hit
uninitialized (Keyed)Load/StoreICs in the code. We always put an IC
there (sharing the feedback vector with fullcodegen at least) and called
it a day. But we never deoptimized the code object when we gathered more
feedback. This doesn't work very well in practice, esp. with hot code
relying on this. So until we have a proper mechanism to express the need
to reoptimize after we gathered additional feedback from optimized code,
we follow the Crankshaft approach instead and install a SOFT deopt, so
we can not only learn but also utilize the new feedback.
R=mstarzinger@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1518013002
Cr-Commit-Position: refs/heads/master@{#34178}
WASM compiler test will sometimes generate invalid instructions for
DINS/INS.
BUG=
Review URL: https://codereview.chromium.org/1709633004
Cr-Commit-Position: refs/heads/master@{#34175}
Most libraries use `JSON.stringify` with all three arguments [1] to allow for
configuration, even if `replacer` and `space` are falsey, causing the
optimized native stringifying to be missed. This commit allows for the common
case where `replacer` and `space` are not used to be fast.
[1]: https://github.com/hapijs/hapi/pull/3014
BUG=v8:4730
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1710933002
Cr-Commit-Position: refs/heads/master@{#34174}
This was changed to match Annex B.2.5.1 of ES2015 and Firefox in
https://chromium.googlesource.com/v8/v8/+/469d9bfa, but website
breakage was seen in M49 Beta. JSC still returns undefined here.
BUG=chromium:585775
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1714903004
Cr-Commit-Position: refs/heads/master@{#34172}
This was previously reverted due to breakage in devtools, but that has
been worked around in https://codereview.chromium.org/1666573002.
The feature has been publicly-announced as deprecated for several months,
and Chrome 49 will emit deprecation warnings in the console for
uses of the API. This CL aims to remove it from M50 (which is what the
message warns of).
BUG=chromium:552100
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1711863003
Cr-Commit-Position: refs/heads/master@{#34171}
Port ba2077aac3
Original commit message:
Move the already existing fast case for %NewObject into a dedicated
FastNewObjectStub that we can utilize in places where we would otherwise
fallback to %NewObject immediately, which is rather expensive.
Also use FastNewObjectStub as the generic implementation of JSCreate,
which should make constructor inlining based on SharedFunctionInfo (w/o
specializing to a concrete closure) viable soon.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1714123002
Cr-Commit-Position: refs/heads/master@{#34169}
This new callback is similar to CallCompletedCallback, but is executed before the call has been made.
Added Isolate* parameter to CallCompletedCallback, marking previous one as deprecated.
BUG=chromium:585949
LOG=Y
Review URL: https://codereview.chromium.org/1689863002
Cr-Commit-Position: refs/heads/master@{#34167}
Adds a profiling counter to each BytecodeArray object, and adds
code to Jump and Return bytecode handlers to update this
counter by the size of the jump or the distance from the return
to the start of the function. This is more accurate than fullcodegen's
approach since it takes forward jumps into account as well as back-edges.
Modifies RuntimeProfiler to track ticks for interpreted frames.
Currently we use the SharedFunctionInfo::profiler_ticks() instead
of adding another to tick field to avoid adding another field to
BytecodeArray since SharedFunctionInfo::profiler_ticks() is only
used by Crankshaft otherwise so we shouldn't need both for
BUG=v8:4689
LOG=N
Review URL: https://codereview.chromium.org/1707693003
Cr-Commit-Position: refs/heads/master@{#34166}
We cannot omit flag check with kPointersToHereAreInterestingMask for maps because incremental marker dynamically sets and clears the flag.
BUG=chromium:587004
LOG=NO
Review URL: https://codereview.chromium.org/1714513003
Cr-Commit-Position: refs/heads/master@{#34165}
--pool-type=int and double have now been merged into number.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1717633002
Cr-Commit-Position: refs/heads/master@{#34164}
of non-pattern expressions, according to the (internally circulated)
design document. Details to be provided here.
1. RewritableAssignmentExpression has been renamed to RewritableExpression.
It is a wrapper for AST nodes that wait for some potential rewriting
(that may or may not happen). Also, Is... and As... macros now see
through RewritableExpressions.
2. The function state keeps a list of rewritable expressions that must be
rewritten only if they are used as non-pattern expressions.
3. Expression classifiers are now templates, parameterized by parser
traits. They keep some additional state: a pointer to the list of
non-pattern rewritable expressions. It is important that expression
classifiers be used strictly in a stack fashion, from now on.
4. The RewriteNonPattern function has been simplified.
BUG=chromium:579913
LOG=N
Committed: https://crrev.com/7f5c864a6faf2b957b7273891e143b9bde35487c
Cr-Commit-Position: refs/heads/master@{#34154}
Review URL: https://codereview.chromium.org/1702063002
Cr-Commit-Position: refs/heads/master@{#34162}
FLAG_legacy_const and FLAG_harmony_do_expressions can now be toggled
both through the command line and through the option header.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1716793002
Cr-Commit-Position: refs/heads/master@{#34160}
Reason for revert:
[Sheriff] This makes jsfunfuzz unhappy:
https://build.chromium.org/p/client.v8/builders/V8%20Fuzzer/builds/7681
Original issue's description:
> This patch implements an alternative approach to the rewriting
> of non-pattern expressions, according to the (internally circulated)
> design document. Details to be provided here.
>
> 1. RewritableAssignmentExpression has been renamed to RewritableExpression.
> It is a wrapper for AST nodes that wait for some potential rewriting
> (that may or may not happen). Also, Is... and As... macros now see
> through RewritableExpressions.
>
> 2. The function state keeps a list of rewritable expressions that must be
> rewritten only if they are used as non-pattern expressions.
>
> 3. Expression classifiers are now templates, parameterized by parser
> traits. They keep some additional state: a pointer to the list of
> non-pattern rewritable expressions. It is important that expression
> classifiers be used strictly in a stack fashion, from now on.
>
> 4. The RewriteNonPattern function has been simplified.
>
> BUG=chromium:579913
> LOG=N
>
> Committed: https://crrev.com/7f5c864a6faf2b957b7273891e143b9bde35487c
> Cr-Commit-Position: refs/heads/master@{#34154}
TBR=rossberg@chromium.org,bmeurer@chromium.org,titzer@chromium.org,nikolaos@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:579913
Review URL: https://codereview.chromium.org/1712203002
Cr-Commit-Position: refs/heads/master@{#34158}
This CL introduces an import section that names functions to be imported
as well as a CallImport bytecode to call imports from this table.
R=binji@chromium.org,bradnelson@chromium.org
LOG=Y
BUG=chromium:575167
Review URL: https://codereview.chromium.org/1709653002
Cr-Commit-Position: refs/heads/master@{#34157}
Extract the logic to find out the best candidate out of the core of the
scheduler. It allows more flexibility and make it easy to change the
policy use to schedule the basic blocks.
This patch also provide a new algorithm to randomly schedule the code
in order to perform stress tests on the scheduler.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1714753004
Cr-Commit-Position: refs/heads/master@{#34156}
This experimentally implements taring/untaring the test data
for test262 on the v8-side before test isolation and when
running the tests.
It archives on demand only if the tar is outdated compared
to the contained files. This comes with a cost of ~1s extra
to run gyp on linux and ~6s extra on windows. Ninja is
lightning fast afterwards in detecting changes. Also, we
archive only when test_isolation_mode is set and when
the test262_run target is required.
The archiving itself costs ~30s on all platforms. But as the
files will change seldom this shouldn't have a big impact.
Extraction on the test runner side is below 2s on mac and
linux. The speedup is enormous. Around 5 minutes were spent
on download on swarming slaves before, which is now only
a few seconds. So total test time for release (no variants),
e.g. goes from 8 to 3 minutes.
BUG=chromium:535160
LOG=n
Review URL: https://codereview.chromium.org/1713993002
Cr-Commit-Position: refs/heads/master@{#34155}
of non-pattern expressions, according to the (internally circulated)
design document. Details to be provided here.
1. RewritableAssignmentExpression has been renamed to RewritableExpression.
It is a wrapper for AST nodes that wait for some potential rewriting
(that may or may not happen). Also, Is... and As... macros now see
through RewritableExpressions.
2. The function state keeps a list of rewritable expressions that must be
rewritten only if they are used as non-pattern expressions.
3. Expression classifiers are now templates, parameterized by parser
traits. They keep some additional state: a pointer to the list of
non-pattern rewritable expressions. It is important that expression
classifiers be used strictly in a stack fashion, from now on.
4. The RewriteNonPattern function has been simplified.
BUG=chromium:579913
LOG=N
Review URL: https://codereview.chromium.org/1702063002
Cr-Commit-Position: refs/heads/master@{#34154}
A few options and features have been added to the tool:
* an output file might be specified using --output=file.name
* a shortcut when the output file is also the input, which is handy
when fixing golden files, --rebaseline.
* the input snippet might be optionally not wrapped in a top function,
or not executed after compilation (--no-wrap and --no-execute).
* the name of the wrapper can be configured using --wrapper-name=foo
The same options can be configured via setters on the usual
BytecodeExpectationsPrinter.
The output file now includes all the relevant flags to reproduce it
when running again through the tool (usually with --rebaseline).
In particular, when running in --rebaseline mode, options from the
file header will override options specified in the command line.
A couple of other fixes and improvements:
* description of the handlers is now emitted (closing the TODO).
* the snippet is now correctly unquoted when double quotes are used.
* special registers (closure, context etc.) are now emitted as such,
instead of displaying their numeric value.
* the tool can now process top level code as well.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1698403002
Cr-Commit-Position: refs/heads/master@{#34152}
Reason for revert:
Tanks benchmarks (e.g., Octane box2d TF).
Original issue's description:
> [turbofan] Connect ObjectIsNumber to effect and control chains.
>
> In theory, we could connect the nodes when doing
> the schedule-in-the-middle pass, but that would require creating two
> versions of the operator (effectful and pure). I believe we do not
> lose anything by wiring the node up eagerly.
>
> Committed: https://crrev.com/2894e80a0a4a51a0d72e72aa48fcd01968f7949f
> Cr-Commit-Position: refs/heads/master@{#34141}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1718483002
Cr-Commit-Position: refs/heads/master@{#34147}
The DataView constructor calls into C++ anyway, and is easier to deal
with this way, especially since we don't have the half initialized
object floating through JavaScript.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1712163002
Cr-Commit-Position: refs/heads/master@{#34145}
This CL also enhances a "tail-call-megatest" which now tests product of the following cases:
1) tail caller is inlined/not-inlined
2) tail callee is inlined/not-inlined
3) tail caller has an arguments adaptor frame above or not
4) tail callee has an arguments adaptor frame above or not
5) tail callee is a sloppy/strict/possibly eval/bound/proxy function
6) tail calling via normal call/function.apply/function.call
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1711863002
Cr-Commit-Position: refs/heads/master@{#34143}
In theory, we could connect the nodes when doing
the schedule-in-the-middle pass, but that would require creating two
versions of the operator (effectful and pure). I believe we do not
lose anything by wiring the node up eagerly.
Review URL: https://codereview.chromium.org/1709093002
Cr-Commit-Position: refs/heads/master@{#34141}
Reason for revert:
Failure keeps lurking around after the revert. I'll reland, sorry for the inconvenience!
Original issue's description:
> Revert of Sampling heap profiler data structure changes (patchset #10 id:180001 of https://codereview.chromium.org/1697903002/ )
>
> Reason for revert:
> [Sheriff] Speculative revert for cpu profiler crashes on chromebooks:
> https://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20debug/builds/549
> https://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20debug/builds/550
>
> Original issue's description:
> > Sampling heap profiler data structure changes
> >
> > Previously, the sampling heap profiler stored a list of samples and then
> > built a tree representation when the profile was queried by calling
> > GetAllocationProfile. This change reduces duplication by removing stacks
> > from all samples. Also, less information is stored in the tree
> > maintained by the profiler and remaining information (script name, line
> > no, etc) is resolved when a profile is requested.
> >
> > BUG=
> >
> > Committed: https://crrev.com/cdd55e2a3717723492d76f66810bf56b8de7f198
> > Cr-Commit-Position: refs/heads/master@{#34119}
>
> TBR=ofrobots@google.com,ulan@chromium.org,hpayer@chromium.org,mattloring@google.com
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/4578e52aefb8c4727742ce2e254613e482fdad1f
> Cr-Commit-Position: refs/heads/master@{#34128}
TBR=ofrobots@google.com,ulan@chromium.org,hpayer@chromium.org,mattloring@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
Review URL: https://codereview.chromium.org/1714493003
Cr-Commit-Position: refs/heads/master@{#34140}
This reducer doesn't really add value, because:
(a) it is only concerned with JSCallFunction and JSToNumber, but when
we get to it, all JSCallFunction nodes will have been replaced by
Call nodes, and in the not so far future, we will also have
replaced almost all JSToNumber nodes with better code,
(b) and the reducer tries to be smart and use one of the outermost
contexts, but that might not be beneficial always; actually it
might even create longer live ranges and lead to more spilling
in some cases.
But most importantly, the JSContextRelaxation currently blocks inlining
based on SharedFunctionInfo, because it requires the inliner to check
the native context, which in turn requires JSFunction knowledge. So I'm
removing this reducer for now to unblock the more important inliner
changes.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1715633002
Cr-Commit-Position: refs/heads/master@{#34139}
No need to limit JSCreate inlining to JS_OBJECT_TYPE, since we can
handle everything that the FastNewObjectStub can deal with. Also we
don't need to restrict the number of inobject properties, as that is
already taken care of by the runtime anyways (limited by the initial
slack for the constructor).
And last but not least, we can of course inline allocations for
subclasses as long as the new.target is a JSFunction and it's initial
map's constructor points back to the target (same condition as for
the FastNewObjectStub fast case).
R=jarin@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1711883003
Cr-Commit-Position: refs/heads/master@{#34138}
Move the already existing fast case for %NewObject into a dedicated
FastNewObjectStub that we can utilize in places where we would otherwise
fallback to %NewObject immediately, which is rather expensive.
Also use FastNewObjectStub as the generic implementation of JSCreate,
which should make constructor inlining based on SharedFunctionInfo (w/o
specializing to a concrete closure) viable soon.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1708313002
Cr-Commit-Position: refs/heads/master@{#34136}
Ideally the JSInliner should not be concerned with JSFunction's at all,
but only look at the SharedFunctionInfo. This reduces the uses of the
concrete closure to two remaining cases, which we plan to fix soonish
too.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1714803002
Cr-Commit-Position: refs/heads/master@{#34135}
port 55071954bc (r34114)
original commit message:
Frame slots indexes numbers are used more consistently for
computation in both TurboFan and Crankshaft. Specifically,
Crankshaft now uses frame slot indexes in LChunk, removing
the need for some special-case maths when building the
deoptimization translation table.
BUG=
Review URL: https://codereview.chromium.org/1714763002
Cr-Commit-Position: refs/heads/master@{#34134}
Various syntactic forms now cause functions to have names where they
didn't before. Per the upcoming changes to the toString spec, only
a name that was literally part of a function's expression or declaration
is meant to be reflected in toString. This also happens to be the same
set of names that V8 currently outputs (without the --harmony-function-name
flag).
This required distinguishing anonymous FunctionExpressions from other sorts
of function definitions (like methods and getters/setters) in the AST, parser,
and at runtime.
The patch also takes the opportunity to remove one more argument (and enum)
from FunctionLiteral, as well as adding a special factory method for the
case of a FunctionLiteral representing toplevel or eval'd code.
BUG=v8:4760
LOG=n
Review URL: https://codereview.chromium.org/1712833002
Cr-Commit-Position: refs/heads/master@{#34132}
In ES2015, Date.prototype.toGMTString is simply an alias of
Date.prototype.toUTCString, so it has the same identity as a function and
doesn't have its own name. Firefox has already shipped this behavior.
Previously, we copied JSC behavior by making it a separate function.
This change makes an addition test262 test pass.
BUG=v8:4708
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1709373002
Cr-Commit-Position: refs/heads/master@{#34131}
Reason for revert:
See Domenic's comment on the V8 bug.
Original issue's description:
> Use displayName in Error.stack rendering if present.
>
> BUG=v8:4761
> LOG=y
>
> Committed: https://crrev.com/953874e974037e7e96ef282a7078760ccc905878
> Cr-Commit-Position: refs/heads/master@{#34105}
TBR=jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4761
Review URL: https://codereview.chromium.org/1713663002
Cr-Commit-Position: refs/heads/master@{#34129}
