Sequences like:
1: Load[kRepWord32|kTypeInt32](<address>, ...)
2: Word32And(1, <constant>)
3: Word32Equal(2, <another constant>)
4: Store[(kRepWord32 : NoWriteBarrier)](<address>, <value>)
5: Branch[None](3, ...) -> B1, B2
where #1 and #4 refer to the same memory location, are problematic because in VisitBranch we assume that 'InstructionSelector::CanCover()' is transitive.
What happens is that CanCover(5, 3) is true (3 is a pure op), and so are CanCover(3, 2), CanCover(2, 1), but the effect level of 5 and 3 never gets checked because 3 is a pure op. Upon VisitBranch, we ended up materializing:
mov [address], <value>
test [address], <another constant>
With this patch, it becomes:
mov reg, [address]
mov [address], <value>
test reg, <another constant>
BUG=chromium:611976
Review-Url: https://codereview.chromium.org/2008493002
Cr-Commit-Position: refs/heads/master@{#36482}
This fixes the SharedFunctionInfo::num_literals field for global builtin
functions (e.g. {Object} and friends) to be accurate. The field was not
being updated by Runtime_SetCode. It also removes the dangerous and by
now obsolete JSFunction::NumberOfLiterals accessor.
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2007943002
Cr-Commit-Position: refs/heads/master@{#36480}
Moved functionality of Script.{lineCount, lineFromPosition, sourceLine,
locationFromLine, and sourceSlice} into runtime functions.
R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2003303002
Cr-Commit-Position: refs/heads/master@{#36469}
For cross-compiler-compatibility and standards compliance %p
requires a void*, rather than any pointer type.
BUG=chromium:474921
Review-Url: https://codereview.chromium.org/2001073002
Cr-Commit-Position: refs/heads/master@{#36466}
This moves setting the v8_target_arch default to the shared
v8.gni, so that it's available in build_overrides for
stand-alone mode.
BUG=chromium:605732, chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/2006213002
Cr-Commit-Position: refs/heads/master@{#36465}
There are bots on the chromium.lkgr waterfall that need to
be able to set v8_target_arch to "arm" while the rest of
the target build is "x86". This CL makes that argument
a declare_arg(), so that we can do that.
BUG=chromium:605732,chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/2007843002
Cr-Commit-Position: refs/heads/master@{#36464}
Reason for revert:
Revert it.
Original issue's description:
> [heap] Fine-grained JSArrayBuffer tracking
>
> Track based on JSArrayBuffer addresses instead of the attached backing store.
> This way we can later on iterate buffers on a single page. The reland also
> switches to a page-based implementation where a page contains the set of its
> contained (live and dead) buffers.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
> are processed by the sweeper concurrently.
>
> BUG=chromium:611688
> LOG=N
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/b2d8bfc7931eef49d527605ba485950dea41cde3
> Cr-Commit-Position: refs/heads/master@{#36437}
TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688
Review-Url: https://codereview.chromium.org/2006183003
Cr-Commit-Position: refs/heads/master@{#36461}
Reason for revert:
Need to revert JSArrayBuffer change. Please rebase and reland.
Original issue's description:
> [heap] Pass a force_promotion flag to the evacuation routine in the scavenger.
>
> The {force_promotion} flag causes the scavenger to move an object to the
> old generation instead of to the other semi-space. We use the flag to force
> the promotion of objects which are referenced by code objects.
>
> R=ulan@chromium.org
>
> Committed: https://crrev.com/f2a7ba6449406d0b11a245aa1f5b4981265b6f20
> Cr-Commit-Position: refs/heads/master@{#36443}
TBR=ulan@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2007563004
Cr-Commit-Position: refs/heads/master@{#36460}
Script position calculation logic (i.e. line & column numbers for a
given code position) is now based on a single method
Script::GetPositionInfo(). Refactored related code in isolate.cc and
js/messages.js to use the new method. The line_ends accessor is still
in use by chromium and thus cannot be removed yet.
R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2002993002
Cr-Commit-Position: refs/heads/master@{#36458}
port 767c34dfae (r36413)
original commit message:
Reason for revert:
Breaks a KCS demo:
BUG=chromium:611976
Original issue's description:
> [turbofan] Take the immediate size in account when narrowing ia32/x64 word comparison operators.
>
> Trying to re-land http://crrev.com/1948453002 after fixing assembler-x64.cc in http://crrev.com/1962563003.
>
> Before this patch, we would emit a cmp or test with a memory operand only if both of the operands in the IR were loads. Now if either of them is a load and the other one is an immediate, we can use
>
> Committed: https://crrev.com/2da70f853d7f680d491c37c72d5ef04a85497ba9
> Cr-Commit-Position: refs/heads/master@{#36136}
Review-Url: https://codereview.chromium.org/2003273002
Cr-Commit-Position: refs/heads/master@{#36456}
Previously, certain calls to DebugPushPromise and DebugPopPromise
happened always, without any check to see if we were in a debugging
environment. This patch adds a conditional check before making these
debug calls to make sure they aren't called when not needed.
Before the patch, running --prof over the bluebird benchmarks,
brings up these unprotected debug calls --
ticks cpp total name
16 6.7% 2.0% v8::internal::Runtime_DebugPushPromise(int, v8::internal::Object**, v8::internal::Isolate*)
7 2.9% 0.9% v8::internal::Runtime_DebugPopPromise(int, v8::internal::Object**, v8::internal::Isolate*)
This patch removes the above calls and provides a 4% improvement (with
a 2% variance over 10 runs) in the bluebird benchmark.
Review-Url: https://codereview.chromium.org/1985293002
Cr-Commit-Position: refs/heads/master@{#36451}
Instead of having two lists of harmony flags, one with i18n and
one without, use a bit more macro programming.
Review-Url: https://codereview.chromium.org/2001753003
Cr-Commit-Position: refs/heads/master@{#36450}
Changes to the Object prototype may cause getIgnitionDispatchCounters()
to fail when building the counters table object. Using DefineOwnProperty
instead of Set solves the issue by ignoring the prototype chain.
BUG=chromium:613567
LOG=N
Review-Url: https://codereview.chromium.org/2000203002
Cr-Commit-Position: refs/heads/master@{#36447}
Previously, split-edge blocks inserted into CodeStubAssembler schedules
inherited the "deferredness" of their predecessor block. This tended to inline
newly inserted blocks that preceeded deferred code inline with non-deferred
code. The stack frame elider sometimes inserted stack construction into these
blocks, code which was actually was only needed in the deferred case.
This CL marks inserted split edge blocks with the deferredness of their
successors, e.g. they are defererred if their predecessor is deferrred. This
moves stack building code that logically belongs to deferred code into the
deferred code area rather than inlining it in non-deferred code.
Review-Url: https://codereview.chromium.org/2003663002
Cr-Commit-Position: refs/heads/master@{#36446}
This flag has been on by default for a while, along with
FLAG_track_prototype_users which provides the prerequisite
infrastructure. We are now sure that this is the direction
we want to go in, so in order to simplify the code, this CL
drops the respective flag-off code paths.
Review-Url: https://codereview.chromium.org/1993913002
Cr-Commit-Position: refs/heads/master@{#36445}
The {force_promotion} flag causes the scavenger to move an object to the
old generation instead of to the other semi-space. We use the flag to force
the promotion of objects which are referenced by code objects.
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2002013002
Cr-Commit-Position: refs/heads/master@{#36443}
Instead of changing existing nodes in a very fragile (and in one case expensive)
way, just create new ones instead.
Also properly chain effects, which was not done quite right before.
BUG=v8:4907
Review-Url: https://codereview.chromium.org/1997373002
Cr-Commit-Position: refs/heads/master@{#36442}
Duplicate mjsunit/harmony/generators.js but explicitly require
--turbo-from-bytecode such that Clusterfuzz can thoroughly test the
new generators implementation.
BUG=v8:4907
Review-Url: https://codereview.chromium.org/2002983002
Cr-Commit-Position: refs/heads/master@{#36441}
This makes sure the deoptimizer can materialize sloppy arguments objects
with the FAST_SLOPPY_ARGUMENTS_ELEMENTS elements kind. TurboFan's escape
analysis treates those as normal JSObject types and hence materializes
them differently than Crankshaft does.
R=verwaest@chromium.org
TEST=mjsunit/regress/regress-crbug-613919
BUG=chromium:613919
Review-Url: https://codereview.chromium.org/2001133002
Cr-Commit-Position: refs/heads/master@{#36440}
The original peephole optimizer logic in the BytecodeArrayBuilder did
not respect source positions as it was written before there were
bytecode source positions. This led to some minor differences to
FCG and was problematic when combined with pending bytecode
optimizations. This change makes the new peephole optimizer fully
respect source positions.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1998203002
Cr-Commit-Position: refs/heads/master@{#36439}
Add a method to emit abort for code which should
not be reachable.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2002833005
Cr-Commit-Position: refs/heads/master@{#36438}
Track based on JSArrayBuffer addresses instead of the attached backing store.
This way we can later on iterate buffers on a single page. The reland also
switches to a page-based implementation where a page contains the set of its
contained (live and dead) buffers.
Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
are processed by the sweeper concurrently.
BUG=chromium:611688
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/1964023002
Cr-Commit-Position: refs/heads/master@{#36437}
This makes escape analysis skip analyzing the code entry field within
JSFunction objects. Said field is an untagged pointer field and hence
cannot be tracked by an ObjectState node.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-613494
BUG=chromium:613494
Review-Url: https://codereview.chromium.org/1997353002
Cr-Commit-Position: refs/heads/master@{#36436}