This is towards closing the perf gap between the MSVC build (which uses link-
time optimization) and Clang (where LTO isn't ready on Windows yet). We did
a study (see bug) to see which non-inlined functions are hit a lot during render
start-up, and which would be inlined during LTO. This should benefit performance
in all builds which currently don't use LTO (Android, Linux, Mac) as well as
the Win/Clang build.
The binary size of chrome_child.dll increases by 2KB with this.
BUG=chromium:728324
Review-Url: https://codereview.chromium.org/2950993002
Cr-Commit-Position: refs/heads/master@{#46191}
This is a fix to https://codereview.chromium.org/2929853003 that got
reverted. The DCHECK checked to see that it was not in a background
thread. While this is a property we want for v8, it is also used
by blink, and blink violates this property.
Therefore, this CL removes the DCHECK for now.
BUG=v8:6361
Review-Url: https://codereview.chromium.org/2961443002
Cr-Commit-Position: refs/heads/master@{#46190}
Port 217012973c
Original Commit Message:
Add a new JSConstructWithArrayLike operator that is backed by the
ConstructWithArrayLike builtin (similar to what was done before
for the JSCallWithArrayLike operator), and use that operator to
optimize Reflect.construct inlining in TurboFan. This is handled
uniformly with JSConstructWithSpread in the JSCallReducer.
Also add missing test coverage for Reflect.construct in optimized
code, especially for some interesting corner cases.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4587,v8:5269
LOG=N
Change-Id: Idaf247317036ddec74b9aa3addd2e7d75b65bfaf
Reviewed-on: https://chromium-review.googlesource.com/546716
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#46189}
Port 767ce78871
Original Commit Message:
Add a new JSCallWithArrayLike operator that is backed by the
CallWithArrayLike builtin, and use that operator for both
Function.prototype.apply and Reflect.apply inlining. Also unify
the handling of JSCallWithArrayLike and JSCallWithSpread in
the JSCallReducer to reduce the copy&paste overhead.
Function.prototype.apply in optimized code, especially for some
corner cases, which was missing so far.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4587,v8:5269
LOG=N
Change-Id: I930845df7e87b8962588cc79f6069477865fa086
Reviewed-on: https://chromium-review.googlesource.com/546735
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#46188}
Port a971a64d1c
Original Commit Message:
We can remove a lot of native code and rely on CallOrConstructVarargs
to do the stack manipulation for us.
This will also take advantage of the fast-path for double arrays in
CallOrConstructDoubleVarargs.
We can also remove Runtime_SpreadIterableFixed because it isn't used
anymore. We just call directly into spread_iterable from CSA.
R=petermarshall@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Idad830c9aace4151db866c9f863158cd7525e881
Reviewed-on: https://chromium-review.googlesource.com/546575
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#46187}
Each frame within an optimized frame needs to be re-verified as being
subject to debugging. The specific crash from the linked bug was caused
by the fact that non-user JS frames don't necessarily have an associated
script. We'd ignore that and attempt to call
Script::GetPositionInfo() on the Undefined constant.
BUG=chromium:732408
Change-Id: Ib2982890529623d150092fa57e26fcb237fef59f
Reviewed-on: https://chromium-review.googlesource.com/545895
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46186}
When executing a script that does import("foo"), "foo" should be
relative to the script's directory, not relative to the current working
directory of the d8 process.
R=gsathya@chromium.org
Bug: v8:5785
Change-Id: Id6ceccb242905bd6b54b07038ece60b93d92e4a0
Reviewed-on: https://chromium-review.googlesource.com/546375
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46185}
In bits.h, instead of relying on C++ overloading for 32/64 bits integers
(which can be ambiguous when the input isn't the exact type typedef-ed
by uint64_t or uint32_t), use templates and std::enable_if to switch
between integers of different sizes.
This means that we can get rid of an awkward sizeof check in
bit-vector.cc, which was necessary to compile on Mac.
Change-Id: Id0eaf0f855cdbd2dc4d7bc1c481037fcd9b73953
Reviewed-on: https://chromium-review.googlesource.com/543480
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46184}
Move bytecode array writing logic into the array builder, allowing us to
remove the bytecode array writer and bytecode node, and convert runtime
operand writing to compile-time bytecode operand writing using the
information statically known at compile time.
Bug: v8:6474
Change-Id: I210cd9897fd41293745614e4a253c7c251dfffc9
Reviewed-on: https://chromium-review.googlesource.com/533055
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46183}
This prepares ground for switching mark-compactor to use
Worklist data-structure instead of the existing marking deque.
BUG=chromium:694255
Change-Id: I0ac4c563018a9619962fb4bf388b5f3cceffb86d
Reviewed-on: https://chromium-review.googlesource.com/544933
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46178}
The race happens when the layout descriptor is evacuated at the same
time as an object that has this layout descriptor is evacuated.
Change-Id: I0a5fc545cf359fdfe738d8b6359713f5ea170986
Reviewed-on: https://chromium-review.googlesource.com/544953
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46175}
This reverts commit 217d654c9b.
Reason for revert: Changes layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/16520
Original change's description:
> [parser] moved load property position after dot
>
> Currently LdaNamedProperty bytecode for expressions like a.b has position before dot. This CL moves this location after dot.
> It's important for later removing of Nop bytecodes in expressions like a.b() where a is local variable, property call and property load should have the same position.
>
> R=jgruber@chromium.org
>
> Bug: v8:6425
> Change-Id: I528c5007de52215beba80851ab04693ecec038e2
> Reviewed-on: https://chromium-review.googlesource.com/543047
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46163}
TBR=marja@chromium.org,kozyatinskiy@chromium.org,jgruber@chromium.org
Change-Id: I94543526f39f0a20452fbce1a7bc6744cac66621
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6425
Reviewed-on: https://chromium-review.googlesource.com/544993
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46171}
For correct error positions, the FunctionBody struct stored a {base}
pointer to the beginning of the wasm module bytes, in addition to the
{start} and {end} pointer of the function body within the module bytes.
For streaming compilation, we do not have all module bytes in a single
chunk of memory. Therefore this CL changes the FunctionBody such that it
does not store the base pointer but the offset of the function body
within the module. I did the same change already some time ago for the
{Decoder}.
R=clemensh@chromium.org, mtrofin@chromium.org
Change-Id: I5138fbe270d0f5166a7dcc5cb8f3fe78a298bff6
Reviewed-on: https://chromium-review.googlesource.com/544863
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46170}
This removes the --turbo flag and solely relies on the filter pattern
provided via --turbo-filter when deciding whether to use TurboFan. Note
that disabling optimization wholesale can still be done with --no-opt,
which should be used in favor of --no-turbo everywhere.
Also note that this contains semantic changes to the TurboFan activation
criteria. We respect the filter pattern more stringently and no longer
activate TurboFan just because the source contains patterns forcing use
of Ignition via {AstNumberingVisitor::DisableFullCodegenAndCrankshaft}.
R=rmcilroy@chromium.org
BUG=v8:6408
Change-Id: I0c855f6a62350eb62283a3431c8cc1baa750950e
Reviewed-on: https://chromium-review.googlesource.com/528121
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46167}
Factory::NewUninitializedFixedArray is unsafe for GC. If performance
allows, we should remove the function.
Change-Id: I3f80352797e9768b788c2996c3f29e823c067f74
Reviewed-on: https://chromium-review.googlesource.com/517794
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46166}
Async generator yield* is still desugared in the parser, to be moved to the BytecodeGenerator in a future CL.
Bug: v8:6472
Change-Id: I8b33e2f9e931949f7375540099cd8ec3a6b27cf1
Reviewed-on: https://chromium-review.googlesource.com/539335
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46165}
Currently LdaNamedProperty bytecode for expressions like a.b has position before dot. This CL moves this location after dot.
It's important for later removing of Nop bytecodes in expressions like a.b() where a is local variable, property call and property load should have the same position.
R=jgruber@chromium.org
Bug: v8:6425
Change-Id: I528c5007de52215beba80851ab04693ecec038e2
Reviewed-on: https://chromium-review.googlesource.com/543047
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46163}
Completely shares first-level visitation with the Scavenger.
Remove marking recursively on the way as we cannot reliable check for
stack overflow on background tasks.
Bug: chromium:651354
Change-Id: I6da1dc787cdfb4232ea4b6cb8e72e0f736cabf10
Reviewed-on: https://chromium-review.googlesource.com/544967
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46162}
This also adds libraries recursively under the obj dir.
Dropping v8_shell from globs since it's not included in the targets.
NOTRY=true
Bug: v8:5918
Change-Id: Ibfadb60dd7b347cf4a742f07e8b110c70e67cb06
Reviewed-on: https://chromium-review.googlesource.com/544308
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46161}
Remove PageParallelJob as it is completely replaced now. It served us
well.
Bug: chromium:651354
Change-Id: I620fa7bb0dcaf7cd3710492913c501bcb162c781
Reviewed-on: https://chromium-review.googlesource.com/544950
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46159}
This piggy-backs on top of existing precise and best-effort coverage to expose
block coverage through the inspector protocol.
Coverage collection now implicitly reports block-granularity coverage when
available. A new 'isBlockCoverage' property on Inspector's FunctionCoverage
type specifies the granularity of reported coverage.
For now, only count-based block coverage is supported, but binary block
coverage should follow soon.
Support is still gated behind the --block-coverage flag.
Bug: v8:6000
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I9c4d64e1d2a098e66178b3a68dcee800de0081af
Reviewed-on: https://chromium-review.googlesource.com/532975
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46157}
Object.create is most often called with a single parameter, the
prototype, and the properties are usually omitted. So optimizing
for the common case, we remove the argument adaption.
R=jgruber@chromium.org
BUG=v8:5989
Review-Url: https://codereview.chromium.org/2953913002
Cr-Commit-Position: refs/heads/master@{#46153}
`libStart` already has ALSR slide added to it. Do not add it twice.
https: //codereview.chromium.org/2696903002/
Review-Url: https://codereview.chromium.org/2928083004
Cr-Commit-Position: refs/heads/master@{#46152}
HistoryTimer's can't run in the background because they use a timer
with a simple api of Start() and Stop(). This CL fixes this problem
by building a base class TimedHistogram that doesn't have a timer.
The class HistoryTimer is modified to use this base class so that
uses that run on the foreground thread do not need to be modified.
It also adds a new class TimedHistogramScope that defines the timer
in this class. This allows the corresopnding TimedHistogram class to
be type safe.
BUG=v8:6361
Review-Url: https://codereview.chromium.org/2929853003
Cr-Commit-Position: refs/heads/master@{#46150}
Why I want to fix this: I got a CL to replace V8_NORETURN by
[[noreturn]], but clang-format formats this as
extern "C"[[noreturn]] PRINT_FORMAT...
(i.e. missing whitespace).
Also, this is the only extern "C" function in our code base, so if we
do not need to call it from C, we should just get rid of it.
R=jochen@chromium.org
BUG=v8:6474
Change-Id: I950bdc505822eb37a107c58e63c82a61907ba515
Reviewed-on: https://chromium-review.googlesource.com/539341
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46149}
https://chromium-review.googlesource.com/530193 accidentally disabled
the timer for compilation time of individual wasm functions. This CL
reenables this, and also gets rid of the ExecuteCompilationInternal
method by using base::Optional for conditionally initializing the
HistogramTimerScope.
R=mtrofin@chromium.orgCC=ahaas@chromium.org
Change-Id: I359f0622561b82aea4d4002b7ed79fde32f1b35e
Reviewed-on: https://chromium-review.googlesource.com/544135
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46147}
In most cases, I'm using ENTER_V8 which is due to the fact that the
respective methods might end up executing script, either because they
invoke some callback, or because they might trigger a proxy trap.
Also add microtask suppression scopes in the debugger to all the places
that need one according to tests.
BUG=v8:5830
R=marja@chromium.org,jgruber@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I24cc3de37fc0d8156acfe86b290568e5f8f662b4
Reviewed-on: https://chromium-review.googlesource.com/519262
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46146}
BytecodeList::New() returns a reference to the BytecodeLabel added to the list.
Since ZoneVector can resize, this reference could become invalid. Instead
move to a ZoneLinkedList so the references never move.
Since we were using zone vectors, the old references were still valid, and
they were only mutated to set is_bound_, so only DCHECKs should have been
affected.
Change-Id: I5da850af2596dcd7f56578a6e5badd332350cb5b
Reviewed-on: https://chromium-review.googlesource.com/544941
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46145}
This CL leverages and extends the deopt-to-stub mechanisms previously
introduced to support deopting from CSA-built builtins (e.g. Array.prototype.forEach).
BUG=v8:6373
LOG=N
Review-Url: https://codereview.chromium.org/2890363002
Cr-Commit-Position: refs/heads/master@{#46144}
