The asm-wasm-builder started allocating SharedFunctionInfos,
this makes it bad we'd passed Script by pointer (due to ignorance).
Switching to Handle<Script>.
R=clemensh@chromium.org,titzer@chromium.org
BUG=v8:5716
Review-Url: https://codereview.chromium.org/2552873003
Cr-Commit-Position: refs/heads/master@{#41529}
Make some methods on V8DebuggerScript virtual and provide the
implementations ActualScript for scripts which are backed by scripts on
V8's side, and WasmVirtualScript for wasm scripts.
The added test case ensures that we at least don't crash on the attempt
to get breakable locations for wasm "scripts", which we did previously.
Returning a reasonable result for wasm will be implemented in a
follow-up commit.
R=yangguo@chromium.org, jgruber@chromium.org
BUG=chromium:667767,chromium:613110
Review-Url: https://codereview.chromium.org/2532433003
Cr-Commit-Position: refs/heads/master@{#41527}
Passing kAllowLargeObjectAllocation now allocates in LOS if necessary.
Allow such allocations when growing fixed arrays in RegExp's @@match
and @@split operations.
BUG=chromium:670671
Review-Url: https://codereview.chromium.org/2555703003
Cr-Commit-Position: refs/heads/master@{#41526}
In switching to incremental parsing, we switched to pre-computing
line numbers for forward declarations. This is expensive,
because GetLineNumber reparses lines.
Also, switch typing maps to unordered_map (as they appear hot).
BUG=v8:4203
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2553033002
Cr-Commit-Position: refs/heads/master@{#41525}
come from the runtime.
This patch fixes an issue of heap growing to max capacity when incremental
marking is finished but cannot finalize due to GC stack guard not triggering.
It can happen if all allocations come from the runtime, for example,
from JSON parser or compiler.
Now before expanding the heap we check if we are above the allocation limit
and the incremental marking needs to be finalized. If so we do not expand
the heap and force GC, which will finalize the incremental marking.
The check is performed for paged spaces and large-object space.
BUG=chromium:670675
Review-Url: https://codereview.chromium.org/2552613004
Cr-Commit-Position: refs/heads/master@{#41524}
It turns out that showing a five-digit number of resources blocks the
UI for a few minutes, and it remains very laggy even after that.
This CL adds another component to the path of wasm scripts if the
module contains more than 300 functions. The additional component will
be the function index rounded down to the next multiple of 100.
Example URL before:
wasm://wasm/wasm-0284f1c6/wasm-0284f1c6-26337
Example URL after:
wasm://wasm/wasm-0284f1c6/26300/wasm-0284f1c6-26337
This avoids showing a five-digit number of entries in the resources view.
R=kozyatinskiy@chromium.org, titzer@chromium.org, yangguo@chromium.org
BUG=chromium:659715
Review-Url: https://codereview.chromium.org/2555433002
Cr-Commit-Position: refs/heads/master@{#41522}
This makes the context allocation less pessimistic in the following cases:
function outer() {
var a; // Won't be context allocated
function inner1() { var a; a; }
function inner2(a) { a; }
function inner3([a]) { a; }
function inner4({ a: b}) { a; }
}
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2407163003
Cr-Commit-Position: refs/heads/master@{#41521}
*and* report all "virtual" wasm scripts right when the wasm script is
registered at the inspector.
WasmScript is a subtype of Script, with the cast checking that it is
actually a wasm script.
This layout makes it quite easy to implement functionality that is only
available for wasm scripts, and allows to later directly use the
WasmCompiledModule instead of the i::Script for backing the
debug::WasmScript. We might also add virtual methods to
provide different implementations for GetSourcePosition, Source and
others.
DisassembleWasmFunction now also becomes a method of this class instead
of a static function on the DebugInterface.
The WasmTranslation now uses the new WasmScript type instead of the
Script wrapper, and also registers all virtual wasm scripts immediately
when the wasm script is made public to the inspector (when the wasm
module is created).
R=yangguo@chromium.org,dgozman@chromium.org,titzer@chromium.org
BUG=chromium:613110,chromium:659715
Review-Url: https://codereview.chromium.org/2531163010
Cr-Commit-Position: refs/heads/master@{#41519}
Equality with null/undefined is equivalent to a check on the undetectable bit
on the map of the object. This would be more efficient than performing the entire
comparison operation.
This cl introduces:
1. A new bytecode called TestUndetectable that checks if the object is null/undefined.
2. Updates peeophole optimizer to emit TestUndetectable when a LdaNull/Undefined
precedes equality check.
4. TestUndetectable is transformed to ObjectIsUndetectable operator when building
turbofan graph.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2547043002
Cr-Commit-Position: refs/heads/master@{#41514}
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/11861
See:
https://github.com/v8/v8/wiki/Blink-layout-tests
Original issue's description:
> Object
> -- New JSObject for promises: JSPromise
>
> Builtins
> -- PromiseThen TFJ
> -- PromiseCreateAndSet TFJ for internal use
> -- PerformPromiseThen TFJ for internal use
> -- PromiseInit for initial promise setup
> -- SpeciesConstructor for use in PromiseThen
> -- ThrowIfNotJSReceiver for use in SpeciesConstructor
> -- AppendPromiseCallback to update FixedArray with new callback
> -- InternalPerformPromiseThen
>
> Promises.js
> -- Cleanup unused symbols
> -- Remove PerformPromiseThen
> -- Remove PromiseThen
> -- Remove PromiseSet
> -- Remove PromiseAttachCallbacks
>
> Runtime
> -- PromiseSet to set promise inobject values
> -- Refactor functions to use FixedArrays for callbacks instead of
> JSArray
> -- Runtime_PromiseStatus to return promise status
> -- Runtime_PromiseResult to return promise result
> -- Runtime_PromiseDeferred to return deferred attached to promise
> -- Runtime_PromiseRejectReactions to return reject reactions attached
> to promise
>
> This CL results in a 13.07% improvement in the promises benchmark
> (over 5 runs).
>
> BUG=v8:5343
>
> Committed: https://crrev.com/30b564c76f490f8f6b311a74b25b26cf0a96be2d
> Cr-Commit-Position: refs/heads/master@{#41503}
TBR=bmeurer@chromium.org,jgruber@chromium.org,caitp@igalia.com,gsathya@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2554013002
Cr-Commit-Position: refs/heads/master@{#41512}
This allows us to forward declare Label and Variable classes without including the
code-assembler.h.
BUG=
Review-Url: https://codereview.chromium.org/2551163003
Cr-Commit-Position: refs/heads/master@{#41509}
Incooperate suggestion from adamk@ to only sent lexical variables to
I+TF that require explicit initialization, i.e. don't send named
function expressions to I+TF. This should recover most of the regression
now.
Also introduce a regression test for the original let issue.
BUG=chromium:670691,v8:5666
R=adamk@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2556663002
Cr-Commit-Position: refs/heads/master@{#41507}
Reason for revert:
The bot was not affected by the revert. Speculation was wrong.
Original issue's description:
> Revert of [typedarrays] remove invalid optimization in NAMEConstructor() (patchset #1 id:1 of https://codereview.chromium.org/2544503002/ )
>
> Reason for revert:
> Speculative revert for causing timeouts on Win Debug gpu fyi bot
>
> Nothing else looks even remotely relevant in the list of changes.
> Will reland if this doesn't fix the issues.
>
> BUG=670396
>
> Original issue's description:
> > [typedarrays] remove invalid optimization in NAMEConstructor()
> >
> > Before, we were treating objects with the builtin ArrayValues iterator
> > method as array-like, where the iterator would iterate through to the
> > full length of the object.
> >
> > This optimization was not sound, because it does not ensure that the
> > next method hasn't been modified. Even if it hasn't been modified,
> > it's entirely possible to be modified during iteration. Thus, this
> > optimization has been removed due to its observability.
> >
> > BUG=v8:5699
> > R=littledan@chromium.org, cbruni@chromium.org
> >
> > Committed: https://crrev.com/77df8c67d9609ada3b7d79e8e6d33f198bbad5a1
> > Cr-Commit-Position: refs/heads/master@{#41394}
>
> TBR=cbruni@chromium.org,littledan@chromium.org,caitp@igalia.com
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=v8:5699
>
> Committed: https://crrev.com/0ea4a542202d501c4e550474e89512532571f3a0
> Cr-Commit-Position: refs/heads/master@{#41461}
TBR=cbruni@chromium.org,littledan@chromium.org,caitp@igalia.com,enne@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=670396
Review-Url: https://codereview.chromium.org/2553873002
Cr-Commit-Position: refs/heads/master@{#41504}
-- New JSObject for promises: JSPromise
Builtins
-- PromiseThen TFJ
-- PromiseCreateAndSet TFJ for internal use
-- PerformPromiseThen TFJ for internal use
-- PromiseInit for initial promise setup
-- SpeciesConstructor for use in PromiseThen
-- ThrowIfNotJSReceiver for use in SpeciesConstructor
-- AppendPromiseCallback to update FixedArray with new callback
-- InternalPerformPromiseThen
Promises.js
-- Cleanup unused symbols
-- Remove PerformPromiseThen
-- Remove PromiseThen
-- Remove PromiseSet
-- Remove PromiseAttachCallbacks
Runtime
-- PromiseSet to set promise inobject values
-- Refactor functions to use FixedArrays for callbacks instead of
JSArray
-- Runtime_PromiseStatus to return promise status
-- Runtime_PromiseResult to return promise result
-- Runtime_PromiseDeferred to return deferred attached to promise
-- Runtime_PromiseRejectReactions to return reject reactions attached
to promise
This CL results in a 13.07% improvement in the promises benchmark
(over 5 runs).
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2536463002
Cr-Commit-Position: refs/heads/master@{#41503}
During bootstrapping when installing the global object we copy over the
properties from the snapshotted global object to the one created from a
provided template. Originally Genesis::TransferNamedProperties just iterated
over the entries, making the final order hash and thus platform dependent.
This CL fixes this by sorting the keys by enumeration index before copying them
to the destination object and thus making the key enumaration on the global
object platform independent.
Drive-by-fix: avoid crash when printing the global object during bootstrapping.
BUG=chromium:669029
Review-Url: https://codereview.chromium.org/2533223002
Cr-Commit-Position: refs/heads/master@{#41502}
This avoids the crash which ClusterFuzz found, but still does not
report the same position as without validate.asm.
For calls like "foo()|0", we report the position of the call instead of
the position of the "|" if ToNumber throws an error.
After this CL, the correctness-fuzzer for validate-asm will probably
find mismatches there.
R=titzer@chromium.org
BUG=chromium:670808
Review-Url: https://codereview.chromium.org/2548323002
Cr-Commit-Position: refs/heads/master@{#41500}
Reorders the jump bytecodes so that the majority of jump checks can be
implemented as range checks (rather than a list of comparisons that get
compiled to a bunch of jumps).
Review-Url: https://codereview.chromium.org/2537123002
Cr-Commit-Position: refs/heads/master@{#41498}
This moves all helper functions to the RegExpBuiltinsAssembler together
with some follow-up cleanups for:
* consistent function names,
* consistent parameter names and order,
* removal of global CVariable and CLabel typedefs.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2554453003
Cr-Commit-Position: refs/heads/master@{#41493}
Microbenchmarks show 25% improvement over C++, 11% improvement over JS
for the constructor. We don't have a microbenchmark covering the compile
method.
Locally, octane/regexp improved by 2%.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2551443002
Cr-Commit-Position: refs/heads/master@{#41490}
Calls that are potential eval calls are funneled through bytecode and
hence no longer use the {AstGraphBuilder} by now. Associated bailout
points can be removed.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2549113002
Cr-Commit-Position: refs/heads/master@{#41489}
This CL adds a new header src/debug/interface-types.h, moves the
definition of Location from the debug-interface.h to this new header,
and adds a new definition for the WasmDisassembly types.
This allows to use the types in other implementation files or headers
without having to include the entire debug-interface.h, reducing build
dependencies and compile time (especially for incremental builds).
The WasmDisassembly type replaces the old
std::pair<std::string, std::vector<std::tuple<...>>>, which was a bit
hard to unravel.
R=yangguo@chromium.org, kozyatinskiy@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2529383002
Cr-Commit-Position: refs/heads/master@{#41488}
This allows us to optimise the bytecode liveness analysis to jump
directly to previously seen indices. The analysis is optimised to store
a stack of loop ends (JumpLoop bytecode indices), and iterate through
these indices directly rather than looping through the bytecode array to
find them.
Review-Url: https://codereview.chromium.org/2536653003
Cr-Commit-Position: refs/heads/master@{#41485}
Don't unconditionally assume that Tagged->Word32 changes are always
truncating independent of the type of the input. Work-around the
remaining issues with for-in by properly renaming the index if it's
not already of appropriate type (happens with generators or OSR).
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2545393002
Cr-Commit-Position: refs/heads/master@{#41484}
1) CSA::Select() receives lambdas for generating true/false values.
The representation parameter made mandatory.
2) CSA::Select[Type]Constant() methods receive true/false nodes directly.
These methods are intended to be used for generating "selects" when
true/false values are already computed.
BUG=
Review-Url: https://codereview.chromium.org/2550683003
Cr-Commit-Position: refs/heads/master@{#41483}
The changes are:
1) Pass lambdas as const references to avoid unnecessary copying.
2) Remove CodeStubAssembler* parameter from loop bodies and let the lambdas
capture the right assembler instead. It makes the loop body code look
uniform with the surrounding code and unblocks splitting of a CSA
into different classes.
BUG=
Review-Url: https://codereview.chromium.org/2535753012
Cr-Commit-Position: refs/heads/master@{#41482}
This removes support for accessing super properties (load, store & call)
from the {FullCodeGenerator}. Consequently optimized code containing
such constructs must use the {BytecodeGraphBuilder} and can no longer
use the {AstGraphBuilder} for graph building.
R=bmeurer@chromium.org
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2544123004
Cr-Commit-Position: refs/heads/master@{#41478}
When enforcing Ignition+TurboFan for a function literal during
AstNumbering, make sure to print the bailout reason with --trace-opt
to make it easier to figure out what caused the bailout.
BUG=chromium:670691
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2550093002
Cr-Commit-Position: refs/heads/master@{#41472}
The current Array.prototype.sort implementation is pretty sensitive to
compiler changes, i.e. switching to I+TF completely, so refactor it a
bit so that it can stay with FCG+CS for now.
Middle-term the Array builtins need to be refactored to TurboFan
builtins anyways.
BUG=chromium:670691,v8:5666
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2553523002
Cr-Commit-Position: refs/heads/master@{#41471}
Add support to lower the %_DebugIsActive intrinsic during
JSIntrinsicLowering instead of always going to the runtime
for this.
This addresses part of the Bluebird regression caused by
sending let and const to TurboFan and Ignition.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2550043002
Cr-Commit-Position: refs/heads/master@{#41468}
In the current implementation, WasmInstanceWrapper is allocated after the imports for the instance are processed, and before the InstanceFinalizer callback is associated with the instance. This raises the possibility of triggering a gc in the middle of the instantiate flow which is incorrect.
BUG=5707
R=titzer@chromium.org, petermarshall@chromium.org
Review-Url: https://codereview.chromium.org/2544273002
Cr-Commit-Position: refs/heads/master@{#41464}
Several cleanups to the output of the debug-only --print-scopes flag:
- Function name variable only printed once
- Only print headers for sections of variables that are non-empty
- Assume Variables stored in Scope::variables_ are never null
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2544063004
Cr-Commit-Position: refs/heads/master@{#41463}
Reason for revert:
Speculative revert for causing timeouts on Win Debug gpu fyi bot
Nothing else looks even remotely relevant in the list of changes.
Will reland if this doesn't fix the issues.
BUG=670396
Original issue's description:
> [typedarrays] remove invalid optimization in NAMEConstructor()
>
> Before, we were treating objects with the builtin ArrayValues iterator
> method as array-like, where the iterator would iterate through to the
> full length of the object.
>
> This optimization was not sound, because it does not ensure that the
> next method hasn't been modified. Even if it hasn't been modified,
> it's entirely possible to be modified during iteration. Thus, this
> optimization has been removed due to its observability.
>
> BUG=v8:5699
> R=littledan@chromium.org, cbruni@chromium.org
>
> Committed: https://crrev.com/77df8c67d9609ada3b7d79e8e6d33f198bbad5a1
> Cr-Commit-Position: refs/heads/master@{#41394}
TBR=cbruni@chromium.org,littledan@chromium.org,caitp@igalia.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5699
Review-Url: https://codereview.chromium.org/2548583003
Cr-Commit-Position: refs/heads/master@{#41461}
Turbofan uses 64-bit load followed by 32 bit arithmetic shift when
loading higher 32 bits of 64-bit value. We simplify this
by loading higher 32 bits directly.
BUG=
Review-Url: https://codereview.chromium.org/2532333003
Cr-Commit-Position: refs/heads/master@{#41455}
This apparently gradually fell out of use after the more general
Token::IsIdentifer was introduced, and whoever left last forgot to
turn out the lights.
The only remaining use was in an assertion in DeclareLabel, but
meanwhile DeclareLabel is only called if IsIdentifier. I added re-formulated assertions, just in case.
R=verwaest@chromium.org
BUG=v8:4947
Review-Url: https://codereview.chromium.org/2549493002
Cr-Commit-Position: refs/heads/master@{#41452}
This enables {FLAG_debug_code} by default in debug builds. The advantage
is that generated code contained within the snapshot will contain such
debug code. Before we would only get coverage for these pieces with the
no-snapshot builds, which have a meager coverage. One can still pass the
inverse --no-debug-code flag to ensure generated code remains readable
within debug builds as well.
R=machenbach@chromium.org
Review-Url: https://codereview.chromium.org/2528913002
Cr-Commit-Position: refs/heads/master@{#41451}
Reason for revert:
My assumption that eval and top-level code should be handled differently was wrong
Original issue's description:
> Introduce a separate FunctionLiteral ID for Eval
>
> Top level SharedFunctionInfos will end up in a scripts SFI list, but
> eval'd SFIs shouldn't. Separate IDs will allow for adding a
> corresponding DCHECK.
>
> BUG=v8:5589
> R=marja@chromium.org
>
> Committed: https://crrev.com/c6d421ff9aee7f3cab9e48faac88f6b08d2f1cf5
> Cr-Commit-Position: refs/heads/master@{#41421}
TBR=marja@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5589
Review-Url: https://codereview.chromium.org/2544003003
Cr-Commit-Position: refs/heads/master@{#41448}
Tests were falling in qemu because of inexact computation in tests.
After correcting tests, simulator also had to be fixed.
Review-Url: https://codereview.chromium.org/2539133002
Cr-Commit-Position: refs/heads/master@{#41447}
Crankshaft has this highly unpredictable performance cliff around the
"Unsupported phi use of const or let variable", which is due to the
fact that Crankshaft refuses to do hole checks (for a couple of
reasons). So ideally we should not even try to send any lexically bound
variables to fullcodegen+Crankshaft, but instead give them to Ignition
and TurboFan.
This CL only adds the appropriate check to the AstNumbering, but doesn't
remove the functionality from fullcodegen/Crankshaft yet. This would be
step two in case this CL sticks. If you see any major performance
regressions with this CL in the range, just revert it and ping me.
See Node.js issue https://github.com/nodejs/node/issues/9729 for
additional information.
BUG=v8:5666
R=hablich@chromium.org, mstarzinger@chromium.org, rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2525243002
Cr-Commit-Position: refs/heads/master@{#41445}
- These operations are identical for Float32x4 and Int32x4.
- Make them generic, following the naming for generic Simd128 / S128
opcodes.
- F32x4/I32x4 -> S32x4, similarly to S128
- Float32x4/Int32x4 -> Simd32x4, similarly to Simd128.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2543773002
Cr-Commit-Position: refs/heads/master@{#41437}
1) CSA::StoreMap() added which triggers map-specific write barrier
unlike StoreObjectField() which triggers the full write barrier.
2) CSA::StoreMapNoWriteBarrier(object, map_root_index) added.
3) StoreMapNoWriteBarrier() is used for storing immortal immovable
maps since they don't require write barriers even for objects in
old space.
BUG=
Review-Url: https://codereview.chromium.org/2544793002
Cr-Commit-Position: refs/heads/master@{#41435}
This moves the location of the bytecode-offset translation that turns
offsets of back jumps into offsets of loop headers. This translation is
now done by the {BytecodeGraphBuilder} after loop analysis has been
performed. It safes one redudant iteration over the bytecode array. Note
that this changes the semantics of the BailoutId used as an {osr_ast_id}
throughout the compiler pipeline for OSR from Ignition.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2465913002
Cr-Commit-Position: refs/heads/master@{#41431}
The overload simply wraps creation of an IntPtrConstant and makes things more
readable.
Review-Url: https://codereview.chromium.org/2541843006
Cr-Commit-Position: refs/heads/master@{#41430}
Before, it was a method in wasm namespace, and received a
Handle<WasmCompiledModule>. As it does not allocate on the heap, we can
just make it a non-static method on WasmCompiledModule.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2536373007
Cr-Commit-Position: refs/heads/master@{#41429}
The loop for non-"static" properties is no longer needed in
full-codegen since all computed property
names in object literals go through Ignition first.
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2547433003
Cr-Commit-Position: refs/heads/master@{#41428}
Debugging API is still in use by Node.
Revert "[debug] remove deprecated debug command message queue."
This reverts commit abdbfc953d.
Revert "[debug] mark more unused debug API as deprecated."
This reverts commit d5ada19ce7.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2537313005
Cr-Commit-Position: refs/heads/master@{#41427}
... because only MachineRepresentation::kTagged makes sense there.
BUG=
Review-Url: https://codereview.chromium.org/2544713003
Cr-Commit-Position: refs/heads/master@{#41426}
Trampolines are generated when the value of pc_offset is greater than
next_buffer_check_ (attribute from Assembler class). This value
shouldn't be incremented in bind_to() method when internal reference
label is bound, because it is not decremented when the switch table is
generated (dd() method from Assemler class).
This patch fixes this problem. Regression test are also included for
mips and mips64 arch.
BUG=
Review-Url: https://codereview.chromium.org/2530143002
Cr-Commit-Position: refs/heads/master@{#41423}
The loop for non-"static" properties is no longer needed in
full-codegen since all computed property
names in object literals go through Ignition first.
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2546473006
Cr-Commit-Position: refs/heads/master@{#41422}
Top level SharedFunctionInfos will end up in a scripts SFI list, but
eval'd SFIs shouldn't. Separate IDs will allow for adding a
corresponding DCHECK.
BUG=v8:5589
R=marja@chromium.org
Review-Url: https://codereview.chromium.org/2533303006
Cr-Commit-Position: refs/heads/master@{#41421}
This fixes the existing workaround in {BytecodeGraphBuilder} where the
number of elements in an array literal is unknown just from the bytecode
alone and needs to be deduced from the constant elements.
Note that this is just a quick fix to prevent calling the fast-clone
stub for boilerplates that are too big to fit on a regular page. In the
long run we need something more solid here.
R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-crbug-669850
BUG=chromium:669850
Review-Url: https://codereview.chromium.org/2542633002
Cr-Commit-Position: refs/heads/master@{#41420}
Currently In LCodeGen::DoWrapReceiver(), the x87 jitted code's size for debug mode between label's define and bind
exceeds 128 bytes whether FLAG_deopt_every_n_times is set or not.
So always use Label:kFar as label distance in LCodeGen::DoWrapReceiver() for debug mode.
This CL also unify the label's distance value to avoid potential bugs caused by unconsistent distance value usage
for the same label when DeoptEveryNTimes() return true.
BUG=
Review-Url: https://codereview.chromium.org/2539403002
Cr-Commit-Position: refs/heads/master@{#41419}
We can skip RegExpResult construction on the fast path for several functions to
be more efficient.
BUG=v8:5330,v8:5674
Review-Url: https://codereview.chromium.org/2543483003
Cr-Commit-Position: refs/heads/master@{#41418}
Bonus: fixed a couple of places where 32-bit comparison was used.
BUG=
Review-Url: https://codereview.chromium.org/2543873003
Cr-Commit-Position: refs/heads/master@{#41417}
Unfortunately we have to split this up into two cases: those with exactly one spread argument as the final argument, and all others, due to any side-effects of evaluation being visible.
This is in preparation for a new bytecode which handles super calls.
BUG=v8:5659
Review-Url: https://codereview.chromium.org/2540593003
Cr-Commit-Position: refs/heads/master@{#41415}
This refactors portions of exec into a new function without RegExpResult
construction, which will be used in the future by test, @@match, and @@search
fast paths.
Unnecessary ToString and ToLength calls as well as repeated map checks were
removed.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2540153002
Cr-Commit-Position: refs/heads/master@{#41414}
This ensure that all inline allocations generated by {JSCreateLowering}
will fit into a regular heap page. Allocations targeting LO-space must
be done via a slower runtime call.
R=bmeurer@chromium.org
BUG=chromium:669850
Review-Url: https://codereview.chromium.org/2533353003
Cr-Commit-Position: refs/heads/master@{#41412}
The current CHECK/DCHECK implementation fails statically if a signed
value is compared against an unsigned value. The common solution is to
cast on each caller, which is tedious and error-prone (might hide bugs).
This CL implements signed vs. unsigned comparisons by executing up to
two comparisons. For example, if i is int32_t and u is uint_32_t, a
DCHECK_LE(i, u) would create the check
i <= 0 || static_cast<uint32_t>(i) <= u.
For checks against constants, at least one of the checks can be removed
by compiler optimizations.
The tradeoff we have to make is to sometimes silently execute an
additional comparison. And we increase code complexity of course, even
though the usage is just as easy (or even easier) as before.
The compile time impact seems to be minimal:
I ran 3 full compilations for Optdebug on my local machine, one time on
the current ToT, one time with this CL plus http://crrev.com/2524093002.
Before: 143.72 +- 1.21 seconds
Now: 144.18 +- 0.67 seconds
In order to check that the new comparisons are working, I refactored
some DCHECKs in wasm to use the new magic, and added unit test cases.
R=ishell@chromium.org, titzer@chromium.orgCC=ahaas@chromium.org, bmeurer@chromium.org
Committed: https://crrev.com/5925074a9dab5a8577766545b91b62f2c531d3dc
Review-Url: https://codereview.chromium.org/2526783002
Cr-Original-Commit-Position: refs/heads/master@{#41275}
Cr-Commit-Position: refs/heads/master@{#41411}
This shows around a 2.2x speedup compared to the old JS implementation (and
3.5x compared to CPP) for the fast path.
Adds ToUint32 to CodeStubAssembler.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2532403002
Cr-Commit-Position: refs/heads/master@{#41408}
This code is no longer used in full-codegen since all computed property
names in object literals go through Ignition first.
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2543643002
Cr-Commit-Position: refs/heads/master@{#41405}
Incremental parsing of asm.js means we can see function tables that
are unused in the AsmWasmBuilder before they've been initialized.
BUG=669899
R=aseemgarg@chromium.org
Review-Url: https://codereview.chromium.org/2546553002
Cr-Commit-Position: refs/heads/master@{#41403}
If we just call CreateDebugInfo in GetPossibleBreakpoints then we won't call PrepareFunctionForBreakPoints and won't be able to step into this function or pause at breakpoint inside.
BUG=v8:5695
R=dgozman@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2540943002
Cr-Commit-Position: refs/heads/master@{#41401}
This is necessary for signal-based out of bounds handling in WebAssembly.
Adds a ProtectedStore instruction that is analogous to the previously added
ProtectedLoad instruction. Rather than using bounds checks, ProtectedStore emits
an out of line section of code that throws a JavaScript exception and provides
the necessary metadata for a signal handler to be able to find the out of line
code.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2516413003
Cr-Commit-Position: refs/heads/master@{#41398}
The "writable" property descriptor may legally change during the call to
AnythingToArrayLength(). This change needs to be honoured before calling
JSArray::SetLength(). The change is only honoured when the "length"
property was previously writable, so that changes during a call to
DefineOwnPropertyIgnoreAttributes() is ignored.
BUG=v8:5688
R=cbruni@chromium.org, verwaest@chromium.org, jkummerow@chromium.org
Review-Url: https://codereview.chromium.org/2543553002
Cr-Commit-Position: refs/heads/master@{#41396}
Before, we were treating objects with the builtin ArrayValues iterator
method as array-like, where the iterator would iterate through to the
full length of the object.
This optimization was not sound, because it does not ensure that the
next method hasn't been modified. Even if it hasn't been modified,
it's entirely possible to be modified during iteration. Thus, this
optimization has been removed due to its observability.
BUG=v8:5699
R=littledan@chromium.org, cbruni@chromium.org
Review-Url: https://codereview.chromium.org/2544503002
Cr-Commit-Position: refs/heads/master@{#41394}
This was causing more confusion than benefit, so we're removing it.
It's re-defined to empty for now, to avoid touching the ~100 files which
use it, we can remove it completely during a quiet period when it's less
likely to conflict with other work.
Review-Url: https://codereview.chromium.org/2535383005
Cr-Commit-Position: refs/heads/master@{#41393}
JS operators always have an implicit context input, so just use that instead.
BUG=
Review-Url: https://codereview.chromium.org/2541813002
Cr-Commit-Position: refs/heads/master@{#41392}
This is an experiment to see the impact of the limit on OOM crashes.
BUG=chromium:667388
Review-Url: https://codereview.chromium.org/2514313004
Cr-Commit-Position: refs/heads/master@{#41391}
These byte pointers (module_start and module_end) were only valid
during decoding. During instantiation or execution, they can get
invalidated by garbage collection.
This CL removes them from the WasmModule struct, and introduces a new
ModuleStorage struct as interface to the wasm wire bytes.
Since the storage is often needed together with the ModuleEnv, a new
ModuleStorageEnv struct holds both a ModuleEnv and a ModuleStorage.
The pointers in the ModuleStorage should never escape the live range of
this struct, as they might point into a SeqOneByteString or ArrayBuffer.
Therefore, the WasmInterpreter needs to create its own copy of the
whole module.
Runtime functions that previously used the raw pointers in WasmModule
(leading to memory errors) now have to use the SeqOneByteString in the
WasmCompiledModule.
R=titzer@chromium.org
BUG=chromium:669518
Review-Url: https://codereview.chromium.org/2540133002
Cr-Commit-Position: refs/heads/master@{#41388}
JSFrameSpecialization depends on the layout of the frame and doesn't work
with interpreted frames. Disable it since it is only used for OSR from asmjs code, which shouldn't go through the bytecode graph builder in many cases.
BUG=669517
Review-Url: https://codereview.chromium.org/2538823002
Cr-Commit-Position: refs/heads/master@{#41387}
port df2578d2ec (r41368)
original commit message:
Improves performance in simple, single element case by 5% and in multiple
elements cases by 2%.
BUG=
Review-Url: https://codereview.chromium.org/2540803004
Cr-Commit-Position: refs/heads/master@{#41377}
This adds consistency checks for function kind and scope type to
SharedFunctionInfoVerify.
It also fixes an inconsistency in the creation of a ScopeInfo.
R=adamk@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2537093002
Cr-Commit-Position: refs/heads/master@{#41375}
When removing a scope (see FinalizeBlockScope), remember the removal by making
the scope its own sibling. This avoid recalculating the information later on.
R=adamk@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2536993003
Cr-Commit-Position: refs/heads/master@{#41374}
Make the AsmWasmBuilder drive the process of typing and potentially parsing
function bodies. This will allow us to keep only a single asm.js function's
AST in memory as we convert to WebAssembly.
This is needed to keep our memory footprint low.
Add some additional output to a few tests that's helpful to see which stage they fail at.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
LOG=N
R=marja@chromium.org,adamk@chromium.org,aseemgarg@chromium.org,titzer@chromium.org
Review-Url: https://codereview.chromium.org/2398023002
Cr-Commit-Position: refs/heads/master@{#41372}
Rename it to better represent the reason. Also makes the inspector sentence
"Not Optimized: Optimized too many times" look less confusing.
Review-Url: https://codereview.chromium.org/2530423003
Cr-Commit-Position: refs/heads/master@{#41369}
Improves performance in simple, single element case by 5% and in multiple
elements cases by 2%.
BUG=chromium:608675
LOG=N
Review-Url: https://codereview.chromium.org/2497243002
Cr-Commit-Position: refs/heads/master@{#41368}
Functions with asm-wasm data shouldn't be marked for optimization, since
they will be optimized using the asm-wasm data instead.
Review-Url: https://codereview.chromium.org/2537103002
Cr-Commit-Position: refs/heads/master@{#41367}
This removes support for dynamic scoping via with-statement constructs
from the {FullCodeGenerator}. Consequently optimized code containing
such constructs must use the {BytecodeGraphBuilder} and can no longer
use the {AstGraphBuilder} for graph building.
R=rmcilroy@chromium.org
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2533283002
Cr-Commit-Position: refs/heads/master@{#41365}
Since the majority of bytecodes have a next instruction, and we iterate
over the bytecodes backwards, we can keep the previous seen (i.e.
sequentially next) bytecode's liveness on a variable instead of looking
it up again.
Review-Url: https://codereview.chromium.org/2541463002
Cr-Commit-Position: refs/heads/master@{#41361}
The EscapeStatusAnalysis didn't know anything about the simplified
operator ConvertTaggedHoleToUndefined, thus leading to a crash. We
now just handled it by pretending that any allocation that goes into
such a node escapes.
BUG=chromium:669451
R=tebbi@chromium.org
Review-Url: https://codereview.chromium.org/2533263002
Cr-Commit-Position: refs/heads/master@{#41359}
This removes reservation of unused {BailoutId} numbers for all class
literals. These language constructs are by now solely funneled through
bytecode and specific ids for deoptimization are no longer needed.
R=rmcilroy@chromium.org
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2535223002
Cr-Commit-Position: refs/heads/master@{#41358}
This removes support for iterator loops (i.e. for-of loop constructs)
from the {FullCodeGenerator}. Consequently optimized code containing
such constructs must use the {BytecodeGraphBuilder} and can no longer
use the {AstGraphBuilder} for graph building.
R=bmeurer@chromium.org
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2534883004
Cr-Commit-Position: refs/heads/master@{#41357}
Adds a bytecode_age field to BytecodeArray objects. This is incremented each
time the bytecode array is marked by GC, and reset to zero if the bytecode
is executed.
This is used to enable the CompilationCache for interpreted functions,
where Interpreted entries are evicted once the bytecode becomes old.
BUG=chromium:666275,v8:4680
Review-Url: https://codereview.chromium.org/2534763003
Cr-Commit-Position: refs/heads/master@{#41356}
Replaces the graph-based liveness analyzer in the bytecode graph builder
with an initial bytecode-based liveness analysis pass, which is added to
the existing loop extent analysis.
Now the StateValues in the graph have their inputs initialised to
optimized_out, rather than being modified after the graph is built.
Review-Url: https://codereview.chromium.org/2523893003
Cr-Commit-Position: refs/heads/master@{#41355}
MarkingParity was used to avoid performing an operation on an object if it was
marked multiple times. We no longer mark things multiple times, so this concept
is no longer required.
BUG=chromium:666275
Review-Url: https://codereview.chromium.org/2529173002
Cr-Commit-Position: refs/heads/master@{#41354}
For bound functions on the right-hand side of instanceof we can
constant-fold to the actual [[BoundTargetFunction]], actually
instance OrdinaryHasInstance. Move the Function.prototype[@@hasInstance]
reduction up to the JSCallReducer to allow this optimization to become
effective (and also enable other optimizations).
BUG=v8:5267
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2537763002
Cr-Commit-Position: refs/heads/master@{#41352}
This ensures the deoptimization triggered due to materialization of
objects by the {TranslatedState} works in conjunction with OSR. The
optimized code used for OSR is not installed on the function, hence
needs to be specified explicitly when requesting deoptimization for
specific stack frames.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-668795
BUG=chromium:668795
Review-Url: https://codereview.chromium.org/2534143002
Cr-Commit-Position: refs/heads/master@{#41348}
Reason for revert:
Breaks the build:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/14886
Original issue's description:
> [ignition/turbo] Perform liveness analysis on the bytecodes
>
> Replaces the graph-based liveness analyzer in the bytecode graph builder
> with an initial bytecode-based liveness analysis pass, which is added to
> the existing loop extent analysis.
>
> Now the StateValues in the graph have their inputs initialised to
> optimized_out, rather than being modified after the graph is built.
>
> Committed: https://crrev.com/1852300954c216c29cf93444430681d213e87925
> Cr-Commit-Position: refs/heads/master@{#41344}
TBR=jarin@chromium.org,rmcilroy@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2541443002
Cr-Commit-Position: refs/heads/master@{#41346}
This introduces three new types OtherCallable, CallableProxy (and OtherProxy),
and BoundFunction to make it possible to express Callable in the Type system.
It also forces all undetectable receivers to be Callable, which matches the
use case for undetectable, namely document.all (guarded by proper checks and
tests).
It also uses these new types to properly optimize instanceof (indirectly via
OrdinaryHasInstance) based on the type of the constructor and the object. So
we are able to constant-fold certain instanceof expressions based on types
and completely avoid the builtin call.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2535753004
Cr-Commit-Position: refs/heads/master@{#41345}
Replaces the graph-based liveness analyzer in the bytecode graph builder
with an initial bytecode-based liveness analysis pass, which is added to
the existing loop extent analysis.
Now the StateValues in the graph have their inputs initialised to
optimized_out, rather than being modified after the graph is built.
Review-Url: https://codereview.chromium.org/2523893003
Cr-Commit-Position: refs/heads/master@{#41344}
FunctionTemplateInfo::SetPrototypeProviderTemplate adds support for sharing
prototypes between several function templates. This is used to properly set up
Image.prototype and HTMLImageElement.protoype which should be equal according
to the spec.
BUG=chromium:2969
Review-Url: https://codereview.chromium.org/2531653002
Cr-Commit-Position: refs/heads/master@{#41343}
The range-based exception handler table is by now only used for bytecode
arrays. The semantics of the interpreter are that bytecode offsets point
to the beginning of the currently executing bytecode instruction. Uses
hence need to compensate for lookups based on a "retrun address". This
change removes the need for such off-by-one compensations by changing
lookup semantics to be based on "current instruction" offsets.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2534893002
Cr-Commit-Position: refs/heads/master@{#41339}
Microbenchmarks show a 4x improvement on the fast path and 2.5x improvement on
the slow path when compared to the CPP builtin implementation.
Compared to the old JS implementation, the fast path is 20% faster and the slow
path 35% slower.
BUG=v8:5339,v8:5562
Review-Url: https://codereview.chromium.org/2527963002
Cr-Commit-Position: refs/heads/master@{#41338}
If the prototype's map is not marked as fast, it is made fast after
setup, breaking current RegExp fast path checks.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2537483002
Cr-Commit-Position: refs/heads/master@{#41336}
V8 internally uses conversions.h to convert number to string, we can use these methods too instead of slow std::stringstream with std::locale.
BUG=chromium:661497,v8:5551
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2534013002
Cr-Commit-Position: refs/heads/master@{#41334}
TypedArrays need specific checks before calling OrdinaryDefineOwnProperty.
BUG=v8:5328
Review-Url: https://codereview.chromium.org/2431223005
Cr-Commit-Position: refs/heads/master@{#41333}
Due to a typo in runtime-i18n.js, 'ç'(U+00E7) was not uppercased while
'÷'(U+00F7) was incorrectly uppercased to '×'(U+00D7).
Add a comprehensive test for Latin-1 supplemental block (U+00A0 ~ U+00FF).
(they're special-cased for speed-up and needs to have a test for the range.).
TEST=intl/general/case-mapping
BUG=v8:5681
Review-Url: https://codereview.chromium.org/2533033003
Cr-Commit-Position: refs/heads/master@{#41331}
Reason for revert:
Seems to regress speedometer on Ignition and doesn't cause any improvements elsewhere.
BUG=chromium:668651
Original issue's description:
> [turbofan] Utilize String comparison feedback.
>
> Make use of the previously introduced String feedback for compare
> operations in TurboFan.
>
> R=jarin@chromium.org
> BUG=v8:5267,v8:5400
>
> Committed: https://crrev.com/5d4253ecfb6ddcbbd7eb5654e728efa9559284a2
> Cr-Commit-Position: refs/heads/master@{#41163}
TBR=jarin@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5267,v8:5400
Review-Url: https://codereview.chromium.org/2531183003
Cr-Commit-Position: refs/heads/master@{#41324}
Removed a redundant check: If completion is not normal, then #iterator cannot be undefined.
Review-Url: https://codereview.chromium.org/2533803002
Cr-Commit-Position: refs/heads/master@{#41321}
This removes the supporting function to perform a range-lookup in the
exception handler table for unoptimized code. Such tables are by now
guaranteed to be empty, the deoptimizer cannot encounter this case.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2529343003
Cr-Commit-Position: refs/heads/master@{#41318}
Before, the encoded variant was stored in the compiled module, and the
decoded one in the debug info (per instance).
The decoded table was a FixedArray of ByteArrays.
Now, also the decoded table is a flat ByteArray, and it encodes whether
it is encoded or decoded. This saves memory and allows to store encoded
and decoded variant in the same field. The table is automatically
decoded on the first use.
This CL also removes some unused and unimplemented methods from
WasmDebugInfo (probably merge artifacts). That class is now pretty much
empty, but we might still need it for breakpoint support.
R=titzer@chromium.org, ahaas@chromium.org
Review-Url: https://codereview.chromium.org/2522953002
Cr-Commit-Position: refs/heads/master@{#41316}
All super constructor calls go through the ignition + turbofan pipeline, so this is dead code.
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2525233003
Cr-Commit-Position: refs/heads/master@{#41313}
They're supposed to be stable across several parse passes, so we'll also
store them in the associated SharedFunctionInfos
To achieve this, the PreParser and Parser need to generated the same number of
FunctionLiterals. To achieve this, we teach the PreParser about desuggaring of
class literals.
For regular functions, the function IDs are assigned in the order they occur in
the source. For arrow functions, however, we only know that it's an arrow function
after parsing the parameter list, and so the ID assigned to the arrow function is
larger than the IDs assigned to functions defined in the parameter list. This
implies that we have to reset the function ID counter to before the parameter list
when re-parsing an arrow function. To be able to do this, we store the number of
function literals found in the parameter list of arrow functions as well.
BUG=v8:5589
Review-Url: https://codereview.chromium.org/2481163002
Cr-Commit-Position: refs/heads/master@{#41309}
ThreadedList is more memory-efficient than ZoneList. This also enables
us to use ThreadedList when making Preparser track parameters (upcoming
work).
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2531593002
Cr-Commit-Position: refs/heads/master@{#41307}
The BytecodeGraphBuilder assumes that deoptimization is always enabled,
so always enable it when compiling from bytecode.
BUG=chromium:668654
Review-Url: https://codereview.chromium.org/2531683004
Cr-Commit-Position: refs/heads/master@{#41303}
A missing @@IsConcatSpreadable check caused the fast path inside the slow path
to be incorrect and follow the default concat strategy when the arguments
arrays contain only doubles.
BUG=chromium:668414
Review-Url: https://codereview.chromium.org/2527173002
Cr-Commit-Position: refs/heads/master@{#41301}
This code is no longer used by full-codegen since all functions which
use new.target, rest parameters or the internal this function binding
now grow through Ignition first, and never tier up to fullcodegen.
BUG=v8:5657
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2528293002
Cr-Commit-Position: refs/heads/master@{#41298}
For a couple of those Array builtins we can specify a useful type that
will help us to eliminate a couple of checks on their outputs.
R=yangguo@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2529233002
Cr-Commit-Position: refs/heads/master@{#41295}
Assign types to the remaining builtins on the String.prototype where we
know a meaningful type, i.e. where the type is not dependent on some
callable function that is pass or loaded.
BUG=v8:5267
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2532463002
Cr-Commit-Position: refs/heads/master@{#41294}
If code has AsmWasm data we shouldn't try to optimize the JS as well, since
it will instead be optimized using the WASM data.
BUG=
Review-Url: https://codereview.chromium.org/2534463003
Cr-Commit-Position: refs/heads/master@{#41293}
This code is no longer used in full-codegen or ast-graph-builder since all
functions which have class literals go through Ignition first.
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2534463002
Cr-Commit-Position: refs/heads/master@{#41282}
This removes lots of boilerplate typedefs, with the caveat of renaming
CSA::Label and Variable to CLabel and CVariable within builtins-regexp.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2524363002
Cr-Commit-Position: refs/heads/master@{#41281}
This removes support for try-catch as well as try-finally constructs
from the {FullCodeGenerator}. Consequently optimized code containing
such constructs must use the {BytecodeGraphBuilder} and can no longer
use the {AstGraphBuilder} for graph building.
R=jarin@chromium.org
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2521233002
Cr-Commit-Position: refs/heads/master@{#41279}
Reason for revert:
Seems to cause compile errors on Android. Will investigate on Monday.
Original issue's description:
> [base] Pass scalar arguments by value in CHECK/DCHECK
>
> This not only potentially improves performance, but also avoids weird
> linker errors, like the one below, where I used Smi::kMinValue in a
> DCHECK_EQ.
>
> > [421/649] LINK ./mksnapshot
> > FAILED: mksnapshot
> > src/base/logging.h|178| error: undefined reference to
> 'v8::internal::Smi::kMinValue'
>
> R=bmeurer@chromium.org, ishell@chromium.org
>
> Committed: https://crrev.com/76723502528c5af003fdffc3520632ea2a13fef3
> Cr-Commit-Position: refs/heads/master@{#41273}
TBR=bmeurer@chromium.org,ishell@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2527883004
Cr-Commit-Position: refs/heads/master@{#41278}
Reason for revert:
Need to revert previous CL because of Android compile error, and this one depends in it.
Original issue's description:
> [base] Define CHECK comparison for signed vs. unsigned
>
> The current CHECK/DCHECK implementation fails statically if a signed
> value is compared against an unsigned value. The common solution is to
> cast on each caller, which is tedious and error-prone (might hide bugs).
> This CL implements signed vs. unsigned comparisons by executing up to
> two comparisons. For example, if i is int32_t and u is uint_32_t, a
> DCHECK_LE(i, u) would create the check
> i <= 0 || static_cast<uint32_t>(i) <= u.
> For checks against constants, at least one of the checks can be removed
> by compiler optimizations.
>
> The tradeoff we have to make is to sometimes silently execute an
> additional comparison. And we increase code complexity of course, even
> though the usage is just as easy (or even easier) as before.
>
> The compile time impact seems to be minimal:
> I ran 3 full compilations for Optdebug on my local machine, one time on
> the current ToT, one time with this CL plus http://crrev.com/2524093002.
> Before: 143.72 +- 1.21 seconds
> Now: 144.18 +- 0.67 seconds
>
> In order to check that the new comparisons are working, I refactored
> some DCHECKs in wasm to use the new magic.
>
> R=bmeurer@chromium.org, titzer@chromium.org
>
> Committed: https://crrev.com/5925074a9dab5a8577766545b91b62f2c531d3dc
> Cr-Commit-Position: refs/heads/master@{#41275}
TBR=ishell@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2531533003
Cr-Commit-Position: refs/heads/master@{#41277}
This code is no longer used by full-codegen since all functions which use with statments,
call eval or have lookup variable access now go through Ignition first.
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2514393002
Cr-Commit-Position: refs/heads/master@{#41276}
The current CHECK/DCHECK implementation fails statically if a signed
value is compared against an unsigned value. The common solution is to
cast on each caller, which is tedious and error-prone (might hide bugs).
This CL implements signed vs. unsigned comparisons by executing up to
two comparisons. For example, if i is int32_t and u is uint_32_t, a
DCHECK_LE(i, u) would create the check
i <= 0 || static_cast<uint32_t>(i) <= u.
For checks against constants, at least one of the checks can be removed
by compiler optimizations.
The tradeoff we have to make is to sometimes silently execute an
additional comparison. And we increase code complexity of course, even
though the usage is just as easy (or even easier) as before.
The compile time impact seems to be minimal:
I ran 3 full compilations for Optdebug on my local machine, one time on
the current ToT, one time with this CL plus http://crrev.com/2524093002.
Before: 143.72 +- 1.21 seconds
Now: 144.18 +- 0.67 seconds
In order to check that the new comparisons are working, I refactored
some DCHECKs in wasm to use the new magic.
R=bmeurer@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2526783002
Cr-Commit-Position: refs/heads/master@{#41275}
If code is flushed on a SFI, we can still use the bytecode if it was compiled,
since this never gets flushed.
This fixes a DCHECK where we were trying to compile the bytecode multiple
times after the baseline code was flushed.
BUG=chromium:668133
Review-Url: https://codereview.chromium.org/2526243002
Cr-Commit-Position: refs/heads/master@{#41274}
This not only potentially improves performance, but also avoids weird
linker errors, like the one below, where I used Smi::kMinValue in a
DCHECK_EQ.
> [421/649] LINK ./mksnapshot
> FAILED: mksnapshot
> src/base/logging.h|178| error: undefined reference to
'v8::internal::Smi::kMinValue'
R=bmeurer@chromium.org, ishell@chromium.org
Review-Url: https://codereview.chromium.org/2524093002
Cr-Commit-Position: refs/heads/master@{#41273}
For dictionary-mode receivers, the KeyedStoreGeneric stub can store
properties directly in most cases. Doing so avoids the need to have
an entry in the stub cache for every map/property combination.
Original review: https://codereview.chromium.org/2504403005/
Review-Url: https://codereview.chromium.org/2528883003
Cr-Commit-Position: refs/heads/master@{#41272}
Make apply calls with double array arguments such as
Math.min.apply(Math, [1.1, 2.2]) 1.6x faster.
Drive-by-fix: pass in the isolate to ElementsAccessor::GetImpl.
BUG=v8:4826
Review-Url: https://codereview.chromium.org/2521043005
Cr-Commit-Position: refs/heads/master@{#41268}
This makes sure call-site rendering for certain {TypeError} messages is
based on the correct underlying {JSFunction}, even when inlined frames
are present. Only the {FrameSummary} knows the exact function.
R=verwaest@chromium.org
TEST=message/regress/regress-crbug-661579
BUG=chromium:661579
Review-Url: https://codereview.chromium.org/2521103005
Cr-Commit-Position: refs/heads/master@{#41264}
This has two parts:
- in redundancy elimination, if we see addition with left hand side that
was bounds-checked, we reconnect the lhs to the bounds check if it has better
type.
- in representation inference, eliminate overflow checks if the input types
guarantee no overflow.
Review-Url: https://codereview.chromium.org/2527083002
Cr-Commit-Position: refs/heads/master@{#41260}
In the ParseInfo constructor that takes a SharedFunctionInfo, we must
set the module flag when the function represents a module.
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2525013002
Cr-Commit-Position: refs/heads/master@{#41257}
The old algorithm produces unnecessary decimal digits. The new one
converts the significand of the input double into an uint64_t to be
just as precise as necessary.
R=tebbi@chromium.org
BUG=chromium:658712,chromium:666376
Review-Url: https://codereview.chromium.org/2520363002
Cr-Commit-Position: refs/heads/master@{#41255}
RuntimeTimerScopes always subtract their own time from the parent timer's
counter to properly account for the own time. Once a scope is destructed it
adds it own timer to the current active counter. However, if the current
counter is changed with CorrectCurrentCounterId we will attribute all the
subtimers to the previous counter, and add the own time to the new counter.
This way it is possible to end up with negative times in certain counters but
the overall would still be correct.
BUG=
Review-Url: https://codereview.chromium.org/2511093002
Cr-Commit-Position: refs/heads/master@{#41254}
Reason for revert:
Secondary dependency to revert https://codereview.chromium.org/2522393002/
Original issue's description:
> [cleanup] Refactor builtins-number.cc
>
> Introducing a TF_BUILTIN macro that wraps CodeStubAssembler usage
> into a convenient interface (using a subclass under the hood).
>
> Committed: https://crrev.com/cbf59c4c704e83a43b52c5ba6825df576fdaece8
> Cr-Commit-Position: refs/heads/master@{#41236}
TBR=ishell@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2529873002
Cr-Commit-Position: refs/heads/master@{#41252}
The deprecated pipeline is used for asm.js only, where we forcibly
disable inlining anyways (for performance reasons), so inlining via
the AstGraphBuilder is essentially dead code by now, thus there's no
point in trying to keep that around in the code base.
Also nuke the test-run-inlining.cc file, which would require some heavy
surgery (for probably little benefit), and move the useful tests for
mjsunit tests instead.
BUG=v8:2206,v8:5657
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2527053002
Cr-Commit-Position: refs/heads/master@{#41245}
This exposes scopes for suspended generator objects by adding a
[[Scopes]] internal property to generator objects, similar to how
scopes for functions currently not on the stack are handled.
BUG=chromium:667286
Review-Url: https://codereview.chromium.org/2516973003
Cr-Commit-Position: refs/heads/master@{#41244}
Also lower JSToBoolean(x) where x is either some detectable receiver or
null, or any kind of receiver, null or undefined. Also fix a couple of
minor issues with the JSToBoolean lowering and tests.
R=yangguo@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2530773002
Cr-Commit-Position: refs/heads/master@{#41241}
Recognize a couple of builtins on the RegExp.prototype in the Typer and
assign useful types to them, so we can optimize various checks on their
results.
R=yangguo@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2531463002
Cr-Commit-Position: refs/heads/master@{#41240}
This fixes a bug where the re-creation of phi nodes leads to divergence. The fix makes sure that once a node created a phi node, it sticks to it and does not forget about it, even if the inputs suddenly agree again. The bug appeared on the trybots in https://codereview.chromium.org/2512733003/.
Also I added a line to mark effect phi nodes on the queue. This is unrelated, but seems to be an obvious ommission.
R=bmeurer@chromium.org
BUG=v8:5633
Review-Url: https://codereview.chromium.org/2522253002
Cr-Commit-Position: refs/heads/master@{#41239}
Descriptions for (typed)arrays will use parenthesis instead of square brackets
"Array(10)" instead of "Array[10]". This CL also adds size hints to descriptions
of maps and sets.
Related CL for DevTools: https://codereview.chromium.org/2524913002/
BUG=405845
Review-Url: https://codereview.chromium.org/2521853003
Cr-Commit-Position: refs/heads/master@{#41237}
Introducing a TF_BUILTIN macro that wraps CodeStubAssembler usage
into a convenient interface (using a subclass under the hood).
Review-Url: https://codereview.chromium.org/2517833005
Cr-Commit-Position: refs/heads/master@{#41236}
Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
- Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
- Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
- MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
- Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
Committed: https://crrev.com/3c98e339599b068f1ed630afb7601ff942424d31
Review-Url: https://codereview.chromium.org/2471883003
Cr-Original-Original-Commit-Position: refs/heads/master@{#41121}
Cr-Original-Commit-Position: refs/heads/master@{#41198}
Cr-Commit-Position: refs/heads/master@{#41234}
Reason for revert:
The test is very flaky on the bots, e.g.:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/17031https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/14776
Original issue's description:
> [counters] RuntimeStats: fix wrong bookkeeping when dynamically changing counters
>
> RuntimeTimerScopes always subtract their own time from the parent timer's
> counter to properly account for the own time. Once a scope is destructed it
> adds it own timer to the current active counter. However, if the current
> counter is changed with CorrectCurrentCounterId we will attribute all the
> subtimers to the previous counter, and add the own time to the new counter.
> This way it is possible to end up with negative times in certain counters but
> the overall would still be correct.
>
> BUG=
>
> Committed: https://crrev.com/f6c74d964d9387df4bed3d8c1ded51eb9e8aa6e8
> Committed: https://crrev.com/491651792d7818aed04eaeffb9890b5a309b543e
> Cr-Original-Commit-Position: refs/heads/master@{#41142}
> Cr-Commit-Position: refs/heads/master@{#41214}
TBR=ishell@chromium.org,fmeawad@chromium.org,lpy@chromium.org,cbruni@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2526843002
Cr-Commit-Position: refs/heads/master@{#41229}
