Add support to lower the %_DebugIsActive intrinsic during
JSIntrinsicLowering instead of always going to the runtime
for this.
This addresses part of the Bluebird regression caused by
sending let and const to TurboFan and Ignition.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2550043002
Cr-Commit-Position: refs/heads/master@{#41468}
In the current implementation, WasmInstanceWrapper is allocated after the imports for the instance are processed, and before the InstanceFinalizer callback is associated with the instance. This raises the possibility of triggering a gc in the middle of the instantiate flow which is incorrect.
BUG=5707
R=titzer@chromium.org, petermarshall@chromium.org
Review-Url: https://codereview.chromium.org/2544273002
Cr-Commit-Position: refs/heads/master@{#41464}
Several cleanups to the output of the debug-only --print-scopes flag:
- Function name variable only printed once
- Only print headers for sections of variables that are non-empty
- Assume Variables stored in Scope::variables_ are never null
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2544063004
Cr-Commit-Position: refs/heads/master@{#41463}
Reason for revert:
Speculative revert for causing timeouts on Win Debug gpu fyi bot
Nothing else looks even remotely relevant in the list of changes.
Will reland if this doesn't fix the issues.
BUG=670396
Original issue's description:
> [typedarrays] remove invalid optimization in NAMEConstructor()
>
> Before, we were treating objects with the builtin ArrayValues iterator
> method as array-like, where the iterator would iterate through to the
> full length of the object.
>
> This optimization was not sound, because it does not ensure that the
> next method hasn't been modified. Even if it hasn't been modified,
> it's entirely possible to be modified during iteration. Thus, this
> optimization has been removed due to its observability.
>
> BUG=v8:5699
> R=littledan@chromium.org, cbruni@chromium.org
>
> Committed: https://crrev.com/77df8c67d9609ada3b7d79e8e6d33f198bbad5a1
> Cr-Commit-Position: refs/heads/master@{#41394}
TBR=cbruni@chromium.org,littledan@chromium.org,caitp@igalia.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5699
Review-Url: https://codereview.chromium.org/2548583003
Cr-Commit-Position: refs/heads/master@{#41461}
Turbofan uses 64-bit load followed by 32 bit arithmetic shift when
loading higher 32 bits of 64-bit value. We simplify this
by loading higher 32 bits directly.
BUG=
Review-Url: https://codereview.chromium.org/2532333003
Cr-Commit-Position: refs/heads/master@{#41455}
This apparently gradually fell out of use after the more general
Token::IsIdentifer was introduced, and whoever left last forgot to
turn out the lights.
The only remaining use was in an assertion in DeclareLabel, but
meanwhile DeclareLabel is only called if IsIdentifier. I added re-formulated assertions, just in case.
R=verwaest@chromium.org
BUG=v8:4947
Review-Url: https://codereview.chromium.org/2549493002
Cr-Commit-Position: refs/heads/master@{#41452}
This enables {FLAG_debug_code} by default in debug builds. The advantage
is that generated code contained within the snapshot will contain such
debug code. Before we would only get coverage for these pieces with the
no-snapshot builds, which have a meager coverage. One can still pass the
inverse --no-debug-code flag to ensure generated code remains readable
within debug builds as well.
R=machenbach@chromium.org
Review-Url: https://codereview.chromium.org/2528913002
Cr-Commit-Position: refs/heads/master@{#41451}
Reason for revert:
My assumption that eval and top-level code should be handled differently was wrong
Original issue's description:
> Introduce a separate FunctionLiteral ID for Eval
>
> Top level SharedFunctionInfos will end up in a scripts SFI list, but
> eval'd SFIs shouldn't. Separate IDs will allow for adding a
> corresponding DCHECK.
>
> BUG=v8:5589
> R=marja@chromium.org
>
> Committed: https://crrev.com/c6d421ff9aee7f3cab9e48faac88f6b08d2f1cf5
> Cr-Commit-Position: refs/heads/master@{#41421}
TBR=marja@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5589
Review-Url: https://codereview.chromium.org/2544003003
Cr-Commit-Position: refs/heads/master@{#41448}
Tests were falling in qemu because of inexact computation in tests.
After correcting tests, simulator also had to be fixed.
Review-Url: https://codereview.chromium.org/2539133002
Cr-Commit-Position: refs/heads/master@{#41447}
Crankshaft has this highly unpredictable performance cliff around the
"Unsupported phi use of const or let variable", which is due to the
fact that Crankshaft refuses to do hole checks (for a couple of
reasons). So ideally we should not even try to send any lexically bound
variables to fullcodegen+Crankshaft, but instead give them to Ignition
and TurboFan.
This CL only adds the appropriate check to the AstNumbering, but doesn't
remove the functionality from fullcodegen/Crankshaft yet. This would be
step two in case this CL sticks. If you see any major performance
regressions with this CL in the range, just revert it and ping me.
See Node.js issue https://github.com/nodejs/node/issues/9729 for
additional information.
BUG=v8:5666
R=hablich@chromium.org, mstarzinger@chromium.org, rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2525243002
Cr-Commit-Position: refs/heads/master@{#41445}
- These operations are identical for Float32x4 and Int32x4.
- Make them generic, following the naming for generic Simd128 / S128
opcodes.
- F32x4/I32x4 -> S32x4, similarly to S128
- Float32x4/Int32x4 -> Simd32x4, similarly to Simd128.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2543773002
Cr-Commit-Position: refs/heads/master@{#41437}
1) CSA::StoreMap() added which triggers map-specific write barrier
unlike StoreObjectField() which triggers the full write barrier.
2) CSA::StoreMapNoWriteBarrier(object, map_root_index) added.
3) StoreMapNoWriteBarrier() is used for storing immortal immovable
maps since they don't require write barriers even for objects in
old space.
BUG=
Review-Url: https://codereview.chromium.org/2544793002
Cr-Commit-Position: refs/heads/master@{#41435}
This moves the location of the bytecode-offset translation that turns
offsets of back jumps into offsets of loop headers. This translation is
now done by the {BytecodeGraphBuilder} after loop analysis has been
performed. It safes one redudant iteration over the bytecode array. Note
that this changes the semantics of the BailoutId used as an {osr_ast_id}
throughout the compiler pipeline for OSR from Ignition.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2465913002
Cr-Commit-Position: refs/heads/master@{#41431}
The overload simply wraps creation of an IntPtrConstant and makes things more
readable.
Review-Url: https://codereview.chromium.org/2541843006
Cr-Commit-Position: refs/heads/master@{#41430}
Before, it was a method in wasm namespace, and received a
Handle<WasmCompiledModule>. As it does not allocate on the heap, we can
just make it a non-static method on WasmCompiledModule.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2536373007
Cr-Commit-Position: refs/heads/master@{#41429}
The loop for non-"static" properties is no longer needed in
full-codegen since all computed property
names in object literals go through Ignition first.
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2547433003
Cr-Commit-Position: refs/heads/master@{#41428}
Debugging API is still in use by Node.
Revert "[debug] remove deprecated debug command message queue."
This reverts commit abdbfc953d.
Revert "[debug] mark more unused debug API as deprecated."
This reverts commit d5ada19ce7.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2537313005
Cr-Commit-Position: refs/heads/master@{#41427}
... because only MachineRepresentation::kTagged makes sense there.
BUG=
Review-Url: https://codereview.chromium.org/2544713003
Cr-Commit-Position: refs/heads/master@{#41426}
Trampolines are generated when the value of pc_offset is greater than
next_buffer_check_ (attribute from Assembler class). This value
shouldn't be incremented in bind_to() method when internal reference
label is bound, because it is not decremented when the switch table is
generated (dd() method from Assemler class).
This patch fixes this problem. Regression test are also included for
mips and mips64 arch.
BUG=
Review-Url: https://codereview.chromium.org/2530143002
Cr-Commit-Position: refs/heads/master@{#41423}
The loop for non-"static" properties is no longer needed in
full-codegen since all computed property
names in object literals go through Ignition first.
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2546473006
Cr-Commit-Position: refs/heads/master@{#41422}
Top level SharedFunctionInfos will end up in a scripts SFI list, but
eval'd SFIs shouldn't. Separate IDs will allow for adding a
corresponding DCHECK.
BUG=v8:5589
R=marja@chromium.org
Review-Url: https://codereview.chromium.org/2533303006
Cr-Commit-Position: refs/heads/master@{#41421}
This fixes the existing workaround in {BytecodeGraphBuilder} where the
number of elements in an array literal is unknown just from the bytecode
alone and needs to be deduced from the constant elements.
Note that this is just a quick fix to prevent calling the fast-clone
stub for boilerplates that are too big to fit on a regular page. In the
long run we need something more solid here.
R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-crbug-669850
BUG=chromium:669850
Review-Url: https://codereview.chromium.org/2542633002
Cr-Commit-Position: refs/heads/master@{#41420}
Currently In LCodeGen::DoWrapReceiver(), the x87 jitted code's size for debug mode between label's define and bind
exceeds 128 bytes whether FLAG_deopt_every_n_times is set or not.
So always use Label:kFar as label distance in LCodeGen::DoWrapReceiver() for debug mode.
This CL also unify the label's distance value to avoid potential bugs caused by unconsistent distance value usage
for the same label when DeoptEveryNTimes() return true.
BUG=
Review-Url: https://codereview.chromium.org/2539403002
Cr-Commit-Position: refs/heads/master@{#41419}
We can skip RegExpResult construction on the fast path for several functions to
be more efficient.
BUG=v8:5330,v8:5674
Review-Url: https://codereview.chromium.org/2543483003
Cr-Commit-Position: refs/heads/master@{#41418}
Bonus: fixed a couple of places where 32-bit comparison was used.
BUG=
Review-Url: https://codereview.chromium.org/2543873003
Cr-Commit-Position: refs/heads/master@{#41417}
Unfortunately we have to split this up into two cases: those with exactly one spread argument as the final argument, and all others, due to any side-effects of evaluation being visible.
This is in preparation for a new bytecode which handles super calls.
BUG=v8:5659
Review-Url: https://codereview.chromium.org/2540593003
Cr-Commit-Position: refs/heads/master@{#41415}
This refactors portions of exec into a new function without RegExpResult
construction, which will be used in the future by test, @@match, and @@search
fast paths.
Unnecessary ToString and ToLength calls as well as repeated map checks were
removed.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2540153002
Cr-Commit-Position: refs/heads/master@{#41414}
This ensure that all inline allocations generated by {JSCreateLowering}
will fit into a regular heap page. Allocations targeting LO-space must
be done via a slower runtime call.
R=bmeurer@chromium.org
BUG=chromium:669850
Review-Url: https://codereview.chromium.org/2533353003
Cr-Commit-Position: refs/heads/master@{#41412}
The current CHECK/DCHECK implementation fails statically if a signed
value is compared against an unsigned value. The common solution is to
cast on each caller, which is tedious and error-prone (might hide bugs).
This CL implements signed vs. unsigned comparisons by executing up to
two comparisons. For example, if i is int32_t and u is uint_32_t, a
DCHECK_LE(i, u) would create the check
i <= 0 || static_cast<uint32_t>(i) <= u.
For checks against constants, at least one of the checks can be removed
by compiler optimizations.
The tradeoff we have to make is to sometimes silently execute an
additional comparison. And we increase code complexity of course, even
though the usage is just as easy (or even easier) as before.
The compile time impact seems to be minimal:
I ran 3 full compilations for Optdebug on my local machine, one time on
the current ToT, one time with this CL plus http://crrev.com/2524093002.
Before: 143.72 +- 1.21 seconds
Now: 144.18 +- 0.67 seconds
In order to check that the new comparisons are working, I refactored
some DCHECKs in wasm to use the new magic, and added unit test cases.
R=ishell@chromium.org, titzer@chromium.orgCC=ahaas@chromium.org, bmeurer@chromium.org
Committed: https://crrev.com/5925074a9dab5a8577766545b91b62f2c531d3dc
Review-Url: https://codereview.chromium.org/2526783002
Cr-Original-Commit-Position: refs/heads/master@{#41275}
Cr-Commit-Position: refs/heads/master@{#41411}
This shows around a 2.2x speedup compared to the old JS implementation (and
3.5x compared to CPP) for the fast path.
Adds ToUint32 to CodeStubAssembler.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2532403002
Cr-Commit-Position: refs/heads/master@{#41408}
This code is no longer used in full-codegen since all computed property
names in object literals go through Ignition first.
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2543643002
Cr-Commit-Position: refs/heads/master@{#41405}
Incremental parsing of asm.js means we can see function tables that
are unused in the AsmWasmBuilder before they've been initialized.
BUG=669899
R=aseemgarg@chromium.org
Review-Url: https://codereview.chromium.org/2546553002
Cr-Commit-Position: refs/heads/master@{#41403}
If we just call CreateDebugInfo in GetPossibleBreakpoints then we won't call PrepareFunctionForBreakPoints and won't be able to step into this function or pause at breakpoint inside.
BUG=v8:5695
R=dgozman@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2540943002
Cr-Commit-Position: refs/heads/master@{#41401}
This is necessary for signal-based out of bounds handling in WebAssembly.
Adds a ProtectedStore instruction that is analogous to the previously added
ProtectedLoad instruction. Rather than using bounds checks, ProtectedStore emits
an out of line section of code that throws a JavaScript exception and provides
the necessary metadata for a signal handler to be able to find the out of line
code.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2516413003
Cr-Commit-Position: refs/heads/master@{#41398}
The "writable" property descriptor may legally change during the call to
AnythingToArrayLength(). This change needs to be honoured before calling
JSArray::SetLength(). The change is only honoured when the "length"
property was previously writable, so that changes during a call to
DefineOwnPropertyIgnoreAttributes() is ignored.
BUG=v8:5688
R=cbruni@chromium.org, verwaest@chromium.org, jkummerow@chromium.org
Review-Url: https://codereview.chromium.org/2543553002
Cr-Commit-Position: refs/heads/master@{#41396}
Before, we were treating objects with the builtin ArrayValues iterator
method as array-like, where the iterator would iterate through to the
full length of the object.
This optimization was not sound, because it does not ensure that the
next method hasn't been modified. Even if it hasn't been modified,
it's entirely possible to be modified during iteration. Thus, this
optimization has been removed due to its observability.
BUG=v8:5699
R=littledan@chromium.org, cbruni@chromium.org
Review-Url: https://codereview.chromium.org/2544503002
Cr-Commit-Position: refs/heads/master@{#41394}
This was causing more confusion than benefit, so we're removing it.
It's re-defined to empty for now, to avoid touching the ~100 files which
use it, we can remove it completely during a quiet period when it's less
likely to conflict with other work.
Review-Url: https://codereview.chromium.org/2535383005
Cr-Commit-Position: refs/heads/master@{#41393}
JS operators always have an implicit context input, so just use that instead.
BUG=
Review-Url: https://codereview.chromium.org/2541813002
Cr-Commit-Position: refs/heads/master@{#41392}
This is an experiment to see the impact of the limit on OOM crashes.
BUG=chromium:667388
Review-Url: https://codereview.chromium.org/2514313004
Cr-Commit-Position: refs/heads/master@{#41391}
These byte pointers (module_start and module_end) were only valid
during decoding. During instantiation or execution, they can get
invalidated by garbage collection.
This CL removes them from the WasmModule struct, and introduces a new
ModuleStorage struct as interface to the wasm wire bytes.
Since the storage is often needed together with the ModuleEnv, a new
ModuleStorageEnv struct holds both a ModuleEnv and a ModuleStorage.
The pointers in the ModuleStorage should never escape the live range of
this struct, as they might point into a SeqOneByteString or ArrayBuffer.
Therefore, the WasmInterpreter needs to create its own copy of the
whole module.
Runtime functions that previously used the raw pointers in WasmModule
(leading to memory errors) now have to use the SeqOneByteString in the
WasmCompiledModule.
R=titzer@chromium.org
BUG=chromium:669518
Review-Url: https://codereview.chromium.org/2540133002
Cr-Commit-Position: refs/heads/master@{#41388}
JSFrameSpecialization depends on the layout of the frame and doesn't work
with interpreted frames. Disable it since it is only used for OSR from asmjs code, which shouldn't go through the bytecode graph builder in many cases.
BUG=669517
Review-Url: https://codereview.chromium.org/2538823002
Cr-Commit-Position: refs/heads/master@{#41387}
port df2578d2ec (r41368)
original commit message:
Improves performance in simple, single element case by 5% and in multiple
elements cases by 2%.
BUG=
Review-Url: https://codereview.chromium.org/2540803004
Cr-Commit-Position: refs/heads/master@{#41377}
This adds consistency checks for function kind and scope type to
SharedFunctionInfoVerify.
It also fixes an inconsistency in the creation of a ScopeInfo.
R=adamk@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2537093002
Cr-Commit-Position: refs/heads/master@{#41375}
When removing a scope (see FinalizeBlockScope), remember the removal by making
the scope its own sibling. This avoid recalculating the information later on.
R=adamk@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2536993003
Cr-Commit-Position: refs/heads/master@{#41374}
Make the AsmWasmBuilder drive the process of typing and potentially parsing
function bodies. This will allow us to keep only a single asm.js function's
AST in memory as we convert to WebAssembly.
This is needed to keep our memory footprint low.
Add some additional output to a few tests that's helpful to see which stage they fail at.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
LOG=N
R=marja@chromium.org,adamk@chromium.org,aseemgarg@chromium.org,titzer@chromium.org
Review-Url: https://codereview.chromium.org/2398023002
Cr-Commit-Position: refs/heads/master@{#41372}
Rename it to better represent the reason. Also makes the inspector sentence
"Not Optimized: Optimized too many times" look less confusing.
Review-Url: https://codereview.chromium.org/2530423003
Cr-Commit-Position: refs/heads/master@{#41369}
Improves performance in simple, single element case by 5% and in multiple
elements cases by 2%.
BUG=chromium:608675
LOG=N
Review-Url: https://codereview.chromium.org/2497243002
Cr-Commit-Position: refs/heads/master@{#41368}
Functions with asm-wasm data shouldn't be marked for optimization, since
they will be optimized using the asm-wasm data instead.
Review-Url: https://codereview.chromium.org/2537103002
Cr-Commit-Position: refs/heads/master@{#41367}
This removes support for dynamic scoping via with-statement constructs
from the {FullCodeGenerator}. Consequently optimized code containing
such constructs must use the {BytecodeGraphBuilder} and can no longer
use the {AstGraphBuilder} for graph building.
R=rmcilroy@chromium.org
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2533283002
Cr-Commit-Position: refs/heads/master@{#41365}
Since the majority of bytecodes have a next instruction, and we iterate
over the bytecodes backwards, we can keep the previous seen (i.e.
sequentially next) bytecode's liveness on a variable instead of looking
it up again.
Review-Url: https://codereview.chromium.org/2541463002
Cr-Commit-Position: refs/heads/master@{#41361}
The EscapeStatusAnalysis didn't know anything about the simplified
operator ConvertTaggedHoleToUndefined, thus leading to a crash. We
now just handled it by pretending that any allocation that goes into
such a node escapes.
BUG=chromium:669451
R=tebbi@chromium.org
Review-Url: https://codereview.chromium.org/2533263002
Cr-Commit-Position: refs/heads/master@{#41359}
This removes reservation of unused {BailoutId} numbers for all class
literals. These language constructs are by now solely funneled through
bytecode and specific ids for deoptimization are no longer needed.
R=rmcilroy@chromium.org
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2535223002
Cr-Commit-Position: refs/heads/master@{#41358}
This removes support for iterator loops (i.e. for-of loop constructs)
from the {FullCodeGenerator}. Consequently optimized code containing
such constructs must use the {BytecodeGraphBuilder} and can no longer
use the {AstGraphBuilder} for graph building.
R=bmeurer@chromium.org
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2534883004
Cr-Commit-Position: refs/heads/master@{#41357}
Adds a bytecode_age field to BytecodeArray objects. This is incremented each
time the bytecode array is marked by GC, and reset to zero if the bytecode
is executed.
This is used to enable the CompilationCache for interpreted functions,
where Interpreted entries are evicted once the bytecode becomes old.
BUG=chromium:666275,v8:4680
Review-Url: https://codereview.chromium.org/2534763003
Cr-Commit-Position: refs/heads/master@{#41356}
Replaces the graph-based liveness analyzer in the bytecode graph builder
with an initial bytecode-based liveness analysis pass, which is added to
the existing loop extent analysis.
Now the StateValues in the graph have their inputs initialised to
optimized_out, rather than being modified after the graph is built.
Review-Url: https://codereview.chromium.org/2523893003
Cr-Commit-Position: refs/heads/master@{#41355}
MarkingParity was used to avoid performing an operation on an object if it was
marked multiple times. We no longer mark things multiple times, so this concept
is no longer required.
BUG=chromium:666275
Review-Url: https://codereview.chromium.org/2529173002
Cr-Commit-Position: refs/heads/master@{#41354}
For bound functions on the right-hand side of instanceof we can
constant-fold to the actual [[BoundTargetFunction]], actually
instance OrdinaryHasInstance. Move the Function.prototype[@@hasInstance]
reduction up to the JSCallReducer to allow this optimization to become
effective (and also enable other optimizations).
BUG=v8:5267
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2537763002
Cr-Commit-Position: refs/heads/master@{#41352}
This ensures the deoptimization triggered due to materialization of
objects by the {TranslatedState} works in conjunction with OSR. The
optimized code used for OSR is not installed on the function, hence
needs to be specified explicitly when requesting deoptimization for
specific stack frames.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-668795
BUG=chromium:668795
Review-Url: https://codereview.chromium.org/2534143002
Cr-Commit-Position: refs/heads/master@{#41348}
Reason for revert:
Breaks the build:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/14886
Original issue's description:
> [ignition/turbo] Perform liveness analysis on the bytecodes
>
> Replaces the graph-based liveness analyzer in the bytecode graph builder
> with an initial bytecode-based liveness analysis pass, which is added to
> the existing loop extent analysis.
>
> Now the StateValues in the graph have their inputs initialised to
> optimized_out, rather than being modified after the graph is built.
>
> Committed: https://crrev.com/1852300954c216c29cf93444430681d213e87925
> Cr-Commit-Position: refs/heads/master@{#41344}
TBR=jarin@chromium.org,rmcilroy@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2541443002
Cr-Commit-Position: refs/heads/master@{#41346}
This introduces three new types OtherCallable, CallableProxy (and OtherProxy),
and BoundFunction to make it possible to express Callable in the Type system.
It also forces all undetectable receivers to be Callable, which matches the
use case for undetectable, namely document.all (guarded by proper checks and
tests).
It also uses these new types to properly optimize instanceof (indirectly via
OrdinaryHasInstance) based on the type of the constructor and the object. So
we are able to constant-fold certain instanceof expressions based on types
and completely avoid the builtin call.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2535753004
Cr-Commit-Position: refs/heads/master@{#41345}
Replaces the graph-based liveness analyzer in the bytecode graph builder
with an initial bytecode-based liveness analysis pass, which is added to
the existing loop extent analysis.
Now the StateValues in the graph have their inputs initialised to
optimized_out, rather than being modified after the graph is built.
Review-Url: https://codereview.chromium.org/2523893003
Cr-Commit-Position: refs/heads/master@{#41344}
FunctionTemplateInfo::SetPrototypeProviderTemplate adds support for sharing
prototypes between several function templates. This is used to properly set up
Image.prototype and HTMLImageElement.protoype which should be equal according
to the spec.
BUG=chromium:2969
Review-Url: https://codereview.chromium.org/2531653002
Cr-Commit-Position: refs/heads/master@{#41343}
The range-based exception handler table is by now only used for bytecode
arrays. The semantics of the interpreter are that bytecode offsets point
to the beginning of the currently executing bytecode instruction. Uses
hence need to compensate for lookups based on a "retrun address". This
change removes the need for such off-by-one compensations by changing
lookup semantics to be based on "current instruction" offsets.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2534893002
Cr-Commit-Position: refs/heads/master@{#41339}
Microbenchmarks show a 4x improvement on the fast path and 2.5x improvement on
the slow path when compared to the CPP builtin implementation.
Compared to the old JS implementation, the fast path is 20% faster and the slow
path 35% slower.
BUG=v8:5339,v8:5562
Review-Url: https://codereview.chromium.org/2527963002
Cr-Commit-Position: refs/heads/master@{#41338}
If the prototype's map is not marked as fast, it is made fast after
setup, breaking current RegExp fast path checks.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2537483002
Cr-Commit-Position: refs/heads/master@{#41336}
V8 internally uses conversions.h to convert number to string, we can use these methods too instead of slow std::stringstream with std::locale.
BUG=chromium:661497,v8:5551
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2534013002
Cr-Commit-Position: refs/heads/master@{#41334}
TypedArrays need specific checks before calling OrdinaryDefineOwnProperty.
BUG=v8:5328
Review-Url: https://codereview.chromium.org/2431223005
Cr-Commit-Position: refs/heads/master@{#41333}
Due to a typo in runtime-i18n.js, 'ç'(U+00E7) was not uppercased while
'÷'(U+00F7) was incorrectly uppercased to '×'(U+00D7).
Add a comprehensive test for Latin-1 supplemental block (U+00A0 ~ U+00FF).
(they're special-cased for speed-up and needs to have a test for the range.).
TEST=intl/general/case-mapping
BUG=v8:5681
Review-Url: https://codereview.chromium.org/2533033003
Cr-Commit-Position: refs/heads/master@{#41331}
Reason for revert:
Seems to regress speedometer on Ignition and doesn't cause any improvements elsewhere.
BUG=chromium:668651
Original issue's description:
> [turbofan] Utilize String comparison feedback.
>
> Make use of the previously introduced String feedback for compare
> operations in TurboFan.
>
> R=jarin@chromium.org
> BUG=v8:5267,v8:5400
>
> Committed: https://crrev.com/5d4253ecfb6ddcbbd7eb5654e728efa9559284a2
> Cr-Commit-Position: refs/heads/master@{#41163}
TBR=jarin@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5267,v8:5400
Review-Url: https://codereview.chromium.org/2531183003
Cr-Commit-Position: refs/heads/master@{#41324}
Removed a redundant check: If completion is not normal, then #iterator cannot be undefined.
Review-Url: https://codereview.chromium.org/2533803002
Cr-Commit-Position: refs/heads/master@{#41321}
This removes the supporting function to perform a range-lookup in the
exception handler table for unoptimized code. Such tables are by now
guaranteed to be empty, the deoptimizer cannot encounter this case.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2529343003
Cr-Commit-Position: refs/heads/master@{#41318}
Before, the encoded variant was stored in the compiled module, and the
decoded one in the debug info (per instance).
The decoded table was a FixedArray of ByteArrays.
Now, also the decoded table is a flat ByteArray, and it encodes whether
it is encoded or decoded. This saves memory and allows to store encoded
and decoded variant in the same field. The table is automatically
decoded on the first use.
This CL also removes some unused and unimplemented methods from
WasmDebugInfo (probably merge artifacts). That class is now pretty much
empty, but we might still need it for breakpoint support.
R=titzer@chromium.org, ahaas@chromium.org
Review-Url: https://codereview.chromium.org/2522953002
Cr-Commit-Position: refs/heads/master@{#41316}
All super constructor calls go through the ignition + turbofan pipeline, so this is dead code.
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2525233003
Cr-Commit-Position: refs/heads/master@{#41313}
They're supposed to be stable across several parse passes, so we'll also
store them in the associated SharedFunctionInfos
To achieve this, the PreParser and Parser need to generated the same number of
FunctionLiterals. To achieve this, we teach the PreParser about desuggaring of
class literals.
For regular functions, the function IDs are assigned in the order they occur in
the source. For arrow functions, however, we only know that it's an arrow function
after parsing the parameter list, and so the ID assigned to the arrow function is
larger than the IDs assigned to functions defined in the parameter list. This
implies that we have to reset the function ID counter to before the parameter list
when re-parsing an arrow function. To be able to do this, we store the number of
function literals found in the parameter list of arrow functions as well.
BUG=v8:5589
Review-Url: https://codereview.chromium.org/2481163002
Cr-Commit-Position: refs/heads/master@{#41309}
ThreadedList is more memory-efficient than ZoneList. This also enables
us to use ThreadedList when making Preparser track parameters (upcoming
work).
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2531593002
Cr-Commit-Position: refs/heads/master@{#41307}
The BytecodeGraphBuilder assumes that deoptimization is always enabled,
so always enable it when compiling from bytecode.
BUG=chromium:668654
Review-Url: https://codereview.chromium.org/2531683004
Cr-Commit-Position: refs/heads/master@{#41303}
A missing @@IsConcatSpreadable check caused the fast path inside the slow path
to be incorrect and follow the default concat strategy when the arguments
arrays contain only doubles.
BUG=chromium:668414
Review-Url: https://codereview.chromium.org/2527173002
Cr-Commit-Position: refs/heads/master@{#41301}
This code is no longer used by full-codegen since all functions which
use new.target, rest parameters or the internal this function binding
now grow through Ignition first, and never tier up to fullcodegen.
BUG=v8:5657
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2528293002
Cr-Commit-Position: refs/heads/master@{#41298}
For a couple of those Array builtins we can specify a useful type that
will help us to eliminate a couple of checks on their outputs.
R=yangguo@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2529233002
Cr-Commit-Position: refs/heads/master@{#41295}
Assign types to the remaining builtins on the String.prototype where we
know a meaningful type, i.e. where the type is not dependent on some
callable function that is pass or loaded.
BUG=v8:5267
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2532463002
Cr-Commit-Position: refs/heads/master@{#41294}
If code has AsmWasm data we shouldn't try to optimize the JS as well, since
it will instead be optimized using the WASM data.
BUG=
Review-Url: https://codereview.chromium.org/2534463003
Cr-Commit-Position: refs/heads/master@{#41293}
This code is no longer used in full-codegen or ast-graph-builder since all
functions which have class literals go through Ignition first.
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2534463002
Cr-Commit-Position: refs/heads/master@{#41282}
This removes lots of boilerplate typedefs, with the caveat of renaming
CSA::Label and Variable to CLabel and CVariable within builtins-regexp.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2524363002
Cr-Commit-Position: refs/heads/master@{#41281}
This removes support for try-catch as well as try-finally constructs
from the {FullCodeGenerator}. Consequently optimized code containing
such constructs must use the {BytecodeGraphBuilder} and can no longer
use the {AstGraphBuilder} for graph building.
R=jarin@chromium.org
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2521233002
Cr-Commit-Position: refs/heads/master@{#41279}
Reason for revert:
Seems to cause compile errors on Android. Will investigate on Monday.
Original issue's description:
> [base] Pass scalar arguments by value in CHECK/DCHECK
>
> This not only potentially improves performance, but also avoids weird
> linker errors, like the one below, where I used Smi::kMinValue in a
> DCHECK_EQ.
>
> > [421/649] LINK ./mksnapshot
> > FAILED: mksnapshot
> > src/base/logging.h|178| error: undefined reference to
> 'v8::internal::Smi::kMinValue'
>
> R=bmeurer@chromium.org, ishell@chromium.org
>
> Committed: https://crrev.com/76723502528c5af003fdffc3520632ea2a13fef3
> Cr-Commit-Position: refs/heads/master@{#41273}
TBR=bmeurer@chromium.org,ishell@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2527883004
Cr-Commit-Position: refs/heads/master@{#41278}
Reason for revert:
Need to revert previous CL because of Android compile error, and this one depends in it.
Original issue's description:
> [base] Define CHECK comparison for signed vs. unsigned
>
> The current CHECK/DCHECK implementation fails statically if a signed
> value is compared against an unsigned value. The common solution is to
> cast on each caller, which is tedious and error-prone (might hide bugs).
> This CL implements signed vs. unsigned comparisons by executing up to
> two comparisons. For example, if i is int32_t and u is uint_32_t, a
> DCHECK_LE(i, u) would create the check
> i <= 0 || static_cast<uint32_t>(i) <= u.
> For checks against constants, at least one of the checks can be removed
> by compiler optimizations.
>
> The tradeoff we have to make is to sometimes silently execute an
> additional comparison. And we increase code complexity of course, even
> though the usage is just as easy (or even easier) as before.
>
> The compile time impact seems to be minimal:
> I ran 3 full compilations for Optdebug on my local machine, one time on
> the current ToT, one time with this CL plus http://crrev.com/2524093002.
> Before: 143.72 +- 1.21 seconds
> Now: 144.18 +- 0.67 seconds
>
> In order to check that the new comparisons are working, I refactored
> some DCHECKs in wasm to use the new magic.
>
> R=bmeurer@chromium.org, titzer@chromium.org
>
> Committed: https://crrev.com/5925074a9dab5a8577766545b91b62f2c531d3dc
> Cr-Commit-Position: refs/heads/master@{#41275}
TBR=ishell@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2531533003
Cr-Commit-Position: refs/heads/master@{#41277}
This code is no longer used by full-codegen since all functions which use with statments,
call eval or have lookup variable access now go through Ignition first.
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2514393002
Cr-Commit-Position: refs/heads/master@{#41276}
The current CHECK/DCHECK implementation fails statically if a signed
value is compared against an unsigned value. The common solution is to
cast on each caller, which is tedious and error-prone (might hide bugs).
This CL implements signed vs. unsigned comparisons by executing up to
two comparisons. For example, if i is int32_t and u is uint_32_t, a
DCHECK_LE(i, u) would create the check
i <= 0 || static_cast<uint32_t>(i) <= u.
For checks against constants, at least one of the checks can be removed
by compiler optimizations.
The tradeoff we have to make is to sometimes silently execute an
additional comparison. And we increase code complexity of course, even
though the usage is just as easy (or even easier) as before.
The compile time impact seems to be minimal:
I ran 3 full compilations for Optdebug on my local machine, one time on
the current ToT, one time with this CL plus http://crrev.com/2524093002.
Before: 143.72 +- 1.21 seconds
Now: 144.18 +- 0.67 seconds
In order to check that the new comparisons are working, I refactored
some DCHECKs in wasm to use the new magic.
R=bmeurer@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2526783002
Cr-Commit-Position: refs/heads/master@{#41275}
If code is flushed on a SFI, we can still use the bytecode if it was compiled,
since this never gets flushed.
This fixes a DCHECK where we were trying to compile the bytecode multiple
times after the baseline code was flushed.
BUG=chromium:668133
Review-Url: https://codereview.chromium.org/2526243002
Cr-Commit-Position: refs/heads/master@{#41274}
This not only potentially improves performance, but also avoids weird
linker errors, like the one below, where I used Smi::kMinValue in a
DCHECK_EQ.
> [421/649] LINK ./mksnapshot
> FAILED: mksnapshot
> src/base/logging.h|178| error: undefined reference to
'v8::internal::Smi::kMinValue'
R=bmeurer@chromium.org, ishell@chromium.org
Review-Url: https://codereview.chromium.org/2524093002
Cr-Commit-Position: refs/heads/master@{#41273}
For dictionary-mode receivers, the KeyedStoreGeneric stub can store
properties directly in most cases. Doing so avoids the need to have
an entry in the stub cache for every map/property combination.
Original review: https://codereview.chromium.org/2504403005/
Review-Url: https://codereview.chromium.org/2528883003
Cr-Commit-Position: refs/heads/master@{#41272}
Make apply calls with double array arguments such as
Math.min.apply(Math, [1.1, 2.2]) 1.6x faster.
Drive-by-fix: pass in the isolate to ElementsAccessor::GetImpl.
BUG=v8:4826
Review-Url: https://codereview.chromium.org/2521043005
Cr-Commit-Position: refs/heads/master@{#41268}
This makes sure call-site rendering for certain {TypeError} messages is
based on the correct underlying {JSFunction}, even when inlined frames
are present. Only the {FrameSummary} knows the exact function.
R=verwaest@chromium.org
TEST=message/regress/regress-crbug-661579
BUG=chromium:661579
Review-Url: https://codereview.chromium.org/2521103005
Cr-Commit-Position: refs/heads/master@{#41264}
This has two parts:
- in redundancy elimination, if we see addition with left hand side that
was bounds-checked, we reconnect the lhs to the bounds check if it has better
type.
- in representation inference, eliminate overflow checks if the input types
guarantee no overflow.
Review-Url: https://codereview.chromium.org/2527083002
Cr-Commit-Position: refs/heads/master@{#41260}
In the ParseInfo constructor that takes a SharedFunctionInfo, we must
set the module flag when the function represents a module.
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2525013002
Cr-Commit-Position: refs/heads/master@{#41257}
The old algorithm produces unnecessary decimal digits. The new one
converts the significand of the input double into an uint64_t to be
just as precise as necessary.
R=tebbi@chromium.org
BUG=chromium:658712,chromium:666376
Review-Url: https://codereview.chromium.org/2520363002
Cr-Commit-Position: refs/heads/master@{#41255}
RuntimeTimerScopes always subtract their own time from the parent timer's
counter to properly account for the own time. Once a scope is destructed it
adds it own timer to the current active counter. However, if the current
counter is changed with CorrectCurrentCounterId we will attribute all the
subtimers to the previous counter, and add the own time to the new counter.
This way it is possible to end up with negative times in certain counters but
the overall would still be correct.
BUG=
Review-Url: https://codereview.chromium.org/2511093002
Cr-Commit-Position: refs/heads/master@{#41254}
Reason for revert:
Secondary dependency to revert https://codereview.chromium.org/2522393002/
Original issue's description:
> [cleanup] Refactor builtins-number.cc
>
> Introducing a TF_BUILTIN macro that wraps CodeStubAssembler usage
> into a convenient interface (using a subclass under the hood).
>
> Committed: https://crrev.com/cbf59c4c704e83a43b52c5ba6825df576fdaece8
> Cr-Commit-Position: refs/heads/master@{#41236}
TBR=ishell@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2529873002
Cr-Commit-Position: refs/heads/master@{#41252}
The deprecated pipeline is used for asm.js only, where we forcibly
disable inlining anyways (for performance reasons), so inlining via
the AstGraphBuilder is essentially dead code by now, thus there's no
point in trying to keep that around in the code base.
Also nuke the test-run-inlining.cc file, which would require some heavy
surgery (for probably little benefit), and move the useful tests for
mjsunit tests instead.
BUG=v8:2206,v8:5657
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2527053002
Cr-Commit-Position: refs/heads/master@{#41245}
This exposes scopes for suspended generator objects by adding a
[[Scopes]] internal property to generator objects, similar to how
scopes for functions currently not on the stack are handled.
BUG=chromium:667286
Review-Url: https://codereview.chromium.org/2516973003
Cr-Commit-Position: refs/heads/master@{#41244}
Also lower JSToBoolean(x) where x is either some detectable receiver or
null, or any kind of receiver, null or undefined. Also fix a couple of
minor issues with the JSToBoolean lowering and tests.
R=yangguo@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2530773002
Cr-Commit-Position: refs/heads/master@{#41241}
Recognize a couple of builtins on the RegExp.prototype in the Typer and
assign useful types to them, so we can optimize various checks on their
results.
R=yangguo@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2531463002
Cr-Commit-Position: refs/heads/master@{#41240}
This fixes a bug where the re-creation of phi nodes leads to divergence. The fix makes sure that once a node created a phi node, it sticks to it and does not forget about it, even if the inputs suddenly agree again. The bug appeared on the trybots in https://codereview.chromium.org/2512733003/.
Also I added a line to mark effect phi nodes on the queue. This is unrelated, but seems to be an obvious ommission.
R=bmeurer@chromium.org
BUG=v8:5633
Review-Url: https://codereview.chromium.org/2522253002
Cr-Commit-Position: refs/heads/master@{#41239}
Descriptions for (typed)arrays will use parenthesis instead of square brackets
"Array(10)" instead of "Array[10]". This CL also adds size hints to descriptions
of maps and sets.
Related CL for DevTools: https://codereview.chromium.org/2524913002/
BUG=405845
Review-Url: https://codereview.chromium.org/2521853003
Cr-Commit-Position: refs/heads/master@{#41237}
Introducing a TF_BUILTIN macro that wraps CodeStubAssembler usage
into a convenient interface (using a subclass under the hood).
Review-Url: https://codereview.chromium.org/2517833005
Cr-Commit-Position: refs/heads/master@{#41236}
Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
- Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
- Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
- MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
- Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
Committed: https://crrev.com/3c98e339599b068f1ed630afb7601ff942424d31
Review-Url: https://codereview.chromium.org/2471883003
Cr-Original-Original-Commit-Position: refs/heads/master@{#41121}
Cr-Original-Commit-Position: refs/heads/master@{#41198}
Cr-Commit-Position: refs/heads/master@{#41234}
Reason for revert:
The test is very flaky on the bots, e.g.:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/17031https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/14776
Original issue's description:
> [counters] RuntimeStats: fix wrong bookkeeping when dynamically changing counters
>
> RuntimeTimerScopes always subtract their own time from the parent timer's
> counter to properly account for the own time. Once a scope is destructed it
> adds it own timer to the current active counter. However, if the current
> counter is changed with CorrectCurrentCounterId we will attribute all the
> subtimers to the previous counter, and add the own time to the new counter.
> This way it is possible to end up with negative times in certain counters but
> the overall would still be correct.
>
> BUG=
>
> Committed: https://crrev.com/f6c74d964d9387df4bed3d8c1ded51eb9e8aa6e8
> Committed: https://crrev.com/491651792d7818aed04eaeffb9890b5a309b543e
> Cr-Original-Commit-Position: refs/heads/master@{#41142}
> Cr-Commit-Position: refs/heads/master@{#41214}
TBR=ishell@chromium.org,fmeawad@chromium.org,lpy@chromium.org,cbruni@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2526843002
Cr-Commit-Position: refs/heads/master@{#41229}
Since we are specializing on the native context, we don't have to load
the vector from the closure. For one thing, this reduces the machinery for
nodes that use a vector in their generic incarnation.
BUG=
R=mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2529463002
Cr-Commit-Position: refs/heads/master@{#41221}
This fixes the message reported via the {TypeError} thrown when trying
to call a non-constructable function as a constructor. Also adds some
more related message tests for similar exceptions.
R=bmeurer@chromium.org
TEST=message/call-non-constructable
BUG=chromium:661579
Review-Url: https://codereview.chromium.org/2523803003
Cr-Commit-Position: refs/heads/master@{#41220}
For dictionary-mode receivers, the KeyedStoreGeneric stub can store
properties directly in most cases. Doing so avoids the need to have
an entry in the stub cache for every map/property combination.
Original review: https://codereview.chromium.org/2504403005/
Review-Url: https://codereview.chromium.org/2524943002
Cr-Commit-Position: refs/heads/master@{#41218}
In order for profiles of optimized code to have accurate source
positions, we need to prepare for this when compiling. If the profiler
is enabled late, this may be missing, leading to inaccurate profile
data. A compromise to solve this is to prepare for accurate positions if
the debugger (and therefore DevTools) is active, even if we are not
currently capturing a profile.
The alternative is to deopt everything upon profiling, but that would
affect the profile significantly.
R=alph@chromium.org, bmeurer@chromium.org, neis@chromium.org, tebbi@chromium.org
Review-Url: https://codereview.chromium.org/2519003002
Cr-Commit-Position: refs/heads/master@{#41217}
Eval calls are tracked by ParserBase::CheckPossibleEvalCall which
doesn't use (Pre)?Parser::IsDirectEvalCall.
Also we no longer seem to care about IsBinaryOperation (Parser didn't
have it either).
BUG=
Review-Url: https://codereview.chromium.org/2528603003
Cr-Commit-Position: refs/heads/master@{#41216}
RuntimeTimerScopes always subtract their own time from the parent timer's
counter to properly account for the own time. Once a scope is destructed it
adds it own timer to the current active counter. However, if the current
counter is changed with CorrectCurrentCounterId we will attribute all the
subtimers to the previous counter, and add the own time to the new counter.
This way it is possible to end up with negative times in certain counters but
the overall would still be correct.
BUG=
Committed: https://crrev.com/f6c74d964d9387df4bed3d8c1ded51eb9e8aa6e8
Review-Url: https://codereview.chromium.org/2511093002
Cr-Original-Commit-Position: refs/heads/master@{#41142}
Cr-Commit-Position: refs/heads/master@{#41214}
This is similar to how the native context has an empty function set up as it's closure field.
BUG=666984
Review-Url: https://codereview.chromium.org/2528603002
Cr-Commit-Position: refs/heads/master@{#41212}
Passing in the isolate to retrieve the heap constants (undefine, the_hole, null)
has a positive performance impact.
BUG=
Review-Url: https://codereview.chromium.org/2517153002
Cr-Commit-Position: refs/heads/master@{#41210}
Reason for revert:
Test crashes after an unrelated revert: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/7189
Reverting because of recommendation from WASM team.
Original issue's description:
> [wasm] WebAssembly.Memory object can be referenced by multiple Instance objects.
>
> Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
> - Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
> - Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
> - MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
> - Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
>
> R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
>
> Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
> Committed: https://crrev.com/3c98e339599b068f1ed630afb7601ff942424d31
> Cr-Original-Commit-Position: refs/heads/master@{#41121}
> Cr-Commit-Position: refs/heads/master@{#41198}
TBR=bradnelson@chromium.org,mtrofin@chromium.org,titzer@chromium.org,gdeepti@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2529573002
Cr-Commit-Position: refs/heads/master@{#41208}
Reason for revert:
Blocks roll: https://codereview.chromium.org/2526573002/
Original issue's description:
> [stubs] KeyedStoreGeneric: inline dictionary property stores
>
> For dictionary-mode receivers, the KeyedStoreGeneric stub can store
> properties directly in most cases. Doing so avoids the need to have
> an entry in the stub cache for every map/property combination.
>
> Committed: https://crrev.com/af168e330e95c4460fd1bb7734f0e9a750f2e748
> Cr-Commit-Position: refs/heads/master@{#41185}
TBR=ishell@chromium.org,rmcilroy@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2528583002
Cr-Commit-Position: refs/heads/master@{#41207}
port 0925554111 (r41135)
original commit message:
This removes the deprecated generator support for resumable functions
from {FullCodeGenerator}. The existing {AstNumbering} heuristic already
triggers Ignition for most resumable functions, with this change we make
said heuristic a hard choice and remove the deprecated code. This also
has the advantage that any suspended {JSGeneratorObject} instance on the
heap is guaranteed to have code based on a bytecode array.
BUG=
Review-Url: https://codereview.chromium.org/2522653003
Cr-Commit-Position: refs/heads/master@{#41204}
port d4f01b8a65 (r41108)
original commit message:
Add fast paths for holey smi and object arrays to
Function.prototype.apply, Reflect.apply and Reflect.construct.
BUG=
Review-Url: https://codereview.chromium.org/2519303002
Cr-Commit-Position: refs/heads/master@{#41203}
The AstGraphBuilder pipeline is only used for asm.js now, so the whole
type feedback mechanism is essentially dead code currently, thus we
better nuke it.
BUG=v8:5267,v8:5657
Review-Url: https://codereview.chromium.org/2523953002
Cr-Commit-Position: refs/heads/master@{#41201}
port 93c6595200 (r40887)
original commit message:
This changes {FrameState} nodes modeling "after" states to use bytecode
offsets pointing to the deoptimizing bytecode. This is in sync with the
normal execution, as the bytecode offset is advanced after operations
complete in regular bytecode handlers.
The change is necessary to ensure lazy deoptimized frames contain an
accurate bytecode offset while they are on the stack. Such frames can be
inspected by various stack walks. The continuation builtin will advance
the bytecode offset upon return.
BUG=
Review-Url: https://codereview.chromium.org/2520203002
Cr-Commit-Position: refs/heads/master@{#41199}
Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
- Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
- Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
- MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
- Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
Review-Url: https://codereview.chromium.org/2471883003
Cr-Original-Commit-Position: refs/heads/master@{#41121}
Cr-Commit-Position: refs/heads/master@{#41198}
Now that we have a JumpLoop bytecode, we can heavily simplify the
branch/loop analysis by assuming that only JumpLoop bytecodes are
backwards edges, and performing the loop analysis as a single
(backwards) pass.
This allows us to get rid of the branch analysis entirely, and builds a
framework to do liveness analysis in the same pass.
Review-Url: https://codereview.chromium.org/2519983002
Cr-Commit-Position: refs/heads/master@{#41194}
Previous fuzzer fix broke the case when the pending assessment came from the same
block. In that case, the assessments table does not have an entry yet for the block,
because we register only when we're done processing a block.
BUG=667745
Review-Url: https://codereview.chromium.org/2519973004
Cr-Commit-Position: refs/heads/master@{#41193}
The GetPositionInfo function only operates on WasmCompiledModule, so it
should be a method of that class.
This CL also splits the method in two, such that I can reuse the
GetContainingFunction method for breakpoint support.
R=titzer@chromium.org
BUG=chromium:613110
Review-Url: https://codereview.chromium.org/2521293002
Cr-Commit-Position: refs/heads/master@{#41191}
Wrapper creation for import functions with i64 return values on 32-bit
platforms crashed because the number of return values of the wrapper
did not match the number of input nodes of the return node.
The issue is fixed by not creating special wrappers for 32-bit platforms
in the first place. This is valid because wrappers with i64 return
values are never actually executed.
R=titzer@chromium.org
BUG=v8:5661
Review-Url: https://codereview.chromium.org/2517173003
Cr-Commit-Position: refs/heads/master@{#41190}
The handwritten-assembly implementations of both dispatcher and
generic stub have been replaced by Turbofan-generated stubs.
Review-Url: https://codereview.chromium.org/2523473002
Cr-Commit-Position: refs/heads/master@{#41188}
For dictionary-mode receivers, the KeyedStoreGeneric stub can store
properties directly in most cases. Doing so avoids the need to have
an entry in the stub cache for every map/property combination.
Review-Url: https://codereview.chromium.org/2504403005
Cr-Commit-Position: refs/heads/master@{#41185}
... but be less pessimistic about context allocation (see below).
We might have just (pessimistically) context-allocated a variable based
on references coming from an inner function, but after that we still
need to set maybe_assigned (pessimistically).
This makes test-parsing/InnerAssignment pass with
FLAG_lazy_inner_functions.
This was undetected until now because we didn't have lazy parsing enabled
for small scripts.
Less pessimistic approach: now that inner functions laziness decisions
are stable (if we have once compiled a piece of code with lazy inner
functions, we never compile the same code with eager inner functions),
we don't need to be as pessimistic with context allocation as before.
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2521513004
Cr-Commit-Position: refs/heads/master@{#41183}
This makes sure the {kScratchRegister} is not used across macro
instructions (e.g. {LeaveFrame}) that would clobber its content.
Generally it is highly unsafe to use such scratch registers with a
life-range spanning macro instructions.
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2521973002
Cr-Commit-Position: refs/heads/master@{#41181}
This makes the test in the bug ~10x faster. It could inadvertently make other things slower, so revert eagerly if included in a range where performance tanks.
BUG=chromium:666852
Review-Url: https://codereview.chromium.org/2525573002
Cr-Commit-Position: refs/heads/master@{#41178}
StepFrame is a combination of StepIn/StepOut, e.g. it breaks to the next
frame change. This is not part of the public API, but we want to keep it
for internal tests.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2514303003
Cr-Commit-Position: refs/heads/master@{#41177}
* Fix setting script-scope variables through inspector by internalizing
their names.
* Reconstruct values of Number, String, and Boolean classes.
* Adapt a couple of tests for API restrictions.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2512963002
Cr-Commit-Position: refs/heads/master@{#41175}
When disassembling functions for the inspector, we used an internal
text representation before. This CL implements the official text
format like it is understood by the spec interpreter.
Example output:
func $main (param i32) (result i32)
block i32
get_local 0
i32.const 2
i32.lt_u
if
i32.const -2
return
end
get_local 0
call_indirect 0
end
R=rossberg@chromium.org, titzer@chromium.org
BUG=chromium:659715
Review-Url: https://codereview.chromium.org/2520943002
Cr-Commit-Position: refs/heads/master@{#41172}
This fixes stack unwinding to always recompute the stack pointer for
interpreted frames. For frames materialized by the deoptimizer we elide
the handler frame in between, hence arguments being pushed on the stack
will no longer be pushed into the handler frame but into the interpreted
frame directly.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-662830
BUG=chromium:662830
Review-Url: https://codereview.chromium.org/2517203003
Cr-Commit-Position: refs/heads/master@{#41170}
The new SourcePosition class allows for precise tracking of source positions including the stack of inlinings. This CL makes the cpu profiler use this new information. Before, the cpu profiler used the deoptimization data to reconstruct the inlining stack. However, optimizing compilers (especially Turbofan) can hoist out checks such that the inlining stack of the deopt reason and the inlining stack of the position the deoptimizer jumps to can be different (the old cpu profiler tests and the ones introduced in this cl produce such situations for turbofan). In this case, relying on the deoptimization info produces paradoxical results, where the reported position is before the function responsible is called. Even worse, https://codereview.chromium.org/2451853002/ combines the precise position with the wrong inlining stack from the deopt info, leading to completely wrong results.
Other changes in this CL:
- DeoptInlinedFrame is no longer needed, because we can compute the correct inlining stack up front.
- I changed the cpu profiler tests back to test situations where deopt checks are hoisted out in Turbofan and made them robust enough to handle the differences between Crankshaft and Turbofan.
- I reversed the order of SourcePosition::InliningStack to make it match the cpu profiler convention.
- I removed CodeDeoptEvent::position, as it is no longer used.
R=alph@chromium.org
BUG=v8:5432
Review-Url: https://codereview.chromium.org/2503393002
Cr-Commit-Position: refs/heads/master@{#41168}
TurboFan can indeed comsume NumberOrOddball feedback for abstract
relational comparisons, so we should just provide it from Ignition.
Drive-by-fix: Add a DCHECK to protect against abstract/strict equality
number comparison accidentially utilizing Oddball feedback.
BUG=v8:5267,v8:5400
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2518283002
Cr-Commit-Position: refs/heads/master@{#41166}
This code should not access bytes out of the permitted range in order to check
the range of a possible UTF-8 value. Instead, the length check should occur
before such checks.
BUG=chromium:667260, chromium:662822
Review-Url: https://codereview.chromium.org/2520053003
Cr-Commit-Position: refs/heads/master@{#41165}
The verifier needs to use the block and assessments in that block corresponding to
a predecessor of a "pending" assessment. Not doing that causes incorrect
assessments when 2 locations are swapped.
BUG=665402
Review-Url: https://codereview.chromium.org/2515803002
Cr-Commit-Position: refs/heads/master@{#41159}
This pre-calculates and stores a vector of bytecode offsets, and then allows
one to iterate over it backwards. This could probably be adapted to a
bidirectional/random access iterator if we wanted to, but for now reverse
is all we need.
Review-Url: https://codereview.chromium.org/2518003002
Cr-Commit-Position: refs/heads/master@{#41153}
Refactors the bytecode array iterator to separate the iteration and the
bytecode parameter access, placing the latter into a separate
super-class. This will allow us to have other forms of access, e.g.
reverse iteration.
Review-Url: https://codereview.chromium.org/2519923002
Cr-Commit-Position: refs/heads/master@{#41152}
Reason for revert:
Wronged it even more.
Original issue's description:
> [counters] RuntimeStats: fix wrong bookkeeping when dynamically changing counters
>
> RuntimeTimerScopes always subtract their own time from the parent timer's
> counter to properly account for the own time. Once a scope is destructed it
> adds it own timer to the current active counter. However, if the current
> counter is changed with CorrectCurrentCounterId we will attribute all the
> subtimers to the previous counter, and add the own time to the new counter.
> This way it is possible to end up with negative times in certain counters but
> the overall would still be correct.
>
> BUG=
>
> Committed: https://crrev.com/f6c74d964d9387df4bed3d8c1ded51eb9e8aa6e8
> Cr-Commit-Position: refs/heads/master@{#41142}
TBR=ishell@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2519073002
Cr-Commit-Position: refs/heads/master@{#41150}
This avoids entering a nested temp zone, and fixes up tracing and runtime callstats names.
BUG=
Review-Url: https://codereview.chromium.org/2514353002
Cr-Commit-Position: refs/heads/master@{#41147}
By now the compilation pipeline is flexible enough to run module tests
against all variants, we should no longer choose unsupported compilers
for modules. It also fixes the predicate checking for functions being
"resumable" in the {AstNumberingVisitor} heuristic.
R=neis@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2517143002
Cr-Commit-Position: refs/heads/master@{#41144}
Add/Shl to Lsa optimization doesn't yield any performance increase in case
one of the operand is immediate, because Lsa cannot use the immediate so
we use an extra instruction to load the immediate to register. On MIPSR2 and
less this optimization leads to performance degradation, since Lsa is not
supported on these architectures and it is emulated using Add/Shl which
do support immediate as operand for Add.
BUG=
Review-Url: https://codereview.chromium.org/2509203003
Cr-Commit-Position: refs/heads/master@{#41143}
RuntimeTimerScopes always subtract their own time from the parent timer's
counter to properly account for the own time. Once a scope is destructed it
adds it own timer to the current active counter. However, if the current
counter is changed with CorrectCurrentCounterId we will attribute all the
subtimers to the previous counter, and add the own time to the new counter.
This way it is possible to end up with negative times in certain counters but
the overall would still be correct.
BUG=
Review-Url: https://codereview.chromium.org/2511093002
Cr-Commit-Position: refs/heads/master@{#41142}
Reason for revert:
Blocks roll https://codereview.chromium.org/2517963002/
Original issue's description:
> [turbofan] Introduce LoadFunctionPrototype simplified operator.
>
> Add a LoadFunctionPrototype simplified operator, similar to what
> Crankshaft has, that loads the prototype property of a constructor
> function.
>
> R=jarin@chromium.org
> BUG=v8:5267
>
> Committed: https://crrev.com/1737b2c74b50168e96ef1263def0eb43505fa80c
> Cr-Commit-Position: refs/heads/master@{#41127}
TBR=jarin@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2514363002
Cr-Commit-Position: refs/heads/master@{#41141}
This renames the {operand_stack} field to {register_file}, to refelct
how said field is used on all {JSGeneratorObject} instances by now. This
is a pure refactoring CL, not changes in semantics.
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2520913002
Cr-Commit-Position: refs/heads/master@{#41140}
This removes some outdated code that allocates a {JSGeneratorObject} for
baseline code. We no longer support such a representation of generators
and can rely on bytecode being available for all generators.
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2515253003
Cr-Commit-Position: refs/heads/master@{#41137}
This removes the deprecated generator support for resumable functions
from {FullCodeGenerator}. The existing {AstNumbering} heuristic already
triggers Ignition for most resumable functions, with this change we make
said heuristic a hard choice and remove the deprecated code. This also
has the advantage that any suspended {JSGeneratorObject} instance on the
heap is guaranteed to have code based on a bytecode array.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2504223002
Cr-Commit-Position: refs/heads/master@{#41135}
Reason for revert:
Turbofan doesn't do proper ToNumber conversions on NumberOrOddball equality conversions.
BUG=v8:5660
Original issue's description:
> [Interpreter] Collect NumberOrOddball feedback in CompareOps.
>
> Collect feedback for oddballs in the interpreter compare operations handlers.
> This is important to ensure that we don't consider oddball comparisons as
> generic, which prevents optimization.
>
> BUG=chromium:660947
>
> Committed: https://crrev.com/721e74d9d942fd4f2e3392ea9626d9d404dbbbd0
> Cr-Commit-Position: refs/heads/master@{#41081}
TBR=bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:660947
Review-Url: https://codereview.chromium.org/2517133002
Cr-Commit-Position: refs/heads/master@{#41134}
Stepping in a generator now behaves similar to stepping inside an
async function. Stepping in or next at a yield expression will result in
a break inside the same generator when we return to the generator.
Behavior of step-out does not change.
R=jgruber@chromium.org, neis@chromium.org
BUG=chromium:496865
Review-Url: https://codereview.chromium.org/2519853002
Cr-Commit-Position: refs/heads/master@{#41132}
Adapted various tests to restrictions of inspector protocol:
* osr-typing-debug-change: Don't set function variable value.
* debug-evaluate-locals: Add variable introduced by eval, run typeof
inside evaluate().
* regress-419663: Don't set duplicate breakpoints.
* regress-crbug-465298: Compare against function name instead of value.
* regress-crbug-621361: Make evaluate return string results.
* debug-script: Various counts were off due to new way tests are called.
Added new inspector script type.
Breakpoints now contain the actual break position, and remote object
reconstruction has been extended a bit.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2505363002
Cr-Commit-Position: refs/heads/master@{#41129}
Add a LoadFunctionPrototype simplified operator, similar to what
Crankshaft has, that loads the prototype property of a constructor
function.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2517913002
Cr-Commit-Position: refs/heads/master@{#41127}
Reason for revert:
Breaks gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/7114
Original issue's description:
> [wasm] WebAssembly.Memory object can be referenced by multiple Instance objects.
>
> Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
> - Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
> - Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
> - MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
> - Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
>
> R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
>
> Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
> Cr-Commit-Position: refs/heads/master@{#41121}
TBR=bradnelson@chromium.org,mtrofin@chromium.org,titzer@chromium.org,gdeepti@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2512323004
Cr-Commit-Position: refs/heads/master@{#41122}
Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
- Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
- Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
- MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
- Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2471883003
Cr-Commit-Position: refs/heads/master@{#41121}
The code which pushes and pops to the function name inference stack
generally checks if the stack is active with the IsOpen method. One
piece of code pertaining to async functions was missing that check.
This patch adds it.
BUG=chromium:658267
R=gsathya,caitp
Review-Url: https://codereview.chromium.org/2514893002
Cr-Commit-Position: refs/heads/master@{#41120}
A simple Print API for debugging assessments in the regalloc
verifier.
BUG=
Review-Url: https://codereview.chromium.org/2512943003
Cr-Commit-Position: refs/heads/master@{#41117}
This patch also cleans up NewPromiseCapability.
This patch results in a 20% improvement over 4 runs with the following micro
benchmark -
var x = Promise.resolve();
async function bar() {
return x;
}
async function foo() {
await bar();
}
var start = performance.now();
var count = 0;
var max = 10000;
for(var i = 0; i <= max; i++) {
foo().then(() => {
count++;
if(count === max) print( performance.now() - start );
})
}
BUG=v8:5639
Review-Url: https://codereview.chromium.org/2512103002
Cr-Commit-Position: refs/heads/master@{#41116}
... at least for the function which will remain after restructuring of
the debug interface. For some methods that will be removed anyway, we
just return zero / null for now.
I also refactored the ScriptLocationFromLine method to make it more
readable and reuse parts in other files (like ScriptLinePosition).
BUG=5655
R=titzer@chromium.org, jgruber@chromium.org
Review-Url: https://codereview.chromium.org/2512833003
Cr-Commit-Position: refs/heads/master@{#41115}
Some minifiers use the pattern !function ... () for JS code that should
be immediately executed. This change recognizes that pattern and treats
it equally to parenthesized functions.
A bit more background info is in the referenced bug.
R=verwaest@chromium.org
BUG=v8:5643
Review-Url: https://codereview.chromium.org/2509143003
Cr-Commit-Position: refs/heads/master@{#41114}
Port a1103a117c
Original commit message:
- Simplify the variable-length pop sequence on entry. (It now uses
smaller code with no branches.)
- Use conditional compare to merge branches where appropriate.
- Make use of Ldrsw + UntagSmiFieldMemOperand to load smis more
efficiently.
- Only load 'undefined' and 'null' once per builtin.
- A few other small improvements.
Review-Url: https://codereview.chromium.org/2507683003
Cr-Commit-Position: refs/heads/master@{#41113}
are created using new Array(N) and setLength(N).
Currently the limit is based on max old generation size, which
will break with the upcoming change that allows large heaps.
BUG=chromium:652721
Review-Url: https://codereview.chromium.org/2513923002
Cr-Commit-Position: refs/heads/master@{#41112}
This is a next step towards removing names table from type feedback metadata.
BUG=chromium:576312, v8:5561
Review-Url: https://codereview.chromium.org/2514453002
Cr-Commit-Position: refs/heads/master@{#41111}
It originates from the era where we used to run a separate preparse step
before parsing and store the function data. Now the usage of preparser
is something completely different, so this flag doesn't make sense any
more.
In addition, this way we get more test coverage for preparser (for small
scripts).
BUG=
Review-Url: https://codereview.chromium.org/2513563002
Cr-Commit-Position: refs/heads/master@{#41110}
