This adds the missing lazy bailout point when defining accessor pairs
within object literals via Runtime::kDefineAccessorPropertyUnchecked.
The runtime function in question can indeed trigger a lazy deopt due
to a DependentCode::kPrototypeCheckGroup dependency.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-633585
BUG=chromium:633585
Review-Url: https://codereview.chromium.org/2207413002
Cr-Commit-Position: refs/heads/master@{#38336}
References in code objects to new-space embedded objects have to be
recorded in a remembered set so that they get updated by the garbage
collector.
TEST=cctest/test-serialize/CodeSerializerEmbeddedObject
R=ulan@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2200333004
Cr-Commit-Position: refs/heads/master@{#38335}
Compilation breaks when compiling v8 through Chromium using GYP. The isssue
started to appear after https://codereview.chromium.org/2190973003 landed.
It happens because trace_event_common.h header is on different location if we
are compiling v8 through Chromium compared to when we are compiling v8 standalone.
BUG=
Review-Url: https://codereview.chromium.org/2207943002
Cr-Commit-Position: refs/heads/master@{#38333}
This will allow for using DoParseLazy on a background thread, so we can
also parse inner functions on the background thread.
BUG=v8:5215
R=adamk@chromium.org,marja@chromium.org
Review-Url: https://codereview.chromium.org/2201423002
Cr-Commit-Position: refs/heads/master@{#38332}
This removes the ability to specify a catch prediction for exception
handler tables that are based on return addresses. The encoding for
handlers still looks the same to keep it in sync with tables based on
ranges, just no payload is stored in the respective bits.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2205893002
Cr-Commit-Position: refs/heads/master@{#38327}
An infinite recursion can be triggered when NoSideEffectToString is
called on an error object with its name property set to itself.
BUG=633998
Review-Url: https://codereview.chromium.org/2206313002
Cr-Commit-Position: refs/heads/master@{#38325}
Thrown exceptions must be handled before another exception is thrown.
This fixes all remaining test failures exposed by not clearing pending
exceptions in JSEntryStub.
BUG=v8:5259
Review-Url: https://codereview.chromium.org/2207923002
Cr-Commit-Position: refs/heads/master@{#38324}
These tests all called assertUnreachable within a try/catch block.
BUG=v8:5246
Review-Url: https://codereview.chromium.org/2209663003
Cr-Commit-Position: refs/heads/master@{#38323}
Use a single CheckMaps node instead of the sequence of LoadField,
ReferenceEqual and CheckIf. This also makes it easier to eliminate
the COW check if there are multiple of them in a row.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2216453002
Cr-Commit-Position: refs/heads/master@{#38321}
port cdae865436 (r38292)
original commit message:
A corresponding flag was added as well to help us find out what breaks when we
do not clear pending exceptions on each JS entry.
BUG=
Review-Url: https://codereview.chromium.org/2212733002
Cr-Commit-Position: refs/heads/master@{#38320}
Rolling v8/build to c6b327c244be25a972266cad3228279266a03c66
Rolling v8/buildtools to 88c6fc5bde77b9477345f0885cd88d4a57ad1844
Rolling v8/tools/mb to 72a708590a056993adf080a92211ddc8221010e7
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2212753002
Cr-Commit-Position: refs/heads/master@{#38319}
Promise.resolve
Instead of creating resolve and reject closures, directly
call ResolvePromise after creating the promise.
Using the following as a microbenchmark --
```
var b = 0;
var start = performance.now();
for (var i = 0; i < 1000000; i++) {
Promise.resolve(1).then((val) => {
b += val;
if (b == 1000000) print(performance.now() - start)
});
}
```
I see a 16.01% improvement over 5 runs with this patch.
BUG=v8:5046
Review-Url: https://codereview.chromium.org/2143553002
Cr-Commit-Position: refs/heads/master@{#38318}
Reason for revert:
Mac64 ASAN failure. https://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/7810/steps/Check/logs/Threading4
Original issue's description:
> [Reland][Tracing] Embed V8 runtime call stats into tracing.
>
> Currently we have V8 RuntimeCallStats that is independently from tracing when
> running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
> stats into tracing, by having a global table of runtime call counters each
> isolate, resetting the table each time we enter a top level trace event, and
> dumping the table for each top level trace event. This will make trace file more
> compat, as well as enable runtime call stats in tracing system.
>
> This patch adds ~5% overhead to V8 when the category is enabled, we measure the
> overhead by running a script when category is enabled.
>
> BUG=v8:5089
>
> Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
> Committed: https://crrev.com/1ca3b73bba4a7253ca8eeef39321d70e7d414331
> Cr-Original-Commit-Position: refs/heads/master@{#38270}
> Cr-Commit-Position: refs/heads/master@{#38314}
TBR=cbruni@chromium.org,fmeawad@chromium.org,machenbach@chromium.org,bmeurer@chromium.org,adamk@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5089
Review-Url: https://codereview.chromium.org/2200373003
Cr-Commit-Position: refs/heads/master@{#38315}
Currently we have V8 RuntimeCallStats that is independently from tracing when
running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
stats into tracing, by having a global table of runtime call counters each
isolate, resetting the table each time we enter a top level trace event, and
dumping the table for each top level trace event. This will make trace file more
compat, as well as enable runtime call stats in tracing system.
This patch adds ~5% overhead to V8 when the category is enabled, we measure the
overhead by running a script when category is enabled.
BUG=v8:5089
Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
Review-Url: https://codereview.chromium.org/2187693002
Cr-Original-Commit-Position: refs/heads/master@{#38270}
Cr-Commit-Position: refs/heads/master@{#38314}
Moves the creation of SharedFunctionInfo for function literals to the
finalization step. This is required for bytecode generation to be
performed off-thread.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2179303005
Cr-Commit-Position: refs/heads/master@{#38309}
When we do a checked conversion from Tagged or Float64 to Int32, we used
to always do a minus zero check, even if we already know that the input
cannot be minus zero. Now we actually do the check only if we have
evidence that the input might be minus zero.
R=epertoso@chromium.org
BUG=v8:4583
Review-Url: https://codereview.chromium.org/2202993005
Cr-Commit-Position: refs/heads/master@{#38308}
Avoids compiling baseline code when the function isn't able to be
optimized by crankshaft.
BUG=chromium:632289
Review-Url: https://codereview.chromium.org/2194453002
Cr-Commit-Position: refs/heads/master@{#38304}
Add a new bytecode to create a function context. The handler inlines
FastNewFunctionContextStub.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2187523002
Cr-Commit-Position: refs/heads/master@{#38301}
If ToObject() has thrown, do not throw another exception. The reason
this does not currently fail is that 1. Errors used to be created
through JS natives, and 2. the JSEntryStub clears any pending
exceptions. So, when calling into JS to create the new error, the old
exception was cleared.
BUG=5259
Review-Url: https://codereview.chromium.org/2208683002
Cr-Commit-Position: refs/heads/master@{#38300}
This new API function allows for setting several internal fields at once.
By avoiding crossing the API each time for setting an internal property we
can speed up the wrapper creation which has to set two fields for every new
object.
BUG=chromium:630217
Review-Url: https://codereview.chromium.org/2185963002
Cr-Commit-Position: refs/heads/master@{#38299}
A corresponding flag was added as well to help us find out what breaks when we
do not clear pending exceptions on each JS entry.
BUG=5259
Review-Url: https://codereview.chromium.org/2208663002
Cr-Commit-Position: refs/heads/master@{#38292}
So far we treated SignedSmall and Signed32 feedback the same for number
operations. However it would be beneficial to generate (a lot) less code
if we only do a Smi check on the inputs instead of doing the full Smi +
HeapNumber + conversion check that we need to do for Signed32 feedback.
R=epertoso@chromium.org
BUG=v8:4583
Review-Url: https://codereview.chromium.org/2207893002
Cr-Commit-Position: refs/heads/master@{#38290}
The helper class in question is no longer needed now that frame states
representing the "before" state is not attached to nodes anymore. They
are represented by appropriate {Checkpoint} nodes in the graph now.
R=bmeurer@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2205243002
Cr-Commit-Position: refs/heads/master@{#38288}