This CL changes a constant pool test to include tests for the marker
and the encoded pool size.
Change-Id: Ia5cfd173e5d523a02252fd3b14f302e5c8994881
Reviewed-on: https://chromium-review.googlesource.com/1186626
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55423}
With warmup and/or longer runs, the benchmark results are more reliable.
This CL also splits the benchmark into smaller ones for easier management.
Change-Id: Ieba0734bef841d131b3184938109ca179994e173
Reviewed-on: https://chromium-review.googlesource.com/1188572
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#55422}
https://chromium-review.googlesource.com/c/v8/v8/+/1178763 added
DateTimeFormat.prototype.format to the C++ side of things, removing the
need for the runtime function, but the function wasn't removed.
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie73fefb5477dfb7f04a4f8852e086a92332c05fc
Reviewed-on: https://chromium-review.googlesource.com/1189502
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55421}
This increases the size of a V8BreakIterator instance by a word to store
the adopt text function.
The instance to be bound is stored on the context of this builtin function.
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I466ead6c8fc9d531d2213cfdd488fa1484496f69
Reviewed-on: https://chromium-review.googlesource.com/1186925
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55418}
- Implement all the I64Atomic operations on ARM
- Change assembler methods to use Registers instead of memory operands
- Move atomics64 test up be tested on all archs, disable tests on MIPS
BUG:v8:6532
Change-Id: I91bd42fa819f194be15c719266c36230f9c65db8
Reviewed-on: https://chromium-review.googlesource.com/1180211
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55416}
If maxLength is larger than String::kMaxLength, we used to throw
immediately. However, we must first look at the filler argument, which
is observable. Moreover, if the filler is empty, we must return the
input unchanged.
Bug: v8:8078
Change-Id: Ic3d135f9e25da56df45b059144e45e19dda9c3d8
Reviewed-on: https://chromium-review.googlesource.com/1188313
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55414}
This doubles the size of the snapshot since it creates all of the
handlers twice (and it doesn't use any of these new ones). However it's
all behind a flag.
For now all bytecode handlers are marked as being not Isolate
independent to prevent snapshot creation failures.
Bug: v8:8068
Change-Id: Id49f521445643d9fc6b141353f0a29b585160e10
Reviewed-on: https://chromium-review.googlesource.com/1185100
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55411}
In the case where the array is a fast packed array, the CSA no longer needs
to check whether the prototype has elements. This only needed when the array
is holey.
This is a follow-up of CL #1183671.
Change-Id: I0087b827200995c741141f3183bf9a2c748d3b55
Reviewed-on: https://chromium-review.googlesource.com/1188315
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#55409}
Thus far the LoadElimination didn't consider CheckHeapObject a renaming
operation and would therefore miss opportunities to eliminate redundant
loads or map checks where the input is not checked for sminess in all
cases. This kind of pattern is very common with code that results from
builtin inlining in JSCallReducer, as here we don't unconditionally
insert CheckHeapObject nodes if we can tell from the graph that the
receiver already has a certain map (by walking the effect chain
upwards).
Bug: v8:8070
Change-Id: I980f382205757a754f93a5741de1ee08b75ee070
Reviewed-on: https://chromium-review.googlesource.com/1188129
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55408}
This allows to replace redundant LoadField's whose type doesn't match
the type of the replacement, by just turning those LoadField's into
TypeGuard's.
Bug: v8:8070
Change-Id: Ia329bb536f8829be27e070e90e9eaae0618dac7a
Reviewed-on: https://chromium-review.googlesource.com/1188131
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55407}
In preparation for kRootRegister support on ia32.
Bug: v8:6666
Change-Id: I6bbc87734d189bb8cde5d057a54f8155606d142d
Reviewed-on: https://chromium-review.googlesource.com/1188319
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55406}
Now that we always instantiate the right ObjectData subclass, we can
give precise types to members.
R=jarin@chromium.org
Bug: v8:7790
Change-Id: Ic2194de90f458ddccbeb9f101903e5865fb4eb41
Reviewed-on: https://chromium-review.googlesource.com/1187103
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55404}
This halfs the test size but also halfs the baseline for the score to
make it comparable.
Bug: v8:7926
Change-Id: Id3769def6a555ef1bddf8dd5e54c04b8652e5b54
Reviewed-on: https://chromium-review.googlesource.com/1188465
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55403}
Also define classes NativeContext and InternalizedString. Those object
kinds were already part of our Object hierarchy but didn't have their
own class, which was inconvenient.
R=jarin@chromium.org, mslekova@chromium.org
Bug: v8:7790
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ic443a2b2e34afc89bc924e845d995e3f287a2535
Reviewed-on: https://chromium-review.googlesource.com/1185592
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55402}
It appears that the fields are already being unescaped elsewhere,
perhaps by the JSON writer. So if we unescape when adding the source
filename and contents, unescaping will happen again later and plain
backslashes will be interpreted as escape codes.
Bug: v8:6240
Change-Id: Ic66b9017ae685d6dd12944ee8d254991e26fbd32
Reviewed-on: https://chromium-review.googlesource.com/1186625
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Bret Sepulveda <bsep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55401}
This fixes several issues related to off-heap trampoline handling on
ia32.
Unlike other architectures, ia32 uses a pc-relative call/jump for the
off-heap trampoline. That means we cannot skip reloc info emission,
and we need to relocate when the buffer grows during code generation.
Finally, inlined trampolines must not clobber and thus also need to
use a pc-relative call/jump.
Drive-by: Use PreserveRootIA32 config only for whitelisted builtins to
build successfully by default.
Bug: v8:6666
Change-Id: I2b72147c6c70036cd13d8b22e2c80ade786c47b8
Reviewed-on: https://chromium-review.googlesource.com/1188316
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55397}
This method introduces an inherent race because it allows changing
global static flag variables from concurrently running Isolates (or
Workers). Since there are not too many use-cases left, the method in
question can be removed entirely.
R=hpayer@chromium.org
Change-Id: I9798730dd775b04f0bc83f18ed5982672e76e5d5
Reviewed-on: https://chromium-review.googlesource.com/1186731
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55392}
Place the LoadField for the backing store of the [[IteratedObject]]
before the diamond to make it possible to eliminate this LoadField
in LoadElimination later, when used in `for..of` or destructing.
This further improves the performance of `for..of` in the micro
benchmark on the tracking bug from
console.timeEnd: forOf, 191.726000
console.timeEnd: traditional, 107.572000
console.timeEnd: forOf, 137.288000
console.timeEnd: traditional, 102.976000
console.timeEnd: forOf, 137.506000
console.timeEnd: traditional, 103.089000
to around
console.timeEnd: forOf, 195.238000
console.timeEnd: traditional, 107.078000
console.timeEnd: forOf, 128.980000
console.timeEnd: traditional, 103.106000
console.timeEnd: forOf, 128.525000
console.timeEnd: traditional, 103.072000
so roughly another ~7% improvement (with untrusted code mitigations
turned off).
Bug: v8:8070
Change-Id: I34831c503384f0cc44b95317dd84403f2ed8ecd5
Reviewed-on: https://chromium-review.googlesource.com/1188138
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55390}
This is a reland of 524215be1a
Original change's description:
> Use new arraybuffer deleter interface in d8
>
> With this cl we start using the custom deleter to free externalized
> array buffers. This also allows us to keep wasm memories registered
> with the wasm memory tracker and thereby to propagate that a memory
> is wasm allocated over postMessage calls.
>
> Bug: v8:8073, chromium:836800
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I57e3ea44d9c6633ada7996677dd1de4da810ab64
> Reviewed-on: https://chromium-review.googlesource.com/1186681
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Stephan Herhut <herhut@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55361}
Bug: v8:8073, chromium:836800
Change-Id: Ia3c057ced496363cfdd07eed16ed1d0c7a3f3084
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1188222
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55389}
Add location information in heap snapshot for objects where the
constructor can be determined.
Bug: chromium:854097
Change-Id: Ieb2ab70a65809ecc9dfa0d73a33fa57add430465
Reviewed-on: https://chromium-review.googlesource.com/1179156
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55387}
This embeds LiteralBuffers in the TokenDesc directly so that we do not need to
figure out which one is free; as well as newline tracking. Instead of copying
around TokenDesc we now just update the pointer to keep track of the state.
Based on this architecture we'll be able to precompute more tokens at once.
Change-Id: Ie2e1a95f91713f7ab619fc8632f1eb644884a51f
Reviewed-on: https://chromium-review.googlesource.com/1184911
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55385}
Instead of using the slow-path for COW arrays, we now properly copy
them and use the fast-path.
R=jgruber@chromium.org
Change-Id: Iebbad5f761d97c5400c457877571c7930269d52f
Reviewed-on: https://chromium-review.googlesource.com/1188130
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55384}
The default array elements kind should be PACKED_SMI_ELEMENTS (top of type lattice) to allow type
transitions to other types.
Change-Id: Icda969d0553628ef75d6c26bf6f32fef46512f0f
Reviewed-on: https://chromium-review.googlesource.com/1188133
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#55382}
In LiftoffCompiler::EmitTypeConversion() there is a DCHECK_EQ() where
one argument is implicitly converted to bool. This confuses MSVC, which
causes it to think the two arguments to DCHECK_EQ() do not have the same
type. Fix this with an explicit bool conversion!!
This does not affect the "v8_win64_msvc_compile_rel" bot, presumably
because it is a release bot with DCHECKs turned off.
Change-Id: I602ddae7a970e17388730e895eafd4ec78de7602
Reviewed-on: https://chromium-review.googlesource.com/1187702
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55381}
Prior to this, it was possible to explicitly specify machine types for
stack arguments, but these were simply ignored and treated as
tagged-by-default when creating the actual CallDescriptor.
This verifies that all stack args specified in the descriptor are
actually given tagged types, and fails early if that is not the
case.
Bug: v8:6666
Change-Id: Idb543a11c976d0260fea60d31e30c21b15b32256
Reviewed-on: https://chromium-review.googlesource.com/1186642
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55380}
Builtin functions were being logged via both LogCodeObjects and
LogCompiledFunctions. The latter assumes the code in question has a
Name and so would end up logging an unattributable entry. This patch
stops logging that entry.
Bug: v8:8061
Change-Id: Iebc9bfa9618986afdbf8b1b71b64bf17a1f4196a
Reviewed-on: https://chromium-review.googlesource.com/1184923
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Bret Sepulveda <bsep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55379}
This reduces the enum size to only take up one byte, hence decreasing
class size.
Bug: v8:7926
Change-Id: Ie50cfcd48541e44394814f375fd72f2b65722fdf
Reviewed-on: https://chromium-review.googlesource.com/1186582
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55378}
Introduced in https://chromium-review.googlesource.com/1183431.
The namespace was missing making compilation of Node.js with GCC fail.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I55c1117ab347db17fd8acfa92c653e8cf737586f
Reviewed-on: https://chromium-review.googlesource.com/1188126
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michaël Zasso <mic.besace@gmail.com>
Cr-Commit-Position: refs/heads/master@{#55377}
