For a polymorphic access to o.x we would only merge it into a single
PropertyAccessInfo so far, if x is at the same offset in all maps and
the property index of x (in the descriptor arrays) is the same. But that
doesn't matter for code generation and blocks optimizations even.
BUG=v8:6278,v8:6344,v8:6396
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2883883002
Cr-Commit-Position: refs/heads/master@{#45294}
Introduce a flag --max_inlined_nodes_small (defaults to 10), which gives
the upper limit of AST nodes for a function to be considered "small" by
the inlining heuristic. These functions will always be inlined
immediately, independent of the budget.
R=jarin@chromium.org
BUG=v8:6395,v8:6278,v8:6344,v8:6394
Review-Url: https://codereview.chromium.org/2883853002
Cr-Commit-Position: refs/heads/master@{#45291}
No semantic changes, just a readability refactoring that removes
a couple of unnecessary variables and labels.
BUG=v8:6371
Review-Url: https://codereview.chromium.org/2881763003
Cr-Commit-Position: refs/heads/master@{#45290}
250K was probably still too generous and 80K leads to improvements
locally.
BUG=v8:6348
Review-Url: https://codereview.chromium.org/2876413002
Cr-Commit-Position: refs/heads/master@{#45288}
Smis can easily be handled outside the stub call without adding much to code
size.
The ToString inlining adds overhead of repeated instance type loads and checks,
but under the assumption that it is called with mostly string values it should
speed things up (a local RegExp.p[@@replace] microbenchmark shows consistent
1.6% improvements).
Drive-by-fix: Remove duplication in ToString implementations.
BUG=
Review-Url: https://codereview.chromium.org/2874423003
Cr-Commit-Position: refs/heads/master@{#45287}
With this CL SloppyArguments immediately go to dictionary elements on
deletion, keeping the arguments backing store packed.
Bug: v8:6251
Change-Id: I90d1972179447bf6810e7fe2b8e0bc8703b38d9d
Reviewed-on: https://chromium-review.googlesource.com/486921
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45286}
This is almost identical to V8's default array buffer allocator. The only
difference is that 0 byte allocations are changed into 1 byte allocations. We
do not seem to need this behavior, so it does not seem worth maintaining yet
another allocator.
Bug:
Change-Id: I94f45f1276958791be9a6f2405fcfba8fa6eaa38
Reviewed-on: https://chromium-review.googlesource.com/505199
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45282}
This lets us avoid allocating the "this" variable for every
generator, since the BytecodeGenerator can directly read
the receiver via BytecodeArrayBuilder::Receive() when passing
it into %_CreateJSGeneratorObject.
Bug: v8:6351
Change-Id: Ib5e1f3303b6b5d5fc051ce76ea62129fd6afac65
Reviewed-on: https://chromium-review.googlesource.com/500507
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#45281}
Remove FinalizePageSequentially as it had only a single use case that
was tied to the full collector.
Bug: chromium:651354
Change-Id: I03299ddbd439ea273e02dd33f12c005371694130
Reviewed-on: https://chromium-review.googlesource.com/504508
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45280}
We make assumptions that baseline code exists if we run the optimized code
(e.g., to deopt to the baseline code). If the baseline code has been
cleared by code flushing (only full-codegen) then it might not exist
but there is still optimized code in the map.
BUG=v8:6389
Change-Id: Id4db664afee96c2da3a36a177f425293aae9a0a3
Reviewed-on: https://chromium-review.googlesource.com/503010
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45278}
This makes sure that the order of exports as they appear in asm.js
modules is maintained globally (not just per function) while being
translated to a WASM module.
R=clemensh@chromium.org
TEST=mjsunit/asm/asm-validation
BUG=chromium:720586
Change-Id: I8b26d717ae2f88467d41670bced901f196c7b3fc
Reviewed-on: https://chromium-review.googlesource.com/503708
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45277}
No need to call through ConstructJS -> ArrayCode -> ArrayConstructorStub
-> AllocateJSArray if we can call AllocateJSArray directly.
This also moves ArraySpeciesCreate to builtins-array-gen to free
up space in the binary.
BUG=v8:6354
Review-Url: https://codereview.chromium.org/2874833004
Cr-Commit-Position: refs/heads/master@{#45276}
Compilers don't flatten os << const char* for you. Save a bit binary size.
Bug:NO
Change-Id: Iabe0de83fdf6394f223d0423e63bd5aadf1453b3
Reviewed-on: https://chromium-review.googlesource.com/503829
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Loo Rong Jie <loorongjie@gmail.com>
Cr-Commit-Position: refs/heads/master@{#45272}
The current implementation failed when comparing an integral type to a
reference to an integral type of different signedness (see updated
unittest).
This CL fixes the checks to actually test the std::decay<T>::type,
i.e. with all references, const or volatile modifiers stripped.
R=jochen@chromium.org, ishell@chromium.org
TEST=unittests/LoggingTest.CompareWithReferenceType
Change-Id: Ib0ac077a91e0409ada7a80b68150cb98cbdd32f1
Reviewed-on: https://chromium-review.googlesource.com/502814
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45271}
Creation stack trace points to the place where callback was actually chained, scheduled points where parent promise was resolved.
For async tasks without creation stack (e.g. setTimeout) we continue to use scheduled as creation since usually they are the same.
BUG=v8:6189
R=dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2868493002
Cr-Original-Commit-Position: refs/heads/master@{#45198}
Committed: e118462f18
Review-Url: https://codereview.chromium.org/2868493002
Cr-Commit-Position: refs/heads/master@{#45266}
The error_pc was only used to calculated the relative error offset.
Switching to an error_offset directly will allow us later to give the
decoder a base offset. Thereby we can get correct error
positions even when the decoder is executed on multiple memory chunks,
which will happen with streaming compilation. With this change I also
had to provide "kind of" reasonable error position in the
StreamingDecoder.
R=clemensh@chromium.org
Change-Id: I736fa082c51c64334d23771061acf97e2c47778e
Reviewed-on: https://chromium-review.googlesource.com/502909
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45264}
This is a part of synchronization protocol with the concurrent marking.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2872323002
Cr-Commit-Position: refs/heads/master@{#45262}
std::vector can never store const types, as the stored type has to be
either copy-constructable or move-constructable.
std::vector<const X> does not compile and makes no sense if you think
about it.
Thus remove the TODO to use such a vector.
R=ahaas@chromium.org
Change-Id: Ieb00a31872f04c720d2ef90b70452c18e79f0a5d
Reviewed-on: https://chromium-review.googlesource.com/503148
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45260}
This makes sure that function variables as well as function table
variables are properly typed as immutable, hence assignments to them
should cause validation failures.
R=clemensh@chromium.org
TEST=mjsunit/asm/immutable
BUG=chromium:721271
Change-Id: Ia3f65fd0782ca571ffcf99520fdbd8fc5a359d16
Reviewed-on: https://chromium-review.googlesource.com/503209
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45256}
This removes logic tracking whether a number literal in the source
contained a "dot" character or not. The tracking was only needed for
validation of asm.js modules on the AST, it is obsolete now.
R=marja@chromium.org
Change-Id: Ib474e2281db80fe56d43e1af52221a7c66261e01
Reviewed-on: https://chromium-review.googlesource.com/503228
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45255}
The mutator can convert a pointer slot of a JSObject to an unboxed
double slot. To make it we safe for the concurrent marker, we require
synchronization using the object markbits.
The concurrent marker visits the JSObject as follows:
- save snapshot of object slot addresses and values.
- visit the snapshot only after successful transition of the object
from grey to black.
Before an unsafe layout change the mutator colors the object black
and visits it using the bailout marking deque.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2876553002
Cr-Commit-Position: refs/heads/master@{#45254}
This CL implements a streaming decoder which takes the bytes
of a wasm module as an input, potentially split into multiple
chunks, and decodes them into segments. Each segment either
contains the payload of a whole section, or the code of a
single function. The goal is that the streaming decoder is
used for streaming compilation. That's where the interface
comes from, see
(https://cs.chromium.org/chromium/src/v8/include/v8.h?q=OnBytesReceived&sq=package:chromium&l=4060)
Error positions are not reported correctly at the moment. I
plan to do this in a separate CL.
Change-Id: I6e3df6a91945c7baec2dc4f5de2e5f47636083df
Reviewed-on: https://chromium-review.googlesource.com/471350
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45250}
The reason we need this mode is that IterateRoots for the Scavenger only
captures dependent weak nodes. This is also what we do for marking for the
minor MC.
Since the regular marking might also mark objects that are weakly
(non-dependently) pointed to by nodes we need to capture all of them during
pointers updating. The reason this works for the Scavenger is because we do one
pass at the end of the scavenger (combined with resetting) that captures all
those nodes.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2869413002
Cr-Commit-Position: refs/heads/master@{#45248}
Clearing the pending exception is not enough - if we want to swallow an
exception while currently on top of an external handler (e.g. TryCatch),
we also need to clear external_caught_exception.
BUG=chromium:719380
Review-Url: https://codereview.chromium.org/2870423002
Cr-Commit-Position: refs/heads/master@{#45247}