This CL fixes a bug that allowed calls to Array.p.shift on
zero-length arrays where the 'length' is read-only without throwing
a TypeError.
R=bmeurer@chromium.org, jgruber@chromium.org
Bug: chromium:882233
Change-Id: Ib129ab4c4f4f233e7bb553effa77539badfbe26e
Reviewed-on: https://chromium-review.googlesource.com/1215164
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55746}
It used to call the old IterableToList, which had the wrong
semantics for holes.
Bug: v8:8133
Change-Id: Idd5acd55a155bc43df7552135a44151bb2db38e9
Reviewed-on: https://chromium-review.googlesource.com/1213204
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55745}
This will replace "<?>" in certain debug output with the empty string.
There should be no end-user visible changes, though.
Change-Id: I80db2f2169532c600662977025185378004f7cd5
Reviewed-on: https://chromium-review.googlesource.com/1213188
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55742}
Makes for a nicer stack trace
Bug: v8:5367
Change-Id: I6d77907e08c2c4efc7a1b25016c7e83841c7c574
Reviewed-on: https://chromium-review.googlesource.com/1211444
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55736}
The isolates step times out due to some very slow tests. Marking as slow
changes the test order and increases throughput.
NOTRY=true
TBR=yangguo@chromium.org
Change-Id: Iaaf6fe93e7f0e17266923d1ab6f0fe7b09abea9e
Reviewed-on: https://chromium-review.googlesource.com/1213212
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55734}
An unnecessary call to ToString() on the array index caused trips to
the runtime. The fix also includes performance micro-benchmarks so
we'll have a harder time regressing this case in future.
TBR=tebbi@chromium.org
Bug: v8:8112
Change-Id: I781e8b1bbe2eb56db961cf33b0dca8523868b83d
Reviewed-on: https://chromium-review.googlesource.com/1213207
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55733}
For strict equality `a === b` with Symbol feedback we need to check only
one side via CheckSymbol, since the resulting comparison can only be
true if both sides are symbols. For consistency with the receivers case
we check the left side, so CheckSymbol(a). This significantly reduces
the number of CheckSymbol operations in optimized code for the ARES-6
Air benchmark.
Bug: v8:6344
Change-Id: I50420f8d862fec31214b7e86b17919edcfc1f23e
Reviewed-on: https://chromium-review.googlesource.com/1213173
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55731}
Seems like most lifeedit tests are not predicable.
NOTRY=true
TBR=yangguo@chromium.org
Bug: v8:8147
Change-Id: Ia0a3871112f5a6f4b5821ee401bfdfd26dd8f9e5
Reviewed-on: https://chromium-review.googlesource.com/1213211
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55730}
Though it works with other variants apparently, we don't want to waste to
many resources for now.
NOTRY=true
TBR=sergiyb@chromium.org
Bug: chromium:866862
Change-Id: I8da2808fec183efa1bf325664ecf33f18a5b02fc
Reviewed-on: https://chromium-review.googlesource.com/1213187
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55728}
... and add move constructor and move assignment operator.
Also define some VirtualMemory parameters as r-values to explicitly express
that the ownership is passed from the caller to callee.
Bug: v8:8015
Change-Id: Iee27ddc844556dc7465177656b339cd1f83a3b56
Reviewed-on: https://chromium-review.googlesource.com/1213062
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55726}
This replaces the previous CheckStringAdd operator which deopts in case
the combined length overflows with a dedicated pure StringConcat operator.
This operator is similar to NewConsString in that it takes the resulting
length plus the two input strings. The operator relies on the length
being checked explicitly by the surrounding code instead of baking the
check into the operator itself. This way TurboFan can eliminate
redundant/unnecessary StringConcat operations, since they are pure now.
This also unifies the treatment of string addition in JSTypedLowering,
and generalizes the StringLength constant-folding to apply to more cases
not just the JSAdd cases inside JSTypedLowering.
Bug: v8:7902, v8:8015
Change-Id: I987ec39815a9464fd5fd9c4f7b26b709f94f2b3f
Reviewed-on: https://chromium-review.googlesource.com/1213205
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55725}
This optimization addresses a case triggered by the Templates/Untagged
js-perf-test, in which template literals get compiled to a cascade of
JSAdd(JSAdd, JSToString) nodes.
Before the optimization in https://chromium-review.googlesource.com/c/v8/v8/+/1193342
JSToString no-ops used to get optimized away during typed lowering together
with constant folding of string concatenation. This change allows us to get
rid of a no-op JSToString call during native context specialization, thus
allowing for constant folding of JSAdd to kick in and CheckStringAdd nodes to
not be generated at all.
This change also removes the NumberToString optimization from typed
lowering, as it's being executed during earlier stage.
Bug: chromium:879083
Change-Id: I1d8155ed969b6959fbb86fca21e4714b88a2695a
Reviewed-on: https://chromium-review.googlesource.com/1202622
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55724}
The cctest and unittests suites call the test executable to list the
tests, which requires pushing the executables to the device on Android.
NOTRY=true
TBR=sergiyb@chromium.org
Bug: chromium:866862
Change-Id: I318dff7af2b2de3b8642ec4b6ba30b602da808bb
Reviewed-on: https://chromium-review.googlesource.com/1213202
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55723}
Add a test that runs multiple workers that concurrently try to advance
along a random sequence of numbers, using AtomicCompareExchange to
update the shared current position.
Change-Id: Ie073bbdce6fd6766ef1f73f996dd592b90b8b3c2
Reviewed-on: https://chromium-review.googlesource.com/1198769
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55722}
This reverts commit 0aac3884c9.
Reason for revert: Various performance regressions (Blink and JSTests).
Original change's description:
> [turbofan] Be more consistent about Smi comparisons.
>
> This changes SimplifiedLowering to be more consistent when chosing Smi
> representation as input for Number comparisons. We already had some
> isolated logic for doing (speculative) Number comparisons on Smis, but
> only in the case where that decision was based on type feedback, not on
> information already present in the graph.
>
> Bug: v8:7703
> Change-Id: I25370ade630917675a6ac79b5ae6a8afd253dfc7
> Reviewed-on: https://chromium-review.googlesource.com/1196422
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55518}
TBR=jarin@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7703, chromium:881758, chromium:881759, chromium:881760
Change-Id: I4af9c0b0ad37dea17ceabeb721c92a7cc978987a
Reviewed-on: https://chromium-review.googlesource.com/1213185
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55720}
Make the TurboFan Typer infer proper types for calls to the known
Symbol.prototype.toString() and Symbol.prototype.valueOf() builtins.
Bug: v8:8015
Change-Id: Ia133bd8f2cfcabaf984820a953b357d1747d6892
Reviewed-on: https://chromium-review.googlesource.com/1213203
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55719}
Splits PreParsedScopeDataBuilder out of ProducedPreParserScopeData to make the split between
building PreParsedScopeData and using already build PreParserScopeData more explicit.
BUG=v8:8041
Change-Id: Iab42cab84c247152c14ac39f3136f985753160ec
Reviewed-on: https://chromium-review.googlesource.com/1202104
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55718}
The first: we allocated within the argument list of a function call on
a handlified receiver. The allocation may trigger GC which leaves us
with a stale receiver reference.
The second: in generated code we triggered further allocations while
an uninitialized fixed array was live.
Bug: v8:8145
Change-Id: If59cab6274277534b2ff6463daa5863b8feae22c
Reviewed-on: https://chromium-review.googlesource.com/1213162
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55717}
This is needed to implement a new metric that measures
health of Web Page Replay archives.
Bug: chromium:880432
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I59aed22e4671e491fc3a30d04fbdce1643404b32
Reviewed-on: https://chromium-review.googlesource.com/1204570
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55716}
String find has a faster overload for char, hence, we should pass a char
instead of a string where possible. Fixing clang-tidy warning.
Bug: v8:8015
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I49611d84bfb195992b6e2de538a726a8654b7b71
Reviewed-on: https://chromium-review.googlesource.com/1209348
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55713}
In these cases the std::function state does not change, hence, it can be
a const ref. Fixing clang-tidy warning.
Bug: v8:8015
Change-Id: I221b0c3e18c5c1f54d35d671445d2e947cf64c02
Reviewed-on: https://chromium-review.googlesource.com/1209822
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55712}
Adds support for zone allocated (off-heap) ConsumedPreParsingScopeData to
enable worker-thread access to PreParsingScopeData during parallel IIFE
compile tasks.
In order to avoid code-duplication, a templated
BaseConsumedPreParsingScopeData is added which implements the logic for
decoding the bytestream into scope data. Two implementations of this
base class are instantiated for each of the underlying serialized scope date:
- ZoneConsumedPreParsedScopeData for exposing ZonePreParsedScopeData
- OnHeapConsumedPreParsedScopeData for exposing on-heap PreParsedScopeData
The interface for each of these classes is the ConsumedPreParsingScopeData,
which exposes the methods required by the parser to deserialize the required
data.
As a side-cleanup, moved Ucs2CharLength and Utf8LengthHelper implementations
to cc file so that we don't get a linker error if one of them are unused by
the cc file including the header.
BUG=v8:8041
Change-Id: Id502312d32fe4a9ddb6f5d2d9d3e3a9d30b9b27d
Reviewed-on: https://chromium-review.googlesource.com/1199462
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55711}
Previously all internal accesses to the String::length field in TurboFan
would use the StringLength operator, whereas explicit `string.length`
accesses from user JavaScript code would use LoadField operators instead.
This inconsistency led to redundant loads of the String::length, for
example in case of code like
```js
subject.substring(1, subject.length - 1)
```
where the `subject.substring` call introduces a StringLength(subject)
node, and the `subject.length` introduces a LoadField[length](subject)
node.
Consistently using StringLength operator everywhere enables
optimizations in TurboFan that had been blocked before here (besides
avoiding the redundant load operations).
Bug: v8:8015
Change-Id: I21c82bc418105b9933a9e60dde11c7b222dfcf4f
Reviewed-on: https://chromium-review.googlesource.com/1212942
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55710}
Also removes the --no-recompile-concurrent from the callstats.py script.
BUG=v8:7790
Change-Id: I7e652dd273fd12565e086fe579bdf5974a876d9c
Reviewed-on: https://chromium-review.googlesource.com/1202402
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55709}
We don't need to copy the std::function because we don't modify it's
state.
Bug: v8:8015
Change-Id: I5320f78683fb7c1cca44b73e54312b3cc07b28cd
Reviewed-on: https://chromium-review.googlesource.com/1209782
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55708}
Move everything defined in the v8::internal namespace from include/v8.h
into a separate header that can be included by globals.h/checks.h
instead of the whole v8.h.
Also moves V8_EXPORT into v8config.h (so it can be use in the new
v8-internal.h).
Bug: v8:8015
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I22cdc2728d91a94b309a3d030ed06c0f8a06c723
Reviewed-on: https://chromium-review.googlesource.com/1210102
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55707}
The CheckBounds operator was missing from the re-typing phase during
representation selection, meaning that even if better type information
was available on the inputs (i.e. due to taking feedback), this new
type information was not propagated through CheckBounds properly.
Bug: v8:8015
Change-Id: I503555e041c9fa2b9b27a28d223202d17b27a92e
Reviewed-on: https://chromium-review.googlesource.com/1212963
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55706}
The provided page allocator will serve all the memory requests done by the virtual
memory object.
This is a necessary cleanup before introducing BoundedPageAllocator.
Bug: v8:8096
Change-Id: I95477d67e5f532013322a991db3ee1a1f2e821e6
Reviewed-on: https://chromium-review.googlesource.com/1210122
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55703}
Since https://crrev.com/c/1112003, the memory size is stored as size_t
instead of uint32_t in order to support 4GB memories.
This CL fixes Liftoff to load and handle that field as ptrsized field
instead of 32 bit integer.
Drive-by: Fix wrong machine type on Phi in TF wasm compiler.
R=titzer@chromium.org
Bug: v8:8130
Change-Id: I40a92a2c24f6311e05b5e2608a0902674a2ce411
Reviewed-on: https://chromium-review.googlesource.com/1206008
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55702}
The functionality of "FillFixedArrayWithSmiZero" got merged into
"AllocateZeroedFixedArray", making these calls superfluous.
R=jgruber@chromium.org
Bug: v8:8015
Change-Id: I5453ea4b16a1446717517fe1676d611d987ad0a3
Reviewed-on: https://chromium-review.googlesource.com/1212842
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55699}