Reason for revert:
The bot was not affected by the revert. Speculation was wrong.
Original issue's description:
> Revert of [typedarrays] remove invalid optimization in NAMEConstructor() (patchset #1 id:1 of https://codereview.chromium.org/2544503002/ )
>
> Reason for revert:
> Speculative revert for causing timeouts on Win Debug gpu fyi bot
>
> Nothing else looks even remotely relevant in the list of changes.
> Will reland if this doesn't fix the issues.
>
> BUG=670396
>
> Original issue's description:
> > [typedarrays] remove invalid optimization in NAMEConstructor()
> >
> > Before, we were treating objects with the builtin ArrayValues iterator
> > method as array-like, where the iterator would iterate through to the
> > full length of the object.
> >
> > This optimization was not sound, because it does not ensure that the
> > next method hasn't been modified. Even if it hasn't been modified,
> > it's entirely possible to be modified during iteration. Thus, this
> > optimization has been removed due to its observability.
> >
> > BUG=v8:5699
> > R=littledan@chromium.org, cbruni@chromium.org
> >
> > Committed: https://crrev.com/77df8c67d9609ada3b7d79e8e6d33f198bbad5a1
> > Cr-Commit-Position: refs/heads/master@{#41394}
>
> TBR=cbruni@chromium.org,littledan@chromium.org,caitp@igalia.com
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=v8:5699
>
> Committed: https://crrev.com/0ea4a542202d501c4e550474e89512532571f3a0
> Cr-Commit-Position: refs/heads/master@{#41461}
TBR=cbruni@chromium.org,littledan@chromium.org,caitp@igalia.com,enne@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=670396
Review-Url: https://codereview.chromium.org/2553873002
Cr-Commit-Position: refs/heads/master@{#41504}
-- New JSObject for promises: JSPromise
Builtins
-- PromiseThen TFJ
-- PromiseCreateAndSet TFJ for internal use
-- PerformPromiseThen TFJ for internal use
-- PromiseInit for initial promise setup
-- SpeciesConstructor for use in PromiseThen
-- ThrowIfNotJSReceiver for use in SpeciesConstructor
-- AppendPromiseCallback to update FixedArray with new callback
-- InternalPerformPromiseThen
Promises.js
-- Cleanup unused symbols
-- Remove PerformPromiseThen
-- Remove PromiseThen
-- Remove PromiseSet
-- Remove PromiseAttachCallbacks
Runtime
-- PromiseSet to set promise inobject values
-- Refactor functions to use FixedArrays for callbacks instead of
JSArray
-- Runtime_PromiseStatus to return promise status
-- Runtime_PromiseResult to return promise result
-- Runtime_PromiseDeferred to return deferred attached to promise
-- Runtime_PromiseRejectReactions to return reject reactions attached
to promise
This CL results in a 13.07% improvement in the promises benchmark
(over 5 runs).
BUG=v8:5343
Review-Url: https://codereview.chromium.org/2536463002
Cr-Commit-Position: refs/heads/master@{#41503}
During bootstrapping when installing the global object we copy over the
properties from the snapshotted global object to the one created from a
provided template. Originally Genesis::TransferNamedProperties just iterated
over the entries, making the final order hash and thus platform dependent.
This CL fixes this by sorting the keys by enumeration index before copying them
to the destination object and thus making the key enumaration on the global
object platform independent.
Drive-by-fix: avoid crash when printing the global object during bootstrapping.
BUG=chromium:669029
Review-Url: https://codereview.chromium.org/2533223002
Cr-Commit-Position: refs/heads/master@{#41502}
This avoids the crash which ClusterFuzz found, but still does not
report the same position as without validate.asm.
For calls like "foo()|0", we report the position of the call instead of
the position of the "|" if ToNumber throws an error.
After this CL, the correctness-fuzzer for validate-asm will probably
find mismatches there.
R=titzer@chromium.org
BUG=chromium:670808
Review-Url: https://codereview.chromium.org/2548323002
Cr-Commit-Position: refs/heads/master@{#41500}
Reorders the jump bytecodes so that the majority of jump checks can be
implemented as range checks (rather than a list of comparisons that get
compiled to a bunch of jumps).
Review-Url: https://codereview.chromium.org/2537123002
Cr-Commit-Position: refs/heads/master@{#41498}
This moves all helper functions to the RegExpBuiltinsAssembler together
with some follow-up cleanups for:
* consistent function names,
* consistent parameter names and order,
* removal of global CVariable and CLabel typedefs.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2554453003
Cr-Commit-Position: refs/heads/master@{#41493}
Microbenchmarks show 25% improvement over C++, 11% improvement over JS
for the constructor. We don't have a microbenchmark covering the compile
method.
Locally, octane/regexp improved by 2%.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2551443002
Cr-Commit-Position: refs/heads/master@{#41490}
Calls that are potential eval calls are funneled through bytecode and
hence no longer use the {AstGraphBuilder} by now. Associated bailout
points can be removed.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2549113002
Cr-Commit-Position: refs/heads/master@{#41489}
This CL adds a new header src/debug/interface-types.h, moves the
definition of Location from the debug-interface.h to this new header,
and adds a new definition for the WasmDisassembly types.
This allows to use the types in other implementation files or headers
without having to include the entire debug-interface.h, reducing build
dependencies and compile time (especially for incremental builds).
The WasmDisassembly type replaces the old
std::pair<std::string, std::vector<std::tuple<...>>>, which was a bit
hard to unravel.
R=yangguo@chromium.org, kozyatinskiy@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2529383002
Cr-Commit-Position: refs/heads/master@{#41488}
Short living closures are very common in Node.js. This benchmark tracks progress
as we move the optimizations that are currently only behind
--mark_shared_functions_for_tier_up to the default settings.
BUG=v8:5512
Committed: https://crrev.com/f277da2a00cfd27d44a33a70213a65bd82d0bc95
Review-Url: https://codereview.chromium.org/2525053002
Cr-Original-Commit-Position: refs/heads/master@{#41246}
Cr-Commit-Position: refs/heads/master@{#41487}
This allows us to optimise the bytecode liveness analysis to jump
directly to previously seen indices. The analysis is optimised to store
a stack of loop ends (JumpLoop bytecode indices), and iterate through
these indices directly rather than looping through the bytecode array to
find them.
Review-Url: https://codereview.chromium.org/2536653003
Cr-Commit-Position: refs/heads/master@{#41485}
Don't unconditionally assume that Tagged->Word32 changes are always
truncating independent of the type of the input. Work-around the
remaining issues with for-in by properly renaming the index if it's
not already of appropriate type (happens with generators or OSR).
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2545393002
Cr-Commit-Position: refs/heads/master@{#41484}
1) CSA::Select() receives lambdas for generating true/false values.
The representation parameter made mandatory.
2) CSA::Select[Type]Constant() methods receive true/false nodes directly.
These methods are intended to be used for generating "selects" when
true/false values are already computed.
BUG=
Review-Url: https://codereview.chromium.org/2550683003
Cr-Commit-Position: refs/heads/master@{#41483}
The changes are:
1) Pass lambdas as const references to avoid unnecessary copying.
2) Remove CodeStubAssembler* parameter from loop bodies and let the lambdas
capture the right assembler instead. It makes the loop body code look
uniform with the surrounding code and unblocks splitting of a CSA
into different classes.
BUG=
Review-Url: https://codereview.chromium.org/2535753012
Cr-Commit-Position: refs/heads/master@{#41482}
This removes support for accessing super properties (load, store & call)
from the {FullCodeGenerator}. Consequently optimized code containing
such constructs must use the {BytecodeGraphBuilder} and can no longer
use the {AstGraphBuilder} for graph building.
R=bmeurer@chromium.org
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2544123004
Cr-Commit-Position: refs/heads/master@{#41478}
When enforcing Ignition+TurboFan for a function literal during
AstNumbering, make sure to print the bailout reason with --trace-opt
to make it easier to figure out what caused the bailout.
BUG=chromium:670691
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2550093002
Cr-Commit-Position: refs/heads/master@{#41472}
The current Array.prototype.sort implementation is pretty sensitive to
compiler changes, i.e. switching to I+TF completely, so refactor it a
bit so that it can stay with FCG+CS for now.
Middle-term the Array builtins need to be refactored to TurboFan
builtins anyways.
BUG=chromium:670691,v8:5666
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2553523002
Cr-Commit-Position: refs/heads/master@{#41471}
Add support to lower the %_DebugIsActive intrinsic during
JSIntrinsicLowering instead of always going to the runtime
for this.
This addresses part of the Bluebird regression caused by
sending let and const to TurboFan and Ignition.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2550043002
Cr-Commit-Position: refs/heads/master@{#41468}
In the current implementation, WasmInstanceWrapper is allocated after the imports for the instance are processed, and before the InstanceFinalizer callback is associated with the instance. This raises the possibility of triggering a gc in the middle of the instantiate flow which is incorrect.
BUG=5707
R=titzer@chromium.org, petermarshall@chromium.org
Review-Url: https://codereview.chromium.org/2544273002
Cr-Commit-Position: refs/heads/master@{#41464}
Several cleanups to the output of the debug-only --print-scopes flag:
- Function name variable only printed once
- Only print headers for sections of variables that are non-empty
- Assume Variables stored in Scope::variables_ are never null
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2544063004
Cr-Commit-Position: refs/heads/master@{#41463}
Reason for revert:
Speculative revert for causing timeouts on Win Debug gpu fyi bot
Nothing else looks even remotely relevant in the list of changes.
Will reland if this doesn't fix the issues.
BUG=670396
Original issue's description:
> [typedarrays] remove invalid optimization in NAMEConstructor()
>
> Before, we were treating objects with the builtin ArrayValues iterator
> method as array-like, where the iterator would iterate through to the
> full length of the object.
>
> This optimization was not sound, because it does not ensure that the
> next method hasn't been modified. Even if it hasn't been modified,
> it's entirely possible to be modified during iteration. Thus, this
> optimization has been removed due to its observability.
>
> BUG=v8:5699
> R=littledan@chromium.org, cbruni@chromium.org
>
> Committed: https://crrev.com/77df8c67d9609ada3b7d79e8e6d33f198bbad5a1
> Cr-Commit-Position: refs/heads/master@{#41394}
TBR=cbruni@chromium.org,littledan@chromium.org,caitp@igalia.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5699
Review-Url: https://codereview.chromium.org/2548583003
Cr-Commit-Position: refs/heads/master@{#41461}
Turbofan uses 64-bit load followed by 32 bit arithmetic shift when
loading higher 32 bits of 64-bit value. We simplify this
by loading higher 32 bits directly.
BUG=
Review-Url: https://codereview.chromium.org/2532333003
Cr-Commit-Position: refs/heads/master@{#41455}
