Incremental parsing of asm.js means we can see function tables that
are unused in the AsmWasmBuilder before they've been initialized.
BUG=669899
R=aseemgarg@chromium.org
Review-Url: https://codereview.chromium.org/2546553002
Cr-Commit-Position: refs/heads/master@{#41403}
If we just call CreateDebugInfo in GetPossibleBreakpoints then we won't call PrepareFunctionForBreakPoints and won't be able to step into this function or pause at breakpoint inside.
BUG=v8:5695
R=dgozman@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2540943002
Cr-Commit-Position: refs/heads/master@{#41401}
This is necessary for signal-based out of bounds handling in WebAssembly.
Adds a ProtectedStore instruction that is analogous to the previously added
ProtectedLoad instruction. Rather than using bounds checks, ProtectedStore emits
an out of line section of code that throws a JavaScript exception and provides
the necessary metadata for a signal handler to be able to find the out of line
code.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2516413003
Cr-Commit-Position: refs/heads/master@{#41398}
Attempt to fix or get insight into failing vswp test on V8 ARM bot.
LOG=N
BUG=
Review-Url: https://codereview.chromium.org/2539533005
Cr-Commit-Position: refs/heads/master@{#41397}
The "writable" property descriptor may legally change during the call to
AnythingToArrayLength(). This change needs to be honoured before calling
JSArray::SetLength(). The change is only honoured when the "length"
property was previously writable, so that changes during a call to
DefineOwnPropertyIgnoreAttributes() is ignored.
BUG=v8:5688
R=cbruni@chromium.org, verwaest@chromium.org, jkummerow@chromium.org
Review-Url: https://codereview.chromium.org/2543553002
Cr-Commit-Position: refs/heads/master@{#41396}
Before, we were treating objects with the builtin ArrayValues iterator
method as array-like, where the iterator would iterate through to the
full length of the object.
This optimization was not sound, because it does not ensure that the
next method hasn't been modified. Even if it hasn't been modified,
it's entirely possible to be modified during iteration. Thus, this
optimization has been removed due to its observability.
BUG=v8:5699
R=littledan@chromium.org, cbruni@chromium.org
Review-Url: https://codereview.chromium.org/2544503002
Cr-Commit-Position: refs/heads/master@{#41394}
This was causing more confusion than benefit, so we're removing it.
It's re-defined to empty for now, to avoid touching the ~100 files which
use it, we can remove it completely during a quiet period when it's less
likely to conflict with other work.
Review-Url: https://codereview.chromium.org/2535383005
Cr-Commit-Position: refs/heads/master@{#41393}
JS operators always have an implicit context input, so just use that instead.
BUG=
Review-Url: https://codereview.chromium.org/2541813002
Cr-Commit-Position: refs/heads/master@{#41392}
This is an experiment to see the impact of the limit on OOM crashes.
BUG=chromium:667388
Review-Url: https://codereview.chromium.org/2514313004
Cr-Commit-Position: refs/heads/master@{#41391}
These byte pointers (module_start and module_end) were only valid
during decoding. During instantiation or execution, they can get
invalidated by garbage collection.
This CL removes them from the WasmModule struct, and introduces a new
ModuleStorage struct as interface to the wasm wire bytes.
Since the storage is often needed together with the ModuleEnv, a new
ModuleStorageEnv struct holds both a ModuleEnv and a ModuleStorage.
The pointers in the ModuleStorage should never escape the live range of
this struct, as they might point into a SeqOneByteString or ArrayBuffer.
Therefore, the WasmInterpreter needs to create its own copy of the
whole module.
Runtime functions that previously used the raw pointers in WasmModule
(leading to memory errors) now have to use the SeqOneByteString in the
WasmCompiledModule.
R=titzer@chromium.org
BUG=chromium:669518
Review-Url: https://codereview.chromium.org/2540133002
Cr-Commit-Position: refs/heads/master@{#41388}
JSFrameSpecialization depends on the layout of the frame and doesn't work
with interpreted frames. Disable it since it is only used for OSR from asmjs code, which shouldn't go through the bytecode graph builder in many cases.
BUG=669517
Review-Url: https://codereview.chromium.org/2538823002
Cr-Commit-Position: refs/heads/master@{#41387}
Defining the subclass within the loop significantly affects subsequent
test results. For instance, the Search benchmark is 50% slower if the
subclass is defined within the loop.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2537253003
Cr-Commit-Position: refs/heads/master@{#41384}
port df2578d2ec (r41368)
original commit message:
Improves performance in simple, single element case by 5% and in multiple
elements cases by 2%.
BUG=
Review-Url: https://codereview.chromium.org/2540803004
Cr-Commit-Position: refs/heads/master@{#41377}
This adds consistency checks for function kind and scope type to
SharedFunctionInfoVerify.
It also fixes an inconsistency in the creation of a ScopeInfo.
R=adamk@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2537093002
Cr-Commit-Position: refs/heads/master@{#41375}
When removing a scope (see FinalizeBlockScope), remember the removal by making
the scope its own sibling. This avoid recalculating the information later on.
R=adamk@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2536993003
Cr-Commit-Position: refs/heads/master@{#41374}
Make the AsmWasmBuilder drive the process of typing and potentially parsing
function bodies. This will allow us to keep only a single asm.js function's
AST in memory as we convert to WebAssembly.
This is needed to keep our memory footprint low.
Add some additional output to a few tests that's helpful to see which stage they fail at.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
LOG=N
R=marja@chromium.org,adamk@chromium.org,aseemgarg@chromium.org,titzer@chromium.org
Review-Url: https://codereview.chromium.org/2398023002
Cr-Commit-Position: refs/heads/master@{#41372}
Rename it to better represent the reason. Also makes the inspector sentence
"Not Optimized: Optimized too many times" look less confusing.
Review-Url: https://codereview.chromium.org/2530423003
Cr-Commit-Position: refs/heads/master@{#41369}
Improves performance in simple, single element case by 5% and in multiple
elements cases by 2%.
BUG=chromium:608675
LOG=N
Review-Url: https://codereview.chromium.org/2497243002
Cr-Commit-Position: refs/heads/master@{#41368}
Functions with asm-wasm data shouldn't be marked for optimization, since
they will be optimized using the asm-wasm data instead.
Review-Url: https://codereview.chromium.org/2537103002
Cr-Commit-Position: refs/heads/master@{#41367}
This removes support for dynamic scoping via with-statement constructs
from the {FullCodeGenerator}. Consequently optimized code containing
such constructs must use the {BytecodeGraphBuilder} and can no longer
use the {AstGraphBuilder} for graph building.
R=rmcilroy@chromium.org
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2533283002
Cr-Commit-Position: refs/heads/master@{#41365}
Since the majority of bytecodes have a next instruction, and we iterate
over the bytecodes backwards, we can keep the previous seen (i.e.
sequentially next) bytecode's liveness on a variable instead of looking
it up again.
Review-Url: https://codereview.chromium.org/2541463002
Cr-Commit-Position: refs/heads/master@{#41361}
The EscapeStatusAnalysis didn't know anything about the simplified
operator ConvertTaggedHoleToUndefined, thus leading to a crash. We
now just handled it by pretending that any allocation that goes into
such a node escapes.
BUG=chromium:669451
R=tebbi@chromium.org
Review-Url: https://codereview.chromium.org/2533263002
Cr-Commit-Position: refs/heads/master@{#41359}
This removes reservation of unused {BailoutId} numbers for all class
literals. These language constructs are by now solely funneled through
bytecode and specific ids for deoptimization are no longer needed.
R=rmcilroy@chromium.org
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2535223002
Cr-Commit-Position: refs/heads/master@{#41358}
This removes support for iterator loops (i.e. for-of loop constructs)
from the {FullCodeGenerator}. Consequently optimized code containing
such constructs must use the {BytecodeGraphBuilder} and can no longer
use the {AstGraphBuilder} for graph building.
R=bmeurer@chromium.org
BUG=v8:5657
Review-Url: https://codereview.chromium.org/2534883004
Cr-Commit-Position: refs/heads/master@{#41357}
Adds a bytecode_age field to BytecodeArray objects. This is incremented each
time the bytecode array is marked by GC, and reset to zero if the bytecode
is executed.
This is used to enable the CompilationCache for interpreted functions,
where Interpreted entries are evicted once the bytecode becomes old.
BUG=chromium:666275,v8:4680
Review-Url: https://codereview.chromium.org/2534763003
Cr-Commit-Position: refs/heads/master@{#41356}
Replaces the graph-based liveness analyzer in the bytecode graph builder
with an initial bytecode-based liveness analysis pass, which is added to
the existing loop extent analysis.
Now the StateValues in the graph have their inputs initialised to
optimized_out, rather than being modified after the graph is built.
Review-Url: https://codereview.chromium.org/2523893003
Cr-Commit-Position: refs/heads/master@{#41355}
