This avoids a deopt loop.
Bug: v8:7254
Change-Id: I9ab1dfc754c5ad63c451a9e2276aa1d7eb4c27b1
Reviewed-on: https://chromium-review.googlesource.com/966065
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51994}
This CL ads a StartPosition and EndPosition accessors on SFI and
ScopeInfo to facilitate future refactoring. In a future CL the
start and end position are no longer stored directly on SFIs.
This CL will temporarily increase memory since the position info
is duplicated on the SFI and the ScopeInfo.
Drive-by-fix: Clean up some constants in ScopeInfo
Bug: v8:7066
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1a8c5dd4e2156c007e04d92e72e478b915516e0d
Reviewed-on: https://chromium-review.googlesource.com/955629
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51987}
Emit shorter code and avoid use of a register if the root array is
available.
R=mstarzinger@chromium.org
Bug: v8:6600
Change-Id: I20613af154c8dcc6dc22a81c77fd2faded2dad1e
Reviewed-on: https://chromium-review.googlesource.com/965061
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51986}
There was a bug in spilling i64 constants, in that the half stack slot
*above* should have been filled with the high word instead of the one *below*.
Instead of just fixing this, this CL optimizes spilling x64 constants to the
stack by emitting shorter and faster code, especially if the constant fits in
31 bits (which is the majority of cases).
R=titzer@chromium.org
Bug: v8:7565,v8:6600
Change-Id: Id75ddafe82615930a84333a0c49bd515ccbcc093
Reviewed-on: https://chromium-review.googlesource.com/965062
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51985}
Enumerated constants CODE_AGE_MARKER_NOP and CODE_AGE_MARKER_NOP were
defined for using in code aging.
Support for code aging is removed with following:
8bf15bf1aa
Reland "[Compiler] Remove code aging support.".
After this, mentioned constants are not used anymore in MIPS
implementation and therefore they can be removed.
TEST=
BUG=
Change-Id: Ica2b3ceeb94a8fc1110760beff159e82024d3ed3
Reviewed-on: https://chromium-review.googlesource.com/966183
Commit-Queue: Ilija Pavlović <ilija.pavlovic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51983}
This also introduces two new simplified operators,
NumberIsFinite and ObjectIsFiniteNumber; the latter
handles all values, and the former is a fast-path
of the fast-path that is inserted by typed optimization
if we know the input has Type::Number.
Bug: v8:7340, v8:7250
Change-Id: I1b4812c01bf470bbff40fb3da6e11da543a22cd2
Reviewed-on: https://chromium-review.googlesource.com/951244
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51980}
The streaming compilation pipeline did not parse the names section and
this is also not longer needed for getting function or local names.
However, the module name still needs to be set eagerly.
Change-Id: I1ac12e98b970ea0781302dc44ee684510bdf2d69
Reviewed-on: https://chromium-review.googlesource.com/962452
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51979}
A value of type OtherSeqString can change its type to OtherNonSeqString
via inplace internalization (and redirection via a ThinString). This can
lead to out of bounds memory accesses and generally correctness bugs, as
seen with crbug.com/822284.
This change might affect performance in some cases, and we'll need to
evaluate whether it's worth spending cycles on adding another mechanism
that leverages the sequential string information in a safe way on a case
by case basis.
Bug: chromium:822284
Change-Id: I0de77ec089a774236555f38c365f7548f454edfe
Reviewed-on: https://chromium-review.googlesource.com/966021
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51975}
This introduces a new JSCreateTypedArray operator, backed by a dedicated
CreateTypedArray builtin, and adds support to lowering new TypedArray
calls to this operator. This way we avoid the overhead of going through
the generic construct stub machinery for hot code. This not only
recovers the performance regression on the typed array constructor
benchmarks, but even improves slightly beyond what we had in 6.6.
We might in the future try to fully inline the TypedArray constructor
into optimized code for certain cases.
Bug: chromium:820726, v8:7503, v8:7518
Change-Id: Ied465924d5695db576d533792f1db68456b9b5ea
Reviewed-on: https://chromium-review.googlesource.com/959010
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51973}
Prevent d8 from exiting while wasm background compilation is still
going on. This prevents the need to use the testRunner to execute
webassembly tests in d8.
R=yangguo@chromium.orgCC=ahaas@chromium.org
Change-Id: I86fb7ce260fc56ee87040742f77b0ff86b8fbd53
Reviewed-on: https://chromium-review.googlesource.com/964221
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51972}
TurboFan assumed that the output of NumberToString is always a
sequential string, since that's what we put into the number to
string table. However we might eventually morph these strings
into ThinStrings when we need to internalize them, in which case
the type in TurboFan will be wrong, and we read out of bounds.
Also-By: tebbi@chromium.org
Bug: chromium:822284
Change-Id: I5aebe73028b95849fff72bba262c517677112353
Reviewed-on: https://chromium-review.googlesource.com/964523
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51970}
Adds a flag onto InterceptorInfo to mark an interceptor's getter,
query, and enumerator callbacks as side-effect-free.
Bug: v8:7515
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iafc5d2fa554d6d9a38604e179ea5b884c3b77af0
Reviewed-on: https://chromium-review.googlesource.com/957870
Commit-Queue: Erik Luo <luoe@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51969}
These checks are critical even in release mode. They won't impact
runtime performance since this happens at snapshot-time.
TBR=yangguo@chromium.org
Bug: v8:6666
Change-Id: I342d9f80c6b882363da00630385686ac6a02cf5d
Reviewed-on: https://chromium-review.googlesource.com/964524
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51966}
Given the following input,
const config = {
min: Math.min(1, 2),
func: myfunc(),
}
Previously, the error was,
➜ ./out.gn/x64.release/d8 _test.js
_test.js:3: ReferenceError: myfunc is not defined
min: Math.min(1, 2),
^
ReferenceError: myfunc is not defined
at _test.js:3:13
Now, the error is,
➜ ./out.gn/x64.release/d8 _test.js
_test.js:4: ReferenceError: myfunc is not defined
func: myfunc(),
^
ReferenceError: myfunc is not defined
at _test.js:4:9
Bug: v8:7507
Change-Id: Ia65b445fdbc1369ecce80f4fc2040e500c807d40
Reviewed-on: https://chromium-review.googlesource.com/964182
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51964}
This makes the moves from constants to the poisoning register
explicit so that the register allocator does not have to burn
a register on it.
Bug: chromium:798964, chromium:820726, v8:7503, v8:7518
Change-Id: Ifc8f9a2f685405dd38fec583bb0e20c3f0320903
Reviewed-on: https://chromium-review.googlesource.com/964202
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51963}
This reverts commit f1b1ec70a6.
Reason for revert: Tentative revert for https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8.fyi%2FV8-Blink_Mac%2F13696%2F%2B%2Frecipes%2Fsteps%2Fwebkit_unit_tests%2F0%2Fstdout
Original change's description:
> [builtins] Remove off-heap builtins from the snapshot
>
> This CL is the final major step towards shipping off-heap-safe builtins
> embedded into the binary.
>
> Prior to snapshot serialization, we now:
> * create the embedded blob containing off-heap instruction streams,
> * use that to generate embedded.cc (containing embedded binary data),
> * replace off-heap-safe builtins with trampolines,
> * and serialize those into the final snapshot.
>
> The new RelocInfo::OFF_HEAP_TARGET kind is used to fix up trampoline
> targets on deserialization.
>
> Bug: v8:6666
> Change-Id: Ib07aea9e3bd7ecdec42291c1388b3a7453ea96ce
> Reviewed-on: https://chromium-review.googlesource.com/950775
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51960}
TBR=yangguo@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org
Change-Id: I58dd4bf9a99d37416855b48807150e1dd9ecd9e8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/964363
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51962}
This CL is the final major step towards shipping off-heap-safe builtins
embedded into the binary.
Prior to snapshot serialization, we now:
* create the embedded blob containing off-heap instruction streams,
* use that to generate embedded.cc (containing embedded binary data),
* replace off-heap-safe builtins with trampolines,
* and serialize those into the final snapshot.
The new RelocInfo::OFF_HEAP_TARGET kind is used to fix up trampoline
targets on deserialization.
Bug: v8:6666
Change-Id: Ib07aea9e3bd7ecdec42291c1388b3a7453ea96ce
Reviewed-on: https://chromium-review.googlesource.com/950775
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51960}
- Rename WasmCode::owner() to WasmCode::native_module() and
- Make {shared} field of WasmCompiledModule no-longer const, since
it had a setter masquerading under the
{OnWasmModuleDeserialization()}.
- Refactor and simplify the flow of "owner" in module-compiler.cc
R=mstarzinger@chromium.org
Change-Id: If9ee371124678fbbc845fc4e93279bf14f8f7ce8
Reviewed-on: https://chromium-review.googlesource.com/964263
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51959}
This function re-uses the implementation of InitializeICUDefaultLocation.
Removal of the API breaks embedders' code without providing any benefit.
Bug: v8:7561
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I006cd307887ac132f574af26ca9cd1d5e5317644
Reviewed-on: https://chromium-review.googlesource.com/963024
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51956}
After processing the string loaded from a file, don't process message
queues. Otherwise, stack traces generated in any processed task will
contain the stack trace of the load. This also introduces
nondeterminism, since it depends on the timing whether something will
be processed inside the load or outside.
Drive-by: Introduce enums for the different bools, to make their
meaning more obvious at call sites.
R=yangguo@chromium.orgCC=herhut@chromium.org
Change-Id: Ib48ee01be8c443a2a408ecb1c9e34bb9ba5a8fe7
Reviewed-on: https://chromium-review.googlesource.com/964141
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51952}
This also undeprecates Message::GetStartColumn API.
The simple versions are easier to use for the embedders and have the
same implementation as the complex versions.
Bug: v8:7560
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I656161b04c5d9de6d1de9435b7825009f96572a5
Reviewed-on: https://chromium-review.googlesource.com/963322
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51951}
Pointing to the exact spot of the incorrect numeric separator seems
clearer both in terms of the error itself, and the resulting code in
scanner because we don't have to keep track of the start position.
Previously, the error was:
➜ ./out.gn/x64.release/d8 --harmony-numeric-separator -e '0x1__1'
unnamed:1: SyntaxError: Only one underscore is allowed as numeric separator
0x1__1
^^^^
SyntaxError: Only one underscore is allowed as numeric separator
Now, the error is:
➜ ./out.gn/x64.release/d8 --harmony-numeric-separator -e '0x1__1'
unnamed:1: SyntaxError: Only one underscore is allowed as numeric separator
0x1__1
^
SyntaxError: Only one underscore is allowed as numeric separator
Bug: v8:7317
Change-Id: I7df1b39816e51a97234da6ed0fca1bf8c0223c3e
Reviewed-on: https://chromium-review.googlesource.com/962241
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51950}
On x64, the upper 32 bit of a register holding a 32-bit value are
always zero. Add several assertions to check that. This is particularly
important for memory accesses, where the whole 64-bit register is used
as offset for the memory access.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ifd3c6e90bb0056dbc2b8c66de919f35c7787965b
Reviewed-on: https://chromium-review.googlesource.com/963321
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51947}
