* Mark BytecodeOperands and Bytecodes AllStatic.
* Add BytecodeOperands::kOperandScaleCount.
* Add Bytecodes::ReusesExistingHandler in preparation for adding another
callsite from deserialization.
Bug: v8:6624
Change-Id: Ic8b5d444df5525ef6d14de6931b38afd926b251e
Reviewed-on: https://chromium-review.googlesource.com/738092
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48957}
This attaches a constructor to the bound function map so we can identify the creation context using the map, it chooses the bound-function map from the same realm as the target's creation context (additionally to avoid memory leaks and unnecessary transitions), and finally drops the loop unwrapping bound functions in GetCreationContext.
Bug:
Change-Id: Icb6f4c29287f9cba69f11afbd070f52c0ad1aa16
Reviewed-on: https://chromium-review.googlesource.com/738097
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48956}
We can already construct wrapper objects using Object().
R=jkummerow@chromium.org
Bug: v8:6791
Change-Id: Ic4079654ef1fcae2be4b588cb12c2645e199f4f7
Reviewed-on: https://chromium-review.googlesource.com/738089
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48955}
The current implementation overapproximates the
possible_nondeterminism_ bit by setting it whenever a NaN value is
reinterpreted as integer, or stored to memory. This hides bugs in the
interpreter that are handled as possible nondeterminism even though
they are not.
This CL fixes this by only setting the bit if a binary floating point
operation is executed and one of the inputs is a NaN.
R=ahaas@chromium.org
Bug: v8:6954
Change-Id: Ib937ae7730dbb140c012d07fae23b40ae7ed3d6b
Reviewed-on: https://chromium-review.googlesource.com/735599
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48954}
This way, we can also check the return code of d8. We currently have a
bug (6981) which makes failing tests not being detected, even though
the failure message is (sometimes) being printed.
After this refactoring, we can write tests for our mjsunit test
functions.
R=machenbach@chromium.org
Bug: v8:6981
Change-Id: I0aa0abcb0f9a4f622a1e1d1a4d826da1e6eb4f07
Reviewed-on: https://chromium-review.googlesource.com/737991
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48951}
The current_cpu value was erroneously removed from the build config json.
In multi-arch builds, each toolchain subdirectory in the build-product
output emits its own build-config json, where current_cpu determines
the architecture type of the sub-build.
Correctness-fuzzer runs could wrongly determined x86 sub-builds as x64.
Bug: chromium:777285
Change-Id: I5104630cd8ebbd263d557fb29771a31a2a1d78c2
Reviewed-on: https://chromium-review.googlesource.com/737797
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48950}
The motivation for this is that it greatly reduces the RelocInfo size.
This also results in a small improvement in compile time.
Note: This CL was based on https://codereview.chromium.org/2651833003,
and basically reverts that CL (but handles code changes and some
minor bugs in previous code).
Bug: chromium:772780
Change-Id: I55dd48d3bddd4b3d1c8eec13791b3ee4c485c604
Reviewed-on: https://chromium-review.googlesource.com/730649
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48947}
Abstract equality comparison of a BigInt and a String converts the
latter to BigInt. This conversion can fail; since we do not want to
pass a context to the comparison function, we must signal such failure
without throwing an exception.
This CL uses the existing ShouldThrow enum to configure behavior of
String-to-BigInt conversion, moving it out of Object into globals.h.
Bug: v8:6791, v8:6979
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ibb98675079b8392cf03bbcbbbd5556108500a32d
Reviewed-on: https://chromium-review.googlesource.com/734172
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48946}
This flag has been on by default since Chrome 61.
Bug: v8:5549
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I81c34d1d3a7dbd219acce2cdf0cf4917eb484002
Reviewed-on: https://chromium-review.googlesource.com/738312
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48945}
and use a newly-introduced "enum class Operation" in all
other places that so far passed Token::Values around.
Also delete some related dead code along the way.
Bug: v8:6921
Change-Id: I062f396d304aa62298cfeff202e3132a4a5597c1
Reviewed-on: https://chromium-review.googlesource.com/736851
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48944}
It's been on by default since Chrome 61.
Bug: v8:4806
Change-Id: I748d9008d29997667458649d7bf4999e15ff8615
Reviewed-on: https://chromium-review.googlesource.com/737416
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48943}
This reverts commit 877de37676.
Reason for revert: Looks like this doesn't really move the needle (only w/ high iteration count). So let's not do the extra complexity unless there's a good reason to do so.
Original change's description:
> [turbofan] Introduce FindOrderedHashMapEntryForReceiverKey operator.
>
> This optimizes Map#get and Map#has for the case where the key is known
> to be a JSReceiver. This generalizes the existing logic for the
> FindOrderedHashMapEntryForSigned32Key operator to also deal with
> receivers. This gives a nice 33% boost on the map-set-lookup-es6 test
> of the six-speed benchmark suite.
>
> Drive-by-fix: Rename the FindOrderedHashMapEntryForInt32Key operator to
> FindOrderedHashMapEntryForSigned32Key to match the naming of the types.
>
> R=jarin@chromium.org
>
> Bug: v8:5267, v8:7001
> Change-Id: Ifab8414f26adee7ec833d8cb94ae0ac49f2c3d35
> Reviewed-on: https://chromium-review.googlesource.com/738180
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48938}
TBR=jarin@chromium.org,bmeurer@chromium.org
Change-Id: Icaf9e22cb3412a97342c4e4cdc422d4aaa2d0ef9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5267, v8:7001
Reviewed-on: https://chromium-review.googlesource.com/738052
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48941}
For the tagged case, we never use the Literal AST node, so don't bother
creating them in the first place. Instead, store AstRawStrings directly,
and only wrap with Literals when desugaring untagged templates into
binary ops.
This also makes the upcoming merge of Literal and AstValue simpler.
Bug: v8:6984
Change-Id: I9f12710b05c6d63d7e91f2707cd08093f7ff3f11
Reviewed-on: https://chromium-review.googlesource.com/736151
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48940}
This optimizes Map#get and Map#has for the case where the key is known
to be a JSReceiver. This generalizes the existing logic for the
FindOrderedHashMapEntryForSigned32Key operator to also deal with
receivers. This gives a nice 33% boost on the map-set-lookup-es6 test
of the six-speed benchmark suite.
Drive-by-fix: Rename the FindOrderedHashMapEntryForInt32Key operator to
FindOrderedHashMapEntryForSigned32Key to match the naming of the types.
R=jarin@chromium.org
Bug: v8:5267, v8:7001
Change-Id: Ifab8414f26adee7ec833d8cb94ae0ac49f2c3d35
Reviewed-on: https://chromium-review.googlesource.com/738180
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48938}
Port 266e803ea9
Original Commit Message:
This CL adds a first implementation of Liftoff, the new wasm baseline
compiler, for x64 and ia32. It currently supports the most important
i32 instructions and control instructions. Whenever it encounters an
instruction it does not support yet, it aborts.
In a subsequent CL, Liftoff will be called from the
WasmCompilationUnit, falling back to Turbofan compilation if the
baseline compiler bails out.
R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, clemensh@chromium.org, titzer@chromium.org
BUG=
LOG=N
Change-Id: I35ad2b0230c37f523e24aa90b637a67e5ce59083
Reviewed-on: https://chromium-review.googlesource.com/735784
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48935}
The Float32(uint32_t) constructor should not be public, use
Float32::FromBits explicitly if needed.
R=ahaas@chromium.org
Change-Id: I414e621deebde8cdb474f17e08fcc489dbc083cd
Reviewed-on: https://chromium-review.googlesource.com/738173
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48934}
This makes sure flags on newly allocated {Code} objects are initialized
from within the allocator itself instead of after the object has been
created. It essentially makes these flags immutable.
R=jarin@chromium.org
BUG=v8:6792
Change-Id: I6bef183a25508faf1fec28d347956e766e65aecf
Reviewed-on: https://chromium-review.googlesource.com/737633
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48933}
This extends the WASM_EXEC_TEST to also execute the test in Liftoff
(our new baseline compiler).
Use WASM_COMPILED_EXEC_TEST to execute in both compilers, but not in
the interpreter.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I0b76a5cff9af1b8c4aaec3cceb154ad29ca1b58e
Reviewed-on: https://chromium-review.googlesource.com/733560
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48932}
Current chrome stable has a high number of crashes due to bugs in
this feature. These bugs are already fixed but the fixes are hard
to merge back. Therefore we decided to disable the feature in stable.
This CL is intended to be merged to stable and then reverted in tot.
Bug: chromium:762020
Change-Id: Ibd5a08e3b303a204fb84a408271a1c0f97cc5b7b
Reviewed-on: https://chromium-review.googlesource.com/738176
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48931}
Have JSProxy and JSGlobalProxy use the properties or hash technology
like we use for all other JSReceivers. Also unify and simplify the
code dealing with these hashes.
Bug: v8:6344, v8:6911
Change-Id: Ic995639c74211ba6f33acd73428b8c6d95bf7919
Reviewed-on: https://chromium-review.googlesource.com/737833
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48930}
We have an internal limit of 50000 local variables per wasm function.
This limit is checked when decoding the function body. For asm.js, we
skip function body validation, since by construction the code we
generate is correct. This makes us fail unexpectedly when trying to
(lazily) compile an asm.js function with more than 50000 locals.
Hence, check this limit in the asm parser and bail out if it is
exceeded.
R=mstarzinger@chromium.org
Bug: chromium:775710
Change-Id: I89d2069e133fb0f84947d477ae1ac5eda85571aa
Reviewed-on: https://chromium-review.googlesource.com/732660
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48929}
This is a reland of eeaffa9f33
Original change's description:
> [objects] Introduce {CodeDataContainer} object type.
>
> This introduces the {CodeDataContainer} as a container for all mutable
> fields associated with a {Code} object. For now only the kind-specific
> flags are moved, but more fields can/will be moved gradually. The goal
> is to make all fields in the {Code} header be immutable eventually.
>
> R=jarin@chromium.org
> BUG=v8:6792
>
> Change-Id: I2eeba893afaba877fb6117e1f18371898c3a175e
> Reviewed-on: https://chromium-review.googlesource.com/732987
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48902}
Bug: v8:6792
Change-Id: I31a127df4bb8ee5fedb4d73755df4deae6e1d352
Reviewed-on: https://chromium-review.googlesource.com/738109
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48928}
Following up on adding n-ary nodes, this extends the parser to support
n-ary comma operations, including support for n-ary arrow function
parameters.
Bug: v8:6964
Bug: chromium:777302
Change-Id: Iba9c93b9eaa5a0870815b4fa29e84aa9d0c511e2
Reviewed-on: https://chromium-review.googlesource.com/735156
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48927}
... containing Tuple2 value instead of two properties. This CL reduces the
number of property queries in FunctionToString to one and it is memory-neutral.
Change-Id: Ia6fa267f3e5b6670013f1da3e03cd70bf24dd65a
Reviewed-on: https://chromium-review.googlesource.com/730744
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48926}
A WasmCompilationUnit can now either compile the code in liftoff or with
Turbofan. If liftoff compilation fails (because of unsupported
instructions), we fall back to TF.
This new pipeline is only enabled if the --liftoff flag is enabled.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I63669cfd8b7f0c89b08dcbd4d125d5ed44c7265b
Reviewed-on: https://chromium-review.googlesource.com/733091
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48924}
There is no need to test each operation on each single memory location.
R=titzer@chromium.org, binji@chromium.org
Bug: v8:6994
Change-Id: Ib401fa1dd4db2e1b9c7ee0b48bb0c1cc9e3f9139
Reviewed-on: https://chromium-review.googlesource.com/735149
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48921}
Expressions of the form
a_0 + a_1 + a_2 + a_3 + ... + a_n
seem to be reasonably common for cases such as building templates.
However, parsing these expressions results in a n-deep expression tree:
...
/
+
/ \
+ a_2
/ \
a_0 a_1
Traversing this tree during compilation can cause a stack overflow when n is
large.
Instead, for left-associate operations such as add, we now build up an
n-ary node in the parse tree, of the form
n-ary +
/ | \
/ | ... \
a_0 a_1 a_n
The bytecode compiler can now iterate through the child expressions
rather than recursing.
This patch only supports arithmetic operations -- subsequent patches
will enable the same optimization for logical tests and comma
expressions.
Bug: v8:6964
Bug: chromium:724961
Bug: chromium:731861
Bug: chromium:752081
Bug: chromium:771653
Bug: chromium:777302
Change-Id: Ie97e4ce42506fe62a7bc4ffbdaa90a9f698352cb
Reviewed-on: https://chromium-review.googlesource.com/733120
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48920}
Use an upper limit search followed by a binary search in the expression
depth test. As our maximum expression depths increase, a simple linear
search wastes cycles.
Bug: v8:6964
Change-Id: I0669e4090f6cc1628d1dec475b9bd8ff52be3f7d
Reviewed-on: https://chromium-review.googlesource.com/735346
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48919}
This reverts commit 37b4b2f1e3.
Reason for revert: Likely breaking canary.
Original change's description:
> [turbofan] Prune control flow based on failed map checks and comparisons.
>
> This introduces unreachable state into load elimination. We mark state
> as unreachable if we know statically that a map check would fail.
> When processing effect phis, we disconnect unreachable state's
> control from the effect phi's merge, and point it to RuntimeAbort.
> The control input to the merge is then updated with Dead. Dead
> code elimination prunes the merge, phis and effect phis.
>
> Bug: v8:6396
> Change-Id: I01874b576e548747a915c7b645b96ebaa6f6700d
> Reviewed-on: https://chromium-review.googlesource.com/730754
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48810}
TBR=jarin@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:6396, chromium:777843
Change-Id: I6fac6f86e138f33756e688ec30424cb940690dae
Reviewed-on: https://chromium-review.googlesource.com/737829
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48918}
This reverts commit e26cd87496.
Reason for revert: The issue has been fixed. See related bug for description and CLs.
Original change's description:
> [heap] Add TSAN suppression for lock-order inversion in Scavenger
>
> The Scavenger currently requires taking the lock for OLD->NEW processing
> and can also take another lock for sweeping a different page.
>
> Since order of pages during scavenge and sweep is unstable this may
> result in lock order inversion reports on TSAN when long-running
> programms are only executed on a single thread.
>
> The report is a false positve, hence flag it as suppression until we
> redesign this particular piece.
>
> No-try: true
> Bug: v8:6923
> Change-Id: I82355be1c8d83ea61cc21152aeb10b58b1dc4b86
> Reviewed-on: https://chromium-review.googlesource.com/716261
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48504}
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:6923
Change-Id: I7711466c6e2175dcab8d64d6a642e458e1cde3f5
Reviewed-on: https://chromium-review.googlesource.com/738110
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48913}
We were already handling the case that a called import throws, but if
it returned an error which is not convertible to a number, we failed
with a CHECK error.
This CL fixes this.
R=titzer@chromium.org
Bug: chromium:771970
Change-Id: I6c9983459109d49c43304610b696d49de986a250
Reviewed-on: https://chromium-review.googlesource.com/735354
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48912}
E.g. use TrueConstant() instead of BooleanConstant(true) and
NullConstant() instead of HeapConstant(factory...null_value()).
R=jkummerow@chromium.org
Bug:
Change-Id: I0588d71940d8baf289eb8f8e6c8d20aa717d57f6
Reviewed-on: https://chromium-review.googlesource.com/735681
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48911}
The IsWhite check in the write barrier uses word size memory operations.
It should use 32-bit cell size operation instead.
Bug: v8:6955
Change-Id: I5bbcd99dcd7e3d435f96022a745a6c80c83eb3b3
Reviewed-on: https://chromium-review.googlesource.com/735153
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48910}
