Currently we choose the MachineRepresentation::kNone representation for
values of Type::None, and when converting values from the kNone representation
we use "impossible" conversions that will crash at runtime. This
assumes that the impossible conversions should never be hit (the only
way to produce the impossible values is to perform an always-failing
runtime check on a value, such as Smi-checking a string). Note that
this assumes that the runtime check is executed before the impossible
convesrion.
Introducing BitwiseOr type feedback broke this in two ways:
- we always pick Word32 representation for bitwise-or, so the
impossible conversion does not trigger (it only triggers with
None representation), and we could end up with unsupported
conversions from Word32.
- even if we inserted impossible conversions, they are pure conversions.
Since untagging, bitwise-or operations are also pure, we could hoist
all these before the smi check of the inputs and we could hit the
impossible conversions before we get to the smi check.
This CL addresses this by just providing dummy values for conversions
from the Type::None type. It also removes the impossible-to-* conversions.
BUG=chromium:638132
Review-Url: https://codereview.chromium.org/2266823002
Cr-Commit-Position: refs/heads/master@{#38883}
For concurrent recompilation we created the CompilationHandleScope after
the CanonicalHandleScope, which basically disabled the canonicalization
because the deferred handle creation doesn't pay attention to the
canonicalization mode then. This meant that we did not canonicalize
handles properly as soon as concurrent recompilation was enabled.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2276953004
Cr-Commit-Position: refs/heads/master@{#38882}
This introduces appropriate unit tests to ensure that merging of
elements/fields information is correct for diamonds.
BUG=chromium:639210,v8:5266
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2278043002
Cr-Commit-Position: refs/heads/master@{#38881}
According to our style guide on Copyable and Movable Types,
copy/move operators should be disabled using = delete in the public: section.
Use consistent style for disabling new and delete.
BUG=
Review-Url: https://codereview.chromium.org/2276063002
Cr-Commit-Position: refs/heads/master@{#38880}
According to our style guide on Copyable and Movable Types,
copy/move operators should be disabled using = delete in the public: section,
not in the private: section.
BUG=
Review-Url: https://codereview.chromium.org/2272063002
Cr-Commit-Position: refs/heads/master@{#38879}
According to our style guide on Copyable and Movable Types,
copy/move operators should be disabled in the public: section, not
in the private: section. If disabled with a macro such as
DISALLOW_COPY_AND_ASSIGN, it should be at the end of the private: section,
and should be the last thing in the class.
BUG=
Review-Url: https://codereview.chromium.org/2271043003
Cr-Commit-Position: refs/heads/master@{#38878}
This patch fixes up one last case of redundant ExceptionEvents being
triggered in the debugger for Promises--it makes the default reject
handler for Promises (e.g., if the second argument for
Promise.prototype.then is missing) appear to the debugger as a
rethrow.
R=adamk@chromium.org,jgruber@chromium.org
BUG=v8:5167
Review-Url: https://codereview.chromium.org/2278643002
Cr-Commit-Position: refs/heads/master@{#38876}
Mark deopt's input alive till the end of the deopt instruction so
they cannot be reused as output.
BUG=v8:5158
Review-Url: https://codereview.chromium.org/2247303007
Cr-Commit-Position: refs/heads/master@{#38875}
Unfortunately, I was unable to produce a repro without asm.js. In normal
JavaScript, the bounds check renaming saves us.
I have not done anything about the index variable aliasing and handling
of differently sized elements yet!
BUG=chromium:639210, v8:5266
Review-Url: https://codereview.chromium.org/2270793004
Cr-Commit-Position: refs/heads/master@{#38874}
According to our style guide on Copyable and Movable Types,
copy/move operators should be disabled in the public: section, not
in the private: section.
BUG=
Review-Url: https://codereview.chromium.org/2278573002
Cr-Commit-Position: refs/heads/master@{#38872}
This makes some information passed implicitly (e.g. the ForceConstructor
flag used to be a special symbol passed as the receiver) explicit.
BUG=
Review-Url: https://codereview.chromium.org/2274823002
Cr-Commit-Position: refs/heads/master@{#38870}
The value returned via the int* argument was actually never used.
Also remove has_rest_parameter() in favor of returning nullptr from
rest_parameter(). This is in line with similar accessors and simplifies my
changes.
BUG=
Review-Url: https://codereview.chromium.org/2276923002
Cr-Commit-Position: refs/heads/master@{#38868}
This preserves the original shared code of the underlying function when
bytecode is provided. The method in question should only ensure bytecode
is present, but should avoid switching compilation tiers of the given
function. It might be that the function was fast-tracked to baseline by
inlining without going through the interpreted tier first.
R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-635923
BUG=chromium:635923
Review-Url: https://codereview.chromium.org/2278543002
Cr-Commit-Position: refs/heads/master@{#38866}
Don't bother using %_IsJSReceiver, which immediately gets lowered to
ObjectIsReceiver anyways (by the JSIntrinsicLowering), but requires
some complicated rewiring of effect/control chains.
R=mstarzinger@chromium.org
BUG=chromium:640369
Review-Url: https://codereview.chromium.org/2271973003
Cr-Commit-Position: refs/heads/master@{#38864}
The CL #38858 (https://codereview.chromium.org/2269293004) removed the parameter assignment code
in rest_parameter(int* index) function in Class DeclarationScope.
This caused the Gcc compilation fail at the following code in src/compiler/ast-graph-builder.cc, line 576.
int rest_index;
Variable* rest_parameter = scope->rest_parameter(&rest_index);
BuildRestArgumentsArray(rest_parameter, rest_index);
The error message was:
../src/compiler/ast-graph-builder.cc: In member function ‘void v8::internal::compiler::AstGraphBuilder::CreateGraphBody(bool)’:
../src/compiler/ast-graph-builder.cc:578:54: error: ‘rest_index’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
BuildRestArgumentsArray(rest_parameter, rest_index);
^
This CL fixed this issue by intializing rest_index to 0.
BUG=
Review-Url: https://codereview.chromium.org/2270363003
Cr-Commit-Position: refs/heads/master@{#38863}
For O instanceof C, we only need to check the instance type while
iterating the prototypes of O instead of checking both the instance
type and the access check bit of the map. This is because we have
the explicit range of "special object types", which include both
JSProxy as well as the global object and proxy and all API objects
that might have access checks or interceptors. Also restructure the
loop exits somewhat to ensure that the branch cloning gets a chance
to actually eliminate the bit materialization for the results.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2263273003
Cr-Commit-Position: refs/heads/master@{#38860}
With scopes: Don't call the ctor which wants a ScopeInfo if we
don't want to pass it, instead call a ctor which doesn't need it.
In addition, remove inner_scope from ctors and adjust it
explicitly afterwards. It's confusing that some ctors get passed
inner scopes and some outer scopes.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2270743002
Cr-Commit-Position: refs/heads/master@{#38859}
rest_index_ is implicitly params_.length() - 1, since it can only be the last.
Add dchecks that no parameters are added after the rest parameter.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2269293004
Cr-Commit-Position: refs/heads/master@{#38858}
port 2027b0bed1 (r38784)
original commit message:
The new operators are implemented similar to the Float64(Max|Min) which
already exist. The purpose of the new operators is the implementation
of the F32Max and F32Min instructions in WebAssembly.
BUG=
Review-Url: https://codereview.chromium.org/2270193003
Cr-Commit-Position: refs/heads/master@{#38857}
port 4598d9139e (r38747)
original commit message:
This fixes the self-healing mechanism for closures in the interpreter
entry trampoline not that bytecode can be preserved even when baseline
code is already available.
BUG=
Review-Url: https://codereview.chromium.org/2273503003
Cr-Commit-Position: refs/heads/master@{#38856}
Now that ordered_variables_ is used to find non-dynamic variables, and NonLocals are always stored in the scope that introduces them, we can rely on variables_ to also cache non-locals. This has 2 advantages:
1) we don't need DynamicScopePart anymore, reducing all scopes by a pointer
2) upon second lookup of a non-local we don't need to walk the entire chain anymore. The cached value will immediately be found.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2276483003
Cr-Commit-Position: refs/heads/master@{#38855}
This recovers about 50% of the regression in compilation time.
BUG=chromium:638208
Review-Url: https://codereview.chromium.org/2274053002
Cr-Commit-Position: refs/heads/master@{#38854}
A FrameArray encodes information about a set of stack frames into a fixed
array.
This commit is a pure refactoring to make the structure of fixed array-encoded
frames explicit.
BUG=
Review-Url: https://codereview.chromium.org/2270783002
Cr-Commit-Position: refs/heads/master@{#38852}
Reason for revert:
Breaks TSAN
Original issue's description:
> Update V8 DEPS.
>
> Rolling v8/build to b02fa16a7e5f43a2afb00b8cf56375a700f3ed0e
>
> Rolling v8/tools/clang to 82fffa46e8fedec2be06199c5f90410e7f2bffb8
>
> Rolling v8/tools/mb to 94f86dcf676fbf08448f662273aac62951365b2c
>
> TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
>
> Committed: https://crrev.com/a796d69a9a093ca7773acbe9377865b7df680fe6
> Cr-Commit-Position: refs/heads/master@{#38850}
TBR=machenbach@chromium.org,vogelheim@chromium.org,v8-autoroll@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2270293004
Cr-Commit-Position: refs/heads/master@{#38851}
Rolling v8/build to b02fa16a7e5f43a2afb00b8cf56375a700f3ed0e
Rolling v8/tools/clang to 82fffa46e8fedec2be06199c5f90410e7f2bffb8
Rolling v8/tools/mb to 94f86dcf676fbf08448f662273aac62951365b2c
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2276833002
Cr-Commit-Position: refs/heads/master@{#38850}
When compiling a wasm module, we initially generate placeholders for
imports, which store the index corresponding to that import. Later,
at instantiation time, we use that index to correctly link the
provided import.
In this scheme, supporting multiple instantiations requires we
preserve a template (set of unlinked compiled wasm functions) which
we clone for each instance. To avoid holding on to this template,
which may be large (wasm compiled code should be expected to be in
the order of tens of MB), we must enable cloning from an instance's
linked wasm functions.
This change is a step in that direction. Instead of assuming the wasm
functions reference placeholders, we store a table of the code objects
used for imports together with the compiled module, and use that
information to determine the index of the import. Initially, that
table contains placeholders. For instances, however, that table contains
their actual imports.
BUG=
Review-Url: https://codereview.chromium.org/2269323002
Cr-Commit-Position: refs/heads/master@{#38848}
To make async/await catch prediction work well, this patch regularizes
the exception events sent to DevTools from various places in the Promise
lifecycle. The core is that there should be an exception event when the
rejection first starts, rather than when it is propagated.
- Several cases within Promise code which propagate errors are
modified to not trigger a new ExceptionEvent in that case, such
as .then on a rejected Promise and returning a rejected Promise
from .then, as well as Promise.race and Promise.all.
- Make Promise.reject() create an ExceptionEvent, subject to catch
prediction based on the Promise stack. This is important
so that, e.g., if "await Promise.reject()" will trigger a new
throw (rather than a silent rethrow of something that never
triggered an event in the first place).
BUG=v8:5167
Review-Url: https://codereview.chromium.org/2244003003
Cr-Commit-Position: refs/heads/master@{#38847}
This gets rid of the BindingsKind flag. It replaces the factory argument with a bool that indicates whether free variables should be resolved as well.
BUG=
Review-Url: https://codereview.chromium.org/2262393004
Cr-Commit-Position: refs/heads/master@{#38844}
"ExpressionProductions" was missing the plural. I don't think this
changed any behavior, but I'd rather be safe than sorry. Also
removed redundant mention of TailCall production.
A future patch will attempt to make calls to Accumulate make more sense,
in general.
R=littledan@chromium.org
Review-Url: https://codereview.chromium.org/2270153002
Cr-Commit-Position: refs/heads/master@{#38842}
The only two places where these Forgive methods were called
was in ParseAssignmentExpression just at the time we were
calling Accumulate(). So instead of Forgiving, we can simply
not accumulate the bits that would have been forgiven.
Also slightly restructures the nearby code in
ParseAssignmentExpression, and removes the use of non-const
references in ExpressionClassifier.
Review-Url: https://codereview.chromium.org/2267223002
Cr-Commit-Position: refs/heads/master@{#38839}
This patch removes 26 elements of the (pre)parser traits objects.
Some methods are removed completely and called directly from the
implementation objects:
- ParseAsyncFunctionExpression
- ParseClassLiteral
- ParseDoExpression
- ParseEagerFunctionBody
- ParseFunctionLiteral
- ParseV8Intrinsic
Some methods have to be moved to at least one implementation object:
- AddTemplateExpression
- AddTemplateSpan
- CheckConflictingVarDeclarations
- CloseTemplateLiteral
- MarkCollectedTailCallExpressions
- MarkTailPosition
- OpenTemplateLiteral
- ParseAsyncArrowSingleExpressionBody
- PrepareSpreadArguments
- QueueDestructuringAssignmentForRewriting
- QueueNonPatternForRewriting
- RewriteAssignExponentiation
- RewriteAwaitExpression
- RewriteDestructuringAssignments
- RewriteExponentiation
- RewriteNonPattern
- RewriteYieldStar
- SkipLazyFunctionBody
- SpreadCall
- SpreadCallNew
Also, the inner class/struct TemplateLiteralState is moved to the
implementation objects.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2267783002
Cr-Commit-Position: refs/heads/master@{#38837}
We anyway have its index in params_, so just always access through params_.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2275573002
Cr-Commit-Position: refs/heads/master@{#38836}
Before this patch all tracing scopes in incremental marking would be reset
during a gc tracer start/stop cycle. This patch handles scopes the same way it
does other incremental marking metrics.
Also:
- Align finalization metric with regular marking metric.
- Smaller cleanups
BUG=chromium:639818
Review-Url: https://codereview.chromium.org/2273673002
Cr-Commit-Position: refs/heads/master@{#38834}