There is no need to test each operation on each single memory location.
R=titzer@chromium.org, binji@chromium.org
Bug: v8:6994
Change-Id: Ib401fa1dd4db2e1b9c7ee0b48bb0c1cc9e3f9139
Reviewed-on: https://chromium-review.googlesource.com/735149
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48921}
Expressions of the form
a_0 + a_1 + a_2 + a_3 + ... + a_n
seem to be reasonably common for cases such as building templates.
However, parsing these expressions results in a n-deep expression tree:
...
/
+
/ \
+ a_2
/ \
a_0 a_1
Traversing this tree during compilation can cause a stack overflow when n is
large.
Instead, for left-associate operations such as add, we now build up an
n-ary node in the parse tree, of the form
n-ary +
/ | \
/ | ... \
a_0 a_1 a_n
The bytecode compiler can now iterate through the child expressions
rather than recursing.
This patch only supports arithmetic operations -- subsequent patches
will enable the same optimization for logical tests and comma
expressions.
Bug: v8:6964
Bug: chromium:724961
Bug: chromium:731861
Bug: chromium:752081
Bug: chromium:771653
Bug: chromium:777302
Change-Id: Ie97e4ce42506fe62a7bc4ffbdaa90a9f698352cb
Reviewed-on: https://chromium-review.googlesource.com/733120
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48920}
Use an upper limit search followed by a binary search in the expression
depth test. As our maximum expression depths increase, a simple linear
search wastes cycles.
Bug: v8:6964
Change-Id: I0669e4090f6cc1628d1dec475b9bd8ff52be3f7d
Reviewed-on: https://chromium-review.googlesource.com/735346
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48919}
This reverts commit 37b4b2f1e3.
Reason for revert: Likely breaking canary.
Original change's description:
> [turbofan] Prune control flow based on failed map checks and comparisons.
>
> This introduces unreachable state into load elimination. We mark state
> as unreachable if we know statically that a map check would fail.
> When processing effect phis, we disconnect unreachable state's
> control from the effect phi's merge, and point it to RuntimeAbort.
> The control input to the merge is then updated with Dead. Dead
> code elimination prunes the merge, phis and effect phis.
>
> Bug: v8:6396
> Change-Id: I01874b576e548747a915c7b645b96ebaa6f6700d
> Reviewed-on: https://chromium-review.googlesource.com/730754
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48810}
TBR=jarin@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:6396, chromium:777843
Change-Id: I6fac6f86e138f33756e688ec30424cb940690dae
Reviewed-on: https://chromium-review.googlesource.com/737829
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48918}
This reverts commit e26cd87496.
Reason for revert: The issue has been fixed. See related bug for description and CLs.
Original change's description:
> [heap] Add TSAN suppression for lock-order inversion in Scavenger
>
> The Scavenger currently requires taking the lock for OLD->NEW processing
> and can also take another lock for sweeping a different page.
>
> Since order of pages during scavenge and sweep is unstable this may
> result in lock order inversion reports on TSAN when long-running
> programms are only executed on a single thread.
>
> The report is a false positve, hence flag it as suppression until we
> redesign this particular piece.
>
> No-try: true
> Bug: v8:6923
> Change-Id: I82355be1c8d83ea61cc21152aeb10b58b1dc4b86
> Reviewed-on: https://chromium-review.googlesource.com/716261
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48504}
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:6923
Change-Id: I7711466c6e2175dcab8d64d6a642e458e1cde3f5
Reviewed-on: https://chromium-review.googlesource.com/738110
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48913}
We were already handling the case that a called import throws, but if
it returned an error which is not convertible to a number, we failed
with a CHECK error.
This CL fixes this.
R=titzer@chromium.org
Bug: chromium:771970
Change-Id: I6c9983459109d49c43304610b696d49de986a250
Reviewed-on: https://chromium-review.googlesource.com/735354
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48912}
E.g. use TrueConstant() instead of BooleanConstant(true) and
NullConstant() instead of HeapConstant(factory...null_value()).
R=jkummerow@chromium.org
Bug:
Change-Id: I0588d71940d8baf289eb8f8e6c8d20aa717d57f6
Reviewed-on: https://chromium-review.googlesource.com/735681
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48911}
The IsWhite check in the write barrier uses word size memory operations.
It should use 32-bit cell size operation instead.
Bug: v8:6955
Change-Id: I5bbcd99dcd7e3d435f96022a745a6c80c83eb3b3
Reviewed-on: https://chromium-review.googlesource.com/735153
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48910}
All use cases of the RecursiveMutex have been removed.
Bug: v8:6923
Change-Id: I25aeee2447db185dbaacf96ab06a660834a408b7
Reviewed-on: https://chromium-review.googlesource.com/735345
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48908}
Now that https://crrev.com/c/728026 has landed, we can construct the
constexpr RegLists using symbolic register names instead of hard-coding
the register codes.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I21e46aeb5e8598a56f641341bcd7cf718fe4fbf9
Reviewed-on: https://chromium-review.googlesource.com/735548
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48906}
This optimization was disabled because 32-bit builds didn't properly
find certain integer keys in maps anymore. The reason was that the
runtime wasn't using ComputeIntegerHash for the full Signed32 range,
but only for the SignedSmall range.
This change improves the ARES-6 Basic test by around 6-7% on the steady
state.
Bug: chromium:77459, v8:6410, v8:6354, v8:6278, v8:6344
Change-Id: Ifae64e6b23ca8acee4c792be299f64caf951242f
Reviewed-on: https://chromium-review.googlesource.com/737871
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48905}
This reverts commit eeaffa9f33.
Reason for revert: Breaks msan compile (uninitialized value in snapshot):
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/17824
Original change's description:
> [objects] Introduce {CodeDataContainer} object type.
>
> This introduces the {CodeDataContainer} as a container for all mutable
> fields associated with a {Code} object. For now only the kind-specific
> flags are moved, but more fields can/will be moved gradually. The goal
> is to make all fields in the {Code} header be immutable eventually.
>
> R=jarin@chromium.org
> BUG=v8:6792
>
> Change-Id: I2eeba893afaba877fb6117e1f18371898c3a175e
> Reviewed-on: https://chromium-review.googlesource.com/732987
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48902}
TBR=mstarzinger@chromium.org,jarin@chromium.org
Change-Id: I74fe833b074752d640cff4aa4680f250e1bd8780
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6792
Reviewed-on: https://chromium-review.googlesource.com/738029
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48904}
- Make it possible to store quarter-bytes instead of full bytes.
- Don't store is_used; it can be recovered correctly based on the actual full
parse (when a lazy function is eventually called) and
has_forced_scope_allocation.
- With the is_used change, the old testing approach (which compared a scope for
which we didn't do scope allocation to the baseline) no longer made
sense. Replaced it with a new testing approach, which is also closer to the
actual usage.
- First version (reverted): https://chromium-review.googlesource.com/725422
BUG=v8:5516
Change-Id: I1468af6670b689a104bd867377caa1d236070820
Reviewed-on: https://chromium-review.googlesource.com/733123
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48903}
This introduces the {CodeDataContainer} as a container for all mutable
fields associated with a {Code} object. For now only the kind-specific
flags are moved, but more fields can/will be moved gradually. The goal
is to make all fields in the {Code} header be immutable eventually.
R=jarin@chromium.org
BUG=v8:6792
Change-Id: I2eeba893afaba877fb6117e1f18371898c3a175e
Reviewed-on: https://chromium-review.googlesource.com/732987
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48902}
Body descriptors are used by marking and scavenging visitors.
Change-Id: I6912bb5b924755db5750f0a3b1e4909bff5375c7
Reviewed-on: https://chromium-review.googlesource.com/732978
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48901}
Otherwise, the quiet NaN bit might flip already when loading the
float/double from memory or storing it.
This fixes another NaN bit flip which happened on a single bot only.
R=titzer@chromium.org
Bug: v8:6954
Change-Id: Ica9be71db9c5b505302686e9c0a4b1cae020a7e4
Reviewed-on: https://chromium-review.googlesource.com/735320
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48900}
We found this while trying to integrate V8 6.3 into Node.js. One of the
tests started to crash on Windows.
https: //github.com/nodejs/node/pull/16271#issuecomment-337790715
Bug:
Change-Id: I82514ff7b9ca6a2b5c4489fe7388c4beda9931c9
Reviewed-on: https://chromium-review.googlesource.com/735400
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michaël Zasso <mic.besace@gmail.com>
Cr-Commit-Position: refs/heads/master@{#48899}
Elements on typed arrays are never looked up in the prototype chain, so
there's no point in depending on the prototype chain validity cells for
keyed stores to typed arrays. You just risk going megamorphic for
unrelated changes.
Bug: v8:6999
Change-Id: Id831de42a2c9eadfd5317ee9b5dbfaa207f236fe
Reviewed-on: https://chromium-review.googlesource.com/737789
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48898}
as opposed to waiting until state() is PREMONOMORPHIC like named
Load/StoreICs do. Keyed ICs do not have PREMONOMORPHIC state.
Bug: v8:6999
Change-Id: If37705d3301fb93a2fc2bf10fdeb255ff06fdb5e
Reviewed-on: https://chromium-review.googlesource.com/737655
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48895}
I am not committing the regression test from the bug because it takes
ages to run, but I have locally verified that it passes now.
Bug: chromium:776645
Change-Id: Ia7128d9fa3cf864b1c1b646802a973fe41d4c4ae
Reviewed-on: https://chromium-review.googlesource.com/735484
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48893}
This CL makes --trace-maps available in the default build by disabling
certain expensive/intrusive features.
This is an intermediate step to be able to write proper tests for --trace-maps
and the new map-processor.
Change-Id: Ib6a8fc9c77796c106d3af9d741d48abe6c6b9099
Reviewed-on: https://chromium-review.googlesource.com/734648
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48891}
It appears in the cctest context, both the old STUB, and the current
WASM_FUNCTION "just work"; however, in the upcoming off-the-gc wasm
world, we codegen call sites differently on x64 - far calls for
js-to-wasm (this case), and near calls otherwise.
Bug:
Change-Id: Iebf8acf164f07742fc367b7bbf266913dbc60c46
Reviewed-on: https://chromium-review.googlesource.com/735131
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48889}
Before, the standard way to create a RegList was either:
RegList list = (1 << 0) | (1 << 1) | ...
or
RegList list = rax.bit() | rdx.bit() | ...
The first way allows to make the RegList constexpr, but needs comments
to document which registers you are referring to, and it has no checks
that all bits you set on the RegList actually belong to valid registers.
The second one uses the symbolic names, hence is much more readable and
makes it harder to construct invalid RegLists. It's not constexpr
though, since the {bit()} method on the register types is not constexpr.
This CL adds a constexpr accessor to get the code and bit of a
constexpr Register, and adds a helper method to create a constexpr
RegList like this:
constexpr RegList list = Register::ListOf<rax, rdx, rdi>();
This new method is used in a number of places to test its
applicability. Other uses of the old pattern remain and can be cleaned
up later.
R=tebbi@chromium.org
Change-Id: Ie7b1d6342dc5f316dcfedd0363b3540ad5e7f413
Reviewed-on: https://chromium-review.googlesource.com/728026
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48887}
Similar to the incremental marker, rename the MarkingState to
MajorMarkingState and avoid using atomics on live byte count as the
concurrent tasks cache its value.
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
Bug: chromium:750084
Change-Id: Id37bb89385d4fbae95542073ea652617e61010d5
Reviewed-on: https://chromium-review.googlesource.com/735399
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48885}
This removes all but one caller of Literal::raw_value(), thus
hiding AstValue from the rest of the codebase. This is in
preparation to move much of AstValue's implementation up
into Literal itself, thus avoiding the overhead of the
underling ZoneObjects and allowing us to remove complexity
such as the cache of Smi-valued AstValues.
Bug: v8:6984
Change-Id: I1b90aa64b9d26db36ef486afe73cda4473ef866e
Reviewed-on: https://chromium-review.googlesource.com/731109
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48884}
Only rewind destructuring assignments if we actually preparsed
the arrow function. For the case of single-expression bodies,
we don't preparse, but we were previously erroneously rewinding.
Bug: v8:6970
Change-Id: I38e15a8a5bdb05abee3bafe7bbd7736b55a6950b
Reviewed-on: https://chromium-review.googlesource.com/733950
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48883}
This is to enable it to also be used for reporting AsmJS errors such that
this can be moved off-thread.
BUG=v8:5203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia46040b14d010702f10c02b8254aea84cba4d54d
Reviewed-on: https://chromium-review.googlesource.com/735606
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48881}
This moves bits that are accessed during a stack-walk out if the first
kind-specific flags field. Such bits are accessed during evacuation
within the GC and hence need to remain directly in the {Code} object,
the other bits in the kind-specific flags are mutable and hence will be
moved into a separate data container object.
R=jarin@chromium.org
BUG=v8:6792
Change-Id: I20b7d307110ca0c0eb6dd4df31a35fab4701c6da
Reviewed-on: https://chromium-review.googlesource.com/735145
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48877}
Our first implementation passed the source position as argument to the
runtime function, which would then generate an Error object, patch the
contained stack trace to point to the position given as argument, and
then throw the Error.
Since all our paths are now changed to call a builtin with proper
source position information, we do not need to patch anything any more.
R=ahaas@chromium.org
Bug: v8:5007
Change-Id: I70dce1b9fcf9966a13865c1c373f3e354908b009
Reviewed-on: https://chromium-review.googlesource.com/732117
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48876}
... mainly by adapting Object::Compare and
CodeStubAssembler::RelationalComparison.
TBR=rmcilroy@chromium.org
Change-Id: I34448d45b4950b9318263c4a667aa9db7d77232d
Bug: v8:6791
Reviewed-on: https://chromium-review.googlesource.com/730730
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48873}
