This moves code for running d8 into its own class. No functional
changes intended.
No-Try: true
Bug: chromium:1023091
Change-Id: I7cbfeebd2911dc758322f89cf93666550f2956d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906378
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64928}
Patch af608d4https://crrev.com/c/1903969 removed some functions used on mips platform.
Original Commit Message:
[utils] Remove unused classes and functions
This removes dead classes and functions from utils.h.
Change-Id: I558de38370b51a3f7dd0ea9712d9c9dc47fa05a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1909747
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64927}
After allocation of an object, we need to initialize it to make it safe
for the GC to see it. For complex objects like SharedFunctionInfo, this
initialization code is long and requires understanding of the object. So,
it makes sense for the initialization to live in the SharedFunctionInfo
code itself (as an Init method) rather than in the factory.
Aside from being a neat cleanup, this will allow us to share this
initialization logic between different allocation methods, as part of the
off-thread allocation project:
https://docs.google.com/document/d/1-_96kok0AcavkbcdqqZvpqt_2q-_XWAsAJwbRXlfwCo/
Bug: chromium:1011762
Change-Id: Ie276eb711423272f85abfeb3d88df1826a77b984
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1872402
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64926}
port 80dc6a3https://crrev.com/c/1903445
Original Commit Message:
[ptr-compr] Remove CompressedSigned MachineRepresentation
Since smi-corrputing, TaggedSigned (aka known smis) only have the lower
bits used. This renders CompressedSigned useless.
Change-Id: I3d656752bb81a09bd3985bd39ab9f656504f4da1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1911268
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64925}
This reverts commit d46bd852ad.
Reason for revert: I suspect this breaks the 'V8 Linux - predictable' bot. Specifically, 'typedarray-copywithin' has been failing since this landed. I am not exactly sure what is wrong from the tests error message, but see this link for more information:
https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8896980452133814304/+/steps/Check_-_d8__flakes_/0/logs/typedarray-copywithin/0
Original change's description:
> [ic] Migrate Code-based handlers to use data driven handler.
>
> All usage of KeyedLoadIC_Slow, HasIC_Slow, StoreInArrayLiteralIC_Slow
> and KeyedStoreIC_Slow now use data driven handlers
>
> Bug: v8:9779
> Change-Id: Idd888c5c10b462a5fe155ba0add36f95169bd76d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895988
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Suraj Sharma <surshar@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#64918}
TBR=rmcilroy@chromium.org,verwaest@chromium.org,surshar@microsoft.com
Change-Id: Id7c2b553f85b46048bed2c633b8bd24098f67147
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9779
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1912092
Reviewed-by: Joshua Litt <joshualitt@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64922}
This allows us to use them in constexpr contexts, just as DCHECK.
There were some "constexpr" keywords missing, and we cannot have
explicit template instantiations for constexpr.
R=jkummerow@chromium.org
Bug: v8:9810
Change-Id: Iba7c6ed4a16ea5077324880f59f7f0e17d1757a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910956
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64921}
Optimizes BitVector::Iterator::Advance by using base::bits::CountTrailingZeros to
skip through bitvector. Also inlines Advance in the header. This reduces the
LiveRangeAnalysis phase of TurboFan/Prop by about 2-5% on Octane.
BUG=v8:9684
Change-Id: I3954d50d8ae9bd062a153e1fa2cb0abfd43d73eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910948
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64920}
All usage of KeyedLoadIC_Slow, HasIC_Slow, StoreInArrayLiteralIC_Slow
and KeyedStoreIC_Slow now use data driven handlers
Bug: v8:9779
Change-Id: Idd888c5c10b462a5fe155ba0add36f95169bd76d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895988
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#64918}
Out of the six masks (for 64 bit value), three can be skipped because
the values are known to be within certain bounds.
R=jkummerow@chromium.org
Bug: v8:9810
Change-Id: I50c3bf2d374b14456aa0cbec076e894f25779151
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910110
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64916}
This reverts commit 75a6132505.
Reason for revert: Fails arm64 gc stress (see bisect): https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20gc%20stress/16691
Original change's description:
> [turbofan] Simplified LowerCheckedInt(32|64)ToTaggedSigned
>
> Merge duplicate LowerCheckedInt32ToTaggedSigned code.
>
> Skip ChangeInt32ToInt64:
> * In 32 bit archs, ChangeInt32ToInt64 is a no-op.
> * In 64 bit archs with 31 bit smis and smi corrupting enabled,
> ChangeInt32ToIntPtr can be skipped. This is because it would only
> change the upper bits, and those upper bits are not significant
> since we are smi-corrupting.
>
> Change-Id: Ia217773fc7fccdd6227f66fbd600326ebbe9b86d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893193
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64906}
TBR=jgruber@chromium.org,tebbi@chromium.org,solanes@chromium.org
Change-Id: I6586a6f226537acba988afa1be7454c2c3e6ee54
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910955
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64915}
This allows the tests to continue running on the gc fuzzers while
staying compatible with the --force-slow-path flag being passed
randomly.
When run in slow_path variants these tests are no-ops, but that's
negligible as the tests are also fast without slow_path.
Change-Id: I461c47b669b163e1e1594ea1a941f63e90f2221e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910947
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64914}
UMA data shows that we currently still allocate up to ten code spaces
per module. This is because the code size estimates are vastly off,
especially if both Liftoff and TurboFan is being used.
Also, code sizes differ by platform.
This CL adds more logic to the {EstimateNativeModuleCodeSize} function
to distinguish Liftoff and TurboFan, and to use different constants per
platform. A largeish comment explains how the numbers were generated,
and that they are an extreme over-generalization. However, without
further information about the module, this is the best we can do.
After all, being off even by a factor of two does not hurt too much, as
explained in the comment.
R=jkummerow@chromium.org
Change-Id: Icd178f5f4d0c7c8fa29b11b6eff7d14e64a1af1c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910102
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64913}
This reverts commit b3d748a282.
Reason for revert: Regressions, see https://crbug.com/1023423.
Original change's description:
> [regalloc] Use an adaptive data structure for live sets
>
> Live sets represent sets of live virtual registers at block entry and
> exit points. They are usually sparsely populated; for example, a sample
> taken from Octane2 shows 80% of sampled live sets with a fill ratio of
> 10% or less.
>
> Prior to this CL, live sets were implemented as a statically-sized bit
> vector. This is fine for low-ish virtual register counts, but becomes
> wasteful at higher numbers.
>
> This CL attempts to address this issue through an adaptive
> implementation. Small live sets remain bit vectors, while larger sets
> switch to a PersistentMap-based implementation. PersistentMap has very
> memory-efficient add/remove/copy operations.
>
> Of course, with adaptive data structures we enter the territory of
> parameter fiddling. In this case, two parameters are used:
> kMaxSmallSetSize controls when to switch implementations, and
> kMaxDeletionsBeforePrune controls when pruning (= managing the # of
> deleted entries in the map) sets in.
>
> On the (degenerate) test case from the linked bug, the register
> allocation zone shrinks from 1008MB to 475MB. For more realistic cases
> I expect savings on the order of 10s of KB.
>
> Bug: v8:9574
> Change-Id: Id903bbe23f030b418e8d887ef4839c8d65126c52
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1891693
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64872}
TBR=jgruber@chromium.org,tebbi@chromium.org,thibaudm@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9574
Change-Id: I5d684198f9c4575a0c892076459cc2c20dce9aec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910944
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64912}
On platforms that do not require the far jump table for wasm calls (32
bit platforms currently), we do not need to include a far jump table
slot per wasm function. Other places already used the
{NumWasmFunctionsInFarJumpTable} helper function, but in the actual
allocation of the far jump table, it was missing.
R=jkummerow@chromium.org
Change-Id: I30734a1a25cc80e38c47abfd39059d56c9e5de57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910101
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64911}
We used the same random seed for all test cases of a fuzz session
for transitioning from choosing the flags on V8 side.
Since the grace period for stable bisection is over, we now use
the same random number generator throughout the fuzz session which
leads to a wider range of differently chosen flags.
TBR=tmrts@chromium.org
No-Try: true
Bug: chromium:813833
Change-Id: I07b9fe5de378c01344afd486bfd85fcbf0fcd8d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906377
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64910}
There are some cases where we can ignore some truncations or
change nodes for Smi Untagging, when we are using 31 bit smis
in 64 bit architectures.
Updated DecompressionOptimizer to match the new pattern.
Change-Id: I89d34407e6f780ec0399cd427cf9d3e24ee5669a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1889877
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64909}
Wasm code GC is on by default now.
R=machenbach@chromium.org
No-Try: true
Change-Id: Ib24e68f431876ecb91e7ae6ef6bc6cc08c2ea0c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910942
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64908}
Merge duplicate LowerCheckedInt32ToTaggedSigned code.
Skip ChangeInt32ToInt64:
* In 32 bit archs, ChangeInt32ToInt64 is a no-op.
* In 64 bit archs with 31 bit smis and smi corrupting enabled,
ChangeInt32ToIntPtr can be skipped. This is because it would only
change the upper bits, and those upper bits are not significant
since we are smi-corrupting.
Change-Id: Ia217773fc7fccdd6227f66fbd600326ebbe9b86d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893193
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64906}
This is a reland of ab1b511c16
The offending flags are removed.
Original change's description:
> [test] Add more flags to numfuzz flags fuzzer
>
> This adds a selection of flags to numfuzz that are already used
> for different testing variants or on clusterfuzz for
> correctness testing.
>
> No-Try: true
> Change-Id: I79745b281b001f57d2b24977f3a8e9ce3bbab2a4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906573
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64884}
No-Try: true
Change-Id: Ie01f244147be0b0fda8cec83f48ac3f73c5a81ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910113
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64905}
This decomposes the crdtp library into multiple files.
Since it wasn't previously rolled
it's a bit more than just that.
Upstream review: https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/1907115
New Revision: d020a9e614d4a5116a7c71f288c0340e282e1a6e
Change-Id: I5c588469654bec3e933804ac706fa967c6fe57bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1907973
Auto-Submit: Johannes Henkel <johannes@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64902}
This patch excludes brand symbols from the result of
JSReceiver::GetPrivateEntries so that the brands do not show up
when the instances are inspected from the DevTools (e.g. via
`Runtime.getProperties()`).
To implement this, we use a bit in the Symbols to denote whether
it's a brand symbol. A brand symbol is also a private name
symbol so that we can just reuse the IC for accessing private
names and do not need to jump through extra ORs.
Design doc: https://docs.google.com/document/d/1N91LObhQexnB0eE7EvGe57HsvNMFX16CaWu-XCTnnmY/edit
Bug: v8:8671, v8:9839, v8:8330
Change-Id: I24346aeedce3602395289052d1e1350ae9390354
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1909757
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#64899}
... even with ptr-compr.
Although full uintptr-sized TypedArrays are not supported yet
we may already start using uint32-sized typed arrays as we no
longer rely on TypedArray length to be a Smi.
Bug: v8:4153
Change-Id: If179541ad4f02c4ec7de9d1f3836138fe526d8a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1905847
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64897}
Instead of changing all of TryToName to do the conversion to array
index, this patch narrows this fast path just to the element load IC
handler.
This patch also restores the HeapNumber conversion in TryToIntPtr and
in Turbofan inlining as per the original state of things.
Bug: v8:9449, chromium:1016738, chromium:1016709
Change-Id: Ibf3a2c38637fc36e0ee037dc740f273848d1e8a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1902386
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64896}
This reverts commit ab1b511c16.
Reason for revert: too many spurious errors
Original change's description:
> [test] Add more flags to numfuzz flags fuzzer
>
> This adds a selection of flags to numfuzz that are already used
> for different testing variants or on clusterfuzz for
> correctness testing.
>
> No-Try: true
> Change-Id: I79745b281b001f57d2b24977f3a8e9ce3bbab2a4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906573
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64884}
TBR=machenbach@chromium.org,clemensb@chromium.org,almuthanna@google.com,liviurau@chromium.org
Change-Id: Iba9cfa8e6e8e2cb3b9fe0f803b07376ae55d783c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910112
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64895}
They were there to avoid a GCC bug. Now that we do not support GCC 4 any
more, we can remove this workaround.
R=ahaas@chromium.org
Bug: v8:9810
Change-Id: I9346671cc1c5f0c83b47d0cfbd313cd1eb2179a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910104
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64893}
This creates a .tq file in src/objects for each src/objects/*.h file
with Torque-defined classes and moves the object definitions and
corresponding helpers/macros there.
In addition, we create files convert.tq and cast.tq in src/builtins
to move the casts and conversions to.
Since Torque-generated .cc files end up as .o files in the same
directory, there cannot be two .tq files of the same name. Thus it
was necessary to rename src/builtins/arguments.tq and
src/builtins/string.tq to not clash with the new files in src/objects.
This is a mechanical change that only moves code.
Design doc: http://doc/1fh4OUMjQMnQdJm3aiAPXQUNdgbQugkRGdJzDh8hmyzk
Bug: v8:9861 v8:9810 v8:7793
Change-Id: I9c54cb50f32b9ae0fb41752199515133eb59ea5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910100
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64892}
There were a couple of low-hanging fruits in code-stub-assembler. Tried
to keep it short to avoid conflicts with other CLs.
Bug: v8:9810
Change-Id: If23e16019116c22ddd6282867d9dd0b2e65a23f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906570
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64890}
Produces too many spurious errors with tests that normally get
skipped in jitless variant.
TBR=clemensb@chromium.org
No-Try: true
Change-Id: Iddf0e39e4c454a3b17568ba17a014e8d38922052
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910107
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64889}
The function-entry stack check should dominate all other
instructions in a function. Prior to this CL it was possible to create
paths not including a stack check due to SwitchOnGeneratorState: the
generator-creation branch had a stack check, while generator-resume
branches did not.
0 : af fb 00 01 SwitchOnGeneratorState r0, [0], [1] { 0: @22 }
4 : 27 fe fa Mov <closure>, r1
7 : 27 02 f9 Mov <this>, r2
10 : 64 0a fa 02 InvokeIntrinsic [_CreateJSGeneratorObject], r1-r2
14 : 26 fb Star r0
16 : a7 StackCheck
17 : b0 fb fb 01 00 SuspendGenerator r0, r0-r0, [0]
22 : b1 fb fb 01 ResumeGenerator r0, r0-r0
[... no stack check here ...]
This CL moves the stack check to the beginning of the bytecode array,
i.e. before SwitchOnGeneratorState.
Bug: chromium:1020031
Change-Id: I8ba8cba99611ddbe50c76023129d926cc84b1d5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903440
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64888}
When the serializer encounters a JSConstruct, it now serializes the
initial map of the new_target to enable further opitmizations in
JSNativeContextSpecialization.
Add regression tests as well.
Bug: v8:7790
Change-Id: Ifab2b58c64a341744e833ed063e9695d74a5cdce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900457
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64886}
Port 6e90f2f292
Original Commit Message:
Including but not limiting to removing:
* BitcastCompressedXXX
* CheckedCompressedXXX
* ChangeXXXToCompressedYYY
* ChangeCompressedXXX
As a note, ChangeTaggedToCompressed can't be removed just yet as it
is still in use.
R=solanes@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I0974b300654f61d152ea65016a0e278ea4ba1b60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1907440
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#64885}
This adds a selection of flags to numfuzz that are already used
for different testing variants or on clusterfuzz for
correctness testing.
No-Try: true
Change-Id: I79745b281b001f57d2b24977f3a8e9ce3bbab2a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906573
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64884}
Since smi-corrputing, TaggedSigned (aka known smis) only have the lower
bits used. This renders CompressedSigned useless.
Bug: v8:7703
Change-Id: Id59aaebc24d670ed32c483ceecf77fd194405ee4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903445
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64883}
This reverts commit 5e97378f92.
Reason for revert: Caused multiple regressions.
Original change's description:
> [heap] Promote young objects by default in MC
>
> Start experiment to promote all young live objects during mark-compact.
>
> The last CL https://crrev.com/c/1879938 got reverted because of a flaky
> test, see v8:9192.
>
> Change-Id: I16897f45fffeafbb7e70c21899976a4c026e69ba
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903432
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64832}
TBR=ulan@chromium.org,dinfuehr@chromium.org
Bug: chromium:1023308, chromium:1022708
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: Ie551f0765fb54a36e52c20da8b026e2c0ebf0451
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906385
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64882}
Including but not limiting to removing:
* BitcastCompressedXXX
* CheckedCompressedXXX
* ChangeXXXToCompressedYYY
* ChangeCompressedXXX
As a note, ChangeTaggedToCompressed can't be removed just yet as it
is still in use.
Bug: v8:7703
Change-Id: I98cf88a32adfa976d419e69702d1cac4d3e811a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903435
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64880}