If --stress-lazy-source-positions is enabled then always collect source
positions after lazy compilation to try and flush out bytecode mismatch
bugs.
Bug: v8:8510
Change-Id: I895611c9fde2c4743d62951674277973def01d3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1679502
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62414}
In https://chromium-review.googlesource.com/c/v8/v8/+/1621941 we added
missing representation changes. By changing the return to an assignation,
we forgot to include the (now needed) else.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:7703
Change-Id: Ibc54a24ea4430fd43d70251ef1a44ef15c06aa46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678659
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62412}
Second attempt to reland 69fafb5fe3
now that the maybe_assigned bug is fixed.
> Original change's description:
> Enable lazy source positions by default
>
> Also adds a compile time flag which allows the default to be configured
> so node can disable it since it hangs the node cpu profiler tests.
>
> Bug: v8:8510
> Change-Id: Idf4785036dc6242769410091518a67ac9179b718
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1491491
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62089}
Bug: v8:8510
Change-Id: Ia6d5d1d3a3c2b6a14c70ee67b02bec62a6a1a1d4
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg, v8_linux64_gc_stress_custom_snapshot_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1679498
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62411}
Additionally to the baseline compilation time, do also measure the time
it takes to tier up to TurboFan.
Since the {AsyncCompileJob} will be gone after baseline compilation,
the timing has to be done via a separate callback, which will survive
until after top-tier compilation.
R=ahaas@chromium.orgCC=jwd@chromium.org
Bug: chromium:978425
Change-Id: I7914173191c8a7a2aeb47343973d4034010047a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678362
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62410}
With recent spec changes (I think in the bulk memory proposal),
WebAssembly instances exist and can be used even when instantiation
itself fails. Therefore the order of checks and assignents during
instantiation may matter. That's why I move the table import after the
checks of the import in this CL.
Note that I'm not aware that this is a problem yet. I think in the worst
case this CL has no effect. In the best case it helps.
R=clemensh@chromium.org
Bug: v8:9396
Change-Id: I83998ff98bded443b3f015cee778fa29a3374534
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678656
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62409}
The localeCompare for ASCII chars needs to expand the string contents
from one-byte representation into two-byte representation, which
requires memory copy. This CL skips the representation conversion by
using compareUTF8. It can improve the JetStream2 cdjs case by 21% on
my machine.
Change-Id: I3841dc700e36744aadd9a1ff9fa7d93c84dc04fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624705
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62408}
If there was an assignment to a maybe-shadowing dynamic variable,
then the shadowing variable would be marked maybe_assigned, but the
maybe-shadowed variable would stay unchanged. This meant that in
non-shadowing cases, the not-actually-shadowed variable would have
the wrong maybe_assigned state, and e.g. would break context
specialization.
This patch pessimistically unconditionally sets maybe_assigned on
variables shadowed by a dynamic variable in a `with` scope. This
marking can cause false positives and sub-optimal optimization for
some functions with 'with' blocks, but it's also the simplest fix
for this issue which doesn't affect performance in the common case
of no 'with' blocks.
Bug: v8:9394
Change-Id: I6924bd7d48dda61232aa9d72c39df1c76c665c67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678365
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62407}
This reverts commit a8fccd95ec.
Reason for revert: We'd need to investigate on a range of hardware
generations to assess if this is a good change; in general new
hardware (intel 9th gen / amd ryzen) seems to be happier with
xchg, while older hardware is not happy with xchg.
Original change's description:
> [codegen] Swap using xchgq rather than three movq on x64
>
> R=sigurds@chromium.org
>
> Change-Id: Icd6e66b9bb23ca0dbf9fc5fe5c737a0bc3056a89
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678359
> Auto-Submit: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62386}
TBR=sigurds@chromium.org,thibaudm@chromium.org
Change-Id: I8dc84d0899e6cbeccbca2cc557da9fb97c8d4bc8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1679495
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62405}
This reverts commit c1ea574e16.
Reason for revert: We'd need to investigate on a range of hardware
generations to assess if this is a good change; in general new
hardware (intel 9th gen / amd ryzen) seems to be happier with
xchg, while older hardware is not happy with xchg.
Original change's description:
> [codegen] Use xchg instead of push/pop for swap
>
> R=sigurds@chromium.org
>
> Change-Id: Id22a44fa15827d5c076496d872fe3be7da360b5e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678356
> Auto-Submit: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62383}
TBR=sigurds@chromium.org,thibaudm@chromium.org
Change-Id: Ieecbbc21fa7094fdfd190b266f6d8486ee8611b8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1679494
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62404}
We also introduce a subclass of AbstractBytecodeArray to allow access
to the off-heap copy of bytecode array from the bytecode iterator.
Note that not all bytecode iterators have been converted to iterate
the off-heap copy; in particular, bytecode analysis still iterates
the on-heap bytecode array.
Bug: v8:7790
Change-Id: Icc1b0adb5f63d7cfe94286311f64f209067bbfd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672931
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62403}
ObjectSetPrototypeOf and ReflectSetPrototypeOf are now Torque builtins (previously CPP) and the Proxy path is implemented completely in Torque while everything else calls into runtime (and is thus a bit slower than previously).
Perf improvement in micro-benchmark JSTests/Proxies
Before:
SetPrototypeOfWithoutTrap-Proxies(Score): 120
SetPrototypeOfWithTrap-Proxies(Score): 112
After:
SetPrototypeOfWithoutTrap-Proxies(Score): 131
SetPrototypeOfWithTrap-Proxies(Score): 127
Bug: v8:6664
Change-Id: I630096e1964c91d1ec39e19f380a2e9e948de4bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669787
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62402}
This is a reland of 8de427fae8
Original change's description:
> [debugger] Expose reference to the function in debug-evaluate
>
> R=verwaest@chromium.org
>
> Bug: chromium:878723
> Change-Id: Ic07f75f15230018b6d19cd1ee21f4be6dcad6360
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667408
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62385}
TBR=jgruber@chromium.org
Bug: chromium:878723
Change-Id: I0386655a9b2632d2d9438e674d4205ce5e5365f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1679490
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62401}
Just the low-hanging fruit. There is more to do.
Bug: v8:2487
Change-Id: Ia9afa32797960f6c4c7c4fa0f39c70efc63663e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669698
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62397}
Boilerplate values may possess an unboxed double field filled with the kHoleNan64Int sentinel value, which indicates that the field is uninitialized. When a boilerplate value migrates away from the unboxed double representation to a tagged one, we should replace the sentinel value by the proper uninitialized oddball value.
This fixes an issue with JSCreateLowering::AllocateFastLiteral not detecting const stores of uninitialized values properly.
R=bmeurer@chromium.org, jarin@chromium.org
Bug: chromium:976598
Change-Id: I6bb216c0618a3105e6c8cfc04b1900d2f83a52ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674034
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Schmid <gsps@google.com>
Cr-Commit-Position: refs/heads/master@{#62394}
According to spec https://tc39.es/ecma262/#sec-object.preventextensions, the commit 8e0ef9b9a0 is missing the last step when object is proxy, it needs to return the object.
var proxy = new Proxy({}, {});
var object = Object.preventExtensions(proxy);
proxy === object; // should be true
Also, add mjsunit test.
Bug: v8:6664
Change-Id: Ic3688519539f8903ee0bc7e885905a86d195a4db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1668443
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62393}
This makes the code easier to read, and will also be helpful for the
extension to multiple indirect function tables.
R=clemensh@chromium.org
Bug: v8:9396
Change-Id: Idba143611e13f6b6cfc0e9d6c6f380ee3566db80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678476
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62390}
... when building inspector objects.
This is useful in Chromium, when recording the initiator information
for navigations.
See https://chromium-review.googlesource.com/c/chromium/src/+/1674885
Change-Id: Ib9ddcaf05586ca1f48a31921a20ab11a703ec7b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1677381
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62389}
Also show constant for ArchNops that encode assigning from a
constant.
Change-Id: I84590005dda62ebf445aada57f826f5ffcd5a802
Bug: v8:7327
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672943
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62388}
For float to int conversions and vice versa the MacroAssembler on x64
was using a mix of AVX and non-AVX instructions.
This CL fixes that to consistently use AVX if available.
R=jkummerow@chromium.org
Change-Id: I3aecda9b99881254b24949ced5bed870fdc2a754
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678361
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62387}
Offset adjustment on misaligned loads causes offset to be
overflow. This fixes it by using ldx if the new offset overflows.
Change-Id: Ib0fd339c127b70d5cbc9096b54480eb4355e753c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678396
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Auto-Submit: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#62384}
We only need to save the native context scope info object to
properly brokerize promise call reductions, rather than
adding the field to each ContextRef.
Bug: v8:7790
Change-Id: Id13dc8505972123cf77a50573c816c9a913686e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678416
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62382}
This is a reland of 5ff38bae08
Original change's description:
> [TurboFan] Fast path for JSAdd with BigInt feedback
>
> This CL introduces the necessary infrastructure to generate speculative
> BigInt operations in case of BigInt feedback. In particular, the JSAdd
> operator is lowered to a speculative call to the BigIntAdd builtin,
> with a deopt bailout in case of exceptions or violated assumptions.
>
> Bug: v8:9213
> Change-Id: I05796336eef9a4389fc31d59cad2d69f75512647
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657916
> Commit-Queue: Nico Hartmann <nicohartmann@google.com>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62362}
Bug: v8:9213
Change-Id: Ic0caf7aab2103b8f5e22a504427e8604cc894d75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1677209
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@google.com>
Cr-Commit-Position: refs/heads/master@{#62381}
When concurrent marking is on then normal stores to tagged fields must
be relaxed stores.
Bug: v8:9396
Change-Id: Id1189a6c7df5ae8e9e5dc4dad653d35bdd109c5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1677207
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62378}
Deprecated maps might not be updated before being passed to
PrepareForDataProperty. If the target map is a dictionary map,
then adding the data property can fail.
As a drive-by, remove the dead ForTransitionHandler code, which
was another (potentially unsafe) caller of PrepareForDataProperty
Bug: chromium:977012
Change-Id: I894bbc9bca2001555474a3570eb03fe6b0f69ddd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674029
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62377}
There's no reason to use the API RegExp type instead of the internal
JSRegExp type. In fact, the parsed flags end up in
Runtime_CreateRegExpLiteral, which assumes them to be of type
JSRegExp::Flags.
Drive-by: Additional asserts and helper functions in JSRegExp.
Bug: v8:9359
Change-Id: I5c12aba7d4e39a4891fb23d8b47c55fc480a28d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667004
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62376}
... instead of ISOLATELESS_GETTER for declaring and defining getters
and predicates that have to deal with decompression of tagged fields.
The new macro eases introduction of isolate-full getters.
Bug: v8:9353
Change-Id: Ic63baea819a9320c5677f5bd7dda123d7334d80f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1676285
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62373}
... in order to improve quality of C++ assembly.
This CL also switches C++ code to use branchful decompression.
Bug: v8:9353
Change-Id: Id6a5cc5db2ad729b4394cd541a7ec8035c0d4571
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1677204
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62372}
In TurboFan, context specialization is an optimization that tries to
either replace the load of a value from the context with a constant,
or if that can't be achieved, at least reduce the hops up the
context chain by starting a walk to the required depth from the
first constant context that it can reach.
Currently, this optimization is performed by looking into the
heap during a reducer pass. With fully concurrent TurboFan, we
need to instead gather information about contexts we may want
to perform this optimization on during serialization.
This CL adds functionality to the serializer to recognize and
model operations that affect the context register. We add to the
hinting structure already used by the serializer. There is
a new type of hint: a VirtualContext. This is a tuple consisting
of a handle to a Context, and a distance field that indicates how
far away in a to-be-realized chain this VirtualContext sits from
the context in the handle. For example:
bytecode stream:
...
CreateBlockContext
...
After a block context is created, the accumulator now contains
a VirtualContext Hint with a distance of 1 from any context hints
that we are keeping track of in the current context register.
More details in the design doc here:
https://docs.google.com/document/d/1Y0LKKCEenLWyAZTetoAIpKTZRCxaNdkYV8X1GaCax2A/edit?usp=sharing
Change-Id: I63732ebd106cc138fb1e9789d0676ece63e15d27
Bug: v8:7790
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605941
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62370}
This makes sure that BUILDING_V8_SHARED and USING_V8_SHARED are not
both set at once.
Change-Id: Iba3a4fac37518b6ec3658da4575453a7967ece0f
Bug: v8:8855
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627978
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62369}
Large regexp results may exceed kMaxRegularHeapObjectSize and must
thus be allocated in large object space.
Drive-by: Rename '%InNewSpace' to '%InYoungGeneration'.
Bug: chromium:976627
Change-Id: I38b5aecb95a95cf2fdbb24d19550cec34361a09d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674027
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62368}
We currently only sample synchronous compilation via
"V8.WasmCompileModuleMicroSeconds.wasm". This adds a similar counter
for asynchronous and streaming compilation. Both use the
{AsyncCompileJob}, which now records the start time of compilation and
records a sample when baseline compilation finished.
The sample will only be taken if a high-resolution clock is available.
R=ahaas@chromium.orgCC=jwd@chromium.org
Bug: chromium:978425
Change-Id: I4b083a8ebba685a1cc8fa87bfe30e9a0943e3394
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675963
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62367}