Restore the basic write barrier elimination that we used to run as part
of the simplified lowering phase (in ChangeLowering actually) before, by
moving the write barrier computation to SimplifiedLowering where we can
still look at types and consider the heap/isolate, and just update the
WriteBarrierKind in the FieldAccess/ElementAccess that we later use when
lowering to a machine Load/Store.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
R=mstarzinger@chromium.org
BUG=v8:4969,chromium:608636
LOG=n
Review-Url: https://codereview.chromium.org/1938993002
Cr-Commit-Position: refs/heads/master@{#35969}
PushBack(end-of-input) is a little weird, but since
Utf16CharacterStream::Advance will advance pos_m, but not buffer_cursor_
when at the end of the stream, pushing back the end-of-input token needs
to do the exact inverse.
(The reason Advance does not advance buffer_cursor_ is that buffer_cursor_ is often dereferenced
directly to access memory and so always needs to point to, well, memory.)
(The PushBack implementation for all other streams looks correct.)
R=rossberg@chromium.org
BUG=chromium:607903
LOG=Y
Review-Url: https://codereview.chromium.org/1941843002
Cr-Commit-Position: refs/heads/master@{#35968}
The string operators not only read memory, but also write memory in case
of cons string flattening, so we better make sure to have the stub calls
in the effect chain.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1938383002
Cr-Commit-Position: refs/heads/master@{#35965}
The Promise code previously used many names which were gratuitiously
different from the specification. This patch swaps in names from the
ES2015 spec, and inserts crossreferences to the spec. The patch
leaves mirrors over Promises unchanged for now, as these changes
could have compatibility risk.
R=cbruni@chromium.org
Review-Url: https://codereview.chromium.org/1919143004
Cr-Commit-Position: refs/heads/master@{#35962}
port d1b3d426ce (r35918)
original commit message:
Further refactor the pipeline to even run the first scheduler (part of
the effect control linearization) concurrently. This temporarily
disables most of the write barrier elimination, but we will get back to
that later.
Drive-by-fix: Remove the dead code from ChangeLowering, and stack
allocate the Typer in the pipeline. Also migrate the AllocateStub to a
native code builtin, so that we have the code object + a handle to it
available all the time.
BUG=
Review-Url: https://codereview.chromium.org/1940143002
Cr-Commit-Position: refs/heads/master@{#35961}
Use the ShiftLeftStub, ShiftRightStub and ShiftRightLogicalStub in
JSGenericLowering instead of the old-style patching BinaryOpIC.
Also remove the machinery to support patching ICs in TurboFan
completely, as this was the last user of code patching in TurboFan!
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1942153002
Cr-Commit-Position: refs/heads/master@{#35959}
Yield expressions are not allowed in formal parameter initializers of
generators, but we weren't properly catching the case where the yield
expression appeared in the 'extends' clause of a class expression.
They also aren't allowed in arrow functions, which we were failing to
catch due to not looking at the obscurely-named "FormalParameterInitializerError"
bit of ExpressionClassifier.
This patch passes along an ExpressionClassifier when parsing class
expressions and accumulates the proper error for that case.
For the arrow function case, the fix is simply to check for the
"formal parameter initializer" error once we know we've parsed
an arrow function. The error message used for this has also
been made specific to yield expressions.
Tests are added both for the error case and the non-error cases (where
yield is used in such a position inside the class body).
BUG=v8:4966, v8:4968, v8:4974
LOG=n
Review-Url: https://codereview.chromium.org/1941823003
Cr-Commit-Position: refs/heads/master@{#35957}
Port d1b3d426ce
Original commit message:
Further refactor the pipeline to even run the first scheduler (part of
the effect control linearization) concurrently. This temporarily
disables most of the write barrier elimination, but we will get back to
that later.
Drive-by-fix: Remove the dead code from ChangeLowering, and stack
allocate the Typer in the pipeline. Also migrate the AllocateStub to a
native code builtin, so that we have the code object + a handle to it
available all the time.
R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=
Review-Url: https://codereview.chromium.org/1941783003
Cr-Commit-Position: refs/heads/master@{#35950}
The ECMA 402 implementation previously pushed directly to real
Arrays, which risks having observably incorrect behavior in the
presence of monkey patching. This patch uses InternalArrays instead
to avoid that hazard.
R=jshin@chromium.org,yangguo@chromium.org
BUG=chromium:604299
LOG=N
Review-Url: https://codereview.chromium.org/1923803002
Cr-Commit-Position: refs/heads/master@{#35949}
Our implementation of the spec got one comparison wrong, at
step 19.d.iii (we were comparing against 'q' instead of 'p').
R=littledan@chromium.org
BUG=chromium:607566
LOG=n
Review-Url: https://codereview.chromium.org/1940643002
Cr-Commit-Position: refs/heads/master@{#35947}
It truned out we can enter nested message loop and call
SetIdle from inside the compilation in some obscure
situations. To not whitelist all the possible StateTag values,
we'd better ignore this call when not profiling as it has
no effect anyway.
This patch also reverts DCHECK change from https://codereview.chromium.org/1922703005/.
BUG=none
LOG=N
Review-Url: https://codereview.chromium.org/1936703002
Cr-Commit-Position: refs/heads/master@{#35946}
Currently GetStackSample doesn't support simulator, thus sampler is aware of
simulator, but since we are moving it out, it shouldn't have knowledge of
simulator. This patch moves the logic using simulator accessible
to Isolate::GetStackSample, so that it supports simulator.
BUG=v8:4956
LOG=n
Review-Url: https://codereview.chromium.org/1926863003
Cr-Commit-Position: refs/heads/master@{#35944}
gn builds are missing Windows manifests for d8.exe and
mksnapshot.exe. These manifests are necessary in order to get
predictable behavior on Windows.
LOG=N
BUG=602505
Review-Url: https://codereview.chromium.org/1941433002
Cr-Commit-Position: refs/heads/master@{#35943}
This avoids weird control flow when the bytecode generator skips dead code containing yields.
BUG=v8:4907
LOG=n
Review-Url: https://codereview.chromium.org/1927943003
Cr-Commit-Position: refs/heads/master@{#35940}
Port d1b3d426ce
Original commit message:
Further refactor the pipeline to even run the first scheduler (part of
the effect control linearization) concurrently. This temporarily
disables most of the write barrier elimination, but we will get back to
that later.
Drive-by-fix: Remove the dead code from ChangeLowering, and stack
allocate the Typer in the pipeline. Also migrate the AllocateStub to a
native code builtin, so that we have the code object + a handle to it
available all the time.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=v8:4969
LOG=N
Review-Url: https://codereview.chromium.org/1941613002
Cr-Commit-Position: refs/heads/master@{#35938}
This removes the CompilationInfoWithZone class, which was used to
allocate a CompilationInfo on the C-heap. By now the CompilationJob is
the single object being allocated on the C-heap and passed between the
main thread and the compilation thread. Structs requiring destruction
can be embedded within that CompilationJob. This simplifies involved
lifetimes by coupling all lifetimes to one single object.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/1930773003
Cr-Commit-Position: refs/heads/master@{#35936}
The Wasm suite reports both compile time and code size, however,
perf-to-html.py elides one of the results (compile time, in this case).
This affects the effectiveness of results reported by perf try bot runs.
This CL addresses that.
BUG=
Review-Url: https://codereview.chromium.org/1941573002
Cr-Commit-Position: refs/heads/master@{#35935}
The compilation pipeline is correctly guarding against accidental
tier-ups by now, the tests in question should no longer fail.
R=yangguo@chromium.org
BUG=v8:4961
LOG=n
Review-Url: https://codereview.chromium.org/1938983002
Cr-Commit-Position: refs/heads/master@{#35934}
For LoadElimination we must not replace LoadField nodes with other nodes
whose types are not a subtype of the original LoadField type, as that
breaks the verifier. We already fixed that earlier for store to load
forwarding, but the fix didn't cover LoadField forwarding.
This actually still generates the correct code even w/o the fix, but
since recently fails due to stronger checking in representation
selection. So this makes clusterfuzz happy again.
R=mvstanton@chromium.org
BUG=chromium:607899
LOG=n
Review-Url: https://codereview.chromium.org/1934973002
Cr-Commit-Position: refs/heads/master@{#35930}
Now ChangeLowering is only concerned with lowering memory access and
allocation operations, and all changes are consistently lowered during
the effect/control linearization pass. The next step is to move the
left over lowerings to a pass dedicated to eliminate redundant loads and
stores, eliminate write barriers, fold and inline allocations.
Drive-by-fix: Rename ChangeBitToBool to ChangeBitToTagged,
ChangeBoolToBit to ChangeTaggedToBit, and ChangeInt31ToTagged to
ChangeInt31ToTaggedSigned for consistency.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
Committed: https://crrev.com/ceca5ae308bddda166651c654f96d71d74f617d0
Cr-Commit-Position: refs/heads/master@{#35924}
Review-Url: https://codereview.chromium.org/1941673002
Cr-Commit-Position: refs/heads/master@{#35929}
Reason for revert:
[Sheriff] Breaks mac gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/5821
Original issue's description:
> [turbofan] Remove left-over change bits from ChangeLowering.
>
> Now ChangeLowering is only concerned with lowering memory access and
> allocation operations, and all changes are consistently lowered during
> the effect/control linearization pass. The next step is to move the
> left over lowerings to a pass dedicated to eliminate redundant loads and
> stores, eliminate write barriers, fold and inline allocations.
>
> Also remove the atomic regions now that we wire everything into the
> effect chain properly. This is an important step towards allocation
> inlining.
>
> Drive-by-fix: Rename ChangeBitToBool to ChangeBitToTagged,
> ChangeBoolToBit to ChangeTaggedToBit, and ChangeInt31ToTagged to
> ChangeInt31ToTaggedSigned for consistency.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
>
> Committed: https://crrev.com/ceca5ae308bddda166651c654f96d71d74f617d0
> Cr-Commit-Position: refs/heads/master@{#35924}
TBR=ishell@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/1942733002
Cr-Commit-Position: refs/heads/master@{#35927}
This adds ignition to the testing variants that are run on all
bots.
Failing tests can only be skipped with the NO_IGNITION
keyword in status files. Existing expectations for the
ignition_turbofan variant are all duplicated and use the
NO_IGNITION keyword as well now.
BUG=v8:4280
LOG=N
Committed: https://crrev.com/132c09ed619f23fb7c6d26a4e3552c703389eabd
Cr-Commit-Position: refs/heads/master@{#35865}
Review-Url: https://codereview.chromium.org/1804003002
Cr-Commit-Position: refs/heads/master@{#35926}
During ast decoding and turbofan graph construction, we explicitely pass
the byte offset for all instructions which potentially trap.
The byte offset is finally passed to the runtime function which throws
the actual error, but it is not used there yet.
The WasmGraphBuilder::Binop and Unop methods have a default value of -1
for the position, which allows for more compact code for all the
functions which assemble bigger snippets from the primitive operations.
Whenever the position is actually used for generating a trap, we
check that it is not negative.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/1915123006
Cr-Commit-Position: refs/heads/master@{#35925}
Now ChangeLowering is only concerned with lowering memory access and
allocation operations, and all changes are consistently lowered during
the effect/control linearization pass. The next step is to move the
left over lowerings to a pass dedicated to eliminate redundant loads and
stores, eliminate write barriers, fold and inline allocations.
Also remove the atomic regions now that we wire everything into the
effect chain properly. This is an important step towards allocation
inlining.
Drive-by-fix: Rename ChangeBitToBool to ChangeBitToTagged,
ChangeBoolToBit to ChangeTaggedToBit, and ChangeInt31ToTagged to
ChangeInt31ToTaggedSigned for consistency.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
Review-Url: https://codereview.chromium.org/1941673002
Cr-Commit-Position: refs/heads/master@{#35924}
This makes sure that Compiler::EnsureDeoptimizationSupport follows the
same limitations as other compilation functions that trigger a tier-up.
Specifically it prevents against tier-up while inlining when activations
are present on the stack.
R=yangguo@chromium.org
BUG=chromium:607494
LOG=n
Review-Url: https://codereview.chromium.org/1917193007
Cr-Commit-Position: refs/heads/master@{#35923}