This is for consistency and compiler-enforced type safety. No change
in behavior intended.
Change-Id: I31467832ba6c63fd5f97df9fee6221559b283d67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852766
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64244}
In some cases operand of compress operation may be a decompress node of
different representation. For example, after linearizing of
CheckedTaggedToTagged[Signed|Pointer](value) we will proceed using
|value| node which may have any other tagged representation.
Bug: v8:8977, v8:7703
Change-Id: I3e276511f2c6127b3ecc1fe1cef4f64e7120d027
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856003
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64243}
The root was moved to the beginning of a 4Gb reservation, which
imapacts codegen https://chromium-review.googlesource.com/c/v8/v8/+/1835548
Since the tests are now passing, removed the SKIP on cctests.
Bug: v8:9820, v8:9706
Change-Id: Icb45e5b078c405aee880bd7f1c333d28acb7c271
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849527
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64242}
This makes allocation of backing stores more robust by perfoming GCs
on allocation failure. The GCs help if there are existing large backing
stores that are retained by dead JSArrayBuffer objects.
Bug: chromium:1008938, v8:9380
Change-Id: Ic80b29214b8843427dfcdd141df71363821afe71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1855998
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64241}
The backing store is now propagated to the constructors directly,
instead of being attached after the construction. This ensures that
the backing store is allocated before the array buffer so that we can
trigger GCs on backing store allocation (if allocation fails).
The only exception is builtin where we have to allocate the array buffer
before the backing store to comply with the spec.
Bug: v8:9380
Tbr: verwaest@chromium.org
Change-Id: Ib37db65853f3673dd769368cc3e8b6538ad07ff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1853444
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64240}
This reverts commit 12b22b5198.
Reason for revert: Experiment finished.
Original change's description:
> Disable --instruction-scheduling for mksnapshot
>
> This is an experiment to see the memory/performance impact.
>
> Bug: v8:9775
> Change-Id: I2ae61ae8bb5c6c1c55436e96c4b2d8201cbf4739
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1832177
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64062}
TBR=mvstanton@chromium.org,neis@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9775
Change-Id: Ife556af5f8c09c25f20756a9b2ac940cb74359e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1855983
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64239}
instead of plain uint32_t as entry. This provides some type safety,
because the compiler will check that we are not mixing up indexes
and entries. It also paves the way to consistently using size_t for
TypedArray indexes.
Bug: v8:4153
Change-Id: Ie0eb63693c871efda9860d3d288896819868b66a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852765
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64236}
Code from ARES-6 Basic:
ldur w11, [x5, #15]
asr w11, w11, #1
sxtw x11, w11
With this CL:
ldur w11, [x5, #15]
sbfx x11, x11, #1, #31
This increases performance of Ares6 Basic by ~2% on Cortex-A53.
Also reduces the snapshot by ~2000 instructions.
Change-Id: Ie9801da730f832337306422d2a9c63461d9e5690
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849530
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#64235}
When aborting evacuation of a page, the GC also needs to take care
of invalidated objects and recorded slots on the page. Add a test
to ensure that future changes do not break this behavior.
Bug: chromium:1012081
Change-Id: I110db67157e4b8c7fdb4d1061e9df6955b532a70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1855758
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64234}
Tweaks AdvanceBytecodeOffsetOrReturn so that the sequence of (cmp,beq)+
instructions is converted to (cmp, cmpne+, beq) saving an instruction
for every return bytecode. In reality this just saves a single
instruction.
Bug: v8:9771
Change-Id: I7cf2d5ae27ff5495808792aa4c953b97c2bb5b71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1853246
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64232}
The vst1 and vld1 instruction does a post-increment access. What we
intend is the usual access at (base+offset). This change adds a helper
function that is called for load and stores of s128, which emits the add
instruction to do base+offset, and then change the addressing mode of
the load/store to Operand2_R, which generates the variant of vld1/vst1
without the offset register. This is similar to how kSimd128 values are
loaded/stored in VisitUnalignedLoad and VisitUnalignedStore.
We also remove kSimd128 cases from UnalignedLoad and UnalignedStore,
since it is supported (see A3.2.1 Unaligned Data Access, ARM DDI
0406C.d)
Bug: v8:9746
Bug: v8:9748
Change-Id: I60b987ac58a5eaacd498a940625163484a3dc2db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1834771
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64229}
This patch implements https://github.com/tc39/proposal-class-fields/pull/269
and makes sure we always throw TypeError when there is invalid private
name access in computed property keys.
Before this patch, private name variables of private fields and methods
are initialized together with computed property keys in the order they
are declared. Accessing undefined private names in the computed property
keys thus fail silently.
After this patch, we initialize the private name variables of private
fields before we initialize the computed property keys, so that invalid
access to private fields in the computed keys can be checked in the IC.
We now also initialize the brand early, so that invalid access to private
methods or accessors in the computed keys throw TypeError during brand
checks - and since these accesses are guarded by brand checks, we can
create the private methods and accessors after the class is
defined, and merge the home object setting with the creation
of the closures.
Bug: v8:8330, v8:9611
Change-Id: I01363f7befac6cf9dd28ec229b99a99102bcf012
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1846571
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64225}
While removing dead code, v8 currently removes jump targets, but leaves
suspend points, resulting in bytecode analysis issues. This cl simply
removes the suspend point if the remainder of the block is dead.
Bug: v8:9825
Change-Id: Ib147ca01cf64c695c0316017852d61f52fd10cf4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849197
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64223}
When evacuation is aborted for a page, objects at the beginning of a
page might have been evacuated. In addition to deleting recorded slots
for this area, evacuated objects need to be removed from the set of
invalidated objects since those objects store a forwarding pointer in
their map word. Calls to Size() and IsValidSlot() in the subsequent
"pointers updating"-phase would fail without a valid map pointer.
Bug: chromium:1012081
Change-Id: I15df6f6840cbecf019437562190d4fc1f3b6e368
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852764
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64221}
This patch refactors the declaration and allocation of the class variable, and
implements static private methods:
- The class variable is declared in the class scope with an explicit
reference through class_scope->class_variable(). Anonymous classes
whose class variable may be accessed transitively through static
private method access use the dot string as the class name. Whether
the class variable is allocated depending on whether it is used.
Other references of the class variable in the ClassLiteral AST node
and the ClassInfo structure are removed in favor of the reference
through the class scope.
- Previously the class variable was always (stack- or context-)
allocated if the class is named. Now if the class variable is only
referenced by name, it's stack allocated. If it's used transitively
by access to static private methods, or may be used through eval,
it's context allocated. Therefore we now use 1 less context slots
in the class context if it's a named class without anyone referencing
it by name in inner scopes.
- Explicit access to static private methods or potential access to
static private methods through eval results in forced context
allocation of the class variables. In those cases, we save its index
in context locals in the ScopeInfo and deserialize it later, so that
we can check that the receiver of static private methods is the class
constructor at run time. This flag is recorded as
HasSavedClassVariableIndexField in the scope info.
- Classes that need the class variable to be saved due to
access to static private methods now save a
ShouldSaveClassVariableIndexField in the preparse data so that the
bits on the variables can be updated during a reparse. In the case
of anonymous classes that need the class variables to be saved,
we also re-declare the class variable after the reparse since
the inner functions are skipped and we need to rely on the preparse
data flags to remember declaring it.
Design doc: https://docs.google.com/document/d/1rgGRw5RdzaRrM-GrIMhsn-DLULtADV2dmIdh_iIZxlc/edit
Bug: v8:8330
Change-Id: Idd07803f47614e97ad202de3b7faa9f71105eac5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781011
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64219}
An error can easily cause a lot of false positive lint messages, due to
unused variables, macros, etc. Thus we suppress subsequent lint messages
when there are errors.
Bug: v8:8880
Change-Id: I5c8ba89312b8eacb7ab22523677854bf9fe45da6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789160
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64217}
The total number of CPU features in use is 32, and is thus hitting the
integer-size limit.
This CL splits the CPU features by platform such that we have some
space again for adding more features.
R=neis@chromium.org
Change-Id: I5cdbe10808e10d143c1e92510dd275d8c5542535
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1850371
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64215}
This moves the list of {BreakPointInfo} objects from {WasmModuleObject}
to the corresponding {Script} object. Breakpoints are expected to affect
all modules/instances for a given script, hence the new placement of the
list is a preparation to fully support per-script breakpoints.
R=clemensb@chromium.org
BUG=v8:6847,chromium:893069
Change-Id: Id97058be5ed79cfdba2cecac5733ba161a6021d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852127
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64213}
The tier-up check is only needed for instances that currently go
through the interpreter. It is simpler to move the check into the
interpreter's C++ entry point. At that point, when we see a JSRegExp
that should tier-up, we simply return RETRY which will automatically
send us back into runtime where the actual recompilation happens.
Bug: v8:9566
Change-Id: Ib7bb5d21a30bae45d6e14846edd2a47469989b35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852125
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64210}
The flag is enabled since M-70, and we do not use the previous
behaviour anywhere. Hence, remove the flag and clean up some API code.
In particular, the concept of {TransferrableModule} is not needed any
more, we can just use {CompiledWasmModule}.
R=mstarzinger@chromium.org, adamk@chromium.org
Bug: v8:9810
Change-Id: I9b3aa4972277a9262b58da70b141e90d1de31f35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847366
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64209}
This requires a change to instruction selector to UseUnique so that it
does not shadow the temporary register.
Bug: v8:9810
Change-Id: I3da3e18fbbcc1dd8d40821a6c2453fd2d975ad15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849981
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64203}
In preparation for allowing Torque to generate the list of instance
types, I'd like to make the rules a bit more consistent for how instance
types are spelled. This CL is my proposal for a system where every
non-String instance type name is exactly equal to calling
CapifyStringWithUnderscores on the corresponding class name and
appending "_TYPE".
This change is almost all find&replace; the only manual changes are in:
- src/objects/instance-type.h
- src/torque/utils.cc
- tools/gen-postmortem-metadata.py
This change is in response to the review comment
https://chromium-review.googlesource.com/c/v8/v8/+/1757094/25/src/builtins/base.tq#132
Change-Id: Ife3857292669f54931708e934398b2684e60bea5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1814888
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64199}
Since SlotSet is just an array of Buckets, RecordWrite doesn't need
to calculate the SlotSet-address in the SlotSet-array. bucket_index is
now directly calculated from the offset of the slot from the start of
the page. bucket_index may therefore now also exceed SlotSet::kBuckets,
for large objects.
Also calculate cell_offset and bit_index from page_start_offset, it is
not necessary to truncate page_start_offset to MemoryChunk::kPageSize.
Bug: v8:9454
Change-Id: I17edeafa4681a6348482c64dd0616065ce3121c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849525
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64197}
When simulating how standard higher-order builtins call their function
argument, we were inconsistent and imprecise in what hints we used for
the arguments.
Bug: v8:7790
Change-Id: I9a76225f0f036f3e7ce1a62644204790e4eba74d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849519
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64196}
The method allocates, so it should return the buffer in a {unique_ptr}.
Also, the internals can be simplified by using {size_t} instead of
{int} and removing a redundant special case.
R=mlippautz@chromium.org
Bug: v8:9810
Change-Id: I94ac5814c284bf6ab075841ddbfb768d31dfff4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849514
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64195}