This reverts commit ffe6940fbc.
Reason for revert: Breaks UBSan bot
Original change's description:
> Reland^2 "[torque] Throw exception instead of aborting if something goes wrong"
>
> This is a reland of 251d1623f3
>
> The reland fixes ASAN component builds by adding RTTI build config to both
> torque executables. Big thanks to sigurds for finding the fix.
>
> Original change's description:
> > Reland "[torque] Throw exception instead of aborting if something goes wrong"
> >
> > This is a reland of 3bd49f9b90
> >
> > The issue on the windows bot is apparently a compiler bug in MSVC related to
> > move construction. The fix seems to be to change the order of the fields in
> > "JsonParseResult" (go figure).
> >
> > Drive-by-change: Fix LS on windows by emitting correct line endings and
> > enabling exceptions for the LS executable as well.
> >
> > Original change's description:
> > > [torque] Throw exception instead of aborting if something goes wrong
> > >
> > > This CL enables exceptions for the Torque compiler and Torque language
> > > server. Instead of aborting when something goes wrong during
> > > compilation, a TorqueError is thrown, containing the error message
> > > and a source position. The compiler executable still prints the error
> > > and aborts, while the language server will pass this information
> > > along to the client (not included in this CL).
> > >
> > > R=danno@chromium.org
> > >
> > > Bug: v8:8880
> > > Change-Id: Iad83c46fb6a91c1babbc0ae7dbd94fbe4e7f1663
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526003
> > > Reviewed-by: Daniel Clifford <danno@chromium.org>
> > > Commit-Queue: Simon Zünd <szuend@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#60512}
> >
> > Bug: v8:8880
> > Change-Id: I00e6591bbb4c516dd7540a7e27196853bc637f11
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545995
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Commit-Queue: Simon Zünd <szuend@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#60736}
>
> Bug: v8:8880
> Change-Id: Iba198d771169283e83e74324f27aa9e90b8d8975
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1563770
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60804}
TBR=sigurds@chromium.org,tebbi@chromium.org,szuend@chromium.org
Change-Id: I30ccec8ac28158c102a4e9a01074432172685f96
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8880
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564207
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60805}
This is a reland of 251d1623f3
The reland fixes ASAN component builds by adding RTTI build config to both
torque executables. Big thanks to sigurds for finding the fix.
Original change's description:
> Reland "[torque] Throw exception instead of aborting if something goes wrong"
>
> This is a reland of 3bd49f9b90
>
> The issue on the windows bot is apparently a compiler bug in MSVC related to
> move construction. The fix seems to be to change the order of the fields in
> "JsonParseResult" (go figure).
>
> Drive-by-change: Fix LS on windows by emitting correct line endings and
> enabling exceptions for the LS executable as well.
>
> Original change's description:
> > [torque] Throw exception instead of aborting if something goes wrong
> >
> > This CL enables exceptions for the Torque compiler and Torque language
> > server. Instead of aborting when something goes wrong during
> > compilation, a TorqueError is thrown, containing the error message
> > and a source position. The compiler executable still prints the error
> > and aborts, while the language server will pass this information
> > along to the client (not included in this CL).
> >
> > R=danno@chromium.org
> >
> > Bug: v8:8880
> > Change-Id: Iad83c46fb6a91c1babbc0ae7dbd94fbe4e7f1663
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526003
> > Reviewed-by: Daniel Clifford <danno@chromium.org>
> > Commit-Queue: Simon Zünd <szuend@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#60512}
>
> Bug: v8:8880
> Change-Id: I00e6591bbb4c516dd7540a7e27196853bc637f11
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545995
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60736}
Bug: v8:8880
Change-Id: Iba198d771169283e83e74324f27aa9e90b8d8975
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1563770
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60804}
Adding a 'PrepareFunctionForOptimization' call will prevent the test
case in question to become flaky when stress testing bytecode flushing.
R=jarin@chromium.org
Bug: v8:9123
Change-Id: If192ebf571d3cd4f0d1ee31bc3f6313b74d3c866
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564202
Auto-Submit: Simon Zünd <szuend@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60803}
This CL changes the Symbol "stack_trace_symbol" to directly hold a
FrameArray instead of wrapping it with a JSArray first.
Bug: v8:9115
Change-Id: I2ac0b1fb380211568abdc6d9f50431c405349dec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564060
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60801}
See intent to ship here: https://groups.google.com/forum/#!topic/v8-users/zM05lYEBVog
wasm-module-builder.js is also changed to use the new syntax for specifying a table
index in an element segment. In the MVP, the table index was always zero. The
reference types proposal adds support for multiple tables, and originally used this
value to specify a non-zero table index. The bulk memory proposal needed a way to
specify a passive element segment, so it re-purposed the table index as a flags field
and uses a different field for the table index.
Bug: v8:7747
Change-Id: If24f2d04e88a29b714f1a78ed417803bae702c76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1560215
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60796}
This is particularly useful to fuzzers that seek to provoke
optimization.
Bug: v8:9119
Change-Id: I729f72a0e22686fbd56793875175c230e0230823
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564196
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60794}
It should work when Object.defineProperty is used to set a new value for seal object.
Add more test to cover this case as well.
Bug: chromium:951374
Change-Id: Idbbcc052b627587c71d5b5252340130d0fdfd595
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1562470
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60786}
The shared engine tests started flaking. They are broken since some
time, because the shared pointer to the {NativeModule} has temporary
additional users during compilation (in the {BackgroundCompileScope}).
This CL fixes the test by just removing the checks for use counts.
R=mstarzinger@chromium.org
Bug: v8:9117
Change-Id: Ia55ce66426f8d85c0ed8e4185aa6e507a6d327ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564056
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Auto-Submit: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60781}
This adds references to HeapObject fields to Torque.
The syntax is based on Rust (which is essentially C pointer syntax).
The type &T is a reference to T (which must be a scalar type for now).
We can create references from field access expressions, using the
addressof(&) operator:
&obj.fieldname
To read or assign a reference, we use the dereference(*) operator:
*someref = *otherref
This CL also uses references internally normal class field accesses,
but only if there is no overload for field accessor functions.
This allows to have overloaded field accessors for a subtype like
FastJSArray. However, there is a change in behavior in that an
operator ".fieldname" will stop reference creation and will therefore
also stop write access to a class field of the same name. That's why
this CL had to add a write overload ".length=" for FastJSArray.
References desugar to a pair of a tagged HeapObject pointer and an
untagged offset into this HeapObject. On the CSA-side, they are
represented by the C++ struct
struct TorqueReference {
TNode<HeapObject> object;
TNode<IntPtrT> offset;
};
Bug: v8:7793
Change-Id: Ica6468d47847bd68fb6b85f731cf8fbe142fa401
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557151
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60780}
The {code_table_} in {NativeModule} is protected by the
{allocation_mutex_}. The {code} and {code_table} accessors did not
acquire this lock though.
This CL removes the unsafe {code_table} accessor, renames {code} to
{GetCode} and protects it by a lock.
R=mstarzinger@chromium.org
Bug: v8:9112
Change-Id: Id2df68460b4c10291a49b4016b9574e02744e8b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561315
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60779}
On x64, we allocate one big code region such that we can use near jumps
and near calls. The jump table did not make use of that design yet.
This CL changes that by emitting jump table slots as near jumps. This
also speeds up patching jump table slots significantly, since far jumps
populate the inline constant pool, which is unneeded overhead in this
case.
As a drive-by, this CL cleans up the API of near_call and near_jmp. The
current semantics is broken, and only works because this is only used
for WebAssembly calls which are patched anyway after code generation.
Also, x64 now uses the same path in test-jump-table-assembler.cc as
arm64 to ensure that all targets are within near-call-distance.
R=mstarzinger@chromium.org
Bug: v8:8916
Change-Id: Iffc34e248b72167307ffdab62dd2212c4ae86a32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561313
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60777}
When clearing a DebugInfo, we need to check whether that function is
currently executing and, if so, update the on-stack BytecodeArray
pointer to refer to the original BytecodeArray. Otherwise, the original
BytecodeArray might get flushed, which can cause problems when
attempting to resume execution of the function.
Bug: v8:9067
Change-Id: Ief28a501294f5a34052e13f618fa084311eaa0b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1548573
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60774}
The current NumberEqual check ignores -0 when it is stored to
a constant unboxed double field containing 0.
Bug: v8:9113
Change-Id: I7eb59ca8af09ab7317da3c6ce9c9cedad81f6cae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561317
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60771}
... and ensure that runtime behaviour is in sync with the IC code.
Bug: chromium:950747, v8:9113
Change-Id: Ied66c9514cbe3a4d75fc71d4fc3b19ea1538f9b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561319
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60768}
Previously we'd need to eagerly compile upon access to function.length for a
lazy function. The preparser already computes function.length, however, so we
can store that information in the already available preparse data.
Change-Id: I19007c9db5839e8038291fb4433866303935f089
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564190
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60767}
MicrotasksScope has accidentally ignored the given MicrotaskQueue instance
when it's scoping out. That confused the embedder to start using the non
default MicrotaskQueue.
Change-Id: Id345605cf6520cd073429b08698de75f7681d93c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1563836
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60765}
This adds a new flag --modify-field-representation-inplace (enabled by
default), which lets the runtime perform field representation changes
for Smi to Tagged or for HeapObject to Tagged in-place instead of
creating new maps and marking the previous map tree as deprecated.
That means we create (a lot) fewer Maps and DescriptorArrays in the
beginning and also need to self-heal fewer objects later (migrating
off the deprecated maps). In TurboFan we just take the "field owner
dependency" whenever we use the field representation, which is very
similar to what we already do for the field types. That means if we
change the representation of a field that we used in optimized code,
we will simply deoptimize that code and have TurboFan potentially
later optimize it again with the new field representation.
On the Speedometer2/ElmJS-TodoMVC test, this reduces the total execution
time from around 415ms to around 352ms, which corresponds to a **15%**
improvement. The overall Speedometer2 score improves from around 74.1
to around 78.3 (on local runs with content_shell), corresponding to a
**5.6%** improvement here. 🎉
On the CNN desktop browsing story, it seems that we reduce map space
utilization/fragmentation by about 4-5%. But since we allocate a lot
less (fewer Maps and DescriptorArrays) we also significantly change
the GC timing, which heavily influences the results here. So take this
with a grain of salt. 🤷♂️
Note: For Double fields, this doesn't change anything, meaning they
still create new maps and deprecate the previous map trees.
Bug: v8:8749, v8:8865, v8:9114
Change-Id: I694a53f87ae5caeb868fd98a21809b66d4297d35
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Doc: http://bit.ly/v8-in-place-field-representation-changes
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561132
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60764}
When getting the starting address of a data segment, you can't use
`&vector[offset]` if offset is equal to the length of the vector. This
can happen when the length of the segment is 0.
The fix is to use Vector::SubVector instead.
Bug: v8:9106
Change-Id: Icf8968cc246c6d217d8061f76fb2631c2292433c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1560405
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60755}
The wasm engine is the same for all units, thus we should store (or
get) it in the compilation task, and not store it duplicated in each
compilation unit.
R=mstarzinger@chromium.org
Bug: v8:8916, v8:8343
Change-Id: Id4b062b5b8a52228b4d6051a67e025088a61d466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559863
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60754}
If the runtime does not transition in keyed store IC miss handler,
avoid generating transitioning handler since this could make
the receiver map non-stable. (The optimizing compiler does not like
non-stable fast prototype maps.)
Bug: chromium:950328
Change-Id: I113880d2033518e3eb8fd11df1599e56a67d7fd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559867
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60752}
This is a reland of Ie3ac389e1c082d1671efd4d74abc076ce943301b with a fix
for MSAN failures.
Interrupt budget was store in bytecode array and used to be shared
across all contexts. With lazy feedback allocation, using context
independent interrupt budget might lead to performance cliffs when
we have closures that do not share the same feedback (for ex: across
contexts). This would be a problem even earlier but it could be
more pronounced with feedback vector allocation, since the budgets
for optimization is much higher (144x) than the budget for feedback
allocation.
Bug: chromium:948835, v8:8394
Change-Id: I74f998c30e27caf3bd34510f4d7f57b65e6c7f0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561072
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60750}
This reverts commit 251d1623f3.
Reason for revert: Breaks ASAN debug builders for ClusterFuzz, see https://ci.chromium.org/p/v8/builders/ci/V8%20Clusterfuzz%20Linux64%20ASAN%20-%20debug%20builder/8115
Original change's description:
> Reland "[torque] Throw exception instead of aborting if something goes wrong"
>
> This is a reland of 3bd49f9b90
>
> The issue on the windows bot is apparently a compiler bug in MSVC related to
> move construction. The fix seems to be to change the order of the fields in
> "JsonParseResult" (go figure).
>
> Drive-by-change: Fix LS on windows by emitting correct line endings and
> enabling exceptions for the LS executable as well.
>
> Original change's description:
> > [torque] Throw exception instead of aborting if something goes wrong
> >
> > This CL enables exceptions for the Torque compiler and Torque language
> > server. Instead of aborting when something goes wrong during
> > compilation, a TorqueError is thrown, containing the error message
> > and a source position. The compiler executable still prints the error
> > and aborts, while the language server will pass this information
> > along to the client (not included in this CL).
> >
> > R=danno@chromium.org
> >
> > Bug: v8:8880
> > Change-Id: Iad83c46fb6a91c1babbc0ae7dbd94fbe4e7f1663
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526003
> > Reviewed-by: Daniel Clifford <danno@chromium.org>
> > Commit-Queue: Simon Zünd <szuend@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#60512}
>
> Bug: v8:8880
> Change-Id: I00e6591bbb4c516dd7540a7e27196853bc637f11
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545995
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60736}
TBR=danno@chromium.org,tebbi@chromium.org,szuend@chromium.org
Change-Id: I0b22db1652bd46fbb7167f75b710ed5e408ea8ac
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8880
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561311
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60747}
Instead of having sequential compilation implemented as a separate
path, we can just use the existing parallel compilation path, and
restrict the number of parallel compilations (if deterministic
compilation is required).
R=mstarzinger@chromium.org
Bug: v8:9104
Change-Id: Ia12c6e45455834a131b3d2ed55f5fe9132903d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552782
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60740}
This is a reland of 3bd49f9b90
The issue on the windows bot is apparently a compiler bug in MSVC related to
move construction. The fix seems to be to change the order of the fields in
"JsonParseResult" (go figure).
Drive-by-change: Fix LS on windows by emitting correct line endings and
enabling exceptions for the LS executable as well.
Original change's description:
> [torque] Throw exception instead of aborting if something goes wrong
>
> This CL enables exceptions for the Torque compiler and Torque language
> server. Instead of aborting when something goes wrong during
> compilation, a TorqueError is thrown, containing the error message
> and a source position. The compiler executable still prints the error
> and aborts, while the language server will pass this information
> along to the client (not included in this CL).
>
> R=danno@chromium.org
>
> Bug: v8:8880
> Change-Id: Iad83c46fb6a91c1babbc0ae7dbd94fbe4e7f1663
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526003
> Reviewed-by: Daniel Clifford <danno@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60512}
Bug: v8:8880
Change-Id: I00e6591bbb4c516dd7540a7e27196853bc637f11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545995
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60736}
This reverts commit f39944853f.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/26128
Original change's description:
> [interpreter] Move interrupt budget from BytecodeArray to FeedbackCell
>
> Interrupt budget was store in bytecode array and used to be shared
> across all contexts. With lazy feedback allocation, using context
> independent interrupt budget might lead to performance cliffs when
> we have closures that do not share the same feedback (for ex: across
> contexts). This would be a problem even earlier but it could be
> more pronounced with feedback vector allocation, since the budgets
> for optimization is much higher (144x) than the budget for feedback
> allocation.
>
> Bug: chromium:948835, v8:8394
> Change-Id: Ie3ac389e1c082d1671efd4d74abc076ce943301b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1558088
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60734}
TBR=jarin@chromium.org,mlippautz@chromium.org,mythria@chromium.org,jgruber@chromium.org,bmeurer@chromium.org
Change-Id: Icbec4d28d6ac258827e222461cff51f2a2f42472
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:948835, v8:8394
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1560990
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60735}
Interrupt budget was store in bytecode array and used to be shared
across all contexts. With lazy feedback allocation, using context
independent interrupt budget might lead to performance cliffs when
we have closures that do not share the same feedback (for ex: across
contexts). This would be a problem even earlier but it could be
more pronounced with feedback vector allocation, since the budgets
for optimization is much higher (144x) than the budget for feedback
allocation.
Bug: chromium:948835, v8:8394
Change-Id: Ie3ac389e1c082d1671efd4d74abc076ce943301b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1558088
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60734}
@@replace should only call ToString(replaceValue) once. Prior to this
CL this was not the case when
1. the given regexp is fast
2. the replacement is not callable
3. and its string representation contains a '$'.
In such a situation we'd call ToString both in the RegExpReplace
builtin, and after bailing out again in the RegExpReplaceRT runtime
function.
The fix is to pass the result of ToString(replaceValue) to the runtime
function. ToString in RegExpReplaceRT will be a no-op since the value
is already guaranteed to be a string.
Bug: chromium:947822
Change-Id: I14b4932a5ee29e49de4c2131dc2e98b50d93da49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559739
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60733}
- Add a new ClassScope for block scopes created for classes.
- Add a VariableMap in the class scope for private name resolution,
and a separate UnresolvedList for private names that will be resolved
only using ClassScopes. These are stored in RareData and will only be
allocated when there are private name declaration or access in the
class.
Design: https://docs.google.com/document/d/1l-D70uaHzXU8QVgQZ3ACikb3FLO6LTAfQVdGDXsh5mw/edit?usp=sharing
TBR: hpayer@chromium.org
Bug: v8:8330
Bug: v8:7468
Change-Id: I78191fc075f7f195f6c56c959773c382346cce8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1488271
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60726}
The test is working since some time. It was blocked on the jump table,
and patching it correctly when redirecting imported functions to the
interpreter.
R=mstarzinger@chromium.org
Bug: v8:7767
Change-Id: Id3a16de9c6403cab0321958b681ff18f216fe978
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559852
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60716}
This adds support for passing/returning reference type parameter/return
values when the interpreter is calling extern functions. It expands the
existing test coverage to the interpreter.
R=clemensh@chromium.org
TEST=mjsunit/wasm/anyref-interpreter,mjsunit/wasm/anyfunc-interpreter
BUG=v8:8091,v8:7581
Change-Id: I377e9d28aa36866c0441683ffd6a48160b721ec1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559853
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60715}
Since wasm optimizations are independent of JS optimizations, we can
just combine the "no_liftoff" variant with the existing "stress"
variant (which has the similar "--always-opt" option for JS), and add
a "Liftoff only" variant as part of "nooptimization".
This gives more coverage to find bugs like https://crrev.com/c/1543354
more easy.
R=mstarzinger@chromium.org, machenbach@chromium.org
Change-Id: I81bb22074c59dcb650a05252da43a4170cd467ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559740
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60714}
This change aims to simplify RawMachineAssembler::CallCFunction
interface by use of variadic templates.
Change-Id: Ie7081f692f62674f891f09abfd7149e8d95eeb81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526015
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60710}
Drive-by fix: In ProcessFeedbackForGlobalAccess, we had forgotten to
return the feedback when it already existed.
Bug: v8:7790, v8:9094
Change-Id: Ie4be6cef5755bbdd9d8ed472caaa2e32d243893d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554680
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60705}
The {remaining_uncommitted_code_space} method is only used for testing.
This CL removes it, and replaces all uses by {committed_code_space}.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: Icb50471da3564a5cd114b15836c8b346b932a108
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559735
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60704}
This adds support for loading and storing mutable imported globals
having a reference type in the interpreter. It expands existing test
coverage to the interpreter.
R=clemensh@chromium.org
TEST=mjsunit/wasm/anyref-globals-interpreter
BUG=v8:8091,v8:7581
Change-Id: I78e0c5c73664a183e1d92ec91eadf8b9a93e4787
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559743
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60701}
