Fail IsInvalid check if the property cell has been invalidated.
Bug: chromium:905555
Change-Id: Ia0712b97bd6ba628936b74b3893ddb1c229ee686
Reviewed-on: https://chromium-review.googlesource.com/c/1339863
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57597}
This updates the fast path check in RegExp.p.test reduction to
trigger with constant field tracking.
Bug: v8:8361
Change-Id: I05d2c44189d0cc647b898599d519c2af1d78487f
Reviewed-on: https://chromium-review.googlesource.com/c/1340250
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57596}
Small readability increase for the keyword check magic, using memcmp
instead of a chain of raw comparisons. Could allow better codegen for
memcmp-aware compilers, though in practice seems to have little effect
on generated code.
Change-Id: I91020fe67cebc9270c61c4c678e15217e436afff
Reviewed-on: https://chromium-review.googlesource.com/c/1340291
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57595}
In preparation for converting these stubs to builtins. This turns the
compile-time IsJSArray parameter into a runtime check.
Bug: v8:7777
Change-Id: Ief44e7cd77e772809e50618e55f51268e9ac8ad9
Reviewed-on: https://chromium-review.googlesource.com/c/1339868
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57594}
KeyedLoadSloppyArguments -> KeyedLoadIC_SloppyArguments
KeyedStoreSloppyArguments -> KeyedStoreIC_SloppyArguments
LoadIndexedIntercepter -> LoadIndexedInterceptorIC
StoreInArrayLiteralSlowStub -> StoreInArrayLiteralIC_Slow
StoreInterceptor -> StoreInterceptorIC
StoreSlowElementStub -> KeyedStoreIC_Slow
A few Store stubs were parameterized for the sole purpose of
determining the KeyedAccessStoreMode later on. These are now
implemented as a dedicated builtin for each store mode.
Bug: v8:7777
Change-Id: I743474b0e6c5d6ec2513bb9f8f3a93c5c0535927
Reviewed-on: https://chromium-review.googlesource.com/c/1339859
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57592}
Both regress-8432 and regress-8413 pass with the latest ICU
roll to 407b393.
TBR=ftang@chromium.org,gsathya@chromium.org,machenbach@chromium.org
Bug: v8:8432,v8:8414
Change-Id: I56f3d88c1f90021ad51062bc5f26a9e88877f954
Reviewed-on: https://chromium-review.googlesource.com/c/1341455
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57590}
This roll should cover the last batch of upstream $DONOTEVALUATE
updates.
TBR=gsathya@chromium.org
Bug: v8:7834, v8:8467
Change-Id: Ia1c6e8fa2fd7fd020c5499b3825a8c1e6c14db47
Reviewed-on: https://chromium-review.googlesource.com/c/1338348
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57587}
The CamelCase file is deprecated and I'd like to remove it at some point.
Change-Id: Iba491b01e5993ce2778c2ec58123e3aecafaf0ae
Reviewed-on: https://chromium-review.googlesource.com/c/1338346
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57585}
This patch allows the deoptimizer to keep embedded pointers intact.
Previously, the deoptimizer had to clear embedded pointers because
the mark-compactor relied on the Code::marked_for_deoptimization flag
to indicate whether the embedder pointers were cleared or not.
This patch adds a new flag called Code::embedded_objects_cleared()
and thus can correctly clear dead weak objects in deoptimized code.
Bug: v8:8459
Change-Id: I6eb6ff3aa2182bc41730e0a249965f8d8c0525ce
Reviewed-on: https://chromium-review.googlesource.com/c/1335943
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57584}
This reverts commit 2035042e87.
Reason for revert: Blocks the roll, see https://chromium-swarm.appspot.com/task?id=41356e9eff2a5010&refresh=10&show_raw=1 for error message
Original change's description:
> [wasm] Open HandleScope in LogCode
>
> In WasmCode::LogCode we allocate handles, but not all callers of LogCode
> open a HandleScope. Since the handles do not escape LogCode, we can just
> open a Handlescope in the function.
>
> R=herhut@chromium.org
>
> Bug: v8:8461
> Change-Id: I2031b467f976a9af6f541b60af245573f33d9676
> Reviewed-on: https://chromium-review.googlesource.com/c/1337736
> Reviewed-by: Stephan Herhut <herhut@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57550}
TBR=ahaas@chromium.org,herhut@chromium.org
NOTRY=true
Bug: v8:8461
Change-Id: I4c95c79c029f4eed2bbaf1fcf7ccb04203335659
Reviewed-on: https://chromium-review.googlesource.com/c/1340287
Commit-Queue: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57583}
Weak callbacks should not trigger recursive GCs during first round callbacks.
Any non-trivial work is supposed to be enqueued in the second round of
callbacks.
Bug: chromium:843903
Change-Id: Ieba58f31bab54c95b7d4027d3e16ee2d765438e7
Reviewed-on: https://chromium-review.googlesource.com/c/1340285
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57581}
This is the first in a series of patches for adding support to execute
without feedback vectors. This cl updates some of the bytecode handlers
to check for feedback before using them. All these bytecodes only collect
type feedback, so their funcitonality would not change. This cl changes the
implementation for following bytecode:
BinaryOperation
CompareOperation
UnaryOperation
Call
Bug: v8:8394
Change-Id: I284bf9c010718c65f3fe76b6f3f4461b5bfa6742
Reviewed-on: https://chromium-review.googlesource.com/c/1333667
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57580}
This way we'll always only use the variables_ map of the first ScopeInfo-backed
Scope in the Scope chain.
Change-Id: I9187f7ef0b300b3ee36184d6dddd37242786c19a
Reviewed-on: https://chromium-review.googlesource.com/c/1340284
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57579}
The platform specific macro assembler headers can not be included
directly. They require symbols declared in macro-assembler.h.
We also cannot include macro-assembler.h from the platform specific
headers, because that would form a cycle, and the include in
macro-assembler.h would be skipped, which then also fails.
This CL documents and enforces this unfortunate situation.
This helps with further iwyu cleanups.
Note that current code which includes the platform specific headers
only works because we transitively included macro-assembler.h already
before.
R=mstarzinger@chromium.org
Bug: v8:8238, v8:7490
Change-Id: I2dc65ad950400941406e1f2f8969d0d15f524bf8
Reviewed-on: https://chromium-review.googlesource.com/c/1340240
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57578}
Under normal execution, we commit code space in page chunks as we
need it. However, this confuses linux perf, as it generates mmap
events in the trace that seem to override the synthetic ones that
are inserted by perf inject.
Instead, when profiling with perf, we now commit the maximum code
space size upfront, leading to a single mmap event early on. While
this significantly increases memory use, it should not impact
profiling of running wasm code.
Bug: v8:8462
Change-Id: I078e9e486fe4ddecdea0b58543cc6bc5873cdfee
Reviewed-on: https://chromium-review.googlesource.com/c/1340279
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57577}
GC needs to be able to read a bigint's length while the main thread may
change the length and the sign (bigints are intentionally mutable as
long as they haven't escaped to user code). Since both values are stored
in the same bitfield, we need to make these accesses atomic.
Also change right-trimming to not insert a filler when the object is
in large object space (it makes no sense there).
Bug: v8:8440
Change-Id: I72a1b6f1eda54566d3cfad554dda1a98ddd61975
Reviewed-on: https://chromium-review.googlesource.com/c/1337737
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57576}
We now only cache Variable* in entry_point->variables_ so there's no point in
looking at all variables_ in the entire chain.
Change-Id: I3d1f389a9ad7d790d2e778a72cd5f7fc47880233
Reviewed-on: https://chromium-review.googlesource.com/c/1340245
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57574}
For short inputs (<= size of the type we want to generate), we fell back
to just generating constants. This CL changes that to only fall back to
constants once a single byte remains, and adds options to use constants
already before that.
R=ahaas@chromium.org
Bug: v8:894307
Change-Id: Ic4bf05d06090f52b67de2b322a9d5dcab6bbbe39
Reviewed-on: https://chromium-review.googlesource.com/c/1337739
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57573}
This CL implements an assembly order optimization that moves blocks
that end a loop with an unconditional backedge to the beginning of
the loop, saving a branch.
R=jarin@chromium.org,mstarzinger@chromium.org
BUG=v8:8423
Change-Id: I8a5d25f5472d71227af0f623277ea8d0a8d69867
Reviewed-on: https://chromium-review.googlesource.com/c/1335944
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57572}
This adds a new C++ API method
```cpp
Local<Object> Object::New(
Isolate* isolate,
Local<Value> prototype_or_null,
Local<Name>* keys,
Local<Value>* values,
size_t size);
```
which is similar to the `Object.create()` builtin exposed by JavaScript.
This new API is supposed to be used by the `http2` (in Node.js) to speed
up the creation of the HTTP header object.
Bug: v8:8422
Change-Id: I9910e88de0af2cbd8ce8a1d6cb6caa9451fb8cb4
Design-Document: http://bit.ly/v8-fast-object-create-cpp
Reviewed-on: https://chromium-review.googlesource.com/c/1337569
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57570}
With BytecodeArray flushing the SFI->BytecodeArray pointer will become pseudo weak.
In order to prevent instrumented bytecode from being flushed while the function is
being debugged, hold onto the instrumented bytecode strongly.
BUG=v8:8395
Change-Id: Ie346732b77833afa0595a84a4956295e50855392
Reviewed-on: https://chromium-review.googlesource.com/c/1312849
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57569}
This fixes building with 'v8_enable_trace_ignition = true'.
Change-Id: I991b3eaba2e1a50fe9f08ae5dec765c8257a5c26
Reviewed-on: https://chromium-review.googlesource.com/c/1340039
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57567}
This marks the InterpreterEntryTrampoline as isolate-independent. With
this change, all builtins are now embedded.
Slight changes were needed to how we deopt into the trampoline. We now
store the entry address within the Interpreter class instead of
embedding the builtin code target.
Bug: v8:7777
Change-Id: If781bf6f06cb2efbab1369ece757f04c343a1b38
Reviewed-on: https://chromium-review.googlesource.com/c/1337734
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57563}
This pulls both classes into a dedicated file. InstructionStream may
be removed in a follow-up.
Tbr: mlippautz@chromium.org
Bug: v8:6666
Change-Id: Ibd374eba25cebf7495390ec13f6b4aeac5e1dc01
Reviewed-on: https://chromium-review.googlesource.com/c/1337738
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57562}
All C++ functions called directly from generated code must have
a predictable ABI. We ensure that by requiring their return and
argument types to be scalars -- in particular, they must not be
non-pointer ObjectPtr or ObjectSlot types, which is easy to get
wrong and difficult to debug. This patch adds compile-time type
checks enforcing the requirement to the macro used for creating
ExternalReferences for functions.
Bug: v8:3770
Change-Id: I442cf25e2f72b7ea84d4a50c9c665b187b179ca0
Reviewed-on: https://chromium-review.googlesource.com/c/1334974
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57560}
This reverts commit 9c91b6877a.
Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Arm%20GC%20Stress/8864
Original change's description:
> [turbofan] Use feedback when reducing global loads/stores.
>
> We already record the script context location or the property cell
> as feedback of the global load/store IC, so Turbofan doesn't need
> to do the lookups again.
>
> Change-Id: I6cbd2937de344729cd8e146b4ff85ddf3de6a56e
> Reviewed-on: https://chromium-review.googlesource.com/c/1335691
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57555}
TBR=neis@chromium.org,ishell@chromium.org,bmeurer@chromium.org
Change-Id: I99d72075e01348733fecdffc6b5572b96eb577b4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1339860
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57559}
This is an experimental change that may help mitigate the issue.
TBR=machenbach@chromium.org
No-Try: true
No-Tree-Checks: true
Bug: chromium:893593
Change-Id: Idf15a63006c2c7ba2c31482e5103b2a0b1d64510
Reviewed-on: https://chromium-review.googlesource.com/c/1339401
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57558}
This is an experimental change that may help mitigate the issue.
TBR=machenbach@chromium.org
No-Try: true
No-Tree-Checks: true
Bug: chromium:893593
Change-Id: Ideb74a83b9937dbe917e8c7c93305d9824b48a93
Reviewed-on: https://chromium-review.googlesource.com/c/1339419
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57556}
We already record the script context location or the property cell
as feedback of the global load/store IC, so Turbofan doesn't need
to do the lookups again.
Change-Id: I6cbd2937de344729cd8e146b4ff85ddf3de6a56e
Reviewed-on: https://chromium-review.googlesource.com/c/1335691
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57555}
On MIPS and MIPS64 build began to fail after this commit:
01079cb82f.
Change-Id: Ib967fc0d17ce1d10fdfa97d541ce9e761508593f
Reviewed-on: https://chromium-review.googlesource.com/c/1337741
Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#57554}
With just five cache registers, Liftoff can run out of memory on a
64bit shift. This CL solves this by using a parallel register move and
pinning less registers.
R=ahaas@chromium.org
Bug: chromium:894307
Change-Id: I91ed0fee00ceb452841e5d1bb10905be6702dcce
Reviewed-on: https://chromium-review.googlesource.com/c/1337580
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57552}
In WasmCode::LogCode we allocate handles, but not all callers of LogCode
open a HandleScope. Since the handles do not escape LogCode, we can just
open a Handlescope in the function.
R=herhut@chromium.org
Bug: v8:8461
Change-Id: I2031b467f976a9af6f541b60af245573f33d9676
Reviewed-on: https://chromium-review.googlesource.com/c/1337736
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57550}