Since we are going to move Sampler as library, we creates tick-sample.[h|cc] for
TickSample, in order to maintain legacy code.
BUG=v8:4994
LOG=n
Review-Url: https://codereview.chromium.org/1952393002
Cr-Commit-Position: refs/heads/master@{#36267}
Expression::bounds_ is used only by a subset of compile passes, but the
data structure occupies space for every Expression node ever parsed. This
unneccessarily increases memory consumption. Particularly, peak memory
consumption during startup, which may cause out-of-memory errors.
This CL
- removes Expression::bounds_;
- introduces an AstTypeBounds container, which mappes Expression* to Bounds;
- modifies the code that actually requires bounds information, namely
Crankshaft compile and AsmWasmBuilder, to instantiate such an AstTypeBounds
container before typing and to pass it to the code that consumes this
information; and
- modifies all accesses to Expression::bounds_ to instead access the bounds
via the container instead.
Additionally, this rewrites test-ast-expression-visitor. The reason is that
this code attempted to test AstExpressionVisitor but did so exclusively
through its subclass ExpressionTypeCollector, meaning that the test dealt
almost exclusively with type bounds despite the class-under-test having
no knowledge or functionality related to it. Worse, the test was written
in a way to assume that type bounds were available outside & after
compilation, which is something this change changes.
BUG=v8:4947
Review-Url: https://codereview.chromium.org/1968383002
Cr-Commit-Position: refs/heads/master@{#36222}
This change introduces a pipeline for the final stages of
bytecode generation.
The peephole optimizer is made distinct from the BytecodeArrayBuilder.
A new BytecodeArrayWriter is responsible for writing bytecode. It
also keeps track of the maximum register seen and offers a potentially
smaller frame size.
R=rmcilroy@chromium.org
LOG=N
BUG=v8:4280
Review-Url: https://codereview.chromium.org/1947403002
Cr-Commit-Position: refs/heads/master@{#36220}
This patch removes the following properties, as their use count is
very low, they are V8-only, and not on a standards track.
- v8Parse
- resolved
- pattern
v8BreakIterator is left in as it has significantly more usage.
BUG=v8:3785
R=adamk,jshin@chromium.org
Review-Url: https://codereview.chromium.org/1968893002
Cr-Commit-Position: refs/heads/master@{#36190}
When I18N is enabled, use ICU's case conversion API and transliteration
API [1] to implement String.prototype.to{Upper,Lower}Case and
String.prototype.toLocale{Upper,Lower}Case.
* ICU-based case conversion was implemented in runtime-i18n.cc/i18n.js
* The above 4 functions are overridden with those in i18n.js when
--icu_case_mapping flag is turned on. To control the override by the flag,
they're overriden in icu-case-mapping.js
Previously, toLocale{U,L}Case just called to{U,L}Case so that they didn't
support locale-sensitive case conversion for Turkic languages (az, tr),
Greek (el) and Lithuanian (lt).
Before ICU APIs for the most general case are called, a fast-path for Latin-1
is tried. It's taken from Blink and adopted as necessary. This fast path
is always tried for to{U,L}Case. For toLocale{U,L}Case, it's only taken
when a locale (explicitly specified or default) is not in {az, el, lt, tr}.
With these changes, a build with --icu_case_mapping=true passes a bunch
of tests in test262/intl402/Strings/* and intl/* that failed before.
Handling of pure ASCII strings (aligned at word boundary) are not as fast
as Unibrow's implementation that uses word-by-word case conversion. OTOH,
Latin-1 input handling is faster than Unibrow. General Unicode input
handling is slower but more accurate.
See https://docs.google.com/spreadsheets/d/1KJCJxKc1FxFXjwmYqABS0_2cNdPetvnd8gY8_HGSbrg/edit?usp=sharing for the benchmark.
This CL started with http://crrev.com/1544023002#ps200001 by littledan@,
but has changed significantly since.
[1] See why transliteration API is needed for uppercasing in Greek.
http://bugs.icu-project.org/trac/ticket/10582
R=yangguo
BUG=v8:4476,v8:4477
LOG=Y
TEST=test262/{built-ins,intl402}/Strings/*, webkit/fast/js/*, mjsunit/string-case,
intl/general/case*
Review-Url: https://codereview.chromium.org/1812673005
Cr-Commit-Position: refs/heads/master@{#36187}
This code was used exclusively by its own unit test and can be safely removed.
BUG=v8:4947
LOG=N
Review-Url: https://codereview.chromium.org/1965373002
Cr-Commit-Position: refs/heads/master@{#36180}
This makes sure that targets depending on v8_libplatform
apply the required config.
BUG=chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/1962423003
Cr-Commit-Position: refs/heads/master@{#36170}
This adds a new pass MemoryOptimizer that walks over the effect chain
from Start and lowers all Allocate, LoadField, StoreField, LoadElement,
and StoreElement nodes, trying to fold allocations into allocation
groups and eliminate write barriers on StoreField and StoreElement if
possible (i.e. if the object belongs to the current allocation group and
that group allocates in new space).
R=hpayer@chromium.org, jarin@chromium.org
BUG=v8:4931, chromium:580959
LOG=n
Review-Url: https://codereview.chromium.org/1963583004
Cr-Commit-Position: refs/heads/master@{#36128}
atomic-utils.h only uses functionality from base/, and also by moving it into
base/, code outside of v8_base can benefit from it.
BUG=v8:4991
LOG=n
Review-Url: https://codereview.chromium.org/1954603002
Cr-Commit-Position: refs/heads/master@{#36114}
gn builds are missing Windows manifests for d8.exe and
mksnapshot.exe. These manifests are necessary in order to get
predictable behavior on Windows.
LOG=N
BUG=602505
Review-Url: https://codereview.chromium.org/1941433002
Cr-Commit-Position: refs/heads/master@{#35943}
This commit introduces IgnitionStatisticsExtension, which provides
methods for accessing Ignition statistics and counters from JavaScript.
The extension is registered when FLAG_ignition and
FLAG_trace_ignition_dispatches are both enabled.
For the moment, the only exposed function is
getIgnitionDispatchCounters(), which allows to retrieve Ignition
dispatch counters as a JavaScript object.
BUG=v8:4899
LOG=N
Review URL: https://codereview.chromium.org/1899133004
Cr-Commit-Position: refs/heads/master@{#35816}
Reason for revert:
Appears to break Android crbug.com/604422
Original issue's description:
> [GN] Define USE_EABI_HARDFLOAT=1 when arm_float_abi=="hard".
>
> Add this define to the config used for mksnapshot. This fixes a bug
> where certain applications would fail at runtime on Chromecast.
>
> BUG=592660
> LOG=Y
> Bug: internal b/27495984
>
> Test: Formerly broken Cast apps load and run as expected.
>
> Committed: https://crrev.com/86357d5235ceba61c151f0b6e509bcb365860454
> Cr-Commit-Position: refs/heads/master@{#35183}
TBR=dpranke@chromium.org,alokp@chromium.org,titzer@chromium.org,slan@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=592660,604422
LOG=n
Review URL: https://codereview.chromium.org/1906373002
Cr-Commit-Position: refs/heads/master@{#35725}
The feature was deprecated in M49 and flagged off in M50.
This patch removes it entirely from the codebase.
Review URL: https://codereview.chromium.org/1909433003
Cr-Commit-Position: refs/heads/master@{#35714}
This separation is needed to make two goals possible simultaneously:
* is should be possible to offer V8 components a simple, clean
interface to TurboFan's low-level code generation that doesn't
expose details about the TF.
* it should be possible to easily create new CodeAssembler "macros"
that don't require a review from an OWNER of the compiler directory.
Review URL: https://codereview.chromium.org/1875583003
Cr-Commit-Position: refs/heads/master@{#35576}
This introduces a compiler pass that schedules the graph and re-wires effect chain according to the schedule. It also connects allocating representation changes to the effect chain, and removes the BeginRegion and EndRegion nodes - they should not be needed anymore because all effectful nodes should be already wired-in.
This is an intermediate CL - the next step is to move lowering of the Change*ToTaggedEffect nodes to StateEffectIntroduction so that we do not have to introduce the effectful versions of nodes.
Review URL: https://codereview.chromium.org/1849603002
Cr-Commit-Position: refs/heads/master@{#35565}
This change implements switch as a balanced if/else tree or break table or
hybrid. A lot of asm.js modules are expected to extensively use switch
alongside function tables that can benefit from a better implementation.
BUG=v8:4203
TEST=mjsunit/asm-wasm
R=titzer@chromium.org,bradnelson@chromium.org,ahaas@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1838973002
Cr-Commit-Position: refs/heads/master@{#35455}
The usage of __attribute__((format(x, y)) was either wrong or missing from multiple functions, leading to erroneous formats. This CL:
- Imports PRINTF_FORMAT macro from Chrome's src/base/compiler-specific.h.
- Uses it appropriately.
- Imports Chrome's base/format_macros.h mainly to fix size_t formats (further cleanup could be done).
- Fixes a bunch of incorrect formats.
Original CL: https://codereview.chromium.org/1869433004
Reverted in: https://codereview.chromium.org/1867383002
Reverted again in: https://codereview.chromium.org/1877823003
Reverts due to non-CQ bots:
- First: v8_win_dbg, v8_win64_dbg, v8_mac_dbg
- Second: gc mole (added to v8_linux_rel_ng for this patch)
R= jochen@chromium.org
TBR= ahaas@chromium.org,bmeurer@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1872203005
Cr-Commit-Position: refs/heads/master@{#35423}
Makes browser_tests --gtest_filter=CrSettingsBrowserTest.CrSettingsTest
complete in a little over 8 seconds instead of timing out after 45s
on my box. Without this patch, the test is much slower in gn builds
than in gyp builds.
v8/ part, goes with https://codereview.chromium.org/1880693003
BUG=chromium:586511
LOG=n
Review URL: https://codereview.chromium.org/1882453002
Cr-Commit-Position: refs/heads/master@{#35415}
Reason for revert:
One small issue easily fixed here: https://codereview.chromium.org/1867333003/
But it looks like MSVS 2013 doesn't like some of the formats and exists with the unhelpful:
Stderr:
f:\dd\vctools\crt\crtw32\stdio\output.c(1125) : Assertion failed: ("Incorrect
format specifier", 0)
It's easier to revert for now, I'll dig more into the docs:
https://msdn.microsoft.com/en-us/library/56e442dc(v=vs.120).aspxhttps://msdn.microsoft.com/en-us/library/tcxf1dw6(v=vs.120).aspx
And then resubmit, making sure I run these bots.
Original issue's description:
> Fix printf formats
>
> The usage of __attribute__((format(x, y)) was either wrong or missing from multiple functions, leading to erroneous formats. This CL:
>
> - Imports PRINTF_FORMAT macro from Chrome's src/base/compiler-specific.h.
> - Uses it appropriately.
> - Imports Chrome's base/format_macros.h mainly to fix size_t formats (further cleanup could be done).
> - Fixes a bunch of incorrect formats.
>
> R= jochen@chromium.org, bmeurer@chromium.org, yangguo@chromium.org, ahaas@chromium.org
>
> Committed: https://crrev.com/6ebf9fbb93d31f9be41156a3325d58704ed4933d
> Cr-Commit-Position: refs/heads/master@{#35365}
TBR=jochen@chromium.org,bmeurer@chromium.org,yangguo@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1867383002
Cr-Commit-Position: refs/heads/master@{#35366}
The usage of __attribute__((format(x, y)) was either wrong or missing from multiple functions, leading to erroneous formats. This CL:
- Imports PRINTF_FORMAT macro from Chrome's src/base/compiler-specific.h.
- Uses it appropriately.
- Imports Chrome's base/format_macros.h mainly to fix size_t formats (further cleanup could be done).
- Fixes a bunch of incorrect formats.
R= jochen@chromium.org, bmeurer@chromium.org, yangguo@chromium.org, ahaas@chromium.org
Review URL: https://codereview.chromium.org/1869433004
Cr-Commit-Position: refs/heads/master@{#35365}
Aside from v8_imminent_deprecation_warnings, all of these existed
already but were not configurable as GN args.
BUG=chromium:542853
LOG=n
Review URL: https://codereview.chromium.org/1867963002
Cr-Commit-Position: refs/heads/master@{#35362}
1) I moved the implementations of the wrapper functions into a new cc
file so that I can use these wrapper functions in tests.
2) I made a generic test for all tests in
test-run-calls-to-external-references.cc. In the new test we only
compare the result of a function call through an external reference with
the result of a direct function call. This is sufficient because we only
want to test function calls through external references work here.
The implementation of these functions are tested somewhere else.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1853123002
Cr-Commit-Position: refs/heads/master@{#35289}
Introduce a ResumeGeneratorTrampoline, which does the actual stack state
reconstruction (currently always restores a fullcodegen frame), and
introduce appropriate TurboFan builtins for %GeneratorPrototype%.next,
%GeneratorPrototype%.return and %GeneratorPrototype%.throw based on
this native builtin.
Also unify the flooding in case of step-in to always work based on
JSFunction and remove the special casing for JSGeneratorObject.
R=mstarzinger@chromium.org, neis@chromium.orgTBR=rossberg@chromium.org
BUG=chromium:513471
LOG=n
Review URL: https://codereview.chromium.org/1865833002
Cr-Commit-Position: refs/heads/master@{#35283}
We expect that the majority of malloc'd memory held by V8 is allocated
in Zone objects. Introduce an Allocator class that is used by Zones to
manage memory, and allows for querying the current usage.
BUG=none
R=titzer@chromium.org,bmeurer@chromium.org,jarin@chromium.org
LOG=n
TBR=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1847543002
Cr-Commit-Position: refs/heads/master@{#35196}
Add this define to the config used for mksnapshot. This fixes a bug
where certain applications would fail at runtime on Chromecast.
BUG=592660
LOG=Y
Bug: internal b/27495984
Test: Formerly broken Cast apps load and run as expected.
Review URL: https://codereview.chromium.org/1839763003
Cr-Commit-Position: refs/heads/master@{#35183}
Change x64 to use the external references like all other platforms.
BUG=chromium:581076
LOG=N
Review URL: https://codereview.chromium.org/1844283002
Cr-Commit-Position: refs/heads/master@{#35160}
Difference from --perf-basic-prof:
- correctly attributes samples when code space gets reused (when unused code object dies and a new code objects is allocated at the same place).
- outputs compiled machine code for instruction-level profile.
Just like --perf-basic-prof, the file writer is not synchronized (even worse, there is a per-isolate file handle), so we will run into trouble with multiple isolates. However, this patch is still an improvement on --perf-basic-prof, and it should be fine to replace ll-prof.
The patch also introduces experimental support for debug info, but it does not seem to be picked by the perf tool.
Usage:
You need the perf tool from Linux kernel >4.5. Then run:
$ perf record -k mono d8 --perf-prof <your JS file>
$ perf inject -j -i perf.data -o perf.data.jitted
$ perf report -i perf.data.jitted
Some explanations:
The "-k mono" switch from "perf record" tells the perf tool to use the monotonic clock for perf sample timestamping. The "perf inject -j" command injects the collected code events into the perf data file, writing the output into perf.data.jitted. The perf report command then creates the report.
Review URL: https://codereview.chromium.org/1809203007
Cr-Commit-Position: refs/heads/master@{#35091}
It's been on since M49. Also moved tests from harmony -> es6,
one of which was merged with another test of the same name.
While moving stuff over to regexp.js, I also noticed that there
were unused calls to %FunctionSetName and %SetNativeFlag (those
calls are already handled by InstallGetter()).
Review URL: https://codereview.chromium.org/1838563003
Cr-Commit-Position: refs/heads/master@{#35076}
This patch implements ES2015 RegExp subclassing semantics, namely the
hardest part where RegExp.prototype.exec and certain flag getters can
be overridden in order to provide different behavior. This change is
hidden behind a new flag, --harmony-regexp-exec. The flag guards the
behavior by installing entirely different implementations of the
methods which follow the new semantics.
Preliminary performance tests show a 3-4x regression in the Octane
RegExp benchmark. The new code doesn't call out into several fast
paths that the old code supported, so this is expected.
The patch is tested mostly by test262, where most RegExp tests are fixed,
with the exception of deliberate spec violations for web compatibility,
and for the 'sticky' flag, which is not dynamically read by this patch
in all cases but rather statically compiled into the RegExp. The latter
will require a follow-on patch to implement. A small additional set of
tests verifies one particular case, mostly to check whether the flag
mechanism works.
R=adamk,yangguo@chromium.org
LOG=Y
BUG=v8:4602
Review URL: https://codereview.chromium.org/1596483005
Cr-Commit-Position: refs/heads/master@{#35068}
Reason for revert:
Makes nosnap bots timeout due to having to rebuild bytecode handlers.
Original issue's description:
> [Interpreter] Remove separate Ignition snapshot.
>
> Removes the seperate Ignition snapshot and build the Ignition bytecode
> handlers in the default snapshot.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/1798f3fe84faff32ba44e09f6aed79245dd98d80
> Cr-Commit-Position: refs/heads/master@{#35058}
TBR=machenbach@google.com,yangguo@chromium.org,mstarzinger@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review URL: https://codereview.chromium.org/1827143002
Cr-Commit-Position: refs/heads/master@{#35059}
Removes the seperate Ignition snapshot and build the Ignition bytecode
handlers in the default snapshot.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1833643002
Cr-Commit-Position: refs/heads/master@{#35058}
Introduces a bytecode whose handler executes the equivalent of %_IsArray and %_IsJSReceiver without a runtime call.
BUG=v8:4822
LOG=y
Review URL: https://codereview.chromium.org/1645763003
Cr-Commit-Position: refs/heads/master@{#34983}
Both of them shipped in Chrome 49 without incident.
Also move relevant tests from harmony/ to es6/.
Review URL: https://codereview.chromium.org/1815773002
Cr-Commit-Position: refs/heads/master@{#34964}
This change introduces wide prefix bytecodes to support wide (16-bit)
and extra-wide (32-bit) operands. It retires the previous
wide-bytecodes and reduces the number of operand types.
Operands are now either scalable or fixed size. Scalable operands
increase in width when a bytecode is prefixed with wide or extra-wide.
The bytecode handler table is extended to 256*3 entries. The
first 256 entries are used for bytecodes with 8-bit operands,
the second 256 entries are used for bytecodes with operands that
scale to 16-bits, and the third group of 256 entries are used for
bytecodes with operands that scale to 32-bits.
LOG=N
BUG=v8:4747,v8:4280
Review URL: https://codereview.chromium.org/1783483002
Cr-Commit-Position: refs/heads/master@{#34955}
Bounds check hoisting was known to be buggy and has never been turned on.
Since Crankshaft is deprecated, nobody is going to spend time fixing it,
so let's just get rid of it.
BUG=v8:4155,v8:4849
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1823623002
Cr-Commit-Position: refs/heads/master@{#34948}
(The goal is to have CodeStubAssembler be the sole assembler-like user of
the TF compiler pipeline; with RMA being a private implementation detail
and FAA being a client.)
BUG=chromium:508898
LOG=Y
Review URL: https://codereview.chromium.org/1674633002
Cr-Commit-Position: refs/heads/master@{#34852}
Introducing the KeyAccumulator accidentally removed some crucial fast-paths.
This CL starts rewriting the KeyAccumulator, step-by-step introducing the
special cases again.
BUG=chromium:545503, v8:4758
LOG=y
Review URL: https://codereview.chromium.org/1707743002
Cr-Commit-Position: refs/heads/master@{#34532}
On 32-bit systems FXXXConvertI64 instructions are compiled to calls to
C functions. The TF node for the function call is already generated in
the wasm compiler, the lowering of the I64 parameter is done in the
Int64Lowering.
R=titzer@chromium.org, yangguo@chromium.org
Review URL: https://codereview.chromium.org/1738623003
Cr-Commit-Position: refs/heads/master@{#34487}
The CompilationPhase helper class is only used in Crankshaft and is not
suitable for use in other compilers. This factors is out into a separate
file and moves it into the "crankshaft" directory.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1758773002
Cr-Commit-Position: refs/heads/master@{#34441}
Initial implementation of S390 specific debug and IC functions.
R=danno@chromium.org,jkummerow@chromium.org,jochen@chromium.org,jyan@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1743263003
Cr-Commit-Position: refs/heads/master@{#34400}
Initial commit with the bulk of the src/s390/* changes
along with associated changes to the build toolchain for
the new files.
A minor update to V8PRIuPTR definition for Mac OS X
affecting 32-bit S390 sim compilations.
R=danno@chromium.org,jkummerow@chromium.org,jochen@chromium.org,jyan@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1725243004
Cr-Commit-Position: refs/heads/master@{#34331}
This reverts commit 9146bc5e20.
This contains a fix for the following crash:
1. We record slots for a fixed array.
2. We trim the fixed array, so that some recorded slots are now in free space.
3. During mark-compact we sweep the page with the fixed array. Now free list items contain memory with recorded slots.
4. We evacuate a byte array using the new free list items.
5. We iterate slots that are now inside the byte array and crash.
BUG=chromium:589413,chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1735523002
Cr-Commit-Position: refs/heads/master@{#34302}
Reason for revert:
Revert because of canary crashes: crbug.com/589413
Original issue's description:
> Replace slots buffer with remembered set.
>
> Slots pointing to evacuation candidates are now recorded in the new RememberedSet<OLD_TO_OLD>.
>
> The remembered set is extended to support typed slots.
>
> During parallel evacuation all migration slots are recorded in local slots buffers.
> After evacuation all local slots are added to the remembered set.
>
> BUG=chromium:578883
> LOG=NO
>
> Committed: https://crrev.com/2285a99ef6f7d52f4f0c4d88a7db4224443ee152
> Cr-Commit-Position: refs/heads/master@{#34212}
TBR=jochen@chromium.org,hpayer@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:578883
Review URL: https://codereview.chromium.org/1725073003
Cr-Commit-Position: refs/heads/master@{#34238}
Slots pointing to evacuation candidates are now recorded in the new RememberedSet<OLD_TO_OLD>.
The remembered set is extended to support typed slots.
During parallel evacuation all migration slots are recorded in local slots buffers.
After evacuation all local slots are added to the remembered set.
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1703823002
Cr-Commit-Position: refs/heads/master@{#34212}
The Proxy enumerate trap and Reflect.enumerate are removed from the
ES2016 draft specification. This patch removes the Reflect.enumerate
function, and a follow-on patch will be responsible for the Proxy
trap changes.
R=adamk
LOG=Y
BUG=v8:4768
Review URL: https://codereview.chromium.org/1721453002
Cr-Commit-Position: refs/heads/master@{#34196}
This reducer doesn't really add value, because:
(a) it is only concerned with JSCallFunction and JSToNumber, but when
we get to it, all JSCallFunction nodes will have been replaced by
Call nodes, and in the not so far future, we will also have
replaced almost all JSToNumber nodes with better code,
(b) and the reducer tries to be smart and use one of the outermost
contexts, but that might not be beneficial always; actually it
might even create longer live ranges and lead to more spilling
in some cases.
But most importantly, the JSContextRelaxation currently blocks inlining
based on SharedFunctionInfo, because it requires the inliner to check
the native context, which in turn requires JSFunction knowledge. So I'm
removing this reducer for now to unblock the more important inliner
changes.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1715633002
Cr-Commit-Position: refs/heads/master@{#34139}
This new class provides a unified interface for recording and iterating slots in store and slots buffers:
RememberedSet<OLD_TO_NEW>::Insert(page, slot);
RememberedSet<OLD_TO_OLD>::Insert(page, slot);
RememberedSet<OLD_TO_NEW>::Iterate(heap, callback);
RememberedSet<OLD_TO_OLD>::Iterate(heap, callback);
After this change the store buffer is responsible only for collecting slots from the generated code.
Subsequent CLs will remove the slots buffer.
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1683653002
Cr-Commit-Position: refs/heads/master@{#34031}
Moves InterpreterAssembler out of the compiler directory and into the
interpreter directory. Makes InterpreterAssembler as subclass of
CodeStubAssembler.
As part of this change, the special bytecode dispatch linkage type
is removed and instead we use a InterfaceDispatchDescriptor and
a normal CodeStub linkage type.
Removes a bunch of duplicated logic in InterpreterAssembler and
instead uses the CodeStubAssembler logic. Refactors Interpreter
with these changes.
Modifies CodeStubAssembler to add the extra operations required
by the Interpreter (extra call types, raw memory access and some extra
binary ops). Also adds the ability for subclasses to add extra
prologue and epilogue operations around calls, which is required
for the Interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1673333004
Cr-Commit-Position: refs/heads/master@{#33873}
This moves the JSCreate related functionality from JSTypedLowering into
a dedicated JSCreateLowering reducer. This is in preparation of landing
the support for optimized literals in TurboFan, which would blow up
JSTypedLowering quite seriously otherwise.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1678833002
Cr-Commit-Position: refs/heads/master@{#33813}
This replaces the global remembered set with per-page remembered sets.
Each page in the old space, map space, and large object space keeps track of
the set of slots in the page pointing to the new space.
The data structure for storing slot sets is a two-level bitmap, which allows
us to remove the store buffer overflow and SCAN_ON_SCAVENGE logic.
Design doc: https://goo.gl/sMKCf7
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1608583002
Cr-Commit-Position: refs/heads/master@{#33806}
The goal of the Int64Reducer is to replace all int64 nodes in a tf graph
with a set of int32 nodes such that 64 bit tf functions can be executed
on 32 bit platforms. At the moment the Int64Reducer only replaces
Int64Constants, TruncateInt64ToInt32, and Word64And.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1655883002
Cr-Commit-Position: refs/heads/master@{#33721}
This CL removes the Config templatization from the types. It is not
necessary anymore, after the HeapTypes have been removed.
The CL also changes the type hierarchy - the specific type kinds are
not inner classes of the Type class and they do not inherit from Type.
This is partly because it seems impossible to make this work without
templates. Instead, a new TypeBase class is introduced and all the
structural (i.e., non-bitset) types inherit from it.
The bitset type still requires the bit-munging hack and some nasty
reinterpret-casts to pretend bitsets are of type Type*. Additionally,
there is now the same hack for TypeBase - all pointers to the sub-types
of TypeBase are reinterpret-casted to Type*. This is to keep the type
constructors in inline method definitions (although it is unclear how
much that actually buys us).
In future, we would like to move to a model where we encapsulate Type*
into a class (or possibly use Type where we used to use Type*). This
would loosen the coupling between bitset size and pointer size, and
eventually we would be able to have more bits.
TBR=bradnelson@chromium.org
Review URL: https://codereview.chromium.org/1655833002
Cr-Commit-Position: refs/heads/master@{#33656}
This reverts commit 85ba94f28c.
All parallelism can be turned off using --predictable, or --noparallel-compaction.
This patch completely parallelizes
- semispace copy: from space -> to space (within newspace)
- newspace evacuation: newspace -> oldspace
- oldspace compaction: oldspace -> oldspace
Previously newspace has been handled sequentially (semispace copy, newspace
evacuation) before compacting oldspace in parallel. However, on a high level
there are no dependencies between those two actions, hence we parallelize them
altogether. We base the number of evacuation tasks on the overall set of
to-be-processed pages (newspace + oldspace compaction pages).
Some low-level details:
- The hard cap on number of tasks has been lifted
- We cache store buffer entries locally before merging them back into the global
StoreBuffer in a finalization phase.
- We cache AllocationSite operations locally before merging them back into the
global pretenuring storage in a finalization phase.
- AllocationSite might be compacted while they would be needed for newspace
evacuation. To mitigate any problems we defer checking allocation sites for
newspace till merging locally buffered data.
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_asan_rel,v8_linux64_tsan_rel,v8_mac64_asan_rel
BUG=chromium:524425
LOG=N
R=hpayer@chromium.org, ulan@chromium.org
Review URL: https://codereview.chromium.org/1640563004
Cr-Commit-Position: refs/heads/master@{#33552}
Reason for revert:
[Sheriff] Leads to crashes on all webrtc chromium testers, e.g.:
https://build.chromium.org/p/chromium.webrtc/builders/Mac%20Tester/builds/49664
Original issue's description:
> [heap] Parallel newspace evacuation, semispace copy, and compaction \o/
>
> All parallelism can be turned off using --predictable, or --noparallel-compaction.
>
> This patch completely parallelizes
> - semispace copy: from space -> to space (within newspace)
> - newspace evacuation: newspace -> oldspace
> - oldspace compaction: oldspace -> oldspace
>
> Previously newspace has been handled sequentially (semispace copy, newspace
> evacuation) before compacting oldspace in parallel. However, on a high level
> there are no dependencies between those two actions, hence we parallelize them
> altogether. We base the number of evacuation tasks on the overall set of
> to-be-processed pages (newspace + oldspace compaction pages).
>
> Some low-level details:
> - The hard cap on number of tasks has been lifted
> - We cache store buffer entries locally before merging them back into the global
> StoreBuffer in a finalization phase.
> - We cache AllocationSite operations locally before merging them back into the
> global pretenuring storage in a finalization phase.
> - AllocationSite might be compacted while they would be needed for newspace
> evacuation. To mitigate any problems we defer checking allocation sites for
> newspace till merging locally buffered data.
>
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_asan_rel,v8_linux64_tsan_rel,v8_mac64_asan_rel
> BUG=chromium:524425
> LOG=N
> R=hpayer@chromium.org, ulan@chromium.org
>
> Committed: https://crrev.com/8f0fd8c0370ae8c5aab56491b879d7e30c329062
> Cr-Commit-Position: refs/heads/master@{#33523}
TBR=hpayer@chromium.org,ulan@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425
Review URL: https://codereview.chromium.org/1643473002
Cr-Commit-Position: refs/heads/master@{#33539}
All parallelism can be turned off using --predictable, or --noparallel-compaction.
This patch completely parallelizes
- semispace copy: from space -> to space (within newspace)
- newspace evacuation: newspace -> oldspace
- oldspace compaction: oldspace -> oldspace
Previously newspace has been handled sequentially (semispace copy, newspace
evacuation) before compacting oldspace in parallel. However, on a high level
there are no dependencies between those two actions, hence we parallelize them
altogether. We base the number of evacuation tasks on the overall set of
to-be-processed pages (newspace + oldspace compaction pages).
Some low-level details:
- The hard cap on number of tasks has been lifted
- We cache store buffer entries locally before merging them back into the global
StoreBuffer in a finalization phase.
- We cache AllocationSite operations locally before merging them back into the
global pretenuring storage in a finalization phase.
- AllocationSite might be compacted while they would be needed for newspace
evacuation. To mitigate any problems we defer checking allocation sites for
newspace till merging locally buffered data.
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_asan_rel,v8_linux64_tsan_rel,v8_mac64_asan_rel
BUG=chromium:524425
LOG=N
R=hpayer@chromium.org, ulan@chromium.org
Review URL: https://codereview.chromium.org/1577853007
Cr-Commit-Position: refs/heads/master@{#33523}
This increases the size of register operands to be 16-bit.
Not all bytecodes have wide register variants, so when they are
needed a register translator will copy them into a small area
reserved at the top of the 8-bit register range and these registers
are supplied as arguments to the bytecode with 8-bit operands.
This is non-intrusive for typical bytecode where the number of
registers is less than 120. For bytecodes with wide register
operands (above the window) their index needs to be translated
to avoid the reserved translation window.
Enables splay.js to run in Octane and a handful of mjsunit tests.
BUG=v8:4280,v8:4675
LOG=NO
Review URL: https://codereview.chromium.org/1613163002
Cr-Commit-Position: refs/heads/master@{#33516}
Reason for revert:
The random nature of the tests caused the following buildbot to fail: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20gcc%204.8/builds/4724/steps/Check/logs/stdio
Original issue's description:
> [profiler] Implement POC Sampling Heap Profiler
>
> This implements a proof-of-concept sampling based heap profiler inspired by
> tcmalloc's heap profiler [1] and Go's mprof/memprofile [2].
>
> The basic idea is the sample allocations using a randomized Poisson process. At
> any point in time we can cheaply request the set of live sample objects that
> should be a representative sample of heap. Samples include stack-traces from the
> allocation sites, making this an effective tool for memory leak debugging.
>
> Unlike AllocationTracking, this is intended to be cheap and usable online in
> production.
>
> The proof-of-concept is only sampling new-space allocations at this point.
> Support for sampling paged space and native allocations is anticipated in the
> future.
>
> [1] http://goog-perftools.sourceforge.net/doc/heap_profiler.html
> [2] http://blog.golang.org/profiling-go-programs
>
> Committed: https://crrev.com/e5a9947811db9c9e23557dbad27f8b8a349b3262
> Cr-Commit-Position: refs/heads/master@{#33448}
TBR=jochen@chromium.org,alph@chromium.org,hpayer@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1615173002
Cr-Commit-Position: refs/heads/master@{#33449}
This implements a proof-of-concept sampling based heap profiler inspired by
tcmalloc's heap profiler [1] and Go's mprof/memprofile [2].
The basic idea is the sample allocations using a randomized Poisson process. At
any point in time we can cheaply request the set of live sample objects that
should be a representative sample of heap. Samples include stack-traces from the
allocation sites, making this an effective tool for memory leak debugging.
Unlike AllocationTracking, this is intended to be cheap and usable online in
production.
The proof-of-concept is only sampling new-space allocations at this point.
Support for sampling paged space and native allocations is anticipated in the
future.
[1] http://goog-perftools.sourceforge.net/doc/heap_profiler.html
[2] http://blog.golang.org/profiling-go-programs
Review URL: https://codereview.chromium.org/1555553002
Cr-Commit-Position: refs/heads/master@{#33448}
This implements a first version of exception handler table construction
within the interpreter. Note that the local control flow for try-catch
and try-finally statements is still off, and also stack unwinding does
not yet respect interpreter frames. But generated handler tables should
be populated correctly already.
R=oth@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1607433005
Cr-Commit-Position: refs/heads/master@{#33400}
This splits out the SourcePosition class into a separate header file.
Reason for this refactoring is that said class is mostly used by the
Crankshaft compiler and not needed for all compilers. Also having the
assembler depend on the class creates a dependency cycle.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1581083009
Cr-Commit-Position: refs/heads/master@{#33325}
This is the first of several commits to contribute Linux on z Systems
(s390/s390x) port of V8. We will be breaking up the changes into several
(hopefully) logical commits.
This commit contains the changes to V8 Makefile and build toolchains to
introduce S390 macros and compiler options. Just for awareness for reviewers
is that s390 is 31-bit (not 32!) big-endian platform on Linux on z. (MSB of address
is used to distinguish between 24-bit vs 31-bit addressing!) s390x is
64-bit Linux on z. Names follow the general linux convention on the platform.
A quick roadmap on upcoming commits:
- Add \#include of S390 header files in common files
- S390 related tests + tooling changes
- printf macro for printing size_t values.
- S390 platform-specific code generation code (bulk of changes!)
R=danno@chromium.org,svenpanne@chromium.org,michael_dawson@ca.ibm.com,jyan@ca.ibm.com,mtbrandyberry@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1585813002
Cr-Commit-Position: refs/heads/master@{#33304}
Split RegisterAllocationScope out of ExpressionResult and allocate one
for each statement. This ensures that we always have an outer register
allocation scope for statement code (used in CountOperation and
RegisterExecutionResult). Also refactored the register allocator code to
move it to it's own file and rename from TemporaryRegisterScope to
BytecodeRegisterAllocator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1587033002
Cr-Commit-Position: refs/heads/master@{#33296}
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.
R=yangguo@chromium.org
BUG=chromium:576574
LOG=n
Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
Cr-Commit-Position: refs/heads/master@{#33228}
Review URL: https://codereview.chromium.org/1579613002
Cr-Commit-Position: refs/heads/master@{#33231}
Reason for revert:
[Sheriff] Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/5711
Original issue's description:
> [builtins] Refactor the remaining Date builtins.
>
> This migrates the remaining Date builtins to C++ and removes obsolete
> intrinsics and JavaScript wrappers. This reduces the overhead imposed
> by the Date builtins, and will allow us to optimize them later in the
> TurboFan compiler, while the interpreter doesn't need to worry about
> them.
>
> R=yangguo@chromium.org
> BUG=chromium:576574
> LOG=n
>
> Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
> Cr-Commit-Position: refs/heads/master@{#33228}
TBR=yangguo@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:576574
Review URL: https://codereview.chromium.org/1574223002
Cr-Commit-Position: refs/heads/master@{#33230}
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.
R=yangguo@chromium.org
BUG=chromium:576574
LOG=n
Review URL: https://codereview.chromium.org/1579613002
Cr-Commit-Position: refs/heads/master@{#33228}
This increases the size of addressable constant pool entries for jumps
to match other bytecodes using operands indexing the constant pool.
This change also introduces reservations for constant pool entries.
Reservations are used for forward jumps to ensure a constant pool entry
will be available when the jump target (label) is bound and the jump is
patched up in the bytecode array.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1546683002
Cr-Commit-Position: refs/heads/master@{#33125}
This patch adds the basis for subclassing TypedArrays, Arrays and
ArrayBuffers through the @@species hook, added in ES2015. This is
the first patch in a series. This patch simply defines the
@@species Symbol and installs it on the appropriate constructors.
The behavior is guarded behind the --harmony-species flag.
R=cbruni
BUG=v8:4093
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1558543002
Cr-Commit-Position: refs/heads/master@{#33095}
When the 'y' flag was shipped, the property RegExp.prototype.unicode was
accidentally also shipped. However, the existence of this property should
be a usable feature testing point. This patch adds the 'unicode' getter on
RegExp.prototype only if the --harmony-regexp-unicode flag is turned on.
R=cbruni
CC=yangguo
BUG=v8:4644
LOG=Y
Review URL: https://codereview.chromium.org/1550713002
Cr-Commit-Position: refs/heads/master@{#33049}
This is based on the Skia Implementation.
More on the project can be found here:
https://docs.google.com/a/chromium.org/document/d/1_4LAnInOB8tM_DLjptWiszRwa4qwiSsDzMkO4tU-Qes/edit#heading=h.p97rw6yt8o2j
The V8 Tracing platform will replace the isolate->event_logger().
But since the current embedders (namely chromium) currently use the isolate->event_logger, I made the default implementation (event-tracer) call into isolate->event_logger if an event_logger was set.
Once the embedders properly implement the interface (for example in chromium it would look like this: https://codereview.chromium.org/707273005/), the default implementation will be doing nothing.
Once the embedders side is fixed, we will change how V8 uses the tracing framework beyond the call from Logger:CallEventLogger. (which would also include a d8 implementation)
BUG=v8:4560
LOG=N
Review URL: https://codereview.chromium.org/988893003
Cr-Commit-Position: refs/heads/master@{#32959}
This change adds support for local control flow when building graphs
from bytecode. The change ensures loop emitted from the bytecode
generator are in natural order so the only back branches are for loops.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1502243002
Cr-Commit-Position: refs/heads/master@{#32911}
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
The patch is being relanded after being reverted due to an
unrelated bug. This version is slightly different as promise_chain
is installed on the context regardless of the flag value, so that
the Promise::Chain API continues to work until it is deprecated.
BUG=v8:3237
R=rossberg
LOG=Y
Review URL: https://codereview.chromium.org/1513873002
Cr-Commit-Position: refs/heads/master@{#32772}
Reason for revert:
Meeh. Now "V8 Linux - gcmole" bot has issues; apparently due to a somewhat exotic builder configuration.
Original issue's description:
> Re-land FastAccessorBuilder.
>
> ... using the RawMachineAssembler and the work in crrev.com/1407313004.
>
> The original change collided with crrev.com/1513543003.
>
> BUG=chromium:508898
> LOG=Y
>
> Committed: https://crrev.com/515d9ccd8e6df7bf2ca01e2a55aaad30226399e1
> Cr-Commit-Position: refs/heads/master@{#32742}
>
> patch from issue 1474543004 at patchset 260001 (http://crrev.com/1474543004#ps260001)
>
> Committed: https://crrev.com/ee5c38d7db907ff86dd4049721c0cb4bc90a6c4d
> Cr-Commit-Position: refs/heads/master@{#32753}
TBR=epertoso@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:508898
Review URL: https://codereview.chromium.org/1517683002
Cr-Commit-Position: refs/heads/master@{#32754}
... using the RawMachineAssembler and the work in cl/1407313004
BUG=chromium:508898
LOG=Y
Review URL: https://codereview.chromium.org/1474543004
Cr-Commit-Position: refs/heads/master@{#32742}
* Add a sibling interface to InterpreterAssembler called
CodeStubAssembler which provides a wrapper around the
RawMachineAssembler and is intented to make it easy to build
efficient cross-platform code stubs. Much of the implementation
of CodeStubAssembler is shamelessly stolen from the
InterpreterAssembler, and the idea is to eventually merge the
two interfaces somehow, probably moving the
InterpreterAssembler interface over to use the
CodeStubAssembler. Short-term, however, the two interfaces
shall remain decoupled to increase our velocity developing the
two systems in parallel.
* Implement the StringLength stub in TurboFan with the new
CodeStubAssembler. Replace and remove the old Hydrogen-stub
version.
* Remove a whole slew of machinery to support JavaScript-style
code stub generation, since it ultimately proved unwieldy,
brittle and baroque. This cleanup includes removing the shared
code stub context, several example stubs and a tangle of build
file changes.
BUG=v8:4587
LOG=n
Review URL: https://codereview.chromium.org/1475953002
Cr-Commit-Position: refs/heads/master@{#32508}
This is the first part of escape analysis for turbofan.
At the moment, there is no deopt support, and support
for loops is partial (only binary Phis are handled).
The CL includes 4 unittests.
There are also 8 new mjsunit tests, some of which are
skiped as they require features not yet implemented.
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1457683003
Cr-Commit-Position: refs/heads/master@{#32498}
This is the initial support for binary operation hints on javascript
binary operators, i.e. JSAdd, JSSubtract and so on. The hints are
extracted from the fullcodegen code object before graph building and the
AstGraphBuilder puts those hints on the operators if available.
R=jarin@chromium.org
BUG=v8:4583
LOG=n
Review URL: https://codereview.chromium.org/1487973002
Cr-Commit-Position: refs/heads/master@{#32443}
Moves all files related to AST and scopes into ast/,
and all files related to scanner & parser to parsing/.
Also eliminates a couple of spurious dependencies.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1481613002
Cr-Commit-Position: refs/heads/master@{#32351}
Reason for revert:
Unsound use of types in the MachineOperatorReducer. Will work on a sound solution with Fedor.
Original issue's description:
> [compiler] merge binary-operator-reducer
>
> Merge BinaryOperatorReducer into the MachineOperatorReducer class.
> It does not need `Revisit()` calls, because the newly inserted nodes are
> visited anyway, and there are no other methods that need AdvancedReducer
> there.
>
> BUG=
> R=titzer@chromium.org
>
> Committed: https://crrev.com/993ba9d2529a6401b3040b9263f8d06db7dbb4f1
> Cr-Commit-Position: refs/heads/master@{#32298}
TBR=titzer@chromium.org,fedor@indutny.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1476763006
Cr-Commit-Position: refs/heads/master@{#32310}
Merge BinaryOperatorReducer into the MachineOperatorReducer class.
It does not need `Revisit()` calls, because the newly inserted nodes are
visited anyway, and there are no other methods that need AdvancedReducer
there.
BUG=
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1473073004
Cr-Commit-Position: refs/heads/master@{#32298}
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
BUG=v8:3237
R=rossberg
LOG=Y
Review URL: https://codereview.chromium.org/1469543003
Cr-Commit-Position: refs/heads/master@{#32194}
1) Body descriptors moved to their own header files.
2) Missing body descriptors added.
3) Template versions of HeapObject::Iterate*() methods added.
4) Body descriptors support new kind of queries: IsValidSlot(offset) which can be used for invalid slots filtering.
This is a first step towards virtual and static visitors unification and support in-object properties in built-in (sub-)classes.
Review URL: https://codereview.chromium.org/1440243002
Cr-Commit-Position: refs/heads/master@{#31980}
The JSCallReducer runs together with inlining and tries to strength
reduce JSCallFunction nodes; currently it can fold
Function.prototype.call and Function.prototype.apply (with arguments),
and make it possible to inline across them.
In the case of Function.prototype.apply with arguments we still have to
leave the JSCreateArguments node in the graph because there might be
other (frame state) uses. Once escape analysis is ready, it will take
care of removing these nodes and adding appropriate transitions for the
deoptimizer.
R=jarin@chromium.org
BUG=v8:4551
LOG=n
Review URL: https://codereview.chromium.org/1445513002
Cr-Commit-Position: refs/heads/master@{#31979}
Changing this value is not guaranteed to work yet, but it needs to be
an arg in order to experiment with it.
Review URL: https://codereview.chromium.org/1427343003
Cr-Commit-Position: refs/heads/master@{#31932}
The new GN rule will enable removal of code which copies natives_blob.bin and
snapshot_blob.bin in Android GN code (for instance "copy_content_shell_assets").
BUG=547162
LOG=Y
Review URL: https://codereview.chromium.org/1412333005
Cr-Commit-Position: refs/heads/master@{#31835}
The "harmony"-prefixed files have been included in the snapshot for
several releases now, and were only separate originally to enable
loading them via a runtime flag. This patch simply merges them into
the main implementation files for Arrays and TypedArrays, respectively.
Review URL: https://codereview.chromium.org/1416243007
Cr-Commit-Position: refs/heads/master@{#31767}
The JSNativeContextSpecialization class is getting rather huge with all
the stuff related to property and element access going in. Splitting off
the global object related stuff into JSGlobalObjectSpecialization seems
like a natural separation, especially since the global object
specialization is sort of separate issue anyway. This is neutral
functionality- and performance-wise.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1417043006
Cr-Commit-Position: refs/heads/master@{#31748}
This adds some initial support for keyed element access to fast,
non-holey JSArray objects.
Also renames PropertyAccessInfoFactory to AccessInfoFactory and
PropertyAccessMode to AccessMode.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1418213010
Cr-Commit-Position: refs/heads/master@{#31717}
Also changed the way that transitioning stores are represented in
a PropertyAccessInfo: There's no dedicated kind, but DataFields
have an optional transition map.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1416973014
Cr-Commit-Position: refs/heads/master@{#31692}
Rename ZoneTypeCache to TypeCache and use a single shared (immutable)
instance consistently to cache the most commonly used types. Also serves
as a chokepoint for defining those types, so we don't repeat the
definition (and possible bugs) in various places.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1409763004
Cr-Commit-Position: refs/heads/master@{#31631}
Both the JSTypeFeedbackSpecializer and the JSTypeFeedbackLowering is
dead code by now, since the more general JSNativeContextSpecialization
deals with the property/global load/store type feedback in a way that
also interacts properly with inlining.
BUG=v8:4470
LOG=n
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1407913003 .
Cr-Commit-Position: refs/heads/master@{#31462}
When eagerly parsing arrow functions, expressions in default
parameter initializers are parsed in the enclosing scope,
rather than in the function's scope (since that scope does not
yet exist). This leads to VariableProxies being added to the
wrong scope, and scope chains for FunctionLiterals being incorrect.
This patch addresses these problems by adding a subclass of
AstExpressionVisitor that moves VariableProxies to the proper
scope and fixes up scope chains of FunctionLiterals.
This is a revert of the revert https://crrev.com/e41614a058426fb6102e4ab2dd4f98997f00c0fc
with a much-improved (though not yet perfect) Scope::ResetOuterScope
method which properly fixes not only the outer_scope_ pointer but also
fixes the inner_scope_ list in the relevant outer_scopes.
More work likely still needs to be done to make this work completely,
but it's very close to correct.
BUG=v8:4395
LOG=y
Review URL: https://codereview.chromium.org/1414283002
Cr-Commit-Position: refs/heads/master@{#31435}
Reason for revert:
Breaks nosnap: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug%20-%202/builds/2407/steps/Check/logs/regress-4395
Original issue's description:
> [es6] Fix scoping for default parameters in arrow functions
>
> When eagerly parsing arrow functions, expressions in default
> parameter initializers are parsed in the enclosing scope,
> rather than in the function's scope (since that scope does not
> yet exist). This leads to VariableProxies being added to the
> wrong scope, and scope chains for FunctionLiterals being incorrect.
>
> This patch addresses these problems by adding a subclass of
> AstExpressionVisitor that moves VariableProxies to the proper
> scope and fixes up scope chains of FunctionLiterals.
>
> More work likely still needs to be done to make this work completely,
> but it's very close to correct.
>
> BUG=v8:4395
> LOG=y
>
> Committed: https://crrev.com/cf72aad39e51de9b7074ea039377c1812f4a2c6b
> Cr-Commit-Position: refs/heads/master@{#31402}
TBR=rossberg@chromium.org,caitpotter88@gmail.com,adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4395
Review URL: https://codereview.chromium.org/1417463004
Cr-Commit-Position: refs/heads/master@{#31404}
When eagerly parsing arrow functions, expressions in default
parameter initializers are parsed in the enclosing scope,
rather than in the function's scope (since that scope does not
yet exist). This leads to VariableProxies being added to the
wrong scope, and scope chains for FunctionLiterals being incorrect.
This patch addresses these problems by adding a subclass of
AstExpressionVisitor that moves VariableProxies to the proper
scope and fixes up scope chains of FunctionLiterals.
More work likely still needs to be done to make this work completely,
but it's very close to correct.
BUG=v8:4395
LOG=y
Review URL: https://codereview.chromium.org/1405313002
Cr-Commit-Position: refs/heads/master@{#31402}
Removes a branch that checks for a condition that has been checked on dominators of the branch.
This introduces a new reducer that propagates the list of checked conditions (and their boolean values) through the control flow graph. If it encounters a branch checking a condition with a known value, the branch is eliminated.
The analysis relies on loops being reducible: if a condition has been checked on all paths to loop entry, then it is checked in the loop (regardless what of the conditions checked inside the loop).
The implementation is fairly naive and could be improved:
- all the operation on the condition lists could be made allocation-free when revisited.
- we could try to use a map structure rather than a linked list (to make
lookups faster).
- the merging of control flow could be changed to take into account
conditions from non-dominating paths (as long as all paths check
the condition).
Review URL: https://codereview.chromium.org/1376293005
Cr-Commit-Position: refs/heads/master@{#31347}
This moves JavaScript source files that are bundled with V8 into a
separate directory. The goal is to improve code readability and also
being able to formalize ideal reviewers by subsequently adding the
OWNERS file. These files almost exclusively contain implementations
of methods fully specified by ES6.
Note that files in the "debug" directory as well as the "d8.js" file
aren't affected by this change.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1398733002
Cr-Commit-Position: refs/heads/master@{#31230}
This separates the core machinery and the heuristics involved with
inlining functions calls. So far the heuristic only respects our
%SetForceInlineFlag hint, but it will the place where general inlining
heuristics can live without impeding clarity of the core machinery.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1391903002
Cr-Commit-Position: refs/heads/master@{#31150}
Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context. Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.
Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations. Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
Cr-Commit-Position: refs/heads/master@{#31139}
Review URL: https://codereview.chromium.org/1387393002
Cr-Commit-Position: refs/heads/master@{#31148}
Reason for revert:
Breaks GC stress: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/1984/steps/Bisect%20c5528ac1.Retry/logs/regress-crbug-450960
Original issue's description:
> [turbofan] Add initial support for global specialization.
>
> Introduce a new JSGlobalSpecialization advanced reducer that runs
> during the initial inlining and context specialization, and specializes
> the graph to the globals of the native context. Currently we assume
> that we do not inline cross native context, but long-term we will grab
> the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
> new global load/store ICs that are currently in the workings), and then
> this whole specialization will be fully compositional even across
> cross-context inlining.
>
> Note that we cannot really handle most of the stores to global object
> property cells because TurboFan doesn't have a mechanism to enforce
> certain representations. Also note that we cannot yet fully benefit
> from the type feedback collected on the global object property cells,
> because the type system cannot deal with maps in a reasonable way.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
> R=jarin@chromium.org
> BUG=v8:4470
> LOG=n
>
> Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
> Cr-Commit-Position: refs/heads/master@{#31139}
TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4470
Review URL: https://codereview.chromium.org/1390073004
Cr-Commit-Position: refs/heads/master@{#31144}
Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context. Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.
Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations. Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1387393002
Cr-Commit-Position: refs/heads/master@{#31139}
This removes the lookup-inl.h header file, which actually would break
compilation if included more than once in the codebase. It only holds
methods used solely in the lookup.cc compilation unit.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1375843004
Cr-Commit-Position: refs/heads/master@{#31104}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}
Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
Cr-Commit-Position: refs/heads/master@{#31075}
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#31087}
Reason for revert:
Failures on MIPS
Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
> so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
> different platforms is now shared.
> * The list of allocatable registers on each platform is declared
> as a list rather than implicitly via the register index <->
> code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
>
> Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
> Cr-Commit-Position: refs/heads/master@{#31075}
TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1380863004
Cr-Commit-Position: refs/heads/master@{#31083}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#31075}
Adds support for short operands, starting with kIdx16. Introduces
BytecodeTraits to enable compile time determination of various traits for a
bytecode, such as size, operands, etc. Reworks BytecodeIterator,
BytecodeArrayBuilder and Bytecodes::Decode to support 16 bit operands. Adds
support to Interpreter to load 16 bit operands.
Also fixes a bug with ToBoolean where it wouldn't get emitted at the start
of a block, and added a test.
BytecodeTraits template magic inspired by oth@chromium.org.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1370893002
Cr-Commit-Position: refs/heads/master@{#31058}
Improve bytecode generation for if when there's no else clause.
Display target addresses for jump instructions in
Bytecode::Disassemble().
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1373903005
Cr-Commit-Position: refs/heads/master@{#31052}
The comparison operators and ToBoolean are implemented by calling into
the runtime. There are new runtime methods are prefixed with Interpreter
to make use case clear.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1369123002
Cr-Commit-Position: refs/heads/master@{#30983}
Reason for revert:
Failures on greedy RegAlloc, Fuzzer
Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
> so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
> different platforms is now shared.
> * The list of allocatable registers on each platform is declared
> as a list rather than implicitly via the register index <->
> code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1365073002
Cr-Commit-Position: refs/heads/master@{#30914}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#30913}
We need to build parts of v8 with a toolchain that might be different
from both the default (target) toolchain and the regular host toolchain,
because we need the snapshot to have the same bit-width as the target.
V8's build defines a 'snapshot_toolchain' setting for this.
It turns out that we need the value of this toolchain to be exposed
to the Chromium build because some of the test targets (in browser_tests)
depend on d8 and need to be able to built using the same toolchain.
R=brett@chromium.org, jochen@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1350223004
Cr-Commit-Position: refs/heads/master@{#30854}
It's been enabled since M45, which is now well into its stable period,
with no problems reported.
Review URL: https://codereview.chromium.org/1356793002
Cr-Commit-Position: refs/heads/master@{#30835}
The previous code took advantage of the fact that a group's deps are implicitly public, but I'm trying to fix that. This also cleans up some duplicated code between component and non-component builds.
Review URL: https://codereview.chromium.org/1356723002
Cr-Commit-Position: refs/heads/master@{#30820}
The conditionals were added to facilitate a two-sided build GN config update
where the default optimization config was renamed. This is complete so the
transitional code can be removed.
Review URL: https://codereview.chromium.org/1338163003
Cr-Commit-Position: refs/heads/master@{#30733}
This moves scavenging functionality into a separate component so that
neither the scavenger nor objects-visiting need to be exposed outside
the heap.
R=hpayer@chromium.org,mlippautz@chromium.org
Review URL: https://codereview.chromium.org/1323993004
Cr-Commit-Position: refs/heads/master@{#30712}
The GN default optimization flag is changing from being specific to the
debug/release status of the build to always being "default_optimization" so
it's easier to override without being conditional on the exact setup in
BUILDCONFIG.gn. See https://codereview.chromium.org/1324623005/
Since V8 is DEPS-ed in, it will need to support both modes to allow a landing.
This patch uses a temporary transitional flag I added to BUILDCONFIG to
indicate which variant should be used. After the patch is landed, we can remove
the new conditions and just remove default_optimization.
Review URL: https://codereview.chromium.org/1333963002
Cr-Commit-Position: refs/heads/master@{#30703}
Replace the ADD, SUB, etc. builtins with proper runtime implementations,
and expose them as runtime calls that can be used by the code stubs and
the interpreter (for now).
Also remove all the support runtime functions for ADD, SUB and friends,
namely %NumberAdd, %NumberSub, and so on.
R=mstarzinger@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
Review URL: https://codereview.chromium.org/1333843002
Cr-Commit-Position: refs/heads/master@{#30680}
This moves incremental marking steps from gc-idle-time-handler and heap to the new incremental marking task.
BUG=chromium:490559
LOG=NO
Review URL: https://codereview.chromium.org/1265423002
Cr-Commit-Position: refs/heads/master@{#30641}
- Modify js2c to accept --js and --nojs,
- modify mksnapshot to accept --startup_src
(instead of a positional parameter, so that it can be omitted),
- modify v8.gyp to use the above so that no target has multiple
output dependencies, and
- update GN to use the switches above.
(I have not succeeded in fixing the GYP->make translator to properly map
multi-output rules, so that they work as expected in all edge cases.
This CL signals defeat on that front, and instead I rewrite the GYP
file to avoid that situation in the first place.)
R=jochen@chromium.org
BUG=v8:4382
LOG=N
Review URL: https://codereview.chromium.org/1310273009
Cr-Commit-Position: refs/heads/master@{#30640}
