At the moment, two NumberConstant nodes get different type even if their
value is the same because we always allocate a new heap number for
each number constant. This can lead to replacing a node with a node of
disjoint type in value numbering, which can result in incorrect code
down the line because of inconsistent types.
This fix makes sure that we only replace a node with a sub-type
node. Once we introduce a proper type for number constants, we can
move back to the intersection typing in value numbering.
Unfortunately, it is quite hard to write a repro for this because we cache NumberConstant nodes. We only throw away cached values that have too many conflicts (>5), so the test has to contain values that fall into the same bucket. That's where the magic floating point numbers in the test come from (they have the same low 8-bits of their hashes).
BUG=chromium:633497
Review-Url: https://codereview.chromium.org/2251833002
Cr-Commit-Position: refs/heads/master@{#38675}
This CL removes the optional operator flag of Float64Max and Float64Min.
Additionally it renames the instruction codes on x64 and ia32 because
the old instructions codes (e.g. SSEFloat64Max) do not match the
generated code anymore.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2237813002
Cr-Commit-Position: refs/heads/master@{#38674}
Rolling v8/build to 9a1647ec813695da7960692f711a1cebc948d551
Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to b53e3af6bfca3333fc2dd69302dac6667a8c6418
Rolling v8/tools/clang to b5889296bac50b31f1d2806633fe99dfc2b26b54
Rolling v8/tools/mb to c5a112880d83d509e88c01d524c988845a3a3ba6
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2247183004
Cr-Commit-Position: refs/heads/master@{#38672}
Reason for revert:
Breaks Win64 bot
Original issue's description:
> [Interpreter] Introduce InterpreterCompilationJob
>
> Adds InterpreterCompilationJob as a sub-class of
> CompilationJob, to enable off-thread bytecode
> generation. Currently only used in
> Interpreter::MakeBytecode.
>
> As part of this change, CompilationJob is modified
> to make it less specific to optimized compilation,
> renaming the phases as follows:
> - CreateGraph -> PrepareJob
> - OptimizeGraph -> ExecuteJob
> - GenerateCode -> FinalizeJob
>
> RegisterWeakObjectsInOptimizedCode is also moved out
> of CompilationJob and instead becomes a static function
> on Compiler.
>
> BUG=v8:5203
>
> Committed: https://crrev.com/1fb6a7e697e8bc5b4af51647553741f966e00cdc
> Committed: https://crrev.com/785990e9fc0dd9a9d963d25d0bed2909165e4ca9
> Cr-Original-Commit-Position: refs/heads/master@{#38662}
> Cr-Commit-Position: refs/heads/master@{#38668}
TBR=mstarzinger@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2251673003
Cr-Commit-Position: refs/heads/master@{#38669}
Adds InterpreterCompilationJob as a sub-class of
CompilationJob, to enable off-thread bytecode
generation. Currently only used in
Interpreter::MakeBytecode.
As part of this change, CompilationJob is modified
to make it less specific to optimized compilation,
renaming the phases as follows:
- CreateGraph -> PrepareJob
- OptimizeGraph -> ExecuteJob
- GenerateCode -> FinalizeJob
RegisterWeakObjectsInOptimizedCode is also moved out
of CompilationJob and instead becomes a static function
on Compiler.
BUG=v8:5203
Committed: https://crrev.com/1fb6a7e697e8bc5b4af51647553741f966e00cdc
Review-Url: https://codereview.chromium.org/2240463002
Cr-Original-Commit-Position: refs/heads/master@{#38662}
Cr-Commit-Position: refs/heads/master@{#38668}
If a key is a substring of an earlier value, then the earlier value
will unintentionally be clobbered. For example with:
macro SET_PRIVATE(obj, sym, val) = (obj[sym] = val);
SET_PRIVATE(iterator, arrayIteratorObjectSymbol, object);
if the mapping is:
{'val': 'object',
'obj': 'iterator',
'sym': 'arrayIteratorObjectSymbol'}
then 'obj' -> 'iterator' will clobber 'val' -> 'object', resulting in
'val' -> 'iteratorect'. To fix this, replace all substitutions
simultaneously.
Patch from Zoe Clifford <zoeclifford@google.com>
Review-Url: https://codereview.chromium.org/2249873004
Cr-Commit-Position: refs/heads/master@{#38665}
Reason for revert:
Failing on Win64 bot:
https://build.chromium.org/p/client.v8/builders/V8%20Win64/builds/12061/steps/Check/logs/regress-635429
Original issue's description:
> [Interpreter] Introduce InterpreterCompilationJob
>
> Adds InterpreterCompilationJob as a sub-class of
> CompilationJob, to enable off-thread bytecode
> generation. Currently only used in
> Interpreter::MakeBytecode.
>
> As part of this change, CompilationJob is modified
> to make it less specific to optimized compilation,
> renaming the phases as follows:
> - CreateGraph -> PrepareJob
> - OptimizeGraph -> ExecuteJob
> - GenerateCode -> FinalizeJob
>
> RegisterWeakObjectsInOptimizedCode is also moved out
> of CompilationJob and instead becomes a static function
> on Compiler.
>
> BUG=v8:5203
>
> Committed: https://crrev.com/1fb6a7e697e8bc5b4af51647553741f966e00cdc
> Cr-Commit-Position: refs/heads/master@{#38662}
TBR=mstarzinger@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2249153002
Cr-Commit-Position: refs/heads/master@{#38663}
Adds InterpreterCompilationJob as a sub-class of
CompilationJob, to enable off-thread bytecode
generation. Currently only used in
Interpreter::MakeBytecode.
As part of this change, CompilationJob is modified
to make it less specific to optimized compilation,
renaming the phases as follows:
- CreateGraph -> PrepareJob
- OptimizeGraph -> ExecuteJob
- GenerateCode -> FinalizeJob
RegisterWeakObjectsInOptimizedCode is also moved out
of CompilationJob and instead becomes a static function
on Compiler.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2240463002
Cr-Commit-Position: refs/heads/master@{#38662}
Port 77c9cb8341.
Original commit message:
This commit fixes wasm little-endian load issue on big-endian platform
by introducing reverse byte operation immediately after a load.
BUG=
Review-Url: https://codereview.chromium.org/2235703002
Cr-Commit-Position: refs/heads/master@{#38660}
There was a weird check in AllocateNonParameterLocal which looked
like ".result" was treated differently from other
temporaries. This couldn't be generalized to other temporaries,
since some temporaries were both in temps_ and params_ (and some,
like ".result" would be only in params_).
Side product: Don't use AstValueFactory in scope analysis. It's
unnecessary (was only used for some DCHECKs which can be replaced
with more general checks). This change also ensures we don't
create new values during scope analysis.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2242783002
Cr-Commit-Position: refs/heads/master@{#38655}
Port d61a5c376b
Original commit message:
As a first step I uncommit the memory on the main thread. Also
to measure impact and stability of that optimization. In a
follow-up CL, the uncommitting should be moved on the concurrent thread.
R=jochen@chromium.org, hpayer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2245703002
Cr-Commit-Position: refs/heads/master@{#38654}
Slots in ConsString/SlicedString can point to an evacutaion candidate.
The MakeExternal function makes in-place conversion to external string.
After the conversion we can have a recorded slot containing an external
pointer. As long as the external pointer is aligned, this is not a
problem. We clear the recorded slots to fix verify-heap checks.
BUG=chromium:631969
LOG=NO
Finalizing CL: https://codereview.chromium.org/2199863002/
Review-Url: https://codereview.chromium.org/2242183003
Cr-Commit-Position: refs/heads/master@{#38653}
Allows us to create a corresponding TurboFan node, so TF can
optimize it.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2248633002
Cr-Commit-Position: refs/heads/master@{#38651}
This moves language-mode initialization for MODULE_SCOPE from Scope::SetDefaults to the single constructor that needs to do it. The CL additionally makes it more obvious that scope-info-backed scopes always initialize language-mode unless WITH_SCOPE.
BUG=
Review-Url: https://codereview.chromium.org/2251683002
Cr-Commit-Position: refs/heads/master@{#38650}
This stages the --ignition-preserve-bytecode flag which preserves the
bytecode even when switching to baseline code. It is now implied by the
combined --ignition-staging flag.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2244303003
Cr-Commit-Position: refs/heads/master@{#38648}
Simple stack traces are captured through Isolate::CaptureSimpleStackTrace.
Captured frames are stored in a FixedArray, which in turn is stored as a
property (using a private symbol) on the error object itself. Actual formatting
of the textual stack trace is done lazily when the user reads the stack
property of the error object.
This would involve many conversions back and forth between index-encoded raw
data (receiver, function, offset and code), JS CallSite objects, and C++
CallSite objects.
This commit refactors the C++ CallSite class into a Struct class called
StackTraceFrame, which is the new single point of truth frame information.
Isolate::CaptureSimpleStackTrace stores an array of StackTraceFrames, and JS
CallSite objects (now created only when the user specifies custom stack trace
formatting through Error.prepareStackTrace) internally only store a reference
to a StackTraceFrame.
BUG=
Review-Url: https://codereview.chromium.org/2230953002
Cr-Commit-Position: refs/heads/master@{#38645}
A test exercising the public APIs for wasm serialization and
simulates the serialization scenario - serialize in one isolate, deserialize
in another.
BUG=v8:5072
Review-Url: https://codereview.chromium.org/2249973002
Cr-Commit-Position: refs/heads/master@{#38644}
Rolling v8/build to f5aadfbec4267ecafa3200c571131c84d1ced4be
Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to e17560795294ff0c23bdae7665ec71c95a75561e
Rolling v8/tools/clang to ad9e1e262ff737d779bb2e5b49e3987547f05694
Rolling v8/tools/mb to e89c543a2ab08d70b876130ac83c04a92daffeaf
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2249993002
Cr-Commit-Position: refs/heads/master@{#38642}
Removes dependence on InnerArrayIndexOf/InnerArrayLastIndexOf and
reduces type polution caused by sharing these functions between standard
and typed arrays.
BUG=
Review-Url: https://codereview.chromium.org/2243523002
Cr-Commit-Position: refs/heads/master@{#38637}
This includes UTF-8 strings and two-byte strings, both length-delimited
(in bytes, not characters). Two-byte strings are written/read in host byte
order.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2245753002
Cr-Commit-Position: refs/heads/master@{#38636}
Adds TestResultScope and uses it to directly jump/fall through to the
correct branch in expressions used as branch conditions.
Should enable nicer TurboFan-graphs for easier control-flow
transformations in the future.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2242463002
Cr-Commit-Position: refs/heads/master@{#38634}
Removes Variable::is_possibly_eval() and instead stores whether
a call is possibly eval in the Call node's bitfield.
Also removes HandleDereferenceMode since it's no longer used.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2242583003
Cr-Commit-Position: refs/heads/master@{#38633}
Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to ac24d974a70c8611d2837e183d6cf99f39fb0410
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2244173002
Cr-Commit-Position: refs/heads/master@{#38631}
This includes unsigned integers (encoded as base-128 varints), signed integers
(ZigZag-encoded, then varint-encoded) and doubles (written in host byte order).
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2232323004
Cr-Commit-Position: refs/heads/master@{#38630}
Rolling v8/build to 4155375bddb65fe3d2dbc42ab0d64c4d72527165
Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to 9d440c96636c5a41ce3e40f1924fe41dd2694f51
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2244113002
Cr-Commit-Position: refs/heads/master@{#38629}
Rolling v8/build to 45574dce74fca42e485fbc5cd78bd24bcfeb905f
Rolling v8/buildtools to adb8bf4e8fc92aa1717bf151b862d58e6f27c4f2
Rolling v8/tools/clang to 6d377a47e9c668c7550d17a7d4e6ba9f5931703a
Rolling v8/tools/mb to c78da3f5bccc979b35907c4cbf937aa5187e41fa
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2240213004
Cr-Commit-Position: refs/heads/master@{#38628}
Throw 'Range Error: invalid string length' when the result of
case mapping is longer than the max string length (kMaxLength in
objects.h = 1 << 28 - 16).
This is for case mapping with ICU.
A new test (case-mapping-slow.js) is added with PASS,SLOW. It's
configured to skip unless arch=x64 and mode=release and not on
simulator.
This is a reattempt to land
https://codereview.chromium.org/2236593002 that was reverted.
BUG=v8:5271
TEST=intl/general/case-mapping-slow.js with --icu_case_mapping
Review-Url: https://codereview.chromium.org/2236963003
Cr-Commit-Position: refs/heads/master@{#38626}
