With --trace-ic flag, the function names and the source positions are
not shown for interpreted functions. Interpreted functions have an extra
frame built by bytecode handlers which has to be skipped to get the
interpreted function's frame. Also the code offsets are computed differently
for interpreted functions.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2405173007
Cr-Commit-Position: refs/heads/master@{#40274}
A decoder error sets builder_ to null, which causes builder_->StackCheck
to segfault.
R=titzer@chromium.org
TEST=mjsunit/regress/wasm/loop-stack-check
Review-Url: https://codereview.chromium.org/2416873002
Cr-Commit-Position: refs/heads/master@{#40271}
This CL fixes the debugger interface to provide correct (high-level)
information for asm.js frames.
It moves the computation of the source position from the FrameInspector
to the individual StackFrame implementations, such that we can easily
specualize it for certain frame types, and can potentially reuse this
in other locations.
Also, we are finalizing the setup of the wasm module earlier, before
executing the start function. This is required for correct stack traces
during the execution of the start function.
R=titzer@chromium.org, yangguo@chromium.org
BUG=v8:4203
Review-Url: https://codereview.chromium.org/2413693003
Cr-Commit-Position: refs/heads/master@{#40268}
AllocateAlignedMemory calls ReserveAlignedMemory which increments size_
value. In some cases AllocateAlignedMemory can return NULL value. Before
returning NULL, AllocateAlignedMemory should decrease size_ value.
TEST=cctest/test-spaces/LargeObjectSpace
BUG=
Review-Url: https://codereview.chromium.org/2418733002
Cr-Commit-Position: refs/heads/master@{#40262}
When we inlined a [[Construct]] call to a subclass constructor, we can
also inline the super constructor call (either explicit or implicit),
since we have a concrete JSFunction constant for the subclass and we
can thus constant-fold the %_GetSuperConstructor intrinsic. We don't
need any guards here since the prototype of subclass constructors is
non-writable, non-configurable in ES6.
BUG=v8:5517
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2409423006
Cr-Commit-Position: refs/heads/master@{#40261}
It belongs there more logically. In addition, this is a pre-step needed
for preparsing the parameters of a preparsed function.
In addition, move the "subtract rest parameter from arity" logic from
Parser to (Pre)?ParserFormalParameters.
BUG=v8:5515
Review-Url: https://codereview.chromium.org/2414003002
Cr-Commit-Position: refs/heads/master@{#40258}
Any context outer to what we're parsing already has proper context allocation, so we don't need to check those scopes.
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2417643003
Cr-Commit-Position: refs/heads/master@{#40256}
In a fuzzer testcase I found locally the ast-decoder spent a lot of time
in the decoding of kExprBrTable after the decoder already found an
error. I did not add a test because the fuzzer test case did not
actually crash. It only run out of memory in the chromium fuzzer.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2413863003
Cr-Commit-Position: refs/heads/master@{#40254}
This moves the implementation of @@replace from regexp.js to builtins-regexp.cc
(the TurboFan fast path) and runtime-regexp.cc (slow path). The fast path
handles all cases in which the regexp itself is an unmodified JSRegExp
instance, the given 'replace' argument is not callable and does not contain any
'$' characters (i.e. we are doing a string replacement).
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2398423002
Cr-Commit-Position: refs/heads/master@{#40253}
This fixes the code-path in RegExpExec in which both the passed exec
argument and regexp.exec are not callable and regexp is a JSRegExp.
In this case, we fall back to the default RegExp.prototype.exec
implementation. The arguments for Execution::call were incorrect.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2415073002
Cr-Commit-Position: refs/heads/master@{#40249}
I don't see a reason why we can't benefit from preparsing such functions. We don't necessarily compile them, so fully parsing them when unnecessary is just additional overhead.
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2413213002
Cr-Commit-Position: refs/heads/master@{#40248}
port c15c58274f (r40206)
original commit message:
This is the next step to unify the Call/Construct feedback collection
and prepare it to be able to collect SharedFunctionInfo feedback. This
also reduces the CallICStub overhead quite a bit since we only need one
stub per mode (and tail call mode), not also one per call arity.
BUG=
Review-Url: https://codereview.chromium.org/2409953005
Cr-Commit-Position: refs/heads/master@{#40244}
This incorporates recent feedback:
- simpler deserialization API by dropping the std::unique_ptr.
The only purpose there was communicating to the caller that they
own the buffer, and that the deserializer won't delete it. The new
design communicates that through a naming choice.
- renamed *UncompiledBytes to *WasmWireBytes
BUG=
Review-Url: https://codereview.chromium.org/2411263004
Cr-Commit-Position: refs/heads/master@{#40238}
The over allocated memory of fixed array type didn't equal to the sum of all
fixed array sub types previously, this patch adds over allocated memory of fixed
array sub types to fixed array type when we record fixed array sub type stats.
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2410083003
Cr-Commit-Position: refs/heads/master@{#40234}
By defining functions with namespace prefix, the compiler checks that
they were previously declared, and checks that the signature matches.
I stumbled across this several times when changing the interface of a
function in the header.
With this change you get a compile error right away instead of a linker
error in the very end.
This change also revealed two functions which could be placed in an
anonymous namespace, saving 5.5kB program size in Debug build, 2.3kB in
Optdebug and 0.3kB in Release. It's also opening more options for
compiler optimizations, as the functions now have internal linkage.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2415603002
Cr-Commit-Position: refs/heads/master@{#40233}
The state sampling was implemented in chrome, we had an interface for it
V8 but it was not implemented yet.
The chrome version version has been removed in
https://codereview.chromium.org/2406703002/
Therefore following up with its removal in V8 as well.
This CL can land independent of the Chromium related CL.
R=primiano@chromium.org,alph@chromium.org
Review-Url: https://codereview.chromium.org/2410523002
Cr-Commit-Position: refs/heads/master@{#40232}
This CL is in preparation for the upcoming port of
RegExp.prototype.replace, which will need use these methods in
runtime-regexp.cc. Moving them in advance makes that diff less noisy.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2398413002
Cr-Commit-Position: refs/heads/master@{#40229}
... because the latter automatically respects the desired calling convention.
BUG=v8:5408
Review-Url: https://codereview.chromium.org/2391043005
Cr-Commit-Position: refs/heads/master@{#40223}
Thus the parameter indices defined in respective CallInterfaceDescriptor can
be used for querying parameters.
BUG=
Review-Url: https://codereview.chromium.org/2389133007
Cr-Commit-Position: refs/heads/master@{#40222}
The race can happen if:
1) Fixed array A is right before object B in new space
2) A slot in object C located in old space points to object B (old to new remembered set entry is created)
3) Object C becomes unreachable which held the only reference to object B which also becomes unreachable
4) Fixed array A gets right trimmed
5) The sweeper will sweep the last word of object A and object B. It will write the free space map into the last word of object A and a size field in the first word of object B.
6) Pointer updating may observe the size field now because the recored slot points to the start of object B and will confuse it with a forwarding pointer.
Note a similar race may happen with left trimming. Array A points to its backing store, the backing store gets left trimmed by 1 element, and array A dies.
BUG=
Review-Url: https://codereview.chromium.org/2416563002
Cr-Commit-Position: refs/heads/master@{#40218}
This should restore the codeload regression when FLAG_lazy_inner_functions is turned off
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2412483005
Cr-Commit-Position: refs/heads/master@{#40217}
Because of the planned improvements of IC system it does not make sense to
keep the old platform version of the stub around.
Review-Url: https://codereview.chromium.org/2413653003
Cr-Commit-Position: refs/heads/master@{#40216}
If we're parsing a script or based on a SharedFunctionInfo marked as toplevel, we can implicitly set it. Only manually set in the background parsing task where we manually set up ParseInfo.
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2405263003
Cr-Commit-Position: refs/heads/master@{#40215}
This is allocating registers in the function for all inner contexts that can be active in that function, so that nested blocks always have O(1) access to all outer contexts. However, currently it's always walking into nested functions, overallocating the number of registers, causing additional register pressure.
BUG=v8:5484
Review-Url: https://codereview.chromium.org/2408303003
Cr-Commit-Position: refs/heads/master@{#40214}
This CL also introduces a NoBarrierAtomicValue with NoBarrier accessors.
BUG=chromium:648568
Review-Url: https://codereview.chromium.org/2408233004
Cr-Commit-Position: refs/heads/master@{#40213}
Because of the planned improvements of IC system it does not make sense to
keep the old platform version of the stub around.
Review-Url: https://codereview.chromium.org/2418513002
Cr-Commit-Position: refs/heads/master@{#40211}
WordIsSmi, by itself, is not that descriptive, as it just ands a word with the heap object tag. With this change, the MachineGraphVerifier can check that the input to TaggedIsSmi actually has a tagged representation.
This CL also introduces a few bitcast operators in the Smi* macros in the CodeStubAssembler.
R=bmeurer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2407303002
Cr-Commit-Position: refs/heads/master@{#40209}
The only way to get a minus zero result from subtraction is
(-0) - (+0) = -0, hence checking for minus zero on the RHS is
redundant. This is causing some unnecessary deoptimisations
in Box2D from Octane on 32-bit platforms.
BUG=
Review-Url: https://codereview.chromium.org/2410883003
Cr-Commit-Position: refs/heads/master@{#40207}
This is the next step to unify the Call/Construct feedback collection
and prepare it to be able to collect SharedFunctionInfo feedback. This
also reduces the CallICStub overhead quite a bit since we only need one
stub per mode (and tail call mode), not also one per call arity.
R=mvstanton@chromium.org
BUG=v8:2206
NOTRY=true
Review-Url: https://codereview.chromium.org/2412453005
Cr-Commit-Position: refs/heads/master@{#40206}
For the asm.js to WASM pipeline, the current stack traces only show
low-level WASM information.
This CL maps this back to asm.js source positions.
It does so by attaching the asm.js source Script to the compiled WASM
module, and emitting a delta-encoded table which maps from WASM byte
offsets to positions within that Script. As asm.js code does not throw
exceptions, we only store a mapping for call instructions.
The new AsmJsWasmStackFrame implementation inherits from
WasmStackFrame, but contains the logic to provide the source script and
the position inside of it.
What is still missing is the JSFunction object returned by
CallSite.getFunction(). We currently return null.
R=jgruber@chromium.org, titzer@chromium.org
BUG=v8:4203
Review-Url: https://codereview.chromium.org/2404253002
Cr-Commit-Position: refs/heads/master@{#40205}
If passing <nullptr, 0> to the decoder and trying to decode something,
it correctly detects the error and sets an error message, but still
returns true on ok(), and returns a valid result.
I triggered this error by passing a null Vector, returned by FindSection(), to
the decoder.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2410913002
Cr-Commit-Position: refs/heads/master@{#40204}
We accidently dropped the effect on the floor that we have for the
polymorphic map check in case of array elements access.
BUG=chromium:655004
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2411273002
Cr-Commit-Position: refs/heads/master@{#40201}
port 001926cdec (r40163)
original commit message:
In fullcodegen we used to count CallICs as patching ICs, and thus the
heuristics are currently off by the number of calls in a code object.
BUG=
Review-Url: https://codereview.chromium.org/2406373004
Cr-Commit-Position: refs/heads/master@{#40199}
Our minifier (tools/jsmin.py) shortens variable names it comes across.
It generally tries to avoid name conflicts caused by renamed variables,
but cannot handle lambda function syntax.
This is what happens here. Both lambda function parameters 'x' and 'y'
are not recognized as identifiers by the minifier and it thus potentially
causes naming conflicts.
BUG=v8:5505
Review-Url: https://codereview.chromium.org/2412533002
Cr-Commit-Position: refs/heads/master@{#40198}
port 9192db2037 (r40162)
original commit message:
Remove the special side channel from the CallICStub to the
ArrayConstructorStub and make the CallICStub always use the
general entry point.
BUG=
Review-Url: https://codereview.chromium.org/2410083004
Cr-Commit-Position: refs/heads/master@{#40197}
For ConsString, the left hand side must be either sequential or external
if the right hand side is empty.
R=jarin@chromium.org
BUG=chromium:654723
NOTRY=true
Review-Url: https://codereview.chromium.org/2410893003
Cr-Commit-Position: refs/heads/master@{#40192}
This is a re-land of https://codereview.chromium.org/2393303002/ with
an additional call to DisposeModuleEmbedderData() added to fix lsan failures.
Unifies the approaches used for storing the specifier -> module mapping
and the module -> directory mapping, using std::unordered_maps for both
and storing them per-Context.
This requires adding a method to the v8::Module API to get a hash code
for a Module, but allows slimming down the API in return: gone are
SetEmbedderData/GetEmbedderData, along with the fourth argument
to ResolveModuleCallback.
Besides a simpler API, this allows d8 to get closer to the HTML loader,
which requires each Realm to have a persistent module map (though this
capability is not yet exercised by any tests).
BUG=v8:1569
TBR=neis@chromium.org,jochen@chromium.org
Review-Url: https://codereview.chromium.org/2405313002
Cr-Commit-Position: refs/heads/master@{#40186}
Treat allocation of splintered ranges differently, by optimizing for move
counts (i.e. try to have less move counts), rather than optimizing for
quality of moves (which is what normal allocation does).
We can see reductions in code size in the benchmarks that measure it
(e.g. Unity)
BUG=
Review-Url: https://codereview.chromium.org/2347563004
Cr-Commit-Position: refs/heads/master@{#40178}
We'll take expressions like typeof 'hello' and reduce it to 'string'.
Neat! This CL moves the optimization to an explicit reduction
in typed lowering that inserts a constant string, instead of
relying on type matching.
BUG=
Review-Url: https://codereview.chromium.org/2411703002
Cr-Commit-Position: refs/heads/master@{#40175}
We'll stop storing string data in Type objects. At the moment, we have
optimizations that read that string data in typed lowering. Instead,
look at nodes for this data.
R=bmeurer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2406243002
Cr-Commit-Position: refs/heads/master@{#40173}
Reason for revert:
Blocks roll:
https://codereview.chromium.org/2406213002/
Original issue's description:
> Speedup access to global_proxy.* attributes/accessors.
>
> Using a global proxy (e.g. 'window.f', 'w.f' or 'this.f') is considerably slower than evaluating just 'f'. This CL aims to perform the necessary checks at compile time and inline the accesses.
>
> This is a follow-on CL to crrev.com/2369933005:
> - The initial upload is crrev.com/2369933005 + a rebase.
> - The remaining issues are the fixes requested by the reviewers on that CL.
>
> BUG=chromium:634276
>
> Committed: https://crrev.com/8f43d748272536117008aa6a1b53ea52126261c1
> Cr-Commit-Position: refs/heads/master@{#40153}
TBR=jochen@chromium.org,verwaest@chromium.org,vogelheim@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:634276
Review-Url: https://codereview.chromium.org/2408133002
Cr-Commit-Position: refs/heads/master@{#40171}
Also include feedback about Oddballs when collecting the type feedback.
For now, Number and NumberOrOddball are collected separately
because crankshaft does not handle NumberOrOddballs consistently.
This should change once we fix crankshaft.
BUG=v8:4280, v8:5400
LOG=N
Committed: https://crrev.com/d5d283b27d406486e2f8d7b44c6d2b3db4f98458
Review-Url: https://codereview.chromium.org/2406843002
Cr-Original-Commit-Position: refs/heads/master@{#40124}
Cr-Commit-Position: refs/heads/master@{#40170}
In fullcodegen we used to count CallICs as patching ICs, and thus the
heuristics are currently off by the number of calls in a code object.
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2408103002
Cr-Commit-Position: refs/heads/master@{#40163}
Remove the special side channel from the CallICStub to the
ArrayConstructorStub and make the CallICStub always use the
general entry point.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2405203002
Cr-Commit-Position: refs/heads/master@{#40162}
This CL ports RegExp.prototype[@@split] to C++. Performance
regressions are expected due to:
* Slow RegExpImpl::Exec implementation instead of RegExpExec
stub. We should be able to improve this by straight-lining
RegExpImpl::Exec.
* Slow Factory::NewSubString instead of SubStringStub.
* Slow elements access to lastMatchInfo.
These points will be addressed in a follow-up CL.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2401643002
Cr-Commit-Position: refs/heads/master@{#40161}
This is needed for the asm.js -> WASM pipeline. A single exported
function is exported as __single_function__, but we still want to see
the correct function name on the stack, so the underlying wasm function
has to carry the original name.
R=ahaas@chromium.org, titzer@chromium.org
BUG=v8:4203
Review-Url: https://codereview.chromium.org/2406133003
Cr-Commit-Position: refs/heads/master@{#40159}
This enables preservation of bytecode by default. Thus far bytecode was
cleared during tier-up by default and was only preserved in the staging
configuration.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2384063010
Cr-Commit-Position: refs/heads/master@{#40158}
Using a global proxy (e.g. 'window.f', 'w.f' or 'this.f') is considerably slower than evaluating just 'f'. This CL aims to perform the necessary checks at compile time and inline the accesses.
This is a follow-on CL to crrev.com/2369933005:
- The initial upload is crrev.com/2369933005 + a rebase.
- The remaining issues are the fixes requested by the reviewers on that CL.
BUG=chromium:634276
Review-Url: https://codereview.chromium.org/2403003002
Cr-Commit-Position: refs/heads/master@{#40153}
port ec132e05ec (r40086)
original commit message:
(GcStress failure was unrelated.)
At one time, we hoped to generate the same code for different
native contexts. But in truth, much performance comes from optimizing
on the native context. Now we abandon this pathway.
BUG=
Review-Url: https://codereview.chromium.org/2404843002
Cr-Commit-Position: refs/heads/master@{#40147}
This CL set Floating-point precision in Math.Cos/Math.Sin in Crankshaft compiler to standard double precision which is expected by v8.
BUG=
Review-Url: https://codereview.chromium.org/2403803002
Cr-Commit-Position: refs/heads/master@{#40146}
Reason for revert:
Fails under LeakSanitizer on auto-roll fyi bot:
https://build.chromium.org/p/client.v8.fyi/builders/Auto-roll%20-%20release%20process/builds/49447
Original issue's description:
> [modules] Store Module metadata in per-Context EmbedderData
>
> Unifies the approaches used for storing the specifier -> module mapping
> and the module -> directory mapping, using std::unordered_maps for both
> and storing them per-Context.
>
> This requires adding a method to the v8::Module API to get a hash code
> for a Module, but allows slimming down the API in return: gone are
> SetEmbedderData/GetEmbedderData, along with the fourth argument
> to ResolveModuleCallback.
>
> Besides a simpler API, this allows d8 to get closer to the HTML loader,
> which requires each Realm to have a persistent module map (though this
> capability is not yet exercised by any tests).
>
> BUG=v8:1569
>
> Committed: https://crrev.com/9cf8fce74cf6e7afd6aea3f3545f6bb61572f277
> Cr-Commit-Position: refs/heads/master@{#40133}
TBR=jochen@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2406973003
Cr-Commit-Position: refs/heads/master@{#40145}
Unifies the approaches used for storing the specifier -> module mapping
and the module -> directory mapping, using std::unordered_maps for both
and storing them per-Context.
This requires adding a method to the v8::Module API to get a hash code
for a Module, but allows slimming down the API in return: gone are
SetEmbedderData/GetEmbedderData, along with the fourth argument
to ResolveModuleCallback.
Besides a simpler API, this allows d8 to get closer to the HTML loader,
which requires each Realm to have a persistent module map (though this
capability is not yet exercised by any tests).
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2393303002
Cr-Commit-Position: refs/heads/master@{#40133}
Extend a test of namespace imports such that it accesses the object inside a
with statement (inside a sloppy function).
Drive-by-fix: remove duplicate initialization of embedder data (probably due to
bad merge).
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2405603003
Cr-Commit-Position: refs/heads/master@{#40129}
Also add a test for when the first argument is null or undefined, as there are no tests that cover this currently.
BUG=v8:5364
Review-Url: https://codereview.chromium.org/2399423003
Cr-Commit-Position: refs/heads/master@{#40127}
The spurious failures were caused by the compiled module
template and its corresponding owning object getting out of
sync due to memory allocations (which may trigger GC)
between the points each were fetched.
Specifically, the {original} was first obtained; then a GC
may happen when cloning the {code_table}. At this point,
the {original}'s owner may have been collected, getting us
down the path of not cloning. When time comes to patch up
globals, we incorrectly try to patch them assuming the
global start is at 0 (nullptr), which in fact it isn't.
This change roots early, in a GC-free area, both objects.
Additionally, it avoids publishing to the instances chain
the new instance until the very end. This way:
- the objects used to create the new instance offer a
consistent view
- the instances chain does not see the object we try to
form. If something fails, we can safely retry.
- since the owner is rooted, the state of the front of the
instances chain stays unchanged - with the same compiled
module we started from. So the early belief that we needed
to clone is not invalidated by any interspersed GC.
This situation suffers from a sub-optimality discussed in
the design document, in that, in a memory constrained
system, the following snippet may surprisingly fail:
var m = new WebAssembly.Module(...);
var i1 = new WebAssembly.Instance(m);
i1 = null;
var i2 = new WebAssembly.Instance(m); //may fail.
This will be addressed subsequently.
BUG=v8:5451
Review-Url: https://codereview.chromium.org/2395063002
Cr-Commit-Position: refs/heads/master@{#40126}
This CL ports RegExp.prototype.test, RegExp.prototype.match
and RegExp.prototype.search to C++.
Performance regressions are expected but should be improved
in an upcoming CL.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2394713003
Cr-Commit-Position: refs/heads/master@{#40122}
Again, fast paths could be added for unmodified JSRegExp instances.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2392463005
Cr-Commit-Position: refs/heads/master@{#40119}
Reason for revert:
String.includes crashes when called with null or undefined as the first param
Original issue's description:
> [builtins] Move StringIncludes to a builtin.
>
> BUG=v8:5364
>
> Committed: https://crrev.com/b374d719e79a5b32168c25c0cda30056f5e6e36c
> Cr-Commit-Position: refs/heads/master@{#40110}
TBR=franzih@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5364
Review-Url: https://codereview.chromium.org/2407793002
Cr-Commit-Position: refs/heads/master@{#40118}
port 1beb89f24c (r39827)
original commit message:
This patch simplifies code for speeding up marking and
removes write barrier counter.
The step size is now computed based in two parts:
- bytes to mark in order to keep up with allocation,
- bytes to mark in order to make progress.
BUG=
Review-Url: https://codereview.chromium.org/2407733003
Cr-Commit-Position: refs/heads/master@{#40116}
If an inner function only declares a variable but doesn't use it, Parser
and PreParser produced different unresolved variables, and that confused
the pessimistic context allocation.
This is continuation to https://codereview.chromium.org/2388183003/
This CL fixes more complicated declarations (which are not just one
identifier). For this, PreParser needs to accumulate identifiers used
in expressions.
In addition, this CL manifests FLAG_lazy_inner_functions in tests, so that
we get clusterfuzz coverage for it.
BUG=chromium:650969, v8:5501
Review-Url: https://codereview.chromium.org/2400613003
Cr-Commit-Position: refs/heads/master@{#40112}
There were once plans to generate cross-context code with TurboFan,
however that doesn't fit into the model anymore, and so all of this
is essentially dead untested code (and thus most likely already broken
in subtle ways). With this mode still in place it would also be a lot
harder to make inlining based on SharedFunctionInfo work.
BUG=v8:2206,v8:5499
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2406803002
Cr-Commit-Position: refs/heads/master@{#40109}
Updated the deserialization API to avoid copying uncompiled
bytes.
BUG=
Review-Url: https://codereview.chromium.org/2404673002
Cr-Commit-Position: refs/heads/master@{#40108}
This allows us to stop using a Symbol, set as the name of the Module's
SharedFunctionInfo, as our storage for a hash.
As part of this, centralize the code for generating a random, non-zero
hash code in one place (there were previously two copies of this code,
and I needed to call it from a third file).
BUG=v8:5483
TBR=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2395233003
Cr-Commit-Position: refs/heads/master@{#40102}
Reason for revert:
Needed to revert https://codereview.chromium.org/2400343002/
Original issue's description:
> [parser] Deprecate ParseInfo constructor taking closure.
>
> This removes the {ParseInfo} constructor consuming a closure, replacing
> all uses to pass only the shared function info. The goal is to make the
> fact that parsing is independent of a concrete closure explicit.
>
> R=jochen@chromium.org
> BUG=v8:2206
>
> Committed: https://crrev.com/3de42b3f224217ec88e4c609d3cf23fe06806dca
> Cr-Commit-Position: refs/heads/master@{#40083}
TBR=jochen@chromium.org,bmeurer@chromium.org,marja@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2206
Review-Url: https://codereview.chromium.org/2406623002
Cr-Commit-Position: refs/heads/master@{#40097}
This implements namespace imports (import * as foo from "bar"), except for the
@@iterator property on namespace objects (to be done later).
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2388153003
Cr-Commit-Position: refs/heads/master@{#40096}
Found with libfuzzer. The length is automatically converted to int (thus
large sizes could become negative, even though they are legal "array sizes").
Besides that, the length is coerced to a SMI (which is an even tighter
constraint on 32-bit systems, where it limits the legal sizes to 2^30 - 1).
Add checks that the length of a dense array is below that threshold, and also
fail fast if a length that is provided obviously could not be the correct dense
length (because there isn't enough data left in the buffer to populate such an
array).
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2399873002
Cr-Commit-Position: refs/heads/master@{#40094}
A wide jump can be patched with a non-wide jump target operand, so the
DCHECK added in r39637 was wrong.
BUG=chromium:652430
Review-Url: https://codereview.chromium.org/2400203002
Cr-Commit-Position: refs/heads/master@{#40090}
This removes the restriction of only allowing lazy compilation for
top-level eval code with a context. We can by now compile such code
without a concrete closure.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2400973002
Cr-Commit-Position: refs/heads/master@{#40089}
Previously this would result in applying trying to find a size modulo zero,
which causes SIGFPE. This approach was preferred over adding a default case
to preserve the ability of the compiler to detect unhandled switch cases
(within the valid range of the enum).
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2395073003
Cr-Commit-Position: refs/heads/master@{#40088}
(GcStress failure was unrelated.)
At one time, we hoped to generate the same code for different
native contexts. But in truth, much performance comes from optimizing
on the native context. Now we abandon this pathway.
BUG=
TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
Review URL: https://codereview.chromium.org/2402663002 .
Cr-Commit-Position: refs/heads/master@{#40086}
This removes the {ParseInfo} constructor consuming a closure, replacing
all uses to pass only the shared function info. The goal is to make the
fact that parsing is independent of a concrete closure explicit.
R=jochen@chromium.org
BUG=v8:2206
Review-Url: https://codereview.chromium.org/2396963003
Cr-Commit-Position: refs/heads/master@{#40083}
This reverts commit 7db0ecdec3.
Manual revert since automatic revert is too large for the web interface.
BUG=
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,ahaas@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
Review-Url: https://codereview.chromium.org/2396353002
Cr-Commit-Position: refs/heads/master@{#40082}
Reason for revert:
Possible GCSTRESS failure, investigating.
Original issue's description:
> [turbofan] Discard the shared code entry in the optimized code map.
>
> At one time, we hoped to generate the same code for different
> native contexts. But in truth, much performance comes from optimizing
> on the native context. Now we abandon this pathway.
>
> BUG=
>
> Committed: https://crrev.com/55af3c44c99a6e4cd6d53df775023d760ad2b2c3
> Cr-Commit-Position: refs/heads/master@{#40079}
TBR=mstarzinger@chromium.org,ishell@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2403453002
Cr-Commit-Position: refs/heads/master@{#40081}
At one time, we hoped to generate the same code for different
native contexts. But in truth, much performance comes from optimizing
on the native context. Now we abandon this pathway.
BUG=
Review-Url: https://codereview.chromium.org/2401653002
Cr-Commit-Position: refs/heads/master@{#40079}
In CreateModuleObjectFromBytes, pointers to the raw bytes will be stored
inside the decoded WasmModule, and still used after allocating V8 stuff
in WasmModule::CompileFunctions. We thus cannot pass a raw pointer to
the V8 heap.
Fix this by copying the bytes before decoding.
R=mtrofin@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2402633002
Cr-Commit-Position: refs/heads/master@{#40077}
For now keep the logic in compiler.cc and add a DCHECK that the scopes
and compiler.cc agree.
Use this knowledge to only created ScopeInfos for literals we'll
actually compile.
BUG=v8:5394,v8:5422
R=marja@chromium.org,verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2399833002
Cr-Commit-Position: refs/heads/master@{#40074}
This implicitly convers parseFloat on the global object as well, since
it's the same function. This is mostly straight-forward, but adds
another fast case for HeapNumbers as well.
R=ishell@chromium.org
Review-Url: https://codereview.chromium.org/2395373002
Cr-Commit-Position: refs/heads/master@{#40072}
- Added gating code in the module-decoder to allow SIMD code only when
it can be decoded correctly
- SIMD128 values should not be exported to JS
- Try/Catch should not be available in asmjs modules
- Trivial fixes for S128 values
BUG=chromium:648079
R=ahaas@chromium.org, titzer@chromium.org, bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2400863003
Cr-Commit-Position: refs/heads/master@{#40067}
Strongly typing module_bytes needs a patch for the
serialization code.
Serialization bypasses module bytes, so their presence can't
be compulsory.
BUG=
Review-Url: https://codereview.chromium.org/2397303002
Cr-Commit-Position: refs/heads/master@{#40063}
I am removing three fields from the wasm object in a follow-up commit,
and using information in the compiled module instead. In order to not
weaken the verification, this commit adds appropriate checks on the
compiled module.
R=titzer@chromium.org,mtrofin@chromium.org
Review-Url: https://codereview.chromium.org/2394663008
Cr-Commit-Position: refs/heads/master@{#40061}
One step closer to the informally-agreed upon specification
that structured cloning will always succeed, meaning, if
we fail to deserialize (e.g. because version mismatch in
serialized format and v8 version), we recompile.
As part of this work, the deserializer will need to become
more resilient to invalid input data, and fail graciously
rather than CHECK-ing. This CL addresses some of that,
sufficient to unblock the current serialization tests.
Subsequent CLs will add more testing and the appropriate
fixes.
BUG=639090
Review-Url: https://codereview.chromium.org/2395793003
Cr-Commit-Position: refs/heads/master@{#40058}
This patch sets `this` to be undefined when calling resolve and reject
functions attached to the deferred.
BUG=v8:5476
Review-Url: https://codereview.chromium.org/2399053003
Cr-Commit-Position: refs/heads/master@{#40056}
Introduce AccessCompilerData which hangs off the Isolate, and initialize
it when the first PropertyAccessCompiler is instantiated. This avoids
TSAN failures when trying to access load/store calling convention arrays.
BUG=v8:5427
Review-Url: https://codereview.chromium.org/2389313002
Cr-Commit-Position: refs/heads/master@{#40055}
A new V8 API object v8::TracingCpuProfiler is introduced.
Client can create it on an isolate to enable JS CPU profiles collected
during tracing session.
Once the v8.cpu_profile2 tracing category is enabled the profiler emits
CpuProfile and CpuProfileChunk events with the profile data.
BUG=chromium:406277
Review-Url: https://codereview.chromium.org/2396733002
Cr-Commit-Position: refs/heads/master@{#40054}
Imports and exports in 0xC can be much more than functions, including
tables, memories, and globals. This CL refactors the underlying
organization of imports and exports to support these new import types.
BUG=
Committed: https://crrev.com/599f8a83420346d9cba5ff97bd2a7520468207b6
Review-Url: https://codereview.chromium.org/2390113003
Cr-Original-Commit-Position: refs/heads/master@{#40033}
Cr-Commit-Position: refs/heads/master@{#40050}
There's no point going through all the checks in the Add stub when we
already know that both sides are strings.
Review-Url: https://codereview.chromium.org/2395083002
Cr-Commit-Position: refs/heads/master@{#40047}
This enables the {BytecodeGraphBuilder} whenever heuristics in the
compilation pipeline determine both Ignition and TurboFan to be used.
There no longer needs to be an explicit flag passed in order to build
graphs from bytecode.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2363413005
Cr-Commit-Position: refs/heads/master@{#40045}
Reason for revert:
Crashing.
Original issue's description:
> [heap] Concurrent slot filtering in sweeper threads.
>
> This is an intermediate step for concurrent slot filtering. This CL already makes filtering concurrent, but does not integrate it in the actual sweeping. This will be done in two follow up CLs. One for the regular slot set and one for the typed slot set.
>
> BUG=chromium:648568
>
> Committed: https://crrev.com/1f89d369fc952a2826f9f62901fb84fcf30920d7
> Cr-Commit-Position: refs/heads/master@{#40040}
TBR=ulan@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:648568
Review-Url: https://codereview.chromium.org/2399003002
Cr-Commit-Position: refs/heads/master@{#40043}
Now that the scope chain is deserialized directly from the chain of
{ScopeInfo} objects, it is no longer needed to provide a context. This
makes the {AllowsLazyCompilationWithoutContext} predicate coincide with
the more general {AllowsLazyCompilation}. Remove the former.
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2399853002
Cr-Commit-Position: refs/heads/master@{#40042}
With this CL, we devolve all Constants introduced as they are with an object handle into
* Range - for integers
* Nan
* MinusZero
* OtherNumberConstant - for doubles
* HeapConstant
We reduce the amount we have to inspect an object handle during optimization. Also, simplifications result. For example, you never have to check if a Range contains a HeapConstant.
BUG=
Review-Url: https://codereview.chromium.org/2381523002
Cr-Commit-Position: refs/heads/master@{#40041}
This is an intermediate step for concurrent slot filtering. This CL already makes filtering concurrent, but does not integrate it in the actual sweeping. This will be done in two follow up CLs. One for the regular slot set and one for the typed slot set.
BUG=chromium:648568
Review-Url: https://codereview.chromium.org/2401563002
Cr-Commit-Position: refs/heads/master@{#40040}
Recent changes in Segment class caused many tests to fail on mips32
because of an unaligned read error. Setting the alignment to 8 for mips
fixes the issue. Accessing doubles on mips32 must be eight bit aligned.
BUG=
Review-Url: https://codereview.chromium.org/2390303003
Cr-Commit-Position: refs/heads/master@{#40039}
Flag getters are implemented as TurboFan stubs while the rest are written as
C++. This distinction is somewhat arbitrary and more getters could be ported to
TurboFan in the future.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2389233002
Cr-Commit-Position: refs/heads/master@{#40036}
