Using a global proxy (e.g. 'window.f', 'w.f' or 'this.f') is considerably slower than evaluating just 'f'. This CL aims to perform the necessary checks at compile time and inline the accesses.
This is a follow-on CL to crrev.com/2369933005:
- The initial upload is crrev.com/2369933005 + a rebase.
- The remaining issues are the fixes requested by the reviewers on that CL.
BUG=chromium:634276
Review-Url: https://codereview.chromium.org/2403003002
Cr-Commit-Position: refs/heads/master@{#40153}
port ec132e05ec (r40086)
original commit message:
(GcStress failure was unrelated.)
At one time, we hoped to generate the same code for different
native contexts. But in truth, much performance comes from optimizing
on the native context. Now we abandon this pathway.
BUG=
Review-Url: https://codereview.chromium.org/2404843002
Cr-Commit-Position: refs/heads/master@{#40147}
This CL set Floating-point precision in Math.Cos/Math.Sin in Crankshaft compiler to standard double precision which is expected by v8.
BUG=
Review-Url: https://codereview.chromium.org/2403803002
Cr-Commit-Position: refs/heads/master@{#40146}
Reason for revert:
Fails under LeakSanitizer on auto-roll fyi bot:
https://build.chromium.org/p/client.v8.fyi/builders/Auto-roll%20-%20release%20process/builds/49447
Original issue's description:
> [modules] Store Module metadata in per-Context EmbedderData
>
> Unifies the approaches used for storing the specifier -> module mapping
> and the module -> directory mapping, using std::unordered_maps for both
> and storing them per-Context.
>
> This requires adding a method to the v8::Module API to get a hash code
> for a Module, but allows slimming down the API in return: gone are
> SetEmbedderData/GetEmbedderData, along with the fourth argument
> to ResolveModuleCallback.
>
> Besides a simpler API, this allows d8 to get closer to the HTML loader,
> which requires each Realm to have a persistent module map (though this
> capability is not yet exercised by any tests).
>
> BUG=v8:1569
>
> Committed: https://crrev.com/9cf8fce74cf6e7afd6aea3f3545f6bb61572f277
> Cr-Commit-Position: refs/heads/master@{#40133}
TBR=jochen@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2406973003
Cr-Commit-Position: refs/heads/master@{#40145}
Unifies the approaches used for storing the specifier -> module mapping
and the module -> directory mapping, using std::unordered_maps for both
and storing them per-Context.
This requires adding a method to the v8::Module API to get a hash code
for a Module, but allows slimming down the API in return: gone are
SetEmbedderData/GetEmbedderData, along with the fourth argument
to ResolveModuleCallback.
Besides a simpler API, this allows d8 to get closer to the HTML loader,
which requires each Realm to have a persistent module map (though this
capability is not yet exercised by any tests).
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2393303002
Cr-Commit-Position: refs/heads/master@{#40133}
Extend a test of namespace imports such that it accesses the object inside a
with statement (inside a sloppy function).
Drive-by-fix: remove duplicate initialization of embedder data (probably due to
bad merge).
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2405603003
Cr-Commit-Position: refs/heads/master@{#40129}
Also add a test for when the first argument is null or undefined, as there are no tests that cover this currently.
BUG=v8:5364
Review-Url: https://codereview.chromium.org/2399423003
Cr-Commit-Position: refs/heads/master@{#40127}
The spurious failures were caused by the compiled module
template and its corresponding owning object getting out of
sync due to memory allocations (which may trigger GC)
between the points each were fetched.
Specifically, the {original} was first obtained; then a GC
may happen when cloning the {code_table}. At this point,
the {original}'s owner may have been collected, getting us
down the path of not cloning. When time comes to patch up
globals, we incorrectly try to patch them assuming the
global start is at 0 (nullptr), which in fact it isn't.
This change roots early, in a GC-free area, both objects.
Additionally, it avoids publishing to the instances chain
the new instance until the very end. This way:
- the objects used to create the new instance offer a
consistent view
- the instances chain does not see the object we try to
form. If something fails, we can safely retry.
- since the owner is rooted, the state of the front of the
instances chain stays unchanged - with the same compiled
module we started from. So the early belief that we needed
to clone is not invalidated by any interspersed GC.
This situation suffers from a sub-optimality discussed in
the design document, in that, in a memory constrained
system, the following snippet may surprisingly fail:
var m = new WebAssembly.Module(...);
var i1 = new WebAssembly.Instance(m);
i1 = null;
var i2 = new WebAssembly.Instance(m); //may fail.
This will be addressed subsequently.
BUG=v8:5451
Review-Url: https://codereview.chromium.org/2395063002
Cr-Commit-Position: refs/heads/master@{#40126}
This CL ports RegExp.prototype.test, RegExp.prototype.match
and RegExp.prototype.search to C++.
Performance regressions are expected but should be improved
in an upcoming CL.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2394713003
Cr-Commit-Position: refs/heads/master@{#40122}
Again, fast paths could be added for unmodified JSRegExp instances.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2392463005
Cr-Commit-Position: refs/heads/master@{#40119}
Reason for revert:
String.includes crashes when called with null or undefined as the first param
Original issue's description:
> [builtins] Move StringIncludes to a builtin.
>
> BUG=v8:5364
>
> Committed: https://crrev.com/b374d719e79a5b32168c25c0cda30056f5e6e36c
> Cr-Commit-Position: refs/heads/master@{#40110}
TBR=franzih@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5364
Review-Url: https://codereview.chromium.org/2407793002
Cr-Commit-Position: refs/heads/master@{#40118}
port 1beb89f24c (r39827)
original commit message:
This patch simplifies code for speeding up marking and
removes write barrier counter.
The step size is now computed based in two parts:
- bytes to mark in order to keep up with allocation,
- bytes to mark in order to make progress.
BUG=
Review-Url: https://codereview.chromium.org/2407733003
Cr-Commit-Position: refs/heads/master@{#40116}
If an inner function only declares a variable but doesn't use it, Parser
and PreParser produced different unresolved variables, and that confused
the pessimistic context allocation.
This is continuation to https://codereview.chromium.org/2388183003/
This CL fixes more complicated declarations (which are not just one
identifier). For this, PreParser needs to accumulate identifiers used
in expressions.
In addition, this CL manifests FLAG_lazy_inner_functions in tests, so that
we get clusterfuzz coverage for it.
BUG=chromium:650969, v8:5501
Review-Url: https://codereview.chromium.org/2400613003
Cr-Commit-Position: refs/heads/master@{#40112}
There were once plans to generate cross-context code with TurboFan,
however that doesn't fit into the model anymore, and so all of this
is essentially dead untested code (and thus most likely already broken
in subtle ways). With this mode still in place it would also be a lot
harder to make inlining based on SharedFunctionInfo work.
BUG=v8:2206,v8:5499
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2406803002
Cr-Commit-Position: refs/heads/master@{#40109}
Updated the deserialization API to avoid copying uncompiled
bytes.
BUG=
Review-Url: https://codereview.chromium.org/2404673002
Cr-Commit-Position: refs/heads/master@{#40108}
This allows us to stop using a Symbol, set as the name of the Module's
SharedFunctionInfo, as our storage for a hash.
As part of this, centralize the code for generating a random, non-zero
hash code in one place (there were previously two copies of this code,
and I needed to call it from a third file).
BUG=v8:5483
TBR=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2395233003
Cr-Commit-Position: refs/heads/master@{#40102}
Reason for revert:
Needed to revert https://codereview.chromium.org/2400343002/
Original issue's description:
> [parser] Deprecate ParseInfo constructor taking closure.
>
> This removes the {ParseInfo} constructor consuming a closure, replacing
> all uses to pass only the shared function info. The goal is to make the
> fact that parsing is independent of a concrete closure explicit.
>
> R=jochen@chromium.org
> BUG=v8:2206
>
> Committed: https://crrev.com/3de42b3f224217ec88e4c609d3cf23fe06806dca
> Cr-Commit-Position: refs/heads/master@{#40083}
TBR=jochen@chromium.org,bmeurer@chromium.org,marja@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2206
Review-Url: https://codereview.chromium.org/2406623002
Cr-Commit-Position: refs/heads/master@{#40097}
This implements namespace imports (import * as foo from "bar"), except for the
@@iterator property on namespace objects (to be done later).
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2388153003
Cr-Commit-Position: refs/heads/master@{#40096}
Found with libfuzzer. The length is automatically converted to int (thus
large sizes could become negative, even though they are legal "array sizes").
Besides that, the length is coerced to a SMI (which is an even tighter
constraint on 32-bit systems, where it limits the legal sizes to 2^30 - 1).
Add checks that the length of a dense array is below that threshold, and also
fail fast if a length that is provided obviously could not be the correct dense
length (because there isn't enough data left in the buffer to populate such an
array).
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2399873002
Cr-Commit-Position: refs/heads/master@{#40094}
A wide jump can be patched with a non-wide jump target operand, so the
DCHECK added in r39637 was wrong.
BUG=chromium:652430
Review-Url: https://codereview.chromium.org/2400203002
Cr-Commit-Position: refs/heads/master@{#40090}
This removes the restriction of only allowing lazy compilation for
top-level eval code with a context. We can by now compile such code
without a concrete closure.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2400973002
Cr-Commit-Position: refs/heads/master@{#40089}
Previously this would result in applying trying to find a size modulo zero,
which causes SIGFPE. This approach was preferred over adding a default case
to preserve the ability of the compiler to detect unhandled switch cases
(within the valid range of the enum).
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2395073003
Cr-Commit-Position: refs/heads/master@{#40088}
(GcStress failure was unrelated.)
At one time, we hoped to generate the same code for different
native contexts. But in truth, much performance comes from optimizing
on the native context. Now we abandon this pathway.
BUG=
TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
Review URL: https://codereview.chromium.org/2402663002 .
Cr-Commit-Position: refs/heads/master@{#40086}
This removes the {ParseInfo} constructor consuming a closure, replacing
all uses to pass only the shared function info. The goal is to make the
fact that parsing is independent of a concrete closure explicit.
R=jochen@chromium.org
BUG=v8:2206
Review-Url: https://codereview.chromium.org/2396963003
Cr-Commit-Position: refs/heads/master@{#40083}
This reverts commit 7db0ecdec3.
Manual revert since automatic revert is too large for the web interface.
BUG=
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,ahaas@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
Review-Url: https://codereview.chromium.org/2396353002
Cr-Commit-Position: refs/heads/master@{#40082}
Reason for revert:
Possible GCSTRESS failure, investigating.
Original issue's description:
> [turbofan] Discard the shared code entry in the optimized code map.
>
> At one time, we hoped to generate the same code for different
> native contexts. But in truth, much performance comes from optimizing
> on the native context. Now we abandon this pathway.
>
> BUG=
>
> Committed: https://crrev.com/55af3c44c99a6e4cd6d53df775023d760ad2b2c3
> Cr-Commit-Position: refs/heads/master@{#40079}
TBR=mstarzinger@chromium.org,ishell@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2403453002
Cr-Commit-Position: refs/heads/master@{#40081}
At one time, we hoped to generate the same code for different
native contexts. But in truth, much performance comes from optimizing
on the native context. Now we abandon this pathway.
BUG=
Review-Url: https://codereview.chromium.org/2401653002
Cr-Commit-Position: refs/heads/master@{#40079}
In CreateModuleObjectFromBytes, pointers to the raw bytes will be stored
inside the decoded WasmModule, and still used after allocating V8 stuff
in WasmModule::CompileFunctions. We thus cannot pass a raw pointer to
the V8 heap.
Fix this by copying the bytes before decoding.
R=mtrofin@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2402633002
Cr-Commit-Position: refs/heads/master@{#40077}
For now keep the logic in compiler.cc and add a DCHECK that the scopes
and compiler.cc agree.
Use this knowledge to only created ScopeInfos for literals we'll
actually compile.
BUG=v8:5394,v8:5422
R=marja@chromium.org,verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2399833002
Cr-Commit-Position: refs/heads/master@{#40074}
This implicitly convers parseFloat on the global object as well, since
it's the same function. This is mostly straight-forward, but adds
another fast case for HeapNumbers as well.
R=ishell@chromium.org
Review-Url: https://codereview.chromium.org/2395373002
Cr-Commit-Position: refs/heads/master@{#40072}
- Added gating code in the module-decoder to allow SIMD code only when
it can be decoded correctly
- SIMD128 values should not be exported to JS
- Try/Catch should not be available in asmjs modules
- Trivial fixes for S128 values
BUG=chromium:648079
R=ahaas@chromium.org, titzer@chromium.org, bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2400863003
Cr-Commit-Position: refs/heads/master@{#40067}
Strongly typing module_bytes needs a patch for the
serialization code.
Serialization bypasses module bytes, so their presence can't
be compulsory.
BUG=
Review-Url: https://codereview.chromium.org/2397303002
Cr-Commit-Position: refs/heads/master@{#40063}
I am removing three fields from the wasm object in a follow-up commit,
and using information in the compiled module instead. In order to not
weaken the verification, this commit adds appropriate checks on the
compiled module.
R=titzer@chromium.org,mtrofin@chromium.org
Review-Url: https://codereview.chromium.org/2394663008
Cr-Commit-Position: refs/heads/master@{#40061}
One step closer to the informally-agreed upon specification
that structured cloning will always succeed, meaning, if
we fail to deserialize (e.g. because version mismatch in
serialized format and v8 version), we recompile.
As part of this work, the deserializer will need to become
more resilient to invalid input data, and fail graciously
rather than CHECK-ing. This CL addresses some of that,
sufficient to unblock the current serialization tests.
Subsequent CLs will add more testing and the appropriate
fixes.
BUG=639090
Review-Url: https://codereview.chromium.org/2395793003
Cr-Commit-Position: refs/heads/master@{#40058}
This patch sets `this` to be undefined when calling resolve and reject
functions attached to the deferred.
BUG=v8:5476
Review-Url: https://codereview.chromium.org/2399053003
Cr-Commit-Position: refs/heads/master@{#40056}
Introduce AccessCompilerData which hangs off the Isolate, and initialize
it when the first PropertyAccessCompiler is instantiated. This avoids
TSAN failures when trying to access load/store calling convention arrays.
BUG=v8:5427
Review-Url: https://codereview.chromium.org/2389313002
Cr-Commit-Position: refs/heads/master@{#40055}
A new V8 API object v8::TracingCpuProfiler is introduced.
Client can create it on an isolate to enable JS CPU profiles collected
during tracing session.
Once the v8.cpu_profile2 tracing category is enabled the profiler emits
CpuProfile and CpuProfileChunk events with the profile data.
BUG=chromium:406277
Review-Url: https://codereview.chromium.org/2396733002
Cr-Commit-Position: refs/heads/master@{#40054}
Imports and exports in 0xC can be much more than functions, including
tables, memories, and globals. This CL refactors the underlying
organization of imports and exports to support these new import types.
BUG=
Committed: https://crrev.com/599f8a83420346d9cba5ff97bd2a7520468207b6
Review-Url: https://codereview.chromium.org/2390113003
Cr-Original-Commit-Position: refs/heads/master@{#40033}
Cr-Commit-Position: refs/heads/master@{#40050}
There's no point going through all the checks in the Add stub when we
already know that both sides are strings.
Review-Url: https://codereview.chromium.org/2395083002
Cr-Commit-Position: refs/heads/master@{#40047}
This enables the {BytecodeGraphBuilder} whenever heuristics in the
compilation pipeline determine both Ignition and TurboFan to be used.
There no longer needs to be an explicit flag passed in order to build
graphs from bytecode.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2363413005
Cr-Commit-Position: refs/heads/master@{#40045}
Reason for revert:
Crashing.
Original issue's description:
> [heap] Concurrent slot filtering in sweeper threads.
>
> This is an intermediate step for concurrent slot filtering. This CL already makes filtering concurrent, but does not integrate it in the actual sweeping. This will be done in two follow up CLs. One for the regular slot set and one for the typed slot set.
>
> BUG=chromium:648568
>
> Committed: https://crrev.com/1f89d369fc952a2826f9f62901fb84fcf30920d7
> Cr-Commit-Position: refs/heads/master@{#40040}
TBR=ulan@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:648568
Review-Url: https://codereview.chromium.org/2399003002
Cr-Commit-Position: refs/heads/master@{#40043}
Now that the scope chain is deserialized directly from the chain of
{ScopeInfo} objects, it is no longer needed to provide a context. This
makes the {AllowsLazyCompilationWithoutContext} predicate coincide with
the more general {AllowsLazyCompilation}. Remove the former.
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2399853002
Cr-Commit-Position: refs/heads/master@{#40042}
With this CL, we devolve all Constants introduced as they are with an object handle into
* Range - for integers
* Nan
* MinusZero
* OtherNumberConstant - for doubles
* HeapConstant
We reduce the amount we have to inspect an object handle during optimization. Also, simplifications result. For example, you never have to check if a Range contains a HeapConstant.
BUG=
Review-Url: https://codereview.chromium.org/2381523002
Cr-Commit-Position: refs/heads/master@{#40041}
This is an intermediate step for concurrent slot filtering. This CL already makes filtering concurrent, but does not integrate it in the actual sweeping. This will be done in two follow up CLs. One for the regular slot set and one for the typed slot set.
BUG=chromium:648568
Review-Url: https://codereview.chromium.org/2401563002
Cr-Commit-Position: refs/heads/master@{#40040}
Recent changes in Segment class caused many tests to fail on mips32
because of an unaligned read error. Setting the alignment to 8 for mips
fixes the issue. Accessing doubles on mips32 must be eight bit aligned.
BUG=
Review-Url: https://codereview.chromium.org/2390303003
Cr-Commit-Position: refs/heads/master@{#40039}
Flag getters are implemented as TurboFan stubs while the rest are written as
C++. This distinction is somewhat arbitrary and more getters could be ported to
TurboFan in the future.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2389233002
Cr-Commit-Position: refs/heads/master@{#40036}
Imports and exports in 0xC can be much more than functions, including
tables, memories, and globals. This CL refactors the underlying
organization of imports and exports to support these new import types.
BUG=
Review-Url: https://codereview.chromium.org/2390113003
Cr-Commit-Position: refs/heads/master@{#40033}
In an anonymous namespace, all methods are already treated like being
static, so no need for these keywords.
Review-Url: https://codereview.chromium.org/2384403006
Cr-Commit-Position: refs/heads/master@{#40032}
This switches the {ParseInfo} constructor to always determine the outer
scope info from the shared function info instead of a concrete closure.
It is a precursor to deprecate the constructor taking closures entirely
and hence make the fact that we can parse without a closure explicit.
R=jochen@chromium.org
BUG=v8:2206
Review-Url: https://codereview.chromium.org/2397053003
Cr-Commit-Position: refs/heads/master@{#40031}
The generic implementations for typeof, strict equality and ToBoolean
don't need a context, so we can just pass the NoContextConstant (which
is Smi zero) instead, to reduce the live ranges for the context.
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2400633002
Cr-Commit-Position: refs/heads/master@{#40027}
The scavenger should never consider mark bits for promotion/copy as this creates
weird livetimes at the start of incremental marking. E.g. consider an object
marked black by the marker at the start of incremental marking. A scavenge would
promote it to the old generation although it could --and for short-living
objects actually does-- become unreachable during marking
Also, keeping this invariant significantly simplifies young generation mark
compacting as we can compare against the scavenging decision without keeping
different sets of markbits.
BUG=chromium:651354
R=hpayer@chromium.org
Review-Url: https://codereview.chromium.org/2397713002
Cr-Commit-Position: refs/heads/master@{#40026}
... because the latter automatically respects the desired calling convention.
BUG=v8:5408
Review-Url: https://codereview.chromium.org/2398683004
Cr-Commit-Position: refs/heads/master@{#40025}
because ownership over it is not obviously clear
and leads to errors.
Review-Url: https://codereview.chromium.org/2366283003
Cr-Commit-Position: refs/heads/master@{#40024}
... because the latter automatically respects the desired calling convention.
BUG=v8:5408
Review-Url: https://codereview.chromium.org/2396023002
Cr-Commit-Position: refs/heads/master@{#40023}
Emit code like this
cmpq reg, [kRootRegister + offset]
when selecting instructions for comparisons with immortal, immovable
roots. This reduces register pressure as we don't need to load those
roots into registers first.
R=jarin@chromium.orgTBR=hpayer@chromium.org
Review-Url: https://codereview.chromium.org/2396923003
Cr-Commit-Position: refs/heads/master@{#40022}
Fixes:
- Remove OsrGuards on frame specialization (for asm.js).
- Handle the rename in the walk for native context.
- Fix LoadContext effect wiring for Osr context chains.
Review-Url: https://codereview.chromium.org/2388303006
Cr-Commit-Position: refs/heads/master@{#40021}
Specifically an attempt to address a 3.5% regression on the total load
time on cnn introduced by https://codereview.chromium.org/2113673002.
Non-refactoring effect of this CL is to reduce the number of branches in
CodeStubAssembler-generated loops iterating over FixedArrays from
two to one.
LOG=N
BUG=v8:5423
Review-Url: https://codereview.chromium.org/2380953002
Cr-Commit-Position: refs/heads/master@{#40020}
When we create native promises as part of PromiseThen, we don't have
to create resolving closures. The closure will only ever be called
once from PromiseHandle, therefore we don't need the alreadyResolved
check.
This results in a 21.76% improvement in the bluebird benchmark
over 5 runs.
BUG=v8:5046
Review-Url: https://codereview.chromium.org/2396763002
Cr-Commit-Position: refs/heads/master@{#40018}
Allow fround to take values without dots for globals (the spec allows this
subtly).
Drop over-restrictive assert preventing floating point globals from working.
BUG=v8:4203
R=jpp@chromium.org,aseemgarg@chromium.org
Review-Url: https://codereview.chromium.org/2397823003
Cr-Commit-Position: refs/heads/master@{#40013}
Reason for revert:
Speculative revert due to very strange-looking win/dbg failures
which reference SignedDivisionByConstant:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/12736
Original issue's description:
> Reland "Turn libbase into a component"
>
> Original issue's description:
> > Turn libbase into a component
> >
> > This is a precondition for turning libplatform into a component
> >
> > BUG=v8:5412
> > R=jgruber@chromium.org,machenbach@chromium.org
> > CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_
> dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
> >
> > Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104
> > Cr-Commit-Position: refs/heads/master@{#39950}
>
> BUG=v8:5412
> TBR=jgruber@chromium.org,machenbach@chromium.org
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe;master.tryserver.chromium.mac:mac_chromium_compile_dbg_ng
>
> Committed: https://crrev.com/17cb51254cafa932025e9980b60f89f756d411cb
> Cr-Commit-Position: refs/heads/master@{#39969}
TBR=jgruber@chromium.org,machenbach@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5412
Review-Url: https://codereview.chromium.org/2396933002
Cr-Commit-Position: refs/heads/master@{#40009}
An attempt to fix memory regression (r38047) caused another regression
because custom capacity chosen for names dictionary implied reallocations
during initialization in some cases.
BUG=chromium:625894,chromium:632231
Review-Url: https://codereview.chromium.org/2394873002
Cr-Commit-Position: refs/heads/master@{#40006}
The duplicated enum values are only used by the FastNewClosureStub,
so inline them there, with the help of one new constant (kFunctionKindShift)
in SharedFunctionInfo.
Review-Url: https://codereview.chromium.org/2390043003
Cr-Commit-Position: refs/heads/master@{#40005}
Reason for revert:
Broke the tree again, for no obvious reason :/
Original issue's description:
> [interpreter] Add string type feedback to add
>
> Adds string type feedback to Ignition's AddWithFeedback code stub, for now only
> adding a special case for when both lhs and rhs are strings. This improves
> octane's splay by >100%.
>
> BUG=v8:5400
>
> Committed: https://crrev.com/fb4ae2239d37adaf0321165034050316914de708
> Committed: https://crrev.com/bf1a94f1b269914856a8c8763fd282367f066c67
> Cr-Original-Commit-Position: refs/heads/master@{#39987}
> Cr-Commit-Position: refs/heads/master@{#39996}
TBR=rmcilroy@chromium.org,mythria@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5400
Review-Url: https://codereview.chromium.org/2393193002
Cr-Commit-Position: refs/heads/master@{#40000}
... by passing a field offset as a runtime parameter.
This CL also introduces a StoreMapStub - a special case of a store transition
that used to be handled by old StoreTransitionStub.
BUG=chromium:648545
Review-Url: https://codereview.chromium.org/2397573004
Cr-Commit-Position: refs/heads/master@{#39997}
Adds string type feedback to Ignition's AddWithFeedback code stub, for now only
adding a special case for when both lhs and rhs are strings. This improves
octane's splay by >100%.
BUG=v8:5400
Committed: https://crrev.com/fb4ae2239d37adaf0321165034050316914de708
Review-Url: https://codereview.chromium.org/2392533002
Cr-Original-Commit-Position: refs/heads/master@{#39987}
Cr-Commit-Position: refs/heads/master@{#39996}
Implement the logic for StringIterator.prototype.next in the JSBuiltinReducer in order to allow inlining when the receiver is a JS_STRING_ITERATOR_TYPE map, built ontop of the SimplifiedOperators StringCharCodeAt and the newly added StringFromCodePoint.
Also introduces a new StringFromCodePoint simplified op which may be useful for other String builtins, such as String.fromCodePoint()
BUG=v8:5388
R=bmeurer@chromium.org, mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2373983004
Cr-Commit-Position: refs/heads/master@{#39994}
Properly fold external reference access into memory operands whenever
possible, i.e. for accessing the allocation top/limit, similar to what
we do in Crankshaft and hand-written native code. This only works when
the serializer is disabled, i.e. doesn't apply to the stubs in the
snapshot (for now). This reduces register pressure especially around
allocations where we'd currently need two registers to hold both the
allocation top and limit pointers in registers (on x64).
R=epertoso@chromium.org
Review-Url: https://codereview.chromium.org/2398603002
Cr-Commit-Position: refs/heads/master@{#39993}
Reason for revert:
Fails unittests on win32 debug:
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds/5026
Original issue's description:
> [interpreter] Add string type feedback to add
>
> Adds string type feedback to Ignition's AddWithFeedback code stub, for now only
> adding a special case for when both lhs and rhs are strings. This improves
> octane's splay by >100%.
>
> BUG=v8:5400
>
> Committed: https://crrev.com/fb4ae2239d37adaf0321165034050316914de708
> Cr-Commit-Position: refs/heads/master@{#39987}
TBR=rmcilroy@chromium.org,mythria@chromium.org,leszeks@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5400
Review-Url: https://codereview.chromium.org/2395743004
Cr-Commit-Position: refs/heads/master@{#39991}
Adds string type feedback to Ignition's AddWithFeedback code stub, for now only
adding a special case for when both lhs and rhs are strings. This improves
octane's splay by >100%.
BUG=v8:5400
Review-Url: https://codereview.chromium.org/2392533002
Cr-Commit-Position: refs/heads/master@{#39987}
Reason for revert:
Tanks the world.
Original issue's description:
> [turbofan] Osr value typing + dynamic type checks on entry.
>
> This introduces a new OsrGuard node that is inserted during graph building
> to guard the inferred type of the OSR value.
>
> The type of the OSR value is inferred by running the typer before OSR
> deconstruction, and then taking the type from the phi that takes the
> OSR value. After the deconstruction, we throw the types away.
>
> At the moment we only support the SignedSmall OSR type and we always
> pick the tagged representation. Later, we might want to support more
> types (such as Number) and pick better representations (int32/float64).
>
> This CL also removes the OSR deconstruction tests because they build
> unrealistic graph (no effect chain, no loop termination). I considered
> adding the effect chains to the tests, but this would make the tests
> even more brittle.
>
> Committed: https://crrev.com/1f5dc90a900d222da44bee3eff171a2ba1e3c076
> Cr-Commit-Position: refs/heads/master@{#39971}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2395783002
Cr-Commit-Position: refs/heads/master@{#39985}
This moves the RegExp constructor to C++. Local runs of octane/regexp are
performance-neutral:
C++: 4970.1 +- 404.981
JS: 4869.2 +- 586.743
That's probably only the case because exec and replace dominate
octane/regexp. There's potential for improvement here, for instance by
adding a fast-path if new.target is an unmodified JSRegExp function.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2384613004
Cr-Commit-Position: refs/heads/master@{#39981}
The implementation of MemorySize with RelocatableInt32Constants is
problematic if MemorySize is placed close to a GrowMemory instruction in
the code. The use of a runtime function guarantees that the order in
which MemorySize and GrowMemory is executed is correct.
R=titzer@chromium.org
BUG=chromium:651961
TEST=mjsunit/regress/wasm/regression-651961
Committed: https://crrev.com/2c12a9a42d454a36fcd2931fa458d72832eeb689
Review-Url: https://codereview.chromium.org/2386183004
Cr-Original-Commit-Position: refs/heads/master@{#39972}
Cr-Commit-Position: refs/heads/master@{#39980}
It's useful for debugging / analytics purposes, since we can force all
parsing to happen on a foreground thread.
BUG=
Review-Url: https://codereview.chromium.org/2386123006
Cr-Commit-Position: refs/heads/master@{#39977}
It is currently being rolled behind the --turbo_verify_machine_graph flag.
BUG=
Review-Url: https://codereview.chromium.org/2388313003
Cr-Commit-Position: refs/heads/master@{#39976}
If possible, take the constant map from the (known) native context for
JSCreateIterResultObject, so that subsequent map checks can be
eliminated in case of iterator inlining.
R=jarin@chromium.org
BUG=v8:3822
Review-Url: https://codereview.chromium.org/2394783002
Cr-Commit-Position: refs/heads/master@{#39974}
Reason for revert:
Patch problem
Original issue's description:
> [wasm] Call a runtime function for a MemorySize instruction.
>
> The implementation of MemorySize with RelocatableInt32Constants is
> problematic if MemorySize is placed close to a GrowMemory instruction in
> the code. The use of a runtime function guarantees that the order in
> which MemorySize and GrowMemory is executed is correct.
>
> R=titzer@chromium.org
> BUG=chromium:651961
> TEST=mjsunit/regress/wasm/regression-651961
>
> Committed: https://crrev.com/2c12a9a42d454a36fcd2931fa458d72832eeb689
> Cr-Commit-Position: refs/heads/master@{#39972}
TBR=titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:651961
Review-Url: https://codereview.chromium.org/2391223002
Cr-Commit-Position: refs/heads/master@{#39973}
The implementation of MemorySize with RelocatableInt32Constants is
problematic if MemorySize is placed close to a GrowMemory instruction in
the code. The use of a runtime function guarantees that the order in
which MemorySize and GrowMemory is executed is correct.
R=titzer@chromium.org
BUG=chromium:651961
TEST=mjsunit/regress/wasm/regression-651961
Review-Url: https://codereview.chromium.org/2386183004
Cr-Commit-Position: refs/heads/master@{#39972}
This introduces a new OsrGuard node that is inserted during graph building
to guard the inferred type of the OSR value.
The type of the OSR value is inferred by running the typer before OSR
deconstruction, and then taking the type from the phi that takes the
OSR value. After the deconstruction, we throw the types away.
At the moment we only support the SignedSmall OSR type and we always
pick the tagged representation. Later, we might want to support more
types (such as Number) and pick better representations (int32/float64).
This CL also removes the OSR deconstruction tests because they build
unrealistic graph (no effect chain, no loop termination). I considered
adding the effect chains to the tests, but this would make the tests
even more brittle.
Review-Url: https://codereview.chromium.org/2384113002
Cr-Commit-Position: refs/heads/master@{#39971}
Original issue's description:
> Turn libbase into a component
>
> This is a precondition for turning libplatform into a component
>
> BUG=v8:5412
> R=jgruber@chromium.org,machenbach@chromium.org
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_
dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
>
> Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104
> Cr-Commit-Position: refs/heads/master@{#39950}
BUG=v8:5412
TBR=jgruber@chromium.org,machenbach@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe;master.tryserver.chromium.mac:mac_chromium_compile_dbg_ng
Review-Url: https://codereview.chromium.org/2395553002
Cr-Commit-Position: refs/heads/master@{#39969}
Memory infra in tracing currently uses Isolate::GetHeapStatistics to fetch
object statistics from V8 at certain frequency, which is not accurate and will
have redundant result. This path adds a trace event as well as a trace category
at where we collect object statistics after marking before sweeping, and dumps
all information to the trace event.
In order to use this functionality, we need to enable two flags:
--track-gc-object-stats and --noincremental-marking.
BUG=v8:5453
Review-Url: https://codereview.chromium.org/2379823004
Cr-Commit-Position: refs/heads/master@{#39966}
Debug-time tracing for module instances, to aid diagnosing
potential bugs.
BUG=
Review-Url: https://codereview.chromium.org/2390393002
Cr-Commit-Position: refs/heads/master@{#39965}
This fixes a gc stress bug. We cannot rely on an ordering of
clearing of the weak cells, so we explicitly reset the weak
link to the owning instance, when finalizing a compiled
module. In turn, this serves as a reliable signal when GCs
happen while instantiating, allowing us to correctly link the
new instance.
BUG=chromium:652425
Review-Url: https://codereview.chromium.org/2393443003
Cr-Commit-Position: refs/heads/master@{#39964}
Previously, b6e9f625c1 fixed self-assignment
in parameters to throw. But it failed to deal with the case of
destructuring with defaults. This patch extends that previous approach
to always treat the end of a parameter as its initializer position,
whether it has an initializer or not.
This is the minimal change to make it easy to merge; a follow-up
will rename the field of Parameter from "initializer_end_position"
to "end_position".
BUG=v8:5454
Review-Url: https://codereview.chromium.org/2390943002
Cr-Commit-Position: refs/heads/master@{#39962}
Reason for revert:
Main suspect for roll block:
https://codereview.chromium.org/2387403002/
Original issue's description:
> Turn libbase into a component
>
> This is a precondition for turning libplatform into a component
>
> BUG=v8:5412
> R=jgruber@chromium.org,machenbach@chromium.org
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
>
> Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104
> Cr-Commit-Position: refs/heads/master@{#39950}
TBR=jgruber@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5412
Review-Url: https://codereview.chromium.org/2393603002
Cr-Commit-Position: refs/heads/master@{#39960}
The old hydrogen stub (and runtime fallback) are still needed while they are
used in regexp.js. These will go away once affected code has been ported.
Drive-by-fix: Fixed typo in GetFixedA{a,}rrayAllocationSize.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2384473002
Cr-Commit-Position: refs/heads/master@{#39952}
This is a precondition for turning libplatform into a component
BUG=v8:5412
R=jgruber@chromium.org,machenbach@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
Review-Url: https://codereview.chromium.org/2381273002
Cr-Commit-Position: refs/heads/master@{#39950}
In some (rare) cases, the context depth passed to a dynamic variable lookup can
be zero. In these cases, the fast path for the lookup (i.e. load from context or
global) can always be taken, as there is no need to search the current context.
However, with no slow path checks, the bytecode graph builder had a null
environment for the slow path, causing segfaults when this graph was built.
This patch adds a null check for the slow path environment, and skips building
the slow path if the environment is null.
BUG=chromium:652186
Review-Url: https://codereview.chromium.org/2385123002
Cr-Commit-Position: refs/heads/master@{#39949}
Clear also frees the memory, which isn't useful in the case of a zonelist. If we later want to use the list (e.g., because of aborting), that will cause additional allocations.
BUG=
Review-Url: https://codereview.chromium.org/2391953002
Cr-Commit-Position: refs/heads/master@{#39948}
If an inner function only declares a variable but doesn't use it, Parser
and PreParser produced different unresolved variables, and that confused
the pessimistic context allocation.
BUG=chromium:650969
Review-Url: https://codereview.chromium.org/2388183003
Cr-Commit-Position: refs/heads/master@{#39947}
Recent changes to the wasm format prevent you from knowing
the function index of a direct call until you know how many
imports you have (the index spaces have been merged).
Asm.js validation can't know this until all callsites have been
visited if you want to avoid materializing the entire AST / parsing twice.
Instead, keep a list of fixups to perform for all direct callsites,
then update these with the imports count added when emitting the module.
BUG=v8:4203
R=aseemgarg@chromium.org,titzer@chromium.org
Review-Url: https://codereview.chromium.org/2384623003
Cr-Commit-Position: refs/heads/master@{#39937}
- Coalesced all anonymous namespaces into one, and moved it to the
top of the file, to match elsewhere in the v8 codebase.
- Deleted dead code.
- Moved functions that turned out to be local to wasm-module.cc to
the anonymous namespace.
BUG=
Review-Url: https://codereview.chromium.org/2384183002
Cr-Commit-Position: refs/heads/master@{#39936}
Currently the parameter is first parsed as a reference, and then translated into a parameter. The reference stays around though, and gets resolved to the parameter. That automatically creates a use. Now that I drop all unresolved references when we abort preparsing, that also drops the unresolved reference.
Instead, mark the variable as used when its marked as forced context allocation. That's what happens in almost all other cases.
This raises the question: does it really make sense to parse parameters this ways? It seems pretty generic, but neither fast nor memory-efficient ... Did I misunderstand something?
Just land if you think the CL looks good as is.
BUG=chromium:651613
Review-Url: https://codereview.chromium.org/2386623002
Cr-Commit-Position: refs/heads/master@{#39935}
Re-enable marking functions for optimized compilation on the next call
when using OSR. We would previously do this for all functions. However,
it only benefits functions marked for concurrent recompilation. These
would potentially run unoptimized again and be OSRed again.
In addition any function that already was optimized concurrently had
it's optimized code removed and would have been recompiled. Functions to
be baselined would skip that and possibly deopt.
BUG=chromium:651042
Review-Url: https://codereview.chromium.org/2391533002
Cr-Commit-Position: refs/heads/master@{#39934}
Hashmaps with a simple key equality method (comparing pointers) don't
need to waste cycles (and branches) comparing hash values, as the key
comparison is cheap.
This patch modifies the hashmap's MatchFun to take the hashes as well as
the keys, thus allowing the MatchFun to ignore the hashes. This allows
slightly cleaner generated code, especially when the MatchFun is
inlined.
BUG=
Review-Url: https://codereview.chromium.org/2381303002
Cr-Commit-Position: refs/heads/master@{#39932}
Calculate memory size from the available heap. This avoids
the bugs due to some numbers being stored as objects (by-ref)
and thus needing special handling when cloning.
This leaves all the rest of the numbers as read-only.
Further simplified by representing globals size as a Smi.
BUG=
Committed: https://crrev.com/7ced1bdc9df2315ccc07dd17c12736aebf40cb57
Review-Url: https://codereview.chromium.org/2381393002
Cr-Original-Commit-Position: refs/heads/master@{#39923}
Cr-Commit-Position: refs/heads/master@{#39925}
Reason for revert:
Failures on multiple bots (e.g. https://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/8887)
Original issue's description:
> [wasm] further simplification of WasmCompiledModule
>
> Calculate memory size from the available heap. This avoids
> the bugs due to some numbers being stored as objects (by-ref)
> and thus needing special handling when cloning.
>
> This leaves all the rest of the numbers as read-only.
>
> Further simplified by representing globals size as a Smi.
>
> BUG=
>
> Committed: https://crrev.com/7ced1bdc9df2315ccc07dd17c12736aebf40cb57
> Cr-Commit-Position: refs/heads/master@{#39923}
TBR=bradnelson@google.com,bradnelson@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2385943002
Cr-Commit-Position: refs/heads/master@{#39924}
Calculate memory size from the available heap. This avoids
the bugs due to some numbers being stored as objects (by-ref)
and thus needing special handling when cloning.
This leaves all the rest of the numbers as read-only.
Further simplified by representing globals size as a Smi.
BUG=
Review-Url: https://codereview.chromium.org/2381393002
Cr-Commit-Position: refs/heads/master@{#39923}
Fixes the case when the 'imm' is in range [8000,ffff], as the specification
says the 'imm' is sign-extended before the comparsion, so the effective range
is [max_unsigned-7fff,max_unsigned].
TEST=mjsunit/generated-transition-stub@3b8ad45e
BUG=
Review-Url: https://codereview.chromium.org/2386673002
Cr-Commit-Position: refs/heads/master@{#39922}
This is to avoid a dereference of the unhandlified {this} reference
after handlified allocation functions have been called. Combining
handlified and unhandlified style is inherently unsafe.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2380463006
Cr-Commit-Position: refs/heads/master@{#39921}
matching function, creates a hashmap the specialises the case of keys
that simply check pointer equality.
I measure an average ~1% improvement on Octane code-load.
Review-Url: https://codereview.chromium.org/2369963002
Cr-Commit-Position: refs/heads/master@{#39920}
This is essentially CL/2275293002, with the difference that the effect
dependencies are now updated correctly.
BUG=
Review-Url: https://codereview.chromium.org/2378773013
Cr-Commit-Position: refs/heads/master@{#39919}
This moves the Hydrogen-specific {is_tracking_positions} predicate which
also depends on the --hydrogen-track-positions flag into the Crankshaft
directory and removes it from the more general {CompilationInfo}.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2377283002
Cr-Commit-Position: refs/heads/master@{#39913}
Port f84f45f9ca
Original commit message:
When zeroing a floating point stack slot, store the zero register directly,
rather than storing zero moved to an FP register.
BUG=
Review-Url: https://codereview.chromium.org/2364903002
Cr-Commit-Position: refs/heads/master@{#39906}
There are only a few occasions where we allocate a register in an outer
expression allocation scope, which makes the costly free-list approach
of the BytecodeRegisterAllocator unecessary. This CL replaces all
occurrences with moves to the accumulator and stores to a register
allocated in the correct scope. By doing this, we can simplify the
BytecodeRegisterAllocator to be a simple bump-pointer allocator
with registers released in the same order as allocated.
The following changes are also made:
- Make BytecodeRegisterOptimizer able to use registers which have been
unallocated, but not yet reused
- Remove RegisterExpressionResultScope and rename
AccumulatorExpressionResultScope to ValueExpressionResultScope
- Introduce RegisterList to represent consecutive register
allocations, and use this for operands to call bytecodes.
By avoiding the free-list handling, this gives another couple of
percent on CodeLoad.
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2369873002
Cr-Commit-Position: refs/heads/master@{#39905}
Before evaluating a module, all variables declared at the top-level
in _any_ of the modules in the dependency graph must be initialized.
This is observable because a module A can access a variable imported
from module B (e.g. a function) at a point when module B's body hasn't
been evaluated yet.
We achieve this by implementing modules internally as generators with
two states (not initialized, initialized).
R=adamk@chromium.org
BUG=v8:1569
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_win_dbg
Committed: https://crrev.com/f4dfb6fbe1cdd9a0f287a1a9c496e1f69f6f5d20
Committed: https://crrev.com/8c52a411583e870bd5ed100864caa58f491c5d88
Review-Url: https://codereview.chromium.org/2375793002
Cr-Original-Original-Commit-Position: refs/heads/master@{#39871}
Cr-Original-Commit-Position: refs/heads/master@{#39892}
Cr-Commit-Position: refs/heads/master@{#39900}
This ports RegExp.prototype.exec to a TurboFan builtin.
LastMatchInfo is now stored on the context in order to be able to access
it from the stub.
Unmodified RegExp instances go through a fast path of accessing the
lastIndex property as an in-object field, while modified instances call
into runtime for lastIndex loads and stores.
Octane/regexp shows slight improvements (between 0 and 5%) with this CL.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2375953002
Cr-Commit-Position: refs/heads/master@{#39899}
Reason for revert:
Speculative revert for christmas tree
Original issue's description:
> Reland: [modules] Properly initialize declared variables.
>
> Before evaluating a module, all variables declared at the top-level
> in _any_ of the modules in the dependency graph must be initialized.
> This is observable because a module A can access a variable imported
> from module B (e.g. a function) at a point when module B's body hasn't
> been evaluated yet.
>
> We achieve this by implementing modules internally as generators with
> two states (not initialized, initialized).
>
> R=adamk@chromium.org
> BUG=v8:1569
> CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_win_dbg
>
> Committed: https://crrev.com/f4dfb6fbe1cdd9a0f287a1a9c496e1f69f6f5d20
> Committed: https://crrev.com/8c52a411583e870bd5ed100864caa58f491c5d88
> Cr-Original-Commit-Position: refs/heads/master@{#39871}
> Cr-Commit-Position: refs/heads/master@{#39892}
TBR=adamk@chromium.org,mstarzinger@chromium.org,machenbach@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2387593002
Cr-Commit-Position: refs/heads/master@{#39896}
First stab at strongly typing the wasm compiled module FixedArray. The goal
is to improve maintainability of the data structures living on the JS heap.
My goal is to do so just for the first level, since we plan to eventually
avoid copying the metadata bits that are currently copied from the decoded
structures (export/import metadata, etc).
Subsequent CLs will try and consolidate internal functions working off the
compiled module as members, and evaluate what the actual interface with the
rest of the world of this type should be - we may be able to completely
move it in the cc file, for instance.
BUG=
Committed: https://crrev.com/6e03b72d9d7c0d69a4222981687757ffb0737236
Review-Url: https://codereview.chromium.org/2340623003
Cr-Original-Commit-Position: refs/heads/master@{#39890}
Cr-Commit-Position: refs/heads/master@{#39894}
Reason for revert:
Forgot to correctly clone a heap number. Reverting to fix.
Original issue's description:
> [wasm] Strongly typed compiled module
>
> First stab at strongly typing the wasm compiled module FixedArray. The goal
> is to improve maintainability of the data structures living on the JS heap.
>
> My goal is to do so just for the first level, since we plan to eventually
> avoid copying the metadata bits that are currently copied from the decoded
> structures (export/import metadata, etc).
>
> Subsequent CLs will try and consolidate internal functions working off the
> compiled module as members, and evaluate what the actual interface with the
> rest of the world of this type should be - we may be able to completely
> move it in the cc file, for instance.
>
> BUG=
>
> Committed: https://crrev.com/6e03b72d9d7c0d69a4222981687757ffb0737236
> Cr-Commit-Position: refs/heads/master@{#39890}
TBR=bradnelson@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2383623003
Cr-Commit-Position: refs/heads/master@{#39893}
Before evaluating a module, all variables declared at the top-level
in _any_ of the modules in the dependency graph must be initialized.
This is observable because a module A can access a variable imported
from module B (e.g. a function) at a point when module B's body hasn't
been evaluated yet.
We achieve this by implementing modules internally as generators with
two states (not initialized, initialized).
R=adamk@chromium.org
BUG=v8:1569
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_win_dbg
Committed: https://crrev.com/f4dfb6fbe1cdd9a0f287a1a9c496e1f69f6f5d20
Review-Url: https://codereview.chromium.org/2375793002
Cr-Original-Commit-Position: refs/heads/master@{#39871}
Cr-Commit-Position: refs/heads/master@{#39892}
First stab at strongly typing the wasm compiled module FixedArray. The goal
is to improve maintainability of the data structures living on the JS heap.
My goal is to do so just for the first level, since we plan to eventually
avoid copying the metadata bits that are currently copied from the decoded
structures (export/import metadata, etc).
Subsequent CLs will try and consolidate internal functions working off the
compiled module as members, and evaluate what the actual interface with the
rest of the world of this type should be - we may be able to completely
move it in the cc file, for instance.
BUG=
Review-Url: https://codereview.chromium.org/2340623003
Cr-Commit-Position: refs/heads/master@{#39890}
Note that the offset can still be out of bounds, even after grow memory. The calculation of the remaining size can overflow.
R=gdeepti@chromium.org
BUG=chromium:644670
Review-Url: https://codereview.chromium.org/2376153003
Cr-Commit-Position: refs/heads/master@{#39886}
Uses the base hashmap to store the ConstantArrayBuilder's constant map,
which slightly improves the performance of ConstantArrayBuilder::Insert.
Includes a small overload of the hashmap LookupOrInsert method, which
allows passing in a value creation function instead of just default
initialising new values.
On Octane's codeload, this gives (on my machine) a 0.27% improvement,
which doesn't sound like a lot but I guess every little helps.
Review-Url: https://codereview.chromium.org/2336553002
Cr-Commit-Position: refs/heads/master@{#39883}
Adds a fast-path test and branch for the turbofan graph generated by
BytecodeGraphBuilder for dynamic global lookups.
BUG=v8:5263
Review-Url: https://codereview.chromium.org/2374983003
Cr-Commit-Position: refs/heads/master@{#39882}
The label names were reversed - an external string is a short external
string if (instance_type | kShortExternalStringMask) != 0.
R=ishell@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2380073002
Cr-Commit-Position: refs/heads/master@{#39880}
Making new nodes inside of exception-handled blocks fiddles around with the
current environment to merge the exception paths. In particular, the current
environment pointer is mutated. This patch ensures that when we merge the fast
and slow paths of the LdaContextLookup, we actually merge the correct
environment and do not accidentally merge the exceptional environment.
BUG=chromium:651394
Review-Url: https://codereview.chromium.org/2379043002
Cr-Commit-Position: refs/heads/master@{#39878}
Reason for revert:
Suspect for causing win64 debug problems:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/12646
Original issue's description:
> [modules] Properly initialize declared variables.
>
> Before evaluating a module, all variables declared at the top-level
> in _any_ of the modules in the dependency graph must be initialized.
> This is observable because a module A can access a variable imported
> from module B (e.g. a function) at a point when module B's body hasn't
> been evaluated yet.
>
> We achieve this by implementing modules internally as generators with
> two states (not initialized, initialized).
>
> R=adamk@chromium.org
> BUG=v8:1569
>
> Committed: https://crrev.com/f4dfb6fbe1cdd9a0f287a1a9c496e1f69f6f5d20
> Cr-Commit-Position: refs/heads/master@{#39871}
TBR=adamk@chromium.org,mstarzinger@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2379063002
Cr-Commit-Position: refs/heads/master@{#39873}
Before evaluating a module, all variables declared at the top-level
in _any_ of the modules in the dependency graph must be initialized.
This is observable because a module A can access a variable imported
from module B (e.g. a function) at a point when module B's body hasn't
been evaluated yet.
We achieve this by implementing modules internally as generators with
two states (not initialized, initialized).
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2375793002
Cr-Commit-Position: refs/heads/master@{#39871}
Reason for revert:
Introduces an infinite loop (see comment).
Original issue's description:
> [builtins] migrate C++ String Iterator builtins to baseline TurboFan
>
> Migrate newly added C++ String Iterator builtins to TFJ builtins, per
> step 4. of the String Iterator Baseline Implementation section of the design doc
>
> BUG=v8:5388
> R=bmeurer@chromium.org, mstarzinger@chromium.org
>
> Committed: https://crrev.com/f9a2c8b1112c4e915df8bc5f7ea1fccdf7a33ff8
> Cr-Commit-Position: refs/heads/master@{#39765}
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,caitp@igalia.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5388
Review-Url: https://codereview.chromium.org/2374123005
Cr-Commit-Position: refs/heads/master@{#39870}
This is useful for my upcoming work on OSR typing, which needs
to create checkpoints (which in turn require environments).
Review-Url: https://codereview.chromium.org/2379643003
Cr-Commit-Position: refs/heads/master@{#39869}
Make MatchFun a template parameter in TemplateHashMapImpl, moving the
PointersMatch function down to an implementation which extends
TemplateHashMapImpl to void* key and value (i.e. the same as the current
HashMap and ZoneHashMap typedefs).
This will allow other instantiations of TemplateHashMapImpl, with
different MatchFun values, e.g. std::equal_to, to have their key
equality test inlined, rather than calling a function pointer,
Review-Url: https://codereview.chromium.org/2354593002
Cr-Commit-Position: refs/heads/master@{#39868}
Add simplified operator reduction rule that reduces
CheckedTaggedSignedToInt32(ConvertTaggedHoleToUndefined(x))
to
CheckedTaggedSignedToInt32(x)
which avoids the unnecessary hole to undefined conversion, as the check
operation will fail equally on either hole or undefined.
BUG=v8:5267
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2384453002
Cr-Commit-Position: refs/heads/master@{#39863}
This is useful for correctness fuzzing where different compilers might
overflow the stack in different points.
Review-Url: https://codereview.chromium.org/2381773003
Cr-Commit-Position: refs/heads/master@{#39862}
This flag was disabled by default, and has been broken for a long time.
BUG=
Review-Url: https://codereview.chromium.org/2374063004
Cr-Commit-Position: refs/heads/master@{#39858}
Tracing CPU profiler allows V8 to automatically collect CPU profile when tracing
is started with category v8.cpu_profile2 enabled.
BUG=chromium:406277
Review-Url: https://codereview.chromium.org/2378143003
Cr-Commit-Position: refs/heads/master@{#39855}
Reason for revert:
No real improvement as we still lack the ability to promote from
scavenges/young gen GCs.
Let's keep this in mind for later.
Original issue's description:
> [heap] Remove border page
>
> A page now belongs either the nursery *or* the intermediate gen. The page that
> contained objects of both spaces is removed in this change.
>
> BUG=chromium:636331
>
> Committed: https://crrev.com/42ece47446f0dbd3779d6e0e00dce97a1931a9f9
> Cr-Commit-Position: refs/heads/master@{#39778}
TBR=ulan@chromium.org,hpayer@chromium.org
BUG=chromium:636331
Review-Url: https://codereview.chromium.org/2383443002
Cr-Commit-Position: refs/heads/master@{#39854}
This ports the platform-specific SubStringStub to TurboFan.
It also contains a minor bug-fix for the case when the requested substring
length equals the subject string length, but the start index is not equal to 0.
The old stub implementation returned the subject string, while the new
implementation calls into runtime, which finally results in a thrown exception.
BUG=v8:5415
Committed: https://crrev.com/49be31921536716706a6790fbbf9c346b975af16
Review-Url: https://codereview.chromium.org/2355793003
Cr-Original-Commit-Position: refs/heads/master@{#39653}
Cr-Commit-Position: refs/heads/master@{#39851}
When lowering a JSLoadNamed with an immutable own property of a
known constant JSObject, we can just constant fold the load during
native context specialization, similar to what Crankshaft does in
HOptimizedGraphBuilder::BuildLoadNamedField. This way we can also
constant-fold stuff like Math.LN2 and friends.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2376033002
Cr-Commit-Position: refs/heads/master@{#39849}
The module size is encoded as a HeapNumber, and needs to be
explicitly cloned.
BUG=chromium:647649
Review-Url: https://codereview.chromium.org/2347333002
Cr-Commit-Position: refs/heads/master@{#39845}
- Store instruction with an offset bigger than GrowMemory offset should handle out of bounds correctly
- Refactor to separate runnning from compile so arguments can be passed in to module builder tests.
BUG=chromium:644670
R=ahaas@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2373613004
Cr-Commit-Position: refs/heads/master@{#39840}
Reason for revert:
OOMs in nosnap debug:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/9572
Original issue's description:
> [heap] New heuristics for starting of incremental marking.
>
> The motivation for this patch is to move more marking work to tasks.
> This is done by postponing the start of incremental marking until
> a marking task is running.
>
> This patch introduces a soft and a hard limits for incremental marking.
> When the soft limit is reached, the marking task is scheduled.
> If the hard limit is reached before the task is running, then
> incremental marking is started without waiting for the task.
>
> BUG=chromium:616434
> LOG=NO
>
> Committed: https://crrev.com/55683ddd2a32e0dfb8df66271fbf53e3618cce9d
> Cr-Commit-Position: refs/heads/master@{#39831}
TBR=hpayer@chromium.org,ulan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:616434
Review-Url: https://codereview.chromium.org/2375983002
Cr-Commit-Position: refs/heads/master@{#39833}
Adds a fast-path test and branch for the turbofan graph generated by
BytecodeGraphBuilder for dynamic local lookups.
BUG=v8:5263
Review-Url: https://codereview.chromium.org/2378653003
Cr-Commit-Position: refs/heads/master@{#39832}
The motivation for this patch is to move more marking work to tasks.
This is done by postponing the start of incremental marking until
a marking task is running.
This patch introduces a soft and a hard limits for incremental marking.
When the soft limit is reached, the marking task is scheduled.
If the hard limit is reached before the task is running, then
incremental marking is started without waiting for the task.
BUG=chromium:616434
LOG=NO
Review-Url: https://codereview.chromium.org/2364923002
Cr-Commit-Position: refs/heads/master@{#39831}
Previously we'd have a scope in the main zone, and another in the temp zone. Then we carefully copied back data to the main zone. This CL changes it so that the scope is just fixed up to only contain data from the main zone. That avoids additional copies and additional allocations; while not increasing the care that needs to be taken. This will also make it easier to abort preparsing while parsing using a temp zone.
BUG=
Committed: https://crrev.com/f41e7ebd62b32e861b6aa14ad8bfce3018d03c3c
Review-Url: https://codereview.chromium.org/2368313002
Cr-Original-Commit-Position: refs/heads/master@{#39800}
Cr-Commit-Position: refs/heads/master@{#39828}
This patch simplifies code for speeding up marking and
removes write barrier counter.
The step size is now computed based in two parts:
- bytes to mark in order to keep up with allocation,
- bytes to mark in order to make progress.
BUG=chromium:616434, chromium:646139, chromium:644819
LOG=NO
Review-Url: https://codereview.chromium.org/2359903002
Cr-Commit-Position: refs/heads/master@{#39827}
This patch replaces cumulative counters with the counters for the current GC cycle.
It also replaces the ring buffer of record incremental marking speeds with a single variable.
Review-Url: https://codereview.chromium.org/2361563004
Cr-Commit-Position: refs/heads/master@{#39826}
This cl introduces reporter to the embedder heap tracer. Heap tracer uses
reporter to report reachable objects from embedder heap. This refactoring is a
step towards being able to take heap snapshots with wrapper tracing.
LOG=no
BUG=468240
Review-Url: https://codereview.chromium.org/2371733002
Cr-Commit-Position: refs/heads/master@{#39824}
Reason for revert:
Revert due to asm.js slowdown
Original issue's description:
> Don't use different function scopes when parsing with temp zones
>
> Previously we'd have a scope in the main zone, and another in the temp zone. Then we carefully copied back data to the main zone. This CL changes it so that the scope is just fixed up to only contain data from the main zone. That avoids additional copies and additional allocations; while not increasing the care that needs to be taken. This will also make it easier to abort preparsing while parsing using a temp zone.
>
> BUG=
>
> Committed: https://crrev.com/f41e7ebd62b32e861b6aa14ad8bfce3018d03c3c
> Cr-Commit-Position: refs/heads/master@{#39800}
TBR=marja@chromium.org,adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2379533003
Cr-Commit-Position: refs/heads/master@{#39821}
TurboFan lowering (see [0]) of ConsString creation cannot ensure that
the first part of the cons string is non-empty without introducing a phi
and negatively impacting performance.
This modifies ConsStringIterator to allow empty first parts of
ConsStrings.
BUG=v8:5440
Review-Url: https://codereview.chromium.org/2377983002
Cr-Commit-Position: refs/heads/master@{#39817}
When the inline lookup on a fast-property receiver doesn't find anything,
try a stub cache lookup before going into the runtime. This is much
faster for properties loaded from the receiver's prototype chain.
BUG=chromium:650236
Review-Url: https://codereview.chromium.org/2373683002
Cr-Commit-Position: refs/heads/master@{#39813}
Reason for revert:
Tanks ai-astar in Kraken pretty badly (some deopt loop).
Original issue's description:
> [stubs] Don't unconditionally canonicalize in ChangeFloat64ToTagged.
>
> Add a CanonicalizationMode to CodeStubAssembler::ChangeFloat64ToTagged,
> so clients can request Smi canonicalization when desired, but otherwise
> get Crankshaft/Fullcodegen compatible behavior of just boxing the double
> into a HeapNumber.
>
> R=verwaest@chromium.org
> BUG=v8:5268
>
> Committed: https://crrev.com/06eef6e6d8199df8317df8469d767092472f3fe0
> Cr-Commit-Position: refs/heads/master@{#39804}
TBR=verwaest@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5268
Review-Url: https://codereview.chromium.org/2373253003
Cr-Commit-Position: refs/heads/master@{#39812}
Add a CanonicalizationMode to CodeStubAssembler::ChangeFloat64ToTagged,
so clients can request Smi canonicalization when desired, but otherwise
get Crankshaft/Fullcodegen compatible behavior of just boxing the double
into a HeapNumber.
R=verwaest@chromium.org
BUG=v8:5268
Review-Url: https://codereview.chromium.org/2380543002
Cr-Commit-Position: refs/heads/master@{#39804}
This matches current Crankshaft/fullcodegen behavior more closely and
thus reduces the chances that we run into unnecessary polymorphism due
to the field representation tracking in our object model.
Drive-by-fixes: Make sure the JSRegExp::lastIndex field stays Smi
if possible (otherwise we tank the regexp benchmark in Octane).
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_mac64_rel,v8_mac64_dbg
R=jarin@chromium.org
BUG=v8:5267
Committed: 6a939714e9
Committed: https://crrev.com/ee158e6c4cc896479a32245432a3c2fdd31bcb73
Committed: https://crrev.com/ddf792beb3a72f6dba83e94fc8ada03ebf1630bd
Review-Url: https://codereview.chromium.org/2367593003
Cr-Original-Original-Commit-Position: refs/heads/master@{#39692}
Cr-Original-Commit-Position: refs/heads/master@{#39748}
Cr-Commit-Position: refs/heads/master@{#39803}
Even after https://codereview.chromium.org/2371963002 we still did not
always store a Smi into the JSTypedArray::length field, the runtime
function %TypedArrayInitializeFromArrayLike was still storing whatever
it got from the JavaScript code, which is highly dependent on internal
decisions of the ICs and the representation selection in the optimizing
compilers, so that's pretty fragile.
R=verwaest@chromium.org
BUG=chromium:650933
Review-Url: https://codereview.chromium.org/2377943002
Cr-Commit-Position: refs/heads/master@{#39802}
Previously we'd have a scope in the main zone, and another in the temp zone. Then we carefully copied back data to the main zone. This CL changes it so that the scope is just fixed up to only contain data from the main zone. That avoids additional copies and additional allocations; while not increasing the care that needs to be taken. This will also make it easier to abort preparsing while parsing using a temp zone.
BUG=
Review-Url: https://codereview.chromium.org/2368313002
Cr-Commit-Position: refs/heads/master@{#39800}
[0xC] Convert to stack machine semantics.
[0xC] Use section codes instead of names.
[0xC] Add elements section decoding.
[0xC] Decoding of globals section.
[0xC] Decoding of memory section.
[0xC] Decoding of imports section.
[0xC] Decoding of exports section.
[0xC] Decoding of data section.
[0xC] Remove CallImport bytecode.
[0xC] Function bodies have an implicit block.
[0xC] Remove the bottom label from loops.
[0xC] Add signatures to blocks.
[0xC] Remove arities from branches.
Add tests for init expression decoding.
Rework compilation of import wrappers and how they are patched.
Rework function indices in debugging.
Fix ASM->WASM builder for stack machine.
Reorganize asm.js foreign functions due to import indices change.
R=ahaas@chromium.org,rossberg@chromium.org,bradnelson@chromium.org
BUG=chromium:575167
LOG=Y
Committed: https://crrev.com/76eb976a67273b8c03c744f64ad850b0432554b9
Review-Url: https://codereview.chromium.org/2345593003
Cr-Original-Commit-Position: refs/heads/master@{#39678}
Cr-Commit-Position: refs/heads/master@{#39795}
If promise was resolved before adding handler in Runtime.evaluate method then this callback won't be called. We need to run microtasks after adding handlers.
R=dgozman@chromium.org,alph@chromium.org
Review-Url: https://codereview.chromium.org/2371773004
Cr-Commit-Position: refs/heads/master@{#39793}
Previously passing in the PromiseNopResolver function to the Promise
constructor would result in creating the resolving functions to be in
passed in to the executor, but the PromiseNopResolver does not use
these resolving functions resulting in wastefully creating these closures.
Instead we pass in the promiseRawSymbol to the promise constructor
so that these unnecessary resolving functions are not created.
BUG=v8:5046
Review-Url: https://codereview.chromium.org/2353303003
Cr-Commit-Position: refs/heads/master@{#39791}
This patch moves the following parsing method to ParserBase:
- DesugarAsyncFunctionBody, renamed to ParseAsyncFunctionBody
- ParseAsyncFunctionExpression, renamed to ParseAsyncFunctionLiteral
- ParseAsyncFunctionDeclaration
It renames the parser implementation methods:
- ParseArrowFunctionFormalParameterList -> DeclareArrowFunctionFormalParameters
- ParseArrowFunctionFormalParameters -> AddArrowFunctionFormalParameters
It also eliminates method ParseAsyncArrowSingleExpressionBody.
R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2372733002
Cr-Commit-Position: refs/heads/master@{#39788}
We must not throw when seeing a cycle while trying to resolve a name through
star exports. (It may be surprising that we do have to throw when seeing an
ambiguity, but this is what the spec says.)
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2376563002
Cr-Commit-Position: refs/heads/master@{#39787}
This flag is meant to control whether we add a special context-free
entry to the optimized code map or not. A usage of the flag was
bogus.
BUG=
Review-Url: https://codereview.chromium.org/2374723002
Cr-Commit-Position: refs/heads/master@{#39784}
When we OSR using Turbofan, we would set the function to be optimized
on the next call, irrespective of the runtime profiler's previous
decisions - such as compiling for baseline. It seems more prudent to
always make these decisions in the runtime profiler where the data is
available.
Review-Url: https://codereview.chromium.org/2369043002
Cr-Commit-Position: refs/heads/master@{#39782}
The same information can be obtained by processing --trace-gc-nvp output
or using trace event and GC metric of catapult in Chrome.
BUG=
Review-Url: https://codereview.chromium.org/2361073002
Cr-Commit-Position: refs/heads/master@{#39780}
