This reverts commit 01cae9efe4.
Reason for revert: Seeing several flaky crashes on windows associated to this change:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/18407https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/18408
Original change's description:
> [Memory] Improve OOM callback tests.
>
> - Changes OOM tests to keep allocating more and more, starting from a
> large amount, until we exhaust address space and get a failure.
>
> Bug: v8:6635
> Change-Id: I007927c5f639ed395d90198272c93b6ee0e58249
> Reviewed-on: https://chromium-review.googlesource.com/609264
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47328}
TBR=bbudge@chromium.org,mlippautz@chromium.org
Change-Id: Ibe49f99040e1a3c595ed836d1d40dbd0c7247d1c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6635
Reviewed-on: https://chromium-review.googlesource.com/612288
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47332}
This reverts commit 0d14ad5712.
Reason for revert: Seems to add a static initializer:
https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/19779
Original change's description:
> [builtins] Fix union initialization
>
> Fix d4c157ee65 commit
>
> On big endian platforms wrong byte is being read when accessing
> "parameter_count" field of union, in function
> failing on MIPS big endian platforms.
>
> Builtins: :GetStackParameterCount. It is the reason of several tests
> Bug:
> Change-Id: Ia21aba80a89215022ee218d27552b5b4ea18a0db
> Reviewed-on: https://chromium-review.googlesource.com/603808
> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47330}
TBR=jkummerow@chromium.org,jarin@chromium.org,jgruber@chromium.org,predrag.rudic@imgtec.com,ivica.bogosavljevic@imgtec.com
Change-Id: I596bb1a04c72c8f5cb4f7b4a8e9161bd5889683d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/612287
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47331}
Fix d4c157ee65 commit
On big endian platforms wrong byte is being read when accessing
"parameter_count" field of union, in function
failing on MIPS big endian platforms.
Builtins: :GetStackParameterCount. It is the reason of several tests
Bug:
Change-Id: Ia21aba80a89215022ee218d27552b5b4ea18a0db
Reviewed-on: https://chromium-review.googlesource.com/603808
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47330}
- Changes OOM tests to keep allocating more and more, starting from a
large amount, until we exhaust address space and get a failure.
Bug: v8:6635
Change-Id: I007927c5f639ed395d90198272c93b6ee0e58249
Reviewed-on: https://chromium-review.googlesource.com/609264
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47328}
- See bug for the reduced test case.
- Not adding a regression test here: I don't want to assert that PreParser
doesn't detect the redeclaration error, OTOH I don't want to make it detect
the error either (in order to not couple detecting the error with
FLAG_experimental_preparser_analysis).
BUG=chromium:753896, v8:5516
Change-Id: I0f1beffe30e5cb48d6dbec35181980864e6df153
Reviewed-on: https://chromium-review.googlesource.com/608976
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47326}
These operators were only used by the old asm.js pipeline (with
fullcodegen and the AstGraphBuilder). When going through the new
pipeline, accesses to TypedArrays are handled by the native
context specialization during inlining.
Bug: v8:6409
Change-Id: Ib9b888c0b96f297a335580ee42dfa951bde566be
Reviewed-on: https://chromium-review.googlesource.com/612347
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47322}
Removes the new.target slot from the interpreter's fixed frame. Instead
adds a field to BytecodeArray to get the bytecode's incoming
new.target or generator object register. The InterpreterEntryTrampoline
then sets this register with the incoming new.target (or generator object)
when the function is called. This register can be directly the new.target
or generator object variable if they are LOCAL location, otherwise it is a
temporary register which is then moved to the variable's location during the
function prologue.
This fixes a hack in the deoptimizer where we would set the new.target fixed
slot to undefined in order to avoid extending it's lifetime through the
optimized code - now it's just a standard register and can be optimized away
as normal.
Bug=v8:6644
Change-Id: Ieb8cc34cccefd9fb6634a90cbc77c6002a54f2ae
Reviewed-on: https://chromium-review.googlesource.com/608966
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47320}
As long as we have scripts with negative source offset (see inline event listeners) we should not crash a browser when get negative offset.
R=jgruber@chromium.org
Bug: chromium:750592
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ic3138e7c61ec0a5133c56de9970acdffa5536d8e
Reviewed-on: https://chromium-review.googlesource.com/611613
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47318}
Bytecode array visitor has a side-effect of incrementing the age counter.
This patch makes the increment atomic and thus safe for the concurrent
marker.
Bug: chromium:694255
Change-Id: I36c65b02ace8d366206bd8295e72aaa19742ed56
Reviewed-on: https://chromium-review.googlesource.com/610001
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47317}
It expected its argument to be a JSFunction, but fuzzer tests can
pass anything. Non-JSFunction arguments should just silently be
ignored, just like similar CF-whitelisted runtime functions do.
Bug: chromium:754177
Change-Id: I41b29528bbe72f24b3d84f021b22602160769d26
Reviewed-on: https://chromium-review.googlesource.com/610706
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47316}
Shared function info marking is now side-effect free, so can be handled
by base HeapVisitor.
Concurrent marker does not bailout on shared function infos.
Bug: chromium:694255
Change-Id: I41efece68f6758219fca318deb97a7f163ee9638
Reviewed-on: https://chromium-review.googlesource.com/608700
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47315}
This class provides byte level CAS operation using word level CAS.
Bug: chromium:694255
Change-Id: I39e661ee8d11e3f61fd5cb64c36f8f5ee94d1244
Reviewed-on: https://chromium-review.googlesource.com/612170
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47311}
This improves compiler performance of the new escape analysis: runtime reduced by ~10% and zone memory reduced by ~40%.
Bug:
Change-Id: I6b9eeaecfee6faef616d5cb8fed57fd41856898b
Reviewed-on: https://chromium-review.googlesource.com/611902
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47310}
Deletes the now unused Full-codegen compiler. Also removes some macro
assembler instructions which are no longer used.
Note: there is still additional cleanup work to do after this lands
(e.g., remove support for FCG frames support and FCG
debugger support, etc.), but this will be done in followup CLs to keep
this patch managable.
BUG=v8:6409
Change-Id: I8d828fe7a64d29f2c1252d5fda968a630a2e9ef2
Reviewed-on: https://chromium-review.googlesource.com/584773
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47307}
This fixes the UBSAN failures on the bot.
Bug: chromium:694255
Change-Id: I7fc169bc526e71444ce52eba0285a8cafe9d902d
Reviewed-on: https://chromium-review.googlesource.com/612167
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47306}
The removed building blocks have either been completely unused or have
already been replaced.
Bug:
Change-Id: I68a4d5d42b7f1cc3c5f8d0e7ea7146c5a0f59048
Reviewed-on: https://chromium-review.googlesource.com/612163
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47304}
For Divide operations like
r = a / b
where r has only truncated uses (i.e. only used in bitwise operations),
we used to generate a Float64Div unless we statically knew something
about a and b, even if a and b have always been integers so far.
Crankshaft was able to generate an integer division here, because
Fullcodegen collected feedback independently for inputs and outputs of
binary operations.
This adds new BinaryOperationFeedback::kSignedSmallInputs, which is used
specifically for Divide to state that we have seen only SignedSmall
inputs thus far, but the outputs weren't always in the SignedSmall
range.
The issue was discovered in a WebGL Triangulation library and reported
via https://twitter.com/mourner/status/895708603117518848 after Node
8.3.0 was released with I+TF.
R=jarin@chromium.org
Bug: v8:6698
Change-Id: I830e421a3bf91fc8fa3665cbb706bc13675a6d2b
Reviewed-on: https://chromium-review.googlesource.com/612063
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47302}
This changes the baseline of an inspector test setting breakpoints
within an asm.js module while the module is being executed. With the
validator it is not supported to switch from active WebAssembly code
back to debuggable interpreter code. Hence some previously expected
breakpoints no longer fire, the behavior is consistent across all
configurations now though.
R=yangguo@chromium.org
TEST=inspector/debugger/asm-js-breakpoint-during-exec
BUG=v8:6166
Change-Id: Ie1bb62fa6df28b10336b4cb5d381d2141eec356c
Reviewed-on: https://chromium-review.googlesource.com/608977
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47301}
The compiler patches all call sites with a default code object value.
We used to populate a vector with that value. Turns out that avoiding
having that vector measurably reduces instantiation time.
Bug:
Change-Id: I2c843210a2ab24541f370b5493c3cbb555149e1a
Reviewed-on: https://chromium-review.googlesource.com/609480
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47296}
PatternRewriter is an implementation detail of the Parser; as such,
there's no need for it to be exposed in parser.h (or even to most
of the Parser). This patch is a cleanup that hides all of PatternRewriter
in pattern-rewriter.cc, exposing only the few helper methods needed
by the rest of Parser in parser.h.
Also removed some duplication between the two PatternRewriter
initialization functions by adding a constructor, and added
a few DCHECKs here and there.
Change-Id: I1dbae8dc0172ff16e40585d0e718d206d2075b3a
Reviewed-on: https://chromium-review.googlesource.com/609365
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47291}
This patch merges ObjectMarking and MarkingState. The new marking state
encapsulates object marking, live byte tracking, and access atomicity.
The old ObjectMarking calls are now replaced with calls to marking
state. For example:
ObjectMarking::WhiteToGrey<kAtomicity>(obj, marking_state(obj)
becomes
marking_state()->WhiteToGrey(obj)
This simplifies custom handling of live bytes and allows to chose
atomicity of markbit accesses depending on collector's state.
This also decouples marking bitmap from the marking code, which will
allows in future to use different data-structure for mark-bits.
Bug: chromium:694255
Change-Id: Ifb4bc0144187bac1c08f6bc74a9d5c618fe77740
Reviewed-on: https://chromium-review.googlesource.com/602132
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47288}
Inline only if there is some additional budget left even after inlining
the current candidate. This allows any small functions exposed by this
function to be inlined. Earlier we used to check for the limit after
inlining the function.
Bug: v8:6682
Change-Id: Ia3931751f212e89ca6d9c8500c6b3a909f12d962
Reviewed-on: https://chromium-review.googlesource.com/608970
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47285}
Deletes AstGraphBuilder and associated classes now that it is
unreachable. The following classes are also removed:
- ControlBuilders
- JSFrameSpecialization
- AstLoopAssignmentAnalysis
Also removes flags from compilation-info which are no longer used, and removes
the no-deoptimization paths from TypedOptimization, JsTypedLowering,
JSIntrinsicLowering and JSBuiltinLowering.
BUG=v8:6409
Change-Id: I63986e8e3497bf63c4a27ea8ae827b8a633d4a26
Reviewed-on: https://chromium-review.googlesource.com/583652
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47284}
